{"object_kind":"push","event_name":"push","before":"df17e133e590819aa19f7d9850ad65367107abc3","after":"375be1c1b0eb852bbfb897f813f64d86b4211963","ref":"refs/heads/nm-1-56","ref_protected":false,"checkout_sha":"375be1c1b0eb852bbfb897f813f64d86b4211963","message":null,"user_id":1050,"user_name":"Beniamino Galvani","user_username":"bgalvani","user_email":"","user_avatar":"https://gitlab.freedesktop.org/uploads/-/system/user/avatar/1050/avatar.png","project_id":411,"project":{"id":411,"name":"NetworkManager","description":"NetworkManager — network management daemon","web_url":"https://gitlab.freedesktop.org/NetworkManager/NetworkManager","avatar_url":"https://gitlab.freedesktop.org/uploads/-/system/project/avatar/411/nm_logo.png","git_ssh_url":"git@ssh.gitlab.freedesktop.org:NetworkManager/NetworkManager.git","git_http_url":"https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git","namespace":"NetworkManager","visibility_level":20,"path_with_namespace":"NetworkManager/NetworkManager","default_branch":"main","ci_config_path":"","homepage":"https://gitlab.freedesktop.org/NetworkManager/NetworkManager","url":"git@ssh.gitlab.freedesktop.org:NetworkManager/NetworkManager.git","ssh_url":"git@ssh.gitlab.freedesktop.org:NetworkManager/NetworkManager.git","http_url":"https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git"},"commits":[{"id":"b0006afd5d38318e2a6ef60ef98cae8f9f0d2252","message":"polkit: add build option to allow admin users not to type their password\n\nAdd a build option to allow installing a Polkit rule that will grant\npermissions for admin users without asking for their password if they're\nin a local console.\n\nThis shouldn't be encouraged, though. It's common practice that admin\nusers has to introduce their password to make system-wide changes. The\nstandard polkit policy, without this rule, is auth_admin_keep. This\npolicy will ask for the password once and won't ask for it again for\n~5 minutes, so it is not too unconvenient.\n\nDifferent distros use different group names for users with admin rights,\ntypically 'sudo' or 'wheel'. The build option allows to define the\ndesired group, or to leave it empty to not install the rule.\n\nHowever, until the previous commit it was allowed that local users (even\nnon-admin) could do system-wide changes without introducing a password.\nThis option allows to maintain the same behavior for admin users,\nkeeping backwards compatibility so we avoid breaking existing scripts,\nfor example. We cannot achieve the same for non-admin users because\nallowing them to create system-wide connection causes security\nvulnerabilities that cannot be fixed in any other way.\n","title":"polkit: add build option to allow admin users not to type their password","timestamp":"2026-02-25T09:23:04+01:00","url":"https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/b0006afd5d38318e2a6ef60ef98cae8f9f0d2252","author":{"name":"Íñigo Huguet","email":"ihuguet@riseup.net"},"added":["data/org.freedesktop.NetworkManager.rules.in"],"modified":["data/meson.build","meson.build","meson_options.txt"],"removed":[]},{"id":"11f642168edf188789ed628ae3420f34917549b1","message":"libnm-core: add missing flags check in .to_dbus_function()\n\nProperties that define a .to_dbus_function() as a D-Bus override, need\nto return early if the flags only ask to serialize secrets.\n\nFixes: 7fb23b0a62a0 ('libnm: add NMIPRoutingRule API')\n(cherry picked from commit eff8330b579c07f1f5338f50a459709727d690cf)\n","title":"libnm-core: add missing flags check in .to_dbus_function()","timestamp":"2026-02-25T09:25:22+01:00","url":"https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/11f642168edf188789ed628ae3420f34917549b1","author":{"name":"Beniamino Galvani","email":"bgalvani@redhat.com"},"added":[],"modified":["src/libnm-core-impl/nm-setting-ip-config.c"],"removed":[]},{"id":"480ba052f3553b1af6ebbbd8d2995486d5f62270","message":"settings: accept not-saved secrets from agents without modify-system\n\nThe \"modify.system\" polkit permission allows a user to modify settings\nfor connection profiles that belong to all users.\n\nFor this reason, when an agent returns system secrets (i.e. secrets\nthat are going to be stored to disk), NetworkManager checks that the\nagent has the modify.system permission.\n\nIf a secret has the AGENT_OWNED flag, it's stored in the agent\nitself. If the secret has the NOT_SAVED flag, it will be asked to\nusers at the beginning of every connection attempt.\n\nIn both those cases the profile is not modified and there is no need\nfor the modify.system permission. Fix the check to also consider the\nNOT_SAVED flag.\n\n(cherry picked from commit db0825a110b24b755d3dab5df4381959b693ba9e)\n","title":"settings: accept not-saved secrets from agents without modify-system","timestamp":"2026-02-25T09:25:24+01:00","url":"https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/480ba052f3553b1af6ebbbd8d2995486d5f62270","author":{"name":"Beniamino Galvani","email":"bgalvani@redhat.com"},"added":[],"modified":["src/core/settings/nm-settings-connection.c"],"removed":[]},{"id":"375be1c1b0eb852bbfb897f813f64d86b4211963","message":"settings: fix check on existing system secrets\n\nThe previous check was based only on the presence of a non-NULL\n\"existing_secrets\" GVariant. That GVariant is created via:\n\n  nm_connection_to_dbus(nm_settings_connection_get_connection(self),\n                        NM_CONNECTION_SERIALIZE_WITH_SECRETS_SYSTEM_OWNED)\n\nThe function returns a GVariant containing a first-level dictionary\nfor each setting, even for those that doesn't contain any secrets. As\na result, the check was requiring the system.modify permission even if\nthere weren't any cached secrets to send to the agent.\n\nFix the check to actually check for the presence of any secrets in the\ncached dictionary. Some connection types have a third-level\ndictionary that can be empty, for example VPNs have vpn.secrets.\n\n(cherry picked from commit 024360bffa1d0848f2acb0d4eabefedf1b5f8787)\n","title":"settings: fix check on existing system secrets","timestamp":"2026-02-25T09:25:27+01:00","url":"https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/375be1c1b0eb852bbfb897f813f64d86b4211963","author":{"name":"Beniamino Galvani","email":"bgalvani@redhat.com"},"added":[],"modified":["src/core/settings/nm-agent-manager.c"],"removed":[]}],"total_commits_count":4,"push_options":{},"repository":{"name":"NetworkManager","url":"git@ssh.gitlab.freedesktop.org:NetworkManager/NetworkManager.git","description":"NetworkManager — network management daemon","homepage":"https://gitlab.freedesktop.org/NetworkManager/NetworkManager","git_http_url":"https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git","git_ssh_url":"git@ssh.gitlab.freedesktop.org:NetworkManager/NetworkManager.git","visibility_level":20}}