Branch: refs/heads/sle12-sp5 Home: https://github.com/openSUSE/wicked Commit: fdca5fa70c22e790ed9fa714d433f0800f632a59 https://github.com/openSUSE/wicked/commit/fdca5fa70c22e790ed9fa714d433f0800f... Author: Marius Tomaschewski mt@suse.de Date: 2020-01-22 (Wed, 22 Jan 2020)
Changed paths: M client/main.c M src/auto6.c M src/buffer.c M src/config.c M src/dbus-objects/misc.c M src/dbus-xml.c M src/dhcp4/fsm.c M src/dhcp6/protocol.c M src/fsm.c M src/iaid.c M src/macvlan.c M src/names.c M src/netinfo_priv.h M src/process.c M src/route.c M src/timer.c M src/update.c M src/util.c
Log Message: ----------- Squashed misc bug fixes from pull#821
https://github.com/openSUSE/wicked/pull/821:
commit 98c0115e5e8b0db84752e5eb81a2b1abbae58618 Author: Malte Kraus malte.kraus@suse.com Date: Mon Jan 13 14:38:57 2020 +0100
force aligned struct accesses
commit de2bce5efb6cd5f32a26ce8ef3adc52ebac605f6 Author: Malte Kraus malte.kraus@suse.com Date: Mon Jan 13 14:00:20 2020 +0100
ni_iaid_create_hwaddr: deal correctly with unaligned memory
commit ebd4f30689f89ef008675102d9539332b89925de Author: Malte Kraus malte.kraus@suse.com Date: Fri Jan 10 16:37:18 2020 +0100
turn signed shifts into unsigned shifts: undefined behaviour
commit dc449aacecdd36bc797e5d808bb24b1bf30317b1 Author: Malte Kraus malte.kraus@suse.com Date: Fri Jan 10 14:56:00 2020 +0100
hostname lookup: don't use shellcmd after freeing it
the process keeps a reference to it, so this was no uaf before. This way it's more robust to changes in ni_process_new at least.
commit 11866ee000cadc1c950ed7883edaf5f56187203e Author: Malte Kraus malte.kraus@suse.com Date: Fri Jan 10 14:54:34 2020 +0100
fix use-after-free in timer
commit d0aa2afa319ff76b2f866316fafe76630d1723d3 Author: Malte Kraus malte.kraus@suse.com Date: Fri Jan 10 14:11:15 2020 +0100
ni_dhcp4_fsm_arp_validate: handle failure to create ARP handle
commit e9a9520142f0aa37398fbbd4c829b6e825b71f1e Author: Malte Kraus malte.kraus@suse.com Date: Fri Jan 10 14:00:02 2020 +0100
buffer: remove 0-byte memcpy undefined behaviour
commit 8ac6ffcc70e55b19e2ff6f5e4b748bf6a66734cc Author: Malte Kraus malte.kraus@suse.com Date: Fri Jan 10 13:50:03 2020 +0100
ni_rule_print: remove superfluous format argument
commit 9b76473e0504e3ab1e4de4d3292e5cc9acbdd201 Author: Malte Kraus malte.kraus@suse.com Date: Fri Jan 10 13:48:46 2020 +0100
process_run_info: fix check for signal termination
commit c9ce47dbc8bca88f59d07c3078f9f414df8b97c4 Author: Malte Kraus malte.kraus@suse.com Date: Fri Jan 10 13:47:16 2020 +0100
ni_ifworker_netif_resolve_cb: initalize cwtype variable
commit 5d3d74458b7e1c4ae9060805994b4c270017f571 Author: Malte Kraus malte.kraus@suse.com Date: Fri Jan 10 13:45:00 2020 +0100
__ni_objectmodel_route_nexthop_from_dict: do not print uninitalized var
commit fed802e40cf51823890bac1cb7f7d617bd23af18 Author: Malte Kraus malte.kraus@suse.com Date: Fri Jan 10 13:44:00 2020 +0100
ni_config_parse_addrconf_dhcp6_nodes: fix length parsing
commit b25f199ba117d6b333c808165be979073f03f556 Author: Malte Kraus malte.kraus@suse.com Date: Fri Jan 10 13:42:36 2020 +0100
ni_auto6_on_nduseropt_events: initialize changed variable
commit 3aef8af62ae556ed6bf702eb085209e6dc80cf06 Author: Malte Kraus malte.kraus@suse.com Date: Fri Jan 10 13:41:38 2020 +0100
client: format hostnames correctly
Commit: 0b44958cf29142dda2a3f6b4d15d400c985c5ca5 https://github.com/openSUSE/wicked/commit/0b44958cf29142dda2a3f6b4d15d400c98... Author: Marius Tomaschewski mt@suse.de Date: 2020-01-22 (Wed, 22 Jan 2020)
Changed paths: M src/dhcp6/fsm.c
Log Message: ----------- dhcp6: fix use-after-free on option parsing failure (CVE-2019-18902,bsc#1160903)
ni_dhcp6_fsm_parse_client_options() frees msg->lease without clearing it to NULL, leading to UAF.
Commit: 9d619f4c93c6499fb656bcbc950c7572b7d97568 https://github.com/openSUSE/wicked/commit/9d619f4c93c6499fb656bcbc950c7572b7... Author: Rubén Torrero Marijnissen rtorreromarijnissen@suse.com Date: 2020-01-22 (Wed, 22 Jan 2020)
Changed paths: M src/dhcp4/protocol.c
Log Message: ----------- dhcp4: free lease on response without message type (CVE-2020-7216,bsc#1160905)
Commit: fbed37cfa279efdd2048fe6e2baecbbf6d6fb2ac https://github.com/openSUSE/wicked/commit/fbed37cfa279efdd2048fe6e2baecbbf6d... Author: Rubén Torrero Marijnissen rtorreromarijnissen@suse.com Date: 2020-01-31 (Fri, 31 Jan 2020)
Changed paths: M src/dhcp6/protocol.c
Log Message: ----------- dhcp6: don't add free'd IA to ia_pd_list on T1>T2 (CVE-2019-18903,bsc#1160904)
Commit: 1ebab42a37e702b96d2c71f8ca5c4a427b000801 https://github.com/openSUSE/wicked/commit/1ebab42a37e702b96d2c71f8ca5c4a427b... Author: Rubén Torrero Marijnissen rtorreromarijnissen@suse.com Date: 2020-01-31 (Fri, 31 Jan 2020)
Changed paths: M src/dhcp4/fsm.c
Log Message: ----------- dhcp4: discard lease on client-id mismatch (CVE-2020-7217,bsc#1160906)
Commit: 7a3cc214a77c288b0c3ad8e1c695e1b44d90ab90 https://github.com/openSUSE/wicked/commit/7a3cc214a77c288b0c3ad8e1c695e1b44d... Author: Rubén Torrero Marijnissen rtorreromarijnissen@suse.com Date: 2020-02-26 (Wed, 26 Feb 2020)
Changed paths: M client/main.c M src/auto6.c M src/buffer.c M src/config.c M src/dbus-objects/misc.c M src/dbus-xml.c M src/dhcp4/fsm.c M src/dhcp4/protocol.c M src/dhcp6/fsm.c M src/dhcp6/protocol.c M src/fsm.c M src/iaid.c M src/macvlan.c M src/names.c M src/netinfo_priv.h M src/process.c M src/route.c M src/timer.c M src/update.c M src/util.c
Log Message: ----------- Merge branch 'security-1' into 'sle12-sp5-test'
security: memory usage errors in DHCPv4 and DHCPv6 handling
See merge request wicked-maintainers/wicked!54
Compare: https://github.com/openSUSE/wicked/compare/d1dfb7246d43...7a3cc214a77c