Fix CVE-2017-12836:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12836
https://security-tracker.debian.org/tracker/CVE-2017-12836

Patch adpated from Debian (comments and changelog annotations removed):

https://anonscm.debian.org/cgit/collab-maint/cvs.git/commit/?h=stretch&id=41e077396e35efb6c879951f44c62dd8a1d0f094

From 41e077396e35efb6c879951f44c62dd8a1d0f094 Mon Sep 17 00:00:00 2001
From: mirabilos <m@mirbsd.org>
Date: Sat, 12 Aug 2017 03:17:18 +0200
Subject: Fix CVE-2017-12836 (Closes: #871810) for stretch

---
 debian/changelog |  6 ++++++
 src/rsh-client.c | 10 ++++++++--
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/src/rsh-client.c b/src/rsh-client.c
index fe0cfc4..1fc860d 100644
--- a/src/rsh-client.c
+++ b/src/rsh-client.c
@@ -105,6 +106,9 @@ start_rsh_server (cvsroot_t *root, struct buffer **to_server_p,
 	rsh_argv[i++] = argvport;
     }
 
+    /* Only non-option arguments from here. (CVE-2017-12836) */
+    rsh_argv[i++] = "--";
+
     rsh_argv[i++] = root->hostname;
     rsh_argv[i++] = cvs_server;
     if (readonlyfs)
@@ -189,6 +193,8 @@ start_rsh_server (cvsroot_t *root, struct buffer **to_server_p,
 		*p++ = argvport;
 	}
 
+	*p++ = "--";
+
 	*p++ = root->hostname;
 	*p++ = command;
 	*p++ = NULL;
-- 
cgit v0.12

3e1cedb5059c896e3303677c'>tree</a><a href='/guix/commit/tests/inferior.scm?id=f99f00fc814a3e1a3e1cedb5059c896e3303677c'>commit</a><a href='/guix/diff/tests/inferior.scm?id=f99f00fc814a3e1a3e1cedb5059c896e3303677c'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/tests/inferior.scm'>
<input type='hidden' name='id' value='f99f00fc814a3e1a3e1cedb5059c896e3303677c'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=f99f00fc814a3e1a3e1cedb5059c896e3303677c'>root</a>/<a href='/guix/log/tests?id=f99f00fc814a3e1a3e1cedb5059c896e3303677c'>tests</a>/<a href='/guix/log/tests/inferior.scm?id=f99f00fc814a3e1a3e1cedb5059c896e3303677c'>inferior.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/tests/inferior.scm?id=f99f00fc814a3e1a3e1cedb5059c896e3303677c&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2022-05-20 18:46:07 +0200'>2022-05-20</span></td><td><a href='/guix/commit/tests/inferior.scm?id=a4994d739306abcf3f36706012fb88b35a970e6b'>inferior: Close duplicate socketpair file descriptor.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2021-05-15 12:14:47 +0100'>2021-05-15</span></td><td><a href='/guix/commit/tests/inferior.scm?id=97d615b1761c2054561057f6b56e2a0caed13aa4'>inferior: Support querying package replacements.</a><span class='msg-avail'>...</span></td><td>Christopher Baines</td></tr>
<tr><td><span title='2021-04-29 01:22:04 +0200'>2021-04-29</span></td><td><a href='/guix/commit/tests/inferior.scm?id=9dc1c591a4fe90e823ed69fb52c055b98d4699f6'>inferior: Make sure test refers to guile@3.0.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2021-01-21 00:14:38 +0100'>2021-01-21</span></td><td><a href='/guix/commit/tests/inferior.scm?id=98d3abe7440717724263cacca8c36e9f43d53fcc'>repl: Fix exception handling for interpreted code.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2021-01-21 00:14:38 +0100'>2021-01-21</span></td><td><a href='/guix/commit/tests/inferior.scm?id=074a201c33f822a7ab59512e7ee8b301204ff732'>inferior: Add 'inferior-eval-with-store' tests.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2020-03-21 22:16:02 +0100'>2020-03-21</span></td><td><a href='/guix/commit/tests/inferior.scm?id=d19b14c8349ce8cacb62619ab68953265daeeca7'>Merge branch 'master' into core-updates</a></td><td>Marius Bakke</td></tr>
<tr><td><span title='2020-03-19 15:14:08 +0100'>2020-03-19</span></td><td><a href='/guix/commit/tests/inferior.scm?id=1dca6aaafa9f842565deab1fe7e6929f25544551'>inferior: '&amp;inferior-exception' includes a stack trace.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2020-03-17 15:46:15 +0100'>2020-03-17</span></td><td><a href='/guix/commit/tests/inferior.scm?id=9d0c2c6e5226bbd11e710bd4efa8f25e9ffb5a86'>tests: Fix up reference to 'guile-2.2'.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2020-03-12 11:52:38 +0100'>2020-03-12</span></td><td><a href='/guix/commit/tests/inferior.scm?id=f7537e30b892cef09d91902547c00e5fa9b66f3b'>inferior: Distinguish inferior exceptions.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>

Age	Commit message (Expand)	Author
2022-05-20	inferior: Close duplicate socketpair file descriptor....	Ludovic Courtès
2021-05-15	inferior: Support querying package replacements....	Christopher Baines
2021-04-29	inferior: Make sure test refers to guile@3.0....	Ludovic Courtès
2021-01-21	repl: Fix exception handling for interpreted code....	Ludovic Courtès
2021-01-21	inferior: Add 'inferior-eval-with-store' tests....	Ludovic Courtès
2020-03-21	Merge branch 'master' into core-updates	Marius Bakke
2020-03-19	inferior: '&inferior-exception' includes a stack trace....	Ludovic Courtès
2020-03-17	tests: Fix up reference to 'guile-2.2'....	Ludovic Courtès
2020-03-12	inferior: Distinguish inferior exceptions....	Ludovic Courtès