Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package wicked for openSUSE:Factory checked in at 2026-06-12 19:25:02 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/wicked (Old) and /work/SRC/openSUSE:Factory/.wicked.new.1981 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "wicked" Fri Jun 12 19:25:02 2026 rev:108 rq:1358674 version:0.6.79 Changes: -------- --- /work/SRC/openSUSE:Factory/wicked/wicked.changes 2025-01-09 15:06:23.297683827 +0100 +++ /work/SRC/openSUSE:Factory/.wicked.new.1981/wicked.changes 2026-06-12 19:25:13.760420678 +0200 @@ -1,0 +2,17 @@ +Wed May 27 12:38:40 UTC 2026 - Marius Tomaschewski <[email protected]> + +- Update to version 0.6.79 + - Fix an indirect remote shell command injection via unsanitized + dhcp strings and leaseinfo dump (bsc#1265221,CVE-2026-44932): + - Fix to escape single-quotes in leaseinfo dump output used by the + `wicked test dhcp4` and `wicked test dhcp6` and written to the + /run/wicked/leaseinfo.* files, e.g. to pass them to netconfig. + A netconfig modify filtered for strict key='value' lines without + any escaped quotes and discarded these lines already before. + - Fix posix-tz-dbname and tz-string option processing checks to + permit only valid characters according to RFC4833. + - Discard string values containing single-quotes in other options. + - Trigger to regenerate initrd that may contain wicked binaries on + updates from wicked versions <= 0.6.78. + +------------------------------------------------------------------- Old: ---- wicked-0.6.78.tar.bz2 New: ---- wicked-0.6.79.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ wicked.spec ++++++ --- /var/tmp/diff_new_pack.8S1Eux/_old 2026-06-12 19:25:16.000514571 +0200 +++ /var/tmp/diff_new_pack.8S1Eux/_new 2026-06-12 19:25:16.004514738 +0200 @@ -1,7 +1,7 @@ # # spec file for package wicked # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ %define release_prefix %{?snapshot:%{snapshot}}%{!?snapshot:0} Name: wicked -Version: 0.6.78 +Version: 0.6.79 Release: %{release_prefix}.0.0 Summary: Network configuration infrastructure License: GPL-2.0-or-later @@ -42,7 +42,7 @@ BuildRequires: make %if %{with wicked_devel} # libwicked-%%{version}.so shlib package compatible match for wicked-devel -Provides: libwicked-0_6_78 = %{version}-%{release} +Provides: libwicked-0_6_79 = %{version}-%{release} %endif # uninstall obsolete libwicked-0-6 (libwicked-0.so.6, wicked < 0.6.60) Provides: libwicked-0-6 = %{version} @@ -97,6 +97,7 @@ BuildRequires: systemd-rpm-macros BuildRequires: pkgconfig(libsystemd) %{?systemd_requires} +%{?regenerate_initrd_requires} %if 0%{?suse_version:1} Requires(pre): %fillup_prereq Requires: sysconfig-netconfig @@ -164,7 +165,7 @@ Group: Development/Libraries/C and C++ Requires: dbus-1-devel Requires: libnl3-devel -Requires: libwicked-0_6_78 = %{version}-%{release} +Requires: libwicked-0_6_79 = %{version}-%{release} %description devel Wicked is a network configuration infrastructure incorporating a number @@ -269,6 +270,15 @@ # restart wickedd after upgrade %{service_del_postun wickedd.service} +%pre +version=$(wicked --version 2>/dev/null) +version="${version#* }" +version="9${version//./}" +# regenereate initrd in case wicked is used in it (bsc#1265221) +if test $(($version)) -le 90678 ; then + %__mkdir_p -m 0755 "%{wicked_statedir}/regenerate-initrd" || : +fi + %post /sbin/ldconfig %{fillup_only -dns config wicked network} @@ -282,6 +292,16 @@ %_sysconfdir/wicked/client-firmware.xml || : fi rm -f -- %_sysconfdir/wicked/client-redfish.xml || : +if test -d "%{wicked_statedir}/regenerate-initrd" ; then + %{?regenerate_initrd_post} + : +fi + +%posttrans +if test -d "%{wicked_statedir}/regenerate-initrd" ; then + %{?regenerate_initrd_posttrans} + : +fi %postun /sbin/ldconfig ++++++ wicked-0.6.78.tar.bz2 -> wicked-0.6.79.tar.bz2 ++++++ ++++ 35851 lines of diff (skipped)
