<pre style='margin:0'>
Marius Schamschula (Schamschula) pushed a commit to branch openssh
in repository macports-ports.
</pre>
<p><a href="https://github.com/macports/macports-ports/commit/0a317889d6a5e1307d47478fb043a00461079847">https://github.com/macports/macports-ports/commit/0a317889d6a5e1307d47478fb043a00461079847</a></p>
<pre style="white-space: pre; background: #F8F8F8">The following commit(s) were added to refs/heads/openssh by this push:
<span style='display:block; white-space:pre;color:#404040;'> new 0a317889d6a openssh: update to 8.4p1, drop keychain patch and hpn variant
</span><span style='display:block; white-space:pre;color:#404040;'> new abe8241d67d Merge branch 'openssh' of https://github.com/macports/macports-ports into openssh
</span>0a317889d6a is described below
<span style='display:block; white-space:pre;color:#808000;'>commit 0a317889d6a5e1307d47478fb043a00461079847
</span>Author: Marius Schamschula <mps@macports.org>
AuthorDate: Wed Dec 16 19:25:07 2020 -0600
<span style='display:block; white-space:pre;color:#404040;'> openssh: update to 8.4p1, drop keychain patch and hpn variant
</span><span style='display:block; white-space:pre;color:#404040;'>
</span><span style='display:block; white-space:pre;color:#404040;'> update gsskex and macports-config.patch patches
</span>---
net/openssh/Portfile | 32 +-
...-Apple-keychain-integration-other-changes.patch | 1377 --------------------
net/openssh/files/macports-config.patch | 8 +-
...sh-8.1p1-gsskex-all-20141021-mp-20201216.patch} | 90 +-
4 files changed, 49 insertions(+), 1458 deletions(-)
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/openssh/Portfile b/net/openssh/Portfile
</span><span style='display:block; white-space:pre;color:#808080;'>index 8a6a0734d3c..9922d5436cc 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/net/openssh/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/openssh/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -5,8 +5,8 @@ PortSystem 1.0
</span> PortGroup compiler_blacklist_versions 1.0
name openssh
<span style='display:block; white-space:pre;background:#ffe0e0;'>-version 8.1p1
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-revision 9
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+version 8.4p1
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+revision 0
</span> categories net
platforms darwin
maintainers nomaintainer
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -29,9 +29,9 @@ long_description OpenSSH is a FREE version of the SSH protocol suite of \
</span>
homepage https://www.openbsd.org/openssh/
<span style='display:block; white-space:pre;background:#ffe0e0;'>-checksums rmd160 0d9bcaa22b77a8e26fbe4804ea4ae017e45b1568 \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- sha256 02f5dbef3835d0753556f973cd57b4c19b6b1f6cd24c03445e23ac77ca1b93ff \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- size 1625894
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+checksums rmd160 2d3eec0b56f7edef5d50b8defa2f143ffee5c65a \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ sha256 5a01d22e407eb1c05ba8a8f7c654d388a13e9f226e4ed33bd38748dafa1d2b24 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ size 1742201
</span>
master_sites openbsd:OpenSSH/portable \
ftp://ftp.cise.ufl.edu/pub/mirrors/openssh/portable/ \
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -50,9 +50,7 @@ if {${name} eq ${subport}} {
</span> pam.patch \
patch-sandbox-darwin.c-apple-sandbox-named-external.diff \
patch-sshd.c-apple-sandbox-named-external.diff \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- 0002-Apple-keychain-integration-other-changes.patch \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- macports-config.patch \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- patch-openbsd_compat-memmem-bug.diff
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ macports-config.patch
</span>
# We need a couple of patches
# - pam.patch
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -162,22 +160,8 @@ if {${name} eq ${subport}} {
</span> depends_run-append port:xauth
}
<span style='display:block; white-space:pre;background:#ffe0e0;'>- variant hpn conflicts gsskex description {Apply high performance patch} {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # Current location(s):
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # https://github.com/rapier1/openssh-portable/
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # http://www.freshports.org/security/openssh-portable/
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # (is usually quick in updating the HPN patch for new versions,
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # take a look there, too.)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # Formerly taken directly from FreeBSD as a distfile, now copied over
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # from either upstream at or FreeBSD's ports directory and rebased.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- set hpn_patchfile ${name}-${version}-hpnssh14v18
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- patchfiles-append ${hpn_patchfile}.diff \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${hpn_patchfile}-openssl-1.1.diff
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- variant gsskex conflicts hpn requires kerberos5 description "Add OpenSSH GSSAPI key exchange patch" {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- patchfiles-append openssh-8.1p1-gsskex-all-20141021-mp-20191015.patch
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ variant gsskex requires kerberos5 description "Add OpenSSH GSSAPI key exchange patch" {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ patchfiles-append openssh-8.1p1-gsskex-all-20141021-mp-20201216.patch
</span> configure.ldflags-append \
-Wl,-pie
configure.cflags-append -fPIE
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/openssh/files/0002-Apple-keychain-integration-other-changes.patch b/net/openssh/files/0002-Apple-keychain-integration-other-changes.patch
</span>deleted file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 089eb7f85e5..00000000000
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/net/openssh/files/0002-Apple-keychain-integration-other-changes.patch
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1,1377 +0,0 @@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>---- /dev/null 1970-01-01 00:00:00.000000000 +0000
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/keychain.m 2019-11-02 05:54:35.000000000 +0100
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -0,0 +1,444 @@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+/*
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * Copyright (c) 2007-2016 Apple Inc. All rights reserved.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ *
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * @APPLE_BSD_LICENSE_HEADER_START@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ *
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * Redistribution and use in source and binary forms, with or without
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * modification, are permitted provided that the following conditions
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * are met:
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ *
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * 1. Redistributions of source code must retain the above copyright
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * notice, this list of conditions and the following disclaimer.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * 2. Redistributions in binary form must reproduce the above copyright
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * notice, this list of conditions and the following disclaimer in the
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * documentation and/or other materials provided with the distribution.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * 3. Neither the name of Apple Inc. ("Apple") nor the names of its
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * contributors may be used to endorse or promote products derived from
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * this software without specific prior written permission.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ *
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ *
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * @APPLE_BSD_LICENSE_HEADER_END@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#include <AvailabilityMacros.h>
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if ((!(defined (MAC_OS_X_VERSION_10_6))) || (MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_6))
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+/*
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * Older versions of sys/acl.h are (arguably) buggy in that the
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * __APPLE_API_STRICT_CONFORMANCE macro - that we need for proper sandbox code
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * compilation on older systems (10.7-) - affects (or rather restricts) the
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * inclusion of macros in sys/kauth.h.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ *
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * These macros are then used unconditionally and everything blows up if the
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * former is set.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ *
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * This is not a problem with newer sys/acl.h versions, since these define
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * internal macros and hence don't rely on the KAUTH_* macros any longer (even
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * though they still include sys/kauth.h, which strictly speaking is redundant
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * in such a case).
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ *
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * Since we don't need to work around any sandbox header bugs in the keychain
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * integration, let's just drop the former macro.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+# ifdef __APPLE_API_STRICT_CONFORMANCE
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+# undef __APPLE_API_STRICT_CONFORMANCE
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+# endif /* defined (__APPLE_API_STRICT_CONFORMANCE) */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif /* ((!(defined (MAC_OS_X_VERSION_10_6))) || (MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_6)) */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#import <Foundation/Foundation.h>
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#import <Security/Security.h>
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if ((!(defined (MAC_OS_X_VERSION_10_6))) || (MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_6))
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+/*
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * On 10.7+, Security.h pulls in SecItem.h.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ *
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * Not so on 10.6-, for some reason.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+# import <Security/SecItem.h>
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif /* ((!(defined (MAC_OS_X_VERSION_10_6))) || (MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_6)) */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#import "SecItemPriv-shim.h"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#include <sys/stat.h>
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#include <stdio.h>
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#include "xmalloc.h"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#include "sshkey.h"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#include "ssherr.h"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#include "authfile.h"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#include "openbsd-compat/openbsd-compat.h"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#include "log.h"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+/*
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * This code uses Object Subscripting, a new ObjC feature requiring explicit
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * compiler and library support.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ *
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * OS X 10.7- don't support that out of the box, but it's possible to
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * emulate the behavior on older systems by providing an implementation and
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * a more recent clang compiler.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ *
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * We can provide the implementation directly and will do that, MacPorts'
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * compiler selection will have to do the second part.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ *
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * Yes, importing an implementation is weird, but I'd rather keep the emulation
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * layer separate.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#import "macos-object-subscripting.m"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+char *keychain_read_passphrase(const char *filename)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+{
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_7))
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ /*
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * This NSAutoreleasePool business probably looks weird.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ *
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * It's actually a workaround for an issue seen on older OS X versions
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * (10.7-) when running ssh-add: on those systems, CoreFoundation does
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * not generate an automatic global autorelease pool and objects are
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * just leaked later on.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * Incidentally, this happens with a nasty message on stderr that
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * confuses users.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * libobjc is (probably) right to complain and issue such a warning,
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * but then again it doesn't really matter. ssh-add is a simple
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * program that is only executed once, does its magic and terminates
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * rather quickly. It's improbable, though not impossible, that memory
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * leaks would ever create problems for this application.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ *
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * This said, I'd still like to get rid of the nasty messages and in
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * order to do so, I'm creating local NSAutoreleasePool objects in
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * each affected function.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ *
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * Creating them is easy - draining the pool is more complicated,
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * because it has to be done before each branching point out of the
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * function, i.e., essentially before any return call.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * This makes the code look ugly, but frankly there is no better way
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * to achieve the goal. Another option would be to refactor the code
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * to only ever use one return statement, but that would blow it up
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * and let it diverge from the upstream (Apple) code considerably.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * The second option would be to use local gotos, which, again, does
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * not sound like a particularly elegant solution.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ *
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * We'll just bite the bullet here.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif /* ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_7)) */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ OSStatus ret = errSecSuccess;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ NSString *accountString = [NSString stringWithUTF8String: filename];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ NSData *passphraseData = NULL;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ if (accountString == nil) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ debug2("Cannot retrieve identity passphrase from the keychain since the path is not UTF8.");
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_7))
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ /*
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * For a description of what this block does, refer to the first
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * NSAutoreleasePool block in this file.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ [pool drain];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif /* ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_7)) */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ return NULL;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ NSDictionary *searchQuery = @{
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ (id)kSecClass: (id)kSecClassGenericPassword,
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ (id)kSecAttrAccount: accountString,
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ (id)kSecAttrLabel: [NSString stringWithFormat: @"SSH: %@", accountString],
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ (id)kSecAttrService: @"OpenSSH",
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if ((defined (MAC_OS_X_VERSION_10_11)) && (MAC_OS_X_VERSION_MIN_REQUIRED >= MAC_OS_X_VERSION_10_11))
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ (id)kSecAttrNoLegacy: @YES,
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ (id)kSecUseAuthenticationUI: (id)kSecUseAuthenticationUIFail,
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif /* ((defined (MAC_OS_X_VERSION_10_11)) && (MAC_OS_X_VERSION_MIN_REQUIRED >= MAC_OS_X_VERSION_10_11)) */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ (id)kSecAttrAccessGroup: @"com.apple.ssh.passphrases",
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ (id)kSecReturnData: @(YES)};
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ debug3("Search for item with query: %s", [[searchQuery description] UTF8String]);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ ret = SecItemCopyMatching((CFDictionaryRef)searchQuery, (CFTypeRef *)&passphraseData);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ if (ret == errSecItemNotFound) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ debug2("Passphrase not found in the keychain.");
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_7))
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ /*
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * For a description of what this block does, refer to the first
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * NSAutoreleasePool block in this file.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ [pool drain];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif /* ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_7)) */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ return NULL;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ } else if (ret != errSecSuccess) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ NSString *errorString = (NSString *)SecCopyErrorMessageString(ret, NULL);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ debug2("Unexpected keychain error while searching for an item: %s", [errorString UTF8String]);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ [errorString release];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ [passphraseData release];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_7))
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ /*
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * For a description of what this block does, refer to the first
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * NSAutoreleasePool block in this file.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ [pool drain];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif /* ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_7)) */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ return NULL;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ if (![passphraseData isKindOfClass: [NSData class]]) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ debug2("Malformed result returned from the keychain");
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ [passphraseData release];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_7))
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ /*
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * For a description of what this block does, refer to the first
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * NSAutoreleasePool block in this file.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ [pool drain];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif /* ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_7)) */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ return NULL;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ char *passphrase = xcalloc([passphraseData length] + 1, sizeof(char));
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ [passphraseData getBytes: passphrase length: [passphraseData length]];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ [passphraseData release];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ // Try to load the key first and only return the passphrase if we know it's the right one
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ struct sshkey *private = NULL;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ int r = sshkey_load_private_type(KEY_UNSPEC, filename, passphrase, &private, NULL);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ if (r != SSH_ERR_SUCCESS) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ debug2("Could not unlock key with the passphrase retrieved from the keychain.");
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ freezero(passphrase, strlen(passphrase));
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_7))
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ /*
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * For a description of what this block does, refer to the first
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * NSAutoreleasePool block in this file.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ [pool drain];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif /* ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_7)) */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ return NULL;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ sshkey_free(private);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_7))
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ /*
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * For a description of what this block does, refer to the first
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * NSAutoreleasePool block in this file.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ [pool drain];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif /* ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_7)) */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ return passphrase;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+}
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+void store_in_keychain(const char *filename, const char *passphrase)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+{
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_7))
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ /*
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * For a description of what this block does, refer to the first
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * NSAutoreleasePool block in this file.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif /* ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_7)) */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ OSStatus ret = errSecSuccess;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ BOOL updateExistingItem = NO;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ NSString *accountString = [NSString stringWithUTF8String: filename];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ if (accountString == nil) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ debug2("Cannot store identity passphrase into the keychain since the path is not UTF8.");
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_7))
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ /*
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * For a description of what this block does, refer to the first
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * NSAutoreleasePool block in this file.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ [pool drain];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif /* ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_7)) */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ return;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ NSDictionary *defaultAttributes = @{
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ (id)kSecClass: (id)kSecClassGenericPassword,
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ (id)kSecAttrAccount: accountString,
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ (id)kSecAttrLabel: [NSString stringWithFormat: @"SSH: %@", accountString],
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ (id)kSecAttrService: @"OpenSSH",
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if ((defined (MAC_OS_X_VERSION_10_11)) && (MAC_OS_X_VERSION_MIN_REQUIRED >= MAC_OS_X_VERSION_10_11))
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ (id)kSecAttrNoLegacy: @YES,
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ (id)kSecUseAuthenticationUI: (id)kSecUseAuthenticationUIFail,
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif /* ((defined (MAC_OS_X_VERSION_10_11)) && (MAC_OS_X_VERSION_MIN_REQUIRED >= MAC_OS_X_VERSION_10_11)) */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ (id)kSecAttrAccessGroup: @"com.apple.ssh.passphrases"};
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ CFTypeRef searchResults = NULL;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ NSMutableDictionary *searchQuery = [@{(id)kSecReturnRef: @(YES)} mutableCopy];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ [searchQuery addEntriesFromDictionary: defaultAttributes];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ debug3("Search for existing item with query: %s", [[searchQuery description] UTF8String]);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ ret = SecItemCopyMatching((CFDictionaryRef)searchQuery, &searchResults);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ [searchQuery release];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ if (ret == errSecSuccess) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ debug3("Item already exists in the keychain, updating.");
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ updateExistingItem = YES;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ } else if (ret == errSecItemNotFound) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ debug3("Item does not exist in the keychain, adding.");
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ } else {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ NSString *errorString = (NSString *)SecCopyErrorMessageString(ret, NULL);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ debug3("Unexpected keychain error while searching for an item: %s", [errorString UTF8String]);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ [errorString release];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ if (updateExistingItem) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ NSDictionary *updateQuery = defaultAttributes;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ NSDictionary *changes = @{(id)kSecValueData: [NSData dataWithBytesNoCopy: (void *)passphrase length: strlen(passphrase) freeWhenDone: NO]};
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ ret = SecItemUpdate((CFDictionaryRef)updateQuery, (CFDictionaryRef)changes);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ if (ret != errSecSuccess) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ NSString *errorString = (NSString *)SecCopyErrorMessageString(ret, NULL);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ debug3("Unexpected keychain error while updating the item: %s", [errorString UTF8String]);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ [errorString release];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ } else {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ NSMutableDictionary *addQuery = [@{(id)kSecValueData: [NSData dataWithBytesNoCopy: (void *)passphrase length: strlen(passphrase) freeWhenDone: NO]} mutableCopy];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ [addQuery addEntriesFromDictionary: defaultAttributes];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ ret = SecItemAdd((CFDictionaryRef)addQuery, NULL);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ [addQuery release];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ if (ret != errSecSuccess) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ NSString *errorString = (NSString *)SecCopyErrorMessageString(ret, NULL);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ debug3("Unexpected keychain error while inserting the item: %s", [errorString UTF8String]);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ [errorString release];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_7))
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ /*
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * For a description of what this block does, refer to the first
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * NSAutoreleasePool block in this file.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ [pool drain];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif /* ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_7)) */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+}
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+/*
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * Remove the passphrase for a given identity from the keychain.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+void
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+remove_from_keychain(const char *filename)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+{
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_7))
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ /*
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * For a description of what this block does, refer to the first
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * NSAutoreleasePool block in this file.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif /* ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_7)) */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ OSStatus ret = errSecSuccess;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ NSString *accountString = [NSString stringWithUTF8String: filename];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ if (accountString == nil) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ debug2("Cannot delete identity passphrase from the keychain since the path is not UTF8.");
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_7))
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ /*
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * For a description of what this block does, refer to the first
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * NSAutoreleasePool block in this file.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ [pool drain];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif /* ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_7)) */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ return;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ NSDictionary *searchQuery = @{
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ (id)kSecClass: (id)kSecClassGenericPassword,
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ (id)kSecAttrAccount: accountString,
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ (id)kSecAttrService: @"OpenSSH",
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if ((defined (MAC_OS_X_VERSION_10_11)) && (MAC_OS_X_VERSION_MIN_REQUIRED >= MAC_OS_X_VERSION_10_11))
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ (id)kSecAttrNoLegacy: @YES,
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ (id)kSecUseAuthenticationUI: (id)kSecUseAuthenticationUIFail,
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif /* ((defined (MAC_OS_X_VERSION_10_11)) && (MAC_OS_X_VERSION_MIN_REQUIRED >= MAC_OS_X_VERSION_10_11)) */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ (id)kSecAttrAccessGroup: @"com.apple.ssh.passphrases"};
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ ret = SecItemDelete((CFDictionaryRef)searchQuery);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ if (ret == errSecSuccess) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ NSString *errorString = (NSString *)SecCopyErrorMessageString(ret, NULL);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ debug3("Unexpected keychain error while deleting the item: %s", [errorString UTF8String]);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ [errorString release];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_7))
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ /*
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * For a description of what this block does, refer to the first
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * NSAutoreleasePool block in this file.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ [pool drain];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif /* ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_7)) */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+}
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+int
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+load_identities_from_keychain(int (^add_identity)(const char *identity))
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+{
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_7))
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ /*
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * For a description of what this block does, refer to the first
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * NSAutoreleasePool block in this file.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif /* ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_7)) */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ int ret = 0;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ OSStatus err = errSecSuccess;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ NSArray *searchResults = nil;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ NSDictionary *searchQuery = @{
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ (id)kSecClass: (id)kSecClassGenericPassword,
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ (id)kSecAttrService: @"OpenSSH",
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if ((defined (MAC_OS_X_VERSION_10_11)) && (MAC_OS_X_VERSION_MIN_REQUIRED >= MAC_OS_X_VERSION_10_11))
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ (id)kSecAttrNoLegacy: @YES,
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ (id)kSecUseAuthenticationUI: (id)kSecUseAuthenticationUIFail,
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif /* ((defined (MAC_OS_X_VERSION_10_11)) && (MAC_OS_X_VERSION_MIN_REQUIRED >= MAC_OS_X_VERSION_10_11)) */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ (id)kSecAttrAccessGroup: @"com.apple.ssh.passphrases",
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ (id)kSecReturnAttributes: @(YES),
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ (id)kSecMatchLimit: (id)kSecMatchLimitAll};
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ err = SecItemCopyMatching((CFDictionaryRef)searchQuery, (CFTypeRef *)&searchResults);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ if (err == errSecItemNotFound) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ fprintf(stderr, "No identity found in the keychain.\n");
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ [searchResults release];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_7))
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ /*
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * For a description of what this block does, refer to the first
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * NSAutoreleasePool block in this file.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ [pool drain];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif /* ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_7)) */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ return 0;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ } else if (err != errSecSuccess || ![searchResults isKindOfClass: [NSArray class]]) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_7))
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ /*
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * For a description of what this block does, refer to the first
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * NSAutoreleasePool block in this file.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ [pool drain];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif /* ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_7)) */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ return 1;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ for (NSDictionary *itemAttributes in searchResults) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ NSString *accountString = itemAttributes[(id)kSecAttrAccount];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ struct stat st;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ if (stat([accountString UTF8String], &st) < 0)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ continue;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ if (add_identity([accountString UTF8String]))
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ ret = 1;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ [searchResults release];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_7))
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ /*
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * For a description of what this block does, refer to the first
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * NSAutoreleasePool block in this file.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ [pool drain];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif /* ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_7)) */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ return ret;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+}
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>---- /dev/null 1970-01-01 00:00:00.000000000 +0000
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/keychain.h 2019-11-02 05:54:35.000000000 +0100
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -0,0 +1,36 @@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+/*
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * Copyright (c) 2007-2016 Apple Inc. All rights reserved.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ *
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * @APPLE_BSD_LICENSE_HEADER_START@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ *
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * Redistribution and use in source and binary forms, with or without
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * modification, are permitted provided that the following conditions
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * are met:
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ *
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * 1. Redistributions of source code must retain the above copyright
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * notice, this list of conditions and the following disclaimer.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * 2. Redistributions in binary form must reproduce the above copyright
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * notice, this list of conditions and the following disclaimer in the
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * documentation and/or other materials provided with the distribution.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * 3. Neither the name of Apple Inc. ("Apple") nor the names of its
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * contributors may be used to endorse or promote products derived from
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * this software without specific prior written permission.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ *
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ *
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * @APPLE_BSD_LICENSE_HEADER_END@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+void store_in_keychain(const char *filename, const char *passphrase);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+void remove_from_keychain(const char *filename);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+char *keychain_read_passphrase(const char *filename);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+int load_identities_from_keychain(int (^add_identity)(const char *identity));
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>---- a/Makefile.in 2019-10-09 02:31:03.000000000 +0200
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/Makefile.in 2019-11-02 05:54:35.000000000 +0100
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -41,6 +41,7 @@ PATHS= -DSSHDIR=\"$(sysconfdir)\" \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- CC=@CC@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- LD=@LD@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- CFLAGS=@CFLAGS@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+OBJCFLAGS=@OBJCFLAGS@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- LIBS=@LIBS@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- K5LIBS=@K5LIBS@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -56,6 +57,7 @@ SED=@SED@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ENT=@ENT@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- XAUTH_PATH=@XAUTH_PATH@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+KEYCHAIN_LDFLAGS=@KEYCHAIN_LDFLAGS@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- EXEEXT=@EXEEXT@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- MANFMT=@MANFMT@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- MKDIR_P=@MKDIR_P@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -121,6 +123,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- sandbox-solaris.o uidswap.o
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+KEYCHAINOBJS=keychain.o
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- MANTYPE = @MANTYPE@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -156,6 +160,7 @@ all: configure-check $(CONFIGFILES) $(MA
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- $(LIBSSH_OBJS): Makefile.in config.h
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- $(SSHOBJS): Makefile.in config.h
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- $(SSHDOBJS): Makefile.in config.h
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+$(KEYCHAINOBJS): Makefile.in config.h
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- configure-check: $(srcdir)/configure
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- $(srcdir)/configure: configure.ac aclocal.m4
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -164,6 +169,8 @@ $(srcdir)/configure: configure.ac acloca
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- .c.o:
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- $(CC) $(CFLAGS) $(CPPFLAGS) -c $< -o $@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+.m.o:
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ $(CC) $(OBJCFLAGS) $(CFLAGS) $(CPPFLAGS) -c $< -o $@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- LIBCOMPAT=openbsd-compat/libopenbsd-compat.a
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- $(LIBCOMPAT): always
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -174,8 +181,8 @@ libssh.a: $(LIBSSH_OBJS)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- $(AR) rv $@ $(LIBSSH_OBJS)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- $(RANLIB) $@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-- $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS) $(GSSLIBS)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS) $(KEYCHAINOBJS)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ $(LD) -o $@ $(SSHOBJS) $(KEYCHAINOBJS) $(LDFLAGS) $(KEYCHAIN_LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS) $(GSSLIBS)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -183,11 +190,11 @@ sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(S
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- $(LD) -o $@ scp.o progressmeter.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-- $(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o $(KEYCHAINOBJS)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ $(LD) -o $@ ssh-add.o $(KEYCHAINOBJS) $(LDFLAGS) $(KEYCHAIN_LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-agent.o ssh-pkcs11-client.o
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-- $(LD) -o $@ ssh-agent.o ssh-pkcs11-client.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-agent.o ssh-pkcs11-client.o $(KEYCHAINOBJS)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ $(LD) -o $@ ssh-agent.o ssh-pkcs11-client.o $(KEYCHAINOBJS) $(LDFLAGS) $(KEYCHAIN_LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o sshsig.o
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- $(LD) -o $@ ssh-keygen.o sshsig.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>---- a/audit-bsm.c 2019-10-09 02:31:03.000000000 +0200
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/audit-bsm.c 2019-11-02 05:54:35.000000000 +0100
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -62,6 +62,18 @@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #include <bsm/audit_record.h>
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #include <locale.h>
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#ifdef __APPLE__
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#include <AvailabilityMacros.h>
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if ((defined (MAC_OS_X_VERSION_10_7)) && (MAC_OS_X_VERSION_MIN_REQUIRED >= MAC_OS_X_VERSION_10_7))
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#include <bsm/audit_session.h>
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif /* ((defined (MAC_OS_X_VERSION_10_7)) && (MAC_OS_X_VERSION_MIN_REQUIRED >= MAC_OS_X_VERSION_10_7)) */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#include "auth-options.h"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#include "misc.h"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#include "servconf.h"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+extern ServerOptions options;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+extern struct sshauthopt *auth_opts;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #if defined(HAVE_GETAUDIT_ADDR)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #define AuditInfoStruct auditinfo_addr
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #define AuditInfoTermID au_tid_addr_t
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -305,6 +317,19 @@ bsm_audit_session_setup(void)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- return;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#ifdef __APPLE__
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ bzero(&info, sizeof (info));
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if ((defined (MAC_OS_X_VERSION_10_7)) && (MAC_OS_X_VERSION_MIN_REQUIRED >= MAC_OS_X_VERSION_10_7))
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ info.ai_flags = AU_SESSION_FLAG_IS_REMOTE;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ if (the_authctxt->valid) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ info.ai_flags |= AU_SESSION_FLAG_HAS_AUTHENTICATED;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ if (auth_opts->permit_pty_flag && options.permit_tty) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ info.ai_flags |= AU_SESSION_FLAG_HAS_TTY;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif /* ((defined (MAC_OS_X_VERSION_10_7)) && (MAC_OS_X_VERSION_MIN_REQUIRED >= MAC_OS_X_VERSION_10_7)) */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if (the_authctxt->valid)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- info.ai_auid = the_authctxt->pw->pw_uid;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- else
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>---- a/configure.ac 2019-10-09 02:31:03.000000000 +0200
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/configure.ac 2019-11-02 05:54:35.000000000 +0100
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -20,6 +20,7 @@ AC_LANG([C])
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- AC_CONFIG_HEADER([config.h])
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- AC_PROG_CC([cc gcc])
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+AC_PROG_OBJC([cc clang gcc])
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- AC_CANONICAL_HOST
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- AC_C_BIGENDIAN
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -667,11 +668,11 @@ main() { if (NSVersionOfRunTimeLibrary("
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- [Prepend the address family to IP tunnel traffic])
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- m4_pattern_allow([AU_IPv])
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-- AC_CHECK_DECL([AU_IPv4], [],
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-- AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-- [#include <bsm/audit.h>]
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-- AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1],
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-- [Define if pututxline updates lastlog too])
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ AC_CHECK_DECL([AU_IPv4],
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1],
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ [Define if pututxline updates lastlog too]),
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]),
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ [[#include <bsm/audit.h>]]
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- )
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- [Define to a Set Process Title type if your system is
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -5152,6 +5153,34 @@ AC_CHECK_MEMBER([struct utmp.ut_line], [
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #endif
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ])
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+dnl Keychain support
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+AC_ARG_WITH(keychain,
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ [ --with-keychain=apple Use macOS Keychain],
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ [
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ case "$withval" in
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ apple|no)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ KEYCHAIN=$withval
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ ;;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ *)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ AC_MSG_ERROR(invalid keychain type: $withval)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ ;;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ esac
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ ]
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+if test ! -z "$KEYCHAIN" -a "$KEYCHAIN" != "no"; then
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ case "$KEYCHAIN" in
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ apple)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ AC_CHECK_HEADERS(Security/Security.h, [
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ CPPFLAGS="$CPPFLAGS -D__APPLE_KEYCHAIN__ -D__APPLE_MEMBERSHIP__ -D__APPLE_TMPDIR__ -D__APPLE_LAUNCHD__"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ OBJCFLAGS="$OBJCFLAGS -F/System/Library/Frameworks/Security.framework -F/System/Library/Frameworks/DirectoryService.framework -F/System/Library/Frameworks/CoreFoundation.framework"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ KEYCHAIN_LDFLAGS="-framework Security -framework CoreFoundation -framework Foundation -lobjc"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ AC_SUBST(KEYCHAIN_LDFLAGS)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ ],
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ AC_MSG_WARN([Security framework not found. Disabling macOS Keychain support.]))
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ ;;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ esac
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+fi
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- dnl Adding -Werror to CFLAGS early prevents configure tests from running.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- dnl Add now.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- CFLAGS="$CFLAGS $werror_flags"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>---- a/groupaccess.c 2019-10-09 02:31:03.000000000 +0200
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/groupaccess.c 2019-11-02 05:54:35.000000000 +0100
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -39,6 +39,10 @@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #include "match.h"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #include "log.h"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#ifdef __APPLE_MEMBERSHIP__
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+int32_t getgrouplist_2(const char *, gid_t, gid_t **);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- static int ngroups;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- static char **groups_byname;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -56,6 +60,18 @@ ga_init(const char *user, gid_t base)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if (ngroups > 0)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ga_free();
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#ifdef __APPLE_MEMBERSHIP__
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ (void)retry;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ if ((ngroups = getgrouplist_2(user, base, &groups_bygid)) == -1) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ logit("getgrouplist_2 failed");
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ /*
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * getgrouplist_2 only fails on memory error; in which case
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * groups_bygid will be left NULL so no need to free.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ return 0;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ groups_byname = xcalloc(ngroups, sizeof(*groups_byname));
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#else
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ngroups = NGROUPS_MAX;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #if defined(HAVE_SYSCONF) && defined(_SC_NGROUPS_MAX)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ngroups = MAX(NGROUPS_MAX, sysconf(_SC_NGROUPS_MAX));
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -69,6 +85,7 @@ ga_init(const char *user, gid_t base)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- sizeof(*groups_bygid));
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- groups_byname = xcalloc(ngroups, sizeof(*groups_byname));
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif /* __APPLE_MEMBERSHIP__ */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- for (i = 0, j = 0; i < ngroups; i++)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if ((gr = getgrgid(groups_bygid[i])) != NULL)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>---- a/readconf.c 2019-10-09 02:31:03.000000000 +0200
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/readconf.c 2019-11-02 05:54:35.000000000 +0100
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -167,6 +167,9 @@ typedef enum {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- oHashKnownHosts,
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- oTunnel, oTunnelDevice,
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- oLocalCommand, oPermitLocalCommand, oRemoteCommand,
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#ifdef __APPLE_KEYCHAIN__
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ oUseKeychain,
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- oVisualHostKey,
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots,
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -291,6 +294,9 @@ static struct {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- { "localcommand", oLocalCommand },
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- { "permitlocalcommand", oPermitLocalCommand },
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- { "remotecommand", oRemoteCommand },
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#ifdef __APPLE_KEYCHAIN__
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ { "usekeychain", oUseKeychain},
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- { "visualhostkey", oVisualHostKey },
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- { "kexalgorithms", oKexAlgorithms },
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- { "ipqos", oIPQoS },
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -1520,6 +1526,12 @@ parse_keytypes:
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- charptr = &options->remote_command;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- goto parse_command;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#ifdef __APPLE_KEYCHAIN__
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ case oUseKeychain:
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ intptr = &options->use_keychain;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ goto parse_flag;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- case oVisualHostKey:
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- intptr = &options->visual_host_key;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- goto parse_flag;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -1929,6 +1941,9 @@ initialize_options(Options * options)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- options->local_command = NULL;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- options->permit_local_command = -1;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- options->remote_command = NULL;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#ifdef __APPLE_KEYCHAIN__
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ options->use_keychain = -1;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- options->add_keys_to_agent = -1;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- options->identity_agent = NULL;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- options->visual_host_key = -1;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -2168,6 +2183,11 @@ fill_default_options(Options * options)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- /* options->hostname will be set in the main program if appropriate */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- /* options->host_key_alias should not be set by default */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- /* options->preferred_authentications will be set in ssh */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#ifdef __APPLE_KEYCHAIN__
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ if (options->use_keychain == -1)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ options->use_keychain = 0;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- struct fwdarg {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>---- a/readconf.h 2019-10-09 02:31:03.000000000 +0200
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/readconf.h 2019-11-02 05:54:35.000000000 +0100
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -137,6 +137,9 @@ typedef struct {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- char *local_command;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- int permit_local_command;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- char *remote_command;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#ifdef __APPLE_KEYCHAIN__
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ int use_keychain;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- int visual_host_key;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- int request_tty;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>---- a/session.c 2019-10-09 02:31:03.000000000 +0200
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/session.c 2019-11-02 05:54:35.000000000 +0100
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -1185,6 +1185,21 @@ do_setup_env(struct ssh *ssh, Session *s
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND",
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- original_command);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#ifdef __APPLE_TMPDIR__
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ char tmpdir[MAXPATHLEN] = {0};
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ size_t len = 0;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ len = confstr(_CS_DARWIN_USER_TEMP_DIR, tmpdir, sizeof(tmpdir));
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ if (len > 0) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ child_set_env(&env, &envsize, "TMPDIR", tmpdir);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ debug2("%s: set TMPDIR", __func__);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ } else {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ // errno is set by confstr
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ errno = 0;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ debug2("%s: unable to set TMPDIR", __func__);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif /* __APPLE_TMPDIR__ */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if (debug_flag) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- /* dump the environment */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- fprintf(stderr, "Environment:\n");
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>---- a/ssh-add.0 2019-10-09 02:39:14.000000000 +0200
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/ssh-add.0 2019-11-02 05:54:35.000000000 +0100
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -4,7 +4,7 @@ NAME
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ssh-add M-bM-^@M-^S adds private key identities to the authentication agent
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- SYNOPSIS
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-- ssh-add [-cDdkLlqvXx] [-E fingerprint_hash] [-t life] [file ...]
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ ssh-add [-AcDdKkLlqvXx] [-E fingerprint_hash] [-t life] [file ...]
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ssh-add -s pkcs11
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ssh-add -e pkcs11
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ssh-add -T pubkey ...
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -28,6 +28,9 @@ DESCRIPTION
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- The options are as follows:
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ -A Add identities to the agent using any passphrases stored in your
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ macOS keychain.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- -c Indicates that added identities should be subject to confirmation
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- before being used for authentication. Confirmation is performed
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- by ssh-askpass(1). Successful confirmation is signaled by a zero
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -52,6 +55,10 @@ DESCRIPTION
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- -e pkcs11
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- Remove keys provided by the PKCS#11 shared library pkcs11.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ -K When adding identities, each passphrase will also be stored in
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ your macOS keychain. When removing identities with -d, each
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ passphrase will be removed from your macOS keychain.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- -k When loading keys into or deleting keys from the agent, process
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- plain private keys only and skip certificates.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>---- a/ssh-add.1 2019-10-09 02:31:03.000000000 +0200
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/ssh-add.1 2019-11-02 05:54:35.000000000 +0100
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -43,7 +43,7 @@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- .Nd adds private key identities to the authentication agent
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- .Sh SYNOPSIS
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- .Nm ssh-add
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--.Op Fl cDdkLlqvXx
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+.Op Fl AcDdKKkLlqvXx
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- .Op Fl E Ar fingerprint_hash
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- .Op Fl t Ar life
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- .Op Ar
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -87,6 +87,9 @@ to work.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- .Pp
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- The options are as follows:
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- .Bl -tag -width Ds
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+.It Fl A
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+Add identities to the agent using any passphrases stored in your macOS
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+keychain.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- .It Fl c
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- Indicates that added identities should be subject to confirmation before
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- being used for authentication.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -121,6 +124,10 @@ The default is
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- .It Fl e Ar pkcs11
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- Remove keys provided by the PKCS#11 shared library
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- .Ar pkcs11 .
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+.It Fl K
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+When adding identities, each passphrase will also be stored in your macOS
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+keychain. When removing identities with -d, each passphrase will be removed
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+from your macOS keychain.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- .It Fl k
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- When loading keys into or deleting keys from the agent, process plain private
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- keys only and skip certificates.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>---- a/ssh-add.c 2019-10-09 02:31:03.000000000 +0200
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/ssh-add.c 2019-11-02 05:54:47.000000000 +0100
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -67,6 +67,11 @@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #include "ssherr.h"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #include "digest.h"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#ifdef __APPLE_KEYCHAIN__
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#include "keychain.h"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+static int use_keychain = 0;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- /* argv0 */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- extern char *__progname;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -115,6 +120,11 @@ delete_file(int agent_fd, const char *fi
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- char *certpath = NULL, *comment = NULL;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- int r, ret = -1;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#ifdef __APPLE_KEYCHAIN__
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ if (use_keychain)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ remove_from_keychain(filename);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if ((r = sshkey_load_public(filename, &public, &comment)) != 0) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- printf("Bad key file %s: %s\n", filename, ssh_err(r));
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- return -1;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -246,7 +256,22 @@ add_file(int agent_fd, const char *filen
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- filename, ssh_err(r));
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- goto fail_load;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#ifdef __APPLE_KEYCHAIN__
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ if (use_keychain && private != NULL)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ store_in_keychain(filename, pass);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#ifdef __APPLE_KEYCHAIN__
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ // try the keychain
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ if (private == NULL && use_keychain) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ clear_pass();
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ pass = keychain_read_passphrase(filename);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ if (pass != NULL)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ sshkey_parse_private_fileblob(keyblob, pass, &private, &comment);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if (private == NULL) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- /* clear passphrase since it did not work */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- clear_pass();
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -258,7 +283,15 @@ add_file(int agent_fd, const char *filen
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- goto fail_load;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if ((r = sshkey_parse_private_fileblob(keyblob, pass,
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- &private, &comment)) == 0)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#ifdef __APPLE_KEYCHAIN__
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ if (use_keychain && private != NULL)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ store_in_keychain(filename, pass);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- break;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#else
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ break;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- else if (r != SSH_ERR_KEY_WRONG_PASSPHRASE) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- fprintf(stderr,
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- "Error loading key \"%s\": %s\n",
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -563,6 +596,11 @@ usage(void)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- fprintf(stderr, " -T pubkey Test if ssh-agent can access matching private key.\n");
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- fprintf(stderr, " -q Be quiet after a successful operation.\n");
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- fprintf(stderr, " -v Be more verbose.\n");
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#ifdef __APPLE_KEYCHAIN__
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ fprintf(stderr, " -A Add all identities stored in your macOS keychain.\n");
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ fprintf(stderr, " -K Store passphrases in your macOS keychain.\n");
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ fprintf(stderr, " With -d, remove passphrases from your macOS keychain.\n");
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- int
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -600,7 +638,11 @@ main(int argc, char **argv)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- exit(2);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#ifdef __APPLE_KEYCHAIN__
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ while ((ch = getopt(argc, argv, "vklLcdDTxXE:e:M:m:qs:t:KA")) != -1) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#else
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- while ((ch = getopt(argc, argv, "vklLcdDTxXE:e:M:m:qs:t:")) != -1) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- switch (ch) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- case 'v':
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if (log_level == SYSLOG_LEVEL_INFO)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -673,6 +715,18 @@ main(int argc, char **argv)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- case 'T':
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- Tflag = 1;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- break;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#ifdef __APPLE_KEYCHAIN__
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ case 'A':
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ use_keychain = 1;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ if (load_identities_from_keychain(^(const char *filename){
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ return add_file(agent_fd, filename, 0, qflag);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ }))
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ ret = 1;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ goto done;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ case 'K':
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ use_keychain = 1;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ break;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- default:
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- usage();
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ret = 1;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>---- a/ssh-agent.c 2019-10-09 02:31:03.000000000 +0200
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/ssh-agent.c 2019-11-02 05:54:35.000000000 +0100
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -70,6 +70,10 @@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #include <time.h>
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #include <string.h>
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #include <unistd.h>
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#ifdef __APPLE_LAUNCHD__
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#include <launch.h>
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#include <AvailabilityMacros.h>
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #ifdef HAVE_UTIL_H
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # include <util.h>
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #endif
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -1088,6 +1092,9 @@ int
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- main(int ac, char **av)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- int c_flag = 0, d_flag = 0, D_flag = 0, k_flag = 0, s_flag = 0;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ #ifdef __APPLE_LAUNCHD__
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ int l_flag = 0;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ #endif
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- int sock, fd, ch, result, saved_errno;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- char *shell, *format, *pidstr, *agentsocket = NULL;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #ifdef HAVE_SETRLIMIT
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -1119,7 +1126,11 @@ main(int ac, char **av)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- __progname = ssh_get_progname(av[0]);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- seed_rng();
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#ifdef __APPLE_LAUNCHD__
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ while ((ch = getopt(ac, av, "cDdklsE:a:P:t:")) != -1) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#else
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- while ((ch = getopt(ac, av, "cDdksE:a:P:t:")) != -1) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- switch (ch) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- case 'E':
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- fingerprint_hash = ssh_digest_alg_by_name(optarg);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -1139,6 +1150,11 @@ main(int ac, char **av)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- fatal("-P option already specified");
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- pkcs11_whitelist = xstrdup(optarg);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- break;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#ifdef __APPLE_LAUNCHD__
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ case 'l':
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ l_flag++;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ break;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- case 's':
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if (c_flag)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- usage();
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -1241,6 +1257,75 @@ main(int ac, char **av)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- * Create socket early so it will exist before command gets run from
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- * the parent.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#ifdef __APPLE_LAUNCHD__
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ if (l_flag) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if ((defined (MAC_OS_X_VERSION_10_11)) && (MAC_OS_X_VERSION_MIN_REQUIRED >= MAC_OS_X_VERSION_10_11))
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ int *fds = NULL;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ size_t count = 0;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ result = launch_activate_socket("Listeners", &fds, &count);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ if (result != 0 || fds == NULL || count < 1) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ errno = result;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ perror("launch_activate_socket()");
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ exit(1);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ size_t i;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ for (i = 0; i < count; i++) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ new_socket(AUTH_SOCKET, fds[i]);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ if (fds)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ free(fds);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ goto skip2;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#else /* ((defined (MAC_OS_X_VERSION_10_11)) && (MAC_OS_X_VERSION_MIN_REQUIRED >= MAC_OS_X_VERSION_10_11)) */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ launch_data_t resp, msg, tmp;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ size_t listeners_i;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ msg = launch_data_new_string(LAUNCH_KEY_CHECKIN);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ resp = launch_msg(msg);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ if (NULL == resp) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ perror("launch_msg");
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ exit(1);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ launch_data_free(msg);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ switch (launch_data_get_type(resp)) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ case LAUNCH_DATA_ERRNO:
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ errno = launch_data_get_errno(resp);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ perror("launch_msg response");
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ exit(1);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ case LAUNCH_DATA_DICTIONARY:
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ break;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ default:
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ fprintf(stderr, "launch_msg unknown response");
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ exit(1);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ tmp = launch_data_dict_lookup(resp, LAUNCH_JOBKEY_SOCKETS);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ if (NULL == tmp) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ fprintf(stderr, "no sockets\n");
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ exit(1);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ tmp = launch_data_dict_lookup(tmp, "Listeners");
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ if (NULL == tmp) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ fprintf(stderr, "no known listeners\n");
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ exit(1);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ for (listeners_i = 0; listeners_i < launch_data_array_get_count(tmp); listeners_i++) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ launch_data_t obj_at_ind = launch_data_array_get_index(tmp, listeners_i);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ new_socket(AUTH_SOCKET, launch_data_get_fd(obj_at_ind));
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ launch_data_free(resp);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif /* ((defined (MAC_OS_X_VERSION_10_11)) && (MAC_OS_X_VERSION_MIN_REQUIRED >= MAC_OS_X_VERSION_10_11)) */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ } else {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- prev_mask = umask(0177);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- sock = unix_listener(socket_name, SSH_LISTEN_BACKLOG, 0);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if (sock < 0) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -1248,7 +1333,18 @@ main(int ac, char **av)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- *socket_name = '\0'; /* Don't unlink any existing file */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- cleanup_exit(1);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- umask(prev_mask);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#ifdef __APPLE_LAUNCHD__
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#ifdef __APPLE_LAUNCHD__
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if ((!(defined (MAC_OS_X_VERSION_10_11))) || (MAC_OS_X_VERSION_MIN_REQUIRED < MAC_OS_X_VERSION_10_11))
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ if (l_flag)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ goto skip2;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif /* ((!(defined (MAC_OS_X_VERSION_10_11))) || (MAC_OS_X_VERSION_MIN_REQUIRED < MAC_OS_X_VERSION_10_11)) */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif /* defined (__APPLE_LAUNCHD__) */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- /*
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- * Fork, and have the parent execute the command, if any, or present
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -1326,6 +1422,9 @@ skip:
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- pkcs11_init(0);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #endif
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- new_socket(AUTH_SOCKET, sock);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#ifdef __APPLE_LAUNCHD__
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+skip2:
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if (ac > 0)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- parent_alive_interval = 10;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- idtab_init();
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>---- a/sshconnect2.c 2019-10-09 02:31:03.000000000 +0200
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/sshconnect2.c 2019-11-02 05:54:35.000000000 +0100
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -73,6 +73,11 @@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #include "ssherr.h"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #include "utf8.h"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#ifdef __APPLE_KEYCHAIN__
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#include "keychain.h"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+int found_in_keychain = 0;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #ifdef GSSAPI
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #include "ssh-gss.h"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #endif
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -1415,6 +1420,12 @@ load_identity_file(Identity *id)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- snprintf(prompt, sizeof prompt,
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- "Enter passphrase for key '%.100s': ", id->filename);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- for (i = 0; i <= options.number_of_password_prompts; i++) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#ifdef __APPLE_KEYCHAIN__
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ if (i == 0 && options.use_keychain && (passphrase = keychain_read_passphrase(id->filename)) != NULL) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ found_in_keychain = 1;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ debug2("using passphrase from keychain");
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ } else
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if (i == 0)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- passphrase = "";
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- else {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -1450,6 +1461,14 @@ load_identity_file(Identity *id)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- quit = 1;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- break;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#ifdef __APPLE_KEYCHAIN__
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ if (!quit && private != NULL && !(id->key && id->isprivate) && options.use_keychain && !found_in_keychain) {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ debug2("storing passphrase in keychain");
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ store_in_keychain(id->filename, passphrase);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if (!quit && private != NULL && id->agent_fd == -1 &&
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- !(id->key && id->isprivate))
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- maybe_add_key_to_agent(id->filename, private, comment,
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>---- a/ssh-agent.0 2019-10-09 02:39:14.000000000 +0200
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/ssh-agent.0 2019-11-02 05:54:35.000000000 +0100
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -7,6 +7,7 @@ SYNOPSIS
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ssh-agent [-c | -s] [-Dd] [-a bind_address] [-E fingerprint_hash]
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- [-P pkcs11_whitelist] [-t life] [command [arg ...]]
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ssh-agent [-c | -s] -k
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ ssh-agent -l
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- DESCRIPTION
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ssh-agent is a program to hold private keys used for public key
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -64,6 +65,9 @@ DESCRIPTION
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- for an identity with ssh-add(1) overrides this value. Without
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- this option the default maximum lifetime is forever.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ -l Start in launchd mode. This feature should only be used by macOS
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ itself. It is not very useful to users.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- If a command line is given, this is executed as a subprocess of the
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- agent. When the command dies, so does the agent.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>---- a/ssh-agent.1 2019-10-09 02:31:03.000000000 +0200
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/ssh-agent.1 2019-11-02 05:54:35.000000000 +0100
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -52,6 +52,8 @@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- .Nm ssh-agent
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- .Op Fl c | s
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- .Fl k
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+.Nm ssh-agent
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+.Fl l
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- .Sh DESCRIPTION
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- .Nm
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- is a program to hold private keys used for public key authentication
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -148,6 +150,10 @@ A lifetime specified for an identity wit
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- .Xr ssh-add 1
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- overrides this value.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- Without this option the default maximum lifetime is forever.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+.It Fl l
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+Start in launchd mode.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+This feature should only be used by macOS itself.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+It is not very useful to users.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- .El
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- .Pp
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- If a command line is given, this is executed as a subprocess of the agent.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>---- /dev/null 1970-01-01 00:00:00.000000000 +0000
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/SecItemPriv-shim.h 2019-11-02 05:54:35.000000000 +0100
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -0,0 +1,105 @@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+/*
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * Copyright (c) 2006-2013 Apple Inc. All Rights Reserved.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ *
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * @APPLE_LICENSE_HEADER_START@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ *
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * This file contains Original Code and/or Modifications of Original Code
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * as defined in and that are subject to the Apple Public Source License
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * Version 2.0 (the 'License'). You may not use this file except in
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * compliance with the License. Please obtain a copy of the License at
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * http://www.opensource.apple.com/apsl/ and read it before using this
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * file.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ *
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * The Original Code and all software distributed under the License are
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * Please see the License for the specific language governing rights and
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * limitations under the License.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ *
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * @APPLE_LICENSE_HEADER_END@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+/*
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ @header SecItemPriv
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ SecItemPriv defines private constants and SPI functions for access to
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ Security items (certificates, identities, keys, and keychain items.)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ ====== MACPORTS NOTICE ======
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ Apple uses this private header file for building its OpenSSH keychain
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ integration. They are able to do this because they have either converted
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ all (or most?) upstream projects into Xcode projects and can then use
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ private headers, but our users can't.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ Private header files are never installed onto user systems and there
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ aren't any SDKs that users could install to get them.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ Luckily, the Security Framework *is* (currently) free software, so we do
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ have access to it via https://opensource.apple.com
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ We can, hence, take a look at it and copy relevant parts/declarations.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ We cannot, however, make sure that the declarations in here are actually
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ defined in the Security Framework binaries/libraries themselves, so
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ building this part, especially on older systems, might still fail.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ ====== MACPORTS NOTICE ======
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+*/
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#ifndef _SECURITY_SECITEMPRIV_H_
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#define _SECURITY_SECITEMPRIV_H_
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#include <CoreFoundation/CFDictionary.h>
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#include <CoreFoundation/CFData.h>
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#include <CoreFoundation/CFError.h>
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#include <TargetConditionals.h>
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#include <Security/SecBase.h>
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if ((defined (MAC_OS_X_VERSION_10_7)) && (MAC_OS_X_VERSION_MIN_REQUIRED >= MAC_OS_X_VERSION_10_7))
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#include <xpc/xpc.h>
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE))
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#include <Security/SecTask.h>
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif /* ((defined (MAC_OS_X_VERSION_10_7)) && (MAC_OS_X_VERSION_MIN_REQUIRED >= MAC_OS_X_VERSION_10_7)) */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+__BEGIN_DECLS
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+/*
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ @enum Attribute Key Constants (Private)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ @discussion Predefined item attribute keys used to get or set values in a
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ dictionary. Not all attributes apply to each item class. The table
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ below lists the currently defined attributes for each item class:
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ @constant kSecAttrNoLegacy Specifies a dictionary key whose
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ value is a CFBooleanRef indicating that the query must be run on the
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ syncable backend even for non syncable items.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ @constant kSecAttrAccessGroup Specifies a dictionary key whole value is
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ a CFStringRef indicating which access group a item is in. The access
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ groups that a particular application has access to are determined by
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ an entitlement in that application.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+*/
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if ((defined (MAC_OS_X_VERSION_10_11)) && (MAC_OS_X_VERSION_MIN_REQUIRED >= MAC_OS_X_VERSION_10_11))
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+extern const CFStringRef kSecAttrNoLegacy
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ __OSX_AVAILABLE(10.11) __IOS_AVAILABLE(9.3) __TVOS_AVAILABLE(9.3) __WATCHOS_AVAILABLE(2.3);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif /* ((defined (MAC_OS_X_VERSION_10_11)) && (MAC_OS_X_VERSION_MIN_REQUIRED >= MAC_OS_X_VERSION_10_11)) */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if ((!(defined (MAC_OS_X_VERSION_10_8))) || (MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_8))
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+extern CFTypeRef kSecAttrAccessGroup;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif /* ((!(defined (MAC_OS_X_VERSION_10_8))) || (MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_8)) */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if ((!(defined (MAC_OS_X_VERSION_10_6))) || (MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_6))
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+/*
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ @enum Class Value Constants (Private)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ @discussion Predefined item class constants used to get or set values in
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ a dictionary. The kSecClass constant is the key and its value is one
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ of the constants defined here.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ @constant kSecClassGenericPassword Specifies generic password items.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+extern const CFTypeRef kSecClassGenericPassword;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif /* ((!(defined (MAC_OS_X_VERSION_10_6))) || (MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_6)) */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+__END_DECLS
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif /* !_SECURITY_SECITEMPRIV_H_ */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>---- /dev/null 1970-01-01 00:00:00.000000000 +0000
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/macos-object-subscripting.m 2019-11-02 05:54:35.000000000 +0100
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -0,0 +1,65 @@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+/*
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * Copyright (c) 2017-2019 Mihai Moldovan <ionic@ionic.de>
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ *
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * Redistribution and use in source and binary forms, with or without
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * modification, are permitted provided that the following conditions
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * are met:
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ *
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * 1. Redistributions of source code must retain the above copyright
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * notice, this list of conditions and the following disclaimer.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * 2. Redistributions in binary form must reproduce the above copyright
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * notice, this list of conditions and the following disclaimer in the
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * documentation and/or other materials provided with the distribution.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * 3. Neither the name of the copyright holder nor the names of its
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * contributors may be used to endorse or promote products derived from
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * this software without specific prior written permission.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ *
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND ITS CONTRIBUTORS
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ * POSSIBILITY OF SUCH DAMAGE.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#include <AvailabilityMacros.h>
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#if ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_7))
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+@implementation NSArray (SubscriptingAdditions)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+- (id)objectAtIndexedSubscript:(NSUInteger)index
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+{
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ return [self objectAtIndex:index];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+}
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+@end
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+@implementation NSMutableArray (SubscriptingAdditions)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+- (void)setObject:(id)object atIndexedSubscript:(NSUInteger)index
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+{
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ if (index == [self count])
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ [self addObject:object];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ else
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ [self replaceObjectAtIndex:index withObject:object];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+}
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+@end
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+@implementation NSDictionary (SubscriptingAdditions)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+- (id)objectForKeyedSubscript:(id)key
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+{
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ return [self objectForKey:key];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+}
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+@end
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+@implementation NSMutableDictionary (SubscriptingAdditions)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+- (void)setObject:(id)object forKeyedSubscript:(id)key
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+{
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ [self setObject:object forKey:key];
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+}
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+@end
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#endif /* ((!(defined (MAC_OS_X_VERSION_10_7))) || (MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_7)) */
</span><span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/openssh/files/macports-config.patch b/net/openssh/files/macports-config.patch
</span><span style='display:block; white-space:pre;color:#808080;'>index d98c39b02f8..5838506644c 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/net/openssh/files/macports-config.patch
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/openssh/files/macports-config.patch
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1,5 +1,5 @@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>---- a/ssh_config 2019-10-17 01:02:18.000000000 +0200
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/ssh_config 2019-10-17 01:07:26.000000000 +0200
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- a/ssh_config 2020-09-27 02:25:01.000000000 -0500
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ b/ssh_config 2020-12-12 19:19:55.000000000 -0600
</span> @@ -17,7 +17,7 @@
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -9,10 +9,10 @@
</span> # ForwardAgent no
# ForwardX11 no
# PasswordAuthentication yes
<span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -43,3 +43,4 @@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- # VisualHostKey no
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -44,3 +44,4 @@
</span> # ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
<span style='display:block; white-space:pre;background:#e0ffe0;'>+ # UserKnownHostsFile ~/.ssh/known_hosts.d/%k
</span> + SendEnv LANG LC_*
--- a/ssh_config.5 2019-10-17 01:02:18.000000000 +0200
+++ b/ssh_config.5 2019-10-17 01:11:33.000000000 +0200
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/openssh/files/openssh-8.1p1-gsskex-all-20141021-mp-20191015.patch b/net/openssh/files/openssh-8.1p1-gsskex-all-20141021-mp-20201216.patch
</span>similarity index 98%
rename from net/openssh/files/openssh-8.1p1-gsskex-all-20141021-mp-20191015.patch
rename to net/openssh/files/openssh-8.1p1-gsskex-all-20141021-mp-20201216.patch
<span style='display:block; white-space:pre;color:#808080;'>index 4a5502a3083..1fd4d51fa72 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/net/openssh/files/openssh-8.1p1-gsskex-all-20141021-mp-20191015.patch
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/openssh/files/openssh-8.1p1-gsskex-all-20141021-mp-20201216.patch
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -204,9 +204,9 @@ X-Ref: https://salsa.debian.org/ssh-team/openssh/blob/767ee84d3465b6d244a9108de5
</span> + add support for GssapiTrustDns option for gssapi-with-mic
+ (from jbasney AT ncsa.uiuc.edu)
+ <gssapi-with-mic support is Bugzilla #1008>
<span style='display:block; white-space:pre;background:#ffe0e0;'>---- a/Makefile.in 2019-11-08 15:37:14.000000000 +0100
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/Makefile.in 2019-11-08 15:37:23.000000000 +0100
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -87,6 +87,7 @@ LIBOPENSSH_OBJS=\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- a/Makefile.in.orig 2020-09-27 02:25:01.000000000 -0500
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ b/Makefile.in 2020-12-16 18:31:47.000000000 -0600
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -91,6 +91,7 @@
</span>
LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
authfd.o authfile.o \
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -214,22 +214,22 @@ X-Ref: https://salsa.debian.org/ssh-team/openssh/blob/767ee84d3465b6d244a9108de5
</span> canohost.o channels.o cipher.o cipher-aes.o cipher-aesctr.o \
cipher-ctr.o cleanup.o \
compat.o fatal.o hostfile.o \
<span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -102,6 +103,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -106,6 +107,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ hmac.o sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o \
</span> kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \
kexgexc.o kexgexs.o \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- sntrup4591761.o kexsntrup4591761x25519.o kexgen.o \
</span> + kexgssc.o \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- platform-pledge.o platform-tracing.o platform-misc.o
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -116,7 +118,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ sntrup4591761.o kexsntrup4591761x25519.o kexgen.o \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ sftp-realpath.o platform-pledge.o platform-tracing.o platform-misc.o \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ sshbuf-io.o
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -123,7 +125,7 @@
</span> auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \
auth2-none.o auth2-passwd.o auth2-pubkey.o \
monitor.o monitor_wrap.o auth-krb5.o \
- auth2-gss.o gss-serv.o gss-serv-krb5.o \
+ auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o \
loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- sftp-server.o sftp-common.o sftp-realpath.o \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ sftp-server.o sftp-common.o \
</span> sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
--- a/auth-krb5.c 2019-10-09 02:31:03.000000000 +0200
+++ b/auth-krb5.c 2019-11-08 15:37:23.000000000 +0100
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -3057,22 +3057,6 @@ X-Ref: https://salsa.debian.org/ssh-team/openssh/blob/767ee84d3465b6d244a9108de5
</span> .Xr ssh 1
--- a/sshconnect2.c 2019-11-08 15:37:14.000000000 +0100
+++ b/sshconnect2.c 2019-11-08 15:37:23.000000000 +0100
<span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -77,14 +77,13 @@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #include "keychain.h"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- int found_in_keychain = 0;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #endif
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#include "auth-compat.h"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #ifdef GSSAPI
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #include "ssh-gss.h"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #endif
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- /* import */
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--extern char *client_version_string;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--extern char *server_version_string;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- extern Options options;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- /*
</span> @@ -166,6 +165,11 @@ ssh_kex2(struct ssh *ssh, char *host, st
char *s, *all_key;
int r;
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -3527,19 +3511,19 @@ X-Ref: https://salsa.debian.org/ssh-team/openssh/blob/767ee84d3465b6d244a9108de5
</span> continue;
if (!include_sigonly && kt->sigonly)
continue;
<span style='display:block; white-space:pre;background:#ffe0e0;'>---- a/sshkey.h 2019-10-09 02:31:03.000000000 +0200
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/sshkey.h 2019-11-08 15:37:23.000000000 +0100
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -65,6 +65,7 @@ enum sshkey_types {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- a/sshkey.h.orig 2020-09-27 02:25:01.000000000 -0500
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ b/sshkey.h 2020-12-16 18:42:50.000000000 -0600
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -65,6 +65,7 @@
</span> KEY_ED25519_CERT,
KEY_XMSS,
KEY_XMSS_CERT,
+ KEY_NULL,
<span style='display:block; white-space:pre;background:#ffe0e0;'>- KEY_UNSPEC
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- };
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>---- a/auth.c 2019-10-09 02:31:03.000000000 +0200
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/auth.c 2019-11-08 15:37:23.000000000 +0100
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -399,7 +399,8 @@ auth_root_allowed(struct ssh *ssh, const
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ KEY_ECDSA_SK,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ KEY_ECDSA_SK_CERT,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ KEY_ED25519_SK,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- a/auth.c.orig 2020-09-27 02:25:01.000000000 -0500
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ b/auth.c 2020-12-16 18:45:58.000000000 -0600
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -400,7 +400,8 @@
</span> case PERMIT_NO_PASSWD:
if (strcmp(method, "publickey") == 0 ||
strcmp(method, "hostbased") == 0 ||
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -3549,7 +3533,7 @@ X-Ref: https://salsa.debian.org/ssh-team/openssh/blob/767ee84d3465b6d244a9108de5
</span> return 1;
break;
case PERMIT_FORCED_ONLY:
<span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -724,120 +725,6 @@ fakepw(void)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -725,120 +726,6 @@
</span> }
/*
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -3577,7 +3561,7 @@ X-Ref: https://salsa.debian.org/ssh-team/openssh/blob/767ee84d3465b6d244a9108de5
</span> - if (getpeername(ssh_packet_get_connection_in(ssh),
- (struct sockaddr *)&from, &fromlen) == -1) {
- debug("getpeername failed: %.100s", strerror(errno));
<span style='display:block; white-space:pre;background:#ffe0e0;'>-- return strdup(ntop);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- return xstrdup(ntop);
</span> - }
-
- ipv64_normalise_mapped(&from, &fromlen);
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -3589,7 +3573,7 @@ X-Ref: https://salsa.debian.org/ssh-team/openssh/blob/767ee84d3465b6d244a9108de5
</span> - if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
- NULL, 0, NI_NAMEREQD) != 0) {
- /* Host name not found. Use ip address. */
<span style='display:block; white-space:pre;background:#ffe0e0;'>-- return strdup(ntop);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- return xstrdup(ntop);
</span> - }
-
- /*
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -3604,7 +3588,7 @@ X-Ref: https://salsa.debian.org/ssh-team/openssh/blob/767ee84d3465b6d244a9108de5
</span> - logit("Nasty PTR record \"%s\" is set up for %s, ignoring",
- name, ntop);
- freeaddrinfo(ai);
<span style='display:block; white-space:pre;background:#ffe0e0;'>-- return strdup(ntop);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- return xstrdup(ntop);
</span> - }
-
- /* Names are stored in lowercase. */
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -3625,7 +3609,7 @@ X-Ref: https://salsa.debian.org/ssh-team/openssh/blob/767ee84d3465b6d244a9108de5
</span> - if (getaddrinfo(name, NULL, &hints, &aitop) != 0) {
- logit("reverse mapping checking getaddrinfo for %.700s "
- "[%s] failed.", name, ntop);
<span style='display:block; white-space:pre;background:#ffe0e0;'>-- return strdup(ntop);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- return xstrdup(ntop);
</span> - }
- /* Look for the address from the list of addresses. */
- for (ai = aitop; ai; ai = ai->ai_next) {
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -3640,9 +3624,9 @@ X-Ref: https://salsa.debian.org/ssh-team/openssh/blob/767ee84d3465b6d244a9108de5
</span> - /* Address not found for the host name. */
- logit("Address %.100s maps to %.600s, but this does not "
- "map back to the address.", ntop, name);
<span style='display:block; white-space:pre;background:#ffe0e0;'>-- return strdup(ntop);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- return xstrdup(ntop);
</span> - }
<span style='display:block; white-space:pre;background:#ffe0e0;'>-- return strdup(name);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- return xstrdup(name);
</span> -}
-
-/*
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -3990,23 +3974,23 @@ X-Ref: https://salsa.debian.org/ssh-team/openssh/blob/767ee84d3465b6d244a9108de5
</span> .Ar key
(key types),
.Ar key-cert
<span style='display:block; white-space:pre;background:#ffe0e0;'>---- a/ssh.c 2019-10-09 02:31:03.000000000 +0200
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/ssh.c 2019-11-08 15:37:23.000000000 +0100
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -736,6 +736,8 @@ main(int ac, char **av)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- cp = mac_alg_list('\n');
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- else if (strcmp(optarg, "kex") == 0)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- a/ssh.c.orig 2020-09-27 02:25:01.000000000 -0500
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ b/ssh.c 2020-12-16 18:50:05.000000000 -0600
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -801,6 +801,8 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ else if (strcmp(optarg, "kex") == 0 ||
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ strcasecmp(optarg, "KexAlgorithms") == 0)
</span> cp = kex_alg_list('\n');
+ else if (strcmp(optarg, "kex-gss") == 0)
+ cp = kex_gss_alg_list('\n');
else if (strcmp(optarg, "key") == 0)
cp = sshkey_alg_list(0, 0, 0, '\n');
else if (strcmp(optarg, "key-cert") == 0)
<span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -748,7 +750,7 @@ main(int ac, char **av)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- cp = xstrdup("2");
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- else if (strcmp(optarg, "help") == 0) {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -825,7 +827,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ cp[n] = '\n';
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } else if (strcmp(optarg, "help") == 0) {
</span> cp = xstrdup(
<span style='display:block; white-space:pre;background:#ffe0e0;'>-- "cipher\ncipher-auth\nkex\nkey\n"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ "cipher\ncipher-auth\nkex\nkex-gss\nkey\n"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- "key-cert\nkey-plain\nmac\n"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- "cipher\ncipher-auth\ncompression\nkex\n"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ "cipher\ncipher-auth\ncompression\nkex-gss\nkex\n"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "key\nkey-cert\nkey-plain\nkey-sig\nmac\n"
</span> "protocol-version\nsig");
}
</pre><pre style='margin:0'>
</pre>