<pre style='margin:0'>
Marius Schamschula (Schamschula) pushed a commit to branch master
in repository macports-ports.
</pre>
<p><a href="https://github.com/macports/macports-ports/commit/13792286eb56a877f84821202563807ced8b5457">https://github.com/macports/macports-ports/commit/13792286eb56a877f84821202563807ced8b5457</a></p>
<pre style="white-space: pre; background: #F8F8F8">The following commit(s) were added to refs/heads/master by this push:
<span style='display:block; white-space:pre;color:#404040;'> new 13792286eb5 openssh 8.4p1: fix CVE-2021-28041
</span>13792286eb5 is described below
<span style='display:block; white-space:pre;color:#808000;'>commit 13792286eb56a877f84821202563807ced8b5457
</span>Author: Marius Schamschula <mps@macports.org>
AuthorDate: Fri Mar 19 13:39:54 2021 -0500
<span style='display:block; white-space:pre;color:#404040;'> openssh 8.4p1: fix CVE-2021-28041
</span>---
net/openssh/Portfile | 5 +++-
net/openssh/files/patch-zz-8.4-CVE-2021-28041.diff | 32 ++++++++++++++++++++++
2 files changed, 36 insertions(+), 1 deletion(-)
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/openssh/Portfile b/net/openssh/Portfile
</span><span style='display:block; white-space:pre;color:#808080;'>index 756c68fbaf5..e5db99b4f57 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/net/openssh/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/openssh/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -6,7 +6,7 @@ PortGroup compiler_blacklist_versions 1.0
</span>
name openssh
version 8.4p1
<span style='display:block; white-space:pre;background:#ffe0e0;'>-revision 2
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+revision 3
</span> categories net
platforms darwin
maintainers nomaintainer
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -53,6 +53,9 @@ if {${name} eq ${subport}} {
</span> patch-sshd.c-apple-sandbox-named-external.diff \
macports-config.patch
<span style='display:block; white-space:pre;background:#e0ffe0;'>+ # OpenBSD patch for CVE-2021-28041, remove after upgrading to >= 8.5p1
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ patchfiles-append patch-zz-8.4-CVE-2021-28041.diff
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span> # We need a couple of patches
# - pam.patch
# getpwnam(3) on OS X always returns "*********" in the pw_passwd field even
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/openssh/files/patch-zz-8.4-CVE-2021-28041.diff b/net/openssh/files/patch-zz-8.4-CVE-2021-28041.diff
</span>new file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 00000000000..be1012a14dd
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--- /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/openssh/files/patch-zz-8.4-CVE-2021-28041.diff
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -0,0 +1,32 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+untrusted comment: verify with openbsd-68-base.pub
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+RWQZj25CSG5R2lgsgSLgQjjy3/BFahe7C64NJOej05Naf0mm//TKykuXL7pxOVsY5rnXH0A6vBdO5UNx7PkuTxLOACHx5xV7Gws=
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+OpenBSD 6.8 errata 015, March 4, 2021:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Double free in ssh-agent(1)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Apply by doing:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ signify -Vep /etc/signify/openbsd-68-base.pub -x 015_sshagent.patch.sig \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -m - | (cd /usr/src && patch -p0)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+And then rebuild and install ssh (as well as ssh-agent)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ cd /usr/src/usr.bin/ssh
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ make obj
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ make clean
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ make
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ make install
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Index: usr.bin/ssh/ssh-agent.c
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+===================================================================
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+RCS file: /cvs/src/usr.bin/ssh/ssh-agent.c,v
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+diff -u -p -u -r1.264 ssh-agent.c
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- ssh/ssh-agent.c 18 Sep 2020 08:16:38 -0000 1.264
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ ssh/ssh-agent.c 3 Mar 2021 01:08:25 -0000
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -567,6 +567,7 @@ process_add_identity(SocketEntry *e)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ goto err;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ free(ext_name);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ ext_name = NULL;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ break;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ default:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ error("%s: Unknown constraint %d", __func__, ctype);
</span></pre><pre style='margin:0'>
</pre>