backport CVE-2021-28041

2021-12-15 16:39:03 +08:00 · 2021-12-15 16:39:03 +08:00 · 3472e39b23
commit 3472e39b23
parent 802253bdf2
2 changed files with 25 additions and 1 deletions
--- a/backport-CVE-2021-28041.patch
+++ b/backport-CVE-2021-28041.patch
@ -0,0 +1,16 @@
+Reference:https://src.fedoraproject.org/rpms/openssh/blob/f33/f/openssh-8.4p1-cve-2021-28041.patch
+diff --git a/ssh-agent.c b/ssh-agent.c
+index 6e536e5..3bac42d 100644
+--- a/ssh-agent.c
+++ b/ssh-agent.c
+@@ -496,6 +496,7 @@ process_add_identity(SocketEntry *e)
+ 				goto err;
+ 			}
+ 			free(ext_name);
+			ext_name = NULL;
+ 			break;
+ 		default:
+ 			error("%s: Unknown constraint %d", __func__, ctype);
+-- 
+1.8.3.1
+
--- a/openssh.spec
+++ b/openssh.spec
@ -6,7 +6,7 @@
 %{?no_gtk2:%global gtk2 0}

 %global sshd_uid    74
-%global openssh_release 14
+%global openssh_release 15

 Name:           openssh
 Version:        8.2p1
@ -94,6 +94,7 @@ Patch61:	add-strict-scp-check-for-CVE-2020-15778.patch
 Patch62:        backport-move-closefrom-to-before-first-malloc.patch
 Patch63:        backport-CVE-2021-41617-1.patch
 Patch64:        backport-CVE-2021-41617-2.patch
+Patch65:        backport-CVE-2021-28041.patch

 Requires:       /sbin/nologin
 Requires:       libselinux >= 2.3-5 audit-libs >= 1.0.8
@ -260,6 +261,7 @@ popd
 %patch62 -p1
 %patch63 -p1
 %patch64 -p1
+%patch65 -p1

 autoreconf
 pushd pam_ssh_agent_auth-0.10.3
@ -471,6 +473,12 @@ getent passwd sshd >/dev/null || \
 %attr(0644,root,root) %{_mandir}/man8/sftp-server.8*

 %changelog
+* Wed Dec 15 2021 renmingshuai<renmingshuai@hauwei.com> - 8.2P1-15
+- Type:cves
+- CVE:CVE-2021-28041
+- SUG:NA
+- DESC:fix CVE-2021-28041
+
 * Sat Oct 09 2021 renmingshuai<renmingshuai@hauwei.com> - 8.2P1-14
 - Type:bugfix
 - CVE:CVE-2021-41617