diff options
author | TBK <tbk@jjtc.eu> | 2020-02-25 21:49:05 +0100 |
---|---|---|
committer | Leo <thinkabit.ukim@gmail.com> | 2020-02-25 20:16:04 -0300 |
commit | 8cdd93154aeb43702a196270e3818bf2466c3e0c (patch) | |
tree | 6ae5f29a342825d634afec4ecdb6d6de301e37a7 /main/cvs/CVE-2017-12836.patch | |
parent | bf0db593e8e6a00eadd5975a64209eb2e9ec5da6 (diff) | |
download | aports-8cdd93154aeb43702a196270e3818bf2466c3e0c.tar.bz2 aports-8cdd93154aeb43702a196270e3818bf2466c3e0c.tar.xz |
main/cvs: security upgrade to 1.12.12
Most distros uses 1.12.13 (https://repology.org/project/cvs/versions) but according to Gentoo it is usable, so following Gentoo (https://bugs.gentoo.org/124733) 1.12.12 is the way forward.
CVEs:
* CVE-2010-3846 - https://bugzilla.redhat.com/show_bug.cgi?id=642146
* CVE-2012-0804 - https://security-tracker.debian.org/tracker/CVE-2012-0804
* CVE-2017-12836 - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871810#10
Diffstat (limited to 'main/cvs/CVE-2017-12836.patch')
-rw-r--r-- | main/cvs/CVE-2017-12836.patch | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/main/cvs/CVE-2017-12836.patch b/main/cvs/CVE-2017-12836.patch new file mode 100644 index 0000000000..b20a88b667 --- /dev/null +++ b/main/cvs/CVE-2017-12836.patch @@ -0,0 +1,38 @@ +Subject: [PATCH] Fix CVE-2017-12836 +From: Thorsten Glaser <tg@mirbsd.de> + +--- a/src/rsh-client.c ++++ b/src/rsh-client.c +@@ -53,9 +53,10 @@ + char *cvs_server = (root->cvs_server != NULL + ? root->cvs_server : getenv ("CVS_SERVER")); + int i = 0; +- /* This needs to fit "rsh", "-b", "-l", "USER", "host", +- "cmd (w/ args)", and NULL. We leave some room to grow. */ +- char *rsh_argv[10]; ++ /* This needs to fit "rsh", "-b", "-l", "USER", "-p", port, ++ "--", "host", "cvs", "-R", "server", and NULL. ++ We leave some room to grow. */ ++ char *rsh_argv[16]; + + if (!cvs_rsh) + /* People sometimes suggest or assume that this should default +@@ -97,6 +98,9 @@ + rsh_argv[i++] = root->username; + } + ++ /* Only non-option arguments from here. (CVE-2017-12836) */ ++ rsh_argv[i++] = "--"; ++ + rsh_argv[i++] = root->hostname; + rsh_argv[i++] = cvs_server; + rsh_argv[i++] = "server"; +@@ -171,6 +175,8 @@ + *p++ = root->username; + } + ++ *p++ = "--"; ++ + *p++ = root->hostname; + *p++ = command; + *p++ = NULL; |