diff --git a/column-fix-leading-space-characters-bug.patch b/column-fix-leading-space-characters-bug.patch new file mode 100644 index 0000000..c4a88b5 --- /dev/null +++ b/column-fix-leading-space-characters-bug.patch @@ -0,0 +1,32 @@ +From 5b6fa6063990017f3384476537106caa9e3f5867 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Tue, 27 Mar 2018 10:40:13 +0200 +Subject: [PATCH] column: fix leading space characters bug + +The bug has been introduced during column(1) rewrite. The function +read_input() need to skip leading space only temporary to detect empty +lines, but the rest of the code has to use the original buffer (line). + +Addresses: https://github.com/karelzak/util-linux/issues/575 +Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1560283 +Signed-off-by: Karel Zak +--- + text-utils/column.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/text-utils/column.c b/text-utils/column.c +index 5eb0de1ae..d6a6385e3 100644 +--- a/text-utils/column.c ++++ b/text-utils/column.c +@@ -452,7 +452,7 @@ static int read_input(struct column_control *ctl, FILE *fp) + if (!str || !*str) + continue; + +- wcs = mbs_to_wcs(str); ++ wcs = mbs_to_wcs(buf); + if (!wcs) + err(EXIT_FAILURE, _("read failed")); + +-- +2.14.3 + diff --git a/util-linux.spec b/util-linux.spec index e90d60c..8acd621 100644 --- a/util-linux.spec +++ b/util-linux.spec @@ -2,7 +2,7 @@ Summary: A collection of basic system utilities Name: util-linux Version: 2.30.2 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain Group: System Environment/Base URL: http://en.wikipedia.org/wiki/Util-linux @@ -92,6 +92,9 @@ Patch0: 2.28-login-lastlog-create.patch # 1552641 - CVE-2018-7738 util-linux: Shell command injection in unescaped bash-completed mount point names Patch1: 0001-bash-completion-umount-use-findmnt-escape-a-space-in.patch +# 1560283 - column does not properly handle spaces at beginning of tab-separated table columns +Patch2: column-fix-leading-space-characters-bug.patch + %description The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among @@ -933,6 +936,9 @@ exit 0 %{_libdir}/python*/site-packages/libmount/* %changelog +* Tue Mar 27 2018 Karel Zak - 2.30.2-3 +- fix #1560283 - column does not properly handle spaces at beginning of tab-separated table columns + * Thu Mar 8 2018 Karel Zak - 2.30.2-2 - fix #1552641 - CVE-2018-7738 util-linux: Shell command injection in unescaped bash-completed mount point names