rpms/dracut
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import UBI dracut-049-244.git20260529.el8_10

Browse Source
This commit is contained in:
AlmaLinux RelEng Bot 2026-06-18 04:11:39 -04:00
parent 279fb823de
commit ad76d74847
6 changed files with 451 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

166
SOURCES/0239.patch Normal file
View File

@ -0,0 +1,166 @@
From ae15f5f15dfed1a6fbd4c5a014a5e32e4649067c Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Thu, 23 Apr 2026 17:20:04 +0200
Subject: [PATCH] fix(network-legacy): replace `echo` writes with `printf` to
prevent injection via DHCP
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
DHCP-provided variables (hostname, gateway) were written with echo into
files later sourced as shell by net-lib.sh — allowing command injection
from a rogue DHCP server.
Use printf with explicit variable escaping `%q` for sourced files:
- .hostname files (DHCP hostname, sourced at net-lib.sh:131)
- .gw files (DHCP routers, sourced at net-lib.sh:140)
- do_static gateway and hostname (kernel cmdline ip= parameter)
Plain text config files (.resolv.conf) are left as echo — they are
read by awk, not sourced as shell, so %q escaping would be incorrect.
(cherry picked from commit 7243b11f71f17d08a6b60024dfab8e3ddf338458)
Resolves: RHEL-170847
---
modules.d/35network-legacy/dhclient-script.sh | 28 ++++++++++++++++++---------
modules.d/35network-legacy/ifup.sh | 25 ++++++++++++++----------
2 files changed, 34 insertions(+), 19 deletions(-)
diff --git a/modules.d/35network-legacy/dhclient-script.sh b/modules.d/35network-legacy/dhclient-script.sh
index 44633b30..a6463c3c 100755
--- a/modules.d/35network-legacy/dhclient-script.sh
+++ b/modules.d/35network-legacy/dhclient-script.sh
@@ -46,23 +46,25 @@ setup_interface() {
if [ -n "$gw" ] ; then
if [ "$mask" = "255.255.255.255" ] ; then
# point-to-point connection => set explicit route to gateway
- echo ip route add $gw dev $netif > /tmp/net.$netif.gw
+ printf 'ip route add %q dev %q\n' "$gw" "$netif" > /tmp/net."$netif".gw
fi
echo "$gw" | {
IFS=' ' read -r main_gw other_gw
- echo ip route replace default via $main_gw dev $netif >> /tmp/net.$netif.gw
+ printf 'ip route replace default via %q dev %q\n' "$main_gw" "$netif" >> /tmp/net."$netif".gw
if [ -n "$other_gw" ] ; then
for g in $other_gw; do
- echo ip route add default via $g dev $netif >> /tmp/net.$netif.gw
+ printf 'ip route add default via %q dev %q\n' "$g" "$netif" >> /tmp/net."$netif".gw
done
fi
}
fi
if getargbool 1 rd.peerdns; then
- [ -n "${search}${domain}" ] && echo "search $search $domain" > /tmp/net.$netif.resolv.conf
- if [ -n "$namesrv" ] ; then
+ if [ -n "${search}${domain}" ]; then
+ echo "search $search $domain" > /tmp/net."$netif".resolv.conf
+ fi
+ if [ -n "$namesrv" ]; then
for s in $namesrv; do
echo nameserver $s
done
@@ -70,7 +72,10 @@ setup_interface() {
fi
# Note: hostname can be fqdn OR short hostname, so chop off any
# trailing domain name and explicity add any domain if set.
- [ -n "$hostname" ] && echo "echo ${hostname%.$domain}${domain:+.$domain} > /proc/sys/kernel/hostname" > /tmp/net.$netif.hostname
+ if [ -n "$hostname" ]; then
+ safe_hostname=$(printf '%s' "${hostname%."$domain"}${domain:+.$domain}")
+ printf 'echo %q > /proc/sys/kernel/hostname\n' "$safe_hostname" > /tmp/net."$netif".hostname
+ fi
}
setup_interface6() {
@@ -91,8 +96,10 @@ setup_interface6() {
${preferred_lft:+preferred_lft ${preferred_lft}}
if getargbool 1 rd.peerdns; then
- [ -n "${search}${domain}" ] && echo "search $search $domain" > /tmp/net.$netif.resolv.conf
- if [ -n "$namesrv" ] ; then
+ if [ -n "${search}${domain}" ]; then
+ echo "search $search $domain" > /tmp/net."$netif".resolv.conf
+ fi
+ if [ -n "$namesrv" ]; then
for s in $namesrv; do
echo nameserver $s
done
@@ -101,7 +108,10 @@ setup_interface6() {
# Note: hostname can be fqdn OR short hostname, so chop off any
# trailing domain name and explicity add any domain if set.
- [ -n "$hostname" ] && echo "echo ${hostname%.$domain}${domain:+.$domain} > /proc/sys/kernel/hostname" > /tmp/net.$netif.hostname
+ if [ -n "$hostname" ]; then
+ safe_hostname=$(printf '%s' "${hostname%."$domain"}${domain:+.$domain}")
+ printf 'echo %q > /proc/sys/kernel/hostname\n' "$safe_hostname" > /tmp/net."$netif".hostname
+ fi
}
parse_option_121() {
diff --git a/modules.d/35network-legacy/ifup.sh b/modules.d/35network-legacy/ifup.sh
index 0e9a6928..3d4aadee 100755
--- a/modules.d/35network-legacy/ifup.sh
+++ b/modules.d/35network-legacy/ifup.sh
@@ -88,10 +88,11 @@ do_ipv6auto() {
linkup $netif
wait_for_ipv6_auto $netif
ret=$?
-
- [ -n "$hostname" ] && echo "echo $hostname > /proc/sys/kernel/hostname" > /tmp/net.$netif.hostname
-
- return $ret
+ if [ -n "$hostname" ]; then
+ safe_hostname=$(printf '%s' "${hostname}")
+ printf 'echo %q > /proc/sys/kernel/hostname\n' "$safe_hostname" > /tmp/net."$netif".hostname
+ fi
+ return "$ret"
}
# Handle static ip configuration
@@ -142,8 +143,12 @@ do_static() {
ip addr add $ip/$mask ${srv:+peer $srv} brd + dev $netif
fi
- [ -n "$gw" ] && echo ip route replace default via $gw dev $netif > /tmp/net.$netif.gw
- [ -n "$hostname" ] && echo "echo $hostname > /proc/sys/kernel/hostname" > /tmp/net.$netif.hostname
+ [ -n "$gw" ] && printf "ip route replace default via %q dev %q\n" "$gw" "$netif" > "/tmp/net.${netif}.gw"
+
+ if [ -n "$hostname" ]; then
+ safe_hostname=$(printf '%s' "${hostname}")
+ printf 'echo %q > /proc/sys/kernel/hostname\n' "$safe_hostname" > /tmp/net."$netif".hostname
+ fi
return 0
}
@@ -366,8 +371,8 @@ fi
[ -n "$2" -a "$2" = "-m" ] && [ -z "$netroot" ] && manualup="$2"
if [ -n "$manualup" ]; then
- >/tmp/net.$netif.manualup
- rm -f /tmp/net.${netif}.did-setup
+ : > "/tmp/net.${netif}.manualup"
+ rm -f "/tmp/net.${netif}.did-setup"
else
[ -e /tmp/net.${netif}.did-setup ] && exit 0
[ -z "$DO_VLAN" ] && \
@@ -425,7 +430,7 @@ for p in $(getargs ip=); do
# Store config for later use
for i in ip srv gw mask hostname macaddr mtu dns1 dns2; do
eval '[ "$'$i'" ] && echo '$i'="$'$i'"'
- done > /tmp/net.$netif.override
+ done > "/tmp/net.${netif}.override"
for autoopt in $(str_replace "$autoconf" "," " "); do
case $autoopt in
@@ -447,7 +452,7 @@ for p in $(getargs ip=); do
# setup nameserver
for s in "$dns1" "$dns2" $(getargs nameserver); do
[ -n "$s" ] || continue
- echo nameserver $s >> /tmp/net.$netif.resolv.conf
+ echo "nameserver $s" >> "/tmp/net.${netif}.resolv.conf"
done
if [ $ret -eq 0 ]; then

107
SOURCES/0240.patch Normal file
View File

@ -0,0 +1,107 @@
From 28a91383a6fadd3120ea58c00106fe5af4708a1d Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Wed, 29 Apr 2026 04:46:15 +0200
Subject: [PATCH] fix(iscsi): replace `echo` writes with `printf` to prevent
variable injection
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Use printf with explicit variable escaping `%q` for shell scripts:
- mount-lun.sh hookdir script (iscsi_lun variable)
- udev rule (iscsi_lun sanitized via tr -d '"')
- initiatorname.iscsi (sourced as shell at iscsiroot.sh:161-163)
Note: initiatorname.iscsi is also read by iscsid as plain text (no
shell unquoting). For valid IQNs ([a-z0-9.:_-]), %q is a no-op, so
iscsid sees the value unchanged. For malicious values with special
characters, %q would produce shell escaping that iscsid reads
literally — breaking the connection rather than allowing injection.
(cherry picked from commit e61fe6afe015744baebfd96411015ae360c1af08)
Related: RHEL-170847
---
modules.d/95iscsi/iscsiroot.sh | 16 ++++++++--------
modules.d/95iscsi/parse-iscsiroot.sh | 4 ++--
2 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/modules.d/95iscsi/iscsiroot.sh b/modules.d/95iscsi/iscsiroot.sh
index 029060e0..4485e3f9 100755
--- a/modules.d/95iscsi/iscsiroot.sh
+++ b/modules.d/95iscsi/iscsiroot.sh
@@ -132,12 +132,12 @@ handle_netroot()
fsopts=${fsopts:+$fsopts,}${iscsirw}
if [ -z "$iscsi_initiator" ] && [ -f /sys/firmware/ibft/initiator/initiator-name ] && ! [ -f /tmp/iscsi_set_initiator ]; then
- iscsi_initiator=$(while read line || [ -n "$line" ]; do echo $line;done < /sys/firmware/ibft/initiator/initiator-name)
- echo "InitiatorName=$iscsi_initiator" > /run/initiatorname.iscsi
+ iscsi_initiator=$(while read -r line || [ -n "$line" ]; do echo "$line"; done < /sys/firmware/ibft/initiator/initiator-name)
+ printf 'InitiatorName=%q\n' "$iscsi_initiator" > /run/initiatorname.iscsi
rm -f /etc/iscsi/initiatorname.iscsi
mkdir -p /etc/iscsi
ln -fs /run/initiatorname.iscsi /etc/iscsi/initiatorname.iscsi
- > /tmp/iscsi_set_initiator
+ : > /tmp/iscsi_set_initiator
if [ -n "$DRACUT_SYSTEMD" ]; then
systemctl try-restart iscsid
# FIXME: iscsid is not yet ready, when the service is :-/
@@ -154,7 +154,7 @@ handle_netroot()
if [ -z "$iscsi_initiator" ]; then
iscsi_initiator=$(iscsi-iname)
- echo "InitiatorName=$iscsi_initiator" > /run/initiatorname.iscsi
+ printf 'InitiatorName=%q\n' "$iscsi_initiator" > /run/initiatorname.iscsi
rm -f /etc/iscsi/initiatorname.iscsi
mkdir -p /etc/iscsi
ln -fs /run/initiatorname.iscsi /etc/iscsi/initiatorname.iscsi
@@ -179,7 +179,7 @@ handle_netroot()
iscsi_lun=0
fi
- echo "InitiatorName=$iscsi_initiator" > /run/initiatorname.iscsi
+ printf 'InitiatorName=%q\n' "$iscsi_initiator" > /run/initiatorname.iscsi
ln -fs /run/initiatorname.iscsi /dev/.initiatorname.iscsi
if ! [ -e /etc/iscsi/initiatorname.iscsi ]; then
mkdir -p /etc/iscsi
@@ -200,14 +200,14 @@ handle_netroot()
if [ "$root" = "dhcp" ] || [ "$netroot" = "dhcp" ]; then
# if root is not specified try to mount the whole iSCSI LUN
- printf 'SYMLINK=="disk/by-path/*-iscsi-*-%s", SYMLINK+="root"\n' "$iscsi_lun" >> /etc/udev/rules.d/99-iscsi-root.rules
+ printf 'SYMLINK=="disk/by-path/*-iscsi-*-%s", SYMLINK+="root"\n' "$(printf '%s' "$iscsi_lun" | tr -d '"')" >> /etc/udev/rules.d/99-iscsi-root.rules
udevadm control --reload
write_fs_tab /dev/root
wait_for_dev -n /dev/root
# install mount script
- [ -z "$DRACUT_SYSTEMD" ] && \
- echo "iscsi_lun=$iscsi_lun . /bin/mount-lun.sh " > $hookdir/mount/01-$$-iscsi.sh
+ [ -z "$DRACUT_SYSTEMD" ] \
+ && printf 'iscsi_lun=%q . /bin/mount-lun.sh\n' "$iscsi_lun" > "$hookdir"/mount/01-$$-iscsi.sh
fi
targets=$(iscsiadm -m discovery -t st -p $iscsi_target_ip:${iscsi_target_port:+$iscsi_target_port} | sed 's/^.*iqn/iqn/')
diff --git a/modules.d/95iscsi/parse-iscsiroot.sh b/modules.d/95iscsi/parse-iscsiroot.sh
index 8d6e3e8c..1a26041d 100755
--- a/modules.d/95iscsi/parse-iscsiroot.sh
+++ b/modules.d/95iscsi/parse-iscsiroot.sh
@@ -105,7 +105,7 @@ fi
if arg=$(getarg rd.iscsi.initiator -d iscsi_initiator=) && [ -n "$arg" ] && ! [ -f /run/initiatorname.iscsi ] ; then
iscsi_initiator=$arg
- echo "InitiatorName=$iscsi_initiator" > /run/initiatorname.iscsi
+ printf 'InitiatorName=%q\n' "$iscsi_initiator" > /run/initiatorname.iscsi
ln -fs /run/initiatorname.iscsi /dev/.initiatorname.iscsi
rm -f /etc/iscsi/initiatorname.iscsi
mkdir -p /etc/iscsi
@@ -121,7 +121,7 @@ fi
if [ -z $iscsi_initiator ] && [ -f /sys/firmware/ibft/initiator/initiator-name ] && ! [ -f /tmp/iscsi_set_initiator ]; then
iscsi_initiator=$(while read line || [ -n "$line" ]; do echo $line;done < /sys/firmware/ibft/initiator/initiator-name)
if [ -n "$iscsi_initiator" ]; then
- echo "InitiatorName=$iscsi_initiator" > /run/initiatorname.iscsi
+ printf 'InitiatorName=%q\n' "$iscsi_initiator" > /run/initiatorname.iscsi
rm -f /etc/iscsi/initiatorname.iscsi
mkdir -p /etc/iscsi
ln -fs /run/initiatorname.iscsi /etc/iscsi/initiatorname.iscsi

50
SOURCES/0241.patch Normal file
View File

@ -0,0 +1,50 @@
From 4107f122969044e3e6f2e976cf8294dd9d91a1ee Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Tue, 12 May 2026 03:25:20 +0200
Subject: [PATCH] fix(network): warn on suspicious shell metacharacters in
hostname file
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
setup_net() sources /tmp/net.$netif.hostname as shell, which is written
by dhclient-script.sh or ifup.sh. Add a defensive check that warns if
the file contains shell metacharacters ($, `, ;, &, |, () that should
never appear in a legitimate hostname, indicating possible DHCP-based
command injection attempts.
The file is still sourced for compatibility — the writer-side fix
(printf '%q') already prevents execution of injected content.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Related: RHEL-170847
---
modules.d/40network/net-lib.sh | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/modules.d/40network/net-lib.sh b/modules.d/40network/net-lib.sh
index 128d6343..bbfb0a9f 100755
--- a/modules.d/40network/net-lib.sh
+++ b/modules.d/40network/net-lib.sh
@@ -117,9 +117,16 @@ setup_net() {
[ -e "/tmp/net.ifaces" ] && read IFACES < /tmp/net.ifaces
[ -z "$IFACES" ] && IFACES="$netif"
# run the scripts written by ifup
- [ -e /tmp/net.$netif.hostname ] && . /tmp/net.$netif.hostname
- [ -e /tmp/net.$netif.override ] && . /tmp/net.$netif.override
- [ -e /tmp/dhclient.$netif.dhcpopts ] && . /tmp/dhclient.$netif.dhcpopts
+ if [ -e /tmp/net."$netif".hostname ]; then
+ if grep -qE '[$`;&|(]' /tmp/net."$netif".hostname 2>/dev/null; then
+ warn "setup_net $netif: /tmp/net.$netif.hostname contains suspicious shell metacharacters"
+ fi
+ # shellcheck disable=SC1090
+ . /tmp/net."$netif".hostname
+ fi
+ [ -e /tmp/net."$netif".override ] && . /tmp/net."$netif".override
+ [ -e /tmp/dhclient."$netif".dhcpopts ] && . /tmp/dhclient."$netif".dhcpopts
+
# set up resolv.conf
[ -e /tmp/net.$netif.resolv.conf ] && \
awk '!array[$0]++' /tmp/net.$netif.resolv.conf > /etc/resolv.conf

72
SOURCES/0242.patch Normal file
View File

@ -0,0 +1,72 @@
From eaf700abda3eb7a1f7eecd6b8f374adc4bfe6349 Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Tue, 12 May 2026 03:27:22 +0200
Subject: [PATCH] fix(base): escape arguments in initqueue hook script
generation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
initqueue.sh writes arguments directly into generated hook scripts
via `echo "$exe" "$@"`. These scripts are later sourced by
dracut-initqueue.sh, so shell metacharacters in arguments (e.g.
DHCP-derived $netroot passed from parse-iscsiroot.sh) execute as
root in initramfs.
Replace `echo` with `printf '%q'` to shell-escape all arguments
before writing them into the hook script, preventing command
injection via DHCP-controlled netroot values.
Remove the fragile embedded single-quote wrapping ("'$var'") from
parse-iscsiroot.sh call sites (lines 90, 102) — those relied on
echo writing quotes verbatim for the shell to strip when sourcing.
With printf '%q', initqueue now handles escaping centrally, so the
manual wrapping is no longer needed and would cause literal quote
characters to leak into iscsiroot arguments.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Related: RHEL-170847
---
modules.d/95iscsi/parse-iscsiroot.sh | 6 +++---
modules.d/99base/initqueue.sh | 3 ++-
2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/modules.d/95iscsi/parse-iscsiroot.sh b/modules.d/95iscsi/parse-iscsiroot.sh
index 1a26041d..241f1bdd 100755
--- a/modules.d/95iscsi/parse-iscsiroot.sh
+++ b/modules.d/95iscsi/parse-iscsiroot.sh
@@ -87,7 +87,7 @@ if [ -n "$iscsi_firmware" ]; then
echo "${DRACUT_SYSTEMD+systemctl is-active initrd-root-device.target || }[ -f '/tmp/iscsistarted-firmware' ]" > $hookdir/initqueue/finished/iscsi_started.sh
initqueue --unique --online /sbin/iscsiroot online "iscsi:" "$NEWROOT"
initqueue --unique --onetime --timeout /sbin/iscsiroot timeout "iscsi:" "$NEWROOT"
- initqueue --unique --onetime --settled /sbin/iscsiroot online "iscsi:" "'$NEWROOT'"
+ initqueue --unique --onetime --settled /sbin/iscsiroot online "iscsi:" "$NEWROOT"
fi
# ISCSI actually supported?
@@ -98,8 +98,8 @@ fi
modprobe --all -b -q qla4xxx cxgb3i cxgb4i bnx2i be2iscsi
if [ -n "$netroot" ] && [ "$root" != "/dev/root" ] && [ "$root" != "dhcp" ]; then
- if ! getargbool 1 rd.neednet >/dev/null || ! getarg "ip="; then
- initqueue --unique --onetime --settled /sbin/iscsiroot dummy "'$netroot'" "'$NEWROOT'"
+ if ! getargbool 1 rd.neednet > /dev/null || ! getarg "ip="; then
+ initqueue --unique --onetime --settled /sbin/iscsiroot dummy "$netroot" "$NEWROOT"
fi
fi
diff --git a/modules.d/99base/initqueue.sh b/modules.d/99base/initqueue.sh
index c3016383..184414ab 100755
--- a/modules.d/99base/initqueue.sh
+++ b/modules.d/99base/initqueue.sh
@@ -52,7 +52,8 @@ fi
{
[ -n "$onetime" ] && echo '[ -e "$job" ] && rm -f -- "$job"'
[ -n "$env" ] && echo "$env"
- echo "$exe" "$@"
+ printf '%q ' "$exe" "$@"
+ printf '\n'
} > "/tmp/$$-${job}.sh"
mv -f "/tmp/$$-${job}.sh" "$hookdir/initqueue${qname}/${job}.sh"

43
SOURCES/0243.patch Normal file
View File

@ -0,0 +1,43 @@
From 632d574019b8c89b4d09492518525ec9c524338e Mon Sep 17 00:00:00 2001
From: Pavel Valena <pvalena@redhat.com>
Date: Fri, 29 May 2026 17:53:37 +0200
Subject: [PATCH] fix(network-manager): escape DHCP lease values in dhcpopts
generation
The sed-based substitution in nm-run.sh writes DHCP-controlled values
from NetworkManager device state files directly into shell variable
assignments without any escaping. The generated dhcpopts file is later
sourced as shell, allowing a rogue DHCP server to inject arbitrary
commands via crafted root-path, next-server, or dhcp-bootfile values.
Replace the sed pipeline with a while/read loop using printf '%q' to
shell-escape all values before writing them into the dhcpopts file.
This is consistent with how later dracut versions (rhel-9+) handle the
same data via kf_parse() with printf '%q'.
Related: RHEL-170847
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
modules.d/35network-manager/nm-run.sh | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/modules.d/35network-manager/nm-run.sh b/modules.d/35network-manager/nm-run.sh
index 94c19545..0a92afb6 100755
--- a/modules.d/35network-manager/nm-run.sh
+++ b/modules.d/35network-manager/nm-run.sh
@@ -22,7 +22,13 @@ do
state=/run/NetworkManager/devices/$(cat $_i/ifindex)
grep -q connection-uuid= $state 2>/dev/null || continue
ifname=${_i##*/}
- sed -n 's/root-path/new_root_path/p;s/next-server/new_next_server/p;s/dhcp-bootfile/filename/p' <$state >/tmp/dhclient.$ifname.dhcpopts
+ while IFS='=' read -r key val; do
+ case "$key" in
+ root-path) printf 'new_root_path=%q\n' "$val" ;;
+ next-server) printf 'new_next_server=%q\n' "$val" ;;
+ dhcp-bootfile) printf 'filename=%q\n' "$val" ;;
+ esac
+ done < "$state" > /tmp/dhclient."$ifname".dhcpopts
source_hook initqueue/online $ifname
/sbin/netroot $ifname
done

14
SPECS/dracut.spec
View File

@ -5,7 +5,7 @@
# strip the automatically generated dep here and instead co-own the
# directory.
%global __requires_exclude pkg-config
%define dist_free_release 239.git20251127
%define dist_free_release 244.git20260529
Name: dracut
Version: 049
@ -266,6 +266,11 @@ Patch235: 0235.patch
Patch236: 0236.patch
Patch237: 0237.patch
Patch238: 0238.patch
Patch239: 0239.patch
Patch240: 0240.patch
Patch241: 0241.patch
Patch242: 0242.patch
Patch243: 0243.patch
Source1: https://www.gnu.org/licenses/lgpl-2.1.txt
@ -722,6 +727,13 @@ echo '# Since rhel-8.3 dracut moved to use NetworkManager
add_dracutmodules+=" network-legacy "' > /etc/dracut.conf.d/50-network-legacy.conf
%changelog
* Fri May 29 2026 Pavel Valena <pvalena@redhat.com> - 049-244.git20260529
- fix(network-manager): escape DHCP lease values in dhcpopts
- fix(network-legacy): replace `echo` writes with `printf` to
- fix(iscsi): replace `echo` writes with `printf` to prevent
- fix(network): warn on suspicious shell metacharacters in
- fix(base): escape arguments in initqueue hook script
* Thu Nov 27 2025 Pavel Valena <pvalena@redhat.com> - 049-239.git20251127
- fix(multipath): disable user_friendly_names with mpathconf
- fix(url-lib.sh): nfs_already_mounted() with trailing slash in