commit d0c8c66068ffaa0bc10f4749c7e4d8df728fc9c3 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

cvs: fix CVE-2017-12836

This patch is based on the work of the patch from Thorsten Glaser (MirBSD) [1]

[1] http://www.mirbsd.org/cvs.cgi/src/gnu/usr.bin/cvs/src/rsh-client.c.diff?r1=1.6;r2=1.7

Andreas Rammhold 8 years ago d0c8c660 cfafd6f5

+30

2 changed files

expand all

unified split

pkgs

applications

version-management

cvs

CVE-2017-12836.patch

default.nix

+29

pkgs/applications/version-management/cvs/CVE-2017-12836.patch

···

··· 1 + --- a/src/rsh-client.c.orig 2005-10-02 17:17:21.000000000 +0200 2 + +++ b/src/rsh-client.c 2017-11-07 16:56:06.957370469 +0100 3 + @@ -53,7 +53,7 @@ 4 + char *cvs_server = (root->cvs_server != NULL 5 + ? root->cvs_server : getenv ("CVS_SERVER")); 6 + int i = 0; 7 + - /* This needs to fit "rsh", "-b", "-l", "USER", "host", 8 + + /* This needs to fit "rsh", "-b", "-l", "USER", "--", "host", 9 + "cmd (w/ args)", and NULL. We leave some room to grow. */ 10 + char *rsh_argv[10]; 11 + 12 + @@ -97,6 +97,9 @@ 13 + rsh_argv[i++] = root->username; 14 + } 15 + 16 + + /* Only non-option arguments from here. (CVE-2017-12836) */ 17 + + rsh_argv[i++] = "--"; 18 + + 19 + rsh_argv[i++] = root->hostname; 20 + rsh_argv[i++] = cvs_server; 21 + rsh_argv[i++] = "server"; 22 + @@ -171,6 +174,7 @@ 23 + *p++ = root->username; 24 + } 25 + 26 + + *p++ = "--"; 27 + *p++ = root->hostname; 28 + *p++ = command; 29 + *p++ = NULL;

pkgs/applications/version-management/cvs/default.nix

··· 11 patches = [ 12 ./getcwd-chroot.patch 13 ./CVE-2012-0804.patch 14 ]; 15 16 hardeningDisable = [ "fortify" "format" ];

··· 11 patches = [ 12 ./getcwd-chroot.patch 13 ./CVE-2012-0804.patch 14 + ./CVE-2017-12836.patch 15 ]; 16 17 hardeningDisable = [ "fortify" "format" ];