[117923] trunk/dports/net/openssh
pixilla at macports.org
pixilla at macports.org
Mon Mar 17 03:26:31 PDT 2014
Revision: 117923
https://trac.macports.org/changeset/117923
Author: pixilla at macports.org
Date: 2014-03-17 03:26:31 -0700 (Mon, 17 Mar 2014)
Log Message:
-----------
net/openssh:
- Fix checksums. Closes #42878
- Update patches to apply cleanly.
Modified Paths:
--------------
trunk/dports/net/openssh/Portfile
trunk/dports/net/openssh/files/0002-Apple-keychain-integration-other-changes.patch
trunk/dports/net/openssh/files/launchd.patch
trunk/dports/net/openssh/files/openssh-6.3p1-gsskex-all-20130920.patch
trunk/dports/net/openssh/files/pam.patch
trunk/dports/net/openssh/files/patch-sshd.c-apple-sandbox-named-external.diff
Modified: trunk/dports/net/openssh/Portfile
===================================================================
--- trunk/dports/net/openssh/Portfile 2014-03-17 09:35:49 UTC (rev 117922)
+++ trunk/dports/net/openssh/Portfile 2014-03-17 10:26:31 UTC (rev 117923)
@@ -5,7 +5,7 @@
name openssh
version 6.6p1
-
+revision 1
categories net
platforms darwin
maintainers nomaintainer
@@ -27,7 +27,8 @@
homepage http://www.openbsd.org/openssh/
-checksums rmd160 e19ed34e240001898b6665bb4356b868bba5513d \
+checksums ${distfiles} \
+ rmd160 e19ed34e240001898b6665bb4356b868bba5513d \
sha256 48c1f0664b4534875038004cc4f3555b8329c2a81c1df48db5c517800de203bb
master_sites openbsd:OpenSSH/portable \
@@ -135,8 +136,8 @@
set hpn_patchfile ${name}-${version}-hpnssh14v2.diff.gz
patchfiles-append ${hpn_patchfile}
checksums-append ${hpn_patchfile} \
- rmd160 5a7203fffee510b2ae6737af074fec2834bae122 \
- sha256 be6915130f2b1aad00235e02d55b67114dbb517b13d04d52a8abac9343166efd
+ rmd160 1e553ce6ba06237cfd0eb8c6ad9433df5eec8fee \
+ sha256 2a1b34dc3bf922e12cbca687e57b1fad2a0b087e38022e6782e99b45fcc1a315
}
variant gsskex conflicts hpn requires kerberos5 description "Add OpenSSH GSSAPI key exchange patch" {
Modified: trunk/dports/net/openssh/files/0002-Apple-keychain-integration-other-changes.patch
===================================================================
--- trunk/dports/net/openssh/files/0002-Apple-keychain-integration-other-changes.patch 2014-03-17 09:35:49 UTC (rev 117922)
+++ trunk/dports/net/openssh/files/0002-Apple-keychain-integration-other-changes.patch 2014-03-17 10:26:31 UTC (rev 117923)
@@ -62,8 +62,6 @@
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
-Only in openssh-6.5p1.patched: Makefile.in.orig
-Only in openssh-6.5p1.patched: Makefile.in.rej
diff -urp openssh-6.5p1/audit-bsm.c openssh-6.5p1.patched/audit-bsm.c
--- openssh-6.5p1/audit-bsm.c 2012-02-23 15:40:43.000000000 -0800
+++ openssh-6.5p1.patched/audit-bsm.c 2014-02-15 16:25:56.000000000 -0800
@@ -98,7 +96,6 @@
/* FALLTHROUGH */
default:
*num = 0;
-Only in openssh-6.5p1.patched: auth-pam.c.orig
diff -urp openssh-6.5p1/auth.c openssh-6.5p1.patched/auth.c
--- openssh-6.5p1/auth.c 2013-06-01 14:41:51.000000000 -0700
+++ openssh-6.5p1.patched/auth.c 2014-02-15 16:25:56.000000000 -0800
@@ -144,7 +141,6 @@
int
decode_reply(int type)
{
-Only in openssh-6.5p1.patched: authfd.c.orig
diff -urp openssh-6.5p1/authfd.h openssh-6.5p1.patched/authfd.h
--- openssh-6.5p1/authfd.h 2009-10-06 14:47:02.000000000 -0700
+++ openssh-6.5p1.patched/authfd.h 2014-02-15 16:25:56.000000000 -0800
@@ -180,12 +176,10 @@
/* tcgetattr with ICANON may hang */
#undef BROKEN_TCGETATTR_ICANON
-Only in openssh-6.5p1.patched: config.h.in.orig
-Only in openssh-6.5p1.patched: config.h.in.rej
diff -urp openssh-6.5p1/configure.ac openssh-6.5p1.patched/configure.ac
--- openssh-6.5p1/configure.ac 2014-01-29 16:26:46.000000000 -0800
+++ openssh-6.5p1.patched/configure.ac 2014-02-15 16:25:56.000000000 -0800
-@@ -4779,10 +4779,40 @@ AC_CHECK_MEMBER([struct utmp.ut_line], [
+@@ -4781,10 +4781,40 @@ AC_CHECK_MEMBER([struct utmp.ut_line], [
#endif
])
@@ -226,7 +220,6 @@
if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
TEST_SSH_IPV6=no
else
-Only in openssh-6.5p1.patched: configure.ac.orig
diff -urp openssh-6.5p1/groupaccess.c openssh-6.5p1.patched/groupaccess.c
--- openssh-6.5p1/groupaccess.c 2013-06-01 15:07:32.000000000 -0700
+++ openssh-6.5p1.patched/groupaccess.c 2014-02-15 16:25:56.000000000 -0800
@@ -1102,7 +1095,7 @@
diff -urp openssh-6.5p1/readconf.c openssh-6.5p1.patched/readconf.c
--- openssh-6.5p1/readconf.c 2014-01-17 05:03:57.000000000 -0800
+++ openssh-6.5p1.patched/readconf.c 2014-02-15 16:30:49.000000000 -0800
-@@ -148,6 +148,9 @@ typedef enum {
+@@ -149,6 +149,9 @@ typedef enum {
oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots,
oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs,
@@ -1112,7 +1105,7 @@
oIgnoredUnknownOption, oDeprecated, oUnsupported
} OpCodes;
-@@ -267,6 +270,9 @@ static struct {
+@@ -262,6 +265,9 @@ static struct {
{ "canonicalizemaxdots", oCanonicalizeMaxDots },
{ "canonicalizepermittedcnames", oCanonicalizePermittedCNAMEs },
{ "ignoreunknown", oIgnoreUnknown },
@@ -1122,7 +1115,7 @@
{ NULL, oBadOption }
};
-@@ -1332,6 +1338,12 @@ parse_int:
+@@ -1334,6 +1340,12 @@ parse_int:
charptr = &options->ignored_unknown;
goto parse_string;
@@ -1135,7 +1128,7 @@
case oProxyUseFdpass:
intptr = &options->proxy_use_fdpass;
goto parse_flag;
-@@ -1555,6 +1567,9 @@ initialize_options(Options * options)
+@@ -1563,6 +1575,9 @@ initialize_options(Options * options)
options->request_tty = -1;
options->proxy_use_fdpass = -1;
options->ignored_unknown = NULL;
@@ -1145,7 +1138,7 @@
options->num_canonical_domains = 0;
options->num_permitted_cnames = 0;
options->canonicalize_max_dots = -1;
-@@ -1713,6 +1728,10 @@ fill_default_options(Options * options)
+@@ -1733,6 +1748,10 @@ fill_default_options(Options * options)
options->ip_qos_bulk = IPTOS_THROUGHPUT;
if (options->request_tty == -1)
options->request_tty = REQUEST_TTY_AUTO;
@@ -1156,12 +1149,10 @@
if (options->proxy_use_fdpass == -1)
options->proxy_use_fdpass = 0;
if (options->canonicalize_max_dots == -1)
-Only in openssh-6.5p1.patched: readconf.c.orig
-Only in openssh-6.5p1.patched: readconf.c.rej
diff -urp openssh-6.5p1/readconf.h openssh-6.5p1.patched/readconf.h
--- openssh-6.5p1/readconf.h 2013-10-16 17:48:14.000000000 -0700
+++ openssh-6.5p1.patched/readconf.h 2014-02-15 16:31:29.000000000 -0800
-@@ -155,6 +155,10 @@ typedef struct {
+@@ -154,6 +154,10 @@ typedef struct {
struct allowed_cname permitted_cnames[MAX_CANON_DOMAINS];
char *ignored_unknown; /* Pattern list of unknown tokens to ignore */
@@ -1172,8 +1163,6 @@
} Options;
#define SSH_CANONICALISE_NO 0
-Only in openssh-6.5p1.patched: readconf.h.orig
-Only in openssh-6.5p1.patched: readconf.h.rej
diff -urp openssh-6.5p1/scp.1 openssh-6.5p1.patched/scp.1
--- openssh-6.5p1/scp.1 2013-10-22 22:30:00.000000000 -0700
+++ openssh-6.5p1.patched/scp.1 2014-02-15 16:25:56.000000000 -0800
@@ -1453,7 +1442,7 @@
diff -urp openssh-6.5p1/servconf.c openssh-6.5p1.patched/servconf.c
--- openssh-6.5p1/servconf.c 2013-12-06 16:24:02.000000000 -0800
+++ openssh-6.5p1.patched/servconf.c 2014-02-15 16:25:56.000000000 -0800
-@@ -248,7 +248,7 @@ fill_default_server_options(ServerOption
+@@ -247,7 +247,7 @@ fill_default_server_options(ServerOption
if (options->gss_cleanup_creds == -1)
options->gss_cleanup_creds = 1;
if (options->password_authentication == -1)
@@ -1462,7 +1451,7 @@
if (options->kbd_interactive_authentication == -1)
options->kbd_interactive_authentication = 0;
if (options->challenge_response_authentication == -1)
-@@ -629,7 +629,7 @@ match_cfg_line_group(const char *grps, i
+@@ -621,7 +621,7 @@ match_cfg_line_group(const char *grps, i
if ((pw = getpwnam(user)) == NULL) {
debug("Can't match group at line %d because user %.100s does "
"not exist", line, user);
@@ -1471,11 +1460,10 @@
debug("Can't Match group because user %.100s not in any group "
"at line %d", user, line);
} else if (ga_match_pattern_list(grps) != 1) {
-Only in openssh-6.5p1.patched: servconf.c.orig
diff -urp openssh-6.5p1/session.c openssh-6.5p1.patched/session.c
--- openssh-6.5p1/session.c 2014-01-22 19:16:10.000000000 -0800
+++ openssh-6.5p1.patched/session.c 2014-02-15 16:25:56.000000000 -0800
-@@ -2111,8 +2111,10 @@ session_pty_req(Session *s)
+@@ -2116,8 +2116,10 @@ session_pty_req(Session *s)
n_bytes = packet_remaining();
tty_parse_modes(s->ttyfd, &n_bytes);
@@ -1486,7 +1474,7 @@
/* Set window size from the packet. */
pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
-@@ -2352,9 +2354,11 @@ session_pty_cleanup2(Session *s)
+@@ -2357,9 +2357,11 @@ session_pty_cleanup2(Session *s)
if (s->pid != 0)
record_logout(s->pid, s->tty, s->pw->pw_name);
@@ -1498,7 +1486,6 @@
/*
* Close the server side of the socket pairs. We must do this after
-Only in openssh-6.5p1.patched: session.c.orig
diff -urp openssh-6.5p1/ssh-add.0 openssh-6.5p1.patched/ssh-add.0
--- openssh-6.5p1/ssh-add.0 2014-01-29 17:52:47.000000000 -0800
+++ openssh-6.5p1.patched/ssh-add.0 2014-02-15 16:25:56.000000000 -0800
@@ -1551,7 +1538,6 @@
.It Fl s Ar pkcs11
Add keys provided by the PKCS#11 shared library
.Ar pkcs11 .
-Only in openssh-6.5p1.patched: ssh-add.1.orig
diff -urp openssh-6.5p1/ssh-add.c openssh-6.5p1.patched/ssh-add.c
--- openssh-6.5p1/ssh-add.c 2013-12-28 22:44:07.000000000 -0800
+++ openssh-6.5p1.patched/ssh-add.c 2014-02-15 16:25:56.000000000 -0800
@@ -1707,11 +1693,10 @@
ret = 1;
}
}
-Only in openssh-6.5p1.patched: ssh-add.c.orig
diff -urp openssh-6.5p1/ssh-agent.c openssh-6.5p1.patched/ssh-agent.c
--- openssh-6.5p1/ssh-agent.c 2013-12-28 22:45:52.000000000 -0800
+++ openssh-6.5p1.patched/ssh-agent.c 2014-02-15 16:25:56.000000000 -0800
-@@ -65,6 +65,9 @@
+@@ -64,6 +64,9 @@
#include <time.h>
#include <string.h>
#include <unistd.h>
@@ -1721,7 +1706,7 @@
#include "xmalloc.h"
#include "ssh.h"
-@@ -72,9 +75,11 @@
+@@ -71,10 +71,12 @@
#include "buffer.h"
#include "key.h"
#include "authfd.h"
@@ -1729,11 +1714,12 @@
#include "compat.h"
#include "log.h"
#include "misc.h"
+ #include "digest.h"
+#include "keychain.h"
#ifdef ENABLE_PKCS11
#include "ssh-pkcs11.h"
-@@ -682,6 +687,61 @@ process_remove_smartcard_key(SocketEntry
+@@ -684,6 +689,61 @@ process_remove_smartcard_key(SocketEntry
}
#endif /* ENABLE_PKCS11 */
@@ -1795,7 +1781,7 @@
/* dispatch incoming messages */
static void
-@@ -774,6 +834,9 @@ process_message(SocketEntry *e)
+@@ -776,6 +836,9 @@ process_message(SocketEntry *e)
process_remove_smartcard_key(e);
break;
#endif /* ENABLE_PKCS11 */
@@ -1805,7 +1791,7 @@
default:
/* Unknown message. Respond with failure. */
error("Unknown message %d", type);
-@@ -1014,7 +1077,11 @@ usage(void)
+@@ -1016,7 +1079,11 @@ usage(void)
int
main(int ac, char **av)
{
@@ -1817,7 +1803,7 @@
int sock, fd, ch, result, saved_errno;
u_int nalloc;
char *shell, *format, *pidstr, *agentsocket = NULL;
-@@ -1048,7 +1115,11 @@ main(int ac, char **av)
+@@ -1050,7 +1117,11 @@ main(int ac, char **av)
__progname = ssh_get_progname(av[0]);
seed_rng();
@@ -1829,7 +1815,7 @@
switch (ch) {
case 'c':
if (s_flag)
-@@ -1058,6 +1129,11 @@ main(int ac, char **av)
+@@ -1060,6 +1131,11 @@ main(int ac, char **av)
case 'k':
k_flag++;
break;
@@ -1841,7 +1827,7 @@
case 's':
if (c_flag)
usage();
-@@ -1084,7 +1160,11 @@ main(int ac, char **av)
+@@ -1086,7 +1162,11 @@ main(int ac, char **av)
ac -= optind;
av += optind;
@@ -1853,7 +1839,7 @@
usage();
if (ac == 0 && !c_flag && !s_flag) {
-@@ -1140,6 +1220,53 @@ main(int ac, char **av)
+@@ -1142,6 +1222,53 @@ main(int ac, char **av)
* Create socket early so it will exist before command gets run from
* the parent.
*/
@@ -1907,7 +1893,7 @@
sock = socket(AF_UNIX, SOCK_STREAM, 0);
if (sock < 0) {
perror("socket");
-@@ -1161,6 +1288,14 @@ main(int ac, char **av)
+@@ -1163,6 +1290,14 @@ main(int ac, char **av)
perror("listen");
cleanup_exit(1);
}
@@ -1922,7 +1908,7 @@
/*
* Fork, and have the parent execute the command, if any, or present
-@@ -1233,6 +1368,7 @@ skip:
+@@ -1235,6 +1370,7 @@ skip:
pkcs11_init(0);
#endif
new_socket(AUTH_SOCKET, sock);
@@ -1930,7 +1916,7 @@
if (ac > 0)
parent_alive_interval = 10;
idtab_init();
-@@ -1242,6 +1378,10 @@ skip:
+@@ -1244,6 +1380,10 @@ skip:
signal(SIGTERM, cleanup_handler);
nalloc = 0;
@@ -1941,7 +1927,6 @@
while (1) {
prepare_select(&readsetp, &writesetp, &max_fd, &nalloc, &tvp);
result = select(max_fd + 1, readsetp, writesetp, NULL, tvp);
-Only in openssh-6.5p1.patched: ssh-agent.c.orig
diff -urp openssh-6.5p1/ssh-keysign.8 openssh-6.5p1.patched/ssh-keysign.8
--- openssh-6.5p1/ssh-keysign.8 2013-12-17 22:46:28.000000000 -0800
+++ openssh-6.5p1.patched/ssh-keysign.8 2014-02-15 16:25:56.000000000 -0800
@@ -1955,19 +1940,18 @@
.Pp
.It Pa /etc/ssh/ssh_host_dsa_key-cert.pub
.It Pa /etc/ssh/ssh_host_ecdsa_key-cert.pub
-Only in openssh-6.5p1.patched: ssh-keysign.8.orig
diff -urp openssh-6.5p1/sshconnect1.c openssh-6.5p1.patched/sshconnect1.c
--- openssh-6.5p1/sshconnect1.c 2013-10-25 16:05:47.000000000 -0700
+++ openssh-6.5p1.patched/sshconnect1.c 2014-02-15 16:25:56.000000000 -0800
@@ -47,6 +47,7 @@
- #include "canohost.h"
#include "hostfile.h"
#include "auth.h"
+ #include "digest.h"
+#include "keychain.h"
/* Session id for the current session. */
u_char session_id[16];
-@@ -260,6 +261,10 @@ try_rsa_authentication(int idx)
+@@ -262,6 +263,10 @@ try_rsa_authentication(int idx)
snprintf(buf, sizeof(buf),
"Enter passphrase for RSA key '%.100s': ", comment);
for (i = 0; i < options.number_of_password_prompts; i++) {
@@ -1981,15 +1965,15 @@
diff -urp openssh-6.5p1/sshconnect2.c openssh-6.5p1.patched/sshconnect2.c
--- openssh-6.5p1/sshconnect2.c 2014-01-09 15:58:53.000000000 -0800
+++ openssh-6.5p1.patched/sshconnect2.c 2014-02-15 16:25:56.000000000 -0800
-@@ -72,6 +72,7 @@
+@@ -70,6 +70,7 @@
+ #include "pathnames.h"
+ #include "uidswap.h"
#include "hostfile.h"
- #include "schnorr.h"
- #include "jpake.h"
+#include "keychain.h"
#ifdef GSSAPI
#include "ssh-gss.h"
-@@ -1335,6 +1336,10 @@ load_identity_file(char *filename, int u
+@@ -1117,6 +1118,10 @@ load_identity_file(char *filename, int u
snprintf(prompt, sizeof prompt,
"Enter passphrase for key '%.100s': ", filename);
for (i = 0; i < options.number_of_password_prompts; i++) {
@@ -2000,7 +1984,6 @@
passphrase = read_passphrase(prompt, 0);
if (strcmp(passphrase, "") != 0) {
private = key_load_private_type(KEY_UNSPEC,
-Only in openssh-6.5p1.patched: sshconnect2.c.orig
diff -urp openssh-6.5p1/sshd.0 openssh-6.5p1.patched/sshd.0
--- openssh-6.5p1/sshd.0 2014-01-29 17:52:47.000000000 -0800
+++ openssh-6.5p1.patched/sshd.0 2014-02-15 16:25:56.000000000 -0800
@@ -2015,7 +1998,6 @@
AUTHORS
OpenSSH is a derivative of the original and free ssh 1.2.12 release by
-Only in openssh-6.5p1.patched: sshd.0.orig
diff -urp openssh-6.5p1/sshd.8 openssh-6.5p1.patched/sshd.8
--- openssh-6.5p1/sshd.8 2013-12-17 22:46:28.000000000 -0800
+++ openssh-6.5p1.patched/sshd.8 2014-02-15 16:25:56.000000000 -0800
@@ -2030,11 +2012,10 @@
.Xr sftp-server 8
.Sh AUTHORS
OpenSSH is a derivative of the original and free
-Only in openssh-6.5p1.patched: sshd.8.orig
diff -urp openssh-6.5p1/sshd.c openssh-6.5p1.patched/sshd.c
--- openssh-6.5p1/sshd.c 2014-01-27 20:08:13.000000000 -0800
+++ openssh-6.5p1.patched/sshd.c 2014-02-15 16:25:56.000000000 -0800
-@@ -2124,6 +2124,12 @@ main(int ac, char **av)
+@@ -2138,6 +2138,12 @@ main(int ac, char **av)
audit_event(SSH_AUTH_SUCCESS);
#endif
@@ -2047,7 +2028,7 @@
#ifdef GSSAPI
if (options.gss_authentication) {
temporarily_use_uid(authctxt->pw);
-@@ -2131,12 +2137,6 @@ main(int ac, char **av)
+@@ -2145,12 +2151,6 @@ main(int ac, char **av)
restore_uid();
}
#endif
@@ -2060,7 +2041,6 @@
/*
* In privilege separation, we fork another child and prepare
-Only in openssh-6.5p1.patched: sshd.c.orig
diff -urp openssh-6.5p1/sshd_config openssh-6.5p1.patched/sshd_config
--- openssh-6.5p1/sshd_config 2014-01-12 00:20:47.000000000 -0800
+++ openssh-6.5p1.patched/sshd_config 2014-02-15 16:25:56.000000000 -0800
@@ -2100,7 +2080,7 @@
diff -urp openssh-6.5p1/sshd_config.0 openssh-6.5p1.patched/sshd_config.0
--- openssh-6.5p1/sshd_config.0 2014-01-29 17:52:48.000000000 -0800
+++ openssh-6.5p1.patched/sshd_config.0 2014-02-15 16:25:56.000000000 -0800
-@@ -517,7 +517,7 @@ DESCRIPTION
+@@ -525,7 +525,7 @@ DESCRIPTION
PasswordAuthentication
Specifies whether password authentication is allowed. The
@@ -2109,7 +2089,7 @@
PermitEmptyPasswords
When password authentication is allowed, it specifies whether the
-@@ -723,7 +723,7 @@ DESCRIPTION
+@@ -731,7 +731,7 @@ DESCRIPTION
either PasswordAuthentication or ChallengeResponseAuthentication.
If UsePAM is enabled, you will not be able to run sshd(8) as a
@@ -2118,11 +2098,10 @@
UsePrivilegeSeparation
Specifies whether sshd(8) separates privileges by creating an
-Only in openssh-6.5p1.patched: sshd_config.0.orig
diff -urp openssh-6.5p1/sshd_config.5 openssh-6.5p1.patched/sshd_config.5
--- openssh-6.5p1/sshd_config.5 2013-12-17 22:47:03.000000000 -0800
+++ openssh-6.5p1.patched/sshd_config.5 2014-02-15 16:25:56.000000000 -0800
-@@ -871,7 +871,7 @@ are refused if the number of unauthentic
+@@ -886,7 +886,7 @@ are refused if the number of unauthentic
.It Cm PasswordAuthentication
Specifies whether password authentication is allowed.
The default is
@@ -2131,7 +2110,7 @@
.It Cm PermitEmptyPasswords
When password authentication is allowed, it specifies whether the
server allows login to accounts with empty password strings.
-@@ -1204,7 +1204,7 @@ is enabled, you will not be able to run
+@@ -1219,7 +1219,7 @@ is enabled, you will not be able to run
.Xr sshd 8
as a non-root user.
The default is
@@ -2140,5 +2119,3 @@
.It Cm UsePrivilegeSeparation
Specifies whether
.Xr sshd 8
-Only in openssh-6.5p1.patched: sshd_config.5.orig
-Only in openssh-6.5p1.patched: sshd_config.orig
Modified: trunk/dports/net/openssh/files/launchd.patch
===================================================================
--- trunk/dports/net/openssh/files/launchd.patch 2014-03-17 09:35:49 UTC (rev 117922)
+++ trunk/dports/net/openssh/files/launchd.patch 2014-03-17 10:26:31 UTC (rev 117923)
@@ -1,5 +1,5 @@
---- a/clientloop.c 2012-07-14 14:26:09.000000000 +0300
-+++ b/clientloop.c 2012-07-14 14:30:19.000000000 +0300
+--- a/clientloop.c 2014-03-17 00:22:44.000000000 -0700
++++ b/clientloop.c 2014-03-17 00:29:45.000000000 -0700
@@ -313,6 +313,11 @@
struct stat st;
u_int now;
@@ -37,7 +37,7 @@
/*
* Handle FamilyLocal case where $DISPLAY does
* not match an authorization entry. For this we
-@@ -409,6 +432,9 @@
+@@ -407,6 +430,9 @@
if (!got_data) {
u_int32_t rnd = 0;
Modified: trunk/dports/net/openssh/files/openssh-6.3p1-gsskex-all-20130920.patch
===================================================================
--- trunk/dports/net/openssh/files/openssh-6.3p1-gsskex-all-20130920.patch 2014-03-17 09:35:49 UTC (rev 117922)
+++ trunk/dports/net/openssh/files/openssh-6.3p1-gsskex-all-20130920.patch 2014-03-17 10:26:31 UTC (rev 117923)
@@ -118,16 +118,16 @@
diff -Nrup openssh-6.5p1/Makefile.in openssh-6.5p1.patched/Makefile.in
--- openssh-6.5p1/Makefile.in 2014-01-26 22:35:04.000000000 -0800
+++ openssh-6.5p1.patched/Makefile.in 2014-02-15 16:51:24.000000000 -0800
-@@ -72,6 +72,7 @@ LIBSSH_OBJS=authfd.o authfile.o bufaux.o
+@@ -73,6 +73,7 @@ LIBSSH_OBJS=authfd.o authfile.o bufaux.o
atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \
+ kexgssc.o \
msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \
- jpake.o schnorr.o ssh-pkcs11.o krl.o smult_curve25519_ref.o \
+ ssh-pkcs11.o krl.o smult_curve25519_ref.o \
kexc25519.o kexc25519c.o poly1305.o chacha.o cipher-chachapoly.o \
-@@ -91,7 +92,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
- auth2-none.o auth2-passwd.o auth2-pubkey.o auth2-jpake.o \
+@@ -92,7 +93,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
+ auth2-none.o auth2-passwd.o auth2-pubkey.o \
monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o kexecdhs.o \
kexc25519s.o auth-krb5.o \
- auth2-gss.o gss-serv.o gss-serv-krb5.o \
@@ -189,7 +189,7 @@
--- openssh-6.5p1/auth2-gss.c 2013-06-01 14:31:18.000000000 -0700
+++ openssh-6.5p1.patched/auth2-gss.c 2014-02-15 16:50:46.000000000 -0800
@@ -1,7 +1,7 @@
- /* $OpenBSD: auth2-gss.c,v 1.20 2013/05/17 00:13:13 djm Exp $ */
+ /* $OpenBSD: auth2-gss.c,v 1.21 2014/02/26 20:28:44 djm Exp $ */
/*
- * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -238,7 +238,7 @@
/*
* We only support those mechanisms that we know about (ie ones that we know
* how to check local user kuserok and the like)
-@@ -240,7 +274,8 @@ input_gssapi_exchange_complete(int type,
+@@ -235,7 +269,8 @@ input_gssapi_exchange_complete(int type,
packet_check_eom();
@@ -248,7 +248,7 @@
authctxt->postponed = 0;
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
-@@ -275,7 +310,8 @@ input_gssapi_mic(int type, u_int32_t ple
+@@ -270,7 +305,8 @@ input_gssapi_mic(int type, u_int32_t ple
gssbuf.length = buffer_len(&b);
if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic))))
@@ -258,7 +258,7 @@
else
logit("GSSAPI MIC check failed");
-@@ -290,6 +326,12 @@ input_gssapi_mic(int type, u_int32_t ple
+@@ -285,6 +321,12 @@ input_gssapi_mic(int type, u_int32_t ple
userauth_finish(authctxt, authenticated, "gssapi-with-mic", NULL);
}
@@ -281,15 +281,15 @@
+extern Authmethod method_gsskeyex;
extern Authmethod method_gssapi;
#endif
- #ifdef JPAKE
-@@ -79,6 +80,7 @@ Authmethod *authmethods[] = {
+
+@@ -76,6 +77,7 @@ Authmethod *authmethods[] = {
&method_none,
&method_pubkey,
#ifdef GSSAPI
+ &method_gsskeyex,
&method_gssapi,
#endif
- #ifdef JPAKE
+ &method_passwd,
diff -Nrup openssh-6.5p1/clientloop.c openssh-6.5p1.patched/clientloop.c
--- openssh-6.5p1/clientloop.c 2013-11-20 18:57:15.000000000 -0800
+++ openssh-6.5p1.patched/clientloop.c 2014-02-15 16:50:46.000000000 -0800
@@ -304,7 +304,7 @@
/* import options */
extern Options options;
-@@ -1608,6 +1612,15 @@ client_loop(int have_pty, int escape_cha
+@@ -1634,6 +1638,15 @@ client_loop(int have_pty, int escape_cha
/* Do channel operations unless rekeying in progress. */
if (!rekeying) {
channel_after_select(readset, writeset);
@@ -830,7 +830,7 @@
--- openssh-6.5p1/gss-serv.c 2013-07-19 20:35:45.000000000 -0700
+++ openssh-6.5p1.patched/gss-serv.c 2014-02-15 16:50:46.000000000 -0800
@@ -1,7 +1,7 @@
- /* $OpenBSD: gss-serv.c,v 1.24 2013/07/20 01:55:13 djm Exp $ */
+ /* $OpenBSD: gss-serv.c,v 1.26 2014/02/26 20:28:44 djm Exp $ */
/*
- * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -861,7 +861,7 @@
#ifdef KRB5
extern ssh_gssapi_mech gssapi_kerberos_mech;
-@@ -81,25 +86,32 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx)
+@@ -100,25 +105,32 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx)
char lname[MAXHOSTNAMELEN];
gss_OID_set oidset;
@@ -908,7 +908,7 @@
}
/* Privileged */
-@@ -114,6 +126,29 @@ ssh_gssapi_server_ctx(Gssctxt **ctx, gss
+@@ -133,6 +145,29 @@ ssh_gssapi_server_ctx(Gssctxt **ctx, gss
}
/* Unprivileged */
@@ -938,7 +938,7 @@
void
ssh_gssapi_supported_oids(gss_OID_set *oidset)
{
-@@ -123,7 +158,9 @@ ssh_gssapi_supported_oids(gss_OID_set *o
+@@ -142,7 +177,9 @@ ssh_gssapi_supported_oids(gss_OID_set *o
gss_OID_set supported;
gss_create_empty_oid_set(&min_status, oidset);
@@ -949,7 +949,7 @@
while (supported_mechs[i]->name != NULL) {
if (GSS_ERROR(gss_test_oid_set_member(&min_status,
-@@ -249,8 +286,48 @@ OM_uint32
+@@ -268,8 +305,48 @@ OM_uint32
ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client)
{
int i = 0;
@@ -999,7 +999,7 @@
client->mech = NULL;
-@@ -265,6 +342,13 @@ ssh_gssapi_getclient(Gssctxt *ctx, ssh_g
+@@ -284,6 +361,13 @@ ssh_gssapi_getclient(Gssctxt *ctx, ssh_g
if (client->mech == NULL)
return GSS_S_FAILURE;
@@ -1013,7 +1013,7 @@
if ((ctx->major = gss_display_name(&ctx->minor, ctx->client,
&client->displayname, NULL))) {
ssh_gssapi_error(ctx);
-@@ -282,6 +366,8 @@ ssh_gssapi_getclient(Gssctxt *ctx, ssh_g
+@@ -301,6 +385,8 @@ ssh_gssapi_getclient(Gssctxt *ctx, ssh_g
return (ctx->major);
}
@@ -1022,7 +1022,7 @@
/* We can't copy this structure, so we just move the pointer to it */
client->creds = ctx->client_creds;
ctx->client_creds = GSS_C_NO_CREDENTIAL;
-@@ -329,7 +415,7 @@ ssh_gssapi_do_child(char ***envp, u_int
+@@ -348,7 +434,7 @@ ssh_gssapi_do_child(char ***envp, u_int
/* Privileged */
int
@@ -1031,7 +1031,7 @@
{
OM_uint32 lmin;
-@@ -339,9 +425,11 @@ ssh_gssapi_userok(char *user)
+@@ -358,9 +444,11 @@ ssh_gssapi_userok(char *user)
return 0;
}
if (gssapi_client.mech && gssapi_client.mech->userok)
@@ -1045,7 +1045,7 @@
/* Destroy delegated credentials if userok fails */
gss_release_buffer(&lmin, &gssapi_client.displayname);
gss_release_buffer(&lmin, &gssapi_client.exportedname);
-@@ -354,14 +442,90 @@ ssh_gssapi_userok(char *user)
+@@ -374,14 +462,90 @@ ssh_gssapi_userok(char *user)
return (0);
}
@@ -1181,7 +1181,7 @@
KEX_MAX
};
-@@ -136,6 +139,12 @@ struct Kex {
+@@ -135,6 +138,12 @@ struct Kex {
int flags;
int hash_alg;
int ec_nid;
@@ -1194,7 +1194,7 @@
char *client_version_string;
char *server_version_string;
int (*verify_host_key)(Key *);
-@@ -168,6 +177,11 @@ void kexecdh_server(Kex *);
+@@ -167,6 +176,11 @@ void kexecdh_server(Kex *);
void kexc25519_client(Kex *);
void kexc25519_server(Kex *);
@@ -1871,7 +1871,7 @@
diff -Nrup openssh-6.5p1/monitor.c openssh-6.5p1.patched/monitor.c
--- openssh-6.5p1/monitor.c 2013-11-06 18:32:52.000000000 -0800
+++ openssh-6.5p1.patched/monitor.c 2014-02-15 16:53:04.000000000 -0800
-@@ -181,6 +181,8 @@ int mm_answer_gss_setup_ctx(int, Buffer
+@@ -175,6 +175,8 @@ int mm_answer_gss_setup_ctx(int, Buffer
int mm_answer_gss_accept_ctx(int, Buffer *);
int mm_answer_gss_userok(int, Buffer *);
int mm_answer_gss_checkmic(int, Buffer *);
@@ -1880,15 +1880,13 @@
#endif
#ifdef SSH_AUDIT_EVENTS
-@@ -253,6 +255,7 @@ struct mon_table mon_dispatch_proto20[]
+@@ -247,11 +249,18 @@ struct mon_table mon_dispatch_proto20[]
{MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx},
{MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},
{MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic},
+ {MONITOR_REQ_GSSSIGN, MON_ONCE, mm_answer_gss_sign},
#endif
- #ifdef JPAKE
- {MONITOR_REQ_JPAKE_GET_PWDATA, MON_ONCE, mm_answer_jpake_get_pwdata},
-@@ -265,6 +268,12 @@ struct mon_table mon_dispatch_proto20[]
+ {0, 0, NULL}
};
struct mon_table mon_dispatch_postauth20[] = {
@@ -1901,7 +1899,7 @@
{MONITOR_REQ_MODULI, 0, mm_answer_moduli},
{MONITOR_REQ_SIGN, 0, mm_answer_sign},
{MONITOR_REQ_PTY, 0, mm_answer_pty},
-@@ -373,6 +382,10 @@ monitor_child_preauth(Authctxt *_authctx
+@@ -360,6 +369,10 @@ monitor_child_preauth(Authctxt *_authctx
/* Permit requests for moduli and signatures */
monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
@@ -1912,7 +1910,7 @@
} else {
mon_dispatch = mon_dispatch_proto15;
-@@ -487,6 +500,10 @@ monitor_child_postauth(struct monitor *p
+@@ -465,6 +478,10 @@ monitor_child_postauth(struct monitor *p
monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
@@ -1923,7 +1921,7 @@
} else {
mon_dispatch = mon_dispatch_postauth15;
monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
-@@ -1856,6 +1873,13 @@ mm_get_kex(Buffer *m)
+@@ -1834,6 +1851,13 @@ mm_get_kex(Buffer *m)
kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
kex->kex[KEX_C25519_SHA256] = kexc25519_server;
@@ -1937,7 +1935,7 @@
kex->server = 1;
kex->hostkey_type = buffer_get_int(m);
kex->kex_type = buffer_get_int(m);
-@@ -2063,6 +2087,9 @@ mm_answer_gss_setup_ctx(int sock, Buffer
+@@ -2041,6 +2065,9 @@ mm_answer_gss_setup_ctx(int sock, Buffer
OM_uint32 major;
u_int len;
@@ -1947,7 +1945,7 @@
goid.elements = buffer_get_string(m, &len);
goid.length = len;
-@@ -2090,6 +2117,9 @@ mm_answer_gss_accept_ctx(int sock, Buffe
+@@ -2068,6 +2095,9 @@ mm_answer_gss_accept_ctx(int sock, Buffe
OM_uint32 flags = 0; /* GSI needs this */
u_int len;
@@ -1957,7 +1955,7 @@
in.value = buffer_get_string(m, &len);
in.length = len;
major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags);
-@@ -2107,6 +2137,7 @@ mm_answer_gss_accept_ctx(int sock, Buffe
+@@ -2085,6 +2115,7 @@ mm_answer_gss_accept_ctx(int sock, Buffe
monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0);
monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
@@ -1965,7 +1963,7 @@
}
return (0);
}
-@@ -2118,6 +2149,9 @@ mm_answer_gss_checkmic(int sock, Buffer
+@@ -2096,6 +2127,9 @@ mm_answer_gss_checkmic(int sock, Buffer
OM_uint32 ret;
u_int len;
@@ -1975,7 +1973,7 @@
gssbuf.value = buffer_get_string(m, &len);
gssbuf.length = len;
mic.value = buffer_get_string(m, &len);
-@@ -2144,7 +2178,11 @@ mm_answer_gss_userok(int sock, Buffer *m
+@@ -2122,7 +2156,11 @@ mm_answer_gss_userok(int sock, Buffer *m
{
int authenticated;
@@ -1988,7 +1986,7 @@
buffer_clear(m);
buffer_put_int(m, authenticated);
-@@ -2157,6 +2195,74 @@ mm_answer_gss_userok(int sock, Buffer *m
+@@ -2135,5 +2173,73 @@ mm_answer_gss_userok(int sock, Buffer *m
/* Monitor loop will terminate if authenticated */
return (authenticated);
}
@@ -2062,13 +2060,12 @@
+
#endif /* GSSAPI */
- #ifdef JPAKE
diff -Nrup openssh-6.5p1/monitor.h openssh-6.5p1.patched/monitor.h
--- openssh-6.5p1/monitor.h 2012-12-02 14:53:21.000000000 -0800
+++ openssh-6.5p1.patched/monitor.h 2014-02-15 16:50:46.000000000 -0800
-@@ -62,6 +62,9 @@ enum monitor_reqtype {
- MONITOR_REQ_JPAKE_KEY_CONFIRM = 58, MONITOR_ANS_JPAKE_KEY_CONFIRM = 59,
- MONITOR_REQ_JPAKE_CHECK_CONFIRM = 60, MONITOR_ANS_JPAKE_CHECK_CONFIRM = 61,
+@@ -57,6 +57,9 @@ enum monitor_reqtype {
+ MONITOR_REQ_GSSCHECKMIC = 48, MONITOR_ANS_GSSCHECKMIC = 49,
+ MONITOR_REQ_TERM = 50,
+ MONITOR_REQ_GSSSIGN = 62, MONITOR_ANS_GSSSIGN = 63,
+ MONITOR_REQ_GSSUPCREDS = 64, MONITOR_ANS_GSSUPCREDS = 65,
@@ -2079,7 +2076,7 @@
diff -Nrup openssh-6.5p1/monitor_wrap.c openssh-6.5p1.patched/monitor_wrap.c
--- openssh-6.5p1/monitor_wrap.c 2013-11-06 18:35:39.000000000 -0800
+++ openssh-6.5p1.patched/monitor_wrap.c 2014-02-15 16:50:46.000000000 -0800
-@@ -1273,7 +1273,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss
+@@ -1271,7 +1271,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss
}
int
@@ -2088,7 +2085,7 @@
{
Buffer m;
int authenticated = 0;
-@@ -1290,6 +1290,51 @@ mm_ssh_gssapi_userok(char *user)
+@@ -1288,5 +1288,50 @@ mm_ssh_gssapi_userok(char *user)
debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");
return (authenticated);
}
@@ -2139,7 +2136,6 @@
+
#endif /* GSSAPI */
- #ifdef JPAKE
diff -Nrup openssh-6.5p1/monitor_wrap.h openssh-6.5p1.patched/monitor_wrap.h
--- openssh-6.5p1/monitor_wrap.h 2011-06-19 21:42:23.000000000 -0700
+++ openssh-6.5p1.patched/monitor_wrap.h 2014-02-15 16:50:46.000000000 -0800
@@ -2158,7 +2154,7 @@
diff -Nrup openssh-6.5p1/readconf.c openssh-6.5p1.patched/readconf.c
--- openssh-6.5p1/readconf.c 2014-01-17 05:03:57.000000000 -0800
+++ openssh-6.5p1.patched/readconf.c 2014-02-15 16:50:46.000000000 -0800
-@@ -140,6 +140,8 @@ typedef enum {
+@@ -141,6 +141,8 @@ typedef enum {
oClearAllForwardings, oNoHostAuthenticationForLocalhost,
oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
oAddressFamily, oGssAuthentication, oGssDelegateCreds,
@@ -2167,7 +2163,7 @@
oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
oSendEnv, oControlPath, oControlMaster, oControlPersist,
oHashKnownHosts,
-@@ -182,10 +184,19 @@ static struct {
+@@ -186,10 +188,19 @@ static struct {
{ "afstokenpassing", oUnsupported },
#if defined(GSSAPI)
{ "gssapiauthentication", oGssAuthentication },
@@ -2187,7 +2183,7 @@
#endif
{ "fallbacktorsh", oDeprecated },
{ "usersh", oDeprecated },
-@@ -839,10 +850,30 @@ parse_time:
+@@ -847,10 +858,30 @@ parse_time:
intptr = &options->gss_authentication;
goto parse_flag;
@@ -2218,7 +2214,7 @@
case oBatchMode:
intptr = &options->batch_mode;
goto parse_flag;
-@@ -1488,7 +1519,12 @@ initialize_options(Options * options)
+@@ -1509,7 +1540,12 @@ initialize_options(Options * options)
options->pubkey_authentication = -1;
options->challenge_response_authentication = -1;
options->gss_authentication = -1;
@@ -2231,7 +2227,7 @@
options->password_authentication = -1;
options->kbd_interactive_authentication = -1;
options->kbd_interactive_devices = NULL;
-@@ -1594,8 +1630,14 @@ fill_default_options(Options * options)
+@@ -1631,8 +1667,14 @@ fill_default_options(Options * options)
options->challenge_response_authentication = 1;
if (options->gss_authentication == -1)
options->gss_authentication = 0;
@@ -2276,7 +2272,7 @@
options->password_authentication = -1;
options->kbd_interactive_authentication = -1;
options->challenge_response_authentication = -1;
-@@ -245,8 +248,14 @@ fill_default_server_options(ServerOption
+@@ -244,8 +247,14 @@ fill_default_server_options(ServerOption
options->kerberos_get_afs_token = 0;
if (options->gss_authentication == -1)
options->gss_authentication = 0;
@@ -2289,9 +2285,9 @@
+ if (options->gss_store_rekey == -1)
+ options->gss_store_rekey = 0;
if (options->password_authentication == -1)
- options->password_authentication = 1;
+ options->password_authentication = 0;
if (options->kbd_interactive_authentication == -1)
-@@ -343,7 +352,9 @@ typedef enum {
+@@ -340,7 +349,9 @@ typedef enum {
sBanner, sUseDNS, sHostbasedAuthentication,
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
sClientAliveCountMax, sAuthorizedKeysFile,
@@ -2301,8 +2297,8 @@
+ sAcceptEnv, sPermitTunnel,
sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
sUsePrivilegeSeparation, sAllowAgentForwarding,
- sZeroKnowledgePasswordAuthentication, sHostCertificate,
-@@ -410,10 +421,20 @@ static struct {
+ sHostCertificate,
+@@ -407,10 +418,20 @@ static struct {
#ifdef GSSAPI
{ "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
{ "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
@@ -2323,7 +2319,7 @@
{ "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
{ "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
-@@ -1094,10 +1115,22 @@ process_server_config_line(ServerOptions
+@@ -1086,10 +1107,22 @@ process_server_config_line(ServerOptions
intptr = &options->gss_authentication;
goto parse_flag;
@@ -2346,7 +2342,7 @@
case sPasswordAuthentication:
intptr = &options->password_authentication;
goto parse_flag;
-@@ -2008,7 +2041,10 @@ dump_config(ServerOptions *o)
+@@ -1995,7 +2028,10 @@ dump_config(ServerOptions *o)
#endif
#ifdef GSSAPI
dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
@@ -2355,8 +2351,8 @@
+ dump_cfg_fmtint(sGssStrictAcceptor, o->gss_strict_acceptor);
+ dump_cfg_fmtint(sGssStoreRekey, o->gss_store_rekey);
#endif
- #ifdef JPAKE
- dump_cfg_fmtint(sZeroKnowledgePasswordAuthentication,
+ dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication);
+ dump_cfg_fmtint(sKbdInteractiveAuthentication,
diff -Nrup openssh-6.5p1/servconf.h openssh-6.5p1.patched/servconf.h
--- openssh-6.5p1/servconf.h 2013-12-04 19:07:28.000000000 -0800
+++ openssh-6.5p1.patched/servconf.h 2014-02-15 16:50:46.000000000 -0800
@@ -2375,7 +2371,7 @@
--- openssh-6.5p1/ssh-gss.h 2013-02-24 16:24:44.000000000 -0800
+++ openssh-6.5p1.patched/ssh-gss.h 2014-02-15 16:50:46.000000000 -0800
@@ -1,6 +1,6 @@
- /* $OpenBSD: ssh-gss.h,v 1.10 2007/06/12 08:20:00 djm Exp $ */
+ /* $OpenBSD: ssh-gss.h,v 1.11 2014/02/26 20:28:44 djm Exp $ */
/*
- * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
+ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
@@ -2438,7 +2434,7 @@
int ssh_gssapi_check_oid(Gssctxt *, void *, size_t);
void ssh_gssapi_set_oid_data(Gssctxt *, void *, size_t);
-@@ -117,16 +134,30 @@ void ssh_gssapi_build_ctx(Gssctxt **);
+@@ -119,16 +136,30 @@ void ssh_gssapi_build_ctx(Gssctxt **);
void ssh_gssapi_delete_ctx(Gssctxt **);
OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t);
void ssh_gssapi_buildmic(Buffer *, const char *, const char *, const char *);
@@ -2486,7 +2482,7 @@
diff -Nrup openssh-6.5p1/ssh_config.5 openssh-6.5p1.patched/ssh_config.5
--- openssh-6.5p1/ssh_config.5 2014-01-19 03:36:14.000000000 -0800
+++ openssh-6.5p1.patched/ssh_config.5 2014-02-15 16:50:46.000000000 -0800
-@@ -676,11 +676,43 @@ Specifies whether user authentication ba
+@@ -682,11 +682,43 @@ Specifies whether user authentication ba
The default is
.Dq no .
Note that this option applies to protocol version 2 only.
@@ -2534,7 +2530,7 @@
diff -Nrup openssh-6.5p1/sshconnect2.c openssh-6.5p1.patched/sshconnect2.c
--- openssh-6.5p1/sshconnect2.c 2014-01-09 15:58:53.000000000 -0800
+++ openssh-6.5p1.patched/sshconnect2.c 2014-02-15 16:54:12.000000000 -0800
-@@ -160,9 +160,34 @@ ssh_kex2(char *host, struct sockaddr *ho
+@@ -159,9 +159,34 @@ ssh_kex2(char *host, struct sockaddr *ho
{
Kex *kex;
@@ -2569,7 +2565,7 @@
if (options.ciphers == (char *)-1) {
logit("No valid ciphers for protocol version 2 given, using defaults.");
options.ciphers = NULL;
-@@ -198,6 +223,17 @@ ssh_kex2(char *host, struct sockaddr *ho
+@@ -197,6 +222,17 @@ ssh_kex2(char *host, struct sockaddr *ho
if (options.kex_algorithms != NULL)
myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
@@ -2587,7 +2583,7 @@
if (options.rekey_limit || options.rekey_interval)
packet_set_rekey_limits((u_int32_t)options.rekey_limit,
(time_t)options.rekey_interval);
-@@ -209,11 +245,31 @@ ssh_kex2(char *host, struct sockaddr *ho
+@@ -208,11 +244,31 @@ ssh_kex2(char *host, struct sockaddr *ho
kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
@@ -2619,7 +2615,7 @@
xxx_kex = kex;
dispatch_run(DISPATCH_BLOCK, &kex->done, kex);
-@@ -309,6 +365,7 @@ void input_gssapi_token(int type, u_int3
+@@ -302,6 +358,7 @@ void input_gssapi_token(int type, u_int3
void input_gssapi_hash(int type, u_int32_t, void *);
void input_gssapi_error(int, u_int32_t, void *);
void input_gssapi_errtok(int, u_int32_t, void *);
@@ -2627,7 +2623,7 @@
#endif
void userauth(Authctxt *, char *);
-@@ -324,6 +381,11 @@ static char *authmethods_get(void);
+@@ -317,6 +374,11 @@ static char *authmethods_get(void);
Authmethod authmethods[] = {
#ifdef GSSAPI
@@ -2639,7 +2635,7 @@
{"gssapi-with-mic",
userauth_gssapi,
NULL,
-@@ -627,19 +689,31 @@ userauth_gssapi(Authctxt *authctxt)
+@@ -613,19 +675,31 @@ userauth_gssapi(Authctxt *authctxt)
static u_int mech = 0;
OM_uint32 min;
int ok = 0;
@@ -2673,7 +2669,7 @@
ok = 1; /* Mechanism works */
} else {
mech++;
-@@ -736,8 +810,8 @@ input_gssapi_response(int type, u_int32_
+@@ -722,8 +796,8 @@ input_gssapi_response(int type, u_int32_
{
Authctxt *authctxt = ctxt;
Gssctxt *gssctxt;
@@ -2684,7 +2680,7 @@
if (authctxt == NULL)
fatal("input_gssapi_response: no authentication context");
-@@ -846,6 +920,48 @@ input_gssapi_error(int type, u_int32_t p
+@@ -832,6 +906,48 @@ input_gssapi_error(int type, u_int32_t p
free(msg);
free(lang);
}
@@ -2747,7 +2743,7 @@
#ifdef LIBWRAP
#include <tcpd.h>
#include <syslog.h>
-@@ -1721,10 +1725,13 @@ main(int ac, char **av)
+@@ -1735,10 +1739,13 @@ main(int ac, char **av)
logit("Disabling protocol version 1. Could not load host key");
options.protocol &= ~SSH_PROTO_1;
}
@@ -2761,7 +2757,7 @@
if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) {
logit("sshd: no hostkeys available -- exiting.");
exit(1);
-@@ -2051,6 +2058,60 @@ main(int ac, char **av)
+@@ -2065,6 +2072,60 @@ main(int ac, char **av)
remote_ip, remote_port,
get_local_ipaddr(sock_in), get_local_port());
@@ -2822,7 +2818,7 @@
/*
* We don't want to listen forever unless the other side
* successfully authenticates itself. So we set up an alarm which is
-@@ -2456,6 +2517,48 @@ do_ssh2_kex(void)
+@@ -2476,6 +2537,48 @@ do_ssh2_kex(void)
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
list_hostkey_types());
@@ -2871,7 +2867,7 @@
/* start key exchange */
kex = kex_setup(myproposal);
kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
-@@ -2464,6 +2567,13 @@ do_ssh2_kex(void)
+@@ -2484,6 +2587,13 @@ do_ssh2_kex(void)
kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
kex->kex[KEX_C25519_SHA256] = kexc25519_server;
@@ -2888,7 +2884,7 @@
diff -Nrup openssh-6.5p1/sshd_config openssh-6.5p1.patched/sshd_config
--- openssh-6.5p1/sshd_config 2014-01-12 00:20:47.000000000 -0800
+++ openssh-6.5p1.patched/sshd_config 2014-02-15 16:50:46.000000000 -0800
-@@ -84,6 +84,8 @@ AuthorizedKeysFile .ssh/authorized_keys
+@@ -85,6 +85,8 @@ AuthorizedKeysFile .ssh/authorized_keys
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
Modified: trunk/dports/net/openssh/files/pam.patch
===================================================================
--- trunk/dports/net/openssh/files/pam.patch 2014-03-17 09:35:49 UTC (rev 117922)
+++ trunk/dports/net/openssh/files/pam.patch 2014-03-17 10:26:31 UTC (rev 117923)
@@ -1,7 +1,6 @@
-diff -Naur ../openssh-4.4p1.orig/servconf.c ./servconf.c
---- ../openssh-4.4p1.orig/servconf.c 2006-08-18 07:23:15.000000000 -0700
-+++ ./servconf.c 2006-10-19 17:12:43.000000000 -0700
-@@ -129,7 +129,7 @@
+--- a/servconf.c 2014-03-17 00:22:44.000000000 -0700
++++ b/servconf.c 2014-03-17 00:31:30.000000000 -0700
+@@ -160,7 +160,7 @@
{
/* Portable-specific options */
if (options->use_pam == -1)
Modified: trunk/dports/net/openssh/files/patch-sshd.c-apple-sandbox-named-external.diff
===================================================================
--- trunk/dports/net/openssh/files/patch-sshd.c-apple-sandbox-named-external.diff 2014-03-17 09:35:49 UTC (rev 117922)
+++ trunk/dports/net/openssh/files/patch-sshd.c-apple-sandbox-named-external.diff 2014-03-17 10:26:31 UTC (rev 117923)
@@ -1,6 +1,6 @@
---- a/sshd.c 2014-02-11 23:55:15.000000000 +0100
-+++ b/sshd.c 2013-07-03 01:09:16.000000000 +0200
-@@ -708,11 +699,18 @@
+--- a/sshd.c 2014-03-17 00:22:44.000000000 -0700
++++ b/sshd.c 2014-03-17 00:32:54.000000000 -0700
+@@ -711,11 +711,18 @@
set_log_handler(mm_log_handler, pmonitor);
/* Demote the child */
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/macports-changes/attachments/20140317/a03b09bf/attachment-0001.html>
More information about the macports-changes
mailing list