From 019d365a3afd826d1402bf1a8fe5e98fe1721ea4 Mon Sep 17 00:00:00 2001
From: christos <christos@NetBSD.org>
Date: Thu, 5 Apr 2018 18:50:10 +0000
Subject: [PATCH] Pass -S to ed(1) so that patches containing ! commands don't
 run commands. Real cause of CVS-2018-0492:    
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894667)

---
 usr.bin/patch/pch.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/usr.bin/patch/pch.c b/usr.bin/patch/pch.c
index 7ffb0cc76a70..519d47012acf 100644
--- a/usr.bin/patch/pch.c
+++ b/usr.bin/patch/pch.c
@@ -1,7 +1,7 @@
 /*
  * $OpenBSD: pch.c,v 1.37 2007/09/02 15:19:33 deraadt Exp $
  * $DragonFly: src/usr.bin/patch/pch.c,v 1.6 2008/08/10 23:35:40 joerg Exp $
- * $NetBSD: pch.c,v 1.28 2015/07/30 21:47:51 christos Exp $
+ * $NetBSD: pch.c,v 1.29 2018/04/05 18:50:10 christos Exp $
  */
 
 /*
@@ -31,7 +31,7 @@
  */
 
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: pch.c,v 1.28 2015/07/30 21:47:51 christos Exp $");
+__RCSID("$NetBSD: pch.c,v 1.29 2018/04/05 18:50:10 christos Exp $");
 
 #include <sys/types.h>
 #include <sys/stat.h>
@@ -1414,8 +1414,8 @@ do_ed_script(void)
 			unlink(TMPOUTNAME);
 			fatal("can't create temp file %s", TMPOUTNAME);
 		}
-		snprintf(buf, buf_len, "%s%s%s", _PATH_ED,
-		    verbose ? " " : " -s ", TMPOUTNAME);
+		snprintf(buf, buf_len, "%s -S%s %s", _PATH_ED,
+		    verbose ? "" : "s", TMPOUTNAME);
 		pipefp = popen(buf, "w");
 	}
 	for (;;) {