4 files changed, 22 insertions, 33 deletions

diff --git a/security/openssh/Makefile b/security/openssh/Makefile
index 4a598466de4..119a1c9b55c 100644
--- a/security/openssh/Makefile
+++ b/security/openssh/Makefile
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.248 2016/07/10 10:41:38 rillig Exp $
+# $NetBSD: Makefile,v 1.249 2016/09/18 17:30:10 taca Exp $
 
-DISTNAME=		openssh-7.2p2
-PKGNAME=		${DISTNAME:S/p2/.2/}
-PKGREVISION=		3
+DISTNAME=		openssh-7.3p1
+PKGNAME=		${DISTNAME:S/p1/.1/}
 CATEGORIES=		security
 MASTER_SITES=		${MASTER_SITE_OPENBSD:=OpenSSH/portable/}
 
diff --git a/security/openssh/distinfo b/security/openssh/distinfo
index 7aec83df872..f776fb466d5 100644
--- a/security/openssh/distinfo
+++ b/security/openssh/distinfo
@@ -1,11 +1,11 @@
-$NetBSD: distinfo,v 1.101 2016/06/06 08:55:35 taca Exp $
+$NetBSD: distinfo,v 1.102 2016/09/18 17:30:10 taca Exp $
 
-SHA1 (openssh-7.2p2.tar.gz) = 70e35d7d6386fe08abbd823b3a12a3ca44ac6d38
-RMD160 (openssh-7.2p2.tar.gz) = d18d73719ceeefa5116b5b741124f3604d7ddb99
-SHA512 (openssh-7.2p2.tar.gz) = 44f62b3a7bc50a0735d496a5aedeefb71550d8c10ad8f22b94e29fcc8084842db96e8c4ca41fced17af69e1aab09ed1182a12ad8650d9a46fd8743a0344df95b
-Size (openssh-7.2p2.tar.gz) = 1499808 bytes
+SHA1 (openssh-7.3p1.tar.gz) = bfade84283fcba885e2084343ab19a08c7d123a5
+RMD160 (openssh-7.3p1.tar.gz) = 823fc1e16c5d27a2361ed0b22f5ee24be11d2c13
+SHA512 (openssh-7.3p1.tar.gz) = 7ba2d6140f38bd359ebf32ef17626e0ae1c00c3a38c01877b7c6b0317d030f10a8f82a0a51fc3b6273619de9ed73e24b8cf107b1e968f927053a3bedf97ff801
+Size (openssh-7.3p1.tar.gz) = 1522617 bytes
 SHA1 (patch-Makefile.in) = 98960119bda68a663214c8880484552f1207bcfc
-SHA1 (patch-auth-passwd.c) = 92c487cc3c092efb56f8b4ac4ca08ccd67803a83
+SHA1 (patch-auth-passwd.c) = 5205ca4d15dbcd3f4c574f0a2fb7713ae69af5f7
 SHA1 (patch-auth-rhosts.c) = a5e6131e63b83a7e8a06cd80f22def449d6bc2c4
 SHA1 (patch-auth.c) = cd13f8b31b45d668c5e09eca098b17ec8a7c1039
 SHA1 (patch-auth1.c) = cdac14ffa4008e62926526e66316b0a553435374
@@ -23,7 +23,7 @@ SHA1 (patch-openbsd-compat_port-tun.c) = 690dfb1f945d186dd3de5bea70ed8fab86e590e
 SHA1 (patch-platform.c) = f8f211dbc5e596c0f82eb86324d18a84c6151ec5
 SHA1 (patch-sandbox-darwin.c) = c9a1fe2e4dbf98e929d983b4206a244e0e354b75
 SHA1 (patch-scp.c) = 9c2317b0f796641903a826db355ba06595a26ea1
-SHA1 (patch-session.c) = 2a7276382278f70ac1d8f51f273e8ffa2c0c59d2
+SHA1 (patch-session.c) = 850cef27299cf8af6a19987d5e070bf501cd57fb
 SHA1 (patch-sftp-common.c) = 6819aa040c8f1caa30a704cf6f0588e498df8778
 SHA1 (patch-ssh.c) = 6877d8205d999906c14240d4d112b084609927ca
 SHA1 (patch-sshd.8) = 5bf48cd27cef8e8810b9dc7115f5180102a345d1
diff --git a/security/openssh/patches/patch-auth-passwd.c b/security/openssh/patches/patch-auth-passwd.c
index 4cc6a057996..dbdbce7302d 100644
--- a/security/openssh/patches/patch-auth-passwd.c
+++ b/security/openssh/patches/patch-auth-passwd.c
@@ -1,11 +1,11 @@
-$NetBSD: patch-auth-passwd.c,v 1.3 2016/01/18 12:53:26 jperkin Exp $
+$NetBSD: patch-auth-passwd.c,v 1.4 2016/09/18 17:30:11 taca Exp $
 
 Replace uid 0 with ROOTUID macro
 
---- auth-passwd.c.orig	2015-08-21 04:49:03.000000000 +0000
+--- auth-passwd.c.orig	2016-07-27 22:54:27.000000000 +0000
 +++ auth-passwd.c
-@@ -88,7 +88,7 @@ auth_password(Authctxt *authctxt, const 
- #endif
+@@ -93,7 +93,7 @@ auth_password(Authctxt *authctxt, const 
+ 		return 0;
  
  #ifndef HAVE_CYGWIN
 -	if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
@@ -13,7 +13,7 @@ Replace uid 0 with ROOTUID macro
  		ok = 0;
  #endif
  	if (*password == '\0' && options.permit_empty_passwd == 0)
-@@ -123,7 +123,12 @@ auth_password(Authctxt *authctxt, const 
+@@ -128,7 +128,12 @@ auth_password(Authctxt *authctxt, const 
  			authctxt->force_pwchange = 1;
  	}
  #endif
diff --git a/security/openssh/patches/patch-session.c b/security/openssh/patches/patch-session.c
index 16be597f95a..5666fd2151a 100644
--- a/security/openssh/patches/patch-session.c
+++ b/security/openssh/patches/patch-session.c
@@ -1,11 +1,10 @@
-$NetBSD: patch-session.c,v 1.6 2016/06/06 08:55:35 taca Exp $
+$NetBSD: patch-session.c,v 1.7 2016/09/18 17:30:11 taca Exp $
 
 * Interix support.
-* Fix for CVE-2015-8325
 
---- session.c.orig	2016-03-09 18:04:48.000000000 +0000
+--- session.c.orig	2016-07-27 22:54:27.000000000 +0000
 +++ session.c
-@@ -1117,7 +1117,7 @@ read_etc_default_login(char ***env, u_in
+@@ -1120,7 +1120,7 @@ read_etc_default_login(char ***env, u_in
  	if (tmpenv == NULL)
  		return;
  
@@ -14,7 +13,7 @@ $NetBSD: patch-session.c,v 1.6 2016/06/06 08:55:35 taca Exp $
  		var = child_get_env(tmpenv, "SUPATH");
  	else
  		var = child_get_env(tmpenv, "PATH");
-@@ -1226,7 +1226,7 @@ do_setup_env(Session *s, const char *she
+@@ -1230,7 +1230,7 @@ do_setup_env(Session *s, const char *she
  #  endif /* HAVE_ETC_DEFAULT_LOGIN */
  		if (path == NULL || *path == '\0') {
  			child_set_env(&env, &envsize, "PATH",
@@ -23,16 +22,7 @@ $NetBSD: patch-session.c,v 1.6 2016/06/06 08:55:35 taca Exp $
  				SUPERUSER_PATH : _PATH_STDPATH);
  		}
  # endif /* HAVE_CYGWIN */
-@@ -1317,7 +1317,7 @@ do_setup_env(Session *s, const char *she
- 	 * Pull in any environment variables that may have
- 	 * been set by PAM.
- 	 */
--	if (options.use_pam) {
-+	if (options.use_pam && !options.use_login) {
- 		char **p;
- 
- 		p = fetch_pam_child_environment();
-@@ -1340,6 +1340,18 @@ do_setup_env(Session *s, const char *she
+@@ -1346,6 +1346,18 @@ do_setup_env(Session *s, const char *she
  		    strcmp(pw->pw_dir, "/") ? pw->pw_dir : "");
  		read_environment_file(&env, &envsize, buf);
  	}
@@ -51,7 +41,7 @@ $NetBSD: patch-session.c,v 1.6 2016/06/06 08:55:35 taca Exp $
  	if (debug_flag) {
  		/* dump the environment */
  		fprintf(stderr, "Environment:\n");
-@@ -1531,11 +1543,13 @@ do_setusercontext(struct passwd *pw)
+@@ -1537,11 +1549,13 @@ do_setusercontext(struct passwd *pw)
  			perror("setgid");
  			exit(1);
  		}
@@ -65,7 +55,7 @@ $NetBSD: patch-session.c,v 1.6 2016/06/06 08:55:35 taca Exp $
  		endgrent();
  #endif
  
-@@ -2381,7 +2395,7 @@ session_pty_cleanup2(Session *s)
+@@ -2388,7 +2402,7 @@ session_pty_cleanup2(Session *s)
  		record_logout(s->pid, s->tty, s->pw->pw_name);
  
  	/* Release the pseudo-tty. */