diff --git a/SOURCES/oddjob-cve-2020-10737-reversal-option.patch b/SOURCES/oddjob-cve-2020-10737-reversal-option.patch
new file mode 100644
index 0000000..fa187bb
--- /dev/null
+++ b/SOURCES/oddjob-cve-2020-10737-reversal-option.patch
@@ -0,0 +1,113 @@
+From 71b0389fbb31833d827f5f0fec18880c2f602753 Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <abokovoy@redhat.com>
+Date: Thu, 19 May 2022 13:52:22 +0300
+Subject: [PATCH] mkhomedir: add support for pre-CVE-2020-10737 behavior
+
+Pre-CVE-2020-10737 behavior was used to allow creating home directories
+on NFS mounts when non-Kerberos authentication method is in use. This is
+exactly the case where a race condition addressed by the CVE-2020-10737
+fix could have happened. However, there are legit use cases where this
+setup is needed.
+
+Add '-f' option to mkhomedir helper to activate previous behavior. In
+order to enable it, a change to oddjobd-mkhomedir.conf configuration
+file is needed by explicitly adding '-f' option to the executable file
+definition.
+
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2050079
+
+Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
+---
+ src/mkhomedir.c                 | 16 +++++++++++++---
+ src/oddjobd-mkhomedir.conf.5.in |  9 +++++++++
+ 2 files changed, 22 insertions(+), 3 deletions(-)
+
+diff --git a/src/mkhomedir.c b/src/mkhomedir.c
+index be85959..ac813a9 100644
+--- a/src/mkhomedir.c
++++ b/src/mkhomedir.c
+@@ -53,9 +53,11 @@ static const char *skel;
+ static const char *skel_dir;
+ static struct passwd *pwd;
+ static mode_t override_umask;
++static int owner_mkdir_first = 0;
+ 
+ #define FLAG_POPULATE	(1 << 0)
+ #define FLAG_QUIET	(1 << 1)
++#define FLAG_OWNER_MKDIR_FIRST (1 << 2)
+ 
+ /* Given the path of an item somewhere in the skeleton directory, create as
+  * identical as possible a copy in the destination tree. */
+@@ -158,7 +160,7 @@ copy_single_item(const char *source, const struct stat *sb,
+ 		 * target user just yet to avoid potential race conditions
+ 		 * involving symlink attacks when we copy over the skeleton
+ 		 * tree. */
+-		if (status->level == 0) {
++		if (status->level == 0 && !owner_mkdir_first) {
+ 			uid = 0;
+ 			gid = 0;
+ 		}
+@@ -222,6 +224,9 @@ mkhomedir(const char *user, int flags)
+ 		       pwd->pw_dir);
+ 		return HANDLER_INVALID_INVOCATION;
+ 	}
++	if (flags & FLAG_OWNER_MKDIR_FIRST) {
++		owner_mkdir_first = 1;
++	}
+ 	if ((lstat(pwd->pw_dir, &st) == -1) && (errno == ENOENT)) {
+ 		/* Figure out which location we're using as a
+ 		 * template. */
+@@ -237,7 +242,7 @@ mkhomedir(const char *user, int flags)
+ 				int res = nftw(get_skel_dir(), copy_single_item, 5,
+ 					       FTW_PHYS);
+ 				/* only now give ownership to the target user */
+-				if (res == 0) {
++				if (res == 0 && !owner_mkdir_first) {
+ 					res = chown(pwd->pw_dir, pwd->pw_uid, pwd->pw_gid);
+ 				}
+ 
+@@ -317,8 +322,11 @@ main(int argc, char **argv)
+ 	umask(override_umask);
+ 	skel_dir = "/etc/skel";
+ 
+-	while ((i = getopt(argc, argv, "nqs:u:")) != -1) {
++	while ((i = getopt(argc, argv, "nqfs:u:")) != -1) {
+ 		switch (i) {
++		case 'f':
++			flags |= FLAG_OWNER_MKDIR_FIRST;
++			break;
+ 		case 'n':
+ 			flags &= ~FLAG_POPULATE;
+ 			break;
+@@ -339,6 +347,8 @@ main(int argc, char **argv)
+ 			break;
+ 		default:
+ 			fprintf(stderr, "Valid options:\n"
++				"-f\tCreate home directory initially owned by user, "
++				"not root. See man page for security issues.\n"
+ 				"-n\tDo not populate home directories, "
+ 				"just create them.\n"
+ 				"-q\tDo not print messages when creating "
+diff --git a/src/oddjobd-mkhomedir.conf.5.in b/src/oddjobd-mkhomedir.conf.5.in
+index d7a2429..6e35ad5 100644
+--- a/src/oddjobd-mkhomedir.conf.5.in
++++ b/src/oddjobd-mkhomedir.conf.5.in
+@@ -10,6 +10,15 @@ directory.
+ 
+ The mkhomedir helper itself accepts these options:
+ .TP
++-f
++Restore behavior before CVE-2020-10737 was fixed: create the home directory
++with user's ownership directly rather than create it as a root and only after
++populating it change to the user's ownership. The former behavior is insecure
++but may be used to allow creation of NFS-mounted home directories when
++non-Kerberos authentication is in use. It is prone for a race condition that
++could be exploited in the NFS-mounted home directories use case. To avoid
++CVE-2020-10737, do not use \fB-f\fR option in production environments.
++.TP
+ -q
+ Refrain from outputting the usual "Creating home directory..." message when it
+ creates a home directory.
+-- 
+2.37.1
+
diff --git a/SPECS/oddjob.spec b/SPECS/oddjob.spec
index d850358..85bfb20 100644
--- a/SPECS/oddjob.spec
+++ b/SPECS/oddjob.spec
@@ -22,9 +22,10 @@
 
 Name: oddjob
 Version: 0.34.7
-Release: 1%{?dist}
+Release: 2%{?dist}
 Source0: https://releases.pagure.org/oddjob/oddjob-%{version}.tar.gz
 Source1: https://releases.pagure.org/oddjob/oddjob-%{version}.tar.gz.asc
+Patch0: oddjob-cve-2020-10737-reversal-option.patch
 
 Summary: A D-Bus service which runs odd jobs on behalf of client applications
 License: BSD
@@ -91,6 +92,7 @@ This package contains a trivial sample oddjob service.
 
 %prep
 %setup -q
+%patch0 -p1
 
 %build
 sample_flag=
@@ -250,6 +252,10 @@ fi
 exit 0
 
 %changelog
+* Wed Aug 17 2022 Alexander Bokovoy <abokovoy@redhat.com> - 0.34.7-2
+- Add a non-default option to revert behavior for CVE-2020-10737 fix
+- Resolved: rhbz#2050079
+
 * Mon Dec 14 18:38:43 EET 2020 Alexander Bokovoy <abokovoy@redhat.com> - 0.34.7-1
 - Upstream release 0.34.7
 - Force LC_ALL=C.UTF-8 in oddjobd systemd service environment