!88 fix CVE-2021-28041

Merge pull request !88 from Rock/openEuler-20.03-LTS-SP3

backport-CVE-2021-28041.patch

@@ -0,0 +1,16 @@
+Reference:https://src.fedoraproject.org/rpms/openssh/blob/f33/f/openssh-8.4p1-cve-2021-28041.patch
+diff --git a/ssh-agent.c b/ssh-agent.c
+index 6e536e5..3bac42d 100644
+--- a/ssh-agent.c
++++ b/ssh-agent.c
+@@ -496,6 +496,7 @@ process_add_identity(SocketEntry *e)
+ 				goto err;
+ 			}
+ 			free(ext_name);
++			ext_name = NULL;
+ 			break;
+ 		default:
+ 			error("%s: Unknown constraint %d", __func__, ctype);
+-- 
+1.8.3.1
+

openssh.spec

@@ -6,7 +6,7 @@
 %{?no_gtk2:%global gtk2 0}
 
 %global sshd_uid    74
-%global openssh_release 14
+%global openssh_release 15
 
 Name:           openssh
 Version:        8.2p1
@@ -94,6 +94,7 @@ Patch61:	add-strict-scp-check-for-CVE-2020-15778.patch
 Patch62:        backport-move-closefrom-to-before-first-malloc.patch
 Patch63:        backport-CVE-2021-41617-1.patch
 Patch64:        backport-CVE-2021-41617-2.patch
+Patch65:        backport-CVE-2021-28041.patch
 
 Requires:       /sbin/nologin
 Requires:       libselinux >= 2.3-5 audit-libs >= 1.0.8
@@ -260,6 +261,7 @@ popd
 %patch62 -p1
 %patch63 -p1
 %patch64 -p1
+%patch65 -p1
 
 autoreconf
 pushd pam_ssh_agent_auth-0.10.3
@@ -471,6 +473,12 @@ getent passwd sshd >/dev/null || \
 %attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
 
 %changelog
+* Wed Dec 15 2021 renmingshuai<renmingshuai@hauwei.com> - 8.2P1-15
+- Type:cves
+- CVE:CVE-2021-28041
+- SUG:NA
+- DESC:fix CVE-2021-28041
+
 * Sat Oct 09 2021 renmingshuai<renmingshuai@hauwei.com> - 8.2P1-14
 - Type:bugfix
 - CVE:CVE-2021-41617