[gsi-openssh/f19] Based on openssh-6.2p2-3.fc19
Mattias Ellert
ellert at fedoraproject.org
Mon Jun 24 05:18:29 UTC 2013
commit 06d8e5674769c52af9431ca2014e2c909adaaa16
Author: Mattias Ellert <mattias.ellert at fysast.uu.se>
Date: Mon Jun 24 06:14:08 2013 +0200
Based on openssh-6.2p2-3.fc19
gsi-openssh.spec | 30 ++-
gsisshd-keygen.service | 8 +
gsisshd.socket | 10 +
gsisshd at .service | 9 +
openssh-6.2p1-gsskex.patch | 153 +++++++++----
openssh-6.2p1-ldap.patch | 49 +++--
openssh-6.2p1-track-IdentifyFile.patch | 235 ------------------
....2p1-gsissh.patch => openssh-6.2p2-gsissh.patch | 252 ++++++++++----------
openssh-6.2p2-sftp-multibyte.patch | 64 +++++
sources | 2 +-
10 files changed, 381 insertions(+), 431 deletions(-)
---
diff --git a/gsi-openssh.spec b/gsi-openssh.spec
index 3a1221a..2b00f65 100644
--- a/gsi-openssh.spec
+++ b/gsi-openssh.spec
@@ -28,8 +28,8 @@
# Do we want LDAP support
%global ldap 1
-%global openssh_ver 6.2p1
-%global openssh_rel 3
+%global openssh_ver 6.2p2
+%global openssh_rel 1
Summary: An implementation of the SSH protocol with GSI authentication
Name: gsi-openssh
@@ -41,7 +41,10 @@ URL: http://www.openssh.com/portable.html
Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
Source2: gsisshd.pam
Source7: gsisshd.sysconfig
+Source9: gsisshd at .service
+Source10: gsisshd.socket
Source11: gsisshd.service
+Source12: gsisshd-keygen.service
Source13: gsisshd-keygen
Source99: README.sshd-and-gsisshd
@@ -125,14 +128,14 @@ Patch901: openssh-6.2p1-kuserok.patch
# build regress/modpipe tests with $(CFLAGS), based on
# http://lists.mindrot.org/pipermail/openssh-unix-dev/2013-March/031167.html
Patch905: openssh-6.2p1-modpipe-cflags.patch
-# https://bugzilla.mindrot.org/show_bug.cgi?id=2084
-Patch906: openssh-6.2p1-track-IdentifyFile.patch
# add latest config.{sub,guess} to support aarch64 (#926284)
Patch907: openssh-6.2p1-aarch64.patch
+# make sftp's libedit interface marginally multibyte aware (#841771)
+Patch908: openssh-6.2p2-sftp-multibyte.patch
# This is the patch that adds GSI support
-# Based on http://grid.ncsa.illinois.edu/ssh/dl/patch/openssh-6.2p1.patch
-Patch98: openssh-6.2p1-gsissh.patch
+# Based on http://grid.ncsa.illinois.edu/ssh/dl/patch/openssh-6.2p2.patch
+Patch98: openssh-6.2p2-gsissh.patch
License: BSD
Group: Applications/Internet
@@ -276,8 +279,8 @@ This version of OpenSSH has been modified to support GSI authentication.
%patch900 -p1 -b .canohost
%patch901 -p1 -b .kuserok
%patch905 -p1 -b .modpipe-cflags
-%patch906 -p1 -b .identityfile
%patch907 -p1 -b .aarch64
+%patch908 -p1 -b .sftp-multibyte
%patch98 -p1 -b .gsi
@@ -387,7 +390,10 @@ install -m644 %{SOURCE2} $RPM_BUILD_ROOT/etc/pam.d/gsisshd
install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/sysconfig/gsisshd
install -m755 %{SOURCE13} $RPM_BUILD_ROOT/%{_sbindir}/sshd-keygen
install -d -m755 $RPM_BUILD_ROOT/%{_unitdir}
+install -m644 %{SOURCE9} $RPM_BUILD_ROOT/%{_unitdir}/gsisshd at .service
+install -m644 %{SOURCE10} $RPM_BUILD_ROOT/%{_unitdir}/gsisshd.socket
install -m644 %{SOURCE11} $RPM_BUILD_ROOT/%{_unitdir}/gsisshd.service
+install -m644 %{SOURCE12} $RPM_BUILD_ROOT/%{_unitdir}/gsisshd-keygen.service
rm $RPM_BUILD_ROOT%{_bindir}/ssh-add
rm $RPM_BUILD_ROOT%{_bindir}/ssh-agent
@@ -429,10 +435,10 @@ getent passwd sshd >/dev/null || \
%systemd_post gsisshd.service
%preun server
-%systemd_preun gsisshd.service
+%systemd_preun gsisshd.service gsisshd.socket
%postun server
-%systemd_postun_with_restart gsisshd.service
+%systemd_postun_with_restart gsisshd.service gsisshd.socket
%triggerun server -- gsi-openssh-server < 5.8p2-1
/usr/bin/systemd-sysv-convert --save gsisshd >/dev/null 2>&1 || :
@@ -483,8 +489,14 @@ getent passwd sshd >/dev/null || \
%attr(0644,root,root) %config(noreplace) /etc/pam.d/gsisshd
%attr(0640,root,root) %config(noreplace) /etc/sysconfig/gsisshd
%attr(0644,root,root) %{_unitdir}/gsisshd.service
+%attr(0644,root,root) %{_unitdir}/gsisshd at .service
+%attr(0644,root,root) %{_unitdir}/gsisshd.socket
+%attr(0644,root,root) %{_unitdir}/gsisshd-keygen.service
%changelog
+* Mon Jun 24 2013 Mattias Ellert <mattias.ellert at fysast.uu.se> - 6.2p2-1
+- Based on openssh-6.2p2-3.fc19
+
* Fri Apr 26 2013 Mattias Ellert <mattias.ellert at fysast.uu.se> - 6.2p1-3
- Based on openssh-6.2p1-4.fc19
diff --git a/gsisshd-keygen.service b/gsisshd-keygen.service
new file mode 100644
index 0000000..6bd2c4f
--- /dev/null
+++ b/gsisshd-keygen.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=gsissh Server Key Generation
+ConditionPathExists=|!/etc/gsissh/ssh_host_rsa_key
+ConditionPathExists=|!/etc/gsissh/ssh_host_dsa_key
+
+[Service]
+ExecStart=/usr/sbin/gsisshd-keygen
+Type=oneshot
diff --git a/gsisshd.socket b/gsisshd.socket
new file mode 100644
index 0000000..eb295f5
--- /dev/null
+++ b/gsisshd.socket
@@ -0,0 +1,10 @@
+[Unit]
+Description=gsissh Server Socket
+Conflicts=gsisshd.service
+
+[Socket]
+ListenStream=22
+Accept=yes
+
+[Install]
+WantedBy=sockets.target
diff --git a/gsisshd at .service b/gsisshd at .service
new file mode 100644
index 0000000..2030d9f
--- /dev/null
+++ b/gsisshd at .service
@@ -0,0 +1,9 @@
+[Unit]
+Description=gsissh per-connection server daemon
+Wants=gsisshd-keygen.service
+After=auditd.service gsisshd-keygen.service
+
+[Service]
+EnvironmentFile=-/etc/sysconfig/gsisshd
+ExecStart=-/usr/sbin/gsisshd -i $OPTIONS
+StandardInput=socket
diff --git a/openssh-6.2p1-gsskex.patch b/openssh-6.2p1-gsskex.patch
index 3934dcf..d6f0810 100644
--- a/openssh-6.2p1-gsskex.patch
+++ b/openssh-6.2p1-gsskex.patch
@@ -105,56 +105,79 @@ diff -up openssh-6.2p1/auth-krb5.c.gsskex openssh-6.2p1/auth-krb5.c
#include <krb5.h>
extern ServerOptions options;
-@@ -170,8 +171,13 @@ auth_krb5_password(Authctxt *authctxt, c
+@@ -77,6 +78,7 @@ auth_krb5_password(Authctxt *authctxt, c
+ #endif
+ krb5_error_code problem;
+ krb5_ccache ccache = NULL;
++ const char *ccache_type;
+ int len;
+ char *client, *platform_client;
+
+@@ -166,12 +168,30 @@ auth_krb5_password(Authctxt *authctxt, c
+ goto out;
+ #endif
+
++ ccache_type = krb5_cc_get_type(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache);
+ authctxt->krb5_ticket_file = (char *)krb5_cc_get_name(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache);
- len = strlen(authctxt->krb5_ticket_file) + 6;
+- len = strlen(authctxt->krb5_ticket_file) + 6;
++ if (authctxt->krb5_ticket_file[0] == ':')
++ authctxt->krb5_ticket_file++;
++
++ len = strlen(authctxt->krb5_ticket_file) + strlen(ccache_type);
authctxt->krb5_ccname = xmalloc(len);
- snprintf(authctxt->krb5_ccname, len, "FILE:%s",
++
+#ifdef USE_CCAPI
+ snprintf(authctxt->krb5_ccname, len, "API:%s",
authctxt->krb5_ticket_file);
+#else
-+ snprintf(authctxt->krb5_ccname, len, "DIR:%s",
-+ authctxt->krb5_ticket_file);
++ snprintf(authctxt->krb5_ccname, len, "%s:%s",
++ ccache_type, authctxt->krb5_ticket_file);
+#endif
++
++ if (strcmp(ccache_type, "DIR") == 0) {
++ char *p;
++ p = strrchr(authctxt->krb5_ccname, '/');
++ if (p)
++ *p = '\0';
++ }
++
#ifdef USE_PAM
if (options.use_pam)
-@@ -208,10 +214,33 @@ auth_krb5_password(Authctxt *authctxt, c
+@@ -208,10 +228,30 @@ auth_krb5_password(Authctxt *authctxt, c
void
krb5_cleanup_proc(Authctxt *authctxt)
{
+ struct stat krb5_ccname_stat;
-+ char krb5_ccname[128], *krb5_ccname_dir_end;
++ char krb5_ccname[128], *krb5_ccname_dir_start, *krb5_ccname_dir_end;
+
debug("krb5_cleanup_proc called");
if (authctxt->krb5_fwd_ccache) {
krb5_cc_destroy(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache);
authctxt->krb5_fwd_ccache = NULL;
+
-+ /* assume ticket cache type DIR - DIR::/tmp/krb5cc_876600005_T9eDKSQvzb/tkt */
-+ strncpy(krb5_ccname, authctxt->krb5_ccname + strlen("DIR::"), sizeof(krb5_ccname) - 10);
++ strncpy(krb5_ccname, authctxt->krb5_ccname, sizeof(krb5_ccname) - 10);
++ krb5_ccname_dir_start = strchr(krb5_ccname, ':') + 1;
++ strcat(krb5_ccname_dir_start, "/primary");
+
-+ krb5_ccname_dir_end = strrchr(krb5_ccname, '/');
-+ if (krb5_ccname_dir_end != NULL) {
-+ strcpy(krb5_ccname_dir_end, "/primary");
-+
-+ if (stat(krb5_ccname, &krb5_ccname_stat) == 0) {
-+ if (unlink(krb5_ccname) == 0) {
-+ *krb5_ccname_dir_end = '\0';
-+ if (rmdir(krb5_ccname) == -1)
-+ debug("cache dir '%s' remove failed: %s", krb5_ccname, strerror(errno));
-+ }
-+ else
-+ debug("cache primary file '%s', remove failed: %s",
-+ krb5_ccname, strerror(errno)
-+ );
++ if (stat(krb5_ccname_dir_start, &krb5_ccname_stat) == 0) {
++ if (unlink(krb5_ccname_dir_start) == 0) {
++ krb5_ccname_dir_end = strrchr(krb5_ccname_dir_start, '/');
++ *krb5_ccname_dir_end = '\0';
++ if (rmdir(krb5_ccname_dir_start) == -1)
++ debug("cache dir '%s' remove failed: %s", krb5_ccname_dir_start, strerror(errno));
+ }
++ else
++ debug("cache primary file '%s', remove failed: %s",
++ krb5_ccname_dir_start, strerror(errno)
++ );
+ }
}
if (authctxt->krb5_user) {
krb5_free_principal(authctxt->krb5_ctx, authctxt->krb5_user);
-@@ -226,31 +255,37 @@ krb5_cleanup_proc(Authctxt *authctxt)
+@@ -226,31 +266,45 @@ krb5_cleanup_proc(Authctxt *authctxt)
#ifndef HEIMDAL
krb5_error_code
ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) {
@@ -162,17 +185,17 @@ diff -up openssh-6.2p1/auth-krb5.c.gsskex openssh-6.2p1/auth-krb5.c
- char ccname[40];
+ int ret, oerrno;
+ char ccname[128];
- mode_t old_umask;
+#ifdef USE_CCAPI
+ char cctemplate[] = "API:krb5cc_%d";
+#else
-+ char cctemplate[] = "DIR:/tmp/krb5cc_%d_XXXXXXXXXX";
+ mode_t old_umask;
++ char cctemplate[] = "DIR:/run/user/%d/krb5cc_XXXXXXXXXX";
+ char *tmpdir;
+#endif
- ret = snprintf(ccname, sizeof(ccname),
+- ret = snprintf(ccname, sizeof(ccname),
- "FILE:/tmp/krb5cc_%d_XXXXXXXXXX", geteuid());
-+ cctemplate, geteuid());
++ ret = snprintf(ccname, sizeof(ccname), cctemplate, geteuid());
if (ret < 0 || (size_t)ret >= sizeof(ccname))
return ENOMEM;
@@ -182,11 +205,20 @@ diff -up openssh-6.2p1/auth-krb5.c.gsskex openssh-6.2p1/auth-krb5.c
+ old_umask = umask(0077);
+ tmpdir = mkdtemp(ccname + strlen("DIR:"));
oerrno = errno;
++ if (tmpdir == NULL && errno == ENOENT) {
++ /* /run/user/uid doesn't exist -> fallback to /tmp */
++ ret = snprintf(ccname, sizeof(ccname), "DIR:/tmp/krb5cc_%d_XXXXXXXXXX", geteuid());
++ if (ret < 0 || (size_t)ret >= sizeof(ccname))
++ return ENOMEM;
++ tmpdir = mkdtemp(ccname + strlen("DIR:"));
++ oerrno = errno;
++ }
++
umask(old_umask);
- if (tmpfd == -1) {
- logit("mkstemp(): %.100s", strerror(oerrno));
+ if (tmpdir == NULL) {
-+ logit("mkdtemp(): %.100s", strerror(oerrno));
++ logit("mkdtemp(): %s - %.100s", ccname, strerror(oerrno));
return oerrno;
}
@@ -195,7 +227,7 @@ diff -up openssh-6.2p1/auth-krb5.c.gsskex openssh-6.2p1/auth-krb5.c
oerrno = errno;
- logit("fchmod(): %.100s", strerror(oerrno));
- close(tmpfd);
-+ logit("chmod(): %.100s", strerror(oerrno));
++ logit("chmod(): %s - %.100s", ccname, strerror(oerrno));
return oerrno;
}
- close(tmpfd);
@@ -934,7 +966,7 @@ diff -up openssh-6.2p1/gss-serv.c.gsskex openssh-6.2p1/gss-serv.c
gssapi_client.store.filename);
unlink(gssapi_client.store.filename);
+
-+ /* Ticket cache: DIR::/tmp/krb5cc_876600005_T9eDKSQvzb/tkt */
++ /* Ticket cache: DIR::/run/user/13558/krb5cc_T9eDKSQvzb/tkt */
+ /* same code as in auth-krb5.c:krb5_cleanup_proc */
+ strncpy(krb5_ccname, gssapi_client.store.filename, sizeof(krb5_ccname) - 10);
+ krb5_ccname_dir_end = strrchr(krb5_ccname, '/');
@@ -1087,19 +1119,21 @@ diff -up openssh-6.2p1/gss-serv-krb5.c.gsskex openssh-6.2p1/gss-serv-krb5.c
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
-@@ -120,6 +120,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_cl
+@@ -119,7 +119,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_cl
+ krb5_error_code problem;
krb5_principal princ;
OM_uint32 maj_status, min_status;
- int len;
-+ const char *new_ccname;
+- int len;
++ const char *new_ccname, *new_cctype;
if (client->creds == NULL) {
debug("No credentials stored");
-@@ -168,11 +169,18 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_cl
+@@ -168,11 +168,25 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_cl
return;
}
- client->store.filename = xstrdup(krb5_cc_get_name(krb_context, ccache));
++ new_cctype = krb5_cc_get_type(krb_context, ccache);
+ new_ccname = krb5_cc_get_name(krb_context, ccache);
+
client->store.envvar = "KRB5CCNAME";
@@ -1110,15 +1144,21 @@ diff -up openssh-6.2p1/gss-serv-krb5.c.gsskex openssh-6.2p1/gss-serv-krb5.c
+ xasprintf(&client->store.envval, "API:%s", new_ccname);
+ client->store.filename = NULL;
+#else
-+ xasprintf(&client->store.envval, "DIR:%s", new_ccname);
+ if (new_ccname[0] == ':')
+ new_ccname++;
++ xasprintf(&client->store.envval, "%s:%s", new_cctype, new_ccname);
++ if (strcmp(new_cctype, "DIR") == 0) {
++ char *p;
++ p = strrchr(client->store.envval, '/');
++ if (p)
++ *p = '\0';
++ }
+ client->store.filename = xstrdup(new_ccname);
+#endif
#ifdef USE_PAM
if (options.use_pam)
-@@ -184,6 +192,71 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_cl
+@@ -184,6 +198,71 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_cl
return;
}
@@ -1190,7 +1230,7 @@ diff -up openssh-6.2p1/gss-serv-krb5.c.gsskex openssh-6.2p1/gss-serv-krb5.c
ssh_gssapi_mech gssapi_kerberos_mech = {
"toWM5Slw5Ew8Mqkay+al2g==",
"Kerberos",
-@@ -191,7 +264,8 @@ ssh_gssapi_mech gssapi_kerberos_mech = {
+@@ -191,7 +270,8 @@ ssh_gssapi_mech gssapi_kerberos_mech = {
NULL,
&ssh_gssapi_krb5_userok,
NULL,
@@ -2273,7 +2313,7 @@ diff -up openssh-6.2p1/readconf.c.gsskex openssh-6.2p1/readconf.c
#endif
{ "fallbacktorsh", oDeprecated },
{ "usersh", oDeprecated },
-@@ -483,10 +494,30 @@ parse_flag:
+@@ -503,10 +514,30 @@ parse_flag:
intptr = &options->gss_authentication;
goto parse_flag;
@@ -2304,7 +2344,7 @@ diff -up openssh-6.2p1/readconf.c.gsskex openssh-6.2p1/readconf.c
case oBatchMode:
intptr = &options->batch_mode;
goto parse_flag;
-@@ -1139,7 +1170,12 @@ initialize_options(Options * options)
+@@ -1158,7 +1189,12 @@ initialize_options(Options * options)
options->pubkey_authentication = -1;
options->challenge_response_authentication = -1;
options->gss_authentication = -1;
@@ -2317,7 +2357,7 @@ diff -up openssh-6.2p1/readconf.c.gsskex openssh-6.2p1/readconf.c
options->password_authentication = -1;
options->kbd_interactive_authentication = -1;
options->kbd_interactive_devices = NULL;
-@@ -1239,8 +1275,14 @@ fill_default_options(Options * options)
+@@ -1258,8 +1294,14 @@ fill_default_options(Options * options)
options->challenge_response_authentication = 1;
if (options->gss_authentication == -1)
options->gss_authentication = 0;
@@ -2806,7 +2846,36 @@ diff -up openssh-6.2p1/sshd.c.gsskex openssh-6.2p1/sshd.c
/*
* We don't want to listen forever unless the other side
* successfully authenticates itself. So we set up an alarm which is
-@@ -2466,6 +2527,48 @@ do_ssh2_kex(void)
+@@ -2139,14 +2200,6 @@ main(int ac, char **av)
+ #ifdef SSH_AUDIT_EVENTS
+ audit_event(SSH_AUTH_SUCCESS);
+ #endif
+-
+-#ifdef GSSAPI
+- if (options.gss_authentication) {
+- temporarily_use_uid(authctxt->pw);
+- ssh_gssapi_storecreds();
+- restore_uid();
+- }
+-#endif
+ #ifdef WITH_SELINUX
+ ssh_selinux_setup_exec_context(authctxt->pw->pw_name);
+ #endif
+@@ -2156,6 +2209,13 @@ main(int ac, char **av)
+ do_pam_session();
+ }
+ #endif
++#ifdef GSSAPI
++ if (options.gss_authentication) {
++ temporarily_use_uid(authctxt->pw);
++ ssh_gssapi_storecreds();
++ restore_uid();
++ }
++#endif
+
+ /*
+ * In privilege separation, we fork another child and prepare
+@@ -2466,6 +2526,48 @@ do_ssh2_kex(void)
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
@@ -2855,7 +2924,7 @@ diff -up openssh-6.2p1/sshd.c.gsskex openssh-6.2p1/sshd.c
/* start key exchange */
kex = kex_setup(myproposal);
kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
-@@ -2473,6 +2576,13 @@ do_ssh2_kex(void)
+@@ -2473,6 +2575,13 @@ do_ssh2_kex(void)
kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
diff --git a/openssh-6.2p1-ldap.patch b/openssh-6.2p1-ldap.patch
index c8795b5..8d717c5 100644
--- a/openssh-6.2p1-ldap.patch
+++ b/openssh-6.2p1-ldap.patch
@@ -146,8 +146,8 @@ diff -up openssh-6.2p1/HOWTO.ldap-keys.ldap openssh-6.2p1/HOWTO.ldap-keys
+ sshPublicKey: command="kill -9 1" ssh-rss AAAAM5...
+4) on the ssh side set in sshd_config
+ * Set up the backend
-+ AuthorizedKeysCommand "/usr/libexec/openssh/ssh-ldap-wrapper"
-+ AuthorizedKeysCommandRunAs <appropriate user to run LDAP>
++ AuthorizedKeysCommand /usr/libexec/openssh/ssh-ldap-wrapper
++ AuthorizedKeysCommandUser <appropriate user to run LDAP>
+ * Do not forget to set
+ PubkeyAuthentication yes
+ * Swith off unnecessary auth methods
@@ -258,7 +258,7 @@ diff -up openssh-6.2p1/ldapbody.c.ldap openssh-6.2p1/ldapbody.c
+#include <stdio.h>
+#include <unistd.h>
+
-+#define LDAPSEARCH_FORMAT "(&(objectclass=posixAccount)(objectclass=ldapPublicKey)(uid=%s)%s)"
++#define LDAPSEARCH_FORMAT "(&(objectclass=%s)(objectclass=ldapPublicKey)(uid=%s)%s)"
+#define PUBKEYATTR "sshPublicKey"
+#define LDAP_LOGFILE "%s/ldap.%d"
+
@@ -659,11 +659,11 @@ diff -up openssh-6.2p1/ldapbody.c.ldap openssh-6.2p1/ldapbody.c
+ }
+
+ /* build filter for LDAP request */
-+ bufflen = strlen (LDAPSEARCH_FORMAT) + strlen (user);
++ bufflen = strlen (LDAPSEARCH_FORMAT) + strlen(options.account_class) + strlen (user);
+ if (options.ssh_filter != NULL)
+ bufflen += strlen (options.ssh_filter);
+ buffer = xmalloc (bufflen);
-+ snprintf(buffer, bufflen, LDAPSEARCH_FORMAT, user, (options.ssh_filter != NULL) ? options.ssh_filter : NULL);
++ snprintf(buffer, bufflen, LDAPSEARCH_FORMAT, options.account_class, user, (options.ssh_filter != NULL) ? options.ssh_filter : NULL);
+ buffer[bufflen - 1] = 0;
+
+ debug3 ("LDAP search scope = %d %s", options.scope, buffer);
@@ -759,10 +759,10 @@ diff -up openssh-6.2p1/ldapbody.h.ldap openssh-6.2p1/ldapbody.h
+
+#endif /* LDAPBODY_H */
+
-diff -up openssh-6.2p1/ldapconf.c.ldap openssh-6.2p1/ldapconf.c
---- openssh-6.2p1/ldapconf.c.ldap 2013-03-25 21:27:15.890248084 +0100
-+++ openssh-6.2p1/ldapconf.c 2013-03-25 21:27:15.890248084 +0100
-@@ -0,0 +1,682 @@
+diff -up openssh-6.2p2/ldapconf.c.ldap openssh-6.2p2/ldapconf.c
+--- openssh-6.2p2/ldapconf.c.ldap 2013-06-07 15:10:05.601942693 +0200
++++ openssh-6.2p2/ldapconf.c 2013-06-07 15:10:24.928857566 +0200
+@@ -0,0 +1,691 @@
+/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/*
+ * Copyright (c) 2009 Jan F. Chadima. All rights reserved.
@@ -807,7 +807,7 @@ diff -up openssh-6.2p1/ldapconf.c.ldap openssh-6.2p1/ldapconf.c
+ lRestart, lTLS_CheckPeer, lTLS_CaCertFile,
+ lTLS_CaCertDir, lTLS_Ciphers, lTLS_Cert, lTLS_Key,
+ lTLS_RandFile, lLogDir, lDebug, lSSH_Filter,
-+ lDeprecated, lUnsupported
++ lAccountClass, lDeprecated, lUnsupported
+} OpCodes;
+
+/* Textual representations of the tokens. */
@@ -859,6 +859,7 @@ diff -up openssh-6.2p1/ldapconf.c.ldap openssh-6.2p1/ldapconf.c
+ { "LogDir", lLogDir },
+ { "Debug", lDebug },
+ { "SSH_Filter", lSSH_Filter },
++ { "AccountClass", lAccountClass },
+ { NULL, lBadOption }
+};
+
@@ -1151,6 +1152,10 @@ diff -up openssh-6.2p1/ldapconf.c.ldap openssh-6.2p1/ldapconf.c
+ xstringptr = &options.ssh_filter;
+ goto parse_xstring;
+
++ case lAccountClass:
++ charptr = &options.account_class;
++ goto parse_string;
++
+ case lDeprecated:
+ debug("%s line %d: Deprecated option \"%s\"",
+ filename, linenum, keyword);
@@ -1254,6 +1259,7 @@ diff -up openssh-6.2p1/ldapconf.c.ldap openssh-6.2p1/ldapconf.c
+ options.logdir = NULL;
+ options.debug = -1;
+ options.ssh_filter = NULL;
++ options.account_class = NULL;
+}
+
+/*
@@ -1324,6 +1330,8 @@ diff -up openssh-6.2p1/ldapconf.c.ldap openssh-6.2p1/ldapconf.c
+ options.debug = 0;
+ if (options.ssh_filter == NULL)
+ options.ssh_filter = "";
++ if (options.account_class == NULL)
++ options.account_class = "posixAccount";
+}
+
+static const char *
@@ -1443,12 +1451,13 @@ diff -up openssh-6.2p1/ldapconf.c.ldap openssh-6.2p1/ldapconf.c
+ dump_cfg_string(lLogDir, options.logdir);
+ dump_cfg_int(lDebug, options.debug);
+ dump_cfg_string(lSSH_Filter, options.ssh_filter);
++ dump_cfg_string(lAccountClass, options.logdir);
+}
+
-diff -up openssh-6.2p1/ldapconf.h.ldap openssh-6.2p1/ldapconf.h
---- openssh-6.2p1/ldapconf.h.ldap 2013-03-25 21:27:15.891248091 +0100
-+++ openssh-6.2p1/ldapconf.h 2013-03-25 21:27:15.891248091 +0100
-@@ -0,0 +1,71 @@
+diff -up openssh-6.2p2/ldapconf.h.ldap openssh-6.2p2/ldapconf.h
+--- openssh-6.2p2/ldapconf.h.ldap 2013-06-07 15:10:05.602942689 +0200
++++ openssh-6.2p2/ldapconf.h 2013-06-07 15:10:24.928857566 +0200
+@@ -0,0 +1,72 @@
+/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/*
+ * Copyright (c) 2009 Jan F. Chadima. All rights reserved.
@@ -1510,6 +1519,7 @@ diff -up openssh-6.2p1/ldapconf.h.ldap openssh-6.2p1/ldapconf.h
+ char *logdir;
+ int debug;
+ char *ssh_filter;
++ char *account_class;
+} Options;
+
+extern Options options;
@@ -2123,10 +2133,10 @@ diff -up openssh-6.2p1/openssh-lpk-sun.schema.ldap openssh-6.2p1/openssh-lpk-sun
+ DESC 'MANDATORY: OpenSSH LPK objectclass'
+ MUST ( sshPublicKey $ uid )
+ )
-diff -up openssh-6.2p1/ssh-ldap.conf.5.ldap openssh-6.2p1/ssh-ldap.conf.5
---- openssh-6.2p1/ssh-ldap.conf.5.ldap 2013-03-25 21:27:15.895248117 +0100
-+++ openssh-6.2p1/ssh-ldap.conf.5 2013-03-25 21:27:15.895248117 +0100
-@@ -0,0 +1,376 @@
+diff -up openssh-6.2p2/ssh-ldap.conf.5.ldap openssh-6.2p2/ssh-ldap.conf.5
+--- openssh-6.2p2/ssh-ldap.conf.5.ldap 2013-06-07 15:10:05.604942680 +0200
++++ openssh-6.2p2/ssh-ldap.conf.5 2013-06-07 15:10:24.928857566 +0200
+@@ -0,0 +1,379 @@
+.\" $OpenBSD: ssh-ldap.conf.5,v 1.1 2010/02/10 23:20:38 markus Exp $
+.\"
+.\" Copyright (c) 2010 Jan F. Chadima. All rights reserved.
@@ -2487,6 +2497,9 @@ diff -up openssh-6.2p1/ssh-ldap.conf.5.ldap openssh-6.2p1/ssh-ldap.conf.5
+.It Cm SSH_Filter
+Specifies the user filter applied on the LDAP serch.
+The default is no filter.
++.It Cm AccountClass
++Specifies the LDAP class used to find user accounts.
++The default is posixAccount.
+.El
+.Sh FILES
+.Bl -tag -width Ds
diff --git a/openssh-6.2p1-gsissh.patch b/openssh-6.2p2-gsissh.patch
similarity index 91%
rename from openssh-6.2p1-gsissh.patch
rename to openssh-6.2p2-gsissh.patch
index c471226..3f44755 100644
--- a/openssh-6.2p1-gsissh.patch
+++ b/openssh-6.2p2-gsissh.patch
@@ -1,6 +1,6 @@
-diff -Nur openssh-6.2p1.orig/auth2.c openssh-6.2p1/auth2.c
---- openssh-6.2p1.orig/auth2.c 2013-04-05 15:55:21.274427586 +0200
-+++ openssh-6.2p1/auth2.c 2013-04-05 15:56:33.025561979 +0200
+diff -Nur openssh-6.2p2.orig/auth2.c openssh-6.2p2/auth2.c
+--- openssh-6.2p2.orig/auth2.c 2013-06-24 05:46:18.228123474 +0200
++++ openssh-6.2p2/auth2.c 2013-06-24 05:47:42.363821161 +0200
@@ -231,7 +231,27 @@
user = packet_get_cstring(NULL);
service = packet_get_cstring(NULL);
@@ -96,9 +96,9 @@ diff -Nur openssh-6.2p1.orig/auth2.c openssh-6.2p1/auth2.c
"(%s,%s) -> (%s,%s)",
authctxt->user, authctxt->service, user, service);
}
-diff -Nur openssh-6.2p1.orig/auth2-gss.c openssh-6.2p1/auth2-gss.c
---- openssh-6.2p1.orig/auth2-gss.c 2013-04-05 15:55:21.275427574 +0200
-+++ openssh-6.2p1/auth2-gss.c 2013-04-05 15:56:33.025561979 +0200
+diff -Nur openssh-6.2p2.orig/auth2-gss.c openssh-6.2p2/auth2-gss.c
+--- openssh-6.2p2.orig/auth2-gss.c 2013-06-24 05:46:18.228123474 +0200
++++ openssh-6.2p2/auth2-gss.c 2013-06-24 05:47:42.364821170 +0200
@@ -47,6 +47,7 @@
extern ServerOptions options;
@@ -279,9 +279,9 @@ diff -Nur openssh-6.2p1.orig/auth2-gss.c openssh-6.2p1/auth2-gss.c
Authmethod method_gsskeyex = {
"gssapi-keyex",
userauth_gsskeyex,
-diff -Nur openssh-6.2p1.orig/auth.c openssh-6.2p1/auth.c
---- openssh-6.2p1.orig/auth.c 2013-04-05 15:55:21.148429106 +0200
-+++ openssh-6.2p1/auth.c 2013-04-05 15:56:33.026561967 +0200
+diff -Nur openssh-6.2p2.orig/auth.c openssh-6.2p2/auth.c
+--- openssh-6.2p2.orig/auth.c 2013-06-24 05:46:18.050122003 +0200
++++ openssh-6.2p2/auth.c 2013-06-24 05:47:42.364821170 +0200
@@ -73,6 +73,9 @@
#include "monitor_wrap.h"
#include "krl.h"
@@ -345,9 +345,9 @@ diff -Nur openssh-6.2p1.orig/auth.c openssh-6.2p1/auth.c
#ifdef CUSTOM_FAILED_LOGIN
record_failed_login(user,
get_canonical_hostname(options.use_dns), "ssh");
-diff -Nur openssh-6.2p1.orig/auth.h openssh-6.2p1/auth.h
---- openssh-6.2p1.orig/auth.h 2013-04-05 15:55:21.189428611 +0200
-+++ openssh-6.2p1/auth.h 2013-04-05 15:56:33.026561967 +0200
+diff -Nur openssh-6.2p2.orig/auth.h openssh-6.2p2/auth.h
+--- openssh-6.2p2.orig/auth.h 2013-06-24 05:46:18.085122292 +0200
++++ openssh-6.2p2/auth.h 2013-06-24 05:47:42.365821178 +0200
@@ -155,6 +155,7 @@
const char *);
void userauth_finish(Authctxt *, int, const char *, const char *);
@@ -356,9 +356,9 @@ diff -Nur openssh-6.2p1.orig/auth.h openssh-6.2p1/auth.h
void userauth_send_banner(const char *);
-diff -Nur openssh-6.2p1.orig/auth-pam.c openssh-6.2p1/auth-pam.c
---- openssh-6.2p1.orig/auth-pam.c 2013-04-05 15:55:21.189428611 +0200
-+++ openssh-6.2p1/auth-pam.c 2013-04-05 17:04:59.338026029 +0200
+diff -Nur openssh-6.2p2.orig/auth-pam.c openssh-6.2p2/auth-pam.c
+--- openssh-6.2p2.orig/auth-pam.c 2013-06-24 05:46:18.086122301 +0200
++++ openssh-6.2p2/auth-pam.c 2013-06-24 05:47:42.366821186 +0200
@@ -122,6 +122,10 @@
*/
typedef pthread_t sp_pthread_t;
@@ -508,9 +508,9 @@ diff -Nur openssh-6.2p1.orig/auth-pam.c openssh-6.2p1/auth-pam.c
sshpam_password = NULL;
if (sshpam_err == PAM_SUCCESS && authctxt->valid) {
debug("PAM: password authentication accepted for %.100s",
-diff -Nur openssh-6.2p1.orig/auth-pam.h openssh-6.2p1/auth-pam.h
---- openssh-6.2p1.orig/auth-pam.h 2013-04-05 15:55:21.189428611 +0200
-+++ openssh-6.2p1/auth-pam.h 2013-04-05 15:56:33.027561955 +0200
+diff -Nur openssh-6.2p2.orig/auth-pam.h openssh-6.2p2/auth-pam.h
+--- openssh-6.2p2.orig/auth-pam.h 2013-06-24 05:46:18.086122301 +0200
++++ openssh-6.2p2/auth-pam.h 2013-06-24 05:47:42.366821186 +0200
@@ -46,5 +46,6 @@
void sshpam_cleanup(void);
int sshpam_auth_passwd(Authctxt *, const char *);
@@ -518,9 +518,9 @@ diff -Nur openssh-6.2p1.orig/auth-pam.h openssh-6.2p1/auth-pam.h
+struct passwd *sshpam_getpw(const char *);
#endif /* USE_PAM */
-diff -Nur openssh-6.2p1.orig/canohost.c openssh-6.2p1/canohost.c
---- openssh-6.2p1.orig/canohost.c 2013-04-05 15:55:21.210428358 +0200
-+++ openssh-6.2p1/canohost.c 2013-04-05 15:56:33.027561955 +0200
+diff -Nur openssh-6.2p2.orig/canohost.c openssh-6.2p2/canohost.c
+--- openssh-6.2p2.orig/canohost.c 2013-06-24 05:46:18.124122615 +0200
++++ openssh-6.2p2/canohost.c 2013-06-24 05:47:42.367821195 +0200
@@ -16,6 +16,7 @@
#include <sys/types.h>
@@ -563,9 +563,9 @@ diff -Nur openssh-6.2p1.orig/canohost.c openssh-6.2p1/canohost.c
+ }
+ }
+}
-diff -Nur openssh-6.2p1.orig/canohost.h openssh-6.2p1/canohost.h
---- openssh-6.2p1.orig/canohost.h 2009-06-21 11:50:08.000000000 +0200
-+++ openssh-6.2p1/canohost.h 2013-04-05 15:56:33.027561955 +0200
+diff -Nur openssh-6.2p2.orig/canohost.h openssh-6.2p2/canohost.h
+--- openssh-6.2p2.orig/canohost.h 2009-06-21 11:50:08.000000000 +0200
++++ openssh-6.2p2/canohost.h 2013-06-24 05:47:42.367821195 +0200
@@ -26,4 +26,6 @@
int get_sock_port(int, int);
void clear_cached_addr(void);
@@ -573,9 +573,9 @@ diff -Nur openssh-6.2p1.orig/canohost.h openssh-6.2p1/canohost.h
+void resolve_localhost(char **host);
+
void ipv64_normalise_mapped(struct sockaddr_storage *, socklen_t *);
-diff -Nur openssh-6.2p1.orig/configure.ac openssh-6.2p1/configure.ac
---- openssh-6.2p1.orig/configure.ac 2013-04-05 15:55:21.276427562 +0200
-+++ openssh-6.2p1/configure.ac 2013-04-05 15:56:33.029561931 +0200
+diff -Nur openssh-6.2p2.orig/configure.ac openssh-6.2p2/configure.ac
+--- openssh-6.2p2.orig/configure.ac 2013-06-24 05:46:18.232123507 +0200
++++ openssh-6.2p2/configure.ac 2013-06-24 05:47:42.369821211 +0200
@@ -3867,6 +3867,14 @@
AC_CHECK_HEADER([gssapi_krb5.h], ,
[ CPPFLAGS="$oldCPP" ])
@@ -642,9 +642,9 @@ diff -Nur openssh-6.2p1.orig/configure.ac openssh-6.2p1/configure.ac
# Looking for programs, paths and files
PRIVSEP_PATH=/var/empty
-diff -Nur openssh-6.2p1.orig/gss-genr.c openssh-6.2p1/gss-genr.c
---- openssh-6.2p1.orig/gss-genr.c 2013-04-05 15:55:21.277427550 +0200
-+++ openssh-6.2p1/gss-genr.c 2013-04-05 15:56:33.029561931 +0200
+diff -Nur openssh-6.2p2.orig/gss-genr.c openssh-6.2p2/gss-genr.c
+--- openssh-6.2p2.orig/gss-genr.c 2013-06-24 05:46:18.233123515 +0200
++++ openssh-6.2p2/gss-genr.c 2013-06-24 05:47:42.370821220 +0200
@@ -38,6 +38,7 @@
#include "xmalloc.h"
#include "buffer.h"
@@ -681,9 +681,9 @@ diff -Nur openssh-6.2p1.orig/gss-genr.c openssh-6.2p1/gss-genr.c
xfree(gssbuf.value);
return (ctx->major);
}
-diff -Nur openssh-6.2p1.orig/gss-serv.c openssh-6.2p1/gss-serv.c
---- openssh-6.2p1.orig/gss-serv.c 2013-04-05 15:55:21.277427550 +0200
-+++ openssh-6.2p1/gss-serv.c 2013-04-05 15:56:33.030561919 +0200
+diff -Nur openssh-6.2p2.orig/gss-serv.c openssh-6.2p2/gss-serv.c
+--- openssh-6.2p2.orig/gss-serv.c 2013-06-24 05:46:18.234123524 +0200
++++ openssh-6.2p2/gss-serv.c 2013-06-24 05:47:42.370821220 +0200
@@ -52,6 +52,7 @@
#include "monitor_wrap.h"
@@ -897,9 +897,9 @@ diff -Nur openssh-6.2p1.orig/gss-serv.c openssh-6.2p1/gss-serv.c
+}
+
#endif
-diff -Nur openssh-6.2p1.orig/gss-serv-gsi.c openssh-6.2p1/gss-serv-gsi.c
---- openssh-6.2p1.orig/gss-serv-gsi.c 1970-01-01 01:00:00.000000000 +0100
-+++ openssh-6.2p1/gss-serv-gsi.c 2013-04-05 15:56:33.030561919 +0200
+diff -Nur openssh-6.2p2.orig/gss-serv-gsi.c openssh-6.2p2/gss-serv-gsi.c
+--- openssh-6.2p2.orig/gss-serv-gsi.c 1970-01-01 01:00:00.000000000 +0100
++++ openssh-6.2p2/gss-serv-gsi.c 2013-06-24 05:47:42.371821228 +0200
@@ -0,0 +1,238 @@
+/*
+ * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -1139,9 +1139,9 @@ diff -Nur openssh-6.2p1.orig/gss-serv-gsi.c openssh-6.2p1/gss-serv-gsi.c
+
+#endif /* GSI */
+#endif /* GSSAPI */
-diff -Nur openssh-6.2p1.orig/gss-serv-krb5.c openssh-6.2p1/gss-serv-krb5.c
---- openssh-6.2p1.orig/gss-serv-krb5.c 2013-04-05 15:55:21.292427369 +0200
-+++ openssh-6.2p1/gss-serv-krb5.c 2013-04-05 15:56:33.030561919 +0200
+diff -Nur openssh-6.2p2.orig/gss-serv-krb5.c openssh-6.2p2/gss-serv-krb5.c
+--- openssh-6.2p2.orig/gss-serv-krb5.c 2013-06-24 05:46:18.255123697 +0200
++++ openssh-6.2p2/gss-serv-krb5.c 2013-06-24 05:47:42.372821236 +0200
@@ -262,6 +262,34 @@
return found_principal;
}
@@ -1177,7 +1177,7 @@ diff -Nur openssh-6.2p1.orig/gss-serv-krb5.c openssh-6.2p1/gss-serv-krb5.c
/* This writes out any forwarded credentials from the structure populated
* during userauth. Called after we have setuid to the user */
-@@ -346,7 +374,7 @@
+@@ -352,7 +380,7 @@
return;
}
@@ -1186,7 +1186,7 @@ diff -Nur openssh-6.2p1.orig/gss-serv-krb5.c openssh-6.2p1/gss-serv-krb5.c
ssh_gssapi_krb5_updatecreds(ssh_gssapi_ccache *store,
ssh_gssapi_client *client)
{
-@@ -417,7 +445,7 @@
+@@ -423,7 +451,7 @@
{9, "\x2A\x86\x48\x86\xF7\x12\x01\x02\x02"},
NULL,
&ssh_gssapi_krb5_userok,
@@ -1195,9 +1195,9 @@ diff -Nur openssh-6.2p1.orig/gss-serv-krb5.c openssh-6.2p1/gss-serv-krb5.c
&ssh_gssapi_krb5_storecreds,
&ssh_gssapi_krb5_updatecreds
};
-diff -Nur openssh-6.2p1.orig/kexgsss.c openssh-6.2p1/kexgsss.c
---- openssh-6.2p1.orig/kexgsss.c 2013-04-05 15:55:21.278427538 +0200
-+++ openssh-6.2p1/kexgsss.c 2013-04-05 15:56:33.032561894 +0200
+diff -Nur openssh-6.2p2.orig/kexgsss.c openssh-6.2p2/kexgsss.c
+--- openssh-6.2p2.orig/kexgsss.c 2013-06-24 05:46:18.237123548 +0200
++++ openssh-6.2p2/kexgsss.c 2013-06-24 05:47:42.373821245 +0200
@@ -44,6 +44,7 @@
#include "monitor_wrap.h"
#include "servconf.h"
@@ -1257,9 +1257,9 @@ diff -Nur openssh-6.2p1.orig/kexgsss.c openssh-6.2p1/kexgsss.c
+ }
+}
#endif /* GSSAPI */
-diff -Nur openssh-6.2p1.orig/LICENSE.globus_usage openssh-6.2p1/LICENSE.globus_usage
---- openssh-6.2p1.orig/LICENSE.globus_usage 1970-01-01 01:00:00.000000000 +0100
-+++ openssh-6.2p1/LICENSE.globus_usage 2013-04-05 15:56:33.032561894 +0200
+diff -Nur openssh-6.2p2.orig/LICENSE.globus_usage openssh-6.2p2/LICENSE.globus_usage
+--- openssh-6.2p2.orig/LICENSE.globus_usage 1970-01-01 01:00:00.000000000 +0100
++++ openssh-6.2p2/LICENSE.globus_usage 2013-06-24 05:47:42.373821245 +0200
@@ -0,0 +1,18 @@
+/*
+ * Portions of the Usage Metrics suport code are derived from the
@@ -1279,9 +1279,9 @@ diff -Nur openssh-6.2p1.orig/LICENSE.globus_usage openssh-6.2p1/LICENSE.globus_u
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
-diff -Nur openssh-6.2p1.orig/Makefile.in openssh-6.2p1/Makefile.in
---- openssh-6.2p1.orig/Makefile.in 2013-04-05 15:55:21.295427333 +0200
-+++ openssh-6.2p1/Makefile.in 2013-04-05 15:56:33.032561894 +0200
+diff -Nur openssh-6.2p2.orig/Makefile.in openssh-6.2p2/Makefile.in
+--- openssh-6.2p2.orig/Makefile.in 2013-06-24 05:46:18.288123970 +0200
++++ openssh-6.2p2/Makefile.in 2013-06-24 05:47:42.374821253 +0200
@@ -95,8 +95,10 @@
monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o kexecdhs.o \
auth-krb5.o \
@@ -1293,9 +1293,9 @@ diff -Nur openssh-6.2p1.orig/Makefile.in openssh-6.2p1/Makefile.in
roaming_common.o roaming_serv.o \
sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
sandbox-seccomp-filter.o
-diff -Nur openssh-6.2p1.orig/misc.c openssh-6.2p1/misc.c
---- openssh-6.2p1.orig/misc.c 2013-04-05 15:55:21.191428587 +0200
-+++ openssh-6.2p1/misc.c 2013-04-05 15:56:33.033561882 +0200
+diff -Nur openssh-6.2p2.orig/misc.c openssh-6.2p2/misc.c
+--- openssh-6.2p2.orig/misc.c 2013-06-24 05:46:18.089122325 +0200
++++ openssh-6.2p2/misc.c 2013-06-24 05:47:42.375821261 +0200
@@ -158,11 +158,14 @@
#define WHITESPACE " \t\r\n"
#define QUOTE "\""
@@ -1355,9 +1355,9 @@ diff -Nur openssh-6.2p1.orig/misc.c openssh-6.2p1/misc.c
/*
* Convert ASCII string to TCP/IP port number.
* Port must be >=0 and <=65535.
-diff -Nur openssh-6.2p1.orig/misc.h openssh-6.2p1/misc.h
---- openssh-6.2p1.orig/misc.h 2011-05-05 06:14:34.000000000 +0200
-+++ openssh-6.2p1/misc.h 2013-04-05 15:56:33.033561882 +0200
+diff -Nur openssh-6.2p2.orig/misc.h openssh-6.2p2/misc.h
+--- openssh-6.2p2.orig/misc.h 2011-05-05 06:14:34.000000000 +0200
++++ openssh-6.2p2/misc.h 2013-06-24 05:47:42.375821261 +0200
@@ -38,6 +38,7 @@
void sock_set_v6only(int);
@@ -1366,9 +1366,9 @@ diff -Nur openssh-6.2p1.orig/misc.h openssh-6.2p1/misc.h
const char *ssh_gai_strerror(int);
typedef struct arglist arglist;
-diff -Nur openssh-6.2p1.orig/monitor.c openssh-6.2p1/monitor.c
---- openssh-6.2p1.orig/monitor.c 2013-04-05 15:55:21.280427514 +0200
-+++ openssh-6.2p1/monitor.c 2013-04-05 15:56:33.036561846 +0200
+diff -Nur openssh-6.2p2.orig/monitor.c openssh-6.2p2/monitor.c
+--- openssh-6.2p2.orig/monitor.c 2013-06-24 05:46:18.239123565 +0200
++++ openssh-6.2p2/monitor.c 2013-06-24 05:47:42.377821278 +0200
@@ -187,6 +187,9 @@
int mm_answer_gss_userok(int, Buffer *);
int mm_answer_gss_checkmic(int, Buffer *);
@@ -1560,9 +1560,9 @@ diff -Nur openssh-6.2p1.orig/monitor.c openssh-6.2p1/monitor.c
int
mm_answer_gss_sign(int socket, Buffer *m)
{
-diff -Nur openssh-6.2p1.orig/monitor.h openssh-6.2p1/monitor.h
---- openssh-6.2p1.orig/monitor.h 2013-04-05 15:55:21.280427514 +0200
-+++ openssh-6.2p1/monitor.h 2013-04-05 16:05:05.331382197 +0200
+diff -Nur openssh-6.2p2.orig/monitor.h openssh-6.2p2/monitor.h
+--- openssh-6.2p2.orig/monitor.h 2013-06-24 05:46:18.239123565 +0200
++++ openssh-6.2p2/monitor.h 2013-06-24 05:47:42.377821278 +0200
@@ -79,8 +79,10 @@
MONITOR_REQ_AUDIT_UNSUPPORTED = 118, MONITOR_ANS_AUDIT_UNSUPPORTED = 119,
MONITOR_REQ_AUDIT_KEX = 120, MONITOR_ANS_AUDIT_KEX = 121,
@@ -1576,9 +1576,9 @@ diff -Nur openssh-6.2p1.orig/monitor.h openssh-6.2p1/monitor.h
};
struct mm_master;
-diff -Nur openssh-6.2p1.orig/monitor_wrap.c openssh-6.2p1/monitor_wrap.c
---- openssh-6.2p1.orig/monitor_wrap.c 2013-04-05 15:55:21.280427514 +0200
-+++ openssh-6.2p1/monitor_wrap.c 2013-04-05 15:56:33.037561834 +0200
+diff -Nur openssh-6.2p2.orig/monitor_wrap.c openssh-6.2p2/monitor_wrap.c
+--- openssh-6.2p2.orig/monitor_wrap.c 2013-06-24 05:46:18.240123573 +0200
++++ openssh-6.2p2/monitor_wrap.c 2013-06-24 05:47:42.377821278 +0200
@@ -1327,12 +1327,13 @@
}
@@ -1678,9 +1678,9 @@ diff -Nur openssh-6.2p1.orig/monitor_wrap.c openssh-6.2p1/monitor_wrap.c
OM_uint32
mm_ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_desc *data, gss_buffer_desc *hash)
{
-diff -Nur openssh-6.2p1.orig/monitor_wrap.h openssh-6.2p1/monitor_wrap.h
---- openssh-6.2p1.orig/monitor_wrap.h 2013-04-05 15:55:21.281427502 +0200
-+++ openssh-6.2p1/monitor_wrap.h 2013-04-05 15:56:33.038561822 +0200
+diff -Nur openssh-6.2p2.orig/monitor_wrap.h openssh-6.2p2/monitor_wrap.h
+--- openssh-6.2p2.orig/monitor_wrap.h 2013-06-24 05:46:18.240123573 +0200
++++ openssh-6.2p2/monitor_wrap.h 2013-06-24 05:47:42.377821278 +0200
@@ -62,9 +62,13 @@
OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID);
OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *,
@@ -1696,10 +1696,10 @@ diff -Nur openssh-6.2p1.orig/monitor_wrap.h openssh-6.2p1/monitor_wrap.h
int mm_ssh_gssapi_update_creds(ssh_gssapi_ccache *);
#endif
-diff -Nur openssh-6.2p1.orig/readconf.c openssh-6.2p1/readconf.c
---- openssh-6.2p1.orig/readconf.c 2013-04-05 15:55:21.281427502 +0200
-+++ openssh-6.2p1/readconf.c 2013-04-05 15:56:33.039561810 +0200
-@@ -1274,13 +1274,13 @@
+diff -Nur openssh-6.2p2.orig/readconf.c openssh-6.2p2/readconf.c
+--- openssh-6.2p2.orig/readconf.c 2013-06-24 05:46:18.240123573 +0200
++++ openssh-6.2p2/readconf.c 2013-06-24 05:47:42.378821286 +0200
+@@ -1293,13 +1293,13 @@
if (options->challenge_response_authentication == -1)
options->challenge_response_authentication = 1;
if (options->gss_authentication == -1)
@@ -1717,9 +1717,9 @@ diff -Nur openssh-6.2p1.orig/readconf.c openssh-6.2p1/readconf.c
if (options->gss_renewal_rekey == -1)
options->gss_renewal_rekey = 0;
if (options->password_authentication == -1)
-diff -Nur openssh-6.2p1.orig/readconf.h openssh-6.2p1/readconf.h
---- openssh-6.2p1.orig/readconf.h 2013-04-05 15:55:21.281427502 +0200
-+++ openssh-6.2p1/readconf.h 2013-04-05 15:56:33.039561810 +0200
+diff -Nur openssh-6.2p2.orig/readconf.h openssh-6.2p2/readconf.h
+--- openssh-6.2p2.orig/readconf.h 2013-06-24 05:46:18.240123573 +0200
++++ openssh-6.2p2/readconf.h 2013-06-24 05:47:42.378821286 +0200
@@ -88,6 +88,8 @@
char *host_key_alias; /* hostname alias for .ssh/known_hosts */
char *proxy_command; /* Proxy command for connecting the host. */
@@ -1729,9 +1729,9 @@ diff -Nur openssh-6.2p1.orig/readconf.h openssh-6.2p1/readconf.h
int escape_char; /* Escape character; -2 = none */
u_int num_system_hostfiles; /* Paths for /etc/ssh/ssh_known_hosts */
-diff -Nur openssh-6.2p1.orig/servconf.c openssh-6.2p1/servconf.c
---- openssh-6.2p1.orig/servconf.c 2013-04-05 15:55:21.293427357 +0200
-+++ openssh-6.2p1/servconf.c 2013-04-05 15:56:33.040561798 +0200
+diff -Nur openssh-6.2p2.orig/servconf.c openssh-6.2p2/servconf.c
+--- openssh-6.2p2.orig/servconf.c 2013-06-24 05:46:18.256123705 +0200
++++ openssh-6.2p2/servconf.c 2013-06-24 05:47:42.379821294 +0200
@@ -67,6 +67,7 @@
/* Portable-specific options */
@@ -1934,9 +1934,9 @@ diff -Nur openssh-6.2p1.orig/servconf.c openssh-6.2p1/servconf.c
M_CP_INTOPT(rsa_authentication);
M_CP_INTOPT(pubkey_authentication);
M_CP_INTOPT(kerberos_authentication);
-diff -Nur openssh-6.2p1.orig/servconf.h openssh-6.2p1/servconf.h
---- openssh-6.2p1.orig/servconf.h 2013-04-05 15:55:21.293427357 +0200
-+++ openssh-6.2p1/servconf.h 2013-04-05 15:56:33.040561798 +0200
+diff -Nur openssh-6.2p2.orig/servconf.h openssh-6.2p2/servconf.h
+--- openssh-6.2p2.orig/servconf.h 2013-06-24 05:46:18.256123705 +0200
++++ openssh-6.2p2/servconf.h 2013-06-24 05:47:42.379821294 +0200
@@ -109,9 +109,12 @@
* file on logout. */
int kerberos_get_afs_token; /* If true, try to get AFS token if
@@ -1969,9 +1969,9 @@ diff -Nur openssh-6.2p1.orig/servconf.h openssh-6.2p1/servconf.h
char *revoked_keys_file;
char *trusted_user_ca_keys;
char *authorized_principals_file;
-diff -Nur openssh-6.2p1.orig/ssh.1 openssh-6.2p1/ssh.1
---- openssh-6.2p1.orig/ssh.1 2013-04-05 15:55:21.260427755 +0200
-+++ openssh-6.2p1/ssh.1 2013-04-05 15:56:33.041561786 +0200
+diff -Nur openssh-6.2p2.orig/ssh.1 openssh-6.2p2/ssh.1
+--- openssh-6.2p2.orig/ssh.1 2013-06-24 05:46:18.202123259 +0200
++++ openssh-6.2p2/ssh.1 2013-06-24 05:47:42.380821303 +0200
@@ -1263,6 +1263,18 @@
on to new connections).
.It Ev USER
@@ -1991,10 +1991,10 @@ diff -Nur openssh-6.2p1.orig/ssh.1 openssh-6.2p1/ssh.1
.El
.Pp
Additionally,
-diff -Nur openssh-6.2p1.orig/ssh.c openssh-6.2p1/ssh.c
---- openssh-6.2p1.orig/ssh.c 2013-04-05 15:55:21.234428068 +0200
-+++ openssh-6.2p1/ssh.c 2013-04-05 15:56:33.042561774 +0200
-@@ -690,6 +690,32 @@
+diff -Nur openssh-6.2p2.orig/ssh.c openssh-6.2p2/ssh.c
+--- openssh-6.2p2.orig/ssh.c 2013-06-24 05:46:18.163122937 +0200
++++ openssh-6.2p2/ssh.c 2013-06-24 05:47:42.380821303 +0200
+@@ -686,6 +686,32 @@
fatal("Can't open user config file %.100s: "
"%.100s", config, strerror(errno));
} else {
@@ -2027,7 +2027,7 @@ diff -Nur openssh-6.2p1.orig/ssh.c openssh-6.2p1/ssh.c
r = snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir,
_PATH_SSH_USER_CONFFILE);
if (r > 0 && (size_t)r < sizeof(buf))
-@@ -734,8 +760,12 @@
+@@ -731,8 +757,12 @@
logit("FIPS mode initialized");
}
@@ -2041,9 +2041,9 @@ diff -Nur openssh-6.2p1.orig/ssh.c openssh-6.2p1/ssh.c
/* Get default port if port has not been set. */
if (options.port == 0) {
-diff -Nur openssh-6.2p1.orig/ssh_config openssh-6.2p1/ssh_config
---- openssh-6.2p1.orig/ssh_config 2013-04-05 15:55:21.282427490 +0200
-+++ openssh-6.2p1/ssh_config 2013-04-05 15:56:33.042561774 +0200
+diff -Nur openssh-6.2p2.orig/ssh_config openssh-6.2p2/ssh_config
+--- openssh-6.2p2.orig/ssh_config 2013-06-24 05:46:18.242123590 +0200
++++ openssh-6.2p2/ssh_config 2013-06-24 05:47:42.380821303 +0200
@@ -24,10 +24,10 @@
# RSAAuthentication yes
# PasswordAuthentication yes
@@ -2059,9 +2059,9 @@ diff -Nur openssh-6.2p1.orig/ssh_config openssh-6.2p1/ssh_config
# BatchMode no
# CheckHostIP yes
# AddressFamily any
-diff -Nur openssh-6.2p1.orig/ssh_config.5 openssh-6.2p1/ssh_config.5
---- openssh-6.2p1.orig/ssh_config.5 2013-04-05 15:55:21.282427490 +0200
-+++ openssh-6.2p1/ssh_config.5 2013-04-05 15:56:33.042561774 +0200
+diff -Nur openssh-6.2p2.orig/ssh_config.5 openssh-6.2p2/ssh_config.5
+--- openssh-6.2p2.orig/ssh_config.5 2013-06-24 05:46:18.242123590 +0200
++++ openssh-6.2p2/ssh_config.5 2013-06-24 05:47:42.381821311 +0200
@@ -55,6 +55,12 @@
user's configuration file
.Pq Pa ~/.ssh/config
@@ -2075,9 +2075,9 @@ diff -Nur openssh-6.2p1.orig/ssh_config.5 openssh-6.2p1/ssh_config.5
system-wide configuration file
.Pq Pa /etc/ssh/ssh_config
.El
-diff -Nur openssh-6.2p1.orig/sshconnect2.c openssh-6.2p1/sshconnect2.c
---- openssh-6.2p1.orig/sshconnect2.c 2013-04-05 15:55:21.290427393 +0200
-+++ openssh-6.2p1/sshconnect2.c 2013-04-05 15:56:33.043561762 +0200
+diff -Nur openssh-6.2p2.orig/sshconnect2.c openssh-6.2p2/sshconnect2.c
+--- openssh-6.2p2.orig/sshconnect2.c 2013-06-24 05:46:18.251123664 +0200
++++ openssh-6.2p2/sshconnect2.c 2013-06-24 05:47:42.381821311 +0200
@@ -702,6 +702,11 @@
int ok = 0;
const char *gss_host = NULL;
@@ -2139,9 +2139,9 @@ diff -Nur openssh-6.2p1.orig/sshconnect2.c openssh-6.2p1/sshconnect2.c
packet_put_cstring(authctxt->service);
packet_put_cstring(authctxt->method->name);
packet_put_string(mic.value, mic.length);
-diff -Nur openssh-6.2p1.orig/sshd.8 openssh-6.2p1/sshd.8
---- openssh-6.2p1.orig/sshd.8 2013-04-05 15:55:21.287427429 +0200
-+++ openssh-6.2p1/sshd.8 2013-04-05 15:56:33.043561762 +0200
+diff -Nur openssh-6.2p2.orig/sshd.8 openssh-6.2p2/sshd.8
+--- openssh-6.2p2.orig/sshd.8 2013-06-24 05:46:18.247123631 +0200
++++ openssh-6.2p2/sshd.8 2013-06-24 05:47:42.382821319 +0200
@@ -762,6 +762,44 @@
# A CA key, accepted for any host in *.mydomain.com or *.mydomain.org
@cert-authority *.mydomain.org,*.mydomain.com ssh-rsa AAAAB5W...
@@ -2187,9 +2187,9 @@ diff -Nur openssh-6.2p1.orig/sshd.8 openssh-6.2p1/sshd.8
.Sh FILES
.Bl -tag -width Ds -compact
.It Pa ~/.hushlogin
-diff -Nur openssh-6.2p1.orig/sshd.c openssh-6.2p1/sshd.c
---- openssh-6.2p1.orig/sshd.c 2013-04-05 15:55:21.283427477 +0200
-+++ openssh-6.2p1/sshd.c 2013-04-05 15:56:33.044561750 +0200
+diff -Nur openssh-6.2p2.orig/sshd.c openssh-6.2p2/sshd.c
+--- openssh-6.2p2.orig/sshd.c 2013-06-24 05:46:18.243123598 +0200
++++ openssh-6.2p2/sshd.c 2013-06-24 05:47:42.383821328 +0200
@@ -123,6 +123,7 @@
#include "audit.h"
#include "ssh-sandbox.h"
@@ -2212,18 +2212,18 @@ diff -Nur openssh-6.2p1.orig/sshd.c openssh-6.2p1/sshd.c
/* challenge-response is implemented via keyboard interactive */
if (options.challenge_response_authentication)
options.kbd_interactive_authentication = 1;
-@@ -2202,7 +2210,7 @@
+@@ -2210,7 +2218,7 @@
+ }
#endif
-
#ifdef GSSAPI
- if (options.gss_authentication) {
+ if (options.gss_authentication && options.gss_deleg_creds) {
temporarily_use_uid(authctxt->pw);
ssh_gssapi_storecreds();
restore_uid();
-diff -Nur openssh-6.2p1.orig/sshd_config openssh-6.2p1/sshd_config
---- openssh-6.2p1.orig/sshd_config 2013-04-05 15:55:21.293427357 +0200
-+++ openssh-6.2p1/sshd_config 2013-04-05 15:56:33.044561750 +0200
+diff -Nur openssh-6.2p2.orig/sshd_config openssh-6.2p2/sshd_config
+--- openssh-6.2p2.orig/sshd_config 2013-06-24 05:46:18.256123705 +0200
++++ openssh-6.2p2/sshd_config 2013-06-24 05:47:42.383821328 +0200
@@ -86,12 +86,11 @@
#KerberosUseKuserok yes
@@ -2259,9 +2259,9 @@ diff -Nur openssh-6.2p1.orig/sshd_config openssh-6.2p1/sshd_config
+# Usage Metrics
+#UsageStatsTargets usage-stats.cilogon.org:4810
+#DisableUsageStats no
-diff -Nur openssh-6.2p1.orig/sshd_config.5 openssh-6.2p1/sshd_config.5
---- openssh-6.2p1.orig/sshd_config.5 2013-04-05 15:55:21.293427357 +0200
-+++ openssh-6.2p1/sshd_config.5 2013-04-05 15:56:33.047561713 +0200
+diff -Nur openssh-6.2p2.orig/sshd_config.5 openssh-6.2p2/sshd_config.5
+--- openssh-6.2p2.orig/sshd_config.5 2013-06-24 05:46:18.257123714 +0200
++++ openssh-6.2p2/sshd_config.5 2013-06-24 05:47:42.383821328 +0200
@@ -437,6 +437,15 @@
in
.Xr ssh_config 5
@@ -2447,9 +2447,9 @@ diff -Nur openssh-6.2p1.orig/sshd_config.5 openssh-6.2p1/sshd_config.5
.It Cm UsePrivilegeSeparation
Specifies whether
.Xr sshd 8
-diff -Nur openssh-6.2p1.orig/ssh-globus-usage.c openssh-6.2p1/ssh-globus-usage.c
---- openssh-6.2p1.orig/ssh-globus-usage.c 1970-01-01 01:00:00.000000000 +0100
-+++ openssh-6.2p1/ssh-globus-usage.c 2013-04-05 15:56:33.048561701 +0200
+diff -Nur openssh-6.2p2.orig/ssh-globus-usage.c openssh-6.2p2/ssh-globus-usage.c
+--- openssh-6.2p2.orig/ssh-globus-usage.c 1970-01-01 01:00:00.000000000 +0100
++++ openssh-6.2p2/ssh-globus-usage.c 2013-06-24 05:47:42.384821336 +0200
@@ -0,0 +1,396 @@
+/*
+ * Copyright 2009 The Board of Trustees of the University
@@ -2847,9 +2847,9 @@ diff -Nur openssh-6.2p1.orig/ssh-globus-usage.c openssh-6.2p1/ssh-globus-usage.c
+
+#endif /* HAVE_GLOBUS_USAGE */
+}
-diff -Nur openssh-6.2p1.orig/ssh-globus-usage.h openssh-6.2p1/ssh-globus-usage.h
---- openssh-6.2p1.orig/ssh-globus-usage.h 1970-01-01 01:00:00.000000000 +0100
-+++ openssh-6.2p1/ssh-globus-usage.h 2013-04-05 15:56:33.048561701 +0200
+diff -Nur openssh-6.2p2.orig/ssh-globus-usage.h openssh-6.2p2/ssh-globus-usage.h
+--- openssh-6.2p2.orig/ssh-globus-usage.h 1970-01-01 01:00:00.000000000 +0100
++++ openssh-6.2p2/ssh-globus-usage.h 2013-06-24 05:47:42.384821336 +0200
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2009 The Board of Trustees of the University
@@ -2897,9 +2897,9 @@ diff -Nur openssh-6.2p1.orig/ssh-globus-usage.h openssh-6.2p1/ssh-globus-usage.h
+ char *username, char *userdn);
+
+#endif /* __SSH_GLOBUS_USAGE_H */
-diff -Nur openssh-6.2p1.orig/ssh-gss.h openssh-6.2p1/ssh-gss.h
---- openssh-6.2p1.orig/ssh-gss.h 2013-04-05 15:55:21.287427429 +0200
-+++ openssh-6.2p1/ssh-gss.h 2013-04-05 15:56:33.048561701 +0200
+diff -Nur openssh-6.2p2.orig/ssh-gss.h openssh-6.2p2/ssh-gss.h
+--- openssh-6.2p2.orig/ssh-gss.h 2013-06-24 05:46:18.247123631 +0200
++++ openssh-6.2p2/ssh-gss.h 2013-06-24 05:47:42.384821336 +0200
@@ -91,6 +91,7 @@
gss_name_t name;
struct ssh_gssapi_mech_struct *mech;
@@ -2944,9 +2944,9 @@ diff -Nur openssh-6.2p1.orig/ssh-gss.h openssh-6.2p1/ssh-gss.h
#endif /* GSSAPI */
#endif /* _SSH_GSS_H */
-diff -Nur openssh-6.2p1.orig/version.h openssh-6.2p1/version.h
---- openssh-6.2p1.orig/version.h 2013-02-12 01:03:11.000000000 +0100
-+++ openssh-6.2p1/version.h 2013-04-05 16:20:15.102406012 +0200
+diff -Nur openssh-6.2p2.orig/version.h openssh-6.2p2/version.h
+--- openssh-6.2p2.orig/version.h 2013-05-10 08:02:21.000000000 +0200
++++ openssh-6.2p2/version.h 2013-06-24 05:47:42.384821336 +0200
@@ -1,6 +1,21 @@
/* $OpenBSD: version.h,v 1.66 2013/02/10 21:19:34 markus Exp $ */
@@ -2962,11 +2962,11 @@ diff -Nur openssh-6.2p1.orig/version.h openssh-6.2p1/version.h
+#define KRB5_VERSION ""
+#endif
+
-+#define NCSA_VERSION " GSI_GSSAPI_20130327"
++#define NCSA_VERSION " GSI_GSSAPI_20130516"
+
#define SSH_VERSION "OpenSSH_6.2"
- #define SSH_PORTABLE "p1"
+ #define SSH_PORTABLE "p2"
-#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE \
+ NCSA_VERSION GSI_VERSION KRB5_VERSION
diff --git a/openssh-6.2p2-sftp-multibyte.patch b/openssh-6.2p2-sftp-multibyte.patch
new file mode 100644
index 0000000..2f9b423
--- /dev/null
+++ b/openssh-6.2p2-sftp-multibyte.patch
@@ -0,0 +1,64 @@
+diff --git a/ChangeLog b/ChangeLog
+index f5e2df0..74a03f8 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,3 +1,11 @@
++20130605
++ - dtucker at cvs.openbsd.org 2013/06/04 20:42:36
++ [sftp.c]
++ Make sftp's libedit interface marginally multibyte aware by building up
++ the quoted string by character instead of by byte. Prevents failures
++ when linked against a libedit built with wide character support (bz#1990).
++ "looks ok" djm
++
+ 20130516
+ - (djm) [contrib/ssh-copy-id] Fix bug that could cause "rm *" to be
+ executed if mktemp failed; bz#2105 ok dtucker@
+diff --git a/sftp.c b/sftp.c
+index 25c35fa..c9a9919 100644
+--- a/sftp.c
++++ b/sftp.c
+@@ -38,6 +38,7 @@
+ #ifdef HAVE_LIBGEN_H
+ #include <libgen.h>
+ #endif
++#include <locale.h>
+ #ifdef USE_LIBEDIT
+ #include <histedit.h>
+ #else
+@@ -1694,8 +1695,9 @@ complete_match(EditLine *el, struct sftp_conn *conn, char *remote_path,
+ char *file, int remote, int lastarg, char quote, int terminated)
+ {
+ glob_t g;
+- char *tmp, *tmp2, ins[3];
++ char *tmp, *tmp2, ins[8];
+ u_int i, hadglob, pwdlen, len, tmplen, filelen, cesc, isesc, isabs;
++ int clen;
+ const LineInfo *lf;
+
+ /* Glob from "file" location */
+@@ -1764,10 +1766,13 @@ complete_match(EditLine *el, struct sftp_conn *conn, char *remote_path,
+ tmp2 = tmp + filelen - cesc;
+ len = strlen(tmp2);
+ /* quote argument on way out */
+- for (i = 0; i < len; i++) {
++ for (i = 0; i < len; i += clen) {
++ if ((clen = mblen(tmp2 + i, len - i)) < 0 ||
++ (size_t)clen > sizeof(ins) - 2)
++ fatal("invalid multibyte character");
+ ins[0] = '\\';
+- ins[1] = tmp2[i];
+- ins[2] = '\0';
++ memcpy(ins + 1, tmp2 + i, clen);
++ ins[clen + 1] = '\0';
+ switch (tmp2[i]) {
+ case '\'':
+ case '"':
+@@ -2112,6 +2117,7 @@ main(int argc, char **argv)
+
+ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+ sanitise_stdfd();
++ setlocale(LC_CTYPE, "");
+
+ __progname = ssh_get_progname(argv[0]);
+ memset(&args, '\0', sizeof(args));
diff --git a/sources b/sources
index ea348d1..e814a99 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-7b2d9dd75b5cf267ea1737ec75500316 openssh-6.2p1.tar.gz
+be46174dcbb77ebb4ea88ef140685de1 openssh-6.2p2.tar.gz
More information about the scm-commits
mailing list