[117115] trunk/dports/net/openssh/files/GSSAPITrustDNS.patch

cal at macports.org cal at macports.org
Sun Feb 16 14:15:18 PST 2014


Revision: 117115
          https://trac.macports.org/changeset/117115
Author:   cal at macports.org
Date:     2014-02-16 14:15:18 -0800 (Sun, 16 Feb 2014)
Log Message:
-----------
openssh: delete another unused patchfile

Removed Paths:
-------------
    trunk/dports/net/openssh/files/GSSAPITrustDNS.patch

Deleted: trunk/dports/net/openssh/files/GSSAPITrustDNS.patch
===================================================================
--- trunk/dports/net/openssh/files/GSSAPITrustDNS.patch	2014-02-16 22:12:23 UTC (rev 117114)
+++ trunk/dports/net/openssh/files/GSSAPITrustDNS.patch	2014-02-16 22:15:18 UTC (rev 117115)
@@ -1,115 +0,0 @@
-Common subdirectories: ../openssh-6.2p2.orig/contrib and ./contrib
-Common subdirectories: ../openssh-6.2p2.orig/openbsd-compat and ./openbsd-compat
-diff -u ../openssh-6.2p2.orig/readconf.c ./readconf.c
---- ../openssh-6.2p2.orig/readconf.c	2013-04-05 02:18:58.000000000 +0200
-+++ ./readconf.c	2013-07-20 18:58:50.000000000 +0200
-@@ -129,6 +129,7 @@
- 	oClearAllForwardings, oNoHostAuthenticationForLocalhost,
- 	oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
- 	oAddressFamily, oGssAuthentication, oGssDelegateCreds,
-+	oGssTrustDns, 
- 	oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
- 	oSendEnv, oControlPath, oControlMaster, oControlPersist,
- 	oHashKnownHosts,
-@@ -170,9 +171,11 @@
- #if defined(GSSAPI)
- 	{ "gssapiauthentication", oGssAuthentication },
- 	{ "gssapidelegatecredentials", oGssDelegateCreds },
-+	{ "gssapitrustdns", oGssTrustDns },
- #else
- 	{ "gssapiauthentication", oUnsupported },
- 	{ "gssapidelegatecredentials", oUnsupported },
-+	{ "gssapitrustdns", oUnsupported },
- #endif
- 	{ "fallbacktorsh", oDeprecated },
- 	{ "usersh", oDeprecated },
-@@ -507,6 +510,10 @@
- 		intptr = &options->gss_deleg_creds;
- 		goto parse_flag;
- 
-+	case oGssTrustDns:
-+		intptr = &options->gss_trust_dns;
-+		goto parse_flag;
-+
- 	case oBatchMode:
- 		intptr = &options->batch_mode;
- 		goto parse_flag;
-@@ -1159,6 +1166,7 @@
- 	options->challenge_response_authentication = -1;
- 	options->gss_authentication = -1;
- 	options->gss_deleg_creds = -1;
-+	options->gss_trust_dns = -1;
- 	options->password_authentication = -1;
- 	options->kbd_interactive_authentication = -1;
- 	options->kbd_interactive_devices = NULL;
-@@ -1260,6 +1268,8 @@
- 		options->gss_authentication = 0;
- 	if (options->gss_deleg_creds == -1)
- 		options->gss_deleg_creds = 0;
-+	if (options->gss_trust_dns == -1)
-+		options->gss_trust_dns = 0;
- 	if (options->password_authentication == -1)
- 		options->password_authentication = 1;
- 	if (options->kbd_interactive_authentication == -1)
-Only in .: readconf.c.orig
-diff -u ../openssh-6.2p2.orig/readconf.h ./readconf.h
---- ../openssh-6.2p2.orig/readconf.h	2013-04-05 02:18:58.000000000 +0200
-+++ ./readconf.h	2013-07-20 18:58:50.000000000 +0200
-@@ -49,6 +49,7 @@
- 					/* Try S/Key or TIS, authentication. */
- 	int     gss_authentication;	/* Try GSS authentication */
- 	int     gss_deleg_creds;	/* Delegate GSS credentials */
-+	int	gss_trust_dns;		/* Trust DNS for GSS canonicalization */
- 	int     password_authentication;	/* Try password
- 						 * authentication. */
- 	int     kbd_interactive_authentication; /* Try keyboard-interactive auth. */
-Common subdirectories: ../openssh-6.2p2.orig/regress and ./regress
-Common subdirectories: ../openssh-6.2p2.orig/scard and ./scard
-diff -u ../openssh-6.2p2.orig/ssh_config.5 ./ssh_config.5
---- ../openssh-6.2p2.orig/ssh_config.5	2013-01-09 06:12:19.000000000 +0100
-+++ ./ssh_config.5	2013-07-20 18:58:50.000000000 +0200
-@@ -534,7 +534,16 @@
- Forward (delegate) credentials to the server.
- The default is
- .Dq no .
--Note that this option applies to protocol version 2 only.
-+Note that this option applies to protocol version 2 connections using GSSAPI.
-+.It Cm GSSAPITrustDns
-+Set to 
-+.Dq yes to indicate that the DNS is trusted to securely canonicalize
-+the name of the host being connected to. If 
-+.Dq no, the hostname entered on the
-+command line will be passed untouched to the GSSAPI library.
-+The default is
-+.Dq no .
-+This option only applies to protocol version 2 connections using GSSAPI.
- .It Cm HashKnownHosts
- Indicates that
- .Xr ssh 1
-Only in .: ssh_config.5.orig
-diff -u ../openssh-6.2p2.orig/sshconnect2.c ./sshconnect2.c
---- ../openssh-6.2p2.orig/sshconnect2.c	2013-04-05 02:13:31.000000000 +0200
-+++ ./sshconnect2.c	2013-07-20 18:58:50.000000000 +0200
-@@ -627,6 +627,12 @@
- 	static u_int mech = 0;
- 	OM_uint32 min;
- 	int ok = 0;
-+	const char *gss_host;
-+
-+	if (options.gss_trust_dns)
-+		gss_host = get_canonical_hostname(1);
-+	else
-+		gss_host = authctxt->host;
- 
- 	/* Try one GSSAPI method at a time, rather than sending them all at
- 	 * once. */
-@@ -639,7 +645,7 @@
- 		/* My DER encoding requires length<128 */
- 		if (gss_supported->elements[mech].length < 128 &&
- 		    ssh_gssapi_check_mechanism(&gssctxt, 
--		    &gss_supported->elements[mech], authctxt->host)) {
-+		    &gss_supported->elements[mech], gss_host)) {
- 			ok = 1; /* Mechanism works */
- 		} else {
- 			mech++;
-Only in .: sshconnect2.c.orig
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/macports-changes/attachments/20140216/32d4a662/attachment.html>


More information about the macports-changes mailing list