gnu: util-linux: Fix CVE-2018-7738.
* gnu/packages/patches/util-linux-CVE-2018-7738.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/linux.scm (util-linux)[replacement]: New field. (util-linux/fixed): New variable.
This commit is contained in:
parent
5d818b3557
commit
77166eb758
|
@ -1135,6 +1135,7 @@ dist_patch_DATA = \
|
||||||
%D%/packages/patches/unzip-overflow-long-fsize.patch \
|
%D%/packages/patches/unzip-overflow-long-fsize.patch \
|
||||||
%D%/packages/patches/unzip-remove-build-date.patch \
|
%D%/packages/patches/unzip-remove-build-date.patch \
|
||||||
%D%/packages/patches/ustr-fix-build-with-gcc-5.patch \
|
%D%/packages/patches/ustr-fix-build-with-gcc-5.patch \
|
||||||
|
%D%/packages/patches/util-linux-CVE-2018-7738.patch \
|
||||||
%D%/packages/patches/util-linux-tests.patch \
|
%D%/packages/patches/util-linux-tests.patch \
|
||||||
%D%/packages/patches/upower-builddir.patch \
|
%D%/packages/patches/upower-builddir.patch \
|
||||||
%D%/packages/patches/valgrind-enable-arm.patch \
|
%D%/packages/patches/valgrind-enable-arm.patch \
|
||||||
|
|
|
@ -547,6 +547,7 @@ providing the system administrator with some help in common tasks.")
|
||||||
(define-public util-linux
|
(define-public util-linux
|
||||||
(package
|
(package
|
||||||
(name "util-linux")
|
(name "util-linux")
|
||||||
|
(replacement util-linux/fixed)
|
||||||
(version "2.31")
|
(version "2.31")
|
||||||
(source (origin
|
(source (origin
|
||||||
(method url-fetch)
|
(method url-fetch)
|
||||||
|
@ -634,6 +635,15 @@ block devices, UUIDs, TTYs, and many other tools.")
|
||||||
(license (list license:gpl3+ license:gpl2+ license:gpl2 license:lgpl2.0+
|
(license (list license:gpl3+ license:gpl2+ license:gpl2 license:lgpl2.0+
|
||||||
license:bsd-4 license:public-domain))))
|
license:bsd-4 license:public-domain))))
|
||||||
|
|
||||||
|
(define util-linux/fixed
|
||||||
|
(package
|
||||||
|
(inherit util-linux)
|
||||||
|
(source
|
||||||
|
(origin
|
||||||
|
(inherit (package-source util-linux))
|
||||||
|
(patches (append (origin-patches (package-source util-linux))
|
||||||
|
(search-patches "util-linux-CVE-2018-7738.patch")))))))
|
||||||
|
|
||||||
(define-public ddate
|
(define-public ddate
|
||||||
(package
|
(package
|
||||||
(name "ddate")
|
(name "ddate")
|
||||||
|
|
|
@ -0,0 +1,49 @@
|
||||||
|
Fix CVE-2018-7738:
|
||||||
|
|
||||||
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7738
|
||||||
|
|
||||||
|
Patch copied from upstream source repository:
|
||||||
|
|
||||||
|
https://github.com/karelzak/util-linux/commit/75f03badd7ed9f1dd951863d75e756883d3acc55
|
||||||
|
|
||||||
|
From 75f03badd7ed9f1dd951863d75e756883d3acc55 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Karel Zak <kzak@redhat.com>
|
||||||
|
Date: Thu, 16 Nov 2017 16:27:32 +0100
|
||||||
|
Subject: [PATCH] bash-completion: (umount) use findmnt, escape a space in
|
||||||
|
paths
|
||||||
|
|
||||||
|
# mount /dev/sdc1 /mnt/test/foo\ bar
|
||||||
|
# umount <tab>
|
||||||
|
|
||||||
|
has to return "/mnt/test/foo\ bar".
|
||||||
|
|
||||||
|
Changes:
|
||||||
|
|
||||||
|
* don't use mount | awk output, we have findmnt
|
||||||
|
* force compgen use \n as entries separator
|
||||||
|
|
||||||
|
Addresses: https://github.com/karelzak/util-linux/issues/539
|
||||||
|
Signed-off-by: Karel Zak <kzak@redhat.com>
|
||||||
|
---
|
||||||
|
bash-completion/umount | 9 +++++----
|
||||||
|
1 file changed, 5 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/bash-completion/umount b/bash-completion/umount
|
||||||
|
index d76cb9fff..98c90d61a 100644
|
||||||
|
--- a/bash-completion/umount
|
||||||
|
+++ b/bash-completion/umount
|
||||||
|
@@ -40,9 +40,10 @@ _umount_module()
|
||||||
|
return 0
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
- local DEVS_MPOINTS
|
||||||
|
- DEVS_MPOINTS="$(mount | awk '{print $1, $3}')"
|
||||||
|
- COMPREPLY=( $(compgen -W "$DEVS_MPOINTS" -- $cur) )
|
||||||
|
- return 0
|
||||||
|
+
|
||||||
|
+ local oldifs=$IFS
|
||||||
|
+ IFS=$'\n'
|
||||||
|
+ COMPREPLY=( $( compgen -W '$(findmnt -lno TARGET | sed "s/\([[:blank:]]\)/\\\\\1/g")' -- "$cur" ) )
|
||||||
|
+ IFS=$oldifs
|
||||||
|
}
|
||||||
|
complete -F _umount_module umount
|
Loading…
Reference in New Issue