OpenSSH patches for Mac OS X

Disco Vince Giffin vgiffin at apple.com
Fri Dec 14 09:04:51 EST 2007 

OpenSSH Unix Dev,

	Mac OS X 10.5 recently shipped with OpenSSH 4.5p1.  This build  
includes a number of patches, some general bug fixes and some platform- 
specific fixes and enhancements.  These patches are available from our  
open source site (http://www.opensource.apple.com/darwinsource/10.5/OpenSSH-87/ 
).
	Following is a brief description of each patch.  We'd be more than  
happy to see any of these patches integrated into the official  
portable OpenSSH distribution.

AJ-5229538+5383306_keychain.patch
	Allows users to store key passphrases in the Mac OS X Keychain.

DVG+AJ-5370108_fix_globbing_in_Leopard_sftp.patch
	sftp makes certain assumptions about the behavior of glob(3) that no  
longer hold on Mac OS X.  This patch forces the openbsd-compat  
implementation.

DVG-3977221_manpage_tweaks.patch
	Removes references to login.conf from sshd_config man page.

DVG-4122722+5277818_new_EA.patch & DVG-4648874_preserve_EA_mtime.patch
	Adds a scp -E option, which preserves HFS+ extended attributes.

DVG-4157448+4920695_corrected_UsePAM_comment.patch
	Corrects comments in sshd_config about using PAM with OpenSSH.

DVG-4212542_auth_error_logging_fix.patch
	Keeps sshd from logging to the console.

DVG-4694589_16_group_limit_fix.patch
	Fixes issue with users in more than 16 groups.

DVG-4748610+4897588_ssh-agent_via_launchd.patch
	Adds support for launching ssh-agent from Mac OS X's launchd.

DVG-4808140_getpwuid_botch.patch
	Fixes a bug where ssh makes calls to getpwuid and expects the  
returned value to remain unchanged after subsequent calls, which is  
not guaranteed by POSIX.

DVG-4853931_enable_GSSAPI.patch & pam.patch
	Changes some default settings on Mac OS X.

DVG-4853931_enable_GSSAPI_AfterInstall.patch & apple-bsm.patch
	Unused.

DVG-4907495_name_resolution_error_message.patch
	Improves a generic "System error" message when hostname resolution  
fails.

DVG-5142987_launchd_DISPLAY_for_X11.patch
	Fixes issue with X11 forwarding on Mac OS X.

DVG-5258734_pty_permission_fix.patch & sshpty.c.patch
	Fixes PTY handling on Mac OS X.

bsm.patch
	Part of BSM support.

lastlog.patch
	Fixes lastlog on Mac OS X.

openssh-4.4p1-gsskex-20061002.patch
	Kerberos GSS Key Exchange support.

sacl.patch
	Service ACL support.


- Disco Vince Giffin
   OS Security Engineer
   Apple Inc.

More information about the openssh-unix-dev mailing list