anag_factory
b85573bede
- Update to version 0.6.79 (bsc#1265221,CVE-2026-44932)
- Fix an indirect remote shell command injection via unsanitized
dhcp strings and leaseinfo dump (bsc#1265221,CVE-2026-44932):
- Fix to escape single-quotes in leaseinfo dump output used by the
`wicked test dhcp4` and `wicked test dhcp6` and written to the
/run/wicked/leaseinfo.* files, e.g. to pass them to netconfig.
A netconfig modify filtered for strict key='value' lines without
any escaped quotes and discarded these lines already before.
- Fix posix-tz-dbname and tz-string option processing checks to
permit only valid characters according to RFC4833.
- Discard string values containing single-quotes in other options.
- Trigger to regenerate initrd that may contain wicked binaries on
updates from wicked versions <= 0.6.78.
- utils: add support for refcounted objects in generic array (gh#openSUSE/wicked#1045)
OBS-URL: https://build.opensuse.org/request/show/1358674
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/wicked?expand=0&rev=108