From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:36665) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ewXAe-0003xz-M5 for guix-patches@gnu.org; Thu, 15 Mar 2018 14:00:15 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ewXAY-0003Qd-UR for guix-patches@gnu.org; Thu, 15 Mar 2018 14:00:08 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:55717) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1ewXAY-0003QN-Rt for guix-patches@gnu.org; Thu, 15 Mar 2018 14:00:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ewXAY-00048X-Gz for guix-patches@gnu.org; Thu, 15 Mar 2018 14:00:02 -0400 Subject: [bug#30827] [PATCH] gnu: util-linux: Fix CVE-2018-7738. Resent-Message-ID: Received: from eggs.gnu.org ([2001:4830:134:3::10]:36237) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ewX9P-00032M-JN for guix-patches@gnu.org; Thu, 15 Mar 2018 13:58:52 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ewX9L-0002Nd-8a for guix-patches@gnu.org; Thu, 15 Mar 2018 13:58:51 -0400 Received: from out5-smtp.messagingengine.com ([66.111.4.29]:56311) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1ewX9L-0002N6-2a for guix-patches@gnu.org; Thu, 15 Mar 2018 13:58:47 -0400 Received: from jasmine.lan (c-76-124-202-137.hsd1.pa.comcast.net [76.124.202.137]) by mail.messagingengine.com (Postfix) with ESMTPA id E6DB87E184 for ; Thu, 15 Mar 2018 13:58:45 -0400 (EDT) From: Leo Famulari Date: Thu, 15 Mar 2018 13:58:42 -0400 Message-Id: List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: 30827@debbugs.gnu.org * gnu/packages/patches/util-linux-CVE-2018-7738.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/linux.scm (util-linux)[replacement]: New field. (util-linux/fixed): New variable. --- gnu/local.mk | 1 + gnu/packages/linux.scm | 10 +++++ .../patches/util-linux-CVE-2018-7738.patch | 49 ++++++++++++++++++++++ 3 files changed, 60 insertions(+) create mode 100644 gnu/packages/patches/util-linux-CVE-2018-7738.patch diff --git a/gnu/local.mk b/gnu/local.mk index 69e4d2b7b..788b260e5 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1135,6 +1135,7 @@ dist_patch_DATA = \ %D%/packages/patches/unzip-overflow-long-fsize.patch \ %D%/packages/patches/unzip-remove-build-date.patch \ %D%/packages/patches/ustr-fix-build-with-gcc-5.patch \ + %D%/packages/patches/util-linux-CVE-2018-7738.patch \ %D%/packages/patches/util-linux-tests.patch \ %D%/packages/patches/upower-builddir.patch \ %D%/packages/patches/valgrind-enable-arm.patch \ diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index b81cb55d6..0c7642201 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -547,6 +547,7 @@ providing the system administrator with some help in common tasks.") (define-public util-linux (package (name "util-linux") + (replacement util-linux/fixed) (version "2.31") (source (origin (method url-fetch) @@ -634,6 +635,15 @@ block devices, UUIDs, TTYs, and many other tools.") (license (list license:gpl3+ license:gpl2+ license:gpl2 license:lgpl2.0+ license:bsd-4 license:public-domain)))) +(define util-linux/fixed + (package + (inherit util-linux) + (source + (origin + (inherit (package-source util-linux)) + (patches (append (origin-patches (package-source util-linux)) + (search-patches "util-linux-CVE-2018-7738.patch"))))))) + (define-public ddate (package (name "ddate") diff --git a/gnu/packages/patches/util-linux-CVE-2018-7738.patch b/gnu/packages/patches/util-linux-CVE-2018-7738.patch new file mode 100644 index 000000000..080e2f56b --- /dev/null +++ b/gnu/packages/patches/util-linux-CVE-2018-7738.patch @@ -0,0 +1,49 @@ +Fix CVE-2018-7738: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7738 + +Patch copied from upstream source repository: + +https://github.com/karelzak/util-linux/commit/75f03badd7ed9f1dd951863d75e756883d3acc55 + +From 75f03badd7ed9f1dd951863d75e756883d3acc55 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Thu, 16 Nov 2017 16:27:32 +0100 +Subject: [PATCH] bash-completion: (umount) use findmnt, escape a space in + paths + + # mount /dev/sdc1 /mnt/test/foo\ bar + # umount + +has to return "/mnt/test/foo\ bar". + +Changes: + + * don't use mount | awk output, we have findmnt + * force compgen use \n as entries separator + +Addresses: https://github.com/karelzak/util-linux/issues/539 +Signed-off-by: Karel Zak +--- + bash-completion/umount | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/bash-completion/umount b/bash-completion/umount +index d76cb9fff..98c90d61a 100644 +--- a/bash-completion/umount ++++ b/bash-completion/umount +@@ -40,9 +40,10 @@ _umount_module() + return 0 + ;; + esac +- local DEVS_MPOINTS +- DEVS_MPOINTS="$(mount | awk '{print $1, $3}')" +- COMPREPLY=( $(compgen -W "$DEVS_MPOINTS" -- $cur) ) +- return 0 ++ ++ local oldifs=$IFS ++ IFS=$'\n' ++ COMPREPLY=( $( compgen -W '$(findmnt -lno TARGET | sed "s/\([[:blank:]]\)/\\\\\1/g")' -- "$cur" ) ) ++ IFS=$oldifs + } + complete -F _umount_module umount -- 2.16.2