<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[117923] trunk/dports/net/openssh</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="https://trac.macports.org/changeset/117923">117923</a></dd>
<dt>Author</dt> <dd>pixilla@macports.org</dd>
<dt>Date</dt> <dd>2014-03-17 03:26:31 -0700 (Mon, 17 Mar 2014)</dd>
</dl>
<h3>Log Message</h3>
<pre>net/openssh:
- Fix checksums. Closes #42878
- Update patches to apply cleanly.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkdportsnetopensshPortfile">trunk/dports/net/openssh/Portfile</a></li>
<li><a href="#trunkdportsnetopensshfiles0002Applekeychainintegrationotherchangespatch">trunk/dports/net/openssh/files/0002-Apple-keychain-integration-other-changes.patch</a></li>
<li><a href="#trunkdportsnetopensshfileslaunchdpatch">trunk/dports/net/openssh/files/launchd.patch</a></li>
<li><a href="#trunkdportsnetopensshfilesopenssh63p1gsskexall20130920patch">trunk/dports/net/openssh/files/openssh-6.3p1-gsskex-all-20130920.patch</a></li>
<li><a href="#trunkdportsnetopensshfilespampatch">trunk/dports/net/openssh/files/pam.patch</a></li>
<li><a href="#trunkdportsnetopensshfilespatchsshdcapplesandboxnamedexternaldiff">trunk/dports/net/openssh/files/patch-sshd.c-apple-sandbox-named-external.diff</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkdportsnetopensshPortfile"></a>
<div class="modfile"><h4>Modified: trunk/dports/net/openssh/Portfile (117922 => 117923)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/dports/net/openssh/Portfile 2014-03-17 09:35:49 UTC (rev 117922)
+++ trunk/dports/net/openssh/Portfile 2014-03-17 10:26:31 UTC (rev 117923)
</span><span class="lines">@@ -5,7 +5,7 @@
</span><span class="cx">
</span><span class="cx"> name openssh
</span><span class="cx"> version 6.6p1
</span><del>-
</del><ins>+revision 1
</ins><span class="cx"> categories net
</span><span class="cx"> platforms darwin
</span><span class="cx"> maintainers nomaintainer
</span><span class="lines">@@ -27,7 +27,8 @@
</span><span class="cx">
</span><span class="cx"> homepage http://www.openbsd.org/openssh/
</span><span class="cx">
</span><del>-checksums rmd160 e19ed34e240001898b6665bb4356b868bba5513d \
</del><ins>+checksums ${distfiles} \
+ rmd160 e19ed34e240001898b6665bb4356b868bba5513d \
</ins><span class="cx"> sha256 48c1f0664b4534875038004cc4f3555b8329c2a81c1df48db5c517800de203bb
</span><span class="cx">
</span><span class="cx"> master_sites openbsd:OpenSSH/portable \
</span><span class="lines">@@ -135,8 +136,8 @@
</span><span class="cx"> set hpn_patchfile ${name}-${version}-hpnssh14v2.diff.gz
</span><span class="cx"> patchfiles-append ${hpn_patchfile}
</span><span class="cx"> checksums-append ${hpn_patchfile} \
</span><del>- rmd160 5a7203fffee510b2ae6737af074fec2834bae122 \
- sha256 be6915130f2b1aad00235e02d55b67114dbb517b13d04d52a8abac9343166efd
</del><ins>+ rmd160 1e553ce6ba06237cfd0eb8c6ad9433df5eec8fee \
+ sha256 2a1b34dc3bf922e12cbca687e57b1fad2a0b087e38022e6782e99b45fcc1a315
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> variant gsskex conflicts hpn requires kerberos5 description "Add OpenSSH GSSAPI key exchange patch" {
</span></span></pre></div>
<a id="trunkdportsnetopensshfiles0002Applekeychainintegrationotherchangespatch"></a>
<div class="modfile"><h4>Modified: trunk/dports/net/openssh/files/0002-Apple-keychain-integration-other-changes.patch (117922 => 117923)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/dports/net/openssh/files/0002-Apple-keychain-integration-other-changes.patch 2014-03-17 09:35:49 UTC (rev 117922)
+++ trunk/dports/net/openssh/files/0002-Apple-keychain-integration-other-changes.patch 2014-03-17 10:26:31 UTC (rev 117923)
</span><span class="lines">@@ -62,8 +62,6 @@
</span><span class="cx"> $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
</span><span class="cx"> $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
</span><span class="cx"> $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
</span><del>-Only in openssh-6.5p1.patched: Makefile.in.orig
-Only in openssh-6.5p1.patched: Makefile.in.rej
</del><span class="cx"> diff -urp openssh-6.5p1/audit-bsm.c openssh-6.5p1.patched/audit-bsm.c
</span><span class="cx"> --- openssh-6.5p1/audit-bsm.c 2012-02-23 15:40:43.000000000 -0800
</span><span class="cx"> +++ openssh-6.5p1.patched/audit-bsm.c 2014-02-15 16:25:56.000000000 -0800
</span><span class="lines">@@ -98,7 +96,6 @@
</span><span class="cx"> /* FALLTHROUGH */
</span><span class="cx"> default:
</span><span class="cx"> *num = 0;
</span><del>-Only in openssh-6.5p1.patched: auth-pam.c.orig
</del><span class="cx"> diff -urp openssh-6.5p1/auth.c openssh-6.5p1.patched/auth.c
</span><span class="cx"> --- openssh-6.5p1/auth.c 2013-06-01 14:41:51.000000000 -0700
</span><span class="cx"> +++ openssh-6.5p1.patched/auth.c 2014-02-15 16:25:56.000000000 -0800
</span><span class="lines">@@ -144,7 +141,6 @@
</span><span class="cx"> int
</span><span class="cx"> decode_reply(int type)
</span><span class="cx"> {
</span><del>-Only in openssh-6.5p1.patched: authfd.c.orig
</del><span class="cx"> diff -urp openssh-6.5p1/authfd.h openssh-6.5p1.patched/authfd.h
</span><span class="cx"> --- openssh-6.5p1/authfd.h 2009-10-06 14:47:02.000000000 -0700
</span><span class="cx"> +++ openssh-6.5p1.patched/authfd.h 2014-02-15 16:25:56.000000000 -0800
</span><span class="lines">@@ -180,12 +176,10 @@
</span><span class="cx"> /* tcgetattr with ICANON may hang */
</span><span class="cx"> #undef BROKEN_TCGETATTR_ICANON
</span><span class="cx">
</span><del>-Only in openssh-6.5p1.patched: config.h.in.orig
-Only in openssh-6.5p1.patched: config.h.in.rej
</del><span class="cx"> diff -urp openssh-6.5p1/configure.ac openssh-6.5p1.patched/configure.ac
</span><span class="cx"> --- openssh-6.5p1/configure.ac 2014-01-29 16:26:46.000000000 -0800
</span><span class="cx"> +++ openssh-6.5p1.patched/configure.ac 2014-02-15 16:25:56.000000000 -0800
</span><del>-@@ -4779,10 +4779,40 @@ AC_CHECK_MEMBER([struct utmp.ut_line], [
</del><ins>+@@ -4781,10 +4781,40 @@ AC_CHECK_MEMBER([struct utmp.ut_line], [
</ins><span class="cx"> #endif
</span><span class="cx"> ])
</span><span class="cx">
</span><span class="lines">@@ -226,7 +220,6 @@
</span><span class="cx"> if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
</span><span class="cx"> TEST_SSH_IPV6=no
</span><span class="cx"> else
</span><del>-Only in openssh-6.5p1.patched: configure.ac.orig
</del><span class="cx"> diff -urp openssh-6.5p1/groupaccess.c openssh-6.5p1.patched/groupaccess.c
</span><span class="cx"> --- openssh-6.5p1/groupaccess.c 2013-06-01 15:07:32.000000000 -0700
</span><span class="cx"> +++ openssh-6.5p1.patched/groupaccess.c 2014-02-15 16:25:56.000000000 -0800
</span><span class="lines">@@ -1102,7 +1095,7 @@
</span><span class="cx"> diff -urp openssh-6.5p1/readconf.c openssh-6.5p1.patched/readconf.c
</span><span class="cx"> --- openssh-6.5p1/readconf.c 2014-01-17 05:03:57.000000000 -0800
</span><span class="cx"> +++ openssh-6.5p1.patched/readconf.c 2014-02-15 16:30:49.000000000 -0800
</span><del>-@@ -148,6 +148,9 @@ typedef enum {
</del><ins>+@@ -149,6 +149,9 @@ typedef enum {
</ins><span class="cx"> oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
</span><span class="cx"> oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots,
</span><span class="cx"> oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs,
</span><span class="lines">@@ -1112,7 +1105,7 @@
</span><span class="cx"> oIgnoredUnknownOption, oDeprecated, oUnsupported
</span><span class="cx"> } OpCodes;
</span><span class="cx">
</span><del>-@@ -267,6 +270,9 @@ static struct {
</del><ins>+@@ -262,6 +265,9 @@ static struct {
</ins><span class="cx"> { "canonicalizemaxdots", oCanonicalizeMaxDots },
</span><span class="cx"> { "canonicalizepermittedcnames", oCanonicalizePermittedCNAMEs },
</span><span class="cx"> { "ignoreunknown", oIgnoreUnknown },
</span><span class="lines">@@ -1122,7 +1115,7 @@
</span><span class="cx">
</span><span class="cx"> { NULL, oBadOption }
</span><span class="cx"> };
</span><del>-@@ -1332,6 +1338,12 @@ parse_int:
</del><ins>+@@ -1334,6 +1340,12 @@ parse_int:
</ins><span class="cx"> charptr = &options->ignored_unknown;
</span><span class="cx"> goto parse_string;
</span><span class="cx">
</span><span class="lines">@@ -1135,7 +1128,7 @@
</span><span class="cx"> case oProxyUseFdpass:
</span><span class="cx"> intptr = &options->proxy_use_fdpass;
</span><span class="cx"> goto parse_flag;
</span><del>-@@ -1555,6 +1567,9 @@ initialize_options(Options * options)
</del><ins>+@@ -1563,6 +1575,9 @@ initialize_options(Options * options)
</ins><span class="cx"> options->request_tty = -1;
</span><span class="cx"> options->proxy_use_fdpass = -1;
</span><span class="cx"> options->ignored_unknown = NULL;
</span><span class="lines">@@ -1145,7 +1138,7 @@
</span><span class="cx"> options->num_canonical_domains = 0;
</span><span class="cx"> options->num_permitted_cnames = 0;
</span><span class="cx"> options->canonicalize_max_dots = -1;
</span><del>-@@ -1713,6 +1728,10 @@ fill_default_options(Options * options)
</del><ins>+@@ -1733,6 +1748,10 @@ fill_default_options(Options * options)
</ins><span class="cx"> options->ip_qos_bulk = IPTOS_THROUGHPUT;
</span><span class="cx"> if (options->request_tty == -1)
</span><span class="cx"> options->request_tty = REQUEST_TTY_AUTO;
</span><span class="lines">@@ -1156,12 +1149,10 @@
</span><span class="cx"> if (options->proxy_use_fdpass == -1)
</span><span class="cx"> options->proxy_use_fdpass = 0;
</span><span class="cx"> if (options->canonicalize_max_dots == -1)
</span><del>-Only in openssh-6.5p1.patched: readconf.c.orig
-Only in openssh-6.5p1.patched: readconf.c.rej
</del><span class="cx"> diff -urp openssh-6.5p1/readconf.h openssh-6.5p1.patched/readconf.h
</span><span class="cx"> --- openssh-6.5p1/readconf.h 2013-10-16 17:48:14.000000000 -0700
</span><span class="cx"> +++ openssh-6.5p1.patched/readconf.h 2014-02-15 16:31:29.000000000 -0800
</span><del>-@@ -155,6 +155,10 @@ typedef struct {
</del><ins>+@@ -154,6 +154,10 @@ typedef struct {
</ins><span class="cx"> struct allowed_cname permitted_cnames[MAX_CANON_DOMAINS];
</span><span class="cx">
</span><span class="cx"> char *ignored_unknown; /* Pattern list of unknown tokens to ignore */
</span><span class="lines">@@ -1172,8 +1163,6 @@
</span><span class="cx"> } Options;
</span><span class="cx">
</span><span class="cx"> #define SSH_CANONICALISE_NO 0
</span><del>-Only in openssh-6.5p1.patched: readconf.h.orig
-Only in openssh-6.5p1.patched: readconf.h.rej
</del><span class="cx"> diff -urp openssh-6.5p1/scp.1 openssh-6.5p1.patched/scp.1
</span><span class="cx"> --- openssh-6.5p1/scp.1 2013-10-22 22:30:00.000000000 -0700
</span><span class="cx"> +++ openssh-6.5p1.patched/scp.1 2014-02-15 16:25:56.000000000 -0800
</span><span class="lines">@@ -1453,7 +1442,7 @@
</span><span class="cx"> diff -urp openssh-6.5p1/servconf.c openssh-6.5p1.patched/servconf.c
</span><span class="cx"> --- openssh-6.5p1/servconf.c 2013-12-06 16:24:02.000000000 -0800
</span><span class="cx"> +++ openssh-6.5p1.patched/servconf.c 2014-02-15 16:25:56.000000000 -0800
</span><del>-@@ -248,7 +248,7 @@ fill_default_server_options(ServerOption
</del><ins>+@@ -247,7 +247,7 @@ fill_default_server_options(ServerOption
</ins><span class="cx"> if (options->gss_cleanup_creds == -1)
</span><span class="cx"> options->gss_cleanup_creds = 1;
</span><span class="cx"> if (options->password_authentication == -1)
</span><span class="lines">@@ -1462,7 +1451,7 @@
</span><span class="cx"> if (options->kbd_interactive_authentication == -1)
</span><span class="cx"> options->kbd_interactive_authentication = 0;
</span><span class="cx"> if (options->challenge_response_authentication == -1)
</span><del>-@@ -629,7 +629,7 @@ match_cfg_line_group(const char *grps, i
</del><ins>+@@ -621,7 +621,7 @@ match_cfg_line_group(const char *grps, i
</ins><span class="cx"> if ((pw = getpwnam(user)) == NULL) {
</span><span class="cx"> debug("Can't match group at line %d because user %.100s does "
</span><span class="cx"> "not exist", line, user);
</span><span class="lines">@@ -1471,11 +1460,10 @@
</span><span class="cx"> debug("Can't Match group because user %.100s not in any group "
</span><span class="cx"> "at line %d", user, line);
</span><span class="cx"> } else if (ga_match_pattern_list(grps) != 1) {
</span><del>-Only in openssh-6.5p1.patched: servconf.c.orig
</del><span class="cx"> diff -urp openssh-6.5p1/session.c openssh-6.5p1.patched/session.c
</span><span class="cx"> --- openssh-6.5p1/session.c 2014-01-22 19:16:10.000000000 -0800
</span><span class="cx"> +++ openssh-6.5p1.patched/session.c 2014-02-15 16:25:56.000000000 -0800
</span><del>-@@ -2111,8 +2111,10 @@ session_pty_req(Session *s)
</del><ins>+@@ -2116,8 +2116,10 @@ session_pty_req(Session *s)
</ins><span class="cx"> n_bytes = packet_remaining();
</span><span class="cx"> tty_parse_modes(s->ttyfd, &n_bytes);
</span><span class="cx">
</span><span class="lines">@@ -1486,7 +1474,7 @@
</span><span class="cx">
</span><span class="cx"> /* Set window size from the packet. */
</span><span class="cx"> pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
</span><del>-@@ -2352,9 +2354,11 @@ session_pty_cleanup2(Session *s)
</del><ins>+@@ -2357,9 +2357,11 @@ session_pty_cleanup2(Session *s)
</ins><span class="cx"> if (s->pid != 0)
</span><span class="cx"> record_logout(s->pid, s->tty, s->pw->pw_name);
</span><span class="cx">
</span><span class="lines">@@ -1498,7 +1486,6 @@
</span><span class="cx">
</span><span class="cx"> /*
</span><span class="cx"> * Close the server side of the socket pairs. We must do this after
</span><del>-Only in openssh-6.5p1.patched: session.c.orig
</del><span class="cx"> diff -urp openssh-6.5p1/ssh-add.0 openssh-6.5p1.patched/ssh-add.0
</span><span class="cx"> --- openssh-6.5p1/ssh-add.0 2014-01-29 17:52:47.000000000 -0800
</span><span class="cx"> +++ openssh-6.5p1.patched/ssh-add.0 2014-02-15 16:25:56.000000000 -0800
</span><span class="lines">@@ -1551,7 +1538,6 @@
</span><span class="cx"> .It Fl s Ar pkcs11
</span><span class="cx"> Add keys provided by the PKCS#11 shared library
</span><span class="cx"> .Ar pkcs11 .
</span><del>-Only in openssh-6.5p1.patched: ssh-add.1.orig
</del><span class="cx"> diff -urp openssh-6.5p1/ssh-add.c openssh-6.5p1.patched/ssh-add.c
</span><span class="cx"> --- openssh-6.5p1/ssh-add.c 2013-12-28 22:44:07.000000000 -0800
</span><span class="cx"> +++ openssh-6.5p1.patched/ssh-add.c 2014-02-15 16:25:56.000000000 -0800
</span><span class="lines">@@ -1707,11 +1693,10 @@
</span><span class="cx"> ret = 1;
</span><span class="cx"> }
</span><span class="cx"> }
</span><del>-Only in openssh-6.5p1.patched: ssh-add.c.orig
</del><span class="cx"> diff -urp openssh-6.5p1/ssh-agent.c openssh-6.5p1.patched/ssh-agent.c
</span><span class="cx"> --- openssh-6.5p1/ssh-agent.c 2013-12-28 22:45:52.000000000 -0800
</span><span class="cx"> +++ openssh-6.5p1.patched/ssh-agent.c 2014-02-15 16:25:56.000000000 -0800
</span><del>-@@ -65,6 +65,9 @@
</del><ins>+@@ -64,6 +64,9 @@
</ins><span class="cx"> #include <time.h>
</span><span class="cx"> #include <string.h>
</span><span class="cx"> #include <unistd.h>
</span><span class="lines">@@ -1721,7 +1706,7 @@
</span><span class="cx">
</span><span class="cx"> #include "xmalloc.h"
</span><span class="cx"> #include "ssh.h"
</span><del>-@@ -72,9 +75,11 @@
</del><ins>+@@ -71,10 +71,12 @@
</ins><span class="cx"> #include "buffer.h"
</span><span class="cx"> #include "key.h"
</span><span class="cx"> #include "authfd.h"
</span><span class="lines">@@ -1729,11 +1714,12 @@
</span><span class="cx"> #include "compat.h"
</span><span class="cx"> #include "log.h"
</span><span class="cx"> #include "misc.h"
</span><ins>+ #include "digest.h"
</ins><span class="cx"> +#include "keychain.h"
</span><span class="cx">
</span><span class="cx"> #ifdef ENABLE_PKCS11
</span><span class="cx"> #include "ssh-pkcs11.h"
</span><del>-@@ -682,6 +687,61 @@ process_remove_smartcard_key(SocketEntry
</del><ins>+@@ -684,6 +689,61 @@ process_remove_smartcard_key(SocketEntry
</ins><span class="cx"> }
</span><span class="cx"> #endif /* ENABLE_PKCS11 */
</span><span class="cx">
</span><span class="lines">@@ -1795,7 +1781,7 @@
</span><span class="cx"> /* dispatch incoming messages */
</span><span class="cx">
</span><span class="cx"> static void
</span><del>-@@ -774,6 +834,9 @@ process_message(SocketEntry *e)
</del><ins>+@@ -776,6 +836,9 @@ process_message(SocketEntry *e)
</ins><span class="cx"> process_remove_smartcard_key(e);
</span><span class="cx"> break;
</span><span class="cx"> #endif /* ENABLE_PKCS11 */
</span><span class="lines">@@ -1805,7 +1791,7 @@
</span><span class="cx"> default:
</span><span class="cx"> /* Unknown message. Respond with failure. */
</span><span class="cx"> error("Unknown message %d", type);
</span><del>-@@ -1014,7 +1077,11 @@ usage(void)
</del><ins>+@@ -1016,7 +1079,11 @@ usage(void)
</ins><span class="cx"> int
</span><span class="cx"> main(int ac, char **av)
</span><span class="cx"> {
</span><span class="lines">@@ -1817,7 +1803,7 @@
</span><span class="cx"> int sock, fd, ch, result, saved_errno;
</span><span class="cx"> u_int nalloc;
</span><span class="cx"> char *shell, *format, *pidstr, *agentsocket = NULL;
</span><del>-@@ -1048,7 +1115,11 @@ main(int ac, char **av)
</del><ins>+@@ -1050,7 +1117,11 @@ main(int ac, char **av)
</ins><span class="cx"> __progname = ssh_get_progname(av[0]);
</span><span class="cx"> seed_rng();
</span><span class="cx">
</span><span class="lines">@@ -1829,7 +1815,7 @@
</span><span class="cx"> switch (ch) {
</span><span class="cx"> case 'c':
</span><span class="cx"> if (s_flag)
</span><del>-@@ -1058,6 +1129,11 @@ main(int ac, char **av)
</del><ins>+@@ -1060,6 +1131,11 @@ main(int ac, char **av)
</ins><span class="cx"> case 'k':
</span><span class="cx"> k_flag++;
</span><span class="cx"> break;
</span><span class="lines">@@ -1841,7 +1827,7 @@
</span><span class="cx"> case 's':
</span><span class="cx"> if (c_flag)
</span><span class="cx"> usage();
</span><del>-@@ -1084,7 +1160,11 @@ main(int ac, char **av)
</del><ins>+@@ -1086,7 +1162,11 @@ main(int ac, char **av)
</ins><span class="cx"> ac -= optind;
</span><span class="cx"> av += optind;
</span><span class="cx">
</span><span class="lines">@@ -1853,7 +1839,7 @@
</span><span class="cx"> usage();
</span><span class="cx">
</span><span class="cx"> if (ac == 0 && !c_flag && !s_flag) {
</span><del>-@@ -1140,6 +1220,53 @@ main(int ac, char **av)
</del><ins>+@@ -1142,6 +1222,53 @@ main(int ac, char **av)
</ins><span class="cx"> * Create socket early so it will exist before command gets run from
</span><span class="cx"> * the parent.
</span><span class="cx"> */
</span><span class="lines">@@ -1907,7 +1893,7 @@
</span><span class="cx"> sock = socket(AF_UNIX, SOCK_STREAM, 0);
</span><span class="cx"> if (sock < 0) {
</span><span class="cx"> perror("socket");
</span><del>-@@ -1161,6 +1288,14 @@ main(int ac, char **av)
</del><ins>+@@ -1163,6 +1290,14 @@ main(int ac, char **av)
</ins><span class="cx"> perror("listen");
</span><span class="cx"> cleanup_exit(1);
</span><span class="cx"> }
</span><span class="lines">@@ -1922,7 +1908,7 @@
</span><span class="cx">
</span><span class="cx"> /*
</span><span class="cx"> * Fork, and have the parent execute the command, if any, or present
</span><del>-@@ -1233,6 +1368,7 @@ skip:
</del><ins>+@@ -1235,6 +1370,7 @@ skip:
</ins><span class="cx"> pkcs11_init(0);
</span><span class="cx"> #endif
</span><span class="cx"> new_socket(AUTH_SOCKET, sock);
</span><span class="lines">@@ -1930,7 +1916,7 @@
</span><span class="cx"> if (ac > 0)
</span><span class="cx"> parent_alive_interval = 10;
</span><span class="cx"> idtab_init();
</span><del>-@@ -1242,6 +1378,10 @@ skip:
</del><ins>+@@ -1244,6 +1380,10 @@ skip:
</ins><span class="cx"> signal(SIGTERM, cleanup_handler);
</span><span class="cx"> nalloc = 0;
</span><span class="cx">
</span><span class="lines">@@ -1941,7 +1927,6 @@
</span><span class="cx"> while (1) {
</span><span class="cx"> prepare_select(&readsetp, &writesetp, &max_fd, &nalloc, &tvp);
</span><span class="cx"> result = select(max_fd + 1, readsetp, writesetp, NULL, tvp);
</span><del>-Only in openssh-6.5p1.patched: ssh-agent.c.orig
</del><span class="cx"> diff -urp openssh-6.5p1/ssh-keysign.8 openssh-6.5p1.patched/ssh-keysign.8
</span><span class="cx"> --- openssh-6.5p1/ssh-keysign.8 2013-12-17 22:46:28.000000000 -0800
</span><span class="cx"> +++ openssh-6.5p1.patched/ssh-keysign.8 2014-02-15 16:25:56.000000000 -0800
</span><span class="lines">@@ -1955,19 +1940,18 @@
</span><span class="cx"> .Pp
</span><span class="cx"> .It Pa /etc/ssh/ssh_host_dsa_key-cert.pub
</span><span class="cx"> .It Pa /etc/ssh/ssh_host_ecdsa_key-cert.pub
</span><del>-Only in openssh-6.5p1.patched: ssh-keysign.8.orig
</del><span class="cx"> diff -urp openssh-6.5p1/sshconnect1.c openssh-6.5p1.patched/sshconnect1.c
</span><span class="cx"> --- openssh-6.5p1/sshconnect1.c 2013-10-25 16:05:47.000000000 -0700
</span><span class="cx"> +++ openssh-6.5p1.patched/sshconnect1.c 2014-02-15 16:25:56.000000000 -0800
</span><span class="cx"> @@ -47,6 +47,7 @@
</span><del>- #include "canohost.h"
</del><span class="cx"> #include "hostfile.h"
</span><span class="cx"> #include "auth.h"
</span><ins>+ #include "digest.h"
</ins><span class="cx"> +#include "keychain.h"
</span><span class="cx">
</span><span class="cx"> /* Session id for the current session. */
</span><span class="cx"> u_char session_id[16];
</span><del>-@@ -260,6 +261,10 @@ try_rsa_authentication(int idx)
</del><ins>+@@ -262,6 +263,10 @@ try_rsa_authentication(int idx)
</ins><span class="cx"> snprintf(buf, sizeof(buf),
</span><span class="cx"> "Enter passphrase for RSA key '%.100s': ", comment);
</span><span class="cx"> for (i = 0; i < options.number_of_password_prompts; i++) {
</span><span class="lines">@@ -1981,15 +1965,15 @@
</span><span class="cx"> diff -urp openssh-6.5p1/sshconnect2.c openssh-6.5p1.patched/sshconnect2.c
</span><span class="cx"> --- openssh-6.5p1/sshconnect2.c 2014-01-09 15:58:53.000000000 -0800
</span><span class="cx"> +++ openssh-6.5p1.patched/sshconnect2.c 2014-02-15 16:25:56.000000000 -0800
</span><del>-@@ -72,6 +72,7 @@
</del><ins>+@@ -70,6 +70,7 @@
+ #include "pathnames.h"
+ #include "uidswap.h"
</ins><span class="cx"> #include "hostfile.h"
</span><del>- #include "schnorr.h"
- #include "jpake.h"
</del><span class="cx"> +#include "keychain.h"
</span><span class="cx">
</span><span class="cx"> #ifdef GSSAPI
</span><span class="cx"> #include "ssh-gss.h"
</span><del>-@@ -1335,6 +1336,10 @@ load_identity_file(char *filename, int u
</del><ins>+@@ -1117,6 +1118,10 @@ load_identity_file(char *filename, int u
</ins><span class="cx"> snprintf(prompt, sizeof prompt,
</span><span class="cx"> "Enter passphrase for key '%.100s': ", filename);
</span><span class="cx"> for (i = 0; i < options.number_of_password_prompts; i++) {
</span><span class="lines">@@ -2000,7 +1984,6 @@
</span><span class="cx"> passphrase = read_passphrase(prompt, 0);
</span><span class="cx"> if (strcmp(passphrase, "") != 0) {
</span><span class="cx"> private = key_load_private_type(KEY_UNSPEC,
</span><del>-Only in openssh-6.5p1.patched: sshconnect2.c.orig
</del><span class="cx"> diff -urp openssh-6.5p1/sshd.0 openssh-6.5p1.patched/sshd.0
</span><span class="cx"> --- openssh-6.5p1/sshd.0 2014-01-29 17:52:47.000000000 -0800
</span><span class="cx"> +++ openssh-6.5p1.patched/sshd.0 2014-02-15 16:25:56.000000000 -0800
</span><span class="lines">@@ -2015,7 +1998,6 @@
</span><span class="cx">
</span><span class="cx"> AUTHORS
</span><span class="cx"> OpenSSH is a derivative of the original and free ssh 1.2.12 release by
</span><del>-Only in openssh-6.5p1.patched: sshd.0.orig
</del><span class="cx"> diff -urp openssh-6.5p1/sshd.8 openssh-6.5p1.patched/sshd.8
</span><span class="cx"> --- openssh-6.5p1/sshd.8 2013-12-17 22:46:28.000000000 -0800
</span><span class="cx"> +++ openssh-6.5p1.patched/sshd.8 2014-02-15 16:25:56.000000000 -0800
</span><span class="lines">@@ -2030,11 +2012,10 @@
</span><span class="cx"> .Xr sftp-server 8
</span><span class="cx"> .Sh AUTHORS
</span><span class="cx"> OpenSSH is a derivative of the original and free
</span><del>-Only in openssh-6.5p1.patched: sshd.8.orig
</del><span class="cx"> diff -urp openssh-6.5p1/sshd.c openssh-6.5p1.patched/sshd.c
</span><span class="cx"> --- openssh-6.5p1/sshd.c 2014-01-27 20:08:13.000000000 -0800
</span><span class="cx"> +++ openssh-6.5p1.patched/sshd.c 2014-02-15 16:25:56.000000000 -0800
</span><del>-@@ -2124,6 +2124,12 @@ main(int ac, char **av)
</del><ins>+@@ -2138,6 +2138,12 @@ main(int ac, char **av)
</ins><span class="cx"> audit_event(SSH_AUTH_SUCCESS);
</span><span class="cx"> #endif
</span><span class="cx">
</span><span class="lines">@@ -2047,7 +2028,7 @@
</span><span class="cx"> #ifdef GSSAPI
</span><span class="cx"> if (options.gss_authentication) {
</span><span class="cx"> temporarily_use_uid(authctxt->pw);
</span><del>-@@ -2131,12 +2137,6 @@ main(int ac, char **av)
</del><ins>+@@ -2145,12 +2151,6 @@ main(int ac, char **av)
</ins><span class="cx"> restore_uid();
</span><span class="cx"> }
</span><span class="cx"> #endif
</span><span class="lines">@@ -2060,7 +2041,6 @@
</span><span class="cx">
</span><span class="cx"> /*
</span><span class="cx"> * In privilege separation, we fork another child and prepare
</span><del>-Only in openssh-6.5p1.patched: sshd.c.orig
</del><span class="cx"> diff -urp openssh-6.5p1/sshd_config openssh-6.5p1.patched/sshd_config
</span><span class="cx"> --- openssh-6.5p1/sshd_config 2014-01-12 00:20:47.000000000 -0800
</span><span class="cx"> +++ openssh-6.5p1.patched/sshd_config 2014-02-15 16:25:56.000000000 -0800
</span><span class="lines">@@ -2100,7 +2080,7 @@
</span><span class="cx"> diff -urp openssh-6.5p1/sshd_config.0 openssh-6.5p1.patched/sshd_config.0
</span><span class="cx"> --- openssh-6.5p1/sshd_config.0 2014-01-29 17:52:48.000000000 -0800
</span><span class="cx"> +++ openssh-6.5p1.patched/sshd_config.0 2014-02-15 16:25:56.000000000 -0800
</span><del>-@@ -517,7 +517,7 @@ DESCRIPTION
</del><ins>+@@ -525,7 +525,7 @@ DESCRIPTION
</ins><span class="cx">
</span><span class="cx"> PasswordAuthentication
</span><span class="cx"> Specifies whether password authentication is allowed. The
</span><span class="lines">@@ -2109,7 +2089,7 @@
</span><span class="cx">
</span><span class="cx"> PermitEmptyPasswords
</span><span class="cx"> When password authentication is allowed, it specifies whether the
</span><del>-@@ -723,7 +723,7 @@ DESCRIPTION
</del><ins>+@@ -731,7 +731,7 @@ DESCRIPTION
</ins><span class="cx"> either PasswordAuthentication or ChallengeResponseAuthentication.
</span><span class="cx">
</span><span class="cx"> If UsePAM is enabled, you will not be able to run sshd(8) as a
</span><span class="lines">@@ -2118,11 +2098,10 @@
</span><span class="cx">
</span><span class="cx"> UsePrivilegeSeparation
</span><span class="cx"> Specifies whether sshd(8) separates privileges by creating an
</span><del>-Only in openssh-6.5p1.patched: sshd_config.0.orig
</del><span class="cx"> diff -urp openssh-6.5p1/sshd_config.5 openssh-6.5p1.patched/sshd_config.5
</span><span class="cx"> --- openssh-6.5p1/sshd_config.5 2013-12-17 22:47:03.000000000 -0800
</span><span class="cx"> +++ openssh-6.5p1.patched/sshd_config.5 2014-02-15 16:25:56.000000000 -0800
</span><del>-@@ -871,7 +871,7 @@ are refused if the number of unauthentic
</del><ins>+@@ -886,7 +886,7 @@ are refused if the number of unauthentic
</ins><span class="cx"> .It Cm PasswordAuthentication
</span><span class="cx"> Specifies whether password authentication is allowed.
</span><span class="cx"> The default is
</span><span class="lines">@@ -2131,7 +2110,7 @@
</span><span class="cx"> .It Cm PermitEmptyPasswords
</span><span class="cx"> When password authentication is allowed, it specifies whether the
</span><span class="cx"> server allows login to accounts with empty password strings.
</span><del>-@@ -1204,7 +1204,7 @@ is enabled, you will not be able to run
</del><ins>+@@ -1219,7 +1219,7 @@ is enabled, you will not be able to run
</ins><span class="cx"> .Xr sshd 8
</span><span class="cx"> as a non-root user.
</span><span class="cx"> The default is
</span><span class="lines">@@ -2140,5 +2119,3 @@
</span><span class="cx"> .It Cm UsePrivilegeSeparation
</span><span class="cx"> Specifies whether
</span><span class="cx"> .Xr sshd 8
</span><del>-Only in openssh-6.5p1.patched: sshd_config.5.orig
-Only in openssh-6.5p1.patched: sshd_config.orig
</del></span></pre></div>
<a id="trunkdportsnetopensshfileslaunchdpatch"></a>
<div class="modfile"><h4>Modified: trunk/dports/net/openssh/files/launchd.patch (117922 => 117923)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/dports/net/openssh/files/launchd.patch 2014-03-17 09:35:49 UTC (rev 117922)
+++ trunk/dports/net/openssh/files/launchd.patch 2014-03-17 10:26:31 UTC (rev 117923)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><del>---- a/clientloop.c 2012-07-14 14:26:09.000000000 +0300
-+++ b/clientloop.c 2012-07-14 14:30:19.000000000 +0300
</del><ins>+--- a/clientloop.c 2014-03-17 00:22:44.000000000 -0700
++++ b/clientloop.c 2014-03-17 00:29:45.000000000 -0700
</ins><span class="cx"> @@ -313,6 +313,11 @@
</span><span class="cx"> struct stat st;
</span><span class="cx"> u_int now;
</span><span class="lines">@@ -37,7 +37,7 @@
</span><span class="cx"> /*
</span><span class="cx"> * Handle FamilyLocal case where $DISPLAY does
</span><span class="cx"> * not match an authorization entry. For this we
</span><del>-@@ -409,6 +432,9 @@
</del><ins>+@@ -407,6 +430,9 @@
</ins><span class="cx"> if (!got_data) {
</span><span class="cx"> u_int32_t rnd = 0;
</span><span class="cx">
</span></span></pre></div>
<a id="trunkdportsnetopensshfilesopenssh63p1gsskexall20130920patch"></a>
<div class="modfile"><h4>Modified: trunk/dports/net/openssh/files/openssh-6.3p1-gsskex-all-20130920.patch (117922 => 117923)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/dports/net/openssh/files/openssh-6.3p1-gsskex-all-20130920.patch 2014-03-17 09:35:49 UTC (rev 117922)
+++ trunk/dports/net/openssh/files/openssh-6.3p1-gsskex-all-20130920.patch 2014-03-17 10:26:31 UTC (rev 117923)
</span><span class="lines">@@ -118,16 +118,16 @@
</span><span class="cx"> diff -Nrup openssh-6.5p1/Makefile.in openssh-6.5p1.patched/Makefile.in
</span><span class="cx"> --- openssh-6.5p1/Makefile.in 2014-01-26 22:35:04.000000000 -0800
</span><span class="cx"> +++ openssh-6.5p1.patched/Makefile.in 2014-02-15 16:51:24.000000000 -0800
</span><del>-@@ -72,6 +72,7 @@ LIBSSH_OBJS=authfd.o authfile.o bufaux.o
</del><ins>+@@ -73,6 +73,7 @@ LIBSSH_OBJS=authfd.o authfile.o bufaux.o
</ins><span class="cx"> atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
</span><span class="cx"> monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
</span><span class="cx"> kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \
</span><span class="cx"> + kexgssc.o \
</span><span class="cx"> msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \
</span><del>- jpake.o schnorr.o ssh-pkcs11.o krl.o smult_curve25519_ref.o \
</del><ins>+ ssh-pkcs11.o krl.o smult_curve25519_ref.o \
</ins><span class="cx"> kexc25519.o kexc25519c.o poly1305.o chacha.o cipher-chachapoly.o \
</span><del>-@@ -91,7 +92,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
- auth2-none.o auth2-passwd.o auth2-pubkey.o auth2-jpake.o \
</del><ins>+@@ -92,7 +93,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
+ auth2-none.o auth2-passwd.o auth2-pubkey.o \
</ins><span class="cx"> monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o kexecdhs.o \
</span><span class="cx"> kexc25519s.o auth-krb5.o \
</span><span class="cx"> - auth2-gss.o gss-serv.o gss-serv-krb5.o \
</span><span class="lines">@@ -189,7 +189,7 @@
</span><span class="cx"> --- openssh-6.5p1/auth2-gss.c 2013-06-01 14:31:18.000000000 -0700
</span><span class="cx"> +++ openssh-6.5p1.patched/auth2-gss.c 2014-02-15 16:50:46.000000000 -0800
</span><span class="cx"> @@ -1,7 +1,7 @@
</span><del>- /* $OpenBSD: auth2-gss.c,v 1.20 2013/05/17 00:13:13 djm Exp $ */
</del><ins>+ /* $OpenBSD: auth2-gss.c,v 1.21 2014/02/26 20:28:44 djm Exp $ */
</ins><span class="cx">
</span><span class="cx"> /*
</span><span class="cx"> - * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
</span><span class="lines">@@ -238,7 +238,7 @@
</span><span class="cx"> /*
</span><span class="cx"> * We only support those mechanisms that we know about (ie ones that we know
</span><span class="cx"> * how to check local user kuserok and the like)
</span><del>-@@ -240,7 +274,8 @@ input_gssapi_exchange_complete(int type,
</del><ins>+@@ -235,7 +269,8 @@ input_gssapi_exchange_complete(int type,
</ins><span class="cx">
</span><span class="cx"> packet_check_eom();
</span><span class="cx">
</span><span class="lines">@@ -248,7 +248,7 @@
</span><span class="cx">
</span><span class="cx"> authctxt->postponed = 0;
</span><span class="cx"> dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
</span><del>-@@ -275,7 +310,8 @@ input_gssapi_mic(int type, u_int32_t ple
</del><ins>+@@ -270,7 +305,8 @@ input_gssapi_mic(int type, u_int32_t ple
</ins><span class="cx"> gssbuf.length = buffer_len(&b);
</span><span class="cx">
</span><span class="cx"> if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic))))
</span><span class="lines">@@ -258,7 +258,7 @@
</span><span class="cx"> else
</span><span class="cx"> logit("GSSAPI MIC check failed");
</span><span class="cx">
</span><del>-@@ -290,6 +326,12 @@ input_gssapi_mic(int type, u_int32_t ple
</del><ins>+@@ -285,6 +321,12 @@ input_gssapi_mic(int type, u_int32_t ple
</ins><span class="cx"> userauth_finish(authctxt, authenticated, "gssapi-with-mic", NULL);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -281,15 +281,15 @@
</span><span class="cx"> +extern Authmethod method_gsskeyex;
</span><span class="cx"> extern Authmethod method_gssapi;
</span><span class="cx"> #endif
</span><del>- #ifdef JPAKE
-@@ -79,6 +80,7 @@ Authmethod *authmethods[] = {
</del><ins>+
+@@ -76,6 +77,7 @@ Authmethod *authmethods[] = {
</ins><span class="cx"> &method_none,
</span><span class="cx"> &method_pubkey,
</span><span class="cx"> #ifdef GSSAPI
</span><span class="cx"> + &method_gsskeyex,
</span><span class="cx"> &method_gssapi,
</span><span class="cx"> #endif
</span><del>- #ifdef JPAKE
</del><ins>+ &method_passwd,
</ins><span class="cx"> diff -Nrup openssh-6.5p1/clientloop.c openssh-6.5p1.patched/clientloop.c
</span><span class="cx"> --- openssh-6.5p1/clientloop.c 2013-11-20 18:57:15.000000000 -0800
</span><span class="cx"> +++ openssh-6.5p1.patched/clientloop.c 2014-02-15 16:50:46.000000000 -0800
</span><span class="lines">@@ -304,7 +304,7 @@
</span><span class="cx"> /* import options */
</span><span class="cx"> extern Options options;
</span><span class="cx">
</span><del>-@@ -1608,6 +1612,15 @@ client_loop(int have_pty, int escape_cha
</del><ins>+@@ -1634,6 +1638,15 @@ client_loop(int have_pty, int escape_cha
</ins><span class="cx"> /* Do channel operations unless rekeying in progress. */
</span><span class="cx"> if (!rekeying) {
</span><span class="cx"> channel_after_select(readset, writeset);
</span><span class="lines">@@ -830,7 +830,7 @@
</span><span class="cx"> --- openssh-6.5p1/gss-serv.c 2013-07-19 20:35:45.000000000 -0700
</span><span class="cx"> +++ openssh-6.5p1.patched/gss-serv.c 2014-02-15 16:50:46.000000000 -0800
</span><span class="cx"> @@ -1,7 +1,7 @@
</span><del>- /* $OpenBSD: gss-serv.c,v 1.24 2013/07/20 01:55:13 djm Exp $ */
</del><ins>+ /* $OpenBSD: gss-serv.c,v 1.26 2014/02/26 20:28:44 djm Exp $ */
</ins><span class="cx">
</span><span class="cx"> /*
</span><span class="cx"> - * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
</span><span class="lines">@@ -861,7 +861,7 @@
</span><span class="cx">
</span><span class="cx"> #ifdef KRB5
</span><span class="cx"> extern ssh_gssapi_mech gssapi_kerberos_mech;
</span><del>-@@ -81,25 +86,32 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx)
</del><ins>+@@ -100,25 +105,32 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx)
</ins><span class="cx"> char lname[MAXHOSTNAMELEN];
</span><span class="cx"> gss_OID_set oidset;
</span><span class="cx">
</span><span class="lines">@@ -908,7 +908,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /* Privileged */
</span><del>-@@ -114,6 +126,29 @@ ssh_gssapi_server_ctx(Gssctxt **ctx, gss
</del><ins>+@@ -133,6 +145,29 @@ ssh_gssapi_server_ctx(Gssctxt **ctx, gss
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /* Unprivileged */
</span><span class="lines">@@ -938,7 +938,7 @@
</span><span class="cx"> void
</span><span class="cx"> ssh_gssapi_supported_oids(gss_OID_set *oidset)
</span><span class="cx"> {
</span><del>-@@ -123,7 +158,9 @@ ssh_gssapi_supported_oids(gss_OID_set *o
</del><ins>+@@ -142,7 +177,9 @@ ssh_gssapi_supported_oids(gss_OID_set *o
</ins><span class="cx"> gss_OID_set supported;
</span><span class="cx">
</span><span class="cx"> gss_create_empty_oid_set(&min_status, oidset);
</span><span class="lines">@@ -949,7 +949,7 @@
</span><span class="cx">
</span><span class="cx"> while (supported_mechs[i]->name != NULL) {
</span><span class="cx"> if (GSS_ERROR(gss_test_oid_set_member(&min_status,
</span><del>-@@ -249,8 +286,48 @@ OM_uint32
</del><ins>+@@ -268,8 +305,48 @@ OM_uint32
</ins><span class="cx"> ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client)
</span><span class="cx"> {
</span><span class="cx"> int i = 0;
</span><span class="lines">@@ -999,7 +999,7 @@
</span><span class="cx">
</span><span class="cx"> client->mech = NULL;
</span><span class="cx">
</span><del>-@@ -265,6 +342,13 @@ ssh_gssapi_getclient(Gssctxt *ctx, ssh_g
</del><ins>+@@ -284,6 +361,13 @@ ssh_gssapi_getclient(Gssctxt *ctx, ssh_g
</ins><span class="cx"> if (client->mech == NULL)
</span><span class="cx"> return GSS_S_FAILURE;
</span><span class="cx">
</span><span class="lines">@@ -1013,7 +1013,7 @@
</span><span class="cx"> if ((ctx->major = gss_display_name(&ctx->minor, ctx->client,
</span><span class="cx"> &client->displayname, NULL))) {
</span><span class="cx"> ssh_gssapi_error(ctx);
</span><del>-@@ -282,6 +366,8 @@ ssh_gssapi_getclient(Gssctxt *ctx, ssh_g
</del><ins>+@@ -301,6 +385,8 @@ ssh_gssapi_getclient(Gssctxt *ctx, ssh_g
</ins><span class="cx"> return (ctx->major);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -1022,7 +1022,7 @@
</span><span class="cx"> /* We can't copy this structure, so we just move the pointer to it */
</span><span class="cx"> client->creds = ctx->client_creds;
</span><span class="cx"> ctx->client_creds = GSS_C_NO_CREDENTIAL;
</span><del>-@@ -329,7 +415,7 @@ ssh_gssapi_do_child(char ***envp, u_int
</del><ins>+@@ -348,7 +434,7 @@ ssh_gssapi_do_child(char ***envp, u_int
</ins><span class="cx">
</span><span class="cx"> /* Privileged */
</span><span class="cx"> int
</span><span class="lines">@@ -1031,7 +1031,7 @@
</span><span class="cx"> {
</span><span class="cx"> OM_uint32 lmin;
</span><span class="cx">
</span><del>-@@ -339,9 +425,11 @@ ssh_gssapi_userok(char *user)
</del><ins>+@@ -358,9 +444,11 @@ ssh_gssapi_userok(char *user)
</ins><span class="cx"> return 0;
</span><span class="cx"> }
</span><span class="cx"> if (gssapi_client.mech && gssapi_client.mech->userok)
</span><span class="lines">@@ -1045,7 +1045,7 @@
</span><span class="cx"> /* Destroy delegated credentials if userok fails */
</span><span class="cx"> gss_release_buffer(&lmin, &gssapi_client.displayname);
</span><span class="cx"> gss_release_buffer(&lmin, &gssapi_client.exportedname);
</span><del>-@@ -354,14 +442,90 @@ ssh_gssapi_userok(char *user)
</del><ins>+@@ -374,14 +462,90 @@ ssh_gssapi_userok(char *user)
</ins><span class="cx"> return (0);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -1181,7 +1181,7 @@
</span><span class="cx"> KEX_MAX
</span><span class="cx"> };
</span><span class="cx">
</span><del>-@@ -136,6 +139,12 @@ struct Kex {
</del><ins>+@@ -135,6 +138,12 @@ struct Kex {
</ins><span class="cx"> int flags;
</span><span class="cx"> int hash_alg;
</span><span class="cx"> int ec_nid;
</span><span class="lines">@@ -1194,7 +1194,7 @@
</span><span class="cx"> char *client_version_string;
</span><span class="cx"> char *server_version_string;
</span><span class="cx"> int (*verify_host_key)(Key *);
</span><del>-@@ -168,6 +177,11 @@ void kexecdh_server(Kex *);
</del><ins>+@@ -167,6 +176,11 @@ void kexecdh_server(Kex *);
</ins><span class="cx"> void kexc25519_client(Kex *);
</span><span class="cx"> void kexc25519_server(Kex *);
</span><span class="cx">
</span><span class="lines">@@ -1871,7 +1871,7 @@
</span><span class="cx"> diff -Nrup openssh-6.5p1/monitor.c openssh-6.5p1.patched/monitor.c
</span><span class="cx"> --- openssh-6.5p1/monitor.c 2013-11-06 18:32:52.000000000 -0800
</span><span class="cx"> +++ openssh-6.5p1.patched/monitor.c 2014-02-15 16:53:04.000000000 -0800
</span><del>-@@ -181,6 +181,8 @@ int mm_answer_gss_setup_ctx(int, Buffer
</del><ins>+@@ -175,6 +175,8 @@ int mm_answer_gss_setup_ctx(int, Buffer
</ins><span class="cx"> int mm_answer_gss_accept_ctx(int, Buffer *);
</span><span class="cx"> int mm_answer_gss_userok(int, Buffer *);
</span><span class="cx"> int mm_answer_gss_checkmic(int, Buffer *);
</span><span class="lines">@@ -1880,15 +1880,13 @@
</span><span class="cx"> #endif
</span><span class="cx">
</span><span class="cx"> #ifdef SSH_AUDIT_EVENTS
</span><del>-@@ -253,6 +255,7 @@ struct mon_table mon_dispatch_proto20[]
</del><ins>+@@ -247,11 +249,18 @@ struct mon_table mon_dispatch_proto20[]
</ins><span class="cx"> {MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx},
</span><span class="cx"> {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},
</span><span class="cx"> {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic},
</span><span class="cx"> + {MONITOR_REQ_GSSSIGN, MON_ONCE, mm_answer_gss_sign},
</span><span class="cx"> #endif
</span><del>- #ifdef JPAKE
- {MONITOR_REQ_JPAKE_GET_PWDATA, MON_ONCE, mm_answer_jpake_get_pwdata},
-@@ -265,6 +268,12 @@ struct mon_table mon_dispatch_proto20[]
</del><ins>+ {0, 0, NULL}
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> struct mon_table mon_dispatch_postauth20[] = {
</span><span class="lines">@@ -1901,7 +1899,7 @@
</span><span class="cx"> {MONITOR_REQ_MODULI, 0, mm_answer_moduli},
</span><span class="cx"> {MONITOR_REQ_SIGN, 0, mm_answer_sign},
</span><span class="cx"> {MONITOR_REQ_PTY, 0, mm_answer_pty},
</span><del>-@@ -373,6 +382,10 @@ monitor_child_preauth(Authctxt *_authctx
</del><ins>+@@ -360,6 +369,10 @@ monitor_child_preauth(Authctxt *_authctx
</ins><span class="cx"> /* Permit requests for moduli and signatures */
</span><span class="cx"> monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
</span><span class="cx"> monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
</span><span class="lines">@@ -1912,7 +1910,7 @@
</span><span class="cx"> } else {
</span><span class="cx"> mon_dispatch = mon_dispatch_proto15;
</span><span class="cx">
</span><del>-@@ -487,6 +500,10 @@ monitor_child_postauth(struct monitor *p
</del><ins>+@@ -465,6 +478,10 @@ monitor_child_postauth(struct monitor *p
</ins><span class="cx"> monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
</span><span class="cx"> monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
</span><span class="cx"> monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
</span><span class="lines">@@ -1923,7 +1921,7 @@
</span><span class="cx"> } else {
</span><span class="cx"> mon_dispatch = mon_dispatch_postauth15;
</span><span class="cx"> monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
</span><del>-@@ -1856,6 +1873,13 @@ mm_get_kex(Buffer *m)
</del><ins>+@@ -1834,6 +1851,13 @@ mm_get_kex(Buffer *m)
</ins><span class="cx"> kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
</span><span class="cx"> kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
</span><span class="cx"> kex->kex[KEX_C25519_SHA256] = kexc25519_server;
</span><span class="lines">@@ -1937,7 +1935,7 @@
</span><span class="cx"> kex->server = 1;
</span><span class="cx"> kex->hostkey_type = buffer_get_int(m);
</span><span class="cx"> kex->kex_type = buffer_get_int(m);
</span><del>-@@ -2063,6 +2087,9 @@ mm_answer_gss_setup_ctx(int sock, Buffer
</del><ins>+@@ -2041,6 +2065,9 @@ mm_answer_gss_setup_ctx(int sock, Buffer
</ins><span class="cx"> OM_uint32 major;
</span><span class="cx"> u_int len;
</span><span class="cx">
</span><span class="lines">@@ -1947,7 +1945,7 @@
</span><span class="cx"> goid.elements = buffer_get_string(m, &len);
</span><span class="cx"> goid.length = len;
</span><span class="cx">
</span><del>-@@ -2090,6 +2117,9 @@ mm_answer_gss_accept_ctx(int sock, Buffe
</del><ins>+@@ -2068,6 +2095,9 @@ mm_answer_gss_accept_ctx(int sock, Buffe
</ins><span class="cx"> OM_uint32 flags = 0; /* GSI needs this */
</span><span class="cx"> u_int len;
</span><span class="cx">
</span><span class="lines">@@ -1957,7 +1955,7 @@
</span><span class="cx"> in.value = buffer_get_string(m, &len);
</span><span class="cx"> in.length = len;
</span><span class="cx"> major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags);
</span><del>-@@ -2107,6 +2137,7 @@ mm_answer_gss_accept_ctx(int sock, Buffe
</del><ins>+@@ -2085,6 +2115,7 @@ mm_answer_gss_accept_ctx(int sock, Buffe
</ins><span class="cx"> monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0);
</span><span class="cx"> monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
</span><span class="cx"> monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
</span><span class="lines">@@ -1965,7 +1963,7 @@
</span><span class="cx"> }
</span><span class="cx"> return (0);
</span><span class="cx"> }
</span><del>-@@ -2118,6 +2149,9 @@ mm_answer_gss_checkmic(int sock, Buffer
</del><ins>+@@ -2096,6 +2127,9 @@ mm_answer_gss_checkmic(int sock, Buffer
</ins><span class="cx"> OM_uint32 ret;
</span><span class="cx"> u_int len;
</span><span class="cx">
</span><span class="lines">@@ -1975,7 +1973,7 @@
</span><span class="cx"> gssbuf.value = buffer_get_string(m, &len);
</span><span class="cx"> gssbuf.length = len;
</span><span class="cx"> mic.value = buffer_get_string(m, &len);
</span><del>-@@ -2144,7 +2178,11 @@ mm_answer_gss_userok(int sock, Buffer *m
</del><ins>+@@ -2122,7 +2156,11 @@ mm_answer_gss_userok(int sock, Buffer *m
</ins><span class="cx"> {
</span><span class="cx"> int authenticated;
</span><span class="cx">
</span><span class="lines">@@ -1988,7 +1986,7 @@
</span><span class="cx">
</span><span class="cx"> buffer_clear(m);
</span><span class="cx"> buffer_put_int(m, authenticated);
</span><del>-@@ -2157,6 +2195,74 @@ mm_answer_gss_userok(int sock, Buffer *m
</del><ins>+@@ -2135,5 +2173,73 @@ mm_answer_gss_userok(int sock, Buffer *m
</ins><span class="cx"> /* Monitor loop will terminate if authenticated */
</span><span class="cx"> return (authenticated);
</span><span class="cx"> }
</span><span class="lines">@@ -2062,13 +2060,12 @@
</span><span class="cx"> +
</span><span class="cx"> #endif /* GSSAPI */
</span><span class="cx">
</span><del>- #ifdef JPAKE
</del><span class="cx"> diff -Nrup openssh-6.5p1/monitor.h openssh-6.5p1.patched/monitor.h
</span><span class="cx"> --- openssh-6.5p1/monitor.h 2012-12-02 14:53:21.000000000 -0800
</span><span class="cx"> +++ openssh-6.5p1.patched/monitor.h 2014-02-15 16:50:46.000000000 -0800
</span><del>-@@ -62,6 +62,9 @@ enum monitor_reqtype {
- MONITOR_REQ_JPAKE_KEY_CONFIRM = 58, MONITOR_ANS_JPAKE_KEY_CONFIRM = 59,
- MONITOR_REQ_JPAKE_CHECK_CONFIRM = 60, MONITOR_ANS_JPAKE_CHECK_CONFIRM = 61,
</del><ins>+@@ -57,6 +57,9 @@ enum monitor_reqtype {
+ MONITOR_REQ_GSSCHECKMIC = 48, MONITOR_ANS_GSSCHECKMIC = 49,
+ MONITOR_REQ_TERM = 50,
</ins><span class="cx">
</span><span class="cx"> + MONITOR_REQ_GSSSIGN = 62, MONITOR_ANS_GSSSIGN = 63,
</span><span class="cx"> + MONITOR_REQ_GSSUPCREDS = 64, MONITOR_ANS_GSSUPCREDS = 65,
</span><span class="lines">@@ -2079,7 +2076,7 @@
</span><span class="cx"> diff -Nrup openssh-6.5p1/monitor_wrap.c openssh-6.5p1.patched/monitor_wrap.c
</span><span class="cx"> --- openssh-6.5p1/monitor_wrap.c 2013-11-06 18:35:39.000000000 -0800
</span><span class="cx"> +++ openssh-6.5p1.patched/monitor_wrap.c 2014-02-15 16:50:46.000000000 -0800
</span><del>-@@ -1273,7 +1273,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss
</del><ins>+@@ -1271,7 +1271,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> int
</span><span class="lines">@@ -2088,7 +2085,7 @@
</span><span class="cx"> {
</span><span class="cx"> Buffer m;
</span><span class="cx"> int authenticated = 0;
</span><del>-@@ -1290,6 +1290,51 @@ mm_ssh_gssapi_userok(char *user)
</del><ins>+@@ -1288,5 +1288,50 @@ mm_ssh_gssapi_userok(char *user)
</ins><span class="cx"> debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");
</span><span class="cx"> return (authenticated);
</span><span class="cx"> }
</span><span class="lines">@@ -2139,7 +2136,6 @@
</span><span class="cx"> +
</span><span class="cx"> #endif /* GSSAPI */
</span><span class="cx">
</span><del>- #ifdef JPAKE
</del><span class="cx"> diff -Nrup openssh-6.5p1/monitor_wrap.h openssh-6.5p1.patched/monitor_wrap.h
</span><span class="cx"> --- openssh-6.5p1/monitor_wrap.h 2011-06-19 21:42:23.000000000 -0700
</span><span class="cx"> +++ openssh-6.5p1.patched/monitor_wrap.h 2014-02-15 16:50:46.000000000 -0800
</span><span class="lines">@@ -2158,7 +2154,7 @@
</span><span class="cx"> diff -Nrup openssh-6.5p1/readconf.c openssh-6.5p1.patched/readconf.c
</span><span class="cx"> --- openssh-6.5p1/readconf.c 2014-01-17 05:03:57.000000000 -0800
</span><span class="cx"> +++ openssh-6.5p1.patched/readconf.c 2014-02-15 16:50:46.000000000 -0800
</span><del>-@@ -140,6 +140,8 @@ typedef enum {
</del><ins>+@@ -141,6 +141,8 @@ typedef enum {
</ins><span class="cx"> oClearAllForwardings, oNoHostAuthenticationForLocalhost,
</span><span class="cx"> oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
</span><span class="cx"> oAddressFamily, oGssAuthentication, oGssDelegateCreds,
</span><span class="lines">@@ -2167,7 +2163,7 @@
</span><span class="cx"> oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
</span><span class="cx"> oSendEnv, oControlPath, oControlMaster, oControlPersist,
</span><span class="cx"> oHashKnownHosts,
</span><del>-@@ -182,10 +184,19 @@ static struct {
</del><ins>+@@ -186,10 +188,19 @@ static struct {
</ins><span class="cx"> { "afstokenpassing", oUnsupported },
</span><span class="cx"> #if defined(GSSAPI)
</span><span class="cx"> { "gssapiauthentication", oGssAuthentication },
</span><span class="lines">@@ -2187,7 +2183,7 @@
</span><span class="cx"> #endif
</span><span class="cx"> { "fallbacktorsh", oDeprecated },
</span><span class="cx"> { "usersh", oDeprecated },
</span><del>-@@ -839,10 +850,30 @@ parse_time:
</del><ins>+@@ -847,10 +858,30 @@ parse_time:
</ins><span class="cx"> intptr = &options->gss_authentication;
</span><span class="cx"> goto parse_flag;
</span><span class="cx">
</span><span class="lines">@@ -2218,7 +2214,7 @@
</span><span class="cx"> case oBatchMode:
</span><span class="cx"> intptr = &options->batch_mode;
</span><span class="cx"> goto parse_flag;
</span><del>-@@ -1488,7 +1519,12 @@ initialize_options(Options * options)
</del><ins>+@@ -1509,7 +1540,12 @@ initialize_options(Options * options)
</ins><span class="cx"> options->pubkey_authentication = -1;
</span><span class="cx"> options->challenge_response_authentication = -1;
</span><span class="cx"> options->gss_authentication = -1;
</span><span class="lines">@@ -2231,7 +2227,7 @@
</span><span class="cx"> options->password_authentication = -1;
</span><span class="cx"> options->kbd_interactive_authentication = -1;
</span><span class="cx"> options->kbd_interactive_devices = NULL;
</span><del>-@@ -1594,8 +1630,14 @@ fill_default_options(Options * options)
</del><ins>+@@ -1631,8 +1667,14 @@ fill_default_options(Options * options)
</ins><span class="cx"> options->challenge_response_authentication = 1;
</span><span class="cx"> if (options->gss_authentication == -1)
</span><span class="cx"> options->gss_authentication = 0;
</span><span class="lines">@@ -2276,7 +2272,7 @@
</span><span class="cx"> options->password_authentication = -1;
</span><span class="cx"> options->kbd_interactive_authentication = -1;
</span><span class="cx"> options->challenge_response_authentication = -1;
</span><del>-@@ -245,8 +248,14 @@ fill_default_server_options(ServerOption
</del><ins>+@@ -244,8 +247,14 @@ fill_default_server_options(ServerOption
</ins><span class="cx"> options->kerberos_get_afs_token = 0;
</span><span class="cx"> if (options->gss_authentication == -1)
</span><span class="cx"> options->gss_authentication = 0;
</span><span class="lines">@@ -2289,9 +2285,9 @@
</span><span class="cx"> + if (options->gss_store_rekey == -1)
</span><span class="cx"> + options->gss_store_rekey = 0;
</span><span class="cx"> if (options->password_authentication == -1)
</span><del>- options->password_authentication = 1;
</del><ins>+ options->password_authentication = 0;
</ins><span class="cx"> if (options->kbd_interactive_authentication == -1)
</span><del>-@@ -343,7 +352,9 @@ typedef enum {
</del><ins>+@@ -340,7 +349,9 @@ typedef enum {
</ins><span class="cx"> sBanner, sUseDNS, sHostbasedAuthentication,
</span><span class="cx"> sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
</span><span class="cx"> sClientAliveCountMax, sAuthorizedKeysFile,
</span><span class="lines">@@ -2301,8 +2297,8 @@
</span><span class="cx"> + sAcceptEnv, sPermitTunnel,
</span><span class="cx"> sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
</span><span class="cx"> sUsePrivilegeSeparation, sAllowAgentForwarding,
</span><del>- sZeroKnowledgePasswordAuthentication, sHostCertificate,
-@@ -410,10 +421,20 @@ static struct {
</del><ins>+ sHostCertificate,
+@@ -407,10 +418,20 @@ static struct {
</ins><span class="cx"> #ifdef GSSAPI
</span><span class="cx"> { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
</span><span class="cx"> { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
</span><span class="lines">@@ -2323,7 +2319,7 @@
</span><span class="cx"> { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
</span><span class="cx"> { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
</span><span class="cx"> { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
</span><del>-@@ -1094,10 +1115,22 @@ process_server_config_line(ServerOptions
</del><ins>+@@ -1086,10 +1107,22 @@ process_server_config_line(ServerOptions
</ins><span class="cx"> intptr = &options->gss_authentication;
</span><span class="cx"> goto parse_flag;
</span><span class="cx">
</span><span class="lines">@@ -2346,7 +2342,7 @@
</span><span class="cx"> case sPasswordAuthentication:
</span><span class="cx"> intptr = &options->password_authentication;
</span><span class="cx"> goto parse_flag;
</span><del>-@@ -2008,7 +2041,10 @@ dump_config(ServerOptions *o)
</del><ins>+@@ -1995,7 +2028,10 @@ dump_config(ServerOptions *o)
</ins><span class="cx"> #endif
</span><span class="cx"> #ifdef GSSAPI
</span><span class="cx"> dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
</span><span class="lines">@@ -2355,8 +2351,8 @@
</span><span class="cx"> + dump_cfg_fmtint(sGssStrictAcceptor, o->gss_strict_acceptor);
</span><span class="cx"> + dump_cfg_fmtint(sGssStoreRekey, o->gss_store_rekey);
</span><span class="cx"> #endif
</span><del>- #ifdef JPAKE
- dump_cfg_fmtint(sZeroKnowledgePasswordAuthentication,
</del><ins>+ dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication);
+ dump_cfg_fmtint(sKbdInteractiveAuthentication,
</ins><span class="cx"> diff -Nrup openssh-6.5p1/servconf.h openssh-6.5p1.patched/servconf.h
</span><span class="cx"> --- openssh-6.5p1/servconf.h 2013-12-04 19:07:28.000000000 -0800
</span><span class="cx"> +++ openssh-6.5p1.patched/servconf.h 2014-02-15 16:50:46.000000000 -0800
</span><span class="lines">@@ -2375,7 +2371,7 @@
</span><span class="cx"> --- openssh-6.5p1/ssh-gss.h 2013-02-24 16:24:44.000000000 -0800
</span><span class="cx"> +++ openssh-6.5p1.patched/ssh-gss.h 2014-02-15 16:50:46.000000000 -0800
</span><span class="cx"> @@ -1,6 +1,6 @@
</span><del>- /* $OpenBSD: ssh-gss.h,v 1.10 2007/06/12 08:20:00 djm Exp $ */
</del><ins>+ /* $OpenBSD: ssh-gss.h,v 1.11 2014/02/26 20:28:44 djm Exp $ */
</ins><span class="cx"> /*
</span><span class="cx"> - * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
</span><span class="cx"> + * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
</span><span class="lines">@@ -2438,7 +2434,7 @@
</span><span class="cx">
</span><span class="cx"> int ssh_gssapi_check_oid(Gssctxt *, void *, size_t);
</span><span class="cx"> void ssh_gssapi_set_oid_data(Gssctxt *, void *, size_t);
</span><del>-@@ -117,16 +134,30 @@ void ssh_gssapi_build_ctx(Gssctxt **);
</del><ins>+@@ -119,16 +136,30 @@ void ssh_gssapi_build_ctx(Gssctxt **);
</ins><span class="cx"> void ssh_gssapi_delete_ctx(Gssctxt **);
</span><span class="cx"> OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t);
</span><span class="cx"> void ssh_gssapi_buildmic(Buffer *, const char *, const char *, const char *);
</span><span class="lines">@@ -2486,7 +2482,7 @@
</span><span class="cx"> diff -Nrup openssh-6.5p1/ssh_config.5 openssh-6.5p1.patched/ssh_config.5
</span><span class="cx"> --- openssh-6.5p1/ssh_config.5 2014-01-19 03:36:14.000000000 -0800
</span><span class="cx"> +++ openssh-6.5p1.patched/ssh_config.5 2014-02-15 16:50:46.000000000 -0800
</span><del>-@@ -676,11 +676,43 @@ Specifies whether user authentication ba
</del><ins>+@@ -682,11 +682,43 @@ Specifies whether user authentication ba
</ins><span class="cx"> The default is
</span><span class="cx"> .Dq no .
</span><span class="cx"> Note that this option applies to protocol version 2 only.
</span><span class="lines">@@ -2534,7 +2530,7 @@
</span><span class="cx"> diff -Nrup openssh-6.5p1/sshconnect2.c openssh-6.5p1.patched/sshconnect2.c
</span><span class="cx"> --- openssh-6.5p1/sshconnect2.c 2014-01-09 15:58:53.000000000 -0800
</span><span class="cx"> +++ openssh-6.5p1.patched/sshconnect2.c 2014-02-15 16:54:12.000000000 -0800
</span><del>-@@ -160,9 +160,34 @@ ssh_kex2(char *host, struct sockaddr *ho
</del><ins>+@@ -159,9 +159,34 @@ ssh_kex2(char *host, struct sockaddr *ho
</ins><span class="cx"> {
</span><span class="cx"> Kex *kex;
</span><span class="cx">
</span><span class="lines">@@ -2569,7 +2565,7 @@
</span><span class="cx"> if (options.ciphers == (char *)-1) {
</span><span class="cx"> logit("No valid ciphers for protocol version 2 given, using defaults.");
</span><span class="cx"> options.ciphers = NULL;
</span><del>-@@ -198,6 +223,17 @@ ssh_kex2(char *host, struct sockaddr *ho
</del><ins>+@@ -197,6 +222,17 @@ ssh_kex2(char *host, struct sockaddr *ho
</ins><span class="cx"> if (options.kex_algorithms != NULL)
</span><span class="cx"> myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
</span><span class="cx">
</span><span class="lines">@@ -2587,7 +2583,7 @@
</span><span class="cx"> if (options.rekey_limit || options.rekey_interval)
</span><span class="cx"> packet_set_rekey_limits((u_int32_t)options.rekey_limit,
</span><span class="cx"> (time_t)options.rekey_interval);
</span><del>-@@ -209,11 +245,31 @@ ssh_kex2(char *host, struct sockaddr *ho
</del><ins>+@@ -208,11 +244,31 @@ ssh_kex2(char *host, struct sockaddr *ho
</ins><span class="cx"> kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
</span><span class="cx"> kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
</span><span class="cx"> kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
</span><span class="lines">@@ -2619,7 +2615,7 @@
</span><span class="cx"> xxx_kex = kex;
</span><span class="cx">
</span><span class="cx"> dispatch_run(DISPATCH_BLOCK, &kex->done, kex);
</span><del>-@@ -309,6 +365,7 @@ void input_gssapi_token(int type, u_int3
</del><ins>+@@ -302,6 +358,7 @@ void input_gssapi_token(int type, u_int3
</ins><span class="cx"> void input_gssapi_hash(int type, u_int32_t, void *);
</span><span class="cx"> void input_gssapi_error(int, u_int32_t, void *);
</span><span class="cx"> void input_gssapi_errtok(int, u_int32_t, void *);
</span><span class="lines">@@ -2627,7 +2623,7 @@
</span><span class="cx"> #endif
</span><span class="cx">
</span><span class="cx"> void userauth(Authctxt *, char *);
</span><del>-@@ -324,6 +381,11 @@ static char *authmethods_get(void);
</del><ins>+@@ -317,6 +374,11 @@ static char *authmethods_get(void);
</ins><span class="cx">
</span><span class="cx"> Authmethod authmethods[] = {
</span><span class="cx"> #ifdef GSSAPI
</span><span class="lines">@@ -2639,7 +2635,7 @@
</span><span class="cx"> {"gssapi-with-mic",
</span><span class="cx"> userauth_gssapi,
</span><span class="cx"> NULL,
</span><del>-@@ -627,19 +689,31 @@ userauth_gssapi(Authctxt *authctxt)
</del><ins>+@@ -613,19 +675,31 @@ userauth_gssapi(Authctxt *authctxt)
</ins><span class="cx"> static u_int mech = 0;
</span><span class="cx"> OM_uint32 min;
</span><span class="cx"> int ok = 0;
</span><span class="lines">@@ -2673,7 +2669,7 @@
</span><span class="cx"> ok = 1; /* Mechanism works */
</span><span class="cx"> } else {
</span><span class="cx"> mech++;
</span><del>-@@ -736,8 +810,8 @@ input_gssapi_response(int type, u_int32_
</del><ins>+@@ -722,8 +796,8 @@ input_gssapi_response(int type, u_int32_
</ins><span class="cx"> {
</span><span class="cx"> Authctxt *authctxt = ctxt;
</span><span class="cx"> Gssctxt *gssctxt;
</span><span class="lines">@@ -2684,7 +2680,7 @@
</span><span class="cx">
</span><span class="cx"> if (authctxt == NULL)
</span><span class="cx"> fatal("input_gssapi_response: no authentication context");
</span><del>-@@ -846,6 +920,48 @@ input_gssapi_error(int type, u_int32_t p
</del><ins>+@@ -832,6 +906,48 @@ input_gssapi_error(int type, u_int32_t p
</ins><span class="cx"> free(msg);
</span><span class="cx"> free(lang);
</span><span class="cx"> }
</span><span class="lines">@@ -2747,7 +2743,7 @@
</span><span class="cx"> #ifdef LIBWRAP
</span><span class="cx"> #include <tcpd.h>
</span><span class="cx"> #include <syslog.h>
</span><del>-@@ -1721,10 +1725,13 @@ main(int ac, char **av)
</del><ins>+@@ -1735,10 +1739,13 @@ main(int ac, char **av)
</ins><span class="cx"> logit("Disabling protocol version 1. Could not load host key");
</span><span class="cx"> options.protocol &= ~SSH_PROTO_1;
</span><span class="cx"> }
</span><span class="lines">@@ -2761,7 +2757,7 @@
</span><span class="cx"> if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) {
</span><span class="cx"> logit("sshd: no hostkeys available -- exiting.");
</span><span class="cx"> exit(1);
</span><del>-@@ -2051,6 +2058,60 @@ main(int ac, char **av)
</del><ins>+@@ -2065,6 +2072,60 @@ main(int ac, char **av)
</ins><span class="cx"> remote_ip, remote_port,
</span><span class="cx"> get_local_ipaddr(sock_in), get_local_port());
</span><span class="cx">
</span><span class="lines">@@ -2822,7 +2818,7 @@
</span><span class="cx"> /*
</span><span class="cx"> * We don't want to listen forever unless the other side
</span><span class="cx"> * successfully authenticates itself. So we set up an alarm which is
</span><del>-@@ -2456,6 +2517,48 @@ do_ssh2_kex(void)
</del><ins>+@@ -2476,6 +2537,48 @@ do_ssh2_kex(void)
</ins><span class="cx"> myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
</span><span class="cx"> list_hostkey_types());
</span><span class="cx">
</span><span class="lines">@@ -2871,7 +2867,7 @@
</span><span class="cx"> /* start key exchange */
</span><span class="cx"> kex = kex_setup(myproposal);
</span><span class="cx"> kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
</span><del>-@@ -2464,6 +2567,13 @@ do_ssh2_kex(void)
</del><ins>+@@ -2484,6 +2587,13 @@ do_ssh2_kex(void)
</ins><span class="cx"> kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
</span><span class="cx"> kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
</span><span class="cx"> kex->kex[KEX_C25519_SHA256] = kexc25519_server;
</span><span class="lines">@@ -2888,7 +2884,7 @@
</span><span class="cx"> diff -Nrup openssh-6.5p1/sshd_config openssh-6.5p1.patched/sshd_config
</span><span class="cx"> --- openssh-6.5p1/sshd_config 2014-01-12 00:20:47.000000000 -0800
</span><span class="cx"> +++ openssh-6.5p1.patched/sshd_config 2014-02-15 16:50:46.000000000 -0800
</span><del>-@@ -84,6 +84,8 @@ AuthorizedKeysFile .ssh/authorized_keys
</del><ins>+@@ -85,6 +85,8 @@ AuthorizedKeysFile .ssh/authorized_keys
</ins><span class="cx"> # GSSAPI options
</span><span class="cx"> #GSSAPIAuthentication no
</span><span class="cx"> #GSSAPICleanupCredentials yes
</span></span></pre></div>
<a id="trunkdportsnetopensshfilespampatch"></a>
<div class="modfile"><h4>Modified: trunk/dports/net/openssh/files/pam.patch (117922 => 117923)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/dports/net/openssh/files/pam.patch 2014-03-17 09:35:49 UTC (rev 117922)
+++ trunk/dports/net/openssh/files/pam.patch 2014-03-17 10:26:31 UTC (rev 117923)
</span><span class="lines">@@ -1,7 +1,6 @@
</span><del>-diff -Naur ../openssh-4.4p1.orig/servconf.c ./servconf.c
---- ../openssh-4.4p1.orig/servconf.c 2006-08-18 07:23:15.000000000 -0700
-+++ ./servconf.c 2006-10-19 17:12:43.000000000 -0700
-@@ -129,7 +129,7 @@
</del><ins>+--- a/servconf.c 2014-03-17 00:22:44.000000000 -0700
++++ b/servconf.c 2014-03-17 00:31:30.000000000 -0700
+@@ -160,7 +160,7 @@
</ins><span class="cx"> {
</span><span class="cx"> /* Portable-specific options */
</span><span class="cx"> if (options->use_pam == -1)
</span></span></pre></div>
<a id="trunkdportsnetopensshfilespatchsshdcapplesandboxnamedexternaldiff"></a>
<div class="modfile"><h4>Modified: trunk/dports/net/openssh/files/patch-sshd.c-apple-sandbox-named-external.diff (117922 => 117923)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/dports/net/openssh/files/patch-sshd.c-apple-sandbox-named-external.diff 2014-03-17 09:35:49 UTC (rev 117922)
+++ trunk/dports/net/openssh/files/patch-sshd.c-apple-sandbox-named-external.diff 2014-03-17 10:26:31 UTC (rev 117923)
</span><span class="lines">@@ -1,6 +1,6 @@
</span><del>---- a/sshd.c 2014-02-11 23:55:15.000000000 +0100
-+++ b/sshd.c 2013-07-03 01:09:16.000000000 +0200
-@@ -708,11 +699,18 @@
</del><ins>+--- a/sshd.c 2014-03-17 00:22:44.000000000 -0700
++++ b/sshd.c 2014-03-17 00:32:54.000000000 -0700
+@@ -711,11 +711,18 @@
</ins><span class="cx"> set_log_handler(mm_log_handler, pmonitor);
</span><span class="cx">
</span><span class="cx"> /* Demote the child */
</span></span></pre>
</div>
</div>
</body>
</html>