From aa1b338db7af566300d11b2d02c556058c2f8cb8 Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Oct 01 2021 11:27:42 +0000
Subject: Upstream fix for CVE-2021-41617


Resolves: rhbz#2008886

---

diff --git a/openssh-8.7p1-upstream-cve-2021-41617.patch b/openssh-8.7p1-upstream-cve-2021-41617.patch
new file mode 100644
index 0000000..15d49f2
--- /dev/null
+++ b/openssh-8.7p1-upstream-cve-2021-41617.patch
@@ -0,0 +1,25 @@
+diff --git a/misc.c b/misc.c
+index b8d1040d..0134d694 100644
+--- a/misc.c
++++ b/misc.c
+@@ -56,6 +56,7 @@
+ #ifdef HAVE_PATHS_H
+ # include <paths.h>
+ #include <pwd.h>
++#include <grp.h>
+ #endif
+ #ifdef SSH_TUN_OPENBSD
+ #include <net/if.h>
+@@ -2695,6 +2696,12 @@ subprocess(const char *tag, const char *command,
+ 		}
+ 		closefrom(STDERR_FILENO + 1);
+ 
++		if (geteuid() == 0 &&
++		    initgroups(pw->pw_name, pw->pw_gid) == -1) {
++			error("%s: initgroups(%s, %u): %s", tag,
++			    pw->pw_name, (u_int)pw->pw_gid, strerror(errno));
++			_exit(1);
++		}
+ 		if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1) {
+ 			error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid,
+ 			    strerror(errno));
diff --git a/openssh.spec b/openssh.spec
index aeaaf74..c8d740a 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -51,7 +51,7 @@
 
 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %global openssh_ver 8.7p1
-%global openssh_rel 1
+%global openssh_rel 2
 %global pam_ssh_agent_ver 0.10.4
 %global pam_ssh_agent_rel 4
 
@@ -197,6 +197,8 @@ Patch975: openssh-8.0p1-preserve-pam-errors.patch
 Patch976: openssh-8.7p1-sftp-default-protocol.patch
 # Implement kill switch for SCP protocol
 Patch977: openssh-8.7p1-scp-kill-switch.patch
+# CVE-2021-41617
+Patch978: openssh-8.7p1-upstream-cve-2021-41617.patch
 
 License: BSD
 Requires: /sbin/nologin
@@ -374,6 +376,7 @@ popd
 %patch975 -p1 -b .preserve-pam-errors
 %patch976 -p1 -b .sftp-by-default
 %patch977 -p1 -b .kill-scp
+%patch978 -p1 -b .cve-2021-41617
 
 %patch200 -p1 -b .audit
 %patch201 -p1 -b .audit-race
@@ -658,6 +661,10 @@ test -f %{sysconfig_anaconda} && \
 %endif
 
 %changelog
+* Fri Oct 01 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-2
+- Upstream fix for CVE-2021-41617
+  Related: rhbz#2008886
+
 * Fri Sep 24 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-1 + 0.10.4-4
 - New upstream release
 - Switch to SFTP protocol in scp utility by default