diff options
-rw-r--r-- | main/openssh/APKBUILD | 8 | ||||
-rw-r--r-- | main/openssh/CVE-2021-28041.patch | 32 |
2 files changed, 38 insertions, 2 deletions
diff --git a/main/openssh/APKBUILD b/main/openssh/APKBUILD index b741aaad2bc..4663f4011dc 100644 --- a/main/openssh/APKBUILD +++ b/main/openssh/APKBUILD @@ -4,7 +4,7 @@ pkgname=openssh pkgver=8.4_p1 _myver=${pkgver%_*}${pkgver#*_} -pkgrel=2 +pkgrel=3 pkgdesc="Port of OpenBSD's free SSH release" url="https://www.openssh.com/portable.html" arch="all" @@ -36,11 +36,14 @@ source="https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-$_myver.tar disable-forwarding-by-default.patch fix-verify-dns-segfault.patch https://github.com/openssh/openssh-portable/commit/d9e727dcc04a52caaac87543ea1d230e9e6b5604.patch + CVE-2021-28041.patch sshd.initd sshd.confd " # secfixes: +# 8.4_p1-r1: +# - CVE-2021-28041 # 8.4_p1-r0: # - CVE-2020-14145 # 7.9_p1-r3: @@ -214,6 +217,7 @@ f35fffcd26635249ce5d820e7b3e406e586f2d2d7f6a045f221e2f9fb53aebc1ab1dd1e603b33894 c1d09c65dbc347f0904edc30f91aa9a24b0baee50309536182455b544f1e3f85a8cecfa959e32be8b101d8282ef06dde3febbbc3f315489339dcf04155c859a9 sftp-interactive.patch 8df35d72224cd255eb0685d2c707b24e5eb24f0fdd67ca6cc0f615bdbd3eeeea2d18674a6af0c6dab74c2d8247e2370d0b755a84c99f766a431bc50c40b557de disable-forwarding-by-default.patch b0d1fc89bd46ebfc8c7c00fd897732e67a6cda996811c14d99392685bb0b508b52c9dc3188b1a84c0ffa3f72f57189cc615a76b81796dd1b5f552542bd53f84d fix-verify-dns-segfault.patch -d6088a20e3d4cb597ca99c29fd761e06c16b8a54e7e5d0fa63a07f814fd21e831e0e5e4e3c643b99fe10e536ed98ef5f8179cab2ac79bc44e725327b8d5d5dba d9e727dcc04a52caaac87543ea1d230e9e6b5604.patch +711f564b4bc5b156b699795230b9909c979407517daabc2304975dfea4838fdd426bff7d424254d4a7f9162205f3d8931bd5e25d4006bfbe670a900e2bd05967 d9e727dcc04a52caaac87543ea1d230e9e6b5604.patch +927863c0778d4933d90d5cbd97ba2d6f6deb3c44def522bfb764103e72320512d91a4d4f21ae46b46e72c5fd379d523511f3827b7b0834862483eb3796916bf9 CVE-2021-28041.patch 8122ac1838586a1487dad1f70ed2ec8161ae57b4a7ee8bfef9757b590aa76a887a6c5e5f2575728da4c6c2f00d2a924360e23d84a4df204d7021b44b690cb2f8 sshd.initd ec506156c286e5b28a530e9964dd68b7f6c9e881fbc47247a988e52a1f9cd50cbfaf4955c96774f9e2508d8b734c4abf98785fbaa75ae6249e3464b5495f1afc sshd.confd" diff --git a/main/openssh/CVE-2021-28041.patch b/main/openssh/CVE-2021-28041.patch new file mode 100644 index 00000000000..e35ec18f5b2 --- /dev/null +++ b/main/openssh/CVE-2021-28041.patch @@ -0,0 +1,32 @@ +untrusted comment: verify with openbsd-68-base.pub +RWQZj25CSG5R2lgsgSLgQjjy3/BFahe7C64NJOej05Naf0mm//TKykuXL7pxOVsY5rnXH0A6vBdO5UNx7PkuTxLOACHx5xV7Gws= + +OpenBSD 6.8 errata 015, March 4, 2021: + +Double free in ssh-agent(1) + +Apply by doing: + signify -Vep /etc/signify/openbsd-68-base.pub -x 015_sshagent.patch.sig \ + -m - | (cd /usr/src && patch -p0) + +And then rebuild and install ssh (as well as ssh-agent) + cd /usr/src/usr.bin/ssh + make obj + make clean + make + make install + +Index: usr.bin/ssh/ssh-agent.c +=================================================================== +RCS file: /cvs/src/usr.bin/ssh/ssh-agent.c,v +diff -u -p -u -r1.264 ssh-agent.c +--- ./ssh-agent.c 18 Sep 2020 08:16:38 -0000 1.264 ++++ ./ssh-agent.c 3 Mar 2021 01:08:25 -0000 +@@ -567,6 +567,7 @@ process_add_identity(SocketEntry *e) + goto err; + } + free(ext_name); ++ ext_name = NULL; + break; + default: + error("%s: Unknown constraint %d", __func__, ctype); |