Add patch from MacPorts to fix X11 forwarding under Mac OS X Yosemite.

4 files changed, 119 insertions, 6 deletions

diff --git a/security/openssh/Makefile b/security/openssh/Makefile
index e9b81a73eec..59f17bbe990 100644
--- a/security/openssh/Makefile
+++ b/security/openssh/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.227 2015/02/16 11:03:20 jperkin Exp $
+# $NetBSD: Makefile,v 1.228 2015/03/19 20:23:55 tron Exp $
 
 DISTNAME=		openssh-6.6p1
 PKGNAME=		openssh-6.6.1
-PKGREVISION=		4
+PKGREVISION=		5
 CATEGORIES=		security
 MASTER_SITES=		${MASTER_SITE_OPENBSD:=OpenSSH/portable/}
 
diff --git a/security/openssh/distinfo b/security/openssh/distinfo
index 148dbd4413b..a44b49df3a0 100644
--- a/security/openssh/distinfo
+++ b/security/openssh/distinfo
@@ -1,8 +1,5 @@
-$NetBSD: distinfo,v 1.87 2014/10/08 15:50:22 taca Exp $
+$NetBSD: distinfo,v 1.88 2015/03/19 20:23:55 tron Exp $
 
-SHA1 (openssh-6.6p1-hpnssh14v4.diff.gz) = 1cb86c7151ea4c805cfb1197eac13844cd8f2f2c
-RMD160 (openssh-6.6p1-hpnssh14v4.diff.gz) = 292cea7880ff66040d915f2d5957dd27d0835984
-Size (openssh-6.6p1-hpnssh14v4.diff.gz) = 23417 bytes
 SHA1 (openssh-6.6p1.tar.gz) = b850fd1af704942d9b3c2eff7ef6b3a59b6a6b6e
 RMD160 (openssh-6.6p1.tar.gz) = e19ed34e240001898b6665bb4356b868bba5513d
 Size (openssh-6.6p1.tar.gz) = 1282502 bytes
@@ -12,6 +9,8 @@ SHA1 (patch-auth-rhosts.c) = ab8dd3e375accc5bed3e15b158a85a1b1f9a2e3e
 SHA1 (patch-auth.c) = 950b0380bcbb0fa1681014cfbb41528d09a10a18
 SHA1 (patch-auth1.c) = 7b0481f445bc85cce9d7539b00bf581b9aa09fea
 SHA1 (patch-auth2.c) = 8f4f97516874fc4af5814cbd3a1f59b9ca77b43f
+SHA1 (patch-channels.c) = 88af4136f13f93d73c70caacea0a2ded0601d1cf
+SHA1 (patch-clientloop.c) = 499f34ce4e067f1da8aca257cfa7dd820efa3504
 SHA1 (patch-config.h.in) = 9799f48f204aa213318914f1d6c45e83a8af942f
 SHA1 (patch-configure) = 3015dda57a5626667cf5c15c7c7be25f8844cfc6
 SHA1 (patch-configure.ac) = 996a3bcf133a0832b9d7fa35cc0983562d9fa60a
diff --git a/security/openssh/patches/patch-channels.c b/security/openssh/patches/patch-channels.c
new file mode 100644
index 00000000000..5e35a13d744
--- /dev/null
+++ b/security/openssh/patches/patch-channels.c
@@ -0,0 +1,51 @@
+$NetBSD: patch-channels.c,v 1.1 2015/03/19 20:23:55 tron Exp $
+
+Fix X11 forwarding under Mac OS X Yosemite. Patch taken from MacPorts.
+
+https://trac.macports.org/browser/trunk/dports/net/openssh/files/launchd.patch?rev=121205
+
+--- channels.c.orig	2014-02-26 23:18:33.000000000 +0000
++++ channels.c	2015-03-19 20:16:04.000000000 +0000
+@@ -3576,15 +3576,35 @@
+ 	 * connection to the real X server.
+ 	 */
+ 
+-	/* Check if the display is from launchd. */
+ #ifdef __APPLE__
+-	if (strncmp(display, "/tmp/launch", 11) == 0) {
+-		sock = connect_local_xsocket_path(display);
+-		if (sock < 0)
+-			return -1;
++	/* Check if the display is a path to a socket (as set by launchd). */
++	{
++		char path[PATH_MAX];
++		struct stat sbuf;
++		int is_path_to_socket = 0;
++
++		strlcpy(path, display, sizeof(path));
++		if (0 == stat(path, &sbuf)) {
++			is_path_to_socket = 1;
++		} else {
++			char *dot = strrchr(path, '.');
++			if (dot) {
++				*dot = '\0';
++				/* screen = atoi(dot + 1); */
++				if (0 == stat(path, &sbuf)) {
++					is_path_to_socket=1;
++				}
++			}
++		}
+ 
+-		/* OK, we now have a connection to the display. */
+-		return sock;
++		if (is_path_to_socket) {
++			sock = connect_local_xsocket_path(path);
++			if (sock < 0)
++				return -1;
++
++			/* OK, we now have a connection to the display. */
++			return sock;
++		}
+ 	}
+ #endif
+ 	/*
diff --git a/security/openssh/patches/patch-clientloop.c b/security/openssh/patches/patch-clientloop.c
new file mode 100644
index 00000000000..b212f23f7a5
--- /dev/null
+++ b/security/openssh/patches/patch-clientloop.c
@@ -0,0 +1,63 @@
+$NetBSD: patch-clientloop.c,v 1.1 2015/03/19 20:23:55 tron Exp $
+
+Fix X11 forwarding under Mac OS X Yosemite. Patch taken from MacPorts.
+
+https://trac.macports.org/browser/trunk/dports/net/openssh/files/launchd.patch?rev=121205
+
+--- clientloop.c.orig	2014-02-04 00:20:15.000000000 +0000
++++ clientloop.c	2015-03-19 20:16:04.000000000 +0000
+@@ -313,6 +313,10 @@
+ 	struct stat st;
+ 	u_int now;
+ 
++#if __APPLE__
++	int is_path_to_socket = 0;
++#endif /* __APPLE__ */
++
+ 	xauthdir = xauthfile = NULL;
+ 	*_proto = proto;
+ 	*_data = data;
+@@ -328,6 +332,33 @@
+ 			debug("x11_get_proto: DISPLAY not set");
+ 			return;
+ 		}
++#if __APPLE__
++		{
++			/*
++			 * If using launchd socket, remove the screen number from the end
++			 * of $DISPLAY. is_path_to_socket is used later in this function
++			 * to determine if an error should be displayed.
++			 */
++			char path[PATH_MAX];
++			struct stat sbuf;
++
++			strlcpy(path, display, sizeof(path));
++			if (0 == stat(path, &sbuf)) {
++				is_path_to_socket = 1;
++			} else {
++				char *dot = strrchr(path, '.');
++				if (dot) {
++					*dot = '\0';
++					/* screen = atoi(dot + 1); */
++					if (0 == stat(path, &sbuf)) {
++						is_path_to_socket = 1;
++						debug("x11_get_proto: $DISPLAY is launchd, removing screennum");
++						setenv("DISPLAY", path, 1);
++					}
++				}
++			}
++		}
++#endif /* __APPLE__ */
+ 		/*
+ 		 * Handle FamilyLocal case where $DISPLAY does
+ 		 * not match an authorization entry.  For this we
+@@ -407,6 +438,9 @@
+ 	if (!got_data) {
+ 		u_int32_t rnd = 0;
+ 
++#if __APPLE__
++		if (!is_path_to_socket)
++#endif /* __APPLE__ */
+ 		logit("Warning: No xauth data; "
+ 		    "using fake authentication data for X11 forwarding.");
+ 		strlcpy(proto, SSH_X11_PROTO, sizeof proto);