commit 2a13e9f631342d993f5a1e4a3f389b31c05d8a7b Author: Adrian Schröter Date: Wed Jun 7 08:15:41 2023 +0200 Sync from SUSE:ALP:Source:Standard:1.0 NetworkManager revision df120b0fcaa32357dea4772796ccf911 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..fecc750 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/0001-Coerce-connectivity-LIMITED-to-NONE-when-device-is-d.patch b/0001-Coerce-connectivity-LIMITED-to-NONE-when-device-is-d.patch new file mode 100644 index 0000000..6915922 --- /dev/null +++ b/0001-Coerce-connectivity-LIMITED-to-NONE-when-device-is-d.patch @@ -0,0 +1,28 @@ +From 3e53521b50b7150118fbb729def0a2a1364c5aae Mon Sep 17 00:00:00 2001 +From: Antonio Larrosa +Date: Thu, 21 Mar 2019 11:08:36 +0100 +Subject: [PATCH] Coerce connectivity "LIMITED" to "NONE" when device is + disconnected + +If the device is disconnected it can't have any connectivity, so we can +set it to NONE instead of LIMITED. + +Fixes #138 +--- + src/devices/nm-device.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +Index: NetworkManager-1.42.2/src/core/devices/nm-device.c +=================================================================== +--- NetworkManager-1.42.2.orig/src/core/devices/nm-device.c ++++ NetworkManager-1.42.2/src/core/devices/nm-device.c +@@ -5758,7 +5758,8 @@ concheck_update_state(NMDevice + state = NM_CONNECTIVITY_LIMITED; + } else + state = NM_CONNECTIVITY_NONE; +- } ++ } else if (state == NM_CONNECTIVITY_LIMITED && priv->state <= NM_DEVICE_STATE_DISCONNECTED) ++ state = NM_CONNECTIVITY_NONE; + + if (priv->concheck_x[IS_IPv4].state == state) { + /* we got a connectivity update, but the state didn't change. If we were probing, diff --git a/NetworkManager-1.10.6-netconfig.patch b/NetworkManager-1.10.6-netconfig.patch new file mode 100644 index 0000000..51c1f1e --- /dev/null +++ b/NetworkManager-1.10.6-netconfig.patch @@ -0,0 +1,19 @@ +Index: NetworkManager-1.40.0/src/core/dns/nm-dns-manager.c +=================================================================== +--- NetworkManager-1.40.0.orig/src/core/dns/nm-dns-manager.c ++++ NetworkManager-1.40.0/src/core/dns/nm-dns-manager.c +@@ -698,6 +698,14 @@ dispatch_netconfig(NMDnsManager *se + gssize l; + nm_auto_free_gstring GString *str = NULL; + ++ if (!g_file_test (NETCONFIG_PATH, G_FILE_TEST_IS_EXECUTABLE)) { ++ g_set_error_literal (error, ++ NM_MANAGER_ERROR, ++ NM_MANAGER_ERROR_FAILED, ++ NETCONFIG_PATH " is not executable"); ++ return SR_NOTFOUND; ++ } ++ + pid = run_netconfig(self, error, &fd); + if (pid <= 0) + return SR_NOTFOUND; diff --git a/NetworkManager-1.42.6.tar.xz b/NetworkManager-1.42.6.tar.xz new file mode 100644 index 0000000..0becc82 --- /dev/null +++ b/NetworkManager-1.42.6.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8c388ac3775ac6bceb605fae21be2c3e261cafe6067994a89f0dfa4610ed0279 +size 6749088 diff --git a/NetworkManager-rpmlintrc b/NetworkManager-rpmlintrc new file mode 100644 index 0000000..5245619 --- /dev/null +++ b/NetworkManager-rpmlintrc @@ -0,0 +1,11 @@ +# We have an unversioned branding-requires-unversioned +# NetworkManager-branding on purpose, hence filter it out. +addFilter("branding-requires-unversioned*"); + +# Filter out warning about missing systemd-service-without-service +# post/pre/postun/preun, we do not want to enable this service by +# default. +addFilter("systemd-service-without-service_add_post NetworkManager-wait-online.service"); +addFilter("systemd-service-without-service_add_pre NetworkManager-wait-online.service"); +addFilter("systemd-service-without-service_del_postun NetworkManager-wait-online.service"); +addFilter("systemd-service-without-service_del_preun NetworkManager-wait-online.service"); diff --git a/NetworkManager.changes b/NetworkManager.changes new file mode 100644 index 0000000..f77f557 --- /dev/null +++ b/NetworkManager.changes @@ -0,0 +1,5520 @@ +------------------------------------------------------------------- +Thu Apr 20 18:23:33 UTC 2023 - Bjørn Lie + +- Update to version 1.42.6: + + Emit the dhcp-change dispatcher event also after a lease + renewal. + + Fix assertion failure on DHCP renewal. + + Add support for EC2 IMDSv2 in nm-cloud-setup. + + Allow setting tunnel flags for ip6gre & ip6gretap connection + profiles. + + Improve the Wi-Fi hotspot functionality. + + Fix setting the Wi-Fi roaming policy based on the number of + seen BSSIDs. + + Support the "no-aaaa" resolv.conf option. + + Some oFono fixes. + +------------------------------------------------------------------- +Thu Mar 9 09:52:07 UTC 2023 - Bjørn Lie + +- Update to version 1.42.4: + + Fix a possible crash when [global-dns] is used and improve the + documentation. + + Documentation improvements. + +------------------------------------------------------------------- +Thu Feb 23 09:59:19 UTC 2023 - Bjørn Lie + +- Update to version 1.42.2: + + Add build option to set the mobile-broadband-provider-info + database path. + + Add new "ipv[46].replace-local-rule" setting to control whether + to remove the local route rule that is automatically generated. + + Add the DHCPv6 IAID to the lease information exposed in /run + and on D-Bus. + + Fix assuming team connections at boot. + + Fix race condition when setting the MAC address of an OVS + interface. + + Fix constructing the IPv4 name servers variable passed to + dispatcher scripts. + + Don't use tentative IPv6 address to resolve the system hostname + via DNS. + + Deprecate the "Master" property of the NMActiveConnection D-Bus + object in favor of the new "Controller" property. +- Drop 1539.patch: Fixed upstream. +- Refresh patch with quilt: + + 0001-Coerce-connectivity-LIMITED-to-NONE-when-device-is-d.patch + +------------------------------------------------------------------- +Mon Feb 20 13:42:42 UTC 2023 - Dominique Leuenberger + +- Add 1539.patch: Fix constructing the IPv4 nameserver variable + (boo#1208371). + +------------------------------------------------------------------- +Mon Feb 13 21:34:17 UTC 2023 - Bjørn Lie + +- Pass session_tracking=systemd and + session_tracking_consolekit=false to meson, no longer build + support for consolekit as session tracker. + +------------------------------------------------------------------- +Fri Feb 10 08:45:46 UTC 2023 - Bjørn Lie + +- Update to version 1.42.0: + + Added support for source load balancing for Ethernet Bonds. + + Allow specifying vhost name (SNI) for a manually DNS-over-TLS + server. Only works with systemd-resolved plugin. + + Connections can now be activated on a loopback interface. + + Added support of IPv4 ECMP routes. The ECMP routes will get + merged. + +------------------------------------------------------------------- +Fri Jan 27 18:39:15 UTC 2023 - Bjørn Lie + +- Update to version 1.40.12: + + Make sure "external-ids" stays up to date in Open vSwitch + database on a connection reapply. + + Retry if a netlink sockets runs out of buffer space before + we're able to read results of a link change. + + Fix a possible race involving concurrent invocation of iptables + in IPv4 shared mode. + + Other various fixes. + +------------------------------------------------------------------- +Wed Jan 11 11:17:01 UTC 2023 - Bjørn Lie + +- Update to version 1.40.10: + + Fix the evaluation of the autoconnect retries. + + nm-cloud-setup now preserves addresses added externally. + + Ensure that dnsmasq is stopped after changing the dns backend + and restarting the service. + + Fix honoring an explicit DHCPv6 DUID with dhclient. + + Other various fixes. + +------------------------------------------------------------------- +Tue Dec 20 18:09:19 UTC 2022 - Bjørn Lie + +- Update to version 1.40.8: + + Fixed a bug that caused devices (MACsec in particular) to be + stuck in UNAVAILABLE state and not transition to DISCONNECTED + if the carrier was ready too early. + + Improved interoperability of MACsec with some Aruba switches by + allowing CKN shorter than 64 characters. + + Fixed an assertion failure when restarting NetworkManager with + MACsec links configured. + + Fixed a possible DHCP helper crash when handling failure to + connect to D-Bus. + + Corrected calculation of expiration time for items configured + from IPv6 neighbor discovery messages. + + Various fixes for platforms that don't allow unaligned memory + access. + +------------------------------------------------------------------- +Tue Dec 20 10:29:10 UTC 2022 - Dominique Leuenberger + +- Drop iptables BuildRequires and -Diptables meson parameter: + iptables is legacy (obsoleted in favor of nft). Additionally. + meson has proper fallback detection to assume the correct path, + should it need to use iptables. +- Recommend nftables instead of iptables. + +------------------------------------------------------------------- +Fri Dec 2 22:01:53 UTC 2022 - Bjørn Lie + +- Update to version 1.40.6: + + team: + - Also set empty port configuration so teamd knows about the + port. + - Restore port configuration after teamd respawn. +- Changes from version 1.40.4: + + dhcp: revert restarting DHCP when MAC address changes, for + example during a bond fail over. + + Various documentation fixes. + + Fix non-exported ABI in libnm which was wrongly present in the + header files but unusable so far. + + ifcfg-rh: fix writing ethtool pause settings to file. + + core: set "proto static" for manual routing rules configured by + NetworkManager. + + Various minor bugfixes. + +------------------------------------------------------------------- +Mon Nov 7 12:50:13 UTC 2022 - Clemens Famulla-Conrad + +- Keep netconfig support. The rc-manager auto detection will select + appropriate manager during runtime. + +------------------------------------------------------------------- +Wed Nov 2 16:07:30 UTC 2022 - Dominique Leuenberger + +- Use a with_netconfig define instead of relying on bcond: bcond is + meant to have extrenally controllable build conditions (build -D, + or OBS prjconf). + +------------------------------------------------------------------- +Tue Oct 18 08:57:13 UTC 2022 - Bjørn Lie + +- Update to version 1.40.2: + + Ensure that resolv.conf gets updated when the configuration + changes. + + Fix setting as bond primary an interface that doesn't exist yet + when the bond is activated. + + The number of autoconnect retries is now accounted + independently for each device when there are profiles with + multi-connect=multiple. + + Don't print duplicate entries in the output of "NetworkManager + --print-config". + + Fix the ifcfg-rh plugin to properly read infiniband P-Key + connection profiles without an explicit interface name. + + Allow the removal of a bond port connection profile from the + bond via nmcli. + + Fix race condition during the activation of veth profiles when + the peer already exists. + + Decline the DHCPv6 lease if all addresses fail IPv6 duplicate + address detection (DAD). + + Wait that devices get carrier before trying to resolve the + system hostname on them via DNS. + + Fix race condition during the initial activation of OVS + interfaces. + + Profiles generated by nm-initrd-generator now have lower than + default priority. + + Fix error when adding many SR-IOV virtual functions (VFs). + +------------------------------------------------------------------- +Mon Oct 10 14:11:34 UTC 2022 - Stefan Schubert + +- Disabling netconfig compiling option for openSUSE Tumbleweed. + +------------------------------------------------------------------- +Mon Oct 3 10:20:20 UTC 2022 - Dominique Leuenberger + +- Drop dependency on sysconfig-netconfig: the collection of shell + scripts is not required for regular operation. + +------------------------------------------------------------------- +Fri Aug 26 19:31:20 UTC 2022 - Bjørn Lie + +- Update to version 1.40.0: + + During the build, stop relying on intltool for i18n and use + gettext only. + + Undeprecate nm_remote_connection_get_secrets() in libnm. + + NetworkManager now will restart DHCP if the MAC changes on a + device. +- Drop intltool BuildRequires following upstream changes. +- Refresh patches with quilt. +- Stop passing dnssec_trigger=%{_libexecdir}/dnssec-trigger-script + to meson, support dropped upstream. + +------------------------------------------------------------------- +Thu Aug 11 17:25:06 UTC 2022 - Bjørn Lie + +- Update to version 1.38.4: + + Fix DAD for DHCPv6 addresses. + + Wi-Fi: improvements for OWE networks. + + Support EC private keys. + + Various bugfixes. + +------------------------------------------------------------------- +Thu Jul 28 13:34:51 UTC 2022 - Frederic Crozat + +- Create /etc/NetworkManager/conf.d by default, allowing easy + override for NetworkManager.conf file with drop-in. +- Move default config file to + /usr/lib/NetworkManager/NetworkManager.conf, as part of main + package. +- Branding upstream package is now just a config drop-in to + disable conncheck. +- Ensure /usr/lib/NetworkManager/conf.d is part of the package. + +------------------------------------------------------------------- +Fri Jun 24 10:21:43 UTC 2022 - Yifan Jiang + +- Bring back /sbin/netconfig as build option since the netconfig + in SLE is not ready for usrmerge. + +------------------------------------------------------------------- +Fri Jun 17 08:40:05 UTC 2022 - Bjørn Lie + +- Update to version 1.38.2: + + Fix race condition with pppd that caused failures when + activating PPPoE connections. + + Unbreak DHCPv6 over PPP. + + Don't ignore IPv6 DNS servers received from PPP. + + Fix crash while checking WEP capability of Wi-Fi interfaces. + + Ensure DHCP is restarted every time the link goes up. + + Fix struct alignment issues seen on some architectures. + + Various other bugfixes and improvements. + +------------------------------------------------------------------- +Tue May 24 14:23:15 UTC 2022 - Dominique Leuenberger + +- Fold NetworkManager-wifi back into the main package: The dep + chain is not really different and it causes too many problems for + users having that split. Not worth the pain (boo#1199710, + boo#1199706). +- As a consequence, also drop the recommends fro the main package + to -wifi. + +------------------------------------------------------------------- +Mon May 16 08:37:25 UTC 2022 - Dominique Leuenberger + +- Update to version 1.38.0: + + Add support for route type "throw". + + Fix bug setting priority for IP addresses. + + Static IPv6 addresses from "ipv6.addresses" are now preferred + over addresses from DHCPv6, which are preferred over addresses + from autoconf. This affects IPv6 source address selection, if + the rules from RFC 6724, section 5 don't give a exhaustive + match. + + Static IPv6 addresses from "ipv6.addresses" are now interpreted + with first address being preferred. Their order got inverted. + This is now consistent with IPv4. + + Wi-Fi hotspots will use a (stable) random channel number unless + one is chosen manually. + + Don't use unsupported SAE/WPA3 mode for AP mode. + + NetworkManager will no longer advertise frequencies as + supported when they're disallowed in configured regulatory + domain. + + Attempt to connect to WEP-encrypted Wi-Fi network will now fail + gracefully with a recent version of wpa_supplicant when built + without WEP support. As long as wpa_supplicant supports WEP, + NetworkManager will continue to work. + + Disable WPA3 transition mode for wifi.key-mgmt=wpa-psk if the + NIC does not support PMF. This is known to cause problems in + some setups. It is still possible to explicitly configure + wifi.key-mgmt=sae for WPA3. + + Add new dummy crypto backend "null" that does nothing. + NetworkManager uses the crypto library when handling + certificates for 802.1x profiles. + + Veth devices with name "eth*" are now managed by default via + the udev rule. This is to support managing the network in LXD + containers. + + The hostname received from DHCP is now shortened to the first + dot (or to 64 characters, whatever comes first) if it's too + long. + + As the insecure WEP encryption for Wi-Fi network is phased out, + nmcli now discourages its use when activating or modifying a + profile. + + Fix connectivity checks in case the check endpoint address + resolves to multiple addresses. + + Workaround libcurl blocking NetworkManager while resolving DNS + names. + + nmcli: indicate missing Wi-Fi hardware when showing rfkill + setting. + + nmcli: add connection migrate command to move a profile to a + specified settings plugin. This allows to convert profiles in + the deprecated ifcfg-rh format to keyfile. + + Set "src" attribute for routes from DHCPv4 to the leased + address. This helps with source address selection. + + Various bugfixes and internal improvements. + + Updated translations. +- Recommend NetworkNanager-wifi from the main package: after the + split, there is currently nothing pulling in NM-wifi. Preferably + this would happen based on wifi chips prsence, but that is not + yet done (boo#1199550). + +------------------------------------------------------------------- +Thu Apr 14 01:45:23 UTC 2022 - Jonathan Kang + + - Modify NetworkManager.spec: Split into a few small subpackages + (bsc#1198128). + +------------------------------------------------------------------- +Fri Apr 1 08:05:28 UTC 2022 - Thorsten Kukuk + +- Install nfs dispatcher script in /usr/lib/NetworkManager, not /etc + +------------------------------------------------------------------- +Tue Mar 22 23:30:56 UTC 2022 - Bjørn Lie + +- Update to version 1.36.4: + + The internal DHCPv4 client now discards NAKs packets coming + from servers different from the one that sent the offer. + + Fix activation of PPPoE connections with "pppoe.parent" unset. + + Fix potential libnm crash when the client object initialization + gets canceled. + + Other various fixes and improvements. + +------------------------------------------------------------------- +Wed Mar 16 07:59:45 UTC 2022 - Frederic Crozat + +- Do not requires dhcp-client, NM is using its internal client + by default for a long time now. +- Convert iproute2 and iputils requires to recommends, they + should not be hard requires. + +------------------------------------------------------------------- +Mon Mar 7 11:54:55 UTC 2022 - Bjørn Lie + +- Update to version 1.36.2: + + When the list of plugins is not specified via "main.plugins" in + NetworkManager.conf and no build-time default is set with + "--with-config-plugins-default" configure argument, now all + known plugins found in the plugin directory are loaded (and the + built-in "keyfile" plugin is preferred over others). + + Preserve external ports during checkpoint rollback. + + Fix removal of ovsdb entry when an OVS interface goes away. + + Fix DNS configuration for WWAN connections. + +------------------------------------------------------------------- +Thu Feb 24 18:07:36 UTC 2022 - Bjørn Lie + +- Update to version 1.36.0: + + The handling of Layer 3 configurations has been substantially + reworked. While this is mostly internal change, it results in + more robust behavior when addressing information from multiple + sources (DHCP, manually configured, VPN) need to be applied + simultaneously. Overall performance and memory use have also + slightly improved. + + Manually configured addresses can no longer expire even if the + same addresses are also obtained dynamically. + + Code for systemd-based DHCP and DHCPv6 clients has been updated + from upstream. + + NTP servers obtained via DHCPv6 are now exposed on the DBus + API, visible in nmcli and available for use by dispatcher + scripts. + + 5G NR (New Radio) modems are now supported. + + The "rd.znet_ifnames" kernel command line option is now honored + on network bootups on an IBM s390 platform. + + Wi-Fi P2P support does now work with the IWD backend, in + addition to wpa_supplicant backend. + + Support for special route types have been added: "prohibit", + "blackhole" and "unreachable". + + Routes managed by routing daemons are now ignored. This is done + to address a performance bottleneck on specialized routers. + + Handling of IP addressing and routing information is now + slightly more efficient and uses less memory. This is apparent + on systems with large amount of IP configuration information. + + It is now possible to start NetworkManager without root user + privileges. This is experimental doesn't necessarily result in + a working daemon. NetworkManager service already drops many of + capabilities available to the root user. + + WPA3 Wi-FI network security have been improved by enabling new + H2E (hash to element) method for generating SAE password + element. + + It is now possible to select the default Wi-Fi backend + (wpa_supplicant or IWD) at build-time. + + Replies from broken DHCP servers that send duplicate address or + mask options are now handled gracefully. + + Bridge support has gained the possibility of turning off MAC + ageing. + + "configure-and-quit" mode and nm-iface-helper have been + removed. + + A number of bugs that could cause NetworkManager to crash in + rare conditions have been fixed. +- Drop pkgconfig(libteam) BuildRequires and stop passing + teamdctl=true to meson: No longer build teamdctl support. +- Drop patches fixed upstream: + + 4685651e7671e064b911a3a05f096908e5ef0580.patch + + 471e987add98b36520ece72ee493176fc7bc863c.patch + + 6329f1db5ac75ee3b7d2f7ce062e951a598625fe.patch + + 634e023e72d4729788a022ea1fae665af28d1b0f.patch + + aadf0fb64f491f94b2771058621dc140c562b62b.patch +- Drop nm-dhcp-use-valid-lease-on-timeout.patch: Patch was rejected + upstream. +- Rebase patches with quilt. + +------------------------------------------------------------------- +Mon Feb 21 08:47:08 UTC 2022 - Bjørn Lie + +- Add upstream bug fix patches: + + 4685651e7671e064b911a3a05f096908e5ef0580.patch: glib-aux: fix + nm_ref_string_equal_str() Fix comparison with a NULL string + + 6329f1db5ac75ee3b7d2f7ce062e951a598625fe.patch: libnm/tests: + fix maybe-uninitialized warning in "test-setting" + + aadf0fb64f491f94b2771058621dc140c562b62b.patch: libnm/tests: + fix maybe-uninitialized warning in "test-libnmc-setting" + + 471e987add98b36520ece72ee493176fc7bc863c.patch: device: + initialize nm_auto variable in _ethtool_features_reset() + + 634e023e72d4729788a022ea1fae665af28d1b0f.patch: glib-aux: + workaround maybe-uninitialized warning with LTO in + nm_uuid_generate_from_string_str() + +------------------------------------------------------------------- +Fri Feb 18 14:30:31 UTC 2022 - Callum Farmer + +- Use meson LTO setup as NM makes changes to CFLAGS + +------------------------------------------------------------------- +Wed Jan 26 21:06:29 UTC 2022 - Luciano Santos + +- Packaging additions with Autotools replacement: + + Add Meson build requirement and replace Automake macros with + Meson equivalent ones as autotools will be deprecated in the + future. + + Options passed to Meson to mimmic our default preferences: + systemdsystemunitdir=%{_unitdir}, udev_dir=%{_udevdir}, + dbus_conf_dir=%{_dbusconfdir}, iptables=%{_sbindir}/iptables, + dnsmasq=%{_sbindir}/dnsmasq, dnssec_trigger=%{_libexecdir}\ + /dnssec-trigger-script, dist_version=%{version}, + polkit_agent_helper_1=%{_libexecdir}/polkit-1\ + /polkit-agent-helper-1, hostname_persist=suse, switchable + libaudit=%{libaudit_meson_opt}, iwd=true, pppd=%{_sbindir}\ + /pppd, pppd_plugin_dir=%{_pppddir}, nm_cloud_setup=true, + bluez5_dun=true, netconfig=%{_sbindir}/netconfig, + dhclient=%{_sbindir}/dhclient, docs=true, switchable + tests=%{tests_meson_opt}, more_asserts=0, more_logging=false, + qt=false, and switchable teamdctl=true (teamctl is about to be + deprecated). + + Add conditionalized audit pkgconfig module build requirement to + allow easier feature testing, and pass + 'yes-disabled-by-default' to 'libaudit' Meson option. As an + observation: Meson defaults passing 'yes' to this feature. + + Add explicit c++_compiler build requirement to avoid build + abortion. + + Add explicit libselinux pkgconfig module build requirement + checked by Meson and was already being pulled in by some other + package. + + Add polkit-gobject-1 pkgconfig module build requirement checked + by Meson and needed for user auth-polkit support. + + Add mobile-broadband-provider-info pkgconfig module build + requirement checked by Meson and needed for ModemManager1 + interface support. + + Add sed command to fix server.conf config file location from + defaultdocdir/NetworkManager/examples to + defaultdocdir/NetworkManager. + + Add useful %{_pppddir} and %{_dbusconfdir} macros to spec file, + while dropping no longed needed pppddir shell variable + definition and 'test -n "$pppddir" || exit 1' construct. + + Add "< 1.21" version to libnm-glib-vpn1, libnm-glib4, and + libnm-util2 < 1.21 to main package's Obsoletes tags, following + packaging good practices to avoid future unwated behavior + regarding versioning schemes. + + Replace %version macro with hardcoded "0.9.1" version to the + devel subpackage's %name-doc Obsoletes tag following packaging + good practices to avoid future unwanted behaviors regarding + versioning schemes (the doc subpackage was merged with the + devel one in the 0.9.0 release). + + Pass "%{?no_lang_C}" to %find_lang macro to avoid stripping + any English translations (the default language) from main + package. +- Packaging deletions with Autotools replacement: + + Remove data/server.conf from %doc macro in files section as it + no longer works with Meson. + + Remove "rm" command on server.conf file following sed command + addition to fix the right location of the file. + + Remove no longer useful conditional build abortion depending + whether or not netconfig support was found + 'grep "with_netconfig='no'" config.log' since this file isn't + generated by Meson. + + Remove no longer needed "find" command for GNU Libtool LA files + deletion. + + Drop no longer needed libtool build requirement as Meson does + not use it. + + Drop redundant sysconfig-netconfig build requirement as it does + not add anything to the build anymore. + + Drop comment about suse-release build requirement not being + needed anymore, it's been deprecated for almost a decade now. + + Drop setBadness for 'dbus-file-unauthorized' in the rpmlintrc: + the new dbus file has been whitelisted already (bsc#1194799). + +------------------------------------------------------------------- +Thu Jan 20 14:24:56 UTC 2022 - Dominique Leuenberger + +- Split out NetworkManager-pppoe, needed to configure regular PPPoE + connections (Not very common, as most users have PPPoE routers + for the DSL connections). + +------------------------------------------------------------------- +Fri Jan 14 17:50:43 UTC 2022 - Bjørn Lie + +- Update to version 1.34.0: + + initrd: wait for both IPv4 and IPv6 with "ip=dhcp,dhcp6" + + core: better handle sd-resolved errors when resolving hostnames + + nmcli: fix import WireGuard profile with DNS domain and address + family disabled + + ndisc: send router solicitations before expiry + + policy: send earlier the ip configs to the DNS manager + + core: support linking with LLD 13 + + wireguard: importing wg-quick configuration files with nmcli + no longer sets a negative, exclusive "dns-priority". This plays + better with common split DNS setups that use systemd-resolved. + Adjust the "dns-priority" to your liking after import yourself. + + NetworkManager no longer listens for netlink events for traffic + control objects (qdiscs and filters). + + core: add internal nm-priv-helper service for separating + privileges and have a way to drop capabilities from + NetworkManager daemon. + + bond: add support for setting queue-id of bond port. + + dns: support configuring DNS over TLS (DoT) with + systemd-resolved. + + nmtui: add support for WireGuard profiles. + + nmcli: add aliases `nmcli device up|down` beside + connect|disconnect. + + conscious language: Deprecate 'Device.Slaves' D-Bus property in + favor of new 'Device.Ports' property. Depracate + 'nm_device_*_get_slaves()' in favor of 'nm_device_get_ports()' + in libnm. + + nmcli: invoking nmcli command without arguments will now show + 'default' instead of null address in route4 or route6 section. +- Refresh patches with quilt. +- Replace addFilter("suse-branding-unversioned-requires*") from + rpmlintrc, with the current branding-requires-unversioned. +- Update our Supplements to current standard. +- Add the new internal nm-priv-helper.service to pre(un)/post(un) + handling. + +------------------------------------------------------------------- +Wed Sep 22 17:29:42 UTC 2021 - Bjørn Lie + +- Update to version 1.32.12: + + Fix wrong order of addresses when restarting NetworkManager. + + Preserve the IPv6 ff00::/8 route added by kernel in the local + table, necessary for multicast communication. + + Fix emitting the signal for changed metered status of devices. + + Fix applying the ethtool autonegotiation and speed settings. + + initrd: fix crash parsing plain '=' without key. + + cloud-setup: use suppress_prefixlength rule to honor + non-default-routes in the main table. + +------------------------------------------------------------------- +Wed Sep 22 02:25:11 UTC 2021 - Jonathan Kang + +- Drop nm-add-CAP_CHOWN-capability.patch: This solution was denied + by upstream maintainers. + +------------------------------------------------------------------- +Tue Sep 14 10:58:29 UTC 2021 - Stanislav Brabec + +- Remove obsolete translation-update-upstream support + (jsc#SLE-21105). + +------------------------------------------------------------------- +Thu Aug 19 08:04:33 UTC 2021 - Bjørn Lie + +- Update to version 1.32.10: + + core: fix the order of IPv6 addresses changing on service + restart. + + initrd: add command line option to configure link + autonegotiation and speed. + + ifcfg-rh: + - fix crash when parsing invalid DNS address. + - extend ifup/ifdown scripts to work with connection profile + names. + + udev: also react to "move" (and "change") udev actions in our + rules. +- Changes from version 1.32.8: + + firewalld: configure zones on "Reloaded" signal. + + core: fix wrong MTU for bridge interfaces. + + cloud-setup: fix gateway address for Aliyun cloud. + +------------------------------------------------------------------- +Wed Jul 28 17:13:05 UTC 2021 - Bjørn Lie + +- Update to version 1.32.6: + + core: + - Fix adding stale local routes when address changes. + - Introduce "allowed-connections" option to disallow profiles + on a device. This allows to filter out profiles that + originate from initrd. + - Introduce "keep-configuration" device option to forcefully + activate a profile on start. + + initrd: + - Tag generated profiles with origin in user data. + - Add "ib.pkey=" command line option. + + dhcp: Handle filename/bootfile_name DHCP option and write it to + device state file for initrd/kickstart. + +------------------------------------------------------------------- +Mon Jul 26 09:21:50 UTC 2021 - Callum Farmer + +- Add libnm0 to baselibs.conf to be used by 64bit Steam + +------------------------------------------------------------------- +Tue Jul 20 18:24:40 UTC 2021 - Bjørn Lie + +- Update to version 1.32.4: + + core: + - Remove stale entries from "seen-bssids" and "timestamp" files + in "/var/lib/NetworkManager". + - Add ipv[46].required-timeout option to wait for IP + configuration while activating. + - Send ARP announcements when there is carrier. + - Start DHCPv6 when a prefix delegation is needed for shared + mode. + + bond: support the peer_notif_delay option. + + firewall: fix nftables backend to create "ip" table for IPv4 + only. + + initrd: set required-timeout of 20 seconds for default IPv4 + configuration to opportunistically wait for IPv4. + + ifcfg: + - Log warning about invalid keys in ifcfg files. + - Reject non-UTF-8 from ifcfg files. + + nmcli: show DNS SEARCH field in device information. + + cloud-setup: add support for Aliyun cloud. + +------------------------------------------------------------------- +Wed Jun 30 18:39:13 UTC 2021 - Bjørn Lie + +- Update to version 1.32.2 (CVE-2020-13529): + + hostname: prefer IPv4 addresses for reverse DNS lookup. + + dhcp: ignore unauthenticated FORCERENEW messages with internal, + systemd-based DHCPv4 plugin (CVE-2020-13529). This plugin is + not used, unless the undocumented dhcp=systemd option was set. + + cloud-setup: preserve IP addresses, routes and rules from + currently active connection profile. + + Various bugfixes and performance improvements. + +------------------------------------------------------------------- +Wed Jun 16 19:51:07 UTC 2021 - Bjørn Lie + +- Update to version 1.32.0: + + Now NetworkManager uses systemd-resolved API to lookup the + system hostname via reverse DNS. If systemd-resolved is not + available, a 'nm-daemon-helper' binary is spawned to perform + the lookup using the 'dns' NSS module. +- Rebase patches. + +------------------------------------------------------------------- +Tue May 18 02:07:00 UTC 2021 - Jonathan Kang + +- Add nm-add-CAP_CHOWN-capability.patch: Add CAP_CHOWN to + CapabilityBoundingSet to make teamd work properly + (glfd#NetworkManager/NetworkManager!860, bsc#1185424). + +------------------------------------------------------------------- +Fri May 14 21:19:14 UTC 2021 - Dominique Leuenberger + +- Drop networkmanager-obs-net.patch: the patch needs a full rework. +- Drop networkmanager-checks-po.patch: as it was supposed to fix + something introduced by another patch which we still carry, yet + we can live with this patch disabled, I'd infer this patch is not + nescessary. + +------------------------------------------------------------------- +Tue Apr 20 09:46:03 UTC 2021 - Dominique Leuenberger + +- Update to version 1.30.4: + + Fix crash evaluating match setting properties (CVE-2021-20297). + + Fix leak of local route added by NetworkManager for configured + addresses. + + Fix name of the device autoconnect D-Bus property. + + Multiple bugfixes in the initrd generator. + + Various minor bugfixes. + +------------------------------------------------------------------- +Sat Apr 17 14:02:12 UTC 2021 - Dominique Leuenberger + +- Update to version 1.30.2: + + Increase the limit of open file descriptors in + NetworkManager.service. + + Fix hostname lookup via DNS when resolv.conf is managed by + systemd-resolved. + + Enable WPA3 for Wi-Fi connections with key_mgmt=WPA-PSK. + + Fix crash with the IWD Wi-Fi backend. + + Avoid logging warning when setting bond option + "ad_actor_system=00:00:00:00:00:00". + + Update SpecificObject D-Bus property of ActiveConnection after + WiFi roaming. + + Multiple bugfixes in the initrd generator. + + Various minor bugfixes. +- Drop NM-restore-MAC-on-release-only-when-cloned.patch: fixed + upstream. + +------------------------------------------------------------------- +Thu Apr 15 02:50:08 UTC 2021 - Jonathan Kang + +- Modified NetworkManager.conf: Use dhclient as the default dhcp + client(bsc#1183202). + +------------------------------------------------------------------- +Fri Apr 9 06:11:21 UTC 2021 - Jonathan Kang + +- Add nm-dhcp-use-valid-lease-on-timeout.patch: Support valid lease + file on dhcp timeout(glfd#NetworkManager/NetworkManager!811, + bsc#1183202). +- Drop nm-fix-dhcp-client-timeout.patch: Replace by the patch + immediately above. + +------------------------------------------------------------------- +Fri Apr 9 06:11:21 UTC 2021 - Jonathan Kang + +- Add nm-fix-dhcp-client-timeout.patch: Better handle dhclient's + timeout so that a recorded lease can be used when dhcp server + is down(glfo#NetworkManager/NetworkManager!811, bsc#1183202). +- Modified NetworkManager.conf: Use dhclient as the default dhcp + client(glfo#NetworkManager/NetworkManager!811, bsc#1183202). + +------------------------------------------------------------------- +Thu Mar 25 07:54:02 UTC 2021 - Jonathan Kang + +- Add NM-restore-MAC-on-release-only-when-cloned.patch: bond: + restore MAC on release only when there is a cloned MAC address + (glfo#NetworkManager/NetworkManager!775, bsc#1183967). + +------------------------------------------------------------------- +Thu Feb 18 18:02:03 UTC 2021 - Dominique Leuenberger + +- Update to version 1.30.0: + + Increase timeout of NetworkManager-wait-online.service to 60 + seconds. + + Add "ipv4.dhcp-client-id=ipv6-duid" option for RFC4361. + + The dhcpcd plugin now requires a minimum version of + dhcpcd-9.3.3 with the --noconfigure option. Using an older + version will cause dhcpcd to exit with a status code of 1. + + Support building against musl libc. + + Support new ethtool offload features. + + Add support for WPA3 Enterprise Suite-B 192 bit mode. + + Add support for handling Veth devices. + + New hostname settings for controlling configuring the hostname + from reverse DNS lookup and from DHCP. + + OVS: support configuring external-ids. + + libnm: nm_setting_bond_add_option() no longer validates the + option that is set. Instead, use nm_connection_verify() to + validate the profile. + + libnm: add support for reading/writing keyfile format. This + required to relicense previously GPL-2.0+ code as LGPL-2.1+ + with the agreement of the copyright holders. + + initrd: + - Support for rd.net.timeout.carrier option. + - Support new ip method "link6" for IPv6 link-local only. + + build: new configure option to set path to + "polkit-agent-helper-1". + + Many bugfixes and improvements. + + Updated translations. +- Change License to GPL-2.0-or-later and LGPL-2.1-or-later, + following upstream. +- Replace %systemd_requires with %systemd_ordering. + +------------------------------------------------------------------- +Mon Jan 4 10:14:10 UTC 2021 - Hans-Peter Jansen + +- Second attempt to exclude systemd.automount from nfs processing: + fix boo#1116625 + +------------------------------------------------------------------- +Sun Dec 6 16:48:42 UTC 2020 - Bjørn Lie + +- Update to version 1.28.0: + + Change the behavior of nm-initrd-generator so that the + 'ip=off|none' kernel cmdline argument actually generates a + connection which disables both ipv4 and ipv6. Previously the + generated connection would disable ipv4 but ipv6 would be set + to the 'auto' method. + +------------------------------------------------------------------- +Fri Nov 27 13:36:02 UTC 2020 - Fabian Vogt + +- Provide service(network) and sysvinit(network) to be an alternative + to wicked-service + +------------------------------------------------------------------- +Tue Nov 24 12:35:56 UTC 2020 - Bjørn Lie + +- Pass --enable-lto to configure, build with LTO enabled. +- Stop passing --enable-json-validation to configure, no longer + needed, nor recognized. + +------------------------------------------------------------------- +Fri Oct 30 10:41:19 UTC 2020 - Hans-Peter Jansen + +- Exclude systemd.automount from nfs processing: fix boo#1116625 + as suggested from Neil Brown + +------------------------------------------------------------------- +Wed Oct 21 14:09:10 UTC 2020 - Dominique Leuenberger + +- Update to version 1.27.91: + + Change the default DNS priority for VPNs from 50 to -50. This + is a change in behavior and means that when connecting to a VPN + with the default route, DNS queries will never leak to local + resolvers. To restore the old behavior, set the DNS priority of + the connection to 50. + + The initrd generator now supports creating Infiniband + connections. + +------------------------------------------------------------------- +Fri Oct 16 01:27:51 UTC 2020 - Dominique Leuenberger + +- Rebase patches: + + 0001-Coerce-connectivity-LIMITED-to-NONE-when-device-is-d.patch + + NetworkManager-1.10.6-netconfig.patch + + nm-dont-overwrite-resolv-conf.patch + +------------------------------------------------------------------- +Fri Oct 16 01:27:50 UTC 2020 - Bjørn Lie + +- Update to version 1.27.90: + + Introduce a new "rc-manager=auto" setting and make it the + default, unless a different default is chosen at compile time. + This mode tries to detect "systemd-resolved", "resolvconf", and + "netconfig". +- Disable patches that needs rebase or dropping: + + nm-dont-overwrite-resolv-conf.patch + + NetworkManager-1.10.6-netconfig.patch + + 0001-Coerce-connectivity-LIMITED-to-NONE-when-device-is-d.patch + +------------------------------------------------------------------- +Fri Oct 16 01:27:03 UTC 2020 - dimstar@opensuse.org + +- Update to version 1.27.3: + + Introduce new "rc-manager=auto" setting and make it the + default, unless a different default is chosen at compile time. + This mode tries to detect "systemd-resolved", "resolvconf", + and "netconfig" and chooses the mode that seems most suitable + depending on build setting and runtime detection. + "resolvconf" and "netconfig" are only considered iff + NetworkManager was built with the respective options enabled. +- Rebase nm-dont-overwrite-resolv-conf.patch and + 0001-Coerce-connectivity-LIMITED-to-NONE-when-device-is-d.patch. + +------------------------------------------------------------------- +Thu Oct 15 08:25:35 UTC 2020 - Bjørn Lie + +- Update to version 1.26.4: + + Add support for the DHCPv4 vendor class identifier option. + + The initrd generator now supports specifying interfaces by MAC + address. + + Automatically add the wildcard DNS domain to VPNs with + never-default=no and no domains. + + Allow setting bond "primary" option with modes "tlb" and "alb". + + Fix peer group tracking of Wi-Fi P2P connections. + + Fix autoactivating virtual devices after a failure. + +------------------------------------------------------------------- +Thu Aug 20 10:27:40 UTC 2020 - Bjørn Lie + +- Update to version 1.26.2: + + build: various fixes for LTO. + + dhcp6: export and handle the DHCPv6 FQDN option. + + core: fix reapply for bond options. + + core: improve "connection.wait-device-timeout" to handle + matching devices not only by interface name and fix race. + + libnm,core: support "clsact" qdisc. + + dhcp4: fix bug in internal DHCP client on big endian systems. + +------------------------------------------------------------------- +Thu Aug 13 08:54:28 UTC 2020 - Dominique Leuenberger + +- Own the two empty directories pre-up.d and pre-down.d in + /usr/lib/NetworkManager/dispatcher.d (boo#1173713). + +------------------------------------------------------------------- +Mon Jul 13 18:48:22 UTC 2020 - Bjørn Lie + +- Update to version 1.26.0: + + Add a new build option 'firewalld-zone'; when enabled, + NetworkManager installs a firewalld zone for connection sharing + and puts interfaces using IPv4 or IPv6 shared mode in this zone + during activation. The option is enabled by default. + Note that NetworkManager still calls to iptables to enable + masquerading and open needed ports for DHCP and DNS. The new + option is useful on systems using firewalld with the nftables + backend, where the iptables rules would not be sufficient. + + Extend the syntax for 'match' setting properties with '|', '&', + '!' and '\\'. + + Add MUD URL property for connection profiles (RFC 8520) and set + it for DHCP and DHCPv6 requests. + + Expose raw LLDP message on D-Bus and the MUD usage description + URL. + + ifcfg-rh: handle "802-1x.{,phase2-}ca-path". Otherwise setting + this property silently fails and a profile might accidentally + not perform any authentication (CVE-2020-10754). + + ifcfg-rh: handle 802-1x.pin properties. + + ethernet: reset original autonegotiation/speed/duplex settings + when deactivating device. + + Support ethtool coalesce and ring options. + + Allow team connections to work without D-Bus (e.g. in the + initrd). + + Wi-Fi profiles now also autoconnect if all previous activation + attempts failed. This means, an initial failure to autoconnect + to the network will no longer block the automatism. A side + effect is that existing Wi-Fi profiles which previously were + blocked may now start to autoconnect. + + NetworkManager now supports "local" type routes beside + "unicast". + + Introduce new manual pages nm-settings-dbus and + nm-settings-nmcli. + + Mark externally managed devices and profiles on D-Bus. + + Highlight externally managed devices in nmcli. + + Add support for a number of bridge options. + + Add match for device path, driver and kernel command line for + connection profiles. + + Fix support for OVS patch interfaces. + + Support more tc qdiscs: tbf and sfq. + + Add new provider in nm-cloud-setup for Google Cloud Platform + which automatically detects and configures the host to receive + traffic from internal load balancers. + +------------------------------------------------------------------- +Thu Jul 2 02:54:36 UTC 2020 - Jonathan Kang + +- Rebase nm-add-CAP_SYS_ADMIN-permission.patch. + +------------------------------------------------------------------- +Fri May 29 19:35:31 UTC 2020 - Bjørn Lie + +- Update to version 1.24.2: + + Add a new build option 'firewalld-zone'; when enabled, + NetworkManager installs a firewalld zone for connection sharing + and puts interfaces using IPv4 or IPv6 shared mode in this zone + during activation. The option is enabled by default. Note that + NetworkManager still calls to iptables to enable masquerading + and open needed ports for DHCP and DNS. The new option is + useful on systems using firewalld with the nftables backend, + where the iptables rules would not be sufficient. + + ifcfg-rh: + - Handle "802-1x.{,phase2-}ca-path". Otherwise setting this + property silently fails and a profile might accidentally not + perform any authentication (CVE-2020-10754). + - Handle 802-1x.pin properties. + + platform: fix crash detecting device type from netlink. + + ip-tunnel: only set cloned-mac-address for layer 2 tunnels. + + Fixes for sanitizer build and valgrind. + + Various other bugfixes. + +------------------------------------------------------------------- +Fri May 8 13:51:44 UTC 2020 - Bjørn Lie + +- Update to version 1.24.0: + + Add support for virtual routing and forwarding (VRF) + interfaces. + + Add support for Opportunistic Wireless Encryption mode (OWE) + for Wi-Fi networks. + + Add support for 31-bit prefixes on IPv4 point-to-point links + according to RFC 3021. + + Drop dependencies for libpolkit-agent-1 and + libpolkit-gobject-1. + + nmcli: + - support setting removal via new command + `nmcli connection modify $CON_NAME remove $setting`. + - support backslash escape sequences for "vpn.data", + "vpn.secrets", "bond.options", and "ethernet.s390-options". + + bridge: support new options "bridge.multicast-querier", + "bridge.multicast-query-use-ifaddr", "bridge.multicast-router", + "bridge.vlan-stats-enabled", "bridge.vlan-protocol", + "bridge.group-address". + + IPv6 SLAAC: add support for "ipv6.ra-timeout" setting + + IPv6 DHCP: add support for "ipv6.dhcp-timeout" setting + + WWAN: NetworkManager now detects if a PIN-protected SIM card + has been externally unlocked and automatically tries to + activate a suitable connection on the modem. + + OVS: + - add support for changing MTU of OVS interfaces. + - remove length limitation for OVS Bridge, Patches and + Interfaces (only Patch types) names. + + VPN: accept empty values for VPN data items and secrets. + + All nm-devices now expose the 'HwAddress' property via D-Bus. + + Slave devices now do not get created/activated if master is + missing. + + Fixed multiple issues in the internal "nettools" DHCP client. + + Export NM_CAPABILITY_OVS capability on D-Bus and in libnm to + indicate that the OVS plugin is loaded. + + Fixes for importing WireGuard profiles in nmcli and better + handle configurations that enable ip4-auto-default-route with + an explicit gateway. + + Various bug fixes and improvements. +- Rebase applied patches with quilt. +- Drop pkgconfig(polkit-agent-1) BuildRequires: No longer needed. + +------------------------------------------------------------------- +Fri May 1 08:31:05 UTC 2020 - Dominique Leuenberger + +- Prepare the directory structure for the VPN modules. This is the + directory we instruct VPN services to be installed to as part of + pkg-config --variable vpnservicedir libnm. It is this fair that + we also provide the directory layout. +- Install RPM macros (macros.NetworkManager) as part of the -devel + package for plugins to get the relevant variables to consume. + +------------------------------------------------------------------- +Thu Mar 12 15:48:22 UTC 2020 - Bjørn Lie + +- Update to version 1.22.10: + + core: periodically cleanup stale device state files from /run. + + dhcp: fix crash in nettools client. + + bond: fixed the validation of the miimon option. + + Various minor bug fixes and improvements. + +------------------------------------------------------------------- +Wed Mar 11 08:24:26 UTC 2020 - Dr. Werner Fink + +- Modify nfs script (boo#1164642) + * Also mount nfs4 shares + * Ignore nfs or nfs4 shares in case if the noauto option is set + +------------------------------------------------------------------- +Tue Feb 18 18:21:13 UTC 2020 - Bjørn Lie + +- Update to version 1.22.8: + + Added configuration option to customize IPv6 RA timeout. + + Internal DHCP client will now request a lease renewal using the + previously obtained IP address when expired. + + Removed length limitation for OVS Bridge, Patches and + Interfaces (only Patch types) names. + + Fixed initialization of 'secs' DHCP header field, this caused + some DHCP relays to drop packets. + + Fixed failure when creating team interfaces using 'nmstate'. + + Various bug fixes and improvements. + +------------------------------------------------------------------- +Wed Feb 5 15:11:19 UTC 2020 - Michael Gorse + +- Add -fcommon to CFLAGS. This is currently being done upstream + (boo#1160381). + +------------------------------------------------------------------- +Fri Jan 31 10:36:29 UTC 2020 - Bjørn Lie + +- Update to version 1.22.6: + + Various fixes for the internal DHCP client. + + Slave devices now do not get created/activated if master is + missing. + + Fixed 'startup-complete' bug where NetworkManager would reach + the network-online.target even when not all the connections had + been tried. + + Updated translations. + +------------------------------------------------------------------- +Sat Jan 25 14:04:08 UTC 2020 - Dominique Leuenberger + +- No longer recommend -lang: supplements are in use + +------------------------------------------------------------------- +Fri Jan 10 11:09:18 UTC 2020 - Bjørn Lie + +- Update to version 1.22.4: + + Fix behavior of internal DHCP client when the server sends a + NAK. + + Support 31-bit prefixes on IPv4 point-to-point links according + to RFC 3021. + + Fix memory leak parsing RequestScan D-Bus method arguments. + +------------------------------------------------------------------- +Wed Jan 8 20:54:45 UTC 2020 - Lorenz Hüdepohl + +- Fix 'nfs' dispatcher script + It was checking for an enabled unit 'nfs.service' - which does not + exist (anymore?). Switched to a check for an enabled unit + 'nfs-client.target' + +------------------------------------------------------------------- +Tue Dec 24 16:11:15 UTC 2019 - Bjørn Lie + +- Update to version 1.22.2: + + Fix multiple issues in the internal DHCP client, including + wrong parsing of search domains and classless routes options, + and failures in obtaining and renewing the lease with certain + server configurations. + + Export NM_CAPABILITY_OVS capability on D-Bus and in libnm to + indicate that the OVS plugin is loaded. + + Fix libnm annotations for nm_sriov_vf_get_vlan_ids() to allow + the usage of the function through GObject introspection. + +------------------------------------------------------------------- +Tue Dec 17 12:33:25 UTC 2019 - Bjørn Lie + +- Update to version 1.22.0: + + Drop support for BlueZ 4. BlueZ 5 was released in 2012 and + should nowadays be available everywhere. + + DHCP: switch "internal" DHCPv4 plugin from code based on + systemd to use nettools' n-dhcp4 library. + + Add support for "scope" attribute for IPv4 routes. + + Add support for specifying IAID and FQDN flags for DHCP + request. + + Add a '802-1x.optional' property to consider the wired 802.1X + authentication as optional. + + Use the Network Cost Wi-Fi information element to determine + metered device state. + + Support main.auth-polkit=root-only setting to disable PolicyKit + use and restrict authorization to root user. + + core: declare "startup complete" when device reaches + "connected" state, even if IP addressing methods did not yet + fully complete. This changes behavior for unblocking + "NetworkManager-wait-online.service", and + "network-online.target" earlier. If this causes issues in your + setup, you may need to configure "ipv4.may-fail=no" or + "ipv6.may-fail=no", which delays reaching "connected" state for + the address family accordingly. + + libnm: hide NMObject and NMClient typedefs from header files. + This prevents the user from subclassing these types and is an + ABI change (in the unlikely case that a user was subclassing + the types, which is no longer supported). + + libnm: retire deprecated WiMAX API NMDeviceWimax and + NMWimaxNsp. WiMAX support was removed from NetworkManager in + version 1.2 (2016) and no such type instances would have been + created by NMClient for a while now. + + Deprecate synchronous API for D-Bus calls in libnm. We don't + remove libnm API so you are free to continue using it. But + tells you that using it might be a bad idea. + + libnm: heavily internal rework NMClient. This slims down libnm + and makes the implementation more efficient. NMClient should + work now well with a separate GMainContext. + + Add `nmcli general reload` subcommand to reload NetworkManager + configuration and DNS settings. + + nm-cloud-setup: add new tool for automatically configuring + NetworkManager in cloud. This is still experimental and + currently only EC2 and IPv4 is supported. + + Add new NetworkManager logo to "contrib/art/logo". + + Various bug fixes and improvements. +- Disable networkmanager-checks-po.patch: Needs rebase. +- Add new nm-cloud-setup.service to pre/post/preun/postun calls. + +------------------------------------------------------------------- +Mon Nov 25 15:24:42 UTC 2019 - Bjørn Lie + +- Update to version 1.20.8: + + Fix handling of system CA certificates in the ifcfg parser. + + Handle ReachableTime and RetransTimer from IPv6 Router + Advertisements. + + Fixed setting of MTU according to its parent device for some + device types. + + Various fixes for the initramfs configuration genertor. + +------------------------------------------------------------------- +Wed Nov 6 17:36:13 UTC 2019 - Bjørn Lie + +- Update to version 1.20.6: + + Fix updating agent-owned VPN secrets. + + Adjust IWD support to new D-Bus path of IWD 1.0. + + Introduce an 'optional' property in the 802-1x setting to + allow the activation to proceed in case of missing + authenticator. + + Fix ARP announcements for IP addresses configured on + interfaces. + + Use proper interface when adding s390 specific details in + initrd generator. + + Don't disable PMF on Wi-Fi connections using SAE. + + Properly handle uint16 property types in libnm. + +------------------------------------------------------------------- +Thu Oct 31 08:31:22 UTC 2019 - Dominique Leuenberger + +- Drop NetworkNanager-client recommends: this is no longer needed, + as NM itself ships a frontend by now (nmtui). If a DE has a + better way to manage NM (by means of applets or other way of + integration) it is up to the DE to depend on the applets. + +------------------------------------------------------------------- +Wed Oct 9 19:26:34 UTC 2019 - Bjørn Lie + +- Update to version 1.20.4: + + Fix crash related to Wi-Fi-P2P. + + Support rd.znet option in initrd generator to support s390. + + Fix not creating default-wired-connection when a suitable + profile exists which is not tied to the device by + interface-name. + + tui: support WPA3-Personal (SAE). + + Fixes for OLPC Mesh Wi-Fi. + + Various bug fixes. Notably, fix unit test and build issues. +- Drop nm-fix-gtk-doc.patch: Fixed upstream. + +------------------------------------------------------------------- +Wed Oct 9 18:26:34 UTC 2019 - Bjørn Lie + +- Add nm-fix-gtk-doc.patch: Fix build with gtk-doc 1.32 and newer. + +------------------------------------------------------------------- +Wed Oct 9 17:26:34 UTC 2019 - Bjørn Lie + +- Update to version 1.20.2: + + Don't ask wpa_supplicant to attempt to enable FT if the + interface doesn't support it. + + Various bug fixes and improvements. + + Updated translations. + +------------------------------------------------------------------- +Wed Oct 9 16:26:34 UTC 2019 - Bjørn Lie + +- Update to version 1.20.0: + + The libnm-glib library, deprecated in favor of libnm since + NetworkManager 1.0, and disabled by default since + NetworkManager 1.12, has now been removed. + + The DHCP client now defaults to "internal". The default can be + overriden at build time by using the --with-config-dhcp-default + option of the configure script or at run time by setting the + main.dhcp option in the configuration file. + + Added support for configuring fq_codel line discipline and + mirred action. + + Added a possibility for distributions to ship dispatcher + scripts in /usr/lib. + + Drop deprecated setting "main.monitor-connection-files" in + NetworkManager.conf. This setting now has no more effect and + was disabled by default for a long time. Instead, after + changes, load files explicitly with `nmcli connection load` or + `nmcli connection reload`. + + Rework parsing team JSON config in libnm and stricter validate + settings. With this, NetworkManager rejects settings that it + considers invalid while still allowing setting arbitrary JSON + config directly. + + Drop ibft settings plugin. This functionality is now covered by + using nm-initrd-generator from initrd to pre-generate in-memory + profiles. + + Support "suppress_prefixlength" attribute for policy routing + rules. + + This is what wg-quick uses for the "Improved Rule-based + Routing" solution, and the user can now manually configure such + policy routing rules. + + Support "wireguard.ip4-auto-default-route" and + "wireguard.ip6-auto-default-route". This automatically + implements the "Improved Rule-based Routing" of wg-quick to + help avoiding routing loops when setting the default-route on + the WireGuard interface. Note that this is now enabled by + default, so there is a change in behavior if your WireGuard + connection profiles from before had a default-route (/0) in + allowed-ips. + + Rework implementation of settings plugins and how profiles are + presisted to disk. This is a large internal refactoring of the + settings plugins that allows to migrate a connection profile + between plugins. + + In-memory profiles are now only handled by keyfile plugin and + will also be persisted to /run directory. This allows to + restart NetworkManager without loosing these profiles and it + provides a file-system based API for creating in-memory + profiles. + + Keyfile plugin now supports a read-only directory of profiles + under directory "/usr/lib/NetworkManager/system-connections". + Such profiles still can be modified and deleted via D-Bus, + which results in writing profiles to /etc or /run that shadow + the read-only files. + + Add new D-Bus method AddConnection2() that allows to block + autoconnect of the profile at the moment when creating the + profile. Also add support for this API to libnm. + + Add flag "no-reapply" to Update2() D-Bus method. Normally, when + a connection profile gets modified, this only changes the + profile itself. When the profile is currently activated on a + device, then the device's configuration does not update before + the profile is fully re-activated or Reapply on the device is + called. There is an exception to this: the "connection.zone" + and the "connection.metered" properties take effect + immediately. The "no-reapply" flag allows suppressing to + reapply any properties, so that no changes take effect + automatically. The purpose is to really only modify the profile + itself without changes to the runtime configuration of the + device. + + Add "ipv6.method=disabled" to disable IPv6 on a device, like + also possible for IPv4. Until now, the users could only set + "ipv6.method=ignore" which means the users are free to set IPv6 + related sysctl values themselves. + + Added support for Wi-Fi Mesh network. +- Stop passing --with-libnm-glib to configure, feature was dropped. +- Drop sub-packages libnm-util2, libnm-glib4 and libnm-glib-vpn1 + and obsolete them from the main package (also in baselibs.conf). +- Drop typelib-1_0-NetworkManager-1_0 and typelib-1_0-NMClient-1_0. +- Rebase some patches with quilt. +- Disable nm-add-CAP_SYS_ADMIN-permission.patch: Needs rework or + possibly dropping as the ibft plugin is dropped. +- Pass --with-iwd=yes to configure, build experimental IWD backend + support. Not recommended for endusers, only for testers willing + to take the risk of broken wifi with no support from distro. + +------------------------------------------------------------------- +Wed Oct 9 15:26:34 UTC 2019 - Bjørn Lie + +- Update to version 1.18.4: + + Improve handling of externally added policy routing rules and + for rules that are taken over after a restart of NetworkManager + service. + + Fix taking over OVS devices after restart of NetworkManager. + + Bugfix reapplying IP configuration while activating. + + Allow reapplying Wi-Fi profile when seen-bssids changes. + + Various other bugfixes for minor issues and memory leaks. + + Various build and test fixes. + +------------------------------------------------------------------- +Tue Jul 30 00:21:31 UTC 2019 - Jonathan Kang + +- Update to version 1.18.2(bsc#1138213): + + Add support for policy routing rules. + + Add support for VLAN filtering for Linux bridge. + + Support ieee-802-1 and ieee-802-3 LLDP TLVs. + + Allow large MTU sizes for infiniband/IPoIB connection profiles. + + Improve nmcli's handling of list options for connection properties. + + Add compatibility with out-of-tree WireGuard module on 5.2 kernels + + Fix parsing of BOOTIF= variables in initrd. + + Accept numeric IPv4 prefix in place of a mask when parsing a command line + in initrd. + + Don't check connectivity of unconfigured devices. + + Fix PKCS#12 handling in the ifcfg-rh plugin. + + Avoid waiting for udev to see software devices created by NetworkManager. + + Don't attempt to stop management daemon for Team devices created + externally to NetworkManager. + + Use FQDN for persistent hostname on Slackware. + + Restore IPv6 configuration of a device when its link goes back up. + + Fix management status of software devices on system suspend. + + Make nmcli not print certificate blobs if --show-secrets is not used. + + Fix MTU reapply. +- Drop 0001-Update-connectivity-value-on-device-removal.patch: + Fixed upstream. + +------------------------------------------------------------------- +Tue Jun 11 02:58:57 UTC 2019 - Jonathan Kang + +- Add nm-add-CAP_SYS_ADMIN-permission.patch: Add CAP_SYS_ADMIN + which netconfig needs to call setdomainname (bsc#1129587). + +------------------------------------------------------------------- +Wed May 29 18:34:31 UTC 2019 - Bjørn Lie + +- Update to version 1.16.2: + + Use FQDN for persistent hostname on Slackware. + + Fix wrong permissions of the /var/lib/NetworkManager/secret_key + file. + + Don't terminate teamd when assuming existing team connections. + + Fix incorrect persistence of connections with EAP-TLS and a + PKCS#12 certificate when using the ifcfg-rh plugin. + + Fix reapply of the MTU property on devices. + + Restore IPv6 configuration when the link goes up. + + Fix build with sanitizers. + + Other various bug fixes and improvements. + +------------------------------------------------------------------- +Tue May 21 07:38:18 UTC 2019 - Jonathan Kang + +- Avoid using "systemctl enable" in spec file (bsc#1038403). + +------------------------------------------------------------------- +Fri May 17 09:13:12 UTC 2019 - Jonathan Kang + +- Remove legacy checks which fixes bnc#803058 during distribution + upgrade from 12.2 to 12.3 in .spec file. + +------------------------------------------------------------------- +Thu Mar 28 18:03:23 UTC 2019 - Christian Boltz + +- Fix systemd-network-config.patch which added lines starting with "+" + to NetworkManager-wait-online.service + +------------------------------------------------------------------- +Thu Mar 21 12:04:23 UTC 2019 - Antonio Larrosa + +- Fix the connectivity value of devices which was set to LIMITED when + the connectivity check fails. Now if the connectivity is being set + to LIMITED but the device state is DISCONNECTED, then the value is + coerced to NONE. Add patch submitted to + upstream (boo#1103678, glfdo#NetworkManager/NetworkManager#138): + * 0001-Coerce-connectivity-LIMITED-to-NONE-when-device-is-d.patch + +- Fix the global connectivity value which wasn't updated when a + device was removed. Which is a problem if the device being removed + is the one providing the connectivity. Add patch submitted to + upstream (boo#1103678, glfdo#NetworkManager/NetworkManager#141): + * 0001-Update-connectivity-value-on-device-removal.patch + +------------------------------------------------------------------- +Mon Mar 18 07:52:13 UTC 2019 - sckang@suse.com + +- Update to version 1.16.0: + + Check connectivity per address family. + + Support "main.systemd-resolved" to let NetworkManager configure + DNS settings in systemd-resolved without making it the main DNS + plugin of NetworkManager. + + Write "/var/run/NetworkManager/no-stub-resolv.conf" with + original nameservers. That is useful with caching DNS plugins + like "systemd-resolved" or "dnsmasq" where + "/var/run/NetworkManager/resolv.conf" refers to localhost. + + Change default "ipv4.dhcp-client-id" setting for the internal + DHCP plugin from "duid" to "mac". This is a change in behavior + on upgrade when using the internal DHCP plugin (unless the + default is overwritten in "NetworkManager.conf" or specified + per connection profile). + + Improve handling of DHCP router options with internal DHCP + plugin. For one, accept multiple routers and add a + default-route to each. On D-Bus expose the original DNS and + NTP servers without cleaning up local nameservers. + + Allow binding a connections lifetime to the DBus client that + activated it. + + Add support for establishing Wi-Fi Direct connections (Wi-Fi + P2P). + + Add support for WireGuard VPN tunnels to NetworkManager. D-Bus + API and libnm support all options. nmcli supports creating and + managing WireGuard profiles, with the exception of configuring + and showing peers. + + Add initrd generator to be used by dracut and use it as new way + of handling iBFT. + + Deprecated "plugins.monitor-connection-files" setting in + NetworkManager.conf. This option will have no effect in future + versions. + + Add AP and Ad-hoc support for iwd Wi-Fi backend. + + Warn about invalid settings in "NetworkManager.conf". + + Support announcing "ANDROID_METERED" DHCP option for shared + mode. + + Support SAE authentication as used for 802.11s Meshing and + WPA3-Personal. + + NetworkManager is no longer installed as D-Bus activatable + service. + + Mark docker bridges as unmanaged via udev rule. + + Add new PolicyKit permission + "org.freedesktop.NetworkManager.wifi.scan" for controlling + Wi-Fi scanning. +- Rebase systemd-network-config.patch and + nm-dont-overwrite-resolv-conf.patch. +- Drop NetworkManager-1.12.2-docker-unmanaged.patch and + NM-add-wifi-scan-polkit-rule.patch: Fixed upstream (bsc#1128560). + +------------------------------------------------------------------- +Sun Mar 17 10:13:20 UTC 2019 - Jan Engelhardt + +- Do away with em dashes in summaries. +- Combine %service_* calls to reduce generated boilerplate. + +------------------------------------------------------------------- +Sun Feb 24 00:21:47 UTC 2019 - bjorn.lie@gmail.com + +- Update to version 1.14.6: + + Fix memory corruption in internal DHCPv6 client + (CVE-2018-15688). + + No longer limit number of search entires in resolv.conf to 6. + + Support restricting NetworkManager.conf device configuration + based on used DHCP plugin. + + Add "${MAC}" specifier for connection.stable-id. This uses the + current MAC address for seeding the stable generation of MAC + address, DHCP client-id or IPv6 stable-privacy interface + identifier. + + Support special value "duid" for "ipv4.dhcp-client-id". This + generates an RFC4361-compliant client-id like the internal DHCP + client used to do by default. Previously, there was no explicit + name for such a client-id and it was not usable with dhclient + DHCP plugin. This also generates the same client-id as + systemd-networkd does by default. + + Support and use a new kind of secret-key in + "/var/lib/NetworkManager/secret_key". The secret-key represents + the identity of the machine that is used for various purposes + like generating IPv6 stable privacy addesses. It is now + combined with "/etc/machine-id" so that changing only the + machine-id results in new identifiers. That matters for example + when cloning a virtual machine. Previously, the user hard to + prune NetworkManager's secret-key to get a new identity, now + regenerating machine-id suffices. Secret-keys generated by + earlier versions of NetworkManager are not affected and keep + their previous behavior. + + Fix the DHCP client-ids based on the MAC address of + IPoIB/infiniband devices. + + Fix restoring IP configuration after interface went down. + + No longer let NetworkManager touch rp_filter setting. The + rp_filter sysctl must now be set outside of NetworkManager + according to the admin's preference. Note that a strict + rp_filter may break valid use-cases and interacts badly with + connectivity checking. + + Various bug fixes and improvements. + +------------------------------------------------------------------- +Thu Jan 31 01:12:35 UTC 2019 - sckang@suse.com + +- Add NM-add-wifi-scan-polkit-rule.patch: Adding a new polkit + action "org.freedesktop.NetworkManager.wifi-scan" so that + distributions can add specific rule to allow Wi-Fi scans + (bsc#1122262, glfo#NetworkManager/NetworkManager!68). + +------------------------------------------------------------------- +Tue Nov 20 07:02:46 UTC 2018 - sckang@suse.com + +- Modify nfs script: Only mount/unmount when the file type is nfs + (bsc#1074074, bsc#1146935). + +------------------------------------------------------------------- +Sat Oct 27 13:04:09 UTC 2018 - bjorn.lie@gmail.com + +- Update to version 1.14.4: + + Fix a crash in nmcli when a device is removed while being + disconnected. + + Fix a crash in ifupdown (Debian) configuration plugin. + + Fix a daemon crash when a generated connection doesn't + validate. + + Fix a memory leak in dhclient DHCP plugin. + + Fix line editing in nmcli password prompts. + + Fix a RPATH in bluetooth and wwan plugin when built with Meson + (otherwise they wouldn't find libnm-wwan.so). + +------------------------------------------------------------------- +Sun Oct 21 09:01:37 UTC 2018 - bjorn.lie@gmail.com + +- Update to version 1.14.2: + + Fix a bug that could cause NetworkManager to crash after + checking connectivity status. + + Correctly apply a default (-1) metric from DHCP. + + Multiple fixes for IWD Wi-Fi backend. + + Multiple fixes for builds with Meson build system. + + Fix a crash with OLPC XO-1 mesh Wi-Fi. + + Fix handling "serial.parity" and "serial.send-delay" properties + in nmcli. + + Improve auto-selecting device when activating a connection + profile and don't auto-select unmanaged devices when activating + multi-connect profile. + + Avoid expiring the lifetime of IPv6 addresses from router + advertisements. + +------------------------------------------------------------------- +Wed Sep 26 23:00:41 UTC 2018 - bjorn.lie@gmail.com + +- Update to version 1.14.0: + + Added support for IEEE 802.15.4 and 6LowPAN devices. + + Support activating profile multiple times via + connection.multi-connect setting. + + Add match setting to restrict a profile to devices based on a + list of interface names with globbing supported. + + Fix PrimaryConnection for VPN with default-route. + + Add support for ethtool offload features. + + Add support for configuring llmnr. + + Deprecate endian-dependent D-Bus API and add new API that can + be used instead (rh#1153559). + + Add support for ip6gre/ip6gretap IP tunnels. + + Add support for detecting WireGuard interfaces (WireGuard VPN + cannot be controlled via NetworkManager). + + Add support for configuring SR-IOV devices. + + Improve error reporting of activation when no device is + available. + + Support reapplying changes of the route metric. + + Support EAP profiles with iwd Wi-Fi backend and support iwd API + 0.8. + + Expose slaves of OVS bridges and ports. + +------------------------------------------------------------------- +Sat Sep 22 15:12:06 UTC 2018 - Andrei Dziahel + +- Add NetworkManager-1.12.2-docker-unmanaged.patch: Do not manage + Docker bridge interfaces (glfdo#NetworkManager/NetworkManager!15) + +------------------------------------------------------------------- +Wed Sep 19 06:45:31 UTC 2018 - sckang@suse.com + +- Update to version 1.12.4: + + Fix crash in connectivity check. + + Fix accepted input format for vpn.secrets in nmcli's password file. + + libnm: support private keys encrypted with AES-{192,256}-CBC. + + Fix stopping pppd on modem hangup + + Various minor bugfixes and translation updates. +- Drop NetworkManager-fix-compile-error.patch and + NetworkManager-remove-assertion.patch: Fixed upstream. + +------------------------------------------------------------------- +Fri Aug 17 11:57:19 UTC 2018 - bjorn.lie@gmail.com + +- Add NetworkManager-fix-compile-error.patch: Fix compile error due + to NM_AVAILABLE_IN_1_12_2 macro. +- Add NetworkManager-remove-assertion.patch: cli: remove assertion + in nmc_device_state_to_color() (bgo#796834). + +------------------------------------------------------------------- +Thu Jul 26 20:56:06 UTC 2018 - bjorn.lie@gmail.com + +- Update to version 1.12.2: + + Fix missing symbols in libnm ABI for settings. + + Fix a regression that disallowed activations of VPN connections + with a device specified. + + Robustness fixes to connectivity checking. +- Changes from version 1.12.0: + + Improved support for configuration checkpoint, including + support in libnm. + + Added capability to set IP Tunnel configuration flags. + + The systemd-resolved DNS plugins now supports MDNS. + + Systemd-resolved and dnsmasq DNS plugins now honor the DNS + priority setting (CVE-2018-1000135). + + Wi-Fi devices now support FILS for speedier roaming support. + + Drop dependency on libnl3 library. + + Add support for "onlink" routes. + + More robust connectivity checking. + + Dropped the obsolete "ifnet" settings plugin, + + Try harder to generate reasonable human-readable names for + devices even if the hwdb contains garbage. + + Add an "overview" option to hide default values in nmcli, + resulting in more concise output. + + Reworked the inner workings of D-Bus interface for better + resource efficiency. + + Add support for configuring nmcli coloring via + terminal-colors.d(5). + + Added experimental support for Meson build system. + + Added initial IWD Wi-Fi daemon support. + + A non-hexadecimal DHCPv4 client-id is now properly passed to + dhclient with the first byte (type) set to zero, as stated in + the documentation. This represents a change in behavior since + previous versions where the first character of the string was + used as type. The internal client is not affected by the + change. + + DNS setting rc-manager=file now always follows dangling + symlinks instead of replacing /etc/resolv.conf with a plain + file. + + Added wake_on_wlan connection setting to configure + wake-on-wireless-lan (WoWLAN). + + The libnm-glib library, deprecated in favor of libnm since + NetworkManager 1.0, is now not built by default. While it can + still be enabled, the distributions should have a good plan for + removing it if they need to keep shipping it at this point. + + Nmcli now scans for Wi-Fi networks before displaying them, if + the last scan was too long ago. + + Added the ipv6.dhcp-duid property to allow configuring the + DHCPv6 DUID. + + Extended ipv6.dhcp-client-id property to support DHCP client + identifers depending on the MAC address and the stable ID. + + Set NM_DISPATCHER_ACTION environment variable in dispatcher + scripts. +- Rebase NetworkManager-1.10.6-netconfig.patch and + systemd-network-config.patch with quilt. +- Disable networkmanager-obs-net.patch and make check, needs + rebase. +- Pass with-libnm-glib to configure, deprecated libnm-glib support + is no long built by default, and since we can not remove this yet + due to Steam, we pass this option for now. + +------------------------------------------------------------------- +Sun Jun 17 18:05:00 UTC 2018 - bjorn.lie@gmail.com + +- Update to version 1.10.10: + + Fix crash during reapply of connection settings. + + Minor bugfixes. + +------------------------------------------------------------------- +Sun May 13 19:18:48 UTC 2018 - lnussel@suse.de + +- Don't fall back to writing /etc/resolv.conf if launching + netconfig fails for some reason (boo#1092352, + NetworkManager-1.10.6-netconfig.patch). + +------------------------------------------------------------------- +Fri May 11 16:52:27 UTC 2018 - bjorn.lie@gmail.com + +- Update to version 1.10.8: + + Fix connectivity timeout handling (bgo#794464). + + Retry activating devices when the parent becomes managed + (rh#1553595). + + Correctly set the rp_filter value (rh#1565529). + + A fix to ensure teamd is respawned after daemon restart + (rh#1551958). + + Better handle DHCP expiry (bgo#783391). + + Fix configuration of IPv6 over master interfaces (rh#1575944). + + Other various bug fixes including possible crashes. + + Updated translations. +- Drop NM-look-at-all-rp-filter-value.patch: Fixed upstream. + +------------------------------------------------------------------- +Fri May 4 06:56:55 UTC 2018 - sckang@suse.com + +- Add NM-look-at-all-rp-filter-value.patch: look at 'all' rp_filter + value too to determine actual value (bsc#1084336, bgo#794689). + +------------------------------------------------------------------- +Tue Mar 20 16:52:37 UTC 2018 - dimstar@opensuse.org + +- Unconditionally enable translation-update-upstream: on + Tumbleweed, this results in a NOP and for Leap in SLE paid + translations being used (boo#1086036). + +------------------------------------------------------------------- +Mon Mar 12 14:52:55 UTC 2018 - dimstar@opensuse.org + +- Update to version 1.10.6: + + ovs: fix compilation issue of OVS plugin and various fixes. + + team: add support for team runner "random". + + core: cleanup activation of device (rh#1537160). + + dhcp: retry indefinitely to renew the lease (rh#1503587). + + core: fix blocking autoconnect for no-secrets (bgo#794014). + + libnm: mark async results as cancelled (bgo#794088). + + Various bug fixes including possible crashes. + + Updated translations. +- Drop nm-preserve-agent-owned-secrets-on-connection-update.patch, + NetworkManager-1.10.4-buildfixes.patch and + nm-fix-autoconnect.patch: fixed upstream. + +------------------------------------------------------------------- +Tue Mar 6 13:01:57 UTC 2018 - fabian@ritter-vogt.de + +- Add nm-fix-autoconnect.patch: Fix autoconnect with agent-owned + secrets (bgo#794014, boo#1079672). + +------------------------------------------------------------------- +Sat Mar 3 11:01:36 UTC 2018 - seife+obs@b1-systems.com + +- fix nfs dispatcher script (boo#1083831) + +------------------------------------------------------------------- +Wed Feb 28 16:37:33 UTC 2018 - dimstar@opensuse.org + +- Modernize spec-file by calling spec-cleaner + +------------------------------------------------------------------- +Tue Feb 27 02:30:47 UTC 2018 - sckang@suse.com + +- Add nm-preserve-agent-owned-secrets-on-connection-update.patch: + Backport upstream commit to preserve agent-owned secrets on + connection update (bgo#793324, bsc#1082762). + +------------------------------------------------------------------- +Mon Feb 5 11:29:58 UTC 2018 - dimstar@opensuse.org + +- Update to version 1.10.4: + + Load jansson at runtime. This solves a clash with json-glib + that caused a gnome-control-center crash, but also gets rid of + a hard dependency. + + Correct nmcli exit values after receiving a signal. + + Fix libnm secret agent asynchronous initialization. + + Add a default route for a modem even if it didn't sent a + gateway. + + Improve communication of DAD failures. + + Remember device default metrics across daemon restarts. + + Various bug fixes including possible crashes. + + Updated translations. ++ Add NetworkManager-1.10.4-buildfixes.patch: Fix OVS compile + errors (bgo#793183). + +------------------------------------------------------------------- +Fri Jan 26 20:29:32 UTC 2018 - bjorn.lie@gmail.com + +- Replace sysconfig with sysconfig-netconfig BuildRequires and + Requires, this is what we in reality need. + +------------------------------------------------------------------- +Thu Jan 25 01:10:02 UTC 2018 - dimstar@opensuse.org + +- Update to version 1.10.2: + + Added support for 'onlink' IPv4 routes attribute. + + Wait longer for the carrier to come up after a MTU change. + + Implemented abstraction for team connections that exposes team + configuration items as distinct properties. + + Added basic support for tc queueing disciplines and filters. + + Introduced an Update2() D-Bus method to update connection + settings with more flexibility. + + Many bug fixes and improvements. +- Changes from version 1.10.0: + + NetworkManager includes now basic OpenVSwitch support, good + enough to be capable of setting up simple OpenVSwitch + configurations. + + Added support for activating PPP connections on non-Ethernet + interfaces. + + It is now possible to authenticate to a Wi-Fi network using WPS + (Wi-Fi Protected Setup). + + Implemented support for Wi-Fi PMF (Protected Management Frames, + 802.11w), which can be configured via the wifi-sec.pmf + property. + + Now the maximum rate of wireless access points supporting + 802.11 is properly calculated and exposed on D-Bus. + + Background scanning is now disabled for non-WPA-Enterprise + Wi-Fi networks. + + Added support for the Bluetooth NAP (Network Access Point) + profile. + + Added support for disabling connectivity checking via the D-Bus + interface. + + The internal DHCP client now understands the domain-search + option. + + Bridge connections support the group-forward-mask property. + + NetworkManager can now configure multiple IPv6 default routes + received through RA and each gets configured with the announced + preference. + + It is possible to specify the routing table for each static + route. + + Support specifying a explicit routing table for any + non-static-route, including routes from DHCP, device-routes, + IPv6 autoconf. + + Device are left configured when a user sets them as unmanaged + by NetworkManager. + + New connection.auth-retry property to configure how often + authentication is prompted before failing the configuration. + + The platform code that handles synchronization with kernel + status via netlink has been reworked and is more efficient. + + Allowed the update of connections that have an associated + ifcfg-rh routing rules file. + + Non-UTF8 properties are now escaped when they are exported on + D-Bus. + + NetworkManager-wait-online.service now starts + NetworkManager.service if needed. + + The MAC address for bond connections can be changed in nmtui. + + Fixed dependency problems when setting the MTU of VLAN and + master devices. + + The systemd-resolved DNS plugin properly handles the DNS + priority setting. + + Fixed setting a DHCP timeout greater than 60 seconds + (dhclient). + + Fixed some memory leaks. + + Many other bug fixes and improvements. +- Rebase networkmanager-obs-net.patch and + nm-dont-overwrite-resolv-conf.patch. +- Drop nm-disconnect-proxy-signals.patch and + nm-vpn-remote-connection-disconnect-signals.patch: Fixed + upstream. + +------------------------------------------------------------------- +Wed Jan 24 23:41:07 UTC 2018 - bjorn.lie@gmail.com + +- Update to version 1.8.6: + + Fix a daemon crash on permission check (bgo#787897). + + Fix a daemon crash on VPN state change (bgo#787893). + + Fix a nmcli crash in interactive mode's describe command + (bgo#788104). + + Fix termination of the nmcli interactive mode (rh#1517401). + + Properly handle route metric of zero in keyfiles. + + Add support for DSA switch devices (rh#1371289). + + Fix a memory leak of connection D-Bus objects (rh#1461643). + + A double close that could potentially race with the D-Bus + thread reusing the same file descriptor (rh#1451236). + + Connectivity check fixes (bgo#785281) (bgo#784629). + + Fix the metered properties handling in libnm. + + Avoid dropping agent secrets unnecessarily (bgo#789383). + + Fix the asynchronous initialization of a secret agent in libnm. +- Drop nm-disconnect-proxy-signals.patch and + nm-vpn-remote-connection-disconnect-signals.patch: Fixed + upstream. +- Minor spec cleaning, tweak spec to silence a few rpm lint + warnings. +- Replace addFilter("dbus-policy-missing-allow") with + addFilter("dbus-policy-allow-without-destination"), filter out + the current rpmlint warning. +- Add addFilter("suse-branding-unversioned-requires*") to + rpmlintrc, we have this unversioned on purpose. +- Add + addFilter("systemd-service-without-service_add_post NetworkManager-wait-online.service") + addFilter("systemd-service-without-service_add_pre NetworkManager-wait-online.service") + addFilter("systemd-service-without-service_del_postun NetworkManager-wait-online.service") + addFilter("systemd-service-without-service_del_preun NetworkManager-wait-online.service") + to rpmlintrc, filter out warnings we do not care about nor want + as we do not want to enable this service by default. +- "Mark" %%{_sysconfdir}/dbus-1/system.d/org.freedesktop.NetworkManager.conf + and %%config %{_sysconfdir}/dbus-1/system.d/nm-dispatcher.conf as + config files in spec, silence rpmlint. + +------------------------------------------------------------------- +Tue Dec 19 22:20:37 UTC 2017 - mgorse@suse.com + +- Add nm-disconnect-proxy-signals.patch: disconnect proxy signals + when closing; fixes possible crash when opening the user panel + (bgo#787897). +- Add nm-vpn-remote-connection-disconnect-signals.patch: + disconnect signal handlers when remote/vpn connections are + disposed; fixes a gnome-control-center crash (bsc#1073472 + bgo#787893). + +------------------------------------------------------------------- +Sat Dec 9 22:43:18 UTC 2017 - pavlix@pavlix.net + +- Remove reference to deprecated and dropped ifcfg-suse plugin from + configuration. + +------------------------------------------------------------------- +Fri Dec 1 15:22:50 UTC 2017 - yfjiang@suse.com + +- Switch to python3: + + Replace BuildRequires python-gobject, python2-dbus-python with + python3-gobject, python3-dbus-python. + + Explictly set environment variable PYTHON as python3 in + build time. + +------------------------------------------------------------------- +Mon Sep 25 06:50:03 UTC 2017 - sckang@suse.com + +- Modify nm-dont-overwrite-resolv-conf.patch: make netconfig call + an atomic action, don't kill it after 2000ms (bsc#960153). + +------------------------------------------------------------------- +Fri Sep 22 16:44:24 UTC 2017 - zaitor@opensuse.org + +- Update to version 1.8.4: + + No longer install NetworkManager-wait-online.service in + network-online.target.wants directory (rh#1455704). + + Fix nmcli device connect wifi for APs that support both + WPA-PSK and WPA-EAP (rh#1492064). + + Fix crash unregistering object manager in libnm on restart of + NetworkManager. + + Improve handling externally managed slaves devices. + + Don't reset MAC address of software devices to fake permanent + address. + + For dhclient use "timeout" option in configuration file, + instead of the command line option which is only supported by + downstream. + + Perform the public-suffix check only for the hostname-derived + domain. + + Fix memory leak in connectivity check. + + Better restore device managed state on rollback of checkpoint. + + Skip addition of default-route if it already exists. + + Bug fix detecting error condition when deleting route in + platform. +- Drop NM-dhcp-improve-parsing-interface-statement.patch: Fixed + upstream. + +------------------------------------------------------------------- +Tue Jul 11 07:38:40 UTC 2017 - sckang@suse.com + +- Add NM-dhcp-improve-parsing-interface-statement.patch: Fix NM + not writing DNS servers to /etc/resolv.conf (boo#1047004). + +------------------------------------------------------------------- +Fri Jul 7 12:24:13 UTC 2017 - zaitor@opensuse.org + +- Update to version 1.8.2: + + Fix bug blocking startup wrongly waiting for carrier. + + Fix handling of non UTF-8 strings in libnm and fix non NUL + terminated string. + + Handle DNS priority for systemd-resolved DNS plugin. + + Fix assuming master devices as they wait for slaves to + activate. + + Fix reading managed state from device state file. + + Fix crash activating bluetooth or WWAN connection. + + No longer add a direct route to the DHCP server. + + Several bug fixes and improvements. + +------------------------------------------------------------------- +Thu Jul 6 14:11:27 UTC 2017 - dimstar@opensuse.org + +- Call autogen.sh networkmanager-obs-net.patch touches the build + system. + +------------------------------------------------------------------- +Thu Jun 1 02:36:58 UTC 2017 - sckang@suse.com + +- Add nm-dont-overwrite-resolv-conf.patch: Fix NetworkManager + overwriting /etc/resolv.conf (bsc#960153, bsc#1021665). + +------------------------------------------------------------------- +Wed May 31 13:38:45 UTC 2017 - tchvatal@suse.com + +- Disable 6 of the tests that are failing on OBS runs + * networkmanager-obs-net.patch + +------------------------------------------------------------------- +Fri May 12 10:34:33 UTC 2017 - tchvatal@suse.com + +- Version update to 1.8.0: + * Default routes set by devices that failed connectivity checks are now + penalized with a higher metric + * nmcli is now able to produce output more friendly for machine parsing + * The slaves available at the time a master connection is activated are + enslaved in a stable order, making the automatic MAC address for Bonding + devices more predictable. + * Hostname management is now more flexibly configured + * Support for additional route options (pref-src, src, tos, window, cwnd, + initcwnd, initrwnd, mtu, lock-window, lock-cwnd, lock-initcwnd, + lock-initrwnd, and lock-mtu). + * Fixed detection of EAP-FAST support in wpa_supplicant + * Support for handling PINs for PKCS#11 tokens as secrets + * GSM and CDMA connections now have a MTU property + * An option to disable selected TLS versions during EAP phase 1 + authentication + * The 802.1x authentication timeout is now configurable to allow a faster + fallback to other connections + * Persist managed state of device until reboot. This improves seamless take + over of a previously managed device after restart of NetworkManager. + * Better handle devices that are externally managed by somebody else by + consistently generating an in-memory connection to reflect the external + state. + * Expose SRIOV capability of a device on D-Bus and support configuring the + number of virtual functions via NetworkManager.conf. + * Support matching networking devices via new "driver:" device spec in + NetworkManager.conf. + * Introduced support for creating and managing dummy links + * The teaming devices now support setting a hardcoded MAC address + * Settings of bonding devices can now be modified on-the-fly, without the + need to reactivate a connection + * The failures to activate a connection now communicate better error + responses to nmcli + * Reverse Path filtering is now disabled in multihoming configurations where + it would interfere with legitimate network traffic + * libcurl is used instead of libsoup for connectivity checking, resulting in + a smaller dependency footprint + * With DNS mode "rc-manager=symlink", don't write /etc/resolv.conf as + a symlink if it already exists as a regular file. + * Support attaching user-data in form of key-value pairs to connection + profiles. + * Fix accpeting fully qualified name for ipv4.dhcp-hostname setting. + * Make NetworkManager more forgiving to failure to change the MAC address + during scanning. +- Wimax switches are completely removed +- Added dependencies on packages with versions to ensure + all features are properly detected, configure reports yes for + most items now + * add libcurl + * add libpsl + * add python-dbus test dep +- Remove gudev and soup deps as per upstream changes +- Enable testsuite +- Add patch networkmanager-checks-po.patch: + * Our patch added new .in file that needs to be excluded from + translations + +------------------------------------------------------------------- +Wed Apr 19 21:33:23 UTC 2017 - bholst@lusku.de + +- Replace nfs NetworkManager dispatcher script. Issues of the old + nfs dispatcher script, fixed by this commit: + + It only mounts NFS shares with auto-mount. In SUSE's default + configuration, those are tried to be mounted at boot. + Unfortunately, this would not work, when NetworkManager + handles the connection later. The boot process stops at this + point. + + It unmounts everything on each "down" for any network + interface, even if the NFS share is still connected to the + computer via another network interface. + +------------------------------------------------------------------- +Wed Feb 15 16:12:26 UTC 2017 - dimstar@opensuse.org + +- Update to version 1.6.2: + + Fixed build warnings with GCC 7. + + Multiple bug fixes in NetworkManager, nmcli and nm-online + including several crashes. + +------------------------------------------------------------------- +Fri Jan 27 15:39:15 UTC 2017 - dimstar@opensuse.org + +- Update to version 1.6.0: + + No further changes since rc2 (1.5.91). + +------------------------------------------------------------------- +Tue Jan 24 12:40:20 UTC 2017 - dimstar@opensuse.org + +- Update to version 1.5.91: + + Bugs fixed: bgo#777402, rh#1406454, rh#1414186. + +------------------------------------------------------------------- +Wed Jan 18 12:05:48 UTC 2017 - dimstar@opensuse.org + +- Update to version 1.5.90: + + Avoid reading the permanent MAC address before the device is + initialized by UDEV. This avoids a race where NetworkManager + might detect the MAC address of the wrong interface. + + Fixed race conditions when renaming interfaces, for example as + done by UDEV for persistent interface naming. This could cause + detecting devices as the wrong hardware type. + + Added initial support for PKCS#11 tokens with 802.1x + authentication. + + The stable-addressing for MAC address randomization and RFC7217 + IPv6 stable privacy addressing can now be more flexibly + configured using dynamic randomization seeds in + "connection.stable-id". + + Added support for managing the MACsec links. Requires support + in wpa_supplicant (version newer than 2.6). + + When the master of Team, Bridge and Bond devices is specified + as a connection UUID, the ifcfg-rh plugin now writes the master + connection's interface name into the ifcfg file for improved + compatibility with the legacy network service. + + Improve handling of MTU by resetting the previous MTU when the + device deactivates and reset the MTU to a defined value on + activation. + + Improve tracking of parent devices for dependend devices like + ip-tunnels, MACVLAN, VETH, VLAN, and VXLAN. + + Many bug fixes and improvements. + +------------------------------------------------------------------- +Sat Dec 17 11:03:49 UTC 2016 - dimstar@opensuse.org + +- Update to version 1.5.3: + + The cloned.mac-address property can now be used with Bond and + Bridge devices. + + The ifcfg parsing code has been reworked for better + compatibility with actual shell variable files. + + The ipv6.method=shared is now supported, utilizing DHCPv6 + Prefix Delegation option to obtain prefixes for the interface. + + nmtui now supports creating and editing IP tunnel connections. + + The libnm client library now uses the D-Bus ObjectManager API + that allows for quicker initialization of the clients. + + nmtui now utilizes the asynchronous libnm client API to + paralellize communication with the daemon, reducing the client + startup time. + + Ethernet devices now use "802-3.speed" and "802-3.duplex" + properties to allow controlling overriding the negotiated link + parameters. + + Order in which IP addresses are configured is now preserved so + that primary address is selected correctly. + + The PPP manager can now be split into a separate package. + + Details of the DNS information obtained from the connections is + now exposed on the D-Bus and can be inspected with nmcli. + + Added the support for DHCPV6_HOSTNAME and DHCPV6_SEND_HOSTNAME + keys in ifcfg files that control "dhcp-hostname" and + "dhcp-send-hostname" properties of the "ipv6" setting. +- Add python-gobject BuildRequires: needed in order to build the + settings documentation. + +------------------------------------------------------------------- +Sat Dec 17 01:05:02 UTC 2016 - dimstar@opensuse.org + +- Update to version 1.5.2: + + Introduced Vala bindings for libnm. + + NetworkManager would now keep most connections up on shutdown + (except Wi-Fi connections, VPN connections and other kinds that + can't be assumed on startup) + + The checkpoint/restore connection can now also remove new + connections and disconnect devices that were activated since + the checkpoint was taken. + + The configuration is now read from /run/NetworkManager/conf.d + as well. This is useful for handing over configuration + discovered on system startup to NetworkManager. + + New connection.autoconnect_retries property that allows + fine-tuning the autoconnect behavior. + + Support for configuration and discovery of Web Proxy settings + with PacRunner service. + + Support for systemd-resolved local DNS forwarder backend. + + Fix emission of NM-style PropertiesChanged signals and + deprecate them for PropertiesChanged on + "org.freedesktop.DBus.Properties" interface. + + Change the meaning of unset "cloned-mac-address" settings from + "permanent" to "preserve". This changes the default value and + affects existing connections during upgrade that did not + explicitly configure cloned-mac-address. This has the effect + that externally configured MAC addresses are preserved by + default instead of setting the permanent address (bgo#770611). + +------------------------------------------------------------------- +Fri Dec 16 16:28:51 UTC 2016 - zaitor@opensuse.org + +- Update to version 1.4.4: + + Order in which IP addresses are configured is now preserved so + that primary address is selected correctly. + + Don't deconfigure devices we can take over on shutdown. Makes + it possible to restart without connection disruption for most + device types. + + Avoid reading the permanent MAC address before the device is + initialized by UDEV. This avoids a race where NetworkManager + might detect the MAC address of the wrong interface. + + Fixed race condition when renaming interfaces, for example as + done by UDEV for persistent interface naming. This could cause + detecting a Wi-Fi interface as ethernet. + + Fixed a race condition in libnm that could cause a client hang + if a last value from a property of object array type + disappeared. + + Fixed a possible nmcli hang on D-Bus object fetch failure. + + Other fixes and improvements. + +------------------------------------------------------------------- +Fri Sep 30 20:30:50 UTC 2016 - zaitor@opensuse.org + +- Update to version 1.4.2: + + Fixed emission of NM-style PropertiesChanged signals and + deprecated them for PropertiesChanged on + "org.freedesktop.DBus.Properties" interface. + + Fixed race condition in the communication between + NetworkManager and the DHCP helper which caused loss of events. + + Added workaround for failures in changing MAC address with some + wireless drivers. + + Improved bash autocompletion. + + Restored check on JSON syntax when built with Jansson support. + + Fixed a regression in the serialization of empty + "cloned-mac-address" property in libnm. + + Other fixes and improvements. +- Drop NetworkManager-fix-broadcom-wifi.patch: Fixed upstream. + +------------------------------------------------------------------- +Sun Sep 18 08:12:16 UTC 2016 - zaitor@opensuse.org + +- Add even more commits to really fix bgo#770456 to + NetworkManager-fix-broadcom-wifi.patch. + +------------------------------------------------------------------- +Tue Aug 30 20:51:54 UTC 2016 - zaitor@opensuse.org + +- Add NetworkManager-fix-broadcom-wifi.patch: Broadcom driver does + not support the random mac addr introduced. This patch works + around the problem (bgo#770456). +- Conditionally apply translations-update-upstream BuildRequires + and macro for non-openSUSE only. + +------------------------------------------------------------------- +Sun Aug 28 16:18:59 UTC 2016 - dimstar@opensuse.org + +- Update to version 1.4.0: + + The MAC address assigned to a device can now be set according + to different policies: preserve, permanent, random, stable. + + NetworkManager now waits for IPv6 DAD to terminate before + completing the activation. + + Added support for setting IPv6 tokenized interface identifiers + through the 'ipv6.token' connection property. + + Added a 'Reload' D-Bus method to reload configuration and + reapply DNS configuration. + + Added ability to create a configuration checkpoints and rolling + back changes after a timeout. + + NetworkManager now follows symlinks when accessing resolv.conf + and rc-manager is set to 'file'. + + Added support for oFono as modem manager. + + The devices now exposes counters of transferred data. + + The 'may-fail' property of ipv4 and ipv6 settings is now + respected more accurately. + + The timeout for requests of secrets to agents has been + increased from 25 to 120 seconds. + + Name servers passed to dnsmasq now specify an egress interface + to avoid problems with multiple active connections. + + Reverse DNS entries for IPv6 are now added to dnsmasq, and IPv4 + reverse entries now honor the network prefix. + + A new 'dns-priority' property of ipv4 and ipv6 settings can be + used to tweak the order of servers in resolv.conf when multiple + connections are active. + + configure script accepts --enable-{address,undefined}-sanitizer + options to build NetworkManager with GCC sanitizers. + + The default resolv.conf manager can now be specified at build + time using the --with-config-dns-rc-manager-default configure + option. + + NetworkManager is now compiled with --gc-sections to reduce + executable size. + + Added a new 'VPN_PLUGIN' logging domain. + + It is now possible to change the configuration currently + applied on a device with 'nmcli device modify' and 'nmcli + device reapply'. + + nmcli invoked without parameters shows an overview of the + current network configuration. + + The 'nmcli connection add' syntax has been extended and is now + possible to pass properties (e.g. 'ipv4.dns') along with + aliases. + + nmtui now returns to initial menu after a sub-form exits. + + Improved bash autocompletion for nmcli. + + Now devices are disconnected before the system suspends, + executing dispatcher scripts. This allows external applications + to be notified of the change in connectivity. + + Dispatcher scripts are now called also when connectivity status + changes. + + Many other fixes and improvements. +- Pass --with-config-dns-rc-manager-default=netconfig to configure: + ensure to use netconfig, which is SUSE's default. +- Replace pgkconfig(systemd) BuildRequires with + pkgconfig(libsystemd), following upstream. +- Rebase systemd-network-config.patch. + +------------------------------------------------------------------- +Tue Jul 19 09:29:37 UTC 2016 - zaitor@opensuse.org + +- Update to version 1.2.2: + + The dnsmasq DNS management mode now uses D-Bus API of dnsmasq + to make signal nameserver changes. + + Hostname is now correctly read on Slackware. + + IPv6 addresses for default wired connections now stay stable. + + Reading portname on s390 systems on 4.4 kernels and newer has + been corrected. + + nmcli no longer warns about version mismatches. + + Improved developer documentations. + + Multiple minor bugfixes. + + Updated translations. + +------------------------------------------------------------------- +Tue Jul 19 09:29:36 UTC 2016 - dimstar@opensuse.org + +- Update to version 1.2.0: + + Bugs fixed: bgo#764750, bgo#764955, bgo#764956, bgo#765225, + rh#1325752. +- Changes from version 1.1.94 (1.2-rc2): + + Bugs fixed: bgo#764839, bgo#764690, rh#1324895. +- Add post/postun scritlets for libnm0. + +------------------------------------------------------------------- +Tue Jul 19 09:29:35 UTC 2016 - dimstar@opensuse.org + +- Update to version 1.1.93 (1.2-rc1): + + Bugs fixed: bgo#761389, bgo#763236, bgo#764317, bgo#764332, + bgo#764398, bgo#764402, bgo#764483, bgo#764606, rh#1299103. + + Updated translations. +- Changes from version 1.1.92: + + Added an option to enable the old-fashioned /etc/resolv.conf + handling (using a symlink). + + NetworkManager now checks the connection data from client for + validity and gracefully handles unknown properties in client. + This improves interoperability between the server and clients + of different versions. + + The activation of a VLAN device with a virtual parent that is + inactive now results in a parent being activated first. + + The server name used with 802.1x authentication can now be + constrained to a particular domain suffix (CVE-2006-7246). +- Drop (presumably) no longer needed patches: + + nm-don-t-consider-not-needed-secrets-for-has_system_secr.diff + + nm-treat-not-saved-secrets-just-like-agent-owned-when-cl.diff + +------------------------------------------------------------------- +Tue Jul 19 09:29:34 UTC 2016 - dimstar@opensuse.org + +- Update to version 1.1.91: + + Added support for detecting duplicate IPv4 addresses, with a + timeout configurable through the ipv4.dad-timeout connection + property. + + Fixed a race condition that could potentially lead to + unauthorized access to connection secrets (CVE-2016-0764). + + dnsmasq configuration for shared connections can now be + extended by placing custom files in + /etc/NetworkManager/dnsmasq-shared.d/. + + Generic devices are no longer assumed unless explicitly + requested by user. + + The reorder-header VLAN flag setting is now honored; to keep + backwards compatibility in behavior, an existing REORDER_HDR=0 + ifcfg-rh key is ignored; the flag must be disabled with + VLAN_FLAGS=NO_REORDER_HDR. + + Fair amount of bugs was fixed and robustness was generally + improved. +- Rebase systemd-network-config.patch. + +------------------------------------------------------------------- +Tue Jul 19 09:29:33 UTC 2016 - dimstar@opensuse.org + +- Update to version 1.1.90: + + Added an option to enable use of random MAC addresses for Wi-Fi + access point scanning (defaults to disabled). Controlled with + 'wifi.mac-address-randomization' property + (MAC_ADDRESS_RANDOMIZATION key in ifcfg files). + + Wi-Fi scanning now utilizes wpa_supplicant's AP list. + + Added support for Wi-Fi powersave, configured with POWERSAVE + key in ifcfg files. + + Added support for creation of more types of software devices: + tun & tap, maxvlan, vxlan and ip tunnels (ipip, gre, sit, + isatap, vti, ip6ip6, ipip6, ip6gre and vti6). + + The software devices (bond, bridge, vlan, team, ...) can now be + stacked arbitrarily. The nmcli interface for creating + master-slave relationships has been significantly improved by + the use of 'master' argument to all link types. + + RFC7217 stable privacy addressing is now used by default to + protect from address-based host tracking. The IPv6 addressing + mode is configured with IPV6_ADDR_GEN_MODE key in ifcfg files. + + Improved route management code to avoid clashes between + conflicting routes in multiple connections. + + Refactored platform code resulting in more robust interface to + platform, less overhead and reduced memory footprint. + + Improved interoperability with other network management tools. + The externally created software devices are not managed until + they're activated. + + The Device instances now exist for all software connections and + the platform devices are now only created when the device is + activated. This makes it possible for connections with device + of same name not to clash unless they're activated + concurrently. The links are now not unnecessarily present + unless the connection is active, avoiding pollution of the link + name space. + + NetworkManager now correctly manages connectivity in + namespace-based containers such as LXC and Docker. + + Support for configuring ethernet Wake-On-Lan has been added. + + Added LLDP listener functionality and related CLI client + commands. Enabled via LLDP option in ifcfg files. + + CLI secret agent has been extended with support for VPN + secrets. + + The command line client now utilizes colors for its output. + + The command line client now sorts the devices and properties + for better clarity. + + Numerous impovement to Bash command completion for nmcli. + + NetworkManager relies on less external libraries. The use of + dbus-glib has been replaced with gio's native D-Bus support and + libnl-route is no longer used. + + Dependency on avahi-autoipd has been dropped. Native IPv4 + link-local addressing configuration based on systemd network + library is now used instead. + + Hostname is now managed via systemd-hostnamed on systemd-based + systems. + + Management of resolv.conf management can be changed at runtime, + private resolv.conf is always written in /run. + + DNS options in resolv.conf are now honored. + + Updated version of systemd network library used for internal + DHCP and IPv4 link-local support. + + Support for event logging via audit subsystem has been added. + + Support for native logging via systemd-journald has been added + taking advantage of its structured logging. + + Live reconfiguration in IP configuration after changing the + settings without reactivation of the device with "nmcli device + reapply" command and via D-Bus API. + + The API for VPN plugins now supports multiple simultaneous + connections. Most popular VPN plugins have been updated to + support this functionality. + + The libnm library now provides API to access VPN service + definitions. + + Fair amount of bugs was fixed and robustness was generally + improved. + + New DHCP_FQDN key in ifcfg files to configure the full FQDN to + be sent to the DHCP servers. + + Added multicast_snooping option to BRIDGING_OPTS ifcfg key. +- Pass --enable-gtk-doc to configure: needed to have the man pages + built. +- Remove --enable-ifcfg-suse configure parameter: the ifcfg-suse + plugin has been deprecated. +- Add perl(YAML) BuildRequires: dependency to build the + documentation. +- Rebased systemd-network-config.patch. +- Drop NetworkManager-geoclue-interaction.patch: the patch has side + effects when geoclue itself is not installed. +- Drop NetworkManager-openvpn-route-configuration.patch: no longer + required. +- Drop nm-ppp-manager-clear-ppp_watch_id.patch and + nm-update-ip_iface-only-if-IP-interface-exists.patch: fixed + upstream. +- No longer recommend avahi-autoipd: the functionality is no longer + needed. +- Flip with_cacert_patch off (set to 0): patch needs rebase. + +------------------------------------------------------------------- +Mon Jul 18 03:14:22 UTC 2016 - sckang@suse.com + +- Modify nm-probe-radius-server-cert.patch: Make sure the "Apply" + button in Wifi configuration page of gnome-control-center is + clickable (bsc#985332). + +------------------------------------------------------------------- +Mon May 30 12:01:28 UTC 2016 - fcrozat@suse.com + +- Move provides NetworkManager(cacert-patch) to libnm-util2, to + ensure gnome-control-center doesn't hard requires NetworkManager. + +------------------------------------------------------------------- +Fri Apr 8 07:05:23 UTC 2016 - sckang@suse.com + +- Update to version 1.0.12 (FATE#318572) +- drop nm-core-fix-crash-during-Wi-Fi-rescan-by-emitting-NM_DE.patch + contained in version 0.9.9.1. +- Rebase NetworkManager-geoclue-interaction.patch +- Rebase nm-don-t-consider-not-needed-secrets-for-has_system_secr.diff +- Rebase nm-treat-not-saved-secrets-just-like-agent-owned-when-cl.diff +- Rebase systemd-network-config.patch +- Rebase nm-probe-radius-server-cert.patch + +------------------------------------------------------------------- +Tue Apr 5 05:44:30 UTC 2016 - sckang@suse.com + +- nm-treat-not-saved-secrets-just-like-agent-owned-when-cl.diff + rebased. + +------------------------------------------------------------------- +Sat Apr 2 14:57:56 UTC 2016 - badshah400@gmail.com + +_ Update to version 1.0.12: + + DHCP leases on software devices are now renewed when the + computer is awoken from suspend. + + Improved ifupdown plugin robustness and interoperability on + Yocto and OpenEmbedded. + + Fixed failed VPN activations when plugin supports interactive + mode, but the VPN daemon does not. + + Wi-Fi monitor interfaces are now ignored, not turned into + managed mode. + + AP and AdHoc mode connections with manual IP configuration are + now able to autoconnect. + + Broken device drivers (AWS ENI) that initially have invalid + MAC addresses are now properly managed as soon as correct MAC + address is set. + + WWAN devices are unlocked a bit earlier so that supported IP + versions can be queried. + + The NetworkManager.service was ordered after + network-pre.target and dbus.service. This ensures + NetworkManager doesn't set up connectivity before firewall + rules are in place and wouldn't exit before remote filesystems + can be umounted ensuring orderly operation of systemd managed + installations. + + The netfilter rules used with shared IPv4 method are now + removed on exit. + + Ability to manage USB gadget drivers (UDC side) has beed + added. + + Infiniband transport mode change now takes place with the link + set down because some drivers need that. + + Race conditions that could disclose connection secrets to + authenticated local users when changing ifcfg and keyfile + connections have been fixed. This has security impact of low + severity (CVE-2016-0764). + + A handful of memory leak and crasher bugs of minor importance + have been fixed. +- Drop patches incorporated upstream: + - NetworkManager-openvpn-route-configuration.patch. + - nm-ppp-manager-clear-ppp_watch_id.patch. + - nm-update-ip_iface-only-if-IP-interface-exists.patch. +- Rebase systemd-network-config.patch for updated version. + +------------------------------------------------------------------- +Fri Apr 1 07:23:17 UTC 2016 - sckang@suse.com + +- nm-don-t-consider-not-needed-secrets-for-has_system_secr.diff + rebased. + +------------------------------------------------------------------- +Sun Mar 13 23:20:06 UTC 2016 - badshah400@gmail.com + +- Split out a NetworkManager-branding-upstream subpackage that + installs the default upstream version of the + /etc/NetworkManager/NetworkManager.conf file. +- Add Requires: NetworkManager-branding to main package. + +------------------------------------------------------------------- +Wed Jan 6 10:25:22 UTC 2016 - zaitor@opensuse.org + +- Add nm-ppp-manager-clear-ppp_watch_id.patch and + nm-update-ip_iface-only-if-IP-interface-exists.patch: Patches + from upstream git cherrypicked to stable branch from master. + +------------------------------------------------------------------- +Wed Jan 6 09:51:54 UTC 2016 - dimstar@opensuse.org + +- Add NetworkManager-openvpn-route-configuration.patch: Fix routes + not being applied when connecting to openVPN. + +------------------------------------------------------------------- +Sun Jan 3 21:38:13 UTC 2016 - damjanovic.ivo@gmail.com + +- Add explicit pkgconfig(libteam) BuildRequires: force team + connection support. + +------------------------------------------------------------------- +Wed Dec 23 20:39:00 UTC 2015 - dimstar@opensuse.org + +- Update to version 1.0.10: + + Added support for handling VPN secrets to nmtui and nmcli agent. + + Fixed a regression that caused NetworkManager to ignore + external deletion of a device with master. + + Fixed glitches with older versions of glib (prior to 2.36.0). + + Fixed build with most recent versions of libsoup. + + Fixed busy retry loop on non-transient errors from + wpa_supplicant. + + Improvements to testing infrastructure. + + Updated translations. + +------------------------------------------------------------------- +Tue Nov 24 17:22:16 UTC 2015 - zaitor@opensuse.org + +- Update to version 1.0.8: + + MTU indicated by a VPN gateway is now properly applied. + + Fixed MSS setting when MTU changes. + + The default route is properly restored on device disconnect. + + Build with older toolchains has been fixed. + + The team devices can now properly be enslaved to bridges. + + Failed DHCP attempts for assumed connections are now retried + after a timeout. + + Default wired connection is now created after udev registers + the device. + + Support for Bluetooth DUN devices with Bluez 5 has been fixed. + + The ipv6.ignore-auto-dns property is now properly honored + making it possible to override automatically obtained name + servers. + + Invalid permanent MAC adddresses as reported by some devices + are now ignored. + + Device links reported by more recent versions of Linux kernel + that reside in different network namespaces are no longer + confused with links in the namespace NetworkManager runs in. + + MAC address changes of VLANs enslaved to a bond are now + properly propagated to the master device. + + Fixed error handling for teaming devices with invalid + configuration. + + Wi-Fi AP list is now updated correctly after AP mode has been + used. + + Management of a device is not attempted until the device has + been registered with udev. + + The error handling for VPN secret agents is now significantly + more robust. + + Detection of s390 CTC devices now works properly. + + A GATEWAY property in /etc/sysconfig/network now no longer + affects non-static connections. + + Added support for IPv6-only VPN connections. + + The systemd service now uses HUP signal to reload + configuration. + + Change VLAN default flags to set REORDER_HDR for new + connections. + + nmtui is now able to ignore automatically configured routes. + + Numerous bash shell autocompletion fixes for nmcli. + + Allow setting IPv6 and PPP settings for GSM and CDMA + connections via nmcli. + + Added support for adding ADSL connections in nmcli. + + Numerous crash fixes. + + Updated translations. +- Rebase NetworkManager-geoclue-interaction.patch. + +------------------------------------------------------------------- +Tue Sep 1 10:28:48 UTC 2015 - simon@simotek.net + +- Update to version 1.0.6: + + Improved capture portal detection. + + Default route through WiFi connection is now preferred to + Mobile Broadband if both are available. + + Expose a flag to determine whether a particular connection is + metered via API and client tools. + + Add support for locking connections to a channel within a + particular band. + + Add support for configuring Wake-on-LAN capabilitites. + + Allow overriding the MTU for team device. + + Usual pile of bug fixes and robustness improvements. +- Rebase NetworkManager-geoclue-interaction.patch . + +------------------------------------------------------------------- +Wed Aug 19 19:52:08 UTC 2015 - dimstar@opensuse.org + +- Toggle with_cacert_patch to 1: the patch has been rebased. + +------------------------------------------------------------------- +Tue Aug 18 19:13:13 UTC 2015 - bastianholst@gmx.de + +- Change nfs dispatcher-script to be more reliable in mixed ip v4 + v6 environments. + +------------------------------------------------------------------- +Thu Aug 6 09:57:09 UTC 2015 - glin@suse.com + +- Rebase nm-probe-radius-server-cert.patch for 1.0.4 (bsc#938198). + +------------------------------------------------------------------- +Thu Aug 6 08:42:44 UTC 2015 - dimstar@opensuse.org + +- Add explicit pkgconfig(udev) BuildRequires: we need it to define + %{_udevdir}. + +------------------------------------------------------------------- +Wed Jul 15 11:45:18 UTC 2015 - dimstar@opensuse.org + +- Update to version 1.0.4: + + The MTU setting from an IPv6 neighbor discovery Router + Advertisements is now ignored if applying it would result in + invalid configuration. + + Some configuration options can now be changed without + restarting the daemon. Notably, this applies to 'dns', + 'connectivity' and 'ignore-carrier' settings. + + The connection activation was made more robust. If an active + connection is reactivated, the device it's active on takes + precedence. If an attempt is made to activate a connection on a + different device than it is active on, the activation proceeds + removing the connection from the active device. + + The device specifiers in configuration files now support + negation via 'except:' match. + + Devices that only have IPv6 link-local address are no longer + assumed to be connected. + + nmcli now provides hints and tab-completion for enumeration + properties. + + If the IPv6 interface tokens are set they are honored when + creating an interface identifier for IPv6 addressing. + + NetworkManager now maintains correct routing configuration when + multiple interfaces are connected to the same network. + + The management of devices can now be controlled with udev + rules. The veth devices as well as the virtual Ethernet devices + of various virtualization tools (VMWare, VirtualBox, Parallels + Workstation) are now ignored by default. + + The IPv6 privacy extensions are now enabled by default and + handling of the ip6-privacy sysctl has been improved. + + Activating a Bond, Bridge or Team device can now optionally + activate the slave connections as well. The behavior is + controlled with 'connection.autoconnect-slaves' property. + + The platform support code has been refactored, resulting in + better scalability in large configurations. + + Changes to network interfaces configuration done outside + NetworkManager are now picked up and exposed to the user via + NetworkManager API and tools. + + A connection can now optionally leave externally configured + default route in place instead of overriding it. The behavior + is controlled with 'ipv4.never-default' and + 'ipv6.never-default' properties. + + Multiple crasher and memory leak bugs in the daemon were fixed. + + Multiple bugs that could cause the client tools to hang or + crash were fixed. + + nmcli allows multiple devices for 'nmcli device + disconnect/delete'. + + Firewall zone is added to firewalld for device-based VPN + connections too. +- Toggle with_cacert_patch to 0: the Radius CA patch neeeds to be + reworked. Wrap applying the patch into a with_cacert_patch + condition, to make enabling/disabling a one-stop change. + +------------------------------------------------------------------- +Wed May 6 07:58:33 UTC 2015 - dimstar@opensuse.org + +- Update to version 1.0.2: + + Wi-Fi devices now indicate support for 2GHz and 5GHz + frequencies. + + "nmcli device" output now indicates physical port ID + + New config items added to the 'ifcfg-rh' plugin: + - IPV4_ROUTE_METRIC and IPV6_ROUTE_METRIC. + - DEVTIMEOUT. + - IPADDR and PREFIX are now supported for specifying address + ranges of shared IPv4 connections. + + Dispatcher scripts now get a CONNECTION_FILENAME variable with + the path to the configuration file for the connection. + + An example dispatcher script that is able to apply complex + routing rules (such as setting up policy-based routing) for + 'ifcfg-rh' connections was added to examples/dispatcher/. + + 'mode' key of Bond device options property now accepts numeric + values. + + Connection attempts for devices without carrier on startup now + wait for carrier to appear within a short timeout instead of + failing immediately. This makes system startup more robust. + + Bridge connectivity is now properly restored on resume from + suspend. + + The D-Bus name is acquired earlier during the daemon startup. + This makes it possible for the systemd service manager to + optimize the service startup so that services that require + networking are activated sooner contributing to faster system + start up time. + + A lot of memory leak problems were fixed, resulting in reduced + memory usage. Many of them were discovered as a result of + improvements in use of Valgrind in the testing infrastructure. + + Management of 'teamd' daemon instances for Team devices is now + more robust. + + The 'dnsmasq' daemon respawns when it terminates and it is + configured for management of DNS resolver configuration. + + Hostnames that are not fully qualified are no longer sent to a + DHCPv6 server for a dynamic DNS update. + + Connection UUIDs are now checked for uniqueness when connection + configurations are read. + + Receipt of a NDP Router Advertisement can no longer lower the + IPv6 hop limit (CVE-2015-2924). + + Many other bugs were fixed. + + Updated translations. + +------------------------------------------------------------------- +Thu Mar 12 10:24:02 UTC 2015 - dimstar@opensuse.org + +- Add NetworkManager(cacert-patch) provides: to be toggled to 0 + whenever we disable nm-probe-radius-server-cert.patch. Other + packages that consume the ABI introduced by this patch can + specify this as a requirement. + +------------------------------------------------------------------- +Tue Mar 3 08:23:02 UTC 2015 - glin@suse.com + +- Reabse nm-probe-radius-server-cert.patch + +------------------------------------------------------------------- +Thu Feb 12 07:59:43 UTC 2015 - dimstar@opensuse.org + +- Add rp-pppoe BuildRequires, so configure can autodetect the path + to the pppoe binary. +- Recommend rp-pppoe: the program is needed for NetworkManager to + be able to initiate PPPoE connections (commonly used by ADSL + providers). It is not strictly required to operate NM in most + setups, thus only recommended (boo#903553). + +------------------------------------------------------------------- +Tue Jan 27 10:15:18 UTC 2015 - dimstar@opensuse.org + +- Update to version 1.0: + + A new 'libnm' GObject-based client library to replace + libnm-util/libnm-glib: + - IP address, IP route, hardware address, and other properties + are now represented as strings. + - Based on GIO's GDBus bindings instead of dbus-glib. + - Uses modern GObject APIs including GAsyncResult and GVariant. + - See https://wiki.gnome.org/Projects/NetworkManager/libnm. + + Devices and VPN connections now have individual default routes. + Priorities are handled through configurable route metrics. + + nmcli now supports password requests and PolicyKit + authorizations. + + A faster, lighter-weight (though less capable) internal DHCP + client has been added and may be selected with the + "dhcp=internal" option. It supports fewer DHCP options and + does not yet support DHCPv6. + + A new 'configure-and-quit=yes' option has been added for + environments with less dynamic network configuration. + + When running on 3.17 and later kernels, NetworkManager handles + IPv6LL address assignment to ensure that IPv6 connectivity is + not enabled until intentionally configured by the user. + + NetworkManager no longer causes the nl80211 kernel module to be + loaded on systems with no Wi-Fi devices. + + Bluetooth DUN support now works with Bluez 5.x. + + VPN connections can now persist across link changes and + suspend/resume if their VPN plugin supports this feature. + + A new 'ibft' settings plugin has been added to support + firmware-based iBFT/iSCSI configurations. This functionality + has been moved to 'ibft' from the 'ifcfg-rh' plugin. + + IPv6 router advertisement MTUs are now respected. + + NetworkManager no longer requires polkit libraries at runtime + when Polkit support is enabled, and Polkit can be disabled at + build time too. + + Automatically created connections are now deleted when their + device goes away. + + 'nmcli dev connect' now attemts to create a connection if none + exists. + + Manually configured static IPv6 configuration is kept even if + SLAAC fails. + + Manpages for the 'keyfile' and 'ifcfg-rh' plugins now describe + their configuration syntax and available options. + + WWAN connections now support IPv6 if the modem and provider + support IPv6. + + Software devices (bridge, bond, team, etc) can now be deleted + from the D-Bus API or with nmcli. + + The manpages, documentation, and API annotations have received + many cleanups. + + Externally created virtual interfaces are no longer managed by + NetworkManager until they are set "up" or activated via nmcli. +- Disable nm-probe-radius-server-cert.patch for now: needs rebase. +- Drop 0001-core-don-t-auto-launch-logind-bgo-741572.patch and + NetworkManager-dhcpv6.patch: fixed upstream. +- Split out new subpackage typelib-1_0-NM-1_0 and libnm0. +- Require typelib-1_0-NM-1_0 and libnm0 by the -devel package. +- Add pkgconfig(bluez) BuildRequires. +- Replace pkgconfig(libsystemd-login) BuildRequires with + pkgconfig(libsystemd) and pkgconfig(polkit-gobject-1) with + pkgconfig(polkit-agent-1), following upstream. + +------------------------------------------------------------------- +Sun Jan 25 23:35:54 UTC 2015 - badshah400@gmail.com + +- Update to version 0.9.10.1: + + Kernel 'cache' routes (such as those added by IPv6 operations) + are ignored, preventing unwanted CPU usage. + + Vala bindings for libnm-glib async methods have been added. + + Some interactions with external OpenVPN daemon default routes + have been fixed. + + Fixed usage of libnm-glib connectivity checking from + garbage-collected languages. + + An unusual delay acquiring a DHCP lease with dhcpcd has been + fixed. + + A libnm-glib crash has been fixed when multiple NMClients are + created. + + A failure to pass certificate blobs to wpa_supplicant has been + fixed. + + A failure to send the inner private key password to + wpa_supplicant has been fixed. + + nmcli now returns earlier when activating master interfaces. + + nmtui password fields now correctly display the password. + + The IPv6 hop limit is no longer mistakenly set to 0 in some + cases. + + Some DHCPv6 failures are no longer fatal. + + Handling of DHCP 'nak' and 'expire' states has been fixed in + some cases. + + WiFi band locking has been fixed. + + Support for Bluetooth DUN with Bluez5 has returned. + + Non-local users can now control networking after + authenticating with PolicyKit. + + Externally added routes no longer have their metrics + overwritten. + + Some child interfaces (eg VPN or WWAN) are no longer + deconfigured when recognized. + + Support for the PrimaryConnection D-Bus property has been + backported. + + IPv6 RDNSS/DNSSL forced expiration is now handled properly. + + An invalid route to the DHCP server is no longer added in some + configurations. + + A crash when external master/slave changes were made has been + fixed. + + Various nmtui bugs for slaves, WiFi, and IP address buttons + have been fixed. + + DHCP no longer fails due to SIGPIPE when the systemd journal + is restarted. + + Unmanaged slaves are now updated correctly when they + disappear. + + Cooperation with external team interfaces has been fixed. + + Bridge STP property ranges are now properly checked. + + Manager state is now properly updated on resume. + + Slave interfaces are no longer released on exit. + + Static IPv6 configuration is now added before SLAAC is + started. + + Allow shared connections to be started without a carrier. + + A crash when disconnecting older Nokia phones has been fixed. +- Drop patches incorporated upstream: + + 0001-core-don-t-auto-launch-logind-bgo-741572.patch. + + NetworkManager-dhcpv6.patch. + +------------------------------------------------------------------- +Thu Jan 8 21:44:31 UTC 2015 - sfalken@opensuse.org + +- Add NetworkManager-dhcpv6.patch: dhcp: let dhclient handle + requesting the 'server-id' option (boo#912315). + +------------------------------------------------------------------- +Thu Dec 18 19:57:47 UTC 2014 - arvidjaar@gmail.com + +- Add 0001-core-don-t-auto-launch-logind-bgo-741572.patch: do not + trigger logind start on system startup to avoid deadlock + (boo#905639). + +------------------------------------------------------------------- +Tue Oct 28 12:28:39 UTC 2014 - dimstar@opensuse.org + +- Handle NetworkManager-dispatcher.service using the systemd + macros. +- Enable NetworkManager-dispatcher.service in %post: as this is a + dbus service, the 'systemd unit' must be enabled in order to be + fired up. + +------------------------------------------------------------------- +Fri Sep 19 11:10:49 UTC 2014 - fcrozat@suse.com + +- modified patches: + * systemd-network-config.patch: NM-wait-online should block only + network-online.target, not network.target (bnc#889175). + +------------------------------------------------------------------- +Thu Sep 18 15:37:06 UTC 2014 - fcrozat@suse.com + +- modified patches: + * systemd-network-config.patch : ensure + NetworkManager-wait-online.service is enabled when + NetworkManager.service is (bnc#889175). + +------------------------------------------------------------------- +Mon Aug 25 16:34:35 CEST 2014 - fcrozat@suse.com + +- Add + nm-core-fix-crash-during-Wi-Fi-rescan-by-emitting-NM_DE.patch: + fix regression in 0.9.8.10 causing crash in Wifi rescan. + +------------------------------------------------------------------- +Tue Jul 22 20:31:25 UTC 2014 - dimstar@opensuse.org + +- Change ppp requires to %requires_eq ppp: the plugin is installed + in a versioned directory, and as such we do require the exact + version of ppp (bnc#888442). + +------------------------------------------------------------------- +Tue Jul 15 07:54:45 UTC 2014 - glin@suse.com + +- Rebase nm-probe-radius-server-cert.patch. +- Drop nm-remove-AP-always-on-device-disconnect.diff: No longer + needed. + +------------------------------------------------------------------- +Wed Jul 9 14:23:00 UTC 2014 - dimstar@opensuse.org + +- Update to version 0.9.10.0: + + Added a new curses-based client called "nmtui" for easier + console operation. + + Added interactive connection editing and creation mode to nmcli + with detailed help and tab completion support. + + nmcli bash completion has been greatly improved. + + Added support for Data Center Bridging (DCB) and FibreChannel + over Ethernet (FCoE). + + IPv6 autoconfiguration is now done in userspace with libndp + instead of the kernel. + + The D-Bus daemon is no longer required for root-only operation. + + WiFi, ADSL, WWAN, and Bluetooth are now optional plugins, + reducing install size. + + Added support for Infiniband Partitions. + + Network connection files are no longer watched by default, use + "nmcli con reload" to notice changes made externally or set + "monitor-connection-files=true" in NetworkManager.conf's + [main] section. + + Connections can now be locked to interface names in addition to + hardware/MAC addresses. + + A new "ignore-carrier" configuration option is available to + ignore the carrier on selected interfaces. + + A new "dns=none" option has been added to suppress changes to + /etc/resolv.conf. + + Changes made to IP addresses, IP routes, and master/slave + relationships from external tools are now recognized and + reflected in the D-Bus API. + + Assuming the existing configuration of interfaces without + changing that configuration is now more reliable. + + The 'root' user is no longer subject to PolicyKit access + controls and usage of D-Bus "at_console" permissions has been + removed. + + Configuration file snippets can be dropped in + /etc/NetworkManager/conf.d to change smaller sets of + configuration options. + + Added IP-level support for more software/virtual interfaces + types including GRE, macvlan, macvtap, tun, tap, veth, and + vxlan interfaces. + + All network interfaces known to the kernel are now exposed + through the D-Bus interface. + + Improved support for routing-only VPNs like + openswan/libreswan/strongswan. + + Added support for "temporary" connections which are not saved + to disk until requested. + + Added WWAN autoconnect support and fixed issues with airplane + mode handling. + + NetworkManager-wait-online systemd service behavior is more + reliable. + + The dispatcher timeout has increased to 10 minutes, and new + "pre-up" and "pre-down" events have been added which block + activation until complete. + + NetworkManager no longer prevents Wake-on-LAN functionality + from working. + + PPPoE now requires userland "rp-pppoe" to work around kernel + bugs with that prevent detecting server-side termination of the + PPP link. + + An ARP announcement is now sent after IPv4 addresses are + configured. + + Added a DNS plugin for dnssec-trigger for better DNSSEC + operation. + + More properties are now exposed via the D-Bus properties + interface in addition to getter/setter functions. + + Added support for custom IP address ranges for Shared + connections. + + Fatal connection failures now block automatic reconnection more + reliably. + + VPN connection IP details are now available via the D-Bus + interface. + + VPN plugins can now request additional/new secrets from the + user during the connection process. + + 'veth' interfaces are now unmanaged by default to cooperate + better with external tools. +- Add pkgconfig(libndp) BuildRequires: new dependency. +- Disable nm-probe-radius-server-cert.patch, + nm-don-t-consider-not-needed-secrets-for-has_system_secr.diff and + nm-treat-not-saved-secrets-just-like-agent-owned-when-cl.diff: + closer investigation is needed if the upstream changes caught all + the cases we tried to address with these hack patches. +- Rebase NetworkManager-geoclue-interaction.patch. +- Pass --with-nmtui to configure to ensure the text mode UI (tui) + is being built. +- Add pkgconfig(libnewt) BuildRequires: dependency for the tui. + +------------------------------------------------------------------- +Fri Apr 25 07:15:03 UTC 2014 - dimstar@opensuse.org + +- Update to version 0.9.8.10: + + Fixed a bug that allowed a user to disconnect a connection that + they didn't have permissions on. + +------------------------------------------------------------------- +Fri Apr 4 08:55:08 UTC 2014 - dimstar@opensuse.org + +- Update to version 0.9.8.9: + + Fixed two problems that could result in gnome-shell showing + incorrect icons. In particular, fixed the problem where the + network icon would disappear when certain VPNs were activated. + + Dispatcher scripts now receive correct IPv6 addresses, and also + correct DHCP information on lease-change events. + + NetworkManager no longer tries to start ModemManager itself on + systemd-using systems. + + Activating a second ethernet connection while another is + already active will now not move the default route. + + Fixed some edge cases where one user could deactivate a + connection owned by another. + + Fix handling of dhcp-send-hostname property with ifcfg-rh. + + DHCP now works even if you have a global dhclient.conf that + specifies a (non-NetworkManager) script to run. + + The dhcpcd backend now requests that dhcpcd only do DHCPv4, + fixing some WWAN devices that don't react well to seeing IPv6 + packets. + + Fixed the default value of bridge priority. + + The D-Bus policy file has been updated to include the + NetworkManager-iodine VPN plugin. + + It is possible to specify the path to dnsmasq at build time. + + Removed a GLib 2.32 dependency that accidentally snuck into + 0.9.8.8. + + Fixed a bunch of memory leaks. + + Fixed a bunch of miscellaneous crashes. + + Removed some less-useful bits of logging output. +- Rebase NetworkManager-geoclue-interaction.patch. + +------------------------------------------------------------------- +Mon Mar 24 08:53:08 UTC 2014 - dimstar@opensuse.org + +- Fix files list: do not expect pppd plugin version 2.4.5 in the + directory name. + +------------------------------------------------------------------- +Mon Feb 24 21:30:51 UTC 2014 - dimstar@opensuse.org + +- Add NetworkManager-geoclue-interaction.patch: allow the user + "srvGeoClue" (as used by the geoclue2 service) to query + NetworkManager, + +------------------------------------------------------------------- +Fri Oct 11 15:31:54 UTC 2013 - dimstar@opensuse.org + +- Update to version 0.9.8.8 (bnc#845542): + + Fixes to the BlueZ code. + + A few memory leak fixes. + + Minor docs fixes. + +------------------------------------------------------------------- +Thu Oct 10 11:48:13 UTC 2013 - rmilasan@suse.com + +- Switch to systemd check for the nfs script if enabled or not. + Also do not exit with error code if nfs script is not enabled. + +------------------------------------------------------------------- +Tue Oct 1 09:48:41 UTC 2013 - glin@suse.com + +- Update nm-probe-radius-server-cert.patch to probe the server with + the user credential (bnc#817585) + +------------------------------------------------------------------- +Mon Sep 30 16:33:45 UTC 2013 - dimstar@opensuse.org + +- Update to version 0.9.8.6: + + Now supports BlueZ 5. If you are still using BlueZ 4, configure + with --enable-bluez4 to disable BlueZ 5 support and enable + BlueZ 4 support. + +------------------------------------------------------------------- +Fri Sep 13 22:56:38 UTC 2013 - crrodriguez@opensuse.org + +- Pass nmrundir="/run/%{name}" to make and makeinstall: + + Use /run/NetworkManager instead of /var/run/NetworkManager as + runtime directory. + +------------------------------------------------------------------- +Fri Sep 13 17:22:16 UTC 2013 - dimstar@opensuse.org + +- Update to version 0.9.8.4: + + Removed some spurious warnings. + + Root clients running outside a login session now have the right + permissions. + + WiFi AP mode and EAP-FAST support are now detected correctly. + + Bonding config removes inappropriate options when switching + modes. + + Fix reading of bond connections with keyfile plugin. + + Fix hang when dbus-daemon restarts. + + Fix crash when VPN disconnection fails. + + The dispatcher now exposes IPv6 VPN info, and IPv4/IPv6 DNS + search domains. + + Build fix to support dhcpcd 6.x. + + Fix crash on startup when no dhcp client is available. + + Fix device descriptions when using the latest udev. + + Fix some possible obscure problems at startup. + + Always clear the default route correctly when disconnecting + mobile broadband. + + Keyfile plugin now ignores more emacs temporary files. + + When using dnsmasq, pass all nameservers to it, not just the + first. + + Kill dhclient if nm-dhcp-client-action encounters a fatal + error. + + Fix dispatcher systemd unit install. + + Make ifcfg-rh VLAN parsing match initscripts better. + + Change threshold for WiFi background scanning under WPA + Enterprise. + + Fix crash when deleting a currently-active connection. + + Fix ifcfg-rh's handling of IPV6_DEFAULTGW. + + Fix manager State transitions when connectivity checking is + enabled. + + Add Connectivity property to distinguish portals from "limited + connectivity". + + Add PrimaryConnection and ActivatingConnection properties to + simplify UI code. + + Old connection files containing UUIDs without hyphens work + again. +- Rebase systemd-network-config.patch. + +------------------------------------------------------------------- +Mon Jul 1 18:43:44 UTC 2013 - coolo@suse.com + +- avoid suse-release, it moves NM behind java in bootstrap and + all features that configure.ac enabled for suse-release are + enabled with --with anyway + +------------------------------------------------------------------- +Fri Jun 21 13:01:23 UTC 2013 - dimstar@opensuse.org + +- Update to version 0.9.8.2: + + Memory leak fixes. + + Ensure the ifcfg-rh plugin saves the bridging STP setting + correctly. + + Also request static routes from DHCP servers. + + Fix crash when dbus-daemon restarts. + + Look harder for the machine ID and don't crash if we don't have + one. + + Copy DHCP leasefiles from the previous location if necessary. + + Wait up to 120 seconds for modems to connect. + + Don't crash for PPPoE connections with no wired setting. + + Fix AvailableConnections for some WiFi connections. + + Ensure new available connections generate the PropertiesChanged + signal. + + Ensure the keyfile plugin reads all-default VLAN connections + correctly. + + Suppress the kernel's automatic creation of bond0. + + Make the SecretAgent API introspectable for bindings. + + Ensure ActiveConnections get torn down when device is + unavailable. + + Ensure ifupdown plugin rechecks unmanaged devices on interface + changes. + + Don't prematurely think IPv6 has succeeded due to left-over + addresses. + + Fix various systemd issues and add service file for the + dispatcher. + + Updates for new ModemManager API changes. + + Fix crash on Wi-Fi when IP configuration times out. +- Rebase systemd-network-config.patch. + +------------------------------------------------------------------- +Fri May 10 14:17:50 UTC 2013 - wstephenson@suse.com + +- Readd nm-probe-radius-server-cert.patch, as it is not yet merged + upstream (bnc#574266, bnc#771185). + +------------------------------------------------------------------- +Tue Apr 30 22:02:23 UTC 2013 - jslaby@suse.com + +- Add sysconfig and suse-release BuildRequires to properly + configure for suse (bnc#817592). +- Add --with-netconfig=yes to configure call. +- Add additional test in build section to ensure netconfig is + detected. This is needed as specifying --with-netconfig=yes does + not fail configure if not found. + +------------------------------------------------------------------- +Tue Apr 23 16:25:14 UTC 2013 - dimstar@opensuse.org + +- Pass --with-modem-manager-1 to configure: we already have a new + enough ModemManager to make use of this. +- Add pkgconfig(mm-gib) BuildRequires: needed for above switch to + take effect. + +------------------------------------------------------------------- +Thu Mar 14 20:00:17 CET 2013 - sbrabec@suse.cz + +- Re-enabled translation-update-upstream. + +------------------------------------------------------------------- +Thu Mar 7 16:23:58 CET 2013 - sbrabec@suse.cz + +- Recommend avahi-autoipd used for IPv4LL support. + +------------------------------------------------------------------- +Sun Feb 24 19:27:57 UTC 2013 - zaitor@opensuse.org + +- Update to version 0.9.8.0: + + Fix issue with duplicate ActiveConnection objects if a + connection was reactivated on a device. + + Fix race when looking up hostname and concurrently updating + DNS. + + Always load the 'keyfile' settings plugin, even if no plugins + are specified. + + Add a new WiFi device ADHOC capability; not all devices/drivers + support IBSS mode. + + Fix an issue with quick wpa_supplicant restarts not being + noticed. + + Expose the AvailableConnections property through libnm-glib. + + Fix usage of libnm-glib's NMRemoteConnection from GObject + introspection. + +------------------------------------------------------------------- +Sat Feb 23 21:35:46 UTC 2013 - dimstar@opensuse.org + +- Update to version 0.9.7.997: + + libnl 3.2.7 or later is required. + + The internal crashdump handling has been removed. + + A DHCPv6 DUID is now generated from /etc/machine-id and sent to + the DHCPv6 server, if not overridden by an + administrator-defined DUID. + + Bond interfaces now wait for a ready slave before starting + automatic IP configuration. + + The kernel WiFi rfkill state is now synced to the + user-requested WirelessEnabled state at startup. + +------------------------------------------------------------------- +Fri Feb 22 08:34:51 UTC 2013 - dimstar@opensuse.org + +- Update to version 0.9.7.995: + + New AvailableConnections property for Device objects. + + Better handling of various rfkill/Airplane Mode switches + + Fixed handling of DNS servers for some mobile broadband devices + + Don't duplicate various IPv6 routes added by the kernel + + Ensure buggy ethernet driver carrier indications are handled + correctly + + Fix crash in dnsmasq plugin when no nameservers were presen + + Add support for 4G LTE network modes + + Fix signal handling when daemonizing at startup + + Don't autoconnect to WiFi networks that have never successfully + connected + + Only request new WiFi secrets during the initial association or + when the secrets are known to be wrong, not every time the + connection randomly fails + + Add capability to autoconnect VPN connections when a parent + connection succeeds + + Add configure-time option for "permissive" system connection + editing policy + + Various libnm-glib fixes for asynchronous usage + + Fix gateway handling when given with secondary IP addresses + + Optionally listen to systemd for suspend/resume events instead + of UPower + + Fix 'seen-bssids' property when retrieving WiFi connections via + D-Bus + + Add support for AP-mode WiFi hotspots (instead of just Ad-Hoc) + + Add a "slaves" property to Bond devices + + Add support for ModemManager 0.7/0.8 + + Allow more human-readable formatting of IP address in keyfile + connections + + Drop support for dhclient v3 + + Add support for DHCPv6 server-side Dynamic DNS + + Add support for bridge master devices and bridge ports + + Fix canceling secrets requests in GUI agents + + Always enable Proactive Key Caching (PKC, also called OKC) for + WPA Enterprise WiFi configurations +- Replace --with-distro=suse configure parameter with + --enable-ifcfg-suse, following upstreams changes, which allow for + granular configuration. +- Drop NetworkManager-systemd-suspend.patch and + NetworkManager-upower-out.patch: fixed upstream. +- Rebase systemd-network-config.patch. + +------------------------------------------------------------------- +Thu Feb 21 18:58:07 UTC 2013 - mt@suse.com + +- Added migration hook enabling NetworkManager.service on update + from openSUSE < 12.3 and NETWORKMANAGER=yes setting (bnc#803058). + +------------------------------------------------------------------- +Mon Jan 14 10:52:39 UTC 2013 - mt@suse.com + +- Install network.service alias, that points to the enabled service + and obsoletes the use of NETWORKMANAGER=yes/no sysconfig variable + in /etc/sysconfig/network/config (bnc#764055,bnc#764336,bnc#798348). +- Requires sysconfig-0.80.0 + +------------------------------------------------------------------- +Thu Dec 6 15:40:22 UTC 2012 - fcrozat@suse.com + +- Update systemd-network-config.patch: ensure + NetworkManager.service is Before network.target (bnc#789421). + +------------------------------------------------------------------- +Tue Nov 27 18:40:57 UTC 2012 - dimstar@opensuse.org + +- Move the udev files to the right location: + + Define _udevdir based on the udevdir variable of udev.pc. + + Pass --with-udev-dir=%{_udevdir} to configure. + + Use %{_udevdir} in the files section as appropriate. + +------------------------------------------------------------------- +Thu Nov 8 18:59:31 UTC 2012 - dimstar@opensuse.org + +- Switch on systemd support: change with_systemd defines to 1. + +------------------------------------------------------------------- +Tue Nov 6 21:28:24 UTC 2012 - dimstar@opensuse.org + +- Add NetworkManager-systemd-suspend.patch and + NetworkManager-upower-out.patch: Listen to systemd for + suspend/resume when built with systemd support. The upower + signals will never be emitted. +- When building with systemd support, add gnome-common + BuildRequires and call to gnome-autogen.sh, as above patches + touch the build system. + +------------------------------------------------------------------- +Sat Oct 27 08:53:29 UTC 2012 - dimstar@opensuse.org + +- Update to version 0.9.6.4: + + Add libnm-glib API to get bond interface slaves. + + Fix detection of some ACPI-based laptop airplane-mode/rfkill + switches. + + Fix a crash when a VLAN interface is removed. + + Fix a regression setting the Device 'driver' and 'firmware' + properties. + + Fix a stale-properties issue with libnm-glib when device state + changes. + + Ignore cached/cloned route notifications from the kernel. + + Work around buggy kernel driver carrier notifications. + + Fix a crash with dnsmasq local caching nameserver functionality + when no nameservers are present. + + Add "Speedport W 501V" to list of manufacturer default SSIDs. + + Various documentation fixes. + + Fix routing setup if gateway is not given with the first IP + address. + + Enhance nmcli for additional VLAN and bonding functionality. + + Fix possible crash when removing OLPC Mesh devices. + +------------------------------------------------------------------- +Wed Sep 26 03:15:38 UTC 2012 - glin@suse.com + +- Disable nm-remove-AP-always-on-device-disconnect.diff: the AP + might be removed from the list forever due to the AP list update + method change since 0.9.4.0 (bnc#768564) + +------------------------------------------------------------------- +Mon Aug 20 18:19:46 UTC 2012 - dimstar@opensuse.org + +- Update to version 0.9.6.0: + + Allow customized dnsmasq local caching nameserver config via + /etc/NetworkManager/dnsmasq.d/ + + Fixes for VLAN and bonding when libnl2 or earlier are used + + D-Bus API, libnm-glib, libnm-util, and GObject Introspection + documentation updates. + +------------------------------------------------------------------- +Mon Aug 20 14:26:23 UTC 2012 - dimstar@opensuse.org + +- Update to version 0.9.5.96: + + Fix various crashes and issues in the ifcfg-rh system settings + plugin + + Fix race with multiple interfaces running DHCP at the same time + + Add Linux From Scratch (LFS) support. + +------------------------------------------------------------------- +Mon Aug 20 13:57:32 UTC 2012 - dimstar@opensuse.org + +- Update to version 0.9.5.95: + + Many libnm-glib fixes, including crashes when NetworkManager + restarts + + Enhanced IPv6 stability and compatibility. + + Fix regression in carrier handling for devices that don't + support carrier detect. + + Add ability to connect to new WiFi networks from nmcli. + + Add native support for ADSL modems using PPPoE or PPPoATM. + + Reduce number of changes made to DNS information during + connection setup. + + Add support for IPv6-enabled VPN connections. + + Add device driver version, firmware version, and autoconnect + properties to D-Bus API. + + Add on-demand WiFi scan support. + + Fix IPv6 default gateway handling for DHCPv6. + + Add Vala language bindings. +- Drop patches that were merged upstream: + + nm-ensure-bindings-created-NMClient-object-work.patch + + nm-gerror-must-be-null.patch + + nm-ppp-build-error.patch + + nm-ensure_inited-fixing.patch + + nm-null-out-on-dispose.patch + + nm-probe-radius-server-cert.patch + + nm-wireless-strength.patch +- Add vala BuildRequires: needed to build the new vala bindings. + +------------------------------------------------------------------- +Mon Aug 20 07:13:17 UTC 2012 - binli@opensuse.org + +- Add nm-wireless-strength.patch, fix wireless status for ipw2200. + (bnc#755541, bgo#675017). + +------------------------------------------------------------------- +Fri Aug 17 13:52:22 UTC 2012 - fcrozat@suse.com + +- Remove dbus system-service for NetworkManager, to prevent + warnings about it not being running (bnc#738596) + +------------------------------------------------------------------- +Wed Jul 18 04:37:40 UTC 2012 - glin@suse.com + +- Add nm-probe-radius-server-cert.patch to probe the certificate + of the RADIUS server (bnc#574266, bnc#771185) +- Add nm-null-out-on-dispose.patch to fix crash in gnome-shell or + any other program using libnm-glib (bgo#674473) + +------------------------------------------------------------------- +Thu Jun 7 23:42:26 UTC 2012 - badshah400@gmail.com + +- Add nm-ensure-bindings-created-NMClient-object-work.patch to fix + "nmcli con" not working (bgo#672812, bnc#766045). + +------------------------------------------------------------------- +Sat Jun 2 16:21:22 UTC 2012 - binli@opensuse.org + +- Add nm-ppp-build-error.patch, don't use struct ifpppstatsreq + that was removed from linux/ip_ppp.h in recent kernels. + +------------------------------------------------------------------- +Tue May 29 09:28:01 UTC 2012 - binli@opensuse.org + +- Add nm-ensure_inited-fixing.patch, ensure initialization + in get_property() calls.(bnc#764290). + +------------------------------------------------------------------- +Tue Apr 17 22:13:49 UTC 2012 - jeffm@suse.com + +- Add nm-gerror-must-be-null.patch: GError * must be initialized to + NULL (bnc#757656). + +------------------------------------------------------------------- +Sat Mar 24 09:29:40 UTC 2012 - vuntz@opensuse.org + +- Update to version 0.9.4.0: + + Removed support for WiFi Ad-Hoc WPA connections due to kernel + bugs + +------------------------------------------------------------------- +Tue Mar 20 16:29:47 UTC 2012 - vuntz@opensuse.org + +- Update to version 0.9.3.997: + + A bug causing IPv6 address assignment to fail on newer kernels + with libnl3 has been fixed + + Fix a bug in the ifcfg-rh plugin with backticks in WPA + passphrases + + Ensure connections that cannot be stored are ignored by the + ifnet plugin + + Enable out-of-the-box IPv6 connectivity by allowing IPv4 to + fail if IPv6 succeeds + + Allow proxying of DNSSEC data when using the dnsmasq local + caching nameserver plugin + + Add support for multiple domain names sent from VPN plugins + +------------------------------------------------------------------- +Tue Mar 13 16:11:33 UTC 2012 - vuntz@opensuse.org + +- Add NetworkManager Supplements to + NetworkManager-device-plugin-wimax so that it gets automatically + installed by default. + +------------------------------------------------------------------- +Fri Mar 2 19:23:53 UTC 2012 - dimstar@opensuse.org + +- Update to version 0.9.3.995: + + Linux Wireless Extensions (WEXT) support can be disabled at + configure time with --with-wext=no + + IPv6 Privacy Extensions are now enabled by default for new + connections + + Support for checking Internet connectivity has been added + + The ifnet system config plugin rewrites config files less often +- Add pkgconfig(libsoup-2.4) BuildRequires and pass + --enable-concheck to configure to enable internet connectivity + check. + +------------------------------------------------------------------- +Wed Feb 29 17:59:27 UTC 2012 - dimstar@opensuse.org + +- Add with_wimax define, which prepares NM for wimax. If with_wimax + is defined to 1: + + Add pkgconfig(libiWmxSdk-0) BuildRequires + + Change --disable-wimax to --enable-wimax in configure + + Create NetworkManager-device-plugin-wimax subpackage + +------------------------------------------------------------------- +Thu Feb 23 12:44:10 UTC 2012 - vuntz@opensuse.org + +- Get ready for full-switch to systemd: + + Add a with_systemd macro, currently set to 0 as the systemd + support implies no support for ConsoleKit, which we want to + keep until sysvinit is not supported anymore. + + Add pkgconfig(libsystemd-login) BuildRequires and pass + --with-session-tracking=systemd to configure if we build + systemd support. +- Move to libnl3: + + Remove pkgconfig(libnl-1) BuildRequires. + + Add pkgconfig() BuildRequires: libnl-3.0, libnl-genl-3.0, + libnl-route-3.0. +- Remove libiw-devel BuildRequires: it's not needed anymore. +- Stop changing libexecdir to %{_prefix}/lib/NetworkManager: there + is no need for this. + +------------------------------------------------------------------- +Sat Feb 18 16:10:10 UTC 2012 - dimstar@opensuse.org + +- Update to version 0.9.3.990: + + Better handling of WiFi devices via nl80211 when available + (instead of WEXT) + + IP configuration is now non-blocking; waiting for IPv6 RA no + longer blocks the device from activating if IPv4 is ready and + vice versa + + Addded support for firewall "zones" via FirewallD + + Added basic support for bonded interfaces + + WiFi connections are no longer locked to a specific MAC address + if they are "locally administered" addresses (ie, 02:::::) + + New state change reasons have been added for mobile broadband + PIN errors + + Agent-owned secrets are now sent to agents for newly created + connections + + Support for non-UTF8-encoded 802.1x passwords has been added + + libnm-glib now fetches some properties more aggressively (like + active connections, access points, etc) + + Added basic support for IP-over-Infiniband interfaces + + Added support for device plugins and converted WiMAX support to + a plugin for easier packaging and simpler dependencies + + Added support for VLAN interfaces + + Added support for 802.1x EAP-FAST authentication + + Added non-blocking mode and API to libnm-glib +- Rebased systemd-network-config.patch. + +------------------------------------------------------------------- +Thu Dec 8 08:44:10 UTC 2011 - dimstar@opensuse.org + +- Split typelib files into their own subpackages: + typelib-1_0-NetworkManager-1_0 and typelib-1_0-NMClient-1_0. +- Add typelib-1_0-NetworkManager-1_0 and typelib-1_0-NMClient-1_0 + Requires to devel subpackage. + +------------------------------------------------------------------- +Wed Dec 7 14:48:46 UTC 2011 - fcrozat@suse.com + +- Update systemd-network-config.patch to handle NM_TIMEOUT value 0 + as no timeout (bnc#730628). + +------------------------------------------------------------------- +Tue Nov 15 14:07:06 UTC 2011 - dimstar@opensuse.org + +- Really enable parallel build: fix typo smp_flags => smp_mflags. + +------------------------------------------------------------------- +Sat Nov 12 19:06:06 UTC 2011 - dimstar@opensuse.org + +- Update to version 0.9.2.0: + + Fixes for building with recent GLib versions. + + Don't update routing and DNS until a device is managed. + + Fix bug causing IPv6 RA-provided routes to be ignored. + + Fix possible wrong handling of 'keyfile' connection + certificates. + + Correct Shared connection IP address range to be as documented. + +------------------------------------------------------------------- +Mon Oct 31 13:17:46 UTC 2011 - dimstar@opensuse.org + +- Update to version 0.9.1.95: + + Fix a crash when deleting default wired connections + + Fix a security issue in the ifcfg-rh plugin with newlines in + file names + + Fix the "SpecificObject" property for active VPN connection + objects + + Improve handling of rfkill on some platforms + + Spaces no longer used in ifcfg config file names + + IPv6 RAs are now accepted when forwarding is configured + + dnsmasq local caching nameserver plugin cache size bumped to + 400 entries (from 150) + + Fix handling of SSIDs in the keyfile plugin + + Fix some GObject Introspection annotations in libnm-glib and + libnm-util + + Fix setting hostnames from DHCP +- Drop nm-udev-rfkill-handling.patch: fixed upstream. + +------------------------------------------------------------------- +Fri Oct 14 10:02:06 UTC 2011 - lnussel@suse.de + +- avoid annoying polkit popups when connecting to 802.11x networks + that are supposed to ask for passwords (bnc#713639) +- also avoid asking for a password (and thereore polkit auth) when + an AP goes of range. + +------------------------------------------------------------------- +Mon Oct 3 06:17:56 UTC 2011 - glin@suse.com + +- Add nm-udev-rfkill-handling.patch to improve the rfkill handling + (bnc#709733,bgo#655773) + +------------------------------------------------------------------- +Tue Sep 27 11:20:24 UTC 2011 - fcrozat@suse.com + +- Update systemd-network-config.patch to correctly handle /usr over + NFS. +- Use latest systemd rpm macros. + +------------------------------------------------------------------- +Wed Sep 21 18:34:08 UTC 2011 - vuntz@opensuse.org + +- Update to version 0.9.1.90: + + Support for libnl2 and libnl3 and various leak fixes + + Various small bug fixes in the ifnet config plugin + + Ensure IPv6 link-local DNS servers work correctly in the + dnsmasq DNS plugin + + Add ability for nmcli to delete connections + + Fix setup of connection sharing with newer iptables versions + + Ensure WiMAX activation emits correct signals (fixes initial + signal strength) + + Fix an issue with duplicated keyfile connections + + Ensure the 'novj' options is passed through to pppd + + Store timestamps for VPN connections too +- Remove explicit Requires for libnl: this is a library, so the + right Requires will be automatically be added. + +------------------------------------------------------------------- +Sat Sep 17 09:52:14 UTC 2011 - jengelh@medozas.de + +- Remove redundant tags/sections from specfile +- Implement baselibs for package + +------------------------------------------------------------------- +Fri Sep 9 14:50:55 UTC 2011 - fcrozat@suse.com + +- Update systemd-network-config.patch to enable + NetworkManager-wait-online.service too (and read timeout value + from /etc/sysconfig/network/config). + +------------------------------------------------------------------- +Tue Sep 6 18:38:58 UTC 2011 - vuntz@opensuse.org + +- Apply shared library packaging policy (bnc#689039): + + Create libnm-util2, libnm-glib4, libnm-glib-vpn1 subpackages. + + Add Provides/Obsoletes for NetworkManager-glib to libnm-glib4. + + Changes NetworkManager-glib Requires in devel subpackage to + libnm-util2, libnm-glib4 and libnm-glib-vpn1 Requires. + + Remove NetworkManager-glib Requires from main subpackage: there + is no reason to have an explicit Requires for the libraries. +- Merge doc subpackage in devel subpackage, with appropriate + Provides/Obsoletes. +- Rename nm-system-settings.conf source to NetworkManager.conf, to + follow the new non-deprecated scheme for configuration. Note that + this uses the same format, so there's nothing to adapt. If users + have an old modified version of nm-system-settings.conf, then it + will still be used. Fix bnc#689042. +- Mark %{_sysconfdir}/NetworkManager/NetworkManager.conf with + %config(noreplace). + +------------------------------------------------------------------- +Tue Aug 30 16:57:28 UTC 2011 - fcrozat@suse.com + +- Add empty systemd macro to fix build on 11.4 +- Update systemd-network-config.patch to disable dbus activation + for NetworkManager, it was causing KDE timeout when NM was not + handling network (bnc#714962). + +------------------------------------------------------------------- +Tue Aug 24 16:24:52 CEST 2011 - dimstar@opensuse.org + +- Update to version 0.9.0: + + fdo#39463: Ensure NM can talk to newly installed VPN plugins + + Don't autoconnect disabled modems. + + Preserve agent secrets the right way. + + Preserve agent secrets over Update operation. + + Add libnl-3 API compatibility. + + Add libnl-2 support with libnl-1 compatibility. + + Fix DBus signal signatures in supplicant. + + Handle a few more possible D-Bus activation errors. + + Fix integer list SSID parsing. + + bgo#652512: Fix crash for AddAndActivateConnection() D-Bus call + + Add missing U2600 GSM band enumeration. +- Drop f15-branch.patch: No longer required. + +------------------------------------------------------------------- +Wed Aug 24 14:23:01 UTC 2011 - fcrozat@suse.com + +- no longer package /var/run/NetworkManager, not used by NM + anymore. Package /var/lib/NetworkManager instead. +- Add systemd-network-config.patch: follow network configuration to + not start NM under systemd if it is disabled system-wide. +- enable systemd service for NetworkManager + +------------------------------------------------------------------- +Thu Jun 9 14:03:30 UTC 2011 - fcrozat@suse.com + +- Update to version 0.8.9997: + + Fix symbol exports in libnm-glib. + + Fix some gobject introspection annotations. + + WiMax fixes : do not attemp to connect when scanning. + + Recognize PKCS#8 private keys and check passwords. + + Allow _ as valid character for GSM APN. + + Improve PolicyKit integration. + + Fix up Ad-Hoc frequency when connecting. + + Don't complay if ConsoleKit database isn't found at startup. + + Improve openconnect migration. + + Handle DHCP options perperty correctly. + + Only send hostname without domain as host-name option for + DHCP. + + Fix crash when SSID is missing + + Make auto-activation retries really work. + + Fix dispatcher handling of empty VPN interface. +- Update f15-branch.patch from the git branch. + +------------------------------------------------------------------- +Wed May 4 12:27:58 CEST 2011 - dimstar@opensuse.org + +- Update to version 0.8.999: + + IPv6 compliance and RDNSS lifetime fixes + + systemd cooperation fixes + + API fixes for clients creating wifi connections + + API additions to make client code simpler + + Startup efficiency fixes by not parsing the ConsoleKit database + more than required + + Fixes for IBM s390 CTC-type network devices + + Fixes for WWAN enable/disable status + + Fixes for ifcfg-rh configuration plugin handling of IP addresses + + Support for Easytether Android handset tethering + + Better handling of rfkill for WiFi and WiMAX interfaces + + Addition of IPv6 support for dispatcher scripts + + Fixed handling of DER-format certificates +- Update f15-branch.patch from the git branch. + +------------------------------------------------------------------- +Tue May 3 00:20:02 CEST 2011 - vuntz@opensuse.org + +- Remove polkit-unauthorized-privilege filter from + NetworkManager-rpmlintrc as polkit-default-privs got updated. + +------------------------------------------------------------------- +Mon May 2 14:50:17 CEST 2011 - vuntz@opensuse.org + +- Update NetworkManager-rpmlintrc: + + Remove filter for suse-dbus-unauthorized-service, this got + fixed. + + Update polkit-unauthorized-privilege to be more specific since + only org.freedesktop.NetworkManager.settings.modify.hostname is + missing now. + + Mention bnc#680140, where we are tracking this. + +------------------------------------------------------------------- +Thu Apr 21 12:25:46 CEST 2011 - vuntz@opensuse.org + +- Move to pkgconfig()-style BuildRequires: + + Old ones: dbus-1-devel, dbus-1-glib-devel, libgudev-1_0-devel, + libnl-devel, libuuid-devel, mozilla-nss-devel, polkit-devel. + + New ones: dbus-1, dbus-glib-1, glib-2.0, gudev-1.0, libnl-1, + nss, polkit-gobject-1, uuid. +- Remove libgcrypt-devel BuildRequires: it's only needed if we + don't use nss. +- Remove explicit Requires for various packages in devel subpackage + as they should be brought with pkgconfig() magic: dbus-1, + dbus-1-glib, dbus-1-devel, glib2-devel, dbus-1-glib-devel, + libgcrypt-devel, libgpg-error-devel. +- Add fdupes BuildRequires to remove duplicate files in + /usr/share/gtk-doc. +- Do not call /sbin/ldconfig in %post/%postun of main binary + package as there is no library there. +- Stop manually building nm-online: it's already installed with the + standard build. +- Drop NetworkManager-frontend.conf as this was for the + NetworkManager 0.8 world. This is now integrated in + /etc/dbus-1/system.d/NetworkManager.conf. Fix bnc#689043. +- Ship /etc/NetworkManager/VPN directory. + +------------------------------------------------------------------- +Wed Apr 6 11:34:42 UTC 2011 - fcrozat@novell.com + +- Add back f15-branch.patch: all patches from Fedora15 branch, + mostly for fixing compatibility issues. + +------------------------------------------------------------------- +Tue Apr 5 13:32:59 UTC 2011 - dimstar@opensuse.org + +- Update to version 0.8.998 (0.9.0-rc1): + + Fix memory leaks + + libnm-glib: Fix crashes + + Fix wired connection completion + + Updated translations. + + Bugs fixed: bgo#646300, bgo#646115, bgo#646335, bgo#646375, + bgo#645927. +- Drop f15-branch.patch: merged. +- Remove autoreconf call: no more patches. + +------------------------------------------------------------------- +Tue Mar 29 12:01:29 UTC 2011 - fcrozat@novell.com + +- Add f15-branch.patch: all patches from Fedora15 branch, mostly + for fixing compatibility issues. + +------------------------------------------------------------------- +Sun Mar 20 16:26:30 UTC 2011 - dimstar@opensuse.org + +- Update to version 0.8.997 (0.9 beta3): + + Mostly bugfixes and backwards compatible D-BUS changes. + +------------------------------------------------------------------- +Wed Mar 16 11:22:29 CET 2011 - dimstar@opensuse.org + +- Update to version 0.8.996 (0.9 beta2): + + don't require glib 2.26 + + deb#615082, lp#725041: fixes for new dnsmasq + + crash fixes + + ifupdown plugin fixes + + save connection timestamps in /var not /etc + + install time fixes for Arch Linux + + libnm-glib crash and correctness fixes + + fix display of SSIDs in applet tooltips + + build fixes and cleanups + + import existing user connections +- Summary from 0.8.995 (0.9 beta1) + + simpler, easier, more flexible, and cooler applets. + + Fast User Switching. + + WiMAX support. + + System connections by default. + + More flexible system administration. + + Scales down to smaller devices. +- Drop patches fixed upstream: + + nm-64bit-timestamp.diff + + nm-nis-domain.diff + + nm-crash-lack-ipv4.patch + + nm-ignore-temp-files.patch + + nm-stop-touching-hosts.patch + + nm-destory-crash.patch +- Add pkgconfig(systemd) BuildRequires for systemd integration + support. +- Add gobject-introspection-devel BuildRequires to get + introspection support. +- Pass --disable-wimax to configure for now as we don't have the + libraries for it. + +------------------------------------------------------------------- +Mon Feb 21 10:11:47 UTC 2011 - binli@opensuse.org + +- Add nm-destory-crash.patch, fix crash when NM exit(bnc#673627). + +------------------------------------------------------------------- +Tue Feb 15 09:09:46 UTC 2011 - binli@opensuse.org + +- Add the nm-stop-touching-hosts.patch to stop touching /etc/hosts. + (bnc#667265) + +------------------------------------------------------------------- +Wed Feb 02 19:00:04 CET 2011 - bjorn.lie@gmail.com + +- Added autoreconf since nm-ignore-temp-files.patch needs more + than touching Makefile.in. + +------------------------------------------------------------------- +Sat Jan 30 11:16:04 CET 2011 - bjorn.lie@gmail.com + +- Add nm-ignore-temp-files.patch: stop NM from filling dmesg and + logs by ignoring temporary files (bgo#602868) (bnc#668183) + Original upstream patch has been extended to also touch + Makefile.in in order to avoid having to re-bootstrap. + +------------------------------------------------------------------- +Fri Jan 14 21:16:04 CET 2011 - jeffm@suse.de + +- Add nm-crash-lack-ipv4.patch to fix a crash during exit: lack of + an IPv4 setting indicates DHCP (bnc#664640). + +------------------------------------------------------------------- +Tue Dec 14 20:36:27 CET 2010 - vuntz@opensuse.org + +- Stop removing sr@Latn translation: it was added by + translation-update-upstream, and the script got fixed now. + +------------------------------------------------------------------- +Wed Nov 24 10:02:15 UTC 2010 - tittiatcoke@gmail.com + +- Add patch to fix NM crash (bnc#655685) + +------------------------------------------------------------------- +Tue Nov 23 19:16:38 UTC 2010 - wstephenson@novell.com + +- Add patch to fix NM crash with ethernet (bnc#655505) + +------------------------------------------------------------------- +Wed Nov 10 12:34:49 UTC 2010 - coolo@novell.com + +- Remove sr@Latn as it's a duplicate of sr@latin and no valid + locale. + +------------------------------------------------------------------- +Sat Nov 6 14:42:02 CET 2010 - dimstar@opensuse.org + +- Update to version 0.8.2: + + Native local caching nameserver support using dnsmasq + + Automatically detect addition and removal of new VPN plugins + + Support for handling suspend/resume signals from UPower + + Ensure users are allowed to enable/disable WiFi and networking + + Ensure WiFi enable state is preserved across reboot and suspend + + Better handling of /etc/hosts and preservation of custom + hostnames + + Support for the systemd session management service + + Better handling of 'keyfile' system connection errors + + Support for S390 network devices + + and much more... +- Split out lang package. +- Pass --with-docs to configure. + +------------------------------------------------------------------- +Mon Aug 9 13:00:09 CEST 2010 - vuntz@opensuse.org + +- Change --with-dhcp-client configure option to --with-dhclient. +- Re-enable parallel build. + +------------------------------------------------------------------- +Mon Jul 26 11:53:25 UTC 2010 - dimstar@opensuse.org + +- Update to version 0.8.1: + + Bluetooth Dial-Up Networking + + nmcli: a command-line interface for controlling NetworkManager + + Mobile Broadband Status: signal strength, roaming, and access + technology display + + Enhanced IPv6 support: including DHCPv6 and tons of fixes + + Logging and Debugging: make NM as quiet or verbose as you like +- Drop NetworkManager-netconfig-exit-quick.patch, upstreamed. +- Drop NetworkManager-NIS.patch, no longer required. + +------------------------------------------------------------------- +Fri Jul 23 08:11:57 UTC 2010 - bili@novell.com + +- nfs script should not use nfs restart(bnc#559021). + +------------------------------------------------------------------- +Fri Jul 9 18:37:22 UTC 2010 - jengelh@medozas.de + +- Add SPARC targets to %files list +- Reword comment about locations of files (since sparcv9 is neither + single-arch nor a 64-bit environment) + +------------------------------------------------------------------- +Wed Jun 30 08:20:46 UTC 2010 - bili@novell.com + +- Update NetworkManager-NIS.patch, init the variable(bnc#618599). + +------------------------------------------------------------------- +Tue Jun 29 02:51:17 UTC 2010 - bili@novell.com + +- Add NetworkManager-netconfig-exit-quick.patch, fix wrong return + value when updating the DNS with netconfig(bnc#595708, bnc#544195, + bnc#537907, bnc#596163). + +------------------------------------------------------------------- +Thu Jun 24 09:12:24 UTC 2010 - bili@novell.com + +- Add NetworkManager-NIS.patch, support NIS domain and servers + (bnc#608677). + +------------------------------------------------------------------- +Tue Jun 15 06:18:09 UTC 2010 - dimstar@opensuse.org + +- Minor spec-cleanup. + +------------------------------------------------------------------- +Wed Jun 9 18:46:43 UTC 2010 - cristian.rodriguez@opensuse.org + +- fix NetworkManager dependencies + * ModemManager and dnsmasq should be recommended, not required + * should Require iproute2,iputils and ppp + * Should Recommend iptables + +------------------------------------------------------------------- +Wed May 19 16:01:01 UTC 2010 - lnussel@suse.de + +- remove not needed build time dependency on dhcp-client + +------------------------------------------------------------------- +Fri Apr 23 08:10:20 UTC 2010 - bili@novell.com + +- Add a general dbus conf file for nm-applet, cnetworkmanager and + NetworkManager-kde4(bnc#476502). + +------------------------------------------------------------------- +Mon Feb 22 15:38:03 CET 2010 - dimstar@opensuse.org + +- Update to version 0.8: + + introspection: fix inclusion of Dhcp6Config XML + + crypto: de-init NSS after calling PR_GetError() + + ifcfg-rh: read and write DHCPv6 connections + + policy: fall back to original hostname before trying reverse + DNS + + bluetooth: finish DUN implementation + + introspection: sync device state reason code with + NetworkManager.h + + policy: be more selective when adding hostname to /etc/hosts + + gsm: handle PIN requests during modem enable too + + system-settings: register setting errors so D-Bus errors are + meaningful + + Updated translations. + +------------------------------------------------------------------- +Fri Feb 12 01:45:06 CET 2010 - vuntz@opensuse.org + +- Add NetworkManager-rpmlintrc to list of sources. +- Fix self-obsoletion of dhcdbd. + +------------------------------------------------------------------- +Sat Jan 30 23:18:28 CET 2010 - captain.magnus@opensuse.org + +- Update to version 0.7.999: + + ifcfg-rh: formatting fix + + ifcfg-rh: handle missing PREFIX by generating one + + ifcfg-rh: ensure IPv6 addresses are cleared when none get + written out + + ifcfg-rh: add IPv6 addressing and routes support (rh #523288) + + backends: add backend for Pardus + + libnm-util: fix NMDeviceBt hardware address property + + core: ensure failed /etc/hosts update writes out + well-formatted file (lp#471498) + + olpc-mesh: fix companion path and active channel property + types + + netlink: work around kernel cache refill problems + + keyfile: add IPv6 support (bgo #593814) + + libnm-util: add IPv6 comparison functions + + Translation updates +- Remove 0006-NIS-patch.patch, 0007-Fix-etc-hosts-updating.patch, + nm-hal-tree-changes.patch and + 0009-Implement-sending-system-hostname-with-DHCP-client.patch. + These patches were not applied + +------------------------------------------------------------------- +Thu Jan 21 18:21:27 UTC 2010 - tambet@novell.com + +- Upgrade to the latest upstream 0.8 branch: + + Add support for Bluetooth DUN devices. + + Add support to manually deactivate active devices. + + Much improved killswitch handling. + + The state (networking, wireless, ...) is now remembered after + reboots. + + The system settings daemon is removed and the main daemon has + support for distribution specific plugins now. + + The keyfile plugin supports a lot more data formats now (human + readable IP addresses, passwords without hashing etc). Add + back the support for certificate file paths. + + Add back support for multiple CA certificate per (.PEM) file. + + HAL usage is replaced with gudev. + + IPv6 support. + + Documentation updates. + + Lots of bug fixes. + +------------------------------------------------------------------- +Mon Oct 5 07:22:17 UTC 2009 - tambet@novell.com + +- Never fall back to manually updating resolv.conf, even if + netconfig fails (bnc #537907, #544195). + +------------------------------------------------------------------- +Mon Sep 14 09:31:43 UTC 2009 - tambet@novell.com + +- Fix a segfault introduced by the updated ModemManager patch + (bnc #538180). + +------------------------------------------------------------------- +Wed Aug 26 07:42:53 UTC 2009 - tambet@novell.com + +- HAL added 'ssb' (Silicon Sonics Backplane, used internally on + most Broadcom ethernet and wifi chipsets) in 0.5.13, which + changed the device list layout and made NM unable to get the + driver for the wifi device. Fix that (bnc #526105). + +------------------------------------------------------------------- +Tue Aug 25 08:28:14 UTC 2009 - tambet@novell.com + +- Fix issues with root being at_console (bnc #530430). + +------------------------------------------------------------------- +Thu Aug 20 09:14:01 UTC 2009 - aj@suse.de + +- Require libiw-devel for building instead of wireless-tools. + +------------------------------------------------------------------- +Tue Aug 11 14:28:29 UTC 2009 - tittiatcoke@gmail.com + +- Update to latest 0.7.1 upstream + + Handle ZTE (Onda) device port types + + Wait 20 seconds (instead of 15) for PPP connections to come up + + Block until netconfig exits + + Allow 63 byte long PSK + + Fix dbus reconnection + + Handle unsolicited supplicant scans + + Other fixes + +------------------------------------------------------------------- +Tue Jul 21 14:21:18 CEST 2009 - aj@suse.de + +- Add 0013-iptables-path.patch to correct path for iptables, it lives + in /usr/sbin. + +------------------------------------------------------------------- +Tue Jul 14 11:40:25 CEST 2009 - tittiatcoke@gmail.com + +- Added Build dependency for libuuid + +------------------------------------------------------------------- +Wed May 27 08:51:27 EEST 2009 - tambet@novell.com + +- Update to 0.7.1: + + Plays better with stupid wifi and ethernet drivers. + + Support for rfc3442 classless static routes. + + The default "Auto eth0" connection is now read/write. + + Compatibility fixes for 802.1x PEAP authentication and 3G/PPP + connections. + + Reduced wakeups for power saving awesomeness. + + Ability to deny specific devices the default route. + + More correct display of wifi signal strength. + + Custom IPv4 settings for mobile broadband connections. + + More informative display of network device state. + + Lots of bugs fixed. + +------------------------------------------------------------------- +Mon Feb 16 17:49:47 CET 2009 - sbrabec@suse.cz + +- Added support for translation-update-upstream (FATE#301344). + +------------------------------------------------------------------- +Wed Feb 11 22:58:48 CET 2009 - vuntz@novell.com + +- Remove non-upstream translations: they'll get out-of-date. + +------------------------------------------------------------------- +Sat Jan 31 20:42:39 CET 2009 - vuntz@novell.com + +- Use sr@latin instead of sr@Latn. + +------------------------------------------------------------------- +Mon Jan 12 15:25:27 EST 2009 - mauro@suse.de + +- Translations update. + +------------------------------------------------------------------- +Fri Jan 9 00:18:22 CET 2009 - mauro@suse.de + +- Translations update. + +------------------------------------------------------------------- +Sat Dec 6 09:53:24 CET 2008 - mauro@suse.de + +- Translations update. + +------------------------------------------------------------------- +Thu Dec 4 12:30:37 EET 2008 - tambet@novell.com + +- Fix merging the default route (bnc #450553). + +------------------------------------------------------------------- +Tue Dec 2 15:34:44 EET 2008 - tambet@novell.com + +- Rebase from the official NetworkManager 0.7.0 release: + + Documentation fixes and updates. + + Updated translations: de, fi, or, sv. +- Fix the /etc/hosts file updating (bnc #433365). +- Fix NIS information updating (bnc #437320). +- Really fix the location of dhclient leases file (bnc #446611). + +------------------------------------------------------------------- +Fri Nov 21 14:42:46 EET 2008 - tambet@novell.com + +- Add support to use distro wide CA certificates from + /ets/ssl/certs (bnc #436192). +- Unmount NFS shares when network is deactivated (bnc #341647). +- Recomment NetworkManager-client (bnc #445643). +- Fix the location of dhclient leases file (bnc #446611). +- Add support for having certificate filenames in system + connections. +- Add API reference documentation for libnm-util. +- Handle gateways in different subnets. +- Add support for PKCS#12 certificates (bgo #558982). +- Update translations: es, pl, se + +------------------------------------------------------------------- +Fri Nov 14 12:04:42 EET 2008 - tambet@novell.com + +- Use system CA certificates in case the CA isn't set on connection. + +------------------------------------------------------------------- +Mon Nov 10 17:32:27 EET 2008 - tambet@suse.de + +- Fix the bug where the keyfile system settings plugin would + return empty strings for passwords when they're not set. + +------------------------------------------------------------------- +Fri Nov 7 15:47:00 EET 2008 - tambet@suse.de + +- Add support for passing through PKCS#11 certificates. +- Monitor /etc/HOSTNAME and set hostname accordingly (bnc #)440809. + +------------------------------------------------------------------- +Mon Nov 3 14:48:35 EET 2008 - tambet@suse.de + +- Break the public API to hide the internal data structures in + hope to achieve maintainable public API from now on. + +------------------------------------------------------------------- +Fri Oct 24 12:53:43 EEST 2008 - tambet@suse.de + +- Fix the problem where NetworkManager thinks it can't start ModemManager. +- Always add really important stuff to the command line to ensure + that NM overrides /etc/ppp/options (bgo #556781). +- Fix segfaults on shutdown. +- Correctly determine encryption capabilities. +- Add support for VPN subnet gateways (bgo #549196). +- Rework default route handling to consolidate decisions in the policy, + and to take active VPN connections into account when changing the default + route (bgo #545912). +- Updated translations: be, es, nb, pt_BR, sv. + +------------------------------------------------------------------- +Mon Oct 20 17:06:45 EEST 2008 - tambet@suse.de + +- Implement merging connections from /etc/sysconfig/network in + nm-opensuse-merge (part of bnc #433084). + +------------------------------------------------------------------- +Fri Oct 10 12:10:06 EEST 2008 - tambet@suse.de + +- Update to the latest upstream: + + Add a 'hostname' dispatcher action triggered on hostname changes + (bgo #552983). + + Fix a memory corruption in setting routes. + + Fix system connections saving after modifications. + + Fix a system settings crash on removal of ethernet devices. + + Make PPP username & password handling more robust. + + Clear secrets on invalid connections. + + Fix setting value comparison issues. + + Set route priorities correctly for multiple active devices in the same + subnet. + + Handle ipw3945 suspend/resume by retrying the GIWRANGE request a few + times when it returns EAGAIN (rh #362421). + + Update translations: es, et, fi, lv, nb, sv. +- NetworkManager always sets full hostname instead of short one (bnc #433179). +- NetworkManager does not require more exact libnl version (bnc #421735). +- NetworkManager: ethtool_cmd now has a speed_hi field to support devices + faster than 65535 Mb (bnc #431512). +- Fix a bug where during shutdown, NetworkManager messages pollute the + console (bnc #391747). +- Fix typoes in CDMA device which made them appear as GSM devices + (bgo #430502). + +------------------------------------------------------------------- +Fri Sep 26 15:55:31 EEST 2008 - tambet@suse.de + +- Update to the latest from upstream: + + Add support for static and dynamic hostnames. + + Correctly clean wpa_supplicant state on shutdown (bnc #404883). + + Fix a crash when a device is removed (bgo #549401). + + Fix (bgo #551361). + + Updated translations: it br sv lt fi hu fr. + +------------------------------------------------------------------- +Thu Sep 25 15:37:25 CEST 2008 - ro@suse.de + +- use autoreconf -f -i for new libtool + +------------------------------------------------------------------- +Fri Sep 19 14:15:56 EEST 2008 - tambet@suse.de + +- Update NIS information from a dispatcher script. +- Make it build on 11.0 as well. +- Update to the latest upstream: + + Default to "all ciphers" for wireless security setting. + + Fix a problem where unamanaged devices could cause recursive connection reloads. + + Fix a typo causing crashes in keyfile plugin. + + Updated translations: cs, fi, fr, nl. + +------------------------------------------------------------------- +Mon Sep 15 14:23:47 CEST 2008 - ro@suse.de + +- added directory to filelist + +------------------------------------------------------------------- +Sun Sep 14 21:03:11 CEST 2008 - aj@suse.de + +- Fix directory ownership. +- Remove unneeded build require on ppp. + +------------------------------------------------------------------- +Fri Sep 12 15:57:25 EEST 2008 - tambet@suse.de + +- Bring up to date with SVN. +- Add patches to remove the built in modem code and use ModemManager + instead. +- Create a -doc package now that NetworkManager has API reference + documentation. + +------------------------------------------------------------------- +Fri Aug 1 15:42:03 EEST 2008 - tambet@suse.de + +- Bring up to date with SVN again. + +------------------------------------------------------------------- +Mon Jun 30 17:31:07 CEST 2008 - tambet@suse.de + +- Bring up to date with SVN again. + +------------------------------------------------------------------- +Mon Jun 30 11:26:30 CEST 2008 - tambet@suse.de + + SWAMP-ID: 18426 + +- Don't assume DHCP server always returns a gateway (bnc #392598). +- Missing default route in case the gateways is in another subnet (bnc #266215). +- Cannot enter PIN code with some modems (bnc #394731). +- Changes in yast not picked up until reboot (bnc #378802). +- Make sure pppd is shut down, even if it's blockin on reads (bnc #394598). +- Fix a lifetime issue with VPN services (bnc #381769). + +------------------------------------------------------------------- +Wed Jun 4 10:46:00 CEST 2008 - tambet@suse.de + +- Fix a bug where NetworkManager does not work at all in case there are + devices marked with NM_CONTROLLED="no" (bnc #390404). + +------------------------------------------------------------------- +Sat May 24 10:09:12 CEST 2008 - aj@suse.de + +- Disable parallel build for now as it let to build failures. + +------------------------------------------------------------------- +Fri May 23 14:35:36 CEST 2008 - tambet@suse.de + +- Fix the configuration file path sent to dhclient (bnc #390770). +- Move crypto handling to NetworkManager (from NetworkManager-gnome), implement + WPA-EAP configuration reading for sysconfig. +- Make the system settings service exit when the bus goes away. (brc #444976). +- If the default gateway is in another subnet, first add route to it, then the + default route (bnc #266215). +- Optimize waking up after suspend, don't remove all the devices and then add + everything back. Just syncronize with HAL. +- Close serial devices when not active or activating (bnc #392604 and + bnc #392605). +- Make it possible to override DNS information returned by DHCP. + +------------------------------------------------------------------- +Tue May 13 13:39:59 CEST 2008 - wstephenson@suse.de + +- Fix enum syntax errors in installed headers. +- Fix 99% CPU bug due to PolKitContext. + +------------------------------------------------------------------- +Fri May 9 13:26:18 CEST 2008 - tambet@suse.de + +- Upgrade to the latest SVN: + Update system settings suse plugin. + Use PolicyKit to restrict changes to system connections. + Add Keyfile system settings plugin. + Allow multiple addresses for devices. + Use libnl for all ip address and route manipulation. + Don't require wireless-tools. + Improve nm-online tool. + +------------------------------------------------------------------- +Fri Apr 11 12:22:49 CEST 2008 - tambet@suse.de + +- Upgrade to the latest SVN: + Automatically create a default connection for wired devices that are not + configured in /etc/sysconfig. + Implement ignoring devices that should be ignored by NM according to + system configuration (Not used on suse yet). + Internal VPN API rework. + Lots of love to the libnm-glib. + Fix DSL (pppoe) authentication. + Make it build with gcc 4.3. + Bug fixes. + +------------------------------------------------------------------- +Mon Apr 7 16:45:44 CEST 2008 - maw@suse.de + +- The ppp package now installs various modules that NetworkManager + uses in %{_libdir}/pppd; adjust to that change. + +------------------------------------------------------------------- +Fri Mar 14 23:18:24 CET 2008 - tambet@suse.de + +- Fix a crasher bug triggered very frequently on waking up from suspend. + +------------------------------------------------------------------- +Thu Mar 13 23:51:50 CET 2008 - tambet@suse.de + +- Upgrade to the latest SVN: + Implement support for multiple active devices. + Implement support for DSL (pppoe) connection. + Lots of public dbus API cleanup. + Bug fixes. + +------------------------------------------------------------------- +Wed Mar 12 19:16:51 CET 2008 - tambet@suse.de + +- Work with updated HAL (bnc #369539). + +------------------------------------------------------------------- +Mon Mar 3 16:35:31 CET 2008 - maw@suse.de + +- Fix build on biarch systems. + +------------------------------------------------------------------- +Fri Feb 29 23:38:48 CET 2008 - tambet@suse.de + +- Upgrade to the latest SVN. + +------------------------------------------------------------------- +Mon Feb 11 12:24:36 CET 2008 - coolo@suse.de + +- fix pppd installation + +------------------------------------------------------------------- +Tue Feb 5 18:21:22 CET 2008 - maw@suse.de + +- Build with -fno-strict-aliasing. + +------------------------------------------------------------------- +Mon Feb 4 17:10:00 CET 2008 - tambet@suse.de + +- Upgrade to the latest SVN. +- Re-remove some files NM installs, they really aren't ready yet. + +------------------------------------------------------------------- +Sat Jan 12 18:57:33 CET 2008 - schwab@suse.de + +- Fix last change. + +------------------------------------------------------------------- +Fri Jan 11 20:40:37 CET 2008 - aj@suse.de + +- Install nm-tool and nm-online binaries and not + the libtool wrappers (#353240). +- Add proper provides/obsoletes for dhcdbd. + +------------------------------------------------------------------- +Fri Jan 11 01:30:33 CET 2008 - dmueller@suse.de + +- fix file lists +- fix various specfile / packaging errors + +------------------------------------------------------------------- +Wed Nov 28 11:32:12 CET 2007 - tambet@suse.de + +- Upgrade to the unstable branch (0.7). + - many changes and bugfixes + - integrate all previous patches + - switch to using dhcp-client instead of dhcdbd + - gnome applet split off to own source + +------------------------------------------------------------------- +Fri Sep 14 09:10:02 CEST 2007 - tambet@suse.de + +- Make sure gnome-keyring does not return empty result. (Novell #307910). + +------------------------------------------------------------------- +Wed Aug 15 16:51:34 CEST 2007 - tambet@suse.de + +- Fix the hard-coded gnomesu path. (Novell #299518). + +------------------------------------------------------------------- +Tue Aug 7 16:01:04 CEST 2007 - tambet@suse.de + +- Fix a crasher bug in nm-applet that was caused by a typo in a manually + updated patch. + +------------------------------------------------------------------- +Fri Aug 3 12:00:44 CEST 2007 - sbrabec@suse.cz + +- Updated gnome-patch-translation support. + +------------------------------------------------------------------- +Fri Aug 3 11:30:17 CEST 2007 - tambet@suse.de + +- Update to the latest version from upstream: + Add support for 2-phase authentication. + Add support for rfkill switch. +- Add an editor for stored wireless networks. +- Fix the packaging bug where the log file was not owned by the package + (Novell #280464). +- Fix the issue where NM doesn't honor YaST Static IP Settings + (Novell #271757). +- Fix the packaging issue to not require gnome-panel (Novell #229291). + +------------------------------------------------------------------- +Tue May 15 10:07:27 CEST 2007 - pgajdos@suse.cz + +- removed invalid PreReq: gtk2 >= {%gtk_version} gnome-icon-theme +- added Requires: gtk2 >= {%gtk_version} +- removed gnome-icon-theme from BuildRequires [#247450] + +------------------------------------------------------------------- +Thu May 10 13:55:29 CEST 2007 - tambet@suse.de + +- Do not overwrite existing AP properties when merging the information from + /etc/sysconfig/network/. Fixes the problem described in + https://bugzilla.novell.com/show_bug.cgi?id=255765#c59 + +------------------------------------------------------------------- +Wed Mar 7 23:36:12 CET 2007 - jhargadon@suse.de + +- fixed a problem with nm-resolv-conf-header-rml.patch (#249251) + +------------------------------------------------------------------- +Tue Feb 13 11:50:51 CET 2007 - sbrabec@suse.cz + +- Do not build unusable static libraries (#238552#c17). + +------------------------------------------------------------------- +Tue Feb 13 11:21:40 CET 2007 - aj@suse.de + +- Fix typo (it should be BuildRequires). + +------------------------------------------------------------------- +Fri Feb 9 13:25:44 CET 2007 - sbrabec@suse.cz + +- Removed remaining references to /opt/gnome (#243824). +- Build with libnotify. +- Spec file cleanup. + +------------------------------------------------------------------- +Tue Jan 30 13:57:16 CET 2007 - sbrabec@suse.cz + +- Changed GNOME prefix to /usr. + +------------------------------------------------------------------- +Mon Nov 20 15:18:59 CET 2006 - tambet@suse.de + +- Add a hack to fix translations (Novell #222329). + +------------------------------------------------------------------- +Tue Nov 14 15:48:20 CET 2006 - sbrabec@suse.cz + +- Use translation compendium gnome-patch-translation. + +------------------------------------------------------------------- +Sun Nov 12 22:03:35 CET 2006 - thoenig@suse.de + +- Add patch avahi-dbus-request-name-flags-fix-thoenig-01.patch: + Fix flawed logic for flags passed to dbus_bus_request_name() + +------------------------------------------------------------------- +Fri Nov 10 12:34:16 CET 2006 - tambet@suse.de + +- Pull in latest CVS updates: + - Fix a bunch of memory leaks and reference counting issues. + (Novell #217027). +- Actually fix (Novell #212556). +- Implement disconnect wireless on exit (Novell #218848). + +------------------------------------------------------------------- +Thu Nov 2 10:38:32 CET 2006 - tambet@suse.de + +- Pull in latest CVS updates: + - Suppress messages from the "SCAN" command. + - Reduce the number of times the gnome applet wakes up. + - Add LEAP authentication. +- Fix multiple problems with the fallback patch (Novell #212556): + - Populate the key information from gconf for fallback keys. + - Make sure the AP broadcast state isn't lost in case of fallback + networks. +- Build fixes: + - Merge all fallback related patches. + - autoreconf before build to fix intltool issues. + - Add some auto-detected Requires. + +------------------------------------------------------------------- +Fri Oct 20 15:26:21 CEST 2006 - tambet@suse.de + +- Pull in latest CVS update: Don't kill nscd (#149613). +- Add a missing Requires to -devel package. + +------------------------------------------------------------------- +Tue Oct 17 12:22:04 CEST 2006 - tambet@suse.de + +- Pull in latest CVS updates: + - Don't loop infinitely if netmask is 0 (Gnome #352634) + - Bump vpn timeout to 45s. + - Backported async scanning patch backported from HEAD. + - Make renaming a VPN entry work (Novell #193711). + - Make sleep/wake distinguishable from enable/disable networking + (Novell #199071). + - Fix a packaging issue (Novell #212506). +- Add 'fallback' support (Novell #175172). +- Remove nm-dbus-api-fix-thoening-01.path as it's upstream now. + +------------------------------------------------------------------- +Mon Sep 25 17:21:15 CEST 2006 - thoenig@suse.de + +- Do not "Require: NetworkManager-client" but "Recommend: + NetworkManager-client" to avoid circular dependencies. + +------------------------------------------------------------------- +Thu Aug 17 16:01:22 CEST 2006 - rml@suse.de + +- Pull in latest CVS updates: + - Do not restart ypbind, as our ypbind now listens on DBUS + - Less wpa_supplicant debug spew + - Better key request logic + - Fixes for big-endian machines in SHA-1 algorithm + - Shutdown all VPN connections on logout (Novell #187714) + - Fix memory leak +- Add libtool and iproute2 to BuildRequires +- Remove patch "nm-debug-wpa-less-rml.patch" as it is now upstream + +------------------------------------------------------------------- +Wed Aug 9 17:00:59 CEST 2006 - thoenig@suse.de + +- Add patch: nm-dbus-api-fix-thoenig-01.patch + +------------------------------------------------------------------- +Thu Jul 13 17:16:39 CEST 2006 - rml@suse.de + +- Update to NetworkManager 0.6.4 + - Lots of bugfixes +- Drop upstream patches +- Remove libnotify support and drop dependencies + +------------------------------------------------------------------- +Wed Jun 28 17:02:05 CEST 2006 - rml@suse.de + +- Translation update + +------------------------------------------------------------------- +Tue Jun 20 20:49:06 CEST 2006 - rml@suse.de + +- Put wpa_supplicant into Ad-Hoc mode for all Ad-Hoc networks, not + just ones that NetworkManager itself creates (Novell bug #186806) + +------------------------------------------------------------------- +Mon Jun 19 20:19:36 CEST 2006 - rml@suse.de + +- Fix automatic connection to WPA Enterprise networks (Novell bug + #175172) + +------------------------------------------------------------------- +Fri Jun 16 21:47:14 CEST 2006 - rml@suse.de + +- Update translations (Novell bug #169096) + +------------------------------------------------------------------- +Mon Jun 12 20:50:02 CEST 2006 - rml@suse.de + +- nm-applet: Add nm-dialup-bugfix-183974.patch to fix bug where the + applet's icon does not reflect dialup state (Novell bug #183974) + +------------------------------------------------------------------- +Mon Jun 12 17:50:42 CEST 2006 - rml@suse.de + +- Update translations (Novell bug #169096) + +------------------------------------------------------------------- +Fri Jun 9 17:46:42 CEST 2006 - rml@suse.de + +- Add nm-roaming-bugfix-183320.patch to fix bug where a transient + BSSID change was recorded as roaming (Novell bug #183338) +- nm-applet: Add nm-gconf-bugfix-183337.patch to fix bug where + reading of booleans from Gconf always failed (Novell bug #183337) +- Add nm-bssid-bugfix-183343.patch to fix bug where NM would merge + AP objects with zero BSSID values: AP objects should merge only + when the BSSIDs are both valid and matching (Novell bug #183343) +- Add nm-dsl-bugfix-184031.patch to fix bug where NM was not + enumerating DSL connections (Novell bug #184031) + +------------------------------------------------------------------- +Fri Jun 2 22:02:51 CEST 2006 - rml@suse.de + +- Update translations (Novell bug #169096) + +------------------------------------------------------------------- +Tue May 30 16:00:22 CEST 2006 - rml@suse.de + +- Fix crash in disposing of wireless objects before they are fully + initialized (Novell bug #179525) +- Fix race on startup that prompted twice for wireless information + (Novell bug #170587) +- nm-vpn-properties: Fix crash with NULL service names (Novell + bug #179655) +- nm-vpn-properties: Fix option parsing (GNOME bug #33684) +- nm-vpn-properties: UI love (GNOME bug #336913) +- Update translations from GNOME CVS (Novell bug #169096) +- Rename NetworkManager-po-update.patch to nm-po-update.patch + +------------------------------------------------------------------- +Mon May 29 17:34:16 CEST 2006 - sbrabec@suse.cz + +- Merged upstream translations from GNOME CVS (#169096#c37). + +------------------------------------------------------------------- +Mon May 29 15:56:55 CEST 2006 - sbrabec@suse.cz + +- Use translation compendium gnome-patch-translation (#169096). + +------------------------------------------------------------------- +Fri May 26 21:15:32 CEST 2006 - rml@suse.de + +- Make sure we require and correctly build with gcrypt support + (Novell bug #179315) + +------------------------------------------------------------------- +Thu May 25 16:58:39 CEST 2006 - rml@suse.de + +- For ndiswrapper, only use "AP_SCAN 2" if the network is not + broadcasting (Novell bug #178210) + +------------------------------------------------------------------- +Wed May 24 17:21:21 CEST 2006 - rml@suse.de + +- Do not fallback to link-local IP generation on infrastructure + wireless networks, only Ad-Hoc (Novell bug #178403) +- Set and use the current locale directory (Novell bug #169096) +- Bump version requirement on wpa_supplicant to 0.4.8-14 from + 0.4.8-9 (Novell bug #175892) + +------------------------------------------------------------------- +Mon May 22 17:28:52 CEST 2006 - rml@suse.de + +- Fix ypbind/autofs behavior to never automatically start either, + but only reload as needed (Novell bug #175935) +- nm-applet: Fix crash on icon-theme change if icons no longer + exist (Novell bug #177426) +- Fix bug with weirdly-named network interfaces (GNOME bug #330832) + +------------------------------------------------------------------- +Fri May 19 12:19:58 CEST 2006 - ro@suse.de + +- fix requirement. sysconfig in sles10 has release 13.3 currently + (the version in sysconfig should have been fixed instead of + requiring a release-number ...) + +------------------------------------------------------------------- +Thu May 18 22:12:54 CEST 2006 - rml@suse.de + +- Use "AP_SCAN 2" for ipw2200 if the network is hidden (Novell + bug #176575) +- nm-applet: Update Hungarian translation (Novell bug #158997) +- Bump package requirement on sysconfig to 0.50.9-14 or later +- Make sysconfig a PreReq, not a Requires (Novell bug #176993) + +------------------------------------------------------------------- +Wed May 17 19:39:17 CEST 2006 - rml@suse.de + +- Add README.ypbind-autofs, describing the interaction between + NetworkManager, ypbind, and autofs (Novell bug #175935) +- Automatically populate allowed MAC list from BSSIDs discovered + via roaming (Novell bug #175172) +- Rediff nm-madwifi-strength-rml.patch +- nm-applet: Differentiate Ad-Hoc networks with unique icon + (Novell bug #176589) +- Add patch nm-fix-adhoc-icon-rml.patch to workaround bad nm-adhoc + icon +- Bump package requires on dhcdbd to version 1.12-19 or later +- Bump package requires on dhcp to version to 3.0.3-22 or later + +------------------------------------------------------------------- +Tue May 16 19:25:39 CEST 2006 - rml@suse.de + +- Do not touch ypbind or autofs unless the sysconfig option + dhcp:DHCLIENT_MODIFY_NIS_CONF is set to "yes" (Novell #175935) + +------------------------------------------------------------------- +Mon May 15 16:38:57 CEST 2006 - rml@suse.de + +- Look for DHCLIENT_MODIFY_RESOLV_CONF in dhcp, not config (Novell + bug #175688) + +------------------------------------------------------------------- +Wed May 10 16:48:28 CEST 2006 - rml@suse.de + +- Fix double free causing crash on start with some ifcfg-wlan + configurations (Novell bug #173442) + +------------------------------------------------------------------- +Tue May 9 17:23:29 CEST 2006 - rml@suse.de + +- nm-applet: Save WPA EPA private key passhrase, if any, in the + GNOME keyring and not in gconf (Novell bug #173823) +- Merge nm-online-header.patch into nm-0.6-branch.patch (fix is now + upstream) + +------------------------------------------------------------------- +Sun May 7 21:29:22 CEST 2006 - jpr@suse.de + +- Fix header include to fix build + +------------------------------------------------------------------- +Tue May 2 16:56:17 CEST 2006 - rml@suse.de + +- Install nm-online utility (start of fix for Novell bug #169632) +- nm-applet: Don't try to convert blank network names to new-style + gconf format +- Enable NM by default if installing for the first time (Novell + bug #169964) +- Write out a YaST-friendly header in resolv.conf (Novell #171488) +- Fix WPA Passphrase entry on big-endian machines (GNOME #336991) +- Enforce sane umask on the daemon (Novell bug #173229) +- Respect dhcp:DHCLIENT_MODIFY_RESOLV_CONF, not + config:MODIFY_RESOLV_CONF_DYNAMICALLY, when deciding whether to + write out an updated /etc/resolv.conf (Novell bug #169858) + +------------------------------------------------------------------- +Tue Apr 25 20:04:46 CEST 2006 - rml@suse.de + +- Fix "shared/restricted" key mode (Novell bug #168250) + +------------------------------------------------------------------- +Fri Apr 21 16:36:21 CEST 2006 - rml@suse.de + +- Use "AP_SCAN 2" for airo_cs, too (Novell bug #168308) + +------------------------------------------------------------------- +Thu Apr 20 18:09:33 CEST 2006 - rml@suse.de + +- For ipw2200, use "AP_SCAN 2" if the AP is hidden (166219) +- nm-vpn-properties: Don't let the user open more than one 'Configure + VPN' window at a time, lest chaos ensue (Novell bug #165011) +- nm-applet: Don't bail out if the timestamp is not set + +------------------------------------------------------------------- +Thu Apr 13 22:52:36 CEST 2006 - rml@suse.de + +- Install "nfs" dispatcher.d script to automatically restart NFS + on interface up (Novell bug #156947) + +------------------------------------------------------------------- +Wed Apr 12 09:36:16 CEST 2006 - jg@suse.de + +- Use wpa_supplicant 'wext' backend for ndiswrapper (Novell bug + #158892) + +------------------------------------------------------------------- +Tue Apr 11 20:40:58 CEST 2006 - rml@suse.de + +- Use "AP_SCAN 2" for ndiswrapper (Novell bug #165315) +- VPN Configure: Don't crash when re-Adding a connection after + closing window (Novell bug #153085) + +------------------------------------------------------------------- +Mon Apr 10 18:23:02 CEST 2006 - rml@suse.de + +- VPN Configure: Don't disable 'Forward' button when entering + dialog via 'Back' (Novell bug #164895) + +------------------------------------------------------------------- +Thu Apr 6 16:15:32 CEST 2006 - rml@suse.de + +- Reflect active modem/ISDN connections in state. Fixes bug where + NM would report system as offline even if dial up connection were + active (Novell bug #161611) + +------------------------------------------------------------------- +Tue Apr 4 21:45:51 CEST 2006 - rml@suse.de + +- nm-applet: Remove 'Remove' option from right-click menu (undo + Novell bug #155690) + +------------------------------------------------------------------- +Wed Mar 29 21:17:42 CEST 2006 - rml@suse.de + +- Allow VPN modules to specify a per-route MSS value (bug #157988) +- Fix possible crash in strcmp (Novell bug #162104) +- Have NetworkManager require NetworkManager-client and have + NetworkManager-gnome provide NetworkManager-client (bug #158326) + +------------------------------------------------------------------- +Tue Mar 28 17:35:54 CEST 2006 - rml@suse.de + +- Don't let wpa_supplicant scan with the airo driver (bug #161389) +- Don't let wpa_supplicant scan when creating a new Ad-Hoc network, + even if using the madwifi driver +- nm-applet: minor HIG-related UI tweaks + +------------------------------------------------------------------- +Mon Mar 27 17:01:15 CEST 2006 - rml@suse.de + +- Revert ypbind restart behavior (Novell bug #159070) +- Bump wpa_supplicant requirement to version 0.4.8-9 (Bug #144268) +- Better handle capability detection and connection to EAP networks +- Use "AP_SCAN 2" even for non-broadcast networks (Bug #156970) +- Bump version to 0.6.2 + +------------------------------------------------------------------- +Sun Mar 26 19:59:13 CEST 2006 - thoenig@suse.de + +- Add unpackaged icons to %files gnome + +------------------------------------------------------------------- +Fri Mar 24 19:57:22 CET 2006 - rml@suse.de + +- Fix VPN animation (Novell bug #153731) +- Fix minor glitch in wireless strength level icon +- nm-applet: Fix small memory leak in notification display +- libnm-glib.so belongs in -devel, too +- Merge patches nm-always-enable-wpa and nm-supplicant-timeout-rml + into nm-wireless-driver-workarounds-rml.patch +- Require glib2 in NetworkManager-glib + +------------------------------------------------------------------- +Fri Mar 24 12:10:22 CET 2006 - dmueller@suse.de + +- libnm-util.so belongs in -devel + +------------------------------------------------------------------- +Thu Mar 23 18:11:51 CET 2006 - rml@suse.de + +- Let the applet reconnect to DBUS on restart (Novell bug #150042) +- Set DHCP timeout to 45s (Novell bugs #153243 and #159812) +- Do not override the gtk default invisible character +- Bump dbus-1 requirement to 0.60-22 or later +- Bump dhcdbd requirement to 1.12-9 or later + +------------------------------------------------------------------- +Wed Mar 22 21:02:07 CET 2006 - rml@suse.de + +- Properly handle "Dynamic WEP" (Novell bug #158589) + +------------------------------------------------------------------- +Tue Mar 21 19:57:38 CET 2006 - rml@suse.de + +- Respect and set per-device MTU value in sysconfig, if any (Novell + bug #159354 and #157737) + +------------------------------------------------------------------- +Tue Mar 21 16:29:32 CET 2006 - rml@suse.de + +- Fix crash in parsing hex keys from sysconfig (Novell #159394) + +------------------------------------------------------------------- +Fri Mar 17 20:07:06 CET 2006 - rml@suse.de + +- Do not restart ypbind on NIS configuration change, just ask it + to reload its configuration (Novell bug #159070) +- No longer start dhcdbd, but rely on sysconfig to start it before + it starts NetworkManager, fixing a race (Novell bug #159125) +- Require sysconfig 0.50.7 or later + +------------------------------------------------------------------- +Thu Mar 16 22:48:11 CET 2006 - rml@suse.de + +- Do not run gtk-update-icon-cache in post (Novell bug #158381) +- Rename patch 'nm-configure-modem-item-rml.patch' to + 'nm-configure-networking-rml.patch' +- Add patch 'nm-0.6-branch.patch' to fix behavior in reading static + wireless configurations from sysconfig +- Don't down devices on suspend (Novell bug #142960 and #156509) +- Merge 'nm-bug-fix-157048-rml.patch' into 'nm-0.6-branch.patch' + +------------------------------------------------------------------- +Mon Mar 13 23:27:29 CET 2006 - rml@suse.de + +- Add 'Configure Networking' option that invokes YaST + +------------------------------------------------------------------- +Mon Mar 13 20:46:52 CET 2006 - rml@suse.de + +- nm-applet: Fix duplicate widgets in 'Add VPN' (Novell + bug #157048) +- Actually apply 'nm-debug-wpa-less-rml.patch' + +------------------------------------------------------------------- +Mon Mar 13 17:27:31 CET 2006 - rml@suse.de + +- Update to 0.6.1 +- Have the dispatcher daemon survive DBUS restarts +- Add patch 'nm-debug-wpa-less-rml.patch' + +------------------------------------------------------------------- +Fri Mar 10 19:35:14 CET 2006 - rml@suse.de + +- Don't let wpa_supplicant log keys, either (Bug #156977) +- Orinoco tweak (Bug #144268) +- nm-applet: add checkbox for un-hiding password entry + +------------------------------------------------------------------- +Fri Mar 10 16:06:33 CET 2006 - rml@suse.de + +- Update to 0.6.0cvs20060310 +- Fix WPA Enterprise SEGV on successfull connect (Bug #156973) +- Do not log WPA Enterprise password in clear text (Bug #156977) + +------------------------------------------------------------------- +Thu Mar 9 21:03:19 CET 2006 - rml@suse.de + +- Update to 0.6.0cvs20060309 +- Parse sysconfig encryption settings, too + +------------------------------------------------------------------- +Wed Mar 8 19:49:53 CET 2006 - rml@suse.de + +- Update to 0.6.0cvs20060308 +- nm-applet: Hide password keystrokes (Novell beta customer) +- Trust wireless networks in sysconfig + +------------------------------------------------------------------- +Tue Mar 7 21:09:31 CET 2006 - rml@suse.de + +- Update to 0.6.0cvs20060307 +- nm-applet: Add 'Remove' option to the applet (Novell bug #155690) + +------------------------------------------------------------------- +Mon Mar 6 21:50:30 CET 2006 - rml@suse.de + +- Have NetworkManager.pc provide the NetworkManager include + directory in CFLAGS. +- Undo prism54 workarounds +- Specifically match against "airo" for the airo driver workaround +- Better logging for dhcdbd events + +------------------------------------------------------------------- +Mon Mar 6 16:30:50 CET 2006 - rml@suse.de + +- Update to 0.6.0cvs20060306 +- Workarounds for prism54 wireless driver (Novell bug #148210 + and #144938) +- Workaround for airo wireless driver +- Improved handling of activation cancellation (Novell bug #150787) + +------------------------------------------------------------------- +Fri Mar 3 21:42:18 CET 2006 - rml@suse.de + +- Update to 0.6.0 (just a version bump) + +------------------------------------------------------------------- +Fri Mar 3 17:26:06 CET 2006 - rml@suse.de + +- Update to 0.5.1cvs20060303 +- nm-applet and nm-tool: Display per-device speed and per-network + maximum bitrate (Novell bug #154451) +- Fixes for orinoco_cs driver (Novell bug #144268) +- Fixes for ndiswrapper driver (Novell bug #153536) +- Do not scan-spam the driver on startup +- Replace nm-madwifi-wpa-driver-rml.patch with + nm-wireless-driver-workarounds-rml.patch +- Misc. cleanup + +------------------------------------------------------------------- +Thu Mar 2 16:32:17 CET 2006 - rml@suse.de + +- Update to 0.5.1cvs20060302 +- nm-applet: move autostart file to proper location +- Fix crash on connecting to VPN while already connecting (Novell + bug #152502) +- Workaround for ndiswrapper wireless problems (Novell bug #153536) + +------------------------------------------------------------------- +Tue Feb 28 22:48:01 CET 2006 - rml@suse.de + +- Update to 0.5.1cvs20060228 +- Respect MODIFY_RESOLV_CONF_DYNAMICALLY defined in the file + /etc/sysconfig/network/config and do not update resolv.conf, + even if DHCP supplies name servers, if this variable is set to + "yes" (Novell bug #147703) +- Log wpa_supplicant's responses to /var/log/NetworkManager, too +- Don't prune the wireless network scan list too aggressively +- Misc. WPA Enterprise clean up + +------------------------------------------------------------------- +Mon Feb 27 22:18:10 CET 2006 - rml@suse.de + +- Create pid files in both the NetworkManager and + NetworkManagerDispatcher daemons +- nm-applet: Remove all gconf keys on VPN removal (Novell #153628) +- nm-applet: Let submit passphrase dialog (Novell #153738) + +------------------------------------------------------------------- +Mon Feb 27 18:28:07 CET 2006 - rml@suse.de + +- Own /opt/gnome/share/NetworkManager/ + +------------------------------------------------------------------- +Mon Feb 27 16:56:11 CET 2006 - rml@suse.de + +- Update to 0.5.1cvs20060227 +- WPA-Enterprise support! (Bug #134238) +- Remove patches nm-dbus-reconnect-thoenig-03.patch and + nm-transparent-trayicon.patch, both are now upstream +- Log backtrace on crash +- Updated libnotify notification + +------------------------------------------------------------------- +Wed Feb 22 23:43:19 CET 2006 - thoenig@suse.de + +- Update patch nm-dbus-reconnect-thoenig-03.patch: Take care that + dhcdbd will get back after we've reconnected to the system bus + (#150042) + +------------------------------------------------------------------- +Wed Feb 22 23:01:26 CET 2006 - danw@suse.de + +- Add nm-transparent-trayicon.patch to make the tray icon + pretty under KDE. #135448 + +------------------------------------------------------------------- +Wed Feb 22 18:20:07 CET 2006 - thoenig@suse.de + +- Add patch to make NM reconnect to the D-BUS system bus if it + breaks away (#150042) + +------------------------------------------------------------------- +Tue Feb 21 16:44:12 CET 2006 - rml@suse.de + +- Update to 0.5.1cvs20060221 +- Do not stomp on others using the default shared dbus connection + (Fixes GNOME #326572) +- Add libnotify notifications to nm-applet + +------------------------------------------------------------------- +Sun Feb 19 16:55:51 CET 2006 - aj@suse.de + +- Reduce BuildRequires. + +------------------------------------------------------------------- +Wed Feb 15 17:45:23 CET 2006 - rml@suse.de + +- Update to 0.5.1cvs20060215 +- Fix VPN GUI dialog when successively editing entries of two + or more different VPN types (Novell bug #150854) +- Improve debugging output + +------------------------------------------------------------------- +Tue Feb 14 21:24:16 CET 2006 - rml@suse.de + +- Update to 0.5.1cvs20060214 +- Fix connecting non-broadcast encrypted networks (blocker #150784) + +------------------------------------------------------------------- +Mon Feb 13 19:07:33 CET 2006 - rml@suse.de + +- Update to 0.5.1cvs20060213 +- VPN fixes for Novell VPN +- Fix small memory leak + +------------------------------------------------------------------- +Tue Feb 7 22:25:32 CET 2006 - rml@suse.de + +- Always use "AP_SCAN 1" with wpa_supplicant -- madwifi needs it + +------------------------------------------------------------------- +Tue Feb 7 16:48:10 CET 2006 - rml@suse.de + +- Update to 0.5.1cvs20060207 +- Fix off-by-one error that broke some WEP connections (#148646) + +------------------------------------------------------------------- +Mon Feb 6 19:25:01 CET 2006 - rml@suse.de + +- Add back nm-supplicant-timeout-rml.patch when new, larger + timeout value + +------------------------------------------------------------------- +Mon Feb 6 16:43:52 CET 2006 - rml@suse.de + +- Update to 0.5.1cvs20060206 +- Better handling of non-broadcast networks +- Merge half of nm-madwifi-wpa-driver-rml.patch upstream +- Remove nm-supplicant-timeout-rml.patch, merged upstream + +------------------------------------------------------------------- +Fri Feb 3 21:21:17 CET 2006 - rml@suse.de + +- Update to 0.5.1cvs20060203 +- Do not log encryption information (per bug #147748) +- Fix memory leak in SUSE backend + +------------------------------------------------------------------- +Thu Feb 2 19:16:24 CET 2006 - rml@suse.de + +- Update to 0.5.1cvs20060202 +- Better broadcast networks (better fix for #144622) +- Own /var/run/NetworkManager +- Remove 'ntp' and 'SuSEfirewall' scripts and move to requisite + packages +- Update API for novellvpn + +------------------------------------------------------------------- +Wed Feb 1 19:17:01 CET 2006 - rml@suse.de + +- Update to 0.5.1cvs20060201 +- Remove '--sm-disable' from autostart file via sed +- Add nm-tool(1) man page +- Add nm-madwifi-fixes-rml.patch (Fixes critical bug #144622) + +------------------------------------------------------------------- +Tue Jan 31 19:14:29 CET 2006 - rml@suse.de + +- Update to 0.5.1cvs20060131 +- Set "set_ssid " in wpa_supplicant for non-broadcasting networks +- More #138404 fixes + +------------------------------------------------------------------- +Mon Jan 30 19:09:02 CET 2006 - rml@suse.de + +- Update to 0.5.1cvs20060130 +- Fixes #144624, half of #134238 +- Initial #138404 fix + +------------------------------------------------------------------- +Fri Jan 27 16:36:13 CET 2006 - rml@suse.de + +- Update to 0.5.1cvs20060127 +- Fixes #144324 + +------------------------------------------------------------------- +Thu Jan 26 18:37:11 CET 2006 - rml@suse.de + +- Update to 0.5.1cvs20060126 +- Move all non-GNOME bits out of /opt/gnome + +------------------------------------------------------------------- +Wed Jan 25 21:52:03 CET 2006 - rml@suse.de + +- Update to 0.5.1cvs20060125 +- Remove temporary patch nm-dhcp-hostname-byte-array-thoenig-01, + merged upstream +- Add nm-fix-madwifi-strength-rml.patch, fixing strength output of + Atheros devices +- Update BuildRequires + +------------------------------------------------------------------- +Wed Jan 25 21:33:51 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Wed Jan 25 10:11:29 CET 2006 - thoenig@suse.de + +- temporary patch nm-dhcp-hostname-byte-array-thoenig-01.patch to + solve #145273 + +------------------------------------------------------------------- +Mon Jan 23 19:35:45 CET 2006 - rml@suse.de + +- Require libgnomesu in NetworkManager-gnome +- Add ISDN Configuration menu item, too (Fixes #140756-ng) +- Respect DHCLIENT_SET_HOSTNAME (Fixes #144324) + +------------------------------------------------------------------- +Mon Jan 23 17:26:07 CET 2006 - rml@suse.de + +- Update to 0.5.1cvs20060123 +- Move daemons to /usr/sbin from /usr/bin (Fixes #144033) +- Spec file tweaks + +------------------------------------------------------------------- +Thu Jan 19 20:13:18 CET 2006 - rml@suse.de + +- Update to 0.5.1cvs20060119 +- Respect NM_CONTROLLED flag in sysconfig + +------------------------------------------------------------------- +Wed Jan 18 19:21:57 CET 2006 - rml@suse.de + +- Update to 0.5.1cvs20060118 +- Fixes #143725 +- Add nm-never-restart-nm-applet-rml-1.patch +- Remove no-longer-needed insserv calls +- Move ldconfig run from preun to postun +- Misc. spec file cleanup + +------------------------------------------------------------------- +Tue Jan 17 17:06:36 CET 2006 - rml@suse.de + +- Update to 0.5.1cvs20060117 +- Fixes #143496 + +------------------------------------------------------------------- +Mon Jan 16 18:22:43 CET 2006 - rml@suse.de + +- Update to 0.5.1cvs20060116 +- Fixes #135595 +- C++-sanitizes headers for thoenig + +------------------------------------------------------------------- +Fri Jan 13 21:35:00 CET 2006 - rml@suse.de + +- Update to 0.5.1cvs20060113 + +------------------------------------------------------------------- +Thu Jan 12 23:22:58 CET 2006 - rml@suse.de + +- Fix Novell #142773. + +------------------------------------------------------------------- +Thu Jan 12 18:48:54 CET 2006 - rml@suse.de + +- Update to 0.5.1cvs20060112 +- Adds WPA-1 and WPA-2 support (fixes bug #134238) + +------------------------------------------------------------------- +Mon Jan 9 16:38:34 CET 2006 - rml@suse.de + +- Update to 0.5.1cvs20060107 + +------------------------------------------------------------------- +Mon Jan 9 15:36:50 CET 2006 - ro@suse.de + +- remove ExcludeArch + +------------------------------------------------------------------- +Fri Jan 6 17:36:45 CET 2006 - rml@suse.de + +- Update to 0.5.1cvs20060106 +- Fix #140733 and 140756, maybe fix #139300 + +------------------------------------------------------------------- +Wed Jan 4 19:12:40 CET 2006 - rml@suse.de + +- Update to 0.5.1cvs20060104 +- Redo kernel header patch + +------------------------------------------------------------------- +Tue Dec 20 12:03:44 CET 2005 - ro@suse.de + +- fix build by avoiding some more kernel headers + +------------------------------------------------------------------- +Mon Dec 19 20:46:48 CET 2005 - rml@suse.de + +- Update nm-applet.desktop + +------------------------------------------------------------------- +Mon Dec 19 17:06:49 CET 2005 - rml@suse.de + +- Update Requires + +------------------------------------------------------------------- +Fri Dec 16 16:58:29 CET 2005 - rml@suse.de + +- Add SuSEfirewall script to dispatcher.d to recycle firewall + on interface change (per aj). + +------------------------------------------------------------------- +Wed Dec 14 20:40:57 CET 2005 - rml@suse.de + +- Write out header on resolv.conf (fixes #137762) +- Force nm-applet.desktop permissions + +------------------------------------------------------------------- +Mon Dec 12 18:04:55 CET 2005 - rml@suse.de + +- Update to 0.5.1cvs20051212 (fixes #134369) +- Add libnm-util packages + +------------------------------------------------------------------- +Fri Dec 9 19:36:37 CET 2005 - rml@suse.de + +- Update to 0.5.1cvs20051209 +- Add Tango icons + +------------------------------------------------------------------- +Thu Dec 8 18:06:32 CET 2005 - rml@suse.de + +- Update to 0.5.1cvs20051208 +- Add networkmanager-dispatcher initscript and start it + +------------------------------------------------------------------- +Wed Dec 7 23:10:09 CET 2005 - rml@suse.de + +- Update to 0.5.1cvs20051207 +- Fixes b.n.c bug #94552 +- Add NetworkManagerVPN.h file to devel subpackage + +------------------------------------------------------------------- +Thu Dec 1 22:57:24 CET 2005 - rml@suse.de + +- Update to 0.5.1cvs20051201. Fixes b.n.o #134178. + +------------------------------------------------------------------- +Tue Nov 22 13:29:07 CET 2005 - rodrigo@suse.de + +- Added autostart file for nm-applet. + +------------------------------------------------------------------- +Mon Nov 14 18:02:34 CET 2005 - rml@suse.de + +- Update to CVS snapshot 20051114 + +------------------------------------------------------------------- +Mon Nov 7 16:57:39 CET 2005 - thoenig@suse.de + +- removed 'Conflicts: dhcpcd' + +------------------------------------------------------------------- +Fri Nov 4 22:38:07 CET 2005 - rml@suse.de + +- Update to CVS snapshot 20051104 +- gnome-keyring 0.4.4 is fine + +------------------------------------------------------------------- +Wed Nov 2 19:37:29 CET 2005 - rml@suse.de + +- Update to CVS snapshot 20051102 (fixes Novell bug #130041). +- Add patch nm-logarithmic-quality.patch +- Require libnl +- BuildRequire libnl, libnl-devel + +------------------------------------------------------------------- +Fri Oct 28 16:32:41 CEST 2005 - rml@suse.de + +- Move gnome-keyring requirement to -gnome subpackage. + +------------------------------------------------------------------- +Thu Oct 27 22:49:22 CEST 2005 - rml@suse.de + +- Require gnome-keyring. + +------------------------------------------------------------------- +Tue Oct 25 16:02:22 CEST 2005 - thoenig@suse.de + +- fixed duplicated '-p $RPM_BUILD_ROOT%{_sbindir}' in spec file + +------------------------------------------------------------------- +Tue Oct 25 12:14:59 CEST 2005 - thoenig@suse.de + +- added symlink + /usr/sbin/rcnetworkmanager -> /etc/init.d/networkmanager + +------------------------------------------------------------------- +Wed Oct 19 19:49:46 CEST 2005 - rml@suse.de + +- Version 0.5.1 +- Update to CVS snapshot 20051019- + +------------------------------------------------------------------- +Thu Oct 6 17:32:42 CEST 2005 - rml@suse.de + +- Update to CVS snapshot 20051004. + +------------------------------------------------------------------- +Thu Sep 29 17:54:04 CEST 2005 - thoenig@suse.de + +- nm-configure-modems-item-rml-1.patch: added absolute path for + invocation of gnomesu + +------------------------------------------------------------------- +Tue Sep 6 19:27:43 CEST 2005 - rml@suse.de + +- Fix bug #114803, crasher. + +------------------------------------------------------------------- +Mon Aug 22 08:56:05 CEST 2005 - gekker@suse.de + +- Update to version 0.4cvs20050805 which fixes bug #105355. + +------------------------------------------------------------------- +Fri Aug 5 23:30:24 CEST 2005 - gekker@suse.de + +- Update to version 0.4cvs20050805 +- Fixes modem support + +------------------------------------------------------------------- +Mon Jul 25 22:02:36 CEST 2005 - kasievers@suse.de + +- New version 0.4cvs20050725 + +------------------------------------------------------------------- +Wed Jul 20 22:07:56 CEST 2005 - jpr@suse.de + +- Build against dbus 0.35 + +------------------------------------------------------------------- +Thu Jun 30 21:42:14 CEST 2005 - gekker@suse.de + +- Upate to version 0.4cvs20050630 +- Update patch for connection dialog +- Remove patched NetworkManager.conf source + +------------------------------------------------------------------- +Wed Jun 29 18:24:33 CEST 2005 - gekker@suse.de + +- Fix DHCDBD_BINARY_PATH + +------------------------------------------------------------------- +Tue Jun 28 22:29:15 CEST 2005 - gekker@suse.de + +- update to 0.4cvs20050628 +- add suspend/resume support +- add powersave to nfb +- change Requires for rml + +------------------------------------------------------------------- +Fri Jun 24 02:01:06 CEST 2005 - ro@suse.de + +- update to 0.4cvs20050617 + +------------------------------------------------------------------- +Fri Jun 24 01:55:05 CEST 2005 - ro@suse.de + +- search for dhcdbd also in /usr/sbin + +------------------------------------------------------------------- +Mon Jun 20 13:42:09 CEST 2005 - hare@suse.de + +- Initial checkin for autobuild. + diff --git a/NetworkManager.conf b/NetworkManager.conf new file mode 100644 index 0000000..c549d97 --- /dev/null +++ b/NetworkManager.conf @@ -0,0 +1,52 @@ +# Configuration file for NetworkManager. +# +# See "man 5 NetworkManager.conf" for details. +# +# The directories /usr/lib/NetworkManager/conf.d/ and /run/NetworkManager/conf.d/ +# can contain additional .conf snippets installed by packages. These files are +# read before NetworkManager.conf and have thus lowest priority. +# The directory /etc/NetworkManager/conf.d/ can contain additional .conf +# snippets. Those snippets are merged last and overwrite the settings from this main +# file. +# +# The files within one conf.d/ directory are read in asciibetical order. +# +# You can prevent loading a file /usr/lib/NetworkManager/conf.d/NAME.conf +# by having a file NAME.conf in either /run/NetworkManager/conf.d/ or /etc/NetworkManager/conf.d/. +# Likewise, snippets from /run can be prevented from loading by placing +# a file with the same name in /etc/NetworkManager/conf.d/. +# +# If two files define the same key, the one that is read afterwards will overwrite +# the previous one. + +[main] +#plugins=keyfile + + +[logging] +# When debugging NetworkManager, enabling debug logging is of great help. +# +# Logfiles contain no passwords and little sensitive information. But please +# check before posting the file online. You can also personally hand over the +# logfile to a NM developer to treat it confidential. Meet us on #nm on Libera.Chat. +# +# You can also change the log-level at runtime via +# $ nmcli general logging level TRACE domains ALL +# However, usually it's cleaner to enable debug logging +# in the configuration and restart NetworkManager so that +# debug logging is enabled from the start. +# +# You will find the logfiles in syslog, for example via +# $ journalctl -u NetworkManager +# +# Please post full logfiles for bug reports without pre-filtering or truncation. +# Also, for debugging the entire `journalctl` output can be interesting. Don't +# limit unnecessarily with `journalctl -u`. Exceptions are if you are worried +# about private data. Check before posting logfiles! +# +# Note that debug logging of NetworkManager can be quite verbose. Some messages +# might be rate-limited by the logging daemon (see RateLimitIntervalSec, RateLimitBurst +# in man journald.conf). Please disable rate-limiting before collecting debug logs! +# +#level=TRACE +#domains=ALL diff --git a/NetworkManager.spec b/NetworkManager.spec new file mode 100644 index 0000000..e7f61e9 --- /dev/null +++ b/NetworkManager.spec @@ -0,0 +1,519 @@ +# +# spec file for package NetworkManager +# +# Copyright (c) 2023 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +# Toggle this whenever enabling/disabling the nm-probe-radius-server-cert.patch patch (as we export additional symbols) +# Like this, g-c-c and NM-applet, which consume this symbol, will block updating NM if we have to disable the patch until +# they are touched too +%define with_cacert_patch 0 +%global _udevdir %(pkg-config --variable udevdir udev) +%global _pppddir %(ls -d %{_libdir}/pppd/2.?.?) +%global _dbusconfdir %{_datadir}/dbus-1/system.d + +### Handy switches for easy testing of experimental features: +# (Remember that _with = OFF and _without = ON) + +# FIXME: We should find out how to run specific tests and avoid +# tests that are doomed to fail in OBS. +# From "test-client.py --help": +# test-client.py MyTestCase.testSomething - run MyTestCase.testSomething +# Summary of Failures: +#07/74 check-local-exports-libnm FAIL 0.11s exit status 1 +#08/74 platform/test-address-linux FAIL 0.03s killed by signal 6 SIGABRT +#10/74 platform/test-cleanup-linux FAIL 0.03s killed by signal 6 SIGABRT +#12/74 platform/test-link-linux FAIL 0.03s killed by signal 6 SIGABRT +#16/74 platform/test-route-linux FAIL 0.03s killed by signal 6 SIGABRT +#17/74 platform/test-tc-linux FAIL 0.03s killed by signal 6 SIGABRT +#24/74 test-l3cfg FAIL 0.10s killed by signal 6 SIGABRT +#38/74 devices/test-acd FAIL 0.04s killed by signal 6 SIGABRT +%bcond_with TESTS +%if %{with TESTS} +%define tests_meson_opt yes +%else +%define tests_meson_opt no +%endif + +# NetworkManager uses netconfig in SLES products only. +%if 0%{?suse_version} > 1500 +%define with_netconfig 0 +%else +%define with_netconfig 1 +%endif + +# Libaudit: yes-disabled-by-default enables support, but disables +# it unless explicitly configured via NetworkManager.conf +%bcond_without LIBAUDIT +%if %{with LIBAUDIT} +%define libaudit_meson_opt yes-disabled-by-default +%else +%define libaudit_meson_opt no +%endif + +Name: NetworkManager +Version: 1.42.6 +Release: 0 +Summary: Network Link Manager and user applications for it +License: GPL-2.0-or-later AND LGPL-2.1-or-later +Group: Productivity/Networking/System +URL: https://www.gnome.org/projects/NetworkManager/ +Source0: https://download.gnome.org/sources/NetworkManager/1.42/%{name}-%{version}.tar.xz +Source1: nfs +Source2: NetworkManager.conf +Source3: baselibs.conf +Source4: conncheck-disabled.conf +Source98: macros.NetworkManager +Source99: NetworkManager-rpmlintrc + +# PATCH-FEATURE-OPENSUSE systemd-network-config.patch -- don't try to start NM under systemd if it is disabled in system configuration +Patch0: systemd-network-config.patch +# PATCH-FIX-UPSTREAM nm-probe-radius-server-cert.patch bnc#574266 glin@suse.com -- Probe the RADIUS server certificate +Patch1: nm-probe-radius-server-cert.patch +# PATCH-FIX-OPENSUSE nm-dont-overwrite-resolv-conf.patch bsc#1021665, bsc#960153 sckang@suse.com -- NetworkManager spawns netconfig to update DNS settings, and terminates netconfig after 1s. But 1s isn't quite long enough for netconfig to complete the task. Adjust it to 0 seconds(don't send SIGKILL) to avoid NM overwriting /etc/resolv.conf. +Patch4: nm-dont-overwrite-resolv-conf.patch +# PATCH-FIX-OPENSUSE NetworkManager-1.10.6-netconfig.patch boo#1092352 -- Don't return SR_NOTFOUND if netconfig fails to launch +Patch5: NetworkManager-1.10.6-netconfig.patch +# PATCH-FIX-UPSTREAM 0001-Coerce-connectivity-LIMITED-to-NONE-when-device-is-d.patch boo#1103678 +Patch6: 0001-Coerce-connectivity-LIMITED-to-NONE-when-device-is-d.patch +# PATCH-FIX-OPENSUSE nm-add-CAP_SYS_ADMIN-permission.patch bsc#1129587 sckang@suse.com -- Add CAP_SYS_ADMIN which netconfig needs to call setdomainname +Patch7: nm-add-CAP_SYS_ADMIN-permission.patch + +BuildRequires: c++_compiler +BuildRequires: dnsmasq +BuildRequires: fdupes +BuildRequires: meson +BuildRequires: ncurses-devel +BuildRequires: pkgconfig +BuildRequires: ppp-devel +BuildRequires: python3-dbus-python +BuildRequires: readline-devel +BuildRequires: rp-pppoe +BuildRequires: wireless-tools +BuildRequires: perl(YAML) +BuildRequires: pkgconfig(dbus-1) +BuildRequires: pkgconfig(dbus-glib-1) >= 0.94 +BuildRequires: pkgconfig(glib-2.0) >= 2.32 +BuildRequires: pkgconfig(gobject-introspection-1.0) +BuildRequires: pkgconfig(gtk-doc) +BuildRequires: pkgconfig(jansson) >= 2.7 +BuildRequires: pkgconfig(libcurl) +BuildRequires: pkgconfig(libndp) +BuildRequires: pkgconfig(libnewt) >= 0.52.15 +BuildRequires: pkgconfig(libnl-3.0) >= 3.2.8 +BuildRequires: pkgconfig(libnl-genl-3.0) +BuildRequires: pkgconfig(libnl-route-3.0) +BuildRequires: pkgconfig(libpsl) >= 0.1 +BuildRequires: pkgconfig(libselinux) +BuildRequires: pkgconfig(libsystemd) >= 209 +BuildRequires: pkgconfig(libudev) >= 175 +BuildRequires: pkgconfig(mm-glib) >= 0.7.991 +BuildRequires: pkgconfig(mobile-broadband-provider-info) +BuildRequires: pkgconfig(nss) +BuildRequires: pkgconfig(polkit-gobject-1) +BuildRequires: pkgconfig(udev) +BuildRequires: pkgconfig(uuid) +BuildRequires: pkgconfig(vapigen) +### Conditional BRs +%if %{with LIBAUDIT} +BuildRequires: pkgconfig(audit) +%endif +## Required for tests +%if %{with TESTS} +#BuildRequires: python3-gobject +%endif +## +Requires: NetworkManager-branding +Requires: mozilla-nss +%if %{with_netconfig} +Requires: sysconfig-netconfig >= 0.80.5 +%endif +Requires: wpa_supplicant >= 0.6.4 +Recommends: dnsmasq +Recommends: iproute2 +Recommends: iputils +Recommends: nftables +Recommends: org.freedesktop.ModemManager +# Provides required by sysconfig. The latter is used by older versions. +Provides: dhcdbd = 1.14 +Provides: service(network) +Provides: sysvinit(network) +Obsoletes: dhcdbd < 1.14 +Obsoletes: libnm-glib-vpn1 < 1.32 +Obsoletes: libnm-glib4 < 1.32 +Obsoletes: libnm-util2 < 1.32 +# NetworkManager-wifi was folded back into the main package +# The dep chain is not really different and it causes too many +# problems for users having that split. Not worth the pain +Provides: NetworkManager-wifi = %{version} +Obsoletes: NetworkManager-wifi < %{version} + +%{?systemd_ordering} + +%description +NetworkManager attempts to keep an active network connection available +at all times. The point of NetworkManager is to make networking +configuration and setup as painless and automatic as possible. If +using DHCP, NetworkManager is intended to replace default routes, +obtain IP addresses from a DHCP server, and change name servers +whenever it sees fit. + +%package devel +Summary: Libraries and headers for adding NetworkManager support to applications +Group: Development/Libraries/Other +Requires: %{name} = %{version} +Requires: libnm0 = %{version} +Requires: typelib-1_0-NM-1_0 = %{version} +Provides: %{name}-doc = %{version} +Obsoletes: %{name}-doc < 0.9.1 + +%description devel +This package contains various headers accessing some NetworkManager +functionality from applications. + +%package -n libnm0 +Summary: Convenience library for clients of NetworkManager +Group: System/Libraries + +%description -n libnm0 +This package contains the libraries that make it easier to use some +Network Manager functionality from applications that use glib. + +%package -n typelib-1_0-NM-1_0 +Summary: Introspection bindings for the NetworkManager client convenience library +Group: System/Libraries + +%description -n typelib-1_0-NM-1_0 +This package contains the gi-bindings that make it easier to use some +Network Manager functionality from applications that use glib. + +This package provides the GObject Introspection bindings for the +NetworkManager library. + +%package branding-upstream +Summary: Default upstream configuration for NetworkManager +Group: Productivity/Networking/System +Requires: NetworkManager = %{version} +Supplements: (NetworkManager and branding-upstream) +Conflicts: NetworkManager-branding +Provides: NetworkManager-branding = %{version} +BuildArch: noarch + +%description branding-upstream +This package provides the default upstream configuration for +NetworkManager. Specifically, +it is not configured for connection checking against +http://conncheck.opensuse.org. For, the version with connection +checking, install %{name}-branding-openSUSE. + +%package pppoe +Summary: NetworkManager plugin for ADSL connections +Group: Productivity/Networking/System +Requires: %{name} = %{version} +Enhances: %{name} +Supplements: (%{name} and rp-pppoe) +Requires: rp-pppoe +%requires_eq ppp + +%description pppoe +NetworkManager plugin for ADSL connections. + +This package is needed to configure PPPoE interfaces + +%package bluetooth +Summary: Bluetooth device plugin for NetworkManager +Group: System Environment/Base +Requires: %{name} = %{version} +Requires: NetworkManager-wwan = %{version} +BuildRequires: pkgconfig(bluez) >= 5 +Supplements: (NetworkManager and bluez) + +%description bluetooth +This package contains NetworkManager support for Bluetooth devices. + +%package wwan +Summary: Mobile broadband device plugin for NetworkManager +Group: System Environment/Base +Requires: %{name} = %{version} +Requires: ModemManager + +%description wwan +This package contains NetworkManager support for mobile broadband (WWAN) +devices. + +%package ovs +Summary: Open vSwitch device plugin for NetworkManager +Group: System Environment/Base +Requires: %{name} = %{version} +Requires: openvswitch +Supplements: (NetworkManager and openvswitch) + +%description ovs +This package contains NetworkManager support for Open vSwitch bridges. + +%package tui +Summary: NetworkManager curses-based UI +Group: System Environment/Base +Requires: %{name} = %{version} +Requires: libnm0 = %{version} +Supplements: (patterns-base-enhanced_base and NetworkManager) + +%description tui +This adds a curses-based "TUI" (Text User Interface) to +NetworkManager, to allow performing some of the operations supported +by nm-connection-editor and nm-applet in a non-graphical environment. + +%package cloud-setup +Summary: Automatically configure NetworkManager in cloud +Group: System Environment/Base +Requires: %{name} = %{version} +Requires: libnm0 = %{version} + +%description cloud-setup +Installs a nm-cloud-setup tool that can automatically configure +NetworkManager in cloud setups. Currently only EC2 is supported. +This tool is still experimental. + +%lang_package + +%prep +%setup -q +%patch0 -p1 +%if %{with_cacert_patch} +%patch1 -p1 +%endif +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 + +# Fix server.conf's location, to end up in %%{_defaultdocdir}/%%{name}, +# rather then %%{_datadir}/doc/%%{name}/examples: +sed -i -r "/install_dir: join_paths/s/(nm_datadir, 'doc)\ +(', nm_name), 'examples'/\1\/packages\2/" data/meson.build + +%build +%define _lto_cflags %{nil} +export CFLAGS="%{optflags} -fno-strict-aliasing -fcommon" +export PYTHON=%{_bindir}/python3 +%meson \ + -Dsystemdsystemunitdir=%{_unitdir} \ + -Dudev_dir=%{_udevdir} \ + -Ddbus_conf_dir=%{_dbusconfdir} \ + -Ddnsmasq=%{_sbindir}/dnsmasq \ + -Ddist_version=%{version} \ + -Dpolkit_agent_helper_1=%{_libexecdir}/polkit-1/polkit-agent-helper-1 \ + -Dhostname_persist=suse \ + -Dlibaudit=%{libaudit_meson_opt} \ + -Diwd=true \ + -Dpppd=%{_sbindir}/pppd \ + -Dpppd_plugin_dir=%{_pppddir} \ + -Dnm_cloud_setup=true \ + -Dbluez5_dun=true \ +%if %{suse_version} >= 1550 + -Dnetconfig=%{_sbindir}/netconfig \ +%else + -Dnetconfig=/sbin/netconfig \ +%endif + -Dconfig_dhcp_default=internal \ + -Ddhcpcanon=no \ + -Ddhcpcd=no \ + -Ddhclient=%{_sbindir}/dhclient \ + -Ddocs=true \ + -Dtests=%{tests_meson_opt} \ + -Dmore_asserts=0 \ + -Dmore_logging=false \ + -Dqt=false \ + -Db_lto=true \ + -Dsession_tracking=systemd \ + -Dsession_tracking_consolekit=false \ + %{nil} +%meson_build + +%if %{with TESTS} +%check +%meson_test +%endif + +%install +%meson_install +%find_lang %{name} +%fdupes %{buildroot}%{_datadir}/gtk-doc/ +mkdir -p %{buildroot}%{_bindir} +mkdir -p %{buildroot}%{_sysconfdir}/NetworkManager/{VPN,conf.d} +mkdir -p %{buildroot}%{_localstatedir}/log/ +mkdir -p %{buildroot}%{_localstatedir}/lib/NetworkManager/dispatcher.d +mkdir -p %{buildroot}%{_prefix}/lib/NetworkManager/VPN +touch %{buildroot}%{_localstatedir}/log/NetworkManager +mkdir -p %{buildroot}%{_sysconfdir}/NetworkManager/system-connections +install -m 0755 %{SOURCE1} %{buildroot}%{_prefix}/lib/NetworkManager/dispatcher.d/ +install -m 0644 %{SOURCE2} %{buildroot}%{_prefix}/lib/NetworkManager/ +chmod 0644 %{buildroot}%{_prefix}/lib/NetworkManager/NetworkManager.conf +install -m 0644 %{SOURCE4} %{buildroot}%{_prefix}/lib/NetworkManager/conf.d +# Install RPM macros to be consumed by plugins +mkdir -p %{buildroot}%{_rpmmacrodir} +install -m 0644 %{SOURCE98} %{buildroot}%{_rpmmacrodir}/ + +# drop on demand activation, it is handled as a system service +rm -f %{buildroot}%{_datadir}/dbus-1/system-services/org.freedesktop.NetworkManager.service + +%pre +%service_add_pre NetworkManager.service NetworkManager-dispatcher.service nm-priv-helper.service + +%post +%service_add_post NetworkManager.service NetworkManager-dispatcher.service nm-priv-helper.service + +%preun +%service_del_preun NetworkManager.service NetworkManager-dispatcher.service nm-priv-helper.service + +%postun +%service_del_postun NetworkManager.service NetworkManager-dispatcher.service nm-priv-helper.service + +%pre cloud-setup +%service_add_pre nm-cloud-setup.service + +%post cloud-setup +%service_add_post nm-cloud-setup.service + +%preun cloud-setup +%service_del_preun nm-cloud-setup.service + +%postun cloud-setup +%service_del_postun nm-cloud-setup.service + +%post -n libnm0 -p /sbin/ldconfig +%postun -n libnm0 -p /sbin/ldconfig + +%files +%license COPYING +%doc ChangeLog NEWS AUTHORS TODO +%{_bindir}/nm-online +%{_bindir}/nmcli +%{_datadir}/bash-completion/completions/nmcli +%{_sbindir}/NetworkManager +%{_datadir}/dbus-1/system-services/org.freedesktop.nm_dispatcher.service +%{_datadir}/dbus-1/interfaces/org.freedesktop.NetworkManager.* +%{_datadir}/polkit-1/actions/org.freedesktop.NetworkManager.policy +%attr(0700,root,root) %{_localstatedir}/lib/NetworkManager +%{_mandir}/man1/nm-online.1%{?ext_man} +%{_mandir}/man1/nmcli.1%{?ext_man} +%{_mandir}/man5/nm-settings-keyfile.5%{?ext_man} +%{_mandir}/man5/NetworkManager.conf.5%{?ext_man} +%{_mandir}/man5/nm-settings.5%{?ext_man} +%{_mandir}/man5/nm-system-settings.conf.5%{?ext_man} +%{_mandir}/man5/nm-settings-dbus.5%{?ext_man} +%{_mandir}/man5/nm-settings-nmcli.5%{?ext_man} +%{_mandir}/man7/nmcli-examples.7%{?ext_man} +%{_mandir}/man8/NetworkManager-dispatcher.8%{?ext_man} +%{_mandir}/man8/NetworkManager-wait-online.service.8%{?ext_man} +%{_mandir}/man8/NetworkManager.8%{?ext_man} +%{_mandir}/man8/nm-initrd-generator.8%{?ext_man} +%dir %{_libdir}/NetworkManager +%dir %{_libdir}/NetworkManager/%{version} +%{_libdir}/NetworkManager/%{version}/libnm-device-plugin-wifi.so +%{_libexecdir}/nm-daemon-helper +%{_libexecdir}/nm-dhcp-helper +%{_libexecdir}/nm-dispatcher +%{_libexecdir}/nm-initrd-generator +%{_libexecdir}/nm-priv-helper +%dir %{_sysconfdir}/NetworkManager +%dir %{_sysconfdir}/NetworkManager/VPN +%dir %{_sysconfdir}/NetworkManager/conf.d +%dir %{_sysconfdir}/NetworkManager/dispatcher.d +%dir %{_sysconfdir}/NetworkManager/system-connections +%attr(0755,root,root) %{_prefix}/lib/NetworkManager/dispatcher.d/nfs +%{_unitdir}/NetworkManager.service +%{_unitdir}/NetworkManager-dispatcher.service +%{_unitdir}/NetworkManager-wait-online.service +%dir %{_unitdir}/NetworkManager.service.d +%{_udevdir}/rules.d/84-nm-drivers.rules +%{_udevdir}/rules.d/85-nm-unmanaged.rules +%{_udevdir}/rules.d/90-nm-thunderbolt.rules +%{_unitdir}/nm-priv-helper.service +%ghost %config(noreplace) %{_localstatedir}/log/NetworkManager +%dir %{_prefix}/lib/NetworkManager +%{_prefix}/lib/NetworkManager/NetworkManager.conf +%dir %{_prefix}/lib/NetworkManager/conf.d +%dir %{_prefix}/lib/NetworkManager/dispatcher.d +%dir %{_prefix}/lib/NetworkManager/dispatcher.d/no-wait.d +%dir %{_prefix}/lib/NetworkManager/dispatcher.d/pre-up.d +%dir %{_prefix}/lib/NetworkManager/dispatcher.d/pre-down.d +%dir %{_prefix}/lib/NetworkManager/VPN +%dir %{_prefix}/lib/firewalld +%dir %{_prefix}/lib/firewalld/zones +%{_prefix}/lib/firewalld/zones/nm-shared.xml +%{_dbusconfdir}/nm-dispatcher.conf +%{_dbusconfdir}/org.freedesktop.NetworkManager.conf +%{_datadir}/dbus-1/system-services/org.freedesktop.nm_priv_helper.service +%{_dbusconfdir}/nm-priv-helper.conf +%{_defaultdocdir}/NetworkManager/server.conf + +%files devel +%{_includedir}/libnm/ +%{_datadir}/gir-1.0/*.gir +%dir %{_datadir}/vala/vapi +%{_datadir}/vala/vapi/libnm.deps +%{_datadir}/vala/vapi/libnm.vapi +%{_libdir}/libnm.so +%{_libdir}/pkgconfig/libnm.pc +%doc %{_datadir}/gtk-doc/html/NetworkManager/ +%doc %{_datadir}/gtk-doc/html/libnm/ +%{_rpmmacrodir}/macros.NetworkManager + +%files -n libnm0 +%{_libdir}/libnm.so.* + +%files -n typelib-1_0-NM-1_0 +%{_libdir}/girepository-1.0/NM-1.0.typelib + +%files lang -f %{name}.lang + +%files branding-upstream +%{_prefix}/lib/NetworkManager/conf.d/conncheck-disabled.conf + +%files pppoe +%{_libdir}/NetworkManager/%{version}/libnm-device-plugin-adsl.so +%{_libdir}/NetworkManager/%{version}/libnm-ppp-plugin.so +%dir %{_libdir}/pppd/2.* +%{_libdir}/pppd/2.*/nm-pppd-plugin.* + +%files bluetooth +%{_libdir}/NetworkManager/%{version}/libnm-device-plugin-bluetooth.so + +%files wwan +%{_libdir}/NetworkManager/%{version}/libnm-device-plugin-wwan.so +%{_libdir}/NetworkManager/%{version}/libnm-wwan.so + +%files ovs +%{_libdir}/NetworkManager/%{version}/libnm-device-plugin-ovs.so +%{_unitdir}/NetworkManager.service.d/NetworkManager-ovs.conf +%{_mandir}/man7/nm-openvswitch.7%{?ext_man} + +%files tui +%{_bindir}/nmtui* +%{_mandir}/man1/nmtui.1%{?ext_man} +%{_mandir}/man1/nmtui-connect.1%{?ext_man} +%{_mandir}/man1/nmtui-edit.1%{?ext_man} +%{_mandir}/man1/nmtui-hostname.1%{?ext_man} + +%files cloud-setup +%{_libexecdir}/nm-cloud-setup +%{_unitdir}/nm-cloud-setup.service +%{_unitdir}/nm-cloud-setup.timer +%{_prefix}/lib/NetworkManager/dispatcher.d/90-nm-cloud-setup.sh +%{_prefix}/lib/NetworkManager/dispatcher.d/no-wait.d/90-nm-cloud-setup.sh +%{_mandir}/man8/nm-cloud-setup.8%{?ext_man} + +%changelog diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..454a4df --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,3 @@ +libnm0 +NetworkManager-devel + requires -NetworkManager- diff --git a/conncheck-disabled.conf b/conncheck-disabled.conf new file mode 100644 index 0000000..104f34e --- /dev/null +++ b/conncheck-disabled.conf @@ -0,0 +1,7 @@ +# Disable connectivity checking for NetworkManager. +# See `man NetworkManager.conf`. +# +# Note that connectivity checking works badly with rp_filter set to +# strict. Check "/proc/sys/net/ipv4/conf/*/rp_filter". +[connectivity] +enabled=false diff --git a/macros.NetworkManager b/macros.NetworkManager new file mode 100644 index 0000000..40406c2 --- /dev/null +++ b/macros.NetworkManager @@ -0,0 +1,8 @@ +# RPM macros for packages Paths declared by NetworkManager +# +### +# +### + +# To be consumed by NetworkManager-[VPN] modules +%_vpnservicedir %(pkg-config --define-variable prefix='%{_prefix}' --variable vpnservicedir libnm) diff --git a/nfs b/nfs new file mode 100644 index 0000000..1de3c24 --- /dev/null +++ b/nfs @@ -0,0 +1,97 @@ +#! /bin/bash +# +# nfs - start NFS in response to interface change +# +# Bastian Senst + +function net_umount { + umount -l -f $1 &>/dev/null +} + +function net_mount { + mountpoint -q $1 || mount $1 +} + +function test_reach { + if [ "$(ip link show up $1)" = "" ]; then + return 1 + else + ping -n -c1 -w2 -I "$1" "$2" 2>&1 > /dev/null + fi +} + +DEVICE="$1" +COMMAND="$2" + +function test_other_reaches { + for other in $(ls /sys/class/net); do + if [[ "$other" != "$DEVICE" ]]; then + if test_reach "$other" "$1"; then + return 0 + fi + fi + done + return 1 +} + +declare -A reaches + +function other_reaches { + if [[ "${reaches[$1]-}" == "yes" ]]; then + return 0 + elif [[ "${reaches[$1]-}" == "no" ]]; then + return 1 + else + if test_other_reaches $1; then + reaches[$1]="yes" + return 0 + else + reaches[$1]="no" + return 1 + fi + fi +} + +NET_MOUNTS=$(sed -e '/^.*#/d' -e '/^.*:/!d' -e 's/\t/ /g' -e '/x-systemd.automount/d' /etc/fstab | tr -s " ")$'\n' + +case "$COMMAND" in + up|dhcp4-change|dhcp6-change) + # Check with systemd if nfs service is enabled + if /usr/bin/systemctl is-enabled nfs-client.target >/dev/null 2>&1; then + printf %s "$NET_MOUNTS" | while IFS= read -r line; do + MOUNT_OPTIONS=$(echo $line | cut -f4 -d" ") + MOUNT_POINT=$(echo $line | cut -f2 -d" ") + FS_TYPE=$(echo $line | cut -f3 -d" ") + # Only mount it if not "noauto "set in options + case ",${MOUNT_OPTIONS}," in + *,noauto,*) continue ;; + esac + # Only mount it when the type is nfs or nfs4 + if [ "$FS_TYPE" == "nfs" -o "$FS_TYPE" == "nfs4" ]; then + net_mount "$MOUNT_POINT" + fi + done + fi + ;; + pre-down|down|vpn-pre-down) + printf %s "$NET_MOUNTS" | while IFS= read -r line; do + [[ $line ]] || continue + MOUNT_POINT=$(echo $line | cut -f2 -d" ") + FS_TYPE=$(echo $line | cut -f3 -d" ") + HOST=$(echo $line | cut -f1 -d":") + if other_reaches $HOST; then + echo >&2 "Other network interfaces reach $HOST for $MOUNT_POINT." + else + # Only unmount it when the type is nfs or nfs4 + if [ "$FS_TYPE" == "nfs" -o "$FS_TYPE" == "nfs4" ]; then + net_umount "$MOUNT_POINT" + fi + fi + done + exit 0 + ;; + *) + exit 0 + ;; +esac + diff --git a/nm-add-CAP_SYS_ADMIN-permission.patch b/nm-add-CAP_SYS_ADMIN-permission.patch new file mode 100644 index 0000000..fed5a12 --- /dev/null +++ b/nm-add-CAP_SYS_ADMIN-permission.patch @@ -0,0 +1,11 @@ +--- NetworkManager-1.32.0-orig/data/NetworkManager.service.in 2021-06-10 22:26:13.000000000 +0200 ++++ NetworkManager-1.32.0/data/NetworkManager.service.in 2021-06-16 21:57:08.635254606 +0200 +@@ -16,7 +16,7 @@ + KillMode=process + + # CAP_DAC_OVERRIDE: required to open /run/openvswitch/db.sock socket. +-CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE CAP_KILL CAP_SYS_CHROOT ++CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE CAP_KILL CAP_SYS_CHROOT CAP_SYS_ADMIN + + ProtectSystem=true + ProtectHome=read-only diff --git a/nm-dont-overwrite-resolv-conf.patch b/nm-dont-overwrite-resolv-conf.patch new file mode 100644 index 0000000..0c63463 --- /dev/null +++ b/nm-dont-overwrite-resolv-conf.patch @@ -0,0 +1,13 @@ +Index: NetworkManager-1.40.0/src/core/dns/nm-dns-manager.c +=================================================================== +--- NetworkManager-1.40.0.orig/src/core/dns/nm-dns-manager.c ++++ NetworkManager-1.40.0/src/core/dns/nm-dns-manager.c +@@ -725,7 +725,7 @@ again: + /* FIXME: don't write to netconfig synchronously. */ + + /* Wait until the process exits */ +- if (!nm_utils_kill_child_sync(pid, 0, LOGD_DNS, "netconfig", &status, 1000, 0)) { ++ if (!nm_utils_kill_child_sync(pid, 0, LOGD_DNS, "netconfig", &status, 0, 0)) { + errsv = errno; + g_set_error(error, + NM_MANAGER_ERROR, diff --git a/nm-probe-radius-server-cert.patch b/nm-probe-radius-server-cert.patch new file mode 100644 index 0000000..6320505 --- /dev/null +++ b/nm-probe-radius-server-cert.patch @@ -0,0 +1,1393 @@ +From 1e5cdbba7d816b06ce163710d2d6bdc87fe44b51 Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Wed, 18 Jul 2012 12:14:56 +0800 +Subject: [PATCH 1/4] libnm-util: allow the server hash to be the CA + certificate + +--- + libnm-core/nm-keyfile-internal.h | 2 + + libnm-core/nm-keyfile-reader.c | 9 +++ + libnm-core/nm-keyfile-writer.c | 14 +++++ + libnm-core/nm-setting-8021x.c | 67 ++++++++++++++++++++++- + libnm-core/nm-setting-8021x.h | 5 +- + libnm-util/libnm-util.ver | 1 + + libnm-util/nm-setting-8021x.c | 51 ++++++++++++++++- + libnm-util/nm-setting-8021x.h | 6 +- + src/settings/plugins/ifnet/connection_parser.c | 76 +++++++++++++++++++++----- + src/settings/plugins/keyfile/writer.c | 7 ++- + 10 files changed, 216 insertions(+), 22 deletions(-) + +diff --git a/libnm-core/nm-keyfile-internal.h b/libnm-core/nm-keyfile-internal.h +index f4bb079..9b28ea6 100644 +--- a/libnm-core/nm-keyfile-internal.h ++++ b/libnm-core/nm-keyfile-internal.h +@@ -33,6 +33,7 @@ + + #define NM_KEYFILE_CERT_SCHEME_PREFIX_BLOB "data:;base64," + #define NM_KEYFILE_CERT_SCHEME_PREFIX_PATH "file://" ++#define NM_KEYFILE_CERT_SCHEME_PREFIX_HASH "hash://server/sha256/" + + char *nm_keyfile_detect_unqualified_path_scheme (const char *base_dir, + gconstpointer pdata, +@@ -148,6 +149,7 @@ typedef struct { + NMSetting8021xCKScheme (*scheme_func) (NMSetting8021x *setting); + NMSetting8021xCKFormat (*format_func) (NMSetting8021x *setting); + const char * (*path_func) (NMSetting8021x *setting); ++ const char * (*hash_func) (NMSetting8021x *setting); + GBytes * (*blob_func) (NMSetting8021x *setting); + } NMKeyfileWriteTypeDataCert; + +diff --git a/libnm-core/nm-keyfile-reader.c b/libnm-core/nm-keyfile-reader.c +index 353804f..94492cd 100644 +--- a/libnm-core/nm-keyfile-reader.c ++++ b/libnm-core/nm-keyfile-reader.c +@@ -881,6 +881,15 @@ handle_as_scheme (KeyfileReaderInfo *info, GBytes *bytes, NMSetting *setting, co + } + return TRUE; + } ++ ++ if ( data_len >= STRLEN (NM_KEYFILE_CERT_SCHEME_PREFIX_HASH) ++ && g_str_has_prefix (data, NM_KEYFILE_CERT_SCHEME_PREFIX_HASH)) { ++ if (nm_setting_802_1x_check_cert_scheme (data, data_len + 1, NULL) == NM_SETTING_802_1X_CK_SCHEME_HASH) { ++ g_object_set (setting, key, bytes, NULL); ++ return TRUE; ++ } ++ } ++ + if ( data_len > STRLEN (NM_KEYFILE_CERT_SCHEME_PREFIX_BLOB) + && g_str_has_prefix (data, NM_KEYFILE_CERT_SCHEME_PREFIX_BLOB)) { + const char *cdata = data + STRLEN (NM_KEYFILE_CERT_SCHEME_PREFIX_BLOB); +diff --git a/libnm-core/nm-keyfile-writer.c b/libnm-core/nm-keyfile-writer.c +index ff433b2..c9ce926 100644 +--- a/libnm-core/nm-keyfile-writer.c ++++ b/libnm-core/nm-keyfile-writer.c +@@ -362,6 +362,7 @@ typedef struct ObjectType { + NMSetting8021xCKScheme (*scheme_func) (NMSetting8021x *setting); + NMSetting8021xCKFormat (*format_func) (NMSetting8021x *setting); + const char * (*path_func) (NMSetting8021x *setting); ++ const char * (*hash_func) (NMSetting8021x *setting); + GBytes * (*blob_func) (NMSetting8021x *setting); + } ObjectType; + +@@ -371,6 +372,7 @@ static const ObjectType objtypes[10] = { + nm_setting_802_1x_get_ca_cert_scheme, + NULL, + nm_setting_802_1x_get_ca_cert_path, ++ nm_setting_802_1x_get_ca_cert_hash, + nm_setting_802_1x_get_ca_cert_blob }, + + { NM_SETTING_802_1X_PHASE2_CA_CERT, +@@ -378,6 +380,7 @@ static const ObjectType objtypes[10] = { + nm_setting_802_1x_get_phase2_ca_cert_scheme, + NULL, + nm_setting_802_1x_get_phase2_ca_cert_path, ++ NULL, + nm_setting_802_1x_get_phase2_ca_cert_blob }, + + { NM_SETTING_802_1X_CLIENT_CERT, +@@ -385,6 +388,7 @@ static const ObjectType objtypes[10] = { + nm_setting_802_1x_get_client_cert_scheme, + NULL, + nm_setting_802_1x_get_client_cert_path, ++ NULL, + nm_setting_802_1x_get_client_cert_blob }, + + { NM_SETTING_802_1X_PHASE2_CLIENT_CERT, +@@ -392,6 +396,7 @@ static const ObjectType objtypes[10] = { + nm_setting_802_1x_get_phase2_client_cert_scheme, + NULL, + nm_setting_802_1x_get_phase2_client_cert_path, ++ NULL, + nm_setting_802_1x_get_phase2_client_cert_blob }, + + { NM_SETTING_802_1X_PRIVATE_KEY, +@@ -399,6 +404,7 @@ static const ObjectType objtypes[10] = { + nm_setting_802_1x_get_private_key_scheme, + nm_setting_802_1x_get_private_key_format, + nm_setting_802_1x_get_private_key_path, ++ NULL, + nm_setting_802_1x_get_private_key_blob }, + + { NM_SETTING_802_1X_PHASE2_PRIVATE_KEY, +@@ -406,6 +412,7 @@ static const ObjectType objtypes[10] = { + nm_setting_802_1x_get_phase2_private_key_scheme, + nm_setting_802_1x_get_phase2_private_key_format, + nm_setting_802_1x_get_phase2_private_key_path, ++ NULL, + nm_setting_802_1x_get_phase2_private_key_blob }, + + { NULL }, +@@ -454,6 +461,12 @@ cert_writer_default (NMConnection *connection, + nm_keyfile_plugin_kf_set_string (file, setting_name, cert_data->property_name, path); + g_free (tmp); + g_free (path_free); ++ } else if (scheme == NM_SETTING_802_1X_CK_SCHEME_HASH) { ++ const char *hash; ++ hash = cert_data->hash_func (cert_data->setting); ++ g_assert (hash); ++ ++ nm_keyfile_plugin_kf_set_string (file, setting_name, cert_data->property_name, hash); + } else if (scheme == NM_SETTING_802_1X_CK_SCHEME_BLOB) { + GBytes *blob; + const guint8 *blob_data; +@@ -506,6 +519,7 @@ cert_writer (KeyfileWriterInfo *info, + type_data.scheme_func = objtype->scheme_func; + type_data.format_func = objtype->format_func; + type_data.path_func = objtype->path_func; ++ type_data.hash_func = objtype->hash_func; + type_data.blob_func = objtype->blob_func; + + if (info->handler) { +diff --git a/libnm-core/nm-setting-8021x.c b/libnm-core/nm-setting-8021x.c +index d53ae43..b68e119 100644 +--- a/libnm-core/nm-setting-8021x.c ++++ b/libnm-core/nm-setting-8021x.c +@@ -480,6 +480,28 @@ nm_setting_802_1x_check_cert_scheme (gconstpointer pdata, gsize length, GError * + } + + return NM_SETTING_802_1X_CK_SCHEME_PATH; ++ ++ } else if ( length >= STRLEN (NM_SETTING_802_1X_CERT_SCHEME_PREFIX_HASH) ++ && !memcmp (data, NM_SETTING_802_1X_CERT_SCHEME_PREFIX_HASH, STRLEN (NM_SETTING_802_1X_CERT_SCHEME_PREFIX_HASH))) { ++ gsize hash_length = STRLEN (NM_SETTING_802_1X_CERT_SCHEME_PREFIX_HASH) + 64; ++ ++ if (data[length - 1] != '\0') { ++ g_set_error_literal (error, ++ NM_CONNECTION_ERROR, ++ NM_CONNECTION_ERROR_INVALID_PROPERTY, ++ _("Cert Hash is not NUL terminated")); ++ return NM_SETTING_802_1X_CK_SCHEME_UNKNOWN; ++ } ++ ++ if (length != (hash_length + 1)) { ++ g_set_error_literal (error, ++ NM_CONNECTION_ERROR, ++ NM_CONNECTION_ERROR_INVALID_PROPERTY, ++ _("Cert Hash is not a SHA256 hash")); ++ return NM_SETTING_802_1X_CK_SCHEME_UNKNOWN; ++ } ++ ++ return NM_SETTING_802_1X_CK_SCHEME_HASH; + } + + return NM_SETTING_802_1X_CK_SCHEME_BLOB; +@@ -520,7 +542,8 @@ load_and_verify_certificate (const char *cert_path, + * + * Returns the scheme used to store the CA certificate. If the returned scheme + * is %NM_SETTING_802_1X_CK_SCHEME_BLOB, use nm_setting_802_1x_get_ca_cert_blob(); +- * if %NM_SETTING_802_1X_CK_SCHEME_PATH, use nm_setting_802_1x_get_ca_cert_path(). ++ * if %NM_SETTING_802_1X_CK_SCHEME_PATH, use nm_setting_802_1x_get_ca_cert_path(); ++ * if %NM_SETTING_802_1X_CK_SCHEME_HASH, use nm_setting_802_1x_get_ca_cert_hash(). + * + * Returns: scheme used to store the CA certificate (blob or path) + **/ +@@ -586,6 +609,34 @@ nm_setting_802_1x_get_ca_cert_path (NMSetting8021x *setting) + return (const char *)data + strlen (NM_SETTING_802_1X_CERT_SCHEME_PREFIX_PATH); + } + ++/** ++ * nm_setting_802_1x_get_ca_cert_hash: ++ * @setting: the #NMSetting8021x ++ * ++ * Returns the CA certificate path if the CA certificate is stored using the ++ * %NM_SETTING_802_1X_CK_SCHEME_HASH scheme. Not all EAP methods use a ++ * CA certificate (LEAP for example), and those that can take advantage of the ++ * CA certificate allow it to be unset. Note that lack of a CA certificate ++ * reduces security by allowing man-in-the-middle attacks, because the identity ++ * of the network cannot be confirmed by the client. ++ * ++ * Returns: hash of the RADIUS server ++ **/ ++const char * ++nm_setting_802_1x_get_ca_cert_hash (NMSetting8021x *setting) ++{ ++ NMSetting8021xCKScheme scheme; ++ gconstpointer data; ++ ++ g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL); ++ ++ scheme = nm_setting_802_1x_get_ca_cert_scheme (setting); ++ g_return_val_if_fail (scheme == NM_SETTING_802_1X_CK_SCHEME_HASH, NULL); ++ ++ data = g_bytes_get_data (NM_SETTING_802_1X_GET_PRIVATE (setting)->ca_cert, NULL); ++ return (const char *)data; ++} ++ + static GBytes * + path_to_scheme_value (const char *path) + { +@@ -640,7 +691,8 @@ nm_setting_802_1x_set_ca_cert (NMSetting8021x *setting, + if (cert_path) { + g_return_val_if_fail (g_utf8_validate (cert_path, -1, NULL), FALSE); + g_return_val_if_fail ( scheme == NM_SETTING_802_1X_CK_SCHEME_BLOB +- || scheme == NM_SETTING_802_1X_CK_SCHEME_PATH, ++ || scheme == NM_SETTING_802_1X_CK_SCHEME_PATH ++ || scheme == NM_SETTING_802_1X_CK_SCHEME_HASH, + FALSE); + } + +@@ -656,6 +708,17 @@ nm_setting_802_1x_set_ca_cert (NMSetting8021x *setting, + return TRUE; + } + ++ if (scheme == NM_SETTING_802_1X_CK_SCHEME_HASH) { ++ int length = strlen (cert_path); ++ if ( length == (STRLEN (NM_SETTING_802_1X_CERT_SCHEME_PREFIX_HASH) + 64) ++ && !g_str_has_prefix (cert_path, NM_SETTING_802_1X_CERT_SCHEME_PREFIX_HASH)) ++ return FALSE; ++ data = g_byte_array_sized_new (length + 1); ++ g_byte_array_append (data, (guint8 *) cert_path, length + 1); ++ priv->ca_cert = g_byte_array_free_to_bytes (data); ++ return TRUE; ++ } ++ + data = load_and_verify_certificate (cert_path, scheme, &format, error); + if (data) { + /* wpa_supplicant can only use raw x509 CA certs */ +diff --git a/libnm-core/nm-setting-8021x.h b/libnm-core/nm-setting-8021x.h +index 3099fbd..82be606 100644 +--- a/libnm-core/nm-setting-8021x.h ++++ b/libnm-core/nm-setting-8021x.h +@@ -32,6 +32,7 @@ + G_BEGIN_DECLS + + #define NM_SETTING_802_1X_CERT_SCHEME_PREFIX_PATH "file://" ++#define NM_SETTING_802_1X_CERT_SCHEME_PREFIX_HASH "hash://server/sha256/" + + /** + * NMSetting8021xCKFormat: +@@ -68,7 +69,8 @@ typedef enum { /*< underscore_name=nm_setting_802_1x_ck_format >*/ + typedef enum { /*< underscore_name=nm_setting_802_1x_ck_scheme >*/ + NM_SETTING_802_1X_CK_SCHEME_UNKNOWN = 0, + NM_SETTING_802_1X_CK_SCHEME_BLOB, +- NM_SETTING_802_1X_CK_SCHEME_PATH ++ NM_SETTING_802_1X_CK_SCHEME_PATH, ++ NM_SETTING_802_1X_CK_SCHEME_HASH + } NMSetting8021xCKScheme; + + +@@ -169,6 +171,7 @@ const char * nm_setting_802_1x_get_phase2_ca_path (NMSetting8 + NMSetting8021xCKScheme nm_setting_802_1x_get_ca_cert_scheme (NMSetting8021x *setting); + GBytes * nm_setting_802_1x_get_ca_cert_blob (NMSetting8021x *setting); + const char * nm_setting_802_1x_get_ca_cert_path (NMSetting8021x *setting); ++const char * nm_setting_802_1x_get_ca_cert_hash (NMSetting8021x *setting); + gboolean nm_setting_802_1x_set_ca_cert (NMSetting8021x *setting, + const char *cert_path, + NMSetting8021xCKScheme scheme, +diff --git a/libnm-util/libnm-util.ver b/libnm-util/libnm-util.ver +index 9d78e50..6c66e22 100644 +--- a/libnm-util/libnm-util.ver ++++ b/libnm-util/libnm-util.ver +@@ -127,6 +127,7 @@ global: + nm_setting_802_1x_get_anonymous_identity; + nm_setting_802_1x_get_ca_cert_blob; + nm_setting_802_1x_get_ca_cert_path; ++ nm_setting_802_1x_get_ca_cert_hash; + nm_setting_802_1x_get_ca_cert_scheme; + nm_setting_802_1x_get_ca_path; + nm_setting_802_1x_get_client_cert_blob; +diff --git a/libnm-util/nm-setting-8021x.c b/libnm-util/nm-setting-8021x.c +index 678d70a..87cf948 100644 +--- a/libnm-util/nm-setting-8021x.c ++++ b/libnm-util/nm-setting-8021x.c +@@ -65,6 +65,7 @@ + **/ + + #define SCHEME_PATH "file://" ++#define SCHEME_HASH "hash://server/sha256/" + + /** + * nm_setting_802_1x_error_quark: +@@ -444,6 +445,13 @@ get_cert_scheme (GByteArray *array) + && g_utf8_validate ((const char *) &array->data[STRLEN (SCHEME_PATH)], array->len - (STRLEN (SCHEME_PATH) + 1), NULL)) + return NM_SETTING_802_1X_CK_SCHEME_PATH; + return NM_SETTING_802_1X_CK_SCHEME_UNKNOWN; ++ } else if ( array->len >= STRLEN (SCHEME_HASH) ++ && !memcmp (array->data, SCHEME_HASH, STRLEN (SCHEME_HASH))) { ++ if ( array->len > STRLEN (SCHEME_HASH) + 1 ++ && array->data[array->len - 1] == '\0' ++ && array->len == (STRLEN (SCHEME_HASH) + 64 + 1)) ++ return NM_SETTING_802_1X_CK_SCHEME_HASH; ++ return NM_SETTING_802_1X_CK_SCHEME_UNKNOWN; + } + + return NM_SETTING_802_1X_CK_SCHEME_BLOB; +@@ -483,7 +491,8 @@ load_and_verify_certificate (const char *cert_path, + * + * Returns the scheme used to store the CA certificate. If the returned scheme + * is %NM_SETTING_802_1X_CK_SCHEME_BLOB, use nm_setting_802_1x_get_ca_cert_blob(); +- * if %NM_SETTING_802_1X_CK_SCHEME_PATH, use nm_setting_802_1x_get_ca_cert_path(). ++ * if %NM_SETTING_802_1X_CK_SCHEME_PATH, use nm_setting_802_1x_get_ca_cert_path(); ++ * if %NM_SETTING_802_1X_CK_SCHEME_HASH, use nm_setting_802_1x_get_ca_cert_hash(). + * + * Returns: scheme used to store the CA certificate (blob or path) + **/ +@@ -547,6 +556,32 @@ nm_setting_802_1x_get_ca_cert_path (NMSetting8021x *setting) + return (const char *) (NM_SETTING_802_1X_GET_PRIVATE (setting)->ca_cert->data + strlen (SCHEME_PATH)); + } + ++/** ++ * nm_setting_802_1x_get_ca_cert_hash: ++ * @setting: the #NMSetting8021x ++ * ++ * Returns the CA certificate path if the CA certificate is stored using the ++ * %NM_SETTING_802_1X_CK_SCHEME_HASH scheme. Not all EAP methods use a ++ * CA certificate (LEAP for example), and those that can take advantage of the ++ * CA certificate allow it to be unset. Note that lack of a CA certificate ++ * reduces security by allowing man-in-the-middle attacks, because the identity ++ * of the network cannot be confirmed by the client. ++ * ++ * Returns: hash of the RADIUS server ++ **/ ++const char * ++nm_setting_802_1x_get_ca_cert_hash (NMSetting8021x *setting) ++{ ++ NMSetting8021xCKScheme scheme; ++ ++ g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), NULL); ++ ++ scheme = nm_setting_802_1x_get_ca_cert_scheme (setting); ++ g_return_val_if_fail (scheme == NM_SETTING_802_1X_CK_SCHEME_HASH, NULL); ++ ++ return (const char *) (NM_SETTING_802_1X_GET_PRIVATE (setting)->ca_cert->data); ++} ++ + static GByteArray * + path_to_scheme_value (const char *path) + { +@@ -600,7 +635,8 @@ nm_setting_802_1x_set_ca_cert (NMSetting8021x *setting, + if (cert_path) { + g_return_val_if_fail (g_utf8_validate (cert_path, -1, NULL), FALSE); + g_return_val_if_fail ( scheme == NM_SETTING_802_1X_CK_SCHEME_BLOB +- || scheme == NM_SETTING_802_1X_CK_SCHEME_PATH, ++ || scheme == NM_SETTING_802_1X_CK_SCHEME_PATH ++ || scheme == NM_SETTING_802_1X_CK_SCHEME_HASH, + FALSE); + } + +@@ -620,6 +656,17 @@ nm_setting_802_1x_set_ca_cert (NMSetting8021x *setting, + return TRUE; + } + ++ if (scheme == NM_SETTING_802_1X_CK_SCHEME_HASH) { ++ int length = strlen (cert_path); ++ if ( length == (strlen (SCHEME_HASH) + 64) ++ && !g_str_has_prefix (cert_path, SCHEME_HASH)) ++ return FALSE; ++ data = g_byte_array_sized_new (length + 1); ++ g_byte_array_append (data, (guint8 *) cert_path, length + 1); ++ priv->ca_cert = data; ++ return TRUE; ++ } ++ + data = load_and_verify_certificate (cert_path, scheme, &format, error); + if (data) { + /* wpa_supplicant can only use raw x509 CA certs */ +diff --git a/libnm-util/nm-setting-8021x.h b/libnm-util/nm-setting-8021x.h +index 62b4390..42c7035 100644 +--- a/libnm-util/nm-setting-8021x.h ++++ b/libnm-util/nm-setting-8021x.h +@@ -54,6 +54,8 @@ typedef enum { /*< underscore_name=nm_setting_802_1x_ck_format >*/ + * item data + * @NM_SETTING_802_1X_CK_SCHEME_PATH: certificate or key is stored as a path + * to a file containing the certificate or key data ++ * @NM_SETTING_802_1X_CK_SCHEME_HASH: certificate or key is stored as a path ++ * of the CA server hash + * + * #NMSetting8021xCKScheme values indicate how a certificate or private key is + * stored in the setting properties, either as a blob of the item's data, or as +@@ -62,7 +64,8 @@ typedef enum { /*< underscore_name=nm_setting_802_1x_ck_format >*/ + typedef enum { /*< underscore_name=nm_setting_802_1x_ck_scheme >*/ + NM_SETTING_802_1X_CK_SCHEME_UNKNOWN = 0, + NM_SETTING_802_1X_CK_SCHEME_BLOB, +- NM_SETTING_802_1X_CK_SCHEME_PATH ++ NM_SETTING_802_1X_CK_SCHEME_PATH, ++ NM_SETTING_802_1X_CK_SCHEME_HASH + } NMSetting8021xCKScheme; + + +@@ -184,6 +187,7 @@ const char * nm_setting_802_1x_get_phase2_ca_path (NMSetting8 + NMSetting8021xCKScheme nm_setting_802_1x_get_ca_cert_scheme (NMSetting8021x *setting); + const GByteArray * nm_setting_802_1x_get_ca_cert_blob (NMSetting8021x *setting); + const char * nm_setting_802_1x_get_ca_cert_path (NMSetting8021x *setting); ++const char * nm_setting_802_1x_get_ca_cert_hash (NMSetting8021x *setting); + gboolean nm_setting_802_1x_set_ca_cert (NMSetting8021x *setting, + const char *cert_path, + NMSetting8021xCKScheme scheme, +diff --git a/src/settings/plugins/ifnet/connection_parser.c b/src/settings/plugins/ifnet/connection_parser.c +index 888ee58..5481963 100644 +--- a/src/settings/plugins/ifnet/connection_parser.c ++++ b/src/settings/plugins/ifnet/connection_parser.c +@@ -37,6 +37,8 @@ + #include "connection_parser.h" + #include "nm-ifnet-connection.h" + ++#define SCHEME_HASH "hash://server/sha256/" ++ + static char * + connection_id_from_ifnet_name (const char *conn_name) + { +@@ -193,11 +195,18 @@ eap_tls_reader (const char *eap_method, + NULL, error)) + goto done; + } else { +- if (!nm_setting_802_1x_set_ca_cert (s_8021x, +- ca_cert, +- NM_SETTING_802_1X_CK_SCHEME_PATH, +- NULL, error)) +- goto done; ++ if (g_str_has_prefix (ca_cert, SCHEME_HASH)) ++ if (!nm_setting_802_1x_set_ca_cert (s_8021x, ++ ca_cert, ++ NM_SETTING_802_1X_CK_SCHEME_HASH, ++ NULL, error)) ++ goto done; ++ else ++ if (!nm_setting_802_1x_set_ca_cert (s_8021x, ++ ca_cert, ++ NM_SETTING_802_1X_CK_SCHEME_PATH, ++ NULL, error)) ++ goto done; + } + } else { + nm_log_warn (LOGD_SETTINGS, " missing %s for EAP method '%s'; this is insecure!", +@@ -302,11 +311,18 @@ eap_peap_reader (const char *eap_method, + + ca_cert = get_cert (ssid, "ca_cert", basepath); + if (ca_cert) { +- if (!nm_setting_802_1x_set_ca_cert (s_8021x, +- ca_cert, +- NM_SETTING_802_1X_CK_SCHEME_PATH, +- NULL, error)) +- goto done; ++ if (g_str_has_prefix (ca_cert, SCHEME_HASH)) ++ if (!nm_setting_802_1x_set_ca_cert (s_8021x, ++ ca_cert, ++ NM_SETTING_802_1X_CK_SCHEME_HASH, ++ NULL, error)) ++ goto done; ++ else ++ if (!nm_setting_802_1x_set_ca_cert (s_8021x, ++ ca_cert, ++ NM_SETTING_802_1X_CK_SCHEME_PATH, ++ NULL, error)) ++ goto done; + } else { + nm_log_warn (LOGD_SETTINGS, " missing IEEE_8021X_CA_CERT for EAP method '%s'; this is insecure!", + eap_method); +@@ -404,11 +420,18 @@ eap_ttls_reader (const char *eap_method, + /* ca cert */ + ca_cert = get_cert (ssid, "ca_cert", basepath); + if (ca_cert) { +- if (!nm_setting_802_1x_set_ca_cert (s_8021x, +- ca_cert, +- NM_SETTING_802_1X_CK_SCHEME_PATH, +- NULL, error)) +- goto done; ++ if (g_str_has_prefix (ca_cert, SCHEME_HASH)) ++ if (!nm_setting_802_1x_set_ca_cert (s_8021x, ++ ca_cert, ++ NM_SETTING_802_1X_CK_SCHEME_HASH, ++ NULL, error)) ++ goto done; ++ else ++ if (!nm_setting_802_1x_set_ca_cert (s_8021x, ++ ca_cert, ++ NM_SETTING_802_1X_CK_SCHEME_PATH, ++ NULL, error)) ++ goto done; + } else { + nm_log_warn (LOGD_SETTINGS, " missing IEEE_8021X_CA_CERT for EAP method '%s'; this is insecure!", + eap_method); +@@ -1719,12 +1742,14 @@ error: + + typedef NMSetting8021xCKScheme (*SchemeFunc) (NMSetting8021x * setting); + typedef const char *(*PathFunc) (NMSetting8021x * setting); ++typedef const char *(*HashFunc) (NMSetting8021x * setting); + typedef GBytes *(*BlobFunc) (NMSetting8021x * setting); + + typedef struct ObjectType { + const char *setting_key; + SchemeFunc scheme_func; + PathFunc path_func; ++ HashFunc hash_func; + BlobFunc blob_func; + const char *conn_name_key; + const char *suffix; +@@ -1734,6 +1759,7 @@ static const ObjectType ca_type = { + NM_SETTING_802_1X_CA_CERT, + nm_setting_802_1x_get_ca_cert_scheme, + nm_setting_802_1x_get_ca_cert_path, ++ nm_setting_802_1x_get_ca_cert_hash, + nm_setting_802_1x_get_ca_cert_blob, + "ca_cert", + "ca-cert.der" +@@ -1743,6 +1769,7 @@ static const ObjectType phase2_ca_type = { + NM_SETTING_802_1X_PHASE2_CA_CERT, + nm_setting_802_1x_get_phase2_ca_cert_scheme, + nm_setting_802_1x_get_phase2_ca_cert_path, ++ NULL, + nm_setting_802_1x_get_phase2_ca_cert_blob, + "ca_cert2", + "inner-ca-cert.der" +@@ -1752,6 +1779,7 @@ static const ObjectType client_type = { + NM_SETTING_802_1X_CLIENT_CERT, + nm_setting_802_1x_get_client_cert_scheme, + nm_setting_802_1x_get_client_cert_path, ++ NULL, + nm_setting_802_1x_get_client_cert_blob, + "client_cert", + "client-cert.der" +@@ -1761,6 +1789,7 @@ static const ObjectType phase2_client_type = { + NM_SETTING_802_1X_PHASE2_CLIENT_CERT, + nm_setting_802_1x_get_phase2_client_cert_scheme, + nm_setting_802_1x_get_phase2_client_cert_path, ++ NULL, + nm_setting_802_1x_get_phase2_client_cert_blob, + "client_cert2", + "inner-client-cert.der" +@@ -1770,6 +1799,7 @@ static const ObjectType pk_type = { + NM_SETTING_802_1X_PRIVATE_KEY, + nm_setting_802_1x_get_private_key_scheme, + nm_setting_802_1x_get_private_key_path, ++ NULL, + nm_setting_802_1x_get_private_key_blob, + "private_key", + "private-key.pem" +@@ -1779,6 +1809,7 @@ static const ObjectType phase2_pk_type = { + NM_SETTING_802_1X_PHASE2_PRIVATE_KEY, + nm_setting_802_1x_get_phase2_private_key_scheme, + nm_setting_802_1x_get_phase2_private_key_path, ++ NULL, + nm_setting_802_1x_get_phase2_private_key_blob, + "private_key2", + "inner-private-key.pem" +@@ -1788,6 +1819,7 @@ static const ObjectType p12_type = { + NM_SETTING_802_1X_PRIVATE_KEY, + nm_setting_802_1x_get_private_key_scheme, + nm_setting_802_1x_get_private_key_path, ++ NULL, + nm_setting_802_1x_get_private_key_blob, + "private_key", + "private-key.p12" +@@ -1797,6 +1829,7 @@ static const ObjectType phase2_p12_type = { + NM_SETTING_802_1X_PHASE2_PRIVATE_KEY, + nm_setting_802_1x_get_phase2_private_key_scheme, + nm_setting_802_1x_get_phase2_private_key_path, ++ NULL, + nm_setting_802_1x_get_phase2_private_key_blob, + "private_key2", + "inner-private-key.p12" +@@ -1812,6 +1845,7 @@ write_object (NMSetting8021x *s_8021x, + NMSetting8021xCKScheme scheme; + const char *path = NULL; + GBytes *blob = NULL; ++ const char *hash = NULL; + + g_return_val_if_fail (conn_name != NULL, FALSE); + g_return_val_if_fail (objtype != NULL, FALSE); +@@ -1829,6 +1863,9 @@ write_object (NMSetting8021x *s_8021x, + case NM_SETTING_802_1X_CK_SCHEME_PATH: + path = (*(objtype->path_func)) (s_8021x); + break; ++ case NM_SETTING_802_1X_CK_SCHEME_HASH: ++ hash = (*(objtype->hash_func)) (s_8021x); ++ break; + default: + break; + } +@@ -1843,6 +1880,15 @@ write_object (NMSetting8021x *s_8021x, + return TRUE; + } + ++ /* If the object hash was specified, prefer that over any raw cert data that ++ * may have been sent. ++ */ ++ if (hash) { ++ wpa_set_data (conn_name, (gchar *) objtype->conn_name_key, ++ (gchar *) hash); ++ return TRUE; ++ } ++ + /* does not support writing encryption data now */ + if (blob) + nm_log_warn (LOGD_SETTINGS, " Currently we do not support cert writing."); +diff --git a/src/settings/plugins/keyfile/writer.c b/src/settings/plugins/keyfile/writer.c +index b6a8786..1d7f3ea 100644 +--- a/src/settings/plugins/keyfile/writer.c ++++ b/src/settings/plugins/keyfile/writer.c +@@ -114,7 +114,7 @@ cert_writer (NMConnection *connection, + const char *setting_name = nm_setting_get_name (NM_SETTING (cert_data->setting)); + NMSetting8021xCKScheme scheme; + NMSetting8021xCKFormat format; +- const char *path = NULL, *ext = "pem"; ++ const char *path = NULL, *hash = NULL, *ext = "pem"; + + scheme = cert_data->scheme_func (cert_data->setting); + if (scheme == NM_SETTING_802_1X_CK_SCHEME_PATH) { +@@ -159,6 +159,11 @@ cert_writer (NMConnection *connection, + accepted_path = tmp = g_strconcat (NM_KEYFILE_CERT_SCHEME_PREFIX_PATH, path, NULL); + nm_keyfile_plugin_kf_set_string (file, setting_name, cert_data->property_name, accepted_path); + g_free (tmp); ++ } else if (scheme == NM_SETTING_802_1X_CK_SCHEME_HASH) { ++ hash = cert_data->hash_func (cert_data->setting); ++ g_assert (hash); ++ ++ nm_keyfile_plugin_kf_set_string (file, setting_name, cert_data->property_name, hash); + } else if (scheme == NM_SETTING_802_1X_CK_SCHEME_BLOB) { + GBytes *blob; + const guint8 *blob_data; +-- +2.1.4 + + +From 23b16038d354685923630e862dd3e260dd514983 Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Fri, 8 Feb 2013 11:23:15 +0800 +Subject: [PATCH 2/4] wifi: add the dbus method to probe the certificate + +--- + introspection/nm-device-wifi.xml | 23 +++++ + src/devices/wifi/nm-device-wifi.c | 126 +++++++++++++++++++++++ + src/devices/wifi/nm-device-wifi.h | 1 + + src/supplicant-manager/nm-supplicant-config.c | 25 +++++ + src/supplicant-manager/nm-supplicant-config.h | 2 + + src/supplicant-manager/nm-supplicant-interface.c | 11 ++ + src/supplicant-manager/nm-supplicant-interface.h | 5 + + 7 files changed, 193 insertions(+) + +diff --git a/introspection/nm-device-wifi.xml b/introspection/nm-device-wifi.xml +index d1c5313..01b2ac0 100644 +--- a/introspection/nm-device-wifi.xml ++++ b/introspection/nm-device-wifi.xml +@@ -45,6 +45,18 @@ + + + ++ ++ ++ ++ ++ The SSID of the AP to be probed ++ ++ ++ ++ Probe the certificate of the RADIUS server. ++ ++ ++ + + + The active hardware address of the device. +@@ -120,6 +132,17 @@ + + + ++ ++ ++ ++ The certificate of the RADIUS server ++ ++ ++ ++ Emitted when wpa_supplicant replies the certificate of the RADIUS server. ++ ++ ++ + + + Flags describing the capabilities of a wireless device. +diff --git a/src/devices/wifi/nm-device-wifi.c b/src/devices/wifi/nm-device-wifi.c +index 2e116f8..45945ed 100644 +--- a/src/devices/wifi/nm-device-wifi.c ++++ b/src/devices/wifi/nm-device-wifi.c +@@ -60,6 +60,9 @@ + static gboolean impl_device_get_access_points (NMDeviceWifi *device, + GPtrArray **aps, + GError **err); ++static gboolean impl_device_probe_cert (NMDeviceWifi *device, ++ GByteArray *ssid, ++ GError **err); + + static gboolean impl_device_get_all_access_points (NMDeviceWifi *device, + GPtrArray **aps, +@@ -103,6 +106,7 @@ enum { + ACCESS_POINT_ADDED, + ACCESS_POINT_REMOVED, + SCANNING_ALLOWED, ++ CERT_RECEIVED, + + LAST_SIGNAL + }; +@@ -128,6 +132,7 @@ struct _NMDeviceWifiPrivate { + NMSupplicantManager *sup_mgr; + NMSupplicantInterface *sup_iface; + guint sup_timeout_id; /* supplicant association timeout */ ++ guint sup_cert_id; + + gboolean ssid_found; + NM80211Mode mode; +@@ -1658,6 +1663,118 @@ try_fill_ssid_for_hidden_ap (NMAccessPoint *ap) + } + } + ++static void ++supplicant_iface_certification_cb (NMSupplicantInterface * iface, ++ GVariant *cert, ++ NMDeviceWifi * self) ++{ ++ NMDeviceWifiPrivate *priv = NM_DEVICE_WIFI_GET_PRIVATE (self); ++ GVariantIter *iter; ++ GVariant *variant; ++ gchar *str, *subject = NULL, *hash = NULL; ++ guint depth; ++ gboolean got_depth = FALSE; ++ GHashTable *cert_table; ++ ++ g_variant_get (cert, "(a{sv})", &iter); ++ while (g_variant_iter_loop (iter, "{sv}", &str, &variant)) { ++ if (g_strcmp0 (str, "depth") == 0) { ++ depth = g_variant_get_uint32 (variant); ++ got_depth = TRUE; ++ } ++ ++ if (g_strcmp0 (str, "subject") == 0) ++ g_variant_get (variant, "s", &subject); ++ ++ if (g_strcmp0 (str, "cert_hash") == 0) ++ g_variant_get (variant, "s", &hash); ++ ++ } ++ g_variant_iter_free (iter); ++ ++ if (!got_depth) { ++ nm_log_dbg (LOGD_WIFI_SCAN, "Depth was not set"); ++ return; ++ } ++ ++ if (!subject) { ++ nm_log_dbg (LOGD_WIFI_SCAN, "no subject"); ++ return; ++ } ++ ++ if (!hash) { ++ nm_log_dbg (LOGD_WIFI_SCAN, "no cert hash"); ++ return; ++ } ++ ++ nm_log_info (LOGD_WIFI_SCAN, "Got Server Certificate %u, subject %s, hash %s", ++ depth, subject, hash); ++ ++ if (depth != 0) ++ return; ++ ++ cert_table = value_hash_create (); ++ if (!cert_table) { ++ nm_log_warn (LOGD_WIFI_SCAN, "Failed to new a cert table"); ++ return; ++ } ++ value_hash_add_uint (cert_table, "depth", depth); ++ value_hash_add_str (cert_table, "subject", subject); ++ value_hash_add_str (cert_table, "cert_hash", hash); ++ ++ g_signal_emit (self, signals[CERT_RECEIVED], 0, cert_table); ++ ++ g_hash_table_unref (cert_table); ++ ++ if (priv->sup_cert_id > 0) { ++ g_signal_handler_disconnect (priv->sup_iface, priv->sup_cert_id); ++ priv->sup_cert_id = 0; ++ } ++ ++ nm_supplicant_interface_disconnect (iface); ++} ++ ++static gboolean ++impl_device_probe_cert (NMDeviceWifi *self, ++ GByteArray *ssid, ++ GError **err) ++{ ++ NMDeviceWifiPrivate *priv = NM_DEVICE_WIFI_GET_PRIVATE (self); ++ NMSupplicantConfig *config = NULL; ++ guint id; ++ gboolean ret = FALSE; ++ ++ config = nm_supplicant_config_new_probe (ssid); ++ if (!config) ++ goto error; ++ ++ /* Hook up signal handler to capture certification signal */ ++ id = g_signal_connect (priv->sup_iface, ++ NM_SUPPLICANT_INTERFACE_CERTIFICATION, ++ G_CALLBACK (supplicant_iface_certification_cb), ++ self); ++ priv->sup_cert_id = id; ++ ++ if (!nm_supplicant_interface_set_config (priv->sup_iface, config)) ++ goto error; ++ ++ ret = TRUE; ++ ++error: ++ if (!ret) { ++ g_set_error_literal (err, ++ NM_DEVICE_ERROR, ++ NM_DEVICE_ERROR_INVALID_CONNECTION, ++ _("Couldn't probe RADIUS server certificate")); ++ if (priv->sup_cert_id) { ++ g_signal_handler_disconnect (priv->sup_iface, priv->sup_cert_id); ++ priv->sup_cert_id = 0; ++ } ++ } ++ ++ return ret; ++} ++ + /* + * merge_scanned_ap + * +@@ -3359,6 +3476,15 @@ nm_device_wifi_class_init (NMDeviceWifiClass *klass) + scanning_allowed_accumulator, NULL, NULL, + G_TYPE_BOOLEAN, 0); + ++ signals[CERT_RECEIVED] = ++ g_signal_new ("cert-received", ++ G_OBJECT_CLASS_TYPE (object_class), ++ G_SIGNAL_RUN_FIRST, ++ G_STRUCT_OFFSET (NMDeviceWifiClass, cert_received), ++ NULL, NULL, ++ g_cclosure_marshal_VOID__BOXED, ++ G_TYPE_NONE, 1, DBUS_TYPE_G_MAP_OF_VARIANT); ++ + nm_dbus_manager_register_exported_type (nm_dbus_manager_get (), + G_TYPE_FROM_CLASS (klass), + &dbus_glib_nm_device_wifi_object_info); +diff --git a/src/devices/wifi/nm-device-wifi.h b/src/devices/wifi/nm-device-wifi.h +index bcba91d..fcf91c9 100644 +--- a/src/devices/wifi/nm-device-wifi.h ++++ b/src/devices/wifi/nm-device-wifi.h +@@ -70,6 +70,7 @@ struct _NMDeviceWifiClass + void (*access_point_added) (NMDeviceWifi *device, NMAccessPoint *ap); + void (*access_point_removed) (NMDeviceWifi *device, NMAccessPoint *ap); + gboolean (*scanning_allowed) (NMDeviceWifi *device); ++ void (*cert_received) (NMDeviceWifi *device, GHashTable *cert); + }; + + +diff --git a/src/supplicant-manager/nm-supplicant-config.c b/src/supplicant-manager/nm-supplicant-config.c +index b78a24d..8ab7b7d 100644 +--- a/src/supplicant-manager/nm-supplicant-config.c ++++ b/src/supplicant-manager/nm-supplicant-config.c +@@ -160,6 +160,25 @@ nm_supplicant_config_add_option (NMSupplicantConfig *self, + return nm_supplicant_config_add_option_with_type (self, key, value, len, TYPE_INVALID, secret); + } + ++NMSupplicantConfig * ++nm_supplicant_config_new_probe (const GByteArray *ssid) ++{ ++ NMSupplicantConfig *probe_config; ++ ++ if (!ssid) ++ return NULL; ++ ++ probe_config = (NMSupplicantConfig *)g_object_new (NM_TYPE_SUPPLICANT_CONFIG, NULL); ++ ++ nm_supplicant_config_add_option (probe_config, "ssid", (char *)ssid->data, ssid->len, FALSE); ++ nm_supplicant_config_add_option (probe_config, "key_mgmt", "WPA-EAP", -1, FALSE); ++ nm_supplicant_config_add_option (probe_config, "eap", "TTLS PEAP TLS", -1, FALSE); ++ nm_supplicant_config_add_option (probe_config, "identity", " ", -1, FALSE); ++ nm_supplicant_config_add_option (probe_config, "ca_cert", "probe://", -1, FALSE); ++ ++ return probe_config; ++} ++ + static gboolean + nm_supplicant_config_add_blob (NMSupplicantConfig *self, + const char *key, +@@ -911,6 +930,12 @@ nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self, + if (!add_string_val (self, path, "ca_cert", FALSE, FALSE)) + return FALSE; + break; ++ case NM_SETTING_802_1X_CK_SCHEME_HASH: ++ path = nm_setting_802_1x_get_ca_cert_hash (setting); ++ if (!add_string_val (self, path, "ca_cert", FALSE, FALSE)) ++ return FALSE; ++ break; ++ + default: + break; + } +diff --git a/src/supplicant-manager/nm-supplicant-config.h b/src/supplicant-manager/nm-supplicant-config.h +index 3324f63..3491fca 100644 +--- a/src/supplicant-manager/nm-supplicant-config.h ++++ b/src/supplicant-manager/nm-supplicant-config.h +@@ -52,6 +52,8 @@ GType nm_supplicant_config_get_type (void); + + NMSupplicantConfig *nm_supplicant_config_new (void); + ++NMSupplicantConfig *nm_supplicant_config_new_probe (const GByteArray *ssid); ++ + guint32 nm_supplicant_config_get_ap_scan (NMSupplicantConfig *self); + + void nm_supplicant_config_set_ap_scan (NMSupplicantConfig *self, +diff --git a/src/supplicant-manager/nm-supplicant-interface.c b/src/supplicant-manager/nm-supplicant-interface.c +index e9775a1..dab1047 100644 +--- a/src/supplicant-manager/nm-supplicant-interface.c ++++ b/src/supplicant-manager/nm-supplicant-interface.c +@@ -55,6 +55,7 @@ enum { + SCAN_DONE, /* wifi scan is complete */ + CONNECTION_ERROR, /* an error occurred during a connection request */ + CREDENTIALS_REQUEST, /* 802.1x identity or password requested */ ++ CERTIFICATION, /* a RADIUS server certificate was received */ + LAST_SIGNAL + }; + static guint signals[LAST_SIGNAL] = { 0 }; +@@ -527,6 +528,8 @@ signal_cb (GDBusProxy *proxy, + g_variant_get (args, "(&o&s&s)", &path, &field, &message); + if (priv->has_credreq && priv->net_path && !g_strcmp0 (path, priv->net_path)) + g_signal_emit (self, signals[CREDENTIALS_REQUEST], 0, field, message); ++ } else if (MATCH_SIGNAL (signal, "Certification", args, G_VARIANT_TYPE ("(a{sv})"))) { ++ g_signal_emit (self, signals[CERTIFICATION], 0, g_variant_ref_sink (args)); + } + } + +@@ -1393,5 +1396,13 @@ nm_supplicant_interface_class_init (NMSupplicantInterfaceClass *klass) + G_STRUCT_OFFSET (NMSupplicantInterfaceClass, credentials_request), + NULL, NULL, NULL, + G_TYPE_NONE, 2, G_TYPE_STRING, G_TYPE_STRING); ++ signals[CERTIFICATION] = ++ g_signal_new (NM_SUPPLICANT_INTERFACE_CERTIFICATION, ++ G_OBJECT_CLASS_TYPE (object_class), ++ G_SIGNAL_RUN_LAST, ++ G_STRUCT_OFFSET (NMSupplicantInterfaceClass, certification), ++ NULL, NULL, ++ g_cclosure_marshal_VOID__BOXED, ++ G_TYPE_NONE, 1, G_TYPE_VARIANT); + } + +diff --git a/src/supplicant-manager/nm-supplicant-interface.h b/src/supplicant-manager/nm-supplicant-interface.h +index 1b1139d..5328df4 100644 +--- a/src/supplicant-manager/nm-supplicant-interface.h ++++ b/src/supplicant-manager/nm-supplicant-interface.h +@@ -62,6 +62,7 @@ enum { + #define NM_SUPPLICANT_INTERFACE_SCAN_DONE "scan-done" + #define NM_SUPPLICANT_INTERFACE_CONNECTION_ERROR "connection-error" + #define NM_SUPPLICANT_INTERFACE_CREDENTIALS_REQUEST "credentials-request" ++#define NM_SUPPLICANT_INTERFACE_CERTIFICATION "certification" + + typedef enum { + AP_SUPPORT_UNKNOWN = 0, /* Can't detect whether supported or not */ +@@ -114,6 +115,10 @@ typedef struct { + void (*credentials_request) (NMSupplicantInterface *iface, + const char *field, + const char *message); ++ ++ /* a RADIUS server certificate was received */ ++ void (*certification) (NMSupplicantInterface * iface, ++ const GHashTable * ca_cert); + } NMSupplicantInterfaceClass; + + +-- +2.1.4 + + +From 2efdcb519b6b5e490193afe980593cdd228f4b55 Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Fri, 8 Feb 2013 11:24:10 +0800 +Subject: [PATCH 3/4] libnm-glib: add the function to probe the certificate + +--- + libnm-glib/libnm-glib.ver | 1 + + libnm-glib/nm-device-wifi.c | 70 +++++++++++++++++++++++++++++++++++++++++++++ + libnm-glib/nm-device-wifi.h | 5 +++- + 3 files changed, 75 insertions(+), 1 deletion(-) + +diff --git a/libnm-glib/libnm-glib.ver b/libnm-glib/libnm-glib.ver +index 9219c4a..12ca784 100644 +--- a/libnm-glib/libnm-glib.ver ++++ b/libnm-glib/libnm-glib.ver +@@ -200,6 +200,7 @@ global: + nm_device_wifi_get_type; + nm_device_wifi_new; + nm_device_wifi_request_scan_simple; ++ nm_device_wifi_probe_cert; + nm_device_wimax_error_get_type; + nm_device_wimax_error_quark; + nm_device_wimax_get_active_nsp; +diff --git a/libnm-glib/nm-device-wifi.c b/libnm-glib/nm-device-wifi.c +index 28609c7..977539e 100644 +--- a/libnm-glib/nm-device-wifi.c ++++ b/libnm-glib/nm-device-wifi.c +@@ -80,6 +80,7 @@ enum { + enum { + ACCESS_POINT_ADDED, + ACCESS_POINT_REMOVED, ++ CERT_RECEIVED, + + LAST_SIGNAL + }; +@@ -381,6 +382,49 @@ nm_device_wifi_request_scan_simple (NMDeviceWifi *device, + g_hash_table_unref (options); + } + ++/** ++ * nm_device_wifi_probe_cert: ++ * @device: a #NMDeviceWifi ++ * @ssid: the ssid of the AP to probe ++ * ++ * Probe the certificate of the RADIUS server ++ * ++ * Returns: if the probe is sent or not ++ **/ ++gboolean ++nm_device_wifi_probe_cert (NMDeviceWifi *device, ++ const GByteArray *ssid) ++{ ++ NMDeviceWifiPrivate *priv; ++ GError *error = NULL; ++ gboolean ret; ++ ++ g_return_val_if_fail (NM_IS_DEVICE_WIFI (device), FALSE); ++ ++ priv = NM_DEVICE_WIFI_GET_PRIVATE (device); ++ ++ ret = dbus_g_proxy_call (priv->proxy, "ProbeCert", &error, ++ DBUS_TYPE_G_UCHAR_ARRAY, ssid, ++ G_TYPE_INVALID, ++ G_TYPE_INVALID); ++ ++ if (!ret) { ++ g_warning ("%s: error probe certificate: %s", __func__, error->message); ++ g_error_free (error); ++ return FALSE; ++ } ++ ++ return TRUE; ++} ++ ++static void ++cert_received_proxy (DBusGProxy *proxy, GHashTable *cert, gpointer user_data) ++{ ++ NMDeviceWifi *self = NM_DEVICE_WIFI (user_data); ++ ++ g_signal_emit (self, signals[CERT_RECEIVED], 0, cert); ++} ++ + static void + clean_up_aps (NMDeviceWifi *self, gboolean notify) + { +@@ -649,6 +693,14 @@ constructed (GObject *object) + G_OBJECT_CLASS (nm_device_wifi_parent_class)->constructed (object); + + priv->proxy = _nm_object_new_proxy (NM_OBJECT (object), NULL, NM_DBUS_INTERFACE_DEVICE_WIRELESS); ++ ++ dbus_g_proxy_add_signal (priv->proxy, "CertReceived", ++ DBUS_TYPE_G_MAP_OF_VARIANT, ++ G_TYPE_INVALID); ++ dbus_g_proxy_connect_signal (priv->proxy, "CertReceived", ++ G_CALLBACK (cert_received_proxy), ++ object, NULL); ++ + register_properties (NM_DEVICE_WIFI (object)); + + g_signal_connect (NM_DEVICE (object), +@@ -836,4 +888,22 @@ nm_device_wifi_class_init (NMDeviceWifiClass *wifi_class) + g_cclosure_marshal_VOID__OBJECT, + G_TYPE_NONE, 1, + G_TYPE_OBJECT); ++ ++ /** ++ * NMDeviceWifi::cert-received: ++ * @device: the wifi device that received the signal ++ * @subject: the subject of the RADIUS server ++ * @hash: the hash of the RADIUS server ++ * ++ * Notifies that a certificate of a RADIUS server is received. ++ **/ ++ signals[CERT_RECEIVED] = ++ g_signal_new ("cert-received", ++ G_OBJECT_CLASS_TYPE (object_class), ++ G_SIGNAL_RUN_FIRST, ++ G_STRUCT_OFFSET (NMDeviceWifiClass, cert_received), ++ NULL, NULL, ++ g_cclosure_marshal_VOID__BOXED, ++ G_TYPE_NONE, 1, ++ G_TYPE_HASH_TABLE); + } +diff --git a/libnm-glib/nm-device-wifi.h b/libnm-glib/nm-device-wifi.h +index 2bb432a..ac9f8dd 100644 +--- a/libnm-glib/nm-device-wifi.h ++++ b/libnm-glib/nm-device-wifi.h +@@ -77,6 +77,7 @@ typedef struct { + /* Signals */ + void (*access_point_added) (NMDeviceWifi *device, NMAccessPoint *ap); + void (*access_point_removed) (NMDeviceWifi *device, NMAccessPoint *ap); ++ void (*cert_received) (NMDeviceWifi *device, GHashTable *cert); + + /* Padding for future expansion */ + void (*_reserved1) (void); +@@ -84,7 +85,6 @@ typedef struct { + void (*_reserved3) (void); + void (*_reserved4) (void); + void (*_reserved5) (void); +- void (*_reserved6) (void); + } NMDeviceWifiClass; + + GType nm_device_wifi_get_type (void); +@@ -110,6 +110,9 @@ void nm_device_wifi_request_scan_simple (NMDeviceWifi * + NMDeviceWifiRequestScanFn callback, + gpointer user_data); + ++gboolean nm_device_wifi_probe_cert (NMDeviceWifi *device, ++ const GByteArray *ssid); ++ + G_END_DECLS + + #endif /* NM_DEVICE_WIFI_H */ +-- +2.1.4 + + +From 77adeaeafe978934280c50543ecf3ed8dce800d1 Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Thu, 25 Apr 2013 11:13:52 +0800 +Subject: [PATCH 4/4] wifi: Probe the Radius server with the user credential + +Some servers do not accept anonymous probe. +--- + introspection/nm-device-wifi.xml | 4 +-- + libnm-glib/nm-device-wifi.c | 14 +++++++--- + libnm-glib/nm-device-wifi.h | 2 +- + src/devices/wifi/nm-device-wifi.c | 39 ++++++++++++++++++++++++--- + src/supplicant-manager/nm-supplicant-config.c | 37 +++++++++++++++++++++---- + src/supplicant-manager/nm-supplicant-config.h | 3 ++- + 6 files changed, 83 insertions(+), 16 deletions(-) + +diff --git a/introspection/nm-device-wifi.xml b/introspection/nm-device-wifi.xml +index 01b2ac0..2adb7d4 100644 +--- a/introspection/nm-device-wifi.xml ++++ b/introspection/nm-device-wifi.xml +@@ -47,9 +47,9 @@ + + + +- ++ + +- The SSID of the AP to be probed ++ Connection settings and properties + + + +diff --git a/libnm-glib/nm-device-wifi.c b/libnm-glib/nm-device-wifi.c +index 977539e..ff816eb 100644 +--- a/libnm-glib/nm-device-wifi.c ++++ b/libnm-glib/nm-device-wifi.c +@@ -385,7 +385,7 @@ nm_device_wifi_request_scan_simple (NMDeviceWifi *device, + /** + * nm_device_wifi_probe_cert: + * @device: a #NMDeviceWifi +- * @ssid: the ssid of the AP to probe ++ * @partial: the connection settings and properties + * + * Probe the certificate of the RADIUS server + * +@@ -393,21 +393,29 @@ nm_device_wifi_request_scan_simple (NMDeviceWifi *device, + **/ + gboolean + nm_device_wifi_probe_cert (NMDeviceWifi *device, +- const GByteArray *ssid) ++ NMConnection *partial) + { + NMDeviceWifiPrivate *priv; ++ GHashTable *hash = NULL; + GError *error = NULL; + gboolean ret; + + g_return_val_if_fail (NM_IS_DEVICE_WIFI (device), FALSE); ++ g_return_val_if_fail (partial, FALSE); + + priv = NM_DEVICE_WIFI_GET_PRIVATE (device); + ++ hash = nm_connection_to_hash (partial, NM_SETTING_HASH_FLAG_ALL); ++ if (hash == NULL) ++ return FALSE; ++ + ret = dbus_g_proxy_call (priv->proxy, "ProbeCert", &error, +- DBUS_TYPE_G_UCHAR_ARRAY, ssid, ++ DBUS_TYPE_G_MAP_OF_MAP_OF_VARIANT, hash, + G_TYPE_INVALID, + G_TYPE_INVALID); + ++ g_hash_table_unref (hash); ++ + if (!ret) { + g_warning ("%s: error probe certificate: %s", __func__, error->message); + g_error_free (error); +diff --git a/libnm-glib/nm-device-wifi.h b/libnm-glib/nm-device-wifi.h +index ac9f8dd..c69e64c 100644 +--- a/libnm-glib/nm-device-wifi.h ++++ b/libnm-glib/nm-device-wifi.h +@@ -111,7 +111,7 @@ void nm_device_wifi_request_scan_simple (NMDeviceWifi * + gpointer user_data); + + gboolean nm_device_wifi_probe_cert (NMDeviceWifi *device, +- const GByteArray *ssid); ++ NMConnection *partial); + + G_END_DECLS + +diff --git a/src/devices/wifi/nm-device-wifi.c b/src/devices/wifi/nm-device-wifi.c +index 45945ed..a767ffb 100644 +--- a/src/devices/wifi/nm-device-wifi.c ++++ b/src/devices/wifi/nm-device-wifi.c +@@ -50,6 +50,7 @@ + #include "nm-setting-ip6-config.h" + #include "nm-platform.h" + #include "nm-auth-utils.h" ++#include "nm-core-internal.h" + #include "nm-settings-connection.h" + #include "nm-enum-types.h" + #include "nm-dbus-glib-types.h" +@@ -61,7 +62,7 @@ static gboolean impl_device_get_access_points (NMDeviceWifi *device, + GPtrArray **aps, + GError **err); + static gboolean impl_device_probe_cert (NMDeviceWifi *device, +- GByteArray *ssid, ++ GHashTable *settings, + GError **err); + + static gboolean impl_device_get_all_access_points (NMDeviceWifi *device, +@@ -1736,16 +1737,43 @@ supplicant_iface_certification_cb (NMSupplicantInterface * iface, + + static gboolean + impl_device_probe_cert (NMDeviceWifi *self, +- GByteArray *ssid, ++ GHashTable *settings, + GError **err) + { + NMDeviceWifiPrivate *priv = NM_DEVICE_WIFI_GET_PRIVATE (self); ++ NMConnection *connection = NULL; ++ NMSettingWireless *setting_wifi; ++ GBytes *ssid; ++ NMSetting8021x *setting_8021x; + NMSupplicantConfig *config = NULL; + guint id; + gboolean ret = FALSE; + +- config = nm_supplicant_config_new_probe (ssid); +- if (!config) ++ if (!settings) ++ goto error; ++ ++ connection = nm_simple_connection_new (); ++ if (settings && g_hash_table_size (settings)) { ++ GVariant *settings_dict = nm_utils_connection_hash_to_dict (settings); ++ ++ nm_connection_replace_settings (connection, settings_dict, NULL); ++ g_variant_unref (settings_dict); ++ } ++ ++ setting_wifi = nm_connection_get_setting_wireless (connection); ++ if (setting_wifi == NULL) ++ goto error; ++ ++ ssid = nm_setting_wireless_get_ssid (setting_wifi); ++ if (ssid == NULL) ++ goto error; ++ ++ setting_8021x = nm_connection_get_setting_802_1x (connection); ++ if (setting_8021x == NULL) ++ goto error; ++ ++ config = nm_supplicant_config_new_probe (ssid, setting_8021x); ++ if (config == NULL) + goto error; + + /* Hook up signal handler to capture certification signal */ +@@ -1761,6 +1789,9 @@ impl_device_probe_cert (NMDeviceWifi *self, + ret = TRUE; + + error: ++ if (connection) ++ g_object_unref (connection); ++ + if (!ret) { + g_set_error_literal (err, + NM_DEVICE_ERROR, +diff --git a/src/supplicant-manager/nm-supplicant-config.c b/src/supplicant-manager/nm-supplicant-config.c +index 8ab7b7d..9cffbe1 100644 +--- a/src/supplicant-manager/nm-supplicant-config.c ++++ b/src/supplicant-manager/nm-supplicant-config.c +@@ -161,21 +161,48 @@ nm_supplicant_config_add_option (NMSupplicantConfig *self, + } + + NMSupplicantConfig * +-nm_supplicant_config_new_probe (const GByteArray *ssid) ++nm_supplicant_config_new_probe (GBytes *ssid, NMSetting8021x *setting) + { + NMSupplicantConfig *probe_config; ++ const char *identity, *password; ++ gboolean use_pw = FALSE; ++ guint32 i, num_eap; ++ gconstpointer data; ++ gsize length; ++ ++ g_return_val_if_fail (ssid != NULL, NULL); ++ g_return_val_if_fail (setting != NULL, NULL); ++ ++ data = g_bytes_get_data (ssid, &length); + +- if (!ssid) +- return NULL; ++ num_eap = nm_setting_802_1x_get_num_eap_methods (setting); ++ for (i = 0; i < num_eap; i++) { ++ const char *method = nm_setting_802_1x_get_eap_method (setting, i); ++ ++ if (method && (strcasecmp (method, "ttls") == 0 || ++ strcasecmp (method, "peap") == 0)) ++ use_pw = TRUE; ++ } ++ ++ identity = nm_setting_802_1x_get_identity (setting); ++ if (!identity) ++ identity = " "; + + probe_config = (NMSupplicantConfig *)g_object_new (NM_TYPE_SUPPLICANT_CONFIG, NULL); + +- nm_supplicant_config_add_option (probe_config, "ssid", (char *)ssid->data, ssid->len, FALSE); ++ nm_supplicant_config_add_option (probe_config, "ssid", (const char *)data, length, FALSE); + nm_supplicant_config_add_option (probe_config, "key_mgmt", "WPA-EAP", -1, FALSE); + nm_supplicant_config_add_option (probe_config, "eap", "TTLS PEAP TLS", -1, FALSE); +- nm_supplicant_config_add_option (probe_config, "identity", " ", -1, FALSE); ++ nm_supplicant_config_add_option (probe_config, "identity", identity, -1, FALSE); + nm_supplicant_config_add_option (probe_config, "ca_cert", "probe://", -1, FALSE); + ++ if (use_pw) { ++ password = nm_setting_802_1x_get_password(setting); ++ if (!password) ++ return NULL; ++ nm_supplicant_config_add_option (probe_config, "password", password, -1, TRUE); ++ } ++ + return probe_config; + } + +diff --git a/src/supplicant-manager/nm-supplicant-config.h b/src/supplicant-manager/nm-supplicant-config.h +index 3491fca..e6149d8 100644 +--- a/src/supplicant-manager/nm-supplicant-config.h ++++ b/src/supplicant-manager/nm-supplicant-config.h +@@ -52,7 +52,8 @@ GType nm_supplicant_config_get_type (void); + + NMSupplicantConfig *nm_supplicant_config_new (void); + +-NMSupplicantConfig *nm_supplicant_config_new_probe (const GByteArray *ssid); ++NMSupplicantConfig *nm_supplicant_config_new_probe (GBytes *ssid, ++ NMSetting8021x *setting); + + guint32 nm_supplicant_config_get_ap_scan (NMSupplicantConfig *self); + +-- +2.1.4 + diff --git a/systemd-network-config.patch b/systemd-network-config.patch new file mode 100644 index 0000000..653770e --- /dev/null +++ b/systemd-network-config.patch @@ -0,0 +1,36 @@ +Index: NetworkManager-1.32.0/data/NetworkManager.service.in +=================================================================== +--- NetworkManager-1.32.0.orig/data/NetworkManager.service.in ++++ NetworkManager-1.32.0/data/NetworkManager.service.in +@@ -1,7 +1,7 @@ + [Unit] + Description=Network Manager + Documentation=man:NetworkManager(8) +-Wants=network.target ++Wants=remote-fs.target network.target + After=network-pre.target dbus.service + Before=network.target @DISTRO_NETWORK_SERVICE@ + +@@ -27,6 +27,7 @@ LimitNOFILE=65536 + + [Install] + WantedBy=multi-user.target ++Alias=network.service + Also=NetworkManager-dispatcher.service + + # We want to enable NetworkManager-wait-online.service whenever this service +Index: NetworkManager-1.32.0/data/NetworkManager-wait-online.service.in +=================================================================== +--- NetworkManager-1.32.0.orig/data/NetworkManager-wait-online.service.in ++++ NetworkManager-1.32.0/data/NetworkManager-wait-online.service.in +@@ -16,7 +16,9 @@ Before=network-online.target + # time. + + Type=oneshot +-ExecStart=@bindir@/nm-online -s -q ++Environment=NM_ONLINE_TIMEOUT=0 ++EnvironmentFile=-/etc/sysconfig/network/config ++ExecStart=/bin/bash -c "if [ ${NM_ONLINE_TIMEOUT} -gt 0 ]; then @bindir@/nm-online -s -q --timeout=${NM_ONLINE_TIMEOUT} ; else /bin/true ; fi" + RemainAfterExit=yes + + # Set $NM_ONLINE_TIMEOUT variable for timeout in seconds.