[92129] trunk/dports/net/openssh

jeremyhu at macports.org jeremyhu at macports.org
Thu Apr 19 09:20:26 PDT 2012 

Revision: 92129
          https://trac.macports.org/changeset/92129
Author:   jeremyhu at macports.org
Date:     2012-04-19 09:20:26 -0700 (Thu, 19 Apr 2012)
Log Message:
-----------
openssh: Show the xauth warning only when appropriate (related to #29619), and use our kerberos (#23422).

Modified Paths:
--------------
    trunk/dports/net/openssh/Portfile

Added Paths:
-----------
    trunk/dports/net/openssh/files/launchd.patch

Removed Paths:
-------------
    trunk/dports/net/openssh/files/DVG-5142987_launchd_DISPLAY_for_X11.patch

Modified: trunk/dports/net/openssh/Portfile
===================================================================
--- trunk/dports/net/openssh/Portfile	2012-04-19 16:15:27 UTC (rev 92128)
+++ trunk/dports/net/openssh/Portfile	2012-04-19 16:20:26 UTC (rev 92129)
@@ -5,7 +5,7 @@
 
 name            openssh
 version         5.9p1
-revision        2
+revision        3
 
 categories      net
 maintainers     jwa openmaintainer
@@ -36,9 +36,12 @@
     ftp://ftp.cse.buffalo.edu/pub/OpenBSD/OpenSSH/portable/ \
     ftp://openbsd.mirrors.pair.com/ftp/OpenSSH/portable \
     ftp://openbsd.secsup.org/pub/openbsd/OpenSSH/portable/
-depends_lib     port:openssl port:zlib
+depends_lib     port:openssl port:zlib port:kerberos5
 depends_run     port:xauth
 
+patchfiles \
+    launchd.patch
+
 # Specified -fno-builtin because GCC 3.3 has log() as a builtin
 # (from math.h) while OpenSSH has its own log() function
 # -- from fink.
@@ -48,7 +51,7 @@
     --with-pid-dir=${prefix}/var/run --with-tcp-wrappers \
     --with-pam --disable-suid-ssh --with-random=/dev/urandom \
     --mandir=${prefix}/share/man --with-zlib=${prefix} \
-    --with-kerberos5=/usr --with-xauth=${prefix}/bin/xauth \
+    --with-kerberos5=${prefix} --with-xauth=${prefix}/bin/xauth \
     --with-libedit
 
 use_parallel_build      yes
@@ -82,10 +85,6 @@
   }
 }
 
-variant mute_fake_xauth description "Do not print (typically due to XQuartz) 'using fake authentication data' warning messages" {
-  patchfiles-append   patch-clientloop.c.diff
-}
- 
 variant gss_api_trust_dns description "Enable GSSAPITrustDNS SSH configuration keyword" {
   patchfiles-append GSSAPITrustDNS.patch
 }
@@ -115,15 +114,6 @@
   }
 }
 
-platform darwin 9 {
-#  patch_sites-append   http://www.opensource.apple.com/darwinsource/10.5/OpenSSH-87/patches/:apple
-#  patchfiles-append    DVG-5142987_launchd_DISPLAY_for_X11.patch:apple
-#  checksums-append     DVG-5142987_launchd_DISPLAY_for_X11.patch \
-#                       md5 e188ebbba95c4cde61e0e1b2edc9f992 \
-#                       sha1 62735c5bfbbe1fa41433993435ded7767cc5f1f9 \
-#                       rmd160 eb5262f554583f4925f6f91f6a6d0034c70098ad
-}
-
 startupitem.create  yes
 startupitem.name    OpenSSH
 startupitem.start \

Deleted: trunk/dports/net/openssh/files/DVG-5142987_launchd_DISPLAY_for_X11.patch
===================================================================
--- trunk/dports/net/openssh/files/DVG-5142987_launchd_DISPLAY_for_X11.patch	2012-04-19 16:15:27 UTC (rev 92128)
+++ trunk/dports/net/openssh/files/DVG-5142987_launchd_DISPLAY_for_X11.patch	2012-04-19 16:20:26 UTC (rev 92129)
@@ -1,55 +0,0 @@
-diff -uNr ../openssh-4.5p1.orig/channels.c ./channels.c
---- ../openssh-4.5p1.orig/channels.c	2006-08-29 18:07:40.000000000 -0700
-+++ ./channels.c	2007-04-19 18:59:28.000000000 -0700
-@@ -2954,7 +2954,7 @@
- }
- 
- static int
--connect_local_xsocket(u_int dnr)
-+connect_local_xsocket_path(const char *pathname)
- {
- 	int sock;
- 	struct sockaddr_un addr;
-@@ -2964,7 +2964,7 @@
- 		error("socket: %.100s", strerror(errno));
- 	memset(&addr, 0, sizeof(addr));
- 	addr.sun_family = AF_UNIX;
--	snprintf(addr.sun_path, sizeof addr.sun_path, _PATH_UNIX_X, dnr);
-+	strlcpy(addr.sun_path, pathname, sizeof addr.sun_path);
- 	if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == 0)
- 		return sock;
- 	close(sock);
-@@ -2972,6 +2972,14 @@
- 	return -1;
- }
- 
-+static int
-+connect_local_xsocket(u_int dnr)
-+{
-+	char buf[1024];
-+	snprintf(buf, sizeof buf, _PATH_UNIX_X, dnr);
-+	return connect_local_xsocket_path(buf);
-+}
-+
- int
- x11_connect_display(void)
- {
-@@ -2994,9 +3002,18 @@
- 	 */
- 
- 	/*
-+	 * Check if the display is from launchd, then...
- 	 * Check if it is a unix domain socket.  Unix domain displays are in
- 	 * one of the following formats: unix:d[.s], :d[.s], ::d[.s]
- 	 */
-+	if (strncmp(display, "/tmp/launch", 11) == 0) {
-+		sock = connect_local_xsocket_path(display);
-+		if (sock < 0)
-+			return -1;
-+
-+		/* OK, we now have a connection to the display. */
-+		return sock;
-+	}
- 	if (strncmp(display, "unix:", 5) == 0 ||
- 	    display[0] == ':') {
- 		/* Connect to the unix domain socket. */

Added: trunk/dports/net/openssh/files/launchd.patch
===================================================================
--- trunk/dports/net/openssh/files/launchd.patch	                        (rev 0)
+++ trunk/dports/net/openssh/files/launchd.patch	2012-04-19 16:20:26 UTC (rev 92129)
@@ -0,0 +1,49 @@
+--- clientloop.c.orig	2011-06-22 15:31:58.000000000 -0700
++++ clientloop.c	2012-04-19 09:15:26.000000000 -0700
+@@ -296,6 +296,11 @@ client_x11_get_proto(const char *display
+ 	struct stat st;
+ 	u_int now;
+ 
++#if __APPLE__
++	char *strptr = NULL;
++	int is_launchd = 0, len_to_screen = 0;
++#endif /* __APPLE__ */
++
+ 	xauthdir = xauthfile = NULL;
+ 	*_proto = proto;
+ 	*_data = data;
+@@ -308,6 +313,24 @@ client_x11_get_proto(const char *display
+ 			debug("x11_get_proto: DISPLAY not set");
+ 			return;
+ 		}
++#if __APPLE__
++		/*
++		 * If using launchd socket, then remove the screen number from
++		 * end of $DISPLAY. is_launchd is used later in this function
++		 * to determine if an error should be displayed.
++		 */
++		if (strncmp(display, "/tmp/launch-", 12) == 0) {
++			is_launchd = 1;
++			if (NULL != (strptr = rindex(display, ':')) &&
++			    NULL != (strptr = index(strptr, '.'))) {
++				debug("x11_get_proto: $DISPLAY is launchd, removing screennum");
++				len_to_screen = strptr - display;
++				strlcpy(xdisplay, display, (len_to_screen + 1));
++				display = xdisplay;
++				setenv("DISPLAY", display, 1);
++			}
++		}
++#endif /* __APPLE__ */
+ 		/*
+ 		 * Handle FamilyLocal case where $DISPLAY does
+ 		 * not match an authorization entry.  For this we
+@@ -389,6 +412,9 @@ client_x11_get_proto(const char *display
+ 	if (!got_data) {
+ 		u_int32_t rnd = 0;
+ 
++#if __APPLE__
++		if (!is_launchd)
++#endif /* __APPLE__ */
+ 		logit("Warning: No xauth data; "
+ 		    "using fake authentication data for X11 forwarding.");
+ 		strlcpy(proto, SSH_X11_PROTO, sizeof proto);
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/macports-changes/attachments/20120419/6bbfc952/attachment.html>

More information about the macports-changes mailing list