From ec19ab3458dbd32c28d6d47bc9c18e632f3c47a9 Mon Sep 17 00:00:00 2001 From: Pavel Zhukov Date: Fri, 18 May 2018 09:51:01 +0200 Subject: [PATCH] Do not use eval in NM dispatcher script --- 11-dhclient | 12 ++++-------- dhcp.spec | 5 ++++- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/11-dhclient b/11-dhclient index 4bf9384..40b08a3 100644 --- a/11-dhclient +++ b/11-dhclient @@ -6,15 +6,11 @@ SAVEDIR=/var/lib/dhclient ETCDIR=/etc/dhcp interface=$1 -eval "$( -declare | LC_ALL=C grep '^DHCP4_[A-Z_]*=' | while read -r opt; do - optname=${opt%%=*} - optname=${optname,,} - optname=new_${optname#dhcp4_} - optvalue=${opt#*=} - echo "export $optname=$optvalue" +for optname in "${!DHCP4_@}"; do + newoptname=${optname,,}; + newoptname=new_${newoptname#dhcp4_}; + export $newoptname="${!optname}"; done -)" [ -f /etc/sysconfig/network ] && . /etc/sysconfig/network diff --git a/dhcp.spec b/dhcp.spec index 7574f57..a610736 100644 --- a/dhcp.spec +++ b/dhcp.spec @@ -16,7 +16,7 @@ Summary: Dynamic host configuration protocol software Name: dhcp Version: 4.3.6 -Release: 21%{?dist} +Release: 22%{?dist} # NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to # dcantrell maintaining the package) made incorrect use of the epoch and # that's why it is at 12 now. It should have never been used, but it was. @@ -677,6 +677,9 @@ done %endif %changelog +* Fri May 18 2018 Pavel Zhukov - 12:4.3.6-22 +- Get rid of eval in 11-dhclient + * Tue May 15 2018 Pavel Zhukov - 12:4.3.6-21 - Fix for CVE-2018-1111