From cf4e3a1844e00e426fe00f083e515166d095748d Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Mon, 18 Apr 2016 12:39:11 +0200
Subject: [PATCH] Fix for CVE-2015-8325 (#1328013)

---
 openssh-7.2p2-CVE-2015-8325.patch | 32 +++++++++++++++++++++++++++++++
 openssh.spec                      |  3 +++
 2 files changed, 35 insertions(+)
 create mode 100644 openssh-7.2p2-CVE-2015-8325.patch

diff --git a/openssh-7.2p2-CVE-2015-8325.patch b/openssh-7.2p2-CVE-2015-8325.patch
new file mode 100644
index 0000000..4224051
--- /dev/null
+++ b/openssh-7.2p2-CVE-2015-8325.patch
@@ -0,0 +1,32 @@
+From 85bdcd7c92fe7ff133bbc4e10a65c91810f88755 Mon Sep 17 00:00:00 2001
+From: Damien Miller <djm@mindrot.org>
+Date: Wed, 13 Apr 2016 10:39:57 +1000
+Subject: ignore PAM environment vars when UseLogin=yes
+
+If PAM is configured to read user-specified environment variables
+and UseLogin=yes in sshd_config, then a hostile local user may
+attack /bin/login via LD_PRELOAD or similar environment variables
+set via PAM.
+
+CVE-2015-8325, found by Shayan Sadigh, via Colin Watson
+---
+ session.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/session.c b/session.c
+index 4859245..4653b09 100644
+--- a/session.c
++++ b/session.c
+@@ -1322,7 +1322,7 @@ do_setup_env(Session *s, const char *shell)
+ 	 * Pull in any environment variables that may have
+ 	 * been set by PAM.
+ 	 */
+-	if (options.use_pam) {
++	if (options.use_pam && !options.use_login) {
+ 		char **p;
+ 
+ 		p = fetch_pam_child_environment();
+-- 
+cgit v0.11.2
+
+
diff --git a/openssh.spec b/openssh.spec
index 63b4584..248f8fe 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -228,6 +228,8 @@ Patch933: openssh-7.0p1-show-more-fingerprints.patch
 # Preserve IUTF8 tty mode flag over ssh connections (#1270248)
 # https://bugzilla.mindrot.org/show_bug.cgi?id=2477
 Patch936: openssh-7.1p1-iutf8.patch
+# CVE-2015-8325: ignore PAM environment vars when UseLogin=yes
+Patch937: openssh-7.2p2-CVE-2015-8325.patch
 
 
 License: BSD
@@ -462,6 +464,7 @@ popd
 %patch932 -p1 -b .gsskexalg
 %patch933 -p1 -b .fingerprint
 %patch936 -p1 -b .iutf8
+%patch937 -p1 -b .pam_uselogin_cve
 
 %patch200 -p1 -b .audit
 %patch201 -p1 -b .audit-race