From cf82fe16ce092d0a13939b18858c127e8d82888a Mon Sep 17 00:00:00 2001
From: Old openssh patches <pcerny@suse.com>
Date: Wed, 26 Oct 2022 09:54:18 +0200
Subject: [PATCH] openssh-7.2p2-ignore_PAM_with_UseLogin

# HG changeset patch
# Parent  3067fa1af457d335834b5328e0d846e206ea804d

Do not import PAM environment variables when using login, since it may have
security implications.

CVE-2015-8325
bsc#975865

Backport of upstream commit 85bdcd7c92fe7ff133bbc4e10a65c91810f88755
---
 session.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/session.c b/session.c
index 89bbf859..efd25f53 100644
--- a/session.c
+++ b/session.c
@@ -1356,7 +1356,7 @@ do_setup_env(Session *s, const char *shell, int *env_size)
 	 * Pull in any environment variables that may have
 	 * been set by PAM.
 	 */
-	if (options.use_pam) {
+	if (options.use_pam && !options.use_login) {
 		char **p;
 
 		p = fetch_pam_child_environment();
-- 
2.38.0