diff options
| author | kristerw <kristerw> | 2004-06-01 21:50:37 +0000 |
|---|---|---|
| committer | kristerw <kristerw> | 2004-06-01 21:50:37 +0000 |
| commit | 5466e821e917d9f6e7d90413152452c7b99307a1 (patch) | |
| tree | 7c3dcbec968f4c56d1bc334d2727626cd80359f1 /security | |
| parent | c30e634321d514052ec65b5122d65691febae84e (diff) | |
| download | pkgsrc-5466e821e917d9f6e7d90413152452c7b99307a1.tar.gz | |
Remove obsolete packages, per discussion on tech-pkg.
Diffstat (limited to 'security')
63 files changed, 1 insertions, 8643 deletions
diff --git a/security/Makefile b/security/Makefile index 986c166c245..c927b9d8158 100644 --- a/security/Makefile +++ b/security/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.183 2004/05/26 12:05:10 sekiya Exp $ +# $NetBSD: Makefile,v 1.184 2004/06/01 21:50:37 kristerw Exp $ # COMMENT= Security tools @@ -92,7 +92,6 @@ SUBDIR+= nfsbug SUBDIR+= nikto SUBDIR+= opencdk SUBDIR+= openssh -SUBDIR+= openssh+gssapi SUBDIR+= openssl SUBDIR+= otpcalc SUBDIR+= p0f @@ -173,7 +172,6 @@ SUBDIR+= sniff SUBDIR+= snortsnarf SUBDIR+= srm SUBDIR+= srp_client -SUBDIR+= ssh SUBDIR+= ssh-askpass SUBDIR+= ssh-ip-tunnel SUBDIR+= ssh2 diff --git a/security/openssh+gssapi/DESCR b/security/openssh+gssapi/DESCR deleted file mode 100644 index 784da25242d..00000000000 --- a/security/openssh+gssapi/DESCR +++ /dev/null @@ -1,8 +0,0 @@ -OpenSSH is based on the last free version of Tatu Ylonen's SSH with -all patent-encumbered algorithms removed (to external libraries), all -known security bugs fixed, new features reintroduced and many other -clean-ups. More information about SSH itself can be found in the file -README.Ylonen. OpenSSH has been created by Aaron Campbell, Bob Beck, -Markus Friedl, Niels Provos, Theo de Raadt, and Dug Song. - -This package adds enhanced support for GSSAPI, provided by sxw.org.uk. diff --git a/security/openssh+gssapi/INSTALL b/security/openssh+gssapi/INSTALL deleted file mode 100644 index d6becd802c0..00000000000 --- a/security/openssh+gssapi/INSTALL +++ /dev/null @@ -1,36 +0,0 @@ -# $NetBSD: INSTALL,v 1.2 2003/08/30 20:23:07 jlam Exp $ - -DIRS="/etc /etc/ssh ${PKG_PREFIX}/etc ${PKG_PREFIX}/etc/ssh" -FILES="sshd.conf sshd_config" - -case ${STAGE} in -POST-INSTALL) - for dir in $DIRS; do - if [ "@PKG_SYSCONFDIR@" != "$dir" ]; then - for file in $FILES; do - path=$dir/$file - if [ -f $path ]; then - ${CAT} <<EOF -=========================================================================== - - *===* NOTICE *===* - -WARNING: previous configuration file $path found. - -The config files for ${PKGNAME} must be located in: - - @PKG_SYSCONFDIR@ - -You will need to ensure your configuration files and/or keys are -placed in the correct directory before using ${PKGNAME}. - -=========================================================================== -EOF - - exit - fi - done - fi - done - ;; -esac diff --git a/security/openssh+gssapi/MESSAGE b/security/openssh+gssapi/MESSAGE deleted file mode 100644 index 482f771c674..00000000000 --- a/security/openssh+gssapi/MESSAGE +++ /dev/null @@ -1,17 +0,0 @@ -=========================================================================== -$NetBSD: MESSAGE,v 1.1.1.1 2003/07/24 21:01:23 jwise Exp $ - - *===* NOTICE *===* - -If you have existing config files for OpenSSH located at /etc/ssh.conf -and /etc/sshd.conf, then you will have to copy them: - - /etc/ssh.conf --> ${PKG_SYSCONFDIR}/ssh_config - /etc/sshd.conf --> ${PKG_SYSCONFDIR}/sshd_config - -The `${OPENSSH_USER}' user and `${OPENSSH_GROUP}' group used for -privilege separation have been created if they did not already exist. -For security reasons, UsePrivilegeSeparation has to be yes -(the default value). - -=========================================================================== diff --git a/security/openssh+gssapi/MESSAGE.pam b/security/openssh+gssapi/MESSAGE.pam deleted file mode 100644 index 65185d65a13..00000000000 --- a/security/openssh+gssapi/MESSAGE.pam +++ /dev/null @@ -1,9 +0,0 @@ -=========================================================================== -$NetBSD: MESSAGE.pam,v 1.1.1.1 2003/07/24 21:01:23 jwise Exp $ - -To authenticate for SSH using PAM, add the contents of the file: - - ${EGDIR}/sshd.pam - -to your PAM configuration file. -=========================================================================== diff --git a/security/openssh+gssapi/MESSAGE.urandom b/security/openssh+gssapi/MESSAGE.urandom deleted file mode 100644 index 6c3f593d0ae..00000000000 --- a/security/openssh+gssapi/MESSAGE.urandom +++ /dev/null @@ -1,8 +0,0 @@ -=========================================================================== -$NetBSD: MESSAGE.urandom,v 1.1.1.1 2003/07/24 21:01:23 jwise Exp $ - -You will need a working /dev/urandom. Please make sure you have a kernel -compiled from a config file containing the line: - - pseudo-device rnd -=========================================================================== diff --git a/security/openssh+gssapi/Makefile b/security/openssh+gssapi/Makefile deleted file mode 100644 index 3320a6bf0ea..00000000000 --- a/security/openssh+gssapi/Makefile +++ /dev/null @@ -1,162 +0,0 @@ -# $NetBSD: Makefile,v 1.14 2004/05/11 04:40:59 snj Exp $ - -# NOTE: This package is modeled on ../openssh, but does not share -# files with it as that package may update faster than the gssapi -# patches do. - -DISTNAME= openssh-3.6.1p2 -PKGNAME= openssh+gssapi-3.6.1.2.20030430 -PKGREVISION= 3 -SVR4_PKGNAME= osshgss -CATEGORIES= security -MASTER_SITES= ftp://ftp7.usa.openbsd.org/pub/os/OpenBSD/OpenSSH/portable/ \ - ftp://ftp.stealth.net/pub/mirrors/ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \ - http://public.planetmirror.com.au/pub/OpenBSD/OpenSSH/portable/ \ - ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \ - ftp://gd.tuwien.ac.at/opsys/OpenBSD/OpenSSH/portable/ \ - ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/old/ -PATCH_SITES= http://www.sxw.org.uk/computing/patches/ -PATCHFILES= openssh-3.6.1p2-gssapi-20030430.diff -PATCH_DIST_STRIP= -p1 - -# Don't delete the last entry -- it's there if the pkgsrc version is not -# up-to-date and the mirrors already removed the old distfile. - -MAINTAINER= jwise@NetBSD.org -HOMEPAGE= http://www.openssh.com/ -COMMENT= Open Source Secure shell client and server with enhanced GSSAPI support - -CONFLICTS= sftp-[0-9]* -CONFLICTS+= ssh-[0-9]* ssh6-[0-9]* ssh2-[0-9]* -CONFLICTS+= openssh-[0-9]* - -USE_PERL5= build - -CRYPTO= yes -KERBEROS= yes - -# retain the following line, for IPv6-ready pkgsrc webpage -BUILD_DEFS+= USE_INET6 -#BUILD_DEFS+= KERBEROS - -.include "../../mk/bsd.prefs.mk" - -INSTALL_TARGET= install-nokeys -PLIST_SRC= # empty -MESSAGE_SRC= ${.CURDIR}/MESSAGE - -PKG_USERS= ${OPENSSH_USER}:${OPENSSH_GROUP}:${OPENSSH_UID}:sshd\\ privsep:${OPENSSH_CHROOT}:${NOLOGIN} -PKG_GROUPS= ${OPENSSH_GROUP}:${OPENSSH_GID} - -SSH_PID_DIR= /var/run # default directory for PID files - -PKG_SYSCONFSUBDIR= ssh -MANDIR= man - -PLIST_SUBST+= MANDIR=${MANDIR} - -USE_BUILDLINK3= yes -USE_PKGINSTALL= yes -GNU_CONFIGURE= yes -CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} -CONFIGURE_ARGS+= --mandir=${PREFIX}/${MANDIR} -CONFIGURE_ARGS+= --with-pid-dir=${SSH_PID_DIR} -CONFIGURE_ARGS+= --with-ssl-dir=${SSLBASE} -CONFIGURE_ARGS+= --with-tcp-wrappers=${BUILDLINK_PREFIX.tcp_wrappers} -CONFIGURE_ARGS+= --with-privsep-path=${OPENSSH_CHROOT} -CONFIGURE_ARGS+= --with-privsep-user=${OPENSSH_USER} -CONFIGURE_ARGS+= --with-kerberos5=/usr -CONFIGURE_ARGS+= --with-kerberos4=/usr - -CPPFLAGS+= -I/usr/include/krb5 -I/usr/include/kerberosIV - -# XXX: PAM authentication causes memory faults, and I haven't tracked down -# XXX: why yet. For the moment, disable PAM authentication. -# -#.if defined(USE_PAM) -#.include "../../security/PAM/buildlink3.mk" -#CONFIGURE_ARGS+= --with-pam -#PLIST_SRC+= ${.CURDIR}/PLIST.pam -#MESSAGE_SRC+= ${.CURDIR}/MESSAGE.pam -#.endif - -.if (${OPSYS} == "Darwin") || (${OPSYS} == "SunOS") -. include "../../security/skey/buildlink3.mk" -CONFIGURE_ARGS+= --with-skey=${BUILDLINK_PREFIX.skey} -.elif ${OPSYS} == "NetBSD" -# XXX: NetBSD has 4 args (4: sslen) to skeychallenge instead of 3 -#CONFIGURE_ARGS+= --with-skey=/usr -CONFIGURE_ARGS+= --without-skey -.else -CONFIGURE_ARGS+= --without-skey -.endif - -.if defined(KERBEROS) -PKG_USE_KERBEROS= yes -CONFIGURE_ARGS+= --with-kerberos4=/usr -LDFLAGS+= -lkrb -lcom_err -lroken -ldes -lcrypto -.endif - -CONFIGURE_ENV+= LD=${CC:Q} - -# The ssh-askpass program is in ${X11BASE}/bin or ${X11PREFIX}/bin depending -# on if it's part of the X11 distribution, or if it's installed from pkgsrc -# (security/ssh-askpass). -# -.if exists(${X11BASE}/bin/ssh-askpass) -ASKPASS_PROGRAM= ${X11BASE}/bin/ssh-askpass -.else -ASKPASS_PROGRAM= ${X11PREFIX}/bin/ssh-askpass -.endif -CONFIGURE_ENV+= ASKPASS_PROGRAM=${ASKPASS_PROGRAM} -MAKE_ENV+= ASKPASS_PROGRAM=${ASKPASS_PROGRAM} - -CONFS= ssh_config sshd_config -SUPPS= moduli - -.if exists(/dev/urandom) -MESSAGE_SRC+= ${.CURDIR}/MESSAGE.urandom -.else -CONFIGURE_ARGS+= --without-random -CONFS+= ssh_prng_cmds -PLIST_SRC+= ${.CURDIR}/PLIST.prng -.endif - -EGDIR= ${PREFIX}/share/examples/openssh -CONF_FILES= # empty -.for FILE in ${CONFS} -CONF_FILES+= ${EGDIR}/${FILE} ${PKG_SYSCONFDIR}/${FILE} -.endfor -SUPPORT_FILES= # empty -.for FILE in ${SUPPS} -SUPPORT_FILES+= ${EGDIR}/${FILE} ${PKG_SYSCONFDIR}/${FILE} -.endfor -OWN_DIRS= ${OPENSSH_CHROOT} -RCD_SCRIPTS= sshd - -PLIST_SRC+= ${.CURDIR}/PLIST -FILES_SUBST+= SSH_PID_DIR=${SSH_PID_DIR} -MESSAGE_SUBST+= EGDIR=${EGDIR} -MESSAGE_SUBST+= OPENSSH_USER=${OPENSSH_USER} -MESSAGE_SUBST+= OPENSSH_GROUP=${OPENSSH_GROUP} - -INSTALL_EXTRA_TMPL+= ${.CURDIR}/INSTALL - -pre-configure: - cd ${WRKSRC} && ${AUTORECONF} - -post-install: - ${INSTALL_DATA_DIR} ${EGDIR} - cd ${WRKSRC}; for file in ${CONFS} ${SUPPS}; do \ - ${INSTALL_DATA} $${file}.out ${EGDIR}/$${file}; \ - done -#.if defined(USE_PAM) -# ${INSTALL_DATA} ${WRKSRC}/contrib/sshd.pam.freebsd ${EGDIR}/sshd.pam -#.endif - -.include "../../devel/zlib/buildlink3.mk" -.include "../../security/openssl/buildlink3.mk" -.include "../../security/tcp_wrappers/buildlink3.mk" -.include "../../mk/autoconf.mk" - -.include "../../mk/bsd.pkg.mk" diff --git a/security/openssh+gssapi/PLIST b/security/openssh+gssapi/PLIST deleted file mode 100644 index 53634976bc4..00000000000 --- a/security/openssh+gssapi/PLIST +++ /dev/null @@ -1,29 +0,0 @@ -@comment $NetBSD: PLIST,v 1.2 2004/04/23 22:07:58 reed Exp $ -bin/scp -bin/sftp -bin/slogin -bin/ssh -bin/ssh-add -bin/ssh-agent -bin/ssh-keygen -bin/ssh-keyscan -libexec/sftp-server -libexec/ssh-keysign -${MANDIR}/man1/scp.1 -${MANDIR}/man1/sftp.1 -${MANDIR}/man1/slogin.1 -${MANDIR}/man1/ssh-add.1 -${MANDIR}/man1/ssh-agent.1 -${MANDIR}/man1/ssh-keygen.1 -${MANDIR}/man1/ssh-keyscan.1 -${MANDIR}/man1/ssh.1 -${MANDIR}/man5/ssh_config.5 -${MANDIR}/man5/sshd_config.5 -${MANDIR}/man8/sftp-server.8 -${MANDIR}/man8/ssh-keysign.8 -${MANDIR}/man8/sshd.8 -sbin/sshd -share/examples/openssh/moduli -share/examples/openssh/ssh_config -share/examples/openssh/sshd_config -@dirrm share/examples/openssh diff --git a/security/openssh+gssapi/PLIST.pam b/security/openssh+gssapi/PLIST.pam deleted file mode 100644 index 51a30ff1f77..00000000000 --- a/security/openssh+gssapi/PLIST.pam +++ /dev/null @@ -1,2 +0,0 @@ -@comment $NetBSD: PLIST.pam,v 1.1.1.1 2003/07/24 21:01:23 jwise Exp $ -share/examples/openssh/sshd.pam diff --git a/security/openssh+gssapi/PLIST.prng b/security/openssh+gssapi/PLIST.prng deleted file mode 100644 index 16c1a2cb120..00000000000 --- a/security/openssh+gssapi/PLIST.prng +++ /dev/null @@ -1,3 +0,0 @@ -@comment $NetBSD: PLIST.prng,v 1.1.1.1 2003/07/24 21:01:23 jwise Exp $ -libexec/ssh-rand-helper -share/examples/openssh/ssh_prng_cmds diff --git a/security/openssh+gssapi/distinfo b/security/openssh+gssapi/distinfo deleted file mode 100644 index b2cf12aaff1..00000000000 --- a/security/openssh+gssapi/distinfo +++ /dev/null @@ -1,11 +0,0 @@ -$NetBSD: distinfo,v 1.3 2003/09/17 14:27:03 jwise Exp $ - -SHA1 (openssh-3.6.1p2.tar.gz) = dafe5b6ee2c8ced12c2ee8961530b4e51c2f0bcf -Size (openssh-3.6.1p2.tar.gz) = 879629 bytes -SHA1 (openssh-3.6.1p2-gssapi-20030430.diff) = a938638ad7d861e4f55ef5f8410acfdaac8a9e57 -Size (openssh-3.6.1p2-gssapi-20030430.diff) = 121077 bytes -SHA1 (patch-aa) = 20abe6938aba07ab7b6c7eab5d24a303f0cd2298 -SHA1 (patch-ab) = 1069fe256b7925fcf404781ef14e5c492f52c21e -SHA1 (patch-ah) = 9913c868bde5d318915b1dee2c05dcf454a0f506 -SHA1 (patch-ai) = a564c1c9df9704fa8ed20bd31a5eb36450c72f2b -SHA1 (patch-aj) = a83eed6c0a5703a2953682b4627be38a87bfb65f diff --git a/security/openssh+gssapi/files/sshd.sh b/security/openssh+gssapi/files/sshd.sh deleted file mode 100644 index b33955a6e31..00000000000 --- a/security/openssh+gssapi/files/sshd.sh +++ /dev/null @@ -1,105 +0,0 @@ -#!@RCD_SCRIPTS_SHELL@ -# -# $NetBSD: sshd.sh,v 1.1.1.1 2003/07/24 21:01:23 jwise Exp $ -# -# PROVIDE: sshd -# REQUIRE: DAEMON LOGIN - -if [ -f /etc/rc.subr ] -then - . /etc/rc.subr -fi - -name="sshd" -rcvar=$name -command="@PREFIX@/sbin/${name}" -keygen_command="@PREFIX@/bin/ssh-keygen" -pidfile="@SSH_PID_DIR@/${name}.pid" -required_files="@PKG_SYSCONFDIR@/sshd_config" -extra_commands="keygen reload" - -sshd_keygen() -{ - ( - umask 022 - if [ -f @PKG_SYSCONFDIR@/ssh_host_key ]; then - @ECHO@ "You already have an RSA host key in @PKG_SYSCONFDIR@/ssh_host_key" - @ECHO@ "Skipping protocol version 1 RSA Key Generation" - else - ${keygen_command} -t rsa1 -b 1024 -f @PKG_SYSCONFDIR@/ssh_host_key -N '' - fi - - if [ -f @PKG_SYSCONFDIR@/ssh_host_dsa_key ]; then - @ECHO@ "You already have a DSA host key in @PKG_SYSCONFDIR@/ssh_host_dsa_key" - @ECHO@ "Skipping protocol version 2 DSA Key Generation" - else - ${keygen_command} -t dsa -f @PKG_SYSCONFDIR@/ssh_host_dsa_key -N '' - fi - - if [ -f @PKG_SYSCONFDIR@/ssh_host_rsa_key ]; then - @ECHO@ "You already have a RSA host key in @PKG_SYSCONFDIR@/ssh_host_rsa_key" - @ECHO@ "Skipping protocol version 2 RSA Key Generation" - else - ${keygen_command} -t rsa -f @PKG_SYSCONFDIR@/ssh_host_rsa_key -N '' - fi - ) -} - -sshd_precmd() -{ - if [ ! -f @PKG_SYSCONFDIR@/ssh_host_key -o \ - ! -f @PKG_SYSCONFDIR@/ssh_host_dsa_key -o \ - ! -f @PKG_SYSCONFDIR@/ssh_host_rsa_key ]; then - if [ -f /etc/rc.subr -a -f /etc/rc.conf -a -f /etc/rc.d/DAEMON ] - then - run_rc_command keygen - else - eval ${keygen_cmd} - fi - fi -} - -keygen_cmd=sshd_keygen -start_precmd=sshd_precmd - -if [ -f /etc/rc.subr -a -f /etc/rc.conf -a -f /etc/rc.d/DAEMON ] -then - load_rc_config $name - run_rc_command "$1" -else - case ${1:-start} in - start) - if [ -x ${command} -a -f ${required_files} ] - then - @ECHO@ "Starting ${name}." - eval ${start_precmd} - eval ${command} ${sshd_flags} ${command_args} - fi - ;; - stop) - if [ -f ${pidfile} ]; then - pid=`@HEAD@ -1 ${pidfile}` - @ECHO@ "Stopping ${name}." - kill -TERM ${pid} - else - @ECHO@ "${name} not running?" - fi - ;; - restart) - ( $0 stop ) - sleep 1 - $0 start - ;; - status) - if [ -f ${pidfile} ]; then - pid=`@HEAD@ -1 ${pidfile}` - @ECHO@ "${name} is running as pid ${pid}." - else - @ECHO@ "${name} is not running." - fi - ;; - keygen) - eval ${keygen_cmd} - ;; - esac -fi diff --git a/security/openssh+gssapi/patches/patch-aa b/security/openssh+gssapi/patches/patch-aa deleted file mode 100644 index a505c8d77c1..00000000000 --- a/security/openssh+gssapi/patches/patch-aa +++ /dev/null @@ -1,34 +0,0 @@ -$NetBSD: patch-aa,v 1.1.1.1 2003/07/24 21:01:23 jwise Exp $ - ---- configure.orig Tue Apr 29 02:37:28 2003 -+++ configure Tue Jun 10 13:38:01 2003 -@@ -4939,6 +4939,9 @@ - ;; - esac - -+# pkgsrc handles any rpath settings this package needs -+need_dash_r= -+ - # Allow user to specify flags - - # Check whether --with-cflags or --without-cflags was given. -@@ -7030,6 +7033,10 @@ - cat >>conftest.$ac_ext <<_ACEOF - /* end confdefs.h. */ - -+#ifdef HAVE_SYS_CDEFS_H -+#include <sys/cdefs.h> -+#endif -+#include <stdio.h> - #include <tcpd.h> - int deny_severity = 0, allow_severity = 0; - -@@ -19123,7 +19130,7 @@ - echo " User binaries: $B" - echo " System binaries: $C" - echo " Configuration files: $D" --echo " Askpass program: $E" -+echo " Askpass program: ${ASKPASS_PROGRAM}" - echo " Manual pages: $F" - echo " PID file: $G" - echo " Privilege separation chroot path: $H" diff --git a/security/openssh+gssapi/patches/patch-ab b/security/openssh+gssapi/patches/patch-ab deleted file mode 100644 index 78af9066543..00000000000 --- a/security/openssh+gssapi/patches/patch-ab +++ /dev/null @@ -1,34 +0,0 @@ -$NetBSD: patch-ab,v 1.1.1.1 2003/07/24 21:01:24 jwise Exp $ - ---- configure.ac.orig Thu Sep 26 00:38:47 2002 -+++ configure.ac -@@ -341,6 +341,9 @@ mips-sony-bsd|mips-sony-newsos4) - ;; - esac - -+# pkgsrc handles any rpath settings this package needs -+need_dash_r= -+ - # Allow user to specify flags - AC_ARG_WITH(cflags, - [ --with-cflags Specify additional flags to pass to compiler], -@@ -575,6 +578,10 @@ AC_ARG_WITH(tcp-wrappers, - AC_MSG_CHECKING(for libwrap) - AC_TRY_LINK( - [ -+#ifdef HAVE_SYS_CDEFS_H -+#include <sys/cdefs.h> -+#endif -+#include <stdio.h> - #include <tcpd.h> - int deny_severity = 0, allow_severity = 0; - ], -@@ -2449,7 +2456,7 @@ echo "OpenSSH has been configured with t - echo " User binaries: $B" - echo " System binaries: $C" - echo " Configuration files: $D" --echo " Askpass program: $E" -+echo " Askpass program: ${ASKPASS_PROGRAM}" - echo " Manual pages: $F" - echo " PID file: $G" - echo " Privilege separation chroot path: $H" diff --git a/security/openssh+gssapi/patches/patch-ah b/security/openssh+gssapi/patches/patch-ah deleted file mode 100644 index 195dd6ba600..00000000000 --- a/security/openssh+gssapi/patches/patch-ah +++ /dev/null @@ -1,22 +0,0 @@ -$NetBSD: patch-ah,v 1.1.1.1 2003/07/24 21:01:24 jwise Exp $ - ---- Makefile.in.orig Fri Jun 21 10:38:53 2002 -+++ Makefile.in Tue Jun 25 10:50:44 2002 -@@ -21,7 +21,7 @@ - DESTDIR= - VPATH=@srcdir@ - SSH_PROGRAM=@bindir@/ssh --ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass -+#ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass - SFTP_SERVER=$(libexecdir)/sftp-server - SSH_KEYSIGN=$(libexecdir)/ssh-keysign - RAND_HELPER=$(libexecdir)/ssh-rand-helper -@@ -203,7 +203,7 @@ - scard-install: - (cd scard && $(MAKE) DESTDIR=$(DESTDIR) install) - --install-files: scard-install -+install-files: - $(srcdir)/mkinstalldirs $(DESTDIR)$(bindir) - $(srcdir)/mkinstalldirs $(DESTDIR)$(sbindir) - $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir) diff --git a/security/openssh+gssapi/patches/patch-ai b/security/openssh+gssapi/patches/patch-ai deleted file mode 100644 index 7c5b86be082..00000000000 --- a/security/openssh+gssapi/patches/patch-ai +++ /dev/null @@ -1,62 +0,0 @@ -$NetBSD: patch-ai,v 1.2 2003/09/17 14:27:07 jwise Exp $ -Index: buffer.c -=================================================================== -RCS file: /cvs/src/usr.bin/ssh/buffer.c,v -retrieving revision 1.16 -retrieving revision 1.18 -diff -u -r1.16 -r1.18 ---- buffer.c 26 Jun 2002 08:54:18 -0000 1.16 -+++ buffer.c 16 Sep 2003 21:02:39 -0000 1.18 -@@ -23,8 +23,11 @@ - void - buffer_init(Buffer *buffer) - { -- buffer->alloc = 4096; -- buffer->buf = xmalloc(buffer->alloc); -+ const u_int len = 4096; -+ -+ buffer->alloc = 0; -+ buffer->buf = xmalloc(len); -+ buffer->alloc = len; - buffer->offset = 0; - buffer->end = 0; - } -@@ -34,8 +37,10 @@ - void - buffer_free(Buffer *buffer) - { -- memset(buffer->buf, 0, buffer->alloc); -- xfree(buffer->buf); -+ if (buffer->alloc > 0) { -+ memset(buffer->buf, 0, buffer->alloc); -+ xfree(buffer->buf); -+ } - } - - /* -@@ -69,6 +74,7 @@ - void * - buffer_append_space(Buffer *buffer, u_int len) - { -+ u_int newlen; - void *p; - - if (len > 0x100000) -@@ -98,11 +104,13 @@ - goto restart; - } - /* Increase the size of the buffer and retry. */ -- buffer->alloc += len + 32768; -- if (buffer->alloc > 0xa00000) -+ -+ newlen = buffer->alloc + len + 32768; -+ if (newlen > 0xa00000) - fatal("buffer_append_space: alloc %u not supported", -- buffer->alloc); -- buffer->buf = xrealloc(buffer->buf, buffer->alloc); -+ newlen); -+ buffer->buf = xrealloc(buffer->buf, newlen); -+ buffer->alloc = newlen; - goto restart; - /* NOTREACHED */ - } diff --git a/security/openssh+gssapi/patches/patch-aj b/security/openssh+gssapi/patches/patch-aj deleted file mode 100644 index decfa9b91fa..00000000000 --- a/security/openssh+gssapi/patches/patch-aj +++ /dev/null @@ -1,26 +0,0 @@ -$NetBSD: patch-aj,v 1.1 2003/09/17 14:27:07 jwise Exp $ -Index: channels.c -=================================================================== -RCS file: /cvs/src/usr.bin/ssh/channels.c,v -retrieving revision 1.194 -retrieving revision 1.195 -diff -u -r1.194 -r1.195 ---- channels.c 29 Aug 2003 10:04:36 -0000 1.194 -+++ channels.c 16 Sep 2003 21:02:40 -0000 1.195 -@@ -228,12 +228,13 @@ - if (found == -1) { - /* There are no free slots. Take last+1 slot and expand the array. */ - found = channels_alloc; -- channels_alloc += 10; - if (channels_alloc > 10000) - fatal("channel_new: internal error: channels_alloc %d " - "too big.", channels_alloc); -+ channels = xrealloc(channels, -+ (channels_alloc + 10) * sizeof(Channel *)); -+ channels_alloc += 10; - debug2("channel: expanding %d", channels_alloc); -- channels = xrealloc(channels, channels_alloc * sizeof(Channel *)); - for (i = found; i < channels_alloc; i++) - channels[i] = NULL; - } - diff --git a/security/ssh/DEINSTALL b/security/ssh/DEINSTALL deleted file mode 100644 index 7a0d3de24b9..00000000000 --- a/security/ssh/DEINSTALL +++ /dev/null @@ -1,18 +0,0 @@ -#! /bin/sh -# -# $NetBSD: DEINSTALL,v 1.1 2001/11/01 01:17:52 zuntum Exp $ -# - -case "$2" in - DEINSTALL) cat <<EOF - -============================================================= -Note that ssh configuration, key, and random-seed files -(@SSH_CONF_DIR@/ssh*) are not removed in the deinstallation -process. You should remove those by hand, if you no longer -need them. -============================================================= - -EOF - ;; -esac diff --git a/security/ssh/DESCR b/security/ssh/DESCR deleted file mode 100644 index a191dd75801..00000000000 --- a/security/ssh/DESCR +++ /dev/null @@ -1,98 +0,0 @@ -SSH (Secure Shell) is a program to log into another computer over a -network, to execute commands in a remote machine, and to move files -from one machine to another. It provides strong authentication and -secure communications over insecure channels. It is intended as a -replacement for rlogin, rsh, rcp, and rdist. - -FEATURES - - o Strong authentication. Closes several security holes (e.g., IP, - routing, and DNS spoofing). New authentication methods: .rhosts - together with RSA based host authentication, and pure RSA - authentication. - - o Improved privacy. All communications are automatically and - transparently encrypted. RSA is used for key exchange, and a - conventional cipher (normally IDEA, Blowfish, or triple-DES) for - encrypting the session. Encryption is started before - authentication, and no passwords or other information is - transmitted in the clear. Encryption is also used to protect - against spoofed packets. - - o Secure X11 sessions. The program automatically sets DISPLAY on - the server machine, and forwards any X11 connections over the - secure channel. Fake Xauthority information is automatically - generated and forwarded to the remote machine; the local client - automatically examines incoming X11 connections and replaces the - fake authorization data with the real data (never telling the - remote machine the real information). - - o Arbitrary TCP/IP ports can be redirected through the encrypted channel - in both directions (e.g., for e-cash transactions). - - o No retraining needed for normal users; everything happens - automatically, and old .rhosts files will work with strong - authentication if administration installs host key files. - - o Never trusts the network. Minimal trust on the remote side of - the connection. Minimal trust on domain name servers. Pure RSA - authentication never trusts anything but the private key. - - o Client RSA-authenticates the server machine in the beginning of - every connection to prevent trojan horses (by routing or DNS - spoofing) and man-in-the-middle attacks, and the server - RSA-authenticates the client machine before accepting .rhosts or - /etc/hosts.equiv authentication (to prevent DNS, routing, or - IP-spoofing). - - o Host authentication key distribution can be centrally by the - administration, automatically when the first connection is made - to a machine (the key obtained on the first connection will be - recorded and used for authentication in the future), or manually - by each user for his/her own use. The central and per-user host - key repositories are both used and complement each other. Host - keys can be generated centrally or automatically when the software - is installed. Host authentication keys are typically 1024 bits. - - o Any user can create any number of user authentication RSA keys for - his/her own use. Each user has a file which lists the RSA public - keys for which proof of possession of the corresponding private - key is accepted as authentication. User authentication keys are - typically 1024 bits. - - o The server program has its own server RSA key which is - automatically regenerated every hour. This key is never saved in - any file. Exchanged session keys are encrypted using both the - server key and the server host key. The purpose of the separate - server key is to make it impossible to decipher a captured session by - breaking into the server machine at a later time; one hour from - the connection even the server machine cannot decipher the session - key. The key regeneration interval is configurable. The server - key is normally 768 bits. - - o An authentication agent, running in the user's laptop or local - workstation, can be used to hold the user's RSA authentication - keys. Ssh automatically forwards the connection to the - authentication agent over any connections, and there is no need to - store the RSA authentication keys on any machine in the network - (except the user's own local machine). The authentication - protocols never reveal the keys; they can only be used to verify - that the user's agent has a certain key. Eventually the agent - could rely on a smart card to perform all authentication - computations. - - o The software can be installed and used (with restricted - functionality) even without root privileges. - - o The client is customizable in system-wide and per-user - configuration files. Most aspects of the client's operation can - be configured. Different options can be specified on a per-host basis. - - o Automatically executes conventional rsh (after displaying a - warning) if the server machine is not running sshd. - - o Optional compression of all data with gzip (including forwarded X11 - and TCP/IP port data), which may result in significant speedups on - slow connections. - - o Complete replacement for rlogin, rsh, and rcp. diff --git a/security/ssh/MESSAGE b/security/ssh/MESSAGE deleted file mode 100644 index 635b30660db..00000000000 --- a/security/ssh/MESSAGE +++ /dev/null @@ -1,20 +0,0 @@ -=========================================================================== -$NetBSD: MESSAGE,v 1.2 2002/09/24 12:30:35 wiz Exp $ - -If "starter" configuration files were installed (in ${SSH_CONF_DIR}) -when the package was installed, be sure to examine them (and the man pages -for ssh and sshd) to determine whether you want to make any changes. - -Copies of the example configuration files are installed in -${PREFIX}/share/examples/ssh, so those can still be used for reference -after you have made changes to those installed in ${SSH_CONF_DIR}, or if -you had existing configuration files, which would not be overwritten in -the installation process. - -In general, you will want to set up /etc/rc.local to start sshd at boot -time. Something like the following should do the job: - -# Run sshd if installed and configured -${PREFIX}/etc/rc.d/sshd - -=========================================================================== diff --git a/security/ssh/Makefile b/security/ssh/Makefile deleted file mode 100644 index ce4eee6b1c9..00000000000 --- a/security/ssh/Makefile +++ /dev/null @@ -1,208 +0,0 @@ -# $NetBSD: Makefile,v 1.111 2004/02/23 03:51:47 kristerw Exp $ -# FreeBSD Id: Makefile,v 1.47 1997/11/10 22:04:42 dima Exp -# - -# We do not upgrade to 1.2.28 and beyond, intentionally. There was license -# change between 1.2.27 and 1.2.28, and the new license prohibits us from -# modifying/redistributing it. -# -DISTNAME= ssh-1.2.27 -PKGREVISION= 2 -CATEGORIES= security net -MASTER_SITES= ftp://ftp.ssh.com/pub/ssh/old/ \ - ftp://ftp.funet.fi/pub/unix/security/login/ssh/ \ - ftp://ftp.cert.dfn.de/pub/tools/net/ssh/ -DISTFILES= ${DISTNAME}${EXTRACT_SUFX} - -MAINTAINER= tech-pkg@NetBSD.org -HOMEPAGE= http://www.cs.hut.fi/ssh/ -COMMENT= Secure shell client and server (remote login program) - -CONFLICTS= openssh-[0-9]* ssh2-[0-9]* ssh6-[0-9]* -CONFLICTS= openssh+gssapi-[0-9]* - -CRYPTO= YES -LICENSE= no-commercial-use -USE_RSAREF2= NO - -EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} -# the next line is needed if you have the gmp package installed -LDFLAGS+= -Lgmp-2.0.2-ssh-2 -GNU_CONFIGURE= YES -USE_X11= YES -USE_BUILDLINK3= YES - -.include "../../mk/bsd.prefs.mk" - -SSH_CONF_DIR= ${PKG_SYSCONFDIR} - -CONFIGURE_ARGS+= --with-etcdir=${SSH_CONF_DIR} -X_LDFLAGS= -Wl,${RPATH_FLAG}${X11BASE}/lib -MAKE_ENV+= X_LDFLAGS="${X_LDFLAGS}" - -.if ${OPSYS} == "NetBSD" -CONFIGURE_ARGS+= --with-libwrap -.endif - -.if ${OPSYS} == "SunOS" || ${OPSYS} == "IRIX" -CONFIGURE_ENV+= X_CFLAGS="-I${LOCALBASE}/include" -.endif - -#Uncomment if all your users are in their own group and their homedir -#is writeable by that group. Beware the security implications! -#CONFIGURE_ARGS+= --enable-group-writeability - -#Uncomment if you want to allow ssh to emulate an unencrypted rsh connection -#over a secure medium. This is normally dangerous since it can lead to the -#disclosure keys and passwords. -#CONFIGURE_ARGS+= --with-none - -.if defined(USE_RSAREF2) && ${USE_RSAREF2} == YES -DEPENDS+= rsaref-2.0p3:../../security/rsaref -CONFIGURE_ARGS+= --with-rsaref="${LOCALBASE}/lib" -CONFIGURE_ENV+= LDFLAGS="${SSH_LDFLAGS}" -CFLAGS+= -I${LOCALBASE}/include -SSH_LDFLAGS= -Wl,${RPATH_FLAG}${LOCALBASE}/lib -FIX_RPATH+= SSH_LDFLAGS -.endif - -# Include support for the SecureID card -# Warning: untested ! -.if defined(USE_SECUREID) && ${USE_SECUREID} == YES -CONFIGURE_ARGS+= --with-secureid -.endif - -# If rsh is elsewhere to /usr/bin/rsh -.if defined(SSH_RSHPATH) -CONFIGURE_ARGS+= --with-rsh=${SSH_RSHPATH} -.endif - -# By default, use IDEA. IDEA can be freely used for non-commercial use. -# However, commercial use may require a license in a number of countries. -# -USE_IDEA?= YES - -# Handle deprecated option SSH_DONT_USE_IDEA. -# -.if defined(SSH_DONT_USE_IDEA) && ${SSH_DONT_USE_IDEA} == YES -USE_IDEA= NO -.endif - -.if ${USE_IDEA} != "YES" -CONFIGURE_ARGS+= --without-idea -.endif - -# Include SOCKS firewall support -.if defined(USE_SOCKS) && (${USE_SOCKS} == 4 || ${USE_SOCKS} == 5) -CONFIGURE_ARGS+= --with-socks${USE_SOCKS}="-L${LOCALBASE}/lib -lsocks${USE_SOCKS}" -CFLAGS+= -I${LOCALBASE}/include -.if ${USE_SOCKS} == 4 -DEPENDS+= socks4-2.2:../../net/socks4 -.else -DEPENDS+= socks5-1.0.2:../../net/socks5 -.endif -.endif - -# The original Kerberos v4 patches were fetched from -# http://monkey.org/~dugsong/ssh-afs/ -# PATCH_SITES+= ftp://ftp.monkey.org/pub/users/dugsong/ -# PATCHFILES+= ssh-1.2.27-afs-kerberos.patch-1 -# MD5 (ssh-1.2.27-afs-kerberos.patch-1) = d440f74958d9c3805b76dbc13e97e87d - -.if defined(KERBEROS) -PKG_USE_KERBEROS= yes -CONFIGURE_ARGS+= --with-krb4=/usr -.endif - -# XXX KERBEROS 5 SUPPORT BROKEN WITH HEIMDAL -#.if defined(KERBEROS) && ${KERBEROS} == 5 -#PKG_USE_KERBEROS= yes -#CONFIGURE_ARGS+=--with-krb5=/usr -#.else -#CONFIGURE_ARGS+=--without-krb5 -#.endif - -# Enable support for TIS authentication server -.if defined(USE_TIS) && ${USE_TIS} == YES -CONFIGURE_ARGS+= --with-tis=${LOCALBASE} -.endif - -# Don't install "ssh" setuid -.if !defined(SSH_SUID) || ${SSH_SUID} != YES -CONFIGURE_ARGS+= --disable-suid-ssh -.endif - -# Make libwrap also compare against forwards (off by default) -.if defined(LIBWRAP_FWD) && ${LIBWRAP_FWD} == YES -CFLAGS+= -DLIBWRAP_FWD -.endif - -# be more effective on M68060 machines -.if defined(M68060) -CONFIGURE_ARGS+= --disable-asm -CFLAGS+= -m68060 -.endif - -DEINSTALL_FILE= ${WRKDIR}/DEINSTALL -PLIST_SRC= ${WRKDIR}/PLIST -PLIST_SUBST+= INSTALL="${INSTALL}" \ - ROOT_GROUP="${ROOT_GROUP}" -MESSAGE_SUBST+= SSH_CONF_DIR="${SSH_CONF_DIR}" - -pre-patch: - @${MV} -f ${WRKSRC}/make-ssh-known-hosts.pl \ - ${WRKSRC}/make-ssh-known-hosts.pl.in - @# SSH DES and AFS/Kerberos DES conflict. - @${MV} -f ${WRKSRC}/des.h ${WRKSRC}/ssh-des.h - -fetch-depends: -.if !defined(USE_RSAREF2) || ${USE_RSAREF2} != YES && ${USE_RSAREF2} != NO - @${ECHO} - @${ECHO} The variable USE_RSAREF2 must be set to either YES or NO - @${ECHO} in order to build this package. USA residents that are - @${ECHO} not licensees of the RSA algorithm MUST set this variable - @${ECHO} to YES. Users outside the USA MUST set this variable to - @${ECHO} NO. Licensees may choose -- NO is faster. - @${ECHO} - @${ECHO} You may also want to set USE_IDEA to NO if this program - @${ECHO} will be used for a commercial purpose. There are other - @${ECHO} configure options\; look at the pkg Makefile for more info. - @${FALSE} -.endif - -post-patch: - @# Make sure that "automake" is never run. - @${FIND} ${WRKSRC} -name Makefile.in -print | ${XARGS} ${TOUCH} ${TOUCH_FLAGS} - -post-build: - @cd ${PKGDIR}; \ - for FILE in DEINSTALL PLIST ${FILESDIR}/sshd.sh; do \ - ${SED} -e 's#@SSH_CONF_DIR@#${SSH_CONF_DIR}#g' \ - -e 's#@PREFIX@#${PREFIX}#g' \ - <$${FILE} >${WRKDIR}/`basename $${FILE}`; \ - done - @if [ -x ${WRKSRC}/ssh-askpass ]; then \ - ${ECHO} bin/ssh-askpass >>${PLIST_SRC}; \ - ${ECHO} bin/ssh-askpass1 >>${PLIST_SRC}; \ - fi - -post-install: - @${INSTALL_DATA_DIR} ${PREFIX}/share/examples/ssh - @${MKDIR} ${WRKDIR}${SSH_CONF_DIR} - (cd ${WRKSRC}; ${SETENV} ${MAKE_ENV} ${MAKE_PROGRAM} ${MAKE_FLAGS} \ - -f ${MAKEFILE} install_prefix=${WRKDIR} install-configs) - ${INSTALL_DATA} ${WRKDIR}${SSH_CONF_DIR}/ssh_config \ - ${WRKDIR}${SSH_CONF_DIR}/sshd_config ${PREFIX}/share/examples/ssh - @${RM} -rf ${WRKDIR}${SSH_CONF_DIR} - @if [ ! -f ${SSH_CONF_DIR}/ssh_host_key ]; then \ - ${ECHO} "Generating a secret host key..."; \ - ${PREFIX}/bin/ssh-keygen \ - -f ${SSH_CONF_DIR}/ssh_host_key -N ""; \ - fi - ${INSTALL_SCRIPT} ${WRKDIR}/sshd.sh ${PREFIX}/etc/rc.d/sshd - -BUILD_DEFS+= USE_IDEA SSH_SUID USE_RSAREF2 -BUILD_DEFS+= LIBWRAP_FWD M68060 USE_SOCKS - -.include "../../devel/zlib/buildlink3.mk" -.include "../../mk/bsd.pkg.mk" diff --git a/security/ssh/PLIST b/security/ssh/PLIST deleted file mode 100644 index b6c0fae5559..00000000000 --- a/security/ssh/PLIST +++ /dev/null @@ -1,40 +0,0 @@ -@comment $NetBSD: PLIST,v 1.3 2002/06/26 10:30:01 seb Exp $ -bin/ssh -bin/ssh1 -bin/scp -bin/scp1 -bin/slogin -bin/ssh-add -bin/ssh-add1 -bin/ssh-agent -bin/ssh-agent1 -bin/ssh-keygen -bin/ssh-keygen1 -bin/make-ssh-known-hosts -bin/make-ssh-known-hosts1 -etc/rc.d/sshd -man/man1/make-ssh-known-hosts1.1 -man/man1/make-ssh-known-hosts.1 -man/man1/scp.1 -man/man1/scp1.1 -man/man1/ssh-add.1 -man/man1/ssh-add1.1 -man/man1/ssh-agent.1 -man/man1/ssh-agent1.1 -man/man1/ssh-keygen.1 -man/man1/ssh-keygen1.1 -man/man1/ssh.1 -man/man1/ssh1.1 -man/man1/slogin.1 -man/man1/slogin1.1 -man/man8/sshd.8 -man/man8/sshd1.8 -sbin/sshd -sbin/sshd1 -share/examples/ssh/ssh_config -share/examples/ssh/sshd_config -@exec if [ ! -d @SSH_CONF_DIR@ ]; then echo "Creating directory @SSH_CONF_DIR@ for ssh config files.." ; ${MKDIR} @SSH_CONF_DIR@; fi -@exec if [ ! -f @SSH_CONF_DIR@/ssh_config ]; then echo "Installing example ssh_config in @SSH_CONF_DIR@.." ; ${INSTALL} -c -o root -g ${ROOT_GROUP} -m 0644 %D/share/examples/ssh/ssh_config @SSH_CONF_DIR@; fi -@exec if [ ! -f @SSH_CONF_DIR@/sshd_config ]; then echo "Installing example sshd_config in @SSH_CONF_DIR@.." ; ${INSTALL} -c -o root -g ${ROOT_GROUP} -m 0644 %D/share/examples/ssh/sshd_config @SSH_CONF_DIR@; fi -@exec if [ ! -f @SSH_CONF_DIR@/ssh_host_key ]; then echo "Generating a secret host key in @SSH_CONF_DIR@.." ; %D/bin/ssh-keygen -N "" -f @SSH_CONF_DIR@/ssh_host_key; fi -@dirrm share/examples/ssh diff --git a/security/ssh/distinfo b/security/ssh/distinfo deleted file mode 100644 index 628cbc260b4..00000000000 --- a/security/ssh/distinfo +++ /dev/null @@ -1,43 +0,0 @@ -$NetBSD: distinfo,v 1.8 2004/02/21 13:55:01 grant Exp $ - -SHA1 (ssh-1.2.27.tar.gz) = 0e7d59c6a62b094bd51818599ae24f7de3462d14 -Size (ssh-1.2.27.tar.gz) = 1022546 bytes -SHA1 (patch-aa) = 6cf6e5043e1cd230064b73620ce7c86bf5673649 -SHA1 (patch-ab) = 24f370975088dd33551df39ebc1e5cc204c5d7cb -SHA1 (patch-ac) = 87d3e930e32f820e9dd3fc497468c30249dbcda4 -SHA1 (patch-ad) = 0fac0e4586db5257ea10dfba2e14f7f35c6bed49 -SHA1 (patch-ae) = 559327d78036cd956443a739f3f0f52430dd9b2f -SHA1 (patch-af) = 8a3246a9bd1520a4b8ad74584ee1c68b3ed671d3 -SHA1 (patch-ag) = 315d3e8153a607f3c87f90e7aa6f35a31fa3f485 -SHA1 (patch-ah) = e71f71b606e057eb646941719416a7be74849a1b -SHA1 (patch-ai) = ae1531eafdfdcbf67b325353f0f6f7f07af97ca3 -SHA1 (patch-aj) = 8405f3f61dc52a66df1ee28de050210ae7db4611 -SHA1 (patch-al) = 1d7dca318e09185d80df6ebc9cc89909c5cf9afe -SHA1 (patch-am) = 46d4ee33fdb74874733c4efef45b5da89c5a0993 -SHA1 (patch-an) = d286e3ee625bcd5947a4d7ab54b20340142d0f0c -SHA1 (patch-ao) = 50fbfb324a6cae9636d649e30613092e1f5e5999 -SHA1 (patch-ap) = 88365b53d5bc7ae0b49c36b06f16e0f7a28f6acb -SHA1 (patch-aq) = 2314c993e8a0edb0dc5ff7076744a222a03f6a34 -SHA1 (patch-ar) = 3c72885039fd3763f8e577ad7d9dc2f3558a44ad -SHA1 (patch-as) = 724fad32e30fb896c016e7c5175ecbf277b2a8e6 -SHA1 (patch-at) = b2c65fdf1be1f94f2a1bb94e18ae2a70770b343d -SHA1 (patch-au) = ebbb3e5fe2bd6dabe583b557a057d9f80b061484 -SHA1 (patch-av) = 149c9f538c0de05995246188cc5098ee6ee1f6b0 -SHA1 (patch-ax) = 64b8460f961f7c874b8959480591abbc3e1ff3d2 -SHA1 (patch-ay) = 6d4a63c65773d505b1cf94260f723a1378e748a2 -SHA1 (patch-az) = ecb55a764c06588363834570512935db68813749 -SHA1 (patch-ba) = c7d24bc11bf16124b9da4c7f49318d83784a2d68 -SHA1 (patch-bb) = 699259dfd73469ea39ccd2f48f54b8252bf0bd4b -SHA1 (patch-bd) = 995bd2676793a55a0108788778e1f9eb6eb2b84c -SHA1 (patch-be) = 2f1771003d12f3455cf9234dce72566a0897fbce -SHA1 (patch-bf) = 716dd667ea12fabb685a411492cfc6ca9dfb7586 -SHA1 (patch-bg) = 46b18dc1f53bff0cbfaf5c46aea3bcfdf9eca7f4 -SHA1 (patch-bh) = 62752346e5af79d52895f2cb0a5eab3d61c037d9 -SHA1 (patch-bi) = 48d89570b6fd0d663e8cbc9228025fbefc6938f3 -SHA1 (patch-bj) = 91a8455717189f0e2a48959aa1b121c5e2a25cc0 -SHA1 (patch-bk) = bf26a7f84c54be2fc43e4995e40192acb68b5913 -SHA1 (patch-bl) = 216bb56a3afd7b4bd3341642e4cb3ef9bfeb9fbf -SHA1 (patch-bn) = b7a1110d4d3088f5e815fec91e3faa157d3dd864 -SHA1 (patch-br) = d2e6cc8275f7f3d608de0dc81ef4ae6ae1a15722 -SHA1 (patch-ca) = 38ff05ea00587d73fb4a10d5832cec345b1d0b2f -SHA1 (patch-la) = 459c1f19554b2ec65107cec0717b2c79f571175b diff --git a/security/ssh/files/sshd.sh b/security/ssh/files/sshd.sh deleted file mode 100644 index 85177bf55df..00000000000 --- a/security/ssh/files/sshd.sh +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/sh -# -# $NetBSD: sshd.sh,v 1.5 2000/09/20 04:49:20 jlam Exp $ -# -# PROVIDE: sshd -# REQUIRE: DAEMON LOGIN - -name="sshd" -pidfile="/var/run/${name}.pid" - -command=${1:-start} - -case ${command} in -start) - if [ ! -f @SSH_CONF_DIR@/ssh_host_key ] - then - @PREFIX@/bin/ssh-keygen -b 1024 -N "" -f /etc/ssh_host_key - fi - # No DSA key for ssh-1.x - if [ -x @PREFIX@/sbin/sshd -a -f @SSH_CONF_DIR@/sshd_config ] - then - echo "Starting ${name}." - @PREFIX@/sbin/sshd - fi - ;; -stop) - if [ -f ${pidfile} ]; then - pid=`head -1 ${pidfile}` - echo "Stopping ${name}." - kill -TERM ${pid} - else - echo "${name} not running?" - fi - ;; -restart) - ( $0 stop ) - sleep 1 - $0 start - ;; -status) - if [ -f ${pidfile} ]; then - pid=`head -1 ${pidfile}` - echo "${name} is running as pid ${pid}." - else - echo "${name} is not running." - fi - ;; -esac -exit 0 diff --git a/security/ssh/patches/patch-aa b/security/ssh/patches/patch-aa deleted file mode 100644 index 92268ba7ef4..00000000000 --- a/security/ssh/patches/patch-aa +++ /dev/null @@ -1,36 +0,0 @@ -$NetBSD: patch-aa,v 1.6 1999/11/13 17:32:21 sommerfeld Exp $ - ---- rsaglue.c.orig Wed May 12 07:19:28 1999 -+++ rsaglue.c Fri Nov 12 08:40:02 1999 -@@ -71,8 +71,7 @@ - interface without modifying RSAREF. */ - - #define _MD5_H_ /* Kludge to prevent inclusion of rsaref md5.h. */ --#include "rsaref2/source/global.h" --#include "rsaref2/source/rsaref.h" -+#include <rsaref/rsaref.h> - - /* Convert an integer from gmp to rsaref representation. */ - -@@ -139,6 +138,10 @@ - - input_bits = mpz_sizeinbase(input, 2); - input_len = (input_bits + 7) / 8; -+ if (input_len > MAX_RSA_MODULUS_LEN) -+ fatal("Input data has too many bits for RSAREF to handle (max %d).", -+ MAX_RSA_MODULUS_BITS); -+ - gmp_to_rsaref(input_data, input_len, input); - - rsaref_public_key(&public_key, key); -@@ -172,6 +175,10 @@ - - input_bits = mpz_sizeinbase(input, 2); - input_len = (input_bits + 7) / 8; -+ if (input_len > MAX_RSA_MODULUS_LEN) -+ fatal("Input data has too many bits for RSAREF to handle (max %d).", -+ MAX_RSA_MODULUS_BITS); -+ - gmp_to_rsaref(input_data, input_len, input); - - rsaref_private_key(&private_key, key); diff --git a/security/ssh/patches/patch-ab b/security/ssh/patches/patch-ab deleted file mode 100644 index aa5387ebd85..00000000000 --- a/security/ssh/patches/patch-ab +++ /dev/null @@ -1,253 +0,0 @@ -$NetBSD: patch-ab,v 1.12 2000/03/20 02:25:49 itojun Exp $ - ---- configure.in- Wed May 12 20:20:02 1999 -+++ configure.in Mon Mar 20 09:48:09 2000 -@@ -30,6 +30,7 @@ - fi - - AC_PROG_CC -+AC_PROG_CPP - AC_ISC_POSIX - - AC_DEFINE_UNQUOTED(HOSTTYPE, "$host") -@@ -42,11 +43,12 @@ - ;; - *-*-solaris*) - # solaris stuff. appro@fy.chalmers.se -- AC_DEFINE(SECURE_RPC) -- AC_DEFINE(SECURE_NFS) -+# this stuff breaks AFS/Kerberos. YUCK. -+# AC_DEFINE(SECURE_RPC) -+# AC_DEFINE(SECURE_NFS) - # NIS+ is forced so that we don't have to recompile - # if we move to NIS+. appro@fy.chalmers.se -- AC_DEFINE(NIS_PLUS) -+# AC_DEFINE(NIS_PLUS) - ;; - *-*-sunos*) - os_sunos=yes -@@ -311,9 +313,9 @@ - - export CFLAGS CC - --# Socket pairs appear to be broken on several systems. I don't know exactly --# where, so I'll use pipes everywhere for now. --AC_DEFINE(USE_PIPES) -+dnl # Socket pairs appear to be broken on several systems. I don't know exactly -+dnl # where, so I'll use pipes everywhere for now. -+dnl AC_DEFINE(USE_PIPES) - - AC_MSG_CHECKING([that the compiler works]) - AC_TRY_RUN([ main(int ac, char **av) { return 0; } ], -@@ -370,7 +372,7 @@ - AC_HEADER_STDC - AC_HEADER_SYS_WAIT - AC_CHECK_HEADERS(unistd.h rusage.h sys/time.h lastlog.h utmp.h shadow.h) --AC_CHECK_HEADERS(sgtty.h sys/select.h sys/ioctl.h machine/endian.h) -+AC_CHECK_HEADERS(sgtty.h sys/select.h sys/ioctl.h sys/filio.h machine/endian.h) - AC_CHECK_HEADERS(paths.h usersec.h utime.h netinet/in_systm.h) - AC_CHECK_HEADERS(netinet/in_system.h netinet/ip.h netinet/tcp.h ulimit.h) - AC_CHECK_HEADERS(sys/resource.h login_cap.h sys/stream.h sys/conf.h) -@@ -903,8 +905,8 @@ - fi - AC_MSG_RESULT(Assuming TIS headers and libraries are in $withval.) - AC_DEFINE(HAVE_TIS) -- CFLAGS="$CFLAGS -I$withval -DHAVE_TIS" -- LIBS="-L$withval -lauth -lfwall $LIBS" -+ CFLAGS="$CFLAGS -I$withval/include -DHAVE_TIS" -+ LIBS="-L$withval/lib -lauth -lfwall $LIBS" - AC_MSG_WARN(Remember to read README.TIS. The connection between sshd and TIS authentication - server is clear text!) - ;; -@@ -912,55 +914,117 @@ - AC_MSG_RESULT(no) - ) - --AC_MSG_CHECKING(whether to use Kerberos) --AC_ARG_WITH(kerberos5, --[ --with-kerberos5=[KRB_PREFIX] Compile in Kerberos5 support.], -+AC_MSG_CHECKING(whether to use Kerberos v4) -+AC_ARG_WITH(krb4, -+[ --with-krb4[=PATH] Compile in Kerberos v4 support.], - [ case "$withval" in - yes) -- with_kerberos5=/usr/local -+ with_krb4=/usr/kerberos - ;; - esac ], --[ with_kerberos5=no ] -+[ with_krb4=no ] - ) --case "$with_kerberos5" in -+case "$with_krb4" in - no) - AC_MSG_RESULT(no) - ;; - *) - AC_MSG_RESULT(yes) -- AC_DEFINE(KERBEROS) -- AC_DEFINE(KRB5) -- KERBEROS_ROOT="$with_kerberos5" -- KERBEROS_INCS="-I${KERBEROS_ROOT}/include" -- KERBEROS_LIBS="-L${KERBEROS_ROOT}/lib -lgssapi_krb5 -lkrb5 -lcrypto -lcom_err" -- AC_CHECK_LIB(ndbm, dbm_open, KERBEROS_LIBS="$KERBEROS_LIBS -lndbm") -+ AC_DEFINE(KRB4) -+ KERBEROS_ROOT="$with_krb4" -+ KERBEROS_INCS="-I${KERBEROS_ROOT}/include/kerberosIV" -+ KERBEROS_LIBS="-L${KERBEROS_ROOT}/lib -lkrb -ldes" - KERBEROS_OBJS="auth-kerberos.o" -+ AC_CHECK_LIB(resolv, dn_expand, KERBEROS_LIBS="$KERBEROS_LIBS -lresolv") -+ dnl Check whether or not the AFS lifetime conversion routines exist. -+ AC_MSG_CHECKING(whether AFS lifetime conversion routines are present) -+ keeplibs="$LIBS" -+ keepcflags="$CFLAGS" -+ LIBS="-L${KERBEROS_ROOT}/lib -lkrb -ldes $LIBS" -+ CFLAGS="-I${KERBEROS_ROOT}/include $CFLAGS" -+ AC_TRY_LINK([#include <krb.h>], [ krb_life_to_time(10, 10);], -+ [AC_MSG_RESULT(yes) -+ AC_DEFINE(HAVE_KRB_LIFE_TO_TIME)], -+ [AC_MSG_RESULT(no)]) -+ LIBS="$keeplibs" -+ CFLAGS="$keepcflags" - ;; - esac --AC_SUBST(KERBEROS_ROOT) --AC_SUBST(KERBEROS_INCS) --AC_SUBST(KERBEROS_LIBS) --AC_SUBST(KERBEROS_OBJS) -- --AC_MSG_CHECKING(whether to enable passing the Kerberos TGT) --AC_ARG_ENABLE(kerberos-tgt-passing, --[ --enable-kerberos-tgt-passing Pass Kerberos ticket-granting-ticket.], --[ case "$enableval" in -+ -+AC_MSG_CHECKING(whether to use Kerberos v5) -+AC_ARG_WITH(krb5, -+[ --with-krb5[=PATH] Compile in Kerberos v5 support.], -+[ case "$withval" in -+ yes) -+ with_krb5=/usr/local -+ ;; -+ esac ], -+[ with_krb5=no ] -+) -+case "$with_krb5" in - no) - AC_MSG_RESULT(no) - ;; - *) -- if test "$with_kerberos5" = no ; then -+ AC_MSG_RESULT(yes) -+ AC_DEFINE(KRB5) -+ KERBEROS_ROOT="$with_krb5" -+ KERBEROS_INCS="-I${KERBEROS_ROOT}/include/krb5" -+ KERBEROS_LIBS="-L${KERBEROS_ROOT}/lib -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err" -+ AC_CHECK_LIB(ndbm, dbm_open, KERBEROS_LIBS="$KERBEROS_LIBS -lndbm") -+ KERBEROS_OBJS="auth-kerberos.o" -+ ;; -+esac -+ -+AC_MSG_CHECKING(whether to use AFS) -+AC_ARG_WITH(afs, -+[ --with-afs Compile in AFS support (requires KTH krb4).], -+if test "$with_afs" = no; then - AC_MSG_RESULT(no) -- AC_MSG_WARN("Passing Kerberos TGT requires Kerberos5 support.") - else - AC_MSG_RESULT(yes) -- AC_DEFINE(KERBEROS_TGT_PASSING) -+ AC_DEFINE(AFS) -+ if test "$with_krb4" = no; then -+ AC_MSG_RESULT(no) -+ AC_MSG_WARN("AFS requires Kerberos v4 support.") -+ else -+ KERBEROS_LIBS="${KERBEROS_LIBS} -lkafs" -+ if test -n "$os_aix"; then -+ KERBEROS_LIBS="${KERBEROS_LIBS} -lld" - fi -+ fi -+fi -+) -+AC_SUBST(KERBEROS_ROOT)dnl -+AC_SUBST(KERBEROS_INCS)dnl -+AC_SUBST(KERBEROS_LIBS)dnl -+AC_SUBST(KERBEROS_OBJS)dnl -+ -+AC_MSG_CHECKING(whether to use Hesiod) -+AC_ARG_WITH(hesiod, -+[ --with-hesiod[=PATH] Compile in Hesiod support.], -+[ case "$withval" in -+ yes) -+ with_hesiod=/usr/local/athena - ;; - esac ], -- AC_MSG_RESULT(no) -+[ with_hesiod=no ] - ) -+case "$with_hesiod" in -+no) -+ AC_MSG_RESULT(no) -+ ;; -+*) -+ AC_MSG_RESULT(yes) -+ AC_DEFINE(HESIOD) -+ HESIOD_ROOT="$with_hesiod" -+ HESIOD_INCS="-I${HESIOD_ROOT}/include" -+ HESIOD_LIBS="-L${HESIOD_ROOT}/lib -lhesiod" -+ ;; -+esac -+AC_SUBST(HESIOD_ROOT)dnl -+AC_SUBST(HESIOD_INCS)dnl -+AC_SUBST(HESIOD_LIBS)dnl - - AC_MSG_CHECKING(whether to use libwrap) - AC_ARG_WITH(libwrap, -@@ -970,11 +1034,19 @@ - AC_MSG_RESULT(no) - ;; - yes) -- AC_MSG_RESULT(yes) -- AC_CHECK_LIB(wrap, request_init, [ -- AC_DEFINE(LIBWRAP) -- WRAPLIBS="-lwrap" -- AC_DEFINE(HAVE_LIBWRAP) ]) -+ WRAPLIBS="-lwrap" -+ OLDLIBS="$LIBS" -+ LIBS="$WRAPLIBS $LIBS" -+ AC_TRY_LINK([ int allow_severity; int deny_severity; ], -+ [ request_init(); ], [ -+ AC_MSG_RESULT(yes) -+ AC_DEFINE(LIBWRAP) -+ AC_DEFINE(HAVE_LIBWRAP) -+ ], [ -+ AC_MSG_RESULT(no) -+ WRAPLIBS="" -+ ]) -+ LIBS="$OLDLIBS" - ;; - *) - AC_MSG_RESULT(yes) -@@ -1227,14 +1299,14 @@ - [ case "$enableval" in - no) - AC_MSG_RESULT(no) -- SSHINSTALLMODE=0711 -+ SSHINSTALLMODE=0511 - ;; - *) AC_MSG_RESULT(yes) -- SSHINSTALLMODE=04711 -+ SSHINSTALLMODE=04511 - ;; - esac ], - AC_MSG_RESULT(yes) -- SSHINSTALLMODE=04711 -+ SSHINSTALLMODE=04511 - ) - - AC_MSG_CHECKING(whether to enable TCP_NODELAY) -@@ -1336,4 +1408,4 @@ - AC_SUBST(SSHDCONFOBJS) - AC_SUBST(SSHINSTALLMODE) - --AC_OUTPUT(Makefile sshd.8 ssh.1 make-ssh-known-hosts.1 zlib-1.0.4/Makefile) -+AC_OUTPUT(Makefile sshd.8 ssh.1 make-ssh-known-hosts.pl make-ssh-known-hosts.1 zlib-1.0.4/Makefile) diff --git a/security/ssh/patches/patch-ac b/security/ssh/patches/patch-ac deleted file mode 100644 index 9d4fed60dda..00000000000 --- a/security/ssh/patches/patch-ac +++ /dev/null @@ -1,200 +0,0 @@ -$NetBSD: patch-ac,v 1.15 2004/02/21 13:55:01 grant Exp $ - ---- Makefile.in.orig 1999-05-12 21:19:31.000000000 +1000 -+++ Makefile.in -@@ -264,7 +264,7 @@ CC = @CC@ - CFLAGS = @CFLAGS@ - LDFLAGS = @LDFLAGS@ - DEFS = @DEFS@ $(COMMERCIAL) --LIBS = @LIBS@ -+LIBS = @LIBS@ @HESIOD_LIBS@ - LIBOBJS = @LIBOBJS@ - CONFOBJS = @CONFOBJS@ - SSHCONFOBJS = @SSHCONFOBJS@ -@@ -285,6 +285,9 @@ KERBEROS_INCS = @KERBEROS_INCS@ - KERBEROS_LIBS = @KERBEROS_LIBS@ - KERBEROS_OBJS = @KERBEROS_OBJS@ - -+HESIOD_ROOT = @HESIOD_ROOT@ -+HESIOD_INCS = @HESIOD_INCS@ -+ - RSAREFDEP = @RSAREFDEP@ - - WRAPLIBS = @WRAPLIBS@ -@@ -304,7 +307,8 @@ GMPDIR = gmp-2.0.2-ssh-2 - GMPLIBS = -L$(GMPDIR) -lgmp - GMPDEP = $(GMPDIR)/gmp.h $(GMPDIR)/libgmp.a - --ZLIBDIR = zlib-1.0.4 -+#ZLIBDIR = zlib-1.0.4 -+ZLIBDIR = /usr/lib - ZLIBDEP = $(ZLIBDIR)/libz.a - ZLIBLIBS = -L$(ZLIBDIR) -lz - -@@ -316,13 +320,13 @@ X_LIBS = @X_LIBS@ - X_PRE_LIBS = @X_PRE_LIBS@ - X_EXTRA_LIBS = @X_EXTRA_LIBS@ - --XLIBS = $(X_LIBS) $(X_PRE_LIBS) -lX11 $(X_EXTRA_LIBS) $(LIBS) -+XLIBS = $(X_LDFLAGS) $(X_LIBS) $(X_PRE_LIBS) -lX11 $(X_EXTRA_LIBS) $(LIBS) - - COMMON_OBJS = $(LIBOBJS) $(CONFOBJS) \ - rsa.o randoms.o md5.o buffer.o emulate.o packet.o compress.o \ - xmalloc.o ttymodes.o newchannels.o bufaux.o authfd.o authfile.o \ - crc32.o rsaglue.o cipher.o des.o match.o arcfour.o mpaux.o \ -- userfile.o signals.o blowfish.o deattack.o -+ userfile.o signals.o blowfish.o deattack.o radix.o - SSHD_OBJS = sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o pty.o \ - log-server.o login.o hostfile.o canohost.o servconf.o tildexpand.o \ - serverloop.o $(COMMON_OBJS) $(KERBEROS_OBJS) $(SSHDCONFOBJS) -@@ -411,7 +415,7 @@ rfc-pg: rfc-pg.o - $(CC) -o rfc-pg rfc-pg.o - - .c.o: -- $(CC) -c -I. $(KERBEROS_INCS) -I$(srcdir)/$(GMPDIR) -I$(srcdir)/$(ZLIBDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DSSH_BINDIR=\"$(bindir)\" -DTIS_MAP_FILE=\"$(TIS_MAP_FILE)\" $(CFLAGS) $(X_CFLAGS) $< -+ $(CC) -c -I. $(KERBEROS_INCS) $(HESIOD_INCS) -I$(srcdir)/$(GMPDIR) -I$(srcdir)/$(ZLIBDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DSSH_BINDIR=\"$(bindir)\" -DTIS_MAP_FILE=\"$(TIS_MAP_FILE)\" $(CFLAGS) $(X_CFLAGS) $< - - sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP) - -rm -f sshd -@@ -459,14 +463,14 @@ GMP_COPY_SOURCES = mpz_gcd.c mpz_powm.c - $(GMPDIR)/libgmp.a: - cd $(GMPDIR); $(MAKE) - --$(ZLIBDEP): -- -if test '!' -d $(ZLIBDIR); then \ -- mkdir $(ZLIBDIR); \ -- cp $(srcdir)/$(ZLIBDIR)/Makefile $(ZLIBDIR); \ -- fi -- cd $(ZLIBDIR); $(MAKE) VPATH=$(srcdir)/$(ZLIBDIR):../$(srcdir)/$(ZLIBDIR) \ -- CC="$(CC)" CFLAGS="$(CFLAGS) -I. -I$(srcdir)/$(ZLIBDIR) \ -- -I../$(srcdir)/$(GMPDIR)" RANLIB="$(RANLIB)" libz.a -+#$(ZLIBDEP): -+# -if test '!' -d $(ZLIBDIR); then \ -+# mkdir $(ZLIBDIR); \ -+# cp $(srcdir)/$(ZLIBDIR)/Makefile $(ZLIBDIR); \ -+# fi -+# cd $(ZLIBDIR); $(MAKE) VPATH=$(srcdir)/$(ZLIBDIR):../$(srcdir)/$(ZLIBDIR) \ -+# CC="$(CC)" CFLAGS="$(CFLAGS) -I. -I$(srcdir)/$(ZLIBDIR) \ -+# -I../$(srcdir)/$(GMPDIR)" RANLIB="$(RANLIB)" libz.a - - $(RSAREFSRCDIR)/librsaref.a: - -if test '!' -d $(RSAREFDIR); then \ -@@ -523,10 +527,10 @@ hostinstall: $(PROGRAMS) make-dirs gener - # (otherwise it can only log in as the user it runs as, and must be - # bound to a non-privileged port). Also, password authentication may - # not be available if non-root and using shadow passwords. --install: $(PROGRAMS) make-dirs generate-host-key install-configs -+install: $(PROGRAMS) make-dirs install-configs - -rm -f $(install_prefix)$(bindir)/ssh1.old -- -chmod 755 $(install_prefix)$(bindir)/ssh1 -- -chmod 755 $(install_prefix)$(bindir)/ssh -+ -chmod 555 $(install_prefix)$(bindir)/ssh1 -+ -chmod 555 $(install_prefix)$(bindir)/ssh - -mv $(install_prefix)$(bindir)/ssh1 $(install_prefix)$(bindir)/ssh1.old - $(INSTALL_PROGRAM) -o root -m $(SSH_INSTALL_MODE) ssh $(install_prefix)$(bindir)/ssh1 - -if test -f $(install_prefix)$(bindir)/ssh2; then \ -@@ -549,7 +553,7 @@ install: $(PROGRAMS) make-dirs generate- - -for p in $(NORMAL_PROGRAMS) $(X_PROGRAMS) $(OTHER_PROGRAMS); do \ - rm -f $(install_prefix)$(bindir)/$${p}1.old ; \ - mv $(install_prefix)$(bindir)/$${p}1 $(install_prefix)$(bindir)/$${p}1.old; \ -- $(INSTALL_PROGRAM) -m 0755 $$p $(install_prefix)$(bindir)/$${p}1; \ -+ $(INSTALL_PROGRAM) $$p $(install_prefix)$(bindir)/$${p}1; \ - if test -f $(install_prefix)$(bindir)/$${p}2; then \ - echo "Ssh version 2 $$p utility found, installation doesn't touch $$p link"; \ - else \ -@@ -566,7 +570,7 @@ install: $(PROGRAMS) make-dirs generate- - rm -f $(install_prefix)$(bindir)/$${p}1.old ; \ - mv $(install_prefix)$(bindir)/$${p}1 $(install_prefix)$(bindir)/$${p}1.old; \ - $(INSTALL_DATA) $$p $(install_prefix)$(bindir)/$${p}1; \ -- chmod 755 $(install_prefix)$(bindir)/$${p}1; \ -+ chmod 555 $(install_prefix)$(bindir)/$${p}1; \ - if test -f $(install_prefix)$(bindir)/$${p}2; then \ - echo "Ssh version 2 $$p utility found, installation doesn't touch $$p link"; \ - else \ -@@ -582,7 +586,7 @@ install: $(PROGRAMS) make-dirs generate- - -for p in $(SBIN_PROGRAMS); do \ - rm -f $(install_prefix)$(sbindir)/$${p}1.old ; \ - mv $(install_prefix)$(sbindir)/$${p}1 $(install_prefix)$(sbindir)/$${p}1.old; \ -- $(INSTALL_PROGRAM) -m 0755 $$p $(install_prefix)$(sbindir)/$${p}1; \ -+ $(INSTALL_PROGRAM) $$p $(install_prefix)$(sbindir)/$${p}1; \ - if test -f $(install_prefix)$(sbindir)/$${p}2; then \ - echo "Ssh version 2 $$p utility found, installation doesn't touch $$p link"; \ - else \ -@@ -596,7 +600,7 @@ install: $(PROGRAMS) make-dirs generate- - $(install_prefix)$(sbindir)/`echo $$p | sed '$(transform)'`; fi;\ - done - -for p in $(MAN1PAGES); do \ -- $(INSTALL_DATA) -m 0644 $(srcdir)/$$p.1 $(install_prefix)$(man1dir)/$${p}1.1 ; \ -+ $(INSTALL_DATA) $(srcdir)/$$p.1 $(install_prefix)$(man1dir)/$${p}1.1 ; \ - rm -f $(install_prefix)$(man1dir)/$$p.1 ;\ - $(LN_S) $${p}1.1 $(install_prefix)$(man1dir)/$$p.1 ;\ - if test "`echo $$p | sed '$(transform)'`" '!=' $$p; then \ -@@ -615,7 +619,7 @@ install: $(PROGRAMS) make-dirs generate- - $(install_prefix)$(man1dir)/`echo slogin.1 | sed '$(transform)'`; \ - fi - -for p in $(MAN1GENERATED); do \ -- $(INSTALL_DATA) -m 0644 $$p.1 $(install_prefix)$(man1dir)/$${p}1.1 ; \ -+ $(INSTALL_DATA) $$p.1 $(install_prefix)$(man1dir)/$${p}1.1 ; \ - rm -f $(install_prefix)$(man1dir)/$$p.1 ; \ - $(LN_S) $${p}1.1 $(install_prefix)$(man1dir)/$$p.1 ; \ - if test "`echo $$p | sed '$(transform)'`" '!=' $$p; then \ -@@ -625,7 +629,7 @@ install: $(PROGRAMS) make-dirs generate- - fi; \ - done - -for p in $(MAN8GENERATED); do \ -- $(INSTALL_DATA) -m 0644 $$p.8 $(install_prefix)$(man8dir)/$${p}1.8; \ -+ $(INSTALL_DATA) $$p.8 $(install_prefix)$(man8dir)/$${p}1.8; \ - rm -f $(install_prefix)$(man8dir)/$$p.8 ; \ - $(LN_S) $${p}1.8 $(install_prefix)$(man8dir)/$$p.8 ; \ - if test "`echo $$p | sed '$(transform)'`" '!=' $$p; then \ -@@ -636,12 +640,12 @@ install: $(PROGRAMS) make-dirs generate- - - install-configs: - -if test '!' -f $(install_prefix)$(HOST_CONFIG_FILE); then \ -- $(INSTALL_DATA) -m 0644 $(srcdir)/host_config.sample \ -+ $(INSTALL_DATA) $(srcdir)/host_config.sample \ - $(install_prefix)$(HOST_CONFIG_FILE); fi - -if test '!' -f $(install_prefix)$(SERVER_CONFIG_FILE); then \ - cat $(srcdir)/server_config.sample | \ - sed "s#_ETCDIR_#$(etcdir)#g" >/tmp/ssh_inst.$$$$; \ -- $(INSTALL_DATA) -m 0644 /tmp/ssh_inst.$$$$ \ -+ $(INSTALL_DATA) /tmp/ssh_inst.$$$$ \ - $(install_prefix)$(SERVER_CONFIG_FILE); \ - rm -f /tmp/ssh_inst.$$$$; fi - -@@ -681,13 +685,13 @@ clean: - -rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg - cd $(GMPDIR); $(MAKE) clean - # cd $(RSAREFSRCDIR); rm -f *.o *.a -- cd $(ZLIBDIR); $(MAKE) clean -+# cd $(ZLIBDIR); $(MAKE) clean - - distclean: clean - -rm -f Makefile config.status config.cache config.log config.h - -rm -f ssh.1 sshd.8 make-ssh-known-hosts.1 - cd $(GMPDIR); $(MAKE) distclean -- cd $(ZLIBDIR); $(MAKE) distclean -+# cd $(ZLIBDIR); $(MAKE) distclean - - dist: dist-free - -@@ -720,8 +724,8 @@ dist-make-dir: - gzip -cd $(GMPDIR)/$(GMPDIR).tar.gz | (cd $(DISTNAME); tar pxf - ) - # tar cf - $(RSAREFDIR) | (cd $(DISTNAME); tar xf -) - # cd $(DISTNAME)/$(RSAREFSRCDIR); rm -f *.o *.a -- (cd $(srcdir); tar pcf - $(ZLIBDIR) )| (cd $(DISTNAME); tar pxf -) -- cd $(DISTNAME)/$(ZLIBDIR); rm -f *.o *.a; rm -rf CVS -+# (cd $(srcdir); tar pcf - $(ZLIBDIR) )| (cd $(DISTNAME); tar pxf -) -+# cd $(DISTNAME)/$(ZLIBDIR); rm -f *.o *.a; rm -rf CVS - - #ifdef F_SECURE_COMMERCIAL - # -@@ -749,7 +753,7 @@ dist-increment-version: - (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null - - depend: -- $(MAKEDEP) -I$(srcdir) -I. -I$(GMPDIR) -I$(ZLIBDIR) $(DEFS) $(SRCS) -+ $(MAKEDEP) -I$(srcdir) -I. $(DEFS) $(SRCS) - - tags: - -rm -f TAGS diff --git a/security/ssh/patches/patch-ad b/security/ssh/patches/patch-ad deleted file mode 100644 index bf557926d3f..00000000000 --- a/security/ssh/patches/patch-ad +++ /dev/null @@ -1,13 +0,0 @@ -$NetBSD: patch-ad,v 1.2 1998/08/07 11:13:49 agc Exp $ - ---- make-ssh-known-hosts.pl.in.orig Tue Mar 17 21:37:38 1998 -+++ make-ssh-known-hosts.pl.in Tue Mar 17 21:44:18 1998 -@@ -1,5 +1,7 @@ --#! &PERL& -w -+: - # -*- perl -*- -+eval 'exec perl -S "$0" ${1+"$@"}' -+ if $running_under_some_shell; - ###################################################################### - # make-ssh-known-hosts.pl -- Make ssh-known-hosts file - # Copyright (c) 1995 Tero Kivinen diff --git a/security/ssh/patches/patch-ae b/security/ssh/patches/patch-ae deleted file mode 100644 index a65bf950a46..00000000000 --- a/security/ssh/patches/patch-ae +++ /dev/null @@ -1,21 +0,0 @@ -$NetBSD: patch-ae,v 1.6 1999/12/25 05:28:35 kim Exp $ - ---- server_config.sample.orig Wed May 12 07:18:51 1999 -+++ server_config.sample Fri Dec 24 22:38:35 1999 -@@ -1,7 +1,6 @@ - # This is ssh server systemwide configuration file. - - Port 22 --ListenAddress 0.0.0.0 - HostKey _ETCDIR_/ssh_host_key - RandomSeed _ETCDIR_/ssh_random_seed - ServerKeyBits 768 -@@ -16,7 +15,7 @@ - FascistLogging no - PrintMotd yes - KeepAlive yes --SyslogFacility DAEMON -+SyslogFacility AUTH - RhostsAuthentication no - RhostsRSAAuthentication yes - RSAAuthentication yes diff --git a/security/ssh/patches/patch-af b/security/ssh/patches/patch-af deleted file mode 100644 index c81c2dd2e99..00000000000 --- a/security/ssh/patches/patch-af +++ /dev/null @@ -1,659 +0,0 @@ -$NetBSD: patch-af,v 1.10 2000/03/20 02:25:50 itojun Exp $ - ---- sshd.c- Wed May 12 20:19:29 1999 -+++ sshd.c Mon Mar 20 09:57:30 2000 -@@ -511,7 +511,7 @@ - #include "firewall.h" /* TIS authsrv authentication */ - #endif - --#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) -+#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H) - #include <login_cap.h> - #endif - -@@ -537,15 +537,26 @@ - #define O_NOCTTY 0 - #endif - --#ifdef KERBEROS - #ifdef KRB5 - #include <krb5.h> - /* Global the contexts */ - krb5_context ssh_context = 0; - krb5_auth_context auth_context = 0; - #endif /* KRB5 */ --char *ticket = "none\0"; --#endif /* KERBEROS */ -+ -+#ifdef KRB4 -+#include <sys/param.h> -+#include <krb.h> -+#ifdef AFS -+#include <kafs.h> -+/* Local Xauthority file. */ -+char *xauthfile = NULL; -+#endif /* AFS */ -+#endif /* KRB4 */ -+ -+#if defined(KRB5) || defined(KRB4) -+char *ticket = NULL; -+#endif /* KRB5 || KRB4 */ - - /* Server configuration options. */ - ServerOptions options; -@@ -1115,7 +1126,6 @@ - /* Arrange SIGCHLD to be caught. */ - signal(SIGCHLD, main_sigchld_handler); - --#ifdef KERBEROS - #ifdef KRB5 - /* Initialize contexts and setup replay cache */ - if (!ssh_context) -@@ -1128,7 +1138,6 @@ - krb5_init_ets(ssh_context); - } - #endif --#endif - - /* Stay listening for connections until the system crashes or the - daemon is killed with a signal. */ -@@ -1407,6 +1416,16 @@ - /* Try to remove authentication socket and directory */ - auth_delete_socket(NULL); - -+#ifdef KRB4 -+ /* Cleanup user's ticket cache file. */ -+ if (options.kerberos_ticket_cleanup) -+ (void) dest_tkt(); -+#ifdef AFS -+ /* Cleanup user's local Xauthority file. */ -+ if (xauthfile) unlink(xauthfile); -+#endif /* AFS */ -+#endif /* KRB4 */ -+ - /* The connection has been terminated. */ - log_msg("Closing connection to %.100s", get_remote_ipaddr()); - packet_close(); -@@ -1470,17 +1489,17 @@ - if (options.tis_authentication) - auth_mask |= 1 << SSH_AUTH_TIS; - #endif --#ifdef KERBEROS --#ifdef KRB5 -+#if defined(KRB4) || defined(KRB5) - if (options.kerberos_authentication) - auth_mask |= 1 << SSH_AUTH_KERBEROS; - #endif --#endif --#ifdef KERBEROS_TGT_PASSING --#ifdef KRB5 -+#if defined(AFS) || defined(KRB5) - if (options.kerberos_tgt_passing) - auth_mask |= 1 << SSH_PASS_KERBEROS_TGT; - #endif -+#ifdef AFS -+ if (options.afs_token_passing) -+ auth_mask |= 1 << SSH_PASS_AFS_TOKEN; - #endif - if (options.password_authentication) - auth_mask |= 1 << SSH_AUTH_PASSWORD; -@@ -1677,7 +1696,7 @@ - /* XXX No days_before_password_expires calculation here */ - } - #endif /* HAVE_USERSEC_H */ --#ifdef HAVE_ETC_SHADOW -+#if defined(HAVE_ETC_SHADOW) && !defined(KRB4) && !defined(KRB5) - { - struct spwd *sp; - -@@ -1783,56 +1802,62 @@ - endspent(); - } - #endif /* HAVE_ETC_SHADOW */ --#ifdef __FreeBSD__ -- { -+/* Net2,BSD4.4,BSD/OS,NetBSD,FreeBSD and OpenBSD all define BSD4_4 -+ man passwd(5) says that format has changed since BSD4.3 -+ */ -+#ifdef BSD4_4 -+ if(pwd->pw_change || pwd->pw_expire) { - time_t currtime; - -- if (pwd->pw_change || pwd->pw_expire) - currtime = time(NULL); - - /* - * Check for an expired password - */ -- if (pwd->pw_change && pwd->pw_change <= currtime) -+ -+ if (pwd->pw_change) - { -- debug("Account %.100s's password is too old - forced to change.", -- user); -- if (options.forced_passwd_change) -+ /* PASSWD_CHGNOW seems to be -1 for now but... */ -+ if ( -+#if defined(PASSWD_CHGNOW) && PASSWD_CHGNOW > 0 -+ pwd->pw_change == PASSWD_CHGNOW || -+#endif -+ pwd->pw_change <= currtime) - { -- forced_command = xmalloc(sizeof(PASSWD_PATH) + strlen(user) + 2); -- snprintf(forced_command, sizeof(PASSWD_PATH) + strlen(user) + 2, -- "%.100s %.100s", PASSWD_PATH, user); -+ packet_send_debug("Password has expired"); -+ if(options.forced_passwd_change) -+ { -+ debug("Account %.99s's password is too old - change forced.", -+ user); -+ forced_command = xmalloc(sizeof(PASSWD_PATH) + -+ strlen(user) + 1); -+ sprintf(forced_command, "%s %s", PASSWD_PATH, user); - } - else - { - return 0; - } - } -- else -- { -- if (pwd->pw_change) -- { -+#ifdef PASSWD_CHGNOW -+ if(pwd->pw_change != PASSWD_CHGNOW) - days_before_password_expires = (pwd->pw_change - currtime) / 86400; -- } -+#endif - } - - /* - * Check for expired account - */ -- if (pwd->pw_expire && pwd->pw_expire <= currtime) -+ if (pwd->pw_expire) - { -- debug("Account %.100s has expired - access denied.", user); -+ if (pwd->pw_expire <= currtime) -+ { -+ packet_send_debug("Account has expired"); - return 0; - } -- else -- { -- if (pwd->pw_expire) -- { - days_before_account_expires = (pwd->pw_expire - currtime) / 86400; - } - } -- } --#endif /* !FreeBSD */ -+#endif /* !BSD4_4 */ - - #ifdef HAVE_HPUX_TCB_AUTH - { -@@ -2039,7 +2064,7 @@ - } - } - -- /* Check whether logins are deneid for this group. */ -+ /* Check whether logins are denied for this group. */ - grp = getgrgid(pwd->pw_gid); - if (grp) - group = grp->gr_name; -@@ -2151,12 +2176,12 @@ - unsigned int client_host_key_bits; - MP_INT client_host_key_e, client_host_key_n; - int password_attempts = 0; --#if defined(KERBEROS) && defined(KRB5) -+#ifdef KRB5 - char kuser[256]; - krb5_principal client = 0, tkt_client = 0; - krb5_data krb5data; --#endif /* defined(KERBEROS) && defined(KRB5) */ --#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) -+#endif /* KRB5 */ -+#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H) - login_cap_t *lc; - const char *hostname; - const char *ipaddr; -@@ -2167,10 +2192,18 @@ - ipaddr = get_remote_ipaddr(); - #endif /* HAVE_LOGIN_CAP_H */ - -+#ifdef AFS -+ /* If machine has AFS, set process authentication group. */ -+ if (k_hasafs()) { -+ k_setpag(); -+ k_unlog(); -+ } -+#endif /* AFS */ -+ - if (strlen(user) > 255) - do_authentication_fail_loop(); - --#if defined(KERBEROS) && defined(KRB5) -+#ifdef KRB5 - /* For KRB5 allow the user to input fully qualified name i.e. - "username@realm" as the local user name. Then use this name to call - out to krb5_aname_to_localname to find if there is a localname -@@ -2203,7 +2236,7 @@ - } - else - krb5_parse_name(ssh_context, user, &client); --#endif /* defined(KERBEROS) && defined(KRB5) */ -+#endif /* KRB5 */ - - /* Verify that the user is a valid user. We disallow usernames starting - with any characters that are commonly used to start NIS entries. */ -@@ -2218,11 +2251,11 @@ - pwcopy.pw_passwd = xstrdup(pw->pw_passwd); - pwcopy.pw_uid = pw->pw_uid; - pwcopy.pw_gid = pw->pw_gid; --#if (defined (__bsdi__) && _BSDI_VERSION >= 199510) || (defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)) -+#ifdef BSD4_4 - pwcopy.pw_class = xstrdup(pw->pw_class); - pwcopy.pw_change = pw->pw_change; - pwcopy.pw_expire = pw->pw_expire; --#endif /* __bsdi__ && _BSDI_VERSION >= 199510 */ -+#endif /* BSD4_4 */ - pwcopy.pw_dir = xstrdup(pw->pw_dir); - pwcopy.pw_shell = xstrdup(pw->pw_shell); - pw = &pwcopy; -@@ -2241,11 +2274,11 @@ - - debug("Attempting authentication for %.100s.", user); - --#if defined (KERBEROS) && defined (KRB5) -+ /* If the user has no password, accept authentication immediately. */ -+#ifdef KRB5 - if (!options.kerberos_authentication && options.password_authentication && - auth_password(user, "", 0)) --#else /* defined(KERBEROS) && defined(KRB5) */ -- /* If the user has no password, accept authentication immediately. */ -+#else /* KRB5 */ - #if defined (HAVE_SIA) - /* For SIA, only call auth_password() here if the user really - has no password. Otherwise, the call would generate misleading -@@ -2254,9 +2287,13 @@ - if (options.password_authentication && sia_no_password(user) && - auth_password(user, "")) - #else /* defined(HAVE_SIA) */ -- if (options.password_authentication && auth_password(user, "")) -+ if (options.password_authentication && -+#ifdef KRB4 -+ options.kerberos_or_local_passwd && -+#endif /* KRB4 */ -+ auth_password(user, "")) - #endif /* defined(HAVE_SIA) */ --#endif /* defined(KERBEROS) && defined(KRB5) */ -+#endif /* KRB5 */ - { - /* Authentication with empty password succeeded. */ - debug("Login for user %.100s accepted without authentication.", user); -@@ -2281,34 +2318,61 @@ - /* Process the packet. */ - switch (type) - { --#ifdef KERBEROS_TGT_PASSING --#ifdef KRB5 -+#if defined(KRB5) || defined(AFS) - case SSH_CMSG_HAVE_KERBEROS_TGT: -+#ifdef KRB5 - if (!options.kerberos_tgt_passing || - (!(options.kerberos_authentication || - options.password_authentication || - options.rsa_authentication))) -+#else /* KRB5 */ -+ if (!options.kerberos_tgt_passing) -+#endif /* KRB5 */ - { - packet_get_all(); - log_msg("Kerberos tgt passing disabled."); - break; - } -- -+#ifdef KRB5 - /* Accept Kerberos tgt. */ - krb5data.data = packet_get_string((unsigned int *) &krb5data.length); - -- if (!auth_kerberos_tgt(user, &krb5data, client) || -+ if (!auth_krb5_tgt(user, &krb5data, client) || - !krb5_kuserok(ssh_context, client, user)){ - log_msg("Kerberos tgt REFUSED for %.100s", user); - debug("Kerberos tgt REFUSED for %.100s", user); - } - free(krb5data.data); --#endif -+#else /* KRB5 */ -+ { -+ /* Accept Kerberos tgt. */ -+ char *tgt = packet_get_string(NULL); -+ if (!auth_kerberos_tgt(pw, tgt)) -+ debug("Kerberos tgt REFUSED for %s", user); -+ xfree(tgt); -+ } -+#endif /* KRB5 */ - continue; --#endif /* KERBEROS_TGT_PASSING */ -+#endif /* KRB5 || AFS */ - --#ifdef KERBEROS --#ifdef KRB5 -+#ifdef AFS -+ case SSH_CMSG_HAVE_AFS_TOKEN: -+ if (!k_hasafs() || !options.afs_token_passing) { -+ packet_get_all(); -+ log_msg("AFS token passing disabled."); -+ break; -+ } -+ else { -+ /* Accept AFS token. */ -+ char *token_string = packet_get_string(NULL); -+ if (!auth_afs_token(user, pw->pw_uid, token_string)) -+ debug("AFS token REFUSED for %s", user); -+ xfree(token_string); -+ continue; -+ } -+#endif /* AFS */ -+ -+#if defined(KRB4) || defined(KRB5) - case SSH_CMSG_AUTH_KERBEROS: - if (!options.kerberos_authentication) - { -@@ -2316,9 +2380,10 @@ - log_msg("Kerberos authentication disabled."); - break; - } -+#ifdef KRB5 - /* Try Kerberos authentication. */ - krb5data.data = packet_get_string((unsigned int *) &krb5data.length); -- if (auth_kerberos(user, &krb5data, &tkt_client)) -+ if (auth_krb5(user, &krb5data, &tkt_client)) - { - char *tkt_user; - -@@ -2347,11 +2412,31 @@ - } - free(tkt_user); - } --#endif /* KRB5 */ -- debug("Kerberos authentication failed for %.100s from %.200s", -- user, get_canonical_hostname()); -+#else /* !KRB5 XXX - how to make these coexist? */ -+ else { -+ /* Try Kerberos v4 authentication. */ -+ KTEXT_ST auth; -+ char *tkt_user = NULL; -+ char *kdata = packet_get_string((unsigned int *)&auth.length); -+ -+ memcpy(auth.dat, kdata, auth.length); -+ xfree(kdata); -+ -+ if (auth_krb4(user, &auth, &tkt_user)) { -+ /* Client has successfully authenticated to us. */ -+ log_msg("Kerberos authentication accepted %s for account " -+ "%.100s from %.200s", tkt_user, user, -+ get_canonical_hostname()); -+ authentication_type = SSH_AUTH_KERBEROS; -+ authenticated = 1; -+ xfree(tkt_user); - break; --#endif /* KERBEROS */ -+ } -+ log_msg("Kerberos authentication failed for account " -+ "%.100s from %.200s", user, get_canonical_hostname()); -+ } -+#endif /* KRB5 */ -+#endif /* KRB5 || KRB4 */ - - case SSH_CMSG_AUTH_RHOSTS: - if (!options.rhosts_authentication) -@@ -2568,7 +2653,7 @@ - if (!strncmp(buf, "challenge ", 10) || - !strncmp(buf, "chalnecho ", 10)) { - snprintf(prompt, sizeof(prompt), -- "Challenge \"%.100s\": ",&buf[10]); -+ "%.100s",&buf[10]); - debug("TIS challenge %.500s", buf); - packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE); - packet_put_string(prompt, strlen(prompt)); -@@ -2657,11 +2742,11 @@ - password_attempts++; - - /* Try authentication with the password. */ --#if defined(KERBEROS) && defined(KRB5) -+#ifdef KRB5 - if (auth_password(user, password, client)) --#else /* defined(KERBEROS) && defined(KRB5) */ -+#else /* KRB5 */ - if (auth_password(user, password)) --#endif /* defined(KERBEROS) && defined(KRB5) */ -+#endif /* KRB5 */ - { - /* Successful authentication. */ - /* Clear the password from memory. */ -@@ -2688,7 +2773,7 @@ - if (authenticated) - break; - --#ifdef KERBEROS -+#if defined(KRB5) - /* If you forwarded a ticket you get one shot for proper - authentication. */ - /* If tgt was passed unlink file */ -@@ -2699,7 +2784,7 @@ - else - ticket = NULL; - } --#endif /* KERBEROS */ -+#endif /* KRB5 */ - - /* Send a message indicating that the authentication attempt failed. */ - packet_start(SSH_SMSG_FAILURE); -@@ -2724,7 +2809,7 @@ - get_canonical_hostname()); - } - --#if defined (__FreeBSD__) && defined (HAVE_LOGIN_CAP_H) -+#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined (HAVE_LOGIN_CAP_H) - - lc = login_getclass(pw->pw_class); - -@@ -2965,6 +3050,21 @@ - display = x11_create_display_inet(screen); - if (!display) - goto fail; -+#ifdef AFS -+ /* Setup to have a local .Xauthority, if homedir is in AFS. */ -+ { -+ struct stat st; -+ char cell[64], *xauthdir = "/ticket"; -+ -+ if (k_hasafs() && k_afs_cell_of_file(pw->pw_dir, cell, sizeof(cell)) == 0) { -+ xauthfile = xmalloc(MAXPATHLEN); -+ if (stat(xauthdir, &st) < 0) -+ xauthdir = "/tmp"; -+ snprintf(xauthfile, MAXPATHLEN, "%s/Xauth%d_%d", xauthdir, -+ pw->pw_uid, getpid()); -+ } -+ } -+#endif /* AFS */ - break; - #else /* XAUTH_PATH */ - /* No xauth program; we won't accept forwarding with spoofing. */ -@@ -3283,12 +3383,9 @@ - struct sockaddr_in from; - int fromlen; - struct pty_cleanup_context cleanup_context; --#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) -+#if (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H) - login_cap_t *lc; - #endif --#if defined (__bsdi__) && _BSDI_VERSION >= 199510 -- struct timeval tp; --#endif /* __bsdi__ && _BSDI_VERSION >= 199510 */ - - /* We no longer need the child running on user's privileges. */ - userfile_uninit(); -@@ -3389,7 +3486,7 @@ - record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname, - &from); - --#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) -+#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H) - lc = login_getclass(pw->pw_class); - #endif - -@@ -3398,7 +3495,7 @@ - snprintf(line, sizeof(line), "%.200s/.hushlogin", pw->pw_dir); - quiet_login = stat(line, &st) >= 0; - --#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) -+#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H) - quiet_login = login_getcapbool(lc, "hushlogin", quiet_login); - #endif - -@@ -3425,7 +3522,7 @@ - } - #endif /* HAVE_SIA */ - --#ifdef __FreeBSD__ -+#if defined(__FreeBSD__) || defined(__NetBSD__) - if (command == NULL && !quiet_login) - { - #ifdef HAVE_LOGIN_CAP_H -@@ -3457,7 +3554,7 @@ - FILE *f; - - /* Print /etc/motd if it exists. */ --#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) -+#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H) - f = fopen(login_getcapstr(lc, "welcome", "/etc/motd", "/etc/motd"), - "r"); - #else -@@ -3469,33 +3566,9 @@ - fputs(line, stdout); - fclose(f); - } --#if defined (__bsdi__) && _BSDI_VERSION >= 199510 -- if (pw->pw_change || pw->pw_expire) -- (void)gettimeofday(&tp, (struct timezone *)NULL); -- if (pw->pw_change) -- { -- if (tp.tv_sec >= pw->pw_change) -- { -- fprintf(stderr,"Sorry -- your password has expired.\n"); -- exit(254); -- } -- days_before_password_expires = (pw->pw_change - tp.tv_sec) / -- 86400; -- } -- if (pw->pw_expire) -- { -- if (tp.tv_sec >= pw->pw_expire) -- { -- fprintf(stderr,"Sorry -- your account has expired.\n"); -- exit(254); -- } -- days_before_account_expires = (pw->pw_expire - tp.tv_sec) / -- 86400; -- } --#endif /* __bsdi__ & _BSDI_VERSION >= 199510 */ - } - --#if defined (__FreeBSD__) && defined HAVE_LOGIN_CAP_H -+#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined HAVE_LOGIN_CAP_H - login_close(lc); - #endif - -@@ -3883,8 +3956,11 @@ - lc = login_getclass(pw->pw_class); - auth_checknologin(lc); - #else /* !HAVE_LOGIN_CAP_H */ --#if defined (__bsdi__) && _BSDI_VERSION > 199510 -+#if ( defined (__bsdi__) && _BSDI_VERSION > 199510 ) || (defined(HAVE_LOGIN_CAP_H) && defined(__NetBSD__)) - login_cap_t *lc = 0; -+#if defined(__NetBSD__) -+ char *real_shell; -+#endif - - if ((lc = login_getclass(pw->pw_class)) == NULL) - { -@@ -4019,7 +4095,7 @@ - if (command != NULL || !options.use_login) - #endif /* USELOGIN */ - { --#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) -+#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H) - char *p, *s, **tmpenv; - - /* Initialize the new environment. -@@ -4180,10 +4256,23 @@ - and means /bin/sh. */ - shell = (user_shell[0] == '\0') ? DEFAULT_SHELL : user_shell; - --#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) -+#if (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H) - real_shell = login_getcapstr(lc, "shell", (char*)shell, (char*)shell); - login_close(lc); - #endif /* HAVE_LOGIN_CAP_H */ -+ -+#ifdef AFS -+ /* Try to get AFS tokens for the local cell. */ -+ if (k_hasafs()) { -+ char cell[64]; -+ -+ if (k_afs_cell_of_file(user_dir, cell, sizeof(cell)) == 0) -+ krb_afslog(cell, 0); -+ -+ krb_afslog(0, 0); -+ } -+#endif /* AFS */ -+ - /* Initialize the environment if not already done. In the first part we - allocate space for all environment variables. */ - if (env == NULL) -@@ -4290,13 +4379,21 @@ - } - #endif - --#ifdef KERBEROS -- /* Set KRBTKFILE to point to our ticket */ -+ /* Set KRBTKFILE to point to our ticket. */ - #ifdef KRB5 - if (ticket) - child_set_env(&env, &envsize, "KRB5CCNAME", ticket); - #endif /* KRB5 */ --#endif /* KERBEROS */ -+#ifdef KRB4 /* XXX - how to make these coexist? */ -+ if (ticket) -+ child_set_env(&env, &envsize, "KRBTKFILE", ticket); -+ -+#ifdef AFS -+ /* Set XAUTHORITY to a local file, if homedir is in AFS. */ -+ if (xauthfile) -+ child_set_env(&env, &envsize, "XAUTHORITY", xauthfile); -+#endif /* AFS */ -+#endif /* KRB4 */ - - /* Set variable for forwarded authentication connection, if we have one. */ - if (auth_get_socket_name() != NULL) -@@ -4554,7 +4651,7 @@ - /* Execute the shell. */ - argv[0] = buf; - argv[1] = NULL; --#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) -+#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H) - execve(real_shell, argv, env); - #else - execve(shell, argv, env); -@@ -4579,7 +4676,7 @@ - argv[1] = "-c"; - argv[2] = (char *)command; - argv[3] = NULL; --#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) -+#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H) - execve(real_shell, argv, env); - #else - execve(shell, argv, env); diff --git a/security/ssh/patches/patch-ag b/security/ssh/patches/patch-ag deleted file mode 100644 index b050880a36c..00000000000 --- a/security/ssh/patches/patch-ag +++ /dev/null @@ -1,49 +0,0 @@ -$NetBSD: patch-ag,v 1.4 2000/03/20 02:25:50 itojun Exp $ - ---- log-server.c- Wed May 12 20:19:26 1999 -+++ log-server.c Mon Mar 20 09:47:23 2000 -@@ -265,9 +265,12 @@ - { - struct fatal_cleanup *cu, *next_cu; - static int fatal_called = 0; --#ifdef KERBEROS -+#if defined(KRB4) || defined(KRB5) - extern char *ticket; --#endif -+#ifdef AFS -+ extern char *xauthfile; -+#endif /* AFS */ -+#endif /* KRB4 || KRB5 */ - - if (!fatal_called) - { -@@ -281,19 +284,27 @@ - (unsigned long)cu->proc, (unsigned long)cu->context); - (*cu->proc)(cu->context); - } --#ifdef KERBEROS -+#if defined(KRB4) || defined(KRB5) - /* If you forwarded a ticket you get one shot for proper - authentication. */ - /* If tgt was passed unlink file */ - if (ticket) - { - if (strcmp(ticket,"none")) -+#ifdef KRB5 - /* ticket -> FILE:path */ - unlink(ticket + 5); -+#else /* KRB4 */ -+ unlink(ticket); -+#endif - else - ticket = NULL; - } --#endif /* KERBEROS */ -+#ifdef AFS -+ /* If local XAUTHORITY was created, remove it. */ -+ if (xauthfile) unlink(xauthfile); -+#endif /* AFS */ -+#endif /* KRB4 || KRB5 */ - } - } - diff --git a/security/ssh/patches/patch-ah b/security/ssh/patches/patch-ah deleted file mode 100644 index fa30aff332f..00000000000 --- a/security/ssh/patches/patch-ah +++ /dev/null @@ -1,34 +0,0 @@ -$NetBSD: patch-ah,v 1.5 1999/12/25 05:28:35 kim Exp $ - ---- packet.c.orig Wed May 12 07:19:27 1999 -+++ packet.c Fri Dec 24 21:50:42 1999 -@@ -829,6 +829,7 @@ - { - /* Set IP options for an interactive connection. Use IPTOS_LOWDELAY - and TCP_NODELAY. */ -+#if 0 - #ifdef IPTOS_LOWDELAY - int lowdelay = IPTOS_LOWDELAY; - if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, (void *)&lowdelay, -@@ -840,11 +841,13 @@ - sizeof(on)) < 0) - error("setsockopt TCP_NODELAY: %.100s", strerror(errno)); - #endif /* TCP_NODELAY */ -+#endif /* 0 */ - } - else - { - /* Set IP options for a non-interactive connection. Use - IPTOS_THROUGHPUT. */ -+#if 0 - #ifdef IPTOS_THROUGHPUT - int throughput = IPTOS_THROUGHPUT; - if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, (void *)&throughput, -@@ -856,6 +859,7 @@ - sizeof(off)) < 0) - error("setsockopt TCP_NODELAY: %.100s", strerror(errno)); - #endif /* TCP_NODELAY */ -+#endif /* 0 */ - } - } - diff --git a/security/ssh/patches/patch-ai b/security/ssh/patches/patch-ai deleted file mode 100644 index 6189cc955b5..00000000000 --- a/security/ssh/patches/patch-ai +++ /dev/null @@ -1,52 +0,0 @@ -$NetBSD: patch-ai,v 1.6 2000/03/20 02:25:50 itojun Exp $ - ---- scp.c- Wed May 12 20:19:28 1999 -+++ scp.c Mon Mar 20 09:53:06 2000 -@@ -180,6 +180,11 @@ - #define STDERR_FILENO 2 - #endif - -+#ifdef AFS -+/* This is set to non-zero to disable authentication forwarding. */ -+int nofwd = 0; -+#endif /* AFS */ -+ - /* This is set to non-zero to enable verbose mode. */ - int verbose = 0; - -@@ -305,6 +310,10 @@ - args[i++] = "-P"; - if (batchmode) - args[i++] = "-oBatchMode yes"; -+#ifdef AFS -+ if (nofwd) -+ args[i++] = "-k"; -+#endif /* AFS */ - if (cipher != NULL) - { - args[i++] = "-c"; -@@ -441,7 +450,11 @@ - statistics = 0; - - fflag = tflag = 0; -- while ((ch = getopt(argc, argv, "aAqQdfprtvBCL1c:i:P:o:S:")) != EOF) -+ while ((ch = getopt(argc, argv, "aAqQdfprtvBCL1c:i:P:o:S" -+#ifdef AFS -+ "k" -+#endif -+ )) != EOF) - switch(ch) { /* User-visible flags. */ - case 'S': - ssh_program = optarg; -@@ -490,6 +503,11 @@ - case 'r': - iamrecursive = 1; - break; -+#ifdef AFS -+ case 'k': -+ nofwd = 1; -+ break; -+#endif /* AFS */ - /* Server options. */ - case 'd': - targetshouldbedirectory = 1; diff --git a/security/ssh/patches/patch-aj b/security/ssh/patches/patch-aj deleted file mode 100644 index 9848a82e221..00000000000 --- a/security/ssh/patches/patch-aj +++ /dev/null @@ -1,3944 +0,0 @@ -$NetBSD: patch-aj,v 1.12 2000/03/20 02:25:51 itojun Exp $ - ---- configure- Wed May 12 20:20:06 1999 -+++ configure Mon Mar 20 10:00:02 2000 -@@ -1,7 +1,7 @@ - #! /bin/sh - - # Guess values for system-dependent variables and create Makefiles. --# Generated automatically using autoconf version 2.12 -+# Generated automatically using autoconf version 2.13 - # Copyright (C) 1992, 93, 94, 95, 96 Free Software Foundation, Inc. - # - # This configure script is free software; the Free Software Foundation -@@ -49,9 +49,13 @@ - ac_help="$ac_help - --with-tis[=DIR] Enable support for TIS authentication server." - ac_help="$ac_help -- --with-kerberos5=[KRB_PREFIX] Compile in Kerberos5 support." -+ --with-krb4[=PATH] Compile in Kerberos v4 support." - ac_help="$ac_help -- --enable-kerberos-tgt-passing Pass Kerberos ticket-granting-ticket." -+ --with-krb5[=PATH] Compile in Kerberos v5 support." -+ac_help="$ac_help -+ --with-afs Compile in AFS support (requires KTH krb4)." -+ac_help="$ac_help -+ --with-hesiod[=PATH] Compile in Hesiod support." - ac_help="$ac_help - --with-libwrap[=PATH] Compile in libwrap (tcp_wrappers) support." - ac_help="$ac_help -@@ -130,6 +134,7 @@ - # Initialize some other variables. - subdirs= - MFLAGS= MAKEFLAGS= -+SHELL=${CONFIG_SHELL-/bin/sh} - # Maximum number of lines to put in a shell here document. - ac_max_here_lines=12 - -@@ -413,7 +418,7 @@ - verbose=yes ;; - - -version | --version | --versio | --versi | --vers) -- echo "configure generated by autoconf version 2.12" -+ echo "configure generated by autoconf version 2.13" - exit 0 ;; - - -with-* | --with-*) -@@ -583,9 +588,11 @@ - # CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. - ac_cpp='$CPP $CPPFLAGS' - ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' --ac_link='${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' -+ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' - cross_compiling=$ac_cv_prog_cc_cross - -+ac_exeext= -+ac_objext=o - if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then - # Stardent Vistra SVR4 grep lacks -e, says ghazi@caip.rutgers.edu. - if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then -@@ -626,33 +633,33 @@ - - - # Make sure we can run config.sub. --if $ac_config_sub sun4 >/dev/null 2>&1; then : -+if ${CONFIG_SHELL-/bin/sh} $ac_config_sub sun4 >/dev/null 2>&1; then : - else { echo "configure: error: can not run $ac_config_sub" 1>&2; exit 1; } - fi - - echo $ac_n "checking host system type""... $ac_c" 1>&6 --echo "configure:635: checking host system type" >&5 -+echo "configure:642: checking host system type" >&5 - - host_alias=$host - case "$host_alias" in - NONE) - case $nonopt in - NONE) -- if host_alias=`$ac_config_guess`; then : -+ if host_alias=`${CONFIG_SHELL-/bin/sh} $ac_config_guess`; then : - else { echo "configure: error: can not guess host type; you must specify one" 1>&2; exit 1; } - fi ;; - *) host_alias=$nonopt ;; - esac ;; - esac - --host=`$ac_config_sub $host_alias` -+host=`${CONFIG_SHELL-/bin/sh} $ac_config_sub $host_alias` - host_cpu=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` - host_vendor=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` - host_os=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` - echo "$ac_t""$host" 1>&6 - - echo $ac_n "checking cached information""... $ac_c" 1>&6 --echo "configure:656: checking cached information" >&5 -+echo "configure:663: checking cached information" >&5 - hostcheck="$host" - if eval "test \"`echo '$''{'ac_cv_hostcheck'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -671,15 +678,16 @@ - # Extract the first word of "gcc", so it can be a program name with args. - set dummy gcc; ac_word=$2 - echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 --echo "configure:675: checking for $ac_word" >&5 -+echo "configure:682: checking for $ac_word" >&5 - if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. - else -- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" -- for ac_dir in $PATH; do -+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" -+ ac_dummy="$PATH" -+ for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_prog_CC="gcc" -@@ -700,16 +708,17 @@ - # Extract the first word of "cc", so it can be a program name with args. - set dummy cc; ac_word=$2 - echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 --echo "configure:704: checking for $ac_word" >&5 -+echo "configure:712: checking for $ac_word" >&5 - if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. - else -- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" -+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" - ac_prog_rejected=no -- for ac_dir in $PATH; do -+ ac_dummy="$PATH" -+ for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - if test "$ac_dir/$ac_word" = "/usr/ucb/cc"; then -@@ -744,25 +753,61 @@ - echo "$ac_t""no" 1>&6 - fi - -+ if test -z "$CC"; then -+ case "`uname -s`" in -+ *win32* | *WIN32*) -+ # Extract the first word of "cl", so it can be a program name with args. -+set dummy cl; ac_word=$2 -+echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -+echo "configure:763: checking for $ac_word" >&5 -+if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then -+ echo $ac_n "(cached) $ac_c" 1>&6 -+else -+ if test -n "$CC"; then -+ ac_cv_prog_CC="$CC" # Let the user override the test. -+else -+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" -+ ac_dummy="$PATH" -+ for ac_dir in $ac_dummy; do -+ test -z "$ac_dir" && ac_dir=. -+ if test -f $ac_dir/$ac_word; then -+ ac_cv_prog_CC="cl" -+ break -+ fi -+ done -+ IFS="$ac_save_ifs" -+fi -+fi -+CC="$ac_cv_prog_CC" -+if test -n "$CC"; then -+ echo "$ac_t""$CC" 1>&6 -+else -+ echo "$ac_t""no" 1>&6 -+fi -+ ;; -+ esac -+ fi - test -z "$CC" && { echo "configure: error: no acceptable cc found in \$PATH" 1>&2; exit 1; } - fi - - echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6 --echo "configure:752: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 -+echo "configure:795: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 - - ac_ext=c - # CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. - ac_cpp='$CPP $CPPFLAGS' - ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' --ac_link='${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' -+ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' - cross_compiling=$ac_cv_prog_cc_cross - --cat > conftest.$ac_ext <<EOF --#line 762 "configure" -+cat > conftest.$ac_ext << EOF -+ -+#line 806 "configure" - #include "confdefs.h" -+ - main(){return(0);} - EOF --if { (eval echo configure:766: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:811: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - ac_cv_prog_cc_works=yes - # If we can't run a trivial program, we are probably using a cross compiler. - if (./conftest; exit) 2>/dev/null; then -@@ -776,18 +821,24 @@ - ac_cv_prog_cc_works=no - fi - rm -fr conftest* -+ac_ext=c -+# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. -+ac_cpp='$CPP $CPPFLAGS' -+ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' -+ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' -+cross_compiling=$ac_cv_prog_cc_cross - - echo "$ac_t""$ac_cv_prog_cc_works" 1>&6 - if test $ac_cv_prog_cc_works = no; then - { echo "configure: error: installation or configuration problem: C compiler cannot create executables." 1>&2; exit 1; } - fi - echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6 --echo "configure:786: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 -+echo "configure:837: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 - echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6 - cross_compiling=$ac_cv_prog_cc_cross - - echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6 --echo "configure:791: checking whether we are using GNU C" >&5 -+echo "configure:842: checking whether we are using GNU C" >&5 - if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else -@@ -796,7 +847,7 @@ - yes; - #endif - EOF --if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:800: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then -+if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:851: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then - ac_cv_prog_gcc=yes - else - ac_cv_prog_gcc=no -@@ -807,11 +858,15 @@ - - if test $ac_cv_prog_gcc = yes; then - GCC=yes -- ac_test_CFLAGS="${CFLAGS+set}" -- ac_save_CFLAGS="$CFLAGS" -- CFLAGS= -- echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6 --echo "configure:815: checking whether ${CC-cc} accepts -g" >&5 -+else -+ GCC= -+fi -+ -+ac_test_CFLAGS="${CFLAGS+set}" -+ac_save_CFLAGS="$CFLAGS" -+CFLAGS= -+echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6 -+echo "configure:870: checking whether ${CC-cc} accepts -g" >&5 - if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else -@@ -826,20 +881,104 @@ - fi - - echo "$ac_t""$ac_cv_prog_cc_g" 1>&6 -- if test "$ac_test_CFLAGS" = set; then -- CFLAGS="$ac_save_CFLAGS" -- elif test $ac_cv_prog_cc_g = yes; then -+if test "$ac_test_CFLAGS" = set; then -+ CFLAGS="$ac_save_CFLAGS" -+elif test $ac_cv_prog_cc_g = yes; then -+ if test "$GCC" = yes; then - CFLAGS="-g -O2" - else -+ CFLAGS="-g" -+ fi -+else -+ if test "$GCC" = yes; then - CFLAGS="-O2" -+ else -+ CFLAGS= - fi -+fi -+ -+echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6 -+echo "configure:902: checking how to run the C preprocessor" >&5 -+# On Suns, sometimes $CPP names a directory. -+if test -n "$CPP" && test -d "$CPP"; then -+ CPP= -+fi -+if test -z "$CPP"; then -+if eval "test \"`echo '$''{'ac_cv_prog_CPP'+set}'`\" = set"; then -+ echo $ac_n "(cached) $ac_c" 1>&6 - else -- GCC= -- test "${CFLAGS+set}" = set || CFLAGS="-g" -+ # This must be in double quotes, not single quotes, because CPP may get -+ # substituted into the Makefile and "${CC-cc}" will confuse make. -+ CPP="${CC-cc} -E" -+ # On the NeXT, cc -E runs the code through the compiler's parser, -+ # not just through cpp. -+ cat > conftest.$ac_ext <<EOF -+#line 917 "configure" -+#include "confdefs.h" -+#include <assert.h> -+Syntax Error -+EOF -+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -+{ (eval echo configure:923: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` -+if test -z "$ac_err"; then -+ : -+else -+ echo "$ac_err" >&5 -+ echo "configure: failed program was:" >&5 -+ cat conftest.$ac_ext >&5 -+ rm -rf conftest* -+ CPP="${CC-cc} -E -traditional-cpp" -+ cat > conftest.$ac_ext <<EOF -+#line 934 "configure" -+#include "confdefs.h" -+#include <assert.h> -+Syntax Error -+EOF -+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -+{ (eval echo configure:940: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` -+if test -z "$ac_err"; then -+ : -+else -+ echo "$ac_err" >&5 -+ echo "configure: failed program was:" >&5 -+ cat conftest.$ac_ext >&5 -+ rm -rf conftest* -+ CPP="${CC-cc} -nologo -E" -+ cat > conftest.$ac_ext <<EOF -+#line 951 "configure" -+#include "confdefs.h" -+#include <assert.h> -+Syntax Error -+EOF -+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -+{ (eval echo configure:957: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` -+if test -z "$ac_err"; then -+ : -+else -+ echo "$ac_err" >&5 -+ echo "configure: failed program was:" >&5 -+ cat conftest.$ac_ext >&5 -+ rm -rf conftest* -+ CPP=/lib/cpp -+fi -+rm -f conftest* -+fi -+rm -f conftest* -+fi -+rm -f conftest* -+ ac_cv_prog_CPP="$CPP" - fi -+ CPP="$ac_cv_prog_CPP" -+else -+ ac_cv_prog_CPP="$CPP" -+fi -+echo "$ac_t""$CPP" 1>&6 - - echo $ac_n "checking for POSIXized ISC""... $ac_c" 1>&6 --echo "configure:843: checking for POSIXized ISC" >&5 -+echo "configure:982: checking for POSIXized ISC" >&5 - if test -d /etc/conf/kconfig.d && - grep _POSIX_VERSION /usr/include/sys/unistd.h >/dev/null 2>&1 - then -@@ -876,20 +1015,12 @@ - ;; - *-*-solaris*) - # solaris stuff. appro@fy.chalmers.se -- cat >> confdefs.h <<\EOF --#define SECURE_RPC 1 --EOF -- -- cat >> confdefs.h <<\EOF --#define SECURE_NFS 1 --EOF -- -+# this stuff breaks AFS/Kerberos. YUCK. -+# AC_DEFINE(SECURE_RPC) -+# AC_DEFINE(SECURE_NFS) - # NIS+ is forced so that we don't have to recompile - # if we move to NIS+. appro@fy.chalmers.se -- cat >> confdefs.h <<\EOF --#define NIS_PLUS 1 --EOF -- -+# AC_DEFINE(NIS_PLUS) - ;; - *-*-sunos*) - os_sunos=yes -@@ -931,14 +1062,14 @@ - no_shadows_password_checking=yes - # We want support for <proj.h> eivind@ii.uib.no - cat > conftest.$ac_ext <<EOF --#line 935 "configure" -+#line 1066 "configure" - #include "confdefs.h" - #include <proj.h> - int main() { - int foo = MAXPROJNAMELEN; - ; return 0; } - EOF --if { (eval echo configure:942: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then -+if { (eval echo configure:1073: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - rm -rf conftest* - cat >> confdefs.h <<\EOF - #define HAVE_SGI_PROJ_H 1 -@@ -953,7 +1084,7 @@ - *-ibm-aix3.2|*-ibm-aix3.2.0|*-ibm-aix3.2.1|*-ibm-aix3.2.2|*-ibm-aix3.2.3|*-ibm-aix3.2.4) - os_aix=yes - echo $ac_n "checking for getuserattr in -ls""... $ac_c" 1>&6 --echo "configure:957: checking for getuserattr in -ls" >&5 -+echo "configure:1088: checking for getuserattr in -ls" >&5 - ac_lib_var=`echo s'_'getuserattr | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -961,7 +1092,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-ls $LIBS" - cat > conftest.$ac_ext <<EOF --#line 965 "configure" -+#line 1096 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -972,7 +1103,7 @@ - getuserattr() - ; return 0; } - EOF --if { (eval echo configure:976: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:1107: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -1004,7 +1135,7 @@ - no_utmpx=yes - os_aix=yes - echo $ac_n "checking for getuserattr in -ls""... $ac_c" 1>&6 --echo "configure:1008: checking for getuserattr in -ls" >&5 -+echo "configure:1139: checking for getuserattr in -ls" >&5 - ac_lib_var=`echo s'_'getuserattr | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -1012,7 +1143,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-ls $LIBS" - cat > conftest.$ac_ext <<EOF --#line 1016 "configure" -+#line 1147 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -1023,7 +1154,7 @@ - getuserattr() - ; return 0; } - EOF --if { (eval echo configure:1027: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:1158: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -1054,7 +1185,7 @@ - *-ibm-aix*) - os_aix=yes - echo $ac_n "checking for getuserattr in -ls""... $ac_c" 1>&6 --echo "configure:1058: checking for getuserattr in -ls" >&5 -+echo "configure:1189: checking for getuserattr in -ls" >&5 - ac_lib_var=`echo s'_'getuserattr | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -1062,7 +1193,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-ls $LIBS" - cat > conftest.$ac_ext <<EOF --#line 1066 "configure" -+#line 1197 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -1073,7 +1204,7 @@ - getuserattr() - ; return 0; } - EOF --if { (eval echo configure:1077: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:1208: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -1123,7 +1254,7 @@ - # Ultrix shadow passwords implemented in auth-passwd.c. - no_shadows_password_checking=yes - echo $ac_n "checking for authenticate_user in -lauth""... $ac_c" 1>&6 --echo "configure:1127: checking for authenticate_user in -lauth" >&5 -+echo "configure:1258: checking for authenticate_user in -lauth" >&5 - ac_lib_var=`echo auth'_'authenticate_user | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -1131,7 +1262,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lauth $LIBS" - cat > conftest.$ac_ext <<EOF --#line 1135 "configure" -+#line 1266 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -1142,7 +1273,7 @@ - authenticate_user() - ; return 0; } - EOF --if { (eval echo configure:1146: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:1277: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -1170,14 +1301,14 @@ - fi - - cat > conftest.$ac_ext <<EOF --#line 1174 "configure" -+#line 1305 "configure" - #include "confdefs.h" - #include <syslog.h> - int main() { - int foo = LOG_DAEMON; - ; return 0; } - EOF --if { (eval echo configure:1181: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then -+if { (eval echo configure:1312: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - : - else - echo "configure: failed program was:" >&5 -@@ -1215,7 +1346,7 @@ - CFLAGS="$CFLAGS -Ae -D_HPUX_SOURCE" - fi - echo $ac_n "checking for HPUX tcb auth option""... $ac_c" 1>&6 --echo "configure:1219: checking for HPUX tcb auth option" >&5 -+echo "configure:1350: checking for HPUX tcb auth option" >&5 - if test -f /tcb/files/auth/system/pw_id_map; then - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF -@@ -1227,7 +1358,7 @@ - echo "$ac_t""no" 1>&6 - fi - echo $ac_n "checking for keyserv""... $ac_c" 1>&6 --echo "configure:1231: checking for keyserv" >&5 -+echo "configure:1362: checking for keyserv" >&5 - if test -f /usr/sbin/keyserv; then - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF -@@ -1256,7 +1387,7 @@ - # The man page says that we need -lsecurity -ldb -laud -lm to quickstart - # programs using enchanced security. - echo $ac_n "checking for set_auth_parameters in -lsecurity""... $ac_c" 1>&6 --echo "configure:1260: checking for set_auth_parameters in -lsecurity" >&5 -+echo "configure:1391: checking for set_auth_parameters in -lsecurity" >&5 - ac_lib_var=`echo security'_'set_auth_parameters | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -1264,7 +1395,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lsecurity $LIBS" - cat > conftest.$ac_ext <<EOF --#line 1268 "configure" -+#line 1399 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -1275,7 +1406,7 @@ - set_auth_parameters() - ; return 0; } - EOF --if { (eval echo configure:1279: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:1410: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -1303,7 +1434,7 @@ - fi - - echo $ac_n "checking for audgen in -laud""... $ac_c" 1>&6 --echo "configure:1307: checking for audgen in -laud" >&5 -+echo "configure:1438: checking for audgen in -laud" >&5 - ac_lib_var=`echo aud'_'audgen | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -1311,7 +1442,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-laud $LIBS" - cat > conftest.$ac_ext <<EOF --#line 1315 "configure" -+#line 1446 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -1322,7 +1453,7 @@ - audgen() - ; return 0; } - EOF --if { (eval echo configure:1326: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:1457: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -1350,7 +1481,7 @@ - fi - - echo $ac_n "checking for dbopen in -ldb""... $ac_c" 1>&6 --echo "configure:1354: checking for dbopen in -ldb" >&5 -+echo "configure:1485: checking for dbopen in -ldb" >&5 - ac_lib_var=`echo db'_'dbopen | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -1358,7 +1489,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-ldb $LIBS" - cat > conftest.$ac_ext <<EOF --#line 1362 "configure" -+#line 1493 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -1369,7 +1500,7 @@ - dbopen() - ; return 0; } - EOF --if { (eval echo configure:1373: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:1504: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -1397,7 +1528,7 @@ - fi - - echo $ac_n "checking for sin in -lm""... $ac_c" 1>&6 --echo "configure:1401: checking for sin in -lm" >&5 -+echo "configure:1532: checking for sin in -lm" >&5 - ac_lib_var=`echo m'_'sin | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -1405,7 +1536,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lm $LIBS" - cat > conftest.$ac_ext <<EOF --#line 1409 "configure" -+#line 1540 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -1416,7 +1547,7 @@ - sin() - ; return 0; } - EOF --if { (eval echo configure:1420: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:1551: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -1446,12 +1577,12 @@ - for ac_func in setluid - do - echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 --echo "configure:1450: checking for $ac_func" >&5 -+echo "configure:1581: checking for $ac_func" >&5 - if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 1455 "configure" -+#line 1586 "configure" - #include "confdefs.h" - /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func(); below. */ -@@ -1474,7 +1605,7 @@ - - ; return 0; } - EOF --if { (eval echo configure:1478: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:1609: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" - else -@@ -1507,7 +1638,7 @@ - OLD_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS -I." - cat > conftest.$ac_ext <<EOF --#line 1511 "configure" -+#line 1642 "configure" - #include "confdefs.h" - #include <sys/types.h> - #include <sys/security.h> -@@ -1516,7 +1647,7 @@ - - ; return 0; } - EOF --if { (eval echo configure:1520: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then -+if { (eval echo configure:1651: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - : - else - echo "configure: failed program was:" >&5 -@@ -1545,12 +1676,12 @@ - *-*-linux*|*-*-mklinux*) - CFLAGS="-D_GNU_SOURCE $CFLAGS" - echo $ac_n "checking for getspnam""... $ac_c" 1>&6 --echo "configure:1549: checking for getspnam" >&5 -+echo "configure:1680: checking for getspnam" >&5 - if eval "test \"`echo '$''{'ac_cv_func_getspnam'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 1554 "configure" -+#line 1685 "configure" - #include "confdefs.h" - /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char getspnam(); below. */ -@@ -1573,7 +1704,7 @@ - - ; return 0; } - EOF --if { (eval echo configure:1577: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:1708: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_func_getspnam=yes" - else -@@ -1594,7 +1725,7 @@ - - if test $ac_cv_func_getspnam = no; then - echo $ac_n "checking for getspnam in -lshadow""... $ac_c" 1>&6 --echo "configure:1598: checking for getspnam in -lshadow" >&5 -+echo "configure:1729: checking for getspnam in -lshadow" >&5 - ac_lib_var=`echo shadow'_'getspnam | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -1602,7 +1733,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lshadow $LIBS" - cat > conftest.$ac_ext <<EOF --#line 1606 "configure" -+#line 1737 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -1613,7 +1744,7 @@ - getspnam() - ; return 0; } - EOF --if { (eval echo configure:1617: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:1748: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -1651,12 +1782,12 @@ - for ac_func in pw_encrypt - do - echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 --echo "configure:1655: checking for $ac_func" >&5 -+echo "configure:1786: checking for $ac_func" >&5 - if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 1660 "configure" -+#line 1791 "configure" - #include "confdefs.h" - /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func(); below. */ -@@ -1679,7 +1810,7 @@ - - ; return 0; } - EOF --if { (eval echo configure:1683: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:1814: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" - else -@@ -1705,7 +1836,7 @@ - - if test $ac_cv_func_pw_encrypt = no; then - echo $ac_n "checking for pw_encrypt in -lshadow""... $ac_c" 1>&6 --echo "configure:1709: checking for pw_encrypt in -lshadow" >&5 -+echo "configure:1840: checking for pw_encrypt in -lshadow" >&5 - ac_lib_var=`echo shadow'_'pw_encrypt | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -1713,7 +1844,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lshadow $LIBS" - cat > conftest.$ac_ext <<EOF --#line 1717 "configure" -+#line 1848 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -1724,7 +1855,7 @@ - pw_encrypt() - ; return 0; } - EOF --if { (eval echo configure:1728: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:1859: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -1748,7 +1879,7 @@ - - fi - echo $ac_n "checking whether to enable pw_encrypt""... $ac_c" 1>&6 --echo "configure:1752: checking whether to enable pw_encrypt" >&5 -+echo "configure:1883: checking whether to enable pw_encrypt" >&5 - # Check whether --enable-deprecated-linux-pw-encrypt or --disable-deprecated-linux-pw-encrypt was given. - if test "${enable_deprecated_linux_pw_encrypt+set}" = set; then - enableval="$enable_deprecated_linux_pw_encrypt" -@@ -1825,7 +1956,7 @@ - EOF - - echo $ac_n "checking for openlog in -lgen""... $ac_c" 1>&6 --echo "configure:1829: checking for openlog in -lgen" >&5 -+echo "configure:1960: checking for openlog in -lgen" >&5 - ac_lib_var=`echo gen'_'openlog | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -1833,7 +1964,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lgen $LIBS" - cat > conftest.$ac_ext <<EOF --#line 1837 "configure" -+#line 1968 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -1844,7 +1975,7 @@ - openlog() - ; return 0; } - EOF --if { (eval echo configure:1848: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:1979: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -1874,7 +2005,7 @@ - ;; - *-*-sysv4*) - echo $ac_n "checking for openlog in -lgen""... $ac_c" 1>&6 --echo "configure:1878: checking for openlog in -lgen" >&5 -+echo "configure:2009: checking for openlog in -lgen" >&5 - ac_lib_var=`echo gen'_'openlog | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -1882,7 +2013,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lgen $LIBS" - cat > conftest.$ac_ext <<EOF --#line 1886 "configure" -+#line 2017 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -1893,7 +2024,7 @@ - openlog() - ; return 0; } - EOF --if { (eval echo configure:1897: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:2028: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -1989,24 +2120,18 @@ - - export CFLAGS CC - --# Socket pairs appear to be broken on several systems. I don't know exactly --# where, so I'll use pipes everywhere for now. --cat >> confdefs.h <<\EOF --#define USE_PIPES 1 --EOF -- - - echo $ac_n "checking that the compiler works""... $ac_c" 1>&6 --echo "configure:2001: checking that the compiler works" >&5 -+echo "configure:2126: checking that the compiler works" >&5 - if test "$cross_compiling" = yes; then - { echo "configure: error: Could not compile and run even a trivial ANSI C program - check CC." 1>&2; exit 1; } - else - cat > conftest.$ac_ext <<EOF --#line 2006 "configure" -+#line 2131 "configure" - #include "confdefs.h" - main(int ac, char **av) { return 0; } - EOF --if { (eval echo configure:2010: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null -+if { (eval echo configure:2135: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null - then - echo "$ac_t""yes" 1>&6 - else -@@ -2023,18 +2148,18 @@ - if test -z "$no_pipe"; then - if test -n "$GCC"; then - echo $ac_n "checking if the compiler understands -pipe""... $ac_c" 1>&6 --echo "configure:2027: checking if the compiler understands -pipe" >&5 -+echo "configure:2152: checking if the compiler understands -pipe" >&5 - OLDCC="$CC" - CC="$CC -pipe" - cat > conftest.$ac_ext <<EOF --#line 2031 "configure" -+#line 2156 "configure" - #include "confdefs.h" - - int main() { - - ; return 0; } - EOF --if { (eval echo configure:2038: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then -+if { (eval echo configure:2163: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - rm -rf conftest* - echo "$ac_t""yes" 1>&6 - else -@@ -2049,7 +2174,7 @@ - fi - - echo $ac_n "checking whether to enable -Wall""... $ac_c" 1>&6 --echo "configure:2053: checking whether to enable -Wall" >&5 -+echo "configure:2178: checking whether to enable -Wall" >&5 - # Check whether --enable-warnings or --disable-warnings was given. - if test "${enable_warnings+set}" = set; then - enableval="$enable_warnings" -@@ -2063,12 +2188,12 @@ - - - echo $ac_n "checking return type of signal handlers""... $ac_c" 1>&6 --echo "configure:2067: checking return type of signal handlers" >&5 -+echo "configure:2192: checking return type of signal handlers" >&5 - if eval "test \"`echo '$''{'ac_cv_type_signal'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 2072 "configure" -+#line 2197 "configure" - #include "confdefs.h" - #include <sys/types.h> - #include <signal.h> -@@ -2085,7 +2210,7 @@ - int i; - ; return 0; } - EOF --if { (eval echo configure:2089: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then -+if { (eval echo configure:2214: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - rm -rf conftest* - ac_cv_type_signal=void - else -@@ -2103,74 +2228,13 @@ - EOF - - --echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6 --echo "configure:2108: checking how to run the C preprocessor" >&5 --# On Suns, sometimes $CPP names a directory. --if test -n "$CPP" && test -d "$CPP"; then -- CPP= --fi --if test -z "$CPP"; then --if eval "test \"`echo '$''{'ac_cv_prog_CPP'+set}'`\" = set"; then -- echo $ac_n "(cached) $ac_c" 1>&6 --else -- # This must be in double quotes, not single quotes, because CPP may get -- # substituted into the Makefile and "${CC-cc}" will confuse make. -- CPP="${CC-cc} -E" -- # On the NeXT, cc -E runs the code through the compiler's parser, -- # not just through cpp. -- cat > conftest.$ac_ext <<EOF --#line 2123 "configure" --#include "confdefs.h" --#include <assert.h> --Syntax Error --EOF --ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" --{ (eval echo configure:2129: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } --ac_err=`grep -v '^ *+' conftest.out` --if test -z "$ac_err"; then -- : --else -- echo "$ac_err" >&5 -- echo "configure: failed program was:" >&5 -- cat conftest.$ac_ext >&5 -- rm -rf conftest* -- CPP="${CC-cc} -E -traditional-cpp" -- cat > conftest.$ac_ext <<EOF --#line 2140 "configure" --#include "confdefs.h" --#include <assert.h> --Syntax Error --EOF --ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" --{ (eval echo configure:2146: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } --ac_err=`grep -v '^ *+' conftest.out` --if test -z "$ac_err"; then -- : --else -- echo "$ac_err" >&5 -- echo "configure: failed program was:" >&5 -- cat conftest.$ac_ext >&5 -- rm -rf conftest* -- CPP=/lib/cpp --fi --rm -f conftest* --fi --rm -f conftest* -- ac_cv_prog_CPP="$CPP" --fi -- CPP="$ac_cv_prog_CPP" --else -- ac_cv_prog_CPP="$CPP" --fi --echo "$ac_t""$CPP" 1>&6 -- - echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6 --echo "configure:2169: checking for ANSI C header files" >&5 -+echo "configure:2233: checking for ANSI C header files" >&5 - if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 2174 "configure" -+#line 2238 "configure" - #include "confdefs.h" - #include <stdlib.h> - #include <stdarg.h> -@@ -2178,8 +2242,8 @@ - #include <float.h> - EOF - ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" --{ (eval echo configure:2182: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } --ac_err=`grep -v '^ *+' conftest.out` -+{ (eval echo configure:2246: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` - if test -z "$ac_err"; then - rm -rf conftest* - ac_cv_header_stdc=yes -@@ -2195,7 +2259,7 @@ - if test $ac_cv_header_stdc = yes; then - # SunOS 4.x string.h does not declare mem*, contrary to ANSI. - cat > conftest.$ac_ext <<EOF --#line 2199 "configure" -+#line 2263 "configure" - #include "confdefs.h" - #include <string.h> - EOF -@@ -2213,7 +2277,7 @@ - if test $ac_cv_header_stdc = yes; then - # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. - cat > conftest.$ac_ext <<EOF --#line 2217 "configure" -+#line 2281 "configure" - #include "confdefs.h" - #include <stdlib.h> - EOF -@@ -2234,7 +2298,7 @@ - : - else - cat > conftest.$ac_ext <<EOF --#line 2238 "configure" -+#line 2302 "configure" - #include "confdefs.h" - #include <ctype.h> - #define ISLOWER(c) ('a' <= (c) && (c) <= 'z') -@@ -2245,7 +2309,7 @@ - exit (0); } - - EOF --if { (eval echo configure:2249: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null -+if { (eval echo configure:2313: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null - then - : - else -@@ -2269,12 +2333,12 @@ - fi - - echo $ac_n "checking for size_t""... $ac_c" 1>&6 --echo "configure:2273: checking for size_t" >&5 -+echo "configure:2337: checking for size_t" >&5 - if eval "test \"`echo '$''{'ac_cv_type_size_t'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 2278 "configure" -+#line 2342 "configure" - #include "confdefs.h" - #include <sys/types.h> - #if STDC_HEADERS -@@ -2283,7 +2347,7 @@ - #endif - EOF - if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | -- egrep "size_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then -+ egrep "(^|[^a-zA-Z_0-9])size_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then - rm -rf conftest* - ac_cv_type_size_t=yes - else -@@ -2302,12 +2366,12 @@ - fi - - echo $ac_n "checking for uid_t in sys/types.h""... $ac_c" 1>&6 --echo "configure:2306: checking for uid_t in sys/types.h" >&5 -+echo "configure:2370: checking for uid_t in sys/types.h" >&5 - if eval "test \"`echo '$''{'ac_cv_type_uid_t'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 2311 "configure" -+#line 2375 "configure" - #include "confdefs.h" - #include <sys/types.h> - EOF -@@ -2336,12 +2400,12 @@ - fi - - echo $ac_n "checking for off_t""... $ac_c" 1>&6 --echo "configure:2340: checking for off_t" >&5 -+echo "configure:2404: checking for off_t" >&5 - if eval "test \"`echo '$''{'ac_cv_type_off_t'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 2345 "configure" -+#line 2409 "configure" - #include "confdefs.h" - #include <sys/types.h> - #if STDC_HEADERS -@@ -2350,7 +2414,7 @@ - #endif - EOF - if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | -- egrep "off_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then -+ egrep "(^|[^a-zA-Z_0-9])off_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then - rm -rf conftest* - ac_cv_type_off_t=yes - else -@@ -2369,12 +2433,12 @@ - fi - - echo $ac_n "checking for mode_t""... $ac_c" 1>&6 --echo "configure:2373: checking for mode_t" >&5 -+echo "configure:2437: checking for mode_t" >&5 - if eval "test \"`echo '$''{'ac_cv_type_mode_t'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 2378 "configure" -+#line 2442 "configure" - #include "confdefs.h" - #include <sys/types.h> - #if STDC_HEADERS -@@ -2383,7 +2447,7 @@ - #endif - EOF - if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | -- egrep "mode_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then -+ egrep "(^|[^a-zA-Z_0-9])mode_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then - rm -rf conftest* - ac_cv_type_mode_t=yes - else -@@ -2402,12 +2466,12 @@ - fi - - echo $ac_n "checking for st_blksize in struct stat""... $ac_c" 1>&6 --echo "configure:2406: checking for st_blksize in struct stat" >&5 -+echo "configure:2470: checking for st_blksize in struct stat" >&5 - if eval "test \"`echo '$''{'ac_cv_struct_st_blksize'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 2411 "configure" -+#line 2475 "configure" - #include "confdefs.h" - #include <sys/types.h> - #include <sys/stat.h> -@@ -2415,7 +2479,7 @@ - struct stat s; s.st_blksize; - ; return 0; } - EOF --if { (eval echo configure:2419: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then -+if { (eval echo configure:2483: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - rm -rf conftest* - ac_cv_struct_st_blksize=yes - else -@@ -2437,12 +2501,12 @@ - - - echo $ac_n "checking for working const""... $ac_c" 1>&6 --echo "configure:2441: checking for working const" >&5 -+echo "configure:2505: checking for working const" >&5 - if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 2446 "configure" -+#line 2510 "configure" - #include "confdefs.h" - - int main() { -@@ -2491,7 +2555,7 @@ - - ; return 0; } - EOF --if { (eval echo configure:2495: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then -+if { (eval echo configure:2559: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - rm -rf conftest* - ac_cv_c_const=yes - else -@@ -2512,21 +2576,21 @@ - fi - - echo $ac_n "checking for inline""... $ac_c" 1>&6 --echo "configure:2516: checking for inline" >&5 -+echo "configure:2580: checking for inline" >&5 - if eval "test \"`echo '$''{'ac_cv_c_inline'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - ac_cv_c_inline=no - for ac_kw in inline __inline__ __inline; do - cat > conftest.$ac_ext <<EOF --#line 2523 "configure" -+#line 2587 "configure" - #include "confdefs.h" - - int main() { - } $ac_kw foo() { - ; return 0; } - EOF --if { (eval echo configure:2530: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then -+if { (eval echo configure:2594: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - rm -rf conftest* - ac_cv_c_inline=$ac_kw; break - else -@@ -2552,14 +2616,14 @@ - esac - - echo $ac_n "checking whether byte ordering is bigendian""... $ac_c" 1>&6 --echo "configure:2556: checking whether byte ordering is bigendian" >&5 -+echo "configure:2620: checking whether byte ordering is bigendian" >&5 - if eval "test \"`echo '$''{'ac_cv_c_bigendian'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - ac_cv_c_bigendian=unknown - # See if sys/param.h defines the BYTE_ORDER macro. - cat > conftest.$ac_ext <<EOF --#line 2563 "configure" -+#line 2627 "configure" - #include "confdefs.h" - #include <sys/types.h> - #include <sys/param.h> -@@ -2570,11 +2634,11 @@ - #endif - ; return 0; } - EOF --if { (eval echo configure:2574: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then -+if { (eval echo configure:2638: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - rm -rf conftest* - # It does; now see whether it defined to BIG_ENDIAN or not. - cat > conftest.$ac_ext <<EOF --#line 2578 "configure" -+#line 2642 "configure" - #include "confdefs.h" - #include <sys/types.h> - #include <sys/param.h> -@@ -2585,7 +2649,7 @@ - #endif - ; return 0; } - EOF --if { (eval echo configure:2589: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then -+if { (eval echo configure:2653: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - rm -rf conftest* - ac_cv_c_bigendian=yes - else -@@ -2605,7 +2669,7 @@ - { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } - else - cat > conftest.$ac_ext <<EOF --#line 2609 "configure" -+#line 2673 "configure" - #include "confdefs.h" - main () { - /* Are we little or big endian? From Harbison&Steele. */ -@@ -2618,7 +2682,7 @@ - exit (u.c[sizeof (long) - 1] == 1); - } - EOF --if { (eval echo configure:2622: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null -+if { (eval echo configure:2686: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null - then - ac_cv_c_bigendian=no - else -@@ -2642,7 +2706,7 @@ - fi - - echo $ac_n "checking size of long""... $ac_c" 1>&6 --echo "configure:2646: checking size of long" >&5 -+echo "configure:2710: checking size of long" >&5 - if eval "test \"`echo '$''{'ac_cv_sizeof_long'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else -@@ -2650,7 +2714,7 @@ - ac_cv_sizeof_long=4 - else - cat > conftest.$ac_ext <<EOF --#line 2654 "configure" -+#line 2718 "configure" - #include "confdefs.h" - #include <stdio.h> - main() -@@ -2661,7 +2725,7 @@ - exit(0); - } - EOF --if { (eval echo configure:2665: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null -+if { (eval echo configure:2729: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null - then - ac_cv_sizeof_long=`cat conftestval` - else -@@ -2681,7 +2745,7 @@ - - - echo $ac_n "checking size of int""... $ac_c" 1>&6 --echo "configure:2685: checking size of int" >&5 -+echo "configure:2749: checking size of int" >&5 - if eval "test \"`echo '$''{'ac_cv_sizeof_int'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else -@@ -2689,7 +2753,7 @@ - ac_cv_sizeof_int=4 - else - cat > conftest.$ac_ext <<EOF --#line 2693 "configure" -+#line 2757 "configure" - #include "confdefs.h" - #include <stdio.h> - main() -@@ -2700,7 +2764,7 @@ - exit(0); - } - EOF --if { (eval echo configure:2704: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null -+if { (eval echo configure:2768: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null - then - ac_cv_sizeof_int=`cat conftestval` - else -@@ -2720,7 +2784,7 @@ - - - echo $ac_n "checking size of short""... $ac_c" 1>&6 --echo "configure:2724: checking size of short" >&5 -+echo "configure:2788: checking size of short" >&5 - if eval "test \"`echo '$''{'ac_cv_sizeof_short'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else -@@ -2728,7 +2792,7 @@ - ac_cv_sizeof_short=2 - else - cat > conftest.$ac_ext <<EOF --#line 2732 "configure" -+#line 2796 "configure" - #include "confdefs.h" - #include <stdio.h> - main() -@@ -2739,7 +2803,7 @@ - exit(0); - } - EOF --if { (eval echo configure:2743: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null -+if { (eval echo configure:2807: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null - then - ac_cv_sizeof_short=`cat conftestval` - else -@@ -2764,18 +2828,18 @@ - do - ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` - echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 --echo "configure:2768: checking for $ac_hdr" >&5 -+echo "configure:2832: checking for $ac_hdr" >&5 - if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 2773 "configure" -+#line 2837 "configure" - #include "confdefs.h" - #include <$ac_hdr> - EOF - ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" --{ (eval echo configure:2778: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } --ac_err=`grep -v '^ *+' conftest.out` -+{ (eval echo configure:2842: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` - if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -@@ -2807,18 +2871,18 @@ - do - ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` - echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 --echo "configure:2811: checking for $ac_hdr" >&5 -+echo "configure:2875: checking for $ac_hdr" >&5 - if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 2816 "configure" -+#line 2880 "configure" - #include "confdefs.h" - #include <$ac_hdr> - EOF - ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" --{ (eval echo configure:2821: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } --ac_err=`grep -v '^ *+' conftest.out` -+{ (eval echo configure:2885: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` - if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -@@ -2844,9 +2908,9 @@ - done - - echo $ac_n "checking whether utmpx have ut_syslen field""... $ac_c" 1>&6 --echo "configure:2848: checking whether utmpx have ut_syslen field" >&5 -+echo "configure:2912: checking whether utmpx have ut_syslen field" >&5 - cat > conftest.$ac_ext <<EOF --#line 2850 "configure" -+#line 2914 "configure" - #include "confdefs.h" - #include <utmpx.h> - EOF -@@ -2867,12 +2931,12 @@ - fi - - echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6 --echo "configure:2871: checking for ANSI C header files" >&5 -+echo "configure:2935: checking for ANSI C header files" >&5 - if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 2876 "configure" -+#line 2940 "configure" - #include "confdefs.h" - #include <stdlib.h> - #include <stdarg.h> -@@ -2880,8 +2944,8 @@ - #include <float.h> - EOF - ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" --{ (eval echo configure:2884: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } --ac_err=`grep -v '^ *+' conftest.out` -+{ (eval echo configure:2948: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` - if test -z "$ac_err"; then - rm -rf conftest* - ac_cv_header_stdc=yes -@@ -2897,7 +2961,7 @@ - if test $ac_cv_header_stdc = yes; then - # SunOS 4.x string.h does not declare mem*, contrary to ANSI. - cat > conftest.$ac_ext <<EOF --#line 2901 "configure" -+#line 2965 "configure" - #include "confdefs.h" - #include <string.h> - EOF -@@ -2915,7 +2979,7 @@ - if test $ac_cv_header_stdc = yes; then - # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. - cat > conftest.$ac_ext <<EOF --#line 2919 "configure" -+#line 2983 "configure" - #include "confdefs.h" - #include <stdlib.h> - EOF -@@ -2936,7 +3000,7 @@ - : - else - cat > conftest.$ac_ext <<EOF --#line 2940 "configure" -+#line 3004 "configure" - #include "confdefs.h" - #include <ctype.h> - #define ISLOWER(c) ('a' <= (c) && (c) <= 'z') -@@ -2947,7 +3011,7 @@ - exit (0); } - - EOF --if { (eval echo configure:2951: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null -+if { (eval echo configure:3015: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null - then - : - else -@@ -2971,12 +3035,12 @@ - fi - - echo $ac_n "checking for sys/wait.h that is POSIX.1 compatible""... $ac_c" 1>&6 --echo "configure:2975: checking for sys/wait.h that is POSIX.1 compatible" >&5 -+echo "configure:3039: checking for sys/wait.h that is POSIX.1 compatible" >&5 - if eval "test \"`echo '$''{'ac_cv_header_sys_wait_h'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 2980 "configure" -+#line 3044 "configure" - #include "confdefs.h" - #include <sys/types.h> - #include <sys/wait.h> -@@ -2992,7 +3056,7 @@ - s = WIFEXITED (s) ? WEXITSTATUS (s) : 1; - ; return 0; } - EOF --if { (eval echo configure:2996: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then -+if { (eval echo configure:3060: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - rm -rf conftest* - ac_cv_header_sys_wait_h=yes - else -@@ -3016,18 +3080,18 @@ - do - ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` - echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 --echo "configure:3020: checking for $ac_hdr" >&5 -+echo "configure:3084: checking for $ac_hdr" >&5 - if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 3025 "configure" -+#line 3089 "configure" - #include "confdefs.h" - #include <$ac_hdr> - EOF - ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" --{ (eval echo configure:3030: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } --ac_err=`grep -v '^ *+' conftest.out` -+{ (eval echo configure:3094: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` - if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -@@ -3052,22 +3116,22 @@ - fi - done - --for ac_hdr in sgtty.h sys/select.h sys/ioctl.h machine/endian.h -+for ac_hdr in sgtty.h sys/select.h sys/ioctl.h sys/filio.h machine/endian.h - do - ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` - echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 --echo "configure:3060: checking for $ac_hdr" >&5 -+echo "configure:3124: checking for $ac_hdr" >&5 - if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 3065 "configure" -+#line 3129 "configure" - #include "confdefs.h" - #include <$ac_hdr> - EOF - ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" --{ (eval echo configure:3070: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } --ac_err=`grep -v '^ *+' conftest.out` -+{ (eval echo configure:3134: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` - if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -@@ -3096,18 +3160,18 @@ - do - ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` - echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 --echo "configure:3100: checking for $ac_hdr" >&5 -+echo "configure:3164: checking for $ac_hdr" >&5 - if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 3105 "configure" -+#line 3169 "configure" - #include "confdefs.h" - #include <$ac_hdr> - EOF - ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" --{ (eval echo configure:3110: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } --ac_err=`grep -v '^ *+' conftest.out` -+{ (eval echo configure:3174: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` - if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -@@ -3136,18 +3200,18 @@ - do - ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` - echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 --echo "configure:3140: checking for $ac_hdr" >&5 -+echo "configure:3204: checking for $ac_hdr" >&5 - if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 3145 "configure" -+#line 3209 "configure" - #include "confdefs.h" - #include <$ac_hdr> - EOF - ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" --{ (eval echo configure:3150: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } --ac_err=`grep -v '^ *+' conftest.out` -+{ (eval echo configure:3214: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` - if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -@@ -3176,18 +3240,18 @@ - do - ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` - echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 --echo "configure:3180: checking for $ac_hdr" >&5 -+echo "configure:3244: checking for $ac_hdr" >&5 - if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 3185 "configure" -+#line 3249 "configure" - #include "confdefs.h" - #include <$ac_hdr> - EOF - ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" --{ (eval echo configure:3190: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } --ac_err=`grep -v '^ *+' conftest.out` -+{ (eval echo configure:3254: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` - if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -@@ -3213,12 +3277,12 @@ - done - - echo $ac_n "checking whether time.h and sys/time.h may both be included""... $ac_c" 1>&6 --echo "configure:3217: checking whether time.h and sys/time.h may both be included" >&5 -+echo "configure:3281: checking whether time.h and sys/time.h may both be included" >&5 - if eval "test \"`echo '$''{'ac_cv_header_time'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 3222 "configure" -+#line 3286 "configure" - #include "confdefs.h" - #include <sys/types.h> - #include <sys/time.h> -@@ -3227,7 +3291,7 @@ - struct tm *tp; - ; return 0; } - EOF --if { (eval echo configure:3231: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then -+if { (eval echo configure:3295: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - rm -rf conftest* - ac_cv_header_time=yes - else -@@ -3252,12 +3316,12 @@ - do - ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` - echo $ac_n "checking for $ac_hdr that defines DIR""... $ac_c" 1>&6 --echo "configure:3256: checking for $ac_hdr that defines DIR" >&5 -+echo "configure:3320: checking for $ac_hdr that defines DIR" >&5 - if eval "test \"`echo '$''{'ac_cv_header_dirent_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 3261 "configure" -+#line 3325 "configure" - #include "confdefs.h" - #include <sys/types.h> - #include <$ac_hdr> -@@ -3265,7 +3329,7 @@ - DIR *dirp = 0; - ; return 0; } - EOF --if { (eval echo configure:3269: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then -+if { (eval echo configure:3333: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - rm -rf conftest* - eval "ac_cv_header_dirent_$ac_safe=yes" - else -@@ -3290,7 +3354,7 @@ - # Two versions of opendir et al. are in -ldir and -lx on SCO Xenix. - if test $ac_header_dirent = dirent.h; then - echo $ac_n "checking for opendir in -ldir""... $ac_c" 1>&6 --echo "configure:3294: checking for opendir in -ldir" >&5 -+echo "configure:3358: checking for opendir in -ldir" >&5 - ac_lib_var=`echo dir'_'opendir | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -3298,7 +3362,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-ldir $LIBS" - cat > conftest.$ac_ext <<EOF --#line 3302 "configure" -+#line 3366 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -3309,7 +3373,7 @@ - opendir() - ; return 0; } - EOF --if { (eval echo configure:3313: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:3377: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -3331,7 +3395,7 @@ - - else - echo $ac_n "checking for opendir in -lx""... $ac_c" 1>&6 --echo "configure:3335: checking for opendir in -lx" >&5 -+echo "configure:3399: checking for opendir in -lx" >&5 - ac_lib_var=`echo x'_'opendir | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -3339,7 +3403,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lx $LIBS" - cat > conftest.$ac_ext <<EOF --#line 3343 "configure" -+#line 3407 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -3350,7 +3414,7 @@ - opendir() - ; return 0; } - EOF --if { (eval echo configure:3354: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:3418: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -3373,12 +3437,12 @@ - fi - - echo $ac_n "checking whether stat file-mode macros are broken""... $ac_c" 1>&6 --echo "configure:3377: checking whether stat file-mode macros are broken" >&5 -+echo "configure:3441: checking whether stat file-mode macros are broken" >&5 - if eval "test \"`echo '$''{'ac_cv_header_stat_broken'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 3382 "configure" -+#line 3446 "configure" - #include "confdefs.h" - #include <sys/types.h> - #include <sys/stat.h> -@@ -3429,19 +3493,19 @@ - fi - - echo $ac_n "checking whether sys/types.h defines makedev""... $ac_c" 1>&6 --echo "configure:3433: checking whether sys/types.h defines makedev" >&5 -+echo "configure:3497: checking whether sys/types.h defines makedev" >&5 - if eval "test \"`echo '$''{'ac_cv_header_sys_types_h_makedev'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 3438 "configure" -+#line 3502 "configure" - #include "confdefs.h" - #include <sys/types.h> - int main() { - return makedev(0, 0); - ; return 0; } - EOF --if { (eval echo configure:3445: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:3509: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - ac_cv_header_sys_types_h_makedev=yes - else -@@ -3459,18 +3523,18 @@ - if test $ac_cv_header_sys_types_h_makedev = no; then - ac_safe=`echo "sys/mkdev.h" | sed 'y%./+-%__p_%'` - echo $ac_n "checking for sys/mkdev.h""... $ac_c" 1>&6 --echo "configure:3463: checking for sys/mkdev.h" >&5 -+echo "configure:3527: checking for sys/mkdev.h" >&5 - if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 3468 "configure" -+#line 3532 "configure" - #include "confdefs.h" - #include <sys/mkdev.h> - EOF - ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" --{ (eval echo configure:3473: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } --ac_err=`grep -v '^ *+' conftest.out` -+{ (eval echo configure:3537: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` - if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -@@ -3497,18 +3561,18 @@ - if test $ac_cv_header_sys_mkdev_h = no; then - ac_safe=`echo "sys/sysmacros.h" | sed 'y%./+-%__p_%'` - echo $ac_n "checking for sys/sysmacros.h""... $ac_c" 1>&6 --echo "configure:3501: checking for sys/sysmacros.h" >&5 -+echo "configure:3565: checking for sys/sysmacros.h" >&5 - if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 3506 "configure" -+#line 3570 "configure" - #include "confdefs.h" - #include <sys/sysmacros.h> - EOF - ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" --{ (eval echo configure:3511: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } --ac_err=`grep -v '^ *+' conftest.out` -+{ (eval echo configure:3575: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` - if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -@@ -3535,9 +3599,9 @@ - fi - - echo $ac_n "checking whether utmp have ut_pid field""... $ac_c" 1>&6 --echo "configure:3539: checking whether utmp have ut_pid field" >&5 -+echo "configure:3603: checking whether utmp have ut_pid field" >&5 - cat > conftest.$ac_ext <<EOF --#line 3541 "configure" -+#line 3605 "configure" - #include "confdefs.h" - #include <utmp.h> - EOF -@@ -3556,9 +3620,9 @@ - rm -f conftest* - - echo $ac_n "checking whether utmp have ut_name field""... $ac_c" 1>&6 --echo "configure:3560: checking whether utmp have ut_name field" >&5 -+echo "configure:3624: checking whether utmp have ut_name field" >&5 - cat > conftest.$ac_ext <<EOF --#line 3562 "configure" -+#line 3626 "configure" - #include "confdefs.h" - #include <utmp.h> - EOF -@@ -3577,9 +3641,9 @@ - rm -f conftest* - - echo $ac_n "checking whether utmp have ut_id field""... $ac_c" 1>&6 --echo "configure:3581: checking whether utmp have ut_id field" >&5 -+echo "configure:3645: checking whether utmp have ut_id field" >&5 - cat > conftest.$ac_ext <<EOF --#line 3583 "configure" -+#line 3647 "configure" - #include "confdefs.h" - #include <utmp.h> - EOF -@@ -3598,9 +3662,9 @@ - rm -f conftest* - - echo $ac_n "checking whether utmp have ut_host field""... $ac_c" 1>&6 --echo "configure:3602: checking whether utmp have ut_host field" >&5 -+echo "configure:3666: checking whether utmp have ut_host field" >&5 - cat > conftest.$ac_ext <<EOF --#line 3604 "configure" -+#line 3668 "configure" - #include "confdefs.h" - #include <utmp.h> - EOF -@@ -3619,9 +3683,9 @@ - rm -f conftest* - - echo $ac_n "checking whether utmp have ut_addr field""... $ac_c" 1>&6 --echo "configure:3623: checking whether utmp have ut_addr field" >&5 -+echo "configure:3687: checking whether utmp have ut_addr field" >&5 - cat > conftest.$ac_ext <<EOF --#line 3625 "configure" -+#line 3689 "configure" - #include "confdefs.h" - #include <utmp.h> - EOF -@@ -3640,9 +3704,9 @@ - rm -f conftest* - - echo $ac_n "checking whether you have incompatible SIGINFO macro""... $ac_c" 1>&6 --echo "configure:3644: checking whether you have incompatible SIGINFO macro" >&5 -+echo "configure:3708: checking whether you have incompatible SIGINFO macro" >&5 - cat > conftest.$ac_ext <<EOF --#line 3646 "configure" -+#line 3710 "configure" - #include "confdefs.h" - #include <sys/siginfo.h> - SIGINFO(p,1) -@@ -3663,7 +3727,7 @@ - - - echo $ac_n "checking for crypt in -lc""... $ac_c" 1>&6 --echo "configure:3667: checking for crypt in -lc" >&5 -+echo "configure:3731: checking for crypt in -lc" >&5 - ac_lib_var=`echo c'_'crypt | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -3671,7 +3735,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lc $LIBS" - cat > conftest.$ac_ext <<EOF --#line 3675 "configure" -+#line 3739 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -3682,7 +3746,7 @@ - crypt() - ; return 0; } - EOF --if { (eval echo configure:3686: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:3750: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -3701,7 +3765,7 @@ - else - echo "$ac_t""no" 1>&6 - echo $ac_n "checking for crypt in -lcrypt""... $ac_c" 1>&6 --echo "configure:3705: checking for crypt in -lcrypt" >&5 -+echo "configure:3769: checking for crypt in -lcrypt" >&5 - ac_lib_var=`echo crypt'_'crypt | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -3709,7 +3773,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lcrypt $LIBS" - cat > conftest.$ac_ext <<EOF --#line 3713 "configure" -+#line 3777 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -3720,7 +3784,7 @@ - crypt() - ; return 0; } - EOF --if { (eval echo configure:3724: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:3788: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -3750,7 +3814,7 @@ - fi - - echo $ac_n "checking for getspnam in -lsec""... $ac_c" 1>&6 --echo "configure:3754: checking for getspnam in -lsec" >&5 -+echo "configure:3818: checking for getspnam in -lsec" >&5 - ac_lib_var=`echo sec'_'getspnam | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -3758,7 +3822,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lsec $LIBS" - cat > conftest.$ac_ext <<EOF --#line 3762 "configure" -+#line 3826 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -3769,7 +3833,7 @@ - getspnam() - ; return 0; } - EOF --if { (eval echo configure:3773: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:3837: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -3797,7 +3861,7 @@ - fi - - echo $ac_n "checking for get_process_stats in -lseq""... $ac_c" 1>&6 --echo "configure:3801: checking for get_process_stats in -lseq" >&5 -+echo "configure:3865: checking for get_process_stats in -lseq" >&5 - ac_lib_var=`echo seq'_'get_process_stats | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -3805,7 +3869,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lseq $LIBS" - cat > conftest.$ac_ext <<EOF --#line 3809 "configure" -+#line 3873 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -3816,7 +3880,7 @@ - get_process_stats() - ; return 0; } - EOF --if { (eval echo configure:3820: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:3884: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -3844,7 +3908,7 @@ - fi - - echo $ac_n "checking for bcopy in -lbsd""... $ac_c" 1>&6 --echo "configure:3848: checking for bcopy in -lbsd" >&5 -+echo "configure:3912: checking for bcopy in -lbsd" >&5 - ac_lib_var=`echo bsd'_'bcopy | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -3852,7 +3916,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lbsd $LIBS" - cat > conftest.$ac_ext <<EOF --#line 3856 "configure" -+#line 3920 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -3863,7 +3927,7 @@ - bcopy() - ; return 0; } - EOF --if { (eval echo configure:3867: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:3931: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -3892,7 +3956,7 @@ - - if test -z "$no_libnsl"; then - echo $ac_n "checking for main in -lnsl""... $ac_c" 1>&6 --echo "configure:3896: checking for main in -lnsl" >&5 -+echo "configure:3960: checking for main in -lnsl" >&5 - ac_lib_var=`echo nsl'_'main | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -3900,14 +3964,14 @@ - ac_save_LIBS="$LIBS" - LIBS="-lnsl $LIBS" - cat > conftest.$ac_ext <<EOF --#line 3904 "configure" -+#line 3968 "configure" - #include "confdefs.h" - - int main() { - main() - ; return 0; } - EOF --if { (eval echo configure:3911: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:3975: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -3937,7 +4001,7 @@ - fi - if test -n "$test_libinet"; then - echo $ac_n "checking for inet_network in -linet""... $ac_c" 1>&6 --echo "configure:3941: checking for inet_network in -linet" >&5 -+echo "configure:4005: checking for inet_network in -linet" >&5 - ac_lib_var=`echo inet'_'inet_network | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -3945,7 +4009,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-linet $LIBS" - cat > conftest.$ac_ext <<EOF --#line 3949 "configure" -+#line 4013 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -3956,7 +4020,7 @@ - inet_network() - ; return 0; } - EOF --if { (eval echo configure:3960: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4024: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -3986,7 +4050,7 @@ - fi - if test -z "$no_libsocket"; then - echo $ac_n "checking for socket in -lsocket""... $ac_c" 1>&6 --echo "configure:3990: checking for socket in -lsocket" >&5 -+echo "configure:4054: checking for socket in -lsocket" >&5 - ac_lib_var=`echo socket'_'socket | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -3994,7 +4058,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lsocket $LIBS" - cat > conftest.$ac_ext <<EOF --#line 3998 "configure" -+#line 4062 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -4005,7 +4069,7 @@ - socket() - ; return 0; } - EOF --if { (eval echo configure:4009: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4073: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -4035,7 +4099,7 @@ - fi - if test -z "$no_libsun"; then - echo $ac_n "checking for getpwnam in -lsun""... $ac_c" 1>&6 --echo "configure:4039: checking for getpwnam in -lsun" >&5 -+echo "configure:4103: checking for getpwnam in -lsun" >&5 - ac_lib_var=`echo sun'_'getpwnam | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -4043,7 +4107,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lsun $LIBS" - cat > conftest.$ac_ext <<EOF --#line 4047 "configure" -+#line 4111 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -4054,7 +4118,7 @@ - getpwnam() - ; return 0; } - EOF --if { (eval echo configure:4058: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4122: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -4084,7 +4148,7 @@ - fi - if test -z "$no_libbsd"; then - echo $ac_n "checking for openpty in -lbsd""... $ac_c" 1>&6 --echo "configure:4088: checking for openpty in -lbsd" >&5 -+echo "configure:4152: checking for openpty in -lbsd" >&5 - ac_lib_var=`echo bsd'_'openpty | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -4092,7 +4156,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lbsd $LIBS" - cat > conftest.$ac_ext <<EOF --#line 4096 "configure" -+#line 4160 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -4103,7 +4167,7 @@ - openpty() - ; return 0; } - EOF --if { (eval echo configure:4107: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4171: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -4132,7 +4196,7 @@ - - fi - echo $ac_n "checking for login in -lutil""... $ac_c" 1>&6 --echo "configure:4136: checking for login in -lutil" >&5 -+echo "configure:4200: checking for login in -lutil" >&5 - ac_lib_var=`echo util'_'login | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -4140,7 +4204,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lutil $LIBS" - cat > conftest.$ac_ext <<EOF --#line 4144 "configure" -+#line 4208 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -4151,7 +4215,7 @@ - login() - ; return 0; } - EOF --if { (eval echo configure:4155: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4219: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -4180,12 +4244,12 @@ - for ac_func in vhangup - do - echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 --echo "configure:4184: checking for $ac_func" >&5 -+echo "configure:4248: checking for $ac_func" >&5 - if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 4189 "configure" -+#line 4253 "configure" - #include "confdefs.h" - /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func(); below. */ -@@ -4208,7 +4272,7 @@ - - ; return 0; } - EOF --if { (eval echo configure:4212: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4276: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" - else -@@ -4238,12 +4302,12 @@ - for ac_func in setsid - do - echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 --echo "configure:4242: checking for $ac_func" >&5 -+echo "configure:4306: checking for $ac_func" >&5 - if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 4247 "configure" -+#line 4311 "configure" - #include "confdefs.h" - /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func(); below. */ -@@ -4266,7 +4330,7 @@ - - ; return 0; } - EOF --if { (eval echo configure:4270: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4334: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" - else -@@ -4295,12 +4359,12 @@ - for ac_func in gettimeofday times getrusage ftruncate revoke makeutx - do - echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 --echo "configure:4299: checking for $ac_func" >&5 -+echo "configure:4363: checking for $ac_func" >&5 - if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 4304 "configure" -+#line 4368 "configure" - #include "confdefs.h" - /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func(); below. */ -@@ -4323,7 +4387,7 @@ - - ; return 0; } - EOF --if { (eval echo configure:4327: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4391: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" - else -@@ -4350,12 +4414,12 @@ - for ac_func in strchr memcpy setlogin openpty _getpty clock fchmod ulimit - do - echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 --echo "configure:4354: checking for $ac_func" >&5 -+echo "configure:4418: checking for $ac_func" >&5 - if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 4359 "configure" -+#line 4423 "configure" - #include "confdefs.h" - /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func(); below. */ -@@ -4378,7 +4442,7 @@ - - ; return 0; } - EOF --if { (eval echo configure:4382: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4446: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" - else -@@ -4405,12 +4469,12 @@ - for ac_func in gethostname getdtablesize umask innetgr initgroups setpgrp - do - echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 --echo "configure:4409: checking for $ac_func" >&5 -+echo "configure:4473: checking for $ac_func" >&5 - if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 4414 "configure" -+#line 4478 "configure" - #include "confdefs.h" - /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func(); below. */ -@@ -4433,7 +4497,7 @@ - - ; return 0; } - EOF --if { (eval echo configure:4437: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4501: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" - else -@@ -4460,12 +4524,12 @@ - for ac_func in setpgid daemon waitpid ttyslot authenticate getpt isastream - do - echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 --echo "configure:4464: checking for $ac_func" >&5 -+echo "configure:4528: checking for $ac_func" >&5 - if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 4469 "configure" -+#line 4533 "configure" - #include "confdefs.h" - /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func(); below. */ -@@ -4488,7 +4552,7 @@ - - ; return 0; } - EOF --if { (eval echo configure:4492: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4556: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" - else -@@ -4516,12 +4580,12 @@ - for ac_func in strerror memmove remove random putenv crypt socketpair snprintf - do - echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 --echo "configure:4520: checking for $ac_func" >&5 -+echo "configure:4584: checking for $ac_func" >&5 - if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 4525 "configure" -+#line 4589 "configure" - #include "confdefs.h" - /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func(); below. */ -@@ -4544,7 +4608,7 @@ - - ; return 0; } - EOF --if { (eval echo configure:4548: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4612: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" - else -@@ -4565,14 +4629,14 @@ - - else - echo "$ac_t""no" 1>&6 --LIBOBJS="$LIBOBJS ${ac_func}.o" -+LIBOBJS="$LIBOBJS ${ac_func}.${ac_objext}" - fi - done - - - - echo $ac_n "checking whether ln -s works""... $ac_c" 1>&6 --echo "configure:4576: checking whether ln -s works" >&5 -+echo "configure:4640: checking whether ln -s works" >&5 - if eval "test \"`echo '$''{'ac_cv_prog_LN_S'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else -@@ -4599,28 +4663,30 @@ - # SunOS /usr/etc/install - # IRIX /sbin/install - # AIX /bin/install -+# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag - # AFS /usr/afsws/bin/install, which mishandles nonexistent args - # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" - # ./install, which can be erroneously created by make from ./install.sh. - echo $ac_n "checking for a BSD compatible install""... $ac_c" 1>&6 --echo "configure:4607: checking for a BSD compatible install" >&5 -+echo "configure:4672: checking for a BSD compatible install" >&5 - if test -z "$INSTALL"; then - if eval "test \"`echo '$''{'ac_cv_path_install'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else -- IFS="${IFS= }"; ac_save_IFS="$IFS"; IFS="${IFS}:" -+ IFS="${IFS= }"; ac_save_IFS="$IFS"; IFS=":" - for ac_dir in $PATH; do - # Account for people who put trailing slashes in PATH elements. - case "$ac_dir/" in - /|./|.//|/etc/*|/usr/sbin/*|/usr/etc/*|/sbin/*|/usr/afsws/bin/*|/usr/ucb/*) ;; - *) - # OSF1 and SCO ODT 3.0 have their own names for install. -- for ac_prog in ginstall installbsd scoinst install; do -+ # Don't use installbsd from OSF since it installs stuff as root -+ # by default. -+ for ac_prog in ginstall scoinst install; do - if test -f $ac_dir/$ac_prog; then - if test $ac_prog = install && - grep dspmsg $ac_dir/$ac_prog >/dev/null 2>&1; then - # AIX install. It has an incompatible calling convention. -- # OSF/1 installbsd also uses dspmsg, but is usable. - : - else - ac_cv_path_install="$ac_dir/$ac_prog -c" -@@ -4650,20 +4716,23 @@ - # It thinks the first close brace ends the variable substitution. - test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' - -+test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL_PROGRAM}' -+ - test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' - - # Extract the first word of "ar", so it can be a program name with args. - set dummy ar; ac_word=$2 - echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 --echo "configure:4659: checking for $ac_word" >&5 -+echo "configure:4727: checking for $ac_word" >&5 - if eval "test \"`echo '$''{'ac_cv_prog_AR'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - if test -n "$AR"; then - ac_cv_prog_AR="$AR" # Let the user override the test. - else -- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" -- for ac_dir in $PATH; do -+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" -+ ac_dummy="$PATH" -+ for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_prog_AR="ar" -@@ -4685,15 +4754,16 @@ - # Extract the first word of "ranlib", so it can be a program name with args. - set dummy ranlib; ac_word=$2 - echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 --echo "configure:4689: checking for $ac_word" >&5 -+echo "configure:4758: checking for $ac_word" >&5 - if eval "test \"`echo '$''{'ac_cv_prog_RANLIB'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - if test -n "$RANLIB"; then - ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. - else -- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" -- for ac_dir in $PATH; do -+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" -+ ac_dummy="$PATH" -+ for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_prog_RANLIB="ranlib" -@@ -4719,15 +4789,16 @@ - # Extract the first word of "$ac_prog", so it can be a program name with args. - set dummy $ac_prog; ac_word=$2 - echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 --echo "configure:4723: checking for $ac_word" >&5 -+echo "configure:4793: checking for $ac_word" >&5 - if eval "test \"`echo '$''{'ac_cv_prog_MAKEDEP'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - if test -n "$MAKEDEP"; then - ac_cv_prog_MAKEDEP="$MAKEDEP" # Let the user override the test. - else -- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" -- for ac_dir in $PATH; do -+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" -+ ac_dummy="$PATH" -+ for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_prog_MAKEDEP="$ac_prog" -@@ -4754,7 +4825,7 @@ - # Uses ac_ vars as temps to allow command line to override cache and checks. - # --without-x overrides everything else, but does not touch the cache. - echo $ac_n "checking for X""... $ac_c" 1>&6 --echo "configure:4758: checking for X" >&5 -+echo "configure:4829: checking for X" >&5 - - # Check whether --with-x or --without-x was given. - if test "${with_x+set}" = set; then -@@ -4816,13 +4887,13 @@ - - # First, try using that file with no special directory specified. - cat > conftest.$ac_ext <<EOF --#line 4820 "configure" -+#line 4891 "configure" - #include "confdefs.h" - #include <$x_direct_test_include> - EOF - ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" --{ (eval echo configure:4825: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } --ac_err=`grep -v '^ *+' conftest.out` -+{ (eval echo configure:4896: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` - if test -z "$ac_err"; then - rm -rf conftest* - # We can compile using X headers with no special include directory. -@@ -4890,14 +4961,14 @@ - ac_save_LIBS="$LIBS" - LIBS="-l$x_direct_test_library $LIBS" - cat > conftest.$ac_ext <<EOF --#line 4894 "configure" -+#line 4965 "configure" - #include "confdefs.h" - - int main() { - ${x_direct_test_function}() - ; return 0; } - EOF --if { (eval echo configure:4901: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4972: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - LIBS="$ac_save_LIBS" - # We can link X programs with no special library path. -@@ -5003,17 +5074,17 @@ - case "`(uname -sr) 2>/dev/null`" in - "SunOS 5"*) - echo $ac_n "checking whether -R must be followed by a space""... $ac_c" 1>&6 --echo "configure:5007: checking whether -R must be followed by a space" >&5 -+echo "configure:5078: checking whether -R must be followed by a space" >&5 - ac_xsave_LIBS="$LIBS"; LIBS="$LIBS -R$x_libraries" - cat > conftest.$ac_ext <<EOF --#line 5010 "configure" -+#line 5081 "configure" - #include "confdefs.h" - - int main() { - - ; return 0; } - EOF --if { (eval echo configure:5017: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:5088: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - ac_R_nospace=yes - else -@@ -5029,14 +5100,14 @@ - else - LIBS="$ac_xsave_LIBS -R $x_libraries" - cat > conftest.$ac_ext <<EOF --#line 5033 "configure" -+#line 5104 "configure" - #include "confdefs.h" - - int main() { - - ; return 0; } - EOF --if { (eval echo configure:5040: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:5111: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - ac_R_space=yes - else -@@ -5068,7 +5139,7 @@ - # libraries were built with DECnet support. And karl@cs.umb.edu says - # the Alpha needs dnet_stub (dnet does not exist). - echo $ac_n "checking for dnet_ntoa in -ldnet""... $ac_c" 1>&6 --echo "configure:5072: checking for dnet_ntoa in -ldnet" >&5 -+echo "configure:5143: checking for dnet_ntoa in -ldnet" >&5 - ac_lib_var=`echo dnet'_'dnet_ntoa | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -5076,7 +5147,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-ldnet $LIBS" - cat > conftest.$ac_ext <<EOF --#line 5080 "configure" -+#line 5151 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -5087,7 +5158,7 @@ - dnet_ntoa() - ; return 0; } - EOF --if { (eval echo configure:5091: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:5162: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -5109,7 +5180,7 @@ - - if test $ac_cv_lib_dnet_dnet_ntoa = no; then - echo $ac_n "checking for dnet_ntoa in -ldnet_stub""... $ac_c" 1>&6 --echo "configure:5113: checking for dnet_ntoa in -ldnet_stub" >&5 -+echo "configure:5184: checking for dnet_ntoa in -ldnet_stub" >&5 - ac_lib_var=`echo dnet_stub'_'dnet_ntoa | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -5117,7 +5188,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-ldnet_stub $LIBS" - cat > conftest.$ac_ext <<EOF --#line 5121 "configure" -+#line 5192 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -5128,7 +5199,7 @@ - dnet_ntoa() - ; return 0; } - EOF --if { (eval echo configure:5132: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:5203: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -5157,12 +5228,12 @@ - # The nsl library prevents programs from opening the X display - # on Irix 5.2, according to dickey@clark.net. - echo $ac_n "checking for gethostbyname""... $ac_c" 1>&6 --echo "configure:5161: checking for gethostbyname" >&5 -+echo "configure:5232: checking for gethostbyname" >&5 - if eval "test \"`echo '$''{'ac_cv_func_gethostbyname'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 5166 "configure" -+#line 5237 "configure" - #include "confdefs.h" - /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char gethostbyname(); below. */ -@@ -5185,7 +5256,7 @@ - - ; return 0; } - EOF --if { (eval echo configure:5189: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:5260: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_func_gethostbyname=yes" - else -@@ -5206,7 +5277,7 @@ - - if test $ac_cv_func_gethostbyname = no; then - echo $ac_n "checking for gethostbyname in -lnsl""... $ac_c" 1>&6 --echo "configure:5210: checking for gethostbyname in -lnsl" >&5 -+echo "configure:5281: checking for gethostbyname in -lnsl" >&5 - ac_lib_var=`echo nsl'_'gethostbyname | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -5214,7 +5285,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lnsl $LIBS" - cat > conftest.$ac_ext <<EOF --#line 5218 "configure" -+#line 5289 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -5225,7 +5296,7 @@ - gethostbyname() - ; return 0; } - EOF --if { (eval echo configure:5229: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:5300: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -5255,12 +5326,12 @@ - # -lsocket must be given before -lnsl if both are needed. - # We assume that if connect needs -lnsl, so does gethostbyname. - echo $ac_n "checking for connect""... $ac_c" 1>&6 --echo "configure:5259: checking for connect" >&5 -+echo "configure:5330: checking for connect" >&5 - if eval "test \"`echo '$''{'ac_cv_func_connect'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 5264 "configure" -+#line 5335 "configure" - #include "confdefs.h" - /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char connect(); below. */ -@@ -5283,7 +5354,7 @@ - - ; return 0; } - EOF --if { (eval echo configure:5287: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:5358: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_func_connect=yes" - else -@@ -5304,7 +5375,7 @@ - - if test $ac_cv_func_connect = no; then - echo $ac_n "checking for connect in -lsocket""... $ac_c" 1>&6 --echo "configure:5308: checking for connect in -lsocket" >&5 -+echo "configure:5379: checking for connect in -lsocket" >&5 - ac_lib_var=`echo socket'_'connect | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -5312,7 +5383,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lsocket $X_EXTRA_LIBS $LIBS" - cat > conftest.$ac_ext <<EOF --#line 5316 "configure" -+#line 5387 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -5323,7 +5394,7 @@ - connect() - ; return 0; } - EOF --if { (eval echo configure:5327: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:5398: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -5347,12 +5418,12 @@ - - # gomez@mi.uni-erlangen.de says -lposix is necessary on A/UX. - echo $ac_n "checking for remove""... $ac_c" 1>&6 --echo "configure:5351: checking for remove" >&5 -+echo "configure:5422: checking for remove" >&5 - if eval "test \"`echo '$''{'ac_cv_func_remove'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 5356 "configure" -+#line 5427 "configure" - #include "confdefs.h" - /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char remove(); below. */ -@@ -5375,7 +5446,7 @@ - - ; return 0; } - EOF --if { (eval echo configure:5379: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:5450: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_func_remove=yes" - else -@@ -5396,7 +5467,7 @@ - - if test $ac_cv_func_remove = no; then - echo $ac_n "checking for remove in -lposix""... $ac_c" 1>&6 --echo "configure:5400: checking for remove in -lposix" >&5 -+echo "configure:5471: checking for remove in -lposix" >&5 - ac_lib_var=`echo posix'_'remove | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -5404,7 +5475,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lposix $LIBS" - cat > conftest.$ac_ext <<EOF --#line 5408 "configure" -+#line 5479 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -5415,7 +5486,7 @@ - remove() - ; return 0; } - EOF --if { (eval echo configure:5419: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:5490: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -5439,12 +5510,12 @@ - - # BSDI BSD/OS 2.1 needs -lipc for XOpenDisplay. - echo $ac_n "checking for shmat""... $ac_c" 1>&6 --echo "configure:5443: checking for shmat" >&5 -+echo "configure:5514: checking for shmat" >&5 - if eval "test \"`echo '$''{'ac_cv_func_shmat'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 5448 "configure" -+#line 5519 "configure" - #include "confdefs.h" - /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char shmat(); below. */ -@@ -5467,7 +5538,7 @@ - - ; return 0; } - EOF --if { (eval echo configure:5471: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:5542: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_func_shmat=yes" - else -@@ -5488,7 +5559,7 @@ - - if test $ac_cv_func_shmat = no; then - echo $ac_n "checking for shmat in -lipc""... $ac_c" 1>&6 --echo "configure:5492: checking for shmat in -lipc" >&5 -+echo "configure:5563: checking for shmat in -lipc" >&5 - ac_lib_var=`echo ipc'_'shmat | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -5496,7 +5567,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lipc $LIBS" - cat > conftest.$ac_ext <<EOF --#line 5500 "configure" -+#line 5571 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -5507,7 +5578,7 @@ - shmat() - ; return 0; } - EOF --if { (eval echo configure:5511: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:5582: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -5540,15 +5611,15 @@ - # libraries we check for below, so use a different variable. - # --interran@uluru.Stanford.EDU, kb@cs.umb.edu. - echo $ac_n "checking for IceConnectionNumber in -lICE""... $ac_c" 1>&6 --echo "configure:5544: checking for IceConnectionNumber in -lICE" >&5 -+echo "configure:5615: checking for IceConnectionNumber in -lICE" >&5 - ac_lib_var=`echo ICE'_'IceConnectionNumber | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - ac_save_LIBS="$LIBS" --LIBS="-lICE $LIBS" -+LIBS="-lICE $X_EXTRA_LIBS $LIBS" - cat > conftest.$ac_ext <<EOF --#line 5552 "configure" -+#line 5623 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -5559,7 +5630,7 @@ - IceConnectionNumber() - ; return 0; } - EOF --if { (eval echo configure:5563: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:5634: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -5587,7 +5658,7 @@ - # Extract the first word of "passwd", so it can be a program name with args. - set dummy passwd; ac_word=$2 - echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 --echo "configure:5591: checking for $ac_word" >&5 -+echo "configure:5662: checking for $ac_word" >&5 - if eval "test \"`echo '$''{'ac_cv_path_PASSWD_PATH'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else -@@ -5595,9 +5666,13 @@ - /*) - ac_cv_path_PASSWD_PATH="$PASSWD_PATH" # Let the user override the test with a path. - ;; -+ ?:/*) -+ ac_cv_path_PASSWD_PATH="$PASSWD_PATH" # Let the user override the test with a dos path. -+ ;; - *) -- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" -- for ac_dir in $PATH; do -+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" -+ ac_dummy="$PATH" -+ for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_path_PASSWD_PATH="$ac_dir/$ac_word" -@@ -5625,7 +5700,7 @@ - # Extract the first word of "xauth", so it can be a program name with args. - set dummy xauth; ac_word=$2 - echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 --echo "configure:5629: checking for $ac_word" >&5 -+echo "configure:5704: checking for $ac_word" >&5 - if eval "test \"`echo '$''{'ac_cv_path_XAUTH_PATH'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else -@@ -5633,9 +5708,13 @@ - /*) - ac_cv_path_XAUTH_PATH="$XAUTH_PATH" # Let the user override the test with a path. - ;; -+ ?:/*) -+ ac_cv_path_XAUTH_PATH="$XAUTH_PATH" # Let the user override the test with a dos path. -+ ;; - *) -- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" -- for ac_dir in $PATH; do -+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" -+ ac_dummy="$PATH" -+ for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_path_XAUTH_PATH="$ac_dir/$ac_word" -@@ -5669,7 +5748,7 @@ - X_PROGRAMS="ssh-askpass" - fi - echo $ac_n "checking for X11 unix domain socket directory""... $ac_c" 1>&6 --echo "configure:5673: checking for X11 unix domain socket directory" >&5 -+echo "configure:5752: checking for X11 unix domain socket directory" >&5 - - if test '!' -d /tmp/.X11-unix; then - if test -d /var/X/.X11-unix; then -@@ -5698,7 +5777,7 @@ - # Extract the first word of "$ac_prog", so it can be a program name with args. - set dummy $ac_prog; ac_word=$2 - echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 --echo "configure:5702: checking for $ac_word" >&5 -+echo "configure:5781: checking for $ac_word" >&5 - if eval "test \"`echo '$''{'ac_cv_path_PERL'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else -@@ -5706,9 +5785,13 @@ - /*) - ac_cv_path_PERL="$PERL" # Let the user override the test with a path. - ;; -+ ?:/*) -+ ac_cv_path_PERL="$PERL" # Let the user override the test with a dos path. -+ ;; - *) -- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" -- for ac_dir in $PATH; do -+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" -+ ac_dummy="$PATH" -+ for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_path_PERL="$ac_dir/$ac_word" -@@ -5739,12 +5822,12 @@ - for ac_func in getpseudotty - do - echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 --echo "configure:5743: checking for $ac_func" >&5 -+echo "configure:5826: checking for $ac_func" >&5 - if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 5748 "configure" -+#line 5831 "configure" - #include "confdefs.h" - /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func(); below. */ -@@ -5767,7 +5850,7 @@ - - ; return 0; } - EOF --if { (eval echo configure:5771: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:5854: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" - else -@@ -5792,7 +5875,7 @@ - done - - echo $ac_n "checking for pseudo ttys""... $ac_c" 1>&6 --echo "configure:5796: checking for pseudo ttys" >&5 -+echo "configure:5879: checking for pseudo ttys" >&5 - if test -c /dev/getpty && test $ac_cv_func_getpseudotty = yes - then - cat >> confdefs.h <<\EOF -@@ -5832,7 +5915,7 @@ - fi - - echo $ac_n "checking for /etc/default/login""... $ac_c" 1>&6 --echo "configure:5836: checking for /etc/default/login" >&5 -+echo "configure:5919: checking for /etc/default/login" >&5 - if test -f /etc/default/login; then - cat >> confdefs.h <<\EOF - #define HAVE_ETC_DEFAULT_LOGIN 1 -@@ -5845,7 +5928,7 @@ - - if test -z "$no_shadows_password_checking"; then - echo $ac_n "checking for shadow passwords""... $ac_c" 1>&6 --echo "configure:5849: checking for shadow passwords" >&5 -+echo "configure:5932: checking for shadow passwords" >&5 - if test -f /etc/shadow; then - # If we don't have shadow.h, this might be some nonstandard - # kludging... So better check it out. -@@ -5859,7 +5942,7 @@ - # have getspent in a system library. However, a libshadow.a library - # contaning these is publicly available. - echo $ac_n "checking for getspent in -lshadow""... $ac_c" 1>&6 --echo "configure:5863: checking for getspent in -lshadow" >&5 -+echo "configure:5946: checking for getspent in -lshadow" >&5 - ac_lib_var=`echo shadow'_'getspent | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -5867,7 +5950,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lshadow $LIBS" - cat > conftest.$ac_ext <<EOF --#line 5871 "configure" -+#line 5954 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -5878,7 +5961,7 @@ - getspent() - ; return 0; } - EOF --if { (eval echo configure:5882: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:5965: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -5906,9 +5989,9 @@ - fi - - echo $ac_n "checking whether spwd have sp_expire field""... $ac_c" 1>&6 --echo "configure:5910: checking whether spwd have sp_expire field" >&5 -+echo "configure:5993: checking whether spwd have sp_expire field" >&5 - cat > conftest.$ac_ext <<EOF --#line 5912 "configure" -+#line 5995 "configure" - #include "confdefs.h" - #include <shadow.h> - EOF -@@ -5927,9 +6010,9 @@ - rm -f conftest* - - echo $ac_n "checking whether spwd have sp_inact field""... $ac_c" 1>&6 --echo "configure:5931: checking whether spwd have sp_inact field" >&5 -+echo "configure:6014: checking whether spwd have sp_inact field" >&5 - cat > conftest.$ac_ext <<EOF --#line 5933 "configure" -+#line 6016 "configure" - #include "confdefs.h" - #include <shadow.h> - EOF -@@ -5968,7 +6051,7 @@ - fi - - echo $ac_n "checking location of mail spool files""... $ac_c" 1>&6 --echo "configure:5972: checking location of mail spool files" >&5 -+echo "configure:6055: checking location of mail spool files" >&5 - for dir in /var/spool/mail /var/mail /usr/spool/mail /usr/mail FILE - do - if test "$dir" = "FILE"; then -@@ -6007,7 +6090,7 @@ - done - - echo $ac_n "checking location of utmp""... $ac_c" 1>&6 --echo "configure:6011: checking location of utmp" >&5 -+echo "configure:6094: checking location of utmp" >&5 - if test -f /var/run/utmp; then - cat >> confdefs.h <<\EOF - #define SSH_UTMP "/var/run/utmp" -@@ -6043,7 +6126,7 @@ - fi - - echo $ac_n "checking location of wtmp""... $ac_c" 1>&6 --echo "configure:6047: checking location of wtmp" >&5 -+echo "configure:6130: checking location of wtmp" >&5 - if test -f /var/log/wtmp; then - cat >> confdefs.h <<\EOF - #define SSH_WTMP "/var/log/wtmp" -@@ -6077,7 +6160,7 @@ - fi - - echo $ac_n "checking location of lastlog""... $ac_c" 1>&6 --echo "configure:6081: checking location of lastlog" >&5 -+echo "configure:6164: checking location of lastlog" >&5 - if test -f /var/log/lastlog || test -d /var/log/lastlog; then - cat >> confdefs.h <<\EOF - #define SSH_LASTLOG "/var/log/lastlog" -@@ -6132,7 +6215,7 @@ - fi - - echo $ac_n "checking whether $LASTLOG is a directory""... $ac_c" 1>&6 --echo "configure:6136: checking whether $LASTLOG is a directory" >&5 -+echo "configure:6219: checking whether $LASTLOG is a directory" >&5 - if test -d $LASTLOG - then - echo "$ac_t""yes" 1>&6 -@@ -6145,7 +6228,7 @@ - fi - - echo $ac_n "checking whether to include the IDEA encryption algorithm""... $ac_c" 1>&6 --echo "configure:6149: checking whether to include the IDEA encryption algorithm" >&5 -+echo "configure:6232: checking whether to include the IDEA encryption algorithm" >&5 - # Check whether --with-idea or --without-idea was given. - if test "${with_idea+set}" = set; then - withval="$with_idea" -@@ -6179,7 +6262,7 @@ - - - echo $ac_n "checking whether to include the Blowfish encryption algorithm""... $ac_c" 1>&6 --echo "configure:6183: checking whether to include the Blowfish encryption algorithm" >&5 -+echo "configure:6266: checking whether to include the Blowfish encryption algorithm" >&5 - # Check whether --with-blowfish or --without-blowfish was given. - if test "${with_blowfish+set}" = set; then - withval="$with_blowfish" -@@ -6206,7 +6289,7 @@ - - - echo $ac_n "checking whether to include the DES encryption algorithm""... $ac_c" 1>&6 --echo "configure:6210: checking whether to include the DES encryption algorithm" >&5 -+echo "configure:6293: checking whether to include the DES encryption algorithm" >&5 - # Check whether --with-des or --without-des was given. - if test "${with_des+set}" = set; then - withval="$with_des" -@@ -6229,7 +6312,7 @@ - - - echo $ac_n "checking whether to include the ARCFOUR encryption algorithm""... $ac_c" 1>&6 --echo "configure:6233: checking whether to include the ARCFOUR encryption algorithm" >&5 -+echo "configure:6316: checking whether to include the ARCFOUR encryption algorithm" >&5 - # Check whether --with-arcfour or --without-arcfour was given. - if test "${with_arcfour+set}" = set; then - withval="$with_arcfour" -@@ -6252,7 +6335,7 @@ - - - echo $ac_n "checking whether to include the none encryption algorithm""... $ac_c" 1>&6 --echo "configure:6256: checking whether to include the none encryption algorithm" >&5 -+echo "configure:6339: checking whether to include the none encryption algorithm" >&5 - # Check whether --with-none or --without-none was given. - if test "${with_none+set}" = set; then - withval="$with_none" -@@ -6275,7 +6358,7 @@ - - - echo $ac_n "checking whether to use login""... $ac_c" 1>&6 --echo "configure:6279: checking whether to use login" >&5 -+echo "configure:6362: checking whether to use login" >&5 - # Check whether --with-login or --without-login was given. - if test "${with_login+set}" = set; then - withval="$with_login" -@@ -6290,7 +6373,7 @@ - # Extract the first word of "$ac_prog", so it can be a program name with args. - set dummy $ac_prog; ac_word=$2 - echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 --echo "configure:6294: checking for $ac_word" >&5 -+echo "configure:6377: checking for $ac_word" >&5 - if eval "test \"`echo '$''{'ac_cv_path_PATH_LOGIN'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else -@@ -6298,9 +6381,13 @@ - /*) - ac_cv_path_PATH_LOGIN="$PATH_LOGIN" # Let the user override the test with a path. - ;; -+ ?:/*) -+ ac_cv_path_PATH_LOGIN="$PATH_LOGIN" # Let the user override the test with a dos path. -+ ;; - *) -- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" -- for ac_dir in $PATH; do -+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" -+ ac_dummy="$PATH" -+ for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_path_PATH_LOGIN="$ac_dir/$ac_word" -@@ -6349,7 +6436,7 @@ - - - echo $ac_n "checking whether to use rsh""... $ac_c" 1>&6 --echo "configure:6353: checking whether to use rsh" >&5 -+echo "configure:6440: checking whether to use rsh" >&5 - # Check whether --with-rsh or --without-rsh was given. - if test "${with_rsh+set}" = set; then - withval="$with_rsh" -@@ -6364,7 +6451,7 @@ - # Extract the first word of "$ac_prog", so it can be a program name with args. - set dummy $ac_prog; ac_word=$2 - echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 --echo "configure:6368: checking for $ac_word" >&5 -+echo "configure:6455: checking for $ac_word" >&5 - if eval "test \"`echo '$''{'ac_cv_path_RSH_PATH'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else -@@ -6372,9 +6459,13 @@ - /*) - ac_cv_path_RSH_PATH="$RSH_PATH" # Let the user override the test with a path. - ;; -+ ?:/*) -+ ac_cv_path_RSH_PATH="$RSH_PATH" # Let the user override the test with a dos path. -+ ;; - *) -- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" -- for ac_dir in $PATH; do -+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" -+ ac_dummy="$PATH" -+ for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_path_RSH_PATH="$ac_dir/$ac_word" -@@ -6416,7 +6507,7 @@ - # Extract the first word of "$ac_prog", so it can be a program name with args. - set dummy $ac_prog; ac_word=$2 - echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 --echo "configure:6420: checking for $ac_word" >&5 -+echo "configure:6511: checking for $ac_word" >&5 - if eval "test \"`echo '$''{'ac_cv_path_RSH_PATH'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else -@@ -6424,9 +6515,13 @@ - /*) - ac_cv_path_RSH_PATH="$RSH_PATH" # Let the user override the test with a path. - ;; -+ ?:/*) -+ ac_cv_path_RSH_PATH="$RSH_PATH" # Let the user override the test with a dos path. -+ ;; - *) -- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" -- for ac_dir in $PATH; do -+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" -+ ac_dummy="$PATH" -+ for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_path_RSH_PATH="$ac_dir/$ac_word" -@@ -6465,7 +6560,7 @@ - - # Code to permit setting default path for users (alden@math.ohio-state.edu) - echo $ac_n "checking default path""... $ac_c" 1>&6 --echo "configure:6469: checking default path" >&5 -+echo "configure:6564: checking default path" >&5 - # Check whether --with-path or --without-path was given. - if test "${with_path+set}" = set; then - withval="$with_path" -@@ -6488,7 +6583,7 @@ - - - echo $ac_n "checking etcdir""... $ac_c" 1>&6 --echo "configure:6492: checking etcdir" >&5 -+echo "configure:6587: checking etcdir" >&5 - # Check whether --with-etcdir or --without-etcdir was given. - if test "${with_etcdir+set}" = set; then - withval="$with_etcdir" -@@ -6513,7 +6608,7 @@ - - - echo $ac_n "checking whether to use nologin.allow file to override nologin""... $ac_c" 1>&6 --echo "configure:6517: checking whether to use nologin.allow file to override nologin" >&5 -+echo "configure:6612: checking whether to use nologin.allow file to override nologin" >&5 - # Check whether --with-nologin-allow or --without-nologin-allow was given. - if test "${with_nologin_allow+set}" = set; then - withval="$with_nologin_allow" -@@ -6543,7 +6638,7 @@ - - - echo $ac_n "checking whether to support SecurID""... $ac_c" 1>&6 --echo "configure:6547: checking whether to support SecurID" >&5 -+echo "configure:6642: checking whether to support SecurID" >&5 - # Check whether --with-securid or --without-securid was given. - if test "${with_securid+set}" = set; then - withval="$with_securid" -@@ -6586,7 +6681,7 @@ - - - echo $ac_n "checking whether to support TIS authentication server""... $ac_c" 1>&6 --echo "configure:6590: checking whether to support TIS authentication server" >&5 -+echo "configure:6685: checking whether to support TIS authentication server" >&5 - # Check whether --with-tis or --without-tis was given. - if test "${with_tis+set}" = set; then - withval="$with_tis" -@@ -6604,8 +6699,8 @@ - #define HAVE_TIS 1 - EOF - -- CFLAGS="$CFLAGS -I$withval -DHAVE_TIS" -- LIBS="-L$withval -lauth -lfwall $LIBS" -+ CFLAGS="$CFLAGS -I$withval/include -DHAVE_TIS" -+ LIBS="-L$withval/lib -lauth -lfwall $LIBS" - echo "configure: warning: Remember to read README.TIS. The connection between sshd and TIS authentication - server is clear text!" 1>&2 - ;; -@@ -6616,40 +6711,138 @@ - fi - - --echo $ac_n "checking whether to use Kerberos""... $ac_c" 1>&6 --echo "configure:6621: checking whether to use Kerberos" >&5 --# Check whether --with-kerberos5 or --without-kerberos5 was given. --if test "${with_kerberos5+set}" = set; then -- withval="$with_kerberos5" -+echo $ac_n "checking whether to use Kerberos v4""... $ac_c" 1>&6 -+echo "configure:6716: checking whether to use Kerberos v4" >&5 -+# Check whether --with-krb4 or --without-krb4 was given. -+if test "${with_krb4+set}" = set; then -+ withval="$with_krb4" - case "$withval" in - yes) -- with_kerberos5=/usr/local -+ with_krb4=/usr/kerberos - ;; - esac - else -- with_kerberos5=no -+ with_krb4=no - - fi - --case "$with_kerberos5" in -+case "$with_krb4" in - no) - echo "$ac_t""no" 1>&6 - ;; - *) - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF --#define KERBEROS 1 -+#define KRB4 1 -+EOF -+ -+ KERBEROS_ROOT="$with_krb4" -+ KERBEROS_INCS="-I${KERBEROS_ROOT}/include/kerberosIV" -+ KERBEROS_LIBS="-L${KERBEROS_ROOT}/lib -lkrb -ldes" -+ KERBEROS_OBJS="auth-kerberos.o" -+ echo $ac_n "checking for dn_expand in -lresolv""... $ac_c" 1>&6 -+echo "configure:6745: checking for dn_expand in -lresolv" >&5 -+ac_lib_var=`echo resolv'_'dn_expand | sed 'y%./+-%__p_%'` -+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then -+ echo $ac_n "(cached) $ac_c" 1>&6 -+else -+ ac_save_LIBS="$LIBS" -+LIBS="-lresolv $LIBS" -+cat > conftest.$ac_ext <<EOF -+#line 6753 "configure" -+#include "confdefs.h" -+/* Override any gcc2 internal prototype to avoid an error. */ -+/* We use char because int might match the return type of a gcc2 -+ builtin and then its argument prototype would still apply. */ -+char dn_expand(); -+ -+int main() { -+dn_expand() -+; return 0; } -+EOF -+if { (eval echo configure:6764: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then -+ rm -rf conftest* -+ eval "ac_cv_lib_$ac_lib_var=yes" -+else -+ echo "configure: failed program was:" >&5 -+ cat conftest.$ac_ext >&5 -+ rm -rf conftest* -+ eval "ac_cv_lib_$ac_lib_var=no" -+fi -+rm -f conftest* -+LIBS="$ac_save_LIBS" -+ -+fi -+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then -+ echo "$ac_t""yes" 1>&6 -+ KERBEROS_LIBS="$KERBEROS_LIBS -lresolv" -+else -+ echo "$ac_t""no" 1>&6 -+fi -+ -+ echo $ac_n "checking whether AFS lifetime conversion routines are present""... $ac_c" 1>&6 -+echo "configure:6785: checking whether AFS lifetime conversion routines are present" >&5 -+ keeplibs="$LIBS" -+ keepcflags="$CFLAGS" -+ LIBS="-L${KERBEROS_ROOT}/lib -lkrb -ldes $LIBS" -+ CFLAGS="-I${KERBEROS_ROOT}/include $CFLAGS" -+ cat > conftest.$ac_ext <<EOF -+#line 6791 "configure" -+#include "confdefs.h" -+#include <krb.h> -+int main() { -+ krb_life_to_time(10, 10); -+; return 0; } - EOF -+if { (eval echo configure:6798: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then -+ rm -rf conftest* -+ echo "$ac_t""yes" 1>&6 -+ cat >> confdefs.h <<\EOF -+#define HAVE_KRB_LIFE_TO_TIME 1 -+EOF -+ -+else -+ echo "configure: failed program was:" >&5 -+ cat conftest.$ac_ext >&5 -+ rm -rf conftest* -+ echo "$ac_t""no" 1>&6 -+fi -+rm -f conftest* -+ LIBS="$keeplibs" -+ CFLAGS="$keepcflags" -+ ;; -+esac - -+echo $ac_n "checking whether to use Kerberos v5""... $ac_c" 1>&6 -+echo "configure:6818: checking whether to use Kerberos v5" >&5 -+# Check whether --with-krb5 or --without-krb5 was given. -+if test "${with_krb5+set}" = set; then -+ withval="$with_krb5" -+ case "$withval" in -+ yes) -+ with_krb5=/usr/local -+ ;; -+ esac -+else -+ with_krb5=no -+ -+fi -+ -+case "$with_krb5" in -+ no) -+ echo "$ac_t""no" 1>&6 -+ ;; -+ *) -+ echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF - #define KRB5 1 - EOF - -- KERBEROS_ROOT="$with_kerberos5" -- KERBEROS_INCS="-I${KERBEROS_ROOT}/include" -- KERBEROS_LIBS="-L${KERBEROS_ROOT}/lib -lgssapi_krb5 -lkrb5 -lcrypto -lcom_err" -+ KERBEROS_ROOT="$with_krb5" -+ KERBEROS_INCS="-I${KERBEROS_ROOT}/include/krb5" -+ KERBEROS_LIBS="-L${KERBEROS_ROOT}/lib -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err" - echo $ac_n "checking for dbm_open in -lndbm""... $ac_c" 1>&6 --echo "configure:6653: checking for dbm_open in -lndbm" >&5 -+echo "configure:6846: checking for dbm_open in -lndbm" >&5 - ac_lib_var=`echo ndbm'_'dbm_open | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -6657,7 +6850,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lndbm $LIBS" - cat > conftest.$ac_ext <<EOF --#line 6661 "configure" -+#line 6854 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -6668,7 +6861,7 @@ - dbm_open() - ; return 0; } - EOF --if { (eval echo configure:6672: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:6865: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -6692,40 +6885,66 @@ - ;; - esac - -- -- -- -- --echo $ac_n "checking whether to enable passing the Kerberos TGT""... $ac_c" 1>&6 --echo "configure:6701: checking whether to enable passing the Kerberos TGT" >&5 --# Check whether --enable-kerberos-tgt-passing or --disable-kerberos-tgt-passing was given. --if test "${enable_kerberos_tgt_passing+set}" = set; then -- enableval="$enable_kerberos_tgt_passing" -- case "$enableval" in -- no) -- echo "$ac_t""no" 1>&6 -- ;; -- *) -- if test "$with_kerberos5" = no ; then -+echo $ac_n "checking whether to use AFS""... $ac_c" 1>&6 -+echo "configure:6890: checking whether to use AFS" >&5 -+# Check whether --with-afs or --without-afs was given. -+if test "${with_afs+set}" = set; then -+ withval="$with_afs" -+ if test "$with_afs" = no; then - echo "$ac_t""no" 1>&6 -- echo "configure: warning: "Passing Kerberos TGT requires Kerberos5 support."" 1>&2 - else - echo "$ac_t""yes" 1>&6 -- cat >> confdefs.h <<\EOF --#define KERBEROS_TGT_PASSING 1 -+ cat >> confdefs.h <<\EOF -+#define AFS 1 - EOF - -+ if test "$with_krb4" = no; then -+ echo "$ac_t""no" 1>&6 -+ echo "configure: warning: "AFS requires Kerberos v4 support."" 1>&2 -+ else -+ KERBEROS_LIBS="${KERBEROS_LIBS} -lkafs" -+ if test -n "$os_aix"; then -+ KERBEROS_LIBS="${KERBEROS_LIBS} -lld" - fi -+ fi -+fi -+ -+fi -+ -+ -+echo $ac_n "checking whether to use Hesiod""... $ac_c" 1>&6 -+echo "configure:6917: checking whether to use Hesiod" >&5 -+# Check whether --with-hesiod or --without-hesiod was given. -+if test "${with_hesiod+set}" = set; then -+ withval="$with_hesiod" -+ case "$withval" in -+ yes) -+ with_hesiod=/usr/local/athena - ;; - esac - else -- echo "$ac_t""no" 1>&6 -+ with_hesiod=no - - fi - -+case "$with_hesiod" in -+no) -+ echo "$ac_t""no" 1>&6 -+ ;; -+*) -+ echo "$ac_t""yes" 1>&6 -+ cat >> confdefs.h <<\EOF -+#define HESIOD 1 -+EOF -+ -+ HESIOD_ROOT="$with_hesiod" -+ HESIOD_INCS="-I${HESIOD_ROOT}/include" -+ HESIOD_LIBS="-L${HESIOD_ROOT}/lib -lhesiod" -+ ;; -+esac - - echo $ac_n "checking whether to use libwrap""... $ac_c" 1>&6 --echo "configure:6729: checking whether to use libwrap" >&5 -+echo "configure:6948: checking whether to use libwrap" >&5 - # Check whether --with-libwrap or --without-libwrap was given. - if test "${with_libwrap+set}" = set; then - withval="$with_libwrap" -@@ -6734,56 +6953,41 @@ - echo "$ac_t""no" 1>&6 - ;; - yes) -- echo "$ac_t""yes" 1>&6 -- echo $ac_n "checking for request_init in -lwrap""... $ac_c" 1>&6 --echo "configure:6740: checking for request_init in -lwrap" >&5 --ac_lib_var=`echo wrap'_'request_init | sed 'y%./+-%__p_%'` --if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then -- echo $ac_n "(cached) $ac_c" 1>&6 --else -- ac_save_LIBS="$LIBS" --LIBS="-lwrap $LIBS" --cat > conftest.$ac_ext <<EOF --#line 6748 "configure" -+ WRAPLIBS="-lwrap" -+ OLDLIBS="$LIBS" -+ LIBS="$WRAPLIBS $LIBS" -+ cat > conftest.$ac_ext <<EOF -+#line 6961 "configure" - #include "confdefs.h" --/* Override any gcc2 internal prototype to avoid an error. */ --/* We use char because int might match the return type of a gcc2 -- builtin and then its argument prototype would still apply. */ --char request_init(); -- -+ int allow_severity; int deny_severity; - int main() { --request_init() -+ request_init(); - ; return 0; } - EOF --if { (eval echo configure:6759: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -- rm -rf conftest* -- eval "ac_cv_lib_$ac_lib_var=yes" --else -- echo "configure: failed program was:" >&5 -- cat conftest.$ac_ext >&5 -+if { (eval echo configure:6968: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* -- eval "ac_cv_lib_$ac_lib_var=no" --fi --rm -f conftest* --LIBS="$ac_save_LIBS" -- --fi --if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then -- echo "$ac_t""yes" 1>&6 - -- cat >> confdefs.h <<\EOF -+ echo "$ac_t""yes" 1>&6 -+ cat >> confdefs.h <<\EOF - #define LIBWRAP 1 - EOF - -- WRAPLIBS="-lwrap" -- cat >> confdefs.h <<\EOF -+ cat >> confdefs.h <<\EOF - #define HAVE_LIBWRAP 1 - EOF -- -+ -+ - else -- echo "$ac_t""no" 1>&6 -+ echo "configure: failed program was:" >&5 -+ cat conftest.$ac_ext >&5 -+ rm -rf conftest* -+ -+ echo "$ac_t""no" 1>&6 -+ WRAPLIBS="" -+ - fi -- -+rm -f conftest* -+ LIBS="$OLDLIBS" - ;; - *) - echo "$ac_t""yes" 1>&6 -@@ -6799,14 +7003,14 @@ - OLDLIBS="$LIBS" - LIBS="$WRAPLIBS $LIBS" - cat > conftest.$ac_ext <<EOF --#line 6803 "configure" -+#line 7007 "configure" - #include "confdefs.h" - int allow_severity; int deny_severity; - int main() { - hosts_access(); - ; return 0; } - EOF --if { (eval echo configure:6810: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:7014: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - : - else - echo "configure: failed program was:" >&5 -@@ -6827,7 +7031,7 @@ - - - echo $ac_n "checking whether to support SOCKS""... $ac_c" 1>&6 --echo "configure:6831: checking whether to support SOCKS" >&5 -+echo "configure:7035: checking whether to support SOCKS" >&5 - # Check whether --with-socks or --without-socks was given. - if test "${with_socks+set}" = set; then - withval="$with_socks" -@@ -6838,7 +7042,7 @@ - yes) - echo "$ac_t""yes" 1>&6 - echo $ac_n "checking for SOCKSconnect in -lsocks5""... $ac_c" 1>&6 --echo "configure:6842: checking for SOCKSconnect in -lsocks5" >&5 -+echo "configure:7046: checking for SOCKSconnect in -lsocks5" >&5 - ac_lib_var=`echo socks5'_'SOCKSconnect | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -6846,7 +7050,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lsocks5 $LIBS" - cat > conftest.$ac_ext <<EOF --#line 6850 "configure" -+#line 7054 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -6857,7 +7061,7 @@ - SOCKSconnect() - ; return 0; } - EOF --if { (eval echo configure:6861: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:7065: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -6879,7 +7083,7 @@ - echo "$ac_t""no" 1>&6 - - echo $ac_n "checking for Rconnect in -lsocks""... $ac_c" 1>&6 --echo "configure:6883: checking for Rconnect in -lsocks" >&5 -+echo "configure:7087: checking for Rconnect in -lsocks" >&5 - ac_lib_var=`echo socks'_'Rconnect | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -6887,7 +7091,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lsocks $LIBS" - cat > conftest.$ac_ext <<EOF --#line 6891 "configure" -+#line 7095 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -6898,7 +7102,7 @@ - Rconnect() - ; return 0; } - EOF --if { (eval echo configure:6902: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:7106: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -6934,7 +7138,7 @@ - - if test "x$socks" = "x"; then - echo $ac_n "checking whether to support SOCKS5""... $ac_c" 1>&6 --echo "configure:6938: checking whether to support SOCKS5" >&5 -+echo "configure:7142: checking whether to support SOCKS5" >&5 - # Check whether --with-socks5 or --without-socks5 was given. - if test "${with_socks5+set}" = set; then - withval="$with_socks5" -@@ -6968,14 +7172,14 @@ - TMPLIBS="$LIBS" - LIBS="$LIBS $KERBEROS_LIBS" - cat > conftest.$ac_ext <<EOF --#line 6972 "configure" -+#line 7176 "configure" - #include "confdefs.h" - - int main() { - SOCKSconnect(); - ; return 0; } - EOF --if { (eval echo configure:6979: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:7183: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - : - else - echo "configure: failed program was:" >&5 -@@ -6996,7 +7200,7 @@ - - if test "x$socks" = "x"; then - echo $ac_n "checking whether to support SOCKS4""... $ac_c" 1>&6 --echo "configure:7000: checking whether to support SOCKS4" >&5 -+echo "configure:7204: checking whether to support SOCKS4" >&5 - # Check whether --with-socks4 or --without-socks4 was given. - if test "${with_socks4+set}" = set; then - withval="$with_socks4" -@@ -7016,14 +7220,14 @@ - fi - LIBS="$withval $LIBS" - cat > conftest.$ac_ext <<EOF --#line 7020 "configure" -+#line 7224 "configure" - #include "confdefs.h" - - int main() { - Rconnect(); - ; return 0; } - EOF --if { (eval echo configure:7027: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:7231: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - : - else - echo "configure: failed program was:" >&5 -@@ -7150,7 +7354,7 @@ - fi - - echo $ac_n "checking whether to use rsaref""... $ac_c" 1>&6 --echo "configure:7154: checking whether to use rsaref" >&5 -+echo "configure:7358: checking whether to use rsaref" >&5 - # Check whether --with-rsaref or --without-rsaref was given. - if test "${with_rsaref+set}" = set; then - withval="$with_rsaref" -@@ -7184,7 +7388,7 @@ - - # This allows group writeability in userfile_check_owner_permissions() - echo $ac_n "checking whether to allow group writeability""... $ac_c" 1>&6 --echo "configure:7188: checking whether to allow group writeability" >&5 -+echo "configure:7392: checking whether to allow group writeability" >&5 - # Check whether --enable-group-writeability or --disable-group-writeability was given. - if test "${enable_group_writeability+set}" = set; then - enableval="$enable_group_writeability" -@@ -7200,7 +7404,7 @@ - - - echo $ac_n "checking whether to disable forwardings in server""... $ac_c" 1>&6 --echo "configure:7204: checking whether to disable forwardings in server" >&5 -+echo "configure:7408: checking whether to disable forwardings in server" >&5 - # Check whether --enable-server-port-forwardings or --disable-server-port-forwardings was given. - if test "${enable_server_port_forwardings+set}" = set; then - enableval="$enable_server_port_forwardings" -@@ -7222,7 +7426,7 @@ - - - echo $ac_n "checking whether to disable forwardings in client""... $ac_c" 1>&6 --echo "configure:7226: checking whether to disable forwardings in client" >&5 -+echo "configure:7430: checking whether to disable forwardings in client" >&5 - # Check whether --enable-client-port-forwardings or --disable-client-port-forwardings was given. - if test "${enable_client_port_forwardings+set}" = set; then - enableval="$enable_client_port_forwardings" -@@ -7244,7 +7448,7 @@ - - - echo $ac_n "checking whether to disable X11 forwarding in server""... $ac_c" 1>&6 --echo "configure:7248: checking whether to disable X11 forwarding in server" >&5 -+echo "configure:7452: checking whether to disable X11 forwarding in server" >&5 - # Check whether --enable-server-x11-forwarding or --disable-server-x11-forwarding was given. - if test "${enable_server_x11_forwarding+set}" = set; then - enableval="$enable_server_x11_forwarding" -@@ -7266,7 +7470,7 @@ - - - echo $ac_n "checking whether to disable X11 forwarding in client""... $ac_c" 1>&6 --echo "configure:7270: checking whether to disable X11 forwarding in client" >&5 -+echo "configure:7474: checking whether to disable X11 forwarding in client" >&5 - # Check whether --enable-client-x11-forwarding or --disable-client-x11-forwarding was given. - if test "${enable_client_x11_forwarding+set}" = set; then - enableval="$enable_client_x11_forwarding" -@@ -7288,28 +7492,28 @@ - - - echo $ac_n "checking whether to install ssh as suid root""... $ac_c" 1>&6 --echo "configure:7292: checking whether to install ssh as suid root" >&5 -+echo "configure:7496: checking whether to install ssh as suid root" >&5 - # Check whether --enable-suid-ssh or --disable-suid-ssh was given. - if test "${enable_suid_ssh+set}" = set; then - enableval="$enable_suid_ssh" - case "$enableval" in - no) - echo "$ac_t""no" 1>&6 -- SSHINSTALLMODE=0711 -+ SSHINSTALLMODE=0511 - ;; - *) echo "$ac_t""yes" 1>&6 -- SSHINSTALLMODE=04711 -+ SSHINSTALLMODE=04511 - ;; - esac - else - echo "$ac_t""yes" 1>&6 -- SSHINSTALLMODE=04711 -+ SSHINSTALLMODE=04511 - - fi - - - echo $ac_n "checking whether to enable TCP_NODELAY""... $ac_c" 1>&6 --echo "configure:7313: checking whether to enable TCP_NODELAY" >&5 -+echo "configure:7517: checking whether to enable TCP_NODELAY" >&5 - # Check whether --enable-tcp-nodelay or --disable-tcp-nodelay was given. - if test "${enable_tcp_nodelay+set}" = set; then - enableval="$enable_tcp_nodelay" -@@ -7335,7 +7539,7 @@ - - - echo $ac_n "checking whether to enable SO_LINGER""... $ac_c" 1>&6 --echo "configure:7339: checking whether to enable SO_LINGER" >&5 -+echo "configure:7543: checking whether to enable SO_LINGER" >&5 - # Check whether --enable-so-linger or --disable-so-linger was given. - if test "${enable_so_linger+set}" = set; then - enableval="$enable_so_linger" -@@ -7357,7 +7561,7 @@ - - - echo $ac_n "checking whether to include scp statistics at all""... $ac_c" 1>&6 --echo "configure:7361: checking whether to include scp statistics at all" >&5 -+echo "configure:7565: checking whether to include scp statistics at all" >&5 - # Check whether --with-scp-stats or --without-scp-stats was given. - if test "${with_scp_stats+set}" = set; then - withval="$with_scp_stats" -@@ -7383,7 +7587,7 @@ - - - echo $ac_n "checking whether to enable scp statistics""... $ac_c" 1>&6 --echo "configure:7387: checking whether to enable scp statistics" >&5 -+echo "configure:7591: checking whether to enable scp statistics" >&5 - # Check whether --enable-scp-stats or --disable-scp-stats was given. - if test "${enable_scp_stats+set}" = set; then - enableval="$enable_scp_stats" -@@ -7409,7 +7613,7 @@ - - - echo $ac_n "checking whether to enable scp statistics for all files""... $ac_c" 1>&6 --echo "configure:7413: checking whether to enable scp statistics for all files" >&5 -+echo "configure:7617: checking whether to enable scp statistics for all files" >&5 - # Check whether --enable-all-scp-stats or --disable-all-scp-stats was given. - if test "${enable_all_scp_stats+set}" = set; then - enableval="$enable_all_scp_stats" -@@ -7445,7 +7649,7 @@ - - PIDDIR="/var/run" - echo $ac_n "checking where to put sshd.pid""... $ac_c" 1>&6 --echo "configure:7449: checking where to put sshd.pid" >&5 -+echo "configure:7653: checking where to put sshd.pid" >&5 - if test '!' -d $PIDDIR; then - PIDDIR="$ETCDIR" - fi -@@ -7505,7 +7709,7 @@ - # Ultrix sh set writes to stderr and can't be redirected directly, - # and sets the high bit in the cache file unless we assign to the vars. - (set) 2>&1 | -- case `(ac_space=' '; set) 2>&1` in -+ case `(ac_space=' '; set | grep ac_space) 2>&1` in - *ac_space=\ *) - # `set' does not quote correctly, so add quotes (double-quote substitution - # turns \\\\ into \\, and sed turns \\ into \). -@@ -7572,7 +7776,7 @@ - echo "running \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion" - exec \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion ;; - -version | --version | --versio | --versi | --vers | --ver | --ve | --v) -- echo "$CONFIG_STATUS generated by autoconf version 2.12" -+ echo "$CONFIG_STATUS generated by autoconf version 2.13" - exit 0 ;; - -help | --help | --hel | --he | --h) - echo "\$ac_cs_usage"; exit 0 ;; -@@ -7583,7 +7787,7 @@ - ac_given_srcdir=$srcdir - ac_given_INSTALL="$INSTALL" - --trap 'rm -fr `echo "Makefile sshd.8 ssh.1 make-ssh-known-hosts.1 zlib-1.0.4/Makefile config.h" | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15 -+trap 'rm -fr `echo "Makefile sshd.8 ssh.1 make-ssh-known-hosts.pl make-ssh-known-hosts.1 zlib-1.0.4/Makefile config.h" | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15 - EOF - cat >> $CONFIG_STATUS <<EOF - -@@ -7592,9 +7796,11 @@ - s/@@/%@/; s/@@/@%/; s/@g\$/%g/' > conftest.subs <<\\CEOF - $ac_vpsub - $extrasub -+s%@SHELL@%$SHELL%g - s%@CFLAGS@%$CFLAGS%g - s%@CPPFLAGS@%$CPPFLAGS%g - s%@CXXFLAGS@%$CXXFLAGS%g -+s%@FFLAGS@%$FFLAGS%g - s%@DEFS@%$DEFS%g - s%@LDFLAGS@%$LDFLAGS%g - s%@LIBS@%$LIBS%g -@@ -7623,6 +7829,7 @@ - s%@LIBOBJS@%$LIBOBJS%g - s%@LN_S@%$LN_S%g - s%@INSTALL_PROGRAM@%$INSTALL_PROGRAM%g -+s%@INSTALL_SCRIPT@%$INSTALL_SCRIPT%g - s%@INSTALL_DATA@%$INSTALL_DATA%g - s%@AR@%$AR%g - s%@RANLIB@%$RANLIB%g -@@ -7641,6 +7848,9 @@ - s%@KERBEROS_INCS@%$KERBEROS_INCS%g - s%@KERBEROS_LIBS@%$KERBEROS_LIBS%g - s%@KERBEROS_OBJS@%$KERBEROS_OBJS%g -+s%@HESIOD_ROOT@%$HESIOD_ROOT%g -+s%@HESIOD_INCS@%$HESIOD_INCS%g -+s%@HESIOD_LIBS@%$HESIOD_LIBS%g - s%@WRAPLIBS@%$WRAPLIBS%g - s%@subdirs@%$subdirs%g - s%@ETCDIR@%$ETCDIR%g -@@ -7691,7 +7901,7 @@ - - cat >> $CONFIG_STATUS <<EOF - --CONFIG_FILES=\${CONFIG_FILES-"Makefile sshd.8 ssh.1 make-ssh-known-hosts.1 zlib-1.0.4/Makefile"} -+CONFIG_FILES=\${CONFIG_FILES-"Makefile sshd.8 ssh.1 make-ssh-known-hosts.pl make-ssh-known-hosts.1 zlib-1.0.4/Makefile"} - EOF - cat >> $CONFIG_STATUS <<\EOF - for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then diff --git a/security/ssh/patches/patch-al b/security/ssh/patches/patch-al deleted file mode 100644 index 6f04042927c..00000000000 --- a/security/ssh/patches/patch-al +++ /dev/null @@ -1,70 +0,0 @@ -$NetBSD: patch-al,v 1.4 1999/12/16 08:18:05 jonb Exp $ - ---- gmp-2.0.2-ssh-2/longlong.h.orig Wed Apr 29 19:32:35 1998 -+++ gmp-2.0.2-ssh-2/longlong.h Tue Dec 14 23:03:54 1999 -@@ -190,26 +190,40 @@ - "rI" ((USItype)(bh)), \ - "r" ((USItype)(al)), \ - "rI" ((USItype)(bl))) -+#if defined(__ARM_ARCH_3M__) || defined(__ARM_ARCH_4__) || defined(__ARM_ARCH_4T__) -+/* Use umull if available */ - #define umul_ppmm(xh, xl, a, b) \ - __asm__ ("%@ Inlined umul_ppmm -- mov %|r0, %2, lsr #16 -- mov %|r2, %3, lsr #16 -- bic %|r1, %2, %|r0, lsl #16 -- bic %|r2, %3, %|r2, lsl #16 -- mul %1, %|r1, %|r2 -- mul %|r2, %|r0, %|r2 -- mul %|r1, %0, %|r1 -- mul %0, %|r0, %0 -- adds %|r1, %|r2, %|r1 -+ umull %0, %1, %2, %3" \ -+ : "=&r" ((USItype) (xl)), \ -+ "=&r" ((USItype) (xh)) \ -+ : "r" ((USItype) (a)), \ -+ "r" ((USItype) (b))) -+#define UMUL_TIME 4 -+#else /* umull */ -+#define umul_ppmm(xh, xl, a, b) \ -+do {register USItype __t0, __t1, __t2; \ -+ __asm__ ("%@ Inlined umul_ppmm -+ mov %2, %5, lsr #16 -+ mov %0, %6, lsr #16 -+ bic %3, %5, %2, lsl #16 -+ bic %4, %6, %0, lsl #16 -+ mul %1, %3, %4 -+ mul %4, %2, %4 -+ mul %3, %0, %3 -+ mul %0, %2, %0 -+ adds %3, %4, %3 - addcs %0, %0, #65536 -- adds %1, %1, %|r1, lsl #16 -- adc %0, %0, %|r1, lsr #16" \ -- : "=&r" ((USItype)(xh)), \ -- "=r" ((USItype)(xl)) \ -- : "r" ((USItype)(a)), \ -- "r" ((USItype)(b)) \ -- : "r0", "r1", "r2") -+ adds %1, %1, %3, lsl #16 -+ adc %0, %0, %3, lsr #16" \ -+ : "=&r" ((USItype) (xh)), \ -+ "=r" ((USItype) (xl)), \ -+ "=&r" (__t0), "=&r" (__t1), "=r" (__t2) \ -+ : "r" ((USItype) (a)), \ -+ "r" ((USItype) (b)));} while (0) -+ - #define UMUL_TIME 20 -+#endif /* umull */ - #define UDIV_TIME 100 - #endif /* __arm__ */ - -@@ -719,7 +733,7 @@ - "g" ((USItype)(d))); \ - (r) = __xx.__i.__l; (q) = __xx.__i.__h; }) - #define count_trailing_zeros(count,x) \ -- do { -+ do { \ - __asm__ ("ffsd %2,%0" \ - : "=r" ((USItype) (count)) \ - : "0" ((USItype) 0), \ diff --git a/security/ssh/patches/patch-am b/security/ssh/patches/patch-am deleted file mode 100644 index 853a1d085a3..00000000000 --- a/security/ssh/patches/patch-am +++ /dev/null @@ -1,36 +0,0 @@ -$NetBSD: patch-am,v 1.3 1999/07/17 03:41:07 jlam Exp $ - ---- gmp-2.0.2-ssh-2/configure.in.orig Mon Feb 22 01:59:06 1999 -+++ gmp-2.0.2-ssh-2/configure.in Fri Jul 16 17:38:35 1999 -@@ -122,6 +122,20 @@ - path="x86" - syntax_alternatives="$syntax_alternatives ELF_SYNTAX BSD_SYNTAX INTEL_SYNTAX" - ;; -+ i[3456]86*-*-*netbsd* | pentium-*-*netbsd* | pentiumpro-*-*netbsd*) -+ if $CC -E - -dM </dev/null | grep -q __ELF__; then -+ syntax_alternatives="$syntax_alternatives ELF_SYNTAX" # ELF -+ else -+ syntax_alternatives="$syntax_alternatives BSD_SYNTAX" # a.out -+ x86_broken_align=yes -+ fi -+ case "${host}" in -+ i[34]86*-*-*netbsd*) -+ path="x86" ;; -+ i[56]86*-*-*netbsd* | pentium-*-*netbsd* | pentiumpro-*-*netbsd*) -+ path="x86/pentium x86" ;; -+ esac -+ ;; - i[34]86*-*-linuxaout* | i[34]86*-*-linuxoldld* | \ - i[34]86*-*-*bsd*) # 386/486 running BSD or Linux with a.out - path="x86" -@@ -221,6 +235,10 @@ - ;; - sh2-*-*) - path="sh/sh2 sh" -+ ;; -+ mips*-*-netbsd*) -+ path="mips2" -+ SFLAGS="-Wa,-KPIC" - ;; - mips[34]*-*-*) - path="mips3" diff --git a/security/ssh/patches/patch-an b/security/ssh/patches/patch-an deleted file mode 100644 index 26090dea5f6..00000000000 --- a/security/ssh/patches/patch-an +++ /dev/null @@ -1,43 +0,0 @@ -$NetBSD: patch-an,v 1.1 1999/03/04 09:25:44 tron Exp $ - ---- gmp-2.0.2-ssh-2/gmp-impl.h.orig Fri Mar 27 18:06:09 1998 -+++ gmp-2.0.2-ssh-2/gmp-impl.h Thu Mar 4 10:20:02 1999 -@@ -281,7 +281,6 @@ - - #if SIZEOF_INT >= 4 /* otherwise fails on 16-bit machines */ - #if defined (__alpha) \ -- || (defined (__arm__) && defined (__ARMWEL__)) \ - || defined (__clipper__) \ - || defined (__cris) \ - || defined (__i386__) \ -@@ -304,7 +303,7 @@ - }; - #else /* Need this as an #else since the tests aren't made exclusive. */ - #if defined (__a29k__) || defined (_AM29K) \ -- || defined (__arm__) \ -+ || (defined (__arm__) && defined (__ARMEB__)) \ - || (defined (__convex__) && defined (_IEEE_FLOAT_)) \ - || defined (__i370__) || defined (__mvs__) \ - || defined (__mc68000__) || defined (__mc68020__) || defined (__NeXT__)\ -@@ -330,6 +329,21 @@ - } s; - double d; - }; -+#define _GMP_IEEE_FLOATS 1 -+#else -+#if defined (__arm__) -+union ieee_double_extract -+{ -+ struct -+ { -+ unsigned int manh:20; -+ unsigned int exp:11; -+ unsigned int sig:1; -+ unsigned int manl:32; -+ } s; -+ double d; -+}; -+#endif - #endif - #endif - #endif /* SIZEOF_INT >= 4 */ diff --git a/security/ssh/patches/patch-ao b/security/ssh/patches/patch-ao deleted file mode 100644 index e7e8c95ab00..00000000000 --- a/security/ssh/patches/patch-ao +++ /dev/null @@ -1,22 +0,0 @@ -$NetBSD: patch-ao,v 1.8 1999/05/26 15:35:43 tv Exp $ - ---- gmp-2.0.2-ssh-2/aclocal.m4.orig Wed Jul 8 18:40:42 1998 -+++ gmp-2.0.2-ssh-2/aclocal.m4 Mon May 10 23:50:28 1999 -@@ -20,7 +20,7 @@ - dnl AM_INIT_AUTOMAKE(package,version, [no-define]) - - AC_DEFUN(AM_INIT_AUTOMAKE, --[AC_REQUIRE([AM_PROG_INSTALL]) -+[AC_REQUIRE([AC_PROG_INSTALL]) - PACKAGE=[$1] - AC_SUBST(PACKAGE) - VERSION=[$2] -@@ -46,7 +46,7 @@ - - # serial 1 - --AC_DEFUN(AM_PROG_INSTALL, -+AC_DEFUN(AC_PROG_INSTALL, - [AC_REQUIRE([AC_PROG_INSTALL]) - test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL_PROGRAM}' - AC_SUBST(INSTALL_SCRIPT)dnl diff --git a/security/ssh/patches/patch-ap b/security/ssh/patches/patch-ap deleted file mode 100644 index eb5397be923..00000000000 --- a/security/ssh/patches/patch-ap +++ /dev/null @@ -1,36 +0,0 @@ -$NetBSD: patch-ap,v 1.3 1999/07/17 03:41:07 jlam Exp $ - ---- gmp-2.0.2-ssh-2/configure.orig Wed May 12 07:19:35 1999 -+++ gmp-2.0.2-ssh-2/configure Fri Jul 16 17:38:30 1999 -@@ -1855,6 +1855,20 @@ - path="x86" - syntax_alternatives="$syntax_alternatives ELF_SYNTAX BSD_SYNTAX INTEL_SYNTAX" - ;; -+ i[3456]86*-*-*netbsd* | pentium-*-*netbsd* | pentiumpro-*-*netbsd*) -+ if $CC -E - -dM </dev/null | grep -q __ELF__; then -+ syntax_alternatives="$syntax_alternatives ELF_SYNTAX" # ELF -+ else -+ syntax_alternatives="$syntax_alternatives BSD_SYNTAX" # a.out -+ x86_broken_align=yes -+ fi -+ case "${host}" in -+ i[34]86*-*-*netbsd*) -+ path="x86" ;; -+ i[56]86*-*-*netbsd* | pentium-*-*netbsd* | pentiumpro-*-*netbsd*) -+ path="x86/pentium x86" ;; -+ esac -+ ;; - i[34]86*-*-linuxaout* | i[34]86*-*-linuxoldld* | \ - i[34]86*-*-*bsd*) # 386/486 running BSD or Linux with a.out - path="x86" -@@ -1954,6 +1968,10 @@ - ;; - sh2-*-*) - path="sh/sh2 sh" -+ ;; -+ mips*-*-netbsd*) -+ path="mips2" -+ SFLAGS="-Wa,-KPIC" - ;; - mips[34]*-*-*) - path="mips3" diff --git a/security/ssh/patches/patch-aq b/security/ssh/patches/patch-aq deleted file mode 100644 index 19dc4951b89..00000000000 --- a/security/ssh/patches/patch-aq +++ /dev/null @@ -1,68 +0,0 @@ -$NetBSD: patch-aq,v 1.6 2000/03/20 02:25:52 itojun Exp $ - ---- newchannels.c- Wed May 12 20:19:27 1999 -+++ newchannels.c Mon Mar 20 09:47:24 2000 -@@ -274,7 +274,7 @@ - #include "authfd.h" - #include "emulate.h" - #include "servconf.h" --#ifdef LIBWRAP -+#if defined(LIBWRAP) && defined(LIBWRAP_FWD) - #include <tcpd.h> - #include <syslog.h> - #ifdef NEED_SYS_SYSLOG_H -@@ -922,6 +922,7 @@ - /* This is our fake X11 server socket. */ - if (FD_ISSET(ch->sock, readset)) - { -+ int on = 1; - debug("X11 connection requested."); - addrlen = sizeof(addr); - newsock = accept(ch->sock, &addr, &addrlen); -@@ -930,11 +931,12 @@ - error("accept: %.100s", strerror(errno)); - break; - } -+ setsockopt(newsock, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(on)); - remote_hostname = get_remote_hostname(newsock); - snprintf(buf, sizeof(buf), "X11 connection from %.200s port %d", - remote_hostname, get_peer_port(newsock)); - xfree(remote_hostname); --#ifdef LIBWRAP -+#if defined(LIBWRAP) && defined(LIBWRAP_FWD) - { - struct request_info req; - struct servent *serv; -@@ -986,7 +988,7 @@ - ch->listening_port, remote_hostname, - get_peer_port(newsock)); - xfree(remote_hostname); --#ifdef LIBWRAP -+#if defined(LIBWRAP) && defined(LIBWRAP_FWD) - { - struct request_info req; - struct servent *serv; -@@ -2110,7 +2112,11 @@ - - success: - /* We have successfully obtained a connection to the real X display. */ -- -+ { -+ int on = 1; -+ setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(on)); -+ } -+ - #if defined(O_NONBLOCK) && !defined(O_NONBLOCK_BROKEN) - (void)fcntl(sock, F_SETFL, O_NONBLOCK); - #else /* O_NONBLOCK && !O_NONBLOCK_BROKEN */ -@@ -2412,6 +2418,10 @@ - ssh-agent connections on your system */ - old_umask = umask(S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); - -+ /* Make sure the socket doesn't already exist, left over from a system -+ crash perhaps. */ -+ unlink(channel_forwarded_auth_socket_name); -+ - if (bind(sock, (struct sockaddr *)&sunaddr, AF_UNIX_SIZE(sunaddr)) < 0) - packet_disconnect("Agent socket bind failed: %.100s", strerror(errno)); - diff --git a/security/ssh/patches/patch-ar b/security/ssh/patches/patch-ar deleted file mode 100644 index 57b7803f945..00000000000 --- a/security/ssh/patches/patch-ar +++ /dev/null @@ -1,35 +0,0 @@ -$NetBSD: patch-ar,v 1.2 2000/03/20 02:25:52 itojun Exp $ - ---- acconfig.h- Wed May 12 20:19:23 1999 -+++ acconfig.h Mon Mar 20 09:47:20 2000 -@@ -247,16 +247,23 @@ - /* Define this if your gettimeofday doesn't have TZ parameter */ - #undef HAVE_NO_TZ_IN_GETTIMEOFDAY - --/* Define this if you want to compile in Kerberos support. */ --#undef KERBEROS -- - /* Define this if you want to compile in Kerberos V5 support. -- KERBEROS must be compiled in as well. This can be done at configure -- time with the --with-kerberos5 argument*/ -+ This can be done at configure time with the --with-krb5 argument. */ - #undef KRB5 - --/* Define this if you want to pass the Kerberos TGT. */ --#undef KERBEROS_TGT_PASSING -+/* Define this if you want to compile in Kerberos V4 support. -+ This can be done at configure time with the --with-krb4 argument. */ -+#undef KRB4 -+ -+/* Define this if you what to build ssh with Hesiod support. */ -+#undef HESIOD -+ -+/* Define this if you want to compile in AFS support. -+ This can be done at configure time with the --with-afs argument. */ -+#undef AFS -+ -+/* Define this if you have the AFS lifetime conversion routines. */ -+#undef HAVE_KRB_LIFE_TO_TIME - - /* Define this if you dont have SIGINFO as signal but some other macro */ - #undef HAVE_INCOMPATIBLE_SIGINFO diff --git a/security/ssh/patches/patch-as b/security/ssh/patches/patch-as deleted file mode 100644 index 46495b6f7a0..00000000000 --- a/security/ssh/patches/patch-as +++ /dev/null @@ -1,249 +0,0 @@ -$NetBSD: patch-as,v 1.1 1999/12/25 05:28:36 kim Exp $ - ---- auth-kerberos.c.orig Wed May 12 07:19:23 1999 -+++ auth-kerberos.c Fri Dec 24 21:50:38 1999 -@@ -38,14 +38,13 @@ - #include "xmalloc.h" - #include "ssh.h" - --#ifdef KERBEROS --#if defined (KRB5) -+#ifdef KRB5 - #include <krb5.h> - - extern krb5_context ssh_context; - extern krb5_auth_context auth_context; - --int auth_kerberos(char *server_user, krb5_data *auth, krb5_principal *client) -+int auth_krb5(char *server_user, krb5_data *auth, krb5_principal *client) - { - krb5_error_code problem; - krb5_ticket *ticket; -@@ -163,11 +162,115 @@ - return 1; - } - #endif /* KRB5 */ --#endif /* KERBEROS */ - --#ifdef KERBEROS_TGT_PASSING --#if defined (KRB5) --int auth_kerberos_tgt( char *server_user, krb5_data *krb5data) -+#ifdef KRB4 -+#include <sys/param.h> -+#include <krb.h> -+ -+int ssh_tf_init(uid_t uid) -+{ -+ extern char *ticket; -+ char *tkt_root = TKT_ROOT; -+ struct stat st; -+ int fd; -+ -+ /* Set unique ticket string manually since we're still root. */ -+ ticket = xmalloc(MAXPATHLEN); -+#ifdef AFS -+ if (lstat("/ticket", &st) != -1) -+ tkt_root = "/ticket/"; -+#endif /* AFS */ -+ snprintf(ticket, MAXPATHLEN, "%s%d_%d", tkt_root, uid, getpid()); -+ (void) krb_set_tkt_string(ticket); -+ -+ /* Make sure we own this ticket file, and we created it. */ -+ if (lstat(ticket, &st) < 0 && errno == ENOENT) { -+ /* good, no ticket file exists. create it. */ -+ if ((fd = open(ticket, O_RDWR|O_CREAT|O_EXCL, 0600)) != -1) { -+ close(fd); -+ return 1; -+ } -+ } -+ else { -+ /* file exists. make sure server_user owns it (e.g. just passed ticket), -+ and that it isn't a symlink, and that it is mode 600. */ -+ if (st.st_mode == (S_IFREG|S_IRUSR|S_IWUSR) && st.st_uid == uid) -+ return 1; -+ } -+ /* Failure. */ -+ log_msg("WARNING: bad ticket file %s", ticket); -+ return 0; -+} -+ -+int auth_krb4(const char *server_user, KTEXT auth, char **client) -+{ -+ AUTH_DAT adat = { 0 }; -+ KTEXT_ST reply; -+ char instance[INST_SZ]; -+ int r, s; -+ u_long cksum; -+ Key_schedule schedule; -+ struct sockaddr_in local, foreign; -+ -+ s = packet_get_connection_in(); -+ -+ r = sizeof(local); -+ memset(&local, 0, sizeof(local)); -+ if (getsockname(s, (struct sockaddr *) &local, &r) < 0) -+ debug("getsockname failed: %.100s", strerror(errno)); -+ r = sizeof(foreign); -+ memset(&foreign, 0, sizeof(foreign)); -+ if (getpeername(s, (struct sockaddr *)&foreign, &r) < 0) -+ debug("getpeername failed: %.100s", strerror(errno)); -+ -+ instance[0] = '*'; instance[1] = 0; -+ -+ /* Get the encrypted request, challenge, and session key. */ -+ if (r = krb_rd_req(auth, KRB4_SERVICE_NAME, instance, 0, &adat, "")) { -+ packet_send_debug("Kerberos V4 krb_rd_req: %s", krb_err_txt[r]); -+ return 0; -+ } -+ des_key_sched((des_cblock *)adat.session, schedule); -+ -+ *client = xmalloc(MAX_K_NAME_SZ); -+ (void) snprintf(*client, MAX_K_NAME_SZ, "%s%s%s@%s", adat.pname, -+ *adat.pinst ? "." : "", adat.pinst, adat.prealm); -+ -+ /* Check ~/.klogin authorization now. */ -+ if (kuserok(&adat, (char *)server_user) != KSUCCESS) { -+ packet_send_debug("Kerberos V4 .klogin authorization failed!"); -+ log_msg("Kerberos V4 .klogin authorization failed for %s to account %s", -+ *client, server_user); -+ return 0; -+ } -+ /* Increment the checksum, and return it encrypted with the session key. */ -+ cksum = adat.checksum + 1; -+ cksum = htonl(cksum); -+ -+ /* If we can't successfully encrypt the checksum, we send back an empty -+ message, admitting our failure. */ -+ if ((r = krb_mk_priv((u_char *)&cksum, reply.dat, sizeof(cksum)+1, -+ schedule, &adat.session, &local, &foreign)) < 0) { -+ packet_send_debug("Kerberos V4 mk_priv: (%d) %s", r, krb_err_txt[r]); -+ reply.dat[0] = 0; -+ reply.length = 0; -+ } -+ else -+ reply.length = r; -+ -+ /* Clear session key. */ -+ memset(&adat.session, 0, sizeof(&adat.session)); -+ -+ packet_start(SSH_SMSG_AUTH_KERBEROS_RESPONSE); -+ packet_put_string((char *) reply.dat, reply.length); -+ packet_send(); -+ packet_write_wait(); -+ return 1; -+} -+#endif /* KRB4 */ -+ -+#ifdef KRB5 -+int auth_krb5_tgt( char *server_user, krb5_data *krb5data) - { - krb5_creds **creds; - krb5_error_code retval; -@@ -177,7 +280,7 @@ - extern char *ticket; - static krb5_principal rcache_server = 0; - static krb5_rcache rcache; -- struct sockaddr_in local, foreign; -+ struct sockaddr_storage local, foreign; - krb5_address *local_addr, *remote_addr; - int s; - -@@ -267,5 +370,97 @@ - - } - #endif /* KRB5 */ --#endif /* KERBEROS_TGT_PASSING */ - -+ -+#ifdef AFS -+#include <kafs.h> -+ -+int auth_kerberos_tgt(struct passwd *pw, const char *string) -+{ -+ CREDENTIALS creds; -+ extern char *ticket; -+ int r; -+ -+ if (!radix_to_creds(string, &creds)) { -+ log_msg("Protocol error decoding Kerberos V4 tgt"); -+ packet_send_debug("Protocol error decoding Kerberos V4 tgt"); -+ goto auth_kerberos_tgt_failure; -+ } -+ if (strncmp(creds.service, "", 1) == 0) /* backward compatibility */ -+ strcpy(creds.service, "krbtgt"); -+ -+ if (strcmp(creds.service, "krbtgt")) { -+ log_msg("Kerberos V4 tgt (%s%s%s@%s) rejected for uid %d", -+ creds.pname, creds.pinst[0] ? "." : "", creds.pinst, creds.realm, -+ pw->pw_uid); -+ packet_send_debug("Kerberos V4 tgt (%s%s%s@%s) rejected for uid %d", -+ creds.pname, creds.pinst[0] ? "." : "", creds.pinst, -+ creds.realm, pw->pw_uid); -+ goto auth_kerberos_tgt_failure; -+ } -+ if (!ssh_tf_init(pw->pw_uid) || -+ (r = in_tkt(creds.pname, creds.pinst)) || -+ (r = save_credentials(creds.service,creds.instance,creds.realm, -+ creds.session,creds.lifetime,creds.kvno, -+ &creds.ticket_st,creds.issue_date))) { -+ xfree(ticket); -+ ticket = NULL; -+ packet_send_debug("Kerberos V4 tgt refused: couldn't save credentials"); -+ goto auth_kerberos_tgt_failure; -+ } -+ /* Successful authentication, passed all checks. */ -+ chown(ticket, pw->pw_uid, pw->pw_gid); -+ packet_send_debug("Kerberos V4 tgt accepted (%s.%s@%s, %s%s%s@%s)", -+ creds.service,creds.instance,creds.realm, -+ creds.pname,creds.pinst[0] ? "." : "", -+ creds.pinst,creds.realm); -+ -+ packet_start(SSH_SMSG_SUCCESS); -+ packet_send(); -+ packet_write_wait(); -+ return 1; -+ -+auth_kerberos_tgt_failure: -+ memset(&creds, 0, sizeof(creds)); -+ packet_start(SSH_SMSG_FAILURE); -+ packet_send(); -+ packet_write_wait(); -+ return 0; -+} -+ -+int auth_afs_token(char *server_user, uid_t uid, const char *string) -+{ -+ CREDENTIALS creds; -+ -+ if (!radix_to_creds(string, &creds)) { -+ log_msg("Protocol error decoding AFS token"); -+ packet_send_debug("Protocol error decoding AFS token"); -+ packet_start(SSH_SMSG_FAILURE); -+ packet_send(); -+ packet_write_wait(); -+ return 0; -+ } -+ if (strncmp(creds.service, "", 1) == 0) /* backward compatibility */ -+ strcpy(creds.service, "afs"); -+ -+ if (strncmp(creds.pname, "AFS ID ", 7) == 0) -+ uid = atoi(creds.pname + 7); -+ -+ if (kafs_settoken(creds.realm, uid, &creds)) { -+ log_msg("AFS token (%s@%s) rejected for uid %d", creds.pname, -+ creds.realm, uid); -+ packet_send_debug("AFS token (%s@%s) rejected for uid %d", creds.pname, -+ creds.realm, uid); -+ packet_start(SSH_SMSG_FAILURE); -+ packet_send(); -+ packet_write_wait(); -+ return 0; -+ } -+ packet_send_debug("AFS token accepted (%s@%s, %s@%s)", creds.service, -+ creds.realm, creds.pname, creds.realm); -+ packet_start(SSH_SMSG_SUCCESS); -+ packet_send(); -+ packet_write_wait(); -+ return 1; -+} -+#endif /* AFS */ diff --git a/security/ssh/patches/patch-at b/security/ssh/patches/patch-at deleted file mode 100644 index aa9b64f3701..00000000000 --- a/security/ssh/patches/patch-at +++ /dev/null @@ -1,192 +0,0 @@ -$NetBSD: patch-at,v 1.2 2000/04/18 19:02:21 thorpej Exp $ - ---- auth-passwd.c.orig Wed May 12 04:19:23 1999 -+++ auth-passwd.c Tue Apr 18 11:48:03 2000 -@@ -301,29 +301,25 @@ - static int securid_initialized = 0; - #endif /* HAVE_SECURID */ - --#ifdef KERBEROS --#if defined(KRB5) -+#ifdef KRB5 - #include <krb5.h> - extern krb5_context ssh_context; - extern krb5_auth_context auth_context; --#else --#include <krb.h> - #endif /* KRB5 */ --#endif /* KERBEROS */ - --#ifdef AFS --#include <afs/param.h> --#include <afs/kautils.h> --#endif /* AFS */ -+#ifdef KRB4 -+#include <sys/param.h> -+#include <krb.h> -+#endif /* KRB4 */ - --#if defined(KERBEROS) || defined(AFS_KERBEROS) -+#if defined(KRB4) || defined(KRB5) - extern char *ticket; --#endif /* KERBEROS || AFS_KERBEROS */ -+#endif /* KRB4 || KRB5 */ - - /* Tries to authenticate the user using password. Returns true if - authentication succeeds. */ - --#if defined(KERBEROS) && defined(KRB5) -+#ifdef KRB5 - /* - * This routine with some modification is from the MIT V5B6 appl/bsd/login.c - * -@@ -479,16 +475,16 @@ - 0 }; - #endif - krb5_preauthtype * preauth = preauth_list; --#endif /* KERBEROS */ -+#endif /* KRB5 */ - - /* Tries to authenticate the user using password. Returns true if - authentication succeeds. */ --#ifdef KERBEROS -+#ifdef KRB5 - int auth_password(const char *server_user, const char *password, - krb5_principal client) --#else /* KERBEROS */ -+#else /* KRB5 */ - int auth_password(const char *server_user, const char *password) --#endif /* KERBEROS */ -+#endif /* KRB5 */ - { - #if defined(_AIX) && defined(HAVE_AUTHENTICATE) - char *message; -@@ -505,7 +501,7 @@ - } - #else /* _AIX41 && HAVE_AUTHENTICATE */ - --#ifdef KERBEROS -+#ifdef KRB5 - krb5_error_code problem; - int krb5_options = KDC_OPT_RENEWABLE | KDC_OPT_FORWARDABLE; - krb5_deltat rlife = 0; -@@ -515,7 +511,7 @@ - krb5_ccache ccache; - char ccname[80]; - int results; --#endif /* KERBEROS */ -+#endif /* KRB5 */ - extern ServerOptions options; - extern char *crypt(const char *key, const char *salt); - struct passwd *pw; -@@ -537,10 +533,9 @@ - saved_pw_name = xstrdup(pw->pw_name); - saved_pw_passwd = xstrdup(pw->pw_passwd); - --#if defined(KERBEROS) -- if (options.kerberos_authentication) -- { - #if defined(KRB5) -+ if (options.kerberos_authentication && client != NULL) -+ { - snprintf(ccname, sizeof(ccname), "FILE:/tmp/krb5cc_l%d", getpid()); - - if (problem = krb5_cc_resolve(ssh_context, ccname, &ccache)) -@@ -658,9 +653,96 @@ - return 0; - } - } -+ } - #endif /* KRB5 */ -+#ifdef KRB4 -+ if (options.kerberos_authentication) -+ { -+ AUTH_DAT adata; -+ KTEXT_ST tkt; -+ struct hostent *hp; -+ unsigned long faddr; -+ char localhost[MAXHOSTNAMELEN]; /* local host name */ -+ char phost[INST_SZ]; /* host instance */ -+ char realm[REALM_SZ]; /* local Kerberos realm */ -+ int r; -+ -+ /* Try Kerberos password authentication only for non-root -+ users and only if Kerberos is installed. */ -+ if (pw->pw_uid != 0 && krb_get_lrealm(realm, 0) == KSUCCESS) { -+ -+ /* Set up our ticket file. */ -+ if (!ssh_tf_init(pw->pw_uid)) { -+ log_msg("Couldn't initialize Kerberos ticket file for %s!", -+ server_user); -+ goto kerberos_auth_failure; -+ } -+ /* Try to get TGT using our password. */ -+ if ((r = krb_get_pw_in_tkt((char *)server_user, "", realm, "krbtgt", -+ realm, DEFAULT_TKT_LIFE, (char *)password)) != INTK_OK) { -+ packet_send_debug("Kerberos V4 password authentication for %s " -+ "failed: %s", server_user, krb_err_txt[r]); -+ goto kerberos_auth_failure; -+ } -+ /* Successful authentication. */ -+ chown(ticket, pw->pw_uid, pw->pw_gid); -+ -+ (void) gethostname(localhost, sizeof(localhost)); -+ (void) strncpy(phost, (char *)krb_get_phost(localhost), INST_SZ); -+ phost[INST_SZ-1] = 0; -+ -+ /* Now that we have a TGT, try to get a local "rcmd" ticket to -+ ensure that we are not talking to a bogus Kerberos server. */ -+ r = krb_mk_req(&tkt, KRB4_SERVICE_NAME, phost, realm, 33); -+ -+ if (r == KSUCCESS) { -+ if (!(hp = gethostbyname(localhost))) { -+ log_msg("Couldn't get local host address!"); -+ goto kerberos_auth_failure; -+ } -+ memmove((void *)&faddr, (void *)hp->h_addr, sizeof(faddr)); -+ -+ /* Verify our "rcmd" ticket. */ -+ r = krb_rd_req(&tkt, KRB4_SERVICE_NAME, phost, faddr, &adata, ""); -+ if (r == RD_AP_UNDEC) { -+ /* Probably didn't have a srvtab on localhost. Allow login. */ -+ log_msg("Kerberos V4 TGT for %s unverifiable, no srvtab? " -+ "krb_rd_req: %s", server_user, krb_err_txt[r]); -+ } -+ else if (r != KSUCCESS) { -+ log_msg("Kerberos V4 %s ticket unverifiable: %s", -+ KRB4_SERVICE_NAME, krb_err_txt[r]); -+ goto kerberos_auth_failure; -+ } -+ } -+ else if (r == KDC_PR_UNKNOWN) { -+ /* Allow login if no rcmd service exists, but log the error. */ -+ log_msg("Kerberos V4 TGT for %s unverifiable: %s; %s.%s " -+ "not registered, or srvtab is wrong?", server_user, -+ krb_err_txt[r], KRB4_SERVICE_NAME, phost); -+ } -+ else { -+ /* TGT is bad, forget it. Possibly spoofed. */ -+ packet_send_debug("WARNING: Kerberos V4 TGT possibly spoofed for" -+ "%s: %s", server_user, krb_err_txt[r]); -+ goto kerberos_auth_failure; -+ } -+ -+ /* Authentication succeeded. */ -+ return 1; -+ -+ kerberos_auth_failure: -+ (void) dest_tkt(); -+ xfree(ticket); -+ ticket = NULL; -+ if (!options.kerberos_or_local_passwd ) return 0; -+ } -+ else /* Logging in as root or no local Kerberos realm. */ -+ packet_send_debug("Unable to authenticate to Kerberos."); -+ -+ /* Fall back to ordinary passwd authentication. */ - } --#endif /* KERBEROS */ -+#endif /* KRB4 */ - - #ifdef HAVE_SECURID - /* Support for Security Dynamics SecurId card. diff --git a/security/ssh/patches/patch-au b/security/ssh/patches/patch-au deleted file mode 100644 index 4c883c22ce0..00000000000 --- a/security/ssh/patches/patch-au +++ /dev/null @@ -1,87 +0,0 @@ -$NetBSD: patch-au,v 1.7 2002/08/07 13:27:52 agc Exp $ - ---- login.c.orig Wed May 12 07:19:26 1999 -+++ login.c Fri Dec 24 22:01:25 1999 -@@ -117,6 +117,7 @@ - #include <hpsecurity.h> - #include <prot.h> - #endif /* HAVE_HPUX_TCB_AUTH */ -+#include <sys/param.h> - #include "ssh.h" - - /* Returns the time when the user last logged in. Returns 0 if the -@@ -271,7 +272,22 @@ - struct utmp u, u2; - off_t offset; - const char *utmp, *wtmp; -+#endif -+#if defined(HAVE_HOST_IN_UTMP) || defined(HAVE_LASTLOG_H) || defined(HAVE_LASTLOG) -+ char myname[MAXHOSTNAMELEN]; -+ char shost[MAXHOSTNAMELEN]; -+ char *p = NULL, *q = NULL; -+ -+ memset(shost, 0, sizeof(shost)); -+ gethostname(myname, MAXHOSTNAMELEN); -+ if (((p = memchr(myname, '.', MAXHOSTNAMELEN)) != NULL) -+ && ((q = strchr(host, '.')) != NULL) -+ && (strncmp(p, q, MAXHOSTNAMELEN - (p - myname)) == 0)) { -+ strncpy(shost, host, q - host); -+ } -+#endif - -+#if defined(HAVE_UTMP_H) && !defined(HAVE_UTMPX_H) - /* Construct an utmp/wtmp entry. */ - memset(&u, 0, sizeof(u)); - #ifdef DEAD_PROCESS -@@ -301,17 +317,21 @@ - strncpy(u.ut_user, user, sizeof(u.ut_user)); - #endif /* HAVE_NAME_IN_UTMP */ - #ifdef HAVE_HOST_IN_UTMP -- strncpy(u.ut_host, host, sizeof(u.ut_host)); --#ifdef __FreeBSD__ -- if (strlen(host) > sizeof(u.ut_host)) { -+ if ((*shost != '\0') && (strlen(shost) <= sizeof(u.ut_host))) -+ strncpy(u.ut_host, shost, sizeof(u.ut_host)); -+#ifndef HAVE_ADDR_IN_UTMP -+ else if (strlen(host) > sizeof(u.ut_host)) - strncpy(u.ut_host, get_remote_ipaddr(), sizeof(u.ut_host)); -- } --#endif /* __FreeBSD__ */ -+#endif /* HAVE_ADDR_IN_UTMP */ -+ else -+ strncpy(u.ut_host, host, sizeof(u.ut_host)); - #endif /* HAVE_HOST_IN_UTMP */ - #ifdef HAVE_ADDR_IN_UTMP -+#if 0 /* XXX */ - if (addr) - memcpy(&u.ut_addr, &addr->sin_addr, sizeof(u.ut_addr)); - else -+#endif /* XXX */ - memset(&u.ut_addr, 0, sizeof(u.ut_addr)); - #endif - -@@ -462,8 +482,10 @@ - makeutx(&ux); - #else - pututxline(&ux); -+#ifdef WTMPX_FILE - updwtmpx(WTMPX_FILE, &ux); - #endif -+#endif - endutxent(); - } - #endif /* HAVE_UTMPX_H */ -@@ -490,7 +512,12 @@ - /* Update lastlog. */ - ll.ll_time = time(NULL); - strncpy(ll.ll_line, ttyname + 5, sizeof(ll.ll_line)); -- strncpy(ll.ll_host, host, sizeof(ll.ll_host)); -+ if ((*shost != '\0') && (strlen(shost) <= sizeof(ll.ll_host))) -+ strncpy(ll.ll_host, shost, sizeof(ll.ll_host)); -+ else if (strlen(host) > sizeof(ll.ll_host)) -+ strncpy(ll.ll_host, get_remote_ipaddr(), sizeof(ll.ll_host)); -+ else -+ strncpy(ll.ll_host, host, sizeof(ll.ll_host)); - #ifdef LASTLOG_IS_DIR - snprintf(lastlogfile, sizeof(lastlogfile), - "%.100s/%.100s", lastlog, user); diff --git a/security/ssh/patches/patch-av b/security/ssh/patches/patch-av deleted file mode 100644 index 3f039cd0f81..00000000000 --- a/security/ssh/patches/patch-av +++ /dev/null @@ -1,39 +0,0 @@ -$NetBSD: patch-av,v 1.3 2001/11/23 07:42:38 tron Exp $ - ---- serverloop.c.orig Wed May 12 13:19:28 1999 -+++ serverloop.c Fri Nov 23 08:26:58 2001 -@@ -377,10 +377,12 @@ - if (channel_max_fd() > max_fd) - max_fd = channel_max_fd(); - -+#if 0 /* Ohh, this sucks so badly I almost weep... */ - /* If child has terminated, read as much as is available and then exit. */ - if (child_terminated) - if (max_time_milliseconds == 0) - max_time_milliseconds = 100; -+#endif - - if (idle_timeout != 0 && - (max_time_milliseconds == 0 || -@@ -421,6 +423,7 @@ - FD_ZERO(writeset); - } - -+#if 0 /* Ohh, this sucks so badly I almost weep... */ - /* If the child has terminated and there was no data, shutdown all - descriptors to it. */ - if (ret <= 0 && child_terminated && !child_just_terminated) -@@ -442,11 +445,12 @@ - fdin = -1; - } - else -+#endif - { - if (ret == 0) /* Nothing read, timeout expired */ - { - /* Check if idle_timeout expired ? */ -- if (idle_timeout != 0 && !child_terminated && -+ if (idle_timeout != 0 && !child_terminated && idle_time_last && - time(NULL) - idle_time_last > idle_timeout) - { - /* Yes, kill the child */ diff --git a/security/ssh/patches/patch-ax b/security/ssh/patches/patch-ax deleted file mode 100644 index bafc21a6f8d..00000000000 --- a/security/ssh/patches/patch-ax +++ /dev/null @@ -1,60 +0,0 @@ -$NetBSD: patch-ax,v 1.1 1999/12/25 05:28:36 kim Exp $ - ---- cipher.c.orig Wed May 12 07:19:24 1999 -+++ cipher.c Fri Dec 24 21:50:04 1999 -@@ -213,7 +213,7 @@ - used. */ - if (keylen < 8) - error("Key length %d is insufficient for DES.", keylen); -- des_set_key(padded, &context->u.des.key); -+ ssh_des_set_key(padded, &context->u.des.key); - memset(context->u.des.iv, 0, sizeof(context->u.des.iv)); - break; - #endif /* WITH_DES */ -@@ -224,12 +224,12 @@ - used (first and last keys are the same). */ - if (keylen < 16) - error("Key length %d is insufficient for 3DES.", keylen); -- des_set_key(padded, &context->u.des3.key1); -- des_set_key(padded + 8, &context->u.des3.key2); -+ ssh_des_set_key(padded, &context->u.des3.key1); -+ ssh_des_set_key(padded + 8, &context->u.des3.key2); - if (keylen <= 16) -- des_set_key(padded, &context->u.des3.key3); -+ ssh_des_set_key(padded, &context->u.des3.key3); - else -- des_set_key(padded + 16, &context->u.des3.key3); -+ ssh_des_set_key(padded + 16, &context->u.des3.key3); - memset(context->u.des3.iv1, 0, sizeof(context->u.des3.iv1)); - memset(context->u.des3.iv2, 0, sizeof(context->u.des3.iv2)); - memset(context->u.des3.iv3, 0, sizeof(context->u.des3.iv3)); -@@ -274,12 +274,12 @@ - - #ifdef WITH_DES - case SSH_CIPHER_DES: -- des_cbc_encrypt(&context->u.des.key, context->u.des.iv, dest, src, len); -+ ssh_des_cbc_encrypt(&context->u.des.key, context->u.des.iv, dest, src, len); - break; - #endif /* WITH_DES */ - - case SSH_CIPHER_3DES: -- des_3cbc_encrypt(&context->u.des3.key1, context->u.des3.iv1, -+ ssh_des_3cbc_encrypt(&context->u.des3.key1, context->u.des3.iv1, - &context->u.des3.key2, context->u.des3.iv2, - &context->u.des3.key3, context->u.des3.iv3, - dest, src, len); -@@ -322,12 +322,12 @@ - - #ifdef WITH_DES - case SSH_CIPHER_DES: -- des_cbc_decrypt(&context->u.des.key, context->u.des.iv, dest, src, len); -+ ssh_des_cbc_decrypt(&context->u.des.key, context->u.des.iv, dest, src, len); - break; - #endif /* WITH_DES */ - - case SSH_CIPHER_3DES: -- des_3cbc_decrypt(&context->u.des3.key1, context->u.des3.iv1, -+ ssh_des_3cbc_decrypt(&context->u.des3.key1, context->u.des3.iv1, - &context->u.des3.key2, context->u.des3.iv2, - &context->u.des3.key3, context->u.des3.iv3, - dest, src, len); diff --git a/security/ssh/patches/patch-ay b/security/ssh/patches/patch-ay deleted file mode 100644 index 9ab944c3c1c..00000000000 --- a/security/ssh/patches/patch-ay +++ /dev/null @@ -1,13 +0,0 @@ -$NetBSD: patch-ay,v 1.1 1999/12/25 05:28:36 kim Exp $ - ---- cipher.h.orig Wed May 12 07:19:25 1999 -+++ cipher.h Fri Dec 24 21:50:04 1999 -@@ -58,7 +58,7 @@ - #ifndef WITHOUT_IDEA - #include "idea.h" - #endif /* WITHOUT_IDEA */ --#include "des.h" -+#include "ssh-des.h" - #ifdef WITH_ARCFOUR - #include "arcfour.h" - #endif /* WITH_ARCFOUR */ diff --git a/security/ssh/patches/patch-az b/security/ssh/patches/patch-az deleted file mode 100644 index e1a919d63ac..00000000000 --- a/security/ssh/patches/patch-az +++ /dev/null @@ -1,58 +0,0 @@ -$NetBSD: patch-az,v 1.2 2000/03/20 02:25:53 itojun Exp $ - ---- config.h.in- Wed May 12 20:20:04 1999 -+++ config.h.in Mon Mar 20 09:47:20 2000 -@@ -244,12 +244,6 @@ - /* Support for Secure RPC */ - #undef SECURE_RPC - --/* Support for Secure NFS */ --#undef SECURE_NFS -- --/* Support for NIS+ */ --#undef NIS_PLUS -- - /* Define this to disable all port forwardings in server (except X11) */ - #undef SSHD_NO_PORT_FORWARDING - -@@ -296,16 +290,23 @@ - /* Define this if your gettimeofday doesn't have TZ parameter */ - #undef HAVE_NO_TZ_IN_GETTIMEOFDAY - --/* Define this if you want to compile in Kerberos support. */ --#undef KERBEROS -- - /* Define this if you want to compile in Kerberos V5 support. -- KERBEROS must be compiled in as well. This can be done at configure -- time with the --with-kerberos5 argument*/ -+ This can be done at configure time with the --with-krb5 argument. */ - #undef KRB5 - --/* Define this if you want to pass the Kerberos TGT. */ --#undef KERBEROS_TGT_PASSING -+/* Define this if you want to compile in Kerberos V4 support. -+ This can be done at configure time with the --with-krb4 argument. */ -+#undef KRB4 -+ -+/* Define this if you what to build ssh with Hesiod support. */ -+#undef HESIOD -+ -+/* Define this if you want to compile in AFS support. -+ This can be done at configure time with the --with-afs argument. */ -+#undef AFS -+ -+/* Define this if you have the AFS lifetime conversion routines. */ -+#undef HAVE_KRB_LIFE_TO_TIME - - /* Define this if you dont have SIGINFO as signal but some other macro */ - #undef HAVE_INCOMPATIBLE_SIGINFO -@@ -518,6 +519,9 @@ - - /* Define if you have the <sys/dir.h> header file. */ - #undef HAVE_SYS_DIR_H -+ -+/* Define if you have the <sys/filio.h> header file. */ -+#undef HAVE_SYS_FILIO_H - - /* Define if you have the <sys/ioctl.h> header file. */ - #undef HAVE_SYS_IOCTL_H diff --git a/security/ssh/patches/patch-ba b/security/ssh/patches/patch-ba deleted file mode 100644 index 369babd252f..00000000000 --- a/security/ssh/patches/patch-ba +++ /dev/null @@ -1,137 +0,0 @@ -$NetBSD: patch-ba,v 1.1 1999/12/25 05:28:36 kim Exp $ - ---- des.c.orig Wed May 12 07:19:25 1999 -+++ des.c Fri Dec 24 21:50:04 1999 -@@ -38,7 +38,7 @@ - - #include "includes.h" - #include "getput.h" --#include "des.h" -+#include "ssh-des.h" - - /* Table for key generation. This used to be in sk.h. */ - /* Copyright (C) 1993 Eric Young - see README for more details */ -@@ -400,7 +400,7 @@ - /* This part is based on code that used to be in ecb_enc.c. */ - /* Copyright (C) 1993 Eric Young - see README for more details */ - --void des_encrypt(word32 l, word32 r, word32 *output, DESContext *ks, -+void ssh_des_encrypt(word32 l, word32 r, word32 *output, DESContext *ks, - int encrypt) - { - register word32 t,u; -@@ -452,7 +452,7 @@ - #define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\ - (a)=(a)^(t)^(t>>(16-(n)))) - --void des_set_key(unsigned char *key, DESContext *ks) -+void ssh_des_set_key(unsigned char *key, DESContext *ks) - { - register word32 c, d, t, s, shifts; - register int i; -@@ -507,7 +507,7 @@ - } - } - --void des_cbc_encrypt(DESContext *ks, unsigned char *iv, -+void ssh_des_cbc_encrypt(DESContext *ks, unsigned char *iv, - unsigned char *dest, const unsigned char *src, - unsigned int len) - { -@@ -523,7 +523,7 @@ - { - iv0 ^= GET_32BIT_LSB_FIRST(src + i); - iv1 ^= GET_32BIT_LSB_FIRST(src + i + 4); -- des_encrypt(iv0, iv1, out, ks, 1); -+ ssh_des_encrypt(iv0, iv1, out, ks, 1); - iv0 = out[0]; - iv1 = out[1]; - PUT_32BIT_LSB_FIRST(dest + i, iv0); -@@ -533,7 +533,7 @@ - PUT_32BIT_LSB_FIRST(iv + 4, iv1); - } - --void des_cbc_decrypt(DESContext *ks, unsigned char *iv, -+void ssh_des_cbc_decrypt(DESContext *ks, unsigned char *iv, - unsigned char *dest, const unsigned char *src, - unsigned int len) - { -@@ -549,7 +549,7 @@ - { - d0 = GET_32BIT_LSB_FIRST(src + i); - d1 = GET_32BIT_LSB_FIRST(src + i + 4); -- des_encrypt(d0, d1, out, ks, 0); -+ ssh_des_encrypt(d0, d1, out, ks, 0); - iv0 ^= out[0]; - iv1 ^= out[1]; - PUT_32BIT_LSB_FIRST(dest + i, iv0); -@@ -561,38 +561,38 @@ - PUT_32BIT_LSB_FIRST(iv + 4, iv1); - } - --void des_3cbc_encrypt(DESContext *ks1, unsigned char *iv1, -+void ssh_des_3cbc_encrypt(DESContext *ks1, unsigned char *iv1, - DESContext *ks2, unsigned char *iv2, - DESContext *ks3, unsigned char *iv3, - unsigned char *dest, const unsigned char *src, - unsigned int len) - { -- des_cbc_encrypt(ks1, iv1, dest, src, len); -- des_cbc_decrypt(ks2, iv2, dest, dest, len); -- des_cbc_encrypt(ks3, iv3, dest, dest, len); -+ ssh_des_cbc_encrypt(ks1, iv1, dest, src, len); -+ ssh_des_cbc_decrypt(ks2, iv2, dest, dest, len); -+ ssh_des_cbc_encrypt(ks3, iv3, dest, dest, len); - } - --void des_3cbc_decrypt(DESContext *ks1, unsigned char *iv1, -+void ssh_des_3cbc_decrypt(DESContext *ks1, unsigned char *iv1, - DESContext *ks2, unsigned char *iv2, - DESContext *ks3, unsigned char *iv3, - unsigned char *dest, const unsigned char *src, - unsigned int len) - { -- des_cbc_decrypt(ks3, iv3, dest, src, len); -- des_cbc_encrypt(ks2, iv2, dest, dest, len); -- des_cbc_decrypt(ks1, iv1, dest, dest, len); -+ ssh_des_cbc_decrypt(ks3, iv3, dest, src, len); -+ ssh_des_cbc_encrypt(ks2, iv2, dest, dest, len); -+ ssh_des_cbc_decrypt(ks1, iv1, dest, dest, len); - } - --#ifdef DES_TEST -+#ifdef SSH_DES_TEST - --void des_encrypt_buf(DESContext *ks, unsigned char *out, -+void ssh_des_encrypt_buf(DESContext *ks, unsigned char *out, - const unsigned char *in, int encrypt) - { - word32 in0, in1, output[0]; - - in0 = GET_32BIT_LSB_FIRST(in); - in1 = GET_32BIT_LSB_FIRST(in + 4); -- des_encrypt(in0, in1, output, ks, encrypt); -+ ssh_des_encrypt(in0, in1, output, ks, encrypt); - PUT_32BIT_LSB_FIRST(out, output[0]); - PUT_32BIT_LSB_FIRST(out + 4, output[1]); - } -@@ -634,15 +634,15 @@ - } - result[i] = value; - } -- des_set_key(key, &ks); -- des_encrypt_buf(&ks, output, data, 1); -+ ssh_des_set_key(key, &ks); -+ ssh_des_encrypt_buf(&ks, output, data, 1); - if (memcmp(output, result, 8) != 0) - fprintf(stderr, "Encrypt failed: %s", line); -- des_encrypt_buf(&ks, output, result, 0); -+ ssh_des_encrypt_buf(&ks, output, result, 0); - if (memcmp(output, data, 8) != 0) - fprintf(stderr, "Decrypt failed: %s", line); - } - exit(0); - } --#endif /* DES_TEST */ -+#endif /* SSH_DES_TEST */ - diff --git a/security/ssh/patches/patch-bb b/security/ssh/patches/patch-bb deleted file mode 100644 index e581c603121..00000000000 --- a/security/ssh/patches/patch-bb +++ /dev/null @@ -1,64 +0,0 @@ -$NetBSD: patch-bb,v 1.1 1999/12/25 05:28:37 kim Exp $ - ---- ssh-des.h.orig Wed May 12 07:19:25 1999 -+++ ssh-des.h Fri Dec 24 21:50:04 1999 -@@ -25,8 +25,8 @@ - * $Endlog$ - */ - --#ifndef DES_H --#define DES_H -+#ifndef SSH_DES_H -+#define SSH_DES_H - - typedef struct - { -@@ -35,40 +35,40 @@ - - /* Sets the des key for the context. Initializes the context. The least - significant bit of each byte of the key is ignored as parity. */ --void des_set_key(unsigned char *key, DESContext *ks); -+void ssh_des_set_key(unsigned char *key, DESContext *ks); - - /* Encrypts 32 bits in l,r, and stores the result in output[0] and output[1]. - Performs encryption if encrypt is non-zero, and decryption if it is zero. -- The key context must have been initialized previously with des_set_key. */ --void des_encrypt(word32 l, word32 r, word32 *output, DESContext *ks, -+ The key context must have been initialized previously with ssh_des_set_key. */ -+void ssh_des_encrypt(word32 l, word32 r, word32 *output, DESContext *ks, - int encrypt); - - /* Encrypts len bytes from src to dest in CBC modes. Len must be a multiple - of 8. iv will be modified at end to a value suitable for continuing - encryption. */ --void des_cbc_encrypt(DESContext *ks, unsigned char *iv, unsigned char *dest, -+void ssh_des_cbc_encrypt(DESContext *ks, unsigned char *iv, unsigned char *dest, - const unsigned char *src, unsigned int len); - - /* Decrypts len bytes from src to dest in CBC modes. Len must be a multiple - of 8. iv will be modified at end to a value suitable for continuing - decryption. */ --void des_cbc_decrypt(DESContext *ks, unsigned char *iv, unsigned char *dest, -+void ssh_des_cbc_decrypt(DESContext *ks, unsigned char *iv, unsigned char *dest, - const unsigned char *src, unsigned int len); - - /* Encrypts in CBC mode using triple-DES. */ --void des_3cbc_encrypt(DESContext *ks1, unsigned char *iv1, -+void ssh_des_3cbc_encrypt(DESContext *ks1, unsigned char *iv1, - DESContext *ks2, unsigned char *iv2, - DESContext *ks3, unsigned char *iv3, - unsigned char *dest, const unsigned char *src, - unsigned int len); - - /* Decrypts in CBC mode using triple-DES. */ --void des_3cbc_decrypt(DESContext *ks1, unsigned char *iv1, -+void ssh_des_3cbc_decrypt(DESContext *ks1, unsigned char *iv1, - DESContext *ks2, unsigned char *iv2, - DESContext *ks3, unsigned char *iv3, - unsigned char *dest, const unsigned char *src, - unsigned int len); - --#endif /* DES_H */ -+#endif /* SSH_DES_H */ - - diff --git a/security/ssh/patches/patch-bd b/security/ssh/patches/patch-bd deleted file mode 100644 index 6455110898f..00000000000 --- a/security/ssh/patches/patch-bd +++ /dev/null @@ -1,73 +0,0 @@ -$NetBSD: patch-bd,v 1.2 2000/03/20 02:25:55 itojun Exp $ - ---- readconf.c- Wed May 12 20:19:27 1999 -+++ readconf.c Mon Mar 20 09:47:24 2000 -@@ -170,6 +170,9 @@ - oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, - oBatchMode, oStrictHostKeyChecking, oCompression, oCompressionLevel, - oKeepAlives, oUsePrivilegedPort, oKerberosAuthentication, -+#ifdef AFS -+ oAFSTokenPassing, -+#endif /* AFS */ - oKerberosTgtPassing, oClearAllForwardings, oNumberOfPasswordPrompts, - oXauthPath, oGatewayPorts, oPasswordPromptLogin, oPasswordPromptHost - } OpCodes; -@@ -213,6 +216,9 @@ - { "useprivilegedport", oUsePrivilegedPort }, - { "kerberosauthentication", oKerberosAuthentication }, - { "kerberostgtpassing", oKerberosTgtPassing }, -+#ifdef AFS -+ { "afstokenpassing", oAFSTokenPassing }, -+#endif /* AFS */ - { "clearallforwardings", oClearAllForwardings }, - { "numberofpasswordprompts", oNumberOfPasswordPrompts }, - { "xauthlocation", oXauthPath }, -@@ -354,6 +360,12 @@ - intptr = &options->kerberos_tgt_passing; - goto parse_flag; - -+#ifdef AFS -+ case oAFSTokenPassing: -+ intptr = &options->afs_token_passing; -+ goto parse_flag; -+#endif /* AFS */ -+ - case oFallBackToRsh: - intptr = &options->fallback_to_rsh; - goto parse_flag; -@@ -678,6 +690,9 @@ - options->rsa_authentication = -1; - options->kerberos_authentication = -1; - options->kerberos_tgt_passing = -1; -+#ifdef AFS -+ options->afs_token_passing = -1; -+#endif /* AFS */ - options->tis_authentication = -1; - options->password_authentication = -1; - options->rhosts_rsa_authentication = -1; -@@ -724,17 +739,19 @@ - if (options->rsa_authentication == -1) - options->rsa_authentication = 1; - if (options->kerberos_authentication == -1) --#if defined(KERBEROS) && defined(KRB5) -+#if defined(KRB4) || defined(KRB5) - options->kerberos_authentication = 1; --#else /* defined(KERBEROS) && defined(KRB5) */ -+#else - options->kerberos_authentication = 0; --#endif /* defined(KERBEROS) && defined(KRB5) */ -+#endif /* defined(KRB4) || defined(KRB5) */ - if (options->kerberos_tgt_passing == -1) --#if defined(KERBEROS_TGT_PASSING) && defined(KRB5) -+#if defined(AFS) - options->kerberos_tgt_passing = 1; --#else /* defined(KERBEROS_TGT_PASSING) && defined(KRB5) */ -+ if (options->afs_token_passing == -1) -+ options->afs_token_passing = 1; -+#else - options->kerberos_tgt_passing = 0; --#endif /* defined(KERBEROS_TGT_PASSING) && defined(KRB5) */ -+#endif /* AFS */ - if (options->tis_authentication == -1) - options->tis_authentication = 0; - if (options->password_authentication == -1) diff --git a/security/ssh/patches/patch-be b/security/ssh/patches/patch-be deleted file mode 100644 index cd1f1ff0211..00000000000 --- a/security/ssh/patches/patch-be +++ /dev/null @@ -1,14 +0,0 @@ -$NetBSD: patch-be,v 1.2 2000/03/20 02:25:55 itojun Exp $ - ---- readconf.h- Wed May 12 20:19:27 1999 -+++ readconf.h Mon Mar 20 09:47:24 2000 -@@ -85,6 +85,9 @@ - int rsa_authentication; /* Try RSA authentication. */ - int kerberos_authentication; /* Try Kerberos authentication. */ - int kerberos_tgt_passing; /* Try Kerberos tgt passing. */ -+#ifdef AFS -+ int afs_token_passing; /* Try AFS token passing. */ -+#endif /* AFS */ - int tis_authentication; /* Try TIS authsrv authentication. */ - int password_authentication; /* Try password authentication. */ - int fallback_to_rsh; /* Use rsh if cannot connect with ssh. */ diff --git a/security/ssh/patches/patch-bf b/security/ssh/patches/patch-bf deleted file mode 100644 index b6f2c8c5652..00000000000 --- a/security/ssh/patches/patch-bf +++ /dev/null @@ -1,99 +0,0 @@ -$NetBSD: patch-bf,v 1.2 2000/03/20 02:25:55 itojun Exp $ - ---- servconf.c- Wed May 12 20:19:28 1999 -+++ servconf.c Mon Mar 20 09:47:32 2000 -@@ -106,6 +106,12 @@ - options->kerberos_authentication = -1; - options->kerberos_or_local_passwd = -1; - options->kerberos_tgt_passing = -1; -+#if defined(KRB4) -+ options->kerberos_ticket_cleanup = -1; -+#endif /* KRB4 */ -+#ifdef AFS -+ options->afs_token_passing = -1; -+#endif - options->tis_authentication = -1; - options->allow_tcp_forwarding = -1; - options->password_authentication = -1; -@@ -190,19 +196,27 @@ - if (options->rsa_authentication == -1) - options->rsa_authentication = 1; - if (options->kerberos_authentication == -1) --#if defined(KERBEROS) && defined(KRB5) -+#if defined(KRB4) || defined(KRB5) - options->kerberos_authentication = 1; --#else /* defined(KERBEROS) && defined(KRB5) */ -+#else - options->kerberos_authentication = 0; --#endif /* defined(KERBEROS) && defined(KRB5) */ -+#endif /* defined(KRB4 || KRB5 */ - if (options->kerberos_or_local_passwd == -1) - options->kerberos_or_local_passwd = 0; - if (options->kerberos_tgt_passing == -1) --#if defined(KERBEROS_TGT_PASSING) && defined(KRB5) -+#if defined(AFS) || defined(KRB5) - options->kerberos_tgt_passing = 1; --#else /* defined(KERBEROS_TGT_PASSING) && defined(KRB5) */ -+#else - options->kerberos_tgt_passing = 0; --#endif /* defined(KERBEROS_TGT_PASSING) && defined(KRB5) */ -+#endif /* AFS || KRB5 */ -+#if defined(KRB4) -+ if (options->kerberos_ticket_cleanup == -1) -+ options->kerberos_ticket_cleanup = 1; -+#endif /* KRB4 */ -+#ifdef AFS -+ if (options->afs_token_passing == -1) -+ options->afs_token_passing = 1; -+#endif /* AFS */ - if (options->allow_tcp_forwarding == -1) - options->allow_tcp_forwarding = 1; - if (options->tis_authentication == -1) -@@ -249,7 +263,14 @@ - sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sPidFile, - sForcedPasswd, sForcedEmptyPasswd, sUmask, sSilentDeny, sIdleTimeout, - sUseLogin, sKerberosAuthentication, sKerberosOrLocalPasswd, -- sKerberosTgtPassing, sAllowTcpForwarding, sAllowUsers, sDenyUsers, -+ sKerberosTgtPassing, -+#ifdef KRB4 -+ sKerberosTicketCleanup, -+#ifdef AFS -+ sAFSTokenPassing, -+#endif /* AFS */ -+#endif /* KRB4 */ -+ sAllowTcpForwarding, sAllowUsers, sDenyUsers, - sXauthPath, sCheckMail, sDenyGroups, sAllowGroups, sIgnoreRootRhosts, - sAllowSHosts, sDenySHosts, sPasswordExpireWarningDays, - sAccountExpireWarningDays -@@ -313,6 +334,12 @@ - { "kerberosauthentication", sKerberosAuthentication }, - { "kerberosorlocalpasswd", sKerberosOrLocalPasswd }, - { "kerberostgtpassing", sKerberosTgtPassing }, -+#ifdef KRB4 -+ { "kerberosticketcleanup", sKerberosTicketCleanup }, -+#endif -+#ifdef AFS -+ { "afstokenpassing", sAFSTokenPassing }, -+#endif - { "allowtcpforwarding", sAllowTcpForwarding }, - { "xauthlocation", sXauthPath }, - { "checkmail", sCheckMail }, -@@ -571,6 +598,18 @@ - case sKerberosTgtPassing: - intptr = &options->kerberos_tgt_passing; - goto parse_flag; -+ -+#ifdef KRB4 -+ case sKerberosTicketCleanup: -+ intptr = &options->kerberos_ticket_cleanup; -+ goto parse_flag; -+#endif /* KRB4 */ -+ -+#ifdef AFS -+ case sAFSTokenPassing: -+ intptr = &options->afs_token_passing; -+ goto parse_flag; -+#endif /* AFS */ - - case sAllowTcpForwarding: - intptr = &options->allow_tcp_forwarding; diff --git a/security/ssh/patches/patch-bg b/security/ssh/patches/patch-bg deleted file mode 100644 index c380db24c9d..00000000000 --- a/security/ssh/patches/patch-bg +++ /dev/null @@ -1,17 +0,0 @@ -$NetBSD: patch-bg,v 1.2 2000/03/20 02:25:56 itojun Exp $ - ---- servconf.h- Wed May 12 20:19:28 1999 -+++ servconf.h Mon Mar 20 09:47:32 2000 -@@ -111,6 +111,12 @@ - password authentication mechanism, such - as SecurID or /etc/passwd */ - int kerberos_tgt_passing; /* If true, permit Kerberos tgt passing. */ -+#ifdef KRB4 -+ int kerberos_ticket_cleanup; /* If true, destroy ticket file on logout. */ -+#endif /* KRB4 */ -+#ifdef AFS -+ int afs_token_passing; /* If true, permit AFS token passing. */ -+#endif /* AFS */ - int allow_tcp_forwarding; - int tis_authentication; /* If true, permit TIS authsrv auth. */ - int password_authentication; /* If true, permit password authentication. */ diff --git a/security/ssh/patches/patch-bh b/security/ssh/patches/patch-bh deleted file mode 100644 index 50373f65713..00000000000 --- a/security/ssh/patches/patch-bh +++ /dev/null @@ -1,31 +0,0 @@ -$NetBSD: patch-bh,v 1.1 1999/12/25 05:28:37 kim Exp $ - ---- ssh.1.in.orig Wed May 12 07:19:30 1999 -+++ ssh.1.in Fri Dec 24 21:50:04 1999 -@@ -470,7 +470,7 @@ - .ne 3 - .TP - .B \-k --Disables forwarding of the kerberos tickets. This may -+Disables forwarding of Kerberos tickets / AFS tokens. This may - also be specified on a per-host basis in the configuration file. - .ne 3 - .TP -@@ -770,11 +770,15 @@ - - .TP - .B KerberosAuthentication --Specifies whether Kerberos V5 authentication will be used. -+Specifies whether Kerberos authentication will be used. - - .TP - .B KerberosTgtPassing --Specifies whether a Kerberos V5 TGT will be forwarded to the server. -+Specifies whether a Kerberos TGT will be forwarded to the server. -+ -+.TP -+.B AFSTokenPassing -+Specifies whether an AFS token will be forwarded to the server. - - .TP - .B LocalForward diff --git a/security/ssh/patches/patch-bi b/security/ssh/patches/patch-bi deleted file mode 100644 index 1d4424cdbe0..00000000000 --- a/security/ssh/patches/patch-bi +++ /dev/null @@ -1,27 +0,0 @@ -$NetBSD: patch-bi,v 1.2 2000/03/20 02:25:56 itojun Exp $ - ---- ssh.c- Wed May 12 20:19:28 1999 -+++ ssh.c Mon Mar 20 09:47:32 2000 -@@ -280,9 +280,9 @@ - fprintf(stderr, " -l user Log in using this user name.\n"); - fprintf(stderr, " -n Redirect input from /dev/null.\n"); - fprintf(stderr, " -a Disable authentication agent forwarding.\n"); --#if defined(KERBEROS_TGT_PASSING) && defined(KRB5) -- fprintf(stderr, " -k Disable Kerberos ticket passing.\n"); --#endif /* defined(KERBEROS_TGT_PASSING) && defined(KRB5) */ -+#ifdef AFS -+ fprintf(stderr, " -k Disable Kerberos ticket and AFS token passing.\n"); -+#endif /* AFS */ - #ifndef SSH_NO_X11_FORWARDING - fprintf(stderr, " -x Disable X11 connection forwarding.\n"); - #endif -@@ -541,6 +541,9 @@ - - case 'k': - options.kerberos_tgt_passing = 0; -+#ifdef AFS -+ options.afs_token_passing = 0; -+#endif /* AFS */ - break; - - case 'i': diff --git a/security/ssh/patches/patch-bj b/security/ssh/patches/patch-bj deleted file mode 100644 index b23c857789e..00000000000 --- a/security/ssh/patches/patch-bj +++ /dev/null @@ -1,76 +0,0 @@ -$NetBSD: patch-bj,v 1.2 2000/03/20 02:25:56 itojun Exp $ - ---- ssh.h- Wed May 12 20:19:28 1999 -+++ ssh.h Mon Mar 20 09:47:32 2000 -@@ -176,6 +176,16 @@ - #include "randoms.h" - #include "cipher.h" - -+#ifdef HESIOD -+#include <hesiod.h> -+ -+#define getpwnam(a) hes_getpwnam(a) -+#define getpwuid(a) hes_getpwuid(a) -+ -+extern struct passwd *hes_getpwnam(const char *name); -+extern struct passwd *hes_getpwuid(uid_t uid); -+#endif /* HESIOD */ -+ - /* The default cipher used if IDEA is not supported by the remote host. - It is recommended that this be one of the mandatory ciphers (DES, 3DES), - though that is not required. */ -@@ -307,12 +317,13 @@ - protocol.) */ - #define SSH_SESSION_KEY_LENGTH 32 - --#ifdef KERBEROS - #ifdef KRB5 - #include <krb5.h> --#define KRB_SERVICE_NAME "host" -+#define KRB5_SERVICE_NAME "host" - #endif /* KRB5 */ --#endif /* KERBEROS */ -+#ifdef KRB4 -+#define KRB4_SERVICE_NAME "rcmd" -+#endif /* KRB4 */ - - /* Authentication methods. New types can be added, but old types should not - be removed for compatibility. The maximum allowed value is 31. */ -@@ -336,6 +347,10 @@ - - /* If you add new methods add them after this using random number between 16-31 - so if someone else adds also new methods you dont use same number. */ -+#ifdef AFS -+#define SSH_PASS_AFS_TOKEN 21 -+#endif /* AFS */ -+ - - /* Protocol flags. These are bit masks. */ - #define SSH_PROTOFLAG_SCREEN_NUMBER 1 /* X11 forwarding includes screen */ -@@ -410,7 +425,9 @@ - /* If ou add new messages add them starting from something after 64, better to - use some random number between 64-127 so if someone else adds something else - you dont use same numbers */ -- -+#ifdef AFS -+#define SSH_CMSG_HAVE_AFS_TOKEN 65 -+#endif /* AFS */ - - /* define this and debug() will print local hostname */ - #define LOCAL_HOSTNAME_IN_DEBUG 1 -@@ -479,12 +496,12 @@ - - /* Tries to authenticate the user using password. Returns true if - authentication succeeds. */ --#if defined(KERBEROS) && defined(KRB5) -+#ifdef KRB5 - int auth_password(const char *server_user, const char *password, - krb5_principal client); --#else /* defined(KERBEROS) && defined(KRB5) */ -+#else /* KRB5 */ - int auth_password(const char *server_user, const char *password); --#endif /* defined(KERBEROS) && defined(KRB5) */ -+#endif /* KRB5 */ - - /* Performs the RSA authentication dialog with the client. This returns - 0 if the client could not be authenticated, and 1 if authentication was diff --git a/security/ssh/patches/patch-bk b/security/ssh/patches/patch-bk deleted file mode 100644 index b18f6e4eb54..00000000000 --- a/security/ssh/patches/patch-bk +++ /dev/null @@ -1,390 +0,0 @@ -$NetBSD: patch-bk,v 1.2 2000/03/20 02:25:57 itojun Exp $ - ---- sshconnect.c- Wed May 12 20:19:29 1999 -+++ sshconnect.c Mon Mar 20 09:55:37 2000 -@@ -215,7 +215,6 @@ - #include "userfile.h" - #include "emulate.h" - --#ifdef KERBEROS - #ifdef KRB5 - #include <krb5.h> - -@@ -223,7 +222,19 @@ - krb5_context ssh_context = 0; - krb5_auth_context auth_context = 0; - #endif /* KRB5 */ --#endif /* KERBEROS */ -+ -+#ifdef KRB4 -+#include <krb.h> -+#ifdef AFS -+#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4 -+#include <sys/ioctl.h> -+#endif -+#ifdef HAVE_SYS_FILIO_H -+#include <sys/filio.h> -+#endif -+#include <kafs.h> -+#endif /* AFS */ -+#endif /* KRB4 */ - - /* Session id for the current session. */ - unsigned char session_id[16]; -@@ -932,10 +943,9 @@ - return 0; - } - --#ifdef KERBEROS -+#ifdef KRB5 - int try_kerberos_authentication(void) - { --#ifdef KRB5 - char *remotehost; - krb5_data auth; - krb5_error_code r; -@@ -1084,15 +1094,118 @@ - krb5_free_ap_rep_enc_part(ssh_context, repl); - - return(ret_stat); -+} - #endif /* KRB5 */ -+ -+#ifdef KRB4 -+int try_kerberos_authentication() -+{ -+ KTEXT_ST auth; /* Kerberos data */ -+ char *reply; -+ char inst[INST_SZ]; -+ char *realm; -+ char *service; -+ CREDENTIALS cred; -+ int r, type; -+ Key_schedule schedule; -+ u_long checksum, cksum; -+ MSG_DAT msg_data; -+ struct sockaddr_in local, foreign; -+ struct stat st; -+ -+ /* Don't do anything if we don't have any tickets. */ -+ if (stat(tkt_string(), &st) < 0) return 0; -+ -+ strncpy(inst, (char *) krb_get_phost(get_canonical_hostname()), INST_SZ); -+ -+ realm = (char *)krb_realmofhost(get_canonical_hostname()); -+ if (!realm) { -+ debug("Kerberos V4: no realm for %s", get_canonical_hostname()); -+ return 0; -+ } -+ /* This can really be anything. */ -+ checksum = (u_long) getpid(); -+ -+ if (r = krb_mk_req(&auth, KRB4_SERVICE_NAME, inst, realm, checksum)) { -+ debug("Kerberos V4 krb_mk_req failed: %s", krb_err_txt[r]); -+ return 0; -+ } -+ /* Get session key to decrypt the server's reply with. */ -+ if (r = krb_get_cred(KRB4_SERVICE_NAME, inst, realm, &cred)) { -+ debug("get_cred failed: %s", krb_err_txt[r]); -+ return 0; -+ } -+ des_key_sched((des_cblock *)cred.session, schedule); -+ -+ /* Send authentication info to server. */ -+ packet_start(SSH_CMSG_AUTH_KERBEROS); -+ packet_put_string((char *)auth.dat, auth.length); -+ packet_send(); -+ packet_write_wait(); -+ -+ /* zero the buffer */ -+ (void) memset(auth.dat, 0, MAX_KTXT_LEN); -+ -+ r = sizeof(local); -+ memset(&local, 0, sizeof(local)); -+ if (getsockname(packet_get_connection_in(), -+ (struct sockaddr *) &local, &r) < 0) -+ debug("getsockname failed: %.100s", strerror(errno)); -+ -+ r = sizeof(foreign); -+ memset(&foreign, 0, sizeof(foreign)); -+ if (getpeername(packet_get_connection_in(), -+ (struct sockaddr *)&foreign, &r) < 0) -+ debug("getpeername failed: %.100s", strerror(errno)); -+ -+ /* Get server reply. */ -+ type = packet_read(); -+ switch(type) { -+ -+ case SSH_SMSG_FAILURE: /* Should really be SSH_SMSG_AUTH_KERBEROS_FAILURE */ -+ debug("Kerberos V4 authentication failed."); -+ return 0; -+ break; -+ -+ case SSH_SMSG_AUTH_KERBEROS_RESPONSE: /* SSH_SMSG_AUTH_KERBEROS_SUCCESS */ -+ debug("Kerberos V4 authentication accepted."); -+ -+ /* Get server's response. */ -+ reply = packet_get_string((unsigned int *)&auth.length); -+ memcpy(auth.dat, reply, auth.length); -+ xfree(reply); -+ -+ /* If his response isn't properly encrypted with the session key, -+ and the decrypted checksum fails to match, he's bogus. Bail out. */ -+ if (r = krb_rd_priv(auth.dat, auth.length, schedule, &cred.session, -+ &foreign, &local, &msg_data)) { -+ debug("Kerberos V4 krb_rd_priv failed: %s", krb_err_txt[r]); -+ packet_disconnect("Kerberos V4 challenge failed!"); -+ } -+ /* fetch the (incremented) checksum that we supplied in the request */ -+ (void)memcpy((char *)&cksum, (char *)msg_data.app_data, sizeof(cksum)); -+ cksum = ntohl(cksum); -+ -+ /* If it matches, we're golden. */ -+ if (cksum == checksum + 1) { -+ debug("Kerberos V4 challenge successful."); -+ return 1; -+ } -+ else -+ packet_disconnect("Kerberos V4 challenge failed!"); -+ break; -+ -+ default: -+ packet_disconnect("Protocol error on Kerberos V4 response: %d", type); -+ } - } --#endif /* KERBEROS */ -+#endif /* KRB4 */ -+ - --#ifdef KERBEROS_TGT_PASSING - /* Forward our local Kerberos tgt to the server. */ -+#ifdef KRB5 - int send_kerberos_tgt(void) - { --#ifdef KRB5 - char *remotehost; - krb5_principal client; - krb5_principal server; -@@ -1172,22 +1285,117 @@ - krb5_free_principal(ssh_context, client); - krb5_free_principal(ssh_context, server); - -- type = packet_read(); -- if (type == SSH_SMSG_SUCCESS) -- { -- debug("Kerberos V5 TGT passing was successful."); -- return 1; -- } -- else -- if (type != SSH_SMSG_FAILURE) -- packet_disconnect("Protocol error on Kerberos tgt response: %d", type); -- else -- debug("Kerberos V5 TGT passing failed."); -- -- return 0; -+ return 1; -+} - #endif /* KRB5 */ -+ -+#ifdef AFS -+int send_kerberos_tgt() -+{ -+ CREDENTIALS *creds; -+ char pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ]; -+ int r, type; -+ unsigned char buffer[8192]; -+ struct stat st; -+ -+ /* Don't do anything if we don't have any tickets. */ -+ if (stat(tkt_string(), &st) < 0) return 0; -+ -+ creds = xmalloc(sizeof(CREDENTIALS)); -+ -+ if ((r=krb_get_tf_fullname(TKT_FILE,pname,pinst,prealm)) != KSUCCESS) { -+ debug("Kerberos V4 tf_fullname failed: %s",krb_err_txt[r]); -+ return 0; -+ } -+ if ((r=krb_get_cred("krbtgt", prealm, prealm, creds)) != GC_OK) { -+ debug("Kerberos V4 get_cred failed: %s", krb_err_txt[r]); -+ return 0; -+ } -+ if (time(0) > -+#ifdef HAVE_KRB_LIFE_TO_TIME -+ (unsigned long)krb_life_to_time(creds->issue_date, creds->lifetime)) { -+#else -+ (creds->issue_date + ((unsigned char)creds->lifetime * 5 * 60))) { -+#endif /* HAVE_KRB_LIFE_TO_TIME */ -+ debug("Kerberos V4 ticket expired: %s", TKT_FILE); -+ return 0; -+ } -+ -+ creds_to_radix(creds, buffer); -+ xfree(creds); -+ -+ packet_start(SSH_CMSG_HAVE_KERBEROS_TGT); -+ packet_put_string((char *)buffer, strlen(buffer)); -+ packet_send(); -+ packet_write_wait(); -+ -+ return 1; - } --#endif /* KERBEROS_TGT_PASSING */ -+ -+/* Forwards our AFS tokens to the server. */ -+void send_afs_tokens(void) -+{ -+ CREDENTIALS creds; -+ struct ViceIoctl parms; -+ struct ClearToken ct; -+ int i, type; -+ int len; -+ char buf[2048], *p, *server_cell; -+ unsigned char buffer[8192]; -+ -+ /* Move over ktc_GetToken, here's something leaner. */ -+ for (i = 0; i < 100; i++) { /* just in case */ -+ parms.in = (char *)&i; -+ parms.in_size = sizeof(i); -+ parms.out = buf; -+ parms.out_size = sizeof(buf); -+ if (k_pioctl(0, VIOCGETTOK, &parms, 0) != 0) break; -+ p = buf; -+ -+ /* Get secret token. */ -+ memcpy(&creds.ticket_st.length, p, sizeof(unsigned int)); -+ if (creds.ticket_st.length > MAX_KTXT_LEN) break; -+ p += sizeof(unsigned int); -+ memcpy(creds.ticket_st.dat, p, creds.ticket_st.length); -+ p += creds.ticket_st.length; -+ -+ /* Get clear token. */ -+ memcpy(&len, p, sizeof(len)); -+ if (len != sizeof(struct ClearToken)) break; -+ p += sizeof(len); -+ memcpy(&ct, p, len); -+ p += len; -+ p += sizeof(len); /* primary flag */ -+ server_cell = p; -+ -+ /* Flesh out our credentials. */ -+ strcpy(creds.service, "afs"); -+ creds.instance[0] = '\0'; -+ strncpy(creds.realm, server_cell, REALM_SZ); -+ memcpy(creds.session, ct.HandShakeKey, DES_KEY_SZ); -+ creds.issue_date = ct.BeginTimestamp; -+ creds.lifetime = krb_time_to_life(creds.issue_date, ct.EndTimestamp); -+ creds.kvno = ct.AuthHandle; -+ snprintf(creds.pname, sizeof(creds.pname), "AFS ID %d", ct.ViceId); -+ creds.pinst[0] = '\0'; -+ -+ /* Encode token, ship it off. */ -+ if (!creds_to_radix(&creds, buffer)) break; -+ packet_start(SSH_CMSG_HAVE_AFS_TOKEN); -+ packet_put_string((char *)buffer, strlen(buffer)); -+ packet_send(); -+ packet_write_wait(); -+ -+ /* Roger, Roger. Clearance, Clarence. What's your vector, Victor? */ -+ type = packet_read(); -+ -+ if (type == SSH_SMSG_FAILURE) -+ debug("AFS token for cell %s rejected.", server_cell); -+ else if (type != SSH_SMSG_SUCCESS) -+ packet_disconnect("Protocol error on AFS token response: %d", type); -+ } -+} -+#endif /* AFS */ - - /* Waits for the server identification string, and sends our own identification - string. */ -@@ -1285,14 +1493,12 @@ - unsigned char check_bytes[8]; - unsigned int supported_ciphers, supported_authentications, protocol_flags; - HostStatus host_status; --#ifdef KERBEROS - #ifdef KRB5 - char *kuser; - krb5_ccache ccache; - krb5_error_code problem; - krb5_principal client; --#endif --#endif -+#endif /* KRB5 */ - - /* Convert the user-supplied hostname into all lowercase. */ - host = xstrdup(orighost); -@@ -1595,7 +1801,6 @@ - - debug("Received encrypted confirmation."); - --#ifdef KERBEROS - #ifdef KRB5 - if (!ssh_context) - { -@@ -1629,7 +1834,6 @@ - debug("Kerberos V5: could not get default ccache."); - } - #endif /* KRB5 */ --#endif /* KERBEROS */ - - /* Send the name of the user to log in as on the server. */ - packet_start(SSH_CMSG_USER); -@@ -1647,24 +1851,39 @@ - packet_disconnect("Protocol error: got %d in response to SSH_CMSG_USER", - type); - --#ifdef KERBEROS_TGT_PASSING -+#if defined(KRB5) || defined(AFS) - /* Try Kerberos tgt passing if the server supports it. */ - if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) && - options->kerberos_tgt_passing) - { - if (options->cipher == SSH_CIPHER_NONE) - log_msg("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!"); -- (void)send_kerberos_tgt(); -+ if (send_kerberos_tgt()) -+ { -+ type = packet_read(); -+ if (type == SSH_SMSG_FAILURE) -+ debug("Kerberos TGT passing failed."); -+ else if (type != SSH_SMSG_SUCCESS) -+ packet_disconnect("Protocol error on Kerberos tgt response: %d", type); -+ } - } --#endif /* KERBEROS_TGT_PASSING */ -+#endif /* KRB5 || AFS */ -+ -+#ifdef AFS -+ /* Try AFS token passing if the server supports it. */ -+ if ((supported_authentications & (1 << SSH_PASS_AFS_TOKEN)) && -+ options->afs_token_passing && k_hasafs()) { -+ if (options->cipher == SSH_CIPHER_NONE) -+ log_msg("WARNING: Encryption is disabled! Token will be transmitted in the clear!"); -+ send_afs_tokens(); -+ } -+#endif /* AFS */ - --#ifdef KERBEROS --#ifdef KRB5 -+#if defined(KRB4) || defined(KRB5) - if ((supported_authentications & (1 << SSH_AUTH_KERBEROS)) && - options->kerberos_authentication) - { -- debug("Trying Kerberos V5 authentication."); --#endif -+ debug("Trying Kerberos authentication."); - if (try_kerberos_authentication()) { - /* The server should respond with success or failure. */ - type = packet_read(); -@@ -1673,10 +1892,8 @@ - if (type != SSH_SMSG_FAILURE) - packet_disconnect("Protocol error: got %d in response to Kerberos auth", type); - } --#ifdef KRB5 - } --#endif --#endif /* KERBEROS */ -+#endif /* KRB4 || KRB5 */ - - /* Use rhosts authentication if running in privileged socket and we do not - wish to remain anonymous. */ diff --git a/security/ssh/patches/patch-bl b/security/ssh/patches/patch-bl deleted file mode 100644 index 7d5993b05e8..00000000000 --- a/security/ssh/patches/patch-bl +++ /dev/null @@ -1,37 +0,0 @@ -$NetBSD: patch-bl,v 1.1 1999/12/25 05:28:37 kim Exp $ - ---- sshd.8.in.orig Wed May 12 07:19:31 1999 -+++ sshd.8.in Fri Dec 24 21:50:05 1999 -@@ -529,10 +529,10 @@ - - .TP - .B KerberosAuthentication --Specifies whether Kerberos V5 authentication is allowed. This can -+Specifies whether Kerberos authentication is allowed. This can - be in the form of a Kerberos ticket, or if PasswordAuthentication - is yes, the password provided by the user will be validated through --the Kerberos KDC or DCE Security Server. Default is yes. -+the Kerberos KDC / AFS kaserver / DCE Security Server. Default is yes. - - .TP - .B KerberosOrLocalPasswd -@@ -542,8 +542,18 @@ - - .TP - .B KerberosTgtPassing --Specifies whether a Kerberos V5 TGT may be forwarded to the server. -+Specifies whether a Kerberos TGT may be forwarded to the server. - Default is yes. -+ -+.TP -+.B AFSTokenPassing -+Specifies whether an AFS token may be forwarded to the server. -+Default is yes. -+ -+.TP -+.B KerberosTicketCleanup -+Specifies whether to automatically destroy the user's Kerberos v4 -+ticket cache file on logout. Default is yes. - - .TP - .B KeyRegenerationInterval diff --git a/security/ssh/patches/patch-bn b/security/ssh/patches/patch-bn deleted file mode 100644 index f178eefb4cd..00000000000 --- a/security/ssh/patches/patch-bn +++ /dev/null @@ -1,49 +0,0 @@ -$NetBSD: patch-bn,v 1.1 1999/12/25 05:28:37 kim Exp $ - ---- README.AFS-KERBEROS.orig Wed Dec 31 19:00:00 1969 -+++ README.AFS-KERBEROS Fri Dec 24 21:50:03 1999 -@@ -0,0 +1,44 @@ -+ -+ssh-1.2.27-afs-kerberos.patch-1 -+AFS, Kerberos v4 support for SSH -+ -+Here are the extra flags to configure, and what they do: -+ -+--with-krb4[=PATH] Compile in Kerberos v4 support: -+ Kerberos v4 authentication -+ Kerberos v4 password authentication -+ Kerberos v4 ~/.klogin authorization -+ -+These are all enabled by the 'KerberosAuthentication' config option. -+Kerberos v4 and Kerberos v5 support are mutually exclusive for now. -+PATH default is /usr/kerberos. -+ -+--with-hesiod[=PATH] Compile in support for Hesiod: -+ getpwnam(), getpwuid() replacements -+ -+--with-afs Compile in AFS support (requires KTH krb4): -+ ticket/token passing -+ process authentication groups -+ local Xauthority files (for AFS home dirs) -+ /ticket TKT_ROOT directory (if it exists) -+ -+Binaries built with AFS support will work just fine on non-AFS machines! -+You will need to use the KTH krb4 libs (ftp://ftp.pdc.kth.se/pub/krb/src), -+or just their libkafs, also available separately from CMU as libkrbafs -+(http://andrew2.andrew.cmu.edu/dist/krbafs.html). -+ -+Additional Kerberos client and server config options (and their defaults): -+ -+ KerberosAuthentication yes -+ KerberosOrLocalPasswd no -+ KerberosTgtPassing yes -+ AFSTokenPassing yes -+ KerberosTicketCleanup yes -+ -+See sshd(8) and ssh(1) for details. -+ -+The latest version of this patch can be found at -+ -+ http://www.monkey.org/~dugsong/ssh-afs-kerberos.html -+ -+dugsong@monkey.org diff --git a/security/ssh/patches/patch-br b/security/ssh/patches/patch-br deleted file mode 100644 index 8307dc854c1..00000000000 --- a/security/ssh/patches/patch-br +++ /dev/null @@ -1,272 +0,0 @@ -$NetBSD: patch-br,v 1.1 1999/12/25 05:28:38 kim Exp $ - ---- radix.c.orig Wed Dec 31 19:00:00 1969 -+++ radix.c Fri Dec 24 21:50:04 1999 -@@ -0,0 +1,267 @@ -+/* -+ radix.c -+ -+ base-64 encoding pinched from lynx2-7-2, who pinched it from rpem. -+ Originally written by Mark Riordan 12 August 1990 and 17 Feb 1991 -+ and placed in the public domain. -+ -+ dugsong@UMICH.EDU -+*/ -+ -+#include "includes.h" -+ -+#ifdef AFS -+#include <krb.h> -+#include <kafs.h> -+ -+char six2pr[64] = { -+ 'A','B','C','D','E','F','G','H','I','J','K','L','M', -+ 'N','O','P','Q','R','S','T','U','V','W','X','Y','Z', -+ 'a','b','c','d','e','f','g','h','i','j','k','l','m', -+ 'n','o','p','q','r','s','t','u','v','w','x','y','z', -+ '0','1','2','3','4','5','6','7','8','9','+','/' -+}; -+ -+unsigned char pr2six[256]; -+ -+int uuencode(unsigned char *bufin, unsigned int nbytes, char *bufcoded) -+{ -+ /* ENC is the basic 1 character encoding function to make a char printing */ -+#define ENC(c) six2pr[c] -+ -+ register char *outptr = bufcoded; -+ unsigned int i; -+ -+ for (i=0; i<nbytes; i += 3) { -+ *(outptr++) = ENC(*bufin >> 2); /* c1 */ -+ *(outptr++) = ENC(((*bufin << 4) & 060) | ((bufin[1] >> 4) & 017)); /*c2*/ -+ *(outptr++) = ENC(((bufin[1] << 2) & 074) | ((bufin[2] >> 6) & 03));/*c3*/ -+ *(outptr++) = ENC(bufin[2] & 077); /* c4 */ -+ bufin += 3; -+ } -+ if (i == nbytes+1) { -+ outptr[-1] = '='; -+ } else if (i == nbytes+2) { -+ outptr[-1] = '='; -+ outptr[-2] = '='; -+ } -+ *outptr = '\0'; -+ return(outptr - bufcoded); -+} -+ -+int uudecode(char *bufcoded, unsigned char *bufplain, int outbufsize) -+{ -+ /* single character decode */ -+#define DEC(c) pr2six[c] -+#define MAXVAL 63 -+ -+ static int first = 1; -+ int nbytesdecoded, j; -+ register char *bufin = bufcoded; -+ register unsigned char *bufout = bufplain; -+ register int nprbytes; -+ -+ /* If this is the first call, initialize the mapping table. */ -+ if (first) { -+ first = 0; -+ for(j=0; j<256; j++) pr2six[j] = MAXVAL+1; -+ for(j=0; j<64; j++) pr2six[(unsigned char)six2pr[j]] = (unsigned char)j; -+ } -+ -+ /* Strip leading whitespace. */ -+ while (*bufcoded==' ' || *bufcoded == '\t') bufcoded++; -+ -+ /* Figure out how many characters are in the input buffer. -+ If this would decode into more bytes than would fit into -+ the output buffer, adjust the number of input bytes downwards. */ -+ bufin = bufcoded; -+ while (pr2six[(unsigned char)*(bufin++)] <= MAXVAL); -+ nprbytes = bufin - bufcoded - 1; -+ nbytesdecoded = ((nprbytes+3)/4) * 3; -+ if (nbytesdecoded > outbufsize) -+ nprbytes = (outbufsize*4)/3; -+ -+ bufin = bufcoded; -+ -+ while (nprbytes > 0) { -+ *(bufout++) = (unsigned char) (DEC(*bufin) << 2 | DEC(bufin[1]) >> 4); -+ *(bufout++) = (unsigned char) (DEC(bufin[1]) << 4 | DEC(bufin[2]) >> 2); -+ *(bufout++) = (unsigned char) (DEC(bufin[2]) << 6 | DEC(bufin[3])); -+ bufin += 4; -+ nprbytes -= 4; -+ } -+ if (nprbytes & 03) { -+ if (pr2six[bufin[-2]] > MAXVAL) -+ nbytesdecoded -= 2; -+ else -+ nbytesdecoded -= 1; -+ } -+ return(nbytesdecoded); -+} -+ -+typedef unsigned char my_u_char; -+typedef unsigned int my_u_int32_t; -+typedef unsigned short my_u_short; -+ -+/* Nasty macros from BIND-4.9.2 */ -+ -+#define GETSHORT(s, cp) { \ -+ register my_u_char *t_cp = (my_u_char*)(cp); \ -+ (s) = (((my_u_short)t_cp[0]) << 8) \ -+ | (((my_u_short)t_cp[1])) \ -+ ; \ -+ (cp) += 2; \ -+} -+ -+#define GETLONG(l, cp) { \ -+ register my_u_char *t_cp = (my_u_char*)(cp); \ -+ (l) = (((my_u_int32_t)t_cp[0]) << 24) \ -+ | (((my_u_int32_t)t_cp[1]) << 16) \ -+ | (((my_u_int32_t)t_cp[2]) << 8) \ -+ | (((my_u_int32_t)t_cp[3])) \ -+ ; \ -+ (cp) += 4; \ -+} -+ -+#define PUTSHORT(s, cp) { \ -+ register my_u_short t_s = (my_u_short)(s); \ -+ register my_u_char *t_cp = (my_u_char*)(cp); \ -+ *t_cp++ = t_s >> 8; \ -+ *t_cp = t_s; \ -+ (cp) += 2; \ -+} -+ -+#define PUTLONG(l, cp) { \ -+ register my_u_int32_t t_l = (my_u_int32_t)(l); \ -+ register my_u_char *t_cp = (my_u_char*)(cp); \ -+ *t_cp++ = t_l >> 24; \ -+ *t_cp++ = t_l >> 16; \ -+ *t_cp++ = t_l >> 8; \ -+ *t_cp = t_l; \ -+ (cp) += 4; \ -+} -+ -+#define GETSTRING(s, p, p_l) { \ -+ register char* p_targ = (p) + p_l; \ -+ register char* s_c = (s); \ -+ register char* p_c = (p); \ -+ while (*p_c && (p_c < p_targ)) { \ -+ *s_c++ = *p_c++; \ -+ } \ -+ if (p_c == p_targ) { \ -+ return 1; \ -+ } \ -+ *s_c = *p_c++; \ -+ (p_l) = (p_l) - (p_c - (p)); \ -+ (p) = p_c; \ -+} -+ -+ -+int creds_to_radix(CREDENTIALS *creds, unsigned char *buf) -+{ -+ char *p, *s; -+ int len; -+ char temp[2048]; -+ -+ p = temp; -+ *p++ = 1; /* version */ -+ s = creds->service; while (*s) *p++ = *s++; *p++ = *s; -+ s = creds->instance; while (*s) *p++ = *s++; *p++ = *s; -+ s = creds->realm; while (*s) *p++ = *s++; *p++ = *s; -+ -+ s = creds->pname; while (*s) *p++ = *s++; *p++ = *s; -+ s = creds->pinst; while (*s) *p++ = *s++; *p++ = *s; -+ /* Null string to repeat the realm. */ -+ *p++ = '\0'; -+ -+ PUTLONG(creds->issue_date,p); -+ { -+ unsigned long endTime ; -+#ifdef HAVE_KRB_LIFE_TO_TIME -+ endTime = (unsigned long)krb_life_to_time(creds->issue_date, -+ creds->lifetime); -+#else /* !HAVE_KRB_LIFE_TO_TIME */ -+ endTime = creds->issue_date + ((unsigned char)(creds->lifetime))*5*60; -+#endif /* !HAVE_KRB_LIFE_TO_TIME */ -+ PUTLONG(endTime,p); -+ } -+ -+ memcpy(p,&creds->session, sizeof(creds->session)); -+ p += sizeof(creds->session); -+ -+ PUTSHORT(creds->kvno,p); -+ PUTLONG(creds->ticket_st.length,p); -+ -+ memcpy(p,creds->ticket_st.dat, creds->ticket_st.length); -+ p += creds->ticket_st.length; -+ len = p - temp; -+ -+ return(uuencode(temp, len, buf)); -+} -+ -+int radix_to_creds(char *buf, CREDENTIALS *creds) -+{ -+ -+ char *p, *s; -+ int len, tl, status; -+ char version; -+ char temp[2048]; -+ -+ if (!(len = uudecode(buf, temp, sizeof(temp)))) -+ return 0; -+ -+ p = temp; -+ -+ /* check version and length! */ -+ if (len < 1) return 0; -+ version = *p; p++; len--; -+ -+ GETSTRING(creds->service, p, len); -+ GETSTRING(creds->instance, p, len); -+ GETSTRING(creds->realm, p, len); -+ -+ GETSTRING(creds->pname, p, len); -+ GETSTRING(creds->pinst, p, len); -+ /* Ignore possibly different realm. */ -+ while (*p && len) p++, len--; -+ if (len == 0) return 0; -+ p++, len--; -+ -+ /* Enough space for remaining fixed-length parts? */ -+ if (len < (4 + 4 + sizeof(creds->session) + 2 + 4)) -+ return 0; -+ -+ GETLONG(creds->issue_date,p); -+ len -= 4; -+ { -+ unsigned long endTime; -+ GETLONG(endTime,p); -+ len -= 4; -+#ifdef HAVE_KRB_LIFE_TO_TIME -+ creds->lifetime = krb_time_to_life(creds->issue_date, endTime); -+#else -+ creds->lifetime = ((endTime - creds->issue_date) + 5*60 - 1) / (5*60); -+#endif -+ } -+ -+ memcpy(&creds->session, p, sizeof(creds->session)); -+ p += sizeof(creds->session); -+ len -= sizeof(creds->session); -+ -+ GETSHORT(creds->kvno,p); -+ len -= 2; -+ GETLONG(creds->ticket_st.length,p); -+ len -= 4; -+ -+ tl = creds->ticket_st.length; -+ if (tl < 0 || tl > len || tl > sizeof(creds->ticket_st.dat)) -+ return 0; -+ -+ memcpy(creds->ticket_st.dat, p, tl); -+ p += tl; -+ len -= tl; -+ -+ return 1; -+} -+ -+#endif /* AFS */ diff --git a/security/ssh/patches/patch-ca b/security/ssh/patches/patch-ca deleted file mode 100644 index df9c9be9e71..00000000000 --- a/security/ssh/patches/patch-ca +++ /dev/null @@ -1,13 +0,0 @@ -$NetBSD: patch-ca,v 1.2 2001/02/16 13:06:41 dmcmahill Exp $ - ---- deattack.c.orig Wed May 12 13:19:25 1999 -+++ deattack.c Tue Feb 13 11:23:07 2001 -@@ -79,7 +79,7 @@ - detect_attack(unsigned char *buf, word32 len, unsigned char *IV) - { - static word16 *h = (word16 *) NULL; -- static word16 n = HASH_MINSIZE / HASH_ENTRYSIZE; -+ static word32 n = HASH_MINSIZE / HASH_ENTRYSIZE; - register word32 i, j; - word32 l; - register unsigned char *c; diff --git a/security/ssh/patches/patch-la b/security/ssh/patches/patch-la deleted file mode 100644 index 5e2bfb9bfa4..00000000000 --- a/security/ssh/patches/patch-la +++ /dev/null @@ -1,28 +0,0 @@ -$NetBSD: patch-la,v 1.2 2000/10/19 02:02:58 hubertf Exp $ - ---- userfile.c.orig Wed May 12 13:19:29 1999 -+++ userfile.c -@@ -180,7 +180,7 @@ - #endif - - --#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) -+#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H) - #include <login_cap.h> - #endif - -@@ -644,9 +644,13 @@ - /* Child. We will start serving request. */ - if (uid != geteuid() || uid != getuid()) - { --#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) -+#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H) && defined(LOGIN_SETENV) - struct passwd * pw = getpwuid(uid); -+#if defined(__NetBSD__) -+ login_cap_t * lc = login_getpwclass(pw); -+#else - login_cap_t * lc = login_getuserclass(pw); -+#endif - if (setusercontext(lc, pw, uid, - LOGIN_SETALL & ~(LOGIN_SETLOGIN | LOGIN_SETPATH | - LOGIN_SETENV)) < 0) |