moritzruth/void-packages
1
0
Fork 0
Code Releases Activity Actions 2

cvs: fix CVE-2017-12836, patch from MirBSD.

Browse source
This commit is contained in:
Leah Neukirchen 2017-08-25 16:22:08 +02:00
parent 4d30abbdf1
commit 656a706193
2 changed files with 24 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

23
srcpkgs/cvs/patches/ssh.patch Normal file
View file

@ -0,0 +1,23 @@
Fix for CVE-2017-12836, extracted from MirBSD repository.
--- src/rsh-client.c 2017/03/26 15:54:10 1.6
+++ src/rsh-client.c 2017/08/11 20:41:40 1.7
@@ -107,6 +108,9 @@ start_rsh_server (cvsroot_t *root, struc
rsh_argv[i++] = argvport;
}
+ /* Only non-option arguments from here. (CVE-2017-12836) */
+ rsh_argv[i++] = "--";
+
rsh_argv[i++] = root->hostname;
rsh_argv[i++] = cvs_server;
if (readonlyfs)
@@ -190,6 +194,8 @@ start_rsh_server (cvsroot_t *root, struc
*p++ = "-p";
*p++ = argvport;
}
+
+ *p++ = "--";
*p++ = root->hostname;
*p++ = command;

2
srcpkgs/cvs/template
View file

@ -1,7 +1,7 @@
# Template file for 'cvs' # Template file for 'cvs'
pkgname=cvs pkgname=cvs
version=1.12.13 version=1.12.13
revision=4 revision=5
build_style=gnu-configure build_style=gnu-configure
configure_args="--with-editor=/usr/bin/vi --with-external-zlib configure_args="--with-editor=/usr/bin/vi --with-external-zlib
ac_cv_func_working_mktime=yes" # broken test upstream ac_cv_func_working_mktime=yes" # broken test upstream