2.30.2-2: fix #1552641
This commit is contained in:
parent
558fdf8110
commit
2d9903e743
@ -0,0 +1,44 @@
|
||||
From 75f03badd7ed9f1dd951863d75e756883d3acc55 Mon Sep 17 00:00:00 2001
|
||||
From: Karel Zak <kzak@redhat.com>
|
||||
Date: Thu, 16 Nov 2017 16:27:32 +0100
|
||||
Subject: [PATCH] bash-completion: (umount) use findmnt, escape a space in
|
||||
paths
|
||||
|
||||
# mount /dev/sdc1 /mnt/test/foo\ bar
|
||||
# umount <tab>
|
||||
|
||||
has to return "/mnt/test/foo\ bar".
|
||||
|
||||
Changes:
|
||||
|
||||
* don't use mount | awk output, we have findmnt
|
||||
* force compgen use \n as entries separator
|
||||
|
||||
Addresses: https://github.com/karelzak/util-linux/issues/539
|
||||
Signed-off-by: Karel Zak <kzak@redhat.com>
|
||||
---
|
||||
bash-completion/umount | 9 +++++----
|
||||
1 file changed, 5 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/bash-completion/umount b/bash-completion/umount
|
||||
index d76cb9fff..98c90d61a 100644
|
||||
--- a/bash-completion/umount
|
||||
+++ b/bash-completion/umount
|
||||
@@ -40,9 +40,10 @@ _umount_module()
|
||||
return 0
|
||||
;;
|
||||
esac
|
||||
- local DEVS_MPOINTS
|
||||
- DEVS_MPOINTS="$(mount | awk '{print $1, $3}')"
|
||||
- COMPREPLY=( $(compgen -W "$DEVS_MPOINTS" -- $cur) )
|
||||
- return 0
|
||||
+
|
||||
+ local oldifs=$IFS
|
||||
+ IFS=$'\n'
|
||||
+ COMPREPLY=( $( compgen -W '$(findmnt -lno TARGET | sed "s/\([[:blank:]]\)/\\\\\1/g")' -- "$cur" ) )
|
||||
+ IFS=$oldifs
|
||||
}
|
||||
complete -F _umount_module umount
|
||||
--
|
||||
2.14.3
|
||||
|
@ -89,6 +89,9 @@ Requires: libfdisk = %{version}-%{release}
|
||||
# 151635 - makeing /var/log/lastlog
|
||||
Patch0: 2.28-login-lastlog-create.patch
|
||||
|
||||
# 1552641 - CVE-2018-7738 util-linux: Shell command injection in unescaped bash-completed mount point names
|
||||
Patch1: 0001-bash-completion-umount-use-findmnt-escape-a-space-in.patch
|
||||
|
||||
%description
|
||||
The util-linux package contains a large variety of low-level system
|
||||
utilities that are necessary for a Linux system to function. Among
|
||||
@ -930,6 +933,9 @@ exit 0
|
||||
%{_libdir}/python*/site-packages/libmount/*
|
||||
|
||||
%changelog
|
||||
* Thu Mar 8 2018 Karel Zak <kzak@redhat.com> - 2.30.2-2
|
||||
- fix #1552641 - CVE-2018-7738 util-linux: Shell command injection in unescaped bash-completed mount point names
|
||||
|
||||
* Fri Sep 22 2017 Karel Zak <kzak@redhat.com> - 2.30.2-1
|
||||
- upgrade to v2.30.2
|
||||
http://ftp.kernel.org/pub/linux/utils/util-linux/v2.30/v2.30.2-ReleaseNotes
|
||||
|
Loading…
Reference in New Issue
Block a user