The split DNS patches are now upstream (rh #1161232)

These are fixes that were fixed between 1.0.0 and 1.0.2, but missing in Fedora
21's 0.9.10.x release. I guess it does no harm to do an update before we
release 0.9.10.4 really.

- Fix split DNS configuration with dnsmasq and VPN connections (rh #1161232)
- Fix indication that a WiFi plugin is missing (rh #1168573)
- Don't let IPv6 Router Advertisements lower Hop Limit (CVE-2015-2924) (rh #1209903)
- User a proper SONAME when loading libnl (rh #1205195)

.gitignore

@@ -1,4 +1,5 @@
 *.makerepo-split.*
+makerepo.gitignore
 network-manager-applet-0.6.5.tar.bz2
 NetworkManager-0.6.5.tar.bz2
 NetworkManager-0.7.0.svn2736.tar.gz
@@ -308,3 +309,10 @@ network-manager-applet-0.8.1.tar.bz2
 /NetworkManager-0.9.9.95.git20140609.1963adda.tar.bz2
 /NetworkManager-0.9.9.98.git20140620.63b0a2f5.tar.bz2
 /NetworkManager-0.9.10.0.git20140704.6eb82acd.tar.bz2
+/NetworkManager-0.9.10.1.git20150105.b00ad26.tar.bz2
+/NetworkManager-0.9.10.1.20150109git.ce3b386.tar.bz2
+/NetworkManager-0.9.10.1.20150115git.ea40551.tar.bz2
+/NetworkManager-0.9.10.1.20150115git.76c00cf.tar.bz2
+/NetworkManager-0.9.10.1.tar.xz
+/NetworkManager-0.9.10.1.20150219git.e734eee2.tar.bz2
+/NetworkManager-0.9.10.2.tar.xz

0001-connectivity-disable-HTTP-keepalive-for-connectivity.patch

@@ -0,0 +1,32 @@
+From 46c836e5cd5342cab5dfb4cd6eb5daf6170b70a0 Mon Sep 17 00:00:00 2001
+From: Dan Williams <dcbw@redhat.com>
+Date: Mon, 16 Mar 2015 10:44:16 -0500
+Subject: [PATCH] connectivity: disable HTTP keepalive for connectivity checks
+
+There won't be any further requests, so there's no point in keeping
+the connection alive.  Even if the HTTP server doesn't care, proxy
+servers in-between might keep the connection open for a couple seconds
+for keepalive, and we might as well be nice to them and tell them we
+don't need to keep it alive.
+
+(cherry picked from commit 90692e3efff398f0e4420827fc6d7ac342360e5c)
+---
+ src/nm-connectivity.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/nm-connectivity.c b/src/nm-connectivity.c
+index 4d5feef..85bd70a 100644
+--- a/src/nm-connectivity.c
++++ b/src/nm-connectivity.c
+@@ -247,6 +247,8 @@ nm_connectivity_check_async (NMConnectivity      *self,
+ 	if (priv->uri && priv->interval) {
+ 		msg = soup_message_new ("GET", priv->uri);
+ 		soup_message_set_flags (msg, SOUP_MESSAGE_NO_REDIRECT);
++		/* Disable HTTP/1.1 keepalive; the connection should not persist */
++		soup_message_headers_append (msg->request_headers, "Connection", "close");
+ 		soup_session_queue_message (priv->soup_session,
+ 		                            msg,
+ 		                            nm_connectivity_check_cb,
+-- 
+2.1.0
+

0003-kill-dns-plugin-child-synchronously-rh1161232.patch

@@ -0,0 +1,103 @@
+From a6ac4dd1176f7fc6f12e8513ec49da58607a6922 Mon Sep 17 00:00:00 2001
+From: Lubomir Rintel <lkundrak@v3.sk>
+Date: Wed, 6 May 2015 11:52:27 +0200
+Subject: [PATCH] dns: kill plugin child synchronously to avoid restart race
+ (rh #1161232) (bgo #728342)
+
+NM was killing the dnsmasq local caching nameserver process and immediately
+starting a new one, and new process couldn't bind to 127.0.0.1 because the
+old one hadn't quit yet.  Thus the new process quit, and the user was
+left with no split DNS at all.
+
+While this does introduce more synchronous waiting into the connection
+process, it's not that much time and NM will kill dnsmasq if it hasn't
+quit after 1 second.  The longer-term fix is to use dnsmasq's D-Bus
+interface to update DNS without respawning it.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=728342
+https://bugzilla.redhat.com/show_bug.cgi?id=1161232
+
+This is a rework of 10aff12526a2fc4b2d099df2710fdb040ccd9e4c. The newer
+branches have ff3b753 (core: use nm_utils_kill_child_async() and
+nm_utils_kill_child_sync()) which in turn relies on 1f84185 (core: add
+nm_utils_kill_child_async() and nm_utils_kill_child_sync() function) that is
+not entirely trivial to backport.
+---
+ src/dns-manager/nm-dns-plugin.c | 46 ++++++++++++++---------------------------
+ 1 file changed, 16 insertions(+), 30 deletions(-)
+
+diff --git a/src/dns-manager/nm-dns-plugin.c b/src/dns-manager/nm-dns-plugin.c
+index e85b2a0..4f86d63 100644
+--- a/src/dns-manager/nm-dns-plugin.c
++++ b/src/dns-manager/nm-dns-plugin.c
+@@ -196,29 +196,6 @@ nm_dns_plugin_child_spawn (NMDnsPlugin *self,
+ 	return priv->pid;
+ }
+ 
+-typedef struct {
+-	int pid;
+-	char *progname;
+-} KillInfo;
+-
+-static gboolean
+-ensure_killed (gpointer data)
+-{
+-	KillInfo *info = data;
+-
+-	if (kill (info->pid, 0) == 0)
+-		kill (info->pid, SIGKILL);
+-
+-	/* ensure the child is reaped */
+-	nm_log_dbg (LOGD_DNS, "waiting for %s pid %d to exit", info->progname, info->pid);
+-	waitpid (info->pid, NULL, 0);
+-	nm_log_dbg (LOGD_DNS, "dnsmasq pid %d cleaned up", info->pid);
+-
+-	g_free (info->progname);
+-	g_free (info);
+-	return FALSE;
+-}
+-
+ gboolean nm_dns_plugin_child_kill (NMDnsPlugin *self)
+ {
+ 	NMDnsPluginPrivate *priv = NM_DNS_PLUGIN_GET_PRIVATE (self);
+@@ -229,21 +206,30 @@ gboolean nm_dns_plugin_child_kill (NMDnsPlugin *self)
+ 	}
+ 
+ 	if (priv->pid) {
+-		KillInfo *info;
+ 
+ 		if (kill (priv->pid, SIGTERM) == 0) {
+-			info = g_malloc0 (sizeof (KillInfo));
+-			info->pid = priv->pid;
+-			info->progname = g_strdup (priv->progname);
+-			g_timeout_add_seconds (2, ensure_killed, info);
+-		} else {
++			int counter = 20;
++
++			/* Wait up to 2 seconds synchronously. */
++			nm_log_dbg (LOGD_DNS, "waiting for %s pid %d to exit", priv->progname, priv->pid);
++			while (counter--) {
++				if (waitpid (priv->pid, NULL, WNOHANG))
++					goto killed;
++				g_usleep (100000);
++			}
++		}
++
++		if (kill (priv->pid, 0) == 0) {
++			/* Not dead yet. */
+ 			kill (priv->pid, SIGKILL);
+ 
+ 			/* ensure the child is reaped */
+ 			nm_log_dbg (LOGD_DNS, "waiting for %s pid %d to exit", priv->progname, priv->pid);
+ 			waitpid (priv->pid, NULL, 0);
+-			nm_log_dbg (LOGD_DNS, "%s pid %d cleaned up", priv->progname, priv->pid);
+ 		}
++
++killed:
++		nm_log_dbg (LOGD_DNS, "%s pid %d cleaned up", priv->progname, priv->pid);
+ 		priv->pid = 0;
+ 		g_free (priv->progname);
+ 		priv->progname = NULL;
+-- 
+2.4.0
+

0004-refactor-building-IP-config-lists-for-dns-plugins-rh1161232.patch

@@ -0,0 +1,135 @@
+From 2171b984e3c9a17c032ac80054db79523d97d9dd Mon Sep 17 00:00:00 2001
+From: Dan Williams <dcbw@redhat.com>
+Date: Wed, 14 Jan 2015 17:03:22 -0600
+Subject: [PATCH 2/4] dns: refactor building IP config lists for plugins (bgo
+ #728342)
+
+Don't bother building the lists if no DNS plugins are enabled.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=728342
+(cherry picked from commit cc8d9f778c2237b3e9e6815a2e0cc5635328edab)
+---
+ src/dns-manager/nm-dns-manager.c | 70 ++++++++++++++++++++++++----------------
+ 1 file changed, 43 insertions(+), 27 deletions(-)
+
+diff --git a/src/dns-manager/nm-dns-manager.c b/src/dns-manager/nm-dns-manager.c
+index ddf31af..e6984e3 100644
+--- a/src/dns-manager/nm-dns-manager.c
++++ b/src/dns-manager/nm-dns-manager.c
+@@ -561,6 +561,42 @@ compute_hash (NMDnsManager *self, guint8 buffer[HASH_LEN])
+ 	g_checksum_free (sum);
+ }
+ 
++static void
++build_plugin_config_lists (NMDnsManager *self,
++                           GSList **out_vpn_configs,
++                           GSList **out_dev_configs,
++                           GSList **out_other_configs)
++{
++	NMDnsManagerPrivate *priv = NM_DNS_MANAGER_GET_PRIVATE (self);
++	GSList *iter;
++
++	g_return_if_fail (out_vpn_configs && !*out_vpn_configs);
++	g_return_if_fail (out_dev_configs && !*out_dev_configs);
++	g_return_if_fail (out_other_configs && !*out_other_configs);
++
++	/* Build up config lists for plugins; we use the raw configs here, not the
++	 * merged information that we write to resolv.conf so that the plugins can
++	 * still use the domain information in each config to provide split DNS if
++	 * they want to.
++	 */
++	if (priv->ip4_vpn_config)
++		*out_vpn_configs = g_slist_append (*out_vpn_configs, priv->ip4_vpn_config);
++	if (priv->ip6_vpn_config)
++		*out_vpn_configs = g_slist_append (*out_vpn_configs, priv->ip6_vpn_config);
++	if (priv->ip4_device_config)
++		*out_dev_configs = g_slist_append (*out_dev_configs, priv->ip4_device_config);
++	if (priv->ip6_device_config)
++		*out_dev_configs = g_slist_append (*out_dev_configs, priv->ip6_device_config);
++
++	for (iter = priv->configs; iter; iter = g_slist_next (iter)) {
++		if (   (iter->data != priv->ip4_vpn_config)
++		    && (iter->data != priv->ip4_device_config)
++		    && (iter->data != priv->ip6_vpn_config)
++		    && (iter->data != priv->ip6_device_config))
++			*out_other_configs = g_slist_append (*out_other_configs, iter->data);
++	}
++}
++
+ static gboolean
+ update_dns (NMDnsManager *self,
+             gboolean no_caching,
+@@ -568,7 +604,7 @@ update_dns (NMDnsManager *self,
+ {
+ 	NMDnsManagerPrivate *priv;
+ 	NMResolvConfData rc;
+-	GSList *iter, *vpn_configs = NULL, *dev_configs = NULL, *other_configs = NULL;
++	GSList *iter;
+ 	const char *nis_domain = NULL;
+ 	char **searches = NULL;
+ 	char **nameservers = NULL;
+@@ -674,32 +710,11 @@ update_dns (NMDnsManager *self,
+ 
+ 	nis_domain = rc.nis_domain;
+ 
+-	/* Build up config lists for plugins; we use the raw configs here, not the
+-	 * merged information that we write to resolv.conf so that the plugins can
+-	 * still use the domain information in each config to provide split DNS if
+-	 * they want to.
+-	 */
+-	if (priv->ip4_vpn_config)
+-		vpn_configs = g_slist_append (vpn_configs, priv->ip4_vpn_config);
+-	if (priv->ip6_vpn_config)
+-		vpn_configs = g_slist_append (vpn_configs, priv->ip6_vpn_config);
+-	if (priv->ip4_device_config)
+-		dev_configs = g_slist_append (dev_configs, priv->ip4_device_config);
+-	if (priv->ip6_device_config)
+-		dev_configs = g_slist_append (dev_configs, priv->ip6_device_config);
+-
+-	for (iter = priv->configs; iter; iter = g_slist_next (iter)) {
+-		if (   (iter->data != priv->ip4_vpn_config)
+-		    && (iter->data != priv->ip4_device_config)
+-		    && (iter->data != priv->ip6_vpn_config)
+-		    && (iter->data != priv->ip6_device_config))
+-			other_configs = g_slist_append (other_configs, iter->data);
+-	}
+-
+ 	/* Let any plugins do their thing first */
+ 	if (priv->plugin) {
+ 		NMDnsPlugin *plugin = priv->plugin;
+ 		const char *plugin_name = nm_dns_plugin_get_name (plugin);
++		GSList *vpn_configs = NULL, *dev_configs = NULL, *other_configs = NULL;
+ 
+ 		if (nm_dns_plugin_is_caching (plugin)) {
+ 			if (no_caching) {
+@@ -710,6 +725,8 @@ update_dns (NMDnsManager *self,
+ 			caching = TRUE;
+ 		}
+ 
++		build_plugin_config_lists (self, &vpn_configs, &dev_configs, &other_configs);
++
+ 		nm_log_dbg (LOGD_DNS, "DNS: updating plugin %s", plugin_name);
+ 		if (!nm_dns_plugin_update (plugin,
+ 		                           vpn_configs,
+@@ -723,15 +740,14 @@ update_dns (NMDnsManager *self,
+ 			 */
+ 			caching = FALSE;
+ 		}
++		g_slist_free (vpn_configs);
++		g_slist_free (dev_configs);
++		g_slist_free (other_configs);
+ 
+ 	skip:
+ 		;
+ 	}
+ 
+-	g_slist_free (vpn_configs);
+-	g_slist_free (dev_configs);
+-	g_slist_free (other_configs);
+-
+ 	/* If caching was successful, we only send 127.0.0.1 to /etc/resolv.conf
+ 	 * to ensure that the glibc resolver doesn't try to round-robin nameservers,
+ 	 * but only uses the local caching nameserver.
+-- 
+2.4.0
+

0005-ensure-that-update_dns-always-returns-a-GError-rh1161232.patch

@@ -0,0 +1,300 @@
+From 991b8efca0d3136d8c63b202a9346572c8197da5 Mon Sep 17 00:00:00 2001
+From: Dan Williams <dcbw@redhat.com>
+Date: Thu, 26 Feb 2015 15:04:36 -0600
+Subject: [PATCH 3/4] dns: ensure that update_dns() always returns a GError on
+ failure
+
+Callers may expect this, so make sure we do it.
+
+(cherry picked from commit 06f25a3ec7c07eac5785daeb99f648200abe3feb)
+---
+ src/NetworkManagerUtils.c        | 19 ++++----
+ src/NetworkManagerUtils.h        |  2 +-
+ src/dns-manager/nm-dns-manager.c | 99 +++++++++++++++++++++-------------------
+ src/dns-manager/nm-dns-unbound.c |  2 +-
+ 4 files changed, 62 insertions(+), 60 deletions(-)
+
+diff --git a/src/NetworkManagerUtils.c b/src/NetworkManagerUtils.c
+index e6814e3..0a7a9b6 100644
+--- a/src/NetworkManagerUtils.c
++++ b/src/NetworkManagerUtils.c
+@@ -134,27 +134,26 @@ nm_utils_ip6_address_clear_host_address (struct in6_addr *dst, const struct in6_
+ 
+ 
+ int
+-nm_spawn_process (const char *args)
++nm_spawn_process (const char *args, GError **error)
+ {
++	GError *local = NULL;
+ 	gint num_args;
+ 	char **argv = NULL;
+ 	int status = -1;
+-	GError *error = NULL;
+ 
+ 	g_return_val_if_fail (args != NULL, -1);
++	g_return_val_if_fail (!error || !*error, -1);
+ 
+-	if (!g_shell_parse_argv (args, &num_args, &argv, &error)) {
+-		nm_log_warn (LOGD_CORE, "could not parse arguments for '%s': %s", args, error->message);
+-		g_error_free (error);
+-		return -1;
++	if (g_shell_parse_argv (args, &num_args, &argv, &local)) {
++		g_spawn_sync ("/", argv, NULL, 0, nm_unblock_posix_signals, NULL, NULL, NULL, &status, &local);
++		g_strfreev (argv);
+ 	}
+ 
+-	if (!g_spawn_sync ("/", argv, NULL, 0, nm_unblock_posix_signals, NULL, NULL, NULL, &status, &error)) {
+-		nm_log_warn (LOGD_CORE, "could not spawn process '%s': %s", args, error->message);
+-		g_error_free (error);
++	if (local) {
++		nm_log_warn (LOGD_CORE, "could not spawn process '%s': %s", args, local->message);
++		g_propagate_error (error, local);
+ 	}
+ 
+-	g_strfreev (argv);
+ 	return status;
+ }
+ 
+diff --git a/src/NetworkManagerUtils.h b/src/NetworkManagerUtils.h
+index 7be316e..22d665e 100644
+--- a/src/NetworkManagerUtils.h
++++ b/src/NetworkManagerUtils.h
+@@ -53,7 +53,7 @@ nm_utils_ip6_route_metric_normalize (guint32 metric)
+ 	return metric ? metric : 1024 /*NM_PLATFORM_ROUTE_METRIC_DEFAULT*/;
+ }
+ 
+-int nm_spawn_process (const char *args);
++int nm_spawn_process (const char *args, GError **error);
+ 
+ /* macro to return strlen() of a compile time string. */
+ #define STRLEN(str)     ( sizeof ("" str) - 1 )
+diff --git a/src/dns-manager/nm-dns-manager.c b/src/dns-manager/nm-dns-manager.c
+index e6984e3..e833ce4 100644
+--- a/src/dns-manager/nm-dns-manager.c
++++ b/src/dns-manager/nm-dns-manager.c
+@@ -323,12 +323,19 @@ dispatch_netconfig (char **searches,
+ 
+  again:
+ 
+-	ret = waitpid (pid, NULL, 0);
+-	if (ret < 0 && errno == EINTR)
+-		goto again;
+-	else if (ret < 0 && errno == ECHILD) {
+-		/* When the netconfig exist, the errno is ECHILD, it should return TRUE */
+-		return TRUE;
++	if (waitpid (pid, NULL, 0) < 0) {
++		if (errno == EINTR)
++			goto again;
++		else if (errno == ECHILD) {
++			/* child already exited */
++			ret = pid;
++		} else {
++			g_set_error_literal (error,
++			                     NM_MANAGER_ERROR,
++			                     NM_MANAGER_ERROR_FAILED,
++			                     "Error waiting for netconfig to exit: %s",
++			                     strerror (errno));
++		}
+ 	}
+ 
+ 	return ret > 0;
+@@ -344,22 +351,13 @@ write_resolv_conf (FILE *f,
+ {
+ 	char *searches_str = NULL;
+ 	char *nameservers_str = NULL;
+-	int i;
+ 	gboolean retval = FALSE;
++	char *tmp_str;
+ 	GString *str;
+ 
+-	if (fprintf (f, "%s","# Generated by NetworkManager\n") < 0) {
+-		g_set_error (error,
+-		             NM_DNS_MANAGER_ERROR,
+-		             NM_DNS_MANAGER_ERROR_SYSTEM,
+-		             "Could not write " _PATH_RESCONF ": %s\n",
+-		             g_strerror (errno));
+-		return FALSE;
+-	}
++	int i;
+ 
+ 	if (searches) {
+-		char *tmp_str;
+-
+ 		tmp_str = g_strjoinv (" ", searches);
+ 		searches_str = g_strconcat ("search ", tmp_str, "\n", NULL);
+ 		g_free (tmp_str);
+@@ -387,10 +385,17 @@ write_resolv_conf (FILE *f,
+ 
+ 	nameservers_str = g_string_free (str, FALSE);
+ 
+-	if (fprintf (f, "%s%s",
++	if (fprintf (f, "# Generated by NetworkManager\n%s%s",
+ 	             searches_str ? searches_str : "",
+-	             strlen (nameservers_str) ? nameservers_str : "") != -1)
++	             nameservers_str) > 0)
+ 		retval = TRUE;
++	else {
++		g_set_error (error,
++		             NM_DNS_MANAGER_ERROR,
++		             NM_DNS_MANAGER_ERROR_SYSTEM,
++		             "Could not write " _PATH_RESCONF ": %s\n",
++		             g_strerror (errno));
++	}
+ 
+ 	g_free (searches_str);
+ 	g_free (nameservers_str);
+@@ -407,9 +412,15 @@ dispatch_resolvconf (char **searches,
+ 	char *cmd;
+ 	FILE *f;
+ 	gboolean retval = FALSE;
++	int errnosv, err;
+ 
+-	if (! g_file_test (RESOLVCONF_PATH, G_FILE_TEST_IS_EXECUTABLE))
++	if (!g_file_test (RESOLVCONF_PATH, G_FILE_TEST_IS_EXECUTABLE)) {
++		g_set_error_literal (error,
++		                     NM_MANAGER_ERROR,
++		                     NM_MANAGER_ERROR_FAILED,
++		                     RESOLVCONF_PATH " is not executable");
+ 		return FALSE;
++	}
+ 
+ 	if (searches || nameservers) {
+ 		cmd = g_strconcat (RESOLVCONF_PATH, " -a ", "NetworkManager", NULL);
+@@ -423,12 +434,21 @@ dispatch_resolvconf (char **searches,
+ 			             g_strerror (errno));
+ 		else {
+ 			retval = write_resolv_conf (f, searches, nameservers, error);
+-			retval &= (pclose (f) == 0);
++			err = pclose (f);
++			if (err < 0) {
++				errnosv = errno;
++				g_set_error (error, G_IO_ERROR, g_io_error_from_errno (errnosv),
++				             "Failed to close pipe to resolvconf: %d", errnosv);
++				retval = FALSE;
++			} else if (err > 0) {
++				nm_log_warn (LOGD_DNS, "resolvconf failed with status %d", err);
++				retval = FALSE;
++			}
+ 		}
+ 	} else {
+ 		cmd = g_strconcat (RESOLVCONF_PATH, " -d ", "NetworkManager", NULL);
+ 		nm_log_info (LOGD_DNS, "Removing DNS information from %s", RESOLVCONF_PATH);
+-		if (nm_spawn_process (cmd) == 0)
++		if (nm_spawn_process (cmd, error) == 0)
+ 			retval = TRUE;
+ 	}
+ 
+@@ -612,8 +632,7 @@ update_dns (NMDnsManager *self,
+ 	int num, i, len;
+ 	gboolean success = FALSE, caching = FALSE;
+ 
+-	g_return_val_if_fail (error != NULL, FALSE);
+-	g_return_val_if_fail (*error == NULL, FALSE);
++	g_return_val_if_fail (!error || !*error, FALSE);
+ 
+ 	priv = NM_DNS_MANAGER_GET_PRIVATE (self);
+ 
+@@ -799,9 +818,7 @@ plugin_failed (NMDnsPlugin *plugin, gpointer user_data)
+ 
+ 	/* Disable caching until the next DNS update */
+ 	if (!update_dns (self, TRUE, &error)) {
+-		nm_log_warn (LOGD_DNS, "could not commit DNS changes: (%d) %s",
+-		             error ? error->code : -1,
+-		             error && error->message ? error->message : "(unknown)");
++		nm_log_warn (LOGD_DNS, "could not commit DNS changes: %s", error->message);
+ 		g_clear_error (&error);
+ 	}
+ }
+@@ -838,9 +855,7 @@ nm_dns_manager_add_ip4_config (NMDnsManager *mgr,
+ 		priv->configs = g_slist_append (priv->configs, g_object_ref (config));
+ 
+ 	if (!priv->updates_queue && !update_dns (mgr, FALSE, &error)) {
+-		nm_log_warn (LOGD_DNS, "could not commit DNS changes: (%d) %s",
+-		             error ? error->code : -1,
+-		             error && error->message ? error->message : "(unknown)");
++		nm_log_warn (LOGD_DNS, "could not commit DNS changes: %s", error->message);
+ 		g_clear_error (&error);
+ 	}
+ 
+@@ -872,9 +887,7 @@ nm_dns_manager_remove_ip4_config (NMDnsManager *mgr, NMIP4Config *config)
+ 	g_object_unref (config);
+ 
+ 	if (!priv->updates_queue && !update_dns (mgr, FALSE, &error)) {
+-		nm_log_warn (LOGD_DNS, "could not commit DNS changes: (%d) %s",
+-		             error ? error->code : -1,
+-		             error && error->message ? error->message : "(unknown)");
++		nm_log_warn (LOGD_DNS, "could not commit DNS changes: %s", error->message);
+ 		g_clear_error (&error);
+ 	}
+ 
+@@ -915,9 +928,7 @@ nm_dns_manager_add_ip6_config (NMDnsManager *mgr,
+ 		priv->configs = g_slist_append (priv->configs, g_object_ref (config));
+ 
+ 	if (!priv->updates_queue && !update_dns (mgr, FALSE, &error)) {
+-		nm_log_warn (LOGD_DNS, "could not commit DNS changes: (%d) %s",
+-		             error ? error->code : -1,
+-		             error && error->message ? error->message : "(unknown)");
++		nm_log_warn (LOGD_DNS, "could not commit DNS changes: %s", error->message);
+ 		g_clear_error (&error);
+ 	}
+ 
+@@ -949,9 +960,7 @@ nm_dns_manager_remove_ip6_config (NMDnsManager *mgr, NMIP6Config *config)
+ 	g_object_unref (config);	
+ 
+ 	if (!priv->updates_queue && !update_dns (mgr, FALSE, &error)) {
+-		nm_log_warn (LOGD_DNS, "could not commit DNS changes: (%d) %s",
+-		             error ? error->code : -1,
+-		             error && error->message ? error->message : "(unknown)");
++		nm_log_warn (LOGD_DNS, "could not commit DNS changes: %s", error->message);
+ 		g_clear_error (&error);
+ 	}
+ 
+@@ -994,9 +1003,7 @@ nm_dns_manager_set_hostname (NMDnsManager *mgr,
+ 	priv->hostname = g_strdup (filtered);
+ 
+ 	if (!priv->updates_queue && !update_dns (mgr, FALSE, &error)) {
+-		nm_log_warn (LOGD_DNS, "could not commit DNS changes: (%d) %s",
+-		             error ? error->code : -1,
+-		             error && error->message ? error->message : "(unknown)");
++		nm_log_warn (LOGD_DNS, "could not commit DNS changes: %s", error->message);
+ 		g_clear_error (&error);
+ 	}
+ }
+@@ -1050,9 +1057,7 @@ nm_dns_manager_end_updates (NMDnsManager *mgr, const char *func)
+ 	/* Commit all the outstanding changes */
+ 	nm_log_dbg (LOGD_DNS, "(%s): committing DNS changes (%d)", func, priv->updates_queue);
+ 	if (!update_dns (mgr, FALSE, &error)) {
+-		nm_log_warn (LOGD_DNS, "could not commit DNS changes: (%d) %s",
+-			         error ? error->code : -1,
+-			         error && error->message ? error->message : "(unknown)");
++		nm_log_warn (LOGD_DNS, "could not commit DNS changes: %s", error->message);
+ 		g_clear_error (&error);
+ 	}
+ 
+@@ -1152,9 +1157,7 @@ dispose (GObject *object)
+ 	 * DNS updates yet, there's no reason to touch resolv.conf on shutdown.
+ 	 */
+ 	if (priv->dns_touched && !update_dns (self, TRUE, &error)) {
+-		nm_log_warn (LOGD_DNS, "could not commit DNS changes on shutdown: (%d) %s",
+-		             error ? error->code : -1,
+-		             error && error->message ? error->message : "(unknown)");
++		nm_log_warn (LOGD_DNS, "could not commit DNS changes on shutdown: %s", error->message);
+ 		g_clear_error (&error);
+ 		priv->dns_touched = FALSE;
+ 	}
+diff --git a/src/dns-manager/nm-dns-unbound.c b/src/dns-manager/nm-dns-unbound.c
+index 137fd20..5520d38 100644
+--- a/src/dns-manager/nm-dns-unbound.c
++++ b/src/dns-manager/nm-dns-unbound.c
+@@ -40,7 +40,7 @@ update (NMDnsPlugin *plugin,
+ 	 * without calling custom scripts. The dnssec-trigger functionality
+ 	 * may be eventually merged into NetworkManager.
+ 	 */
+-	return nm_spawn_process ("/usr/libexec/dnssec-trigger-script --async --update") == 0;
++	return nm_spawn_process ("/usr/libexec/dnssec-trigger-script --async --update", NULL) == 0;
+ }
+ 
+ static gboolean
+-- 
+2.4.0
+

0006-refresh-DNS-if-plugin-child-quits-unexpectedly-rh1161232.patch

@@ -0,0 +1,67 @@
+From e6b47236f00ab91056be9fc3f9b8611fb16d9e57 Mon Sep 17 00:00:00 2001
+From: Dan Williams <dcbw@redhat.com>
+Date: Thu, 15 Jan 2015 11:38:33 -0600
+Subject: [PATCH 4/4] dns: refresh DNS if plugin child quits unexpectedly (bgo
+ #728342)
+
+If the child dies, or something kills the child externally, refresh
+DNS which should respawn the child, similar to what we do with
+wpa_supplicant, teamd, etc.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=728342
+(cherry picked from commit 09a05f6c3e0b4502252d70cb121654e7312520c5)
+---
+ src/dns-manager/nm-dns-manager.c | 23 ++++++++++++++++++++++-
+ 1 file changed, 22 insertions(+), 1 deletion(-)
+
+diff --git a/src/dns-manager/nm-dns-manager.c b/src/dns-manager/nm-dns-manager.c
+index e833ce4..c81bfd6 100644
+--- a/src/dns-manager/nm-dns-manager.c
++++ b/src/dns-manager/nm-dns-manager.c
+@@ -823,6 +823,22 @@ plugin_failed (NMDnsPlugin *plugin, gpointer user_data)
+ 	}
+ }
+ 
++static void
++plugin_child_quit (NMDnsPlugin *plugin, int exit_status, gpointer user_data)
++{
++	NMDnsManager *self = NM_DNS_MANAGER (user_data);
++	GError *error = NULL;
++
++	nm_log_warn (LOGD_DNS, "DNS: plugin %s child quit unexpectedly; refreshing DNS",
++	             nm_dns_plugin_get_name (plugin));
++
++	/* Let the plugin try to spawn the child again */
++	if (!update_dns (self, FALSE, &error)) {
++		nm_log_warn (LOGD_DNS, "could not commit DNS changes: %s", error->message);
++		g_clear_error (&error);
++	}
++}
++
+ gboolean
+ nm_dns_manager_add_ip4_config (NMDnsManager *mgr,
+                                const char *iface,
+@@ -1139,6 +1155,7 @@ nm_dns_manager_init (NMDnsManager *self)
+ 	if (priv->plugin) {
+ 		nm_log_info (LOGD_DNS, "DNS: loaded plugin %s", nm_dns_plugin_get_name (priv->plugin));
+ 		g_signal_connect (priv->plugin, NM_DNS_PLUGIN_FAILED, G_CALLBACK (plugin_failed), self);
++		g_signal_connect (priv->plugin, NM_DNS_PLUGIN_CHILD_QUIT, G_CALLBACK (plugin_child_quit), self);
+ 	}
+ }
+ 
+@@ -1149,7 +1166,11 @@ dispose (GObject *object)
+ 	NMDnsManagerPrivate *priv = NM_DNS_MANAGER_GET_PRIVATE (self);
+ 	GError *error = NULL;
+ 
+-	g_clear_object (&priv->plugin);
++	if (priv->plugin) {
++		g_signal_handlers_disconnect_by_func (priv->plugin, plugin_failed, self);
++		g_signal_handlers_disconnect_by_func (priv->plugin, plugin_child_quit, self);
++		g_clear_object (&priv->plugin);
++	}
+ 
+ 	/* If we're quitting, leave a valid resolv.conf in place, not one
+ 	 * pointing to 127.0.0.1 if any plugins were active.  Thus update
+-- 
+2.4.0
+

0007-cli-add-PHYS_PORT_ID-property-rh1168573.patch

@@ -0,0 +1,55 @@
+From 1974b8b50cf00e706c795a99f13120d509b42a33 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ji=C5=99=C3=AD=20Klime=C5=A1?= <jklimes@redhat.com>
+Date: Tue, 14 Apr 2015 12:08:15 +0200
+Subject: [PATCH] cli: add PHYS_PORT_ID property to devices
+
+The physical-port-id property was added to libnm (libnm-glib) in commit
+47cc8b25f2efe015defde7e76e49e67086603bb3.
+
+(cherry picked from commit 825255361565588a428aad69eb7ea9ffe9475fc2)
+---
+ cli/src/devices.c | 19 +++++++++++--------
+ 1 file changed, 11 insertions(+), 8 deletions(-)
+
+diff --git a/cli/src/devices.c b/cli/src/devices.c
+index 5a3ab45..3b20186 100644
+--- a/cli/src/devices.c
++++ b/cli/src/devices.c
+@@ -103,13 +103,15 @@ static NmcOutputField nmc_fields_dev_show_general[] = {
+ 	{"NM-MANAGED",        N_("NM-MANAGED"),        15},  /* 14 */
+ 	{"AUTOCONNECT",       N_("AUTOCONNECT"),       15},  /* 15 */
+ 	{"FIRMWARE-MISSING",  N_("FIRMWARE-MISSING"),  18},  /* 16 */
+-	{"CONNECTION",        N_("CONNECTION"),        20},  /* 17 */
+-	{"CON-UUID",          N_("CON-UUID"),          38},  /* 18 */
+-	{"CON-PATH",          N_("CON-PATH"),          51},  /* 19 */
++	{"PHYS-PORT-ID",      N_("PHYS-PORT-ID"),      18},  /* 17 */
++	{"CONNECTION",        N_("CONNECTION"),        20},  /* 18 */
++	{"CON-UUID",          N_("CON-UUID"),          38},  /* 19 */
++	{"CON-PATH",          N_("CON-PATH"),          51},  /* 20 */
+ 	{NULL, NULL, 0}
+ };
+-#define NMC_FIELDS_DEV_SHOW_GENERAL_ALL     "NAME,DEVICE,TYPE,VENDOR,PRODUCT,DRIVER,DRIVER-VERSION,FIRMWARE-VERSION,HWADDR,MTU,STATE,REASON,"\
+-                                            "UDI,IP-IFACE,NM-MANAGED,AUTOCONNECT,FIRMWARE-MISSING,CONNECTION,CON-UUID,CON-PATH"
++#define NMC_FIELDS_DEV_SHOW_GENERAL_ALL     "NAME,DEVICE,TYPE,VENDOR,PRODUCT,DRIVER,DRIVER-VERSION,FIRMWARE-VERSION,HWADDR,MTU,"\
++                                            "STATE,REASON,UDI,IP-IFACE,NM-MANAGED,AUTOCONNECT,FIRMWARE-MISSING,PHYS-PORT-ID,"\
++                                            "CONNECTION,CON-UUID,CON-PATH"
+ #define NMC_FIELDS_DEV_SHOW_GENERAL_COMMON  "NAME,DEVICE,TYPE,VENDOR,PRODUCT,DRIVER,HWADDR,STATE"
+ 
+ /* Available fields for 'device show' - CONNECTIONS part */
+@@ -801,9 +803,10 @@ show_device_info (NMDevice *device, NmCli *nmc)
+ 			set_val_strc (arr, 14, nm_device_get_managed (device) ? _("yes") : _("no"));
+ 			set_val_strc (arr, 15, nm_device_get_autoconnect (device) ? _("yes") : _("no"));
+ 			set_val_strc (arr, 16, nm_device_get_firmware_missing (device) ? _("yes") : _("no"));
+-			set_val_strc (arr, 17, get_active_connection_id (device));
+-			set_val_strc (arr, 18, acon ? nm_active_connection_get_uuid (acon) : NULL);
+-			set_val_strc (arr, 19, acon ? nm_object_get_path (NM_OBJECT (acon)) : NULL);
++			set_val_strc (arr, 17, nm_device_get_physical_port_id (device));
++			set_val_strc (arr, 18, get_active_connection_id (device));
++			set_val_strc (arr, 19, acon ? nm_active_connection_get_uuid (acon) : NULL);
++			set_val_strc (arr, 20, acon ? nm_object_get_path (NM_OBJECT (acon)) : NULL);
+ 			g_ptr_array_add (nmc->output_data, arr);
+ 
+ 			print_data (nmc);  /* Print all data */
+-- 
+2.4.0
+

0008-cli-better-indicate-Wi-Fi-plugin-missing-rh1168573.patch

@@ -0,0 +1,153 @@
+From e304f04932304f896ca3f95f499217496334ec83 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ji=C5=99=C3=AD=20Klime=C5=A1?= <jklimes@redhat.com>
+Date: Tue, 14 Apr 2015 14:35:14 +0200
+Subject: [PATCH] cli: better indicate when a Wi-Fi plugin might not be
+ available (rh #1168573)
+
+* print an error message indicating NM Wi-Fi plugin may be missing, for
+  nmcli device wifi ifname <dev-name>
+  nmcli device wifi connect ifname <dev-name>
+
+* add NM-TYPE to 'nmcli device show' command displaying internal NM device type
+  (like NMDeviceWifi, NMDeviceGeneric, ...)
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1168573
+
+(cherry picked from commit 823df334eda48a8e2cec897d6123f7b2158c12ff)
+---
+ cli/src/devices.c | 96 +++++++++++++++++++++++++++++++------------------------
+ 1 file changed, 55 insertions(+), 41 deletions(-)
+
+diff --git a/cli/src/devices.c b/cli/src/devices.c
+index 3b20186..71198fb 100644
+--- a/cli/src/devices.c
++++ b/cli/src/devices.c
+@@ -89,27 +89,28 @@ static NmcOutputField nmc_fields_dev_show_general[] = {
+ 	{"NAME",              N_("NAME"),              10},  /* 0 */
+ 	{"DEVICE",            N_("DEVICE"),            10},  /* 1 */
+ 	{"TYPE",              N_("TYPE"),              17},  /* 2 */
+-	{"VENDOR",            N_("VENDOR"),            20},  /* 3 */
+-	{"PRODUCT",           N_("PRODUCT"),           50},  /* 4 */
+-	{"DRIVER",            N_("DRIVER"),             9},  /* 5 */
+-	{"DRIVER-VERSION",    N_("DRIVER-VERSION"),    18},  /* 6 */
+-	{"FIRMWARE-VERSION",  N_("FIRMWARE-VERSION"),  18},  /* 7 */
+-	{"HWADDR",            N_("HWADDR"),            19},  /* 8 */
+-	{"MTU",               N_("MTU"),               10},  /* 9 */
+-	{"STATE",             N_("STATE"),             14},  /* 10 */
+-	{"REASON",            N_("REASON"),            25},  /* 11 */
+-	{"UDI",               N_("UDI"),               64},  /* 12 */
+-	{"IP-IFACE",          N_("IP-IFACE"),          10},  /* 13 */
+-	{"NM-MANAGED",        N_("NM-MANAGED"),        15},  /* 14 */
+-	{"AUTOCONNECT",       N_("AUTOCONNECT"),       15},  /* 15 */
+-	{"FIRMWARE-MISSING",  N_("FIRMWARE-MISSING"),  18},  /* 16 */
+-	{"PHYS-PORT-ID",      N_("PHYS-PORT-ID"),      18},  /* 17 */
+-	{"CONNECTION",        N_("CONNECTION"),        20},  /* 18 */
+-	{"CON-UUID",          N_("CON-UUID"),          38},  /* 19 */
+-	{"CON-PATH",          N_("CON-PATH"),          51},  /* 20 */
++	{"NM-TYPE",           N_("NM-TYPE"),           17},  /* 3 */
++	{"VENDOR",            N_("VENDOR"),            20},  /* 4 */
++	{"PRODUCT",           N_("PRODUCT"),           50},  /* 5 */
++	{"DRIVER",            N_("DRIVER"),             9},  /* 6 */
++	{"DRIVER-VERSION",    N_("DRIVER-VERSION"),    18},  /* 7 */
++	{"FIRMWARE-VERSION",  N_("FIRMWARE-VERSION"),  18},  /* 8 */
++	{"HWADDR",            N_("HWADDR"),            19},  /* 9 */
++	{"MTU",               N_("MTU"),               10},  /* 10 */
++	{"STATE",             N_("STATE"),             14},  /* 11 */
++	{"REASON",            N_("REASON"),            25},  /* 12 */
++	{"UDI",               N_("UDI"),               64},  /* 13 */
++	{"IP-IFACE",          N_("IP-IFACE"),          10},  /* 14 */
++	{"NM-MANAGED",        N_("NM-MANAGED"),        15},  /* 15 */
++	{"AUTOCONNECT",       N_("AUTOCONNECT"),       15},  /* 16 */
++	{"FIRMWARE-MISSING",  N_("FIRMWARE-MISSING"),  18},  /* 17 */
++	{"PHYS-PORT-ID",      N_("PHYS-PORT-ID"),      18},  /* 18 */
++	{"CONNECTION",        N_("CONNECTION"),        20},  /* 19 */
++	{"CON-UUID",          N_("CON-UUID"),          38},  /* 20 */
++	{"CON-PATH",          N_("CON-PATH"),          51},  /* 21 */
+ 	{NULL, NULL, 0}
+ };
+-#define NMC_FIELDS_DEV_SHOW_GENERAL_ALL     "NAME,DEVICE,TYPE,VENDOR,PRODUCT,DRIVER,DRIVER-VERSION,FIRMWARE-VERSION,HWADDR,MTU,"\
++#define NMC_FIELDS_DEV_SHOW_GENERAL_ALL     "NAME,DEVICE,TYPE,NM-TYPE,VENDOR,PRODUCT,DRIVER,DRIVER-VERSION,FIRMWARE-VERSION,HWADDR,MTU,"\
+                                             "STATE,REASON,UDI,IP-IFACE,NM-MANAGED,AUTOCONNECT,FIRMWARE-MISSING,PHYS-PORT-ID,"\
+                                             "CONNECTION,CON-UUID,CON-PATH"
+ #define NMC_FIELDS_DEV_SHOW_GENERAL_COMMON  "NAME,DEVICE,TYPE,VENDOR,PRODUCT,DRIVER,HWADDR,STATE"
+@@ -789,24 +790,25 @@ show_device_info (NMDevice *device, NmCli *nmc)
+ 			set_val_strc (arr, 0, nmc_fields_dev_show_sections[0].name);  /* "GENERAL"*/
+ 			set_val_strc (arr, 1, nm_device_get_iface (device));
+ 			set_val_strc (arr, 2, nm_device_get_type_description (device));
+-			set_val_strc (arr, 3, nm_device_get_vendor (device));
+-			set_val_strc (arr, 4, nm_device_get_product (device));
+-			set_val_strc (arr, 5, nm_device_get_driver (device) ? nm_device_get_driver (device) : _("(unknown)"));
+-			set_val_strc (arr, 6, nm_device_get_driver_version (device));
+-			set_val_strc (arr, 7, nm_device_get_firmware_version (device));
+-			set_val_strc (arr, 8, hwaddr ? hwaddr : _("(unknown)"));
+-			set_val_str  (arr, 9, mtu_str);
+-			set_val_str  (arr, 10, state_str);
+-			set_val_str  (arr, 11, reason_str);
+-			set_val_strc (arr, 12, nm_device_get_udi (device));
+-			set_val_strc (arr, 13, nm_device_get_ip_iface (device));
+-			set_val_strc (arr, 14, nm_device_get_managed (device) ? _("yes") : _("no"));
+-			set_val_strc (arr, 15, nm_device_get_autoconnect (device) ? _("yes") : _("no"));
+-			set_val_strc (arr, 16, nm_device_get_firmware_missing (device) ? _("yes") : _("no"));
+-			set_val_strc (arr, 17, nm_device_get_physical_port_id (device));
+-			set_val_strc (arr, 18, get_active_connection_id (device));
+-			set_val_strc (arr, 19, acon ? nm_active_connection_get_uuid (acon) : NULL);
+-			set_val_strc (arr, 20, acon ? nm_object_get_path (NM_OBJECT (acon)) : NULL);
++			set_val_strc (arr, 3, G_OBJECT_TYPE_NAME (device));
++			set_val_strc (arr, 4, nm_device_get_vendor (device));
++			set_val_strc (arr, 5, nm_device_get_product (device));
++			set_val_strc (arr, 6, nm_device_get_driver (device) ? nm_device_get_driver (device) : _("(unknown)"));
++			set_val_strc (arr, 7, nm_device_get_driver_version (device));
++			set_val_strc (arr, 8, nm_device_get_firmware_version (device));
++			set_val_strc (arr, 9, hwaddr ? hwaddr : _("(unknown)"));
++			set_val_str  (arr, 10, mtu_str);
++			set_val_str  (arr, 11, state_str);
++			set_val_str  (arr, 12, reason_str);
++			set_val_strc (arr, 13, nm_device_get_udi (device));
++			set_val_strc (arr, 14, nm_device_get_ip_iface (device));
++			set_val_strc (arr, 15, nm_device_get_managed (device) ? _("yes") : _("no"));
++			set_val_strc (arr, 16, nm_device_get_autoconnect (device) ? _("yes") : _("no"));
++			set_val_strc (arr, 17, nm_device_get_firmware_missing (device) ? _("yes") : _("no"));
++			set_val_strc (arr, 18, nm_device_get_physical_port_id (device));
++			set_val_strc (arr, 19, get_active_connection_id (device));
++			set_val_strc (arr, 20, acon ? nm_active_connection_get_uuid (acon) : NULL);
++			set_val_strc (arr, 21, acon ? nm_object_get_path (NM_OBJECT (acon)) : NULL);
+ 			g_ptr_array_add (nmc->output_data, arr);
+ 
+ 			print_data (nmc);  /* Print all data */
+@@ -1752,7 +1754,13 @@ do_device_wifi_list (NmCli *nmc, int argc, char **argv)
+ 				show_acces_point_info (device, nmc);
+ 			}
+ 		} else {
+-			g_string_printf (nmc->return_text, _("Error: Device '%s' is not a Wi-Fi device."), ifname);
++			const char *err_msg;
++			if (   nm_device_get_device_type (device) == NM_DEVICE_TYPE_GENERIC
++			    && g_strcmp0 (nm_device_get_type_description (device), "wifi") == 0)
++				err_msg = _("Error: Device '%s' was not recognized as a Wi-Fi device, check NetworkManager Wi-Fi plugin.");
++			else
++				err_msg = _("Error: Device '%s' is not a Wi-Fi device.");
++			g_string_printf (nmc->return_text, err_msg, ifname);
+ 			nmc->return_value = NMC_RESULT_ERROR_UNKNOWN;
+ 			goto error;
+ 		}
+@@ -2317,9 +2325,15 @@ do_device_wifi_rescan (NmCli *nmc, int argc, char **argv)
+ 	device = find_wifi_device_by_iface (devices, ifname, &devices_idx);
+ 
+ 	if (!device) {
+-		if (ifname)
+-			g_string_printf (nmc->return_text, _("Error: Device '%s' is not a Wi-Fi device."), ifname);
+-		else
++		if (ifname) {
++			const char *err_msg;
++			if (   nm_device_get_device_type (device) == NM_DEVICE_TYPE_GENERIC
++			    && g_strcmp0 (nm_device_get_type_description (device), "wifi") == 0)
++				err_msg = _("Error: Device '%s' was not recognized as a Wi-Fi device, check NetworkManager Wi-Fi plugin.");
++			else
++				err_msg = _("Error: Device '%s' is not a Wi-Fi device.");
++			g_string_printf (nmc->return_text, err_msg, ifname);
++		} else
+ 			g_string_printf (nmc->return_text, _("Error: No Wi-Fi device found."));
+ 		nmc->return_value = NMC_RESULT_ERROR_UNKNOWN;
+ 		goto error;
+-- 
+2.4.0
+

0009-CVE-2015-2924-don-t-let-RA-lower-hop-limit-rh1209903.patch

@@ -0,0 +1,102 @@
+From d195edb95a543f7eebbd0a164e8ff3bef599370a Mon Sep 17 00:00:00 2001
+From: Thomas Haller <thaller@redhat.com>
+Date: Wed, 8 Apr 2015 15:54:30 +0200
+Subject: [PATCH] platform: don't accept lowering IPv6 hop-limit from RA
+ (CVE-2015-2924)
+
+https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6fd99094de2b83d1d4c8457f2c83483b2828e75a
+http://seclists.org/oss-sec/2015/q2/46
+https://bugzilla.redhat.com/show_bug.cgi?id=1209902
+https://bugzilla.redhat.com/show_bug.cgi?id=1209903
+(cherry picked from commit bdaaf9849b0cacf131b71fa2ae168f5db796874f)
+
+Conflicts:
+	src/devices/nm-device.c
+	src/nm-iface-helper.c
+	src/platform/nm-platform.h
+---
+ src/devices/nm-device.c    | 10 ++--------
+ src/platform/nm-platform.c | 32 ++++++++++++++++++++++++++++++++
+ src/platform/nm-platform.h |  2 ++
+ 3 files changed, 36 insertions(+), 8 deletions(-)
+
+diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c
+index 7ab51e4..8cdf01b 100644
+--- a/src/devices/nm-device.c
++++ b/src/devices/nm-device.c
+@@ -3716,14 +3716,8 @@ rdisc_config_changed (NMRDisc *rdisc, NMRDiscConfigMap changed, NMDevice *device
+ 		}
+ 	}
+ 
+-	/* hop_limit == 0 is a special value "unspecified", so do not touch
+-	 * in this case */
+-	if (changed & NM_RDISC_CONFIG_HOP_LIMIT && rdisc->hop_limit > 0) {
+-		char val[16];
+-
+-		g_snprintf (val, sizeof (val), "%d", rdisc->hop_limit);
+-		nm_device_ipv6_sysctl_set (device, "hop_limit", val);
+-	}
++	if (changed & NM_RDISC_CONFIG_HOP_LIMIT)
++		nm_platform_sysctl_set_ip6_hop_limit_safe (nm_device_get_ip_iface (device), rdisc->hop_limit);
+ 
+ 	nm_device_activate_schedule_ip6_config_result (device);
+ }
+diff --git a/src/platform/nm-platform.c b/src/platform/nm-platform.c
+index e95d6af..9629d9d 100644
+--- a/src/platform/nm-platform.c
++++ b/src/platform/nm-platform.c
+@@ -240,6 +240,38 @@ nm_platform_sysctl_set (const char *path, const char *value)
+ 	return klass->sysctl_set (platform, path, value);
+ }
+ 
++gboolean
++nm_platform_sysctl_set_ip6_hop_limit_safe (const char *iface, int value)
++{
++	const char *path;
++	gint64 cur;
++
++	/* the hop-limit provided via RA is uint8. */
++	if (value > 0xFF)
++		return FALSE;
++
++	/* don't allow unreasonable small values */
++	if (value < 10)
++		return FALSE;
++
++	path = nm_utils_ip6_property_path (iface, "hop_limit");
++	cur = nm_platform_sysctl_get_int_checked (path, 10, 1, G_MAXINT32, -1);
++
++	/* only allow increasing the hop-limit to avoid DOS by an attacker
++	 * setting a low hop-limit (CVE-2015-2924, rh#1209902) */
++
++	if (value < cur)
++		return FALSE;
++	if (value != cur) {
++		char svalue[20];
++
++		sprintf (svalue, "%d", value);
++		nm_platform_sysctl_set (path, svalue);
++	}
++
++	return TRUE;
++}
++
+ /**
+  * nm_platform_sysctl_get:
+  * @path: Absolute path to sysctl
+diff --git a/src/platform/nm-platform.h b/src/platform/nm-platform.h
+index 275557c..6a1e503 100644
+--- a/src/platform/nm-platform.h
++++ b/src/platform/nm-platform.h
+@@ -504,6 +504,8 @@ char *nm_platform_sysctl_get (const char *path);
+ gint32 nm_platform_sysctl_get_int32 (const char *path, gint32 fallback);
+ gint64 nm_platform_sysctl_get_int_checked (const char *path, guint base, gint64 min, gint64 max, gint64 fallback);
+ 
++gboolean nm_platform_sysctl_set_ip6_hop_limit_safe (const char *iface, int value);
++
+ gboolean nm_platform_link_get (int ifindex, NMPlatformLink *link);
+ GArray *nm_platform_link_get_all (void);
+ gboolean nm_platform_dummy_add (const char *name);
+-- 
+2.4.0
+

0010-load-libnl-3.so.200-rh1205195.patch

@@ -0,0 +1,29 @@
+From 15420eb0a2c5b3ba248068e33b5464c3f7d2e752 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ji=C5=99=C3=AD=20Klime=C5=A1?= <jklimes@redhat.com>
+Date: Wed, 25 Mar 2015 15:30:57 +0100
+Subject: [PATCH] platform: load libnl-3.so.200, not libnl-3.so (rh #1205195)
+
+libnl-3.so link is only present in devel package (libnl3-devel).
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1205195
+(cherry picked from commit d767fb160c36bd9dc339e343ebac58274204ad4f)
+---
+ src/platform/nm-linux-platform.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/platform/nm-linux-platform.c b/src/platform/nm-linux-platform.c
+index cf2164d..0f8b80d 100644
+--- a/src/platform/nm-linux-platform.c
++++ b/src/platform/nm-linux-platform.c
+@@ -113,7 +113,7 @@ _nl_get_vtable ()
+ 	if (G_UNLIKELY (!vtable.f_nl_has_capability)) {
+ 		void *handle;
+ 
+-		handle = dlopen ("libnl-3.so", RTLD_LAZY | RTLD_NOLOAD);
++		handle = dlopen ("libnl-3.so.200", RTLD_LAZY | RTLD_NOLOAD);
+ 		if (handle) {
+ 			vtable.handle = handle;
+ 			vtable.f_nl_has_capability = dlsym (handle, "nl_has_capability");
+-- 
+2.4.0
+

20-connectivity-fedora.conf

@@ -1,4 +1,4 @@
 [connectivity]
-uri=http://fedoraproject.org/static/hotspot.txt
+uri=https://fedoraproject.org/static/hotspot.txt
 response=OK
-
+interval=300

NetworkManager.spec

@@ -1,19 +1,18 @@
 %define dbus_version 1.1
-%define dbus_glib_version 0.100
+%define dbus_glib_version 0.104
 
 %define glib2_version	2.32.0
 %define wireless_tools_version 1:28-0pre9
-%define libnl3_version 3.2.7
+%define libnl3_version 3.2.25-5
 
 %define ppp_version 2.4.5
 %if (0%{?fedora} && 0%{?fedora} > 20)
-%define ppp_version 2.4.6
+%define ppp_version 2.4.7
 %endif
 
-%define snapshot .git20140704
-%define git_sha 6eb82acd
-%define realversion 0.9.10.0
-%define release_version 1
+%define snapshot %{nil}
+%define realversion 0.9.10.2
+%define release_version 5
 %define epoch_version 1
 
 %define obsoletes_nmver 1:0.9.9.95-1
@@ -61,23 +60,45 @@
 
 %global _hardened_build 1
 
-%define git_sha_version %(test -n '%{git_sha}' && echo '.%{git_sha}')
+%define git_sha_version %{?git_sha:.%{git_sha}}
 
 Name: NetworkManager
 Summary: Network connection manager and user applications
 Epoch: %{epoch_version}
 Version: %{realversion}
-Release: %{release_version}%{snapshot}%{?dist}.1
+Release: %{release_version}%{?snapshot}%{?dist}
 Group: System Environment/Base
 License: GPLv2+
 URL: http://www.gnome.org/projects/NetworkManager/
 
-Source: %{name}-%{realversion}%{snapshot}%{git_sha_version}.tar.bz2
+Source0: https://download.gnome.org/sources/%{name}/0.9/%{name}-%{realversion}%{?snapshot}%{git_sha_version}.tar.xz
 Source1: NetworkManager.conf
 Source2: 00-server.conf
 Source3: 20-connectivity-fedora.conf
 
-Patch1: 0001-explain-dns1-dns2.patch
+# Not upstream.
+Patch0: 0000-explain-dns1-dns2.patch
+Patch1: 0001-connectivity-disable-HTTP-keepalive-for-connectivity.patch
+Patch2: rh1203904-NM-loop-fix.patch
+
+# Cherry-picks from upstream:
+# http://cgit.freedesktop.org/NetworkManager/NetworkManager/log/?h=nm-0-9-10
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=1161232
+Patch3: 0003-kill-dns-plugin-child-synchronously-rh1161232.patch
+Patch4: 0004-refactor-building-IP-config-lists-for-dns-plugins-rh1161232.patch
+Patch5: 0005-ensure-that-update_dns-always-returns-a-GError-rh1161232.patch
+Patch6: 0006-refresh-DNS-if-plugin-child-quits-unexpectedly-rh1161232.patch
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=1168573
+Patch7: 0007-cli-add-PHYS_PORT_ID-property-rh1168573.patch
+Patch8: 0008-cli-better-indicate-Wi-Fi-plugin-missing-rh1168573.patch
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=1209903
+Patch9: 0009-CVE-2015-2924-don-t-let-RA-lower-hop-limit-rh1209903.patch
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=1205195
+Patch10: 0010-load-libnl-3.so.200-rh1205195.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
@@ -139,13 +160,16 @@ BuildRequires: libuuid-devel
 BuildRequires: libgudev1-devel >= 143
 BuildRequires: vala-tools
 BuildRequires: iptables
+%if 0%{?with_bluetooth} && 0%{?fedora} > 19
+BuildRequires: bluez-libs-devel
+%endif
 %if 0%{?with_wimax}
 BuildRequires: wimax-devel
 %endif
 BuildRequires: systemd >= 200-3 systemd-devel
 BuildRequires: libsoup-devel
 BuildRequires: libndp-devel >= 1.0
-%if 0%{?with_wwan} && (0%{?rhel} || (0%{?fedora} && 0%{?fedora} > 19))
+%if (0%{?rhel} || (0%{?fedora} && 0%{?fedora} > 19))
 BuildRequires: ModemManager-glib-devel >= 1.0
 %endif
 %if 0%{?with_nmtui}
@@ -169,6 +193,7 @@ services.
 Summary: ADSL device plugin for NetworkManager
 Group: System Environment/Base
 Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
+Requires: rp-pppoe
 Obsoletes: NetworkManager < %{obsoletes_nmver}
 Obsoletes: NetworkManager-atm
 
@@ -275,7 +300,6 @@ NetworkManager functionality from applications that use glib.
 %package config-connectivity-fedora
 Summary: NetworkManager config file for connectivity checking via Fedora servers
 Group: System Environment/Base
-Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
 
 %description config-connectivity-fedora
 This adds a NetworkManager configuration file to enable connectivity checking
@@ -312,7 +336,17 @@ by nm-connection-editor and nm-applet in a non-graphical environment.
 %prep
 %setup -q -n NetworkManager-%{realversion}
 
-%patch1 -p1 -b .0001.explain-dns1-dns2.orig
+%patch0 -p1 -b .explain-dns1-dns2.orig
+%patch1 -p1 -b .0001-connectivity-disable-HTTP-keepalive-for-connectivity.orig
+%patch2 -p1 -b .rh1203904-NM-loop-fix.orig
+%patch3 -p1 -b .kill-dns-plugin-child-synchronously-rh1161232.orig
+%patch4 -p1 -b .refactor-building-IP-config-lists-for-dns-plugins-rh1161232.orig
+%patch5 -p1 -b .ensure-that-update_dns-always-returns-a-GError-rh1161232.orig
+%patch6 -p1 -b .refresh-DNS-if-plugin-child-quits-unexpectedly-rh1161232.orig
+%patch7 -p1 -b .cli-add-PHYS_PORT_ID-property-rh1168573.orig
+%patch8 -p1 -b .cli-better-indicate-Wi-Fi-plugin-missing-rh1168573.orig
+%patch9 -p1 -b .CVE-2015-2924-don-t-let-RA-lower-hop-limit-rh1209903.orig
+%patch10 -p1 -b .load-libnl-3.so.200-rh1205195.orig
 
 %build
 
@@ -322,8 +356,9 @@ by nm-connection-editor and nm-applet in a non-graphical environment.
 %{__cp} -R docs ORIG-docs
 %endif
 
-#autopoint --force
-#intltoolize --force
+autoreconf -f -i
+autopoint --force
+intltoolize --force
 %configure \
 	--disable-static \
 	--with-dhclient=yes \
@@ -565,13 +600,14 @@ fi
 
 %files config-connectivity-fedora
 %defattr(-,root,root,0755)
+%dir %{_sysconfdir}/%{name}
 %dir %{_sysconfdir}/%{name}/conf.d
-%config %{_sysconfdir}/%{name}/conf.d/20-connectivity-fedora.conf
+%config(noreplace) %{_sysconfdir}/%{name}/conf.d/20-connectivity-fedora.conf
 
 %files config-server
 %defattr(-,root,root,0755)
 %dir %{_sysconfdir}/%{name}/conf.d
-%config %{_sysconfdir}/%{name}/conf.d/00-server.conf
+%config(noreplace) %{_sysconfdir}/%{name}/conf.d/00-server.conf
 
 %if 0%{?with_nmtui}
 %files tui
@@ -582,6 +618,90 @@ fi
 %endif
 
 %changelog
+* Mon May 11 2015 Lubomir Rintel <lkundrak@v3.sk> - 1:0.9.10.2-5
+- The split DNS patches are now upstream (rh #1161232)
+
+* Wed May  6 2015 Lubomir Rintel <lkundrak@v3.sk> - 1:0.9.10.2-4
+- Fix split DNS configuration with dnsmasq and VPN connections (rh #1161232)
+- Fix indication that a WiFi plugin is missing (rh #1168573)
+- Don't let IPv6 Router Advertisements lower Hop Limit (CVE-2015-2924) (rh #1209903)
+- User a proper SONAME when loading libnl (rh #1205195)
+
+* Fri Mar 20 2015 Jiří Klimeš <jklimes@redhat.com> - 1:0.9.10.2-3
+- Fix NetworkManager loop when 0.0.0.0/1 is added (rh #1203924)
+
+* Tue Mar 17 2015 Stef Walter <stefw@redhat.com> - 1:0.9.10.2-3
+- Fix dbus-glib dependency
+
+* Mon Mar 16 2015 Dan Williams <dcbw@redhat.com> - 1:0.9.10.2-2
+- Turn off keepalive for connectivity checking
+
+* Wed Mar  4 2015 Dan Williams <dcbw@redhat.com> - 1:0.9.10.2-1
+- Update to 0.9.10.2 release
+
+* Thu Feb 19 2015 Dan Williams <dcbw@redhat.com> - 1:0.9.10.1-3
+- Update to 0.9.10.2 pre-release snapshot
+
+* Fri Jan 23 2015 Lubomir Rintel <lkundrak@v3.sk> - 1:0.9.10.1-2
+- Update to 0.9.10.1, a 0.9.10.2 release candidate 1 tarball
+
+* Thu Jan 15 2015 Jiří Klimeš <jklimes@redhat.com> - 1:0.9.10.1-1.4.20150115git
+- connectivity: fix an connectivity check endless loop (bgo #742823)
+
+* Thu Jan 15 2015 Jiří Klimeš <jklimes@redhat.com> - 1:0.9.10.1-1.3.20150115git
+- update to latest snapshot of 0.9.10
+- dhcp: fix connection failures due to stale dhclient lease (rh #1181477)
+
+* Fri Jan  9 2015 Jiří Klimeš <jklimes@redhat.com> - 1:0.9.10.1-1.2.20150109git
+- dhcp: fix killing wrong process ID on dhclient release (rh #1179913)
+
+* Mon Jan  5 2015 Jiří Klimeš <jklimes@redhat.com> - 1:0.9.10.1-1.git20150105
+- update to latest snapshot of 0.9.10
+- dhcp: fix dhclient abnormal exit due to SIGPIPE (bgo #735962) (rh #1178666)
+
+* Mon Nov 24 2014 Jiří Klimeš <jklimes@redhat.com> - 1:0.9.10.0-14.git20140704
+- vpn: propagate daemon exec error correctly (bgo #739436)
+- core: do not assert when a device is enslaved externally (rh #1167345)
+
+* Thu Nov  6 2014 Jiří Klimeš <jklimes@redhat.com> - 1:0.9.10.0-13.git20140704
+- cli: fix crash in `nmcli device wifi` with multiple wifi devices (rh #1159408)
+
+* Wed Oct 29 2014 Dan Winship <danw@redhat.com> - 1:0.9.10.0-12.git20140704
+- platform: fix a routing-related bug that could cause NM and other apps to spin (rh #1151665)
+
+* Wed Oct 29 2014 Lubomir Rintel <lkundrak@v3.sk> 1:0.9.10.0-11.git20140704
+- Fix IPv6 next hop default setting
+
+* Fri Oct 24 2014 Lubomir Rintel <lkundrak@v3.sk> 1:0.9.10.0-10.git20140704
+- Avoid unowned /etc/NetworkManager in config-connectivity-fedora
+
+* Thu Oct 23 2014 Adam Williamson <awilliam@redhat.com> - 1:0.9.10.0-9.git20140704
+- connectivity-fedora: don't require NetworkManager (#1156198)
+
+* Thu Oct 16 2014 Lubomir Rintel <lkundrak@v3.sk> 1:0.9.10.0-8.git20140704
+- bluetooth: Restore DUN support (rh #1055628)
+
+* Mon Oct 06 2014 Stef Walter <stefw@redhat.com> - 1:0.9.10.0-7.git20140704
+- Allow non-local users network control after PolicyKit authentication (rh #1145646)
+
+* Fri Sep  5 2014 Jiří Klimeš <jklimes@redhat.com> - 1:0.9.10.0-6.git20140704
+- connectivity: use HTTPS for connectivity checking (rh #113577)
+
+* Sat Aug 30 2014 Peter Robinson <pbrobinson@fedoraproject.org> 1:0.9.10.0-5.git20140704
+- adsl plugin needs rp-pppoe to work
+
+* Mon Aug 18 2014 Dan Horák <dan[at]danny.cz> - 1:0.9.10.0-4.git20140704
+- always include ModemManager-glib-devel (#1129632)
+
+* Fri Aug 15 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:0.9.10.0-3.git20140704.1
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Mon Aug 11 2014 Kalev Lember <kalevlember@gmail.com> - 1:0.9.10.0-3.git20140704
+- Rebuilt for ppp 2.4.7
+
+* Wed Jul 30 2014 Dan Williams <dcbw@redhat.com> - 1:0.9.10.0-2.git20140704
+- connectivity: ensure interval is set to enable connectivity checking (rh #1123772)
+
 * Tue Jul 22 2014 Kalev Lember <kalevlember@gmail.com> - 1:0.9.10.0-1.git20140704.1
 - Rebuilt for gobject-introspection 1.41.4
 

rh1203904-NM-loop-fix.patch

@@ -0,0 +1,113 @@
+From 5a09a1205cea2c5d223f97f5d91a2e46d91c55ce Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ji=C5=99=C3=AD=20Klime=C5=A1?= <jklimes@redhat.com>
+Date: Fri, 20 Mar 2015 14:02:19 +0100
+Subject: [PATCH] libnm-util: allow 0.0.0.0/1 route in verify() (rh #1203904)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+OpenVPN uses a trick to override default route by adding these two routes:
+0.0.0.0/1 and 128.0.0.0/1.
+We should allow this and only refuse real default route (i.e. prefix == 0).
+
+Also verify IPv6 addresses and routes.
+
+See:
+man openvpn (search for def1)
+https://community.openvpn.net/openvpn/wiki/IgnoreRedirectGateway
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1203904
+
+(cherry picked from commit ba35c63db60aa652528e492aa483c971b9217f1e)
+Signed-off-by: Jiří Klimeš <jklimes@redhat.com>
+---
+ libnm-util/nm-setting-ip4-config.c | 10 ---------
+ libnm-util/nm-setting-ip6-config.c | 44 ++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 44 insertions(+), 10 deletions(-)
+
+diff --git a/libnm-util/nm-setting-ip4-config.c b/libnm-util/nm-setting-ip4-config.c
+index 26ce4e5..c967f62 100644
+--- a/libnm-util/nm-setting-ip4-config.c
++++ b/libnm-util/nm-setting-ip4-config.c
+@@ -1018,16 +1018,6 @@ verify (NMSetting *setting, GSList *all_settings, GError **error)
+ 		NMIP4Route *route = (NMIP4Route *) iter->data;
+ 		guint32 prefix = nm_ip4_route_get_prefix (route);
+ 
+-		if (!nm_ip4_route_get_dest (route)) {
+-			g_set_error (error,
+-			             NM_SETTING_IP4_CONFIG_ERROR,
+-			             NM_SETTING_IP4_CONFIG_ERROR_INVALID_PROPERTY,
+-			             _("%d. route is invalid"),
+-			             i+1);
+-			g_prefix_error (error, "%s.%s: ", NM_SETTING_IP4_CONFIG_SETTING_NAME, NM_SETTING_IP4_CONFIG_ROUTES);
+-			return FALSE;
+-		}
+-
+ 		if (!prefix || prefix > 32) {
+ 			g_set_error (error,
+ 			             NM_SETTING_IP4_CONFIG_ERROR,
+diff --git a/libnm-util/nm-setting-ip6-config.c b/libnm-util/nm-setting-ip6-config.c
+index 78be723..fb35932 100644
+--- a/libnm-util/nm-setting-ip6-config.c
++++ b/libnm-util/nm-setting-ip6-config.c
+@@ -804,6 +804,8 @@ static gboolean
+ verify (NMSetting *setting, GSList *all_settings, GError **error)
+ {
+ 	NMSettingIP6ConfigPrivate *priv = NM_SETTING_IP6_CONFIG_GET_PRIVATE (setting);
++	GSList *iter;
++	int i;
+ 
+ 	if (!priv->method) {
+ 		g_set_error_literal (error,
+@@ -878,6 +880,48 @@ verify (NMSetting *setting, GSList *all_settings, GError **error)
+ 		return FALSE;
+ 	}
+ 
++	/* Validate addresses */
++	for (iter = priv->addresses, i = 0; iter; iter = g_slist_next (iter), i++) {
++		NMIP6Address *addr = (NMIP6Address *) iter->data;
++		guint32 prefix = nm_ip6_address_get_prefix (addr);
++
++		if (IN6_IS_ADDR_UNSPECIFIED (nm_ip6_address_get_address (addr))) {
++			g_set_error (error,
++			             NM_SETTING_IP6_CONFIG_ERROR,
++			             NM_SETTING_IP6_CONFIG_ERROR_INVALID_PROPERTY,
++			             _("%d. IPv6 address is invalid"),
++			             i+1);
++			g_prefix_error (error, "%s.%s: ", NM_SETTING_IP6_CONFIG_SETTING_NAME, NM_SETTING_IP6_CONFIG_ADDRESSES);
++			return FALSE;
++		}
++
++		if (!prefix || prefix > 128) {
++			g_set_error (error,
++			             NM_SETTING_IP6_CONFIG_ERROR,
++			             NM_SETTING_IP6_CONFIG_ERROR_INVALID_PROPERTY,
++			             _("%d. IPv6 address has invalid prefix"),
++			             i+1);
++			g_prefix_error (error, "%s.%s: ", NM_SETTING_IP6_CONFIG_SETTING_NAME, NM_SETTING_IP6_CONFIG_ADDRESSES);
++			return FALSE;
++		}
++	}
++
++	/* Validate routes */
++	for (iter = priv->routes, i = 0; iter; iter = g_slist_next (iter), i++) {
++		NMIP6Route *route = (NMIP6Route *) iter->data;
++		guint32 prefix = nm_ip6_route_get_prefix (route);
++
++		if (!prefix || prefix > 128) {
++			g_set_error (error,
++			             NM_SETTING_IP6_CONFIG_ERROR,
++			             NM_SETTING_IP6_CONFIG_ERROR_INVALID_PROPERTY,
++			             _("%d. route has invalid prefix"),
++			             i+1);
++			g_prefix_error (error, "%s.%s: ", NM_SETTING_IP6_CONFIG_SETTING_NAME, NM_SETTING_IP6_CONFIG_ROUTES);
++			return FALSE;
++		}
++	}
++
+ 	return TRUE;
+ }
+ 
+-- 
+2.1.0
+

sources

@@ -1 +1 @@
-94d9a02ce5afcec1b5bcf965f2459004  NetworkManager-0.9.10.0.git20140704.6eb82acd.tar.bz2
+96a5fb710b1f56e0c1c11fc43ddcf24b  NetworkManager-0.9.10.2.tar.xz