Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

openssh: Upgrade to 6.5p1 #274

Closed
wants to merge 1 commit into from

9 participants

@kruton

Fixed the Apple Keychain and GSSKEX patches to apply to 6.5p1 as well.

@kruton kruton openssh: Upgrade to 6.5p1
Fixed the Apple Keychain and GSSKEX patches to apply to 6.5p1 as well.
d58a26f
@lox

Worth noting that the Apple Keychain patch changes the standard -K to -M. See #242

@omni-vi omni-vi referenced this pull request from a commit
@jwilkins jwilkins openssh 6.5
Closes #273.

Signed-off-by: Adam Vandenberg <flangy@gmail.com>
c591ca5
@omni-vi

For everyone wanting to upgrade while this is not merged:

$> curl -O https://raw.github.com/kruton/homebrew-dupes/openssh/openssh.rb
$> brew upgrade ./openssh.rb

It worked for me.

@ghost Unknown referenced this pull request
Closed

openssh failed to build on 10.9.1 #280

@adamv
Owner

Please rebase this on master.

@omni-vi

The version of sshd build by this recipe doesn't accept connections. It quits with
ssh_sandbox_child: sandbox_init: dlopen(/usr/lib/libsandbox.1.dylib, 261): image not found [preauth]

Looks like this problem:
https://trac.macports.org/ticket/36291

@omni-vi

Debug output from homebrew opensshd OSX 10.9.2

host@user:/$ sudo /usr/local/sbin/sshd -D -d -d -d
debug2: load_server_config: filename /usr/local/etc/ssh/sshd_config
debug2: load_server_config: done config len = 268
debug2: parse_server_config: config /usr/local/etc/ssh/sshd_config len 268
debug3: /usr/local/etc/ssh/sshd_config:53 setting AuthorizedKeysFile .ssh/authorized_keys
debug3: /usr/local/etc/ssh/sshd_config:108 setting UsePrivilegeSeparation sandbox
debug1: sshd version OpenSSH_6.5, OpenSSL 1.0.1f 6 Jan 2014
debug1: private host key: #0 type 1 RSA
debug3: Incorrect RSA1 identifier
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type DSA
debug1: rexec_argv[0]='/usr/local/sbin/sshd'
debug1: rexec_argv[1]='-D'
debug1: rexec_argv[2]='-d'
debug1: rexec_argv[3]='-d'
debug1: rexec_argv[4]='-d'
debug2: fd 4 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug2: fd 5 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 5 IPV6_V6ONLY
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: fd 6 clearing O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 9 config len 268
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 6 out 6 newsock 6 pipe -1 sock 9
debug1: inetd sockets after dupping: 5, 5
Connection from 127.0.0.1 port 53639 on 127.0.0.1 port 22
debug1: Client protocol version 2.0; client software version OpenSSH-keyscan
debug1: match: OpenSSH-keyscan pat OpenSSH* compat 0x04000000
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.5
debug2: fd 5 setting O_NONBLOCK
debug3: ssh_sandbox_init: preparing Darwin sandbox
debug2: Network child is on pid 4384
debug3: preauth child monitor started
debug3: privsep user:group 75:75 [preauth]
debug1: permanently_set_uid: 75/75 [preauth]
debug3: ssh_sandbox_child: starting Darwin sandbox [preauth]
ssh_sandbox_child: sandbox_init: dlopen(/usr/lib/libsandbox.1.dylib, 261): image not found [preauth]
debug1: do_cleanup [preauth]
debug1: monitor_read_log: child log fd closed
debug3: mm_request_receive entering
debug1: do_cleanup
debug1: Killing privsep child 4384

@denji

Patch http://trac.macports.org/browser/trunk/dports/net/openssh?order=name#files

http://trac.macports.org/browser/trunk/dports/net/openssh/Portfile

# the HPN patch needs this, so rewrite all other patches to support it, too
patch.args          -p1
patchfiles          launchd.patch \
                    pam.patch \
                    patch-sandbox-darwin.c-apple-sandbox-named-external.diff \
                    patch-sshd.c-apple-sandbox-named-external.diff
# We need a couple of patches
# - pam.patch
#   getpwnam(3) on OS X always returns "*********" in the pw_passwd field even
#   when run as root, so it can't be used for authentication. This patch just
#   forces the use of PAM regardless of the configuration.
# - patch-*-apple-sandbox-named-external.diff
#   Use Apple's sandbox_init(3) in addition to standard privilege separation.
#   This requires a sandbox profile (which we provide) and the sandbox_init(3)
#   call before the chroot(2) to privsep-path ($prefix/var/empty), or it will
#   fail to load the sandbox description and libsandbox.1.dylib.
variant hpn conflicts gsskex description {Apply high performance patch} {
    # http://www.psc.edu/index.php/hpn-ssh
    # http://www.freshports.org/security/openssh-portable/ is usually quick in
    # updating the HPN patch for new versions, take a look there, too.
    patch_sites-append      http://mirror.shatow.net/freebsd/openssh/
    set hpn_patchfile       ${name}-${version}-hpnssh14v2.diff.gz
    patchfiles-append       ${hpn_patchfile}
    checksums-append        ${hpn_patchfile} \
                            rmd160  5a7203fffee510b2ae6737af074fec2834bae122 \
                            sha256 be6915130f2b1aad00235e02d55b67114dbb517b13d04d52a8abac9343166efd
}
@jacknagel
Owner

Updated to 6.6p1 in 4ceb4c3, pull requests with updated patches are welcome.

@jacknagel jacknagel closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Feb 12, 2014
  1. @kruton

    openssh: Upgrade to 6.5p1

    kruton authored
    Fixed the Apple Keychain and GSSKEX patches to apply to 6.5p1 as well.
This page is out of date. Refresh to see the latest.
Showing with 5 additions and 6 deletions.
  1. +5 −6 openssh.rb
View
11 openssh.rb
@@ -2,9 +2,9 @@
class Openssh < Formula
homepage 'http://www.openssh.com/'
- url 'http://ftp5.usa.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-6.4p1.tar.gz'
- version '6.4p1'
- sha1 'cf5fe0eb118d7e4f9296fbc5d6884965885fc55d'
+ url 'http://ftp5.usa.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-6.5p1.tar.gz'
+ version '6.5p1'
+ sha1 '3363a72b4fee91b29cf2024ff633c17f6cd2f86d'
option 'with-brewed-openssl', 'Build with Homebrew OpenSSL instead of the system version'
option 'with-keychain-support', 'Add native OS X Keychain and Launch Daemon support to ssh-agent'
@@ -18,9 +18,8 @@ class Openssh < Formula
def patches
p = []
# Apply a revised version of Simon Wilkinson's gsskex patch (http://www.sxw.org.uk/computing/patches/openssh.html), which has also been included in Apple's openssh for a while
- p << 'https://trac.macports.org/export/112514/trunk/dports/net/openssh/files/0002-Apple-keychain-integration-other-changes.patch' if build.include? 'with-keychain-support'
- p << 'https://gist.github.com/kruton/8120594/raw/74cab9ac1fa02505547a6afd7cf5e6b2b2428ed8/gistfile1.txt' if build.include? 'with-keychain-support'
- p << 'https://trac.macports.org/export/112514/trunk/dports/net/openssh/files/openssh-6.3p1-gsskex-all-20130920.patch' if build.with? 'gssapi-support'
+ p << 'https://gist.github.com/kruton/8951373/raw/a05b4a2d50bbac68e97d4747c1a34b53b9a941c4/openssh-6.5p1-apple-keychain.patch' if build.with? 'keychain-support'
+ p << 'https://gist.github.com/kruton/8951366/raw/6b488018a76aa341a1f74e618663a1c52328bb12/openssh-6.5p1-gsskex-all-20130920.patch' if build.with? 'gssapi-support'
p
end
Something went wrong with that request. Please try again.