From 7fc87a865e052bf2e7a7af6e597181e7ce14c20f Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 12 Aug 2013 14:50:55 +0200 Subject: [PATCH] openssh: Update to 6.2p2 --- pkgs/tools/networking/openssh/default.nix | 10 +- .../openssh/fix-identity-warnings.patch | 251 ------------------ 2 files changed, 3 insertions(+), 258 deletions(-) delete mode 100644 pkgs/tools/networking/openssh/fix-identity-warnings.patch diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix index 8542580e431..4296ba57f88 100644 --- a/pkgs/tools/networking/openssh/default.nix +++ b/pkgs/tools/networking/openssh/default.nix @@ -13,11 +13,11 @@ let in stdenv.mkDerivation rec { - name = "openssh-6.2p1"; + name = "openssh-6.2p2"; src = fetchurl { url = "ftp://ftp.nl.uu.net/pub/OpenBSD/OpenSSH/portable/${name}.tar.gz"; - sha1 = "8824708c617cc781b2bb29fa20bd905fd3d2a43d"; + sha1 = "c2b4909eba6f5ec6f9f75866c202db47f3b501ba"; }; prePatch = stdenv.lib.optionalString hpnSupport @@ -26,11 +26,7 @@ stdenv.mkDerivation rec { export NIX_LDFLAGS="$NIX_LDFLAGS -lgcc_s" ''; - patches = - [ ./locale_archive.patch - # Upstream fix for gratuitous "no such identity" warnings. - ./fix-identity-warnings.patch - ]; + patches = [ ./locale_archive.patch ]; buildInputs = [ zlib openssl libedit pkgconfig pam ]; diff --git a/pkgs/tools/networking/openssh/fix-identity-warnings.patch b/pkgs/tools/networking/openssh/fix-identity-warnings.patch deleted file mode 100644 index c341889b3a4..00000000000 --- a/pkgs/tools/networking/openssh/fix-identity-warnings.patch +++ /dev/null @@ -1,251 +0,0 @@ -https://bugzilla.mindrot.org/show_bug.cgi?id=2084 - -@@ -, +, @@ - - dtucker@cvs.openbsd.org 2013/02/17 23:16:57 - [readconf.c ssh.c readconf.h sshconnect2.c] - Keep track of which IndentityFile options were manually supplied and which - were default options, and don't warn if the latter are missing. - ok markus@ - - dtucker@cvs.openbsd.org 2013/02/22 04:45:09 - [ssh.c readconf.c readconf.h] - Don't complain if IdentityFiles specified in system-wide configs are - missing. ok djm, deraadt. -Index: readconf.c -=================================================================== -RCS file: /home/dtucker/openssh/cvs/openssh/readconf.c,v ---- a/readconf.c 2 Oct 2011 07:59:03 -0000 1.174 -+++ b/readconf.c 5 Apr 2013 02:36:11 -0000 -@@ -1,4 +1,4 @@ --/* $OpenBSD: readconf.c,v 1.194 2011/09/23 07:45:05 markus Exp $ */ -+/* $OpenBSD: readconf.c,v 1.196 2013/02/22 04:45:08 dtucker Exp $ */ - /* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland -@@ -326,6 +326,26 @@ clear_forwardings(Options *options) - options->tun_open = SSH_TUNMODE_NO; - } - -+void -+add_identity_file(Options *options, const char *dir, const char *filename, -+ int userprovided) -+{ -+ char *path; -+ -+ if (options->num_identity_files >= SSH_MAX_IDENTITY_FILES) -+ fatal("Too many identity files specified (max %d)", -+ SSH_MAX_IDENTITY_FILES); -+ -+ if (dir == NULL) /* no dir, filename is absolute */ -+ path = xstrdup(filename); -+ else -+ (void)xasprintf(&path, "%.100s%.100s", dir, filename); -+ -+ options->identity_file_userprovided[options->num_identity_files] = -+ userprovided; -+ options->identity_files[options->num_identity_files++] = path; -+} -+ - /* - * Returns the number of the token pointed to by cp or oBadOption. - */ -@@ -353,7 +373,7 @@ parse_token(const char *cp, const char * - int - process_config_line(Options *options, const char *host, - char *line, const char *filename, int linenum, -- int *activep) -+ int *activep, int userconfig) - { - char *s, **charptr, *endofnumber, *keyword, *arg, *arg2; - char **cpptr, fwdarg[256]; -@@ -586,9 +606,7 @@ parse_yesnoask: - if (*intptr >= SSH_MAX_IDENTITY_FILES) - fatal("%.200s line %d: Too many identity files specified (max %d).", - filename, linenum, SSH_MAX_IDENTITY_FILES); -- charptr = &options->identity_files[*intptr]; -- *charptr = xstrdup(arg); -- *intptr = *intptr + 1; -+ add_identity_file(options, NULL, arg, userconfig); - } - break; - -@@ -1075,7 +1093,7 @@ parse_int: - - int - read_config_file(const char *filename, const char *host, Options *options, -- int checkperm) -+ int flags) - { - FILE *f; - char line[1024]; -@@ -1085,7 +1103,7 @@ read_config_file(const char *filename, c - if ((f = fopen(filename, "r")) == NULL) - return 0; - -- if (checkperm) { -+ if (flags & SSHCONF_CHECKPERM) { - struct stat sb; - - if (fstat(fileno(f), &sb) == -1) -@@ -1106,7 +1124,8 @@ read_config_file(const char *filename, c - while (fgets(line, sizeof(line), f)) { - /* Update line number counter. */ - linenum++; -- if (process_config_line(options, host, line, filename, linenum, &active) != 0) -+ if (process_config_line(options, host, line, filename, linenum, -+ &active, flags & SSHCONF_USERCONF) != 0) - bad_options++; - } - fclose(f); -@@ -1280,30 +1299,17 @@ fill_default_options(Options * options) - options->protocol = SSH_PROTO_2; - if (options->num_identity_files == 0) { - if (options->protocol & SSH_PROTO_1) { -- len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1; -- options->identity_files[options->num_identity_files] = -- xmalloc(len); -- snprintf(options->identity_files[options->num_identity_files++], -- len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY); -+ add_identity_file(options, "~/", -+ _PATH_SSH_CLIENT_IDENTITY, 0); - } - if (options->protocol & SSH_PROTO_2) { -- len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1; -- options->identity_files[options->num_identity_files] = -- xmalloc(len); -- snprintf(options->identity_files[options->num_identity_files++], -- len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA); -- -- len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1; -- options->identity_files[options->num_identity_files] = -- xmalloc(len); -- snprintf(options->identity_files[options->num_identity_files++], -- len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA); -+ add_identity_file(options, "~/", -+ _PATH_SSH_CLIENT_ID_RSA, 0); -+ add_identity_file(options, "~/", -+ _PATH_SSH_CLIENT_ID_DSA, 0); - #ifdef OPENSSL_HAS_ECC -- len = 2 + strlen(_PATH_SSH_CLIENT_ID_ECDSA) + 1; -- options->identity_files[options->num_identity_files] = -- xmalloc(len); -- snprintf(options->identity_files[options->num_identity_files++], -- len, "~/%.100s", _PATH_SSH_CLIENT_ID_ECDSA); -+ add_identity_file(options, "~/", -+ _PATH_SSH_CLIENT_ID_ECDSA, 0); - #endif - } - } -Index: readconf.h -=================================================================== -RCS file: /home/dtucker/openssh/cvs/openssh/readconf.h,v ---- a/readconf.h 2 Oct 2011 07:59:03 -0000 1.83 -+++ b/readconf.h 5 Apr 2013 02:36:11 -0000 -@@ -1,4 +1,4 @@ --/* $OpenBSD: readconf.h,v 1.91 2011/09/23 07:45:05 markus Exp $ */ -+/* $OpenBSD: readconf.h,v 1.93 2013/02/22 04:45:09 dtucker Exp $ */ - - /* - * Author: Tatu Ylonen -@@ -96,6 +96,7 @@ typedef struct { - - int num_identity_files; /* Number of files for RSA/DSA identities. */ - char *identity_files[SSH_MAX_IDENTITY_FILES]; -+ int identity_file_userprovided[SSH_MAX_IDENTITY_FILES]; - Key *identity_keys[SSH_MAX_IDENTITY_FILES]; - - /* Local TCP/IP forward requests. */ -@@ -148,15 +149,20 @@ typedef struct { - #define REQUEST_TTY_YES 2 - #define REQUEST_TTY_FORCE 3 - -+#define SSHCONF_CHECKPERM 1 /* check permissions on config file */ -+#define SSHCONF_USERCONF 2 /* user provided config file not system */ -+ - void initialize_options(Options *); - void fill_default_options(Options *); - int read_config_file(const char *, const char *, Options *, int); - int parse_forward(Forward *, const char *, int, int); - - int --process_config_line(Options *, const char *, char *, const char *, int, int *); -+process_config_line(Options *, const char *, char *, const char *, int, int *, -+ int); - - void add_local_forward(Options *, const Forward *); - void add_remote_forward(Options *, const Forward *); -+void add_identity_file(Options *, const char *, const char *, int); - - #endif /* READCONF_H */ -Index: ssh.c -=================================================================== -RCS file: /home/dtucker/openssh/cvs/openssh/ssh.c,v ---- a/ssh.c 6 Jul 2012 03:45:01 -0000 1.366 -+++ b/ssh.c 5 Apr 2013 02:36:11 -0000 -@@ -1,4 +1,4 @@ --/* $OpenBSD: ssh.c,v 1.370 2012/07/06 01:47:38 djm Exp $ */ -+/* $OpenBSD: ssh.c,v 1.372 2013/02/22 04:45:09 dtucker Exp $ */ - /* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland -@@ -405,12 +405,7 @@ main(int ac, char **av) - strerror(errno)); - break; - } -- if (options.num_identity_files >= -- SSH_MAX_IDENTITY_FILES) -- fatal("Too many identity files specified " -- "(max %d)", SSH_MAX_IDENTITY_FILES); -- options.identity_files[options.num_identity_files++] = -- xstrdup(optarg); -+ add_identity_file(&options, NULL, optarg, 1); - break; - case 'I': - #ifdef ENABLE_PKCS11 -@@ -584,7 +579,8 @@ main(int ac, char **av) - dummy = 1; - line = xstrdup(optarg); - if (process_config_line(&options, host ? host : "", -- line, "command-line", 0, &dummy) != 0) -+ line, "command-line", 0, &dummy, SSHCONF_USERCONF) -+ != 0) - exit(255); - xfree(line); - break; -@@ -678,14 +674,15 @@ main(int ac, char **av) - * file if the user specifies a config file on the command line. - */ - if (config != NULL) { -- if (!read_config_file(config, host, &options, 0)) -+ if (!read_config_file(config, host, &options, SSHCONF_USERCONF)) - fatal("Can't open user config file %.100s: " - "%.100s", config, strerror(errno)); - } else { - r = snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, - _PATH_SSH_USER_CONFFILE); - if (r > 0 && (size_t)r < sizeof(buf)) -- (void)read_config_file(buf, host, &options, 1); -+ (void)read_config_file(buf, host, &options, -+ SSHCONF_CHECKPERM|SSHCONF_USERCONF); - - /* Read systemwide configuration file after user config. */ - (void)read_config_file(_PATH_HOST_CONFIG_FILE, host, -Index: sshconnect2.c -=================================================================== -RCS file: /home/dtucker/openssh/cvs/openssh/sshconnect2.c,v ---- a/sshconnect2.c 20 Mar 2013 01:55:15 -0000 1.184 -+++ b/sshconnect2.c 5 Apr 2013 02:36:07 -0000 -@@ -1,4 +1,4 @@ --/* $OpenBSD: sshconnect2.c,v 1.191 2013/02/15 00:21:01 dtucker Exp $ */ -+/* $OpenBSD: sshconnect2.c,v 1.192 2013/02/17 23:16:57 dtucker Exp $ */ - /* - * Copyright (c) 2000 Markus Friedl. All rights reserved. - * Copyright (c) 2008 Damien Miller. All rights reserved. -@@ -1384,7 +1384,7 @@ pubkey_prepare(Authctxt *authctxt) - id = xcalloc(1, sizeof(*id)); - id->key = key; - id->filename = xstrdup(options.identity_files[i]); -- id->userprovided = 1; -+ id->userprovided = options.identity_file_userprovided[i]; - TAILQ_INSERT_TAIL(&files, id, next); - } - /* Prefer PKCS11 keys that are explicitly listed */