Branch: refs/heads/sle15-sp1 Home: https://github.com/openSUSE/wicked Commit: fdca5fa70c22e790ed9fa714d433f0800f632a59 https://github.com/openSUSE/wicked/commit/fdca5fa70c22e790ed9fa714d433f0800f... Author: Marius Tomaschewski <mt@suse.de> Date: 2020-01-22 (Wed, 22 Jan 2020) Changed paths: M client/main.c M src/auto6.c M src/buffer.c M src/config.c M src/dbus-objects/misc.c M src/dbus-xml.c M src/dhcp4/fsm.c M src/dhcp6/protocol.c M src/fsm.c M src/iaid.c M src/macvlan.c M src/names.c M src/netinfo_priv.h M src/process.c M src/route.c M src/timer.c M src/update.c M src/util.c Log Message: ----------- Squashed misc bug fixes from pull#821 https://github.com/openSUSE/wicked/pull/821: commit 98c0115e5e8b0db84752e5eb81a2b1abbae58618 Author: Malte Kraus <malte.kraus@suse.com> Date: Mon Jan 13 14:38:57 2020 +0100 force aligned struct accesses commit de2bce5efb6cd5f32a26ce8ef3adc52ebac605f6 Author: Malte Kraus <malte.kraus@suse.com> Date: Mon Jan 13 14:00:20 2020 +0100 ni_iaid_create_hwaddr: deal correctly with unaligned memory commit ebd4f30689f89ef008675102d9539332b89925de Author: Malte Kraus <malte.kraus@suse.com> Date: Fri Jan 10 16:37:18 2020 +0100 turn signed shifts into unsigned shifts: undefined behaviour commit dc449aacecdd36bc797e5d808bb24b1bf30317b1 Author: Malte Kraus <malte.kraus@suse.com> Date: Fri Jan 10 14:56:00 2020 +0100 hostname lookup: don't use shellcmd after freeing it the process keeps a reference to it, so this was no uaf before. This way it's more robust to changes in ni_process_new at least. commit 11866ee000cadc1c950ed7883edaf5f56187203e Author: Malte Kraus <malte.kraus@suse.com> Date: Fri Jan 10 14:54:34 2020 +0100 fix use-after-free in timer commit d0aa2afa319ff76b2f866316fafe76630d1723d3 Author: Malte Kraus <malte.kraus@suse.com> Date: Fri Jan 10 14:11:15 2020 +0100 ni_dhcp4_fsm_arp_validate: handle failure to create ARP handle commit e9a9520142f0aa37398fbbd4c829b6e825b71f1e Author: Malte Kraus <malte.kraus@suse.com> Date: Fri Jan 10 14:00:02 2020 +0100 buffer: remove 0-byte memcpy undefined behaviour commit 8ac6ffcc70e55b19e2ff6f5e4b748bf6a66734cc Author: Malte Kraus <malte.kraus@suse.com> Date: Fri Jan 10 13:50:03 2020 +0100 ni_rule_print: remove superfluous format argument commit 9b76473e0504e3ab1e4de4d3292e5cc9acbdd201 Author: Malte Kraus <malte.kraus@suse.com> Date: Fri Jan 10 13:48:46 2020 +0100 process_run_info: fix check for signal termination commit c9ce47dbc8bca88f59d07c3078f9f414df8b97c4 Author: Malte Kraus <malte.kraus@suse.com> Date: Fri Jan 10 13:47:16 2020 +0100 ni_ifworker_netif_resolve_cb: initalize cwtype variable commit 5d3d74458b7e1c4ae9060805994b4c270017f571 Author: Malte Kraus <malte.kraus@suse.com> Date: Fri Jan 10 13:45:00 2020 +0100 __ni_objectmodel_route_nexthop_from_dict: do not print uninitalized var commit fed802e40cf51823890bac1cb7f7d617bd23af18 Author: Malte Kraus <malte.kraus@suse.com> Date: Fri Jan 10 13:44:00 2020 +0100 ni_config_parse_addrconf_dhcp6_nodes: fix length parsing commit b25f199ba117d6b333c808165be979073f03f556 Author: Malte Kraus <malte.kraus@suse.com> Date: Fri Jan 10 13:42:36 2020 +0100 ni_auto6_on_nduseropt_events: initialize changed variable commit 3aef8af62ae556ed6bf702eb085209e6dc80cf06 Author: Malte Kraus <malte.kraus@suse.com> Date: Fri Jan 10 13:41:38 2020 +0100 client: format hostnames correctly Commit: 0b44958cf29142dda2a3f6b4d15d400c985c5ca5 https://github.com/openSUSE/wicked/commit/0b44958cf29142dda2a3f6b4d15d400c98... Author: Marius Tomaschewski <mt@suse.de> Date: 2020-01-22 (Wed, 22 Jan 2020) Changed paths: M src/dhcp6/fsm.c Log Message: ----------- dhcp6: fix use-after-free on option parsing failure (CVE-2019-18902,bsc#1160903) ni_dhcp6_fsm_parse_client_options() frees msg->lease without clearing it to NULL, leading to UAF. Commit: 9d619f4c93c6499fb656bcbc950c7572b7d97568 https://github.com/openSUSE/wicked/commit/9d619f4c93c6499fb656bcbc950c7572b7... Author: Rubén Torrero Marijnissen <rtorreromarijnissen@suse.com> Date: 2020-01-22 (Wed, 22 Jan 2020) Changed paths: M src/dhcp4/protocol.c Log Message: ----------- dhcp4: free lease on response without message type (CVE-2020-7216,bsc#1160905) Commit: fbed37cfa279efdd2048fe6e2baecbbf6d6fb2ac https://github.com/openSUSE/wicked/commit/fbed37cfa279efdd2048fe6e2baecbbf6d... Author: Rubén Torrero Marijnissen <rtorreromarijnissen@suse.com> Date: 2020-01-31 (Fri, 31 Jan 2020) Changed paths: M src/dhcp6/protocol.c Log Message: ----------- dhcp6: don't add free'd IA to ia_pd_list on T1>T2 (CVE-2019-18903,bsc#1160904) Commit: 1ebab42a37e702b96d2c71f8ca5c4a427b000801 https://github.com/openSUSE/wicked/commit/1ebab42a37e702b96d2c71f8ca5c4a427b... Author: Rubén Torrero Marijnissen <rtorreromarijnissen@suse.com> Date: 2020-01-31 (Fri, 31 Jan 2020) Changed paths: M src/dhcp4/fsm.c Log Message: ----------- dhcp4: discard lease on client-id mismatch (CVE-2020-7217,bsc#1160906) Commit: 0f26728181ce2a701c9c03a4ee1fb6a561074594 https://github.com/openSUSE/wicked/commit/0f26728181ce2a701c9c03a4ee1fb6a561... Author: Rubén Torrero Marijnissen <rtorreromarijnissen@suse.com> Date: 2020-02-26 (Wed, 26 Feb 2020) Changed paths: M client/main.c M src/auto6.c M src/buffer.c M src/config.c M src/dbus-objects/misc.c M src/dbus-xml.c M src/dhcp4/fsm.c M src/dhcp4/protocol.c M src/dhcp6/fsm.c M src/dhcp6/protocol.c M src/fsm.c M src/iaid.c M src/macvlan.c M src/names.c M src/netinfo_priv.h M src/process.c M src/route.c M src/timer.c M src/update.c M src/util.c Log Message: ----------- Merge branch 'security-1' into 'sle15-sp1-test' security: memory usage errors in DHCPv4 and DHCPv6 handling See merge request wicked-maintainers/wicked!56 Compare: https://github.com/openSUSE/wicked/compare/d23a225b3055...0f26728181ce