diff --git a/0001-bash-completion-umount-use-findmnt-escape-a-space-in.patch b/0001-bash-completion-umount-use-findmnt-escape-a-space-in.patch new file mode 100644 index 0000000..acd4c53 --- /dev/null +++ b/0001-bash-completion-umount-use-findmnt-escape-a-space-in.patch @@ -0,0 +1,44 @@ +From 75f03badd7ed9f1dd951863d75e756883d3acc55 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Thu, 16 Nov 2017 16:27:32 +0100 +Subject: [PATCH] bash-completion: (umount) use findmnt, escape a space in + paths + + # mount /dev/sdc1 /mnt/test/foo\ bar + # umount + +has to return "/mnt/test/foo\ bar". + +Changes: + + * don't use mount | awk output, we have findmnt + * force compgen use \n as entries separator + +Addresses: https://github.com/karelzak/util-linux/issues/539 +Signed-off-by: Karel Zak +--- + bash-completion/umount | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/bash-completion/umount b/bash-completion/umount +index d76cb9fff..98c90d61a 100644 +--- a/bash-completion/umount ++++ b/bash-completion/umount +@@ -40,9 +40,10 @@ _umount_module() + return 0 + ;; + esac +- local DEVS_MPOINTS +- DEVS_MPOINTS="$(mount | awk '{print $1, $3}')" +- COMPREPLY=( $(compgen -W "$DEVS_MPOINTS" -- $cur) ) +- return 0 ++ ++ local oldifs=$IFS ++ IFS=$'\n' ++ COMPREPLY=( $( compgen -W '$(findmnt -lno TARGET | sed "s/\([[:blank:]]\)/\\\\\1/g")' -- "$cur" ) ) ++ IFS=$oldifs + } + complete -F _umount_module umount +-- +2.14.3 + diff --git a/util-linux.spec b/util-linux.spec index 29bca51..618db0e 100644 --- a/util-linux.spec +++ b/util-linux.spec @@ -89,6 +89,9 @@ Requires: libfdisk = %{version}-%{release} # 151635 - makeing /var/log/lastlog Patch0: 2.28-login-lastlog-create.patch +# 1552641 - CVE-2018-7738 util-linux: Shell command injection in unescaped bash-completed mount point names +Patch1: 0001-bash-completion-umount-use-findmnt-escape-a-space-in.patch + %description The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among @@ -930,6 +933,9 @@ exit 0 %{_libdir}/python*/site-packages/libmount/* %changelog +* Thu Mar 8 2018 Karel Zak - 2.30.2-2 +- fix #1552641 - CVE-2018-7738 util-linux: Shell command injection in unescaped bash-completed mount point names + * Fri Sep 22 2017 Karel Zak - 2.30.2-1 - upgrade to v2.30.2 http://ftp.kernel.org/pub/linux/utils/util-linux/v2.30/v2.30.2-ReleaseNotes