diff --git a/pkgs/applications/version-management/cvs/CVE-2017-12836.patch b/pkgs/applications/version-management/cvs/CVE-2017-12836.patch new file mode 100644 index 000000000000..950079423685 --- /dev/null +++ b/pkgs/applications/version-management/cvs/CVE-2017-12836.patch @@ -0,0 +1,29 @@ +--- a/src/rsh-client.c.orig 2005-10-02 17:17:21.000000000 +0200 ++++ b/src/rsh-client.c 2017-11-07 16:56:06.957370469 +0100 +@@ -53,7 +53,7 @@ + char *cvs_server = (root->cvs_server != NULL + ? root->cvs_server : getenv ("CVS_SERVER")); + int i = 0; +- /* This needs to fit "rsh", "-b", "-l", "USER", "host", ++ /* This needs to fit "rsh", "-b", "-l", "USER", "--", "host", + "cmd (w/ args)", and NULL. We leave some room to grow. */ + char *rsh_argv[10]; + +@@ -97,6 +97,9 @@ + rsh_argv[i++] = root->username; + } + ++ /* Only non-option arguments from here. (CVE-2017-12836) */ ++ rsh_argv[i++] = "--"; ++ + rsh_argv[i++] = root->hostname; + rsh_argv[i++] = cvs_server; + rsh_argv[i++] = "server"; +@@ -171,6 +174,7 @@ + *p++ = root->username; + } + ++ *p++ = "--"; + *p++ = root->hostname; + *p++ = command; + *p++ = NULL; diff --git a/pkgs/applications/version-management/cvs/default.nix b/pkgs/applications/version-management/cvs/default.nix index 8c69517a7506..a330db6a8d67 100644 --- a/pkgs/applications/version-management/cvs/default.nix +++ b/pkgs/applications/version-management/cvs/default.nix @@ -11,6 +11,7 @@ stdenv.mkDerivation { patches = [ ./getcwd-chroot.patch ./CVE-2012-0804.patch + ./CVE-2017-12836.patch ]; hardeningDisable = [ "fortify" "format" ];