openssh: Update to 6.2p2

2 files changed, 3 insertions, 258 deletions

diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix
index 8542580e431b..4296ba57f881 100644
--- a/pkgs/tools/networking/openssh/default.nix
+++ b/pkgs/tools/networking/openssh/default.nix
@@ -13,11 +13,11 @@ let
 in
 
 stdenv.mkDerivation rec {
-  name = "openssh-6.2p1";
+  name = "openssh-6.2p2";
 
   src = fetchurl {
     url = "ftp://ftp.nl.uu.net/pub/OpenBSD/OpenSSH/portable/${name}.tar.gz";
-    sha1 = "8824708c617cc781b2bb29fa20bd905fd3d2a43d";
+    sha1 = "c2b4909eba6f5ec6f9f75866c202db47f3b501ba";
   };
 
   prePatch = stdenv.lib.optionalString hpnSupport
@@ -26,11 +26,7 @@ stdenv.mkDerivation rec {
       export NIX_LDFLAGS="$NIX_LDFLAGS -lgcc_s"
     '';
 
-  patches =
-    [ ./locale_archive.patch
-      # Upstream fix for gratuitous "no such identity" warnings.
-      ./fix-identity-warnings.patch
-    ];
+  patches = [ ./locale_archive.patch ];
 
   buildInputs = [ zlib openssl libedit pkgconfig pam ];
 
diff --git a/pkgs/tools/networking/openssh/fix-identity-warnings.patch b/pkgs/tools/networking/openssh/fix-identity-warnings.patch
deleted file mode 100644
index c341889b3a47..000000000000
--- a/pkgs/tools/networking/openssh/fix-identity-warnings.patch
+++ /dev/null
@@ -1,251 +0,0 @@
-https://bugzilla.mindrot.org/show_bug.cgi?id=2084
-
-@@ -, +, @@ 
-   - dtucker@cvs.openbsd.org 2013/02/17 23:16:57
-     [readconf.c ssh.c readconf.h sshconnect2.c]
-     Keep track of which IndentityFile options were manually supplied and which
-     were default options, and don't warn if the latter are missing.
-     ok markus@
-   - dtucker@cvs.openbsd.org 2013/02/22 04:45:09
-     [ssh.c readconf.c readconf.h]
-     Don't complain if IdentityFiles specified in system-wide configs are
-     missing.  ok djm, deraadt.
-Index: readconf.c
-===================================================================
-RCS file: /home/dtucker/openssh/cvs/openssh/readconf.c,v
---- a/readconf.c	2 Oct 2011 07:59:03 -0000	1.174
-+++ b/readconf.c	5 Apr 2013 02:36:11 -0000
-@@ -1,4 +1,4 @@ 
--/* $OpenBSD: readconf.c,v 1.194 2011/09/23 07:45:05 markus Exp $ */
-+/* $OpenBSD: readconf.c,v 1.196 2013/02/22 04:45:08 dtucker Exp $ */
- /*
-  * Author: Tatu Ylonen <ylo@cs.hut.fi>
-  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
-@@ -326,6 +326,26 @@ clear_forwardings(Options *options)
- 	options->tun_open = SSH_TUNMODE_NO;
- }
- 
-+void
-+add_identity_file(Options *options, const char *dir, const char *filename,
-+    int userprovided)
-+{
-+	char *path;
-+
-+	if (options->num_identity_files >= SSH_MAX_IDENTITY_FILES)
-+		fatal("Too many identity files specified (max %d)",
-+		    SSH_MAX_IDENTITY_FILES);
-+
-+	if (dir == NULL) /* no dir, filename is absolute */
-+		path = xstrdup(filename);
-+	else
-+		(void)xasprintf(&path, "%.100s%.100s", dir, filename);
-+
-+	options->identity_file_userprovided[options->num_identity_files] =
-+	    userprovided;
-+	options->identity_files[options->num_identity_files++] = path;
-+}
-+
- /*
-  * Returns the number of the token pointed to by cp or oBadOption.
-  */
-@@ -353,7 +373,7 @@ parse_token(const char *cp, const char *
- int
- process_config_line(Options *options, const char *host,
- 		    char *line, const char *filename, int linenum,
--		    int *activep)
-+		    int *activep, int userconfig)
- {
- 	char *s, **charptr, *endofnumber, *keyword, *arg, *arg2;
- 	char **cpptr, fwdarg[256];
-@@ -586,9 +606,7 @@ parse_yesnoask:
- 			if (*intptr >= SSH_MAX_IDENTITY_FILES)
- 				fatal("%.200s line %d: Too many identity files specified (max %d).",
- 				    filename, linenum, SSH_MAX_IDENTITY_FILES);
--			charptr = &options->identity_files[*intptr];
--			*charptr = xstrdup(arg);
--			*intptr = *intptr + 1;
-+			add_identity_file(options, NULL, arg, userconfig);
- 		}
- 		break;
- 
-@@ -1075,7 +1093,7 @@ parse_int:
- 
- int
- read_config_file(const char *filename, const char *host, Options *options,
--    int checkperm)
-+    int flags)
- {
- 	FILE *f;
- 	char line[1024];
-@@ -1085,7 +1103,7 @@ read_config_file(const char *filename, c
- 	if ((f = fopen(filename, "r")) == NULL)
- 		return 0;
- 
--	if (checkperm) {
-+	if (flags & SSHCONF_CHECKPERM) {
- 		struct stat sb;
- 
- 		if (fstat(fileno(f), &sb) == -1)
-@@ -1106,7 +1124,8 @@ read_config_file(const char *filename, c
- 	while (fgets(line, sizeof(line), f)) {
- 		/* Update line number counter. */
- 		linenum++;
--		if (process_config_line(options, host, line, filename, linenum, &active) != 0)
-+		if (process_config_line(options, host, line, filename, linenum,
-+		    &active, flags & SSHCONF_USERCONF) != 0)
- 			bad_options++;
- 	}
- 	fclose(f);
-@@ -1280,30 +1299,17 @@ fill_default_options(Options * options)
- 		options->protocol = SSH_PROTO_2;
- 	if (options->num_identity_files == 0) {
- 		if (options->protocol & SSH_PROTO_1) {
--			len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
--			options->identity_files[options->num_identity_files] =
--			    xmalloc(len);
--			snprintf(options->identity_files[options->num_identity_files++],
--			    len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
-+			add_identity_file(options, "~/",
-+			    _PATH_SSH_CLIENT_IDENTITY, 0);
- 		}
- 		if (options->protocol & SSH_PROTO_2) {
--			len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1;
--			options->identity_files[options->num_identity_files] =
--			    xmalloc(len);
--			snprintf(options->identity_files[options->num_identity_files++],
--			    len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);
--
--			len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;
--			options->identity_files[options->num_identity_files] =
--			    xmalloc(len);
--			snprintf(options->identity_files[options->num_identity_files++],
--			    len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
-+			add_identity_file(options, "~/",
-+			    _PATH_SSH_CLIENT_ID_RSA, 0);
-+			add_identity_file(options, "~/",
-+			    _PATH_SSH_CLIENT_ID_DSA, 0);
- #ifdef OPENSSL_HAS_ECC
--			len = 2 + strlen(_PATH_SSH_CLIENT_ID_ECDSA) + 1;
--			options->identity_files[options->num_identity_files] =
--			    xmalloc(len);
--			snprintf(options->identity_files[options->num_identity_files++],
--			    len, "~/%.100s", _PATH_SSH_CLIENT_ID_ECDSA);
-+			add_identity_file(options, "~/",
-+			    _PATH_SSH_CLIENT_ID_ECDSA, 0);
- #endif
- 		}
- 	}
-Index: readconf.h
-===================================================================
-RCS file: /home/dtucker/openssh/cvs/openssh/readconf.h,v
---- a/readconf.h	2 Oct 2011 07:59:03 -0000	1.83
-+++ b/readconf.h	5 Apr 2013 02:36:11 -0000
-@@ -1,4 +1,4 @@ 
--/* $OpenBSD: readconf.h,v 1.91 2011/09/23 07:45:05 markus Exp $ */
-+/* $OpenBSD: readconf.h,v 1.93 2013/02/22 04:45:09 dtucker Exp $ */
- 
- /*
-  * Author: Tatu Ylonen <ylo@cs.hut.fi>
-@@ -96,6 +96,7 @@ typedef struct {
- 
- 	int     num_identity_files;	/* Number of files for RSA/DSA identities. */
- 	char   *identity_files[SSH_MAX_IDENTITY_FILES];
-+	int    identity_file_userprovided[SSH_MAX_IDENTITY_FILES];
- 	Key    *identity_keys[SSH_MAX_IDENTITY_FILES];
- 
- 	/* Local TCP/IP forward requests. */
-@@ -148,15 +149,20 @@ typedef struct {
- #define REQUEST_TTY_YES		2
- #define REQUEST_TTY_FORCE	3
- 
-+#define SSHCONF_CHECKPERM	1  /* check permissions on config file */
-+#define SSHCONF_USERCONF	2  /* user provided config file not system */
-+
- void     initialize_options(Options *);
- void     fill_default_options(Options *);
- int	 read_config_file(const char *, const char *, Options *, int);
- int	 parse_forward(Forward *, const char *, int, int);
- 
- int
--process_config_line(Options *, const char *, char *, const char *, int, int *);
-+process_config_line(Options *, const char *, char *, const char *, int, int *,
-+    int);
- 
- void	 add_local_forward(Options *, const Forward *);
- void	 add_remote_forward(Options *, const Forward *);
-+void	 add_identity_file(Options *, const char *, const char *, int);
- 
- #endif				/* READCONF_H */
-Index: ssh.c
-===================================================================
-RCS file: /home/dtucker/openssh/cvs/openssh/ssh.c,v
---- a/ssh.c	6 Jul 2012 03:45:01 -0000	1.366
-+++ b/ssh.c	5 Apr 2013 02:36:11 -0000
-@@ -1,4 +1,4 @@ 
--/* $OpenBSD: ssh.c,v 1.370 2012/07/06 01:47:38 djm Exp $ */
-+/* $OpenBSD: ssh.c,v 1.372 2013/02/22 04:45:09 dtucker Exp $ */
- /*
-  * Author: Tatu Ylonen <ylo@cs.hut.fi>
-  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
-@@ -405,12 +405,7 @@ main(int ac, char **av)
- 				    strerror(errno));
- 				break;
- 			}
--			if (options.num_identity_files >=
--			    SSH_MAX_IDENTITY_FILES)
--				fatal("Too many identity files specified "
--				    "(max %d)", SSH_MAX_IDENTITY_FILES);
--			options.identity_files[options.num_identity_files++] =
--			    xstrdup(optarg);
-+			add_identity_file(&options, NULL, optarg, 1);
- 			break;
- 		case 'I':
- #ifdef ENABLE_PKCS11
-@@ -584,7 +579,8 @@ main(int ac, char **av)
- 			dummy = 1;
- 			line = xstrdup(optarg);
- 			if (process_config_line(&options, host ? host : "",
--			    line, "command-line", 0, &dummy) != 0)
-+			    line, "command-line", 0, &dummy, SSHCONF_USERCONF)
-+			    != 0)
- 				exit(255);
- 			xfree(line);
- 			break;
-@@ -678,14 +674,15 @@ main(int ac, char **av)
- 	 * file if the user specifies a config file on the command line.
- 	 */
- 	if (config != NULL) {
--		if (!read_config_file(config, host, &options, 0))
-+		if (!read_config_file(config, host, &options, SSHCONF_USERCONF))
- 			fatal("Can't open user config file %.100s: "
- 			    "%.100s", config, strerror(errno));
- 	} else {
- 		r = snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir,
- 		    _PATH_SSH_USER_CONFFILE);
- 		if (r > 0 && (size_t)r < sizeof(buf))
--			(void)read_config_file(buf, host, &options, 1);
-+			(void)read_config_file(buf, host, &options,
-+			     SSHCONF_CHECKPERM|SSHCONF_USERCONF);
- 
- 		/* Read systemwide configuration file after user config. */
- 		(void)read_config_file(_PATH_HOST_CONFIG_FILE, host,
-Index: sshconnect2.c
-===================================================================
-RCS file: /home/dtucker/openssh/cvs/openssh/sshconnect2.c,v
---- a/sshconnect2.c	20 Mar 2013 01:55:15 -0000	1.184
-+++ b/sshconnect2.c	5 Apr 2013 02:36:07 -0000
-@@ -1,4 +1,4 @@ 
--/* $OpenBSD: sshconnect2.c,v 1.191 2013/02/15 00:21:01 dtucker Exp $ */
-+/* $OpenBSD: sshconnect2.c,v 1.192 2013/02/17 23:16:57 dtucker Exp $ */
- /*
-  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
-  * Copyright (c) 2008 Damien Miller.  All rights reserved.
-@@ -1384,7 +1384,7 @@ pubkey_prepare(Authctxt *authctxt)
- 		id = xcalloc(1, sizeof(*id));
- 		id->key = key;
- 		id->filename = xstrdup(options.identity_files[i]);
--		id->userprovided = 1;
-+		id->userprovided = options.identity_file_userprovided[i];
- 		TAILQ_INSERT_TAIL(&files, id, next);
- 	}
- 	/* Prefer PKCS11 keys that are explicitly listed */