{"object_kind":"push","event_name":"push","before":"13bfa44cebf504e88e2ac00ab85145119263d8fe","after":"1756ec54e384cc7e66878e9eecf7dd713df9de29","ref":"refs/heads/main","ref_protected":false,"checkout_sha":"1756ec54e384cc7e66878e9eecf7dd713df9de29","message":null,"user_id":94562,"user_name":"Íñigo Huguet","user_username":"ihuguet","user_email":"","user_avatar":"https://gitlab.freedesktop.org/uploads/-/system/user/avatar/94562/avatar.png","project_id":411,"project":{"id":411,"name":"NetworkManager","description":"NetworkManager — network management daemon","web_url":"https://gitlab.freedesktop.org/NetworkManager/NetworkManager","avatar_url":"https://gitlab.freedesktop.org/uploads/-/system/project/avatar/411/nm_logo.png","git_ssh_url":"git@ssh.gitlab.freedesktop.org:NetworkManager/NetworkManager.git","git_http_url":"https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git","namespace":"NetworkManager","visibility_level":20,"path_with_namespace":"NetworkManager/NetworkManager","default_branch":"main","ci_config_path":"","homepage":"https://gitlab.freedesktop.org/NetworkManager/NetworkManager","url":"git@ssh.gitlab.freedesktop.org:NetworkManager/NetworkManager.git","ssh_url":"git@ssh.gitlab.freedesktop.org:NetworkManager/NetworkManager.git","http_url":"https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git"},"commits":[{"id":"0b75d905e59999539ab1e92a92646b634c221215","message":"polkit: remove the modify_system build option\n\nThis build option allowed non-admin users to create system-wide\nconnections. Generally, this is not a good idea as system-wide changes\nshould be done by administrators.\n\nHowever, the main reason for the change is that this can be used to\nbypass filesystem permissions, among possibly other attacks. As the\ndaemon runs as root, a user can create a system-wide connection that\nuses a certificate from a different user to authenticate in a WiFi\nnetwork protected with 802.1X or a VPN, because as root user the daemon\ncan access to the file.\n\nThis patch does not completely fix the issue, as users can still create\nprivate connections specifying a path to another user's connection. This\nwill be addressed in other patch. However, this patch is needed too,\nbecause in system-wide connections we don't store which user created the\nconnection, so there woudn't be any way to check his/her permissions.\n\nThis is part of the fix for CVE-2025-9615\n\nSee: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1809\n","title":"polkit: remove the modify_system build option","timestamp":"2025-12-12T12:38:48+01:00","url":"https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/0b75d905e59999539ab1e92a92646b634c221215","author":{"name":"Íñigo Huguet","email":"ihuguet@riseup.net"},"added":["data/org.freedesktop.NetworkManager.policy.in"],"modified":[".gitignore","NEWS","contrib/fedora/rpm/NetworkManager.spec","contrib/fedora/rpm/configure-for-system.sh","data/meson.build","meson.build","meson_options.txt","po/POTFILES.in"],"removed":[]},{"id":"39143f8bdd1a0fa65e95f57e0487457d33db07d6","message":"polkit: add build option to allow admin users not to type their password\n\nAdd a build option to allow installing a Polkit rule that will grant\npermissions for admin users without asking for their password if they're\nin a local console.\n\nThis shouldn't be encouraged, though. It's common practice that admin\nusers has to introduce their password to make system-wide changes. The\nstandard polkit policy, without this rule, is auth_admin_keep. This\npolicy will ask for the password once and won't ask for it again for\n~5 minutes, so it is not too unconvenient.\n\nDifferent distros use different group names for users with admin rights,\ntypically 'sudo' or 'wheel'. The build option allows to define the\ndesired group, or to leave it empty to not install the rule.\n\nHowever, until the previous commit it was allowed that local users (even\nnon-admin) could do system-wide changes without introducing a password.\nThis option allows to maintain the same behavior for admin users,\nkeeping backwards compatibility so we avoid breaking existing scripts,\nfor example. We cannot achieve the same for non-admin users because\nallowing them to create system-wide connection causes security\nvulnerabilities that cannot be fixed in any other way.\n","title":"polkit: add build option to allow admin users not to type their password","timestamp":"2025-12-12T12:38:48+01:00","url":"https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/39143f8bdd1a0fa65e95f57e0487457d33db07d6","author":{"name":"Íñigo Huguet","email":"ihuguet@riseup.net"},"added":["data/org.freedesktop.NetworkManager.rules.in"],"modified":["data/meson.build","meson.build","meson_options.txt"],"removed":[]},{"id":"d8f143f60146e847c673acceb1102417c3cd85a2","message":"spec: enable polkit_noauth_group for Fedora <= 43 and RHEL <= 10\n\nIn Fedora 44 and RHEL 11, admin users will need to type their password\neven on local consoles.\n","title":"spec: enable polkit_noauth_group for Fedora <= 43 and RHEL <= 10","timestamp":"2025-12-12T12:38:48+01:00","url":"https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/d8f143f60146e847c673acceb1102417c3cd85a2","author":{"name":"Íñigo Huguet","email":"ihuguet@riseup.net"},"added":[],"modified":["contrib/fedora/rpm/NetworkManager.spec"],"removed":[]},{"id":"2739850b7842b488db7516f9b392f45f36bc596c","message":"libnm-core, core: add permission helpers\n\nAdd utility functions to get the number of users and the first user\nfrom the connection.permissions property of a connection.\n","title":"libnm-core, core: add permission helpers","timestamp":"2025-12-12T12:38:48+01:00","url":"https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/2739850b7842b488db7516f9b392f45f36bc596c","author":{"name":"Beniamino Galvani","email":"bgalvani@redhat.com"},"added":[],"modified":["src/core/nm-core-utils.c","src/core/nm-core-utils.h","src/libnm-core-impl/nm-setting-connection.c","src/libnm-core-intern/nm-core-internal.h"],"removed":[]},{"id":"6c1e04fc61eeb3526c9e91f1c36bf9bc44a478c3","message":"helpers: move helper programs to the same directory\n\nCreate a new 'nm-helpers' directory for all the helper programs, to\navoid having too many subdirs in the src directory.\n","title":"helpers: move helper programs to the same directory","timestamp":"2025-12-12T12:38:48+01:00","url":"https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/6c1e04fc61eeb3526c9e91f1c36bf9bc44a478c3","author":{"name":"Beniamino Galvani","email":"bgalvani@redhat.com"},"added":["src/nm-helpers/README.md","src/nm-helpers/meson.build","src/nm-helpers/nm-daemon-helper.c","src/nm-helpers/nm-priv-helper.c","src/nm-helpers/nm-priv-helper.conf","src/nm-helpers/org.freedesktop.nm_priv_helper.service.in"],"modified":["src/meson.build"],"removed":["src/nm-daemon-helper/README.md","src/nm-daemon-helper/meson.build"]},{"id":"41e28b900f59c23c6bef059164371eb36ae8e586","message":"daemon-helper: add read-file-as-user\n\nAdd a new command to read the content of a file after switching to the\ngiven user. This command can be used to enforce Unix filesystem\npermissions when accessing a file on behalf of a user.\n","title":"daemon-helper: add read-file-as-user","timestamp":"2025-12-12T12:38:48+01:00","url":"https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/41e28b900f59c23c6bef059164371eb36ae8e586","author":{"name":"Beniamino Galvani","email":"bgalvani@redhat.com"},"added":[],"modified":["src/libnm-std-aux/nm-std-utils.c","src/libnm-std-aux/nm-std-utils.h","src/nm-helpers/README.md","src/nm-helpers/nm-daemon-helper.c"],"removed":[]},{"id":"bd2484d1a9d4e8c999855ba33901bf67fc057ae4","message":"supplicant: remove blobs before adding new ones\n\nWhen connecting, we add the blobs to the Interface object of the\nsupplicant. Those blobs are not removed on disconnect and so when we\ntry to add blobs with the same id, the supplicant returns an error.\n\nMake sure we start from a clean slate on each connection attempt, by\ndeleting all existing blobs. Probably we should also delete the added\nblobs on disconnect, but that's left for a future improvement.\n","title":"supplicant: remove blobs before adding new ones","timestamp":"2025-12-12T12:38:48+01:00","url":"https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/bd2484d1a9d4e8c999855ba33901bf67fc057ae4","author":{"name":"Beniamino Galvani","email":"bgalvani@redhat.com"},"added":[],"modified":["src/core/supplicant/nm-supplicant-interface.c"],"removed":[]},{"id":"4e26403c4a445b65a53c21145b15aa3e77d7240f","message":"core: support returning binary output from the daemon helper\n\nThe full output of the daemon helper is added to a NMStrBuf, without\ninterpreting it as a string (that is, without stopping at the first\nNUL character).\n\nHowever, when we retrieve the content from the NMStrBuf we assume it's\na string. This is fine for certain commands that expect a string\noutput, but it's not for other commands as the read-file-as-user one.\n\nAdd a new argument to nm_utils_spawn_helper() to specify whether the\noutput is binary or not. Also have different finish functions\ndepending on the return type.\n","title":"core: support returning binary output from the daemon helper","timestamp":"2025-12-12T12:38:49+01:00","url":"https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/4e26403c4a445b65a53c21145b15aa3e77d7240f","author":{"name":"Beniamino Galvani","email":"bgalvani@redhat.com"},"added":[],"modified":["src/core/devices/nm-device-utils.c","src/core/nm-core-utils.c","src/core/nm-core-utils.h"],"removed":[]},{"id":"932b85f7e7ee1a8ec50922d1468e53e77dc084d7","message":"supplicant: rename variables\n\nRename uid to to blob_id, and con_uid to con_uuid.\n","title":"supplicant: rename variables","timestamp":"2025-12-12T12:38:49+01:00","url":"https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/932b85f7e7ee1a8ec50922d1468e53e77dc084d7","author":{"name":"Beniamino Galvani","email":"bgalvani@redhat.com"},"added":[],"modified":["src/core/supplicant/nm-supplicant-config.c"],"removed":[]},{"id":"97033051222d25d2e576651011eef186bf003648","message":"core: add functions to read private files of connections\n\nAdd function nm_utils_read_private_files(). It can be used to read a\nlist of paths as the given user. It spawns the daemon-helper to read\neach path and returns asynchronously a hash table containing the files\ncontent.\n\nAlso add nm_utils_get_connection_private_files_paths() to return a\nlist of file paths referenced in a connection. The function currently\nreturns only 802.1x file paths for certificates and keys.\n","title":"core: add functions to read private files of connections","timestamp":"2025-12-12T12:38:49+01:00","url":"https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/97033051222d25d2e576651011eef186bf003648","author":{"name":"Beniamino Galvani","email":"bgalvani@redhat.com"},"added":[],"modified":["src/core/nm-core-utils.c","src/core/nm-core-utils.h"],"removed":[]},{"id":"a1928b4459a771acbc943dfd41ed3c3426ddb4a6","message":"device: read private files in stage2\n\nDuring stage2 (prepare) of an activation, check if the connection is\nprivate and if it contains any certificate/key path. If so, start\nreading the files and delay stage2. Once done, store the files'\ncontent into priv->private_files.table and continue the activation.\n","title":"device: read private files in stage2","timestamp":"2025-12-12T12:38:49+01:00","url":"https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/a1928b4459a771acbc943dfd41ed3c3426ddb4a6","author":{"name":"Beniamino Galvani","email":"bgalvani@redhat.com"},"added":[],"modified":["src/core/devices/nm-device-private.h","src/core/devices/nm-device.c"],"removed":[]},{"id":"e85cc46d0b36cdba50fe8411cc93d55a49ebfccf","message":"core: pass certificates as blobs to supplicant for private connections\n\nIn case of private connections, the device has already read the\ncertificates and keys content from disk, validating that the owner of\nthe connection has access to them. Pass those files as blobs to the\nsupplicant so that it doesn't have to read them again from the\nfilesystem, creating the opportunity for TOCTOU bugs.\n","title":"core: pass certificates as blobs to supplicant for private connections","timestamp":"2025-12-12T12:38:50+01:00","url":"https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/e85cc46d0b36cdba50fe8411cc93d55a49ebfccf","author":{"name":"Beniamino Galvani","email":"bgalvani@redhat.com"},"added":[],"modified":["NEWS","src/core/devices/nm-device-ethernet.c","src/core/devices/nm-device-macsec.c","src/core/devices/wifi/nm-device-wifi.c","src/core/supplicant/nm-supplicant-config.c","src/core/supplicant/nm-supplicant-config.h","src/core/supplicant/tests/test-supplicant-config.c"],"removed":[]},{"id":"8d8edda3f40c95c279b20a9fe586997cf40893eb","message":"core,libnm-core: introduce property flag for certificate and keys\n\nIf we add a new property in the future and it references a certificate\nor key stored on disk, we need to also implement the logic to verify\nthe access to the file for private connections.\n\nAdd a new property flag NM_SETTING_PARAM_CERT_KEY_FILE to existing\ncertificate and key properties, so that it's easier to see that they\nneed special treatment. Also add some assertions to verify that the\nproperties with the flag are handled properly.\n\nWhile at it, move the enumeration of private-files to the settings.\n","title":"core,libnm-core: introduce property flag for certificate and keys","timestamp":"2025-12-12T12:38:50+01:00","url":"https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/8d8edda3f40c95c279b20a9fe586997cf40893eb","author":{"name":"Beniamino Galvani","email":"bgalvani@redhat.com"},"added":[],"modified":["src/core/nm-core-utils.c","src/libnm-core-impl/nm-setting-8021x.c","src/libnm-core-impl/nm-setting-private.h","src/libnm-core-impl/nm-setting.c","src/libnm-core-intern/nm-core-internal.h"],"removed":[]},{"id":"10db4baeb6d3eef76cf036b2f342ab61caa29764","message":"vpn: add nm_vpn_plugin_info_supports_safe_private_file_access()\n\nThe new API indicates that the VPN plugin supports reading files\n(certificates, keys) of private connections in a safe way\n(i.e. checking user permissions), or that it doesn't need to read any\nfile from disk.\n","title":"vpn: add nm_vpn_plugin_info_supports_safe_private_file_access()","timestamp":"2025-12-12T12:41:28+01:00","url":"https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/10db4baeb6d3eef76cf036b2f342ab61caa29764","author":{"name":"Beniamino Galvani","email":"bgalvani@redhat.com"},"added":[],"modified":["src/libnm-client-impl/libnm.ver","src/libnm-core-impl/nm-vpn-plugin-info.c","src/libnm-core-public/nm-vpn-plugin-info.h"],"removed":[]},{"id":"57eb4a5bc65e3031a2b1435f551ed0f313873978","message":"vpn: check that plugin supports private connections\n\nOnly allow private VPN connections if the VPN plugin declares the\nsupports-safe-private-file-access capability. Also check that the\nprivate connection doesn't have more than one owner.\n","title":"vpn: check that plugin supports private connections","timestamp":"2025-12-12T12:42:01+01:00","url":"https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/57eb4a5bc65e3031a2b1435f551ed0f313873978","author":{"name":"Beniamino Galvani","email":"bgalvani@redhat.com"},"added":[],"modified":["src/core/vpn/nm-vpn-manager.c"],"removed":[]},{"id":"1a52bbe7c9dcabc066d8930dfd7b7cfe74dabf78","message":"libnm: add function to copy a certificate or key as user\n\nAdd a new public function nm_utils_copy_cert_as_user() to libnm. It\nreads a certificate or key file on behalf of the given user and writes\nit to a directory in /run/NetworkManager. It is useful for VPN plugins\nthat run as root and need to verify that the user owning the\nconnection (the one listed in the connection.permissions property) can\naccess the file.\n","title":"libnm: add function to copy a certificate or key as user","timestamp":"2025-12-12T12:43:15+01:00","url":"https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/1a52bbe7c9dcabc066d8930dfd7b7cfe74dabf78","author":{"name":"Beniamino Galvani","email":"bgalvani@redhat.com"},"added":["src/libnm-client-impl/tests/test-copy-cert-as-user.c","src/nm-helpers/nm-libnm-helper.c"],"modified":["NEWS","contrib/fedora/rpm/NetworkManager.spec","src/libnm-client-impl/libnm.ver","src/libnm-client-impl/tests/meson.build","src/libnm-core-impl/nm-utils.c","src/libnm-core-public/nm-utils.h","src/nm-helpers/README.md","src/nm-helpers/meson.build"],"removed":[]},{"id":"1756ec54e384cc7e66878e9eecf7dd713df9de29","message":"merge: branch 'issue1809'\n\nCVE-2025-9615: avoid that non-admin user using other users' certificates.\n\nCloses #1809\n\nhttps://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2324","title":"merge: branch 'issue1809'","timestamp":"2025-12-12T12:29:41+00:00","url":"https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/1756ec54e384cc7e66878e9eecf7dd713df9de29","author":{"name":"Íñigo Huguet","email":"ihuguet@riseup.net"},"added":["data/org.freedesktop.NetworkManager.policy.in","data/org.freedesktop.NetworkManager.rules.in","src/libnm-client-impl/tests/test-copy-cert-as-user.c","src/nm-helpers/README.md","src/nm-helpers/meson.build","src/nm-helpers/nm-daemon-helper.c","src/nm-helpers/nm-libnm-helper.c","src/nm-helpers/nm-priv-helper.c","src/nm-helpers/nm-priv-helper.conf","src/nm-helpers/org.freedesktop.nm_priv_helper.service.in"],"modified":[".gitignore","NEWS","contrib/fedora/rpm/NetworkManager.spec","contrib/fedora/rpm/configure-for-system.sh","data/meson.build","meson.build","meson_options.txt","po/POTFILES.in","src/core/devices/nm-device-ethernet.c","src/core/devices/nm-device-macsec.c","src/core/devices/nm-device-private.h","src/core/devices/nm-device-utils.c","src/core/devices/nm-device.c","src/core/devices/wifi/nm-device-wifi.c","src/core/nm-core-utils.c","src/core/nm-core-utils.h","src/core/supplicant/nm-supplicant-config.c","src/core/supplicant/nm-supplicant-config.h","src/core/supplicant/nm-supplicant-interface.c","src/core/supplicant/tests/test-supplicant-config.c","src/core/vpn/nm-vpn-manager.c","src/libnm-client-impl/libnm.ver","src/libnm-client-impl/tests/meson.build","src/libnm-core-impl/nm-setting-8021x.c","src/libnm-core-impl/nm-setting-connection.c","src/libnm-core-impl/nm-setting-private.h","src/libnm-core-impl/nm-setting.c","src/libnm-core-impl/nm-utils.c","src/libnm-core-impl/nm-vpn-plugin-info.c","src/libnm-core-intern/nm-core-internal.h","src/libnm-core-public/nm-utils.h","src/libnm-core-public/nm-vpn-plugin-info.h","src/libnm-std-aux/nm-std-utils.c","src/libnm-std-aux/nm-std-utils.h","src/meson.build"],"removed":["src/nm-daemon-helper/README.md","src/nm-daemon-helper/meson.build"]}],"total_commits_count":17,"push_options":{},"repository":{"name":"NetworkManager","url":"git@ssh.gitlab.freedesktop.org:NetworkManager/NetworkManager.git","description":"NetworkManager — network management daemon","homepage":"https://gitlab.freedesktop.org/NetworkManager/NetworkManager","git_http_url":"https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git","git_ssh_url":"git@ssh.gitlab.freedesktop.org:NetworkManager/NetworkManager.git","visibility_level":20}}