Package: network-manager / 1.6.2-3+deb9u2

Metadata

Package Version Patches format
network-manager 1.6.2-3+deb9u2 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
Force online state with unmanaged devices.patch | (download)

src/nm-manager.c | 120 120 + 0 - 0 !
1 file changed, 120 insertions(+)

 force online state with unmanaged devices

If we have unmanaged devices in /e/n/i, monitor the ifupdown state file
and in case we find active interfaces besides lo, forcefully set the
online state to CONNECTED.

Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512286

Don t setup Sleep Monitor if not booted with systemd.patch | (download)

src/nm-sleep-monitor.c | 5 5 + 0 - 0 !
1 file changed, 5 insertions(+)

 don't setup sleep monitor if not booted with systemd

NetworkManager uses systemd for suspend/resume support. It listens for
the PrepareForSleep and Resume D-Bus signal sent by logind/systemd and
deactivates the interfaces on sleep and reactivates them on resume.
With a standalone logind we don't get a Resume signal and
NetworkManager remains in sleep mode where the devices are unmanaged.
As a workaround, skip the Sleep Monitor setup if not booted with
systemd.

Closes: #742933

Fix arping path.patch | (download)

src/devices/nm-arping-manager.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 fix arping path

Debian provides two arping implementations:
/usr/sbin/arping, shipped by the arping package,
/usr/bin/arping, shipped by the iputils-arping package.

They aren't completely command line compatible, so we choose the one
which upstream (Fedora) is using, i.e. iputils-arping.

Closes: #755039

Don t make NetworkManager D Bus activatable.patch | (download)

Makefile.am | 5 0 + 5 - 0 !
data/NetworkManager.service.in | 1 0 + 1 - 0 !
2 files changed, 6 deletions(-)

 don't make networkmanager d-bus activatable

If the NetworkManager daemon has been stopped manually we don't want it
to be autostarted by a client request.

systemd Don t enable NetworkManager wait online.serv.patch | (download)

Makefile.am | 6 0 + 6 - 0 !
1 file changed, 6 deletions(-)

 systemd: don't enable networkmanager-wait-online.service statically

Instead we are going to hook up the service in network-online.target
dynamically via

[Install]
WantedBy=network-online.target

This way the user can easily disable the service.

Fix iscsiadm path.patch | (download)

src/settings/plugins/ibft/nms-ibft-plugin.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix iscsiadm path

The open-scsi package in Debian installs the iscisadm binary as
/usr/bin/iscsiadm.

This patch can be dropped post-stretch as open-iscsi now also ships the
binary as /sbin/iscsiadm (and /usr/bin/iscsiadm is a compat symlink).

libnm disconnect signal from D Bus proxies on dispose.patch | (download)

libnm/nm-device.c | 2 2 + 0 - 0 !
libnm/nm-object.c | 16 15 + 1 - 0 !
2 files changed, 17 insertions(+), 1 deletion(-)

 libnm: disconnect signal from d-bus proxies on dispose

https://bugzilla.gnome.org/show_bug.cgi?id=778615
(cherry picked from commit 5ae3db75158b2a5d71ea7027fe12638a3d243a4e)
(cherry picked from commit 0429753dab39c245f280c47ee269d88cf92d7061)

dhcp dhclient parse interface statements.patch | (download)

src/dhcp/nm-dhcp-dhclient-utils.c | 49 49 + 0 - 0 !
src/dhcp/tests/test-dhcp-dhclient.c | 91 91 + 0 - 0 !
2 files changed, 140 insertions(+)

 dhcp/dhclient: parse "interface" statements

Until now any "interface" statement was ignored and any enclosed
statement for which we have a special handling was considered, even if
wifi introduce enum type NMSupplicantInterfaceState inste.patch | (download)

src/devices/nm-device-ethernet.c | 6 4 + 2 - 0 !
src/devices/nm-device-macsec.c | 6 4 + 2 - 0 !
src/devices/wifi/nm-device-wifi.c | 40 21 + 19 - 0 !
src/supplicant/nm-supplicant-interface.c | 83 31 + 52 - 0 !
src/supplicant/nm-supplicant-interface.h | 10 5 + 5 - 0 !
5 files changed, 65 insertions(+), 80 deletions(-)

 wifi: introduce enum type nmsupplicantinterfacestate instead of
 plain int

Also change the signature of the NM_SUPPLICANT_INTERFACE_STATE signal,
to have three "int" type arguments. Thereby also fix the subscribers
to this signal that wrongly had type guint32, instead of guint
(which happens to be the same underlying type, so no real problem).

https://mail.gnome.org/archives/networkmanager-list/2017-February/msg00021.html
(cherry picked from commit 5a03de70518bd2f2ed3c6397d09fa9bbfac1608b)

supplicant rework nm_supplicant_interface_set_config to i.patch | (download)

src/devices/nm-device-ethernet.c | 68 20 + 48 - 0 !
src/devices/nm-device-macsec.c | 56 14 + 42 - 0 !
src/devices/wifi/nm-device-wifi.c | 63 13 + 50 - 0 !
src/supplicant/nm-supplicant-interface.c | 312 180 + 132 - 0 !
src/supplicant/nm-supplicant-interface.h | 13 9 + 4 - 0 !
5 files changed, 236 insertions(+), 276 deletions(-)

 supplicant: rework nm_supplicant_interface_set_config() to invoke
 result callback

Instead of having a NM_SUPPLICANT_INTERFACE_CONNECTION_ERROR signal to notify
about failures during AddNetwork/SelectNetwork, accept a callback to report
success/failure.

Thereby, rename nm_supplicant_interface_set_config() to
nm_supplicant_interface_assoc().

The async callback is guaranteed to:

 - be invoked exactly once, signalling success or failure
 - always being invoked asyncronously.

The pending request can be (synchronously) cancelled via
nm_supplicant_interface_disconnect() or by disposing the
interface instance. In those cases the callback will be invoked
too, with error code cancelled/disposing.

(cherry picked from commit 66c45d0fdcbd9e87b5164c5f77f914141cbb9419)

supplicant trivial move code around.patch | (download)

src/supplicant/nm-supplicant-interface.c | 114 59 + 55 - 0 !
1 file changed, 59 insertions(+), 55 deletions(-)

 supplicant/trivial: move code around

(cherry picked from commit e16bf4f3db3da36f8194195e766029d1b751b5ec)

supplicant use nm_clear_g_cancellable helper.patch | (download)

src/supplicant/nm-supplicant-interface.c | 18 4 + 14 - 0 !
1 file changed, 4 insertions(+), 14 deletions(-)

 supplicant: use nm_clear_g_cancellable() helper

(cherry picked from commit da34034b95651d8b68eaa19d7bf115ffc1cd1fb5)

supplicant remove unused return value from nm_supplicant_.patch | (download)

src/devices/wifi/nm-device-wifi.c | 22 7 + 15 - 0 !
src/supplicant/nm-supplicant-interface.c | 5 2 + 3 - 0 !
src/supplicant/nm-supplicant-interface.h | 2 1 + 1 - 0 !
3 files changed, 10 insertions(+), 19 deletions(-)

 supplicant: remove unused return value from
 nm_supplicant_interface_request_scan()

It cannot fail, remove code that anticipates a failure of request-scan.

(cherry picked from commit dce13b6f11105422d54ee3aa3781ae77c875ae0f)

supplicant cleanup network when cancelling AddNetwork req.patch | (download)

src/supplicant/nm-supplicant-interface.c | 58 52 + 6 - 0 !
1 file changed, 52 insertions(+), 6 deletions(-)

 supplicant: cleanup network when cancelling "addnetwork" request

If the assoc-request is cancelled while an "AddNetwork" request is
pending, we must cleanup the added network when the request succeeds.

The issue can also happen when NetworkManager shuts down and exits
the mainloop. This scenario is unsolved as the cleanup action
"RemoveNetwork" has no chance to run.

supplicant merge NEW_BSS signal with BSS_UPDATED.patch | (download)

src/devices/wifi/nm-device-wifi.c | 125 45 + 80 - 0 !
src/supplicant/nm-supplicant-interface.c | 17 4 + 13 - 0 !
src/supplicant/nm-supplicant-interface.h | 1 0 + 1 - 0 !
3 files changed, 49 insertions(+), 94 deletions(-)

 supplicant: merge new_bss signal with bss_updated

Before, the NEW_BSS signal was not careful to emit the signal only when the BSS
is seen for the first time. Consequently, supplicant_iface_new_bss_cb() checked
whether it already knows about the new BSS.

Merge NEW_BSS and BSS_UPDATED. Now we emit BSS_UPDATED when either the
BSS is new or changed.

Also, in supplicant_iface_new_bss_cb() (now supplicant_iface_bss_updated_cb())
no longer constructs an @ap instance if we have a @found_ap.

In some situations there can be a value of having a separate ADD signal.
But only when there the consumers care, and if the consumers can trust that
ADD is not just an UPDATE. The only consumer doesn't care and it not not be
trusted, so merge the signals.

(cherry picked from commit 29a53b1cd7fb48984221c71b38b049c3ced9b560)

wifi check for invalid BSSID in nm_wifi_ap_update_from_pr.patch | (download)

src/devices/wifi/nm-wifi-ap.c | 44 22 + 22 - 0 !
1 file changed, 22 insertions(+), 22 deletions(-)

 wifi: check for invalid bssid in nm_wifi_ap_update_from_properties()

In nm_wifi_ap_new_from_properties(), we checked that the BSSID is valid
and bailed out otherwise. Since we call nm_wifi_ap_update_from_properties()
on a created BSSID, we should ensure there too that an update does not cause
the address to become invalid.

In the unlikely case where an update would change a previously valid address
to an invalid one, we would ignore the update.

Thus, move the check for addresses inside nm_wifi_ap_update_from_properties().

(cherry picked from commit e3a489180b83d55c796d2162eecae01b7351327a)

supplicant delay SCAN_DONE signal until all BSS are initi.patch | (download)

src/supplicant/nm-supplicant-interface.c | 166 113 + 53 - 0 !
1 file changed, 113 insertions(+), 53 deletions(-)

 supplicant: delay scan_done signal until all bss are initialized

We initialize the BSS asyncronously. Don't declare SCAN_DONE
until all BSS are up.

Otherwise, especially during the very first scan we declare SCAN_DONE
when having no BSS yet. This wrongly removes the pending action
"wifi-scan", while "autoconnect" cannot happen as there are not BSS
yet. Thus we declare "startup-complete" too early.

Another issue is that we may start autoconnecting with an incomplete
scan list, and thus pick a non-preferred connections.

https://bugzilla.gnome.org/show_bug.cgi?id=777831
(cherry picked from commit e0f96770188eeaada70a299bd6dab7a50ec34a53)

wifi only react on AP update signal when there are actual.patch | (download)

src/devices/wifi/nm-device-wifi.c | 29 19 + 10 - 0 !
src/devices/wifi/nm-wifi-ap.c | 133 83 + 50 - 0 !
src/devices/wifi/nm-wifi-ap.h | 14 7 + 7 - 0 !
3 files changed, 109 insertions(+), 67 deletions(-)

 wifi: only react on ap update signal when there are actual changes

Since we emit BSS_UPDATED signal before SCAN_DONE, it is very likely
that nothing actually changed. This clutters the logs with update
messages.

Also move the added/removed logging messages inside ap_add_remove().
We would call ap_add_remove() at several places without logging the
change.

(cherry picked from commit c9dc0eba65565d361e32200894386da5e5c2d001)

wifi also show the NM D Bus path for the Wi Fi AP in nm_w.patch | (download)

src/devices/wifi/nm-wifi-ap.c | 14 11 + 3 - 0 !
1 file changed, 11 insertions(+), 3 deletions(-)

 wifi: also show the nm d-bus path for the wi-fi ap in
 nm_wifi_ap_to_string()

(cherry picked from commit 257484e7bac2813d0cf1bc922ef57e6b781b1c96)

device separately handle NMDevice s autoconnect by user a.patch | (download)

src/devices/bluetooth/nm-device-bt.c | 2 1 + 1 - 0 !
src/devices/nm-device.c | 56 40 + 16 - 0 !
src/devices/nm-device.h | 2 1 + 1 - 0 !
src/devices/wwan/nm-device-modem.c | 2 1 + 1 - 0 !
src/nm-manager.c | 2 1 + 1 - 0 !
5 files changed, 44 insertions(+), 20 deletions(-)

 device: separately handle nmdevice's autoconnect by user and
 internal decision

The NMDevice's autoconnect property is settable via D-Bus and is is
also modified by internal decision, like when no PIN is available.

Certain internal actions cause clearing the internal autoconnect flag,
but they should not override the user desicion.

For example, when NM awaks from sleep it would reenable autoconnect,
but it should not reenable it for devices where the user explicitly
said that autoconnect is to be disabled.

Similarly, activating a device alone is not yet an instruction to
re-enable autoconnect. If the user consciously disables autoconnect,
it should stay enabled. On the other hand, activating a device should
reenable autoconnect if it was blocked by internal decision.

We need to track these two flags separately, and set them accordingly.

(cherry picked from commit 2f9166e6b9c18af4801fd5cc6c01f7eaaeb9d538)

device add get_autoconnect_allowed virtual function.patch | (download)

src/devices/nm-device.c | 11 10 + 1 - 0 !
src/devices/nm-device.h | 5 5 + 0 - 0 !
2 files changed, 15 insertions(+), 1 deletion(-)

 device: add get_autoconnect_allowed() virtual function

It allows derived classes to override the autoconnect-allowed
state.

We already have

- NM_DEVICE_AUTOCONNECT property, which is two parts:
  - NMDevicePrivate::autoconnect_user, which is settable via
    D-Bus by the use, to allow the device to autoconnect.
  - NMDevicePrivate::autoconnect_intern, which is set by
    internal decision.
- NM_DEVICE_AUTOCONNECT_ALLOWED signal, where other devices can
  subscribe to block autoconnect. Currently that is only used
  by NMDeviceOlpcMesh.

These two make up for nm_device_autoconnect_allowed().

Add another way to allow derived classes to disable autoconnect
temporarily. This could also be achieved by having the device
subscribe to NM_DEVICE_AUTOCONNECT_ALLOWED of self, or by adding
a signal slot. But a plain function pointer seems easier.

(cherry picked from commit 6eaded9071fbf868476255adb8ee5f416e7ad134)

device wifi block autoconnect while scanning is in progre.patch | (download)

src/devices/wifi/nm-device-wifi.c | 17 16 + 1 - 0 !
1 file changed, 16 insertions(+), 1 deletion(-)

 device/wifi: block autoconnect while scanning is in progress

We should only start autoconnecting after the scan is complete.
Otherwise, we might activate a shared connection or pick a
connection based on an incomplete scan list.

https://bugzilla.gnome.org/show_bug.cgi?id=770938
(cherry picked from commit 2ab2254dd7336b9b7baa03ea1eb1f1c72f7ab6a8)

libnm client proxy _enabled and metered properties to the.patch | (download)

libnm/nm-client.c | 8 4 + 4 - 0 !
1 file changed, 4 insertions(+), 4 deletions(-)

 libnm/client: proxy *_enabled and metered properties to the right
 object

They're provided by the Manager, not by the RemoteSettings.

(cherry picked from commit c81005b84650b8e6d709ce6afda96fb55987cdb8)
(cherry picked from commit 34035ceee8e75d8cb7deb6f4aa211067bddcfe97)
(cherry picked from commit b2af5f7ab676675a496adfa08541ecca43a9d9f8)

libsystemd network ipv4ll probe conflict counter 5361.patch | (download)

src/systemd/src/libsystemd-network/sd-ipv4acd.c | 2 0 + 2 - 0 !
1 file changed, 2 deletions(-)

 libsystemd-network: ipv4ll probe conflict counter (#5361)

A bug exists where the conflict counter is cleared
regardless of whether or not the next probe attempt leads to
a successful address acquisition. This causes 'bursts' of
MAX_CONFLICTS probes followed by a delay of
RATE_LIMIT_INTERVAL instead of a single probe each
RATE_LIMIT_INTERVAL when beyond MAX_CONFLICTS.

The conflict counter should only be cleared after an
address is successfully acquired. This commit achieves that
goal.

From RFC3927:
A host should maintain a counter of the number of address
conflicts it has experienced in the process of trying to
acquire an address, and if the number of conflicts exceeds
MAX_CONFLICTS then the host MUST limit the rate at which it
probes for new addresses to no more than one new address per
RATE_LIMIT_INTERVAL.  This is to prevent catastrophic ARP
storms in pathological failure cases, such as a rogue host
that answers all ARP probes, causing legitimate hosts to go
into an infinite loop attempting to select a usable address.

Signed-off-by: Jason Reeder <jasonreeder@gmail.com>

(cherry picked from commit 0cbc024d591e1b1095d90494e0337dabd9ef2e19)
(cherry picked from commit eb8fd9cdfd69028ef22a9d0de32ade9751fcea82)

systemd dhcp fix assertion starting DHCP client without M.patch | (download)

src/systemd/src/libsystemd-network/dhcp-network.c | 2 0 + 2 - 0 !
1 file changed, 2 deletions(-)

 systemd/dhcp: fix assertion starting dhcp client without mac address

An assertion in dhcp_network_bind_raw_socket() is triggered when
starting an sd_dhcp_client without setting setting a MAC address
first.

  - sd_dhcp_client_start()
    - client_start()
      - client_start_delayed()
        - dhcp_network_bind_raw_socket()

In that case, the arp-type and MAC address is still unset. Note that
dhcp_network_bind_raw_socket() already checks for a valid arp-type
and MAC address below, so we should just gracefully return -EINVAL.

Maybe sd_dhcp_client_start() should fail earlier when starting without
MAC address. But the failure here will be correctly propagated and
the start aborted.

See-also: https://github.com/systemd/systemd/pull/10054
(cherry picked from commit 34af574d5810ab2b0d6d354cbc28135cde4a55b1)
(cherry picked from commit 0a797bdc2a592385a21e7ed918c08ef54a346d99)
(cherry picked from commit f37ed84ca495ee212b1e82b9c5a5682c4acfebcd)
(cherry picked from commit 1031b2bb5c97bd48ff93f85537b3f5ce0f6f64bf)
(cherry picked from commit 4ca49f52fae5c7841f873bc0a01d654dc19c2152)
(cherry picked from commit 59941b21247c53091f303b58106f9b7a446835f1)

dhcp6 fix an off by one error in dhcp6_option_parse_domai.patch | (download)

src/systemd/src/libsystemd-network/dhcp6-option.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 dhcp6: fix an off-by-one error in dhcp6_option_parse_domainname

==14==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200055fa9c at pc 0x0000005458f1 bp 0x7ffc78940d90 sp 0x7ffc78940d88
READ of size 1 at 0x60200055fa9c thread T0
    #0 0x5458f0 in dhcp6_option_parse_domainname /work/build/../../src/systemd/src/libsystemd-network/dhcp6-option.c:555:29
    #1 0x54706e in dhcp6_lease_set_domains /work/build/../../src/systemd/src/libsystemd-network/sd-dhcp6-lease.c:242:13
    #2 0x53fce0 in client_parse_message /work/build/../../src/systemd/src/libsystemd-network/sd-dhcp6-client.c:984:29
    #3 0x53f3bc in client_receive_advertise /work/build/../../src/systemd/src/libsystemd-network/sd-dhcp6-client.c:1083:13
    #4 0x53d57f in client_receive_message /work/build/../../src/systemd/src/libsystemd-network/sd-dhcp6-client.c:1182:21
    #5 0x7f0f7159deee in source_dispatch /work/build/../../src/systemd/src/libsystemd/sd-event/sd-event.c:3042:21
    #6 0x7f0f7159d431 in sd_event_dispatch /work/build/../../src/systemd/src/libsystemd/sd-event/sd-event.c:3455:21
    #7 0x7f0f7159ea8d in sd_event_run /work/build/../../src/systemd/src/libsystemd/sd-event/sd-event.c:3512:21
    #8 0x531f2b in fuzz_client /work/build/../../src/systemd/src/fuzz/fuzz-dhcp6-client.c:44:9
    #9 0x531bc1 in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-dhcp6-client.c:53:9
    #10 0x57bec8 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:570:15
    #11 0x579d67 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:479:3
    #12 0x57dc92 in fuzzer::Fuzzer::MutateAndTestOne() /src/libfuzzer/FuzzerLoop.cpp:707:19
    #13 0x580ca6 in fuzzer::Fuzzer::Loop(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:838:5
    #14 0x55e968 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:764:6
    #15 0x551a1c in main /src/libfuzzer/FuzzerMain.cpp:20:10
    #16 0x7f0f701a082f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #17 0x41e928 in _start (/out/fuzz-dhcp6-client+0x41e928)

https://github.com/systemd/systemd/pull/10200
https://github.com/systemd/systemd/commit/b387d3c1327a3ad2a2509bd3d3491e674392ff21
(cherry picked from commit 7cb7cffc4962245a32e87017bcf264005c043250)
(cherry picked from commit cd3aacefdd0b91741b7b2e7b5ee5baab210addd9)
(cherry picked from commit 5b140a77bc7b01dc002dbf28a7a2507a27a63d7c)
(cherry picked from commit 0f25f47767794fb179edb9916566a208fbcfcb8f)
(cherry picked from commit c13e43979e10e636e3787bf85a4d56fa5187e70d)
(cherry picked from commit b7b2c8ad3829528eb24dacd91fac9056d731933a)

sd dhcp lease fix memleaks.patch | (download)

src/systemd/src/libsystemd-network/sd-dhcp-lease.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 sd-dhcp-lease: fix memleaks

(cherry picked from commit e2975f854831d08a25b4f5eb329b6d04102e115f)
(cherry picked from commit 157094abd83f933fad142758a7d177cfa1a347f7)
(cherry picked from commit 3fd9d11619a5e60d375076fbe13851dd1d3a4a63)
(cherry picked from commit 4439f07841bdddc6878132a993c229df032e8e85)
(cherry picked from commit cbd0609cc482168912c747bad883ba6d434c2a11)
(cherry picked from commit 3a070225b54692da89c801a1dc3df42a11d209a1)

sd dhcp6 make dhcp6_option_parse_domainname not store emp.patch | (download)

src/systemd/src/libsystemd-network/dhcp6-option.c | 66 29 + 37 - 0 !
1 file changed, 29 insertions(+), 37 deletions(-)

 sd-dhcp6: make dhcp6_option_parse_domainname() not store empty
 domain

This improves performance of fuzzer.
C.f. oss-fuzz#11019.

(cherry picked from commit 3c72b6ed4252e7ff5f7704bfe44557ec197b47fa)
(cherry picked from commit 50403cccee28c7dcd54b138a0d3b3f69ea0204fe)
(cherry picked from commit f11f5abb1a8b96b553d2d156f8b5cf440695c04d)
(cherry picked from commit c836279fca80fb22ca7ef02acaa5b987fee61123)
(cherry picked from commit 4ca0e57c46cf6861ec6f6b6c8e0d430edb3fa5b1)
(cherry picked from commit 32e71d5bc09494736866fd78606994f8bf93b31d)
(cherry picked from commit 331e81621e2ce822fa1c7658393c2daf7b910db8)

sd dhcp remove unreachable route after rebinding return N.patch | (download)

src/systemd/src/libsystemd-network/sd-dhcp-client.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 sd-dhcp: remove unreachable route after rebinding return nak

(cherry picked from commit cc3981b1272b9ce37e7d734a7b2f42e84acac535)
(cherry picked from commit 915c2f675a23b2ae16d292d1ac570706f76b384d)
(cherry picked from commit cb77290a696dce924e2a993690634986ac035490)
(cherry picked from commit f211b140a5861ddedc2424946e3ab07d3b642b5f)
(cherry picked from commit 1cfefbb99ff3c2ab7a0f54829c6f3f787d9e6d77)
(cherry picked from commit f3f5441820d0ecd0ff6861480ace696a6bf34fbd)
(cherry picked from commit 7337cd21dd1e4a285ff1ae9463b42460a64c3107)

dhcp6 make sure we have enough space for the DHCP6 option.patch | (download)

src/systemd/src/libsystemd-network/dhcp6-option.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 dhcp6: make sure we have enough space for the dhcp6 option header

Fixes a vulnerability originally discovered by Felix Wilhelm from
Google.

CVE-2018-15688
LP: #1795921
https://bugzilla.redhat.com/show_bug.cgi?id=1639067

(cherry picked from commit 4dac5eaba4e419b29c97da38a8b1f82336c2c892)
(cherry picked from commit 01ca2053bbea09f35b958c8cc7631e15469acb79)
(cherry picked from commit fc230dca139142f409d7bac99dbfabe9b004e2fb)
(cherry picked from commit cc1e5a7f5731f223d1eb8473fa0eecbedfc0ae5f)
(cherry picked from commit c3221cb0c5b4a2936c198e33b6f7853141991277)
(cherry picked from commit f4f765534191ed3c5d8e78b97333f3fd978a2b63)
(cherry picked from commit 2a25872910606d83f0532d668e73ab4809ee7f90)