<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[129548] trunk/dports/net/openssh/files/0002-Apple-keychain-integration-other-changes.patch</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="https://trac.macports.org/changeset/129548">129548</a></dd>
<dt>Author</dt> <dd>ionic@macports.org</dd>
<dt>Date</dt> <dd>2014-12-15 07:16:00 -0800 (Mon, 15 Dec 2014)</dd>
</dl>
<h3>Log Message</h3>
<pre>openssh: make patch compatible with OpenSSH 6.7p1.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkdportsnetopensshfiles0002Applekeychainintegrationotherchangespatch">trunk/dports/net/openssh/files/0002-Apple-keychain-integration-other-changes.patch</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkdportsnetopensshfiles0002Applekeychainintegrationotherchangespatch"></a>
<div class="modfile"><h4>Modified: trunk/dports/net/openssh/files/0002-Apple-keychain-integration-other-changes.patch (129547 => 129548)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/dports/net/openssh/files/0002-Apple-keychain-integration-other-changes.patch 2014-12-15 14:27:10 UTC (rev 129547)
+++ trunk/dports/net/openssh/files/0002-Apple-keychain-integration-other-changes.patch 2014-12-15 15:16:00 UTC (rev 129548)
</span><span class="lines">@@ -1,7 +1,6 @@
</span><del>-diff -urp openssh-6.5p1/Makefile.in openssh-6.5p1.patched/Makefile.in
---- openssh-6.5p1/Makefile.in 2014-01-26 22:35:04.000000000 -0800
-+++ openssh-6.5p1.patched/Makefile.in 2014-02-15 16:27:53.000000000 -0800
-@@ -58,6 +58,7 @@ SED=@SED@
</del><ins>+--- a/Makefile.in.old
++++ b/Makefile.in
+@@ -59,6 +59,7 @@
</ins><span class="cx"> ENT=@ENT@
</span><span class="cx"> XAUTH_PATH=@XAUTH_PATH@
</span><span class="cx"> LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
</span><span class="lines">@@ -9,7 +8,7 @@
</span><span class="cx"> EXEEXT=@EXEEXT@
</span><span class="cx"> MANFMT=@MANFMT@
</span><span class="cx">
</span><del>-@@ -98,6 +99,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
</del><ins>+@@ -108,6 +109,8 @@
</ins><span class="cx"> sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
</span><span class="cx"> sandbox-seccomp-filter.o sandbox-capsicum.o
</span><span class="cx">
</span><span class="lines">@@ -18,15 +17,15 @@
</span><span class="cx"> MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
</span><span class="cx"> MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
</span><span class="cx"> MANTYPE = @MANTYPE@
</span><del>-@@ -133,6 +136,7 @@ all: $(CONFIGFILES) $(MANPAGES) $(TARGET
</del><ins>+@@ -143,6 +146,7 @@
</ins><span class="cx"> $(LIBSSH_OBJS): Makefile.in config.h
</span><span class="cx"> $(SSHOBJS): Makefile.in config.h
</span><span class="cx"> $(SSHDOBJS): Makefile.in config.h
</span><span class="cx"> +$(KEYCHAINOBJS): Makefile.in config.h
</span><span class="cx">
</span><span class="cx"> .c.o:
</span><del>- $(CC) $(CFLAGS) $(CPPFLAGS) -c $<
-@@ -146,8 +150,8 @@ libssh.a: $(LIBSSH_OBJS)
</del><ins>+ $(CC) $(CFLAGS) $(CPPFLAGS) -c $< -o $@
+@@ -156,8 +160,8 @@
</ins><span class="cx"> $(AR) rv $@ $(LIBSSH_OBJS)
</span><span class="cx"> $(RANLIB) $@
</span><span class="cx">
</span><span class="lines">@@ -37,7 +36,7 @@
</span><span class="cx">
</span><span class="cx"> sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
</span><span class="cx"> $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS)
</span><del>-@@ -155,11 +159,11 @@ sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(S
</del><ins>+@@ -165,11 +169,11 @@
</ins><span class="cx"> scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
</span><span class="cx"> $(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
</span><span class="cx">
</span><span class="lines">@@ -53,7 +52,7 @@
</span><span class="cx">
</span><span class="cx"> ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o
</span><span class="cx"> $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
</span><del>-@@ -271,7 +275,7 @@ install-files:
</del><ins>+@@ -293,7 +297,7 @@
</ins><span class="cx"> $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keygen$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT)
</span><span class="cx"> $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keyscan$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT)
</span><span class="cx"> $(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT) $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
</span><span class="lines">@@ -62,10 +61,9 @@
</span><span class="cx"> $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
</span><span class="cx"> $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
</span><span class="cx"> $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
</span><del>-diff -urp openssh-6.5p1/audit-bsm.c openssh-6.5p1.patched/audit-bsm.c
---- openssh-6.5p1/audit-bsm.c 2012-02-23 15:40:43.000000000 -0800
-+++ openssh-6.5p1.patched/audit-bsm.c 2014-02-15 16:25:56.000000000 -0800
-@@ -263,7 +263,12 @@ bsm_audit_record(int typ, char *string,
</del><ins>+--- a/audit-bsm.c.old
++++ b/audit-bsm.c
+@@ -263,7 +263,12 @@
</ins><span class="cx"> pid_t pid = getpid();
</span><span class="cx"> AuditInfoTermID tid = ssh_bsm_tid;
</span><span class="cx">
</span><span class="lines">@@ -79,10 +77,9 @@
</span><span class="cx"> uid = the_authctxt->pw->pw_uid;
</span><span class="cx"> gid = the_authctxt->pw->pw_gid;
</span><span class="cx"> }
</span><del>-diff -urp openssh-6.5p1/auth-pam.c openssh-6.5p1.patched/auth-pam.c
---- openssh-6.5p1/auth-pam.c 2013-12-18 16:31:45.000000000 -0800
-+++ openssh-6.5p1.patched/auth-pam.c 2014-02-15 16:25:56.000000000 -0800
-@@ -793,10 +793,11 @@ sshpam_query(void *ctx, char **name, cha
</del><ins>+--- a/auth-pam.c.old
++++ b/auth-pam.c
+@@ -793,10 +793,11 @@
</ins><span class="cx"> free(msg);
</span><span class="cx"> return (0);
</span><span class="cx"> }
</span><span class="lines">@@ -96,10 +93,9 @@
</span><span class="cx"> /* FALLTHROUGH */
</span><span class="cx"> default:
</span><span class="cx"> *num = 0;
</span><del>-diff -urp openssh-6.5p1/auth.c openssh-6.5p1.patched/auth.c
---- openssh-6.5p1/auth.c 2013-06-01 14:41:51.000000000 -0700
-+++ openssh-6.5p1.patched/auth.c 2014-02-15 16:25:56.000000000 -0800
-@@ -211,7 +211,7 @@ allowed_user(struct passwd * pw)
</del><ins>+--- a/auth.c.old
++++ b/auth.c
+@@ -211,7 +211,7 @@
</ins><span class="cx"> }
</span><span class="cx"> if (options.num_deny_groups > 0 || options.num_allow_groups > 0) {
</span><span class="cx"> /* Get the user's group access list (primary and supplementary) */
</span><span class="lines">@@ -108,10 +104,9 @@
</span><span class="cx"> logit("User %.100s from %.100s not allowed because "
</span><span class="cx"> "not in any group", pw->pw_name, hostname);
</span><span class="cx"> return 0;
</span><del>-diff -urp openssh-6.5p1/authfd.c openssh-6.5p1.patched/authfd.c
---- openssh-6.5p1/authfd.c 2013-12-28 22:49:56.000000000 -0800
-+++ openssh-6.5p1.patched/authfd.c 2014-02-15 16:25:56.000000000 -0800
-@@ -638,6 +638,29 @@ ssh_remove_all_identities(Authentication
</del><ins>+--- a/authfd.c.old
++++ b/authfd.c
+@@ -650,6 +650,29 @@
</ins><span class="cx"> return decode_reply(type);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -141,9 +136,8 @@
</span><span class="cx"> int
</span><span class="cx"> decode_reply(int type)
</span><span class="cx"> {
</span><del>-diff -urp openssh-6.5p1/authfd.h openssh-6.5p1.patched/authfd.h
---- openssh-6.5p1/authfd.h 2009-10-06 14:47:02.000000000 -0700
-+++ openssh-6.5p1.patched/authfd.h 2014-02-15 16:25:56.000000000 -0800
</del><ins>+--- a/authfd.h.old
++++ b/authfd.h
</ins><span class="cx"> @@ -49,6 +49,9 @@
</span><span class="cx"> #define SSH2_AGENTC_ADD_ID_CONSTRAINED 25
</span><span class="cx"> #define SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED 26
</span><span class="lines">@@ -154,9 +148,8 @@
</span><span class="cx"> #define SSH_AGENT_CONSTRAIN_LIFETIME 1
</span><span class="cx"> #define SSH_AGENT_CONSTRAIN_CONFIRM 2
</span><span class="cx">
</span><del>-diff -urp openssh-6.5p1/config.h.in openssh-6.5p1.patched/config.h.in
---- openssh-6.5p1/config.h.in 2014-01-29 17:52:44.000000000 -0800
-+++ openssh-6.5p1.patched/config.h.in 2014-02-15 16:28:51.000000000 -0800
</del><ins>+--- a/config.h.in.old
++++ b/config.h.in
</ins><span class="cx"> @@ -81,6 +81,18 @@
</span><span class="cx"> /* FreeBSD strnvis argument order is swapped compared to OpenBSD */
</span><span class="cx"> #undef BROKEN_STRNVIS
</span><span class="lines">@@ -176,10 +169,9 @@
</span><span class="cx"> /* tcgetattr with ICANON may hang */
</span><span class="cx"> #undef BROKEN_TCGETATTR_ICANON
</span><span class="cx">
</span><del>-diff -urp openssh-6.5p1/configure.ac openssh-6.5p1.patched/configure.ac
---- openssh-6.5p1/configure.ac 2014-01-29 16:26:46.000000000 -0800
-+++ openssh-6.5p1.patched/configure.ac 2014-02-15 16:25:56.000000000 -0800
-@@ -4781,10 +4781,40 @@ AC_CHECK_MEMBER([struct utmp.ut_line], [
</del><ins>+--- a/configure.ac.old
++++ b/configure.ac
+@@ -4766,10 +4766,40 @@
</ins><span class="cx"> #endif
</span><span class="cx"> ])
</span><span class="cx">
</span><span class="lines">@@ -220,9 +212,8 @@
</span><span class="cx"> if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
</span><span class="cx"> TEST_SSH_IPV6=no
</span><span class="cx"> else
</span><del>-diff -urp openssh-6.5p1/groupaccess.c openssh-6.5p1.patched/groupaccess.c
---- openssh-6.5p1/groupaccess.c 2013-06-01 15:07:32.000000000 -0700
-+++ openssh-6.5p1.patched/groupaccess.c 2014-02-15 16:25:56.000000000 -0800
</del><ins>+--- a/groupaccess.c.old
++++ b/groupaccess.c
</ins><span class="cx"> @@ -34,38 +34,67 @@
</span><span class="cx"> #include <stdlib.h>
</span><span class="cx"> #include <string.h>
</span><span class="lines">@@ -298,7 +289,7 @@
</span><span class="cx"> for (i = 0, j = 0; i < ngroups; i++)
</span><span class="cx"> if ((gr = getgrgid(groups_bygid[i])) != NULL)
</span><span class="cx"> groups_byname[j++] = xstrdup(gr->gr_name);
</span><del>-@@ -76,16 +105,32 @@ ga_init(const char *user, gid_t base)
</del><ins>+@@ -76,16 +105,32 @@
</ins><span class="cx"> /*
</span><span class="cx"> * Return 1 if one of user's groups is contained in groups.
</span><span class="cx"> * Return 0 otherwise. Use match_pattern() for string comparison.
</span><span class="lines">@@ -331,9 +322,8 @@
</span><span class="cx"> return 0;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-diff -urp openssh-6.5p1/groupaccess.h openssh-6.5p1.patched/groupaccess.h
---- openssh-6.5p1/groupaccess.h 2008-07-03 20:51:12.000000000 -0700
-+++ openssh-6.5p1.patched/groupaccess.h 2014-02-15 16:25:56.000000000 -0800
</del><ins>+--- a/groupaccess.h.old
++++ b/groupaccess.h
</ins><span class="cx"> @@ -27,7 +27,7 @@
</span><span class="cx"> #ifndef GROUPACCESS_H
</span><span class="cx"> #define GROUPACCESS_H
</span><span class="lines">@@ -343,9 +333,7 @@
</span><span class="cx"> int ga_match(char * const *, int);
</span><span class="cx"> int ga_match_pattern_list(const char *);
</span><span class="cx"> void ga_free(void);
</span><del>-diff --git a/keychain.c b/keychain.c
-new file mode 100644
---- /dev/null
</del><ins>+--- a/keychain.c.old 1970-01-01 01:00:00.000000000 +0100
</ins><span class="cx"> +++ b/keychain.c
</span><span class="cx"> @@ -0,0 +1,694 @@
</span><span class="cx"> +/*
</span><span class="lines">@@ -1042,9 +1030,7 @@
</span><span class="cx"> +#endif
</span><span class="cx"> +
</span><span class="cx"> +}
</span><del>-diff --git a/keychain.h b/keychain.h
-new file mode 100644
---- /dev/null
</del><ins>+--- a/keychain.h.old 1970-01-01 01:00:00.000000000 +0100
</ins><span class="cx"> +++ b/keychain.h
</span><span class="cx"> @@ -0,0 +1,45 @@
</span><span class="cx"> +/*
</span><span class="lines">@@ -1092,22 +1078,21 @@
</span><span class="cx"> +int add_identities_using_keychain(
</span><span class="cx"> + int (*add_identity)(const char *, const char *));
</span><span class="cx"> +char *keychain_read_passphrase(const char *filename, int oAskPassGUI);
</span><del>-diff -urp openssh-6.5p1/readconf.c openssh-6.5p1.patched/readconf.c
---- openssh-6.5p1/readconf.c 2014-01-17 05:03:57.000000000 -0800
-+++ openssh-6.5p1.patched/readconf.c 2014-02-15 16:30:49.000000000 -0800
-@@ -149,6 +149,9 @@ typedef enum {
</del><ins>+--- a/readconf.c.old
++++ b/readconf.c
+@@ -150,6 +150,9 @@
</ins><span class="cx"> oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
</span><span class="cx"> oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots,
</span><span class="cx"> oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs,
</span><span class="cx"> +#ifdef __APPLE_KEYCHAIN__
</span><span class="cx"> + oAskPassGUI,
</span><span class="cx"> +#endif
</span><ins>+ oStreamLocalBindMask, oStreamLocalBindUnlink,
</ins><span class="cx"> oIgnoredUnknownOption, oDeprecated, oUnsupported
</span><span class="cx"> } OpCodes;
</span><del>-
-@@ -262,6 +265,9 @@ static struct {
- { "canonicalizemaxdots", oCanonicalizeMaxDots },
- { "canonicalizepermittedcnames", oCanonicalizePermittedCNAMEs },
</del><ins>+@@ -266,6 +269,9 @@
+ { "streamlocalbindmask", oStreamLocalBindMask },
+ { "streamlocalbindunlink", oStreamLocalBindUnlink },
</ins><span class="cx"> { "ignoreunknown", oIgnoreUnknown },
</span><span class="cx"> +#ifdef __APPLE_KEYCHAIN__
</span><span class="cx"> + { "askpassgui", oAskPassGUI },
</span><span class="lines">@@ -1115,7 +1100,7 @@
</span><span class="cx">
</span><span class="cx"> { NULL, oBadOption }
</span><span class="cx"> };
</span><del>-@@ -1334,6 +1340,12 @@ parse_int:
</del><ins>+@@ -1358,6 +1364,12 @@
</ins><span class="cx"> charptr = &options->ignored_unknown;
</span><span class="cx"> goto parse_string;
</span><span class="cx">
</span><span class="lines">@@ -1128,7 +1113,7 @@
</span><span class="cx"> case oProxyUseFdpass:
</span><span class="cx"> intptr = &options->proxy_use_fdpass;
</span><span class="cx"> goto parse_flag;
</span><del>-@@ -1563,6 +1575,9 @@ initialize_options(Options * options)
</del><ins>+@@ -1604,6 +1616,9 @@
</ins><span class="cx"> options->request_tty = -1;
</span><span class="cx"> options->proxy_use_fdpass = -1;
</span><span class="cx"> options->ignored_unknown = NULL;
</span><span class="lines">@@ -1138,7 +1123,7 @@
</span><span class="cx"> options->num_canonical_domains = 0;
</span><span class="cx"> options->num_permitted_cnames = 0;
</span><span class="cx"> options->canonicalize_max_dots = -1;
</span><del>-@@ -1733,6 +1748,10 @@ fill_default_options(Options * options)
</del><ins>+@@ -1778,6 +1793,10 @@
</ins><span class="cx"> options->ip_qos_bulk = IPTOS_THROUGHPUT;
</span><span class="cx"> if (options->request_tty == -1)
</span><span class="cx"> options->request_tty = REQUEST_TTY_AUTO;
</span><span class="lines">@@ -1149,10 +1134,9 @@
</span><span class="cx"> if (options->proxy_use_fdpass == -1)
</span><span class="cx"> options->proxy_use_fdpass = 0;
</span><span class="cx"> if (options->canonicalize_max_dots == -1)
</span><del>-diff -urp openssh-6.5p1/readconf.h openssh-6.5p1.patched/readconf.h
---- openssh-6.5p1/readconf.h 2013-10-16 17:48:14.000000000 -0700
-+++ openssh-6.5p1.patched/readconf.h 2014-02-15 16:31:29.000000000 -0800
-@@ -154,6 +154,10 @@ typedef struct {
</del><ins>+--- a/readconf.h.old
++++ b/readconf.h
+@@ -145,6 +145,10 @@
</ins><span class="cx"> struct allowed_cname permitted_cnames[MAX_CANON_DOMAINS];
</span><span class="cx">
</span><span class="cx"> char *ignored_unknown; /* Pattern list of unknown tokens to ignore */
</span><span class="lines">@@ -1163,9 +1147,8 @@
</span><span class="cx"> } Options;
</span><span class="cx">
</span><span class="cx"> #define SSH_CANONICALISE_NO 0
</span><del>-diff -urp openssh-6.5p1/scp.1 openssh-6.5p1.patched/scp.1
---- openssh-6.5p1/scp.1 2013-10-22 22:30:00.000000000 -0700
-+++ openssh-6.5p1.patched/scp.1 2014-02-15 16:25:56.000000000 -0800
</del><ins>+--- a/scp.1.old
++++ b/scp.1
</ins><span class="cx"> @@ -19,7 +19,7 @@
</span><span class="cx"> .Sh SYNOPSIS
</span><span class="cx"> .Nm scp
</span><span class="lines">@@ -1175,7 +1158,7 @@
</span><span class="cx"> .Op Fl c Ar cipher
</span><span class="cx"> .Op Fl F Ar ssh_config
</span><span class="cx"> .Op Fl i Ar identity_file
</span><del>-@@ -97,6 +97,8 @@ Passes the
</del><ins>+@@ -95,6 +95,8 @@
</ins><span class="cx"> flag to
</span><span class="cx"> .Xr ssh 1
</span><span class="cx"> to enable compression.
</span><span class="lines">@@ -1184,9 +1167,8 @@
</span><span class="cx"> .It Fl c Ar cipher
</span><span class="cx"> Selects the cipher to use for encrypting the data transfer.
</span><span class="cx"> This option is directly passed to
</span><del>-diff -urp openssh-6.5p1/scp.c openssh-6.5p1.patched/scp.c
---- openssh-6.5p1/scp.c 2013-11-20 18:56:49.000000000 -0800
-+++ openssh-6.5p1.patched/scp.c 2014-02-15 16:25:56.000000000 -0800
</del><ins>+--- a/scp.c.old
++++ b/scp.c
</ins><span class="cx"> @@ -78,6 +78,9 @@
</span><span class="cx"> #ifdef HAVE_SYS_STAT_H
</span><span class="cx"> # include <sys/stat.h>
</span><span class="lines">@@ -1209,7 +1191,7 @@
</span><span class="cx"> extern char *__progname;
</span><span class="cx">
</span><span class="cx"> #define COPY_BUFLEN 16384
</span><del>-@@ -150,6 +158,12 @@ char *ssh_program = _PATH_SSH_PROGRAM;
</del><ins>+@@ -150,6 +158,12 @@
</ins><span class="cx"> /* This is used to store the pid of ssh_program */
</span><span class="cx"> pid_t do_cmd_pid = -1;
</span><span class="cx">
</span><span class="lines">@@ -1222,7 +1204,7 @@
</span><span class="cx"> static void
</span><span class="cx"> killchild(int signo)
</span><span class="cx"> {
</span><del>-@@ -395,7 +409,11 @@ main(int argc, char **argv)
</del><ins>+@@ -395,7 +409,11 @@
</ins><span class="cx"> addargs(&args, "-oClearAllForwardings=yes");
</span><span class="cx">
</span><span class="cx"> fflag = tflag = 0;
</span><span class="lines">@@ -1234,7 +1216,7 @@
</span><span class="cx"> switch (ch) {
</span><span class="cx"> /* User-visible flags. */
</span><span class="cx"> case '1':
</span><del>-@@ -456,6 +474,11 @@ main(int argc, char **argv)
</del><ins>+@@ -456,6 +474,11 @@
</ins><span class="cx"> showprogress = 0;
</span><span class="cx"> break;
</span><span class="cx">
</span><span class="lines">@@ -1246,7 +1228,7 @@
</span><span class="cx"> /* Server options. */
</span><span class="cx"> case 'd':
</span><span class="cx"> targetshouldbedirectory = 1;
</span><del>-@@ -505,7 +528,12 @@ main(int argc, char **argv)
</del><ins>+@@ -505,7 +528,12 @@
</ins><span class="cx"> remin = remout = -1;
</span><span class="cx"> do_cmd_pid = -1;
</span><span class="cx"> /* Command to be executed on remote system using "ssh". */
</span><span class="lines">@@ -1259,7 +1241,7 @@
</span><span class="cx"> verbose_mode ? " -v" : "",
</span><span class="cx"> iamrecursive ? " -r" : "", pflag ? " -p" : "",
</span><span class="cx"> targetshouldbedirectory ? " -d" : "");
</span><del>-@@ -751,6 +779,10 @@ source(int argc, char **argv)
</del><ins>+@@ -751,6 +779,10 @@
</ins><span class="cx"> int fd = -1, haderr, indx;
</span><span class="cx"> char *last, *name, buf[2048], encname[MAXPATHLEN];
</span><span class="cx"> int len;
</span><span class="lines">@@ -1270,7 +1252,7 @@
</span><span class="cx">
</span><span class="cx"> for (indx = 0; indx < argc; ++indx) {
</span><span class="cx"> name = argv[indx];
</span><del>-@@ -758,12 +790,26 @@ source(int argc, char **argv)
</del><ins>+@@ -758,12 +790,26 @@
</ins><span class="cx"> len = strlen(name);
</span><span class="cx"> while (len > 1 && name[len-1] == '/')
</span><span class="cx"> name[--len] = '\0';
</span><span class="lines">@@ -1297,7 +1279,7 @@
</span><span class="cx"> if (fstat(fd, &stb) < 0) {
</span><span class="cx"> syserr: run_err("%s: %s", name, strerror(errno));
</span><span class="cx"> goto next;
</span><del>-@@ -846,6 +892,36 @@ next: if (fd != -1) {
</del><ins>+@@ -850,6 +896,36 @@
</ins><span class="cx"> else
</span><span class="cx"> run_err("%s: %s", name, strerror(haderr));
</span><span class="cx"> (void) response();
</span><span class="lines">@@ -1334,7 +1316,7 @@
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><del>-@@ -937,6 +1013,10 @@ sink(int argc, char **argv)
</del><ins>+@@ -941,6 +1017,10 @@
</ins><span class="cx"> if (stat(targ, &stb) == 0 && S_ISDIR(stb.st_mode))
</span><span class="cx"> targisdir = 1;
</span><span class="cx"> for (first = 1;; first = 0) {
</span><span class="lines">@@ -1345,7 +1327,7 @@
</span><span class="cx"> cp = buf;
</span><span class="cx"> if (atomicio(read, remin, cp, 1) != 1)
</span><span class="cx"> return;
</span><del>-@@ -1082,10 +1162,51 @@ sink(int argc, char **argv)
</del><ins>+@@ -1086,10 +1166,51 @@
</ins><span class="cx"> }
</span><span class="cx"> omode = mode;
</span><span class="cx"> mode |= S_IWUSR;
</span><span class="lines">@@ -1397,7 +1379,7 @@
</span><span class="cx"> (void) atomicio(vwrite, remout, "", 1);
</span><span class="cx"> if ((bp = allocbuf(&buffer, ofd, COPY_BUFLEN)) == NULL) {
</span><span class="cx"> (void) close(ofd);
</span><del>-@@ -1170,6 +1291,29 @@ bad: run_err("%s: %s", np, strerror(er
</del><ins>+@@ -1174,6 +1295,29 @@
</ins><span class="cx"> wrerrno = errno;
</span><span class="cx"> }
</span><span class="cx"> (void) response();
</span><span class="lines">@@ -1427,7 +1409,7 @@
</span><span class="cx"> if (setimes && wrerr == NO) {
</span><span class="cx"> setimes = 0;
</span><span class="cx"> if (utimes(np, tv) < 0) {
</span><del>-@@ -1231,7 +1375,11 @@ void
</del><ins>+@@ -1235,7 +1379,11 @@
</ins><span class="cx"> usage(void)
</span><span class="cx"> {
</span><span class="cx"> (void) fprintf(stderr,
</span><span class="lines">@@ -1439,10 +1421,9 @@
</span><span class="cx"> " [-l limit] [-o ssh_option] [-P port] [-S program]\n"
</span><span class="cx"> " [[user@]host1:]file1 ... [[user@]host2:]file2\n");
</span><span class="cx"> exit(1);
</span><del>-diff -urp openssh-6.5p1/servconf.c openssh-6.5p1.patched/servconf.c
---- openssh-6.5p1/servconf.c 2013-12-06 16:24:02.000000000 -0800
-+++ openssh-6.5p1.patched/servconf.c 2014-02-15 16:25:56.000000000 -0800
-@@ -247,7 +247,7 @@ fill_default_server_options(ServerOption
</del><ins>+--- a/servconf.c.old
++++ b/servconf.c
+@@ -253,7 +253,7 @@
</ins><span class="cx"> if (options->gss_cleanup_creds == -1)
</span><span class="cx"> options->gss_cleanup_creds = 1;
</span><span class="cx"> if (options->password_authentication == -1)
</span><span class="lines">@@ -1451,7 +1432,7 @@
</span><span class="cx"> if (options->kbd_interactive_authentication == -1)
</span><span class="cx"> options->kbd_interactive_authentication = 0;
</span><span class="cx"> if (options->challenge_response_authentication == -1)
</span><del>-@@ -621,7 +621,7 @@ match_cfg_line_group(const char *grps, i
</del><ins>+@@ -639,7 +639,7 @@
</ins><span class="cx"> if ((pw = getpwnam(user)) == NULL) {
</span><span class="cx"> debug("Can't match group at line %d because user %.100s does "
</span><span class="cx"> "not exist", line, user);
</span><span class="lines">@@ -1460,10 +1441,9 @@
</span><span class="cx"> debug("Can't Match group because user %.100s not in any group "
</span><span class="cx"> "at line %d", user, line);
</span><span class="cx"> } else if (ga_match_pattern_list(grps) != 1) {
</span><del>-diff -urp openssh-6.5p1/session.c openssh-6.5p1.patched/session.c
---- openssh-6.5p1/session.c 2014-01-22 19:16:10.000000000 -0800
-+++ openssh-6.5p1.patched/session.c 2014-02-15 16:25:56.000000000 -0800
-@@ -2116,8 +2116,10 @@ session_pty_req(Session *s)
</del><ins>+--- a/session.c.old
++++ b/session.c
+@@ -2113,8 +2113,10 @@
</ins><span class="cx"> n_bytes = packet_remaining();
</span><span class="cx"> tty_parse_modes(s->ttyfd, &n_bytes);
</span><span class="cx">
</span><span class="lines">@@ -1474,7 +1454,7 @@
</span><span class="cx">
</span><span class="cx"> /* Set window size from the packet. */
</span><span class="cx"> pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
</span><del>-@@ -2357,9 +2357,11 @@ session_pty_cleanup2(Session *s)
</del><ins>+@@ -2354,9 +2356,11 @@
</ins><span class="cx"> if (s->pid != 0)
</span><span class="cx"> record_logout(s->pid, s->tty, s->pw->pw_name);
</span><span class="cx">
</span><span class="lines">@@ -1486,10 +1466,9 @@
</span><span class="cx">
</span><span class="cx"> /*
</span><span class="cx"> * Close the server side of the socket pairs. We must do this after
</span><del>-diff -urp openssh-6.5p1/ssh-add.0 openssh-6.5p1.patched/ssh-add.0
---- openssh-6.5p1/ssh-add.0 2014-01-29 17:52:47.000000000 -0800
-+++ openssh-6.5p1.patched/ssh-add.0 2014-02-15 16:25:56.000000000 -0800
-@@ -4,7 +4,7 @@ NAME
</del><ins>+--- a/ssh-add.0.old
++++ b/ssh-add.0
+@@ -4,7 +4,7 @@
</ins><span class="cx"> ssh-add - adds private key identities to the authentication agent
</span><span class="cx">
</span><span class="cx"> SYNOPSIS
</span><span class="lines">@@ -1498,7 +1477,7 @@
</span><span class="cx"> ssh-add -s pkcs11
</span><span class="cx"> ssh-add -e pkcs11
</span><span class="cx">
</span><del>-@@ -55,6 +55,13 @@ DESCRIPTION
</del><ins>+@@ -55,6 +55,13 @@
</ins><span class="cx"> -l Lists fingerprints of all identities currently represented by the
</span><span class="cx"> agent.
</span><span class="cx">
</span><span class="lines">@@ -1512,9 +1491,8 @@
</span><span class="cx"> -s pkcs11
</span><span class="cx"> Add keys provided by the PKCS#11 shared library pkcs11.
</span><span class="cx">
</span><del>-diff -urp openssh-6.5p1/ssh-add.1 openssh-6.5p1.patched/ssh-add.1
---- openssh-6.5p1/ssh-add.1 2013-12-17 22:46:28.000000000 -0800
-+++ openssh-6.5p1.patched/ssh-add.1 2014-02-15 16:25:56.000000000 -0800
</del><ins>+--- a/ssh-add.1.old
++++ b/ssh-add.1
</ins><span class="cx"> @@ -43,7 +43,7 @@
</span><span class="cx"> .Nd adds private key identities to the authentication agent
</span><span class="cx"> .Sh SYNOPSIS
</span><span class="lines">@@ -1524,7 +1502,7 @@
</span><span class="cx"> .Op Fl t Ar life
</span><span class="cx"> .Op Ar
</span><span class="cx"> .Nm ssh-add
</span><del>-@@ -119,6 +119,13 @@ Lists public key parameters of all ident
</del><ins>+@@ -119,6 +119,13 @@
</ins><span class="cx"> by the agent.
</span><span class="cx"> .It Fl l
</span><span class="cx"> Lists fingerprints of all identities currently represented by the agent.
</span><span class="lines">@@ -1538,18 +1516,17 @@
</span><span class="cx"> .It Fl s Ar pkcs11
</span><span class="cx"> Add keys provided by the PKCS#11 shared library
</span><span class="cx"> .Ar pkcs11 .
</span><del>-diff -urp openssh-6.5p1/ssh-add.c openssh-6.5p1.patched/ssh-add.c
---- openssh-6.5p1/ssh-add.c 2013-12-28 22:44:07.000000000 -0800
-+++ openssh-6.5p1.patched/ssh-add.c 2014-02-15 16:25:56.000000000 -0800
-@@ -62,6 +62,7 @@
- #include "authfile.h"
</del><ins>+--- a/ssh-add.c.old
++++ b/ssh-add.c
+@@ -63,6 +63,7 @@
</ins><span class="cx"> #include "pathnames.h"
</span><span class="cx"> #include "misc.h"
</span><ins>+ #include "ssherr.h"
</ins><span class="cx"> +#include "keychain.h"
</span><span class="cx">
</span><span class="cx"> /* argv0 */
</span><span class="cx"> extern char *__progname;
</span><del>-@@ -97,12 +98,24 @@ clear_pass(void)
</del><ins>+@@ -98,12 +99,24 @@
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> static int
</span><span class="lines">@@ -1575,7 +1552,7 @@
</span><span class="cx"> public = key_load_public(filename, &comment);
</span><span class="cx"> if (public == NULL) {
</span><span class="cx"> printf("Bad key file %s\n", filename);
</span><del>-@@ -165,7 +178,7 @@ delete_all(AuthenticationConnection *ac)
</del><ins>+@@ -166,7 +179,7 @@
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> static int
</span><span class="lines">@@ -1584,28 +1561,27 @@
</span><span class="cx"> {
</span><span class="cx"> Key *private, *cert;
</span><span class="cx"> char *comment = NULL;
</span><del>-@@ -202,11 +215,16 @@ add_file(AuthenticationConnection *ac, c
-
- /* At first, try empty passphrase */
- private = key_parse_private(&keyblob, filename, "", &comment);
</del><ins>+@@ -205,12 +218,16 @@
+ if ((r = sshkey_parse_private_fileblob(&keyblob, "", filename,
+ &private, &comment)) != 0 && r != SSH_ERR_KEY_WRONG_PASSPHRASE)
+ fatal("Cannot parse %s: %s", filename, ssh_err(r));
</ins><span class="cx"> + if (keychain && private != NULL)
</span><span class="cx"> + store_in_keychain(filename, "");
</span><del>- if (comment == NULL)
- comment = xstrdup(filename);
</del><span class="cx"> /* try last */
</span><del>-- if (private == NULL && pass != NULL)
-+ if (private == NULL && pass != NULL) {
- private = key_parse_private(&keyblob, filename, pass, NULL);
</del><ins>+ if (private == NULL && pass != NULL) {
+ if ((r = sshkey_parse_private_fileblob(&keyblob, pass, filename,
+ &private, &comment)) != 0 &&
+ r != SSH_ERR_KEY_WRONG_PASSPHRASE)
+ fatal("Cannot parse %s: %s", filename, ssh_err(r));
</ins><span class="cx"> + if (keychain && private != NULL)
</span><span class="cx"> + store_in_keychain(filename, pass);
</span><del>-+ }
- if (private == NULL) {
- /* clear passphrase since it did not work */
- clear_pass();
-@@ -222,8 +240,11 @@ add_file(AuthenticationConnection *ac, c
- }
- private = key_parse_private(&keyblob, filename, pass,
- &comment);
</del><ins>+ }
+ if (comment == NULL)
+ comment = xstrdup(filename);
+@@ -232,8 +249,11 @@
+ r != SSH_ERR_KEY_WRONG_PASSPHRASE)
+ fatal("Cannot parse %s: %s",
+ filename, ssh_err(r));
</ins><span class="cx"> - if (private != NULL)
</span><span class="cx"> + if (private != NULL) {
</span><span class="cx"> + if (keychain)
</span><span class="lines">@@ -1615,7 +1591,7 @@
</span><span class="cx"> clear_pass();
</span><span class="cx"> snprintf(msg, sizeof msg,
</span><span class="cx"> "Bad passphrase, try again for %.200s: ", comment);
</span><del>-@@ -380,13 +401,13 @@ lock_agent(AuthenticationConnection *ac,
</del><ins>+@@ -390,13 +410,13 @@
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> static int
</span><span class="lines">@@ -1632,7 +1608,7 @@
</span><span class="cx"> return -1;
</span><span class="cx"> }
</span><span class="cx"> return 0;
</span><del>-@@ -408,6 +429,11 @@ usage(void)
</del><ins>+@@ -418,6 +438,11 @@
</ins><span class="cx"> fprintf(stderr, " -X Unlock agent.\n");
</span><span class="cx"> fprintf(stderr, " -s pkcs11 Add keys from PKCS#11 provider.\n");
</span><span class="cx"> fprintf(stderr, " -e pkcs11 Remove keys provided by PKCS#11 provider.\n");
</span><span class="lines">@@ -1644,7 +1620,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> int
</span><del>-@@ -418,6 +444,7 @@ main(int argc, char **argv)
</del><ins>+@@ -428,6 +453,7 @@
</ins><span class="cx"> AuthenticationConnection *ac = NULL;
</span><span class="cx"> char *pkcs11provider = NULL;
</span><span class="cx"> int i, ch, deleting = 0, ret = 0, key_only = 0;
</span><span class="lines">@@ -1652,7 +1628,7 @@
</span><span class="cx">
</span><span class="cx"> /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
</span><span class="cx"> sanitise_stdfd();
</span><del>-@@ -434,7 +461,7 @@ main(int argc, char **argv)
</del><ins>+@@ -446,7 +472,7 @@
</ins><span class="cx"> "Could not open a connection to your authentication agent.\n");
</span><span class="cx"> exit(2);
</span><span class="cx"> }
</span><span class="lines">@@ -1661,7 +1637,7 @@
</span><span class="cx"> switch (ch) {
</span><span class="cx"> case 'k':
</span><span class="cx"> key_only = 1;
</span><del>-@@ -473,6 +500,13 @@ main(int argc, char **argv)
</del><ins>+@@ -485,6 +511,13 @@
</ins><span class="cx"> goto done;
</span><span class="cx"> }
</span><span class="cx"> break;
</span><span class="lines">@@ -1675,7 +1651,7 @@
</span><span class="cx"> default:
</span><span class="cx"> usage();
</span><span class="cx"> ret = 1;
</span><del>-@@ -504,7 +538,7 @@ main(int argc, char **argv)
</del><ins>+@@ -516,7 +549,7 @@
</ins><span class="cx"> default_files[i]);
</span><span class="cx"> if (stat(buf, &st) < 0)
</span><span class="cx"> continue;
</span><span class="lines">@@ -1684,7 +1660,7 @@
</span><span class="cx"> ret = 1;
</span><span class="cx"> else
</span><span class="cx"> count++;
</span><del>-@@ -513,7 +547,7 @@ main(int argc, char **argv)
</del><ins>+@@ -525,7 +558,7 @@
</ins><span class="cx"> ret = 1;
</span><span class="cx"> } else {
</span><span class="cx"> for (i = 0; i < argc; i++) {
</span><span class="lines">@@ -1693,10 +1669,9 @@
</span><span class="cx"> ret = 1;
</span><span class="cx"> }
</span><span class="cx"> }
</span><del>-diff -urp openssh-6.5p1/ssh-agent.c openssh-6.5p1.patched/ssh-agent.c
---- openssh-6.5p1/ssh-agent.c 2013-12-28 22:45:52.000000000 -0800
-+++ openssh-6.5p1.patched/ssh-agent.c 2014-02-15 16:25:56.000000000 -0800
-@@ -64,6 +64,9 @@
</del><ins>+--- a/ssh-agent.c.old
++++ b/ssh-agent.c
+@@ -66,6 +66,9 @@
</ins><span class="cx"> #include <time.h>
</span><span class="cx"> #include <string.h>
</span><span class="cx"> #include <unistd.h>
</span><span class="lines">@@ -1706,7 +1681,7 @@
</span><span class="cx">
</span><span class="cx"> #include "xmalloc.h"
</span><span class="cx"> #include "ssh.h"
</span><del>-@@ -71,10 +71,12 @@
</del><ins>+@@ -73,10 +76,12 @@
</ins><span class="cx"> #include "buffer.h"
</span><span class="cx"> #include "key.h"
</span><span class="cx"> #include "authfd.h"
</span><span class="lines">@@ -1719,7 +1694,7 @@
</span><span class="cx">
</span><span class="cx"> #ifdef ENABLE_PKCS11
</span><span class="cx"> #include "ssh-pkcs11.h"
</span><del>-@@ -684,6 +689,61 @@ process_remove_smartcard_key(SocketEntry
</del><ins>+@@ -701,6 +706,61 @@
</ins><span class="cx"> }
</span><span class="cx"> #endif /* ENABLE_PKCS11 */
</span><span class="cx">
</span><span class="lines">@@ -1781,7 +1756,7 @@
</span><span class="cx"> /* dispatch incoming messages */
</span><span class="cx">
</span><span class="cx"> static void
</span><del>-@@ -776,6 +836,9 @@ process_message(SocketEntry *e)
</del><ins>+@@ -795,6 +855,9 @@
</ins><span class="cx"> process_remove_smartcard_key(e);
</span><span class="cx"> break;
</span><span class="cx"> #endif /* ENABLE_PKCS11 */
</span><span class="lines">@@ -1791,7 +1766,7 @@
</span><span class="cx"> default:
</span><span class="cx"> /* Unknown message. Respond with failure. */
</span><span class="cx"> error("Unknown message %d", type);
</span><del>-@@ -1016,7 +1079,11 @@ usage(void)
</del><ins>+@@ -1034,7 +1097,11 @@
</ins><span class="cx"> int
</span><span class="cx"> main(int ac, char **av)
</span><span class="cx"> {
</span><span class="lines">@@ -1803,7 +1778,7 @@
</span><span class="cx"> int sock, fd, ch, result, saved_errno;
</span><span class="cx"> u_int nalloc;
</span><span class="cx"> char *shell, *format, *pidstr, *agentsocket = NULL;
</span><del>-@@ -1050,7 +1117,11 @@ main(int ac, char **av)
</del><ins>+@@ -1069,7 +1136,11 @@
</ins><span class="cx"> __progname = ssh_get_progname(av[0]);
</span><span class="cx"> seed_rng();
</span><span class="cx">
</span><span class="lines">@@ -1815,7 +1790,7 @@
</span><span class="cx"> switch (ch) {
</span><span class="cx"> case 'c':
</span><span class="cx"> if (s_flag)
</span><del>-@@ -1060,6 +1131,11 @@ main(int ac, char **av)
</del><ins>+@@ -1079,6 +1150,11 @@
</ins><span class="cx"> case 'k':
</span><span class="cx"> k_flag++;
</span><span class="cx"> break;
</span><span class="lines">@@ -1827,7 +1802,7 @@
</span><span class="cx"> case 's':
</span><span class="cx"> if (c_flag)
</span><span class="cx"> usage();
</span><del>-@@ -1086,7 +1162,11 @@ main(int ac, char **av)
</del><ins>+@@ -1105,7 +1181,11 @@
</ins><span class="cx"> ac -= optind;
</span><span class="cx"> av += optind;
</span><span class="cx">
</span><span class="lines">@@ -1839,7 +1814,7 @@
</span><span class="cx"> usage();
</span><span class="cx">
</span><span class="cx"> if (ac == 0 && !c_flag && !s_flag) {
</span><del>-@@ -1142,6 +1222,53 @@ main(int ac, char **av)
</del><ins>+@@ -1161,6 +1241,53 @@
</ins><span class="cx"> * Create socket early so it will exist before command gets run from
</span><span class="cx"> * the parent.
</span><span class="cx"> */
</span><span class="lines">@@ -1890,13 +1865,13 @@
</span><span class="cx"> + launch_data_free(resp);
</span><span class="cx"> + } else {
</span><span class="cx"> +#endif
</span><del>- sock = socket(AF_UNIX, SOCK_STREAM, 0);
</del><ins>+ prev_mask = umask(0177);
+ sock = unix_listener(socket_name, SSH_LISTEN_BACKLOG, 0);
</ins><span class="cx"> if (sock < 0) {
</span><del>- perror("socket");
-@@ -1163,6 +1290,14 @@ main(int ac, char **av)
- perror("listen");
</del><ins>+@@ -1169,6 +1296,14 @@
</ins><span class="cx"> cleanup_exit(1);
</span><span class="cx"> }
</span><ins>+ umask(prev_mask);
</ins><span class="cx"> +#ifdef __APPLE_LAUNCHD__
</span><span class="cx"> + }
</span><span class="cx"> +#endif
</span><span class="lines">@@ -1908,7 +1883,7 @@
</span><span class="cx">
</span><span class="cx"> /*
</span><span class="cx"> * Fork, and have the parent execute the command, if any, or present
</span><del>-@@ -1235,6 +1370,7 @@ skip:
</del><ins>+@@ -1243,6 +1378,7 @@
</ins><span class="cx"> pkcs11_init(0);
</span><span class="cx"> #endif
</span><span class="cx"> new_socket(AUTH_SOCKET, sock);
</span><span class="lines">@@ -1916,7 +1891,7 @@
</span><span class="cx"> if (ac > 0)
</span><span class="cx"> parent_alive_interval = 10;
</span><span class="cx"> idtab_init();
</span><del>-@@ -1244,6 +1380,10 @@ skip:
</del><ins>+@@ -1252,6 +1388,10 @@
</ins><span class="cx"> signal(SIGTERM, cleanup_handler);
</span><span class="cx"> nalloc = 0;
</span><span class="cx">
</span><span class="lines">@@ -1927,10 +1902,9 @@
</span><span class="cx"> while (1) {
</span><span class="cx"> prepare_select(&readsetp, &writesetp, &max_fd, &nalloc, &tvp);
</span><span class="cx"> result = select(max_fd + 1, readsetp, writesetp, NULL, tvp);
</span><del>-diff -urp openssh-6.5p1/ssh-keysign.8 openssh-6.5p1.patched/ssh-keysign.8
---- openssh-6.5p1/ssh-keysign.8 2013-12-17 22:46:28.000000000 -0800
-+++ openssh-6.5p1.patched/ssh-keysign.8 2014-02-15 16:25:56.000000000 -0800
-@@ -72,6 +72,9 @@ accessible to others.
</del><ins>+--- a/ssh-keysign.8.old
++++ b/ssh-keysign.8
+@@ -72,6 +72,9 @@
</ins><span class="cx"> Since they are readable only by root,
</span><span class="cx"> .Nm
</span><span class="cx"> must be set-uid root if host-based authentication is used.
</span><span class="lines">@@ -1940,9 +1914,8 @@
</span><span class="cx"> .Pp
</span><span class="cx"> .It Pa /etc/ssh/ssh_host_dsa_key-cert.pub
</span><span class="cx"> .It Pa /etc/ssh/ssh_host_ecdsa_key-cert.pub
</span><del>-diff -urp openssh-6.5p1/sshconnect1.c openssh-6.5p1.patched/sshconnect1.c
---- openssh-6.5p1/sshconnect1.c 2013-10-25 16:05:47.000000000 -0700
-+++ openssh-6.5p1.patched/sshconnect1.c 2014-02-15 16:25:56.000000000 -0800
</del><ins>+--- a/sshconnect1.c.old
++++ b/sshconnect1.c
</ins><span class="cx"> @@ -47,6 +47,7 @@
</span><span class="cx"> #include "hostfile.h"
</span><span class="cx"> #include "auth.h"
</span><span class="lines">@@ -1951,7 +1924,7 @@
</span><span class="cx">
</span><span class="cx"> /* Session id for the current session. */
</span><span class="cx"> u_char session_id[16];
</span><del>-@@ -262,6 +263,10 @@ try_rsa_authentication(int idx)
</del><ins>+@@ -262,6 +263,10 @@
</ins><span class="cx"> snprintf(buf, sizeof(buf),
</span><span class="cx"> "Enter passphrase for RSA key '%.100s': ", comment);
</span><span class="cx"> for (i = 0; i < options.number_of_password_prompts; i++) {
</span><span class="lines">@@ -1962,9 +1935,8 @@
</span><span class="cx"> passphrase = read_passphrase(buf, 0);
</span><span class="cx"> if (strcmp(passphrase, "") != 0) {
</span><span class="cx"> private = key_load_private_type(KEY_RSA1,
</span><del>-diff -urp openssh-6.5p1/sshconnect2.c openssh-6.5p1.patched/sshconnect2.c
---- openssh-6.5p1/sshconnect2.c 2014-01-09 15:58:53.000000000 -0800
-+++ openssh-6.5p1.patched/sshconnect2.c 2014-02-15 16:25:56.000000000 -0800
</del><ins>+--- a/sshconnect2.c.old
++++ b/sshconnect2.c
</ins><span class="cx"> @@ -70,6 +70,7 @@
</span><span class="cx"> #include "pathnames.h"
</span><span class="cx"> #include "uidswap.h"
</span><span class="lines">@@ -1973,7 +1945,7 @@
</span><span class="cx">
</span><span class="cx"> #ifdef GSSAPI
</span><span class="cx"> #include "ssh-gss.h"
</span><del>-@@ -1117,6 +1118,10 @@ load_identity_file(char *filename, int u
</del><ins>+@@ -1122,6 +1123,10 @@
</ins><span class="cx"> snprintf(prompt, sizeof prompt,
</span><span class="cx"> "Enter passphrase for key '%.100s': ", filename);
</span><span class="cx"> for (i = 0; i < options.number_of_password_prompts; i++) {
</span><span class="lines">@@ -1984,27 +1956,24 @@
</span><span class="cx"> passphrase = read_passphrase(prompt, 0);
</span><span class="cx"> if (strcmp(passphrase, "") != 0) {
</span><span class="cx"> private = key_load_private_type(KEY_UNSPEC,
</span><del>-diff -urp openssh-6.5p1/sshd.0 openssh-6.5p1.patched/sshd.0
---- openssh-6.5p1/sshd.0 2014-01-29 17:52:47.000000000 -0800
-+++ openssh-6.5p1.patched/sshd.0 2014-02-15 16:25:56.000000000 -0800
-@@ -625,8 +625,8 @@ FILES
</del><ins>+--- a/sshd.0.old
++++ b/sshd.0
+@@ -621,8 +621,7 @@
</ins><span class="cx">
</span><span class="cx"> SEE ALSO
</span><span class="cx"> scp(1), sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1),
</span><del>-- ssh-keyscan(1), chroot(2), hosts_access(5), login.conf(5), moduli(5),
-- sshd_config(5), inetd(8), sftp-server(8)
-+ ssh-keyscan(1), chroot(2), hosts_access(5), sshd_config(5)
-+ sftp-server(8)
</del><ins>+- ssh-keyscan(1), chroot(2), login.conf(5), moduli(5), sshd_config(5),
+- inetd(8), sftp-server(8)
++ ssh-keyscan(1), chroot(2), sshd_config(5), sftp-server(8)
</ins><span class="cx">
</span><span class="cx"> AUTHORS
</span><span class="cx"> OpenSSH is a derivative of the original and free ssh 1.2.12 release by
</span><del>-diff -urp openssh-6.5p1/sshd.8 openssh-6.5p1.patched/sshd.8
---- openssh-6.5p1/sshd.8 2013-12-17 22:46:28.000000000 -0800
-+++ openssh-6.5p1.patched/sshd.8 2014-02-15 16:25:56.000000000 -0800
-@@ -961,10 +961,7 @@ The content of this file is not sensitiv
</del><ins>+--- a/sshd.8.old
++++ b/sshd.8
+@@ -954,10 +954,7 @@
+ .Xr ssh-keygen 1 ,
</ins><span class="cx"> .Xr ssh-keyscan 1 ,
</span><span class="cx"> .Xr chroot 2 ,
</span><del>- .Xr hosts_access 5 ,
</del><span class="cx"> -.Xr login.conf 5 ,
</span><span class="cx"> -.Xr moduli 5 ,
</span><span class="cx"> .Xr sshd_config 5 ,
</span><span class="lines">@@ -2012,10 +1981,9 @@
</span><span class="cx"> .Xr sftp-server 8
</span><span class="cx"> .Sh AUTHORS
</span><span class="cx"> OpenSSH is a derivative of the original and free
</span><del>-diff -urp openssh-6.5p1/sshd.c openssh-6.5p1.patched/sshd.c
---- openssh-6.5p1/sshd.c 2014-01-27 20:08:13.000000000 -0800
-+++ openssh-6.5p1.patched/sshd.c 2014-02-15 16:25:56.000000000 -0800
-@@ -2138,6 +2138,12 @@ main(int ac, char **av)
</del><ins>+--- a/sshd.c.old
++++ b/sshd.c
+@@ -2144,6 +2144,12 @@
</ins><span class="cx"> audit_event(SSH_AUTH_SUCCESS);
</span><span class="cx"> #endif
</span><span class="cx">
</span><span class="lines">@@ -2028,7 +1996,7 @@
</span><span class="cx"> #ifdef GSSAPI
</span><span class="cx"> if (options.gss_authentication) {
</span><span class="cx"> temporarily_use_uid(authctxt->pw);
</span><del>-@@ -2145,12 +2151,6 @@ main(int ac, char **av)
</del><ins>+@@ -2151,12 +2157,6 @@
</ins><span class="cx"> restore_uid();
</span><span class="cx"> }
</span><span class="cx"> #endif
</span><span class="lines">@@ -2041,9 +2009,8 @@
</span><span class="cx">
</span><span class="cx"> /*
</span><span class="cx"> * In privilege separation, we fork another child and prepare
</span><del>-diff -urp openssh-6.5p1/sshd_config openssh-6.5p1.patched/sshd_config
---- openssh-6.5p1/sshd_config 2014-01-12 00:20:47.000000000 -0800
-+++ openssh-6.5p1.patched/sshd_config 2014-02-15 16:25:56.000000000 -0800
</del><ins>+--- a/sshd_config.old
++++ b/sshd_config
</ins><span class="cx"> @@ -35,7 +35,7 @@
</span><span class="cx">
</span><span class="cx"> # Logging
</span><span class="lines">@@ -2053,7 +2020,7 @@
</span><span class="cx"> #LogLevel INFO
</span><span class="cx">
</span><span class="cx"> # Authentication:
</span><del>-@@ -68,8 +68,9 @@ AuthorizedKeysFile .ssh/authorized_keys
</del><ins>+@@ -68,8 +68,9 @@
</ins><span class="cx"> # Don't read the user's ~/.rhosts and ~/.shosts files
</span><span class="cx"> #IgnoreRhosts yes
</span><span class="cx">
</span><span class="lines">@@ -2065,7 +2032,7 @@
</span><span class="cx"> #PermitEmptyPasswords no
</span><span class="cx">
</span><span class="cx"> # Change to no to disable s/key passwords
</span><del>-@@ -94,7 +95,10 @@ AuthorizedKeysFile .ssh/authorized_keys
</del><ins>+@@ -94,7 +95,10 @@
</ins><span class="cx"> # If you just want the PAM account and session checks to run without
</span><span class="cx"> # PAM authentication, then enable this but set PasswordAuthentication
</span><span class="cx"> # and ChallengeResponseAuthentication to 'no'.
</span><span class="lines">@@ -2077,10 +2044,9 @@
</span><span class="cx">
</span><span class="cx"> #AllowAgentForwarding yes
</span><span class="cx"> #AllowTcpForwarding yes
</span><del>-diff -urp openssh-6.5p1/sshd_config.0 openssh-6.5p1.patched/sshd_config.0
---- openssh-6.5p1/sshd_config.0 2014-01-29 17:52:48.000000000 -0800
-+++ openssh-6.5p1.patched/sshd_config.0 2014-02-15 16:25:56.000000000 -0800
-@@ -525,7 +525,7 @@ DESCRIPTION
</del><ins>+--- a/sshd_config.0.old
++++ b/sshd_config.0
+@@ -571,7 +571,7 @@
</ins><span class="cx">
</span><span class="cx"> PasswordAuthentication
</span><span class="cx"> Specifies whether password authentication is allowed. The
</span><span class="lines">@@ -2089,7 +2055,7 @@
</span><span class="cx">
</span><span class="cx"> PermitEmptyPasswords
</span><span class="cx"> When password authentication is allowed, it specifies whether the
</span><del>-@@ -731,7 +731,7 @@ DESCRIPTION
</del><ins>+@@ -802,7 +802,7 @@
</ins><span class="cx"> either PasswordAuthentication or ChallengeResponseAuthentication.
</span><span class="cx">
</span><span class="cx"> If UsePAM is enabled, you will not be able to run sshd(8) as a
</span><span class="lines">@@ -2098,10 +2064,9 @@
</span><span class="cx">
</span><span class="cx"> UsePrivilegeSeparation
</span><span class="cx"> Specifies whether sshd(8) separates privileges by creating an
</span><del>-diff -urp openssh-6.5p1/sshd_config.5 openssh-6.5p1.patched/sshd_config.5
---- openssh-6.5p1/sshd_config.5 2013-12-17 22:47:03.000000000 -0800
-+++ openssh-6.5p1.patched/sshd_config.5 2014-02-15 16:25:56.000000000 -0800
-@@ -886,7 +886,7 @@ are refused if the number of unauthentic
</del><ins>+--- a/sshd_config.5.old
++++ b/sshd_config.5
+@@ -977,7 +977,7 @@
</ins><span class="cx"> .It Cm PasswordAuthentication
</span><span class="cx"> Specifies whether password authentication is allowed.
</span><span class="cx"> The default is
</span><span class="lines">@@ -2110,7 +2075,7 @@
</span><span class="cx"> .It Cm PermitEmptyPasswords
</span><span class="cx"> When password authentication is allowed, it specifies whether the
</span><span class="cx"> server allows login to accounts with empty password strings.
</span><del>-@@ -1219,7 +1219,7 @@ is enabled, you will not be able to run
</del><ins>+@@ -1343,7 +1343,7 @@
</ins><span class="cx"> .Xr sshd 8
</span><span class="cx"> as a non-root user.
</span><span class="cx"> The default is
</span></span></pre>
</div>
</div>
</body>
</html>