[129548] trunk/dports/net/openssh/files/ 0002-Apple-keychain-integration-other-changes.patch
ionic at macports.org
ionic at macports.org
Mon Dec 15 07:16:01 PST 2014
Revision: 129548
https://trac.macports.org/changeset/129548
Author: ionic at macports.org
Date: 2014-12-15 07:16:00 -0800 (Mon, 15 Dec 2014)
Log Message:
-----------
openssh: make patch compatible with OpenSSH 6.7p1.
Modified Paths:
--------------
trunk/dports/net/openssh/files/0002-Apple-keychain-integration-other-changes.patch
Modified: trunk/dports/net/openssh/files/0002-Apple-keychain-integration-other-changes.patch
===================================================================
--- trunk/dports/net/openssh/files/0002-Apple-keychain-integration-other-changes.patch 2014-12-15 14:27:10 UTC (rev 129547)
+++ trunk/dports/net/openssh/files/0002-Apple-keychain-integration-other-changes.patch 2014-12-15 15:16:00 UTC (rev 129548)
@@ -1,7 +1,6 @@
-diff -urp openssh-6.5p1/Makefile.in openssh-6.5p1.patched/Makefile.in
---- openssh-6.5p1/Makefile.in 2014-01-26 22:35:04.000000000 -0800
-+++ openssh-6.5p1.patched/Makefile.in 2014-02-15 16:27:53.000000000 -0800
-@@ -58,6 +58,7 @@ SED=@SED@
+--- a/Makefile.in.old
++++ b/Makefile.in
+@@ -59,6 +59,7 @@
ENT=@ENT@
XAUTH_PATH=@XAUTH_PATH@
LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
@@ -9,7 +8,7 @@
EXEEXT=@EXEEXT@
MANFMT=@MANFMT@
-@@ -98,6 +99,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
+@@ -108,6 +109,8 @@
sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
sandbox-seccomp-filter.o sandbox-capsicum.o
@@ -18,15 +17,15 @@
MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
MANTYPE = @MANTYPE@
-@@ -133,6 +136,7 @@ all: $(CONFIGFILES) $(MANPAGES) $(TARGET
+@@ -143,6 +146,7 @@
$(LIBSSH_OBJS): Makefile.in config.h
$(SSHOBJS): Makefile.in config.h
$(SSHDOBJS): Makefile.in config.h
+$(KEYCHAINOBJS): Makefile.in config.h
.c.o:
- $(CC) $(CFLAGS) $(CPPFLAGS) -c $<
-@@ -146,8 +150,8 @@ libssh.a: $(LIBSSH_OBJS)
+ $(CC) $(CFLAGS) $(CPPFLAGS) -c $< -o $@
+@@ -156,8 +160,8 @@
$(AR) rv $@ $(LIBSSH_OBJS)
$(RANLIB) $@
@@ -37,7 +36,7 @@
sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS)
-@@ -155,11 +159,11 @@ sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(S
+@@ -165,11 +169,11 @@
scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
$(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
@@ -53,7 +52,7 @@
ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o
$(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-@@ -271,7 +275,7 @@ install-files:
+@@ -293,7 +297,7 @@
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-keygen$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-keyscan$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT) $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
@@ -62,10 +61,9 @@
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
-diff -urp openssh-6.5p1/audit-bsm.c openssh-6.5p1.patched/audit-bsm.c
---- openssh-6.5p1/audit-bsm.c 2012-02-23 15:40:43.000000000 -0800
-+++ openssh-6.5p1.patched/audit-bsm.c 2014-02-15 16:25:56.000000000 -0800
-@@ -263,7 +263,12 @@ bsm_audit_record(int typ, char *string,
+--- a/audit-bsm.c.old
++++ b/audit-bsm.c
+@@ -263,7 +263,12 @@
pid_t pid = getpid();
AuditInfoTermID tid = ssh_bsm_tid;
@@ -79,10 +77,9 @@
uid = the_authctxt->pw->pw_uid;
gid = the_authctxt->pw->pw_gid;
}
-diff -urp openssh-6.5p1/auth-pam.c openssh-6.5p1.patched/auth-pam.c
---- openssh-6.5p1/auth-pam.c 2013-12-18 16:31:45.000000000 -0800
-+++ openssh-6.5p1.patched/auth-pam.c 2014-02-15 16:25:56.000000000 -0800
-@@ -793,10 +793,11 @@ sshpam_query(void *ctx, char **name, cha
+--- a/auth-pam.c.old
++++ b/auth-pam.c
+@@ -793,10 +793,11 @@
free(msg);
return (0);
}
@@ -96,10 +93,9 @@
/* FALLTHROUGH */
default:
*num = 0;
-diff -urp openssh-6.5p1/auth.c openssh-6.5p1.patched/auth.c
---- openssh-6.5p1/auth.c 2013-06-01 14:41:51.000000000 -0700
-+++ openssh-6.5p1.patched/auth.c 2014-02-15 16:25:56.000000000 -0800
-@@ -211,7 +211,7 @@ allowed_user(struct passwd * pw)
+--- a/auth.c.old
++++ b/auth.c
+@@ -211,7 +211,7 @@
}
if (options.num_deny_groups > 0 || options.num_allow_groups > 0) {
/* Get the user's group access list (primary and supplementary) */
@@ -108,10 +104,9 @@
logit("User %.100s from %.100s not allowed because "
"not in any group", pw->pw_name, hostname);
return 0;
-diff -urp openssh-6.5p1/authfd.c openssh-6.5p1.patched/authfd.c
---- openssh-6.5p1/authfd.c 2013-12-28 22:49:56.000000000 -0800
-+++ openssh-6.5p1.patched/authfd.c 2014-02-15 16:25:56.000000000 -0800
-@@ -638,6 +638,29 @@ ssh_remove_all_identities(Authentication
+--- a/authfd.c.old
++++ b/authfd.c
+@@ -650,6 +650,29 @@
return decode_reply(type);
}
@@ -141,9 +136,8 @@
int
decode_reply(int type)
{
-diff -urp openssh-6.5p1/authfd.h openssh-6.5p1.patched/authfd.h
---- openssh-6.5p1/authfd.h 2009-10-06 14:47:02.000000000 -0700
-+++ openssh-6.5p1.patched/authfd.h 2014-02-15 16:25:56.000000000 -0800
+--- a/authfd.h.old
++++ b/authfd.h
@@ -49,6 +49,9 @@
#define SSH2_AGENTC_ADD_ID_CONSTRAINED 25
#define SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED 26
@@ -154,9 +148,8 @@
#define SSH_AGENT_CONSTRAIN_LIFETIME 1
#define SSH_AGENT_CONSTRAIN_CONFIRM 2
-diff -urp openssh-6.5p1/config.h.in openssh-6.5p1.patched/config.h.in
---- openssh-6.5p1/config.h.in 2014-01-29 17:52:44.000000000 -0800
-+++ openssh-6.5p1.patched/config.h.in 2014-02-15 16:28:51.000000000 -0800
+--- a/config.h.in.old
++++ b/config.h.in
@@ -81,6 +81,18 @@
/* FreeBSD strnvis argument order is swapped compared to OpenBSD */
#undef BROKEN_STRNVIS
@@ -176,10 +169,9 @@
/* tcgetattr with ICANON may hang */
#undef BROKEN_TCGETATTR_ICANON
-diff -urp openssh-6.5p1/configure.ac openssh-6.5p1.patched/configure.ac
---- openssh-6.5p1/configure.ac 2014-01-29 16:26:46.000000000 -0800
-+++ openssh-6.5p1.patched/configure.ac 2014-02-15 16:25:56.000000000 -0800
-@@ -4781,10 +4781,40 @@ AC_CHECK_MEMBER([struct utmp.ut_line], [
+--- a/configure.ac.old
++++ b/configure.ac
+@@ -4766,10 +4766,40 @@
#endif
])
@@ -220,9 +212,8 @@
if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
TEST_SSH_IPV6=no
else
-diff -urp openssh-6.5p1/groupaccess.c openssh-6.5p1.patched/groupaccess.c
---- openssh-6.5p1/groupaccess.c 2013-06-01 15:07:32.000000000 -0700
-+++ openssh-6.5p1.patched/groupaccess.c 2014-02-15 16:25:56.000000000 -0800
+--- a/groupaccess.c.old
++++ b/groupaccess.c
@@ -34,38 +34,67 @@
#include <stdlib.h>
#include <string.h>
@@ -298,7 +289,7 @@
for (i = 0, j = 0; i < ngroups; i++)
if ((gr = getgrgid(groups_bygid[i])) != NULL)
groups_byname[j++] = xstrdup(gr->gr_name);
-@@ -76,16 +105,32 @@ ga_init(const char *user, gid_t base)
+@@ -76,16 +105,32 @@
/*
* Return 1 if one of user's groups is contained in groups.
* Return 0 otherwise. Use match_pattern() for string comparison.
@@ -331,9 +322,8 @@
return 0;
}
-diff -urp openssh-6.5p1/groupaccess.h openssh-6.5p1.patched/groupaccess.h
---- openssh-6.5p1/groupaccess.h 2008-07-03 20:51:12.000000000 -0700
-+++ openssh-6.5p1.patched/groupaccess.h 2014-02-15 16:25:56.000000000 -0800
+--- a/groupaccess.h.old
++++ b/groupaccess.h
@@ -27,7 +27,7 @@
#ifndef GROUPACCESS_H
#define GROUPACCESS_H
@@ -343,9 +333,7 @@
int ga_match(char * const *, int);
int ga_match_pattern_list(const char *);
void ga_free(void);
-diff --git a/keychain.c b/keychain.c
-new file mode 100644
---- /dev/null
+--- a/keychain.c.old 1970-01-01 01:00:00.000000000 +0100
+++ b/keychain.c
@@ -0,0 +1,694 @@
+/*
@@ -1042,9 +1030,7 @@
+#endif
+
+}
-diff --git a/keychain.h b/keychain.h
-new file mode 100644
---- /dev/null
+--- a/keychain.h.old 1970-01-01 01:00:00.000000000 +0100
+++ b/keychain.h
@@ -0,0 +1,45 @@
+/*
@@ -1092,22 +1078,21 @@
+int add_identities_using_keychain(
+ int (*add_identity)(const char *, const char *));
+char *keychain_read_passphrase(const char *filename, int oAskPassGUI);
-diff -urp openssh-6.5p1/readconf.c openssh-6.5p1.patched/readconf.c
---- openssh-6.5p1/readconf.c 2014-01-17 05:03:57.000000000 -0800
-+++ openssh-6.5p1.patched/readconf.c 2014-02-15 16:30:49.000000000 -0800
-@@ -149,6 +149,9 @@ typedef enum {
+--- a/readconf.c.old
++++ b/readconf.c
+@@ -150,6 +150,9 @@
oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots,
oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs,
+#ifdef __APPLE_KEYCHAIN__
+ oAskPassGUI,
+#endif
+ oStreamLocalBindMask, oStreamLocalBindUnlink,
oIgnoredUnknownOption, oDeprecated, oUnsupported
} OpCodes;
-
-@@ -262,6 +265,9 @@ static struct {
- { "canonicalizemaxdots", oCanonicalizeMaxDots },
- { "canonicalizepermittedcnames", oCanonicalizePermittedCNAMEs },
+@@ -266,6 +269,9 @@
+ { "streamlocalbindmask", oStreamLocalBindMask },
+ { "streamlocalbindunlink", oStreamLocalBindUnlink },
{ "ignoreunknown", oIgnoreUnknown },
+#ifdef __APPLE_KEYCHAIN__
+ { "askpassgui", oAskPassGUI },
@@ -1115,7 +1100,7 @@
{ NULL, oBadOption }
};
-@@ -1334,6 +1340,12 @@ parse_int:
+@@ -1358,6 +1364,12 @@
charptr = &options->ignored_unknown;
goto parse_string;
@@ -1128,7 +1113,7 @@
case oProxyUseFdpass:
intptr = &options->proxy_use_fdpass;
goto parse_flag;
-@@ -1563,6 +1575,9 @@ initialize_options(Options * options)
+@@ -1604,6 +1616,9 @@
options->request_tty = -1;
options->proxy_use_fdpass = -1;
options->ignored_unknown = NULL;
@@ -1138,7 +1123,7 @@
options->num_canonical_domains = 0;
options->num_permitted_cnames = 0;
options->canonicalize_max_dots = -1;
-@@ -1733,6 +1748,10 @@ fill_default_options(Options * options)
+@@ -1778,6 +1793,10 @@
options->ip_qos_bulk = IPTOS_THROUGHPUT;
if (options->request_tty == -1)
options->request_tty = REQUEST_TTY_AUTO;
@@ -1149,10 +1134,9 @@
if (options->proxy_use_fdpass == -1)
options->proxy_use_fdpass = 0;
if (options->canonicalize_max_dots == -1)
-diff -urp openssh-6.5p1/readconf.h openssh-6.5p1.patched/readconf.h
---- openssh-6.5p1/readconf.h 2013-10-16 17:48:14.000000000 -0700
-+++ openssh-6.5p1.patched/readconf.h 2014-02-15 16:31:29.000000000 -0800
-@@ -154,6 +154,10 @@ typedef struct {
+--- a/readconf.h.old
++++ b/readconf.h
+@@ -145,6 +145,10 @@
struct allowed_cname permitted_cnames[MAX_CANON_DOMAINS];
char *ignored_unknown; /* Pattern list of unknown tokens to ignore */
@@ -1163,9 +1147,8 @@
} Options;
#define SSH_CANONICALISE_NO 0
-diff -urp openssh-6.5p1/scp.1 openssh-6.5p1.patched/scp.1
---- openssh-6.5p1/scp.1 2013-10-22 22:30:00.000000000 -0700
-+++ openssh-6.5p1.patched/scp.1 2014-02-15 16:25:56.000000000 -0800
+--- a/scp.1.old
++++ b/scp.1
@@ -19,7 +19,7 @@
.Sh SYNOPSIS
.Nm scp
@@ -1175,7 +1158,7 @@
.Op Fl c Ar cipher
.Op Fl F Ar ssh_config
.Op Fl i Ar identity_file
-@@ -97,6 +97,8 @@ Passes the
+@@ -95,6 +95,8 @@
flag to
.Xr ssh 1
to enable compression.
@@ -1184,9 +1167,8 @@
.It Fl c Ar cipher
Selects the cipher to use for encrypting the data transfer.
This option is directly passed to
-diff -urp openssh-6.5p1/scp.c openssh-6.5p1.patched/scp.c
---- openssh-6.5p1/scp.c 2013-11-20 18:56:49.000000000 -0800
-+++ openssh-6.5p1.patched/scp.c 2014-02-15 16:25:56.000000000 -0800
+--- a/scp.c.old
++++ b/scp.c
@@ -78,6 +78,9 @@
#ifdef HAVE_SYS_STAT_H
# include <sys/stat.h>
@@ -1209,7 +1191,7 @@
extern char *__progname;
#define COPY_BUFLEN 16384
-@@ -150,6 +158,12 @@ char *ssh_program = _PATH_SSH_PROGRAM;
+@@ -150,6 +158,12 @@
/* This is used to store the pid of ssh_program */
pid_t do_cmd_pid = -1;
@@ -1222,7 +1204,7 @@
static void
killchild(int signo)
{
-@@ -395,7 +409,11 @@ main(int argc, char **argv)
+@@ -395,7 +409,11 @@
addargs(&args, "-oClearAllForwardings=yes");
fflag = tflag = 0;
@@ -1234,7 +1216,7 @@
switch (ch) {
/* User-visible flags. */
case '1':
-@@ -456,6 +474,11 @@ main(int argc, char **argv)
+@@ -456,6 +474,11 @@
showprogress = 0;
break;
@@ -1246,7 +1228,7 @@
/* Server options. */
case 'd':
targetshouldbedirectory = 1;
-@@ -505,7 +528,12 @@ main(int argc, char **argv)
+@@ -505,7 +528,12 @@
remin = remout = -1;
do_cmd_pid = -1;
/* Command to be executed on remote system using "ssh". */
@@ -1259,7 +1241,7 @@
verbose_mode ? " -v" : "",
iamrecursive ? " -r" : "", pflag ? " -p" : "",
targetshouldbedirectory ? " -d" : "");
-@@ -751,6 +779,10 @@ source(int argc, char **argv)
+@@ -751,6 +779,10 @@
int fd = -1, haderr, indx;
char *last, *name, buf[2048], encname[MAXPATHLEN];
int len;
@@ -1270,7 +1252,7 @@
for (indx = 0; indx < argc; ++indx) {
name = argv[indx];
-@@ -758,12 +790,26 @@ source(int argc, char **argv)
+@@ -758,12 +790,26 @@
len = strlen(name);
while (len > 1 && name[len-1] == '/')
name[--len] = '\0';
@@ -1297,7 +1279,7 @@
if (fstat(fd, &stb) < 0) {
syserr: run_err("%s: %s", name, strerror(errno));
goto next;
-@@ -846,6 +892,36 @@ next: if (fd != -1) {
+@@ -850,6 +896,36 @@
else
run_err("%s: %s", name, strerror(haderr));
(void) response();
@@ -1334,7 +1316,7 @@
}
}
-@@ -937,6 +1013,10 @@ sink(int argc, char **argv)
+@@ -941,6 +1017,10 @@
if (stat(targ, &stb) == 0 && S_ISDIR(stb.st_mode))
targisdir = 1;
for (first = 1;; first = 0) {
@@ -1345,7 +1327,7 @@
cp = buf;
if (atomicio(read, remin, cp, 1) != 1)
return;
-@@ -1082,10 +1162,51 @@ sink(int argc, char **argv)
+@@ -1086,10 +1166,51 @@
}
omode = mode;
mode |= S_IWUSR;
@@ -1397,7 +1379,7 @@
(void) atomicio(vwrite, remout, "", 1);
if ((bp = allocbuf(&buffer, ofd, COPY_BUFLEN)) == NULL) {
(void) close(ofd);
-@@ -1170,6 +1291,29 @@ bad: run_err("%s: %s", np, strerror(er
+@@ -1174,6 +1295,29 @@
wrerrno = errno;
}
(void) response();
@@ -1427,7 +1409,7 @@
if (setimes && wrerr == NO) {
setimes = 0;
if (utimes(np, tv) < 0) {
-@@ -1231,7 +1375,11 @@ void
+@@ -1235,7 +1379,11 @@
usage(void)
{
(void) fprintf(stderr,
@@ -1439,10 +1421,9 @@
" [-l limit] [-o ssh_option] [-P port] [-S program]\n"
" [[user@]host1:]file1 ... [[user@]host2:]file2\n");
exit(1);
-diff -urp openssh-6.5p1/servconf.c openssh-6.5p1.patched/servconf.c
---- openssh-6.5p1/servconf.c 2013-12-06 16:24:02.000000000 -0800
-+++ openssh-6.5p1.patched/servconf.c 2014-02-15 16:25:56.000000000 -0800
-@@ -247,7 +247,7 @@ fill_default_server_options(ServerOption
+--- a/servconf.c.old
++++ b/servconf.c
+@@ -253,7 +253,7 @@
if (options->gss_cleanup_creds == -1)
options->gss_cleanup_creds = 1;
if (options->password_authentication == -1)
@@ -1451,7 +1432,7 @@
if (options->kbd_interactive_authentication == -1)
options->kbd_interactive_authentication = 0;
if (options->challenge_response_authentication == -1)
-@@ -621,7 +621,7 @@ match_cfg_line_group(const char *grps, i
+@@ -639,7 +639,7 @@
if ((pw = getpwnam(user)) == NULL) {
debug("Can't match group at line %d because user %.100s does "
"not exist", line, user);
@@ -1460,10 +1441,9 @@
debug("Can't Match group because user %.100s not in any group "
"at line %d", user, line);
} else if (ga_match_pattern_list(grps) != 1) {
-diff -urp openssh-6.5p1/session.c openssh-6.5p1.patched/session.c
---- openssh-6.5p1/session.c 2014-01-22 19:16:10.000000000 -0800
-+++ openssh-6.5p1.patched/session.c 2014-02-15 16:25:56.000000000 -0800
-@@ -2116,8 +2116,10 @@ session_pty_req(Session *s)
+--- a/session.c.old
++++ b/session.c
+@@ -2113,8 +2113,10 @@
n_bytes = packet_remaining();
tty_parse_modes(s->ttyfd, &n_bytes);
@@ -1474,7 +1454,7 @@
/* Set window size from the packet. */
pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
-@@ -2357,9 +2357,11 @@ session_pty_cleanup2(Session *s)
+@@ -2354,9 +2356,11 @@
if (s->pid != 0)
record_logout(s->pid, s->tty, s->pw->pw_name);
@@ -1486,10 +1466,9 @@
/*
* Close the server side of the socket pairs. We must do this after
-diff -urp openssh-6.5p1/ssh-add.0 openssh-6.5p1.patched/ssh-add.0
---- openssh-6.5p1/ssh-add.0 2014-01-29 17:52:47.000000000 -0800
-+++ openssh-6.5p1.patched/ssh-add.0 2014-02-15 16:25:56.000000000 -0800
-@@ -4,7 +4,7 @@ NAME
+--- a/ssh-add.0.old
++++ b/ssh-add.0
+@@ -4,7 +4,7 @@
ssh-add - adds private key identities to the authentication agent
SYNOPSIS
@@ -1498,7 +1477,7 @@
ssh-add -s pkcs11
ssh-add -e pkcs11
-@@ -55,6 +55,13 @@ DESCRIPTION
+@@ -55,6 +55,13 @@
-l Lists fingerprints of all identities currently represented by the
agent.
@@ -1512,9 +1491,8 @@
-s pkcs11
Add keys provided by the PKCS#11 shared library pkcs11.
-diff -urp openssh-6.5p1/ssh-add.1 openssh-6.5p1.patched/ssh-add.1
---- openssh-6.5p1/ssh-add.1 2013-12-17 22:46:28.000000000 -0800
-+++ openssh-6.5p1.patched/ssh-add.1 2014-02-15 16:25:56.000000000 -0800
+--- a/ssh-add.1.old
++++ b/ssh-add.1
@@ -43,7 +43,7 @@
.Nd adds private key identities to the authentication agent
.Sh SYNOPSIS
@@ -1524,7 +1502,7 @@
.Op Fl t Ar life
.Op Ar
.Nm ssh-add
-@@ -119,6 +119,13 @@ Lists public key parameters of all ident
+@@ -119,6 +119,13 @@
by the agent.
.It Fl l
Lists fingerprints of all identities currently represented by the agent.
@@ -1538,18 +1516,17 @@
.It Fl s Ar pkcs11
Add keys provided by the PKCS#11 shared library
.Ar pkcs11 .
-diff -urp openssh-6.5p1/ssh-add.c openssh-6.5p1.patched/ssh-add.c
---- openssh-6.5p1/ssh-add.c 2013-12-28 22:44:07.000000000 -0800
-+++ openssh-6.5p1.patched/ssh-add.c 2014-02-15 16:25:56.000000000 -0800
-@@ -62,6 +62,7 @@
- #include "authfile.h"
+--- a/ssh-add.c.old
++++ b/ssh-add.c
+@@ -63,6 +63,7 @@
#include "pathnames.h"
#include "misc.h"
+ #include "ssherr.h"
+#include "keychain.h"
/* argv0 */
extern char *__progname;
-@@ -97,12 +98,24 @@ clear_pass(void)
+@@ -98,12 +99,24 @@
}
static int
@@ -1575,7 +1552,7 @@
public = key_load_public(filename, &comment);
if (public == NULL) {
printf("Bad key file %s\n", filename);
-@@ -165,7 +178,7 @@ delete_all(AuthenticationConnection *ac)
+@@ -166,7 +179,7 @@
}
static int
@@ -1584,28 +1561,27 @@
{
Key *private, *cert;
char *comment = NULL;
-@@ -202,11 +215,16 @@ add_file(AuthenticationConnection *ac, c
-
- /* At first, try empty passphrase */
- private = key_parse_private(&keyblob, filename, "", &comment);
+@@ -205,12 +218,16 @@
+ if ((r = sshkey_parse_private_fileblob(&keyblob, "", filename,
+ &private, &comment)) != 0 && r != SSH_ERR_KEY_WRONG_PASSPHRASE)
+ fatal("Cannot parse %s: %s", filename, ssh_err(r));
+ if (keychain && private != NULL)
+ store_in_keychain(filename, "");
- if (comment == NULL)
- comment = xstrdup(filename);
/* try last */
-- if (private == NULL && pass != NULL)
-+ if (private == NULL && pass != NULL) {
- private = key_parse_private(&keyblob, filename, pass, NULL);
+ if (private == NULL && pass != NULL) {
+ if ((r = sshkey_parse_private_fileblob(&keyblob, pass, filename,
+ &private, &comment)) != 0 &&
+ r != SSH_ERR_KEY_WRONG_PASSPHRASE)
+ fatal("Cannot parse %s: %s", filename, ssh_err(r));
+ if (keychain && private != NULL)
+ store_in_keychain(filename, pass);
-+ }
- if (private == NULL) {
- /* clear passphrase since it did not work */
- clear_pass();
-@@ -222,8 +240,11 @@ add_file(AuthenticationConnection *ac, c
- }
- private = key_parse_private(&keyblob, filename, pass,
- &comment);
+ }
+ if (comment == NULL)
+ comment = xstrdup(filename);
+@@ -232,8 +249,11 @@
+ r != SSH_ERR_KEY_WRONG_PASSPHRASE)
+ fatal("Cannot parse %s: %s",
+ filename, ssh_err(r));
- if (private != NULL)
+ if (private != NULL) {
+ if (keychain)
@@ -1615,7 +1591,7 @@
clear_pass();
snprintf(msg, sizeof msg,
"Bad passphrase, try again for %.200s: ", comment);
-@@ -380,13 +401,13 @@ lock_agent(AuthenticationConnection *ac,
+@@ -390,13 +410,13 @@
}
static int
@@ -1632,7 +1608,7 @@
return -1;
}
return 0;
-@@ -408,6 +429,11 @@ usage(void)
+@@ -418,6 +438,11 @@
fprintf(stderr, " -X Unlock agent.\n");
fprintf(stderr, " -s pkcs11 Add keys from PKCS#11 provider.\n");
fprintf(stderr, " -e pkcs11 Remove keys provided by PKCS#11 provider.\n");
@@ -1644,7 +1620,7 @@
}
int
-@@ -418,6 +444,7 @@ main(int argc, char **argv)
+@@ -428,6 +453,7 @@
AuthenticationConnection *ac = NULL;
char *pkcs11provider = NULL;
int i, ch, deleting = 0, ret = 0, key_only = 0;
@@ -1652,7 +1628,7 @@
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
sanitise_stdfd();
-@@ -434,7 +461,7 @@ main(int argc, char **argv)
+@@ -446,7 +472,7 @@
"Could not open a connection to your authentication agent.\n");
exit(2);
}
@@ -1661,7 +1637,7 @@
switch (ch) {
case 'k':
key_only = 1;
-@@ -473,6 +500,13 @@ main(int argc, char **argv)
+@@ -485,6 +511,13 @@
goto done;
}
break;
@@ -1675,7 +1651,7 @@
default:
usage();
ret = 1;
-@@ -504,7 +538,7 @@ main(int argc, char **argv)
+@@ -516,7 +549,7 @@
default_files[i]);
if (stat(buf, &st) < 0)
continue;
@@ -1684,7 +1660,7 @@
ret = 1;
else
count++;
-@@ -513,7 +547,7 @@ main(int argc, char **argv)
+@@ -525,7 +558,7 @@
ret = 1;
} else {
for (i = 0; i < argc; i++) {
@@ -1693,10 +1669,9 @@
ret = 1;
}
}
-diff -urp openssh-6.5p1/ssh-agent.c openssh-6.5p1.patched/ssh-agent.c
---- openssh-6.5p1/ssh-agent.c 2013-12-28 22:45:52.000000000 -0800
-+++ openssh-6.5p1.patched/ssh-agent.c 2014-02-15 16:25:56.000000000 -0800
-@@ -64,6 +64,9 @@
+--- a/ssh-agent.c.old
++++ b/ssh-agent.c
+@@ -66,6 +66,9 @@
#include <time.h>
#include <string.h>
#include <unistd.h>
@@ -1706,7 +1681,7 @@
#include "xmalloc.h"
#include "ssh.h"
-@@ -71,10 +71,12 @@
+@@ -73,10 +76,12 @@
#include "buffer.h"
#include "key.h"
#include "authfd.h"
@@ -1719,7 +1694,7 @@
#ifdef ENABLE_PKCS11
#include "ssh-pkcs11.h"
-@@ -684,6 +689,61 @@ process_remove_smartcard_key(SocketEntry
+@@ -701,6 +706,61 @@
}
#endif /* ENABLE_PKCS11 */
@@ -1781,7 +1756,7 @@
/* dispatch incoming messages */
static void
-@@ -776,6 +836,9 @@ process_message(SocketEntry *e)
+@@ -795,6 +855,9 @@
process_remove_smartcard_key(e);
break;
#endif /* ENABLE_PKCS11 */
@@ -1791,7 +1766,7 @@
default:
/* Unknown message. Respond with failure. */
error("Unknown message %d", type);
-@@ -1016,7 +1079,11 @@ usage(void)
+@@ -1034,7 +1097,11 @@
int
main(int ac, char **av)
{
@@ -1803,7 +1778,7 @@
int sock, fd, ch, result, saved_errno;
u_int nalloc;
char *shell, *format, *pidstr, *agentsocket = NULL;
-@@ -1050,7 +1117,11 @@ main(int ac, char **av)
+@@ -1069,7 +1136,11 @@
__progname = ssh_get_progname(av[0]);
seed_rng();
@@ -1815,7 +1790,7 @@
switch (ch) {
case 'c':
if (s_flag)
-@@ -1060,6 +1131,11 @@ main(int ac, char **av)
+@@ -1079,6 +1150,11 @@
case 'k':
k_flag++;
break;
@@ -1827,7 +1802,7 @@
case 's':
if (c_flag)
usage();
-@@ -1086,7 +1162,11 @@ main(int ac, char **av)
+@@ -1105,7 +1181,11 @@
ac -= optind;
av += optind;
@@ -1839,7 +1814,7 @@
usage();
if (ac == 0 && !c_flag && !s_flag) {
-@@ -1142,6 +1222,53 @@ main(int ac, char **av)
+@@ -1161,6 +1241,53 @@
* Create socket early so it will exist before command gets run from
* the parent.
*/
@@ -1890,13 +1865,13 @@
+ launch_data_free(resp);
+ } else {
+#endif
- sock = socket(AF_UNIX, SOCK_STREAM, 0);
+ prev_mask = umask(0177);
+ sock = unix_listener(socket_name, SSH_LISTEN_BACKLOG, 0);
if (sock < 0) {
- perror("socket");
-@@ -1163,6 +1290,14 @@ main(int ac, char **av)
- perror("listen");
+@@ -1169,6 +1296,14 @@
cleanup_exit(1);
}
+ umask(prev_mask);
+#ifdef __APPLE_LAUNCHD__
+ }
+#endif
@@ -1908,7 +1883,7 @@
/*
* Fork, and have the parent execute the command, if any, or present
-@@ -1235,6 +1370,7 @@ skip:
+@@ -1243,6 +1378,7 @@
pkcs11_init(0);
#endif
new_socket(AUTH_SOCKET, sock);
@@ -1916,7 +1891,7 @@
if (ac > 0)
parent_alive_interval = 10;
idtab_init();
-@@ -1244,6 +1380,10 @@ skip:
+@@ -1252,6 +1388,10 @@
signal(SIGTERM, cleanup_handler);
nalloc = 0;
@@ -1927,10 +1902,9 @@
while (1) {
prepare_select(&readsetp, &writesetp, &max_fd, &nalloc, &tvp);
result = select(max_fd + 1, readsetp, writesetp, NULL, tvp);
-diff -urp openssh-6.5p1/ssh-keysign.8 openssh-6.5p1.patched/ssh-keysign.8
---- openssh-6.5p1/ssh-keysign.8 2013-12-17 22:46:28.000000000 -0800
-+++ openssh-6.5p1.patched/ssh-keysign.8 2014-02-15 16:25:56.000000000 -0800
-@@ -72,6 +72,9 @@ accessible to others.
+--- a/ssh-keysign.8.old
++++ b/ssh-keysign.8
+@@ -72,6 +72,9 @@
Since they are readable only by root,
.Nm
must be set-uid root if host-based authentication is used.
@@ -1940,9 +1914,8 @@
.Pp
.It Pa /etc/ssh/ssh_host_dsa_key-cert.pub
.It Pa /etc/ssh/ssh_host_ecdsa_key-cert.pub
-diff -urp openssh-6.5p1/sshconnect1.c openssh-6.5p1.patched/sshconnect1.c
---- openssh-6.5p1/sshconnect1.c 2013-10-25 16:05:47.000000000 -0700
-+++ openssh-6.5p1.patched/sshconnect1.c 2014-02-15 16:25:56.000000000 -0800
+--- a/sshconnect1.c.old
++++ b/sshconnect1.c
@@ -47,6 +47,7 @@
#include "hostfile.h"
#include "auth.h"
@@ -1951,7 +1924,7 @@
/* Session id for the current session. */
u_char session_id[16];
-@@ -262,6 +263,10 @@ try_rsa_authentication(int idx)
+@@ -262,6 +263,10 @@
snprintf(buf, sizeof(buf),
"Enter passphrase for RSA key '%.100s': ", comment);
for (i = 0; i < options.number_of_password_prompts; i++) {
@@ -1962,9 +1935,8 @@
passphrase = read_passphrase(buf, 0);
if (strcmp(passphrase, "") != 0) {
private = key_load_private_type(KEY_RSA1,
-diff -urp openssh-6.5p1/sshconnect2.c openssh-6.5p1.patched/sshconnect2.c
---- openssh-6.5p1/sshconnect2.c 2014-01-09 15:58:53.000000000 -0800
-+++ openssh-6.5p1.patched/sshconnect2.c 2014-02-15 16:25:56.000000000 -0800
+--- a/sshconnect2.c.old
++++ b/sshconnect2.c
@@ -70,6 +70,7 @@
#include "pathnames.h"
#include "uidswap.h"
@@ -1973,7 +1945,7 @@
#ifdef GSSAPI
#include "ssh-gss.h"
-@@ -1117,6 +1118,10 @@ load_identity_file(char *filename, int u
+@@ -1122,6 +1123,10 @@
snprintf(prompt, sizeof prompt,
"Enter passphrase for key '%.100s': ", filename);
for (i = 0; i < options.number_of_password_prompts; i++) {
@@ -1984,27 +1956,24 @@
passphrase = read_passphrase(prompt, 0);
if (strcmp(passphrase, "") != 0) {
private = key_load_private_type(KEY_UNSPEC,
-diff -urp openssh-6.5p1/sshd.0 openssh-6.5p1.patched/sshd.0
---- openssh-6.5p1/sshd.0 2014-01-29 17:52:47.000000000 -0800
-+++ openssh-6.5p1.patched/sshd.0 2014-02-15 16:25:56.000000000 -0800
-@@ -625,8 +625,8 @@ FILES
+--- a/sshd.0.old
++++ b/sshd.0
+@@ -621,8 +621,7 @@
SEE ALSO
scp(1), sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1),
-- ssh-keyscan(1), chroot(2), hosts_access(5), login.conf(5), moduli(5),
-- sshd_config(5), inetd(8), sftp-server(8)
-+ ssh-keyscan(1), chroot(2), hosts_access(5), sshd_config(5)
-+ sftp-server(8)
+- ssh-keyscan(1), chroot(2), login.conf(5), moduli(5), sshd_config(5),
+- inetd(8), sftp-server(8)
++ ssh-keyscan(1), chroot(2), sshd_config(5), sftp-server(8)
AUTHORS
OpenSSH is a derivative of the original and free ssh 1.2.12 release by
-diff -urp openssh-6.5p1/sshd.8 openssh-6.5p1.patched/sshd.8
---- openssh-6.5p1/sshd.8 2013-12-17 22:46:28.000000000 -0800
-+++ openssh-6.5p1.patched/sshd.8 2014-02-15 16:25:56.000000000 -0800
-@@ -961,10 +961,7 @@ The content of this file is not sensitiv
+--- a/sshd.8.old
++++ b/sshd.8
+@@ -954,10 +954,7 @@
+ .Xr ssh-keygen 1 ,
.Xr ssh-keyscan 1 ,
.Xr chroot 2 ,
- .Xr hosts_access 5 ,
-.Xr login.conf 5 ,
-.Xr moduli 5 ,
.Xr sshd_config 5 ,
@@ -2012,10 +1981,9 @@
.Xr sftp-server 8
.Sh AUTHORS
OpenSSH is a derivative of the original and free
-diff -urp openssh-6.5p1/sshd.c openssh-6.5p1.patched/sshd.c
---- openssh-6.5p1/sshd.c 2014-01-27 20:08:13.000000000 -0800
-+++ openssh-6.5p1.patched/sshd.c 2014-02-15 16:25:56.000000000 -0800
-@@ -2138,6 +2138,12 @@ main(int ac, char **av)
+--- a/sshd.c.old
++++ b/sshd.c
+@@ -2144,6 +2144,12 @@
audit_event(SSH_AUTH_SUCCESS);
#endif
@@ -2028,7 +1996,7 @@
#ifdef GSSAPI
if (options.gss_authentication) {
temporarily_use_uid(authctxt->pw);
-@@ -2145,12 +2151,6 @@ main(int ac, char **av)
+@@ -2151,12 +2157,6 @@
restore_uid();
}
#endif
@@ -2041,9 +2009,8 @@
/*
* In privilege separation, we fork another child and prepare
-diff -urp openssh-6.5p1/sshd_config openssh-6.5p1.patched/sshd_config
---- openssh-6.5p1/sshd_config 2014-01-12 00:20:47.000000000 -0800
-+++ openssh-6.5p1.patched/sshd_config 2014-02-15 16:25:56.000000000 -0800
+--- a/sshd_config.old
++++ b/sshd_config
@@ -35,7 +35,7 @@
# Logging
@@ -2053,7 +2020,7 @@
#LogLevel INFO
# Authentication:
-@@ -68,8 +68,9 @@ AuthorizedKeysFile .ssh/authorized_keys
+@@ -68,8 +68,9 @@
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
@@ -2065,7 +2032,7 @@
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
-@@ -94,7 +95,10 @@ AuthorizedKeysFile .ssh/authorized_keys
+@@ -94,7 +95,10 @@
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
@@ -2077,10 +2044,9 @@
#AllowAgentForwarding yes
#AllowTcpForwarding yes
-diff -urp openssh-6.5p1/sshd_config.0 openssh-6.5p1.patched/sshd_config.0
---- openssh-6.5p1/sshd_config.0 2014-01-29 17:52:48.000000000 -0800
-+++ openssh-6.5p1.patched/sshd_config.0 2014-02-15 16:25:56.000000000 -0800
-@@ -525,7 +525,7 @@ DESCRIPTION
+--- a/sshd_config.0.old
++++ b/sshd_config.0
+@@ -571,7 +571,7 @@
PasswordAuthentication
Specifies whether password authentication is allowed. The
@@ -2089,7 +2055,7 @@
PermitEmptyPasswords
When password authentication is allowed, it specifies whether the
-@@ -731,7 +731,7 @@ DESCRIPTION
+@@ -802,7 +802,7 @@
either PasswordAuthentication or ChallengeResponseAuthentication.
If UsePAM is enabled, you will not be able to run sshd(8) as a
@@ -2098,10 +2064,9 @@
UsePrivilegeSeparation
Specifies whether sshd(8) separates privileges by creating an
-diff -urp openssh-6.5p1/sshd_config.5 openssh-6.5p1.patched/sshd_config.5
---- openssh-6.5p1/sshd_config.5 2013-12-17 22:47:03.000000000 -0800
-+++ openssh-6.5p1.patched/sshd_config.5 2014-02-15 16:25:56.000000000 -0800
-@@ -886,7 +886,7 @@ are refused if the number of unauthentic
+--- a/sshd_config.5.old
++++ b/sshd_config.5
+@@ -977,7 +977,7 @@
.It Cm PasswordAuthentication
Specifies whether password authentication is allowed.
The default is
@@ -2110,7 +2075,7 @@
.It Cm PermitEmptyPasswords
When password authentication is allowed, it specifies whether the
server allows login to accounts with empty password strings.
-@@ -1219,7 +1219,7 @@ is enabled, you will not be able to run
+@@ -1343,7 +1343,7 @@
.Xr sshd 8
as a non-root user.
The default is
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/macports-changes/attachments/20141215/9475c387/attachment-0001.html>
More information about the macports-changes
mailing list