From 55520c56911a18124befebb77ef5154910d45ee8 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Fri, 21 Sep 2018 09:50:42 +0200
Subject: [PATCH] Fix sandbox for conditional gssapi authentication (#1580017)

Upstream:
https://bugzilla.mindrot.org/attachment.cgi?id=3168&action=diff
---
 openssh-7.8p1-gsskex.patch | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/openssh-7.8p1-gsskex.patch b/openssh-7.8p1-gsskex.patch
index f655f21..6a350c7 100644
--- a/openssh-7.8p1-gsskex.patch
+++ b/openssh-7.8p1-gsskex.patch
@@ -2617,15 +2617,16 @@ diff -up openssh/sshconnect2.c.gsskex openssh/sshconnect2.c
 diff -up openssh/sshd.c.gsskex openssh/sshd.c
 --- openssh/sshd.c.gsskex	2018-08-22 11:47:33.299216360 +0200
 +++ openssh/sshd.c	2018-08-22 13:34:28.455975954 +0200
-@@ -537,7 +537,7 @@ privsep_preauth_child(void)
+@@ -537,8 +537,7 @@ privsep_preauth_child(void)
  
  #ifdef GSSAPI
  	/* Cache supported mechanism OIDs for later use */
 -	if (options.gss_authentication)
-+	if (options.gss_authentication || options.gss_keyex)
- 		ssh_gssapi_prepare_supported_oids();
+-		ssh_gssapi_prepare_supported_oids();
++	ssh_gssapi_prepare_supported_oids();
  #endif
  
+ 	reseed_prngs();
 @@ -887,8 +887,9 @@ notify_hostkeys(struct ssh *ssh)
  	}
  	debug3("%s: sent %u hostkeys", __func__, nkeys);