[rpms/NetworkManager] rawhide: Fix strongSwan VPN connection bug (rhbz #2461399)

[rpms/NetworkManager] rawhide: Fix strongSwan VPN connection bug (rhbz #2461399)

[Christian Krause]

A new commit has been pushed.

Repo   : rpms/NetworkManager
Branch : rawhide
Commit : 1f19c5e693814abe3b20f3df8283b64050d7928a
Author : Christian Krause <chkr@fedoraproject.org>
Date   : 2026-06-11T23:42:21+02:00
Stats  : +45/-1 in 2 file(s)
URL    : https://src.fedoraproject.org/rpms/NetworkManager/c/1f19c5e693814abe3b20f3df8283b64050d7928a?branch=rawhide

Log:
Fix strongSwan VPN connection bug (rhbz #2461399)

---
diff --git a/0001-libnm-use-correct-directory-permissions-in-nm_utils_.patch b/0001-libnm-use-correct-directory-permissions-in-nm_utils_.patch
new file mode 100644
index 0000000..bbc1f00
--- /dev/null
+++ b/0001-libnm-use-correct-directory-permissions-in-nm_utils_.patch
@@ -0,0 +1,38 @@
+From 0d0b03e7d3f3082540a0dbc7ec05de835b92563d Mon Sep 17 00:00:00 2001
+From: Christian Krause <chkr@plauener.de>
+Date: Tue, 2 Jun 2026 22:28:51 +0200
+Subject: [PATCH] libnm: use correct directory permissions in
+ nm_utils_copy_cert_as_user
+
+This patch fixes https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/work_items/1957.
+
+At the moment, libnm creates the temporary certificate directory
+with permission 0600.
+
+Some NM plugins drop most of their capabilities (including CAP_DAC_OVERRIDE)
+on startup and so, even when running as root, they can't create files
+in that directory (since the execute permission is missing).
+
+This patch sets the permission to 0700 to fix the problem.
+
+Fixes: 1a52bbe7c9dc ('libnm: add function to copy a certificate or key as user')
+---
+ src/libnm-core-impl/nm-utils.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/libnm-core-impl/nm-utils.c b/src/libnm-core-impl/nm-utils.c
+index ad7eea438b..5086270803 100644
+--- a/src/libnm-core-impl/nm-utils.c
++++ b/src/libnm-core-impl/nm-utils.c
+@@ -6506,7 +6506,7 @@ nm_utils_copy_cert_as_user(const char *filename, const char *user, GError **erro
+     nm_str_buf_destroy(&info.output_buffer);
+     nm_str_buf_destroy(&info.error_buffer);
+ 
+-    mkdir(RUN_CERT_DIR, 0600);
++    mkdir(RUN_CERT_DIR, 0700);
+     fd = mkstemp(dst_path);
+     if (fd < 0) {
+         g_set_error_literal(error,
+-- 
+2.54.0
+

diff --git a/NetworkManager.spec b/NetworkManager.spec
index c8bec57..99fc3b6 100644
--- a/NetworkManager.spec
+++ b/NetworkManager.spec
@@ -6,7 +6,7 @@ Group:   System Environment/Base
 
 Epoch:   1
 Version: 1.57.4~dev
-Release: 2%{?dist}
+Release: 3%{?dist}
 
 ###############################################################################
 
@@ -167,6 +167,9 @@ Source10: 24-clat-auto.conf
 # Keep until next rebase
 Patch1: 0001-nmtui-fix-wrong-use-of-assertions-in-bond-page.patch
 
+# Keep until next rebase, https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/0d0b03e7d3f3082540a0dbc7ec05de835b92563d
+Patch2: 0001-libnm-use-correct-directory-permissions-in-nm_utils_.patch
+
 Requires(post): systemd
 Requires(post): systemd-udev
 Requires(post): /usr/sbin/update-alternatives
@@ -1073,6 +1076,9 @@ fi
 
 
 %changelog
+* Thu Jun 11 2026 Christian Krause <chkr@fedoraproject.org> - 1:1.57.4-3
+- Apply upstream patch to fix strongSwan VPN connection problem (rhbz#2461399)
+
 * Thu Jun 04 2026 Jaroslav Škarvada <jskarvad@redhat.com> - 1:1.57.4-2
 - Rebuilt for new ppp