From c08aa4b8b17ffd59345535e6298931a8bae8ba06 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 18 Oct 2017 14:40:59 +0200
Subject: [PATCH] Fix after-release bug in PermitOpen (posted on ML)

---
 openssh-7.6p1-permitopen-bug.patch | 47 ++++++++++++++++++++++++++++++
 openssh.spec                       |  3 ++
 2 files changed, 50 insertions(+)
 create mode 100644 openssh-7.6p1-permitopen-bug.patch

diff --git a/openssh-7.6p1-permitopen-bug.patch b/openssh-7.6p1-permitopen-bug.patch
new file mode 100644
index 0000000..3dd4a57
--- /dev/null
+++ b/openssh-7.6p1-permitopen-bug.patch
@@ -0,0 +1,47 @@
+From 7c9613fac3371cf65fb07739212cdd1ebf6575da Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Wed, 4 Oct 2017 18:49:30 +0000
+Subject: [PATCH] upstream commit
+
+fix (another) problem in PermitOpen introduced during the
+channels.c refactor: the third and subsequent arguments to PermitOpen were
+being silently ignored; ok markus@
+
+Upstream-ID: 067c89f1f53cbc381628012ba776d6861e6782fd
+---
+ servconf.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/servconf.c b/servconf.c
+index 2c321a4ad..956862959 100644
+--- a/servconf.c
++++ b/servconf.c
+@@ -1,5 +1,5 @@
+ 
+-/* $OpenBSD: servconf.c,v 1.312 2017/10/02 19:33:20 djm Exp $ */
++/* $OpenBSD: servconf.c,v 1.313 2017/10/04 18:49:30 djm Exp $ */
+ /*
+  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+  *                    All rights reserved
+@@ -1663,9 +1663,9 @@ process_server_config_line(ServerOptions *options, char *line,
+ 		if (!arg || *arg == '\0')
+ 			fatal("%s line %d: missing PermitOpen specification",
+ 			    filename, linenum);
+-		i = options->num_permitted_opens;	/* modified later */
++		value = options->num_permitted_opens;	/* modified later */
+ 		if (strcmp(arg, "any") == 0 || strcmp(arg, "none") == 0) {
+-			if (*activep && i == 0) {
++			if (*activep && value == 0) {
+ 				options->num_permitted_opens = 1;
+ 				options->permitted_opens = xcalloc(1,
+ 				    sizeof(*options->permitted_opens));
+@@ -1683,7 +1683,7 @@ process_server_config_line(ServerOptions *options, char *line,
+ 			if (arg == NULL || ((port = permitopen_port(arg)) < 0))
+ 				fatal("%s line %d: bad port number in "
+ 				    "PermitOpen", filename, linenum);
+-			if (*activep && i == 0) {
++			if (*activep && value == 0) {
+ 				options->permitted_opens = xrecallocarray(
+ 				    options->permitted_opens,
+ 				    options->num_permitted_opens,
+
diff --git a/openssh.spec b/openssh.spec
index 81672c2..681e2fe 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -231,6 +231,8 @@ Patch948: openssh-7.4p1-systemd.patch
 Patch949: openssh-7.6p1-cleanup-selinux.patch
 # Sandbox adjustments for s390 and audit
 Patch950: openssh-7.5p1-sandbox.patch
+# PermitOpen bug in OpenSSH 7.6:
+Patch951: openssh-7.6p1-permitopen-bug.patch
 
 
 License: BSD
@@ -455,6 +457,7 @@ popd
 %patch807 -p1 -b .gsskex-ec
 %patch949 -p1 -b .refactor
 %patch950 -p1 -b .sandbox
+%patch951 -p1 -b .permitOpen
 
 %patch200 -p1 -b .audit
 %patch201 -p1 -b .audit-race