[OE-core] [ROCKO][PATCH 08/34] util-linux: CVE-2018-7738
Jagadeesh Krishnanjanappa
jkrishnanjanappa at mvista.com
Wed Aug 22 11:17:46 UTC 2018
bash-completion: (umount) use findmnt, escape a space in paths
# mount /dev/sdc1 /mnt/test/foo\ bar
# umount <tab>
has to return "/mnt/test/foo\ bar".
Changes:
* don't use mount | awk output, we have findmnt
* force compgen use \n as entries separator
Affects util-linux < 2.32-rc1
Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa at mvista.com>
---
.../util-linux/util-linux/CVE-2018-7738.patch | 49 ++++++++++++++++++++++
meta/recipes-core/util-linux/util-linux_2.30.bb | 1 +
2 files changed, 50 insertions(+)
create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2018-7738.patch
diff --git a/meta/recipes-core/util-linux/util-linux/CVE-2018-7738.patch b/meta/recipes-core/util-linux/util-linux/CVE-2018-7738.patch
new file mode 100644
index 0000000..7322b9c
--- /dev/null
+++ b/meta/recipes-core/util-linux/util-linux/CVE-2018-7738.patch
@@ -0,0 +1,49 @@
+From 75f03badd7ed9f1dd951863d75e756883d3acc55 Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak at redhat.com>
+Date: Thu, 16 Nov 2017 16:27:32 +0100
+Subject: [PATCH] bash-completion: (umount) use findmnt, escape a space in
+ paths
+
+ # mount /dev/sdc1 /mnt/test/foo\ bar
+ # umount <tab>
+
+has to return "/mnt/test/foo\ bar".
+
+Changes:
+
+ * don't use mount | awk output, we have findmnt
+ * force compgen use \n as entries separator
+
+Addresses: https://github.com/karelzak/util-linux/issues/539
+Signed-off-by: Karel Zak <kzak at redhat.com>
+
+CVE: CVE-2018-7738
+Upstream-Status: Backport [https://github.com/karelzak/util-linux/commit/75f03badd7ed9f1dd951863d75e756883d3acc55]
+
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa at mvista.com>
+---
+ bash-completion/umount | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/bash-completion/umount b/bash-completion/umount
+index d76cb9fff..98c90d61a 100644
+--- a/bash-completion/umount
++++ b/bash-completion/umount
+@@ -40,9 +40,10 @@ _umount_module()
+ return 0
+ ;;
+ esac
+- local DEVS_MPOINTS
+- DEVS_MPOINTS="$(mount | awk '{print $1, $3}')"
+- COMPREPLY=( $(compgen -W "$DEVS_MPOINTS" -- $cur) )
+- return 0
++
++ local oldifs=$IFS
++ IFS=$'\n'
++ COMPREPLY=( $( compgen -W '$(findmnt -lno TARGET | sed "s/\([[:blank:]]\)/\\\\\1/g")' -- "$cur" ) )
++ IFS=$oldifs
+ }
+ complete -F _umount_module umount
+--
+2.13.3
+
diff --git a/meta/recipes-core/util-linux/util-linux_2.30.bb b/meta/recipes-core/util-linux/util-linux_2.30.bb
index 6b309b5..a6d23d8 100644
--- a/meta/recipes-core/util-linux/util-linux_2.30.bb
+++ b/meta/recipes-core/util-linux/util-linux_2.30.bb
@@ -14,6 +14,7 @@ SRC_URI += "file://configure-sbindir.patch \
file://run-ptest \
file://display_testname_for_subtest.patch \
file://avoid_parallel_tests.patch \
+ file://CVE-2018-7738.patch \
"
SRC_URI[md5sum] = "eaa3429150268027908a1b8ae6ee9a62"
SRC_URI[sha256sum] = "c208a4ff6906cb7f57940aa5bc3a6eed146e50a7cc0a092f52ef2ab65057a08d"
--
2.7.4
More information about the Openembedded-core
mailing list