!198 bond: avoid logging warning to set "ad_actor_system=00:00:00:00:00:00"

From: @roygiteee 
Reviewed-by: @robertxw 
Signed-off-by: @robertxw

NetworkManager.spec

@@ -48,7 +48,7 @@
 Name:             NetworkManager
 Version:          1.26.2
 Epoch:            1
-Release:          9
+Release:          14
 Summary:          Network Link Manager and User Applications
 License:          GPLv2+
 URL:              https://www.gnome.org/projects/NetworkManager/
@@ -56,17 +56,22 @@ Source:           https://download.gnome.org/sources/NetworkManager/%{real_versi
 Source1:          NetworkManager.conf
 Source2:          00-server.conf
 # PATCH-FEATURE-FIX fix-wants-and-add-requires.patch --fix wants and add requires in the file of NetworkManager.service.in
-Patch1:        fix-wants-and-add-requires.patch
-Patch2:        bugfix-NetworkManager-restarting-service-on-dependency-failure.patch
-Patch3:        backport-device-fix-wrongly-considering-ipv6-may-fail-for-ipv4.patch
-Patch4:        backport-bugfix-nmcli-field-active-show-error.patch
-Patch5:        backport-amend-edit-translation-of-nmcli.patch
+Patch1:           fix-wants-and-add-requires.patch
+Patch2:           bugfix-NetworkManager-restarting-service-on-dependency-failure.patch
+Patch3:           backport-device-fix-wrongly-considering-ipv6-may-fail-for-ipv4.patch
+Patch4:           backport-bugfix-nmcli-field-active-show-error.patch
+Patch5:           backport-amend-edit-translation-of-nmcli.patch
+Patch6:           backport-core-fix-crash-in-nm_wildcard_match_check.patch
+Patch7:           backport-core-ovs-fix-leak-of-NMOvsdbPrivate-db_uuid.patch
+Patch8:           backport-libnm-fix-leak-and-return-failures-from-nm-client-load-connections.patch
+Patch9:           bugfix-use-PartOf-replace-Requires-in-service.patch
+Patch10:          backport-avoid-logging-warning-to-set-ad_actor_system.patch
 
 BuildRequires:    gcc libtool pkgconfig automake autoconf intltool gettext-devel ppp-devel gnutls-devel
 BuildRequires:    dbus-devel dbus-glib-devel  glib2-devel gobject-introspection-devel jansson-devel
 BuildRequires:    dhclient readline-devel audit-libs-devel gtk-doc libudev-devel libuuid-devel /usr/bin/valac polkit-devel
 BuildRequires:    iptables libxslt bluez-libs-devel systemd systemd-devel libcurl-devel libndp-devel python3-gobject-base teamd-devel
-BuildRequires:    ModemManager-glib-devel newt-devel /usr/bin/dbus-launch python3 python3-dbus libselinux-devel
+BuildRequires:    ModemManager-glib-devel newt-devel /usr/bin/dbus-launch python3 python3-dbus libselinux-devel chrpath
 %if %{with python2}
 BuildRequires:    python2 pygobject3-base python2-dbus
 %endif
@@ -284,6 +289,9 @@ ln -s ../no-wait.d/10-ifcfg-rh-routes.sh %{buildroot}%{_sysconfdir}/%{name}/disp
 ln -s ../10-ifcfg-rh-routes.sh %{buildroot}%{_sysconfdir}/%{name}/dispatcher.d/no-wait.d/
 
 %find_lang %{name}
+chrpath -d %{buildroot}/%{_libdir}/%{name}/%{version}-%{release}/*.so*
+mkdir -p %{buildroot}/etc/ld.so.conf.d
+echo "%{_libdir}/%{name}/%{version}-%{release}" > %{buildroot}/etc/ld.so.conf.d/%{name}-%{_arch}.conf
 
 %delete_la_and_a
 find %{buildroot}%{_datadir}/gtk-doc -exec touch --reference configure.ac '{}' \+
@@ -313,6 +321,7 @@ else
    /usr/sbin/update-alternatives --install %{_sbindir}/ifup ifup %{_libexecdir}/nm-ifup 50 \
         --slave %{_sbindir}/ifdown ifdown %{_libexecdir}/nm-ifdown
 fi
+/sbin/ldconfig
 
 %preun
 if [ $1 -eq 0 ]; then
@@ -333,6 +342,7 @@ fi
 
 %ldconfig_scriptlets glib
 %ldconfig_scriptlets libnm
+/sbin/ldconfig
 
 %files
 %defattr(-,root,root)
@@ -389,6 +399,7 @@ fi
 %if %{with firewalld_zone}
 %{_prefix}/lib/firewalld/zones/nm-shared.xml
 %endif
+%config(noreplace) /etc/ld.so.conf.d/*
 
 %files wwan
 %defattr(-,root,root)
@@ -426,6 +437,37 @@ fi
 %{_datadir}/gtk-doc/html/NetworkManager/*
 
 %changelog
+* Tue Aug 27 2024 Yu Peng <yupeng@kylinos.cn> - 1:1.26.2-14
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC: bond:avoid logging warning to set "ad_actor_system=00:00:00:00:00:00".
+
+* Mon Mar 7 2022 seuzw <930zhaowei@163.com> - 1.26.2-13
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:fix the issue that NetworkManager service does not self-heal when the dbus service is abnormal
+
+* Fri Jan 14 2022 gaoxingwang <gaoxingwang@huawei.com> - 1.26.2-12
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:libnm: fix leak and return failures from nm_client_load_connections()
+
+* Fri Dec 24 2021 zengwefeng <zwfeng@huawei.com> - 1.26.2-11
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:fix crash in nm_wildcard_match_check
+       fix leak of NMOvsdbPrivate db_uuid
+
+* Thu Sep 23 2021 gaoxingwang <gaoxingwang@huawei.com> - 1.26.2-10
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:remove rpath
+
 * Thu Aug 5 2021 gaoxingwang <gaoxingwang@huawei.com> - 1.26.2-9
 - Type:bugfix
 - ID:NA

backport-avoid-logging-warning-to-set-ad_actor_system.patch

@@ -0,0 +1,71 @@
+From 76113feedb3ad1a9cf5e997c82f2af722ec1e8cc Mon Sep 17 00:00:00 2001
+From: YuPeng <yupeng@kylinos.cn>
+Date: Tue, 12 Nov 2024 18:49:39 +0800
+Subject: [PATCH] backport-avoid-logging-warning-to-set-ad_actor_system
+Confilct:NA
+Reference:https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/9e7af314546d7912ee23b3850230008902aca4d3
+
+Signed-off-by: YuPeng <yupeng@kylinos.cn>
+---
+ libnm-core/nm-core-internal.h |  1 +
+ libnm-core/nm-setting-bond.c  |  2 +-
+ src/devices/nm-device-bond.c  | 18 ++++++++++++++++++
+ 3 files changed, 20 insertions(+), 1 deletion(-)
+
+diff --git a/libnm-core/nm-core-internal.h b/libnm-core/nm-core-internal.h
+index 3a15d2e..c5eb37d 100644
+--- a/libnm-core/nm-core-internal.h
++++ b/libnm-core/nm-core-internal.h
+@@ -545,6 +545,7 @@ NMBondOptionType _nm_setting_bond_get_option_type (NMSettingBond *setting, const
+ 
+ const char* nm_setting_bond_get_option_or_default (NMSettingBond *self, const char *option);
+ 
++#define NM_BOND_AD_ACTOR_SYSTEM_DEFAULT "00:00:00:00:00:00"
+ /*****************************************************************************/
+ 
+ /* nm_connection_get_uuid() asserts against NULL, which is the right thing to
+diff --git a/libnm-core/nm-setting-bond.c b/libnm-core/nm-setting-bond.c
+index 6e0a5e5..e44ac24 100644
+--- a/libnm-core/nm-setting-bond.c
++++ b/libnm-core/nm-setting-bond.c
+@@ -306,7 +306,7 @@ _bond_get_option_normalized (NMSettingBond* self,
+ 	if (nm_streq (option, NM_SETTING_BOND_OPTION_AD_ACTOR_SYSTEM)) {
+ 		/* The default value depends on the current mode */
+ 		if (mode == NM_BOND_MODE_8023AD)
+-			return "00:00:00:00:00:00";
++			return NM_BOND_AD_ACTOR_SYSTEM_DEFAULT;
+ 		return "";
+ 	}
+ 
+diff --git a/src/devices/nm-device-bond.c b/src/devices/nm-device-bond.c
+index 71332ba..6b1da19 100644
+--- a/src/devices/nm-device-bond.c
++++ b/src/devices/nm-device-bond.c
+@@ -77,6 +77,24 @@ _set_bond_attr (NMDevice *device, const char *attr, const char *value)
+ 	int ifindex = nm_device_get_ifindex (device);
+ 	gboolean ret;
+ 
++	nm_assert(attr && attr[0]);
++    	nm_assert(value);
++
++    	if (nm_streq(value, NM_BOND_AD_ACTOR_SYSTEM_DEFAULT)
++        && nm_streq(attr, NM_SETTING_BOND_OPTION_AD_ACTOR_SYSTEM)) {
++        gs_free char *cur_val = NULL;
++
++        /* kernel does not allow setting ad_actor_system to "00:00:00:00:00:00". We would thus
++         * log an EINVAL error. Avoid that... at least, if the value is already "00:00:00:00:00:00". */
++        cur_val =
++            nm_platform_sysctl_master_get_option(nm_device_get_platform(device), ifindex, attr);
++        if (nm_streq0(cur_val, NM_BOND_AD_ACTOR_SYSTEM_DEFAULT))
++            return TRUE;
++
++        /* OK, the current value is different, and we will proceed setting "00:00:00:00:00:00".
++         * That will fail, and we will log a warning. There is nothing else to do. */
++    	}
++
+ 	ret = nm_platform_sysctl_master_set_option (nm_device_get_platform (device),
+ 	                                            ifindex,
+ 	                                            attr,
+-- 
+2.33.0
+

backport-core-fix-crash-in-nm_wildcard_match_check.patch

@@ -0,0 +1,84 @@
+From 32566dd5e137570969d2df68213a65881a702e18 Mon Sep 17 00:00:00 2001
+From: Thomas Haller <thaller@redhat.com>
+Date: Wed, 24 Mar 2021 21:05:19 +0100
+Subject: [PATCH] core: fix crash in nm_wildcard_match_check()
+
+It's not entirely clear how to treat %NULL.
+Clearly "match.interface-name=eth0" should not
+match with an interface %NULL. But what about
+"match.interface-name=!eth0"? It's now implemented
+that negative matches still succeed against %NULL.
+What about "match.interface-name=*"? That probably
+should also match with %NULL. So we treat %NULL really
+like "".
+
+Against commit 11cd443448bc ('iwd: Don't call IWD methods when device
+unmanaged'), we got this backtrace:
+
+    #0  0x00007f1c164069f1 in __strnlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:62
+    #1  0x00007f1c1637ac9e in __fnmatch (pattern=<optimized out>, string=<optimized out>, string@entry=0x0, flags=flags@entry=0) at fnmatch.c:379
+            p = 0x0
+            res = <optimized out>
+            orig_pattern = <optimized out>
+            n = <optimized out>
+            wpattern = 0x7fff8d860730 L"pci-0000:03:00.0"
+            ps = {__count = 0, __value = {__wch = 0, __wchb = "\000\000\000"}}
+            wpattern_malloc = 0x0
+            wstring_malloc = 0x0
+            wstring = <optimized out>
+            alloca_used = 80
+            __PRETTY_FUNCTION__ = "__fnmatch"
+    #2  0x0000564484a978bf in nm_wildcard_match_check (str=0x0, patterns=<optimized out>, num_patterns=<optimized out>) at src/core/nm-core-utils.c:1959
+            is_inverted = 0
+            is_mandatory = 0
+            match = <optimized out>
+            p = 0x564486c43fa0 "pci-0000:03:00.0"
+            has_optional = 0
+            has_any_optional = 0
+            i = <optimized out>
+    #3  0x0000564484bf4797 in check_connection_compatible (self=<optimized out>, connection=<optimized out>, error=0x0) at src/core/devices/nm-device.c:7499
+            patterns = <optimized out>
+            device_driver = 0x564486c76bd0 "veth"
+            num_patterns = 1
+            priv = 0x564486cbe0b0
+            __func__ = "check_connection_compatible"
+            device_iface = <optimized out>
+            local = 0x564486c99a60
+            conn_iface = 0x0
+            klass = <optimized out>
+            s_match = 0x564486c63df0 [NMSettingMatch]
+    #4  0x0000564484c38491 in check_connection_compatible (device=0x564486cbe590 [NMDeviceVeth], connection=0x564486c6b160, error=0x0) at src/core/devices/nm-device-ethernet.c:348
+            self = 0x564486cbe590 [NMDeviceVeth]
+            s_wired = <optimized out>
+
+Fixes: 3ced486f4162 ('libnm/match: extend syntax for match patterns with '|', '&', '!' and '\\'')
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1942741
+
+CVE-2021-20297
+
+(cherry picked from commit 420784e342da4883f6debdfe10cde68507b10d27)
+(cherry picked from commit eaba0b48458a34494d91dc85e6eb5bd7e2b9b2d0)
+(cherry picked from commit 16e5b307a3ae37706ac3c11ed71823d6868daa7d)
+---
+ src/nm-core-utils.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Conflict:NA
+Reference:https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/32566dd5e137570969d2df68213a65881a702e18
+diff --git a/src/nm-core-utils.c b/src/nm-core-utils.c
+index 3950c3c3a9..531996b2ee 100644
+--- a/src/nm-core-utils.c
++++ b/src/nm-core-utils.c
+@@ -1759,7 +1759,7 @@ nm_wildcard_match_check (const char *str,
+ 
+ 		_pattern_parse (patterns[i], &p, &is_inverted, &is_mandatory);
+ 
+-		match = (fnmatch (p, str, 0) == 0);
++		match = (fnmatch (p, str ?: "", 0) == 0);
+ 		if (is_inverted)
+ 			match = !match;
+ 
+-- 
+GitLab
+

backport-core-ovs-fix-leak-of-NMOvsdbPrivate-db_uuid.patch

@@ -0,0 +1,36 @@
+From e1424f264d22e0b73a11a40139818bc1c4f752eb Mon Sep 17 00:00:00 2001
+From: Thomas Haller <thaller@redhat.com>
+Date: Fri, 6 Nov 2020 18:53:57 +0100
+Subject: [PATCH] core/ovs: fix leak of "NMOvsdbPrivate.db_uuid
+
+Also, never update the value to %NULL. If the current
+message does not contain a UUID, keep the previous one.
+
+Fixes: 830a5a14cb29 ('device: add support for OpenVSwitch devices')
+(cherry picked from commit 609b08e2eb6a10ca1ca87725207eafa5ac4f4b83)
+(cherry picked from commit 0464c36a0217ca1977b73078b824be86e05cfc48)
+---
+ src/devices/ovs/nm-ovsdb.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/devices/ovs/nm-ovsdb.c b/src/devices/ovs/nm-ovsdb.c
+index 0b3fa3fdb5..a4d38397b2 100644
+--- a/src/devices/ovs/nm-ovsdb.c
++++ b/src/devices/ovs/nm-ovsdb.c
+@@ -1021,8 +1021,12 @@ ovsdb_got_update (NMOvsdb *self, json_t *msg)
+ 	}
+ 
+ 	if (ovs) {
++		const char *s;
++
+ 		iter = json_object_iter (ovs);
+-		priv->db_uuid = iter ? g_strdup (json_object_iter_key (iter)) : NULL;
++		s = json_object_iter_key (iter);
++		if (s)
++			nm_utils_strdup_reset (&priv->db_uuid, s);
+ 	}
+ 
+ 	/* Interfaces */
+-- 
+GitLab
+

backport-libnm-fix-leak-and-return-failures-from-nm-client-load-connections.patch

@@ -0,0 +1,51 @@
+From 2a36f8c2f157299cf8ffb81703b044c49ad9b1fd Mon Sep 17 00:00:00 2001
+From: gaoxingwang <gxw94linux@163.com>
+Date: Mon, 13 Sep 2021 11:00:13 +0800
+Subject: [PATCH] libnm: fix leak and return "failures" from
+ nm_client_load_connections()
+
+Due to this, `nmcli connection load` would also not print a warning
+about failure to load obviously bogus files:
+
+  $ nmcli connection load /bogus
+
+Note that load is also used to unload files, so if the file name is a
+possibly valid name for a non-existing file, there is no failure. For
+example, we get no warning for
+
+  $ nmcli connection load /etc/NetworkManager/system-connections/bogus
+
+Even if currently no such file is loaded, then the operation would still
+silently succeed, instead of succeeding the first time only. That is because
+load should be idempotent.
+
+[thaller@redhat.com: rewrote commit message]
+
+Fixes: 4af6219226e0 ('libnm: implement nm_client_load_connections_async() by using GDBusConnection directly')
+
+https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/794
+
+https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/979
+
+Conflict:apply to libnm/nm-client.c
+Reference:https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/2a36f8c2f157299cf8ffb81703b044c49ad9b1fd
+---
+---
+ libnm/nm-client.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libnm/nm-client.c b/libnm/nm-client.c
+index d7f6115..27c5f39 100644
+--- a/libnm/nm-client.c
++++ b/libnm/nm-client.c
+@@ -5850,7 +5850,7 @@ nm_client_load_connections (NMClient *client,
+ 	g_variant_get (ret,
+ 	               "(b^as)",
+ 	               NULL,
+-	               &failures);
++	               failures);
+ 
+ 	return TRUE;
+ }
+-- 
+2.27.0

bugfix-use-PartOf-replace-Requires-in-service.patch

@@ -0,0 +1,25 @@
+From 75e1259d22d10fe05a05c0bda5ce4d5beb5800d5 Mon Sep 17 00:00:00 2001
+From: gaoxingwang <gaoxingwang@huawei.com>
+Date: Sat, 26 Feb 2022 14:59:43 +0800
+Subject: [PATCH] use PartOf replace Requires in service
+
+---
+ data/NetworkManager.service.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/data/NetworkManager.service.in b/data/NetworkManager.service.in
+index b29b634..c9a9d88 100644
+--- a/data/NetworkManager.service.in
++++ b/data/NetworkManager.service.in
+@@ -4,7 +4,7 @@ Documentation=man:NetworkManager(8)
+ Wants=network.target dbus.socket
+ After=network-pre.target dbus.service dbus.socket
+ Before=network.target @DISTRO_NETWORK_SERVICE@
+-Requires=dbus.service
++PartOf=dbus.service
+ 
+ [Service]
+ Type=dbus
+-- 
+2.27.0
+