[El-errata] ELSA-2016-2581 Low: Oracle Linux 7 NetworkManager security, bug fix, and enhancement update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Nov 10 11:01:49 PST 2016

Oracle Linux Security Advisory ELSA-2016-2581


The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:



Description of changes:

- device: consider a device with slaves configured (rh#1333983)

- build: add RPM dependency for exact glib2 version (rh#1378809)

- device: improve connection matching for assuming bond and infiniband 

- clients: handle secret requests only for current connection (rh#1351272)
- device: fix crash reapplying connection to slave devices (rh#1376784)
- cli: fix autocompletion after ifname (rh#1375933)

- libnm: fix crash in nm_vpn_plugin_info_list_get_service_types() 
- device: wait for MAC address change before setting up interface 
(rh#1371623, rh#1374023)

- wifi: another fix activation failure due to error changing MAC address 
(rh#1371623, rh#1374023)
- dhcp: fix race condition that may cause lost lease events and DHCP 
timeouts (rh#1373276)

- po: add translations (rh#1276476)

- libnm,nmtui: fix handling empty cloned-mac-address property (rh#1372799)
- ibft: grant required CAP_SYS_ADMIN capabilities (rh#1371201)

- core: really fix wrong source interface for PropertiesChanged D-Bus 
signal (rh#1371920)

- wifi: fix activation failure due to error changing MAC address 
- core: fix wrong source interface for PropertiesChanged D-Bus signal 
- team: restore validation of JSON configuration (rh#1371967)
- device: manage firewall zone for assumed persistent connections 
- device: don't let external changes cause a release of the slave 

- ifcfg-rh: clear IP settings for slave connections (rh#1368761)
- ifcfg-rh: accept TEAM connections also without DEVICETYPE setting 

- Update to 1.4.0 release
- cli: show username when interactively connecting to a wireless network 
(rh #1351272)
- ifcfg-rh: ensure master is cleared when updating a connection (rh 
- policy: always try to update kernel hostname (rh #1362542)
- cli: return sane error message for D-Bus policy permission errors (rh 
- device: don't flush addresses when unmanaging assumed devices (rh 
- team: be more tolerant when handling invalid or empty configuration 
(rh #1366300)
- act-request: queue failing the slave when master fails (rh #1367702)
- vpn: fix ipv6 configuration of VPNs without a separate interface (rh 
- vpn: properly discard routes with invalid prefix length (rh #1368355)

- logging: default to syslog (rh #1358335)

- Update to 1.4-beta1 release
- core: fix setting hostname from DHCP (rh #1356015)
- vlan: honor the REORDER_HDR flag (rh #1312281)
- device: apply MTU setting also to devices without IPv4 configuration 
(rh #1364275)
- bond: improved connection matching (rh #1304641)
- team: check return value of g_dbus_connection_call_sync() (rh #1349749)

- Rebuild for fixed documentation directory in redhat-rpm-macros

- Update to a more recent 1.4.0 snapshot:
- bond: fix defaults and be more liberal in accepting different formats 
of option values (rh #1352131)
- bond: fix setting of "lp_interval" option (rh #1348573)
- device: don't try to generate ipv6ll address for disconnected devices 
(rh #1351633)
- device: make sure we update system hostname when DHCP configuration 
changes (rh #1356015)
- device: tune down warning about failure to set userspace IPv6LL on 
non-existing device (rh #1323571)
- nmcli: add "nmcli device modify" subcommand to do runtime 
configuration changes (rh #998000)
- nmcli: crash on connection delete/down timeout (rh $1355740)
- nmcli: fix 8021x settings tab-completion (rh #1301226)
- secrets: increase timeout for getting the secrets from the agent (rh 
- team: keep device config property up to date with actual configuration 
(rh #1310435)
- team: make synchronization with teamd more robust (rh #1257237)
- vpn: don't merge DNS properties into parent device's configuration (rh 

- Do not regenerate gtk-doc. Together with parallel make it may cause 
multilib conflicts

- enable JSON validation configure option
- Update to a more recent 1.3.0 snapshot:
- team: check return value of g_dbus_connection_call_sync() (rh #1347015)

- Update to a 1.3.0 snapshot:
- cli: hide secret certificate blobs unless --show-secrets set (rh #1184530)
- dns: add support for specifying dns priorities (rh #1228707)
- core: wait for IPv6 DAD before completing activation (rh #1243958)
- device: take care of default route of DHCP generated-assumed 
connections (rh #1265239)
- team: improve matching of team connection upon service restart (rh 
- device: apply MTU setting also to devices without IPv4 configuration 
(rh #1303968)
- device: reconfigure IP addressing after bringing up device (rh #1309899)
- team: expose current device configuration through D-Bus and nmcli (rh 
- systemd: add "After=dbus.service" to NetworkManager.service (rh #1311988)
- cli: handle device failure when activating (rh #1312726)
- core,libnm: remove gateway from connection if never-default is set (rh 
- platform: remove padding for IP address lifetimes (rh #1318945)
- manager: run dispatcher scripts on suspend/sleep (rh #1330694)
- device: remove pending dhcp actions also in IP_DONE state (rh #1330893)
- wwan: fixed multiple crashes (rh #1331395)
- nmcli: fix tab completion for libreswan import (rh #1337300)

- write /etc/resolv.conf as file by default instead of symlink (rh#1337222)
- rename package config-routing-rules to dispatcher-routing-rules (rh 

- Update to NetworkManager 1.2.0 release
- vlan: keep the hardware address synchronized with parent device (rh 
- bond: add more options (rh #1299103)

- Update to a more recent 1.2.0 snapshot

- Update to a 1.2.0 snapshot:
- core: add a connection defaults section to NetworkManager.conf (rh 
- dhcp: make timeout configurable (rh #1262922)
- pppoe: set the firewall zone on the correct ip interface (rh #1110465)
- device: properly roll back the device activation attempt on failure 
(rh #1270814)
- nmcli: add monitor command (rh #1034158)
- nmcli: fix shell completion of bluetooth device names (rh #1271271)
- ipv4: add an option to send full FQDN in DHCP requests (rh #1255507)
- core: fix a use-after-free() when activating a secondary VPN 
connection (rh #1277247)
- wifi: fix bssid cache updating (rh #1094298)
- vlan: honor the reorder-header flag (rh #1250225)
- ipv4: do a duplicate address detection (rh #1259063)
- core: add LLDP listener to the daemon and utilities (rh #1142898)
- vpn: don't fail activation when plugin supports interactive mode, but 
the VPN daemon does not (rh #1298732)
- ipv6: readd the address when the MAC address changes (rh #1286105)
- core: avoid generating excessively long names for virtual devices (rh 
- nmcli: add connection import and export (rh #1034105)
- vlan: fix matching of connections on assumption (rh #1276343)
- core: fix matching of static route metrics on connection assumption 
(rh #1302532)
- core: work around broken device drivers (AWS ENI) that initially have 
zero MAC address (rh #1288110)
- infiniband: set the link down when changing mode, some drivers need 
that (rh #1281301)
- infiniband: retry autoactivation of partitions when parent device 
changes (rh #1275875)

- route: fix nl_object_identical() comparing AF_INET addresses (rh #1370503)

- update to latest upstream release 3.2.28 (rh #1296058)

- update to latest upstream release 3.2.28-rc1 (rh #1296058)

- rebase package to upstream version 3.2.27 (rh #1296058)

- c-e: fix team page with older GTK and jansson (rh #1079465)

- Update to network-manager-applet 1.4.0 release
- c-e: add editor for teaming devices (rh #1079465)

- c-e: fix tab stop for Create button (rh#1339565)

- Update to network-manager-applet 1.2.2 release

- Update to network-manager-applet 1.2.0 release

- Rebase to 1.2-beta3

More information about the El-errata mailing list