--- a/components/openssh/patches/007-manpages.patch Thu Mar 27 12:02:39 2014 -0700
+++ b/components/openssh/patches/007-manpages.patch Thu Mar 27 19:40:44 2014 -0700
@@ -5,12 +5,12 @@
# pages, the section numbers of some OpenSSH man pages are changed to be as
# same as their corresponding ones in SunSSH.
#
---- orig/moduli.5 Thu Jan 10 15:04:00 2013
-+++ new/moduli.5 Thu Jan 10 17:25:53 2013
+--- orig/moduli.5 Thu Feb 6 10:00:17 2014
++++ new/moduli.5 Thu Feb 6 10:08:07 2014
@@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- .Dd $Mdocdate: October 14 2010 $
+ .Dd $Mdocdate: September 26 2012 $
-.Dt MODULI 5
+.Dt MODULI 4
.Os
@@ -60,21 +60,21 @@
.Xr ssh-keygen 1 ,
-.Xr sshd 8
+.Xr sshd 1M
+ .Sh STANDARDS
.Rs
- .%R RFC 4419
- .%T "Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol"
---- orig/sftp-server.8 Thu Jan 10 15:04:00 2013
-+++ new/sftp-server.8 Thu Jan 10 15:48:21 2013
+ .%A M. Friedl
+--- orig/sftp-server.8 Thu Feb 6 10:01:20 2014
++++ new/sftp-server.8 Thu Feb 6 10:09:59 2014
@@ -23,7 +23,7 @@
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
- .Dd $Mdocdate: January 9 2010 $
+ .Dd $Mdocdate: October 14 2013 $
-.Dt SFTP-SERVER 8
+.Dt SFTP-SERVER 1M
.Os
.Sh NAME
.Nm sftp-server
-@@ -40,7 +40,7 @@
+@@ -47,7 +47,7 @@
to stdout and expects client requests from stdin.
.Nm
is not intended to be called directly, but from
@@ -83,7 +83,7 @@
using the
.Cm Subsystem
option.
-@@ -51,7 +51,7 @@
+@@ -58,7 +58,7 @@
.Cm Subsystem
declaration.
See
@@ -92,7 +92,16 @@
for more information.
.Pp
Valid options are:
-@@ -106,8 +106,8 @@
+@@ -71,7 +71,7 @@
+ and %u is replaced by the username of that user.
+ The default is to use the user's home directory.
+ This option is useful in conjunction with the
+-.Xr sshd_config 5
++.Xr sshd_config 4
+ .Cm ChrootDirectory
+ option.
+ .It Fl e
+@@ -152,8 +152,8 @@
.Sh SEE ALSO
.Xr sftp 1 ,
.Xr ssh 1 ,
@@ -103,18 +112,18 @@
.Rs
.%A T. Ylonen
.%A S. Lehtinen
---- orig/ssh_config.5 Thu Jan 10 15:04:00 2013
-+++ new/ssh_config.5 Thu Jan 10 15:48:48 2013
+--- orig/ssh_config.5 Thu Feb 6 10:01:20 2014
++++ new/ssh_config.5 Thu Mar 27 16:37:50 2014
@@ -35,7 +35,7 @@
.\"
- .\" $OpenBSD: ssh_config.5,v 1.154 2011/09/09 00:43:00 djm Exp $
- .Dd $Mdocdate: September 9 2011 $
+ .\" $OpenBSD: ssh_config.5,v 1.184 2014/01/19 04:48:08 djm Exp $
+ .Dd $Mdocdate: January 19 2014 $
-.Dt SSH_CONFIG 5
+.Dt SSH_CONFIG 4
.Os
.Sh NAME
.Nm ssh_config
-@@ -353,7 +353,7 @@
+@@ -503,7 +503,7 @@
.Dq Fl O No exit
option).
If set to a time in seconds, or a time in any of the formats documented in
@@ -123,16 +132,16 @@
then the backgrounded master connection will automatically terminate
after it has remained idle (with no client connections) for the
specified time.
-@@ -473,7 +473,7 @@
+@@ -622,7 +622,7 @@
+ Specify a timeout for untrusted X11 forwarding
using the format described in the
- .Sx TIME FORMATS
- section of
+ TIME FORMATS section of
-.Xr sshd_config 5 .
+.Xr sshd_config 4 .
X11 connections received by
.Xr ssh 1
after this time will be refused.
-@@ -540,7 +540,7 @@
+@@ -689,7 +689,7 @@
These hashed names may be used normally by
.Xr ssh 1
and
@@ -141,16 +150,16 @@
but they do not reveal identifying information should the file's contents
be disclosed.
The default is
-@@ -885,7 +885,7 @@
- The command can be basically anything,
- and should read from its standard input and write to its standard output.
- It should eventually connect an
--.Xr sshd 8
-+.Xr sshd 1M
- server running on some machine, or execute
- .Ic sshd -i
- somewhere.
-@@ -967,7 +967,7 @@
+@@ -1122,7 +1122,7 @@
+ The optional second value is specified in seconds and may use any of the
+ units documented in the
+ TIME FORMATS section of
+-.Xr sshd_config 5 .
++.Xr sshd_config 4 .
+ The default value for
+ .Cm RekeyLimit
+ is
+@@ -1166,7 +1166,7 @@
will only succeed if the server's
.Cm GatewayPorts
option is enabled (see
@@ -159,7 +168,7 @@
.It Cm RequestTTY
Specifies whether to request a pseudo-tty for the session.
The argument may be one of:
-@@ -1019,7 +1019,7 @@
+@@ -1218,7 +1218,7 @@
Refer to
.Cm AcceptEnv
in
@@ -168,12 +177,12 @@
for how to configure the server.
Variables are specified by name, which may contain wildcard characters.
Multiple environment variables may be separated by whitespace or spread
---- orig/ssh-keysign.8 Thu Jan 10 15:04:00 2013
-+++ new/ssh-keysign.8 Thu Jan 10 15:49:23 2013
+--- orig/ssh-keysign.8 Thu Feb 6 10:01:20 2014
++++ new/ssh-keysign.8 Thu Feb 6 10:13:05 2014
@@ -23,7 +23,7 @@
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
- .Dd $Mdocdate: August 31 2010 $
+ .Dd $Mdocdate: December 7 2013 $
-.Dt SSH-KEYSIGN 8
+.Dt SSH-KEYSIGN 1M
.Os
@@ -188,7 +197,7 @@
for more information about host-based authentication.
.Sh FILES
.Bl -tag -width Ds -compact
-@@ -81,8 +81,8 @@
+@@ -83,8 +83,8 @@
.Sh SEE ALSO
.Xr ssh 1 ,
.Xr ssh-keygen 1 ,
@@ -199,23 +208,23 @@
.Sh HISTORY
.Nm
first appeared in
---- orig/ssh-pkcs11-helper.8 Thu Jan 10 15:04:00 2013
-+++ new/ssh-pkcs11-helper.8 Thu Jan 10 15:49:48 2013
+--- orig/ssh-pkcs11-helper.8 Thu Feb 6 10:01:20 2014
++++ new/ssh-pkcs11-helper.8 Thu Feb 6 10:14:40 2014
@@ -15,7 +15,7 @@
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
- .Dd $Mdocdate: February 10 2010 $
+ .Dd $Mdocdate: July 16 2013 $
-.Dt SSH-PKCS11-HELPER 8
+.Dt SSH-PKCS11-HELPER 1M
.Os
.Sh NAME
.Nm ssh-pkcs11-helper
---- orig/sshd_config.5 Thu Jan 10 15:04:00 2013
-+++ new/sshd_config.5 Fri Jan 11 15:56:09 2013
+--- orig/sshd_config.5 Thu Feb 6 10:01:20 2014
++++ new/sshd_config.5 Thu Feb 6 10:17:21 2014
@@ -35,7 +35,7 @@
.\"
- .\" $OpenBSD: sshd_config.5,v 1.136 2011/09/09 00:43:00 djm Exp $
- .Dd $Mdocdate: September 9 2011 $
+ .\" $OpenBSD: sshd_config.5,v 1.170 2013/12/08 09:53:27 dtucker Exp $
+ .Dd $Mdocdate: December 8 2013 $
-.Dt SSHD_CONFIG 5
+.Dt SSHD_CONFIG 4
.Os
@@ -248,43 +257,52 @@
Valid arguments are
.Dq any ,
.Dq inet
-@@ -120,7 +120,7 @@
- See
- .Sx PATTERNS
- in
+@@ -118,7 +118,7 @@
+ .Cm AllowGroups .
+ .Pp
+ See PATTERNS in
-.Xr ssh_config 5
+.Xr ssh_config 4
for more information on patterns.
.It Cm AllowTcpForwarding
Specifies whether TCP forwarding is permitted.
-@@ -149,7 +149,7 @@
- See
- .Sx PATTERNS
- in
+@@ -158,7 +158,7 @@
+ .Cm AllowGroups .
+ .Pp
+ See PATTERNS in
-.Xr ssh_config 5
+.Xr ssh_config 4
for more information on patterns.
- .It Cm AuthorizedKeysFile
- Specifies the file that contains the public keys that can be used
-@@ -157,7 +157,7 @@
+ .It Cm AuthenticationMethods
+ Specifies the authentication methods that must be successfully completed
+@@ -202,7 +202,7 @@
+ It will be invoked with a single argument of the username
+ being authenticated, and should produce on standard output zero or
+ more lines of authorized_keys output (see AUTHORIZED_KEYS in
+-.Xr sshd 8 ) .
++.Xr sshd 1M ) .
+ If a key supplied by AuthorizedKeysCommand does not successfully authenticate
+ and authorize the user then public key authentication continues using the usual
+ .Cm AuthorizedKeysFile
+@@ -218,7 +218,7 @@
The format is described in the
- .Sx AUTHORIZED_KEYS FILE FORMAT
+ AUTHORIZED_KEYS FILE FORMAT
section of
-.Xr sshd 8 .
+.Xr sshd 1M .
.Cm AuthorizedKeysFile
may contain tokens of the form %T which are substituted during connection
setup.
-@@ -182,7 +182,7 @@
- in
- .Sx AUTHORIZED_KEYS FILE FORMAT
- in
+@@ -241,7 +241,7 @@
+ to be accepted for authentication.
+ Names are listed one per line preceded by key options (as described
+ in AUTHORIZED_KEYS FILE FORMAT in
-.Xr sshd 8 ) .
+.Xr sshd 1M ) .
Empty lines and comments starting with
.Ql #
are ignored.
-@@ -210,7 +210,7 @@
+@@ -271,7 +271,7 @@
though the
.Cm principals=
key option offers a similar facility (see
@@ -293,7 +311,7 @@
for details).
.It Cm Banner
The contents of the specified file are sent to the remote user before
-@@ -233,7 +233,7 @@
+@@ -294,7 +294,7 @@
All components of the pathname must be root-owned directories that are
not writable by any other user or group.
After the chroot,
@@ -302,16 +320,7 @@
changes the working directory to the user's home directory.
.Pp
The pathname may contain the following tokens that are expanded at runtime once
-@@ -266,7 +266,7 @@
- though sessions which use logging do require
- .Pa /dev/log
- inside the chroot directory (see
--.Xr sftp-server 8
-+.Xr sftp-server 1M
- for details).
- .Pp
- The default is not to
-@@ -297,7 +297,7 @@
+@@ -370,7 +370,7 @@
.It Cm ClientAliveCountMax
Sets the number of client alive messages (see below) which may be
sent without
@@ -320,7 +329,7 @@
receiving any messages back from the client.
If this threshold is reached while client alive messages are being sent,
sshd will disconnect the client, terminating the session.
-@@ -324,7 +324,7 @@
+@@ -397,7 +397,7 @@
.It Cm ClientAliveInterval
Sets a timeout interval in seconds after which if no data has been received
from the client,
@@ -329,25 +338,25 @@
will send a message through the encrypted
channel to request a response from the client.
The default
-@@ -357,7 +357,7 @@
- See
- .Sx PATTERNS
- in
+@@ -428,7 +428,7 @@
+ .Cm AllowGroups .
+ .Pp
+ See PATTERNS in
-.Xr ssh_config 5
+.Xr ssh_config 4
for more information on patterns.
.It Cm DenyUsers
This keyword can be followed by a list of user name patterns, separated
-@@ -378,7 +378,7 @@
- See
- .Sx PATTERNS
- in
+@@ -447,7 +447,7 @@
+ .Cm AllowGroups .
+ .Pp
+ See PATTERNS in
-.Xr ssh_config 5
+.Xr ssh_config 4
for more information on patterns.
.It Cm ForceCommand
Forces the execution of the command specified by
-@@ -403,7 +403,7 @@
+@@ -472,7 +472,7 @@
Specifies whether remote hosts are allowed to connect to ports
forwarded for the client.
By default,
@@ -356,7 +365,7 @@
binds remote port forwardings to the loopback address.
This prevents other remote hosts from connecting to forwarded ports.
.Cm GatewayPorts
-@@ -451,7 +451,7 @@
+@@ -520,7 +520,7 @@
A setting of
.Dq yes
means that
@@ -365,7 +374,7 @@
uses the name supplied by the client rather than
attempting to resolve the name from the TCP connection itself.
The default is
-@@ -462,7 +462,7 @@
+@@ -531,7 +531,7 @@
by
.Cm HostKey .
The default behaviour of
@@ -374,7 +383,7 @@
is not to load any certificates.
.It Cm HostKey
Specifies a file containing a private host key
-@@ -476,7 +476,7 @@
+@@ -546,7 +546,7 @@
.Pa /etc/ssh/ssh_host_rsa_key
for protocol version 2.
Note that
@@ -383,7 +392,7 @@
will refuse to use a file if it is group/world-accessible.
It is possible to have multiple host key files.
.Dq rsa1
-@@ -504,7 +504,7 @@
+@@ -587,7 +587,7 @@
.Dq yes .
.It Cm IgnoreUserKnownHosts
Specifies whether
@@ -392,16 +401,7 @@
should ignore the user's
.Pa ~/.ssh/known_hosts
during
-@@ -580,7 +580,7 @@
- Multiple algorithms must be comma-separated.
- The default is
- .Dq ecdh-sha2-nistp256 ,
--.Dq ecdh-sha2-nistp384 ,
-+.Dq ecdh-sha2-nistp834 ,
- .Dq ecdh-sha2-nistp521 ,
- .Dq diffie-hellman-group-exchange-sha256 ,
- .Dq diffie-hellman-group-exchange-sha1 ,
-@@ -597,7 +597,7 @@
+@@ -681,7 +681,7 @@
The default is 3600 (seconds).
.It Cm ListenAddress
Specifies the local addresses
@@ -410,7 +410,7 @@
should listen on.
The following forms may be used:
.Pp
-@@ -640,7 +640,7 @@
+@@ -724,7 +724,7 @@
The default is 120 seconds.
.It Cm LogLevel
Gives the verbosity level that is used when logging messages from
@@ -419,16 +419,16 @@
The possible values are:
QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
The default is INFO.
-@@ -681,7 +681,7 @@
+@@ -776,7 +776,7 @@
+ The match patterns may consist of single entries or comma-separated
lists and may use the wildcard and negation operators described in the
- .Sx PATTERNS
- section of
+ PATTERNS section of
-.Xr ssh_config 5 .
+.Xr ssh_config 4 .
.Pp
The patterns in an
.Cm Address
-@@ -751,7 +751,7 @@
+@@ -856,7 +856,7 @@
the three colon separated values
.Dq start:rate:full
(e.g. "10:30:60").
@@ -437,7 +437,7 @@
will refuse connection attempts with a probability of
.Dq rate/100
(30%)
-@@ -855,7 +855,7 @@
+@@ -969,7 +969,7 @@
options in
.Pa ~/.ssh/authorized_keys
are processed by
@@ -446,7 +446,7 @@
The default is
.Dq no .
Enabling environment processing may enable users to bypass access
-@@ -868,7 +868,7 @@
+@@ -982,7 +982,7 @@
.Pa /var/run/sshd.pid .
.It Cm Port
Specifies the port number that
@@ -455,7 +455,7 @@
listens on.
The default is 22.
Multiple options of this type are permitted.
-@@ -876,7 +876,7 @@
+@@ -990,7 +990,7 @@
.Cm ListenAddress .
.It Cm PrintLastLog
Specifies whether
@@ -464,7 +464,7 @@
should print the date and time of the last user login when a user logs
in interactively.
The default is
-@@ -883,7 +883,7 @@
+@@ -997,7 +997,7 @@
.Dq yes .
.It Cm PrintMotd
Specifies whether
@@ -473,13 +473,8 @@
should print
.Pa /etc/motd
when a user logs in interactively.
-@@ -891,10 +891,11 @@
- .Pa /etc/profile ,
- or equivalent.)
- The default is
--.Dq yes .
-+.Dq no
-+on Solaris.
+@@ -1008,7 +1008,7 @@
+ .Dq yes .
.It Cm Protocol
Specifies the protocol versions
-.Xr sshd 8
@@ -487,7 +482,7 @@
supports.
The possible values are
.Sq 1
-@@ -936,7 +937,7 @@
+@@ -1081,7 +1081,7 @@
The minimum value is 512, and the default is 1024.
.It Cm StrictModes
Specifies whether
@@ -496,16 +491,7 @@
should check file modes and ownership of the
user's files and home directory before accepting login.
This is normally desirable because novices sometimes accidentally leave their
-@@ -952,7 +953,7 @@
- to execute upon subsystem request.
- .Pp
- The command
--.Xr sftp-server 8
-+.Xr sftp-server 1M
- implements the
- .Dq sftp
- file transfer subsystem.
-@@ -970,7 +971,7 @@
+@@ -1115,7 +1115,7 @@
Note that this option applies to protocol version 2 only.
.It Cm SyslogFacility
Gives the facility code that is used when logging messages from
@@ -514,7 +500,7 @@
The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
The default is AUTH.
-@@ -1013,7 +1014,7 @@
+@@ -1156,7 +1156,7 @@
.Xr ssh-keygen 1 .
.It Cm UseDNS
Specifies whether
@@ -523,7 +509,7 @@
should look up the remote host name and check that
the resolved host name for the remote IP address maps back to the
very same IP address.
-@@ -1058,13 +1059,14 @@
+@@ -1201,13 +1201,13 @@
If
.Cm UsePAM
is enabled, you will not be able to run
@@ -531,9 +517,7 @@
+.Xr sshd 1M
as a non-root user.
The default is
--.Dq no .
-+.Dq yes
-+on Solaris.
+ .Dq no .
.It Cm UsePrivilegeSeparation
Specifies whether
-.Xr sshd 8
@@ -541,8 +525,8 @@
separates privileges by creating an unprivileged child process
to deal with incoming network traffic.
After successful authentication, another process will be created that has
-@@ -1081,7 +1083,7 @@
- restrictions.
+@@ -1229,7 +1229,7 @@
+ .Dq none .
.It Cm X11DisplayOffset
Specifies the first display number available for
-.Xr sshd 8 Ns 's
@@ -550,7 +534,7 @@
X11 forwarding.
This prevents sshd from interfering with real X11 servers.
The default is 10.
-@@ -1096,7 +1098,7 @@
+@@ -1244,7 +1244,7 @@
.Pp
When X11 forwarding is enabled, there may be additional exposure to
the server and to client displays if the
@@ -559,7 +543,7 @@
proxy display is configured to listen on the wildcard address (see
.Cm X11UseLocalhost
below), though this is not the default.
-@@ -1107,7 +1109,7 @@
+@@ -1255,7 +1255,7 @@
forwarding (see the warnings for
.Cm ForwardX11
in
@@ -568,7 +552,7 @@
A system administrator may have a stance in which they want to
protect clients that may expose themselves to attack by unwittingly
requesting X11 forwarding, which can warrant a
-@@ -1121,7 +1123,7 @@
+@@ -1269,7 +1269,7 @@
is enabled.
.It Cm X11UseLocalhost
Specifies whether
@@ -577,7 +561,7 @@
should bind the X11 forwarding server to the loopback address or to
the wildcard address.
By default,
-@@ -1152,7 +1154,7 @@
+@@ -1300,7 +1300,7 @@
.Pa /usr/X11R6/bin/xauth .
.El
.Sh TIME FORMATS
@@ -586,7 +570,7 @@
command-line arguments and configuration file options that specify time
may be expressed using a sequence of the form:
.Sm off
-@@ -1196,12 +1198,12 @@
+@@ -1344,12 +1344,12 @@
.Bl -tag -width Ds
.It Pa /etc/ssh/sshd_config
Contains configuration data for
@@ -601,18 +585,18 @@
.Sh AUTHORS
OpenSSH is a derivative of the original and free
ssh 1.2.12 release by Tatu Ylonen.
---- orig/sshd.8 Thu Jan 10 15:04:00 2013
-+++ new/sshd.8 Thu Jan 10 15:53:31 2013
+--- orig/sshd.8 Thu Feb 6 10:01:20 2014
++++ new/sshd.8 Thu Feb 6 10:22:35 2014
@@ -35,7 +35,7 @@
.\"
- .\" $OpenBSD: sshd.8,v 1.264 2011/09/23 00:22:04 dtucker Exp $
- .Dd $Mdocdate: September 23 2011 $
+ .\" $OpenBSD: sshd.8,v 1.273 2013/12/07 11:58:46 naddy Exp $
+ .Dd $Mdocdate: December 7 2013 $
-.Dt SSHD 8
+.Dt SSHD 1M
.Os
.Sh NAME
.Nm sshd
-@@ -79,7 +79,7 @@
+@@ -80,7 +80,7 @@
.Nm
can be configured using command-line options or a configuration file
(by default
@@ -621,7 +605,7 @@
command-line options override values specified in the
configuration file.
.Nm
-@@ -204,7 +204,7 @@
+@@ -210,7 +210,7 @@
This is useful for specifying options for which there is no separate
command-line flag.
For full details of the options, and their values, see
@@ -630,16 +614,16 @@
.It Fl p Ar port
Specifies the port on which the server listens for connections
(default 22).
-@@ -274,7 +274,7 @@
+@@ -280,7 +280,7 @@
though this can be changed via the
.Cm Protocol
option in
-.Xr sshd_config 5 .
+.Xr sshd_config 4 .
- Protocol 2 supports DSA, ECDSA and RSA keys;
+ Protocol 2 supports DSA, ECDSA, ED25519 and RSA keys;
protocol 1 only supports RSA keys.
For both protocols,
-@@ -399,7 +399,7 @@
+@@ -405,7 +405,7 @@
See the
.Cm PermitUserEnvironment
option in
@@ -648,7 +632,7 @@
.It
Changes to user's home directory.
.It
-@@ -542,7 +542,7 @@
+@@ -550,7 +550,7 @@
environment variable.
Note that this option applies to shell, command or subsystem execution.
Also note that this command may be superseded by either a
@@ -657,16 +641,16 @@
.Cm ForceCommand
directive or a command embedded in a certificate.
.It Cm environment="NAME=value"
-@@ -565,7 +565,7 @@
- See
- .Sx PATTERNS
- in
+@@ -571,7 +571,7 @@
+ name of the remote host or its IP address must be present in the
+ comma-separated list of patterns.
+ See PATTERNS in
-.Xr ssh_config 5
+.Xr ssh_config 4
for more information on patterns.
.Pp
In addition to the wildcard matching that may be applied to hostnames or
-@@ -859,7 +859,7 @@
+@@ -865,7 +865,7 @@
.It Pa /etc/moduli
Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
The file format is described in
@@ -675,7 +659,7 @@
.Pp
.It Pa /etc/motd
See
-@@ -918,7 +918,7 @@
+@@ -926,7 +926,7 @@
Contains configuration data for
.Nm sshd .
The file format and configuration options are described in
@@ -684,7 +668,7 @@
.Pp
.It Pa /etc/ssh/sshrc
Similar to
-@@ -954,10 +954,10 @@
+@@ -962,10 +962,10 @@
.Xr chroot 2 ,
.Xr hosts_access 5 ,
.Xr login.conf 5 ,
--- a/components/openssh/patches/010-gss_store_cred.patch Thu Mar 27 12:02:39 2014 -0700
+++ b/components/openssh/patches/010-gss_store_cred.patch Thu Mar 27 19:40:44 2014 -0700
@@ -13,13 +13,12 @@
# libgssapi_krb5) Solaris Kerberos libgss does not have Kerberos mechanism
# directly built in the library and this function is not directly accessible.
#
-# The patch is implemented as Solaris-specific using USE_GSS_STORE_CRED
+# The patch is implemented as Solaris-specific using USE_GSS_STORE_CRED
# and GSSAPI_STORECREDS_NEEDS_RUID macros.
#
-diff -ur old/config.h.in new/config.h.in
---- old/config.h.in 2012-04-19 22:03:32.000000000 -0700
-+++ new/config.h.in 2014-03-12 06:47:38.667166593 -0700
-@@ -1465,6 +1465,12 @@
+--- orig/config.h.in Fri Mar 21 11:42:17 2014
++++ new/config.h.in Fri Mar 21 11:46:26 2014
+@@ -1616,6 +1616,12 @@
/* Use btmp to log bad logins */
#undef USE_BTMP
@@ -32,51 +31,49 @@
/* Use libedit for sftp */
#undef USE_LIBEDIT
-diff -ur old/configure new/configure
---- old/configure 2014-03-12 04:01:33.320409426 -0700
-+++ new/configure 2014-03-12 06:47:48.510155481 -0700
-@@ -7201,6 +7201,9 @@
+--- orig/configure Fri Mar 21 11:42:24 2014
++++ new/configure Fri Mar 21 11:49:51 2014
+@@ -7797,6 +7797,9 @@
fi
-+ $as_echo "#define USE_GSS_STORE_CRED 1" >>confdefs.h
-+ $as_echo "#define GSSAPI_STORECREDS_NEEDS_RUID 1" >>confdefs.h
++ $as_echo "#define USE_GSS_STORE_CRED 1" >>confdefs.h
++ $as_echo "#define GSSAPI_STORECREDS_NEEDS_RUID 1" >>confdefs.h
+
+ TEST_SHELL=$SHELL # let configure find us a capable shell
+ ;;
+ *-*-sunos4*)
+--- orig/configure.ac Fri Mar 21 11:42:28 2014
++++ new/configure.ac Fri Mar 21 16:32:28 2014
+@@ -866,6 +866,8 @@
+ ],
+ )
+ TEST_SHELL=$SHELL # let configure find us a capable shell
++ AC_DEFINE([USE_GSS_STORE_CRED])
++ AC_DEFINE([GSSAPI_STORECREDS_NEEDS_RUID])
;;
*-*-sunos4*)
CPPFLAGS="$CPPFLAGS -DSUNOS4"
-diff -ur old/configure.ac new/configure.ac
---- old/configure.ac 2014-03-12 04:01:33.310743659 -0700
-+++ new/configure.ac 2014-03-12 06:47:59.218730468 -0700
-@@ -802,6 +802,8 @@
- SP_MSG="yes" ], )
- ],
- )
-+ AC_DEFINE([USE_GSS_STORE_CRED])
-+ AC_DEFINE([GSSAPI_STORECREDS_NEEDS_RUID])
- ;;
- *-*-sunos4*)
- CPPFLAGS="$CPPFLAGS -DSUNOS4"
-diff -ur old/gss-serv-krb5.c new/gss-serv-krb5.c
---- old/gss-serv-krb5.c 2006-08-31 22:38:36.000000000 -0700
-+++ new/gss-serv-krb5.c 2014-03-17 06:25:36.218227736 -0700
-@@ -109,6 +109,7 @@
+--- orig/gss-serv-krb5.c Fri Mar 21 11:42:46 2014
++++ new/gss-serv-krb5.c Fri Mar 21 11:54:48 2014
+@@ -109,7 +109,7 @@
+ return retval;
}
-
+-
+#ifndef USE_GSS_STORE_CRED
/* This writes out any forwarded credentials from the structure populated
* during userauth. Called after we have setuid to the user */
-@@ -183,6 +184,7 @@
+@@ -195,6 +195,7 @@
return;
}
-+#endif /* #ifndef USE_GSS_STORE_CRED */
++#endif /* #ifndef USE_GSS_STORE_CRED */
ssh_gssapi_mech gssapi_kerberos_mech = {
"toWM5Slw5Ew8Mqkay+al2g==",
-@@ -191,7 +193,11 @@
+@@ -203,7 +204,11 @@
NULL,
&ssh_gssapi_krb5_userok,
NULL,
@@ -88,10 +85,9 @@
};
#endif /* KRB5 */
-diff -ur old/gss-serv.c new/gss-serv.c
---- old/gss-serv.c 2011-08-05 13:16:46.000000000 -0700
-+++ new/gss-serv.c 2014-03-12 05:55:42.368676287 -0700
-@@ -292,22 +292,66 @@
+--- orig/gss-serv.c Fri Mar 21 11:42:53 2014
++++ new/gss-serv.c Fri Mar 21 15:59:43 2014
+@@ -292,6 +292,9 @@
void
ssh_gssapi_cleanup_creds(void)
{
@@ -101,6 +97,7 @@
if (gssapi_client.store.filename != NULL) {
/* Unlink probably isn't sufficient */
debug("removing gssapi cred file\"%s\"",
+@@ -298,6 +301,7 @@
gssapi_client.store.filename);
unlink(gssapi_client.store.filename);
}
@@ -108,6 +105,7 @@
}
/* As user */
+@@ -304,10 +308,50 @@
void
ssh_gssapi_storecreds(void)
{
@@ -158,25 +156,23 @@
}
/* This allows GSSAPI methods to do things to the childs environment based
-diff -ur old/servconf.c new/servconf.c
---- old/servconf.c 2014-03-12 04:01:33.343205265 -0700
-+++ new/servconf.c 2014-03-12 04:01:33.400368192 -0700
-@@ -386,7 +386,11 @@
+--- orig/servconf.c Fri Mar 21 11:43:02 2014
++++ new/servconf.c Fri Mar 21 16:02:54 2014
+@@ -409,7 +409,11 @@
{ "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
#ifdef GSSAPI
{ "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
+#ifdef USE_GSS_STORE_CRED
+ { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
-+#else /* USE_GSS_STORE_CRED*/
++#else /* USE_GSS_STORE_CRED */
{ "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
-+#endif /* USE_GSS_STORE_CRED*/
++#endif /* USE_GSS_STORE_CRED */
#else
{ "gssapiauthentication", sUnsupported, SSHCFG_ALL },
{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
-diff -ur old/sshd.c new/sshd.c
---- old/sshd.c 2014-03-12 04:01:33.321603394 -0700
-+++ new/sshd.c 2014-03-12 06:48:16.296909610 -0700
-@@ -2041,9 +2041,23 @@
+--- orig/sshd.c Fri Mar 21 11:43:08 2014
++++ new/sshd.c Mon Mar 24 15:05:30 2014
+@@ -2126,9 +2126,23 @@
#ifdef GSSAPI
if (options.gss_authentication) {