void-packages/srcpkgs/cvs/patches/ssh.patch

24 lines
599 B
Diff

Fix for CVE-2017-12836, extracted from MirBSD repository.
--- a/src/rsh-client.c 2017/03/26 15:54:10 1.6
+++ b/src/rsh-client.c 2017/08/11 20:41:40 1.7
@@ -107,6 +108,9 @@ start_rsh_server (cvsroot_t *root, struc
rsh_argv[i++] = argvport;
}
+ /* Only non-option arguments from here. (CVE-2017-12836) */
+ rsh_argv[i++] = "--";
+
rsh_argv[i++] = root->hostname;
rsh_argv[i++] = cvs_server;
if (readonlyfs)
@@ -190,6 +194,8 @@ start_rsh_server (cvsroot_t *root, struc
*p++ = "-p";
*p++ = argvport;
}
+
+ *p++ = "--";
*p++ = root->hostname;
*p++ = command;