Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 18 Mar 2021 20:49:45 +0000 (UTC)
From:      Bryan Drewery <bdrewery@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r568761 - in head/security/openssh-portable: . files
Message-ID:  <202103182049.12IKnjwv003887@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: bdrewery
Date: Thu Mar 18 20:49:44 2021
New Revision: 568761
URL: https://svnweb.freebsd.org/changeset/ports/568761

Log:
  Add limited patch for CVE-2021-28041 from upstream.

Added:
  head/security/openssh-portable/files/patch-zz-8.4-CVE-2021-28041   (contents, props changed)
Modified:
  head/security/openssh-portable/Makefile

Modified: head/security/openssh-portable/Makefile
==============================================================================
--- head/security/openssh-portable/Makefile	Thu Mar 18 20:17:24 2021	(r568760)
+++ head/security/openssh-portable/Makefile	Thu Mar 18 20:49:44 2021	(r568761)
@@ -3,7 +3,7 @@
 
 PORTNAME=	openssh
 DISTVERSION=	8.4p1
-PORTREVISION=	3
+PORTREVISION=	4
 PORTEPOCH=	1
 CATEGORIES=	security
 MASTER_SITES=	OPENBSD/OpenSSH/portable

Added: head/security/openssh-portable/files/patch-zz-8.4-CVE-2021-28041
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/openssh-portable/files/patch-zz-8.4-CVE-2021-28041	Thu Mar 18 20:49:44 2021	(r568761)
@@ -0,0 +1,32 @@
+untrusted comment: verify with openbsd-68-base.pub
+RWQZj25CSG5R2lgsgSLgQjjy3/BFahe7C64NJOej05Naf0mm//TKykuXL7pxOVsY5rnXH0A6vBdO5UNx7PkuTxLOACHx5xV7Gws=
+
+OpenBSD 6.8 errata 015, March 4, 2021:
+
+Double free in ssh-agent(1)
+
+Apply by doing:
+    signify -Vep /etc/signify/openbsd-68-base.pub -x 015_sshagent.patch.sig \
+        -m - | (cd /usr/src && patch -p0)
+
+And then rebuild and install ssh (as well as ssh-agent)
+    cd /usr/src/usr.bin/ssh
+    make obj
+    make clean
+    make
+    make install
+
+Index: usr.bin/ssh/ssh-agent.c
+===================================================================
+RCS file: /cvs/src/usr.bin/ssh/ssh-agent.c,v
+diff -u -p -u -r1.264 ssh-agent.c
+--- ssh-agent.c	18 Sep 2020 08:16:38 -0000	1.264
++++ ssh-agent.c	3 Mar 2021 01:08:25 -0000
+@@ -567,6 +567,7 @@ process_add_identity(SocketEntry *e)
+ 				goto err;
+ 			}
+ 			free(ext_name);
++			ext_name = NULL;
+ 			break;
+ 		default:
+ 			error("%s: Unknown constraint %d", __func__, ctype);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202103182049.12IKnjwv003887>