From cfaaaa1eeb7b1c2c3d69e0b756f3b4dd543a6903 Mon Sep 17 00:00:00 2001
From: renmingshuai <renmingshuai@huawei.com>
Date: Sat, 9 Oct 2021 09:52:09 +0800
Subject: [PATCH] fix CVE-2021-41617

---
 backport-CVE-2021-41617-1.patch | 34 +++++++++++++++++++++++++++++++++
 backport-CVE-2021-41617-2.patch | 28 +++++++++++++++++++++++++++
 openssh.spec                    | 12 +++++++++++-
 3 files changed, 73 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2021-41617-1.patch
 create mode 100644 backport-CVE-2021-41617-2.patch

diff --git a/backport-CVE-2021-41617-1.patch b/backport-CVE-2021-41617-1.patch
new file mode 100644
index 0000000..31159d9
--- /dev/null
+++ b/backport-CVE-2021-41617-1.patch
@@ -0,0 +1,34 @@
+From f3cbe43e28fe71427d41cfe3a17125b972710455 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Sun, 26 Sep 2021 14:01:03 +0000
+Subject: upstream: need initgroups() before setresgid(); reported by anton@,
+
+ok deraadt@
+
+OpenBSD-Commit-ID: 6aa003ee658b316960d94078f2a16edbc25087ce
+
+---
+ auth.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/auth.c b/auth.c
+index c73444a..e510a05 100644
+--- a/auth.c
++++ b/auth.c
+@@ -852,6 +852,13 @@ subprocess(const char *tag, struct passwd *pw, const char *command,
+ 		}
+ 		closefrom(STDERR_FILENO + 1);
+ 
++		if (geteuid() == 0 &&
++		    initgroups(pw->pw_name, pw->pw_gid) == -1) {
++			error("%s: initgroups(%s, %u): %s", tag,
++			    pw->pw_name, (u_int)pw->pw_gid, strerror(errno));
++			_exit(1);
++		}
++
+ 		/* Don't use permanently_set_uid() here to avoid fatal() */
+ 		if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1) {
+ 			error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid,
+-- 
+1.8.3.1
+
diff --git a/backport-CVE-2021-41617-2.patch b/backport-CVE-2021-41617-2.patch
new file mode 100644
index 0000000..93871b1
--- /dev/null
+++ b/backport-CVE-2021-41617-2.patch
@@ -0,0 +1,28 @@
+From f3cbe43e28fe71427d41cfe3a17125b972710455 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Sun, 26 Sep 2021 14:01:03 +0000
+Subject: upstream: need initgroups() before setresgid(); reported by anton@,
+
+ok deraadt@
+
+OpenBSD-Commit-ID: 6aa003ee658b316960d94078f2a16edbc25087ce
+
+---
+ auth.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/auth.c b/auth.c
+index e510a05..46b56cf 100644
+--- a/auth.c
++++ b/auth.c
+@@ -39,6 +39,7 @@
+ # include <paths.h>
+ #endif
+ #include <pwd.h>
++#include <grp.h>
+ #ifdef HAVE_LOGIN_H
+ #include <login.h>
+ #endif
+-- 
+1.8.3.1
+
diff --git a/openssh.spec b/openssh.spec
index f0ecd1b..b16b081 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -6,7 +6,7 @@
 %{?no_gtk2:%global gtk2 0}
 
 %global sshd_uid    74
-%global openssh_release 13
+%global openssh_release 14
 
 Name:           openssh
 Version:        8.2p1
@@ -92,6 +92,8 @@ Patch59:        upstream-expose-vasnmprintf.patch
 Patch60:        CVE-2020-14145.patch
 Patch61:        add-strict-scp-check-for-CVE-2020-15778.patch
 Patch62:        backport-move-closefrom-to-before-first-malloc.patch
+Patch63:        backport-CVE-2021-41617-1.patch
+Patch64:        backport-CVE-2021-41617-2.patch
 
 Requires:       /sbin/nologin
 Requires:       libselinux >= 2.3-5 audit-libs >= 1.0.8
@@ -256,6 +258,8 @@ popd
 %patch60 -p1
 %patch61 -p1
 %patch62 -p1
+%patch63 -p1
+%patch64 -p1
 
 autoreconf
 pushd pam_ssh_agent_auth-0.10.3
@@ -467,6 +471,12 @@ getent passwd sshd >/dev/null || \
 %attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
 
 %changelog
+* Sat Oct 09 2021 renmingshuai<renmingshuai@huawei.com> - 8.2P1-14
+- Type:bugfix
+- CVE:CVE-2021-41617
+- SUG:NA
+- DESC:fix CVE-2021-41617
+
 * Mon Aug 09 2021 chxssg<chxssg@qq.com> - 8.2P1-13
 - Type:bugfix
 - CVE:NA
-- 
Gitee