Pullup ticket #4786 - requested by taca

security/openssh: security patch

Revisions pulled up:
- security/openssh/Makefile                                     1.234
- security/openssh/distinfo                                     1.94
- security/openssh/patches/patch-auth2-chall.c                  1.1

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Jul 30 03:20:36 UTC 2015

   Modified Files:
   	pkgsrc/security/openssh: Makefile distinfo
   Added Files:
   	pkgsrc/security/openssh/patches: patch-auth2-chall.c

   Log Message:
   Add fix for CVE-2015-5600 from FreeBSD via NetBSD base.

   Bump PKGREVISION.

3 files changed, 36 insertions, 2 deletions

diff --git a/security/openssh/Makefile b/security/openssh/Makefile
index 6012cafe21e..588dea6e30e 100644
--- a/security/openssh/Makefile
+++ b/security/openssh/Makefile
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.230.2.1 2015/07/14 22:03:39 tron Exp $
+# $NetBSD: Makefile,v 1.230.2.2 2015/08/01 08:56:59 tron Exp $
 
 DISTNAME=		openssh-6.9p1
 PKGNAME=		openssh-6.9.1
+PKGREVISION=		1
 CATEGORIES=		security
 MASTER_SITES=		${MASTER_SITE_OPENBSD:=OpenSSH/portable/}
 
diff --git a/security/openssh/distinfo b/security/openssh/distinfo
index d70414cf0cf..9bd1e551878 100644
--- a/security/openssh/distinfo
+++ b/security/openssh/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.91.2.1 2015/07/14 22:03:39 tron Exp $
+$NetBSD: distinfo,v 1.91.2.2 2015/08/01 08:56:59 tron Exp $
 
 SHA1 (openssh-6.9p1-hpn-20150709.diff.gz) = a39571c1cdb13382631a1d9cfe89b82fb346c92c
 RMD160 (openssh-6.9p1-hpn-20150709.diff.gz) = 8bb077e7ecbc7550386a050209e84d6f4d895788
@@ -11,6 +11,7 @@ SHA1 (patch-auth-passwd.c) = 32da596dd9b255ffdd8168e6ea6f62596304b116
 SHA1 (patch-auth-rhosts.c) = 5752c384f1fd81ed6ef21707fa2b9743a3891987
 SHA1 (patch-auth.c) = 80f1c5ad8ea01a3c9dedce4eef1b625640958450
 SHA1 (patch-auth1.c) = 0bb4bc35e2ca2cd03c5596dadcd2ffb4329091a7
+SHA1 (patch-auth2-chall.c) = 9edd679fc0a1d128786cea8939e804adb400c3c9
 SHA1 (patch-auth2.c) = 831139b9cdbd9b4d3429ea1aba176daf78be3405
 SHA1 (patch-channels.c) = 9ad160fd1c2c7fabbea3d49dacb36036d13adfaa
 SHA1 (patch-clientloop.c) = 11d44815ec39030ae20cb75727acff8c8e91144e
diff --git a/security/openssh/patches/patch-auth2-chall.c b/security/openssh/patches/patch-auth2-chall.c
new file mode 100644
index 00000000000..bbf296bdd05
--- /dev/null
+++ b/security/openssh/patches/patch-auth2-chall.c
@@ -0,0 +1,32 @@
+$NetBSD: patch-auth2-chall.c,v 1.1.2.2 2015/08/01 08:56:59 tron Exp $
+
+Fix for CVE-2015-5600 from FreeBSD via NetBSD base.
+
+--- auth2-chall.c.orig	2015-07-01 02:35:31.000000000 +0000
++++ auth2-chall.c
+@@ -83,6 +83,7 @@ struct KbdintAuthctxt
+ 	void *ctxt;
+ 	KbdintDevice *device;
+ 	u_int nreq;
++	u_int devices_done;
+ };
+ 
+ #ifdef USE_PAM
+@@ -169,11 +170,15 @@ kbdint_next_device(Authctxt *authctxt, K
+ 		if (len == 0)
+ 			break;
+ 		for (i = 0; devices[i]; i++) {
+-			if (!auth2_method_allowed(authctxt,
++			if ((kbdintctxt->devices_done & (1 << i)) != 0 ||
++			    !auth2_method_allowed(authctxt,
+ 			    "keyboard-interactive", devices[i]->name))
+ 				continue;
+-			if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0)
++			if (strncmp(kbdintctxt->devices, devices[i]->name,
++			    len) == 0) {
+ 				kbdintctxt->device = devices[i];
++				kbdintctxt->devices_done |= 1 << i;
++			}
+ 		}
+ 		t = kbdintctxt->devices;
+ 		kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL;