<pre style='margin:0'>
Mihai Moldovan (Ionic) pushed a commit to branch master
in repository macports-ports.
</pre>
<p><a href="https://github.com/macports/macports-ports/commit/439a81a91ea103342b41c8a4b091843615e540b2">https://github.com/macports/macports-ports/commit/439a81a91ea103342b41c8a4b091843615e540b2</a></p>
<pre style="white-space: pre; background: #F8F8F8">The following commit(s) were added to refs/heads/master by this push:
<span style='display:block; white-space:pre;color:#404040;'> new 439a81a net/openssh: potentially fix memory leaks on 10.7-.
</span>439a81a is described below
<span style='display:block; white-space:pre;color:#808000;'>commit 439a81a91ea103342b41c8a4b091843615e540b2
</span>Author: Mihai Moldovan <ionic@ionic.de>
AuthorDate: Sat Nov 2 05:56:05 2019 +0100
<span style='display:block; white-space:pre;color:#404040;'> net/openssh: potentially fix memory leaks on 10.7-.
</span><span style='display:block; white-space:pre;color:#404040;'>
</span><span style='display:block; white-space:pre;color:#404040;'> Users on 10.7- experienced a set of messages along those lines while
</span><span style='display:block; white-space:pre;color:#404040;'> executing ssh-add:
</span><span style='display:block; white-space:pre;color:#404040;'>
</span><span style='display:block; white-space:pre;color:#404040;'> objc[<bumber>]: Object <address> of class __NSCFString autoreleased with
</span><span style='display:block; white-space:pre;color:#404040;'> no pool in place - just leaking - break on objc_autoreleaseNoPool() to
</span><span style='display:block; white-space:pre;color:#404040;'> debug
</span><span style='display:block; white-space:pre;color:#404040;'>
</span><span style='display:block; white-space:pre;color:#404040;'> Such messages scare users, even though, strictly speaking, memory leaks
</span><span style='display:block; white-space:pre;color:#404040;'> in ssh-add should be benign. This application has a short life time and
</span><span style='display:block; white-space:pre;color:#404040;'> (almost never) processes large amounts of data, so even if memory is
</span><span style='display:block; white-space:pre;color:#404040;'> leaked, the impact of these leaks should be ignorable.
</span><span style='display:block; white-space:pre;color:#404040;'>
</span><span style='display:block; white-space:pre;color:#404040;'> The *reason* for this message is mystifying me, since I cannot reproduce
</span><span style='display:block; white-space:pre;color:#404040;'> this on 10.9.
</span><span style='display:block; white-space:pre;color:#404040;'>
</span><span style='display:block; white-space:pre;color:#404040;'> Generally, Cocoa only creates one global autorelease pool for the main
</span><span style='display:block; white-space:pre;color:#404040;'> thread, but not other threads. ssh-add itself shouldn't be
</span><span style='display:block; white-space:pre;color:#404040;'> multi-threaded as far as I could see (which might be wrong), so this
</span><span style='display:block; white-space:pre;color:#404040;'> can't be the correct explanation.
</span><span style='display:block; white-space:pre;color:#404040;'>
</span><span style='display:block; white-space:pre;color:#404040;'> It looks like global autorelease pools are also not generated for
</span><span style='display:block; white-space:pre;color:#404040;'> Foundation-only applications, which essentially is happening here.
</span><span style='display:block; white-space:pre;color:#404040;'>
</span><span style='display:block; white-space:pre;color:#404040;'> The mystery is that at least 10.7 should already have proper ARC support
</span><span style='display:block; white-space:pre;color:#404040;'> and hence applications should not use NSAutoreleasePool directly anyway,
</span><span style='display:block; white-space:pre;color:#404040;'> but let ARC handle this stuff or only use local
</span><span style='display:block; white-space:pre;color:#404040;'> @autoreleasepool { blocks }, which are equally handled by ARC.
</span><span style='display:block; white-space:pre;color:#404040;'>
</span><span style='display:block; white-space:pre;color:#404040;'> For some reason, this doesn't seem to happen here.
</span><span style='display:block; white-space:pre;color:#404040;'>
</span><span style='display:block; white-space:pre;color:#404040;'> Let's work around this issue by creating an NSAutoreleasePool instance
</span><span style='display:block; white-space:pre;color:#404040;'> at the top of each function in keychain.m (the easy part) and drain the
</span><span style='display:block; white-space:pre;color:#404040;'> pool before exiting the function (the not-so-easy part, because most
</span><span style='display:block; white-space:pre;color:#404040;'> functions have multiple exit points).
</span><span style='display:block; white-space:pre;color:#404040;'>
</span><span style='display:block; white-space:pre;color:#404040;'> The code looks a bit ugly that way, but it should rid us of the nasty
</span><span style='display:block; white-space:pre;color:#404040;'> leak message that is confusing users.
</span><span style='display:block; white-space:pre;color:#404040;'>
</span><span style='display:block; white-space:pre;color:#404040;'> Fixes: https://trac.macports.org/ticket/59498
</span>---
net/openssh/Portfile | 2 +-
...-Apple-keychain-integration-other-changes.patch | 228 +++++++++++++++++----
2 files changed, 192 insertions(+), 38 deletions(-)
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/openssh/Portfile b/net/openssh/Portfile
</span><span style='display:block; white-space:pre;color:#808080;'>index 69c5edc..8313909 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/net/openssh/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/openssh/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -6,7 +6,7 @@ PortGroup compiler_blacklist_versions 1.0
</span>
name openssh
version 8.1p1
<span style='display:block; white-space:pre;background:#ffe0e0;'>-revision 2
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+revision 3
</span> categories net
platforms darwin
maintainers nomaintainer
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/openssh/files/0002-Apple-keychain-integration-other-changes.patch b/net/openssh/files/0002-Apple-keychain-integration-other-changes.patch
</span><span style='display:block; white-space:pre;color:#808080;'>index 9890cb5..089eb7f 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/net/openssh/files/0002-Apple-keychain-integration-other-changes.patch
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/openssh/files/0002-Apple-keychain-integration-other-changes.patch
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1,6 +1,6 @@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>---- /dev/null
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/keychain.m
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -0,0 +1,290 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ b/keychain.m 2019-11-02 05:54:35.000000000 +0100
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -0,0 +1,444 @@
</span> +/*
+ * Copyright (c) 2007-2016 Apple Inc. All rights reserved.
+ *
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -97,12 +97,54 @@
</span> +
+char *keychain_read_passphrase(const char *filename)
+{
<span style='display:block; white-space:pre;background:#e0ffe0;'>++#if ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_7))
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ /*
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * This NSAutoreleasePool business probably looks weird.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ *
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * It's actually a workaround for an issue seen on older OS X versions
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * (10.7-) when running ssh-add: on those systems, CoreFoundation does
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * not generate an automatic global autorelease pool and objects are
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * just leaked later on.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * Incidentally, this happens with a nasty message on stderr that
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * confuses users.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * libobjc is (probably) right to complain and issue such a warning,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * but then again it doesn't really matter. ssh-add is a simple
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * program that is only executed once, does its magic and terminates
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * rather quickly. It's improbable, though not impossible, that memory
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * leaks would ever create problems for this application.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ *
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * This said, I'd still like to get rid of the nasty messages and in
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * order to do so, I'm creating local NSAutoreleasePool objects in
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * each affected function.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ *
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * Creating them is easy - draining the pool is more complicated,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * because it has to be done before each branching point out of the
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * function, i.e., essentially before any return call.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * This makes the code look ugly, but frankly there is no better way
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * to achieve the goal. Another option would be to refactor the code
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * to only ever use one return statement, but that would blow it up
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * and let it diverge from the upstream (Apple) code considerably.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * The second option would be to use local gotos, which, again, does
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * not sound like a particularly elegant solution.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ *
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * We'll just bite the bullet here.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init];
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#endif /* ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_7)) */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span> + OSStatus ret = errSecSuccess;
+ NSString *accountString = [NSString stringWithUTF8String: filename];
+ NSData *passphraseData = NULL;
+
+ if (accountString == nil) {
+ debug2("Cannot retrieve identity passphrase from the keychain since the path is not UTF8.");
<span style='display:block; white-space:pre;background:#e0ffe0;'>++#if ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_7))
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ /*
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * For a description of what this block does, refer to the first
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * NSAutoreleasePool block in this file.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ [pool drain];
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#endif /* ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_7)) */
</span> + return NULL;
+ }
+
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -121,18 +163,39 @@
</span> + ret = SecItemCopyMatching((CFDictionaryRef)searchQuery, (CFTypeRef *)&passphraseData);
+ if (ret == errSecItemNotFound) {
+ debug2("Passphrase not found in the keychain.");
<span style='display:block; white-space:pre;background:#e0ffe0;'>++#if ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_7))
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ /*
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * For a description of what this block does, refer to the first
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * NSAutoreleasePool block in this file.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ [pool drain];
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#endif /* ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_7)) */
</span> + return NULL;
+ } else if (ret != errSecSuccess) {
+ NSString *errorString = (NSString *)SecCopyErrorMessageString(ret, NULL);
+ debug2("Unexpected keychain error while searching for an item: %s", [errorString UTF8String]);
+ [errorString release];
+ [passphraseData release];
<span style='display:block; white-space:pre;background:#e0ffe0;'>++#if ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_7))
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ /*
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * For a description of what this block does, refer to the first
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * NSAutoreleasePool block in this file.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ [pool drain];
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#endif /* ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_7)) */
</span> + return NULL;
+ }
+
+ if (![passphraseData isKindOfClass: [NSData class]]) {
+ debug2("Malformed result returned from the keychain");
+ [passphraseData release];
<span style='display:block; white-space:pre;background:#e0ffe0;'>++#if ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_7))
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ /*
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * For a description of what this block does, refer to the first
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * NSAutoreleasePool block in this file.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ [pool drain];
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#endif /* ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_7)) */
</span> + return NULL;
+ }
+
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -146,21 +209,51 @@
</span> + if (r != SSH_ERR_SUCCESS) {
+ debug2("Could not unlock key with the passphrase retrieved from the keychain.");
+ freezero(passphrase, strlen(passphrase));
<span style='display:block; white-space:pre;background:#e0ffe0;'>++#if ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_7))
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ /*
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * For a description of what this block does, refer to the first
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * NSAutoreleasePool block in this file.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ [pool drain];
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#endif /* ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_7)) */
</span> + return NULL;
+ }
+ sshkey_free(private);
+
<span style='display:block; white-space:pre;background:#e0ffe0;'>++#if ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_7))
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ /*
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * For a description of what this block does, refer to the first
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * NSAutoreleasePool block in this file.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ [pool drain];
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#endif /* ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_7)) */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span> + return passphrase;
+}
+
+void store_in_keychain(const char *filename, const char *passphrase)
+{
<span style='display:block; white-space:pre;background:#e0ffe0;'>++#if ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_7))
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ /*
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * For a description of what this block does, refer to the first
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * NSAutoreleasePool block in this file.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init];
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#endif /* ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_7)) */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span> + OSStatus ret = errSecSuccess;
+ BOOL updateExistingItem = NO;
+ NSString *accountString = [NSString stringWithUTF8String: filename];
+
+ if (accountString == nil) {
+ debug2("Cannot store identity passphrase into the keychain since the path is not UTF8.");
<span style='display:block; white-space:pre;background:#e0ffe0;'>++#if ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_7))
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ /*
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * For a description of what this block does, refer to the first
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * NSAutoreleasePool block in this file.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ [pool drain];
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#endif /* ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_7)) */
</span> + return;
+ }
+
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -216,6 +309,14 @@
</span> + [errorString release];
+ }
+ }
<span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#if ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_7))
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ /*
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * For a description of what this block does, refer to the first
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * NSAutoreleasePool block in this file.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ [pool drain];
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#endif /* ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_7)) */
</span> +}
+
+/*
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -224,11 +325,26 @@
</span> +void
+remove_from_keychain(const char *filename)
+{
<span style='display:block; white-space:pre;background:#e0ffe0;'>++#if ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_7))
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ /*
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * For a description of what this block does, refer to the first
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * NSAutoreleasePool block in this file.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init];
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#endif /* ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_7)) */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span> + OSStatus ret = errSecSuccess;
+ NSString *accountString = [NSString stringWithUTF8String: filename];
+
+ if (accountString == nil) {
+ debug2("Cannot delete identity passphrase from the keychain since the path is not UTF8.");
<span style='display:block; white-space:pre;background:#e0ffe0;'>++#if ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_7))
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ /*
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * For a description of what this block does, refer to the first
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * NSAutoreleasePool block in this file.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ [pool drain];
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#endif /* ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_7)) */
</span> + return;
+ }
+
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -248,12 +364,28 @@
</span> + debug3("Unexpected keychain error while deleting the item: %s", [errorString UTF8String]);
+ [errorString release];
+ }
<span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#if ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_7))
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ /*
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * For a description of what this block does, refer to the first
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * NSAutoreleasePool block in this file.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ [pool drain];
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#endif /* ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_7)) */
</span> +}
+
+
+int
+load_identities_from_keychain(int (^add_identity)(const char *identity))
+{
<span style='display:block; white-space:pre;background:#e0ffe0;'>++#if ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_7))
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ /*
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * For a description of what this block does, refer to the first
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * NSAutoreleasePool block in this file.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init];
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#endif /* ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_7)) */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span> + int ret = 0;
+ OSStatus err = errSecSuccess;
+
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -273,8 +405,22 @@
</span> + if (err == errSecItemNotFound) {
+ fprintf(stderr, "No identity found in the keychain.\n");
+ [searchResults release];
<span style='display:block; white-space:pre;background:#e0ffe0;'>++#if ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_7))
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ /*
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * For a description of what this block does, refer to the first
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * NSAutoreleasePool block in this file.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ [pool drain];
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#endif /* ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_7)) */
</span> + return 0;
+ } else if (err != errSecSuccess || ![searchResults isKindOfClass: [NSArray class]]) {
<span style='display:block; white-space:pre;background:#e0ffe0;'>++#if ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_7))
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ /*
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * For a description of what this block does, refer to the first
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * NSAutoreleasePool block in this file.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ [pool drain];
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#endif /* ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_7)) */
</span> + return 1;
+ }
+
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -289,10 +435,18 @@
</span> + }
+ [searchResults release];
+
<span style='display:block; white-space:pre;background:#e0ffe0;'>++#if ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_7))
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ /*
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * For a description of what this block does, refer to the first
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * NSAutoreleasePool block in this file.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ [pool drain];
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#endif /* ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_7)) */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span> + return ret;
+}
<span style='display:block; white-space:pre;background:#ffe0e0;'>---- /dev/null
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/keychain.h
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ b/keychain.h 2019-11-02 05:54:35.000000000 +0100
</span> @@ -0,0 +1,36 @@
+/*
+ * Copyright (c) 2007-2016 Apple Inc. All rights reserved.
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -330,8 +484,8 @@
</span> +void remove_from_keychain(const char *filename);
+char *keychain_read_passphrase(const char *filename);
+int load_identities_from_keychain(int (^add_identity)(const char *identity));
<span style='display:block; white-space:pre;background:#ffe0e0;'>---- a/Makefile.in
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/Makefile.in
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- a/Makefile.in 2019-10-09 02:31:03.000000000 +0200
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ b/Makefile.in 2019-11-02 05:54:35.000000000 +0100
</span> @@ -41,6 +41,7 @@ PATHS= -DSSHDIR=\"$(sysconfdir)\" \
CC=@CC@
LD=@LD@
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -401,8 +555,8 @@
</span>
ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o sshsig.o
$(LD) -o $@ ssh-keygen.o sshsig.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
<span style='display:block; white-space:pre;background:#ffe0e0;'>---- a/audit-bsm.c
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/audit-bsm.c
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- a/audit-bsm.c 2019-10-09 02:31:03.000000000 +0200
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ b/audit-bsm.c 2019-11-02 05:54:35.000000000 +0100
</span> @@ -62,6 +62,18 @@
#include <bsm/audit_record.h>
#include <locale.h>
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -442,8 +596,8 @@
</span> if (the_authctxt->valid)
info.ai_auid = the_authctxt->pw->pw_uid;
else
<span style='display:block; white-space:pre;background:#ffe0e0;'>---- a/configure.ac
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/configure.ac
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- a/configure.ac 2019-10-09 02:31:03.000000000 +0200
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ b/configure.ac 2019-11-02 05:54:35.000000000 +0100
</span> @@ -20,6 +20,7 @@ AC_LANG([C])
AC_CONFIG_HEADER([config.h])
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -504,8 +658,8 @@
</span> dnl Adding -Werror to CFLAGS early prevents configure tests from running.
dnl Add now.
CFLAGS="$CFLAGS $werror_flags"
<span style='display:block; white-space:pre;background:#ffe0e0;'>---- a/groupaccess.c
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/groupaccess.c
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- a/groupaccess.c 2019-10-09 02:31:03.000000000 +0200
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ b/groupaccess.c 2019-11-02 05:54:35.000000000 +0100
</span> @@ -39,6 +39,10 @@
#include "match.h"
#include "log.h"
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -544,8 +698,8 @@
</span>
for (i = 0, j = 0; i < ngroups; i++)
if ((gr = getgrgid(groups_bygid[i])) != NULL)
<span style='display:block; white-space:pre;background:#ffe0e0;'>---- a/readconf.c
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/readconf.c
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- a/readconf.c 2019-10-09 02:31:03.000000000 +0200
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ b/readconf.c 2019-11-02 05:54:35.000000000 +0100
</span> @@ -167,6 +167,9 @@ typedef enum {
oHashKnownHosts,
oTunnel, oTunnelDevice,
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -601,8 +755,8 @@
</span> }
struct fwdarg {
<span style='display:block; white-space:pre;background:#ffe0e0;'>---- a/readconf.h
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/readconf.h
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- a/readconf.h 2019-10-09 02:31:03.000000000 +0200
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ b/readconf.h 2019-11-02 05:54:35.000000000 +0100
</span> @@ -137,6 +137,9 @@ typedef struct {
char *local_command;
int permit_local_command;
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -613,8 +767,8 @@
</span> int visual_host_key;
int request_tty;
<span style='display:block; white-space:pre;background:#ffe0e0;'>---- a/session.c
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/session.c
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- a/session.c 2019-10-09 02:31:03.000000000 +0200
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ b/session.c 2019-11-02 05:54:35.000000000 +0100
</span> @@ -1185,6 +1185,21 @@ do_setup_env(struct ssh *ssh, Session *s
child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND",
original_command);
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -637,8 +791,8 @@
</span> if (debug_flag) {
/* dump the environment */
fprintf(stderr, "Environment:\n");
<span style='display:block; white-space:pre;background:#ffe0e0;'>---- a/ssh-add.0
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/ssh-add.0
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- a/ssh-add.0 2019-10-09 02:39:14.000000000 +0200
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ b/ssh-add.0 2019-11-02 05:54:35.000000000 +0100
</span> @@ -4,7 +4,7 @@ NAME
ssh-add M-bM-^@M-^S adds private key identities to the authentication agent
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -669,8 +823,8 @@
</span> -k When loading keys into or deleting keys from the agent, process
plain private keys only and skip certificates.
<span style='display:block; white-space:pre;background:#ffe0e0;'>---- a/ssh-add.1
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/ssh-add.1
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- a/ssh-add.1 2019-10-09 02:31:03.000000000 +0200
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ b/ssh-add.1 2019-11-02 05:54:35.000000000 +0100
</span> @@ -43,7 +43,7 @@
.Nd adds private key identities to the authentication agent
.Sh SYNOPSIS
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -701,8 +855,8 @@
</span> .It Fl k
When loading keys into or deleting keys from the agent, process plain private
keys only and skip certificates.
<span style='display:block; white-space:pre;background:#ffe0e0;'>---- a/ssh-add.c
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/ssh-add.c
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- a/ssh-add.c 2019-10-09 02:31:03.000000000 +0200
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ b/ssh-add.c 2019-11-02 05:54:47.000000000 +0100
</span> @@ -67,6 +67,11 @@
#include "ssherr.h"
#include "digest.h"
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -809,8 +963,8 @@
</span> default:
usage();
ret = 1;
<span style='display:block; white-space:pre;background:#ffe0e0;'>---- a/ssh-agent.c
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/ssh-agent.c
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- a/ssh-agent.c 2019-10-09 02:31:03.000000000 +0200
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ b/ssh-agent.c 2019-11-02 05:54:35.000000000 +0100
</span> @@ -70,6 +70,10 @@
#include <time.h>
#include <string.h>
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -961,8 +1115,8 @@
</span> if (ac > 0)
parent_alive_interval = 10;
idtab_init();
<span style='display:block; white-space:pre;background:#ffe0e0;'>---- a/sshconnect2.c
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/sshconnect2.c
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- a/sshconnect2.c 2019-10-09 02:31:03.000000000 +0200
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ b/sshconnect2.c 2019-11-02 05:54:35.000000000 +0100
</span> @@ -73,6 +73,11 @@
#include "ssherr.h"
#include "utf8.h"
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1003,8 +1157,8 @@
</span> if (!quit && private != NULL && id->agent_fd == -1 &&
!(id->key && id->isprivate))
maybe_add_key_to_agent(id->filename, private, comment,
<span style='display:block; white-space:pre;background:#ffe0e0;'>---- a/ssh-agent.0
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/ssh-agent.0
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- a/ssh-agent.0 2019-10-09 02:39:14.000000000 +0200
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ b/ssh-agent.0 2019-11-02 05:54:35.000000000 +0100
</span> @@ -7,6 +7,7 @@ SYNOPSIS
ssh-agent [-c | -s] [-Dd] [-a bind_address] [-E fingerprint_hash]
[-P pkcs11_whitelist] [-t life] [command [arg ...]]
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1023,8 +1177,8 @@
</span> If a command line is given, this is executed as a subprocess of the
agent. When the command dies, so does the agent.
<span style='display:block; white-space:pre;background:#ffe0e0;'>---- a/ssh-agent.1
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/ssh-agent.1
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- a/ssh-agent.1 2019-10-09 02:31:03.000000000 +0200
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ b/ssh-agent.1 2019-11-02 05:54:35.000000000 +0100
</span> @@ -52,6 +52,8 @@
.Nm ssh-agent
.Op Fl c | s
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1045,8 +1199,8 @@
</span> .El
.Pp
If a command line is given, this is executed as a subprocess of the agent.
<span style='display:block; white-space:pre;background:#ffe0e0;'>---- /dev/null
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/SecItemPriv-shim.h
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ b/SecItemPriv-shim.h 2019-11-02 05:54:35.000000000 +0100
</span> @@ -0,0 +1,105 @@
+/*
+ * Copyright (c) 2006-2013 Apple Inc. All Rights Reserved.
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1153,8 +1307,8 @@
</span> +__END_DECLS
+
+#endif /* !_SECURITY_SECITEMPRIV_H_ */
<span style='display:block; white-space:pre;background:#ffe0e0;'>---- /dev/null
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/macos-object-subscripting.m
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ b/macos-object-subscripting.m 2019-11-02 05:54:35.000000000 +0100
</span> @@ -0,0 +1,65 @@
+/*
+ * Copyright (c) 2017-2019 Mihai Moldovan <ionic@ionic.de>
</pre><pre style='margin:0'>
</pre>