From 09320cf61ab861f5907f4edfcce4b72ece559d48 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Mar 21 2017 09:12:44 +0000
Subject: Fix typo in sandbox code, that got out after release


http://lists.mindrot.org/pipermail/openssh-unix-dev/2017-March/035879.html

---

diff --git a/openssh-7.5p1-sandbox-typo.patch b/openssh-7.5p1-sandbox-typo.patch
new file mode 100644
index 0000000..dd5f1fa
--- /dev/null
+++ b/openssh-7.5p1-sandbox-typo.patch
@@ -0,0 +1,13 @@
+diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
+index 3a1aedce72c2..a8d472a63ccb 100644
+--- a/sandbox-seccomp-filter.c
++++ b/sandbox-seccomp-filter.c
+@@ -235,7 +235,7 @@ static const struct sock_filter preauth_insns[] = {
+ 	 * x86-64 syscall under some circumstances, e.g.
+ 	 * https://bugs.debian.org/849923
+ 	 */
+-	SC_ALLOW(__NR_clock_gettime & ~__X32_SYSCALL_BIT);
++	SC_ALLOW(__NR_clock_gettime & ~__X32_SYSCALL_BIT),
+ #endif
+ 
+ 	/* Default deny */
diff --git a/openssh.spec b/openssh.spec
index 2970509..f07d64d 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -228,6 +228,8 @@ Patch942: openssh-7.2p2-chroot-capabilities.patch
 Patch944: openssh-7.3p1-x11-max-displays.patch
 # Help systemd to track the running service
 Patch948: openssh-7.4p1-systemd.patch
+# Fix typo in sandbox code
+Patch949: openssh-7.5p1-sandbox-typo.patch
 
 
 License: BSD
@@ -463,6 +465,7 @@ popd
 %patch942 -p1 -b .chroot-cap
 %patch944 -p1 -b .x11max
 %patch948 -p1 -b .systemd
+%patch949 -p1 -b .sandbox
 
 %patch200 -p1 -b .audit
 %patch201 -p1 -b .audit-race