openssh: security fix for CVE-2015-8325.

> Subject: ignore PAM environment vars when UseLogin=yes
>
> If PAM is configured to read user-specified environment variables
> and UseLogin=yes in sshd_config, then a hostile local user may
> attack /bin/login via LD_PRELOAD or similar environment variables
> set via PAM.
>
> CVE-2015-8325, found by Shayan Sadigh, via Colin Watson

srcpkgs/openssh/patches/CVE-2015-8325.patch

@@ -0,0 +1,22 @@
+From: Damien Miller <djm@mindrot.org>
+Date: Wed, 13 Apr 2016 10:39:57 +1000
+Subject: ignore PAM environment vars when UseLogin=yes
+
+If PAM is configured to read user-specified environment variables
+and UseLogin=yes in sshd_config, then a hostile local user may
+attack /bin/login via LD_PRELOAD or similar environment variables
+set via PAM.
+
+CVE-2015-8325, found by Shayan Sadigh, via Colin Watson
+
+--- session.c
++++ session.c
+@@ -1322,7 +1322,7 @@ do_setup_env(Session *s, const char *shell)
+ 	 * Pull in any environment variables that may have
+ 	 * been set by PAM.
+ 	 */
+-	if (options.use_pam) {
++	if (options.use_pam && !options.use_login) {
+ 		char **p;
+ 
+ 		p = fetch_pam_child_environment();

srcpkgs/openssh/template

@@ -1,7 +1,7 @@
 # Template file for 'openssh'
 pkgname=openssh
 version=7.2p2
-revision=2
+revision=3
 build_style=gnu-configure
 configure_args="--datadir=/usr/share/openssh
  --sysconfdir=/etc/ssh --without-selinux --with-privsep-user=nobody