2.30.2-3: fix #1560283
This commit is contained in:
parent
05aae355d4
commit
cafc6d2e51
32
column-fix-leading-space-characters-bug.patch
Normal file
32
column-fix-leading-space-characters-bug.patch
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
From 5b6fa6063990017f3384476537106caa9e3f5867 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Karel Zak <kzak@redhat.com>
|
||||||
|
Date: Tue, 27 Mar 2018 10:40:13 +0200
|
||||||
|
Subject: [PATCH] column: fix leading space characters bug
|
||||||
|
|
||||||
|
The bug has been introduced during column(1) rewrite. The function
|
||||||
|
read_input() need to skip leading space only temporary to detect empty
|
||||||
|
lines, but the rest of the code has to use the original buffer (line).
|
||||||
|
|
||||||
|
Addresses: https://github.com/karelzak/util-linux/issues/575
|
||||||
|
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1560283
|
||||||
|
Signed-off-by: Karel Zak <kzak@redhat.com>
|
||||||
|
---
|
||||||
|
text-utils/column.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/text-utils/column.c b/text-utils/column.c
|
||||||
|
index 5eb0de1ae..d6a6385e3 100644
|
||||||
|
--- a/text-utils/column.c
|
||||||
|
+++ b/text-utils/column.c
|
||||||
|
@@ -452,7 +452,7 @@ static int read_input(struct column_control *ctl, FILE *fp)
|
||||||
|
if (!str || !*str)
|
||||||
|
continue;
|
||||||
|
|
||||||
|
- wcs = mbs_to_wcs(str);
|
||||||
|
+ wcs = mbs_to_wcs(buf);
|
||||||
|
if (!wcs)
|
||||||
|
err(EXIT_FAILURE, _("read failed"));
|
||||||
|
|
||||||
|
--
|
||||||
|
2.14.3
|
||||||
|
|
@ -2,7 +2,7 @@
|
|||||||
Summary: A collection of basic system utilities
|
Summary: A collection of basic system utilities
|
||||||
Name: util-linux
|
Name: util-linux
|
||||||
Version: 2.30.2
|
Version: 2.30.2
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
License: GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain
|
License: GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
URL: http://en.wikipedia.org/wiki/Util-linux
|
URL: http://en.wikipedia.org/wiki/Util-linux
|
||||||
@ -92,6 +92,9 @@ Patch0: 2.28-login-lastlog-create.patch
|
|||||||
# 1552641 - CVE-2018-7738 util-linux: Shell command injection in unescaped bash-completed mount point names
|
# 1552641 - CVE-2018-7738 util-linux: Shell command injection in unescaped bash-completed mount point names
|
||||||
Patch1: 0001-bash-completion-umount-use-findmnt-escape-a-space-in.patch
|
Patch1: 0001-bash-completion-umount-use-findmnt-escape-a-space-in.patch
|
||||||
|
|
||||||
|
# 1560283 - column does not properly handle spaces at beginning of tab-separated table columns
|
||||||
|
Patch2: column-fix-leading-space-characters-bug.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
The util-linux package contains a large variety of low-level system
|
The util-linux package contains a large variety of low-level system
|
||||||
utilities that are necessary for a Linux system to function. Among
|
utilities that are necessary for a Linux system to function. Among
|
||||||
@ -933,6 +936,9 @@ exit 0
|
|||||||
%{_libdir}/python*/site-packages/libmount/*
|
%{_libdir}/python*/site-packages/libmount/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Mar 27 2018 Karel Zak <kzak@redhat.com> - 2.30.2-3
|
||||||
|
- fix #1560283 - column does not properly handle spaces at beginning of tab-separated table columns
|
||||||
|
|
||||||
* Thu Mar 8 2018 Karel Zak <kzak@redhat.com> - 2.30.2-2
|
* Thu Mar 8 2018 Karel Zak <kzak@redhat.com> - 2.30.2-2
|
||||||
- fix #1552641 - CVE-2018-7738 util-linux: Shell command injection in unescaped bash-completed mount point names
|
- fix #1552641 - CVE-2018-7738 util-linux: Shell command injection in unescaped bash-completed mount point names
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user