diff options
author | Andreas Rammhold <andreas@rammhold.de> | 2017-11-07 16:10:18 +0100 |
---|---|---|
committer | Andreas Rammhold <andreas@rammhold.de> | 2017-11-07 17:01:45 +0100 |
commit | d0c8c66068ffaa0bc10f4749c7e4d8df728fc9c3 (patch) | |
tree | af4be012f25540f02111e212eb3a1fa1fa3080fe /pkgs/applications/version-management/cvs | |
parent | cfafd6f5a819472911eaf2650b50a62f0c143e3e (diff) | |
download | nixlib-d0c8c66068ffaa0bc10f4749c7e4d8df728fc9c3.tar nixlib-d0c8c66068ffaa0bc10f4749c7e4d8df728fc9c3.tar.gz nixlib-d0c8c66068ffaa0bc10f4749c7e4d8df728fc9c3.tar.bz2 nixlib-d0c8c66068ffaa0bc10f4749c7e4d8df728fc9c3.tar.lz nixlib-d0c8c66068ffaa0bc10f4749c7e4d8df728fc9c3.tar.xz nixlib-d0c8c66068ffaa0bc10f4749c7e4d8df728fc9c3.tar.zst nixlib-d0c8c66068ffaa0bc10f4749c7e4d8df728fc9c3.zip |
cvs: fix CVE-2017-12836
This patch is based on the work of the patch from Thorsten Glaser (MirBSD) [1] [1] http://www.mirbsd.org/cvs.cgi/src/gnu/usr.bin/cvs/src/rsh-client.c.diff?r1=1.6;r2=1.7
Diffstat (limited to 'pkgs/applications/version-management/cvs')
-rw-r--r-- | pkgs/applications/version-management/cvs/CVE-2017-12836.patch | 29 | ||||
-rw-r--r-- | pkgs/applications/version-management/cvs/default.nix | 1 |
2 files changed, 30 insertions, 0 deletions
diff --git a/pkgs/applications/version-management/cvs/CVE-2017-12836.patch b/pkgs/applications/version-management/cvs/CVE-2017-12836.patch new file mode 100644 index 000000000000..950079423685 --- /dev/null +++ b/pkgs/applications/version-management/cvs/CVE-2017-12836.patch @@ -0,0 +1,29 @@ +--- a/src/rsh-client.c.orig 2005-10-02 17:17:21.000000000 +0200 ++++ b/src/rsh-client.c 2017-11-07 16:56:06.957370469 +0100 +@@ -53,7 +53,7 @@ + char *cvs_server = (root->cvs_server != NULL + ? root->cvs_server : getenv ("CVS_SERVER")); + int i = 0; +- /* This needs to fit "rsh", "-b", "-l", "USER", "host", ++ /* This needs to fit "rsh", "-b", "-l", "USER", "--", "host", + "cmd (w/ args)", and NULL. We leave some room to grow. */ + char *rsh_argv[10]; + +@@ -97,6 +97,9 @@ + rsh_argv[i++] = root->username; + } + ++ /* Only non-option arguments from here. (CVE-2017-12836) */ ++ rsh_argv[i++] = "--"; ++ + rsh_argv[i++] = root->hostname; + rsh_argv[i++] = cvs_server; + rsh_argv[i++] = "server"; +@@ -171,6 +174,7 @@ + *p++ = root->username; + } + ++ *p++ = "--"; + *p++ = root->hostname; + *p++ = command; + *p++ = NULL; diff --git a/pkgs/applications/version-management/cvs/default.nix b/pkgs/applications/version-management/cvs/default.nix index 8c69517a7506..a330db6a8d67 100644 --- a/pkgs/applications/version-management/cvs/default.nix +++ b/pkgs/applications/version-management/cvs/default.nix @@ -11,6 +11,7 @@ stdenv.mkDerivation { patches = [ ./getcwd-chroot.patch ./CVE-2012-0804.patch + ./CVE-2017-12836.patch ]; hardeningDisable = [ "fortify" "format" ]; |