From c6d2eca7dec83bfbc642117609984d8b40989de8 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Thu, 23 Jul 2015 11:06:11 +0200
Subject: [PATCH] only query each keyboard-interactive device once (#1245971)

Upstream commit
https://anongit.mindrot.org/openssh.git/commit/?id=5b64f85bb811246c59ebab70aed331f26ba37b18
---
 ...h-6.9p1-authentication-limits-bypass.patch | 47 +++++++++++++++++++
 openssh.spec                                  |  3 ++
 2 files changed, 50 insertions(+)
 create mode 100644 openssh-6.9p1-authentication-limits-bypass.patch

diff --git a/openssh-6.9p1-authentication-limits-bypass.patch b/openssh-6.9p1-authentication-limits-bypass.patch
new file mode 100644
index 0000000..10bde94
--- /dev/null
+++ b/openssh-6.9p1-authentication-limits-bypass.patch
@@ -0,0 +1,47 @@
+From 5b64f85bb811246c59ebab70aed331f26ba37b18 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Sat, 18 Jul 2015 07:57:14 +0000
+Subject: upstream commit
+
+only query each keyboard-interactive device once per
+ authentication request regardless of how many times it is listed; ok markus@
+
+Upstream-ID: d73fafba6e86030436ff673656ec1f33d9ffeda1
+---
+ auth2-chall.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/auth2-chall.c b/auth2-chall.c
+index ddabe1a..4aff09d 100644
+--- a/auth2-chall.c
++++ b/auth2-chall.c
+@@ -83,6 +83,7 @@ struct KbdintAuthctxt
+ 	void *ctxt;
+ 	KbdintDevice *device;
+ 	u_int nreq;
++	u_int devices_done;
+ };
+ 
+ #ifdef USE_PAM
+@@ -169,11 +170,15 @@ kbdint_next_device(Authctxt *authctxt, KbdintAuthctxt *kbdintctxt)
+ 		if (len == 0)
+ 			break;
+ 		for (i = 0; devices[i]; i++) {
+-			if (!auth2_method_allowed(authctxt,
++			if ((kbdintctxt->devices_done & (1 << i)) != 0 ||
++			    !auth2_method_allowed(authctxt,
+ 			    "keyboard-interactive", devices[i]->name))
+ 				continue;
+-			if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0)
++			if (strncmp(kbdintctxt->devices, devices[i]->name,
++			    len) == 0) {
+ 				kbdintctxt->device = devices[i];
++				kbdintctxt->devices_done |= 1 << i;
++			}
+ 		}
+ 		t = kbdintctxt->devices;
+ 		kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL;
+-- 
+cgit v0.11.2
+
+
diff --git a/openssh.spec b/openssh.spec
index 0c95177..df0c85f 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -223,6 +223,8 @@ Patch926: openssh-6.7p1-sftp-force-permission.patch
 Patch928: openssh-6.8p1-memory-problems.patch
 # Restore compatible default (#89216)
 Patch929: openssh-6.9p1-permit-root-login.patch
+# authentication limits (MaxAuthTries) bypass [security] (#1245971)
+Patch930: openssh-6.9p1-authentication-limits-bypass.patch
 
 
 
@@ -446,6 +448,7 @@ popd
 %patch926 -p1 -b .sftp-force-mode
 %patch928 -p1 -b .memory
 %patch929 -p1 -b .root-login
+%patch930 -p1 -b .kbd
 
 %patch200 -p1 -b .audit
 %patch700 -p1 -b .fips