Update to 7.1p1:

Changes since OpenSSH 7.0
=========================

This is a bugfix release.

Security
--------

 * sshd(8): OpenSSH 7.0 contained a logic error in PermitRootLogin=
   prohibit-password/without-password that could, depending on
   compile-time configuration, permit password authentication to
   root while preventing other forms of authentication. This problem
   was reported by Mantas Mikulenas.

Bugfixes
--------

 * ssh(1), sshd(8): add compatability workarounds for FuTTY

 * ssh(1), sshd(8): refine compatability workarounds for WinSCP

 * Fix a number of memory faults (double-free, free of uninitialised
   memory, etc) in ssh(1) and ssh-keygen(1). Reported by Mateusz
   Kocielski.

3 files changed, 7 insertions, 44 deletions

diff --git a/security/openssh/Makefile b/security/openssh/Makefile
index 8f623ef7f06..080fde1d3d0 100644
--- a/security/openssh/Makefile
+++ b/security/openssh/Makefile
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.235 2015/08/14 08:57:00 jperkin Exp $
+# $NetBSD: Makefile,v 1.236 2015/08/21 08:12:09 wiz Exp $
 
-DISTNAME=		openssh-6.9p1
-PKGNAME=		openssh-6.9.1
-PKGREVISION=		2
+DISTNAME=		openssh-7.1p1
+PKGNAME=		${DISTNAME:S/p1/.1/}
 CATEGORIES=		security
 MASTER_SITES=		${MASTER_SITE_OPENBSD:=OpenSSH/portable/}
 
diff --git a/security/openssh/distinfo b/security/openssh/distinfo
index 3a7fe49d531..b419bd0095f 100644
--- a/security/openssh/distinfo
+++ b/security/openssh/distinfo
@@ -1,17 +1,13 @@
-$NetBSD: distinfo,v 1.95 2015/08/14 08:57:00 jperkin Exp $
+$NetBSD: distinfo,v 1.96 2015/08/21 08:12:09 wiz Exp $
 
-SHA1 (openssh-6.9p1-hpn-20150709.diff.gz) = a39571c1cdb13382631a1d9cfe89b82fb346c92c
-RMD160 (openssh-6.9p1-hpn-20150709.diff.gz) = 8bb077e7ecbc7550386a050209e84d6f4d895788
-Size (openssh-6.9p1-hpn-20150709.diff.gz) = 13370 bytes
-SHA1 (openssh-6.9p1.tar.gz) = 86ab57f00d0fd9bf302760f2f6deac1b6e9df265
-RMD160 (openssh-6.9p1.tar.gz) = 4fb2f0a0280db51024bf72b0f5cd3912d25cb59a
-Size (openssh-6.9p1.tar.gz) = 1487617 bytes
+SHA1 (openssh-7.1p1.tar.gz) = ed22af19f962262c493fcc6ed8c8826b2761d9b6
+RMD160 (openssh-7.1p1.tar.gz) = 2c97ea10099fa8658156c0351d60d715655b9b07
+Size (openssh-7.1p1.tar.gz) = 1493170 bytes
 SHA1 (patch-Makefile.in) = 2bf52a85ecdebac3aa299b25ecb561218a3316a2
 SHA1 (patch-auth-passwd.c) = 32da596dd9b255ffdd8168e6ea6f62596304b116
 SHA1 (patch-auth-rhosts.c) = 5752c384f1fd81ed6ef21707fa2b9743a3891987
 SHA1 (patch-auth.c) = 80f1c5ad8ea01a3c9dedce4eef1b625640958450
 SHA1 (patch-auth1.c) = 0bb4bc35e2ca2cd03c5596dadcd2ffb4329091a7
-SHA1 (patch-auth2-chall.c) = 9edd679fc0a1d128786cea8939e804adb400c3c9
 SHA1 (patch-auth2.c) = 8a939381f72968d74a7df508a072dfb10f400284
 SHA1 (patch-channels.c) = 9ad160fd1c2c7fabbea3d49dacb36036d13adfaa
 SHA1 (patch-clientloop.c) = 11d44815ec39030ae20cb75727acff8c8e91144e
diff --git a/security/openssh/patches/patch-auth2-chall.c b/security/openssh/patches/patch-auth2-chall.c
deleted file mode 100644
index 4bd9a792f10..00000000000
--- a/security/openssh/patches/patch-auth2-chall.c
+++ /dev/null
@@ -1,32 +0,0 @@
-$NetBSD: patch-auth2-chall.c,v 1.1 2015/07/30 03:20:36 taca Exp $
-
-Fix for CVE-2015-5600 from FreeBSD via NetBSD base.
-
---- auth2-chall.c.orig	2015-07-01 02:35:31.000000000 +0000
-+++ auth2-chall.c
-@@ -83,6 +83,7 @@ struct KbdintAuthctxt
- 	void *ctxt;
- 	KbdintDevice *device;
- 	u_int nreq;
-+	u_int devices_done;
- };
- 
- #ifdef USE_PAM
-@@ -169,11 +170,15 @@ kbdint_next_device(Authctxt *authctxt, K
- 		if (len == 0)
- 			break;
- 		for (i = 0; devices[i]; i++) {
--			if (!auth2_method_allowed(authctxt,
-+			if ((kbdintctxt->devices_done & (1 << i)) != 0 ||
-+			    !auth2_method_allowed(authctxt,
- 			    "keyboard-interactive", devices[i]->name))
- 				continue;
--			if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0)
-+			if (strncmp(kbdintctxt->devices, devices[i]->name,
-+			    len) == 0) {
- 				kbdintctxt->device = devices[i];
-+				kbdintctxt->devices_done |= 1 << i;
-+			}
- 		}
- 		t = kbdintctxt->devices;
- 		kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL;