main/openssh: fix CVE-2021-28041

Patch found from upstream:
https://ftp.openbsd.org/pub/OpenBSD/patches/6.8/common/015_sshagent.patch.sig

fixes #12514

2 files changed, 37 insertions, 1 deletions

diff --git a/main/openssh/APKBUILD b/main/openssh/APKBUILD
index 47e963036f8..bba95c9a60b 100644
--- a/main/openssh/APKBUILD
+++ b/main/openssh/APKBUILD
@@ -4,7 +4,7 @@
 pkgname=openssh
 pkgver=8.3_p1
 _myver=${pkgver%_*}${pkgver#*_}
-pkgrel=1
+pkgrel=2
 pkgdesc="Port of OpenBSD's free SSH release"
 url="https://www.openssh.com/portable.html"
 arch="all"
@@ -36,11 +36,14 @@ source="https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-$_myver.tar
 	disable-forwarding-by-default.patch
 	fix-verify-dns-segfault.patch
 	CVE-2020-14145.patch
+	CVE-2021-28041.patch
 
 	sshd.initd
 	sshd.confd
 	"
 # secfixes:
+#   8.3_p1-r2:
+#     - CVE-2021-28041
 #   8.3_p1-r1:
 #     - CVE-2020-14145
 #   7.9_p1-r3:
@@ -212,5 +215,6 @@ c1d09c65dbc347f0904edc30f91aa9a24b0baee50309536182455b544f1e3f85a8cecfa959e32be8
 8df35d72224cd255eb0685d2c707b24e5eb24f0fdd67ca6cc0f615bdbd3eeeea2d18674a6af0c6dab74c2d8247e2370d0b755a84c99f766a431bc50c40b557de  disable-forwarding-by-default.patch
 b0d1fc89bd46ebfc8c7c00fd897732e67a6cda996811c14d99392685bb0b508b52c9dc3188b1a84c0ffa3f72f57189cc615a76b81796dd1b5f552542bd53f84d  fix-verify-dns-segfault.patch
 367c4f4e2777cd4608a9a7455c1d9744683938fab9b07333af8bbe26aef30091040e69b6ee84dee82c09d50d93e15a9c005cc799b5d15d40d2fa31f879ba0850  CVE-2020-14145.patch
+927863c0778d4933d90d5cbd97ba2d6f6deb3c44def522bfb764103e72320512d91a4d4f21ae46b46e72c5fd379d523511f3827b7b0834862483eb3796916bf9  CVE-2021-28041.patch
 8122ac1838586a1487dad1f70ed2ec8161ae57b4a7ee8bfef9757b590aa76a887a6c5e5f2575728da4c6c2f00d2a924360e23d84a4df204d7021b44b690cb2f8  sshd.initd
 ec506156c286e5b28a530e9964dd68b7f6c9e881fbc47247a988e52a1f9cd50cbfaf4955c96774f9e2508d8b734c4abf98785fbaa75ae6249e3464b5495f1afc  sshd.confd"
diff --git a/main/openssh/CVE-2021-28041.patch b/main/openssh/CVE-2021-28041.patch
new file mode 100644
index 00000000000..e35ec18f5b2
--- /dev/null
+++ b/main/openssh/CVE-2021-28041.patch
@@ -0,0 +1,32 @@
+untrusted comment: verify with openbsd-68-base.pub
+RWQZj25CSG5R2lgsgSLgQjjy3/BFahe7C64NJOej05Naf0mm//TKykuXL7pxOVsY5rnXH0A6vBdO5UNx7PkuTxLOACHx5xV7Gws=
+
+OpenBSD 6.8 errata 015, March 4, 2021:
+
+Double free in ssh-agent(1)
+
+Apply by doing:
+    signify -Vep /etc/signify/openbsd-68-base.pub -x 015_sshagent.patch.sig \
+        -m - | (cd /usr/src && patch -p0)
+
+And then rebuild and install ssh (as well as ssh-agent)
+    cd /usr/src/usr.bin/ssh
+    make obj
+    make clean
+    make
+    make install
+
+Index: usr.bin/ssh/ssh-agent.c
+===================================================================
+RCS file: /cvs/src/usr.bin/ssh/ssh-agent.c,v
+diff -u -p -u -r1.264 ssh-agent.c
+--- ./ssh-agent.c	18 Sep 2020 08:16:38 -0000	1.264
++++ ./ssh-agent.c	3 Mar 2021 01:08:25 -0000
+@@ -567,6 +567,7 @@ process_add_identity(SocketEntry *e)
+ 				goto err;
+ 			}
+ 			free(ext_name);
++			ext_name = NULL;
+ 			break;
+ 		default:
+ 			error("%s: Unknown constraint %d", __func__, ctype);