rpms
/
util-linux
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

2.30.2-2: fix #1552641

This commit is contained in:
Karel Zak 2018-03-08 10:34:16 +01:00
parent 558fdf8110
commit 2d9903e743
2 changed files with 50 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
0001-bash-completion-umount-use-findmnt-escape-a-space-in.patch Normal file
View File

@ -0,0 +1,44 @@
From 75f03badd7ed9f1dd951863d75e756883d3acc55 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Thu, 16 Nov 2017 16:27:32 +0100
Subject: [PATCH] bash-completion: (umount) use findmnt, escape a space in
paths
# mount /dev/sdc1 /mnt/test/foo\ bar
# umount <tab>
has to return "/mnt/test/foo\ bar".
Changes:
* don't use mount | awk output, we have findmnt
* force compgen use \n as entries separator
Addresses: https://github.com/karelzak/util-linux/issues/539
Signed-off-by: Karel Zak <kzak@redhat.com>
---
bash-completion/umount | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/bash-completion/umount b/bash-completion/umount
index d76cb9fff..98c90d61a 100644
--- a/bash-completion/umount
+++ b/bash-completion/umount
@@ -40,9 +40,10 @@ _umount_module()
return 0
;;
esac
- local DEVS_MPOINTS
- DEVS_MPOINTS="$(mount | awk '{print $1, $3}')"
- COMPREPLY=( $(compgen -W "$DEVS_MPOINTS" -- $cur) )
- return 0
+
+ local oldifs=$IFS
+ IFS=$'\n'
+ COMPREPLY=( $( compgen -W '$(findmnt -lno TARGET | sed "s/\([[:blank:]]\)/\\\\\1/g")' -- "$cur" ) )
+ IFS=$oldifs
}
complete -F _umount_module umount
--
2.14.3

6
util-linux.spec
View File

@ -89,6 +89,9 @@ Requires: libfdisk = %{version}-%{release}
# 151635 - makeing /var/log/lastlog
Patch0: 2.28-login-lastlog-create.patch
# 1552641 - CVE-2018-7738 util-linux: Shell command injection in unescaped bash-completed mount point names
Patch1: 0001-bash-completion-umount-use-findmnt-escape-a-space-in.patch
%description
The util-linux package contains a large variety of low-level system
utilities that are necessary for a Linux system to function. Among
@ -930,6 +933,9 @@ exit 0
%{_libdir}/python*/site-packages/libmount/*
%changelog
* Thu Mar 8 2018 Karel Zak <kzak@redhat.com> - 2.30.2-2
- fix #1552641 - CVE-2018-7738 util-linux: Shell command injection in unescaped bash-completed mount point names
* Fri Sep 22 2017 Karel Zak <kzak@redhat.com> - 2.30.2-1
- upgrade to v2.30.2
http://ftp.kernel.org/pub/linux/utils/util-linux/v2.30/v2.30.2-ReleaseNotes