From bba3c489701693c59315efed001b37d6fa014a6c Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Wed, 10 Jul 2019 14:53:04 +0300 Subject: gnu: cvs: Rename patch file. * gnu/packages/version-control.scm (cvs)[source]: Rename patch. * gnu/packages/patches/cvs-2017-12836.patch: Rename to ... * gnu/packages/patches/cvs-CVE-2018-12836.patch: ... this. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 2 +- gnu/packages/patches/cvs-2017-12836.patch | 45 --------------------------- gnu/packages/patches/cvs-CVE-2017-12836.patch | 45 +++++++++++++++++++++++++++ gnu/packages/version-control.scm | 2 +- 4 files changed, 47 insertions(+), 47 deletions(-) delete mode 100644 gnu/packages/patches/cvs-2017-12836.patch create mode 100644 gnu/packages/patches/cvs-CVE-2017-12836.patch diff --git a/gnu/local.mk b/gnu/local.mk index 66f904291b..9a70d73759 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -747,7 +747,7 @@ dist_patch_DATA = \ %D%/packages/patches/clucene-contribs-lib.patch \ %D%/packages/patches/cube-nocheck.patch \ %D%/packages/patches/cursynth-wave-rand.patch \ - %D%/packages/patches/cvs-2017-12836.patch \ + %D%/packages/patches/cvs-CVE-2017-12836.patch \ %D%/packages/patches/dbus-helper-search-path.patch \ %D%/packages/patches/dbus-CVE-2019-12749.patch \ %D%/packages/patches/dealii-mpi-deprecations.patch \ diff --git a/gnu/packages/patches/cvs-2017-12836.patch b/gnu/packages/patches/cvs-2017-12836.patch deleted file mode 100644 index 507ab0f7d0..0000000000 --- a/gnu/packages/patches/cvs-2017-12836.patch +++ /dev/null @@ -1,45 +0,0 @@ -Fix CVE-2017-12836: - -http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12836 -https://security-tracker.debian.org/tracker/CVE-2017-12836 - -Patch adpated from Debian (comments and changelog annotations removed): - -https://anonscm.debian.org/cgit/collab-maint/cvs.git/commit/?h=stretch&id=41e077396e35efb6c879951f44c62dd8a1d0f094 - -From 41e077396e35efb6c879951f44c62dd8a1d0f094 Mon Sep 17 00:00:00 2001 -From: mirabilos -Date: Sat, 12 Aug 2017 03:17:18 +0200 -Subject: Fix CVE-2017-12836 (Closes: #871810) for stretch - ---- - debian/changelog | 6 ++++++ - src/rsh-client.c | 10 ++++++++-- - 2 files changed, 14 insertions(+), 2 deletions(-) - -diff --git a/src/rsh-client.c b/src/rsh-client.c -index fe0cfc4..1fc860d 100644 ---- a/src/rsh-client.c -+++ b/src/rsh-client.c -@@ -105,6 +106,9 @@ start_rsh_server (cvsroot_t *root, struct buffer **to_server_p, - rsh_argv[i++] = argvport; - } - -+ /* Only non-option arguments from here. (CVE-2017-12836) */ -+ rsh_argv[i++] = "--"; -+ - rsh_argv[i++] = root->hostname; - rsh_argv[i++] = cvs_server; - if (readonlyfs) -@@ -189,6 +193,8 @@ start_rsh_server (cvsroot_t *root, struct buffer **to_server_p, - *p++ = argvport; - } - -+ *p++ = "--"; -+ - *p++ = root->hostname; - *p++ = command; - *p++ = NULL; --- -cgit v0.12 - diff --git a/gnu/packages/patches/cvs-CVE-2017-12836.patch b/gnu/packages/patches/cvs-CVE-2017-12836.patch new file mode 100644 index 0000000000..507ab0f7d0 --- /dev/null +++ b/gnu/packages/patches/cvs-CVE-2017-12836.patch @@ -0,0 +1,45 @@ +Fix CVE-2017-12836: + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12836 +https://security-tracker.debian.org/tracker/CVE-2017-12836 + +Patch adpated from Debian (comments and changelog annotations removed): + +https://anonscm.debian.org/cgit/collab-maint/cvs.git/commit/?h=stretch&id=41e077396e35efb6c879951f44c62dd8a1d0f094 + +From 41e077396e35efb6c879951f44c62dd8a1d0f094 Mon Sep 17 00:00:00 2001 +From: mirabilos +Date: Sat, 12 Aug 2017 03:17:18 +0200 +Subject: Fix CVE-2017-12836 (Closes: #871810) for stretch + +--- + debian/changelog | 6 ++++++ + src/rsh-client.c | 10 ++++++++-- + 2 files changed, 14 insertions(+), 2 deletions(-) + +diff --git a/src/rsh-client.c b/src/rsh-client.c +index fe0cfc4..1fc860d 100644 +--- a/src/rsh-client.c ++++ b/src/rsh-client.c +@@ -105,6 +106,9 @@ start_rsh_server (cvsroot_t *root, struct buffer **to_server_p, + rsh_argv[i++] = argvport; + } + ++ /* Only non-option arguments from here. (CVE-2017-12836) */ ++ rsh_argv[i++] = "--"; ++ + rsh_argv[i++] = root->hostname; + rsh_argv[i++] = cvs_server; + if (readonlyfs) +@@ -189,6 +193,8 @@ start_rsh_server (cvsroot_t *root, struct buffer **to_server_p, + *p++ = argvport; + } + ++ *p++ = "--"; ++ + *p++ = root->hostname; + *p++ = command; + *p++ = NULL; +-- +cgit v0.12 + diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm index 8effe1d502..b1fd0195ce 100644 --- a/gnu/packages/version-control.scm +++ b/gnu/packages/version-control.scm @@ -1409,7 +1409,7 @@ machine.") (uri (string-append "https://ftp.gnu.org/non-gnu/cvs/source/feature/" version "/cvs-" version ".tar.bz2")) - (patches (search-patches "cvs-2017-12836.patch")) + (patches (search-patches "cvs-CVE-2017-12836.patch")) (sha256 (base32 "0pjir8cwn0087mxszzbsi1gyfc6373vif96cw4q3m1x6p49kd1bq")))) -- cgit 1.4.1