Headline
CVE-2020-7217: Releases · openSUSE/wicked
An ni_dhcp4_fsm_process_dhcp4_packet memory leak in openSUSE wicked 0.6.55 and earlier allows network attackers to cause a denial of service by sending DHCP4 packets with a different client-id.
sysctl: process sysctl.d directories as in sysctl --system
sysctl: fix sysctl values for loopback device (bsc#1181163, bsc#1178357)
dhcp4: add option to set route pref-src to dhcp IP (bsc#1192353)
cleanup: warnings, time calculations and dhcp fixes (bsc#1188019)
wireless: reconnect on unexpected wpa_supplicant restart (bsc#1183495)
tuntap: avoid sysfs attr read error (bsc#1192311)
ifstatus: fix warning of unexpected interface flag combination (bsc#1192164)
rpm-spec: dbus config in /usr shouldn’t be marked as %config
ifconfig: differentiate if to re-trigger dad on address updates (bsc#1177215)
client: parse sysctl files in the correct order (bsc#1181186)
ifup: fix for set up with unenslave from unconfigured master (boo#954329)
rpm: prepare for new builds using usrmerged rpm macro (boo#1029961)
rpm: Let wicked-service also provide service(network)
cleanup: remove obsolete use-nanny=false (#815)
dbus: add variant container, generic object-path and uint32 array macros
avoid incomplete ifdown/timeout on route deletion error (bsc#1174099)
dhcp4: add DHCLIENT_CREATE_CID to ifcfg (jsc#SLE-15770)
wicked: fixes to ifreload on port changes (bsc#1168155,bsc#1172082)
team: fix schema to use correct hwaddr_policy property (boo#1171234)
team: enable ipv6 on ports when nsna_ping linkwatch is used (bsc#959556)
spec: fix old libwicked package provides/obsoletes (bsc#1165180)
ipv6: support to apply stable secret ifsysctl (jsc#SLE-6960)
dhcp4: discard lease on client-id mismatch (CVE-2020-7217,bsc#1160906)
dhcp4: free lease on response without message type (CVE-2020-7216,bsc#1160905)
dhcp6: don’t add free’d IA to ia_pd_list on T1>T2 (CVE-2019-18903,bsc#1160904)
dhcp6: fix use-after-free on option parsing failure (CVE-2019-18902,bsc#1160903)
utils: don’t reject NULL var array names/keys breaking
wicked duid dump
routes: schema fix to avoid not applying rto_min incl. new time format (bsc#1160939)
systemd: order start wicked after network-pre.target and openvswitch.service start
packaging: use pkgconfig(libsystemd) instead of systemd-devel
misc bug fixes by Malte Kraus including undefined behaviour, memory access alignment
corrections, use-after-free, missed initialization and format errorsdracut: add initial cmdline parsing as a config source
address: don’t check hwaddr length if parsing as ARPHRD_VOID
utils: added find and insert var array utils, cleanup
client: add show-policy calling policy generation
client: initial support to generate a basic policy directly
client: cleanup convert and show-config commands
libwicked: fix versioning and packaging (bsc#1143182,bsc#1132977)
dhcp6: omit noprefixroute with address-length (bsc#1150972)
Permit to assume that the address prefix-length override
specified in the config is a valid on-link prefix length,
to let the kernel create a route for this prefix.dhcp6: differentiated mode=auto resolving from RA (bsc#1150183)
Fixed to not trigger to report an error when ipv6 RA is not available
or the received RA disables dhcp while mode is set to auto, but to
deliver a ‘deferred’ results.dhcp6: initial support to request prefix for delegations (jsc#SLE-5936)
dhcp6: set the noprefixroute address option (bsc#1132280)
dhcp6: do not default to a /64 address prefix-length bsc#1132280
Add an address-length aka DHCLIENT6_ADDRESS_LENGTH ifcfg option, which
permits to specify explicit prefix-length to use for the DHCPv6 address
and override detection using RA prefix info and a default to /128.time: use boot time for timer instead of real time bsc#1129986
dhcp: Consistently log dhcp xid and enabled to log dhcp6 timings line.
dhcp6: lower unexpected xid messages to debug level
systemd: change to depend on udev settle service bsc#1136034, bsc#1132774
Calling udevadm settle directly caused systemd to kill wicked services.bridge: honour ifcfg LLADDR and set link address bsc#1042123, bsc#1142670
rfkill: fix switch statement to check enum variable not a constant bsc#1140117
man: ifcfg-ovs-bridge(5): recommend STARTMODE=nfsroot
dhcp4: nullify defer timer pointer when timeout (#798)
dhcp4: fix to request routing options when custom options are used bsc#1132326
testing: add ifbind.sh helper script allowing to test hotplugging