Fix CVE-2018-7738: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7738 Patch copied from upstream source repository: https://github.com/karelzak/util-linux/commit/75f03badd7ed9f1dd951863d75e756883d3acc55 From 75f03badd7ed9f1dd951863d75e756883d3acc55 Mon Sep 17 00:00:00 2001 From: Karel Zak Date: Thu, 16 Nov 2017 16:27:32 +0100 Subject: [PATCH] bash-completion: (umount) use findmnt, escape a space in paths # mount /dev/sdc1 /mnt/test/foo\ bar # umount has to return "/mnt/test/foo\ bar". Changes: * don't use mount | awk output, we have findmnt * force compgen use \n as entries separator Addresses: https://github.com/karelzak/util-linux/issues/539 Signed-off-by: Karel Zak --- bash-completion/umount | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/bash-completion/umount b/bash-completion/umount index d76cb9fff..98c90d61a 100644 --- a/bash-completion/umount +++ b/bash-completion/umount @@ -40,9 +40,10 @@ _umount_module() return 0 ;; esac - local DEVS_MPOINTS - DEVS_MPOINTS="$(mount | awk '{print $1, $3}')" - COMPREPLY=( $(compgen -W "$DEVS_MPOINTS" -- $cur) ) - return 0 + + local oldifs=$IFS + IFS=$'\n' + COMPREPLY=( $( compgen -W '$(findmnt -lno TARGET | sed "s/\([[:blank:]]\)/\\\\\1/g")' -- "$cur" ) ) + IFS=$oldifs } complete -F _umount_module umount