unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
blob 507ab0f7d08b8083da0653e5fccee86c6408abdb 1278 bytes (raw)
name: patches/cvs-CVE-2017-12836.patch 	 # note: path name is non-authoritative(*)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
Fix CVE-2017-12836:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12836
https://security-tracker.debian.org/tracker/CVE-2017-12836

Patch adpated from Debian (comments and changelog annotations removed):

https://anonscm.debian.org/cgit/collab-maint/cvs.git/commit/?h=stretch&id=41e077396e35efb6c879951f44c62dd8a1d0f094

From 41e077396e35efb6c879951f44c62dd8a1d0f094 Mon Sep 17 00:00:00 2001
From: mirabilos <m@mirbsd.org>
Date: Sat, 12 Aug 2017 03:17:18 +0200
Subject: Fix CVE-2017-12836 (Closes: #871810) for stretch

---
 debian/changelog |  6 ++++++
 src/rsh-client.c | 10 ++++++++--
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/src/rsh-client.c b/src/rsh-client.c
index fe0cfc4..1fc860d 100644
--- a/src/rsh-client.c
+++ b/src/rsh-client.c
@@ -105,6 +106,9 @@ start_rsh_server (cvsroot_t *root, struct buffer **to_server_p,
 	rsh_argv[i++] = argvport;
     }
 
+    /* Only non-option arguments from here. (CVE-2017-12836) */
+    rsh_argv[i++] = "--";
+
     rsh_argv[i++] = root->hostname;
     rsh_argv[i++] = cvs_server;
     if (readonlyfs)
@@ -189,6 +193,8 @@ start_rsh_server (cvsroot_t *root, struct buffer **to_server_p,
 		*p++ = argvport;
 	}
 
+	*p++ = "--";
+
 	*p++ = root->hostname;
 	*p++ = command;
 	*p++ = NULL;
-- 
cgit v0.12


debug log:

solving 507ab0f7d08b8083da0653e5fccee86c6408abdb ...
found 507ab0f7d08b8083da0653e5fccee86c6408abdb in https://git.savannah.gnu.org/cgit/guix.git

(*) Git path names are given by the tree(s) the blob belongs to.
    Blobs themselves have no identifier aside from the hash of its contents.^

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).