From 96428762fd313a4182675a0389746dd799bd07c5 Mon Sep 17 00:00:00 2001
From: renmingshuai <renmingshuai@huawei.com>
Date: Fri, 8 Oct 2021 20:11:01 +0800
Subject: [PATCH] fix CVE-2021-41617

---
 backport-CVE-2021-41617-1.patch | 34 +++++++++++++++++++++++++++++++++
 backport-CVE-2021-41617-2.patch | 28 +++++++++++++++++++++++++++
 openssh.spec                    | 12 +++++++++++-
 3 files changed, 73 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2021-41617-1.patch
 create mode 100644 backport-CVE-2021-41617-2.patch

diff --git a/backport-CVE-2021-41617-1.patch b/backport-CVE-2021-41617-1.patch
new file mode 100644
index 0000000..31159d9
--- /dev/null
+++ b/backport-CVE-2021-41617-1.patch
@@ -0,0 +1,34 @@
+From f3cbe43e28fe71427d41cfe3a17125b972710455 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Sun, 26 Sep 2021 14:01:03 +0000
+Subject: upstream: need initgroups() before setresgid(); reported by anton@,
+
+ok deraadt@
+
+OpenBSD-Commit-ID: 6aa003ee658b316960d94078f2a16edbc25087ce
+
+---
+ auth.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/auth.c b/auth.c
+index c73444a..e510a05 100644
+--- a/auth.c
++++ b/auth.c
+@@ -852,6 +852,13 @@ subprocess(const char *tag, struct passwd *pw, const char *command,
+ 		}
+ 		closefrom(STDERR_FILENO + 1);
+ 
++		if (geteuid() == 0 &&
++		    initgroups(pw->pw_name, pw->pw_gid) == -1) {
++			error("%s: initgroups(%s, %u): %s", tag,
++			    pw->pw_name, (u_int)pw->pw_gid, strerror(errno));
++			_exit(1);
++		}
++
+ 		/* Don't use permanently_set_uid() here to avoid fatal() */
+ 		if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1) {
+ 			error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid,
+-- 
+1.8.3.1
+
diff --git a/backport-CVE-2021-41617-2.patch b/backport-CVE-2021-41617-2.patch
new file mode 100644
index 0000000..93871b1
--- /dev/null
+++ b/backport-CVE-2021-41617-2.patch
@@ -0,0 +1,28 @@
+From f3cbe43e28fe71427d41cfe3a17125b972710455 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Sun, 26 Sep 2021 14:01:03 +0000
+Subject: upstream: need initgroups() before setresgid(); reported by anton@,
+
+ok deraadt@
+
+OpenBSD-Commit-ID: 6aa003ee658b316960d94078f2a16edbc25087ce
+
+---
+ auth.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/auth.c b/auth.c
+index e510a05..46b56cf 100644
+--- a/auth.c
++++ b/auth.c
+@@ -39,6 +39,7 @@
+ # include <paths.h>
+ #endif
+ #include <pwd.h>
++#include <grp.h>
+ #ifdef HAVE_LOGIN_H
+ #include <login.h>
+ #endif
+-- 
+1.8.3.1
+
diff --git a/openssh.spec b/openssh.spec
index 8d72be4..ffcf22f 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -6,7 +6,7 @@
 %{?no_gtk2:%global gtk2 0}
 
 %global sshd_uid    74
-%global openssh_release 14
+%global openssh_release 15
 
 Name:           openssh
 Version:        8.2p1
@@ -95,6 +95,8 @@ Patch62:        add-strict-scp-check-for-CVE-2020-15778.patch
 Patch63:        backport-move-closefrom-to-before-first-malloc.patch
 Patch64:	backport-upstream-Remove-debug-message-from-sigchld-handler.patch
 Patch65:	backport-upstream-Refactor-private-key-parsing.-Eliminates-a-.patch
+Patch66:	backport-CVE-2021-41617-1.patch
+Patch67:	backport-CVE-2021-41617-2.patch
 
 Requires:       /sbin/nologin
 Requires:       libselinux >= 2.3-5 audit-libs >= 1.0.8
@@ -262,6 +264,8 @@ popd
 %patch63 -p1
 %patch64 -p1
 %patch65 -p1
+%patch66 -p1
+%patch67 -p1
 
 autoreconf
 pushd pam_ssh_agent_auth-0.10.3
@@ -476,6 +480,12 @@ getent passwd sshd >/dev/null || \
 %attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
 
 %changelog
+* Fri Oct 8 2021 renmingshuai<renmingshuai@hauwei.com> - 8.2P1-15
+- Type:cves
+- CVE:CVE-2021-41617
+- SUG:NA
+- DESC:fix CVE-2021-41617
+
 * Sat Sep 18 2021 kircher<kircherlike@outlook.com> - 8.2P1-14
 - Type:bugfix
 - CVE:NA
-- 
Gitee