summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorkristerw <kristerw@pkgsrc.org>2004-06-01 21:50:37 +0000
committerkristerw <kristerw@pkgsrc.org>2004-06-01 21:50:37 +0000
commit1b0ace13d4d14b71bf9e735e328c952f7f7cc079 (patch)
tree7c3dcbec968f4c56d1bc334d2727626cd80359f1 /security
parent2c882be0504da87fb35b97bfdac42a1ce763c152 (diff)
downloadpkgsrc-1b0ace13d4d14b71bf9e735e328c952f7f7cc079.tar.gz
Remove obsolete packages, per discussion on tech-pkg.
Diffstat (limited to 'security')
-rw-r--r--security/Makefile4
-rw-r--r--security/openssh+gssapi/DESCR8
-rw-r--r--security/openssh+gssapi/INSTALL36
-rw-r--r--security/openssh+gssapi/MESSAGE17
-rw-r--r--security/openssh+gssapi/MESSAGE.pam9
-rw-r--r--security/openssh+gssapi/MESSAGE.urandom8
-rw-r--r--security/openssh+gssapi/Makefile162
-rw-r--r--security/openssh+gssapi/PLIST29
-rw-r--r--security/openssh+gssapi/PLIST.pam2
-rw-r--r--security/openssh+gssapi/PLIST.prng3
-rw-r--r--security/openssh+gssapi/distinfo11
-rw-r--r--security/openssh+gssapi/files/sshd.sh105
-rw-r--r--security/openssh+gssapi/patches/patch-aa34
-rw-r--r--security/openssh+gssapi/patches/patch-ab34
-rw-r--r--security/openssh+gssapi/patches/patch-ah22
-rw-r--r--security/openssh+gssapi/patches/patch-ai62
-rw-r--r--security/openssh+gssapi/patches/patch-aj26
-rw-r--r--security/ssh/DEINSTALL18
-rw-r--r--security/ssh/DESCR98
-rw-r--r--security/ssh/MESSAGE20
-rw-r--r--security/ssh/Makefile208
-rw-r--r--security/ssh/PLIST40
-rw-r--r--security/ssh/distinfo43
-rw-r--r--security/ssh/files/sshd.sh49
-rw-r--r--security/ssh/patches/patch-aa36
-rw-r--r--security/ssh/patches/patch-ab253
-rw-r--r--security/ssh/patches/patch-ac200
-rw-r--r--security/ssh/patches/patch-ad13
-rw-r--r--security/ssh/patches/patch-ae21
-rw-r--r--security/ssh/patches/patch-af659
-rw-r--r--security/ssh/patches/patch-ag49
-rw-r--r--security/ssh/patches/patch-ah34
-rw-r--r--security/ssh/patches/patch-ai52
-rw-r--r--security/ssh/patches/patch-aj3944
-rw-r--r--security/ssh/patches/patch-al70
-rw-r--r--security/ssh/patches/patch-am36
-rw-r--r--security/ssh/patches/patch-an43
-rw-r--r--security/ssh/patches/patch-ao22
-rw-r--r--security/ssh/patches/patch-ap36
-rw-r--r--security/ssh/patches/patch-aq68
-rw-r--r--security/ssh/patches/patch-ar35
-rw-r--r--security/ssh/patches/patch-as249
-rw-r--r--security/ssh/patches/patch-at192
-rw-r--r--security/ssh/patches/patch-au87
-rw-r--r--security/ssh/patches/patch-av39
-rw-r--r--security/ssh/patches/patch-ax60
-rw-r--r--security/ssh/patches/patch-ay13
-rw-r--r--security/ssh/patches/patch-az58
-rw-r--r--security/ssh/patches/patch-ba137
-rw-r--r--security/ssh/patches/patch-bb64
-rw-r--r--security/ssh/patches/patch-bd73
-rw-r--r--security/ssh/patches/patch-be14
-rw-r--r--security/ssh/patches/patch-bf99
-rw-r--r--security/ssh/patches/patch-bg17
-rw-r--r--security/ssh/patches/patch-bh31
-rw-r--r--security/ssh/patches/patch-bi27
-rw-r--r--security/ssh/patches/patch-bj76
-rw-r--r--security/ssh/patches/patch-bk390
-rw-r--r--security/ssh/patches/patch-bl37
-rw-r--r--security/ssh/patches/patch-bn49
-rw-r--r--security/ssh/patches/patch-br272
-rw-r--r--security/ssh/patches/patch-ca13
-rw-r--r--security/ssh/patches/patch-la28
63 files changed, 1 insertions, 8643 deletions
diff --git a/security/Makefile b/security/Makefile
index 986c166c245..c927b9d8158 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.183 2004/05/26 12:05:10 sekiya Exp $
+# $NetBSD: Makefile,v 1.184 2004/06/01 21:50:37 kristerw Exp $
#
COMMENT= Security tools
@@ -92,7 +92,6 @@ SUBDIR+= nfsbug
SUBDIR+= nikto
SUBDIR+= opencdk
SUBDIR+= openssh
-SUBDIR+= openssh+gssapi
SUBDIR+= openssl
SUBDIR+= otpcalc
SUBDIR+= p0f
@@ -173,7 +172,6 @@ SUBDIR+= sniff
SUBDIR+= snortsnarf
SUBDIR+= srm
SUBDIR+= srp_client
-SUBDIR+= ssh
SUBDIR+= ssh-askpass
SUBDIR+= ssh-ip-tunnel
SUBDIR+= ssh2
diff --git a/security/openssh+gssapi/DESCR b/security/openssh+gssapi/DESCR
deleted file mode 100644
index 784da25242d..00000000000
--- a/security/openssh+gssapi/DESCR
+++ /dev/null
@@ -1,8 +0,0 @@
-OpenSSH is based on the last free version of Tatu Ylonen's SSH with
-all patent-encumbered algorithms removed (to external libraries), all
-known security bugs fixed, new features reintroduced and many other
-clean-ups. More information about SSH itself can be found in the file
-README.Ylonen. OpenSSH has been created by Aaron Campbell, Bob Beck,
-Markus Friedl, Niels Provos, Theo de Raadt, and Dug Song.
-
-This package adds enhanced support for GSSAPI, provided by sxw.org.uk.
diff --git a/security/openssh+gssapi/INSTALL b/security/openssh+gssapi/INSTALL
deleted file mode 100644
index d6becd802c0..00000000000
--- a/security/openssh+gssapi/INSTALL
+++ /dev/null
@@ -1,36 +0,0 @@
-# $NetBSD: INSTALL,v 1.2 2003/08/30 20:23:07 jlam Exp $
-
-DIRS="/etc /etc/ssh ${PKG_PREFIX}/etc ${PKG_PREFIX}/etc/ssh"
-FILES="sshd.conf sshd_config"
-
-case ${STAGE} in
-POST-INSTALL)
- for dir in $DIRS; do
- if [ "@PKG_SYSCONFDIR@" != "$dir" ]; then
- for file in $FILES; do
- path=$dir/$file
- if [ -f $path ]; then
- ${CAT} <<EOF
-===========================================================================
-
- *===* NOTICE *===*
-
-WARNING: previous configuration file $path found.
-
-The config files for ${PKGNAME} must be located in:
-
- @PKG_SYSCONFDIR@
-
-You will need to ensure your configuration files and/or keys are
-placed in the correct directory before using ${PKGNAME}.
-
-===========================================================================
-EOF
-
- exit
- fi
- done
- fi
- done
- ;;
-esac
diff --git a/security/openssh+gssapi/MESSAGE b/security/openssh+gssapi/MESSAGE
deleted file mode 100644
index 482f771c674..00000000000
--- a/security/openssh+gssapi/MESSAGE
+++ /dev/null
@@ -1,17 +0,0 @@
-===========================================================================
-$NetBSD: MESSAGE,v 1.1.1.1 2003/07/24 21:01:23 jwise Exp $
-
- *===* NOTICE *===*
-
-If you have existing config files for OpenSSH located at /etc/ssh.conf
-and /etc/sshd.conf, then you will have to copy them:
-
- /etc/ssh.conf --> ${PKG_SYSCONFDIR}/ssh_config
- /etc/sshd.conf --> ${PKG_SYSCONFDIR}/sshd_config
-
-The `${OPENSSH_USER}' user and `${OPENSSH_GROUP}' group used for
-privilege separation have been created if they did not already exist.
-For security reasons, UsePrivilegeSeparation has to be yes
-(the default value).
-
-===========================================================================
diff --git a/security/openssh+gssapi/MESSAGE.pam b/security/openssh+gssapi/MESSAGE.pam
deleted file mode 100644
index 65185d65a13..00000000000
--- a/security/openssh+gssapi/MESSAGE.pam
+++ /dev/null
@@ -1,9 +0,0 @@
-===========================================================================
-$NetBSD: MESSAGE.pam,v 1.1.1.1 2003/07/24 21:01:23 jwise Exp $
-
-To authenticate for SSH using PAM, add the contents of the file:
-
- ${EGDIR}/sshd.pam
-
-to your PAM configuration file.
-===========================================================================
diff --git a/security/openssh+gssapi/MESSAGE.urandom b/security/openssh+gssapi/MESSAGE.urandom
deleted file mode 100644
index 6c3f593d0ae..00000000000
--- a/security/openssh+gssapi/MESSAGE.urandom
+++ /dev/null
@@ -1,8 +0,0 @@
-===========================================================================
-$NetBSD: MESSAGE.urandom,v 1.1.1.1 2003/07/24 21:01:23 jwise Exp $
-
-You will need a working /dev/urandom. Please make sure you have a kernel
-compiled from a config file containing the line:
-
- pseudo-device rnd
-===========================================================================
diff --git a/security/openssh+gssapi/Makefile b/security/openssh+gssapi/Makefile
deleted file mode 100644
index 3320a6bf0ea..00000000000
--- a/security/openssh+gssapi/Makefile
+++ /dev/null
@@ -1,162 +0,0 @@
-# $NetBSD: Makefile,v 1.14 2004/05/11 04:40:59 snj Exp $
-
-# NOTE: This package is modeled on ../openssh, but does not share
-# files with it as that package may update faster than the gssapi
-# patches do.
-
-DISTNAME= openssh-3.6.1p2
-PKGNAME= openssh+gssapi-3.6.1.2.20030430
-PKGREVISION= 3
-SVR4_PKGNAME= osshgss
-CATEGORIES= security
-MASTER_SITES= ftp://ftp7.usa.openbsd.org/pub/os/OpenBSD/OpenSSH/portable/ \
- ftp://ftp.stealth.net/pub/mirrors/ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \
- http://public.planetmirror.com.au/pub/OpenBSD/OpenSSH/portable/ \
- ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \
- ftp://gd.tuwien.ac.at/opsys/OpenBSD/OpenSSH/portable/ \
- ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/old/
-PATCH_SITES= http://www.sxw.org.uk/computing/patches/
-PATCHFILES= openssh-3.6.1p2-gssapi-20030430.diff
-PATCH_DIST_STRIP= -p1
-
-# Don't delete the last entry -- it's there if the pkgsrc version is not
-# up-to-date and the mirrors already removed the old distfile.
-
-MAINTAINER= jwise@NetBSD.org
-HOMEPAGE= http://www.openssh.com/
-COMMENT= Open Source Secure shell client and server with enhanced GSSAPI support
-
-CONFLICTS= sftp-[0-9]*
-CONFLICTS+= ssh-[0-9]* ssh6-[0-9]* ssh2-[0-9]*
-CONFLICTS+= openssh-[0-9]*
-
-USE_PERL5= build
-
-CRYPTO= yes
-KERBEROS= yes
-
-# retain the following line, for IPv6-ready pkgsrc webpage
-BUILD_DEFS+= USE_INET6
-#BUILD_DEFS+= KERBEROS
-
-.include "../../mk/bsd.prefs.mk"
-
-INSTALL_TARGET= install-nokeys
-PLIST_SRC= # empty
-MESSAGE_SRC= ${.CURDIR}/MESSAGE
-
-PKG_USERS= ${OPENSSH_USER}:${OPENSSH_GROUP}:${OPENSSH_UID}:sshd\\ privsep:${OPENSSH_CHROOT}:${NOLOGIN}
-PKG_GROUPS= ${OPENSSH_GROUP}:${OPENSSH_GID}
-
-SSH_PID_DIR= /var/run # default directory for PID files
-
-PKG_SYSCONFSUBDIR= ssh
-MANDIR= man
-
-PLIST_SUBST+= MANDIR=${MANDIR}
-
-USE_BUILDLINK3= yes
-USE_PKGINSTALL= yes
-GNU_CONFIGURE= yes
-CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR}
-CONFIGURE_ARGS+= --mandir=${PREFIX}/${MANDIR}
-CONFIGURE_ARGS+= --with-pid-dir=${SSH_PID_DIR}
-CONFIGURE_ARGS+= --with-ssl-dir=${SSLBASE}
-CONFIGURE_ARGS+= --with-tcp-wrappers=${BUILDLINK_PREFIX.tcp_wrappers}
-CONFIGURE_ARGS+= --with-privsep-path=${OPENSSH_CHROOT}
-CONFIGURE_ARGS+= --with-privsep-user=${OPENSSH_USER}
-CONFIGURE_ARGS+= --with-kerberos5=/usr
-CONFIGURE_ARGS+= --with-kerberos4=/usr
-
-CPPFLAGS+= -I/usr/include/krb5 -I/usr/include/kerberosIV
-
-# XXX: PAM authentication causes memory faults, and I haven't tracked down
-# XXX: why yet. For the moment, disable PAM authentication.
-#
-#.if defined(USE_PAM)
-#.include "../../security/PAM/buildlink3.mk"
-#CONFIGURE_ARGS+= --with-pam
-#PLIST_SRC+= ${.CURDIR}/PLIST.pam
-#MESSAGE_SRC+= ${.CURDIR}/MESSAGE.pam
-#.endif
-
-.if (${OPSYS} == "Darwin") || (${OPSYS} == "SunOS")
-. include "../../security/skey/buildlink3.mk"
-CONFIGURE_ARGS+= --with-skey=${BUILDLINK_PREFIX.skey}
-.elif ${OPSYS} == "NetBSD"
-# XXX: NetBSD has 4 args (4: sslen) to skeychallenge instead of 3
-#CONFIGURE_ARGS+= --with-skey=/usr
-CONFIGURE_ARGS+= --without-skey
-.else
-CONFIGURE_ARGS+= --without-skey
-.endif
-
-.if defined(KERBEROS)
-PKG_USE_KERBEROS= yes
-CONFIGURE_ARGS+= --with-kerberos4=/usr
-LDFLAGS+= -lkrb -lcom_err -lroken -ldes -lcrypto
-.endif
-
-CONFIGURE_ENV+= LD=${CC:Q}
-
-# The ssh-askpass program is in ${X11BASE}/bin or ${X11PREFIX}/bin depending
-# on if it's part of the X11 distribution, or if it's installed from pkgsrc
-# (security/ssh-askpass).
-#
-.if exists(${X11BASE}/bin/ssh-askpass)
-ASKPASS_PROGRAM= ${X11BASE}/bin/ssh-askpass
-.else
-ASKPASS_PROGRAM= ${X11PREFIX}/bin/ssh-askpass
-.endif
-CONFIGURE_ENV+= ASKPASS_PROGRAM=${ASKPASS_PROGRAM}
-MAKE_ENV+= ASKPASS_PROGRAM=${ASKPASS_PROGRAM}
-
-CONFS= ssh_config sshd_config
-SUPPS= moduli
-
-.if exists(/dev/urandom)
-MESSAGE_SRC+= ${.CURDIR}/MESSAGE.urandom
-.else
-CONFIGURE_ARGS+= --without-random
-CONFS+= ssh_prng_cmds
-PLIST_SRC+= ${.CURDIR}/PLIST.prng
-.endif
-
-EGDIR= ${PREFIX}/share/examples/openssh
-CONF_FILES= # empty
-.for FILE in ${CONFS}
-CONF_FILES+= ${EGDIR}/${FILE} ${PKG_SYSCONFDIR}/${FILE}
-.endfor
-SUPPORT_FILES= # empty
-.for FILE in ${SUPPS}
-SUPPORT_FILES+= ${EGDIR}/${FILE} ${PKG_SYSCONFDIR}/${FILE}
-.endfor
-OWN_DIRS= ${OPENSSH_CHROOT}
-RCD_SCRIPTS= sshd
-
-PLIST_SRC+= ${.CURDIR}/PLIST
-FILES_SUBST+= SSH_PID_DIR=${SSH_PID_DIR}
-MESSAGE_SUBST+= EGDIR=${EGDIR}
-MESSAGE_SUBST+= OPENSSH_USER=${OPENSSH_USER}
-MESSAGE_SUBST+= OPENSSH_GROUP=${OPENSSH_GROUP}
-
-INSTALL_EXTRA_TMPL+= ${.CURDIR}/INSTALL
-
-pre-configure:
- cd ${WRKSRC} && ${AUTORECONF}
-
-post-install:
- ${INSTALL_DATA_DIR} ${EGDIR}
- cd ${WRKSRC}; for file in ${CONFS} ${SUPPS}; do \
- ${INSTALL_DATA} $${file}.out ${EGDIR}/$${file}; \
- done
-#.if defined(USE_PAM)
-# ${INSTALL_DATA} ${WRKSRC}/contrib/sshd.pam.freebsd ${EGDIR}/sshd.pam
-#.endif
-
-.include "../../devel/zlib/buildlink3.mk"
-.include "../../security/openssl/buildlink3.mk"
-.include "../../security/tcp_wrappers/buildlink3.mk"
-.include "../../mk/autoconf.mk"
-
-.include "../../mk/bsd.pkg.mk"
diff --git a/security/openssh+gssapi/PLIST b/security/openssh+gssapi/PLIST
deleted file mode 100644
index 53634976bc4..00000000000
--- a/security/openssh+gssapi/PLIST
+++ /dev/null
@@ -1,29 +0,0 @@
-@comment $NetBSD: PLIST,v 1.2 2004/04/23 22:07:58 reed Exp $
-bin/scp
-bin/sftp
-bin/slogin
-bin/ssh
-bin/ssh-add
-bin/ssh-agent
-bin/ssh-keygen
-bin/ssh-keyscan
-libexec/sftp-server
-libexec/ssh-keysign
-${MANDIR}/man1/scp.1
-${MANDIR}/man1/sftp.1
-${MANDIR}/man1/slogin.1
-${MANDIR}/man1/ssh-add.1
-${MANDIR}/man1/ssh-agent.1
-${MANDIR}/man1/ssh-keygen.1
-${MANDIR}/man1/ssh-keyscan.1
-${MANDIR}/man1/ssh.1
-${MANDIR}/man5/ssh_config.5
-${MANDIR}/man5/sshd_config.5
-${MANDIR}/man8/sftp-server.8
-${MANDIR}/man8/ssh-keysign.8
-${MANDIR}/man8/sshd.8
-sbin/sshd
-share/examples/openssh/moduli
-share/examples/openssh/ssh_config
-share/examples/openssh/sshd_config
-@dirrm share/examples/openssh
diff --git a/security/openssh+gssapi/PLIST.pam b/security/openssh+gssapi/PLIST.pam
deleted file mode 100644
index 51a30ff1f77..00000000000
--- a/security/openssh+gssapi/PLIST.pam
+++ /dev/null
@@ -1,2 +0,0 @@
-@comment $NetBSD: PLIST.pam,v 1.1.1.1 2003/07/24 21:01:23 jwise Exp $
-share/examples/openssh/sshd.pam
diff --git a/security/openssh+gssapi/PLIST.prng b/security/openssh+gssapi/PLIST.prng
deleted file mode 100644
index 16c1a2cb120..00000000000
--- a/security/openssh+gssapi/PLIST.prng
+++ /dev/null
@@ -1,3 +0,0 @@
-@comment $NetBSD: PLIST.prng,v 1.1.1.1 2003/07/24 21:01:23 jwise Exp $
-libexec/ssh-rand-helper
-share/examples/openssh/ssh_prng_cmds
diff --git a/security/openssh+gssapi/distinfo b/security/openssh+gssapi/distinfo
deleted file mode 100644
index b2cf12aaff1..00000000000
--- a/security/openssh+gssapi/distinfo
+++ /dev/null
@@ -1,11 +0,0 @@
-$NetBSD: distinfo,v 1.3 2003/09/17 14:27:03 jwise Exp $
-
-SHA1 (openssh-3.6.1p2.tar.gz) = dafe5b6ee2c8ced12c2ee8961530b4e51c2f0bcf
-Size (openssh-3.6.1p2.tar.gz) = 879629 bytes
-SHA1 (openssh-3.6.1p2-gssapi-20030430.diff) = a938638ad7d861e4f55ef5f8410acfdaac8a9e57
-Size (openssh-3.6.1p2-gssapi-20030430.diff) = 121077 bytes
-SHA1 (patch-aa) = 20abe6938aba07ab7b6c7eab5d24a303f0cd2298
-SHA1 (patch-ab) = 1069fe256b7925fcf404781ef14e5c492f52c21e
-SHA1 (patch-ah) = 9913c868bde5d318915b1dee2c05dcf454a0f506
-SHA1 (patch-ai) = a564c1c9df9704fa8ed20bd31a5eb36450c72f2b
-SHA1 (patch-aj) = a83eed6c0a5703a2953682b4627be38a87bfb65f
diff --git a/security/openssh+gssapi/files/sshd.sh b/security/openssh+gssapi/files/sshd.sh
deleted file mode 100644
index b33955a6e31..00000000000
--- a/security/openssh+gssapi/files/sshd.sh
+++ /dev/null
@@ -1,105 +0,0 @@
-#!@RCD_SCRIPTS_SHELL@
-#
-# $NetBSD: sshd.sh,v 1.1.1.1 2003/07/24 21:01:23 jwise Exp $
-#
-# PROVIDE: sshd
-# REQUIRE: DAEMON LOGIN
-
-if [ -f /etc/rc.subr ]
-then
- . /etc/rc.subr
-fi
-
-name="sshd"
-rcvar=$name
-command="@PREFIX@/sbin/${name}"
-keygen_command="@PREFIX@/bin/ssh-keygen"
-pidfile="@SSH_PID_DIR@/${name}.pid"
-required_files="@PKG_SYSCONFDIR@/sshd_config"
-extra_commands="keygen reload"
-
-sshd_keygen()
-{
- (
- umask 022
- if [ -f @PKG_SYSCONFDIR@/ssh_host_key ]; then
- @ECHO@ "You already have an RSA host key in @PKG_SYSCONFDIR@/ssh_host_key"
- @ECHO@ "Skipping protocol version 1 RSA Key Generation"
- else
- ${keygen_command} -t rsa1 -b 1024 -f @PKG_SYSCONFDIR@/ssh_host_key -N ''
- fi
-
- if [ -f @PKG_SYSCONFDIR@/ssh_host_dsa_key ]; then
- @ECHO@ "You already have a DSA host key in @PKG_SYSCONFDIR@/ssh_host_dsa_key"
- @ECHO@ "Skipping protocol version 2 DSA Key Generation"
- else
- ${keygen_command} -t dsa -f @PKG_SYSCONFDIR@/ssh_host_dsa_key -N ''
- fi
-
- if [ -f @PKG_SYSCONFDIR@/ssh_host_rsa_key ]; then
- @ECHO@ "You already have a RSA host key in @PKG_SYSCONFDIR@/ssh_host_rsa_key"
- @ECHO@ "Skipping protocol version 2 RSA Key Generation"
- else
- ${keygen_command} -t rsa -f @PKG_SYSCONFDIR@/ssh_host_rsa_key -N ''
- fi
- )
-}
-
-sshd_precmd()
-{
- if [ ! -f @PKG_SYSCONFDIR@/ssh_host_key -o \
- ! -f @PKG_SYSCONFDIR@/ssh_host_dsa_key -o \
- ! -f @PKG_SYSCONFDIR@/ssh_host_rsa_key ]; then
- if [ -f /etc/rc.subr -a -f /etc/rc.conf -a -f /etc/rc.d/DAEMON ]
- then
- run_rc_command keygen
- else
- eval ${keygen_cmd}
- fi
- fi
-}
-
-keygen_cmd=sshd_keygen
-start_precmd=sshd_precmd
-
-if [ -f /etc/rc.subr -a -f /etc/rc.conf -a -f /etc/rc.d/DAEMON ]
-then
- load_rc_config $name
- run_rc_command "$1"
-else
- case ${1:-start} in
- start)
- if [ -x ${command} -a -f ${required_files} ]
- then
- @ECHO@ "Starting ${name}."
- eval ${start_precmd}
- eval ${command} ${sshd_flags} ${command_args}
- fi
- ;;
- stop)
- if [ -f ${pidfile} ]; then
- pid=`@HEAD@ -1 ${pidfile}`
- @ECHO@ "Stopping ${name}."
- kill -TERM ${pid}
- else
- @ECHO@ "${name} not running?"
- fi
- ;;
- restart)
- ( $0 stop )
- sleep 1
- $0 start
- ;;
- status)
- if [ -f ${pidfile} ]; then
- pid=`@HEAD@ -1 ${pidfile}`
- @ECHO@ "${name} is running as pid ${pid}."
- else
- @ECHO@ "${name} is not running."
- fi
- ;;
- keygen)
- eval ${keygen_cmd}
- ;;
- esac
-fi
diff --git a/security/openssh+gssapi/patches/patch-aa b/security/openssh+gssapi/patches/patch-aa
deleted file mode 100644
index a505c8d77c1..00000000000
--- a/security/openssh+gssapi/patches/patch-aa
+++ /dev/null
@@ -1,34 +0,0 @@
-$NetBSD: patch-aa,v 1.1.1.1 2003/07/24 21:01:23 jwise Exp $
-
---- configure.orig Tue Apr 29 02:37:28 2003
-+++ configure Tue Jun 10 13:38:01 2003
-@@ -4939,6 +4939,9 @@
- ;;
- esac
-
-+# pkgsrc handles any rpath settings this package needs
-+need_dash_r=
-+
- # Allow user to specify flags
-
- # Check whether --with-cflags or --without-cflags was given.
-@@ -7030,6 +7033,10 @@
- cat >>conftest.$ac_ext <<_ACEOF
- /* end confdefs.h. */
-
-+#ifdef HAVE_SYS_CDEFS_H
-+#include <sys/cdefs.h>
-+#endif
-+#include <stdio.h>
- #include <tcpd.h>
- int deny_severity = 0, allow_severity = 0;
-
-@@ -19123,7 +19130,7 @@
- echo " User binaries: $B"
- echo " System binaries: $C"
- echo " Configuration files: $D"
--echo " Askpass program: $E"
-+echo " Askpass program: ${ASKPASS_PROGRAM}"
- echo " Manual pages: $F"
- echo " PID file: $G"
- echo " Privilege separation chroot path: $H"
diff --git a/security/openssh+gssapi/patches/patch-ab b/security/openssh+gssapi/patches/patch-ab
deleted file mode 100644
index 78af9066543..00000000000
--- a/security/openssh+gssapi/patches/patch-ab
+++ /dev/null
@@ -1,34 +0,0 @@
-$NetBSD: patch-ab,v 1.1.1.1 2003/07/24 21:01:24 jwise Exp $
-
---- configure.ac.orig Thu Sep 26 00:38:47 2002
-+++ configure.ac
-@@ -341,6 +341,9 @@ mips-sony-bsd|mips-sony-newsos4)
- ;;
- esac
-
-+# pkgsrc handles any rpath settings this package needs
-+need_dash_r=
-+
- # Allow user to specify flags
- AC_ARG_WITH(cflags,
- [ --with-cflags Specify additional flags to pass to compiler],
-@@ -575,6 +578,10 @@ AC_ARG_WITH(tcp-wrappers,
- AC_MSG_CHECKING(for libwrap)
- AC_TRY_LINK(
- [
-+#ifdef HAVE_SYS_CDEFS_H
-+#include <sys/cdefs.h>
-+#endif
-+#include <stdio.h>
- #include <tcpd.h>
- int deny_severity = 0, allow_severity = 0;
- ],
-@@ -2449,7 +2456,7 @@ echo "OpenSSH has been configured with t
- echo " User binaries: $B"
- echo " System binaries: $C"
- echo " Configuration files: $D"
--echo " Askpass program: $E"
-+echo " Askpass program: ${ASKPASS_PROGRAM}"
- echo " Manual pages: $F"
- echo " PID file: $G"
- echo " Privilege separation chroot path: $H"
diff --git a/security/openssh+gssapi/patches/patch-ah b/security/openssh+gssapi/patches/patch-ah
deleted file mode 100644
index 195dd6ba600..00000000000
--- a/security/openssh+gssapi/patches/patch-ah
+++ /dev/null
@@ -1,22 +0,0 @@
-$NetBSD: patch-ah,v 1.1.1.1 2003/07/24 21:01:24 jwise Exp $
-
---- Makefile.in.orig Fri Jun 21 10:38:53 2002
-+++ Makefile.in Tue Jun 25 10:50:44 2002
-@@ -21,7 +21,7 @@
- DESTDIR=
- VPATH=@srcdir@
- SSH_PROGRAM=@bindir@/ssh
--ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass
-+#ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass
- SFTP_SERVER=$(libexecdir)/sftp-server
- SSH_KEYSIGN=$(libexecdir)/ssh-keysign
- RAND_HELPER=$(libexecdir)/ssh-rand-helper
-@@ -203,7 +203,7 @@
- scard-install:
- (cd scard && $(MAKE) DESTDIR=$(DESTDIR) install)
-
--install-files: scard-install
-+install-files:
- $(srcdir)/mkinstalldirs $(DESTDIR)$(bindir)
- $(srcdir)/mkinstalldirs $(DESTDIR)$(sbindir)
- $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)
diff --git a/security/openssh+gssapi/patches/patch-ai b/security/openssh+gssapi/patches/patch-ai
deleted file mode 100644
index 7c5b86be082..00000000000
--- a/security/openssh+gssapi/patches/patch-ai
+++ /dev/null
@@ -1,62 +0,0 @@
-$NetBSD: patch-ai,v 1.2 2003/09/17 14:27:07 jwise Exp $
-Index: buffer.c
-===================================================================
-RCS file: /cvs/src/usr.bin/ssh/buffer.c,v
-retrieving revision 1.16
-retrieving revision 1.18
-diff -u -r1.16 -r1.18
---- buffer.c 26 Jun 2002 08:54:18 -0000 1.16
-+++ buffer.c 16 Sep 2003 21:02:39 -0000 1.18
-@@ -23,8 +23,11 @@
- void
- buffer_init(Buffer *buffer)
- {
-- buffer->alloc = 4096;
-- buffer->buf = xmalloc(buffer->alloc);
-+ const u_int len = 4096;
-+
-+ buffer->alloc = 0;
-+ buffer->buf = xmalloc(len);
-+ buffer->alloc = len;
- buffer->offset = 0;
- buffer->end = 0;
- }
-@@ -34,8 +37,10 @@
- void
- buffer_free(Buffer *buffer)
- {
-- memset(buffer->buf, 0, buffer->alloc);
-- xfree(buffer->buf);
-+ if (buffer->alloc > 0) {
-+ memset(buffer->buf, 0, buffer->alloc);
-+ xfree(buffer->buf);
-+ }
- }
-
- /*
-@@ -69,6 +74,7 @@
- void *
- buffer_append_space(Buffer *buffer, u_int len)
- {
-+ u_int newlen;
- void *p;
-
- if (len > 0x100000)
-@@ -98,11 +104,13 @@
- goto restart;
- }
- /* Increase the size of the buffer and retry. */
-- buffer->alloc += len + 32768;
-- if (buffer->alloc > 0xa00000)
-+
-+ newlen = buffer->alloc + len + 32768;
-+ if (newlen > 0xa00000)
- fatal("buffer_append_space: alloc %u not supported",
-- buffer->alloc);
-- buffer->buf = xrealloc(buffer->buf, buffer->alloc);
-+ newlen);
-+ buffer->buf = xrealloc(buffer->buf, newlen);
-+ buffer->alloc = newlen;
- goto restart;
- /* NOTREACHED */
- }
diff --git a/security/openssh+gssapi/patches/patch-aj b/security/openssh+gssapi/patches/patch-aj
deleted file mode 100644
index decfa9b91fa..00000000000
--- a/security/openssh+gssapi/patches/patch-aj
+++ /dev/null
@@ -1,26 +0,0 @@
-$NetBSD: patch-aj,v 1.1 2003/09/17 14:27:07 jwise Exp $
-Index: channels.c
-===================================================================
-RCS file: /cvs/src/usr.bin/ssh/channels.c,v
-retrieving revision 1.194
-retrieving revision 1.195
-diff -u -r1.194 -r1.195
---- channels.c 29 Aug 2003 10:04:36 -0000 1.194
-+++ channels.c 16 Sep 2003 21:02:40 -0000 1.195
-@@ -228,12 +228,13 @@
- if (found == -1) {
- /* There are no free slots. Take last+1 slot and expand the array. */
- found = channels_alloc;
-- channels_alloc += 10;
- if (channels_alloc > 10000)
- fatal("channel_new: internal error: channels_alloc %d "
- "too big.", channels_alloc);
-+ channels = xrealloc(channels,
-+ (channels_alloc + 10) * sizeof(Channel *));
-+ channels_alloc += 10;
- debug2("channel: expanding %d", channels_alloc);
-- channels = xrealloc(channels, channels_alloc * sizeof(Channel *));
- for (i = found; i < channels_alloc; i++)
- channels[i] = NULL;
- }
-
diff --git a/security/ssh/DEINSTALL b/security/ssh/DEINSTALL
deleted file mode 100644
index 7a0d3de24b9..00000000000
--- a/security/ssh/DEINSTALL
+++ /dev/null
@@ -1,18 +0,0 @@
-#! /bin/sh
-#
-# $NetBSD: DEINSTALL,v 1.1 2001/11/01 01:17:52 zuntum Exp $
-#
-
-case "$2" in
- DEINSTALL) cat <<EOF
-
-=============================================================
-Note that ssh configuration, key, and random-seed files
-(@SSH_CONF_DIR@/ssh*) are not removed in the deinstallation
-process. You should remove those by hand, if you no longer
-need them.
-=============================================================
-
-EOF
- ;;
-esac
diff --git a/security/ssh/DESCR b/security/ssh/DESCR
deleted file mode 100644
index a191dd75801..00000000000
--- a/security/ssh/DESCR
+++ /dev/null
@@ -1,98 +0,0 @@
-SSH (Secure Shell) is a program to log into another computer over a
-network, to execute commands in a remote machine, and to move files
-from one machine to another. It provides strong authentication and
-secure communications over insecure channels. It is intended as a
-replacement for rlogin, rsh, rcp, and rdist.
-
-FEATURES
-
- o Strong authentication. Closes several security holes (e.g., IP,
- routing, and DNS spoofing). New authentication methods: .rhosts
- together with RSA based host authentication, and pure RSA
- authentication.
-
- o Improved privacy. All communications are automatically and
- transparently encrypted. RSA is used for key exchange, and a
- conventional cipher (normally IDEA, Blowfish, or triple-DES) for
- encrypting the session. Encryption is started before
- authentication, and no passwords or other information is
- transmitted in the clear. Encryption is also used to protect
- against spoofed packets.
-
- o Secure X11 sessions. The program automatically sets DISPLAY on
- the server machine, and forwards any X11 connections over the
- secure channel. Fake Xauthority information is automatically
- generated and forwarded to the remote machine; the local client
- automatically examines incoming X11 connections and replaces the
- fake authorization data with the real data (never telling the
- remote machine the real information).
-
- o Arbitrary TCP/IP ports can be redirected through the encrypted channel
- in both directions (e.g., for e-cash transactions).
-
- o No retraining needed for normal users; everything happens
- automatically, and old .rhosts files will work with strong
- authentication if administration installs host key files.
-
- o Never trusts the network. Minimal trust on the remote side of
- the connection. Minimal trust on domain name servers. Pure RSA
- authentication never trusts anything but the private key.
-
- o Client RSA-authenticates the server machine in the beginning of
- every connection to prevent trojan horses (by routing or DNS
- spoofing) and man-in-the-middle attacks, and the server
- RSA-authenticates the client machine before accepting .rhosts or
- /etc/hosts.equiv authentication (to prevent DNS, routing, or
- IP-spoofing).
-
- o Host authentication key distribution can be centrally by the
- administration, automatically when the first connection is made
- to a machine (the key obtained on the first connection will be
- recorded and used for authentication in the future), or manually
- by each user for his/her own use. The central and per-user host
- key repositories are both used and complement each other. Host
- keys can be generated centrally or automatically when the software
- is installed. Host authentication keys are typically 1024 bits.
-
- o Any user can create any number of user authentication RSA keys for
- his/her own use. Each user has a file which lists the RSA public
- keys for which proof of possession of the corresponding private
- key is accepted as authentication. User authentication keys are
- typically 1024 bits.
-
- o The server program has its own server RSA key which is
- automatically regenerated every hour. This key is never saved in
- any file. Exchanged session keys are encrypted using both the
- server key and the server host key. The purpose of the separate
- server key is to make it impossible to decipher a captured session by
- breaking into the server machine at a later time; one hour from
- the connection even the server machine cannot decipher the session
- key. The key regeneration interval is configurable. The server
- key is normally 768 bits.
-
- o An authentication agent, running in the user's laptop or local
- workstation, can be used to hold the user's RSA authentication
- keys. Ssh automatically forwards the connection to the
- authentication agent over any connections, and there is no need to
- store the RSA authentication keys on any machine in the network
- (except the user's own local machine). The authentication
- protocols never reveal the keys; they can only be used to verify
- that the user's agent has a certain key. Eventually the agent
- could rely on a smart card to perform all authentication
- computations.
-
- o The software can be installed and used (with restricted
- functionality) even without root privileges.
-
- o The client is customizable in system-wide and per-user
- configuration files. Most aspects of the client's operation can
- be configured. Different options can be specified on a per-host basis.
-
- o Automatically executes conventional rsh (after displaying a
- warning) if the server machine is not running sshd.
-
- o Optional compression of all data with gzip (including forwarded X11
- and TCP/IP port data), which may result in significant speedups on
- slow connections.
-
- o Complete replacement for rlogin, rsh, and rcp.
diff --git a/security/ssh/MESSAGE b/security/ssh/MESSAGE
deleted file mode 100644
index 635b30660db..00000000000
--- a/security/ssh/MESSAGE
+++ /dev/null
@@ -1,20 +0,0 @@
-===========================================================================
-$NetBSD: MESSAGE,v 1.2 2002/09/24 12:30:35 wiz Exp $
-
-If "starter" configuration files were installed (in ${SSH_CONF_DIR})
-when the package was installed, be sure to examine them (and the man pages
-for ssh and sshd) to determine whether you want to make any changes.
-
-Copies of the example configuration files are installed in
-${PREFIX}/share/examples/ssh, so those can still be used for reference
-after you have made changes to those installed in ${SSH_CONF_DIR}, or if
-you had existing configuration files, which would not be overwritten in
-the installation process.
-
-In general, you will want to set up /etc/rc.local to start sshd at boot
-time. Something like the following should do the job:
-
-# Run sshd if installed and configured
-${PREFIX}/etc/rc.d/sshd
-
-===========================================================================
diff --git a/security/ssh/Makefile b/security/ssh/Makefile
deleted file mode 100644
index ce4eee6b1c9..00000000000
--- a/security/ssh/Makefile
+++ /dev/null
@@ -1,208 +0,0 @@
-# $NetBSD: Makefile,v 1.111 2004/02/23 03:51:47 kristerw Exp $
-# FreeBSD Id: Makefile,v 1.47 1997/11/10 22:04:42 dima Exp
-#
-
-# We do not upgrade to 1.2.28 and beyond, intentionally. There was license
-# change between 1.2.27 and 1.2.28, and the new license prohibits us from
-# modifying/redistributing it.
-#
-DISTNAME= ssh-1.2.27
-PKGREVISION= 2
-CATEGORIES= security net
-MASTER_SITES= ftp://ftp.ssh.com/pub/ssh/old/ \
- ftp://ftp.funet.fi/pub/unix/security/login/ssh/ \
- ftp://ftp.cert.dfn.de/pub/tools/net/ssh/
-DISTFILES= ${DISTNAME}${EXTRACT_SUFX}
-
-MAINTAINER= tech-pkg@NetBSD.org
-HOMEPAGE= http://www.cs.hut.fi/ssh/
-COMMENT= Secure shell client and server (remote login program)
-
-CONFLICTS= openssh-[0-9]* ssh2-[0-9]* ssh6-[0-9]*
-CONFLICTS= openssh+gssapi-[0-9]*
-
-CRYPTO= YES
-LICENSE= no-commercial-use
-USE_RSAREF2= NO
-
-EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX}
-# the next line is needed if you have the gmp package installed
-LDFLAGS+= -Lgmp-2.0.2-ssh-2
-GNU_CONFIGURE= YES
-USE_X11= YES
-USE_BUILDLINK3= YES
-
-.include "../../mk/bsd.prefs.mk"
-
-SSH_CONF_DIR= ${PKG_SYSCONFDIR}
-
-CONFIGURE_ARGS+= --with-etcdir=${SSH_CONF_DIR}
-X_LDFLAGS= -Wl,${RPATH_FLAG}${X11BASE}/lib
-MAKE_ENV+= X_LDFLAGS="${X_LDFLAGS}"
-
-.if ${OPSYS} == "NetBSD"
-CONFIGURE_ARGS+= --with-libwrap
-.endif
-
-.if ${OPSYS} == "SunOS" || ${OPSYS} == "IRIX"
-CONFIGURE_ENV+= X_CFLAGS="-I${LOCALBASE}/include"
-.endif
-
-#Uncomment if all your users are in their own group and their homedir
-#is writeable by that group. Beware the security implications!
-#CONFIGURE_ARGS+= --enable-group-writeability
-
-#Uncomment if you want to allow ssh to emulate an unencrypted rsh connection
-#over a secure medium. This is normally dangerous since it can lead to the
-#disclosure keys and passwords.
-#CONFIGURE_ARGS+= --with-none
-
-.if defined(USE_RSAREF2) && ${USE_RSAREF2} == YES
-DEPENDS+= rsaref-2.0p3:../../security/rsaref
-CONFIGURE_ARGS+= --with-rsaref="${LOCALBASE}/lib"
-CONFIGURE_ENV+= LDFLAGS="${SSH_LDFLAGS}"
-CFLAGS+= -I${LOCALBASE}/include
-SSH_LDFLAGS= -Wl,${RPATH_FLAG}${LOCALBASE}/lib
-FIX_RPATH+= SSH_LDFLAGS
-.endif
-
-# Include support for the SecureID card
-# Warning: untested !
-.if defined(USE_SECUREID) && ${USE_SECUREID} == YES
-CONFIGURE_ARGS+= --with-secureid
-.endif
-
-# If rsh is elsewhere to /usr/bin/rsh
-.if defined(SSH_RSHPATH)
-CONFIGURE_ARGS+= --with-rsh=${SSH_RSHPATH}
-.endif
-
-# By default, use IDEA. IDEA can be freely used for non-commercial use.
-# However, commercial use may require a license in a number of countries.
-#
-USE_IDEA?= YES
-
-# Handle deprecated option SSH_DONT_USE_IDEA.
-#
-.if defined(SSH_DONT_USE_IDEA) && ${SSH_DONT_USE_IDEA} == YES
-USE_IDEA= NO
-.endif
-
-.if ${USE_IDEA} != "YES"
-CONFIGURE_ARGS+= --without-idea
-.endif
-
-# Include SOCKS firewall support
-.if defined(USE_SOCKS) && (${USE_SOCKS} == 4 || ${USE_SOCKS} == 5)
-CONFIGURE_ARGS+= --with-socks${USE_SOCKS}="-L${LOCALBASE}/lib -lsocks${USE_SOCKS}"
-CFLAGS+= -I${LOCALBASE}/include
-.if ${USE_SOCKS} == 4
-DEPENDS+= socks4-2.2:../../net/socks4
-.else
-DEPENDS+= socks5-1.0.2:../../net/socks5
-.endif
-.endif
-
-# The original Kerberos v4 patches were fetched from
-# http://monkey.org/~dugsong/ssh-afs/
-# PATCH_SITES+= ftp://ftp.monkey.org/pub/users/dugsong/
-# PATCHFILES+= ssh-1.2.27-afs-kerberos.patch-1
-# MD5 (ssh-1.2.27-afs-kerberos.patch-1) = d440f74958d9c3805b76dbc13e97e87d
-
-.if defined(KERBEROS)
-PKG_USE_KERBEROS= yes
-CONFIGURE_ARGS+= --with-krb4=/usr
-.endif
-
-# XXX KERBEROS 5 SUPPORT BROKEN WITH HEIMDAL
-#.if defined(KERBEROS) && ${KERBEROS} == 5
-#PKG_USE_KERBEROS= yes
-#CONFIGURE_ARGS+=--with-krb5=/usr
-#.else
-#CONFIGURE_ARGS+=--without-krb5
-#.endif
-
-# Enable support for TIS authentication server
-.if defined(USE_TIS) && ${USE_TIS} == YES
-CONFIGURE_ARGS+= --with-tis=${LOCALBASE}
-.endif
-
-# Don't install "ssh" setuid
-.if !defined(SSH_SUID) || ${SSH_SUID} != YES
-CONFIGURE_ARGS+= --disable-suid-ssh
-.endif
-
-# Make libwrap also compare against forwards (off by default)
-.if defined(LIBWRAP_FWD) && ${LIBWRAP_FWD} == YES
-CFLAGS+= -DLIBWRAP_FWD
-.endif
-
-# be more effective on M68060 machines
-.if defined(M68060)
-CONFIGURE_ARGS+= --disable-asm
-CFLAGS+= -m68060
-.endif
-
-DEINSTALL_FILE= ${WRKDIR}/DEINSTALL
-PLIST_SRC= ${WRKDIR}/PLIST
-PLIST_SUBST+= INSTALL="${INSTALL}" \
- ROOT_GROUP="${ROOT_GROUP}"
-MESSAGE_SUBST+= SSH_CONF_DIR="${SSH_CONF_DIR}"
-
-pre-patch:
- @${MV} -f ${WRKSRC}/make-ssh-known-hosts.pl \
- ${WRKSRC}/make-ssh-known-hosts.pl.in
- @# SSH DES and AFS/Kerberos DES conflict.
- @${MV} -f ${WRKSRC}/des.h ${WRKSRC}/ssh-des.h
-
-fetch-depends:
-.if !defined(USE_RSAREF2) || ${USE_RSAREF2} != YES && ${USE_RSAREF2} != NO
- @${ECHO}
- @${ECHO} The variable USE_RSAREF2 must be set to either YES or NO
- @${ECHO} in order to build this package. USA residents that are
- @${ECHO} not licensees of the RSA algorithm MUST set this variable
- @${ECHO} to YES. Users outside the USA MUST set this variable to
- @${ECHO} NO. Licensees may choose -- NO is faster.
- @${ECHO}
- @${ECHO} You may also want to set USE_IDEA to NO if this program
- @${ECHO} will be used for a commercial purpose. There are other
- @${ECHO} configure options\; look at the pkg Makefile for more info.
- @${FALSE}
-.endif
-
-post-patch:
- @# Make sure that "automake" is never run.
- @${FIND} ${WRKSRC} -name Makefile.in -print | ${XARGS} ${TOUCH} ${TOUCH_FLAGS}
-
-post-build:
- @cd ${PKGDIR}; \
- for FILE in DEINSTALL PLIST ${FILESDIR}/sshd.sh; do \
- ${SED} -e 's#@SSH_CONF_DIR@#${SSH_CONF_DIR}#g' \
- -e 's#@PREFIX@#${PREFIX}#g' \
- <$${FILE} >${WRKDIR}/`basename $${FILE}`; \
- done
- @if [ -x ${WRKSRC}/ssh-askpass ]; then \
- ${ECHO} bin/ssh-askpass >>${PLIST_SRC}; \
- ${ECHO} bin/ssh-askpass1 >>${PLIST_SRC}; \
- fi
-
-post-install:
- @${INSTALL_DATA_DIR} ${PREFIX}/share/examples/ssh
- @${MKDIR} ${WRKDIR}${SSH_CONF_DIR}
- (cd ${WRKSRC}; ${SETENV} ${MAKE_ENV} ${MAKE_PROGRAM} ${MAKE_FLAGS} \
- -f ${MAKEFILE} install_prefix=${WRKDIR} install-configs)
- ${INSTALL_DATA} ${WRKDIR}${SSH_CONF_DIR}/ssh_config \
- ${WRKDIR}${SSH_CONF_DIR}/sshd_config ${PREFIX}/share/examples/ssh
- @${RM} -rf ${WRKDIR}${SSH_CONF_DIR}
- @if [ ! -f ${SSH_CONF_DIR}/ssh_host_key ]; then \
- ${ECHO} "Generating a secret host key..."; \
- ${PREFIX}/bin/ssh-keygen \
- -f ${SSH_CONF_DIR}/ssh_host_key -N ""; \
- fi
- ${INSTALL_SCRIPT} ${WRKDIR}/sshd.sh ${PREFIX}/etc/rc.d/sshd
-
-BUILD_DEFS+= USE_IDEA SSH_SUID USE_RSAREF2
-BUILD_DEFS+= LIBWRAP_FWD M68060 USE_SOCKS
-
-.include "../../devel/zlib/buildlink3.mk"
-.include "../../mk/bsd.pkg.mk"
diff --git a/security/ssh/PLIST b/security/ssh/PLIST
deleted file mode 100644
index b6c0fae5559..00000000000
--- a/security/ssh/PLIST
+++ /dev/null
@@ -1,40 +0,0 @@
-@comment $NetBSD: PLIST,v 1.3 2002/06/26 10:30:01 seb Exp $
-bin/ssh
-bin/ssh1
-bin/scp
-bin/scp1
-bin/slogin
-bin/ssh-add
-bin/ssh-add1
-bin/ssh-agent
-bin/ssh-agent1
-bin/ssh-keygen
-bin/ssh-keygen1
-bin/make-ssh-known-hosts
-bin/make-ssh-known-hosts1
-etc/rc.d/sshd
-man/man1/make-ssh-known-hosts1.1
-man/man1/make-ssh-known-hosts.1
-man/man1/scp.1
-man/man1/scp1.1
-man/man1/ssh-add.1
-man/man1/ssh-add1.1
-man/man1/ssh-agent.1
-man/man1/ssh-agent1.1
-man/man1/ssh-keygen.1
-man/man1/ssh-keygen1.1
-man/man1/ssh.1
-man/man1/ssh1.1
-man/man1/slogin.1
-man/man1/slogin1.1
-man/man8/sshd.8
-man/man8/sshd1.8
-sbin/sshd
-sbin/sshd1
-share/examples/ssh/ssh_config
-share/examples/ssh/sshd_config
-@exec if [ ! -d @SSH_CONF_DIR@ ]; then echo "Creating directory @SSH_CONF_DIR@ for ssh config files.." ; ${MKDIR} @SSH_CONF_DIR@; fi
-@exec if [ ! -f @SSH_CONF_DIR@/ssh_config ]; then echo "Installing example ssh_config in @SSH_CONF_DIR@.." ; ${INSTALL} -c -o root -g ${ROOT_GROUP} -m 0644 %D/share/examples/ssh/ssh_config @SSH_CONF_DIR@; fi
-@exec if [ ! -f @SSH_CONF_DIR@/sshd_config ]; then echo "Installing example sshd_config in @SSH_CONF_DIR@.." ; ${INSTALL} -c -o root -g ${ROOT_GROUP} -m 0644 %D/share/examples/ssh/sshd_config @SSH_CONF_DIR@; fi
-@exec if [ ! -f @SSH_CONF_DIR@/ssh_host_key ]; then echo "Generating a secret host key in @SSH_CONF_DIR@.." ; %D/bin/ssh-keygen -N "" -f @SSH_CONF_DIR@/ssh_host_key; fi
-@dirrm share/examples/ssh
diff --git a/security/ssh/distinfo b/security/ssh/distinfo
deleted file mode 100644
index 628cbc260b4..00000000000
--- a/security/ssh/distinfo
+++ /dev/null
@@ -1,43 +0,0 @@
-$NetBSD: distinfo,v 1.8 2004/02/21 13:55:01 grant Exp $
-
-SHA1 (ssh-1.2.27.tar.gz) = 0e7d59c6a62b094bd51818599ae24f7de3462d14
-Size (ssh-1.2.27.tar.gz) = 1022546 bytes
-SHA1 (patch-aa) = 6cf6e5043e1cd230064b73620ce7c86bf5673649
-SHA1 (patch-ab) = 24f370975088dd33551df39ebc1e5cc204c5d7cb
-SHA1 (patch-ac) = 87d3e930e32f820e9dd3fc497468c30249dbcda4
-SHA1 (patch-ad) = 0fac0e4586db5257ea10dfba2e14f7f35c6bed49
-SHA1 (patch-ae) = 559327d78036cd956443a739f3f0f52430dd9b2f
-SHA1 (patch-af) = 8a3246a9bd1520a4b8ad74584ee1c68b3ed671d3
-SHA1 (patch-ag) = 315d3e8153a607f3c87f90e7aa6f35a31fa3f485
-SHA1 (patch-ah) = e71f71b606e057eb646941719416a7be74849a1b
-SHA1 (patch-ai) = ae1531eafdfdcbf67b325353f0f6f7f07af97ca3
-SHA1 (patch-aj) = 8405f3f61dc52a66df1ee28de050210ae7db4611
-SHA1 (patch-al) = 1d7dca318e09185d80df6ebc9cc89909c5cf9afe
-SHA1 (patch-am) = 46d4ee33fdb74874733c4efef45b5da89c5a0993
-SHA1 (patch-an) = d286e3ee625bcd5947a4d7ab54b20340142d0f0c
-SHA1 (patch-ao) = 50fbfb324a6cae9636d649e30613092e1f5e5999
-SHA1 (patch-ap) = 88365b53d5bc7ae0b49c36b06f16e0f7a28f6acb
-SHA1 (patch-aq) = 2314c993e8a0edb0dc5ff7076744a222a03f6a34
-SHA1 (patch-ar) = 3c72885039fd3763f8e577ad7d9dc2f3558a44ad
-SHA1 (patch-as) = 724fad32e30fb896c016e7c5175ecbf277b2a8e6
-SHA1 (patch-at) = b2c65fdf1be1f94f2a1bb94e18ae2a70770b343d
-SHA1 (patch-au) = ebbb3e5fe2bd6dabe583b557a057d9f80b061484
-SHA1 (patch-av) = 149c9f538c0de05995246188cc5098ee6ee1f6b0
-SHA1 (patch-ax) = 64b8460f961f7c874b8959480591abbc3e1ff3d2
-SHA1 (patch-ay) = 6d4a63c65773d505b1cf94260f723a1378e748a2
-SHA1 (patch-az) = ecb55a764c06588363834570512935db68813749
-SHA1 (patch-ba) = c7d24bc11bf16124b9da4c7f49318d83784a2d68
-SHA1 (patch-bb) = 699259dfd73469ea39ccd2f48f54b8252bf0bd4b
-SHA1 (patch-bd) = 995bd2676793a55a0108788778e1f9eb6eb2b84c
-SHA1 (patch-be) = 2f1771003d12f3455cf9234dce72566a0897fbce
-SHA1 (patch-bf) = 716dd667ea12fabb685a411492cfc6ca9dfb7586
-SHA1 (patch-bg) = 46b18dc1f53bff0cbfaf5c46aea3bcfdf9eca7f4
-SHA1 (patch-bh) = 62752346e5af79d52895f2cb0a5eab3d61c037d9
-SHA1 (patch-bi) = 48d89570b6fd0d663e8cbc9228025fbefc6938f3
-SHA1 (patch-bj) = 91a8455717189f0e2a48959aa1b121c5e2a25cc0
-SHA1 (patch-bk) = bf26a7f84c54be2fc43e4995e40192acb68b5913
-SHA1 (patch-bl) = 216bb56a3afd7b4bd3341642e4cb3ef9bfeb9fbf
-SHA1 (patch-bn) = b7a1110d4d3088f5e815fec91e3faa157d3dd864
-SHA1 (patch-br) = d2e6cc8275f7f3d608de0dc81ef4ae6ae1a15722
-SHA1 (patch-ca) = 38ff05ea00587d73fb4a10d5832cec345b1d0b2f
-SHA1 (patch-la) = 459c1f19554b2ec65107cec0717b2c79f571175b
diff --git a/security/ssh/files/sshd.sh b/security/ssh/files/sshd.sh
deleted file mode 100644
index 85177bf55df..00000000000
--- a/security/ssh/files/sshd.sh
+++ /dev/null
@@ -1,49 +0,0 @@
-#!/bin/sh
-#
-# $NetBSD: sshd.sh,v 1.5 2000/09/20 04:49:20 jlam Exp $
-#
-# PROVIDE: sshd
-# REQUIRE: DAEMON LOGIN
-
-name="sshd"
-pidfile="/var/run/${name}.pid"
-
-command=${1:-start}
-
-case ${command} in
-start)
- if [ ! -f @SSH_CONF_DIR@/ssh_host_key ]
- then
- @PREFIX@/bin/ssh-keygen -b 1024 -N "" -f /etc/ssh_host_key
- fi
- # No DSA key for ssh-1.x
- if [ -x @PREFIX@/sbin/sshd -a -f @SSH_CONF_DIR@/sshd_config ]
- then
- echo "Starting ${name}."
- @PREFIX@/sbin/sshd
- fi
- ;;
-stop)
- if [ -f ${pidfile} ]; then
- pid=`head -1 ${pidfile}`
- echo "Stopping ${name}."
- kill -TERM ${pid}
- else
- echo "${name} not running?"
- fi
- ;;
-restart)
- ( $0 stop )
- sleep 1
- $0 start
- ;;
-status)
- if [ -f ${pidfile} ]; then
- pid=`head -1 ${pidfile}`
- echo "${name} is running as pid ${pid}."
- else
- echo "${name} is not running."
- fi
- ;;
-esac
-exit 0
diff --git a/security/ssh/patches/patch-aa b/security/ssh/patches/patch-aa
deleted file mode 100644
index 92268ba7ef4..00000000000
--- a/security/ssh/patches/patch-aa
+++ /dev/null
@@ -1,36 +0,0 @@
-$NetBSD: patch-aa,v 1.6 1999/11/13 17:32:21 sommerfeld Exp $
-
---- rsaglue.c.orig Wed May 12 07:19:28 1999
-+++ rsaglue.c Fri Nov 12 08:40:02 1999
-@@ -71,8 +71,7 @@
- interface without modifying RSAREF. */
-
- #define _MD5_H_ /* Kludge to prevent inclusion of rsaref md5.h. */
--#include "rsaref2/source/global.h"
--#include "rsaref2/source/rsaref.h"
-+#include <rsaref/rsaref.h>
-
- /* Convert an integer from gmp to rsaref representation. */
-
-@@ -139,6 +138,10 @@
-
- input_bits = mpz_sizeinbase(input, 2);
- input_len = (input_bits + 7) / 8;
-+ if (input_len > MAX_RSA_MODULUS_LEN)
-+ fatal("Input data has too many bits for RSAREF to handle (max %d).",
-+ MAX_RSA_MODULUS_BITS);
-+
- gmp_to_rsaref(input_data, input_len, input);
-
- rsaref_public_key(&public_key, key);
-@@ -172,6 +175,10 @@
-
- input_bits = mpz_sizeinbase(input, 2);
- input_len = (input_bits + 7) / 8;
-+ if (input_len > MAX_RSA_MODULUS_LEN)
-+ fatal("Input data has too many bits for RSAREF to handle (max %d).",
-+ MAX_RSA_MODULUS_BITS);
-+
- gmp_to_rsaref(input_data, input_len, input);
-
- rsaref_private_key(&private_key, key);
diff --git a/security/ssh/patches/patch-ab b/security/ssh/patches/patch-ab
deleted file mode 100644
index aa5387ebd85..00000000000
--- a/security/ssh/patches/patch-ab
+++ /dev/null
@@ -1,253 +0,0 @@
-$NetBSD: patch-ab,v 1.12 2000/03/20 02:25:49 itojun Exp $
-
---- configure.in- Wed May 12 20:20:02 1999
-+++ configure.in Mon Mar 20 09:48:09 2000
-@@ -30,6 +30,7 @@
- fi
-
- AC_PROG_CC
-+AC_PROG_CPP
- AC_ISC_POSIX
-
- AC_DEFINE_UNQUOTED(HOSTTYPE, "$host")
-@@ -42,11 +43,12 @@
- ;;
- *-*-solaris*)
- # solaris stuff. appro@fy.chalmers.se
-- AC_DEFINE(SECURE_RPC)
-- AC_DEFINE(SECURE_NFS)
-+# this stuff breaks AFS/Kerberos. YUCK.
-+# AC_DEFINE(SECURE_RPC)
-+# AC_DEFINE(SECURE_NFS)
- # NIS+ is forced so that we don't have to recompile
- # if we move to NIS+. appro@fy.chalmers.se
-- AC_DEFINE(NIS_PLUS)
-+# AC_DEFINE(NIS_PLUS)
- ;;
- *-*-sunos*)
- os_sunos=yes
-@@ -311,9 +313,9 @@
-
- export CFLAGS CC
-
--# Socket pairs appear to be broken on several systems. I don't know exactly
--# where, so I'll use pipes everywhere for now.
--AC_DEFINE(USE_PIPES)
-+dnl # Socket pairs appear to be broken on several systems. I don't know exactly
-+dnl # where, so I'll use pipes everywhere for now.
-+dnl AC_DEFINE(USE_PIPES)
-
- AC_MSG_CHECKING([that the compiler works])
- AC_TRY_RUN([ main(int ac, char **av) { return 0; } ],
-@@ -370,7 +372,7 @@
- AC_HEADER_STDC
- AC_HEADER_SYS_WAIT
- AC_CHECK_HEADERS(unistd.h rusage.h sys/time.h lastlog.h utmp.h shadow.h)
--AC_CHECK_HEADERS(sgtty.h sys/select.h sys/ioctl.h machine/endian.h)
-+AC_CHECK_HEADERS(sgtty.h sys/select.h sys/ioctl.h sys/filio.h machine/endian.h)
- AC_CHECK_HEADERS(paths.h usersec.h utime.h netinet/in_systm.h)
- AC_CHECK_HEADERS(netinet/in_system.h netinet/ip.h netinet/tcp.h ulimit.h)
- AC_CHECK_HEADERS(sys/resource.h login_cap.h sys/stream.h sys/conf.h)
-@@ -903,8 +905,8 @@
- fi
- AC_MSG_RESULT(Assuming TIS headers and libraries are in $withval.)
- AC_DEFINE(HAVE_TIS)
-- CFLAGS="$CFLAGS -I$withval -DHAVE_TIS"
-- LIBS="-L$withval -lauth -lfwall $LIBS"
-+ CFLAGS="$CFLAGS -I$withval/include -DHAVE_TIS"
-+ LIBS="-L$withval/lib -lauth -lfwall $LIBS"
- AC_MSG_WARN(Remember to read README.TIS. The connection between sshd and TIS authentication
- server is clear text!)
- ;;
-@@ -912,55 +914,117 @@
- AC_MSG_RESULT(no)
- )
-
--AC_MSG_CHECKING(whether to use Kerberos)
--AC_ARG_WITH(kerberos5,
--[ --with-kerberos5=[KRB_PREFIX] Compile in Kerberos5 support.],
-+AC_MSG_CHECKING(whether to use Kerberos v4)
-+AC_ARG_WITH(krb4,
-+[ --with-krb4[=PATH] Compile in Kerberos v4 support.],
- [ case "$withval" in
- yes)
-- with_kerberos5=/usr/local
-+ with_krb4=/usr/kerberos
- ;;
- esac ],
--[ with_kerberos5=no ]
-+[ with_krb4=no ]
- )
--case "$with_kerberos5" in
-+case "$with_krb4" in
- no)
- AC_MSG_RESULT(no)
- ;;
- *)
- AC_MSG_RESULT(yes)
-- AC_DEFINE(KERBEROS)
-- AC_DEFINE(KRB5)
-- KERBEROS_ROOT="$with_kerberos5"
-- KERBEROS_INCS="-I${KERBEROS_ROOT}/include"
-- KERBEROS_LIBS="-L${KERBEROS_ROOT}/lib -lgssapi_krb5 -lkrb5 -lcrypto -lcom_err"
-- AC_CHECK_LIB(ndbm, dbm_open, KERBEROS_LIBS="$KERBEROS_LIBS -lndbm")
-+ AC_DEFINE(KRB4)
-+ KERBEROS_ROOT="$with_krb4"
-+ KERBEROS_INCS="-I${KERBEROS_ROOT}/include/kerberosIV"
-+ KERBEROS_LIBS="-L${KERBEROS_ROOT}/lib -lkrb -ldes"
- KERBEROS_OBJS="auth-kerberos.o"
-+ AC_CHECK_LIB(resolv, dn_expand, KERBEROS_LIBS="$KERBEROS_LIBS -lresolv")
-+ dnl Check whether or not the AFS lifetime conversion routines exist.
-+ AC_MSG_CHECKING(whether AFS lifetime conversion routines are present)
-+ keeplibs="$LIBS"
-+ keepcflags="$CFLAGS"
-+ LIBS="-L${KERBEROS_ROOT}/lib -lkrb -ldes $LIBS"
-+ CFLAGS="-I${KERBEROS_ROOT}/include $CFLAGS"
-+ AC_TRY_LINK([#include <krb.h>], [ krb_life_to_time(10, 10);],
-+ [AC_MSG_RESULT(yes)
-+ AC_DEFINE(HAVE_KRB_LIFE_TO_TIME)],
-+ [AC_MSG_RESULT(no)])
-+ LIBS="$keeplibs"
-+ CFLAGS="$keepcflags"
- ;;
- esac
--AC_SUBST(KERBEROS_ROOT)
--AC_SUBST(KERBEROS_INCS)
--AC_SUBST(KERBEROS_LIBS)
--AC_SUBST(KERBEROS_OBJS)
--
--AC_MSG_CHECKING(whether to enable passing the Kerberos TGT)
--AC_ARG_ENABLE(kerberos-tgt-passing,
--[ --enable-kerberos-tgt-passing Pass Kerberos ticket-granting-ticket.],
--[ case "$enableval" in
-+
-+AC_MSG_CHECKING(whether to use Kerberos v5)
-+AC_ARG_WITH(krb5,
-+[ --with-krb5[=PATH] Compile in Kerberos v5 support.],
-+[ case "$withval" in
-+ yes)
-+ with_krb5=/usr/local
-+ ;;
-+ esac ],
-+[ with_krb5=no ]
-+)
-+case "$with_krb5" in
- no)
- AC_MSG_RESULT(no)
- ;;
- *)
-- if test "$with_kerberos5" = no ; then
-+ AC_MSG_RESULT(yes)
-+ AC_DEFINE(KRB5)
-+ KERBEROS_ROOT="$with_krb5"
-+ KERBEROS_INCS="-I${KERBEROS_ROOT}/include/krb5"
-+ KERBEROS_LIBS="-L${KERBEROS_ROOT}/lib -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err"
-+ AC_CHECK_LIB(ndbm, dbm_open, KERBEROS_LIBS="$KERBEROS_LIBS -lndbm")
-+ KERBEROS_OBJS="auth-kerberos.o"
-+ ;;
-+esac
-+
-+AC_MSG_CHECKING(whether to use AFS)
-+AC_ARG_WITH(afs,
-+[ --with-afs Compile in AFS support (requires KTH krb4).],
-+if test "$with_afs" = no; then
- AC_MSG_RESULT(no)
-- AC_MSG_WARN("Passing Kerberos TGT requires Kerberos5 support.")
- else
- AC_MSG_RESULT(yes)
-- AC_DEFINE(KERBEROS_TGT_PASSING)
-+ AC_DEFINE(AFS)
-+ if test "$with_krb4" = no; then
-+ AC_MSG_RESULT(no)
-+ AC_MSG_WARN("AFS requires Kerberos v4 support.")
-+ else
-+ KERBEROS_LIBS="${KERBEROS_LIBS} -lkafs"
-+ if test -n "$os_aix"; then
-+ KERBEROS_LIBS="${KERBEROS_LIBS} -lld"
- fi
-+ fi
-+fi
-+)
-+AC_SUBST(KERBEROS_ROOT)dnl
-+AC_SUBST(KERBEROS_INCS)dnl
-+AC_SUBST(KERBEROS_LIBS)dnl
-+AC_SUBST(KERBEROS_OBJS)dnl
-+
-+AC_MSG_CHECKING(whether to use Hesiod)
-+AC_ARG_WITH(hesiod,
-+[ --with-hesiod[=PATH] Compile in Hesiod support.],
-+[ case "$withval" in
-+ yes)
-+ with_hesiod=/usr/local/athena
- ;;
- esac ],
-- AC_MSG_RESULT(no)
-+[ with_hesiod=no ]
- )
-+case "$with_hesiod" in
-+no)
-+ AC_MSG_RESULT(no)
-+ ;;
-+*)
-+ AC_MSG_RESULT(yes)
-+ AC_DEFINE(HESIOD)
-+ HESIOD_ROOT="$with_hesiod"
-+ HESIOD_INCS="-I${HESIOD_ROOT}/include"
-+ HESIOD_LIBS="-L${HESIOD_ROOT}/lib -lhesiod"
-+ ;;
-+esac
-+AC_SUBST(HESIOD_ROOT)dnl
-+AC_SUBST(HESIOD_INCS)dnl
-+AC_SUBST(HESIOD_LIBS)dnl
-
- AC_MSG_CHECKING(whether to use libwrap)
- AC_ARG_WITH(libwrap,
-@@ -970,11 +1034,19 @@
- AC_MSG_RESULT(no)
- ;;
- yes)
-- AC_MSG_RESULT(yes)
-- AC_CHECK_LIB(wrap, request_init, [
-- AC_DEFINE(LIBWRAP)
-- WRAPLIBS="-lwrap"
-- AC_DEFINE(HAVE_LIBWRAP) ])
-+ WRAPLIBS="-lwrap"
-+ OLDLIBS="$LIBS"
-+ LIBS="$WRAPLIBS $LIBS"
-+ AC_TRY_LINK([ int allow_severity; int deny_severity; ],
-+ [ request_init(); ], [
-+ AC_MSG_RESULT(yes)
-+ AC_DEFINE(LIBWRAP)
-+ AC_DEFINE(HAVE_LIBWRAP)
-+ ], [
-+ AC_MSG_RESULT(no)
-+ WRAPLIBS=""
-+ ])
-+ LIBS="$OLDLIBS"
- ;;
- *)
- AC_MSG_RESULT(yes)
-@@ -1227,14 +1299,14 @@
- [ case "$enableval" in
- no)
- AC_MSG_RESULT(no)
-- SSHINSTALLMODE=0711
-+ SSHINSTALLMODE=0511
- ;;
- *) AC_MSG_RESULT(yes)
-- SSHINSTALLMODE=04711
-+ SSHINSTALLMODE=04511
- ;;
- esac ],
- AC_MSG_RESULT(yes)
-- SSHINSTALLMODE=04711
-+ SSHINSTALLMODE=04511
- )
-
- AC_MSG_CHECKING(whether to enable TCP_NODELAY)
-@@ -1336,4 +1408,4 @@
- AC_SUBST(SSHDCONFOBJS)
- AC_SUBST(SSHINSTALLMODE)
-
--AC_OUTPUT(Makefile sshd.8 ssh.1 make-ssh-known-hosts.1 zlib-1.0.4/Makefile)
-+AC_OUTPUT(Makefile sshd.8 ssh.1 make-ssh-known-hosts.pl make-ssh-known-hosts.1 zlib-1.0.4/Makefile)
diff --git a/security/ssh/patches/patch-ac b/security/ssh/patches/patch-ac
deleted file mode 100644
index 9d4fed60dda..00000000000
--- a/security/ssh/patches/patch-ac
+++ /dev/null
@@ -1,200 +0,0 @@
-$NetBSD: patch-ac,v 1.15 2004/02/21 13:55:01 grant Exp $
-
---- Makefile.in.orig 1999-05-12 21:19:31.000000000 +1000
-+++ Makefile.in
-@@ -264,7 +264,7 @@ CC = @CC@
- CFLAGS = @CFLAGS@
- LDFLAGS = @LDFLAGS@
- DEFS = @DEFS@ $(COMMERCIAL)
--LIBS = @LIBS@
-+LIBS = @LIBS@ @HESIOD_LIBS@
- LIBOBJS = @LIBOBJS@
- CONFOBJS = @CONFOBJS@
- SSHCONFOBJS = @SSHCONFOBJS@
-@@ -285,6 +285,9 @@ KERBEROS_INCS = @KERBEROS_INCS@
- KERBEROS_LIBS = @KERBEROS_LIBS@
- KERBEROS_OBJS = @KERBEROS_OBJS@
-
-+HESIOD_ROOT = @HESIOD_ROOT@
-+HESIOD_INCS = @HESIOD_INCS@
-+
- RSAREFDEP = @RSAREFDEP@
-
- WRAPLIBS = @WRAPLIBS@
-@@ -304,7 +307,8 @@ GMPDIR = gmp-2.0.2-ssh-2
- GMPLIBS = -L$(GMPDIR) -lgmp
- GMPDEP = $(GMPDIR)/gmp.h $(GMPDIR)/libgmp.a
-
--ZLIBDIR = zlib-1.0.4
-+#ZLIBDIR = zlib-1.0.4
-+ZLIBDIR = /usr/lib
- ZLIBDEP = $(ZLIBDIR)/libz.a
- ZLIBLIBS = -L$(ZLIBDIR) -lz
-
-@@ -316,13 +320,13 @@ X_LIBS = @X_LIBS@
- X_PRE_LIBS = @X_PRE_LIBS@
- X_EXTRA_LIBS = @X_EXTRA_LIBS@
-
--XLIBS = $(X_LIBS) $(X_PRE_LIBS) -lX11 $(X_EXTRA_LIBS) $(LIBS)
-+XLIBS = $(X_LDFLAGS) $(X_LIBS) $(X_PRE_LIBS) -lX11 $(X_EXTRA_LIBS) $(LIBS)
-
- COMMON_OBJS = $(LIBOBJS) $(CONFOBJS) \
- rsa.o randoms.o md5.o buffer.o emulate.o packet.o compress.o \
- xmalloc.o ttymodes.o newchannels.o bufaux.o authfd.o authfile.o \
- crc32.o rsaglue.o cipher.o des.o match.o arcfour.o mpaux.o \
-- userfile.o signals.o blowfish.o deattack.o
-+ userfile.o signals.o blowfish.o deattack.o radix.o
- SSHD_OBJS = sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o pty.o \
- log-server.o login.o hostfile.o canohost.o servconf.o tildexpand.o \
- serverloop.o $(COMMON_OBJS) $(KERBEROS_OBJS) $(SSHDCONFOBJS)
-@@ -411,7 +415,7 @@ rfc-pg: rfc-pg.o
- $(CC) -o rfc-pg rfc-pg.o
-
- .c.o:
-- $(CC) -c -I. $(KERBEROS_INCS) -I$(srcdir)/$(GMPDIR) -I$(srcdir)/$(ZLIBDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DSSH_BINDIR=\"$(bindir)\" -DTIS_MAP_FILE=\"$(TIS_MAP_FILE)\" $(CFLAGS) $(X_CFLAGS) $<
-+ $(CC) -c -I. $(KERBEROS_INCS) $(HESIOD_INCS) -I$(srcdir)/$(GMPDIR) -I$(srcdir)/$(ZLIBDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DSSH_BINDIR=\"$(bindir)\" -DTIS_MAP_FILE=\"$(TIS_MAP_FILE)\" $(CFLAGS) $(X_CFLAGS) $<
-
- sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP)
- -rm -f sshd
-@@ -459,14 +463,14 @@ GMP_COPY_SOURCES = mpz_gcd.c mpz_powm.c
- $(GMPDIR)/libgmp.a:
- cd $(GMPDIR); $(MAKE)
-
--$(ZLIBDEP):
-- -if test '!' -d $(ZLIBDIR); then \
-- mkdir $(ZLIBDIR); \
-- cp $(srcdir)/$(ZLIBDIR)/Makefile $(ZLIBDIR); \
-- fi
-- cd $(ZLIBDIR); $(MAKE) VPATH=$(srcdir)/$(ZLIBDIR):../$(srcdir)/$(ZLIBDIR) \
-- CC="$(CC)" CFLAGS="$(CFLAGS) -I. -I$(srcdir)/$(ZLIBDIR) \
-- -I../$(srcdir)/$(GMPDIR)" RANLIB="$(RANLIB)" libz.a
-+#$(ZLIBDEP):
-+# -if test '!' -d $(ZLIBDIR); then \
-+# mkdir $(ZLIBDIR); \
-+# cp $(srcdir)/$(ZLIBDIR)/Makefile $(ZLIBDIR); \
-+# fi
-+# cd $(ZLIBDIR); $(MAKE) VPATH=$(srcdir)/$(ZLIBDIR):../$(srcdir)/$(ZLIBDIR) \
-+# CC="$(CC)" CFLAGS="$(CFLAGS) -I. -I$(srcdir)/$(ZLIBDIR) \
-+# -I../$(srcdir)/$(GMPDIR)" RANLIB="$(RANLIB)" libz.a
-
- $(RSAREFSRCDIR)/librsaref.a:
- -if test '!' -d $(RSAREFDIR); then \
-@@ -523,10 +527,10 @@ hostinstall: $(PROGRAMS) make-dirs gener
- # (otherwise it can only log in as the user it runs as, and must be
- # bound to a non-privileged port). Also, password authentication may
- # not be available if non-root and using shadow passwords.
--install: $(PROGRAMS) make-dirs generate-host-key install-configs
-+install: $(PROGRAMS) make-dirs install-configs
- -rm -f $(install_prefix)$(bindir)/ssh1.old
-- -chmod 755 $(install_prefix)$(bindir)/ssh1
-- -chmod 755 $(install_prefix)$(bindir)/ssh
-+ -chmod 555 $(install_prefix)$(bindir)/ssh1
-+ -chmod 555 $(install_prefix)$(bindir)/ssh
- -mv $(install_prefix)$(bindir)/ssh1 $(install_prefix)$(bindir)/ssh1.old
- $(INSTALL_PROGRAM) -o root -m $(SSH_INSTALL_MODE) ssh $(install_prefix)$(bindir)/ssh1
- -if test -f $(install_prefix)$(bindir)/ssh2; then \
-@@ -549,7 +553,7 @@ install: $(PROGRAMS) make-dirs generate-
- -for p in $(NORMAL_PROGRAMS) $(X_PROGRAMS) $(OTHER_PROGRAMS); do \
- rm -f $(install_prefix)$(bindir)/$${p}1.old ; \
- mv $(install_prefix)$(bindir)/$${p}1 $(install_prefix)$(bindir)/$${p}1.old; \
-- $(INSTALL_PROGRAM) -m 0755 $$p $(install_prefix)$(bindir)/$${p}1; \
-+ $(INSTALL_PROGRAM) $$p $(install_prefix)$(bindir)/$${p}1; \
- if test -f $(install_prefix)$(bindir)/$${p}2; then \
- echo "Ssh version 2 $$p utility found, installation doesn't touch $$p link"; \
- else \
-@@ -566,7 +570,7 @@ install: $(PROGRAMS) make-dirs generate-
- rm -f $(install_prefix)$(bindir)/$${p}1.old ; \
- mv $(install_prefix)$(bindir)/$${p}1 $(install_prefix)$(bindir)/$${p}1.old; \
- $(INSTALL_DATA) $$p $(install_prefix)$(bindir)/$${p}1; \
-- chmod 755 $(install_prefix)$(bindir)/$${p}1; \
-+ chmod 555 $(install_prefix)$(bindir)/$${p}1; \
- if test -f $(install_prefix)$(bindir)/$${p}2; then \
- echo "Ssh version 2 $$p utility found, installation doesn't touch $$p link"; \
- else \
-@@ -582,7 +586,7 @@ install: $(PROGRAMS) make-dirs generate-
- -for p in $(SBIN_PROGRAMS); do \
- rm -f $(install_prefix)$(sbindir)/$${p}1.old ; \
- mv $(install_prefix)$(sbindir)/$${p}1 $(install_prefix)$(sbindir)/$${p}1.old; \
-- $(INSTALL_PROGRAM) -m 0755 $$p $(install_prefix)$(sbindir)/$${p}1; \
-+ $(INSTALL_PROGRAM) $$p $(install_prefix)$(sbindir)/$${p}1; \
- if test -f $(install_prefix)$(sbindir)/$${p}2; then \
- echo "Ssh version 2 $$p utility found, installation doesn't touch $$p link"; \
- else \
-@@ -596,7 +600,7 @@ install: $(PROGRAMS) make-dirs generate-
- $(install_prefix)$(sbindir)/`echo $$p | sed '$(transform)'`; fi;\
- done
- -for p in $(MAN1PAGES); do \
-- $(INSTALL_DATA) -m 0644 $(srcdir)/$$p.1 $(install_prefix)$(man1dir)/$${p}1.1 ; \
-+ $(INSTALL_DATA) $(srcdir)/$$p.1 $(install_prefix)$(man1dir)/$${p}1.1 ; \
- rm -f $(install_prefix)$(man1dir)/$$p.1 ;\
- $(LN_S) $${p}1.1 $(install_prefix)$(man1dir)/$$p.1 ;\
- if test "`echo $$p | sed '$(transform)'`" '!=' $$p; then \
-@@ -615,7 +619,7 @@ install: $(PROGRAMS) make-dirs generate-
- $(install_prefix)$(man1dir)/`echo slogin.1 | sed '$(transform)'`; \
- fi
- -for p in $(MAN1GENERATED); do \
-- $(INSTALL_DATA) -m 0644 $$p.1 $(install_prefix)$(man1dir)/$${p}1.1 ; \
-+ $(INSTALL_DATA) $$p.1 $(install_prefix)$(man1dir)/$${p}1.1 ; \
- rm -f $(install_prefix)$(man1dir)/$$p.1 ; \
- $(LN_S) $${p}1.1 $(install_prefix)$(man1dir)/$$p.1 ; \
- if test "`echo $$p | sed '$(transform)'`" '!=' $$p; then \
-@@ -625,7 +629,7 @@ install: $(PROGRAMS) make-dirs generate-
- fi; \
- done
- -for p in $(MAN8GENERATED); do \
-- $(INSTALL_DATA) -m 0644 $$p.8 $(install_prefix)$(man8dir)/$${p}1.8; \
-+ $(INSTALL_DATA) $$p.8 $(install_prefix)$(man8dir)/$${p}1.8; \
- rm -f $(install_prefix)$(man8dir)/$$p.8 ; \
- $(LN_S) $${p}1.8 $(install_prefix)$(man8dir)/$$p.8 ; \
- if test "`echo $$p | sed '$(transform)'`" '!=' $$p; then \
-@@ -636,12 +640,12 @@ install: $(PROGRAMS) make-dirs generate-
-
- install-configs:
- -if test '!' -f $(install_prefix)$(HOST_CONFIG_FILE); then \
-- $(INSTALL_DATA) -m 0644 $(srcdir)/host_config.sample \
-+ $(INSTALL_DATA) $(srcdir)/host_config.sample \
- $(install_prefix)$(HOST_CONFIG_FILE); fi
- -if test '!' -f $(install_prefix)$(SERVER_CONFIG_FILE); then \
- cat $(srcdir)/server_config.sample | \
- sed "s#_ETCDIR_#$(etcdir)#g" >/tmp/ssh_inst.$$$$; \
-- $(INSTALL_DATA) -m 0644 /tmp/ssh_inst.$$$$ \
-+ $(INSTALL_DATA) /tmp/ssh_inst.$$$$ \
- $(install_prefix)$(SERVER_CONFIG_FILE); \
- rm -f /tmp/ssh_inst.$$$$; fi
-
-@@ -681,13 +685,13 @@ clean:
- -rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg
- cd $(GMPDIR); $(MAKE) clean
- # cd $(RSAREFSRCDIR); rm -f *.o *.a
-- cd $(ZLIBDIR); $(MAKE) clean
-+# cd $(ZLIBDIR); $(MAKE) clean
-
- distclean: clean
- -rm -f Makefile config.status config.cache config.log config.h
- -rm -f ssh.1 sshd.8 make-ssh-known-hosts.1
- cd $(GMPDIR); $(MAKE) distclean
-- cd $(ZLIBDIR); $(MAKE) distclean
-+# cd $(ZLIBDIR); $(MAKE) distclean
-
- dist: dist-free
-
-@@ -720,8 +724,8 @@ dist-make-dir:
- gzip -cd $(GMPDIR)/$(GMPDIR).tar.gz | (cd $(DISTNAME); tar pxf - )
- # tar cf - $(RSAREFDIR) | (cd $(DISTNAME); tar xf -)
- # cd $(DISTNAME)/$(RSAREFSRCDIR); rm -f *.o *.a
-- (cd $(srcdir); tar pcf - $(ZLIBDIR) )| (cd $(DISTNAME); tar pxf -)
-- cd $(DISTNAME)/$(ZLIBDIR); rm -f *.o *.a; rm -rf CVS
-+# (cd $(srcdir); tar pcf - $(ZLIBDIR) )| (cd $(DISTNAME); tar pxf -)
-+# cd $(DISTNAME)/$(ZLIBDIR); rm -f *.o *.a; rm -rf CVS
-
- #ifdef F_SECURE_COMMERCIAL
- #
-@@ -749,7 +753,7 @@ dist-increment-version:
- (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null
-
- depend:
-- $(MAKEDEP) -I$(srcdir) -I. -I$(GMPDIR) -I$(ZLIBDIR) $(DEFS) $(SRCS)
-+ $(MAKEDEP) -I$(srcdir) -I. $(DEFS) $(SRCS)
-
- tags:
- -rm -f TAGS
diff --git a/security/ssh/patches/patch-ad b/security/ssh/patches/patch-ad
deleted file mode 100644
index bf557926d3f..00000000000
--- a/security/ssh/patches/patch-ad
+++ /dev/null
@@ -1,13 +0,0 @@
-$NetBSD: patch-ad,v 1.2 1998/08/07 11:13:49 agc Exp $
-
---- make-ssh-known-hosts.pl.in.orig Tue Mar 17 21:37:38 1998
-+++ make-ssh-known-hosts.pl.in Tue Mar 17 21:44:18 1998
-@@ -1,5 +1,7 @@
--#! &PERL& -w
-+:
- # -*- perl -*-
-+eval 'exec perl -S "$0" ${1+"$@"}'
-+ if $running_under_some_shell;
- ######################################################################
- # make-ssh-known-hosts.pl -- Make ssh-known-hosts file
- # Copyright (c) 1995 Tero Kivinen
diff --git a/security/ssh/patches/patch-ae b/security/ssh/patches/patch-ae
deleted file mode 100644
index a65bf950a46..00000000000
--- a/security/ssh/patches/patch-ae
+++ /dev/null
@@ -1,21 +0,0 @@
-$NetBSD: patch-ae,v 1.6 1999/12/25 05:28:35 kim Exp $
-
---- server_config.sample.orig Wed May 12 07:18:51 1999
-+++ server_config.sample Fri Dec 24 22:38:35 1999
-@@ -1,7 +1,6 @@
- # This is ssh server systemwide configuration file.
-
- Port 22
--ListenAddress 0.0.0.0
- HostKey _ETCDIR_/ssh_host_key
- RandomSeed _ETCDIR_/ssh_random_seed
- ServerKeyBits 768
-@@ -16,7 +15,7 @@
- FascistLogging no
- PrintMotd yes
- KeepAlive yes
--SyslogFacility DAEMON
-+SyslogFacility AUTH
- RhostsAuthentication no
- RhostsRSAAuthentication yes
- RSAAuthentication yes
diff --git a/security/ssh/patches/patch-af b/security/ssh/patches/patch-af
deleted file mode 100644
index c81c2dd2e99..00000000000
--- a/security/ssh/patches/patch-af
+++ /dev/null
@@ -1,659 +0,0 @@
-$NetBSD: patch-af,v 1.10 2000/03/20 02:25:50 itojun Exp $
-
---- sshd.c- Wed May 12 20:19:29 1999
-+++ sshd.c Mon Mar 20 09:57:30 2000
-@@ -511,7 +511,7 @@
- #include "firewall.h" /* TIS authsrv authentication */
- #endif
-
--#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)
-+#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H)
- #include <login_cap.h>
- #endif
-
-@@ -537,15 +537,26 @@
- #define O_NOCTTY 0
- #endif
-
--#ifdef KERBEROS
- #ifdef KRB5
- #include <krb5.h>
- /* Global the contexts */
- krb5_context ssh_context = 0;
- krb5_auth_context auth_context = 0;
- #endif /* KRB5 */
--char *ticket = "none\0";
--#endif /* KERBEROS */
-+
-+#ifdef KRB4
-+#include <sys/param.h>
-+#include <krb.h>
-+#ifdef AFS
-+#include <kafs.h>
-+/* Local Xauthority file. */
-+char *xauthfile = NULL;
-+#endif /* AFS */
-+#endif /* KRB4 */
-+
-+#if defined(KRB5) || defined(KRB4)
-+char *ticket = NULL;
-+#endif /* KRB5 || KRB4 */
-
- /* Server configuration options. */
- ServerOptions options;
-@@ -1115,7 +1126,6 @@
- /* Arrange SIGCHLD to be caught. */
- signal(SIGCHLD, main_sigchld_handler);
-
--#ifdef KERBEROS
- #ifdef KRB5
- /* Initialize contexts and setup replay cache */
- if (!ssh_context)
-@@ -1128,7 +1138,6 @@
- krb5_init_ets(ssh_context);
- }
- #endif
--#endif
-
- /* Stay listening for connections until the system crashes or the
- daemon is killed with a signal. */
-@@ -1407,6 +1416,16 @@
- /* Try to remove authentication socket and directory */
- auth_delete_socket(NULL);
-
-+#ifdef KRB4
-+ /* Cleanup user's ticket cache file. */
-+ if (options.kerberos_ticket_cleanup)
-+ (void) dest_tkt();
-+#ifdef AFS
-+ /* Cleanup user's local Xauthority file. */
-+ if (xauthfile) unlink(xauthfile);
-+#endif /* AFS */
-+#endif /* KRB4 */
-+
- /* The connection has been terminated. */
- log_msg("Closing connection to %.100s", get_remote_ipaddr());
- packet_close();
-@@ -1470,17 +1489,17 @@
- if (options.tis_authentication)
- auth_mask |= 1 << SSH_AUTH_TIS;
- #endif
--#ifdef KERBEROS
--#ifdef KRB5
-+#if defined(KRB4) || defined(KRB5)
- if (options.kerberos_authentication)
- auth_mask |= 1 << SSH_AUTH_KERBEROS;
- #endif
--#endif
--#ifdef KERBEROS_TGT_PASSING
--#ifdef KRB5
-+#if defined(AFS) || defined(KRB5)
- if (options.kerberos_tgt_passing)
- auth_mask |= 1 << SSH_PASS_KERBEROS_TGT;
- #endif
-+#ifdef AFS
-+ if (options.afs_token_passing)
-+ auth_mask |= 1 << SSH_PASS_AFS_TOKEN;
- #endif
- if (options.password_authentication)
- auth_mask |= 1 << SSH_AUTH_PASSWORD;
-@@ -1677,7 +1696,7 @@
- /* XXX No days_before_password_expires calculation here */
- }
- #endif /* HAVE_USERSEC_H */
--#ifdef HAVE_ETC_SHADOW
-+#if defined(HAVE_ETC_SHADOW) && !defined(KRB4) && !defined(KRB5)
- {
- struct spwd *sp;
-
-@@ -1783,56 +1802,62 @@
- endspent();
- }
- #endif /* HAVE_ETC_SHADOW */
--#ifdef __FreeBSD__
-- {
-+/* Net2,BSD4.4,BSD/OS,NetBSD,FreeBSD and OpenBSD all define BSD4_4
-+ man passwd(5) says that format has changed since BSD4.3
-+ */
-+#ifdef BSD4_4
-+ if(pwd->pw_change || pwd->pw_expire) {
- time_t currtime;
-
-- if (pwd->pw_change || pwd->pw_expire)
- currtime = time(NULL);
-
- /*
- * Check for an expired password
- */
-- if (pwd->pw_change && pwd->pw_change <= currtime)
-+
-+ if (pwd->pw_change)
- {
-- debug("Account %.100s's password is too old - forced to change.",
-- user);
-- if (options.forced_passwd_change)
-+ /* PASSWD_CHGNOW seems to be -1 for now but... */
-+ if (
-+#if defined(PASSWD_CHGNOW) && PASSWD_CHGNOW > 0
-+ pwd->pw_change == PASSWD_CHGNOW ||
-+#endif
-+ pwd->pw_change <= currtime)
- {
-- forced_command = xmalloc(sizeof(PASSWD_PATH) + strlen(user) + 2);
-- snprintf(forced_command, sizeof(PASSWD_PATH) + strlen(user) + 2,
-- "%.100s %.100s", PASSWD_PATH, user);
-+ packet_send_debug("Password has expired");
-+ if(options.forced_passwd_change)
-+ {
-+ debug("Account %.99s's password is too old - change forced.",
-+ user);
-+ forced_command = xmalloc(sizeof(PASSWD_PATH) +
-+ strlen(user) + 1);
-+ sprintf(forced_command, "%s %s", PASSWD_PATH, user);
- }
- else
- {
- return 0;
- }
- }
-- else
-- {
-- if (pwd->pw_change)
-- {
-+#ifdef PASSWD_CHGNOW
-+ if(pwd->pw_change != PASSWD_CHGNOW)
- days_before_password_expires = (pwd->pw_change - currtime) / 86400;
-- }
-+#endif
- }
-
- /*
- * Check for expired account
- */
-- if (pwd->pw_expire && pwd->pw_expire <= currtime)
-+ if (pwd->pw_expire)
- {
-- debug("Account %.100s has expired - access denied.", user);
-+ if (pwd->pw_expire <= currtime)
-+ {
-+ packet_send_debug("Account has expired");
- return 0;
- }
-- else
-- {
-- if (pwd->pw_expire)
-- {
- days_before_account_expires = (pwd->pw_expire - currtime) / 86400;
- }
- }
-- }
--#endif /* !FreeBSD */
-+#endif /* !BSD4_4 */
-
- #ifdef HAVE_HPUX_TCB_AUTH
- {
-@@ -2039,7 +2064,7 @@
- }
- }
-
-- /* Check whether logins are deneid for this group. */
-+ /* Check whether logins are denied for this group. */
- grp = getgrgid(pwd->pw_gid);
- if (grp)
- group = grp->gr_name;
-@@ -2151,12 +2176,12 @@
- unsigned int client_host_key_bits;
- MP_INT client_host_key_e, client_host_key_n;
- int password_attempts = 0;
--#if defined(KERBEROS) && defined(KRB5)
-+#ifdef KRB5
- char kuser[256];
- krb5_principal client = 0, tkt_client = 0;
- krb5_data krb5data;
--#endif /* defined(KERBEROS) && defined(KRB5) */
--#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)
-+#endif /* KRB5 */
-+#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H)
- login_cap_t *lc;
- const char *hostname;
- const char *ipaddr;
-@@ -2167,10 +2192,18 @@
- ipaddr = get_remote_ipaddr();
- #endif /* HAVE_LOGIN_CAP_H */
-
-+#ifdef AFS
-+ /* If machine has AFS, set process authentication group. */
-+ if (k_hasafs()) {
-+ k_setpag();
-+ k_unlog();
-+ }
-+#endif /* AFS */
-+
- if (strlen(user) > 255)
- do_authentication_fail_loop();
-
--#if defined(KERBEROS) && defined(KRB5)
-+#ifdef KRB5
- /* For KRB5 allow the user to input fully qualified name i.e.
- "username@realm" as the local user name. Then use this name to call
- out to krb5_aname_to_localname to find if there is a localname
-@@ -2203,7 +2236,7 @@
- }
- else
- krb5_parse_name(ssh_context, user, &client);
--#endif /* defined(KERBEROS) && defined(KRB5) */
-+#endif /* KRB5 */
-
- /* Verify that the user is a valid user. We disallow usernames starting
- with any characters that are commonly used to start NIS entries. */
-@@ -2218,11 +2251,11 @@
- pwcopy.pw_passwd = xstrdup(pw->pw_passwd);
- pwcopy.pw_uid = pw->pw_uid;
- pwcopy.pw_gid = pw->pw_gid;
--#if (defined (__bsdi__) && _BSDI_VERSION >= 199510) || (defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H))
-+#ifdef BSD4_4
- pwcopy.pw_class = xstrdup(pw->pw_class);
- pwcopy.pw_change = pw->pw_change;
- pwcopy.pw_expire = pw->pw_expire;
--#endif /* __bsdi__ && _BSDI_VERSION >= 199510 */
-+#endif /* BSD4_4 */
- pwcopy.pw_dir = xstrdup(pw->pw_dir);
- pwcopy.pw_shell = xstrdup(pw->pw_shell);
- pw = &pwcopy;
-@@ -2241,11 +2274,11 @@
-
- debug("Attempting authentication for %.100s.", user);
-
--#if defined (KERBEROS) && defined (KRB5)
-+ /* If the user has no password, accept authentication immediately. */
-+#ifdef KRB5
- if (!options.kerberos_authentication && options.password_authentication &&
- auth_password(user, "", 0))
--#else /* defined(KERBEROS) && defined(KRB5) */
-- /* If the user has no password, accept authentication immediately. */
-+#else /* KRB5 */
- #if defined (HAVE_SIA)
- /* For SIA, only call auth_password() here if the user really
- has no password. Otherwise, the call would generate misleading
-@@ -2254,9 +2287,13 @@
- if (options.password_authentication && sia_no_password(user) &&
- auth_password(user, ""))
- #else /* defined(HAVE_SIA) */
-- if (options.password_authentication && auth_password(user, ""))
-+ if (options.password_authentication &&
-+#ifdef KRB4
-+ options.kerberos_or_local_passwd &&
-+#endif /* KRB4 */
-+ auth_password(user, ""))
- #endif /* defined(HAVE_SIA) */
--#endif /* defined(KERBEROS) && defined(KRB5) */
-+#endif /* KRB5 */
- {
- /* Authentication with empty password succeeded. */
- debug("Login for user %.100s accepted without authentication.", user);
-@@ -2281,34 +2318,61 @@
- /* Process the packet. */
- switch (type)
- {
--#ifdef KERBEROS_TGT_PASSING
--#ifdef KRB5
-+#if defined(KRB5) || defined(AFS)
- case SSH_CMSG_HAVE_KERBEROS_TGT:
-+#ifdef KRB5
- if (!options.kerberos_tgt_passing ||
- (!(options.kerberos_authentication ||
- options.password_authentication ||
- options.rsa_authentication)))
-+#else /* KRB5 */
-+ if (!options.kerberos_tgt_passing)
-+#endif /* KRB5 */
- {
- packet_get_all();
- log_msg("Kerberos tgt passing disabled.");
- break;
- }
--
-+#ifdef KRB5
- /* Accept Kerberos tgt. */
- krb5data.data = packet_get_string((unsigned int *) &krb5data.length);
-
-- if (!auth_kerberos_tgt(user, &krb5data, client) ||
-+ if (!auth_krb5_tgt(user, &krb5data, client) ||
- !krb5_kuserok(ssh_context, client, user)){
- log_msg("Kerberos tgt REFUSED for %.100s", user);
- debug("Kerberos tgt REFUSED for %.100s", user);
- }
- free(krb5data.data);
--#endif
-+#else /* KRB5 */
-+ {
-+ /* Accept Kerberos tgt. */
-+ char *tgt = packet_get_string(NULL);
-+ if (!auth_kerberos_tgt(pw, tgt))
-+ debug("Kerberos tgt REFUSED for %s", user);
-+ xfree(tgt);
-+ }
-+#endif /* KRB5 */
- continue;
--#endif /* KERBEROS_TGT_PASSING */
-+#endif /* KRB5 || AFS */
-
--#ifdef KERBEROS
--#ifdef KRB5
-+#ifdef AFS
-+ case SSH_CMSG_HAVE_AFS_TOKEN:
-+ if (!k_hasafs() || !options.afs_token_passing) {
-+ packet_get_all();
-+ log_msg("AFS token passing disabled.");
-+ break;
-+ }
-+ else {
-+ /* Accept AFS token. */
-+ char *token_string = packet_get_string(NULL);
-+ if (!auth_afs_token(user, pw->pw_uid, token_string))
-+ debug("AFS token REFUSED for %s", user);
-+ xfree(token_string);
-+ continue;
-+ }
-+#endif /* AFS */
-+
-+#if defined(KRB4) || defined(KRB5)
- case SSH_CMSG_AUTH_KERBEROS:
- if (!options.kerberos_authentication)
- {
-@@ -2316,9 +2380,10 @@
- log_msg("Kerberos authentication disabled.");
- break;
- }
-+#ifdef KRB5
- /* Try Kerberos authentication. */
- krb5data.data = packet_get_string((unsigned int *) &krb5data.length);
-- if (auth_kerberos(user, &krb5data, &tkt_client))
-+ if (auth_krb5(user, &krb5data, &tkt_client))
- {
- char *tkt_user;
-
-@@ -2347,11 +2412,31 @@
- }
- free(tkt_user);
- }
--#endif /* KRB5 */
-- debug("Kerberos authentication failed for %.100s from %.200s",
-- user, get_canonical_hostname());
-+#else /* !KRB5 XXX - how to make these coexist? */
-+ else {
-+ /* Try Kerberos v4 authentication. */
-+ KTEXT_ST auth;
-+ char *tkt_user = NULL;
-+ char *kdata = packet_get_string((unsigned int *)&auth.length);
-+
-+ memcpy(auth.dat, kdata, auth.length);
-+ xfree(kdata);
-+
-+ if (auth_krb4(user, &auth, &tkt_user)) {
-+ /* Client has successfully authenticated to us. */
-+ log_msg("Kerberos authentication accepted %s for account "
-+ "%.100s from %.200s", tkt_user, user,
-+ get_canonical_hostname());
-+ authentication_type = SSH_AUTH_KERBEROS;
-+ authenticated = 1;
-+ xfree(tkt_user);
- break;
--#endif /* KERBEROS */
-+ }
-+ log_msg("Kerberos authentication failed for account "
-+ "%.100s from %.200s", user, get_canonical_hostname());
-+ }
-+#endif /* KRB5 */
-+#endif /* KRB5 || KRB4 */
-
- case SSH_CMSG_AUTH_RHOSTS:
- if (!options.rhosts_authentication)
-@@ -2568,7 +2653,7 @@
- if (!strncmp(buf, "challenge ", 10) ||
- !strncmp(buf, "chalnecho ", 10)) {
- snprintf(prompt, sizeof(prompt),
-- "Challenge \"%.100s\": ",&buf[10]);
-+ "%.100s",&buf[10]);
- debug("TIS challenge %.500s", buf);
- packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE);
- packet_put_string(prompt, strlen(prompt));
-@@ -2657,11 +2742,11 @@
- password_attempts++;
-
- /* Try authentication with the password. */
--#if defined(KERBEROS) && defined(KRB5)
-+#ifdef KRB5
- if (auth_password(user, password, client))
--#else /* defined(KERBEROS) && defined(KRB5) */
-+#else /* KRB5 */
- if (auth_password(user, password))
--#endif /* defined(KERBEROS) && defined(KRB5) */
-+#endif /* KRB5 */
- {
- /* Successful authentication. */
- /* Clear the password from memory. */
-@@ -2688,7 +2773,7 @@
- if (authenticated)
- break;
-
--#ifdef KERBEROS
-+#if defined(KRB5)
- /* If you forwarded a ticket you get one shot for proper
- authentication. */
- /* If tgt was passed unlink file */
-@@ -2699,7 +2784,7 @@
- else
- ticket = NULL;
- }
--#endif /* KERBEROS */
-+#endif /* KRB5 */
-
- /* Send a message indicating that the authentication attempt failed. */
- packet_start(SSH_SMSG_FAILURE);
-@@ -2724,7 +2809,7 @@
- get_canonical_hostname());
- }
-
--#if defined (__FreeBSD__) && defined (HAVE_LOGIN_CAP_H)
-+#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined (HAVE_LOGIN_CAP_H)
-
- lc = login_getclass(pw->pw_class);
-
-@@ -2965,6 +3050,21 @@
- display = x11_create_display_inet(screen);
- if (!display)
- goto fail;
-+#ifdef AFS
-+ /* Setup to have a local .Xauthority, if homedir is in AFS. */
-+ {
-+ struct stat st;
-+ char cell[64], *xauthdir = "/ticket";
-+
-+ if (k_hasafs() && k_afs_cell_of_file(pw->pw_dir, cell, sizeof(cell)) == 0) {
-+ xauthfile = xmalloc(MAXPATHLEN);
-+ if (stat(xauthdir, &st) < 0)
-+ xauthdir = "/tmp";
-+ snprintf(xauthfile, MAXPATHLEN, "%s/Xauth%d_%d", xauthdir,
-+ pw->pw_uid, getpid());
-+ }
-+ }
-+#endif /* AFS */
- break;
- #else /* XAUTH_PATH */
- /* No xauth program; we won't accept forwarding with spoofing. */
-@@ -3283,12 +3383,9 @@
- struct sockaddr_in from;
- int fromlen;
- struct pty_cleanup_context cleanup_context;
--#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)
-+#if (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H)
- login_cap_t *lc;
- #endif
--#if defined (__bsdi__) && _BSDI_VERSION >= 199510
-- struct timeval tp;
--#endif /* __bsdi__ && _BSDI_VERSION >= 199510 */
-
- /* We no longer need the child running on user's privileges. */
- userfile_uninit();
-@@ -3389,7 +3486,7 @@
- record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname,
- &from);
-
--#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)
-+#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H)
- lc = login_getclass(pw->pw_class);
- #endif
-
-@@ -3398,7 +3495,7 @@
- snprintf(line, sizeof(line), "%.200s/.hushlogin", pw->pw_dir);
- quiet_login = stat(line, &st) >= 0;
-
--#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)
-+#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H)
- quiet_login = login_getcapbool(lc, "hushlogin", quiet_login);
- #endif
-
-@@ -3425,7 +3522,7 @@
- }
- #endif /* HAVE_SIA */
-
--#ifdef __FreeBSD__
-+#if defined(__FreeBSD__) || defined(__NetBSD__)
- if (command == NULL && !quiet_login)
- {
- #ifdef HAVE_LOGIN_CAP_H
-@@ -3457,7 +3554,7 @@
- FILE *f;
-
- /* Print /etc/motd if it exists. */
--#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)
-+#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H)
- f = fopen(login_getcapstr(lc, "welcome", "/etc/motd", "/etc/motd"),
- "r");
- #else
-@@ -3469,33 +3566,9 @@
- fputs(line, stdout);
- fclose(f);
- }
--#if defined (__bsdi__) && _BSDI_VERSION >= 199510
-- if (pw->pw_change || pw->pw_expire)
-- (void)gettimeofday(&tp, (struct timezone *)NULL);
-- if (pw->pw_change)
-- {
-- if (tp.tv_sec >= pw->pw_change)
-- {
-- fprintf(stderr,"Sorry -- your password has expired.\n");
-- exit(254);
-- }
-- days_before_password_expires = (pw->pw_change - tp.tv_sec) /
-- 86400;
-- }
-- if (pw->pw_expire)
-- {
-- if (tp.tv_sec >= pw->pw_expire)
-- {
-- fprintf(stderr,"Sorry -- your account has expired.\n");
-- exit(254);
-- }
-- days_before_account_expires = (pw->pw_expire - tp.tv_sec) /
-- 86400;
-- }
--#endif /* __bsdi__ & _BSDI_VERSION >= 199510 */
- }
-
--#if defined (__FreeBSD__) && defined HAVE_LOGIN_CAP_H
-+#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined HAVE_LOGIN_CAP_H
- login_close(lc);
- #endif
-
-@@ -3883,8 +3956,11 @@
- lc = login_getclass(pw->pw_class);
- auth_checknologin(lc);
- #else /* !HAVE_LOGIN_CAP_H */
--#if defined (__bsdi__) && _BSDI_VERSION > 199510
-+#if ( defined (__bsdi__) && _BSDI_VERSION > 199510 ) || (defined(HAVE_LOGIN_CAP_H) && defined(__NetBSD__))
- login_cap_t *lc = 0;
-+#if defined(__NetBSD__)
-+ char *real_shell;
-+#endif
-
- if ((lc = login_getclass(pw->pw_class)) == NULL)
- {
-@@ -4019,7 +4095,7 @@
- if (command != NULL || !options.use_login)
- #endif /* USELOGIN */
- {
--#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)
-+#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H)
- char *p, *s, **tmpenv;
-
- /* Initialize the new environment.
-@@ -4180,10 +4256,23 @@
- and means /bin/sh. */
- shell = (user_shell[0] == '\0') ? DEFAULT_SHELL : user_shell;
-
--#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)
-+#if (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H)
- real_shell = login_getcapstr(lc, "shell", (char*)shell, (char*)shell);
- login_close(lc);
- #endif /* HAVE_LOGIN_CAP_H */
-+
-+#ifdef AFS
-+ /* Try to get AFS tokens for the local cell. */
-+ if (k_hasafs()) {
-+ char cell[64];
-+
-+ if (k_afs_cell_of_file(user_dir, cell, sizeof(cell)) == 0)
-+ krb_afslog(cell, 0);
-+
-+ krb_afslog(0, 0);
-+ }
-+#endif /* AFS */
-+
- /* Initialize the environment if not already done. In the first part we
- allocate space for all environment variables. */
- if (env == NULL)
-@@ -4290,13 +4379,21 @@
- }
- #endif
-
--#ifdef KERBEROS
-- /* Set KRBTKFILE to point to our ticket */
-+ /* Set KRBTKFILE to point to our ticket. */
- #ifdef KRB5
- if (ticket)
- child_set_env(&env, &envsize, "KRB5CCNAME", ticket);
- #endif /* KRB5 */
--#endif /* KERBEROS */
-+#ifdef KRB4 /* XXX - how to make these coexist? */
-+ if (ticket)
-+ child_set_env(&env, &envsize, "KRBTKFILE", ticket);
-+
-+#ifdef AFS
-+ /* Set XAUTHORITY to a local file, if homedir is in AFS. */
-+ if (xauthfile)
-+ child_set_env(&env, &envsize, "XAUTHORITY", xauthfile);
-+#endif /* AFS */
-+#endif /* KRB4 */
-
- /* Set variable for forwarded authentication connection, if we have one. */
- if (auth_get_socket_name() != NULL)
-@@ -4554,7 +4651,7 @@
- /* Execute the shell. */
- argv[0] = buf;
- argv[1] = NULL;
--#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)
-+#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H)
- execve(real_shell, argv, env);
- #else
- execve(shell, argv, env);
-@@ -4579,7 +4676,7 @@
- argv[1] = "-c";
- argv[2] = (char *)command;
- argv[3] = NULL;
--#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)
-+#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H)
- execve(real_shell, argv, env);
- #else
- execve(shell, argv, env);
diff --git a/security/ssh/patches/patch-ag b/security/ssh/patches/patch-ag
deleted file mode 100644
index b050880a36c..00000000000
--- a/security/ssh/patches/patch-ag
+++ /dev/null
@@ -1,49 +0,0 @@
-$NetBSD: patch-ag,v 1.4 2000/03/20 02:25:50 itojun Exp $
-
---- log-server.c- Wed May 12 20:19:26 1999
-+++ log-server.c Mon Mar 20 09:47:23 2000
-@@ -265,9 +265,12 @@
- {
- struct fatal_cleanup *cu, *next_cu;
- static int fatal_called = 0;
--#ifdef KERBEROS
-+#if defined(KRB4) || defined(KRB5)
- extern char *ticket;
--#endif
-+#ifdef AFS
-+ extern char *xauthfile;
-+#endif /* AFS */
-+#endif /* KRB4 || KRB5 */
-
- if (!fatal_called)
- {
-@@ -281,19 +284,27 @@
- (unsigned long)cu->proc, (unsigned long)cu->context);
- (*cu->proc)(cu->context);
- }
--#ifdef KERBEROS
-+#if defined(KRB4) || defined(KRB5)
- /* If you forwarded a ticket you get one shot for proper
- authentication. */
- /* If tgt was passed unlink file */
- if (ticket)
- {
- if (strcmp(ticket,"none"))
-+#ifdef KRB5
- /* ticket -> FILE:path */
- unlink(ticket + 5);
-+#else /* KRB4 */
-+ unlink(ticket);
-+#endif
- else
- ticket = NULL;
- }
--#endif /* KERBEROS */
-+#ifdef AFS
-+ /* If local XAUTHORITY was created, remove it. */
-+ if (xauthfile) unlink(xauthfile);
-+#endif /* AFS */
-+#endif /* KRB4 || KRB5 */
- }
- }
-
diff --git a/security/ssh/patches/patch-ah b/security/ssh/patches/patch-ah
deleted file mode 100644
index fa30aff332f..00000000000
--- a/security/ssh/patches/patch-ah
+++ /dev/null
@@ -1,34 +0,0 @@
-$NetBSD: patch-ah,v 1.5 1999/12/25 05:28:35 kim Exp $
-
---- packet.c.orig Wed May 12 07:19:27 1999
-+++ packet.c Fri Dec 24 21:50:42 1999
-@@ -829,6 +829,7 @@
- {
- /* Set IP options for an interactive connection. Use IPTOS_LOWDELAY
- and TCP_NODELAY. */
-+#if 0
- #ifdef IPTOS_LOWDELAY
- int lowdelay = IPTOS_LOWDELAY;
- if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, (void *)&lowdelay,
-@@ -840,11 +841,13 @@
- sizeof(on)) < 0)
- error("setsockopt TCP_NODELAY: %.100s", strerror(errno));
- #endif /* TCP_NODELAY */
-+#endif /* 0 */
- }
- else
- {
- /* Set IP options for a non-interactive connection. Use
- IPTOS_THROUGHPUT. */
-+#if 0
- #ifdef IPTOS_THROUGHPUT
- int throughput = IPTOS_THROUGHPUT;
- if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, (void *)&throughput,
-@@ -856,6 +859,7 @@
- sizeof(off)) < 0)
- error("setsockopt TCP_NODELAY: %.100s", strerror(errno));
- #endif /* TCP_NODELAY */
-+#endif /* 0 */
- }
- }
-
diff --git a/security/ssh/patches/patch-ai b/security/ssh/patches/patch-ai
deleted file mode 100644
index 6189cc955b5..00000000000
--- a/security/ssh/patches/patch-ai
+++ /dev/null
@@ -1,52 +0,0 @@
-$NetBSD: patch-ai,v 1.6 2000/03/20 02:25:50 itojun Exp $
-
---- scp.c- Wed May 12 20:19:28 1999
-+++ scp.c Mon Mar 20 09:53:06 2000
-@@ -180,6 +180,11 @@
- #define STDERR_FILENO 2
- #endif
-
-+#ifdef AFS
-+/* This is set to non-zero to disable authentication forwarding. */
-+int nofwd = 0;
-+#endif /* AFS */
-+
- /* This is set to non-zero to enable verbose mode. */
- int verbose = 0;
-
-@@ -305,6 +310,10 @@
- args[i++] = "-P";
- if (batchmode)
- args[i++] = "-oBatchMode yes";
-+#ifdef AFS
-+ if (nofwd)
-+ args[i++] = "-k";
-+#endif /* AFS */
- if (cipher != NULL)
- {
- args[i++] = "-c";
-@@ -441,7 +450,11 @@
- statistics = 0;
-
- fflag = tflag = 0;
-- while ((ch = getopt(argc, argv, "aAqQdfprtvBCL1c:i:P:o:S:")) != EOF)
-+ while ((ch = getopt(argc, argv, "aAqQdfprtvBCL1c:i:P:o:S"
-+#ifdef AFS
-+ "k"
-+#endif
-+ )) != EOF)
- switch(ch) { /* User-visible flags. */
- case 'S':
- ssh_program = optarg;
-@@ -490,6 +503,11 @@
- case 'r':
- iamrecursive = 1;
- break;
-+#ifdef AFS
-+ case 'k':
-+ nofwd = 1;
-+ break;
-+#endif /* AFS */
- /* Server options. */
- case 'd':
- targetshouldbedirectory = 1;
diff --git a/security/ssh/patches/patch-aj b/security/ssh/patches/patch-aj
deleted file mode 100644
index 9848a82e221..00000000000
--- a/security/ssh/patches/patch-aj
+++ /dev/null
@@ -1,3944 +0,0 @@
-$NetBSD: patch-aj,v 1.12 2000/03/20 02:25:51 itojun Exp $
-
---- configure- Wed May 12 20:20:06 1999
-+++ configure Mon Mar 20 10:00:02 2000
-@@ -1,7 +1,7 @@
- #! /bin/sh
-
- # Guess values for system-dependent variables and create Makefiles.
--# Generated automatically using autoconf version 2.12
-+# Generated automatically using autoconf version 2.13
- # Copyright (C) 1992, 93, 94, 95, 96 Free Software Foundation, Inc.
- #
- # This configure script is free software; the Free Software Foundation
-@@ -49,9 +49,13 @@
- ac_help="$ac_help
- --with-tis[=DIR] Enable support for TIS authentication server."
- ac_help="$ac_help
-- --with-kerberos5=[KRB_PREFIX] Compile in Kerberos5 support."
-+ --with-krb4[=PATH] Compile in Kerberos v4 support."
- ac_help="$ac_help
-- --enable-kerberos-tgt-passing Pass Kerberos ticket-granting-ticket."
-+ --with-krb5[=PATH] Compile in Kerberos v5 support."
-+ac_help="$ac_help
-+ --with-afs Compile in AFS support (requires KTH krb4)."
-+ac_help="$ac_help
-+ --with-hesiod[=PATH] Compile in Hesiod support."
- ac_help="$ac_help
- --with-libwrap[=PATH] Compile in libwrap (tcp_wrappers) support."
- ac_help="$ac_help
-@@ -130,6 +134,7 @@
- # Initialize some other variables.
- subdirs=
- MFLAGS= MAKEFLAGS=
-+SHELL=${CONFIG_SHELL-/bin/sh}
- # Maximum number of lines to put in a shell here document.
- ac_max_here_lines=12
-
-@@ -413,7 +418,7 @@
- verbose=yes ;;
-
- -version | --version | --versio | --versi | --vers)
-- echo "configure generated by autoconf version 2.12"
-+ echo "configure generated by autoconf version 2.13"
- exit 0 ;;
-
- -with-* | --with-*)
-@@ -583,9 +588,11 @@
- # CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options.
- ac_cpp='$CPP $CPPFLAGS'
- ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5'
--ac_link='${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5'
-+ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5'
- cross_compiling=$ac_cv_prog_cc_cross
-
-+ac_exeext=
-+ac_objext=o
- if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then
- # Stardent Vistra SVR4 grep lacks -e, says ghazi@caip.rutgers.edu.
- if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then
-@@ -626,33 +633,33 @@
-
-
- # Make sure we can run config.sub.
--if $ac_config_sub sun4 >/dev/null 2>&1; then :
-+if ${CONFIG_SHELL-/bin/sh} $ac_config_sub sun4 >/dev/null 2>&1; then :
- else { echo "configure: error: can not run $ac_config_sub" 1>&2; exit 1; }
- fi
-
- echo $ac_n "checking host system type""... $ac_c" 1>&6
--echo "configure:635: checking host system type" >&5
-+echo "configure:642: checking host system type" >&5
-
- host_alias=$host
- case "$host_alias" in
- NONE)
- case $nonopt in
- NONE)
-- if host_alias=`$ac_config_guess`; then :
-+ if host_alias=`${CONFIG_SHELL-/bin/sh} $ac_config_guess`; then :
- else { echo "configure: error: can not guess host type; you must specify one" 1>&2; exit 1; }
- fi ;;
- *) host_alias=$nonopt ;;
- esac ;;
- esac
-
--host=`$ac_config_sub $host_alias`
-+host=`${CONFIG_SHELL-/bin/sh} $ac_config_sub $host_alias`
- host_cpu=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
- host_vendor=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
- host_os=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
- echo "$ac_t""$host" 1>&6
-
- echo $ac_n "checking cached information""... $ac_c" 1>&6
--echo "configure:656: checking cached information" >&5
-+echo "configure:663: checking cached information" >&5
- hostcheck="$host"
- if eval "test \"`echo '$''{'ac_cv_hostcheck'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -671,15 +678,16 @@
- # Extract the first word of "gcc", so it can be a program name with args.
- set dummy gcc; ac_word=$2
- echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
--echo "configure:675: checking for $ac_word" >&5
-+echo "configure:682: checking for $ac_word" >&5
- if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
- else
-- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:"
-- for ac_dir in $PATH; do
-+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":"
-+ ac_dummy="$PATH"
-+ for ac_dir in $ac_dummy; do
- test -z "$ac_dir" && ac_dir=.
- if test -f $ac_dir/$ac_word; then
- ac_cv_prog_CC="gcc"
-@@ -700,16 +708,17 @@
- # Extract the first word of "cc", so it can be a program name with args.
- set dummy cc; ac_word=$2
- echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
--echo "configure:704: checking for $ac_word" >&5
-+echo "configure:712: checking for $ac_word" >&5
- if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
- else
-- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:"
-+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":"
- ac_prog_rejected=no
-- for ac_dir in $PATH; do
-+ ac_dummy="$PATH"
-+ for ac_dir in $ac_dummy; do
- test -z "$ac_dir" && ac_dir=.
- if test -f $ac_dir/$ac_word; then
- if test "$ac_dir/$ac_word" = "/usr/ucb/cc"; then
-@@ -744,25 +753,61 @@
- echo "$ac_t""no" 1>&6
- fi
-
-+ if test -z "$CC"; then
-+ case "`uname -s`" in
-+ *win32* | *WIN32*)
-+ # Extract the first word of "cl", so it can be a program name with args.
-+set dummy cl; ac_word=$2
-+echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-+echo "configure:763: checking for $ac_word" >&5
-+if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then
-+ echo $ac_n "(cached) $ac_c" 1>&6
-+else
-+ if test -n "$CC"; then
-+ ac_cv_prog_CC="$CC" # Let the user override the test.
-+else
-+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":"
-+ ac_dummy="$PATH"
-+ for ac_dir in $ac_dummy; do
-+ test -z "$ac_dir" && ac_dir=.
-+ if test -f $ac_dir/$ac_word; then
-+ ac_cv_prog_CC="cl"
-+ break
-+ fi
-+ done
-+ IFS="$ac_save_ifs"
-+fi
-+fi
-+CC="$ac_cv_prog_CC"
-+if test -n "$CC"; then
-+ echo "$ac_t""$CC" 1>&6
-+else
-+ echo "$ac_t""no" 1>&6
-+fi
-+ ;;
-+ esac
-+ fi
- test -z "$CC" && { echo "configure: error: no acceptable cc found in \$PATH" 1>&2; exit 1; }
- fi
-
- echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6
--echo "configure:752: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5
-+echo "configure:795: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5
-
- ac_ext=c
- # CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options.
- ac_cpp='$CPP $CPPFLAGS'
- ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5'
--ac_link='${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5'
-+ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5'
- cross_compiling=$ac_cv_prog_cc_cross
-
--cat > conftest.$ac_ext <<EOF
--#line 762 "configure"
-+cat > conftest.$ac_ext << EOF
-+
-+#line 806 "configure"
- #include "confdefs.h"
-+
- main(){return(0);}
- EOF
--if { (eval echo configure:766: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:811: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- ac_cv_prog_cc_works=yes
- # If we can't run a trivial program, we are probably using a cross compiler.
- if (./conftest; exit) 2>/dev/null; then
-@@ -776,18 +821,24 @@
- ac_cv_prog_cc_works=no
- fi
- rm -fr conftest*
-+ac_ext=c
-+# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options.
-+ac_cpp='$CPP $CPPFLAGS'
-+ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5'
-+ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5'
-+cross_compiling=$ac_cv_prog_cc_cross
-
- echo "$ac_t""$ac_cv_prog_cc_works" 1>&6
- if test $ac_cv_prog_cc_works = no; then
- { echo "configure: error: installation or configuration problem: C compiler cannot create executables." 1>&2; exit 1; }
- fi
- echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6
--echo "configure:786: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5
-+echo "configure:837: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5
- echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6
- cross_compiling=$ac_cv_prog_cc_cross
-
- echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6
--echo "configure:791: checking whether we are using GNU C" >&5
-+echo "configure:842: checking whether we are using GNU C" >&5
- if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
-@@ -796,7 +847,7 @@
- yes;
- #endif
- EOF
--if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:800: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then
-+if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:851: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then
- ac_cv_prog_gcc=yes
- else
- ac_cv_prog_gcc=no
-@@ -807,11 +858,15 @@
-
- if test $ac_cv_prog_gcc = yes; then
- GCC=yes
-- ac_test_CFLAGS="${CFLAGS+set}"
-- ac_save_CFLAGS="$CFLAGS"
-- CFLAGS=
-- echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6
--echo "configure:815: checking whether ${CC-cc} accepts -g" >&5
-+else
-+ GCC=
-+fi
-+
-+ac_test_CFLAGS="${CFLAGS+set}"
-+ac_save_CFLAGS="$CFLAGS"
-+CFLAGS=
-+echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6
-+echo "configure:870: checking whether ${CC-cc} accepts -g" >&5
- if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
-@@ -826,20 +881,104 @@
- fi
-
- echo "$ac_t""$ac_cv_prog_cc_g" 1>&6
-- if test "$ac_test_CFLAGS" = set; then
-- CFLAGS="$ac_save_CFLAGS"
-- elif test $ac_cv_prog_cc_g = yes; then
-+if test "$ac_test_CFLAGS" = set; then
-+ CFLAGS="$ac_save_CFLAGS"
-+elif test $ac_cv_prog_cc_g = yes; then
-+ if test "$GCC" = yes; then
- CFLAGS="-g -O2"
- else
-+ CFLAGS="-g"
-+ fi
-+else
-+ if test "$GCC" = yes; then
- CFLAGS="-O2"
-+ else
-+ CFLAGS=
- fi
-+fi
-+
-+echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6
-+echo "configure:902: checking how to run the C preprocessor" >&5
-+# On Suns, sometimes $CPP names a directory.
-+if test -n "$CPP" && test -d "$CPP"; then
-+ CPP=
-+fi
-+if test -z "$CPP"; then
-+if eval "test \"`echo '$''{'ac_cv_prog_CPP'+set}'`\" = set"; then
-+ echo $ac_n "(cached) $ac_c" 1>&6
- else
-- GCC=
-- test "${CFLAGS+set}" = set || CFLAGS="-g"
-+ # This must be in double quotes, not single quotes, because CPP may get
-+ # substituted into the Makefile and "${CC-cc}" will confuse make.
-+ CPP="${CC-cc} -E"
-+ # On the NeXT, cc -E runs the code through the compiler's parser,
-+ # not just through cpp.
-+ cat > conftest.$ac_ext <<EOF
-+#line 917 "configure"
-+#include "confdefs.h"
-+#include <assert.h>
-+Syntax Error
-+EOF
-+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-+{ (eval echo configure:923: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
-+if test -z "$ac_err"; then
-+ :
-+else
-+ echo "$ac_err" >&5
-+ echo "configure: failed program was:" >&5
-+ cat conftest.$ac_ext >&5
-+ rm -rf conftest*
-+ CPP="${CC-cc} -E -traditional-cpp"
-+ cat > conftest.$ac_ext <<EOF
-+#line 934 "configure"
-+#include "confdefs.h"
-+#include <assert.h>
-+Syntax Error
-+EOF
-+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-+{ (eval echo configure:940: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
-+if test -z "$ac_err"; then
-+ :
-+else
-+ echo "$ac_err" >&5
-+ echo "configure: failed program was:" >&5
-+ cat conftest.$ac_ext >&5
-+ rm -rf conftest*
-+ CPP="${CC-cc} -nologo -E"
-+ cat > conftest.$ac_ext <<EOF
-+#line 951 "configure"
-+#include "confdefs.h"
-+#include <assert.h>
-+Syntax Error
-+EOF
-+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-+{ (eval echo configure:957: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
-+if test -z "$ac_err"; then
-+ :
-+else
-+ echo "$ac_err" >&5
-+ echo "configure: failed program was:" >&5
-+ cat conftest.$ac_ext >&5
-+ rm -rf conftest*
-+ CPP=/lib/cpp
-+fi
-+rm -f conftest*
-+fi
-+rm -f conftest*
-+fi
-+rm -f conftest*
-+ ac_cv_prog_CPP="$CPP"
- fi
-+ CPP="$ac_cv_prog_CPP"
-+else
-+ ac_cv_prog_CPP="$CPP"
-+fi
-+echo "$ac_t""$CPP" 1>&6
-
- echo $ac_n "checking for POSIXized ISC""... $ac_c" 1>&6
--echo "configure:843: checking for POSIXized ISC" >&5
-+echo "configure:982: checking for POSIXized ISC" >&5
- if test -d /etc/conf/kconfig.d &&
- grep _POSIX_VERSION /usr/include/sys/unistd.h >/dev/null 2>&1
- then
-@@ -876,20 +1015,12 @@
- ;;
- *-*-solaris*)
- # solaris stuff. appro@fy.chalmers.se
-- cat >> confdefs.h <<\EOF
--#define SECURE_RPC 1
--EOF
--
-- cat >> confdefs.h <<\EOF
--#define SECURE_NFS 1
--EOF
--
-+# this stuff breaks AFS/Kerberos. YUCK.
-+# AC_DEFINE(SECURE_RPC)
-+# AC_DEFINE(SECURE_NFS)
- # NIS+ is forced so that we don't have to recompile
- # if we move to NIS+. appro@fy.chalmers.se
-- cat >> confdefs.h <<\EOF
--#define NIS_PLUS 1
--EOF
--
-+# AC_DEFINE(NIS_PLUS)
- ;;
- *-*-sunos*)
- os_sunos=yes
-@@ -931,14 +1062,14 @@
- no_shadows_password_checking=yes
- # We want support for <proj.h> eivind@ii.uib.no
- cat > conftest.$ac_ext <<EOF
--#line 935 "configure"
-+#line 1066 "configure"
- #include "confdefs.h"
- #include <proj.h>
- int main() {
- int foo = MAXPROJNAMELEN;
- ; return 0; }
- EOF
--if { (eval echo configure:942: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
-+if { (eval echo configure:1073: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
- rm -rf conftest*
- cat >> confdefs.h <<\EOF
- #define HAVE_SGI_PROJ_H 1
-@@ -953,7 +1084,7 @@
- *-ibm-aix3.2|*-ibm-aix3.2.0|*-ibm-aix3.2.1|*-ibm-aix3.2.2|*-ibm-aix3.2.3|*-ibm-aix3.2.4)
- os_aix=yes
- echo $ac_n "checking for getuserattr in -ls""... $ac_c" 1>&6
--echo "configure:957: checking for getuserattr in -ls" >&5
-+echo "configure:1088: checking for getuserattr in -ls" >&5
- ac_lib_var=`echo s'_'getuserattr | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -961,7 +1092,7 @@
- ac_save_LIBS="$LIBS"
- LIBS="-ls $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 965 "configure"
-+#line 1096 "configure"
- #include "confdefs.h"
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
-@@ -972,7 +1103,7 @@
- getuserattr()
- ; return 0; }
- EOF
--if { (eval echo configure:976: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:1107: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -1004,7 +1135,7 @@
- no_utmpx=yes
- os_aix=yes
- echo $ac_n "checking for getuserattr in -ls""... $ac_c" 1>&6
--echo "configure:1008: checking for getuserattr in -ls" >&5
-+echo "configure:1139: checking for getuserattr in -ls" >&5
- ac_lib_var=`echo s'_'getuserattr | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -1012,7 +1143,7 @@
- ac_save_LIBS="$LIBS"
- LIBS="-ls $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 1016 "configure"
-+#line 1147 "configure"
- #include "confdefs.h"
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
-@@ -1023,7 +1154,7 @@
- getuserattr()
- ; return 0; }
- EOF
--if { (eval echo configure:1027: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:1158: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -1054,7 +1185,7 @@
- *-ibm-aix*)
- os_aix=yes
- echo $ac_n "checking for getuserattr in -ls""... $ac_c" 1>&6
--echo "configure:1058: checking for getuserattr in -ls" >&5
-+echo "configure:1189: checking for getuserattr in -ls" >&5
- ac_lib_var=`echo s'_'getuserattr | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -1062,7 +1193,7 @@
- ac_save_LIBS="$LIBS"
- LIBS="-ls $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 1066 "configure"
-+#line 1197 "configure"
- #include "confdefs.h"
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
-@@ -1073,7 +1204,7 @@
- getuserattr()
- ; return 0; }
- EOF
--if { (eval echo configure:1077: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:1208: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -1123,7 +1254,7 @@
- # Ultrix shadow passwords implemented in auth-passwd.c.
- no_shadows_password_checking=yes
- echo $ac_n "checking for authenticate_user in -lauth""... $ac_c" 1>&6
--echo "configure:1127: checking for authenticate_user in -lauth" >&5
-+echo "configure:1258: checking for authenticate_user in -lauth" >&5
- ac_lib_var=`echo auth'_'authenticate_user | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -1131,7 +1262,7 @@
- ac_save_LIBS="$LIBS"
- LIBS="-lauth $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 1135 "configure"
-+#line 1266 "configure"
- #include "confdefs.h"
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
-@@ -1142,7 +1273,7 @@
- authenticate_user()
- ; return 0; }
- EOF
--if { (eval echo configure:1146: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:1277: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -1170,14 +1301,14 @@
- fi
-
- cat > conftest.$ac_ext <<EOF
--#line 1174 "configure"
-+#line 1305 "configure"
- #include "confdefs.h"
- #include <syslog.h>
- int main() {
- int foo = LOG_DAEMON;
- ; return 0; }
- EOF
--if { (eval echo configure:1181: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
-+if { (eval echo configure:1312: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
- :
- else
- echo "configure: failed program was:" >&5
-@@ -1215,7 +1346,7 @@
- CFLAGS="$CFLAGS -Ae -D_HPUX_SOURCE"
- fi
- echo $ac_n "checking for HPUX tcb auth option""... $ac_c" 1>&6
--echo "configure:1219: checking for HPUX tcb auth option" >&5
-+echo "configure:1350: checking for HPUX tcb auth option" >&5
- if test -f /tcb/files/auth/system/pw_id_map; then
- echo "$ac_t""yes" 1>&6
- cat >> confdefs.h <<\EOF
-@@ -1227,7 +1358,7 @@
- echo "$ac_t""no" 1>&6
- fi
- echo $ac_n "checking for keyserv""... $ac_c" 1>&6
--echo "configure:1231: checking for keyserv" >&5
-+echo "configure:1362: checking for keyserv" >&5
- if test -f /usr/sbin/keyserv; then
- echo "$ac_t""yes" 1>&6
- cat >> confdefs.h <<\EOF
-@@ -1256,7 +1387,7 @@
- # The man page says that we need -lsecurity -ldb -laud -lm to quickstart
- # programs using enchanced security.
- echo $ac_n "checking for set_auth_parameters in -lsecurity""... $ac_c" 1>&6
--echo "configure:1260: checking for set_auth_parameters in -lsecurity" >&5
-+echo "configure:1391: checking for set_auth_parameters in -lsecurity" >&5
- ac_lib_var=`echo security'_'set_auth_parameters | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -1264,7 +1395,7 @@
- ac_save_LIBS="$LIBS"
- LIBS="-lsecurity $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 1268 "configure"
-+#line 1399 "configure"
- #include "confdefs.h"
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
-@@ -1275,7 +1406,7 @@
- set_auth_parameters()
- ; return 0; }
- EOF
--if { (eval echo configure:1279: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:1410: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -1303,7 +1434,7 @@
- fi
-
- echo $ac_n "checking for audgen in -laud""... $ac_c" 1>&6
--echo "configure:1307: checking for audgen in -laud" >&5
-+echo "configure:1438: checking for audgen in -laud" >&5
- ac_lib_var=`echo aud'_'audgen | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -1311,7 +1442,7 @@
- ac_save_LIBS="$LIBS"
- LIBS="-laud $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 1315 "configure"
-+#line 1446 "configure"
- #include "confdefs.h"
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
-@@ -1322,7 +1453,7 @@
- audgen()
- ; return 0; }
- EOF
--if { (eval echo configure:1326: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:1457: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -1350,7 +1481,7 @@
- fi
-
- echo $ac_n "checking for dbopen in -ldb""... $ac_c" 1>&6
--echo "configure:1354: checking for dbopen in -ldb" >&5
-+echo "configure:1485: checking for dbopen in -ldb" >&5
- ac_lib_var=`echo db'_'dbopen | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -1358,7 +1489,7 @@
- ac_save_LIBS="$LIBS"
- LIBS="-ldb $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 1362 "configure"
-+#line 1493 "configure"
- #include "confdefs.h"
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
-@@ -1369,7 +1500,7 @@
- dbopen()
- ; return 0; }
- EOF
--if { (eval echo configure:1373: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:1504: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -1397,7 +1528,7 @@
- fi
-
- echo $ac_n "checking for sin in -lm""... $ac_c" 1>&6
--echo "configure:1401: checking for sin in -lm" >&5
-+echo "configure:1532: checking for sin in -lm" >&5
- ac_lib_var=`echo m'_'sin | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -1405,7 +1536,7 @@
- ac_save_LIBS="$LIBS"
- LIBS="-lm $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 1409 "configure"
-+#line 1540 "configure"
- #include "confdefs.h"
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
-@@ -1416,7 +1547,7 @@
- sin()
- ; return 0; }
- EOF
--if { (eval echo configure:1420: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:1551: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -1446,12 +1577,12 @@
- for ac_func in setluid
- do
- echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
--echo "configure:1450: checking for $ac_func" >&5
-+echo "configure:1581: checking for $ac_func" >&5
- if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 1455 "configure"
-+#line 1586 "configure"
- #include "confdefs.h"
- /* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $ac_func(); below. */
-@@ -1474,7 +1605,7 @@
-
- ; return 0; }
- EOF
--if { (eval echo configure:1478: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:1609: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_func_$ac_func=yes"
- else
-@@ -1507,7 +1638,7 @@
- OLD_CFLAGS="$CFLAGS"
- CFLAGS="$CFLAGS -I."
- cat > conftest.$ac_ext <<EOF
--#line 1511 "configure"
-+#line 1642 "configure"
- #include "confdefs.h"
- #include <sys/types.h>
- #include <sys/security.h>
-@@ -1516,7 +1647,7 @@
-
- ; return 0; }
- EOF
--if { (eval echo configure:1520: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
-+if { (eval echo configure:1651: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
- :
- else
- echo "configure: failed program was:" >&5
-@@ -1545,12 +1676,12 @@
- *-*-linux*|*-*-mklinux*)
- CFLAGS="-D_GNU_SOURCE $CFLAGS"
- echo $ac_n "checking for getspnam""... $ac_c" 1>&6
--echo "configure:1549: checking for getspnam" >&5
-+echo "configure:1680: checking for getspnam" >&5
- if eval "test \"`echo '$''{'ac_cv_func_getspnam'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 1554 "configure"
-+#line 1685 "configure"
- #include "confdefs.h"
- /* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char getspnam(); below. */
-@@ -1573,7 +1704,7 @@
-
- ; return 0; }
- EOF
--if { (eval echo configure:1577: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:1708: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_func_getspnam=yes"
- else
-@@ -1594,7 +1725,7 @@
-
- if test $ac_cv_func_getspnam = no; then
- echo $ac_n "checking for getspnam in -lshadow""... $ac_c" 1>&6
--echo "configure:1598: checking for getspnam in -lshadow" >&5
-+echo "configure:1729: checking for getspnam in -lshadow" >&5
- ac_lib_var=`echo shadow'_'getspnam | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -1602,7 +1733,7 @@
- ac_save_LIBS="$LIBS"
- LIBS="-lshadow $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 1606 "configure"
-+#line 1737 "configure"
- #include "confdefs.h"
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
-@@ -1613,7 +1744,7 @@
- getspnam()
- ; return 0; }
- EOF
--if { (eval echo configure:1617: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:1748: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -1651,12 +1782,12 @@
- for ac_func in pw_encrypt
- do
- echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
--echo "configure:1655: checking for $ac_func" >&5
-+echo "configure:1786: checking for $ac_func" >&5
- if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 1660 "configure"
-+#line 1791 "configure"
- #include "confdefs.h"
- /* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $ac_func(); below. */
-@@ -1679,7 +1810,7 @@
-
- ; return 0; }
- EOF
--if { (eval echo configure:1683: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:1814: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_func_$ac_func=yes"
- else
-@@ -1705,7 +1836,7 @@
-
- if test $ac_cv_func_pw_encrypt = no; then
- echo $ac_n "checking for pw_encrypt in -lshadow""... $ac_c" 1>&6
--echo "configure:1709: checking for pw_encrypt in -lshadow" >&5
-+echo "configure:1840: checking for pw_encrypt in -lshadow" >&5
- ac_lib_var=`echo shadow'_'pw_encrypt | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -1713,7 +1844,7 @@
- ac_save_LIBS="$LIBS"
- LIBS="-lshadow $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 1717 "configure"
-+#line 1848 "configure"
- #include "confdefs.h"
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
-@@ -1724,7 +1855,7 @@
- pw_encrypt()
- ; return 0; }
- EOF
--if { (eval echo configure:1728: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:1859: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -1748,7 +1879,7 @@
-
- fi
- echo $ac_n "checking whether to enable pw_encrypt""... $ac_c" 1>&6
--echo "configure:1752: checking whether to enable pw_encrypt" >&5
-+echo "configure:1883: checking whether to enable pw_encrypt" >&5
- # Check whether --enable-deprecated-linux-pw-encrypt or --disable-deprecated-linux-pw-encrypt was given.
- if test "${enable_deprecated_linux_pw_encrypt+set}" = set; then
- enableval="$enable_deprecated_linux_pw_encrypt"
-@@ -1825,7 +1956,7 @@
- EOF
-
- echo $ac_n "checking for openlog in -lgen""... $ac_c" 1>&6
--echo "configure:1829: checking for openlog in -lgen" >&5
-+echo "configure:1960: checking for openlog in -lgen" >&5
- ac_lib_var=`echo gen'_'openlog | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -1833,7 +1964,7 @@
- ac_save_LIBS="$LIBS"
- LIBS="-lgen $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 1837 "configure"
-+#line 1968 "configure"
- #include "confdefs.h"
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
-@@ -1844,7 +1975,7 @@
- openlog()
- ; return 0; }
- EOF
--if { (eval echo configure:1848: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:1979: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -1874,7 +2005,7 @@
- ;;
- *-*-sysv4*)
- echo $ac_n "checking for openlog in -lgen""... $ac_c" 1>&6
--echo "configure:1878: checking for openlog in -lgen" >&5
-+echo "configure:2009: checking for openlog in -lgen" >&5
- ac_lib_var=`echo gen'_'openlog | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -1882,7 +2013,7 @@
- ac_save_LIBS="$LIBS"
- LIBS="-lgen $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 1886 "configure"
-+#line 2017 "configure"
- #include "confdefs.h"
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
-@@ -1893,7 +2024,7 @@
- openlog()
- ; return 0; }
- EOF
--if { (eval echo configure:1897: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:2028: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -1989,24 +2120,18 @@
-
- export CFLAGS CC
-
--# Socket pairs appear to be broken on several systems. I don't know exactly
--# where, so I'll use pipes everywhere for now.
--cat >> confdefs.h <<\EOF
--#define USE_PIPES 1
--EOF
--
-
- echo $ac_n "checking that the compiler works""... $ac_c" 1>&6
--echo "configure:2001: checking that the compiler works" >&5
-+echo "configure:2126: checking that the compiler works" >&5
- if test "$cross_compiling" = yes; then
- { echo "configure: error: Could not compile and run even a trivial ANSI C program - check CC." 1>&2; exit 1; }
- else
- cat > conftest.$ac_ext <<EOF
--#line 2006 "configure"
-+#line 2131 "configure"
- #include "confdefs.h"
- main(int ac, char **av) { return 0; }
- EOF
--if { (eval echo configure:2010: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null
-+if { (eval echo configure:2135: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
- then
- echo "$ac_t""yes" 1>&6
- else
-@@ -2023,18 +2148,18 @@
- if test -z "$no_pipe"; then
- if test -n "$GCC"; then
- echo $ac_n "checking if the compiler understands -pipe""... $ac_c" 1>&6
--echo "configure:2027: checking if the compiler understands -pipe" >&5
-+echo "configure:2152: checking if the compiler understands -pipe" >&5
- OLDCC="$CC"
- CC="$CC -pipe"
- cat > conftest.$ac_ext <<EOF
--#line 2031 "configure"
-+#line 2156 "configure"
- #include "confdefs.h"
-
- int main() {
-
- ; return 0; }
- EOF
--if { (eval echo configure:2038: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
-+if { (eval echo configure:2163: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
- rm -rf conftest*
- echo "$ac_t""yes" 1>&6
- else
-@@ -2049,7 +2174,7 @@
- fi
-
- echo $ac_n "checking whether to enable -Wall""... $ac_c" 1>&6
--echo "configure:2053: checking whether to enable -Wall" >&5
-+echo "configure:2178: checking whether to enable -Wall" >&5
- # Check whether --enable-warnings or --disable-warnings was given.
- if test "${enable_warnings+set}" = set; then
- enableval="$enable_warnings"
-@@ -2063,12 +2188,12 @@
-
-
- echo $ac_n "checking return type of signal handlers""... $ac_c" 1>&6
--echo "configure:2067: checking return type of signal handlers" >&5
-+echo "configure:2192: checking return type of signal handlers" >&5
- if eval "test \"`echo '$''{'ac_cv_type_signal'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 2072 "configure"
-+#line 2197 "configure"
- #include "confdefs.h"
- #include <sys/types.h>
- #include <signal.h>
-@@ -2085,7 +2210,7 @@
- int i;
- ; return 0; }
- EOF
--if { (eval echo configure:2089: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
-+if { (eval echo configure:2214: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
- rm -rf conftest*
- ac_cv_type_signal=void
- else
-@@ -2103,74 +2228,13 @@
- EOF
-
-
--echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6
--echo "configure:2108: checking how to run the C preprocessor" >&5
--# On Suns, sometimes $CPP names a directory.
--if test -n "$CPP" && test -d "$CPP"; then
-- CPP=
--fi
--if test -z "$CPP"; then
--if eval "test \"`echo '$''{'ac_cv_prog_CPP'+set}'`\" = set"; then
-- echo $ac_n "(cached) $ac_c" 1>&6
--else
-- # This must be in double quotes, not single quotes, because CPP may get
-- # substituted into the Makefile and "${CC-cc}" will confuse make.
-- CPP="${CC-cc} -E"
-- # On the NeXT, cc -E runs the code through the compiler's parser,
-- # not just through cpp.
-- cat > conftest.$ac_ext <<EOF
--#line 2123 "configure"
--#include "confdefs.h"
--#include <assert.h>
--Syntax Error
--EOF
--ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
--{ (eval echo configure:2129: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
--ac_err=`grep -v '^ *+' conftest.out`
--if test -z "$ac_err"; then
-- :
--else
-- echo "$ac_err" >&5
-- echo "configure: failed program was:" >&5
-- cat conftest.$ac_ext >&5
-- rm -rf conftest*
-- CPP="${CC-cc} -E -traditional-cpp"
-- cat > conftest.$ac_ext <<EOF
--#line 2140 "configure"
--#include "confdefs.h"
--#include <assert.h>
--Syntax Error
--EOF
--ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
--{ (eval echo configure:2146: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
--ac_err=`grep -v '^ *+' conftest.out`
--if test -z "$ac_err"; then
-- :
--else
-- echo "$ac_err" >&5
-- echo "configure: failed program was:" >&5
-- cat conftest.$ac_ext >&5
-- rm -rf conftest*
-- CPP=/lib/cpp
--fi
--rm -f conftest*
--fi
--rm -f conftest*
-- ac_cv_prog_CPP="$CPP"
--fi
-- CPP="$ac_cv_prog_CPP"
--else
-- ac_cv_prog_CPP="$CPP"
--fi
--echo "$ac_t""$CPP" 1>&6
--
- echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6
--echo "configure:2169: checking for ANSI C header files" >&5
-+echo "configure:2233: checking for ANSI C header files" >&5
- if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 2174 "configure"
-+#line 2238 "configure"
- #include "confdefs.h"
- #include <stdlib.h>
- #include <stdarg.h>
-@@ -2178,8 +2242,8 @@
- #include <float.h>
- EOF
- ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
--{ (eval echo configure:2182: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
--ac_err=`grep -v '^ *+' conftest.out`
-+{ (eval echo configure:2246: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
- if test -z "$ac_err"; then
- rm -rf conftest*
- ac_cv_header_stdc=yes
-@@ -2195,7 +2259,7 @@
- if test $ac_cv_header_stdc = yes; then
- # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
- cat > conftest.$ac_ext <<EOF
--#line 2199 "configure"
-+#line 2263 "configure"
- #include "confdefs.h"
- #include <string.h>
- EOF
-@@ -2213,7 +2277,7 @@
- if test $ac_cv_header_stdc = yes; then
- # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
- cat > conftest.$ac_ext <<EOF
--#line 2217 "configure"
-+#line 2281 "configure"
- #include "confdefs.h"
- #include <stdlib.h>
- EOF
-@@ -2234,7 +2298,7 @@
- :
- else
- cat > conftest.$ac_ext <<EOF
--#line 2238 "configure"
-+#line 2302 "configure"
- #include "confdefs.h"
- #include <ctype.h>
- #define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
-@@ -2245,7 +2309,7 @@
- exit (0); }
-
- EOF
--if { (eval echo configure:2249: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null
-+if { (eval echo configure:2313: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
- then
- :
- else
-@@ -2269,12 +2333,12 @@
- fi
-
- echo $ac_n "checking for size_t""... $ac_c" 1>&6
--echo "configure:2273: checking for size_t" >&5
-+echo "configure:2337: checking for size_t" >&5
- if eval "test \"`echo '$''{'ac_cv_type_size_t'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 2278 "configure"
-+#line 2342 "configure"
- #include "confdefs.h"
- #include <sys/types.h>
- #if STDC_HEADERS
-@@ -2283,7 +2347,7 @@
- #endif
- EOF
- if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-- egrep "size_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then
-+ egrep "(^|[^a-zA-Z_0-9])size_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then
- rm -rf conftest*
- ac_cv_type_size_t=yes
- else
-@@ -2302,12 +2366,12 @@
- fi
-
- echo $ac_n "checking for uid_t in sys/types.h""... $ac_c" 1>&6
--echo "configure:2306: checking for uid_t in sys/types.h" >&5
-+echo "configure:2370: checking for uid_t in sys/types.h" >&5
- if eval "test \"`echo '$''{'ac_cv_type_uid_t'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 2311 "configure"
-+#line 2375 "configure"
- #include "confdefs.h"
- #include <sys/types.h>
- EOF
-@@ -2336,12 +2400,12 @@
- fi
-
- echo $ac_n "checking for off_t""... $ac_c" 1>&6
--echo "configure:2340: checking for off_t" >&5
-+echo "configure:2404: checking for off_t" >&5
- if eval "test \"`echo '$''{'ac_cv_type_off_t'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 2345 "configure"
-+#line 2409 "configure"
- #include "confdefs.h"
- #include <sys/types.h>
- #if STDC_HEADERS
-@@ -2350,7 +2414,7 @@
- #endif
- EOF
- if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-- egrep "off_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then
-+ egrep "(^|[^a-zA-Z_0-9])off_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then
- rm -rf conftest*
- ac_cv_type_off_t=yes
- else
-@@ -2369,12 +2433,12 @@
- fi
-
- echo $ac_n "checking for mode_t""... $ac_c" 1>&6
--echo "configure:2373: checking for mode_t" >&5
-+echo "configure:2437: checking for mode_t" >&5
- if eval "test \"`echo '$''{'ac_cv_type_mode_t'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 2378 "configure"
-+#line 2442 "configure"
- #include "confdefs.h"
- #include <sys/types.h>
- #if STDC_HEADERS
-@@ -2383,7 +2447,7 @@
- #endif
- EOF
- if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-- egrep "mode_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then
-+ egrep "(^|[^a-zA-Z_0-9])mode_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then
- rm -rf conftest*
- ac_cv_type_mode_t=yes
- else
-@@ -2402,12 +2466,12 @@
- fi
-
- echo $ac_n "checking for st_blksize in struct stat""... $ac_c" 1>&6
--echo "configure:2406: checking for st_blksize in struct stat" >&5
-+echo "configure:2470: checking for st_blksize in struct stat" >&5
- if eval "test \"`echo '$''{'ac_cv_struct_st_blksize'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 2411 "configure"
-+#line 2475 "configure"
- #include "confdefs.h"
- #include <sys/types.h>
- #include <sys/stat.h>
-@@ -2415,7 +2479,7 @@
- struct stat s; s.st_blksize;
- ; return 0; }
- EOF
--if { (eval echo configure:2419: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
-+if { (eval echo configure:2483: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
- rm -rf conftest*
- ac_cv_struct_st_blksize=yes
- else
-@@ -2437,12 +2501,12 @@
-
-
- echo $ac_n "checking for working const""... $ac_c" 1>&6
--echo "configure:2441: checking for working const" >&5
-+echo "configure:2505: checking for working const" >&5
- if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 2446 "configure"
-+#line 2510 "configure"
- #include "confdefs.h"
-
- int main() {
-@@ -2491,7 +2555,7 @@
-
- ; return 0; }
- EOF
--if { (eval echo configure:2495: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
-+if { (eval echo configure:2559: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
- rm -rf conftest*
- ac_cv_c_const=yes
- else
-@@ -2512,21 +2576,21 @@
- fi
-
- echo $ac_n "checking for inline""... $ac_c" 1>&6
--echo "configure:2516: checking for inline" >&5
-+echo "configure:2580: checking for inline" >&5
- if eval "test \"`echo '$''{'ac_cv_c_inline'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- ac_cv_c_inline=no
- for ac_kw in inline __inline__ __inline; do
- cat > conftest.$ac_ext <<EOF
--#line 2523 "configure"
-+#line 2587 "configure"
- #include "confdefs.h"
-
- int main() {
- } $ac_kw foo() {
- ; return 0; }
- EOF
--if { (eval echo configure:2530: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
-+if { (eval echo configure:2594: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
- rm -rf conftest*
- ac_cv_c_inline=$ac_kw; break
- else
-@@ -2552,14 +2616,14 @@
- esac
-
- echo $ac_n "checking whether byte ordering is bigendian""... $ac_c" 1>&6
--echo "configure:2556: checking whether byte ordering is bigendian" >&5
-+echo "configure:2620: checking whether byte ordering is bigendian" >&5
- if eval "test \"`echo '$''{'ac_cv_c_bigendian'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- ac_cv_c_bigendian=unknown
- # See if sys/param.h defines the BYTE_ORDER macro.
- cat > conftest.$ac_ext <<EOF
--#line 2563 "configure"
-+#line 2627 "configure"
- #include "confdefs.h"
- #include <sys/types.h>
- #include <sys/param.h>
-@@ -2570,11 +2634,11 @@
- #endif
- ; return 0; }
- EOF
--if { (eval echo configure:2574: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
-+if { (eval echo configure:2638: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
- rm -rf conftest*
- # It does; now see whether it defined to BIG_ENDIAN or not.
- cat > conftest.$ac_ext <<EOF
--#line 2578 "configure"
-+#line 2642 "configure"
- #include "confdefs.h"
- #include <sys/types.h>
- #include <sys/param.h>
-@@ -2585,7 +2649,7 @@
- #endif
- ; return 0; }
- EOF
--if { (eval echo configure:2589: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
-+if { (eval echo configure:2653: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
- rm -rf conftest*
- ac_cv_c_bigendian=yes
- else
-@@ -2605,7 +2669,7 @@
- { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; }
- else
- cat > conftest.$ac_ext <<EOF
--#line 2609 "configure"
-+#line 2673 "configure"
- #include "confdefs.h"
- main () {
- /* Are we little or big endian? From Harbison&Steele. */
-@@ -2618,7 +2682,7 @@
- exit (u.c[sizeof (long) - 1] == 1);
- }
- EOF
--if { (eval echo configure:2622: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null
-+if { (eval echo configure:2686: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
- then
- ac_cv_c_bigendian=no
- else
-@@ -2642,7 +2706,7 @@
- fi
-
- echo $ac_n "checking size of long""... $ac_c" 1>&6
--echo "configure:2646: checking size of long" >&5
-+echo "configure:2710: checking size of long" >&5
- if eval "test \"`echo '$''{'ac_cv_sizeof_long'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
-@@ -2650,7 +2714,7 @@
- ac_cv_sizeof_long=4
- else
- cat > conftest.$ac_ext <<EOF
--#line 2654 "configure"
-+#line 2718 "configure"
- #include "confdefs.h"
- #include <stdio.h>
- main()
-@@ -2661,7 +2725,7 @@
- exit(0);
- }
- EOF
--if { (eval echo configure:2665: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null
-+if { (eval echo configure:2729: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
- then
- ac_cv_sizeof_long=`cat conftestval`
- else
-@@ -2681,7 +2745,7 @@
-
-
- echo $ac_n "checking size of int""... $ac_c" 1>&6
--echo "configure:2685: checking size of int" >&5
-+echo "configure:2749: checking size of int" >&5
- if eval "test \"`echo '$''{'ac_cv_sizeof_int'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
-@@ -2689,7 +2753,7 @@
- ac_cv_sizeof_int=4
- else
- cat > conftest.$ac_ext <<EOF
--#line 2693 "configure"
-+#line 2757 "configure"
- #include "confdefs.h"
- #include <stdio.h>
- main()
-@@ -2700,7 +2764,7 @@
- exit(0);
- }
- EOF
--if { (eval echo configure:2704: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null
-+if { (eval echo configure:2768: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
- then
- ac_cv_sizeof_int=`cat conftestval`
- else
-@@ -2720,7 +2784,7 @@
-
-
- echo $ac_n "checking size of short""... $ac_c" 1>&6
--echo "configure:2724: checking size of short" >&5
-+echo "configure:2788: checking size of short" >&5
- if eval "test \"`echo '$''{'ac_cv_sizeof_short'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
-@@ -2728,7 +2792,7 @@
- ac_cv_sizeof_short=2
- else
- cat > conftest.$ac_ext <<EOF
--#line 2732 "configure"
-+#line 2796 "configure"
- #include "confdefs.h"
- #include <stdio.h>
- main()
-@@ -2739,7 +2803,7 @@
- exit(0);
- }
- EOF
--if { (eval echo configure:2743: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null
-+if { (eval echo configure:2807: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
- then
- ac_cv_sizeof_short=`cat conftestval`
- else
-@@ -2764,18 +2828,18 @@
- do
- ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
- echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
--echo "configure:2768: checking for $ac_hdr" >&5
-+echo "configure:2832: checking for $ac_hdr" >&5
- if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 2773 "configure"
-+#line 2837 "configure"
- #include "confdefs.h"
- #include <$ac_hdr>
- EOF
- ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
--{ (eval echo configure:2778: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
--ac_err=`grep -v '^ *+' conftest.out`
-+{ (eval echo configure:2842: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
- if test -z "$ac_err"; then
- rm -rf conftest*
- eval "ac_cv_header_$ac_safe=yes"
-@@ -2807,18 +2871,18 @@
- do
- ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
- echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
--echo "configure:2811: checking for $ac_hdr" >&5
-+echo "configure:2875: checking for $ac_hdr" >&5
- if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 2816 "configure"
-+#line 2880 "configure"
- #include "confdefs.h"
- #include <$ac_hdr>
- EOF
- ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
--{ (eval echo configure:2821: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
--ac_err=`grep -v '^ *+' conftest.out`
-+{ (eval echo configure:2885: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
- if test -z "$ac_err"; then
- rm -rf conftest*
- eval "ac_cv_header_$ac_safe=yes"
-@@ -2844,9 +2908,9 @@
- done
-
- echo $ac_n "checking whether utmpx have ut_syslen field""... $ac_c" 1>&6
--echo "configure:2848: checking whether utmpx have ut_syslen field" >&5
-+echo "configure:2912: checking whether utmpx have ut_syslen field" >&5
- cat > conftest.$ac_ext <<EOF
--#line 2850 "configure"
-+#line 2914 "configure"
- #include "confdefs.h"
- #include <utmpx.h>
- EOF
-@@ -2867,12 +2931,12 @@
- fi
-
- echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6
--echo "configure:2871: checking for ANSI C header files" >&5
-+echo "configure:2935: checking for ANSI C header files" >&5
- if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 2876 "configure"
-+#line 2940 "configure"
- #include "confdefs.h"
- #include <stdlib.h>
- #include <stdarg.h>
-@@ -2880,8 +2944,8 @@
- #include <float.h>
- EOF
- ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
--{ (eval echo configure:2884: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
--ac_err=`grep -v '^ *+' conftest.out`
-+{ (eval echo configure:2948: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
- if test -z "$ac_err"; then
- rm -rf conftest*
- ac_cv_header_stdc=yes
-@@ -2897,7 +2961,7 @@
- if test $ac_cv_header_stdc = yes; then
- # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
- cat > conftest.$ac_ext <<EOF
--#line 2901 "configure"
-+#line 2965 "configure"
- #include "confdefs.h"
- #include <string.h>
- EOF
-@@ -2915,7 +2979,7 @@
- if test $ac_cv_header_stdc = yes; then
- # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
- cat > conftest.$ac_ext <<EOF
--#line 2919 "configure"
-+#line 2983 "configure"
- #include "confdefs.h"
- #include <stdlib.h>
- EOF
-@@ -2936,7 +3000,7 @@
- :
- else
- cat > conftest.$ac_ext <<EOF
--#line 2940 "configure"
-+#line 3004 "configure"
- #include "confdefs.h"
- #include <ctype.h>
- #define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
-@@ -2947,7 +3011,7 @@
- exit (0); }
-
- EOF
--if { (eval echo configure:2951: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null
-+if { (eval echo configure:3015: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
- then
- :
- else
-@@ -2971,12 +3035,12 @@
- fi
-
- echo $ac_n "checking for sys/wait.h that is POSIX.1 compatible""... $ac_c" 1>&6
--echo "configure:2975: checking for sys/wait.h that is POSIX.1 compatible" >&5
-+echo "configure:3039: checking for sys/wait.h that is POSIX.1 compatible" >&5
- if eval "test \"`echo '$''{'ac_cv_header_sys_wait_h'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 2980 "configure"
-+#line 3044 "configure"
- #include "confdefs.h"
- #include <sys/types.h>
- #include <sys/wait.h>
-@@ -2992,7 +3056,7 @@
- s = WIFEXITED (s) ? WEXITSTATUS (s) : 1;
- ; return 0; }
- EOF
--if { (eval echo configure:2996: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
-+if { (eval echo configure:3060: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
- rm -rf conftest*
- ac_cv_header_sys_wait_h=yes
- else
-@@ -3016,18 +3080,18 @@
- do
- ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
- echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
--echo "configure:3020: checking for $ac_hdr" >&5
-+echo "configure:3084: checking for $ac_hdr" >&5
- if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 3025 "configure"
-+#line 3089 "configure"
- #include "confdefs.h"
- #include <$ac_hdr>
- EOF
- ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
--{ (eval echo configure:3030: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
--ac_err=`grep -v '^ *+' conftest.out`
-+{ (eval echo configure:3094: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
- if test -z "$ac_err"; then
- rm -rf conftest*
- eval "ac_cv_header_$ac_safe=yes"
-@@ -3052,22 +3116,22 @@
- fi
- done
-
--for ac_hdr in sgtty.h sys/select.h sys/ioctl.h machine/endian.h
-+for ac_hdr in sgtty.h sys/select.h sys/ioctl.h sys/filio.h machine/endian.h
- do
- ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
- echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
--echo "configure:3060: checking for $ac_hdr" >&5
-+echo "configure:3124: checking for $ac_hdr" >&5
- if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 3065 "configure"
-+#line 3129 "configure"
- #include "confdefs.h"
- #include <$ac_hdr>
- EOF
- ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
--{ (eval echo configure:3070: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
--ac_err=`grep -v '^ *+' conftest.out`
-+{ (eval echo configure:3134: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
- if test -z "$ac_err"; then
- rm -rf conftest*
- eval "ac_cv_header_$ac_safe=yes"
-@@ -3096,18 +3160,18 @@
- do
- ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
- echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
--echo "configure:3100: checking for $ac_hdr" >&5
-+echo "configure:3164: checking for $ac_hdr" >&5
- if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 3105 "configure"
-+#line 3169 "configure"
- #include "confdefs.h"
- #include <$ac_hdr>
- EOF
- ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
--{ (eval echo configure:3110: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
--ac_err=`grep -v '^ *+' conftest.out`
-+{ (eval echo configure:3174: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
- if test -z "$ac_err"; then
- rm -rf conftest*
- eval "ac_cv_header_$ac_safe=yes"
-@@ -3136,18 +3200,18 @@
- do
- ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
- echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
--echo "configure:3140: checking for $ac_hdr" >&5
-+echo "configure:3204: checking for $ac_hdr" >&5
- if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 3145 "configure"
-+#line 3209 "configure"
- #include "confdefs.h"
- #include <$ac_hdr>
- EOF
- ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
--{ (eval echo configure:3150: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
--ac_err=`grep -v '^ *+' conftest.out`
-+{ (eval echo configure:3214: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
- if test -z "$ac_err"; then
- rm -rf conftest*
- eval "ac_cv_header_$ac_safe=yes"
-@@ -3176,18 +3240,18 @@
- do
- ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
- echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
--echo "configure:3180: checking for $ac_hdr" >&5
-+echo "configure:3244: checking for $ac_hdr" >&5
- if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 3185 "configure"
-+#line 3249 "configure"
- #include "confdefs.h"
- #include <$ac_hdr>
- EOF
- ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
--{ (eval echo configure:3190: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
--ac_err=`grep -v '^ *+' conftest.out`
-+{ (eval echo configure:3254: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
- if test -z "$ac_err"; then
- rm -rf conftest*
- eval "ac_cv_header_$ac_safe=yes"
-@@ -3213,12 +3277,12 @@
- done
-
- echo $ac_n "checking whether time.h and sys/time.h may both be included""... $ac_c" 1>&6
--echo "configure:3217: checking whether time.h and sys/time.h may both be included" >&5
-+echo "configure:3281: checking whether time.h and sys/time.h may both be included" >&5
- if eval "test \"`echo '$''{'ac_cv_header_time'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 3222 "configure"
-+#line 3286 "configure"
- #include "confdefs.h"
- #include <sys/types.h>
- #include <sys/time.h>
-@@ -3227,7 +3291,7 @@
- struct tm *tp;
- ; return 0; }
- EOF
--if { (eval echo configure:3231: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
-+if { (eval echo configure:3295: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
- rm -rf conftest*
- ac_cv_header_time=yes
- else
-@@ -3252,12 +3316,12 @@
- do
- ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
- echo $ac_n "checking for $ac_hdr that defines DIR""... $ac_c" 1>&6
--echo "configure:3256: checking for $ac_hdr that defines DIR" >&5
-+echo "configure:3320: checking for $ac_hdr that defines DIR" >&5
- if eval "test \"`echo '$''{'ac_cv_header_dirent_$ac_safe'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 3261 "configure"
-+#line 3325 "configure"
- #include "confdefs.h"
- #include <sys/types.h>
- #include <$ac_hdr>
-@@ -3265,7 +3329,7 @@
- DIR *dirp = 0;
- ; return 0; }
- EOF
--if { (eval echo configure:3269: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
-+if { (eval echo configure:3333: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
- rm -rf conftest*
- eval "ac_cv_header_dirent_$ac_safe=yes"
- else
-@@ -3290,7 +3354,7 @@
- # Two versions of opendir et al. are in -ldir and -lx on SCO Xenix.
- if test $ac_header_dirent = dirent.h; then
- echo $ac_n "checking for opendir in -ldir""... $ac_c" 1>&6
--echo "configure:3294: checking for opendir in -ldir" >&5
-+echo "configure:3358: checking for opendir in -ldir" >&5
- ac_lib_var=`echo dir'_'opendir | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -3298,7 +3362,7 @@
- ac_save_LIBS="$LIBS"
- LIBS="-ldir $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 3302 "configure"
-+#line 3366 "configure"
- #include "confdefs.h"
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
-@@ -3309,7 +3373,7 @@
- opendir()
- ; return 0; }
- EOF
--if { (eval echo configure:3313: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:3377: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -3331,7 +3395,7 @@
-
- else
- echo $ac_n "checking for opendir in -lx""... $ac_c" 1>&6
--echo "configure:3335: checking for opendir in -lx" >&5
-+echo "configure:3399: checking for opendir in -lx" >&5
- ac_lib_var=`echo x'_'opendir | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -3339,7 +3403,7 @@
- ac_save_LIBS="$LIBS"
- LIBS="-lx $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 3343 "configure"
-+#line 3407 "configure"
- #include "confdefs.h"
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
-@@ -3350,7 +3414,7 @@
- opendir()
- ; return 0; }
- EOF
--if { (eval echo configure:3354: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:3418: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -3373,12 +3437,12 @@
- fi
-
- echo $ac_n "checking whether stat file-mode macros are broken""... $ac_c" 1>&6
--echo "configure:3377: checking whether stat file-mode macros are broken" >&5
-+echo "configure:3441: checking whether stat file-mode macros are broken" >&5
- if eval "test \"`echo '$''{'ac_cv_header_stat_broken'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 3382 "configure"
-+#line 3446 "configure"
- #include "confdefs.h"
- #include <sys/types.h>
- #include <sys/stat.h>
-@@ -3429,19 +3493,19 @@
- fi
-
- echo $ac_n "checking whether sys/types.h defines makedev""... $ac_c" 1>&6
--echo "configure:3433: checking whether sys/types.h defines makedev" >&5
-+echo "configure:3497: checking whether sys/types.h defines makedev" >&5
- if eval "test \"`echo '$''{'ac_cv_header_sys_types_h_makedev'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 3438 "configure"
-+#line 3502 "configure"
- #include "confdefs.h"
- #include <sys/types.h>
- int main() {
- return makedev(0, 0);
- ; return 0; }
- EOF
--if { (eval echo configure:3445: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:3509: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- ac_cv_header_sys_types_h_makedev=yes
- else
-@@ -3459,18 +3523,18 @@
- if test $ac_cv_header_sys_types_h_makedev = no; then
- ac_safe=`echo "sys/mkdev.h" | sed 'y%./+-%__p_%'`
- echo $ac_n "checking for sys/mkdev.h""... $ac_c" 1>&6
--echo "configure:3463: checking for sys/mkdev.h" >&5
-+echo "configure:3527: checking for sys/mkdev.h" >&5
- if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 3468 "configure"
-+#line 3532 "configure"
- #include "confdefs.h"
- #include <sys/mkdev.h>
- EOF
- ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
--{ (eval echo configure:3473: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
--ac_err=`grep -v '^ *+' conftest.out`
-+{ (eval echo configure:3537: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
- if test -z "$ac_err"; then
- rm -rf conftest*
- eval "ac_cv_header_$ac_safe=yes"
-@@ -3497,18 +3561,18 @@
- if test $ac_cv_header_sys_mkdev_h = no; then
- ac_safe=`echo "sys/sysmacros.h" | sed 'y%./+-%__p_%'`
- echo $ac_n "checking for sys/sysmacros.h""... $ac_c" 1>&6
--echo "configure:3501: checking for sys/sysmacros.h" >&5
-+echo "configure:3565: checking for sys/sysmacros.h" >&5
- if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 3506 "configure"
-+#line 3570 "configure"
- #include "confdefs.h"
- #include <sys/sysmacros.h>
- EOF
- ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
--{ (eval echo configure:3511: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
--ac_err=`grep -v '^ *+' conftest.out`
-+{ (eval echo configure:3575: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
- if test -z "$ac_err"; then
- rm -rf conftest*
- eval "ac_cv_header_$ac_safe=yes"
-@@ -3535,9 +3599,9 @@
- fi
-
- echo $ac_n "checking whether utmp have ut_pid field""... $ac_c" 1>&6
--echo "configure:3539: checking whether utmp have ut_pid field" >&5
-+echo "configure:3603: checking whether utmp have ut_pid field" >&5
- cat > conftest.$ac_ext <<EOF
--#line 3541 "configure"
-+#line 3605 "configure"
- #include "confdefs.h"
- #include <utmp.h>
- EOF
-@@ -3556,9 +3620,9 @@
- rm -f conftest*
-
- echo $ac_n "checking whether utmp have ut_name field""... $ac_c" 1>&6
--echo "configure:3560: checking whether utmp have ut_name field" >&5
-+echo "configure:3624: checking whether utmp have ut_name field" >&5
- cat > conftest.$ac_ext <<EOF
--#line 3562 "configure"
-+#line 3626 "configure"
- #include "confdefs.h"
- #include <utmp.h>
- EOF
-@@ -3577,9 +3641,9 @@
- rm -f conftest*
-
- echo $ac_n "checking whether utmp have ut_id field""... $ac_c" 1>&6
--echo "configure:3581: checking whether utmp have ut_id field" >&5
-+echo "configure:3645: checking whether utmp have ut_id field" >&5
- cat > conftest.$ac_ext <<EOF
--#line 3583 "configure"
-+#line 3647 "configure"
- #include "confdefs.h"
- #include <utmp.h>
- EOF
-@@ -3598,9 +3662,9 @@
- rm -f conftest*
-
- echo $ac_n "checking whether utmp have ut_host field""... $ac_c" 1>&6
--echo "configure:3602: checking whether utmp have ut_host field" >&5
-+echo "configure:3666: checking whether utmp have ut_host field" >&5
- cat > conftest.$ac_ext <<EOF
--#line 3604 "configure"
-+#line 3668 "configure"
- #include "confdefs.h"
- #include <utmp.h>
- EOF
-@@ -3619,9 +3683,9 @@
- rm -f conftest*
-
- echo $ac_n "checking whether utmp have ut_addr field""... $ac_c" 1>&6
--echo "configure:3623: checking whether utmp have ut_addr field" >&5
-+echo "configure:3687: checking whether utmp have ut_addr field" >&5
- cat > conftest.$ac_ext <<EOF
--#line 3625 "configure"
-+#line 3689 "configure"
- #include "confdefs.h"
- #include <utmp.h>
- EOF
-@@ -3640,9 +3704,9 @@
- rm -f conftest*
-
- echo $ac_n "checking whether you have incompatible SIGINFO macro""... $ac_c" 1>&6
--echo "configure:3644: checking whether you have incompatible SIGINFO macro" >&5
-+echo "configure:3708: checking whether you have incompatible SIGINFO macro" >&5
- cat > conftest.$ac_ext <<EOF
--#line 3646 "configure"
-+#line 3710 "configure"
- #include "confdefs.h"
- #include <sys/siginfo.h>
- SIGINFO(p,1)
-@@ -3663,7 +3727,7 @@
-
-
- echo $ac_n "checking for crypt in -lc""... $ac_c" 1>&6
--echo "configure:3667: checking for crypt in -lc" >&5
-+echo "configure:3731: checking for crypt in -lc" >&5
- ac_lib_var=`echo c'_'crypt | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -3671,7 +3735,7 @@
- ac_save_LIBS="$LIBS"
- LIBS="-lc $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 3675 "configure"
-+#line 3739 "configure"
- #include "confdefs.h"
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
-@@ -3682,7 +3746,7 @@
- crypt()
- ; return 0; }
- EOF
--if { (eval echo configure:3686: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:3750: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -3701,7 +3765,7 @@
- else
- echo "$ac_t""no" 1>&6
- echo $ac_n "checking for crypt in -lcrypt""... $ac_c" 1>&6
--echo "configure:3705: checking for crypt in -lcrypt" >&5
-+echo "configure:3769: checking for crypt in -lcrypt" >&5
- ac_lib_var=`echo crypt'_'crypt | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -3709,7 +3773,7 @@
- ac_save_LIBS="$LIBS"
- LIBS="-lcrypt $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 3713 "configure"
-+#line 3777 "configure"
- #include "confdefs.h"
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
-@@ -3720,7 +3784,7 @@
- crypt()
- ; return 0; }
- EOF
--if { (eval echo configure:3724: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:3788: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -3750,7 +3814,7 @@
- fi
-
- echo $ac_n "checking for getspnam in -lsec""... $ac_c" 1>&6
--echo "configure:3754: checking for getspnam in -lsec" >&5
-+echo "configure:3818: checking for getspnam in -lsec" >&5
- ac_lib_var=`echo sec'_'getspnam | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -3758,7 +3822,7 @@
- ac_save_LIBS="$LIBS"
- LIBS="-lsec $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 3762 "configure"
-+#line 3826 "configure"
- #include "confdefs.h"
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
-@@ -3769,7 +3833,7 @@
- getspnam()
- ; return 0; }
- EOF
--if { (eval echo configure:3773: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:3837: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -3797,7 +3861,7 @@
- fi
-
- echo $ac_n "checking for get_process_stats in -lseq""... $ac_c" 1>&6
--echo "configure:3801: checking for get_process_stats in -lseq" >&5
-+echo "configure:3865: checking for get_process_stats in -lseq" >&5
- ac_lib_var=`echo seq'_'get_process_stats | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -3805,7 +3869,7 @@
- ac_save_LIBS="$LIBS"
- LIBS="-lseq $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 3809 "configure"
-+#line 3873 "configure"
- #include "confdefs.h"
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
-@@ -3816,7 +3880,7 @@
- get_process_stats()
- ; return 0; }
- EOF
--if { (eval echo configure:3820: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:3884: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -3844,7 +3908,7 @@
- fi
-
- echo $ac_n "checking for bcopy in -lbsd""... $ac_c" 1>&6
--echo "configure:3848: checking for bcopy in -lbsd" >&5
-+echo "configure:3912: checking for bcopy in -lbsd" >&5
- ac_lib_var=`echo bsd'_'bcopy | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -3852,7 +3916,7 @@
- ac_save_LIBS="$LIBS"
- LIBS="-lbsd $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 3856 "configure"
-+#line 3920 "configure"
- #include "confdefs.h"
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
-@@ -3863,7 +3927,7 @@
- bcopy()
- ; return 0; }
- EOF
--if { (eval echo configure:3867: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:3931: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -3892,7 +3956,7 @@
-
- if test -z "$no_libnsl"; then
- echo $ac_n "checking for main in -lnsl""... $ac_c" 1>&6
--echo "configure:3896: checking for main in -lnsl" >&5
-+echo "configure:3960: checking for main in -lnsl" >&5
- ac_lib_var=`echo nsl'_'main | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -3900,14 +3964,14 @@
- ac_save_LIBS="$LIBS"
- LIBS="-lnsl $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 3904 "configure"
-+#line 3968 "configure"
- #include "confdefs.h"
-
- int main() {
- main()
- ; return 0; }
- EOF
--if { (eval echo configure:3911: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:3975: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -3937,7 +4001,7 @@
- fi
- if test -n "$test_libinet"; then
- echo $ac_n "checking for inet_network in -linet""... $ac_c" 1>&6
--echo "configure:3941: checking for inet_network in -linet" >&5
-+echo "configure:4005: checking for inet_network in -linet" >&5
- ac_lib_var=`echo inet'_'inet_network | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -3945,7 +4009,7 @@
- ac_save_LIBS="$LIBS"
- LIBS="-linet $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 3949 "configure"
-+#line 4013 "configure"
- #include "confdefs.h"
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
-@@ -3956,7 +4020,7 @@
- inet_network()
- ; return 0; }
- EOF
--if { (eval echo configure:3960: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:4024: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -3986,7 +4050,7 @@
- fi
- if test -z "$no_libsocket"; then
- echo $ac_n "checking for socket in -lsocket""... $ac_c" 1>&6
--echo "configure:3990: checking for socket in -lsocket" >&5
-+echo "configure:4054: checking for socket in -lsocket" >&5
- ac_lib_var=`echo socket'_'socket | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -3994,7 +4058,7 @@
- ac_save_LIBS="$LIBS"
- LIBS="-lsocket $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 3998 "configure"
-+#line 4062 "configure"
- #include "confdefs.h"
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
-@@ -4005,7 +4069,7 @@
- socket()
- ; return 0; }
- EOF
--if { (eval echo configure:4009: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:4073: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -4035,7 +4099,7 @@
- fi
- if test -z "$no_libsun"; then
- echo $ac_n "checking for getpwnam in -lsun""... $ac_c" 1>&6
--echo "configure:4039: checking for getpwnam in -lsun" >&5
-+echo "configure:4103: checking for getpwnam in -lsun" >&5
- ac_lib_var=`echo sun'_'getpwnam | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -4043,7 +4107,7 @@
- ac_save_LIBS="$LIBS"
- LIBS="-lsun $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 4047 "configure"
-+#line 4111 "configure"
- #include "confdefs.h"
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
-@@ -4054,7 +4118,7 @@
- getpwnam()
- ; return 0; }
- EOF
--if { (eval echo configure:4058: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:4122: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -4084,7 +4148,7 @@
- fi
- if test -z "$no_libbsd"; then
- echo $ac_n "checking for openpty in -lbsd""... $ac_c" 1>&6
--echo "configure:4088: checking for openpty in -lbsd" >&5
-+echo "configure:4152: checking for openpty in -lbsd" >&5
- ac_lib_var=`echo bsd'_'openpty | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -4092,7 +4156,7 @@
- ac_save_LIBS="$LIBS"
- LIBS="-lbsd $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 4096 "configure"
-+#line 4160 "configure"
- #include "confdefs.h"
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
-@@ -4103,7 +4167,7 @@
- openpty()
- ; return 0; }
- EOF
--if { (eval echo configure:4107: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:4171: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -4132,7 +4196,7 @@
-
- fi
- echo $ac_n "checking for login in -lutil""... $ac_c" 1>&6
--echo "configure:4136: checking for login in -lutil" >&5
-+echo "configure:4200: checking for login in -lutil" >&5
- ac_lib_var=`echo util'_'login | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -4140,7 +4204,7 @@
- ac_save_LIBS="$LIBS"
- LIBS="-lutil $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 4144 "configure"
-+#line 4208 "configure"
- #include "confdefs.h"
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
-@@ -4151,7 +4215,7 @@
- login()
- ; return 0; }
- EOF
--if { (eval echo configure:4155: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:4219: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -4180,12 +4244,12 @@
- for ac_func in vhangup
- do
- echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
--echo "configure:4184: checking for $ac_func" >&5
-+echo "configure:4248: checking for $ac_func" >&5
- if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 4189 "configure"
-+#line 4253 "configure"
- #include "confdefs.h"
- /* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $ac_func(); below. */
-@@ -4208,7 +4272,7 @@
-
- ; return 0; }
- EOF
--if { (eval echo configure:4212: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:4276: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_func_$ac_func=yes"
- else
-@@ -4238,12 +4302,12 @@
- for ac_func in setsid
- do
- echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
--echo "configure:4242: checking for $ac_func" >&5
-+echo "configure:4306: checking for $ac_func" >&5
- if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 4247 "configure"
-+#line 4311 "configure"
- #include "confdefs.h"
- /* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $ac_func(); below. */
-@@ -4266,7 +4330,7 @@
-
- ; return 0; }
- EOF
--if { (eval echo configure:4270: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:4334: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_func_$ac_func=yes"
- else
-@@ -4295,12 +4359,12 @@
- for ac_func in gettimeofday times getrusage ftruncate revoke makeutx
- do
- echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
--echo "configure:4299: checking for $ac_func" >&5
-+echo "configure:4363: checking for $ac_func" >&5
- if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 4304 "configure"
-+#line 4368 "configure"
- #include "confdefs.h"
- /* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $ac_func(); below. */
-@@ -4323,7 +4387,7 @@
-
- ; return 0; }
- EOF
--if { (eval echo configure:4327: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:4391: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_func_$ac_func=yes"
- else
-@@ -4350,12 +4414,12 @@
- for ac_func in strchr memcpy setlogin openpty _getpty clock fchmod ulimit
- do
- echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
--echo "configure:4354: checking for $ac_func" >&5
-+echo "configure:4418: checking for $ac_func" >&5
- if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 4359 "configure"
-+#line 4423 "configure"
- #include "confdefs.h"
- /* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $ac_func(); below. */
-@@ -4378,7 +4442,7 @@
-
- ; return 0; }
- EOF
--if { (eval echo configure:4382: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:4446: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_func_$ac_func=yes"
- else
-@@ -4405,12 +4469,12 @@
- for ac_func in gethostname getdtablesize umask innetgr initgroups setpgrp
- do
- echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
--echo "configure:4409: checking for $ac_func" >&5
-+echo "configure:4473: checking for $ac_func" >&5
- if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 4414 "configure"
-+#line 4478 "configure"
- #include "confdefs.h"
- /* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $ac_func(); below. */
-@@ -4433,7 +4497,7 @@
-
- ; return 0; }
- EOF
--if { (eval echo configure:4437: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:4501: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_func_$ac_func=yes"
- else
-@@ -4460,12 +4524,12 @@
- for ac_func in setpgid daemon waitpid ttyslot authenticate getpt isastream
- do
- echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
--echo "configure:4464: checking for $ac_func" >&5
-+echo "configure:4528: checking for $ac_func" >&5
- if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 4469 "configure"
-+#line 4533 "configure"
- #include "confdefs.h"
- /* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $ac_func(); below. */
-@@ -4488,7 +4552,7 @@
-
- ; return 0; }
- EOF
--if { (eval echo configure:4492: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:4556: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_func_$ac_func=yes"
- else
-@@ -4516,12 +4580,12 @@
- for ac_func in strerror memmove remove random putenv crypt socketpair snprintf
- do
- echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
--echo "configure:4520: checking for $ac_func" >&5
-+echo "configure:4584: checking for $ac_func" >&5
- if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 4525 "configure"
-+#line 4589 "configure"
- #include "confdefs.h"
- /* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $ac_func(); below. */
-@@ -4544,7 +4608,7 @@
-
- ; return 0; }
- EOF
--if { (eval echo configure:4548: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:4612: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_func_$ac_func=yes"
- else
-@@ -4565,14 +4629,14 @@
-
- else
- echo "$ac_t""no" 1>&6
--LIBOBJS="$LIBOBJS ${ac_func}.o"
-+LIBOBJS="$LIBOBJS ${ac_func}.${ac_objext}"
- fi
- done
-
-
-
- echo $ac_n "checking whether ln -s works""... $ac_c" 1>&6
--echo "configure:4576: checking whether ln -s works" >&5
-+echo "configure:4640: checking whether ln -s works" >&5
- if eval "test \"`echo '$''{'ac_cv_prog_LN_S'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
-@@ -4599,28 +4663,30 @@
- # SunOS /usr/etc/install
- # IRIX /sbin/install
- # AIX /bin/install
-+# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
- # AFS /usr/afsws/bin/install, which mishandles nonexistent args
- # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
- # ./install, which can be erroneously created by make from ./install.sh.
- echo $ac_n "checking for a BSD compatible install""... $ac_c" 1>&6
--echo "configure:4607: checking for a BSD compatible install" >&5
-+echo "configure:4672: checking for a BSD compatible install" >&5
- if test -z "$INSTALL"; then
- if eval "test \"`echo '$''{'ac_cv_path_install'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
-- IFS="${IFS= }"; ac_save_IFS="$IFS"; IFS="${IFS}:"
-+ IFS="${IFS= }"; ac_save_IFS="$IFS"; IFS=":"
- for ac_dir in $PATH; do
- # Account for people who put trailing slashes in PATH elements.
- case "$ac_dir/" in
- /|./|.//|/etc/*|/usr/sbin/*|/usr/etc/*|/sbin/*|/usr/afsws/bin/*|/usr/ucb/*) ;;
- *)
- # OSF1 and SCO ODT 3.0 have their own names for install.
-- for ac_prog in ginstall installbsd scoinst install; do
-+ # Don't use installbsd from OSF since it installs stuff as root
-+ # by default.
-+ for ac_prog in ginstall scoinst install; do
- if test -f $ac_dir/$ac_prog; then
- if test $ac_prog = install &&
- grep dspmsg $ac_dir/$ac_prog >/dev/null 2>&1; then
- # AIX install. It has an incompatible calling convention.
-- # OSF/1 installbsd also uses dspmsg, but is usable.
- :
- else
- ac_cv_path_install="$ac_dir/$ac_prog -c"
-@@ -4650,20 +4716,23 @@
- # It thinks the first close brace ends the variable substitution.
- test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
-
-+test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL_PROGRAM}'
-+
- test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
-
- # Extract the first word of "ar", so it can be a program name with args.
- set dummy ar; ac_word=$2
- echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
--echo "configure:4659: checking for $ac_word" >&5
-+echo "configure:4727: checking for $ac_word" >&5
- if eval "test \"`echo '$''{'ac_cv_prog_AR'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- if test -n "$AR"; then
- ac_cv_prog_AR="$AR" # Let the user override the test.
- else
-- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:"
-- for ac_dir in $PATH; do
-+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":"
-+ ac_dummy="$PATH"
-+ for ac_dir in $ac_dummy; do
- test -z "$ac_dir" && ac_dir=.
- if test -f $ac_dir/$ac_word; then
- ac_cv_prog_AR="ar"
-@@ -4685,15 +4754,16 @@
- # Extract the first word of "ranlib", so it can be a program name with args.
- set dummy ranlib; ac_word=$2
- echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
--echo "configure:4689: checking for $ac_word" >&5
-+echo "configure:4758: checking for $ac_word" >&5
- if eval "test \"`echo '$''{'ac_cv_prog_RANLIB'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- if test -n "$RANLIB"; then
- ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
- else
-- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:"
-- for ac_dir in $PATH; do
-+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":"
-+ ac_dummy="$PATH"
-+ for ac_dir in $ac_dummy; do
- test -z "$ac_dir" && ac_dir=.
- if test -f $ac_dir/$ac_word; then
- ac_cv_prog_RANLIB="ranlib"
-@@ -4719,15 +4789,16 @@
- # Extract the first word of "$ac_prog", so it can be a program name with args.
- set dummy $ac_prog; ac_word=$2
- echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
--echo "configure:4723: checking for $ac_word" >&5
-+echo "configure:4793: checking for $ac_word" >&5
- if eval "test \"`echo '$''{'ac_cv_prog_MAKEDEP'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- if test -n "$MAKEDEP"; then
- ac_cv_prog_MAKEDEP="$MAKEDEP" # Let the user override the test.
- else
-- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:"
-- for ac_dir in $PATH; do
-+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":"
-+ ac_dummy="$PATH"
-+ for ac_dir in $ac_dummy; do
- test -z "$ac_dir" && ac_dir=.
- if test -f $ac_dir/$ac_word; then
- ac_cv_prog_MAKEDEP="$ac_prog"
-@@ -4754,7 +4825,7 @@
- # Uses ac_ vars as temps to allow command line to override cache and checks.
- # --without-x overrides everything else, but does not touch the cache.
- echo $ac_n "checking for X""... $ac_c" 1>&6
--echo "configure:4758: checking for X" >&5
-+echo "configure:4829: checking for X" >&5
-
- # Check whether --with-x or --without-x was given.
- if test "${with_x+set}" = set; then
-@@ -4816,13 +4887,13 @@
-
- # First, try using that file with no special directory specified.
- cat > conftest.$ac_ext <<EOF
--#line 4820 "configure"
-+#line 4891 "configure"
- #include "confdefs.h"
- #include <$x_direct_test_include>
- EOF
- ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
--{ (eval echo configure:4825: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
--ac_err=`grep -v '^ *+' conftest.out`
-+{ (eval echo configure:4896: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
- if test -z "$ac_err"; then
- rm -rf conftest*
- # We can compile using X headers with no special include directory.
-@@ -4890,14 +4961,14 @@
- ac_save_LIBS="$LIBS"
- LIBS="-l$x_direct_test_library $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 4894 "configure"
-+#line 4965 "configure"
- #include "confdefs.h"
-
- int main() {
- ${x_direct_test_function}()
- ; return 0; }
- EOF
--if { (eval echo configure:4901: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:4972: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- LIBS="$ac_save_LIBS"
- # We can link X programs with no special library path.
-@@ -5003,17 +5074,17 @@
- case "`(uname -sr) 2>/dev/null`" in
- "SunOS 5"*)
- echo $ac_n "checking whether -R must be followed by a space""... $ac_c" 1>&6
--echo "configure:5007: checking whether -R must be followed by a space" >&5
-+echo "configure:5078: checking whether -R must be followed by a space" >&5
- ac_xsave_LIBS="$LIBS"; LIBS="$LIBS -R$x_libraries"
- cat > conftest.$ac_ext <<EOF
--#line 5010 "configure"
-+#line 5081 "configure"
- #include "confdefs.h"
-
- int main() {
-
- ; return 0; }
- EOF
--if { (eval echo configure:5017: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:5088: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- ac_R_nospace=yes
- else
-@@ -5029,14 +5100,14 @@
- else
- LIBS="$ac_xsave_LIBS -R $x_libraries"
- cat > conftest.$ac_ext <<EOF
--#line 5033 "configure"
-+#line 5104 "configure"
- #include "confdefs.h"
-
- int main() {
-
- ; return 0; }
- EOF
--if { (eval echo configure:5040: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:5111: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- ac_R_space=yes
- else
-@@ -5068,7 +5139,7 @@
- # libraries were built with DECnet support. And karl@cs.umb.edu says
- # the Alpha needs dnet_stub (dnet does not exist).
- echo $ac_n "checking for dnet_ntoa in -ldnet""... $ac_c" 1>&6
--echo "configure:5072: checking for dnet_ntoa in -ldnet" >&5
-+echo "configure:5143: checking for dnet_ntoa in -ldnet" >&5
- ac_lib_var=`echo dnet'_'dnet_ntoa | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -5076,7 +5147,7 @@
- ac_save_LIBS="$LIBS"
- LIBS="-ldnet $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 5080 "configure"
-+#line 5151 "configure"
- #include "confdefs.h"
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
-@@ -5087,7 +5158,7 @@
- dnet_ntoa()
- ; return 0; }
- EOF
--if { (eval echo configure:5091: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:5162: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -5109,7 +5180,7 @@
-
- if test $ac_cv_lib_dnet_dnet_ntoa = no; then
- echo $ac_n "checking for dnet_ntoa in -ldnet_stub""... $ac_c" 1>&6
--echo "configure:5113: checking for dnet_ntoa in -ldnet_stub" >&5
-+echo "configure:5184: checking for dnet_ntoa in -ldnet_stub" >&5
- ac_lib_var=`echo dnet_stub'_'dnet_ntoa | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -5117,7 +5188,7 @@
- ac_save_LIBS="$LIBS"
- LIBS="-ldnet_stub $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 5121 "configure"
-+#line 5192 "configure"
- #include "confdefs.h"
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
-@@ -5128,7 +5199,7 @@
- dnet_ntoa()
- ; return 0; }
- EOF
--if { (eval echo configure:5132: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:5203: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -5157,12 +5228,12 @@
- # The nsl library prevents programs from opening the X display
- # on Irix 5.2, according to dickey@clark.net.
- echo $ac_n "checking for gethostbyname""... $ac_c" 1>&6
--echo "configure:5161: checking for gethostbyname" >&5
-+echo "configure:5232: checking for gethostbyname" >&5
- if eval "test \"`echo '$''{'ac_cv_func_gethostbyname'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 5166 "configure"
-+#line 5237 "configure"
- #include "confdefs.h"
- /* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char gethostbyname(); below. */
-@@ -5185,7 +5256,7 @@
-
- ; return 0; }
- EOF
--if { (eval echo configure:5189: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:5260: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_func_gethostbyname=yes"
- else
-@@ -5206,7 +5277,7 @@
-
- if test $ac_cv_func_gethostbyname = no; then
- echo $ac_n "checking for gethostbyname in -lnsl""... $ac_c" 1>&6
--echo "configure:5210: checking for gethostbyname in -lnsl" >&5
-+echo "configure:5281: checking for gethostbyname in -lnsl" >&5
- ac_lib_var=`echo nsl'_'gethostbyname | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -5214,7 +5285,7 @@
- ac_save_LIBS="$LIBS"
- LIBS="-lnsl $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 5218 "configure"
-+#line 5289 "configure"
- #include "confdefs.h"
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
-@@ -5225,7 +5296,7 @@
- gethostbyname()
- ; return 0; }
- EOF
--if { (eval echo configure:5229: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:5300: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -5255,12 +5326,12 @@
- # -lsocket must be given before -lnsl if both are needed.
- # We assume that if connect needs -lnsl, so does gethostbyname.
- echo $ac_n "checking for connect""... $ac_c" 1>&6
--echo "configure:5259: checking for connect" >&5
-+echo "configure:5330: checking for connect" >&5
- if eval "test \"`echo '$''{'ac_cv_func_connect'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 5264 "configure"
-+#line 5335 "configure"
- #include "confdefs.h"
- /* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char connect(); below. */
-@@ -5283,7 +5354,7 @@
-
- ; return 0; }
- EOF
--if { (eval echo configure:5287: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:5358: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_func_connect=yes"
- else
-@@ -5304,7 +5375,7 @@
-
- if test $ac_cv_func_connect = no; then
- echo $ac_n "checking for connect in -lsocket""... $ac_c" 1>&6
--echo "configure:5308: checking for connect in -lsocket" >&5
-+echo "configure:5379: checking for connect in -lsocket" >&5
- ac_lib_var=`echo socket'_'connect | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -5312,7 +5383,7 @@
- ac_save_LIBS="$LIBS"
- LIBS="-lsocket $X_EXTRA_LIBS $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 5316 "configure"
-+#line 5387 "configure"
- #include "confdefs.h"
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
-@@ -5323,7 +5394,7 @@
- connect()
- ; return 0; }
- EOF
--if { (eval echo configure:5327: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:5398: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -5347,12 +5418,12 @@
-
- # gomez@mi.uni-erlangen.de says -lposix is necessary on A/UX.
- echo $ac_n "checking for remove""... $ac_c" 1>&6
--echo "configure:5351: checking for remove" >&5
-+echo "configure:5422: checking for remove" >&5
- if eval "test \"`echo '$''{'ac_cv_func_remove'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 5356 "configure"
-+#line 5427 "configure"
- #include "confdefs.h"
- /* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char remove(); below. */
-@@ -5375,7 +5446,7 @@
-
- ; return 0; }
- EOF
--if { (eval echo configure:5379: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:5450: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_func_remove=yes"
- else
-@@ -5396,7 +5467,7 @@
-
- if test $ac_cv_func_remove = no; then
- echo $ac_n "checking for remove in -lposix""... $ac_c" 1>&6
--echo "configure:5400: checking for remove in -lposix" >&5
-+echo "configure:5471: checking for remove in -lposix" >&5
- ac_lib_var=`echo posix'_'remove | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -5404,7 +5475,7 @@
- ac_save_LIBS="$LIBS"
- LIBS="-lposix $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 5408 "configure"
-+#line 5479 "configure"
- #include "confdefs.h"
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
-@@ -5415,7 +5486,7 @@
- remove()
- ; return 0; }
- EOF
--if { (eval echo configure:5419: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:5490: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -5439,12 +5510,12 @@
-
- # BSDI BSD/OS 2.1 needs -lipc for XOpenDisplay.
- echo $ac_n "checking for shmat""... $ac_c" 1>&6
--echo "configure:5443: checking for shmat" >&5
-+echo "configure:5514: checking for shmat" >&5
- if eval "test \"`echo '$''{'ac_cv_func_shmat'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 5448 "configure"
-+#line 5519 "configure"
- #include "confdefs.h"
- /* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char shmat(); below. */
-@@ -5467,7 +5538,7 @@
-
- ; return 0; }
- EOF
--if { (eval echo configure:5471: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:5542: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_func_shmat=yes"
- else
-@@ -5488,7 +5559,7 @@
-
- if test $ac_cv_func_shmat = no; then
- echo $ac_n "checking for shmat in -lipc""... $ac_c" 1>&6
--echo "configure:5492: checking for shmat in -lipc" >&5
-+echo "configure:5563: checking for shmat in -lipc" >&5
- ac_lib_var=`echo ipc'_'shmat | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -5496,7 +5567,7 @@
- ac_save_LIBS="$LIBS"
- LIBS="-lipc $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 5500 "configure"
-+#line 5571 "configure"
- #include "confdefs.h"
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
-@@ -5507,7 +5578,7 @@
- shmat()
- ; return 0; }
- EOF
--if { (eval echo configure:5511: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:5582: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -5540,15 +5611,15 @@
- # libraries we check for below, so use a different variable.
- # --interran@uluru.Stanford.EDU, kb@cs.umb.edu.
- echo $ac_n "checking for IceConnectionNumber in -lICE""... $ac_c" 1>&6
--echo "configure:5544: checking for IceConnectionNumber in -lICE" >&5
-+echo "configure:5615: checking for IceConnectionNumber in -lICE" >&5
- ac_lib_var=`echo ICE'_'IceConnectionNumber | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- ac_save_LIBS="$LIBS"
--LIBS="-lICE $LIBS"
-+LIBS="-lICE $X_EXTRA_LIBS $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 5552 "configure"
-+#line 5623 "configure"
- #include "confdefs.h"
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
-@@ -5559,7 +5630,7 @@
- IceConnectionNumber()
- ; return 0; }
- EOF
--if { (eval echo configure:5563: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:5634: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -5587,7 +5658,7 @@
- # Extract the first word of "passwd", so it can be a program name with args.
- set dummy passwd; ac_word=$2
- echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
--echo "configure:5591: checking for $ac_word" >&5
-+echo "configure:5662: checking for $ac_word" >&5
- if eval "test \"`echo '$''{'ac_cv_path_PASSWD_PATH'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
-@@ -5595,9 +5666,13 @@
- /*)
- ac_cv_path_PASSWD_PATH="$PASSWD_PATH" # Let the user override the test with a path.
- ;;
-+ ?:/*)
-+ ac_cv_path_PASSWD_PATH="$PASSWD_PATH" # Let the user override the test with a dos path.
-+ ;;
- *)
-- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:"
-- for ac_dir in $PATH; do
-+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":"
-+ ac_dummy="$PATH"
-+ for ac_dir in $ac_dummy; do
- test -z "$ac_dir" && ac_dir=.
- if test -f $ac_dir/$ac_word; then
- ac_cv_path_PASSWD_PATH="$ac_dir/$ac_word"
-@@ -5625,7 +5700,7 @@
- # Extract the first word of "xauth", so it can be a program name with args.
- set dummy xauth; ac_word=$2
- echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
--echo "configure:5629: checking for $ac_word" >&5
-+echo "configure:5704: checking for $ac_word" >&5
- if eval "test \"`echo '$''{'ac_cv_path_XAUTH_PATH'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
-@@ -5633,9 +5708,13 @@
- /*)
- ac_cv_path_XAUTH_PATH="$XAUTH_PATH" # Let the user override the test with a path.
- ;;
-+ ?:/*)
-+ ac_cv_path_XAUTH_PATH="$XAUTH_PATH" # Let the user override the test with a dos path.
-+ ;;
- *)
-- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:"
-- for ac_dir in $PATH; do
-+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":"
-+ ac_dummy="$PATH"
-+ for ac_dir in $ac_dummy; do
- test -z "$ac_dir" && ac_dir=.
- if test -f $ac_dir/$ac_word; then
- ac_cv_path_XAUTH_PATH="$ac_dir/$ac_word"
-@@ -5669,7 +5748,7 @@
- X_PROGRAMS="ssh-askpass"
- fi
- echo $ac_n "checking for X11 unix domain socket directory""... $ac_c" 1>&6
--echo "configure:5673: checking for X11 unix domain socket directory" >&5
-+echo "configure:5752: checking for X11 unix domain socket directory" >&5
-
- if test '!' -d /tmp/.X11-unix; then
- if test -d /var/X/.X11-unix; then
-@@ -5698,7 +5777,7 @@
- # Extract the first word of "$ac_prog", so it can be a program name with args.
- set dummy $ac_prog; ac_word=$2
- echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
--echo "configure:5702: checking for $ac_word" >&5
-+echo "configure:5781: checking for $ac_word" >&5
- if eval "test \"`echo '$''{'ac_cv_path_PERL'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
-@@ -5706,9 +5785,13 @@
- /*)
- ac_cv_path_PERL="$PERL" # Let the user override the test with a path.
- ;;
-+ ?:/*)
-+ ac_cv_path_PERL="$PERL" # Let the user override the test with a dos path.
-+ ;;
- *)
-- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:"
-- for ac_dir in $PATH; do
-+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":"
-+ ac_dummy="$PATH"
-+ for ac_dir in $ac_dummy; do
- test -z "$ac_dir" && ac_dir=.
- if test -f $ac_dir/$ac_word; then
- ac_cv_path_PERL="$ac_dir/$ac_word"
-@@ -5739,12 +5822,12 @@
- for ac_func in getpseudotty
- do
- echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
--echo "configure:5743: checking for $ac_func" >&5
-+echo "configure:5826: checking for $ac_func" >&5
- if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 5748 "configure"
-+#line 5831 "configure"
- #include "confdefs.h"
- /* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $ac_func(); below. */
-@@ -5767,7 +5850,7 @@
-
- ; return 0; }
- EOF
--if { (eval echo configure:5771: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:5854: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_func_$ac_func=yes"
- else
-@@ -5792,7 +5875,7 @@
- done
-
- echo $ac_n "checking for pseudo ttys""... $ac_c" 1>&6
--echo "configure:5796: checking for pseudo ttys" >&5
-+echo "configure:5879: checking for pseudo ttys" >&5
- if test -c /dev/getpty && test $ac_cv_func_getpseudotty = yes
- then
- cat >> confdefs.h <<\EOF
-@@ -5832,7 +5915,7 @@
- fi
-
- echo $ac_n "checking for /etc/default/login""... $ac_c" 1>&6
--echo "configure:5836: checking for /etc/default/login" >&5
-+echo "configure:5919: checking for /etc/default/login" >&5
- if test -f /etc/default/login; then
- cat >> confdefs.h <<\EOF
- #define HAVE_ETC_DEFAULT_LOGIN 1
-@@ -5845,7 +5928,7 @@
-
- if test -z "$no_shadows_password_checking"; then
- echo $ac_n "checking for shadow passwords""... $ac_c" 1>&6
--echo "configure:5849: checking for shadow passwords" >&5
-+echo "configure:5932: checking for shadow passwords" >&5
- if test -f /etc/shadow; then
- # If we don't have shadow.h, this might be some nonstandard
- # kludging... So better check it out.
-@@ -5859,7 +5942,7 @@
- # have getspent in a system library. However, a libshadow.a library
- # contaning these is publicly available.
- echo $ac_n "checking for getspent in -lshadow""... $ac_c" 1>&6
--echo "configure:5863: checking for getspent in -lshadow" >&5
-+echo "configure:5946: checking for getspent in -lshadow" >&5
- ac_lib_var=`echo shadow'_'getspent | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -5867,7 +5950,7 @@
- ac_save_LIBS="$LIBS"
- LIBS="-lshadow $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 5871 "configure"
-+#line 5954 "configure"
- #include "confdefs.h"
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
-@@ -5878,7 +5961,7 @@
- getspent()
- ; return 0; }
- EOF
--if { (eval echo configure:5882: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:5965: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -5906,9 +5989,9 @@
- fi
-
- echo $ac_n "checking whether spwd have sp_expire field""... $ac_c" 1>&6
--echo "configure:5910: checking whether spwd have sp_expire field" >&5
-+echo "configure:5993: checking whether spwd have sp_expire field" >&5
- cat > conftest.$ac_ext <<EOF
--#line 5912 "configure"
-+#line 5995 "configure"
- #include "confdefs.h"
- #include <shadow.h>
- EOF
-@@ -5927,9 +6010,9 @@
- rm -f conftest*
-
- echo $ac_n "checking whether spwd have sp_inact field""... $ac_c" 1>&6
--echo "configure:5931: checking whether spwd have sp_inact field" >&5
-+echo "configure:6014: checking whether spwd have sp_inact field" >&5
- cat > conftest.$ac_ext <<EOF
--#line 5933 "configure"
-+#line 6016 "configure"
- #include "confdefs.h"
- #include <shadow.h>
- EOF
-@@ -5968,7 +6051,7 @@
- fi
-
- echo $ac_n "checking location of mail spool files""... $ac_c" 1>&6
--echo "configure:5972: checking location of mail spool files" >&5
-+echo "configure:6055: checking location of mail spool files" >&5
- for dir in /var/spool/mail /var/mail /usr/spool/mail /usr/mail FILE
- do
- if test "$dir" = "FILE"; then
-@@ -6007,7 +6090,7 @@
- done
-
- echo $ac_n "checking location of utmp""... $ac_c" 1>&6
--echo "configure:6011: checking location of utmp" >&5
-+echo "configure:6094: checking location of utmp" >&5
- if test -f /var/run/utmp; then
- cat >> confdefs.h <<\EOF
- #define SSH_UTMP "/var/run/utmp"
-@@ -6043,7 +6126,7 @@
- fi
-
- echo $ac_n "checking location of wtmp""... $ac_c" 1>&6
--echo "configure:6047: checking location of wtmp" >&5
-+echo "configure:6130: checking location of wtmp" >&5
- if test -f /var/log/wtmp; then
- cat >> confdefs.h <<\EOF
- #define SSH_WTMP "/var/log/wtmp"
-@@ -6077,7 +6160,7 @@
- fi
-
- echo $ac_n "checking location of lastlog""... $ac_c" 1>&6
--echo "configure:6081: checking location of lastlog" >&5
-+echo "configure:6164: checking location of lastlog" >&5
- if test -f /var/log/lastlog || test -d /var/log/lastlog; then
- cat >> confdefs.h <<\EOF
- #define SSH_LASTLOG "/var/log/lastlog"
-@@ -6132,7 +6215,7 @@
- fi
-
- echo $ac_n "checking whether $LASTLOG is a directory""... $ac_c" 1>&6
--echo "configure:6136: checking whether $LASTLOG is a directory" >&5
-+echo "configure:6219: checking whether $LASTLOG is a directory" >&5
- if test -d $LASTLOG
- then
- echo "$ac_t""yes" 1>&6
-@@ -6145,7 +6228,7 @@
- fi
-
- echo $ac_n "checking whether to include the IDEA encryption algorithm""... $ac_c" 1>&6
--echo "configure:6149: checking whether to include the IDEA encryption algorithm" >&5
-+echo "configure:6232: checking whether to include the IDEA encryption algorithm" >&5
- # Check whether --with-idea or --without-idea was given.
- if test "${with_idea+set}" = set; then
- withval="$with_idea"
-@@ -6179,7 +6262,7 @@
-
-
- echo $ac_n "checking whether to include the Blowfish encryption algorithm""... $ac_c" 1>&6
--echo "configure:6183: checking whether to include the Blowfish encryption algorithm" >&5
-+echo "configure:6266: checking whether to include the Blowfish encryption algorithm" >&5
- # Check whether --with-blowfish or --without-blowfish was given.
- if test "${with_blowfish+set}" = set; then
- withval="$with_blowfish"
-@@ -6206,7 +6289,7 @@
-
-
- echo $ac_n "checking whether to include the DES encryption algorithm""... $ac_c" 1>&6
--echo "configure:6210: checking whether to include the DES encryption algorithm" >&5
-+echo "configure:6293: checking whether to include the DES encryption algorithm" >&5
- # Check whether --with-des or --without-des was given.
- if test "${with_des+set}" = set; then
- withval="$with_des"
-@@ -6229,7 +6312,7 @@
-
-
- echo $ac_n "checking whether to include the ARCFOUR encryption algorithm""... $ac_c" 1>&6
--echo "configure:6233: checking whether to include the ARCFOUR encryption algorithm" >&5
-+echo "configure:6316: checking whether to include the ARCFOUR encryption algorithm" >&5
- # Check whether --with-arcfour or --without-arcfour was given.
- if test "${with_arcfour+set}" = set; then
- withval="$with_arcfour"
-@@ -6252,7 +6335,7 @@
-
-
- echo $ac_n "checking whether to include the none encryption algorithm""... $ac_c" 1>&6
--echo "configure:6256: checking whether to include the none encryption algorithm" >&5
-+echo "configure:6339: checking whether to include the none encryption algorithm" >&5
- # Check whether --with-none or --without-none was given.
- if test "${with_none+set}" = set; then
- withval="$with_none"
-@@ -6275,7 +6358,7 @@
-
-
- echo $ac_n "checking whether to use login""... $ac_c" 1>&6
--echo "configure:6279: checking whether to use login" >&5
-+echo "configure:6362: checking whether to use login" >&5
- # Check whether --with-login or --without-login was given.
- if test "${with_login+set}" = set; then
- withval="$with_login"
-@@ -6290,7 +6373,7 @@
- # Extract the first word of "$ac_prog", so it can be a program name with args.
- set dummy $ac_prog; ac_word=$2
- echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
--echo "configure:6294: checking for $ac_word" >&5
-+echo "configure:6377: checking for $ac_word" >&5
- if eval "test \"`echo '$''{'ac_cv_path_PATH_LOGIN'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
-@@ -6298,9 +6381,13 @@
- /*)
- ac_cv_path_PATH_LOGIN="$PATH_LOGIN" # Let the user override the test with a path.
- ;;
-+ ?:/*)
-+ ac_cv_path_PATH_LOGIN="$PATH_LOGIN" # Let the user override the test with a dos path.
-+ ;;
- *)
-- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:"
-- for ac_dir in $PATH; do
-+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":"
-+ ac_dummy="$PATH"
-+ for ac_dir in $ac_dummy; do
- test -z "$ac_dir" && ac_dir=.
- if test -f $ac_dir/$ac_word; then
- ac_cv_path_PATH_LOGIN="$ac_dir/$ac_word"
-@@ -6349,7 +6436,7 @@
-
-
- echo $ac_n "checking whether to use rsh""... $ac_c" 1>&6
--echo "configure:6353: checking whether to use rsh" >&5
-+echo "configure:6440: checking whether to use rsh" >&5
- # Check whether --with-rsh or --without-rsh was given.
- if test "${with_rsh+set}" = set; then
- withval="$with_rsh"
-@@ -6364,7 +6451,7 @@
- # Extract the first word of "$ac_prog", so it can be a program name with args.
- set dummy $ac_prog; ac_word=$2
- echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
--echo "configure:6368: checking for $ac_word" >&5
-+echo "configure:6455: checking for $ac_word" >&5
- if eval "test \"`echo '$''{'ac_cv_path_RSH_PATH'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
-@@ -6372,9 +6459,13 @@
- /*)
- ac_cv_path_RSH_PATH="$RSH_PATH" # Let the user override the test with a path.
- ;;
-+ ?:/*)
-+ ac_cv_path_RSH_PATH="$RSH_PATH" # Let the user override the test with a dos path.
-+ ;;
- *)
-- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:"
-- for ac_dir in $PATH; do
-+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":"
-+ ac_dummy="$PATH"
-+ for ac_dir in $ac_dummy; do
- test -z "$ac_dir" && ac_dir=.
- if test -f $ac_dir/$ac_word; then
- ac_cv_path_RSH_PATH="$ac_dir/$ac_word"
-@@ -6416,7 +6507,7 @@
- # Extract the first word of "$ac_prog", so it can be a program name with args.
- set dummy $ac_prog; ac_word=$2
- echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
--echo "configure:6420: checking for $ac_word" >&5
-+echo "configure:6511: checking for $ac_word" >&5
- if eval "test \"`echo '$''{'ac_cv_path_RSH_PATH'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
-@@ -6424,9 +6515,13 @@
- /*)
- ac_cv_path_RSH_PATH="$RSH_PATH" # Let the user override the test with a path.
- ;;
-+ ?:/*)
-+ ac_cv_path_RSH_PATH="$RSH_PATH" # Let the user override the test with a dos path.
-+ ;;
- *)
-- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:"
-- for ac_dir in $PATH; do
-+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":"
-+ ac_dummy="$PATH"
-+ for ac_dir in $ac_dummy; do
- test -z "$ac_dir" && ac_dir=.
- if test -f $ac_dir/$ac_word; then
- ac_cv_path_RSH_PATH="$ac_dir/$ac_word"
-@@ -6465,7 +6560,7 @@
-
- # Code to permit setting default path for users (alden@math.ohio-state.edu)
- echo $ac_n "checking default path""... $ac_c" 1>&6
--echo "configure:6469: checking default path" >&5
-+echo "configure:6564: checking default path" >&5
- # Check whether --with-path or --without-path was given.
- if test "${with_path+set}" = set; then
- withval="$with_path"
-@@ -6488,7 +6583,7 @@
-
-
- echo $ac_n "checking etcdir""... $ac_c" 1>&6
--echo "configure:6492: checking etcdir" >&5
-+echo "configure:6587: checking etcdir" >&5
- # Check whether --with-etcdir or --without-etcdir was given.
- if test "${with_etcdir+set}" = set; then
- withval="$with_etcdir"
-@@ -6513,7 +6608,7 @@
-
-
- echo $ac_n "checking whether to use nologin.allow file to override nologin""... $ac_c" 1>&6
--echo "configure:6517: checking whether to use nologin.allow file to override nologin" >&5
-+echo "configure:6612: checking whether to use nologin.allow file to override nologin" >&5
- # Check whether --with-nologin-allow or --without-nologin-allow was given.
- if test "${with_nologin_allow+set}" = set; then
- withval="$with_nologin_allow"
-@@ -6543,7 +6638,7 @@
-
-
- echo $ac_n "checking whether to support SecurID""... $ac_c" 1>&6
--echo "configure:6547: checking whether to support SecurID" >&5
-+echo "configure:6642: checking whether to support SecurID" >&5
- # Check whether --with-securid or --without-securid was given.
- if test "${with_securid+set}" = set; then
- withval="$with_securid"
-@@ -6586,7 +6681,7 @@
-
-
- echo $ac_n "checking whether to support TIS authentication server""... $ac_c" 1>&6
--echo "configure:6590: checking whether to support TIS authentication server" >&5
-+echo "configure:6685: checking whether to support TIS authentication server" >&5
- # Check whether --with-tis or --without-tis was given.
- if test "${with_tis+set}" = set; then
- withval="$with_tis"
-@@ -6604,8 +6699,8 @@
- #define HAVE_TIS 1
- EOF
-
-- CFLAGS="$CFLAGS -I$withval -DHAVE_TIS"
-- LIBS="-L$withval -lauth -lfwall $LIBS"
-+ CFLAGS="$CFLAGS -I$withval/include -DHAVE_TIS"
-+ LIBS="-L$withval/lib -lauth -lfwall $LIBS"
- echo "configure: warning: Remember to read README.TIS. The connection between sshd and TIS authentication
- server is clear text!" 1>&2
- ;;
-@@ -6616,40 +6711,138 @@
- fi
-
-
--echo $ac_n "checking whether to use Kerberos""... $ac_c" 1>&6
--echo "configure:6621: checking whether to use Kerberos" >&5
--# Check whether --with-kerberos5 or --without-kerberos5 was given.
--if test "${with_kerberos5+set}" = set; then
-- withval="$with_kerberos5"
-+echo $ac_n "checking whether to use Kerberos v4""... $ac_c" 1>&6
-+echo "configure:6716: checking whether to use Kerberos v4" >&5
-+# Check whether --with-krb4 or --without-krb4 was given.
-+if test "${with_krb4+set}" = set; then
-+ withval="$with_krb4"
- case "$withval" in
- yes)
-- with_kerberos5=/usr/local
-+ with_krb4=/usr/kerberos
- ;;
- esac
- else
-- with_kerberos5=no
-+ with_krb4=no
-
- fi
-
--case "$with_kerberos5" in
-+case "$with_krb4" in
- no)
- echo "$ac_t""no" 1>&6
- ;;
- *)
- echo "$ac_t""yes" 1>&6
- cat >> confdefs.h <<\EOF
--#define KERBEROS 1
-+#define KRB4 1
-+EOF
-+
-+ KERBEROS_ROOT="$with_krb4"
-+ KERBEROS_INCS="-I${KERBEROS_ROOT}/include/kerberosIV"
-+ KERBEROS_LIBS="-L${KERBEROS_ROOT}/lib -lkrb -ldes"
-+ KERBEROS_OBJS="auth-kerberos.o"
-+ echo $ac_n "checking for dn_expand in -lresolv""... $ac_c" 1>&6
-+echo "configure:6745: checking for dn_expand in -lresolv" >&5
-+ac_lib_var=`echo resolv'_'dn_expand | sed 'y%./+-%__p_%'`
-+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
-+ echo $ac_n "(cached) $ac_c" 1>&6
-+else
-+ ac_save_LIBS="$LIBS"
-+LIBS="-lresolv $LIBS"
-+cat > conftest.$ac_ext <<EOF
-+#line 6753 "configure"
-+#include "confdefs.h"
-+/* Override any gcc2 internal prototype to avoid an error. */
-+/* We use char because int might match the return type of a gcc2
-+ builtin and then its argument prototype would still apply. */
-+char dn_expand();
-+
-+int main() {
-+dn_expand()
-+; return 0; }
-+EOF
-+if { (eval echo configure:6764: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
-+ rm -rf conftest*
-+ eval "ac_cv_lib_$ac_lib_var=yes"
-+else
-+ echo "configure: failed program was:" >&5
-+ cat conftest.$ac_ext >&5
-+ rm -rf conftest*
-+ eval "ac_cv_lib_$ac_lib_var=no"
-+fi
-+rm -f conftest*
-+LIBS="$ac_save_LIBS"
-+
-+fi
-+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
-+ echo "$ac_t""yes" 1>&6
-+ KERBEROS_LIBS="$KERBEROS_LIBS -lresolv"
-+else
-+ echo "$ac_t""no" 1>&6
-+fi
-+
-+ echo $ac_n "checking whether AFS lifetime conversion routines are present""... $ac_c" 1>&6
-+echo "configure:6785: checking whether AFS lifetime conversion routines are present" >&5
-+ keeplibs="$LIBS"
-+ keepcflags="$CFLAGS"
-+ LIBS="-L${KERBEROS_ROOT}/lib -lkrb -ldes $LIBS"
-+ CFLAGS="-I${KERBEROS_ROOT}/include $CFLAGS"
-+ cat > conftest.$ac_ext <<EOF
-+#line 6791 "configure"
-+#include "confdefs.h"
-+#include <krb.h>
-+int main() {
-+ krb_life_to_time(10, 10);
-+; return 0; }
- EOF
-+if { (eval echo configure:6798: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
-+ rm -rf conftest*
-+ echo "$ac_t""yes" 1>&6
-+ cat >> confdefs.h <<\EOF
-+#define HAVE_KRB_LIFE_TO_TIME 1
-+EOF
-+
-+else
-+ echo "configure: failed program was:" >&5
-+ cat conftest.$ac_ext >&5
-+ rm -rf conftest*
-+ echo "$ac_t""no" 1>&6
-+fi
-+rm -f conftest*
-+ LIBS="$keeplibs"
-+ CFLAGS="$keepcflags"
-+ ;;
-+esac
-
-+echo $ac_n "checking whether to use Kerberos v5""... $ac_c" 1>&6
-+echo "configure:6818: checking whether to use Kerberos v5" >&5
-+# Check whether --with-krb5 or --without-krb5 was given.
-+if test "${with_krb5+set}" = set; then
-+ withval="$with_krb5"
-+ case "$withval" in
-+ yes)
-+ with_krb5=/usr/local
-+ ;;
-+ esac
-+else
-+ with_krb5=no
-+
-+fi
-+
-+case "$with_krb5" in
-+ no)
-+ echo "$ac_t""no" 1>&6
-+ ;;
-+ *)
-+ echo "$ac_t""yes" 1>&6
- cat >> confdefs.h <<\EOF
- #define KRB5 1
- EOF
-
-- KERBEROS_ROOT="$with_kerberos5"
-- KERBEROS_INCS="-I${KERBEROS_ROOT}/include"
-- KERBEROS_LIBS="-L${KERBEROS_ROOT}/lib -lgssapi_krb5 -lkrb5 -lcrypto -lcom_err"
-+ KERBEROS_ROOT="$with_krb5"
-+ KERBEROS_INCS="-I${KERBEROS_ROOT}/include/krb5"
-+ KERBEROS_LIBS="-L${KERBEROS_ROOT}/lib -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err"
- echo $ac_n "checking for dbm_open in -lndbm""... $ac_c" 1>&6
--echo "configure:6653: checking for dbm_open in -lndbm" >&5
-+echo "configure:6846: checking for dbm_open in -lndbm" >&5
- ac_lib_var=`echo ndbm'_'dbm_open | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -6657,7 +6850,7 @@
- ac_save_LIBS="$LIBS"
- LIBS="-lndbm $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 6661 "configure"
-+#line 6854 "configure"
- #include "confdefs.h"
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
-@@ -6668,7 +6861,7 @@
- dbm_open()
- ; return 0; }
- EOF
--if { (eval echo configure:6672: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:6865: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -6692,40 +6885,66 @@
- ;;
- esac
-
--
--
--
--
--echo $ac_n "checking whether to enable passing the Kerberos TGT""... $ac_c" 1>&6
--echo "configure:6701: checking whether to enable passing the Kerberos TGT" >&5
--# Check whether --enable-kerberos-tgt-passing or --disable-kerberos-tgt-passing was given.
--if test "${enable_kerberos_tgt_passing+set}" = set; then
-- enableval="$enable_kerberos_tgt_passing"
-- case "$enableval" in
-- no)
-- echo "$ac_t""no" 1>&6
-- ;;
-- *)
-- if test "$with_kerberos5" = no ; then
-+echo $ac_n "checking whether to use AFS""... $ac_c" 1>&6
-+echo "configure:6890: checking whether to use AFS" >&5
-+# Check whether --with-afs or --without-afs was given.
-+if test "${with_afs+set}" = set; then
-+ withval="$with_afs"
-+ if test "$with_afs" = no; then
- echo "$ac_t""no" 1>&6
-- echo "configure: warning: "Passing Kerberos TGT requires Kerberos5 support."" 1>&2
- else
- echo "$ac_t""yes" 1>&6
-- cat >> confdefs.h <<\EOF
--#define KERBEROS_TGT_PASSING 1
-+ cat >> confdefs.h <<\EOF
-+#define AFS 1
- EOF
-
-+ if test "$with_krb4" = no; then
-+ echo "$ac_t""no" 1>&6
-+ echo "configure: warning: "AFS requires Kerberos v4 support."" 1>&2
-+ else
-+ KERBEROS_LIBS="${KERBEROS_LIBS} -lkafs"
-+ if test -n "$os_aix"; then
-+ KERBEROS_LIBS="${KERBEROS_LIBS} -lld"
- fi
-+ fi
-+fi
-+
-+fi
-+
-+
-+echo $ac_n "checking whether to use Hesiod""... $ac_c" 1>&6
-+echo "configure:6917: checking whether to use Hesiod" >&5
-+# Check whether --with-hesiod or --without-hesiod was given.
-+if test "${with_hesiod+set}" = set; then
-+ withval="$with_hesiod"
-+ case "$withval" in
-+ yes)
-+ with_hesiod=/usr/local/athena
- ;;
- esac
- else
-- echo "$ac_t""no" 1>&6
-+ with_hesiod=no
-
- fi
-
-+case "$with_hesiod" in
-+no)
-+ echo "$ac_t""no" 1>&6
-+ ;;
-+*)
-+ echo "$ac_t""yes" 1>&6
-+ cat >> confdefs.h <<\EOF
-+#define HESIOD 1
-+EOF
-+
-+ HESIOD_ROOT="$with_hesiod"
-+ HESIOD_INCS="-I${HESIOD_ROOT}/include"
-+ HESIOD_LIBS="-L${HESIOD_ROOT}/lib -lhesiod"
-+ ;;
-+esac
-
- echo $ac_n "checking whether to use libwrap""... $ac_c" 1>&6
--echo "configure:6729: checking whether to use libwrap" >&5
-+echo "configure:6948: checking whether to use libwrap" >&5
- # Check whether --with-libwrap or --without-libwrap was given.
- if test "${with_libwrap+set}" = set; then
- withval="$with_libwrap"
-@@ -6734,56 +6953,41 @@
- echo "$ac_t""no" 1>&6
- ;;
- yes)
-- echo "$ac_t""yes" 1>&6
-- echo $ac_n "checking for request_init in -lwrap""... $ac_c" 1>&6
--echo "configure:6740: checking for request_init in -lwrap" >&5
--ac_lib_var=`echo wrap'_'request_init | sed 'y%./+-%__p_%'`
--if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
-- echo $ac_n "(cached) $ac_c" 1>&6
--else
-- ac_save_LIBS="$LIBS"
--LIBS="-lwrap $LIBS"
--cat > conftest.$ac_ext <<EOF
--#line 6748 "configure"
-+ WRAPLIBS="-lwrap"
-+ OLDLIBS="$LIBS"
-+ LIBS="$WRAPLIBS $LIBS"
-+ cat > conftest.$ac_ext <<EOF
-+#line 6961 "configure"
- #include "confdefs.h"
--/* Override any gcc2 internal prototype to avoid an error. */
--/* We use char because int might match the return type of a gcc2
-- builtin and then its argument prototype would still apply. */
--char request_init();
--
-+ int allow_severity; int deny_severity;
- int main() {
--request_init()
-+ request_init();
- ; return 0; }
- EOF
--if { (eval echo configure:6759: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-- rm -rf conftest*
-- eval "ac_cv_lib_$ac_lib_var=yes"
--else
-- echo "configure: failed program was:" >&5
-- cat conftest.$ac_ext >&5
-+if { (eval echo configure:6968: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
-- eval "ac_cv_lib_$ac_lib_var=no"
--fi
--rm -f conftest*
--LIBS="$ac_save_LIBS"
--
--fi
--if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
-- echo "$ac_t""yes" 1>&6
-
-- cat >> confdefs.h <<\EOF
-+ echo "$ac_t""yes" 1>&6
-+ cat >> confdefs.h <<\EOF
- #define LIBWRAP 1
- EOF
-
-- WRAPLIBS="-lwrap"
-- cat >> confdefs.h <<\EOF
-+ cat >> confdefs.h <<\EOF
- #define HAVE_LIBWRAP 1
- EOF
--
-+
-+
- else
-- echo "$ac_t""no" 1>&6
-+ echo "configure: failed program was:" >&5
-+ cat conftest.$ac_ext >&5
-+ rm -rf conftest*
-+
-+ echo "$ac_t""no" 1>&6
-+ WRAPLIBS=""
-+
- fi
--
-+rm -f conftest*
-+ LIBS="$OLDLIBS"
- ;;
- *)
- echo "$ac_t""yes" 1>&6
-@@ -6799,14 +7003,14 @@
- OLDLIBS="$LIBS"
- LIBS="$WRAPLIBS $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 6803 "configure"
-+#line 7007 "configure"
- #include "confdefs.h"
- int allow_severity; int deny_severity;
- int main() {
- hosts_access();
- ; return 0; }
- EOF
--if { (eval echo configure:6810: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:7014: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- :
- else
- echo "configure: failed program was:" >&5
-@@ -6827,7 +7031,7 @@
-
-
- echo $ac_n "checking whether to support SOCKS""... $ac_c" 1>&6
--echo "configure:6831: checking whether to support SOCKS" >&5
-+echo "configure:7035: checking whether to support SOCKS" >&5
- # Check whether --with-socks or --without-socks was given.
- if test "${with_socks+set}" = set; then
- withval="$with_socks"
-@@ -6838,7 +7042,7 @@
- yes)
- echo "$ac_t""yes" 1>&6
- echo $ac_n "checking for SOCKSconnect in -lsocks5""... $ac_c" 1>&6
--echo "configure:6842: checking for SOCKSconnect in -lsocks5" >&5
-+echo "configure:7046: checking for SOCKSconnect in -lsocks5" >&5
- ac_lib_var=`echo socks5'_'SOCKSconnect | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -6846,7 +7050,7 @@
- ac_save_LIBS="$LIBS"
- LIBS="-lsocks5 $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 6850 "configure"
-+#line 7054 "configure"
- #include "confdefs.h"
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
-@@ -6857,7 +7061,7 @@
- SOCKSconnect()
- ; return 0; }
- EOF
--if { (eval echo configure:6861: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:7065: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -6879,7 +7083,7 @@
- echo "$ac_t""no" 1>&6
-
- echo $ac_n "checking for Rconnect in -lsocks""... $ac_c" 1>&6
--echo "configure:6883: checking for Rconnect in -lsocks" >&5
-+echo "configure:7087: checking for Rconnect in -lsocks" >&5
- ac_lib_var=`echo socks'_'Rconnect | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -6887,7 +7091,7 @@
- ac_save_LIBS="$LIBS"
- LIBS="-lsocks $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 6891 "configure"
-+#line 7095 "configure"
- #include "confdefs.h"
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
-@@ -6898,7 +7102,7 @@
- Rconnect()
- ; return 0; }
- EOF
--if { (eval echo configure:6902: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:7106: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -6934,7 +7138,7 @@
-
- if test "x$socks" = "x"; then
- echo $ac_n "checking whether to support SOCKS5""... $ac_c" 1>&6
--echo "configure:6938: checking whether to support SOCKS5" >&5
-+echo "configure:7142: checking whether to support SOCKS5" >&5
- # Check whether --with-socks5 or --without-socks5 was given.
- if test "${with_socks5+set}" = set; then
- withval="$with_socks5"
-@@ -6968,14 +7172,14 @@
- TMPLIBS="$LIBS"
- LIBS="$LIBS $KERBEROS_LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 6972 "configure"
-+#line 7176 "configure"
- #include "confdefs.h"
-
- int main() {
- SOCKSconnect();
- ; return 0; }
- EOF
--if { (eval echo configure:6979: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:7183: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- :
- else
- echo "configure: failed program was:" >&5
-@@ -6996,7 +7200,7 @@
-
- if test "x$socks" = "x"; then
- echo $ac_n "checking whether to support SOCKS4""... $ac_c" 1>&6
--echo "configure:7000: checking whether to support SOCKS4" >&5
-+echo "configure:7204: checking whether to support SOCKS4" >&5
- # Check whether --with-socks4 or --without-socks4 was given.
- if test "${with_socks4+set}" = set; then
- withval="$with_socks4"
-@@ -7016,14 +7220,14 @@
- fi
- LIBS="$withval $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 7020 "configure"
-+#line 7224 "configure"
- #include "confdefs.h"
-
- int main() {
- Rconnect();
- ; return 0; }
- EOF
--if { (eval echo configure:7027: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
-+if { (eval echo configure:7231: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- :
- else
- echo "configure: failed program was:" >&5
-@@ -7150,7 +7354,7 @@
- fi
-
- echo $ac_n "checking whether to use rsaref""... $ac_c" 1>&6
--echo "configure:7154: checking whether to use rsaref" >&5
-+echo "configure:7358: checking whether to use rsaref" >&5
- # Check whether --with-rsaref or --without-rsaref was given.
- if test "${with_rsaref+set}" = set; then
- withval="$with_rsaref"
-@@ -7184,7 +7388,7 @@
-
- # This allows group writeability in userfile_check_owner_permissions()
- echo $ac_n "checking whether to allow group writeability""... $ac_c" 1>&6
--echo "configure:7188: checking whether to allow group writeability" >&5
-+echo "configure:7392: checking whether to allow group writeability" >&5
- # Check whether --enable-group-writeability or --disable-group-writeability was given.
- if test "${enable_group_writeability+set}" = set; then
- enableval="$enable_group_writeability"
-@@ -7200,7 +7404,7 @@
-
-
- echo $ac_n "checking whether to disable forwardings in server""... $ac_c" 1>&6
--echo "configure:7204: checking whether to disable forwardings in server" >&5
-+echo "configure:7408: checking whether to disable forwardings in server" >&5
- # Check whether --enable-server-port-forwardings or --disable-server-port-forwardings was given.
- if test "${enable_server_port_forwardings+set}" = set; then
- enableval="$enable_server_port_forwardings"
-@@ -7222,7 +7426,7 @@
-
-
- echo $ac_n "checking whether to disable forwardings in client""... $ac_c" 1>&6
--echo "configure:7226: checking whether to disable forwardings in client" >&5
-+echo "configure:7430: checking whether to disable forwardings in client" >&5
- # Check whether --enable-client-port-forwardings or --disable-client-port-forwardings was given.
- if test "${enable_client_port_forwardings+set}" = set; then
- enableval="$enable_client_port_forwardings"
-@@ -7244,7 +7448,7 @@
-
-
- echo $ac_n "checking whether to disable X11 forwarding in server""... $ac_c" 1>&6
--echo "configure:7248: checking whether to disable X11 forwarding in server" >&5
-+echo "configure:7452: checking whether to disable X11 forwarding in server" >&5
- # Check whether --enable-server-x11-forwarding or --disable-server-x11-forwarding was given.
- if test "${enable_server_x11_forwarding+set}" = set; then
- enableval="$enable_server_x11_forwarding"
-@@ -7266,7 +7470,7 @@
-
-
- echo $ac_n "checking whether to disable X11 forwarding in client""... $ac_c" 1>&6
--echo "configure:7270: checking whether to disable X11 forwarding in client" >&5
-+echo "configure:7474: checking whether to disable X11 forwarding in client" >&5
- # Check whether --enable-client-x11-forwarding or --disable-client-x11-forwarding was given.
- if test "${enable_client_x11_forwarding+set}" = set; then
- enableval="$enable_client_x11_forwarding"
-@@ -7288,28 +7492,28 @@
-
-
- echo $ac_n "checking whether to install ssh as suid root""... $ac_c" 1>&6
--echo "configure:7292: checking whether to install ssh as suid root" >&5
-+echo "configure:7496: checking whether to install ssh as suid root" >&5
- # Check whether --enable-suid-ssh or --disable-suid-ssh was given.
- if test "${enable_suid_ssh+set}" = set; then
- enableval="$enable_suid_ssh"
- case "$enableval" in
- no)
- echo "$ac_t""no" 1>&6
-- SSHINSTALLMODE=0711
-+ SSHINSTALLMODE=0511
- ;;
- *) echo "$ac_t""yes" 1>&6
-- SSHINSTALLMODE=04711
-+ SSHINSTALLMODE=04511
- ;;
- esac
- else
- echo "$ac_t""yes" 1>&6
-- SSHINSTALLMODE=04711
-+ SSHINSTALLMODE=04511
-
- fi
-
-
- echo $ac_n "checking whether to enable TCP_NODELAY""... $ac_c" 1>&6
--echo "configure:7313: checking whether to enable TCP_NODELAY" >&5
-+echo "configure:7517: checking whether to enable TCP_NODELAY" >&5
- # Check whether --enable-tcp-nodelay or --disable-tcp-nodelay was given.
- if test "${enable_tcp_nodelay+set}" = set; then
- enableval="$enable_tcp_nodelay"
-@@ -7335,7 +7539,7 @@
-
-
- echo $ac_n "checking whether to enable SO_LINGER""... $ac_c" 1>&6
--echo "configure:7339: checking whether to enable SO_LINGER" >&5
-+echo "configure:7543: checking whether to enable SO_LINGER" >&5
- # Check whether --enable-so-linger or --disable-so-linger was given.
- if test "${enable_so_linger+set}" = set; then
- enableval="$enable_so_linger"
-@@ -7357,7 +7561,7 @@
-
-
- echo $ac_n "checking whether to include scp statistics at all""... $ac_c" 1>&6
--echo "configure:7361: checking whether to include scp statistics at all" >&5
-+echo "configure:7565: checking whether to include scp statistics at all" >&5
- # Check whether --with-scp-stats or --without-scp-stats was given.
- if test "${with_scp_stats+set}" = set; then
- withval="$with_scp_stats"
-@@ -7383,7 +7587,7 @@
-
-
- echo $ac_n "checking whether to enable scp statistics""... $ac_c" 1>&6
--echo "configure:7387: checking whether to enable scp statistics" >&5
-+echo "configure:7591: checking whether to enable scp statistics" >&5
- # Check whether --enable-scp-stats or --disable-scp-stats was given.
- if test "${enable_scp_stats+set}" = set; then
- enableval="$enable_scp_stats"
-@@ -7409,7 +7613,7 @@
-
-
- echo $ac_n "checking whether to enable scp statistics for all files""... $ac_c" 1>&6
--echo "configure:7413: checking whether to enable scp statistics for all files" >&5
-+echo "configure:7617: checking whether to enable scp statistics for all files" >&5
- # Check whether --enable-all-scp-stats or --disable-all-scp-stats was given.
- if test "${enable_all_scp_stats+set}" = set; then
- enableval="$enable_all_scp_stats"
-@@ -7445,7 +7649,7 @@
-
- PIDDIR="/var/run"
- echo $ac_n "checking where to put sshd.pid""... $ac_c" 1>&6
--echo "configure:7449: checking where to put sshd.pid" >&5
-+echo "configure:7653: checking where to put sshd.pid" >&5
- if test '!' -d $PIDDIR; then
- PIDDIR="$ETCDIR"
- fi
-@@ -7505,7 +7709,7 @@
- # Ultrix sh set writes to stderr and can't be redirected directly,
- # and sets the high bit in the cache file unless we assign to the vars.
- (set) 2>&1 |
-- case `(ac_space=' '; set) 2>&1` in
-+ case `(ac_space=' '; set | grep ac_space) 2>&1` in
- *ac_space=\ *)
- # `set' does not quote correctly, so add quotes (double-quote substitution
- # turns \\\\ into \\, and sed turns \\ into \).
-@@ -7572,7 +7776,7 @@
- echo "running \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion"
- exec \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion ;;
- -version | --version | --versio | --versi | --vers | --ver | --ve | --v)
-- echo "$CONFIG_STATUS generated by autoconf version 2.12"
-+ echo "$CONFIG_STATUS generated by autoconf version 2.13"
- exit 0 ;;
- -help | --help | --hel | --he | --h)
- echo "\$ac_cs_usage"; exit 0 ;;
-@@ -7583,7 +7787,7 @@
- ac_given_srcdir=$srcdir
- ac_given_INSTALL="$INSTALL"
-
--trap 'rm -fr `echo "Makefile sshd.8 ssh.1 make-ssh-known-hosts.1 zlib-1.0.4/Makefile config.h" | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15
-+trap 'rm -fr `echo "Makefile sshd.8 ssh.1 make-ssh-known-hosts.pl make-ssh-known-hosts.1 zlib-1.0.4/Makefile config.h" | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15
- EOF
- cat >> $CONFIG_STATUS <<EOF
-
-@@ -7592,9 +7796,11 @@
- s/@@/%@/; s/@@/@%/; s/@g\$/%g/' > conftest.subs <<\\CEOF
- $ac_vpsub
- $extrasub
-+s%@SHELL@%$SHELL%g
- s%@CFLAGS@%$CFLAGS%g
- s%@CPPFLAGS@%$CPPFLAGS%g
- s%@CXXFLAGS@%$CXXFLAGS%g
-+s%@FFLAGS@%$FFLAGS%g
- s%@DEFS@%$DEFS%g
- s%@LDFLAGS@%$LDFLAGS%g
- s%@LIBS@%$LIBS%g
-@@ -7623,6 +7829,7 @@
- s%@LIBOBJS@%$LIBOBJS%g
- s%@LN_S@%$LN_S%g
- s%@INSTALL_PROGRAM@%$INSTALL_PROGRAM%g
-+s%@INSTALL_SCRIPT@%$INSTALL_SCRIPT%g
- s%@INSTALL_DATA@%$INSTALL_DATA%g
- s%@AR@%$AR%g
- s%@RANLIB@%$RANLIB%g
-@@ -7641,6 +7848,9 @@
- s%@KERBEROS_INCS@%$KERBEROS_INCS%g
- s%@KERBEROS_LIBS@%$KERBEROS_LIBS%g
- s%@KERBEROS_OBJS@%$KERBEROS_OBJS%g
-+s%@HESIOD_ROOT@%$HESIOD_ROOT%g
-+s%@HESIOD_INCS@%$HESIOD_INCS%g
-+s%@HESIOD_LIBS@%$HESIOD_LIBS%g
- s%@WRAPLIBS@%$WRAPLIBS%g
- s%@subdirs@%$subdirs%g
- s%@ETCDIR@%$ETCDIR%g
-@@ -7691,7 +7901,7 @@
-
- cat >> $CONFIG_STATUS <<EOF
-
--CONFIG_FILES=\${CONFIG_FILES-"Makefile sshd.8 ssh.1 make-ssh-known-hosts.1 zlib-1.0.4/Makefile"}
-+CONFIG_FILES=\${CONFIG_FILES-"Makefile sshd.8 ssh.1 make-ssh-known-hosts.pl make-ssh-known-hosts.1 zlib-1.0.4/Makefile"}
- EOF
- cat >> $CONFIG_STATUS <<\EOF
- for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then
diff --git a/security/ssh/patches/patch-al b/security/ssh/patches/patch-al
deleted file mode 100644
index 6f04042927c..00000000000
--- a/security/ssh/patches/patch-al
+++ /dev/null
@@ -1,70 +0,0 @@
-$NetBSD: patch-al,v 1.4 1999/12/16 08:18:05 jonb Exp $
-
---- gmp-2.0.2-ssh-2/longlong.h.orig Wed Apr 29 19:32:35 1998
-+++ gmp-2.0.2-ssh-2/longlong.h Tue Dec 14 23:03:54 1999
-@@ -190,26 +190,40 @@
- "rI" ((USItype)(bh)), \
- "r" ((USItype)(al)), \
- "rI" ((USItype)(bl)))
-+#if defined(__ARM_ARCH_3M__) || defined(__ARM_ARCH_4__) || defined(__ARM_ARCH_4T__)
-+/* Use umull if available */
- #define umul_ppmm(xh, xl, a, b) \
- __asm__ ("%@ Inlined umul_ppmm
-- mov %|r0, %2, lsr #16
-- mov %|r2, %3, lsr #16
-- bic %|r1, %2, %|r0, lsl #16
-- bic %|r2, %3, %|r2, lsl #16
-- mul %1, %|r1, %|r2
-- mul %|r2, %|r0, %|r2
-- mul %|r1, %0, %|r1
-- mul %0, %|r0, %0
-- adds %|r1, %|r2, %|r1
-+ umull %0, %1, %2, %3" \
-+ : "=&r" ((USItype) (xl)), \
-+ "=&r" ((USItype) (xh)) \
-+ : "r" ((USItype) (a)), \
-+ "r" ((USItype) (b)))
-+#define UMUL_TIME 4
-+#else /* umull */
-+#define umul_ppmm(xh, xl, a, b) \
-+do {register USItype __t0, __t1, __t2; \
-+ __asm__ ("%@ Inlined umul_ppmm
-+ mov %2, %5, lsr #16
-+ mov %0, %6, lsr #16
-+ bic %3, %5, %2, lsl #16
-+ bic %4, %6, %0, lsl #16
-+ mul %1, %3, %4
-+ mul %4, %2, %4
-+ mul %3, %0, %3
-+ mul %0, %2, %0
-+ adds %3, %4, %3
- addcs %0, %0, #65536
-- adds %1, %1, %|r1, lsl #16
-- adc %0, %0, %|r1, lsr #16" \
-- : "=&r" ((USItype)(xh)), \
-- "=r" ((USItype)(xl)) \
-- : "r" ((USItype)(a)), \
-- "r" ((USItype)(b)) \
-- : "r0", "r1", "r2")
-+ adds %1, %1, %3, lsl #16
-+ adc %0, %0, %3, lsr #16" \
-+ : "=&r" ((USItype) (xh)), \
-+ "=r" ((USItype) (xl)), \
-+ "=&r" (__t0), "=&r" (__t1), "=r" (__t2) \
-+ : "r" ((USItype) (a)), \
-+ "r" ((USItype) (b)));} while (0)
-+
- #define UMUL_TIME 20
-+#endif /* umull */
- #define UDIV_TIME 100
- #endif /* __arm__ */
-
-@@ -719,7 +733,7 @@
- "g" ((USItype)(d))); \
- (r) = __xx.__i.__l; (q) = __xx.__i.__h; })
- #define count_trailing_zeros(count,x) \
-- do {
-+ do { \
- __asm__ ("ffsd %2,%0" \
- : "=r" ((USItype) (count)) \
- : "0" ((USItype) 0), \
diff --git a/security/ssh/patches/patch-am b/security/ssh/patches/patch-am
deleted file mode 100644
index 853a1d085a3..00000000000
--- a/security/ssh/patches/patch-am
+++ /dev/null
@@ -1,36 +0,0 @@
-$NetBSD: patch-am,v 1.3 1999/07/17 03:41:07 jlam Exp $
-
---- gmp-2.0.2-ssh-2/configure.in.orig Mon Feb 22 01:59:06 1999
-+++ gmp-2.0.2-ssh-2/configure.in Fri Jul 16 17:38:35 1999
-@@ -122,6 +122,20 @@
- path="x86"
- syntax_alternatives="$syntax_alternatives ELF_SYNTAX BSD_SYNTAX INTEL_SYNTAX"
- ;;
-+ i[3456]86*-*-*netbsd* | pentium-*-*netbsd* | pentiumpro-*-*netbsd*)
-+ if $CC -E - -dM </dev/null | grep -q __ELF__; then
-+ syntax_alternatives="$syntax_alternatives ELF_SYNTAX" # ELF
-+ else
-+ syntax_alternatives="$syntax_alternatives BSD_SYNTAX" # a.out
-+ x86_broken_align=yes
-+ fi
-+ case "${host}" in
-+ i[34]86*-*-*netbsd*)
-+ path="x86" ;;
-+ i[56]86*-*-*netbsd* | pentium-*-*netbsd* | pentiumpro-*-*netbsd*)
-+ path="x86/pentium x86" ;;
-+ esac
-+ ;;
- i[34]86*-*-linuxaout* | i[34]86*-*-linuxoldld* | \
- i[34]86*-*-*bsd*) # 386/486 running BSD or Linux with a.out
- path="x86"
-@@ -221,6 +235,10 @@
- ;;
- sh2-*-*)
- path="sh/sh2 sh"
-+ ;;
-+ mips*-*-netbsd*)
-+ path="mips2"
-+ SFLAGS="-Wa,-KPIC"
- ;;
- mips[34]*-*-*)
- path="mips3"
diff --git a/security/ssh/patches/patch-an b/security/ssh/patches/patch-an
deleted file mode 100644
index 26090dea5f6..00000000000
--- a/security/ssh/patches/patch-an
+++ /dev/null
@@ -1,43 +0,0 @@
-$NetBSD: patch-an,v 1.1 1999/03/04 09:25:44 tron Exp $
-
---- gmp-2.0.2-ssh-2/gmp-impl.h.orig Fri Mar 27 18:06:09 1998
-+++ gmp-2.0.2-ssh-2/gmp-impl.h Thu Mar 4 10:20:02 1999
-@@ -281,7 +281,6 @@
-
- #if SIZEOF_INT >= 4 /* otherwise fails on 16-bit machines */
- #if defined (__alpha) \
-- || (defined (__arm__) && defined (__ARMWEL__)) \
- || defined (__clipper__) \
- || defined (__cris) \
- || defined (__i386__) \
-@@ -304,7 +303,7 @@
- };
- #else /* Need this as an #else since the tests aren't made exclusive. */
- #if defined (__a29k__) || defined (_AM29K) \
-- || defined (__arm__) \
-+ || (defined (__arm__) && defined (__ARMEB__)) \
- || (defined (__convex__) && defined (_IEEE_FLOAT_)) \
- || defined (__i370__) || defined (__mvs__) \
- || defined (__mc68000__) || defined (__mc68020__) || defined (__NeXT__)\
-@@ -330,6 +329,21 @@
- } s;
- double d;
- };
-+#define _GMP_IEEE_FLOATS 1
-+#else
-+#if defined (__arm__)
-+union ieee_double_extract
-+{
-+ struct
-+ {
-+ unsigned int manh:20;
-+ unsigned int exp:11;
-+ unsigned int sig:1;
-+ unsigned int manl:32;
-+ } s;
-+ double d;
-+};
-+#endif
- #endif
- #endif
- #endif /* SIZEOF_INT >= 4 */
diff --git a/security/ssh/patches/patch-ao b/security/ssh/patches/patch-ao
deleted file mode 100644
index e7e8c95ab00..00000000000
--- a/security/ssh/patches/patch-ao
+++ /dev/null
@@ -1,22 +0,0 @@
-$NetBSD: patch-ao,v 1.8 1999/05/26 15:35:43 tv Exp $
-
---- gmp-2.0.2-ssh-2/aclocal.m4.orig Wed Jul 8 18:40:42 1998
-+++ gmp-2.0.2-ssh-2/aclocal.m4 Mon May 10 23:50:28 1999
-@@ -20,7 +20,7 @@
- dnl AM_INIT_AUTOMAKE(package,version, [no-define])
-
- AC_DEFUN(AM_INIT_AUTOMAKE,
--[AC_REQUIRE([AM_PROG_INSTALL])
-+[AC_REQUIRE([AC_PROG_INSTALL])
- PACKAGE=[$1]
- AC_SUBST(PACKAGE)
- VERSION=[$2]
-@@ -46,7 +46,7 @@
-
- # serial 1
-
--AC_DEFUN(AM_PROG_INSTALL,
-+AC_DEFUN(AC_PROG_INSTALL,
- [AC_REQUIRE([AC_PROG_INSTALL])
- test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL_PROGRAM}'
- AC_SUBST(INSTALL_SCRIPT)dnl
diff --git a/security/ssh/patches/patch-ap b/security/ssh/patches/patch-ap
deleted file mode 100644
index eb5397be923..00000000000
--- a/security/ssh/patches/patch-ap
+++ /dev/null
@@ -1,36 +0,0 @@
-$NetBSD: patch-ap,v 1.3 1999/07/17 03:41:07 jlam Exp $
-
---- gmp-2.0.2-ssh-2/configure.orig Wed May 12 07:19:35 1999
-+++ gmp-2.0.2-ssh-2/configure Fri Jul 16 17:38:30 1999
-@@ -1855,6 +1855,20 @@
- path="x86"
- syntax_alternatives="$syntax_alternatives ELF_SYNTAX BSD_SYNTAX INTEL_SYNTAX"
- ;;
-+ i[3456]86*-*-*netbsd* | pentium-*-*netbsd* | pentiumpro-*-*netbsd*)
-+ if $CC -E - -dM </dev/null | grep -q __ELF__; then
-+ syntax_alternatives="$syntax_alternatives ELF_SYNTAX" # ELF
-+ else
-+ syntax_alternatives="$syntax_alternatives BSD_SYNTAX" # a.out
-+ x86_broken_align=yes
-+ fi
-+ case "${host}" in
-+ i[34]86*-*-*netbsd*)
-+ path="x86" ;;
-+ i[56]86*-*-*netbsd* | pentium-*-*netbsd* | pentiumpro-*-*netbsd*)
-+ path="x86/pentium x86" ;;
-+ esac
-+ ;;
- i[34]86*-*-linuxaout* | i[34]86*-*-linuxoldld* | \
- i[34]86*-*-*bsd*) # 386/486 running BSD or Linux with a.out
- path="x86"
-@@ -1954,6 +1968,10 @@
- ;;
- sh2-*-*)
- path="sh/sh2 sh"
-+ ;;
-+ mips*-*-netbsd*)
-+ path="mips2"
-+ SFLAGS="-Wa,-KPIC"
- ;;
- mips[34]*-*-*)
- path="mips3"
diff --git a/security/ssh/patches/patch-aq b/security/ssh/patches/patch-aq
deleted file mode 100644
index 19dc4951b89..00000000000
--- a/security/ssh/patches/patch-aq
+++ /dev/null
@@ -1,68 +0,0 @@
-$NetBSD: patch-aq,v 1.6 2000/03/20 02:25:52 itojun Exp $
-
---- newchannels.c- Wed May 12 20:19:27 1999
-+++ newchannels.c Mon Mar 20 09:47:24 2000
-@@ -274,7 +274,7 @@
- #include "authfd.h"
- #include "emulate.h"
- #include "servconf.h"
--#ifdef LIBWRAP
-+#if defined(LIBWRAP) && defined(LIBWRAP_FWD)
- #include <tcpd.h>
- #include <syslog.h>
- #ifdef NEED_SYS_SYSLOG_H
-@@ -922,6 +922,7 @@
- /* This is our fake X11 server socket. */
- if (FD_ISSET(ch->sock, readset))
- {
-+ int on = 1;
- debug("X11 connection requested.");
- addrlen = sizeof(addr);
- newsock = accept(ch->sock, &addr, &addrlen);
-@@ -930,11 +931,12 @@
- error("accept: %.100s", strerror(errno));
- break;
- }
-+ setsockopt(newsock, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(on));
- remote_hostname = get_remote_hostname(newsock);
- snprintf(buf, sizeof(buf), "X11 connection from %.200s port %d",
- remote_hostname, get_peer_port(newsock));
- xfree(remote_hostname);
--#ifdef LIBWRAP
-+#if defined(LIBWRAP) && defined(LIBWRAP_FWD)
- {
- struct request_info req;
- struct servent *serv;
-@@ -986,7 +988,7 @@
- ch->listening_port, remote_hostname,
- get_peer_port(newsock));
- xfree(remote_hostname);
--#ifdef LIBWRAP
-+#if defined(LIBWRAP) && defined(LIBWRAP_FWD)
- {
- struct request_info req;
- struct servent *serv;
-@@ -2110,7 +2112,11 @@
-
- success:
- /* We have successfully obtained a connection to the real X display. */
--
-+ {
-+ int on = 1;
-+ setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(on));
-+ }
-+
- #if defined(O_NONBLOCK) && !defined(O_NONBLOCK_BROKEN)
- (void)fcntl(sock, F_SETFL, O_NONBLOCK);
- #else /* O_NONBLOCK && !O_NONBLOCK_BROKEN */
-@@ -2412,6 +2418,10 @@
- ssh-agent connections on your system */
- old_umask = umask(S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH);
-
-+ /* Make sure the socket doesn't already exist, left over from a system
-+ crash perhaps. */
-+ unlink(channel_forwarded_auth_socket_name);
-+
- if (bind(sock, (struct sockaddr *)&sunaddr, AF_UNIX_SIZE(sunaddr)) < 0)
- packet_disconnect("Agent socket bind failed: %.100s", strerror(errno));
-
diff --git a/security/ssh/patches/patch-ar b/security/ssh/patches/patch-ar
deleted file mode 100644
index 57b7803f945..00000000000
--- a/security/ssh/patches/patch-ar
+++ /dev/null
@@ -1,35 +0,0 @@
-$NetBSD: patch-ar,v 1.2 2000/03/20 02:25:52 itojun Exp $
-
---- acconfig.h- Wed May 12 20:19:23 1999
-+++ acconfig.h Mon Mar 20 09:47:20 2000
-@@ -247,16 +247,23 @@
- /* Define this if your gettimeofday doesn't have TZ parameter */
- #undef HAVE_NO_TZ_IN_GETTIMEOFDAY
-
--/* Define this if you want to compile in Kerberos support. */
--#undef KERBEROS
--
- /* Define this if you want to compile in Kerberos V5 support.
-- KERBEROS must be compiled in as well. This can be done at configure
-- time with the --with-kerberos5 argument*/
-+ This can be done at configure time with the --with-krb5 argument. */
- #undef KRB5
-
--/* Define this if you want to pass the Kerberos TGT. */
--#undef KERBEROS_TGT_PASSING
-+/* Define this if you want to compile in Kerberos V4 support.
-+ This can be done at configure time with the --with-krb4 argument. */
-+#undef KRB4
-+
-+/* Define this if you what to build ssh with Hesiod support. */
-+#undef HESIOD
-+
-+/* Define this if you want to compile in AFS support.
-+ This can be done at configure time with the --with-afs argument. */
-+#undef AFS
-+
-+/* Define this if you have the AFS lifetime conversion routines. */
-+#undef HAVE_KRB_LIFE_TO_TIME
-
- /* Define this if you dont have SIGINFO as signal but some other macro */
- #undef HAVE_INCOMPATIBLE_SIGINFO
diff --git a/security/ssh/patches/patch-as b/security/ssh/patches/patch-as
deleted file mode 100644
index 46495b6f7a0..00000000000
--- a/security/ssh/patches/patch-as
+++ /dev/null
@@ -1,249 +0,0 @@
-$NetBSD: patch-as,v 1.1 1999/12/25 05:28:36 kim Exp $
-
---- auth-kerberos.c.orig Wed May 12 07:19:23 1999
-+++ auth-kerberos.c Fri Dec 24 21:50:38 1999
-@@ -38,14 +38,13 @@
- #include "xmalloc.h"
- #include "ssh.h"
-
--#ifdef KERBEROS
--#if defined (KRB5)
-+#ifdef KRB5
- #include <krb5.h>
-
- extern krb5_context ssh_context;
- extern krb5_auth_context auth_context;
-
--int auth_kerberos(char *server_user, krb5_data *auth, krb5_principal *client)
-+int auth_krb5(char *server_user, krb5_data *auth, krb5_principal *client)
- {
- krb5_error_code problem;
- krb5_ticket *ticket;
-@@ -163,11 +162,115 @@
- return 1;
- }
- #endif /* KRB5 */
--#endif /* KERBEROS */
-
--#ifdef KERBEROS_TGT_PASSING
--#if defined (KRB5)
--int auth_kerberos_tgt( char *server_user, krb5_data *krb5data)
-+#ifdef KRB4
-+#include <sys/param.h>
-+#include <krb.h>
-+
-+int ssh_tf_init(uid_t uid)
-+{
-+ extern char *ticket;
-+ char *tkt_root = TKT_ROOT;
-+ struct stat st;
-+ int fd;
-+
-+ /* Set unique ticket string manually since we're still root. */
-+ ticket = xmalloc(MAXPATHLEN);
-+#ifdef AFS
-+ if (lstat("/ticket", &st) != -1)
-+ tkt_root = "/ticket/";
-+#endif /* AFS */
-+ snprintf(ticket, MAXPATHLEN, "%s%d_%d", tkt_root, uid, getpid());
-+ (void) krb_set_tkt_string(ticket);
-+
-+ /* Make sure we own this ticket file, and we created it. */
-+ if (lstat(ticket, &st) < 0 && errno == ENOENT) {
-+ /* good, no ticket file exists. create it. */
-+ if ((fd = open(ticket, O_RDWR|O_CREAT|O_EXCL, 0600)) != -1) {
-+ close(fd);
-+ return 1;
-+ }
-+ }
-+ else {
-+ /* file exists. make sure server_user owns it (e.g. just passed ticket),
-+ and that it isn't a symlink, and that it is mode 600. */
-+ if (st.st_mode == (S_IFREG|S_IRUSR|S_IWUSR) && st.st_uid == uid)
-+ return 1;
-+ }
-+ /* Failure. */
-+ log_msg("WARNING: bad ticket file %s", ticket);
-+ return 0;
-+}
-+
-+int auth_krb4(const char *server_user, KTEXT auth, char **client)
-+{
-+ AUTH_DAT adat = { 0 };
-+ KTEXT_ST reply;
-+ char instance[INST_SZ];
-+ int r, s;
-+ u_long cksum;
-+ Key_schedule schedule;
-+ struct sockaddr_in local, foreign;
-+
-+ s = packet_get_connection_in();
-+
-+ r = sizeof(local);
-+ memset(&local, 0, sizeof(local));
-+ if (getsockname(s, (struct sockaddr *) &local, &r) < 0)
-+ debug("getsockname failed: %.100s", strerror(errno));
-+ r = sizeof(foreign);
-+ memset(&foreign, 0, sizeof(foreign));
-+ if (getpeername(s, (struct sockaddr *)&foreign, &r) < 0)
-+ debug("getpeername failed: %.100s", strerror(errno));
-+
-+ instance[0] = '*'; instance[1] = 0;
-+
-+ /* Get the encrypted request, challenge, and session key. */
-+ if (r = krb_rd_req(auth, KRB4_SERVICE_NAME, instance, 0, &adat, "")) {
-+ packet_send_debug("Kerberos V4 krb_rd_req: %s", krb_err_txt[r]);
-+ return 0;
-+ }
-+ des_key_sched((des_cblock *)adat.session, schedule);
-+
-+ *client = xmalloc(MAX_K_NAME_SZ);
-+ (void) snprintf(*client, MAX_K_NAME_SZ, "%s%s%s@%s", adat.pname,
-+ *adat.pinst ? "." : "", adat.pinst, adat.prealm);
-+
-+ /* Check ~/.klogin authorization now. */
-+ if (kuserok(&adat, (char *)server_user) != KSUCCESS) {
-+ packet_send_debug("Kerberos V4 .klogin authorization failed!");
-+ log_msg("Kerberos V4 .klogin authorization failed for %s to account %s",
-+ *client, server_user);
-+ return 0;
-+ }
-+ /* Increment the checksum, and return it encrypted with the session key. */
-+ cksum = adat.checksum + 1;
-+ cksum = htonl(cksum);
-+
-+ /* If we can't successfully encrypt the checksum, we send back an empty
-+ message, admitting our failure. */
-+ if ((r = krb_mk_priv((u_char *)&cksum, reply.dat, sizeof(cksum)+1,
-+ schedule, &adat.session, &local, &foreign)) < 0) {
-+ packet_send_debug("Kerberos V4 mk_priv: (%d) %s", r, krb_err_txt[r]);
-+ reply.dat[0] = 0;
-+ reply.length = 0;
-+ }
-+ else
-+ reply.length = r;
-+
-+ /* Clear session key. */
-+ memset(&adat.session, 0, sizeof(&adat.session));
-+
-+ packet_start(SSH_SMSG_AUTH_KERBEROS_RESPONSE);
-+ packet_put_string((char *) reply.dat, reply.length);
-+ packet_send();
-+ packet_write_wait();
-+ return 1;
-+}
-+#endif /* KRB4 */
-+
-+#ifdef KRB5
-+int auth_krb5_tgt( char *server_user, krb5_data *krb5data)
- {
- krb5_creds **creds;
- krb5_error_code retval;
-@@ -177,7 +280,7 @@
- extern char *ticket;
- static krb5_principal rcache_server = 0;
- static krb5_rcache rcache;
-- struct sockaddr_in local, foreign;
-+ struct sockaddr_storage local, foreign;
- krb5_address *local_addr, *remote_addr;
- int s;
-
-@@ -267,5 +370,97 @@
-
- }
- #endif /* KRB5 */
--#endif /* KERBEROS_TGT_PASSING */
-
-+
-+#ifdef AFS
-+#include <kafs.h>
-+
-+int auth_kerberos_tgt(struct passwd *pw, const char *string)
-+{
-+ CREDENTIALS creds;
-+ extern char *ticket;
-+ int r;
-+
-+ if (!radix_to_creds(string, &creds)) {
-+ log_msg("Protocol error decoding Kerberos V4 tgt");
-+ packet_send_debug("Protocol error decoding Kerberos V4 tgt");
-+ goto auth_kerberos_tgt_failure;
-+ }
-+ if (strncmp(creds.service, "", 1) == 0) /* backward compatibility */
-+ strcpy(creds.service, "krbtgt");
-+
-+ if (strcmp(creds.service, "krbtgt")) {
-+ log_msg("Kerberos V4 tgt (%s%s%s@%s) rejected for uid %d",
-+ creds.pname, creds.pinst[0] ? "." : "", creds.pinst, creds.realm,
-+ pw->pw_uid);
-+ packet_send_debug("Kerberos V4 tgt (%s%s%s@%s) rejected for uid %d",
-+ creds.pname, creds.pinst[0] ? "." : "", creds.pinst,
-+ creds.realm, pw->pw_uid);
-+ goto auth_kerberos_tgt_failure;
-+ }
-+ if (!ssh_tf_init(pw->pw_uid) ||
-+ (r = in_tkt(creds.pname, creds.pinst)) ||
-+ (r = save_credentials(creds.service,creds.instance,creds.realm,
-+ creds.session,creds.lifetime,creds.kvno,
-+ &creds.ticket_st,creds.issue_date))) {
-+ xfree(ticket);
-+ ticket = NULL;
-+ packet_send_debug("Kerberos V4 tgt refused: couldn't save credentials");
-+ goto auth_kerberos_tgt_failure;
-+ }
-+ /* Successful authentication, passed all checks. */
-+ chown(ticket, pw->pw_uid, pw->pw_gid);
-+ packet_send_debug("Kerberos V4 tgt accepted (%s.%s@%s, %s%s%s@%s)",
-+ creds.service,creds.instance,creds.realm,
-+ creds.pname,creds.pinst[0] ? "." : "",
-+ creds.pinst,creds.realm);
-+
-+ packet_start(SSH_SMSG_SUCCESS);
-+ packet_send();
-+ packet_write_wait();
-+ return 1;
-+
-+auth_kerberos_tgt_failure:
-+ memset(&creds, 0, sizeof(creds));
-+ packet_start(SSH_SMSG_FAILURE);
-+ packet_send();
-+ packet_write_wait();
-+ return 0;
-+}
-+
-+int auth_afs_token(char *server_user, uid_t uid, const char *string)
-+{
-+ CREDENTIALS creds;
-+
-+ if (!radix_to_creds(string, &creds)) {
-+ log_msg("Protocol error decoding AFS token");
-+ packet_send_debug("Protocol error decoding AFS token");
-+ packet_start(SSH_SMSG_FAILURE);
-+ packet_send();
-+ packet_write_wait();
-+ return 0;
-+ }
-+ if (strncmp(creds.service, "", 1) == 0) /* backward compatibility */
-+ strcpy(creds.service, "afs");
-+
-+ if (strncmp(creds.pname, "AFS ID ", 7) == 0)
-+ uid = atoi(creds.pname + 7);
-+
-+ if (kafs_settoken(creds.realm, uid, &creds)) {
-+ log_msg("AFS token (%s@%s) rejected for uid %d", creds.pname,
-+ creds.realm, uid);
-+ packet_send_debug("AFS token (%s@%s) rejected for uid %d", creds.pname,
-+ creds.realm, uid);
-+ packet_start(SSH_SMSG_FAILURE);
-+ packet_send();
-+ packet_write_wait();
-+ return 0;
-+ }
-+ packet_send_debug("AFS token accepted (%s@%s, %s@%s)", creds.service,
-+ creds.realm, creds.pname, creds.realm);
-+ packet_start(SSH_SMSG_SUCCESS);
-+ packet_send();
-+ packet_write_wait();
-+ return 1;
-+}
-+#endif /* AFS */
diff --git a/security/ssh/patches/patch-at b/security/ssh/patches/patch-at
deleted file mode 100644
index aa9b64f3701..00000000000
--- a/security/ssh/patches/patch-at
+++ /dev/null
@@ -1,192 +0,0 @@
-$NetBSD: patch-at,v 1.2 2000/04/18 19:02:21 thorpej Exp $
-
---- auth-passwd.c.orig Wed May 12 04:19:23 1999
-+++ auth-passwd.c Tue Apr 18 11:48:03 2000
-@@ -301,29 +301,25 @@
- static int securid_initialized = 0;
- #endif /* HAVE_SECURID */
-
--#ifdef KERBEROS
--#if defined(KRB5)
-+#ifdef KRB5
- #include <krb5.h>
- extern krb5_context ssh_context;
- extern krb5_auth_context auth_context;
--#else
--#include <krb.h>
- #endif /* KRB5 */
--#endif /* KERBEROS */
-
--#ifdef AFS
--#include <afs/param.h>
--#include <afs/kautils.h>
--#endif /* AFS */
-+#ifdef KRB4
-+#include <sys/param.h>
-+#include <krb.h>
-+#endif /* KRB4 */
-
--#if defined(KERBEROS) || defined(AFS_KERBEROS)
-+#if defined(KRB4) || defined(KRB5)
- extern char *ticket;
--#endif /* KERBEROS || AFS_KERBEROS */
-+#endif /* KRB4 || KRB5 */
-
- /* Tries to authenticate the user using password. Returns true if
- authentication succeeds. */
-
--#if defined(KERBEROS) && defined(KRB5)
-+#ifdef KRB5
- /*
- * This routine with some modification is from the MIT V5B6 appl/bsd/login.c
- *
-@@ -479,16 +475,16 @@
- 0 };
- #endif
- krb5_preauthtype * preauth = preauth_list;
--#endif /* KERBEROS */
-+#endif /* KRB5 */
-
- /* Tries to authenticate the user using password. Returns true if
- authentication succeeds. */
--#ifdef KERBEROS
-+#ifdef KRB5
- int auth_password(const char *server_user, const char *password,
- krb5_principal client)
--#else /* KERBEROS */
-+#else /* KRB5 */
- int auth_password(const char *server_user, const char *password)
--#endif /* KERBEROS */
-+#endif /* KRB5 */
- {
- #if defined(_AIX) && defined(HAVE_AUTHENTICATE)
- char *message;
-@@ -505,7 +501,7 @@
- }
- #else /* _AIX41 && HAVE_AUTHENTICATE */
-
--#ifdef KERBEROS
-+#ifdef KRB5
- krb5_error_code problem;
- int krb5_options = KDC_OPT_RENEWABLE | KDC_OPT_FORWARDABLE;
- krb5_deltat rlife = 0;
-@@ -515,7 +511,7 @@
- krb5_ccache ccache;
- char ccname[80];
- int results;
--#endif /* KERBEROS */
-+#endif /* KRB5 */
- extern ServerOptions options;
- extern char *crypt(const char *key, const char *salt);
- struct passwd *pw;
-@@ -537,10 +533,9 @@
- saved_pw_name = xstrdup(pw->pw_name);
- saved_pw_passwd = xstrdup(pw->pw_passwd);
-
--#if defined(KERBEROS)
-- if (options.kerberos_authentication)
-- {
- #if defined(KRB5)
-+ if (options.kerberos_authentication && client != NULL)
-+ {
- snprintf(ccname, sizeof(ccname), "FILE:/tmp/krb5cc_l%d", getpid());
-
- if (problem = krb5_cc_resolve(ssh_context, ccname, &ccache))
-@@ -658,9 +653,96 @@
- return 0;
- }
- }
-+ }
- #endif /* KRB5 */
-+#ifdef KRB4
-+ if (options.kerberos_authentication)
-+ {
-+ AUTH_DAT adata;
-+ KTEXT_ST tkt;
-+ struct hostent *hp;
-+ unsigned long faddr;
-+ char localhost[MAXHOSTNAMELEN]; /* local host name */
-+ char phost[INST_SZ]; /* host instance */
-+ char realm[REALM_SZ]; /* local Kerberos realm */
-+ int r;
-+
-+ /* Try Kerberos password authentication only for non-root
-+ users and only if Kerberos is installed. */
-+ if (pw->pw_uid != 0 && krb_get_lrealm(realm, 0) == KSUCCESS) {
-+
-+ /* Set up our ticket file. */
-+ if (!ssh_tf_init(pw->pw_uid)) {
-+ log_msg("Couldn't initialize Kerberos ticket file for %s!",
-+ server_user);
-+ goto kerberos_auth_failure;
-+ }
-+ /* Try to get TGT using our password. */
-+ if ((r = krb_get_pw_in_tkt((char *)server_user, "", realm, "krbtgt",
-+ realm, DEFAULT_TKT_LIFE, (char *)password)) != INTK_OK) {
-+ packet_send_debug("Kerberos V4 password authentication for %s "
-+ "failed: %s", server_user, krb_err_txt[r]);
-+ goto kerberos_auth_failure;
-+ }
-+ /* Successful authentication. */
-+ chown(ticket, pw->pw_uid, pw->pw_gid);
-+
-+ (void) gethostname(localhost, sizeof(localhost));
-+ (void) strncpy(phost, (char *)krb_get_phost(localhost), INST_SZ);
-+ phost[INST_SZ-1] = 0;
-+
-+ /* Now that we have a TGT, try to get a local "rcmd" ticket to
-+ ensure that we are not talking to a bogus Kerberos server. */
-+ r = krb_mk_req(&tkt, KRB4_SERVICE_NAME, phost, realm, 33);
-+
-+ if (r == KSUCCESS) {
-+ if (!(hp = gethostbyname(localhost))) {
-+ log_msg("Couldn't get local host address!");
-+ goto kerberos_auth_failure;
-+ }
-+ memmove((void *)&faddr, (void *)hp->h_addr, sizeof(faddr));
-+
-+ /* Verify our "rcmd" ticket. */
-+ r = krb_rd_req(&tkt, KRB4_SERVICE_NAME, phost, faddr, &adata, "");
-+ if (r == RD_AP_UNDEC) {
-+ /* Probably didn't have a srvtab on localhost. Allow login. */
-+ log_msg("Kerberos V4 TGT for %s unverifiable, no srvtab? "
-+ "krb_rd_req: %s", server_user, krb_err_txt[r]);
-+ }
-+ else if (r != KSUCCESS) {
-+ log_msg("Kerberos V4 %s ticket unverifiable: %s",
-+ KRB4_SERVICE_NAME, krb_err_txt[r]);
-+ goto kerberos_auth_failure;
-+ }
-+ }
-+ else if (r == KDC_PR_UNKNOWN) {
-+ /* Allow login if no rcmd service exists, but log the error. */
-+ log_msg("Kerberos V4 TGT for %s unverifiable: %s; %s.%s "
-+ "not registered, or srvtab is wrong?", server_user,
-+ krb_err_txt[r], KRB4_SERVICE_NAME, phost);
-+ }
-+ else {
-+ /* TGT is bad, forget it. Possibly spoofed. */
-+ packet_send_debug("WARNING: Kerberos V4 TGT possibly spoofed for"
-+ "%s: %s", server_user, krb_err_txt[r]);
-+ goto kerberos_auth_failure;
-+ }
-+
-+ /* Authentication succeeded. */
-+ return 1;
-+
-+ kerberos_auth_failure:
-+ (void) dest_tkt();
-+ xfree(ticket);
-+ ticket = NULL;
-+ if (!options.kerberos_or_local_passwd ) return 0;
-+ }
-+ else /* Logging in as root or no local Kerberos realm. */
-+ packet_send_debug("Unable to authenticate to Kerberos.");
-+
-+ /* Fall back to ordinary passwd authentication. */
- }
--#endif /* KERBEROS */
-+#endif /* KRB4 */
-
- #ifdef HAVE_SECURID
- /* Support for Security Dynamics SecurId card.
diff --git a/security/ssh/patches/patch-au b/security/ssh/patches/patch-au
deleted file mode 100644
index 4c883c22ce0..00000000000
--- a/security/ssh/patches/patch-au
+++ /dev/null
@@ -1,87 +0,0 @@
-$NetBSD: patch-au,v 1.7 2002/08/07 13:27:52 agc Exp $
-
---- login.c.orig Wed May 12 07:19:26 1999
-+++ login.c Fri Dec 24 22:01:25 1999
-@@ -117,6 +117,7 @@
- #include <hpsecurity.h>
- #include <prot.h>
- #endif /* HAVE_HPUX_TCB_AUTH */
-+#include <sys/param.h>
- #include "ssh.h"
-
- /* Returns the time when the user last logged in. Returns 0 if the
-@@ -271,7 +272,22 @@
- struct utmp u, u2;
- off_t offset;
- const char *utmp, *wtmp;
-+#endif
-+#if defined(HAVE_HOST_IN_UTMP) || defined(HAVE_LASTLOG_H) || defined(HAVE_LASTLOG)
-+ char myname[MAXHOSTNAMELEN];
-+ char shost[MAXHOSTNAMELEN];
-+ char *p = NULL, *q = NULL;
-+
-+ memset(shost, 0, sizeof(shost));
-+ gethostname(myname, MAXHOSTNAMELEN);
-+ if (((p = memchr(myname, '.', MAXHOSTNAMELEN)) != NULL)
-+ && ((q = strchr(host, '.')) != NULL)
-+ && (strncmp(p, q, MAXHOSTNAMELEN - (p - myname)) == 0)) {
-+ strncpy(shost, host, q - host);
-+ }
-+#endif
-
-+#if defined(HAVE_UTMP_H) && !defined(HAVE_UTMPX_H)
- /* Construct an utmp/wtmp entry. */
- memset(&u, 0, sizeof(u));
- #ifdef DEAD_PROCESS
-@@ -301,17 +317,21 @@
- strncpy(u.ut_user, user, sizeof(u.ut_user));
- #endif /* HAVE_NAME_IN_UTMP */
- #ifdef HAVE_HOST_IN_UTMP
-- strncpy(u.ut_host, host, sizeof(u.ut_host));
--#ifdef __FreeBSD__
-- if (strlen(host) > sizeof(u.ut_host)) {
-+ if ((*shost != '\0') && (strlen(shost) <= sizeof(u.ut_host)))
-+ strncpy(u.ut_host, shost, sizeof(u.ut_host));
-+#ifndef HAVE_ADDR_IN_UTMP
-+ else if (strlen(host) > sizeof(u.ut_host))
- strncpy(u.ut_host, get_remote_ipaddr(), sizeof(u.ut_host));
-- }
--#endif /* __FreeBSD__ */
-+#endif /* HAVE_ADDR_IN_UTMP */
-+ else
-+ strncpy(u.ut_host, host, sizeof(u.ut_host));
- #endif /* HAVE_HOST_IN_UTMP */
- #ifdef HAVE_ADDR_IN_UTMP
-+#if 0 /* XXX */
- if (addr)
- memcpy(&u.ut_addr, &addr->sin_addr, sizeof(u.ut_addr));
- else
-+#endif /* XXX */
- memset(&u.ut_addr, 0, sizeof(u.ut_addr));
- #endif
-
-@@ -462,8 +482,10 @@
- makeutx(&ux);
- #else
- pututxline(&ux);
-+#ifdef WTMPX_FILE
- updwtmpx(WTMPX_FILE, &ux);
- #endif
-+#endif
- endutxent();
- }
- #endif /* HAVE_UTMPX_H */
-@@ -490,7 +512,12 @@
- /* Update lastlog. */
- ll.ll_time = time(NULL);
- strncpy(ll.ll_line, ttyname + 5, sizeof(ll.ll_line));
-- strncpy(ll.ll_host, host, sizeof(ll.ll_host));
-+ if ((*shost != '\0') && (strlen(shost) <= sizeof(ll.ll_host)))
-+ strncpy(ll.ll_host, shost, sizeof(ll.ll_host));
-+ else if (strlen(host) > sizeof(ll.ll_host))
-+ strncpy(ll.ll_host, get_remote_ipaddr(), sizeof(ll.ll_host));
-+ else
-+ strncpy(ll.ll_host, host, sizeof(ll.ll_host));
- #ifdef LASTLOG_IS_DIR
- snprintf(lastlogfile, sizeof(lastlogfile),
- "%.100s/%.100s", lastlog, user);
diff --git a/security/ssh/patches/patch-av b/security/ssh/patches/patch-av
deleted file mode 100644
index 3f039cd0f81..00000000000
--- a/security/ssh/patches/patch-av
+++ /dev/null
@@ -1,39 +0,0 @@
-$NetBSD: patch-av,v 1.3 2001/11/23 07:42:38 tron Exp $
-
---- serverloop.c.orig Wed May 12 13:19:28 1999
-+++ serverloop.c Fri Nov 23 08:26:58 2001
-@@ -377,10 +377,12 @@
- if (channel_max_fd() > max_fd)
- max_fd = channel_max_fd();
-
-+#if 0 /* Ohh, this sucks so badly I almost weep... */
- /* If child has terminated, read as much as is available and then exit. */
- if (child_terminated)
- if (max_time_milliseconds == 0)
- max_time_milliseconds = 100;
-+#endif
-
- if (idle_timeout != 0 &&
- (max_time_milliseconds == 0 ||
-@@ -421,6 +423,7 @@
- FD_ZERO(writeset);
- }
-
-+#if 0 /* Ohh, this sucks so badly I almost weep... */
- /* If the child has terminated and there was no data, shutdown all
- descriptors to it. */
- if (ret <= 0 && child_terminated && !child_just_terminated)
-@@ -442,11 +445,12 @@
- fdin = -1;
- }
- else
-+#endif
- {
- if (ret == 0) /* Nothing read, timeout expired */
- {
- /* Check if idle_timeout expired ? */
-- if (idle_timeout != 0 && !child_terminated &&
-+ if (idle_timeout != 0 && !child_terminated && idle_time_last &&
- time(NULL) - idle_time_last > idle_timeout)
- {
- /* Yes, kill the child */
diff --git a/security/ssh/patches/patch-ax b/security/ssh/patches/patch-ax
deleted file mode 100644
index bafc21a6f8d..00000000000
--- a/security/ssh/patches/patch-ax
+++ /dev/null
@@ -1,60 +0,0 @@
-$NetBSD: patch-ax,v 1.1 1999/12/25 05:28:36 kim Exp $
-
---- cipher.c.orig Wed May 12 07:19:24 1999
-+++ cipher.c Fri Dec 24 21:50:04 1999
-@@ -213,7 +213,7 @@
- used. */
- if (keylen < 8)
- error("Key length %d is insufficient for DES.", keylen);
-- des_set_key(padded, &context->u.des.key);
-+ ssh_des_set_key(padded, &context->u.des.key);
- memset(context->u.des.iv, 0, sizeof(context->u.des.iv));
- break;
- #endif /* WITH_DES */
-@@ -224,12 +224,12 @@
- used (first and last keys are the same). */
- if (keylen < 16)
- error("Key length %d is insufficient for 3DES.", keylen);
-- des_set_key(padded, &context->u.des3.key1);
-- des_set_key(padded + 8, &context->u.des3.key2);
-+ ssh_des_set_key(padded, &context->u.des3.key1);
-+ ssh_des_set_key(padded + 8, &context->u.des3.key2);
- if (keylen <= 16)
-- des_set_key(padded, &context->u.des3.key3);
-+ ssh_des_set_key(padded, &context->u.des3.key3);
- else
-- des_set_key(padded + 16, &context->u.des3.key3);
-+ ssh_des_set_key(padded + 16, &context->u.des3.key3);
- memset(context->u.des3.iv1, 0, sizeof(context->u.des3.iv1));
- memset(context->u.des3.iv2, 0, sizeof(context->u.des3.iv2));
- memset(context->u.des3.iv3, 0, sizeof(context->u.des3.iv3));
-@@ -274,12 +274,12 @@
-
- #ifdef WITH_DES
- case SSH_CIPHER_DES:
-- des_cbc_encrypt(&context->u.des.key, context->u.des.iv, dest, src, len);
-+ ssh_des_cbc_encrypt(&context->u.des.key, context->u.des.iv, dest, src, len);
- break;
- #endif /* WITH_DES */
-
- case SSH_CIPHER_3DES:
-- des_3cbc_encrypt(&context->u.des3.key1, context->u.des3.iv1,
-+ ssh_des_3cbc_encrypt(&context->u.des3.key1, context->u.des3.iv1,
- &context->u.des3.key2, context->u.des3.iv2,
- &context->u.des3.key3, context->u.des3.iv3,
- dest, src, len);
-@@ -322,12 +322,12 @@
-
- #ifdef WITH_DES
- case SSH_CIPHER_DES:
-- des_cbc_decrypt(&context->u.des.key, context->u.des.iv, dest, src, len);
-+ ssh_des_cbc_decrypt(&context->u.des.key, context->u.des.iv, dest, src, len);
- break;
- #endif /* WITH_DES */
-
- case SSH_CIPHER_3DES:
-- des_3cbc_decrypt(&context->u.des3.key1, context->u.des3.iv1,
-+ ssh_des_3cbc_decrypt(&context->u.des3.key1, context->u.des3.iv1,
- &context->u.des3.key2, context->u.des3.iv2,
- &context->u.des3.key3, context->u.des3.iv3,
- dest, src, len);
diff --git a/security/ssh/patches/patch-ay b/security/ssh/patches/patch-ay
deleted file mode 100644
index 9ab944c3c1c..00000000000
--- a/security/ssh/patches/patch-ay
+++ /dev/null
@@ -1,13 +0,0 @@
-$NetBSD: patch-ay,v 1.1 1999/12/25 05:28:36 kim Exp $
-
---- cipher.h.orig Wed May 12 07:19:25 1999
-+++ cipher.h Fri Dec 24 21:50:04 1999
-@@ -58,7 +58,7 @@
- #ifndef WITHOUT_IDEA
- #include "idea.h"
- #endif /* WITHOUT_IDEA */
--#include "des.h"
-+#include "ssh-des.h"
- #ifdef WITH_ARCFOUR
- #include "arcfour.h"
- #endif /* WITH_ARCFOUR */
diff --git a/security/ssh/patches/patch-az b/security/ssh/patches/patch-az
deleted file mode 100644
index e1a919d63ac..00000000000
--- a/security/ssh/patches/patch-az
+++ /dev/null
@@ -1,58 +0,0 @@
-$NetBSD: patch-az,v 1.2 2000/03/20 02:25:53 itojun Exp $
-
---- config.h.in- Wed May 12 20:20:04 1999
-+++ config.h.in Mon Mar 20 09:47:20 2000
-@@ -244,12 +244,6 @@
- /* Support for Secure RPC */
- #undef SECURE_RPC
-
--/* Support for Secure NFS */
--#undef SECURE_NFS
--
--/* Support for NIS+ */
--#undef NIS_PLUS
--
- /* Define this to disable all port forwardings in server (except X11) */
- #undef SSHD_NO_PORT_FORWARDING
-
-@@ -296,16 +290,23 @@
- /* Define this if your gettimeofday doesn't have TZ parameter */
- #undef HAVE_NO_TZ_IN_GETTIMEOFDAY
-
--/* Define this if you want to compile in Kerberos support. */
--#undef KERBEROS
--
- /* Define this if you want to compile in Kerberos V5 support.
-- KERBEROS must be compiled in as well. This can be done at configure
-- time with the --with-kerberos5 argument*/
-+ This can be done at configure time with the --with-krb5 argument. */
- #undef KRB5
-
--/* Define this if you want to pass the Kerberos TGT. */
--#undef KERBEROS_TGT_PASSING
-+/* Define this if you want to compile in Kerberos V4 support.
-+ This can be done at configure time with the --with-krb4 argument. */
-+#undef KRB4
-+
-+/* Define this if you what to build ssh with Hesiod support. */
-+#undef HESIOD
-+
-+/* Define this if you want to compile in AFS support.
-+ This can be done at configure time with the --with-afs argument. */
-+#undef AFS
-+
-+/* Define this if you have the AFS lifetime conversion routines. */
-+#undef HAVE_KRB_LIFE_TO_TIME
-
- /* Define this if you dont have SIGINFO as signal but some other macro */
- #undef HAVE_INCOMPATIBLE_SIGINFO
-@@ -518,6 +519,9 @@
-
- /* Define if you have the <sys/dir.h> header file. */
- #undef HAVE_SYS_DIR_H
-+
-+/* Define if you have the <sys/filio.h> header file. */
-+#undef HAVE_SYS_FILIO_H
-
- /* Define if you have the <sys/ioctl.h> header file. */
- #undef HAVE_SYS_IOCTL_H
diff --git a/security/ssh/patches/patch-ba b/security/ssh/patches/patch-ba
deleted file mode 100644
index 369babd252f..00000000000
--- a/security/ssh/patches/patch-ba
+++ /dev/null
@@ -1,137 +0,0 @@
-$NetBSD: patch-ba,v 1.1 1999/12/25 05:28:36 kim Exp $
-
---- des.c.orig Wed May 12 07:19:25 1999
-+++ des.c Fri Dec 24 21:50:04 1999
-@@ -38,7 +38,7 @@
-
- #include "includes.h"
- #include "getput.h"
--#include "des.h"
-+#include "ssh-des.h"
-
- /* Table for key generation. This used to be in sk.h. */
- /* Copyright (C) 1993 Eric Young - see README for more details */
-@@ -400,7 +400,7 @@
- /* This part is based on code that used to be in ecb_enc.c. */
- /* Copyright (C) 1993 Eric Young - see README for more details */
-
--void des_encrypt(word32 l, word32 r, word32 *output, DESContext *ks,
-+void ssh_des_encrypt(word32 l, word32 r, word32 *output, DESContext *ks,
- int encrypt)
- {
- register word32 t,u;
-@@ -452,7 +452,7 @@
- #define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
- (a)=(a)^(t)^(t>>(16-(n))))
-
--void des_set_key(unsigned char *key, DESContext *ks)
-+void ssh_des_set_key(unsigned char *key, DESContext *ks)
- {
- register word32 c, d, t, s, shifts;
- register int i;
-@@ -507,7 +507,7 @@
- }
- }
-
--void des_cbc_encrypt(DESContext *ks, unsigned char *iv,
-+void ssh_des_cbc_encrypt(DESContext *ks, unsigned char *iv,
- unsigned char *dest, const unsigned char *src,
- unsigned int len)
- {
-@@ -523,7 +523,7 @@
- {
- iv0 ^= GET_32BIT_LSB_FIRST(src + i);
- iv1 ^= GET_32BIT_LSB_FIRST(src + i + 4);
-- des_encrypt(iv0, iv1, out, ks, 1);
-+ ssh_des_encrypt(iv0, iv1, out, ks, 1);
- iv0 = out[0];
- iv1 = out[1];
- PUT_32BIT_LSB_FIRST(dest + i, iv0);
-@@ -533,7 +533,7 @@
- PUT_32BIT_LSB_FIRST(iv + 4, iv1);
- }
-
--void des_cbc_decrypt(DESContext *ks, unsigned char *iv,
-+void ssh_des_cbc_decrypt(DESContext *ks, unsigned char *iv,
- unsigned char *dest, const unsigned char *src,
- unsigned int len)
- {
-@@ -549,7 +549,7 @@
- {
- d0 = GET_32BIT_LSB_FIRST(src + i);
- d1 = GET_32BIT_LSB_FIRST(src + i + 4);
-- des_encrypt(d0, d1, out, ks, 0);
-+ ssh_des_encrypt(d0, d1, out, ks, 0);
- iv0 ^= out[0];
- iv1 ^= out[1];
- PUT_32BIT_LSB_FIRST(dest + i, iv0);
-@@ -561,38 +561,38 @@
- PUT_32BIT_LSB_FIRST(iv + 4, iv1);
- }
-
--void des_3cbc_encrypt(DESContext *ks1, unsigned char *iv1,
-+void ssh_des_3cbc_encrypt(DESContext *ks1, unsigned char *iv1,
- DESContext *ks2, unsigned char *iv2,
- DESContext *ks3, unsigned char *iv3,
- unsigned char *dest, const unsigned char *src,
- unsigned int len)
- {
-- des_cbc_encrypt(ks1, iv1, dest, src, len);
-- des_cbc_decrypt(ks2, iv2, dest, dest, len);
-- des_cbc_encrypt(ks3, iv3, dest, dest, len);
-+ ssh_des_cbc_encrypt(ks1, iv1, dest, src, len);
-+ ssh_des_cbc_decrypt(ks2, iv2, dest, dest, len);
-+ ssh_des_cbc_encrypt(ks3, iv3, dest, dest, len);
- }
-
--void des_3cbc_decrypt(DESContext *ks1, unsigned char *iv1,
-+void ssh_des_3cbc_decrypt(DESContext *ks1, unsigned char *iv1,
- DESContext *ks2, unsigned char *iv2,
- DESContext *ks3, unsigned char *iv3,
- unsigned char *dest, const unsigned char *src,
- unsigned int len)
- {
-- des_cbc_decrypt(ks3, iv3, dest, src, len);
-- des_cbc_encrypt(ks2, iv2, dest, dest, len);
-- des_cbc_decrypt(ks1, iv1, dest, dest, len);
-+ ssh_des_cbc_decrypt(ks3, iv3, dest, src, len);
-+ ssh_des_cbc_encrypt(ks2, iv2, dest, dest, len);
-+ ssh_des_cbc_decrypt(ks1, iv1, dest, dest, len);
- }
-
--#ifdef DES_TEST
-+#ifdef SSH_DES_TEST
-
--void des_encrypt_buf(DESContext *ks, unsigned char *out,
-+void ssh_des_encrypt_buf(DESContext *ks, unsigned char *out,
- const unsigned char *in, int encrypt)
- {
- word32 in0, in1, output[0];
-
- in0 = GET_32BIT_LSB_FIRST(in);
- in1 = GET_32BIT_LSB_FIRST(in + 4);
-- des_encrypt(in0, in1, output, ks, encrypt);
-+ ssh_des_encrypt(in0, in1, output, ks, encrypt);
- PUT_32BIT_LSB_FIRST(out, output[0]);
- PUT_32BIT_LSB_FIRST(out + 4, output[1]);
- }
-@@ -634,15 +634,15 @@
- }
- result[i] = value;
- }
-- des_set_key(key, &ks);
-- des_encrypt_buf(&ks, output, data, 1);
-+ ssh_des_set_key(key, &ks);
-+ ssh_des_encrypt_buf(&ks, output, data, 1);
- if (memcmp(output, result, 8) != 0)
- fprintf(stderr, "Encrypt failed: %s", line);
-- des_encrypt_buf(&ks, output, result, 0);
-+ ssh_des_encrypt_buf(&ks, output, result, 0);
- if (memcmp(output, data, 8) != 0)
- fprintf(stderr, "Decrypt failed: %s", line);
- }
- exit(0);
- }
--#endif /* DES_TEST */
-+#endif /* SSH_DES_TEST */
-
diff --git a/security/ssh/patches/patch-bb b/security/ssh/patches/patch-bb
deleted file mode 100644
index e581c603121..00000000000
--- a/security/ssh/patches/patch-bb
+++ /dev/null
@@ -1,64 +0,0 @@
-$NetBSD: patch-bb,v 1.1 1999/12/25 05:28:37 kim Exp $
-
---- ssh-des.h.orig Wed May 12 07:19:25 1999
-+++ ssh-des.h Fri Dec 24 21:50:04 1999
-@@ -25,8 +25,8 @@
- * $Endlog$
- */
-
--#ifndef DES_H
--#define DES_H
-+#ifndef SSH_DES_H
-+#define SSH_DES_H
-
- typedef struct
- {
-@@ -35,40 +35,40 @@
-
- /* Sets the des key for the context. Initializes the context. The least
- significant bit of each byte of the key is ignored as parity. */
--void des_set_key(unsigned char *key, DESContext *ks);
-+void ssh_des_set_key(unsigned char *key, DESContext *ks);
-
- /* Encrypts 32 bits in l,r, and stores the result in output[0] and output[1].
- Performs encryption if encrypt is non-zero, and decryption if it is zero.
-- The key context must have been initialized previously with des_set_key. */
--void des_encrypt(word32 l, word32 r, word32 *output, DESContext *ks,
-+ The key context must have been initialized previously with ssh_des_set_key. */
-+void ssh_des_encrypt(word32 l, word32 r, word32 *output, DESContext *ks,
- int encrypt);
-
- /* Encrypts len bytes from src to dest in CBC modes. Len must be a multiple
- of 8. iv will be modified at end to a value suitable for continuing
- encryption. */
--void des_cbc_encrypt(DESContext *ks, unsigned char *iv, unsigned char *dest,
-+void ssh_des_cbc_encrypt(DESContext *ks, unsigned char *iv, unsigned char *dest,
- const unsigned char *src, unsigned int len);
-
- /* Decrypts len bytes from src to dest in CBC modes. Len must be a multiple
- of 8. iv will be modified at end to a value suitable for continuing
- decryption. */
--void des_cbc_decrypt(DESContext *ks, unsigned char *iv, unsigned char *dest,
-+void ssh_des_cbc_decrypt(DESContext *ks, unsigned char *iv, unsigned char *dest,
- const unsigned char *src, unsigned int len);
-
- /* Encrypts in CBC mode using triple-DES. */
--void des_3cbc_encrypt(DESContext *ks1, unsigned char *iv1,
-+void ssh_des_3cbc_encrypt(DESContext *ks1, unsigned char *iv1,
- DESContext *ks2, unsigned char *iv2,
- DESContext *ks3, unsigned char *iv3,
- unsigned char *dest, const unsigned char *src,
- unsigned int len);
-
- /* Decrypts in CBC mode using triple-DES. */
--void des_3cbc_decrypt(DESContext *ks1, unsigned char *iv1,
-+void ssh_des_3cbc_decrypt(DESContext *ks1, unsigned char *iv1,
- DESContext *ks2, unsigned char *iv2,
- DESContext *ks3, unsigned char *iv3,
- unsigned char *dest, const unsigned char *src,
- unsigned int len);
-
--#endif /* DES_H */
-+#endif /* SSH_DES_H */
-
-
diff --git a/security/ssh/patches/patch-bd b/security/ssh/patches/patch-bd
deleted file mode 100644
index 6455110898f..00000000000
--- a/security/ssh/patches/patch-bd
+++ /dev/null
@@ -1,73 +0,0 @@
-$NetBSD: patch-bd,v 1.2 2000/03/20 02:25:55 itojun Exp $
-
---- readconf.c- Wed May 12 20:19:27 1999
-+++ readconf.c Mon Mar 20 09:47:24 2000
-@@ -170,6 +170,9 @@
- oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
- oBatchMode, oStrictHostKeyChecking, oCompression, oCompressionLevel,
- oKeepAlives, oUsePrivilegedPort, oKerberosAuthentication,
-+#ifdef AFS
-+ oAFSTokenPassing,
-+#endif /* AFS */
- oKerberosTgtPassing, oClearAllForwardings, oNumberOfPasswordPrompts,
- oXauthPath, oGatewayPorts, oPasswordPromptLogin, oPasswordPromptHost
- } OpCodes;
-@@ -213,6 +216,9 @@
- { "useprivilegedport", oUsePrivilegedPort },
- { "kerberosauthentication", oKerberosAuthentication },
- { "kerberostgtpassing", oKerberosTgtPassing },
-+#ifdef AFS
-+ { "afstokenpassing", oAFSTokenPassing },
-+#endif /* AFS */
- { "clearallforwardings", oClearAllForwardings },
- { "numberofpasswordprompts", oNumberOfPasswordPrompts },
- { "xauthlocation", oXauthPath },
-@@ -354,6 +360,12 @@
- intptr = &options->kerberos_tgt_passing;
- goto parse_flag;
-
-+#ifdef AFS
-+ case oAFSTokenPassing:
-+ intptr = &options->afs_token_passing;
-+ goto parse_flag;
-+#endif /* AFS */
-+
- case oFallBackToRsh:
- intptr = &options->fallback_to_rsh;
- goto parse_flag;
-@@ -678,6 +690,9 @@
- options->rsa_authentication = -1;
- options->kerberos_authentication = -1;
- options->kerberos_tgt_passing = -1;
-+#ifdef AFS
-+ options->afs_token_passing = -1;
-+#endif /* AFS */
- options->tis_authentication = -1;
- options->password_authentication = -1;
- options->rhosts_rsa_authentication = -1;
-@@ -724,17 +739,19 @@
- if (options->rsa_authentication == -1)
- options->rsa_authentication = 1;
- if (options->kerberos_authentication == -1)
--#if defined(KERBEROS) && defined(KRB5)
-+#if defined(KRB4) || defined(KRB5)
- options->kerberos_authentication = 1;
--#else /* defined(KERBEROS) && defined(KRB5) */
-+#else
- options->kerberos_authentication = 0;
--#endif /* defined(KERBEROS) && defined(KRB5) */
-+#endif /* defined(KRB4) || defined(KRB5) */
- if (options->kerberos_tgt_passing == -1)
--#if defined(KERBEROS_TGT_PASSING) && defined(KRB5)
-+#if defined(AFS)
- options->kerberos_tgt_passing = 1;
--#else /* defined(KERBEROS_TGT_PASSING) && defined(KRB5) */
-+ if (options->afs_token_passing == -1)
-+ options->afs_token_passing = 1;
-+#else
- options->kerberos_tgt_passing = 0;
--#endif /* defined(KERBEROS_TGT_PASSING) && defined(KRB5) */
-+#endif /* AFS */
- if (options->tis_authentication == -1)
- options->tis_authentication = 0;
- if (options->password_authentication == -1)
diff --git a/security/ssh/patches/patch-be b/security/ssh/patches/patch-be
deleted file mode 100644
index cd1f1ff0211..00000000000
--- a/security/ssh/patches/patch-be
+++ /dev/null
@@ -1,14 +0,0 @@
-$NetBSD: patch-be,v 1.2 2000/03/20 02:25:55 itojun Exp $
-
---- readconf.h- Wed May 12 20:19:27 1999
-+++ readconf.h Mon Mar 20 09:47:24 2000
-@@ -85,6 +85,9 @@
- int rsa_authentication; /* Try RSA authentication. */
- int kerberos_authentication; /* Try Kerberos authentication. */
- int kerberos_tgt_passing; /* Try Kerberos tgt passing. */
-+#ifdef AFS
-+ int afs_token_passing; /* Try AFS token passing. */
-+#endif /* AFS */
- int tis_authentication; /* Try TIS authsrv authentication. */
- int password_authentication; /* Try password authentication. */
- int fallback_to_rsh; /* Use rsh if cannot connect with ssh. */
diff --git a/security/ssh/patches/patch-bf b/security/ssh/patches/patch-bf
deleted file mode 100644
index b6f2c8c5652..00000000000
--- a/security/ssh/patches/patch-bf
+++ /dev/null
@@ -1,99 +0,0 @@
-$NetBSD: patch-bf,v 1.2 2000/03/20 02:25:55 itojun Exp $
-
---- servconf.c- Wed May 12 20:19:28 1999
-+++ servconf.c Mon Mar 20 09:47:32 2000
-@@ -106,6 +106,12 @@
- options->kerberos_authentication = -1;
- options->kerberos_or_local_passwd = -1;
- options->kerberos_tgt_passing = -1;
-+#if defined(KRB4)
-+ options->kerberos_ticket_cleanup = -1;
-+#endif /* KRB4 */
-+#ifdef AFS
-+ options->afs_token_passing = -1;
-+#endif
- options->tis_authentication = -1;
- options->allow_tcp_forwarding = -1;
- options->password_authentication = -1;
-@@ -190,19 +196,27 @@
- if (options->rsa_authentication == -1)
- options->rsa_authentication = 1;
- if (options->kerberos_authentication == -1)
--#if defined(KERBEROS) && defined(KRB5)
-+#if defined(KRB4) || defined(KRB5)
- options->kerberos_authentication = 1;
--#else /* defined(KERBEROS) && defined(KRB5) */
-+#else
- options->kerberos_authentication = 0;
--#endif /* defined(KERBEROS) && defined(KRB5) */
-+#endif /* defined(KRB4 || KRB5 */
- if (options->kerberos_or_local_passwd == -1)
- options->kerberos_or_local_passwd = 0;
- if (options->kerberos_tgt_passing == -1)
--#if defined(KERBEROS_TGT_PASSING) && defined(KRB5)
-+#if defined(AFS) || defined(KRB5)
- options->kerberos_tgt_passing = 1;
--#else /* defined(KERBEROS_TGT_PASSING) && defined(KRB5) */
-+#else
- options->kerberos_tgt_passing = 0;
--#endif /* defined(KERBEROS_TGT_PASSING) && defined(KRB5) */
-+#endif /* AFS || KRB5 */
-+#if defined(KRB4)
-+ if (options->kerberos_ticket_cleanup == -1)
-+ options->kerberos_ticket_cleanup = 1;
-+#endif /* KRB4 */
-+#ifdef AFS
-+ if (options->afs_token_passing == -1)
-+ options->afs_token_passing = 1;
-+#endif /* AFS */
- if (options->allow_tcp_forwarding == -1)
- options->allow_tcp_forwarding = 1;
- if (options->tis_authentication == -1)
-@@ -249,7 +263,14 @@
- sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sPidFile,
- sForcedPasswd, sForcedEmptyPasswd, sUmask, sSilentDeny, sIdleTimeout,
- sUseLogin, sKerberosAuthentication, sKerberosOrLocalPasswd,
-- sKerberosTgtPassing, sAllowTcpForwarding, sAllowUsers, sDenyUsers,
-+ sKerberosTgtPassing,
-+#ifdef KRB4
-+ sKerberosTicketCleanup,
-+#ifdef AFS
-+ sAFSTokenPassing,
-+#endif /* AFS */
-+#endif /* KRB4 */
-+ sAllowTcpForwarding, sAllowUsers, sDenyUsers,
- sXauthPath, sCheckMail, sDenyGroups, sAllowGroups, sIgnoreRootRhosts,
- sAllowSHosts, sDenySHosts, sPasswordExpireWarningDays,
- sAccountExpireWarningDays
-@@ -313,6 +334,12 @@
- { "kerberosauthentication", sKerberosAuthentication },
- { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
- { "kerberostgtpassing", sKerberosTgtPassing },
-+#ifdef KRB4
-+ { "kerberosticketcleanup", sKerberosTicketCleanup },
-+#endif
-+#ifdef AFS
-+ { "afstokenpassing", sAFSTokenPassing },
-+#endif
- { "allowtcpforwarding", sAllowTcpForwarding },
- { "xauthlocation", sXauthPath },
- { "checkmail", sCheckMail },
-@@ -571,6 +598,18 @@
- case sKerberosTgtPassing:
- intptr = &options->kerberos_tgt_passing;
- goto parse_flag;
-+
-+#ifdef KRB4
-+ case sKerberosTicketCleanup:
-+ intptr = &options->kerberos_ticket_cleanup;
-+ goto parse_flag;
-+#endif /* KRB4 */
-+
-+#ifdef AFS
-+ case sAFSTokenPassing:
-+ intptr = &options->afs_token_passing;
-+ goto parse_flag;
-+#endif /* AFS */
-
- case sAllowTcpForwarding:
- intptr = &options->allow_tcp_forwarding;
diff --git a/security/ssh/patches/patch-bg b/security/ssh/patches/patch-bg
deleted file mode 100644
index c380db24c9d..00000000000
--- a/security/ssh/patches/patch-bg
+++ /dev/null
@@ -1,17 +0,0 @@
-$NetBSD: patch-bg,v 1.2 2000/03/20 02:25:56 itojun Exp $
-
---- servconf.h- Wed May 12 20:19:28 1999
-+++ servconf.h Mon Mar 20 09:47:32 2000
-@@ -111,6 +111,12 @@
- password authentication mechanism, such
- as SecurID or /etc/passwd */
- int kerberos_tgt_passing; /* If true, permit Kerberos tgt passing. */
-+#ifdef KRB4
-+ int kerberos_ticket_cleanup; /* If true, destroy ticket file on logout. */
-+#endif /* KRB4 */
-+#ifdef AFS
-+ int afs_token_passing; /* If true, permit AFS token passing. */
-+#endif /* AFS */
- int allow_tcp_forwarding;
- int tis_authentication; /* If true, permit TIS authsrv auth. */
- int password_authentication; /* If true, permit password authentication. */
diff --git a/security/ssh/patches/patch-bh b/security/ssh/patches/patch-bh
deleted file mode 100644
index 50373f65713..00000000000
--- a/security/ssh/patches/patch-bh
+++ /dev/null
@@ -1,31 +0,0 @@
-$NetBSD: patch-bh,v 1.1 1999/12/25 05:28:37 kim Exp $
-
---- ssh.1.in.orig Wed May 12 07:19:30 1999
-+++ ssh.1.in Fri Dec 24 21:50:04 1999
-@@ -470,7 +470,7 @@
- .ne 3
- .TP
- .B \-k
--Disables forwarding of the kerberos tickets. This may
-+Disables forwarding of Kerberos tickets / AFS tokens. This may
- also be specified on a per-host basis in the configuration file.
- .ne 3
- .TP
-@@ -770,11 +770,15 @@
-
- .TP
- .B KerberosAuthentication
--Specifies whether Kerberos V5 authentication will be used.
-+Specifies whether Kerberos authentication will be used.
-
- .TP
- .B KerberosTgtPassing
--Specifies whether a Kerberos V5 TGT will be forwarded to the server.
-+Specifies whether a Kerberos TGT will be forwarded to the server.
-+
-+.TP
-+.B AFSTokenPassing
-+Specifies whether an AFS token will be forwarded to the server.
-
- .TP
- .B LocalForward
diff --git a/security/ssh/patches/patch-bi b/security/ssh/patches/patch-bi
deleted file mode 100644
index 1d4424cdbe0..00000000000
--- a/security/ssh/patches/patch-bi
+++ /dev/null
@@ -1,27 +0,0 @@
-$NetBSD: patch-bi,v 1.2 2000/03/20 02:25:56 itojun Exp $
-
---- ssh.c- Wed May 12 20:19:28 1999
-+++ ssh.c Mon Mar 20 09:47:32 2000
-@@ -280,9 +280,9 @@
- fprintf(stderr, " -l user Log in using this user name.\n");
- fprintf(stderr, " -n Redirect input from /dev/null.\n");
- fprintf(stderr, " -a Disable authentication agent forwarding.\n");
--#if defined(KERBEROS_TGT_PASSING) && defined(KRB5)
-- fprintf(stderr, " -k Disable Kerberos ticket passing.\n");
--#endif /* defined(KERBEROS_TGT_PASSING) && defined(KRB5) */
-+#ifdef AFS
-+ fprintf(stderr, " -k Disable Kerberos ticket and AFS token passing.\n");
-+#endif /* AFS */
- #ifndef SSH_NO_X11_FORWARDING
- fprintf(stderr, " -x Disable X11 connection forwarding.\n");
- #endif
-@@ -541,6 +541,9 @@
-
- case 'k':
- options.kerberos_tgt_passing = 0;
-+#ifdef AFS
-+ options.afs_token_passing = 0;
-+#endif /* AFS */
- break;
-
- case 'i':
diff --git a/security/ssh/patches/patch-bj b/security/ssh/patches/patch-bj
deleted file mode 100644
index b23c857789e..00000000000
--- a/security/ssh/patches/patch-bj
+++ /dev/null
@@ -1,76 +0,0 @@
-$NetBSD: patch-bj,v 1.2 2000/03/20 02:25:56 itojun Exp $
-
---- ssh.h- Wed May 12 20:19:28 1999
-+++ ssh.h Mon Mar 20 09:47:32 2000
-@@ -176,6 +176,16 @@
- #include "randoms.h"
- #include "cipher.h"
-
-+#ifdef HESIOD
-+#include <hesiod.h>
-+
-+#define getpwnam(a) hes_getpwnam(a)
-+#define getpwuid(a) hes_getpwuid(a)
-+
-+extern struct passwd *hes_getpwnam(const char *name);
-+extern struct passwd *hes_getpwuid(uid_t uid);
-+#endif /* HESIOD */
-+
- /* The default cipher used if IDEA is not supported by the remote host.
- It is recommended that this be one of the mandatory ciphers (DES, 3DES),
- though that is not required. */
-@@ -307,12 +317,13 @@
- protocol.) */
- #define SSH_SESSION_KEY_LENGTH 32
-
--#ifdef KERBEROS
- #ifdef KRB5
- #include <krb5.h>
--#define KRB_SERVICE_NAME "host"
-+#define KRB5_SERVICE_NAME "host"
- #endif /* KRB5 */
--#endif /* KERBEROS */
-+#ifdef KRB4
-+#define KRB4_SERVICE_NAME "rcmd"
-+#endif /* KRB4 */
-
- /* Authentication methods. New types can be added, but old types should not
- be removed for compatibility. The maximum allowed value is 31. */
-@@ -336,6 +347,10 @@
-
- /* If you add new methods add them after this using random number between 16-31
- so if someone else adds also new methods you dont use same number. */
-+#ifdef AFS
-+#define SSH_PASS_AFS_TOKEN 21
-+#endif /* AFS */
-+
-
- /* Protocol flags. These are bit masks. */
- #define SSH_PROTOFLAG_SCREEN_NUMBER 1 /* X11 forwarding includes screen */
-@@ -410,7 +425,9 @@
- /* If ou add new messages add them starting from something after 64, better to
- use some random number between 64-127 so if someone else adds something else
- you dont use same numbers */
--
-+#ifdef AFS
-+#define SSH_CMSG_HAVE_AFS_TOKEN 65
-+#endif /* AFS */
-
- /* define this and debug() will print local hostname */
- #define LOCAL_HOSTNAME_IN_DEBUG 1
-@@ -479,12 +496,12 @@
-
- /* Tries to authenticate the user using password. Returns true if
- authentication succeeds. */
--#if defined(KERBEROS) && defined(KRB5)
-+#ifdef KRB5
- int auth_password(const char *server_user, const char *password,
- krb5_principal client);
--#else /* defined(KERBEROS) && defined(KRB5) */
-+#else /* KRB5 */
- int auth_password(const char *server_user, const char *password);
--#endif /* defined(KERBEROS) && defined(KRB5) */
-+#endif /* KRB5 */
-
- /* Performs the RSA authentication dialog with the client. This returns
- 0 if the client could not be authenticated, and 1 if authentication was
diff --git a/security/ssh/patches/patch-bk b/security/ssh/patches/patch-bk
deleted file mode 100644
index b18f6e4eb54..00000000000
--- a/security/ssh/patches/patch-bk
+++ /dev/null
@@ -1,390 +0,0 @@
-$NetBSD: patch-bk,v 1.2 2000/03/20 02:25:57 itojun Exp $
-
---- sshconnect.c- Wed May 12 20:19:29 1999
-+++ sshconnect.c Mon Mar 20 09:55:37 2000
-@@ -215,7 +215,6 @@
- #include "userfile.h"
- #include "emulate.h"
-
--#ifdef KERBEROS
- #ifdef KRB5
- #include <krb5.h>
-
-@@ -223,7 +222,19 @@
- krb5_context ssh_context = 0;
- krb5_auth_context auth_context = 0;
- #endif /* KRB5 */
--#endif /* KERBEROS */
-+
-+#ifdef KRB4
-+#include <krb.h>
-+#ifdef AFS
-+#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4
-+#include <sys/ioctl.h>
-+#endif
-+#ifdef HAVE_SYS_FILIO_H
-+#include <sys/filio.h>
-+#endif
-+#include <kafs.h>
-+#endif /* AFS */
-+#endif /* KRB4 */
-
- /* Session id for the current session. */
- unsigned char session_id[16];
-@@ -932,10 +943,9 @@
- return 0;
- }
-
--#ifdef KERBEROS
-+#ifdef KRB5
- int try_kerberos_authentication(void)
- {
--#ifdef KRB5
- char *remotehost;
- krb5_data auth;
- krb5_error_code r;
-@@ -1084,15 +1094,118 @@
- krb5_free_ap_rep_enc_part(ssh_context, repl);
-
- return(ret_stat);
-+}
- #endif /* KRB5 */
-+
-+#ifdef KRB4
-+int try_kerberos_authentication()
-+{
-+ KTEXT_ST auth; /* Kerberos data */
-+ char *reply;
-+ char inst[INST_SZ];
-+ char *realm;
-+ char *service;
-+ CREDENTIALS cred;
-+ int r, type;
-+ Key_schedule schedule;
-+ u_long checksum, cksum;
-+ MSG_DAT msg_data;
-+ struct sockaddr_in local, foreign;
-+ struct stat st;
-+
-+ /* Don't do anything if we don't have any tickets. */
-+ if (stat(tkt_string(), &st) < 0) return 0;
-+
-+ strncpy(inst, (char *) krb_get_phost(get_canonical_hostname()), INST_SZ);
-+
-+ realm = (char *)krb_realmofhost(get_canonical_hostname());
-+ if (!realm) {
-+ debug("Kerberos V4: no realm for %s", get_canonical_hostname());
-+ return 0;
-+ }
-+ /* This can really be anything. */
-+ checksum = (u_long) getpid();
-+
-+ if (r = krb_mk_req(&auth, KRB4_SERVICE_NAME, inst, realm, checksum)) {
-+ debug("Kerberos V4 krb_mk_req failed: %s", krb_err_txt[r]);
-+ return 0;
-+ }
-+ /* Get session key to decrypt the server's reply with. */
-+ if (r = krb_get_cred(KRB4_SERVICE_NAME, inst, realm, &cred)) {
-+ debug("get_cred failed: %s", krb_err_txt[r]);
-+ return 0;
-+ }
-+ des_key_sched((des_cblock *)cred.session, schedule);
-+
-+ /* Send authentication info to server. */
-+ packet_start(SSH_CMSG_AUTH_KERBEROS);
-+ packet_put_string((char *)auth.dat, auth.length);
-+ packet_send();
-+ packet_write_wait();
-+
-+ /* zero the buffer */
-+ (void) memset(auth.dat, 0, MAX_KTXT_LEN);
-+
-+ r = sizeof(local);
-+ memset(&local, 0, sizeof(local));
-+ if (getsockname(packet_get_connection_in(),
-+ (struct sockaddr *) &local, &r) < 0)
-+ debug("getsockname failed: %.100s", strerror(errno));
-+
-+ r = sizeof(foreign);
-+ memset(&foreign, 0, sizeof(foreign));
-+ if (getpeername(packet_get_connection_in(),
-+ (struct sockaddr *)&foreign, &r) < 0)
-+ debug("getpeername failed: %.100s", strerror(errno));
-+
-+ /* Get server reply. */
-+ type = packet_read();
-+ switch(type) {
-+
-+ case SSH_SMSG_FAILURE: /* Should really be SSH_SMSG_AUTH_KERBEROS_FAILURE */
-+ debug("Kerberos V4 authentication failed.");
-+ return 0;
-+ break;
-+
-+ case SSH_SMSG_AUTH_KERBEROS_RESPONSE: /* SSH_SMSG_AUTH_KERBEROS_SUCCESS */
-+ debug("Kerberos V4 authentication accepted.");
-+
-+ /* Get server's response. */
-+ reply = packet_get_string((unsigned int *)&auth.length);
-+ memcpy(auth.dat, reply, auth.length);
-+ xfree(reply);
-+
-+ /* If his response isn't properly encrypted with the session key,
-+ and the decrypted checksum fails to match, he's bogus. Bail out. */
-+ if (r = krb_rd_priv(auth.dat, auth.length, schedule, &cred.session,
-+ &foreign, &local, &msg_data)) {
-+ debug("Kerberos V4 krb_rd_priv failed: %s", krb_err_txt[r]);
-+ packet_disconnect("Kerberos V4 challenge failed!");
-+ }
-+ /* fetch the (incremented) checksum that we supplied in the request */
-+ (void)memcpy((char *)&cksum, (char *)msg_data.app_data, sizeof(cksum));
-+ cksum = ntohl(cksum);
-+
-+ /* If it matches, we're golden. */
-+ if (cksum == checksum + 1) {
-+ debug("Kerberos V4 challenge successful.");
-+ return 1;
-+ }
-+ else
-+ packet_disconnect("Kerberos V4 challenge failed!");
-+ break;
-+
-+ default:
-+ packet_disconnect("Protocol error on Kerberos V4 response: %d", type);
-+ }
- }
--#endif /* KERBEROS */
-+#endif /* KRB4 */
-+
-
--#ifdef KERBEROS_TGT_PASSING
- /* Forward our local Kerberos tgt to the server. */
-+#ifdef KRB5
- int send_kerberos_tgt(void)
- {
--#ifdef KRB5
- char *remotehost;
- krb5_principal client;
- krb5_principal server;
-@@ -1172,22 +1285,117 @@
- krb5_free_principal(ssh_context, client);
- krb5_free_principal(ssh_context, server);
-
-- type = packet_read();
-- if (type == SSH_SMSG_SUCCESS)
-- {
-- debug("Kerberos V5 TGT passing was successful.");
-- return 1;
-- }
-- else
-- if (type != SSH_SMSG_FAILURE)
-- packet_disconnect("Protocol error on Kerberos tgt response: %d", type);
-- else
-- debug("Kerberos V5 TGT passing failed.");
--
-- return 0;
-+ return 1;
-+}
- #endif /* KRB5 */
-+
-+#ifdef AFS
-+int send_kerberos_tgt()
-+{
-+ CREDENTIALS *creds;
-+ char pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ];
-+ int r, type;
-+ unsigned char buffer[8192];
-+ struct stat st;
-+
-+ /* Don't do anything if we don't have any tickets. */
-+ if (stat(tkt_string(), &st) < 0) return 0;
-+
-+ creds = xmalloc(sizeof(CREDENTIALS));
-+
-+ if ((r=krb_get_tf_fullname(TKT_FILE,pname,pinst,prealm)) != KSUCCESS) {
-+ debug("Kerberos V4 tf_fullname failed: %s",krb_err_txt[r]);
-+ return 0;
-+ }
-+ if ((r=krb_get_cred("krbtgt", prealm, prealm, creds)) != GC_OK) {
-+ debug("Kerberos V4 get_cred failed: %s", krb_err_txt[r]);
-+ return 0;
-+ }
-+ if (time(0) >
-+#ifdef HAVE_KRB_LIFE_TO_TIME
-+ (unsigned long)krb_life_to_time(creds->issue_date, creds->lifetime)) {
-+#else
-+ (creds->issue_date + ((unsigned char)creds->lifetime * 5 * 60))) {
-+#endif /* HAVE_KRB_LIFE_TO_TIME */
-+ debug("Kerberos V4 ticket expired: %s", TKT_FILE);
-+ return 0;
-+ }
-+
-+ creds_to_radix(creds, buffer);
-+ xfree(creds);
-+
-+ packet_start(SSH_CMSG_HAVE_KERBEROS_TGT);
-+ packet_put_string((char *)buffer, strlen(buffer));
-+ packet_send();
-+ packet_write_wait();
-+
-+ return 1;
- }
--#endif /* KERBEROS_TGT_PASSING */
-+
-+/* Forwards our AFS tokens to the server. */
-+void send_afs_tokens(void)
-+{
-+ CREDENTIALS creds;
-+ struct ViceIoctl parms;
-+ struct ClearToken ct;
-+ int i, type;
-+ int len;
-+ char buf[2048], *p, *server_cell;
-+ unsigned char buffer[8192];
-+
-+ /* Move over ktc_GetToken, here's something leaner. */
-+ for (i = 0; i < 100; i++) { /* just in case */
-+ parms.in = (char *)&i;
-+ parms.in_size = sizeof(i);
-+ parms.out = buf;
-+ parms.out_size = sizeof(buf);
-+ if (k_pioctl(0, VIOCGETTOK, &parms, 0) != 0) break;
-+ p = buf;
-+
-+ /* Get secret token. */
-+ memcpy(&creds.ticket_st.length, p, sizeof(unsigned int));
-+ if (creds.ticket_st.length > MAX_KTXT_LEN) break;
-+ p += sizeof(unsigned int);
-+ memcpy(creds.ticket_st.dat, p, creds.ticket_st.length);
-+ p += creds.ticket_st.length;
-+
-+ /* Get clear token. */
-+ memcpy(&len, p, sizeof(len));
-+ if (len != sizeof(struct ClearToken)) break;
-+ p += sizeof(len);
-+ memcpy(&ct, p, len);
-+ p += len;
-+ p += sizeof(len); /* primary flag */
-+ server_cell = p;
-+
-+ /* Flesh out our credentials. */
-+ strcpy(creds.service, "afs");
-+ creds.instance[0] = '\0';
-+ strncpy(creds.realm, server_cell, REALM_SZ);
-+ memcpy(creds.session, ct.HandShakeKey, DES_KEY_SZ);
-+ creds.issue_date = ct.BeginTimestamp;
-+ creds.lifetime = krb_time_to_life(creds.issue_date, ct.EndTimestamp);
-+ creds.kvno = ct.AuthHandle;
-+ snprintf(creds.pname, sizeof(creds.pname), "AFS ID %d", ct.ViceId);
-+ creds.pinst[0] = '\0';
-+
-+ /* Encode token, ship it off. */
-+ if (!creds_to_radix(&creds, buffer)) break;
-+ packet_start(SSH_CMSG_HAVE_AFS_TOKEN);
-+ packet_put_string((char *)buffer, strlen(buffer));
-+ packet_send();
-+ packet_write_wait();
-+
-+ /* Roger, Roger. Clearance, Clarence. What's your vector, Victor? */
-+ type = packet_read();
-+
-+ if (type == SSH_SMSG_FAILURE)
-+ debug("AFS token for cell %s rejected.", server_cell);
-+ else if (type != SSH_SMSG_SUCCESS)
-+ packet_disconnect("Protocol error on AFS token response: %d", type);
-+ }
-+}
-+#endif /* AFS */
-
- /* Waits for the server identification string, and sends our own identification
- string. */
-@@ -1285,14 +1493,12 @@
- unsigned char check_bytes[8];
- unsigned int supported_ciphers, supported_authentications, protocol_flags;
- HostStatus host_status;
--#ifdef KERBEROS
- #ifdef KRB5
- char *kuser;
- krb5_ccache ccache;
- krb5_error_code problem;
- krb5_principal client;
--#endif
--#endif
-+#endif /* KRB5 */
-
- /* Convert the user-supplied hostname into all lowercase. */
- host = xstrdup(orighost);
-@@ -1595,7 +1801,6 @@
-
- debug("Received encrypted confirmation.");
-
--#ifdef KERBEROS
- #ifdef KRB5
- if (!ssh_context)
- {
-@@ -1629,7 +1834,6 @@
- debug("Kerberos V5: could not get default ccache.");
- }
- #endif /* KRB5 */
--#endif /* KERBEROS */
-
- /* Send the name of the user to log in as on the server. */
- packet_start(SSH_CMSG_USER);
-@@ -1647,24 +1851,39 @@
- packet_disconnect("Protocol error: got %d in response to SSH_CMSG_USER",
- type);
-
--#ifdef KERBEROS_TGT_PASSING
-+#if defined(KRB5) || defined(AFS)
- /* Try Kerberos tgt passing if the server supports it. */
- if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) &&
- options->kerberos_tgt_passing)
- {
- if (options->cipher == SSH_CIPHER_NONE)
- log_msg("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!");
-- (void)send_kerberos_tgt();
-+ if (send_kerberos_tgt())
-+ {
-+ type = packet_read();
-+ if (type == SSH_SMSG_FAILURE)
-+ debug("Kerberos TGT passing failed.");
-+ else if (type != SSH_SMSG_SUCCESS)
-+ packet_disconnect("Protocol error on Kerberos tgt response: %d", type);
-+ }
- }
--#endif /* KERBEROS_TGT_PASSING */
-+#endif /* KRB5 || AFS */
-+
-+#ifdef AFS
-+ /* Try AFS token passing if the server supports it. */
-+ if ((supported_authentications & (1 << SSH_PASS_AFS_TOKEN)) &&
-+ options->afs_token_passing && k_hasafs()) {
-+ if (options->cipher == SSH_CIPHER_NONE)
-+ log_msg("WARNING: Encryption is disabled! Token will be transmitted in the clear!");
-+ send_afs_tokens();
-+ }
-+#endif /* AFS */
-
--#ifdef KERBEROS
--#ifdef KRB5
-+#if defined(KRB4) || defined(KRB5)
- if ((supported_authentications & (1 << SSH_AUTH_KERBEROS)) &&
- options->kerberos_authentication)
- {
-- debug("Trying Kerberos V5 authentication.");
--#endif
-+ debug("Trying Kerberos authentication.");
- if (try_kerberos_authentication()) {
- /* The server should respond with success or failure. */
- type = packet_read();
-@@ -1673,10 +1892,8 @@
- if (type != SSH_SMSG_FAILURE)
- packet_disconnect("Protocol error: got %d in response to Kerberos auth", type);
- }
--#ifdef KRB5
- }
--#endif
--#endif /* KERBEROS */
-+#endif /* KRB4 || KRB5 */
-
- /* Use rhosts authentication if running in privileged socket and we do not
- wish to remain anonymous. */
diff --git a/security/ssh/patches/patch-bl b/security/ssh/patches/patch-bl
deleted file mode 100644
index 7d5993b05e8..00000000000
--- a/security/ssh/patches/patch-bl
+++ /dev/null
@@ -1,37 +0,0 @@
-$NetBSD: patch-bl,v 1.1 1999/12/25 05:28:37 kim Exp $
-
---- sshd.8.in.orig Wed May 12 07:19:31 1999
-+++ sshd.8.in Fri Dec 24 21:50:05 1999
-@@ -529,10 +529,10 @@
-
- .TP
- .B KerberosAuthentication
--Specifies whether Kerberos V5 authentication is allowed. This can
-+Specifies whether Kerberos authentication is allowed. This can
- be in the form of a Kerberos ticket, or if PasswordAuthentication
- is yes, the password provided by the user will be validated through
--the Kerberos KDC or DCE Security Server. Default is yes.
-+the Kerberos KDC / AFS kaserver / DCE Security Server. Default is yes.
-
- .TP
- .B KerberosOrLocalPasswd
-@@ -542,8 +542,18 @@
-
- .TP
- .B KerberosTgtPassing
--Specifies whether a Kerberos V5 TGT may be forwarded to the server.
-+Specifies whether a Kerberos TGT may be forwarded to the server.
- Default is yes.
-+
-+.TP
-+.B AFSTokenPassing
-+Specifies whether an AFS token may be forwarded to the server.
-+Default is yes.
-+
-+.TP
-+.B KerberosTicketCleanup
-+Specifies whether to automatically destroy the user's Kerberos v4
-+ticket cache file on logout. Default is yes.
-
- .TP
- .B KeyRegenerationInterval
diff --git a/security/ssh/patches/patch-bn b/security/ssh/patches/patch-bn
deleted file mode 100644
index f178eefb4cd..00000000000
--- a/security/ssh/patches/patch-bn
+++ /dev/null
@@ -1,49 +0,0 @@
-$NetBSD: patch-bn,v 1.1 1999/12/25 05:28:37 kim Exp $
-
---- README.AFS-KERBEROS.orig Wed Dec 31 19:00:00 1969
-+++ README.AFS-KERBEROS Fri Dec 24 21:50:03 1999
-@@ -0,0 +1,44 @@
-+
-+ssh-1.2.27-afs-kerberos.patch-1
-+AFS, Kerberos v4 support for SSH
-+
-+Here are the extra flags to configure, and what they do:
-+
-+--with-krb4[=PATH] Compile in Kerberos v4 support:
-+ Kerberos v4 authentication
-+ Kerberos v4 password authentication
-+ Kerberos v4 ~/.klogin authorization
-+
-+These are all enabled by the 'KerberosAuthentication' config option.
-+Kerberos v4 and Kerberos v5 support are mutually exclusive for now.
-+PATH default is /usr/kerberos.
-+
-+--with-hesiod[=PATH] Compile in support for Hesiod:
-+ getpwnam(), getpwuid() replacements
-+
-+--with-afs Compile in AFS support (requires KTH krb4):
-+ ticket/token passing
-+ process authentication groups
-+ local Xauthority files (for AFS home dirs)
-+ /ticket TKT_ROOT directory (if it exists)
-+
-+Binaries built with AFS support will work just fine on non-AFS machines!
-+You will need to use the KTH krb4 libs (ftp://ftp.pdc.kth.se/pub/krb/src),
-+or just their libkafs, also available separately from CMU as libkrbafs
-+(http://andrew2.andrew.cmu.edu/dist/krbafs.html).
-+
-+Additional Kerberos client and server config options (and their defaults):
-+
-+ KerberosAuthentication yes
-+ KerberosOrLocalPasswd no
-+ KerberosTgtPassing yes
-+ AFSTokenPassing yes
-+ KerberosTicketCleanup yes
-+
-+See sshd(8) and ssh(1) for details.
-+
-+The latest version of this patch can be found at
-+
-+ http://www.monkey.org/~dugsong/ssh-afs-kerberos.html
-+
-+dugsong@monkey.org
diff --git a/security/ssh/patches/patch-br b/security/ssh/patches/patch-br
deleted file mode 100644
index 8307dc854c1..00000000000
--- a/security/ssh/patches/patch-br
+++ /dev/null
@@ -1,272 +0,0 @@
-$NetBSD: patch-br,v 1.1 1999/12/25 05:28:38 kim Exp $
-
---- radix.c.orig Wed Dec 31 19:00:00 1969
-+++ radix.c Fri Dec 24 21:50:04 1999
-@@ -0,0 +1,267 @@
-+/*
-+ radix.c
-+
-+ base-64 encoding pinched from lynx2-7-2, who pinched it from rpem.
-+ Originally written by Mark Riordan 12 August 1990 and 17 Feb 1991
-+ and placed in the public domain.
-+
-+ dugsong@UMICH.EDU
-+*/
-+
-+#include "includes.h"
-+
-+#ifdef AFS
-+#include <krb.h>
-+#include <kafs.h>
-+
-+char six2pr[64] = {
-+ 'A','B','C','D','E','F','G','H','I','J','K','L','M',
-+ 'N','O','P','Q','R','S','T','U','V','W','X','Y','Z',
-+ 'a','b','c','d','e','f','g','h','i','j','k','l','m',
-+ 'n','o','p','q','r','s','t','u','v','w','x','y','z',
-+ '0','1','2','3','4','5','6','7','8','9','+','/'
-+};
-+
-+unsigned char pr2six[256];
-+
-+int uuencode(unsigned char *bufin, unsigned int nbytes, char *bufcoded)
-+{
-+ /* ENC is the basic 1 character encoding function to make a char printing */
-+#define ENC(c) six2pr[c]
-+
-+ register char *outptr = bufcoded;
-+ unsigned int i;
-+
-+ for (i=0; i<nbytes; i += 3) {
-+ *(outptr++) = ENC(*bufin >> 2); /* c1 */
-+ *(outptr++) = ENC(((*bufin << 4) & 060) | ((bufin[1] >> 4) & 017)); /*c2*/
-+ *(outptr++) = ENC(((bufin[1] << 2) & 074) | ((bufin[2] >> 6) & 03));/*c3*/
-+ *(outptr++) = ENC(bufin[2] & 077); /* c4 */
-+ bufin += 3;
-+ }
-+ if (i == nbytes+1) {
-+ outptr[-1] = '=';
-+ } else if (i == nbytes+2) {
-+ outptr[-1] = '=';
-+ outptr[-2] = '=';
-+ }
-+ *outptr = '\0';
-+ return(outptr - bufcoded);
-+}
-+
-+int uudecode(char *bufcoded, unsigned char *bufplain, int outbufsize)
-+{
-+ /* single character decode */
-+#define DEC(c) pr2six[c]
-+#define MAXVAL 63
-+
-+ static int first = 1;
-+ int nbytesdecoded, j;
-+ register char *bufin = bufcoded;
-+ register unsigned char *bufout = bufplain;
-+ register int nprbytes;
-+
-+ /* If this is the first call, initialize the mapping table. */
-+ if (first) {
-+ first = 0;
-+ for(j=0; j<256; j++) pr2six[j] = MAXVAL+1;
-+ for(j=0; j<64; j++) pr2six[(unsigned char)six2pr[j]] = (unsigned char)j;
-+ }
-+
-+ /* Strip leading whitespace. */
-+ while (*bufcoded==' ' || *bufcoded == '\t') bufcoded++;
-+
-+ /* Figure out how many characters are in the input buffer.
-+ If this would decode into more bytes than would fit into
-+ the output buffer, adjust the number of input bytes downwards. */
-+ bufin = bufcoded;
-+ while (pr2six[(unsigned char)*(bufin++)] <= MAXVAL);
-+ nprbytes = bufin - bufcoded - 1;
-+ nbytesdecoded = ((nprbytes+3)/4) * 3;
-+ if (nbytesdecoded > outbufsize)
-+ nprbytes = (outbufsize*4)/3;
-+
-+ bufin = bufcoded;
-+
-+ while (nprbytes > 0) {
-+ *(bufout++) = (unsigned char) (DEC(*bufin) << 2 | DEC(bufin[1]) >> 4);
-+ *(bufout++) = (unsigned char) (DEC(bufin[1]) << 4 | DEC(bufin[2]) >> 2);
-+ *(bufout++) = (unsigned char) (DEC(bufin[2]) << 6 | DEC(bufin[3]));
-+ bufin += 4;
-+ nprbytes -= 4;
-+ }
-+ if (nprbytes & 03) {
-+ if (pr2six[bufin[-2]] > MAXVAL)
-+ nbytesdecoded -= 2;
-+ else
-+ nbytesdecoded -= 1;
-+ }
-+ return(nbytesdecoded);
-+}
-+
-+typedef unsigned char my_u_char;
-+typedef unsigned int my_u_int32_t;
-+typedef unsigned short my_u_short;
-+
-+/* Nasty macros from BIND-4.9.2 */
-+
-+#define GETSHORT(s, cp) { \
-+ register my_u_char *t_cp = (my_u_char*)(cp); \
-+ (s) = (((my_u_short)t_cp[0]) << 8) \
-+ | (((my_u_short)t_cp[1])) \
-+ ; \
-+ (cp) += 2; \
-+}
-+
-+#define GETLONG(l, cp) { \
-+ register my_u_char *t_cp = (my_u_char*)(cp); \
-+ (l) = (((my_u_int32_t)t_cp[0]) << 24) \
-+ | (((my_u_int32_t)t_cp[1]) << 16) \
-+ | (((my_u_int32_t)t_cp[2]) << 8) \
-+ | (((my_u_int32_t)t_cp[3])) \
-+ ; \
-+ (cp) += 4; \
-+}
-+
-+#define PUTSHORT(s, cp) { \
-+ register my_u_short t_s = (my_u_short)(s); \
-+ register my_u_char *t_cp = (my_u_char*)(cp); \
-+ *t_cp++ = t_s >> 8; \
-+ *t_cp = t_s; \
-+ (cp) += 2; \
-+}
-+
-+#define PUTLONG(l, cp) { \
-+ register my_u_int32_t t_l = (my_u_int32_t)(l); \
-+ register my_u_char *t_cp = (my_u_char*)(cp); \
-+ *t_cp++ = t_l >> 24; \
-+ *t_cp++ = t_l >> 16; \
-+ *t_cp++ = t_l >> 8; \
-+ *t_cp = t_l; \
-+ (cp) += 4; \
-+}
-+
-+#define GETSTRING(s, p, p_l) { \
-+ register char* p_targ = (p) + p_l; \
-+ register char* s_c = (s); \
-+ register char* p_c = (p); \
-+ while (*p_c && (p_c < p_targ)) { \
-+ *s_c++ = *p_c++; \
-+ } \
-+ if (p_c == p_targ) { \
-+ return 1; \
-+ } \
-+ *s_c = *p_c++; \
-+ (p_l) = (p_l) - (p_c - (p)); \
-+ (p) = p_c; \
-+}
-+
-+
-+int creds_to_radix(CREDENTIALS *creds, unsigned char *buf)
-+{
-+ char *p, *s;
-+ int len;
-+ char temp[2048];
-+
-+ p = temp;
-+ *p++ = 1; /* version */
-+ s = creds->service; while (*s) *p++ = *s++; *p++ = *s;
-+ s = creds->instance; while (*s) *p++ = *s++; *p++ = *s;
-+ s = creds->realm; while (*s) *p++ = *s++; *p++ = *s;
-+
-+ s = creds->pname; while (*s) *p++ = *s++; *p++ = *s;
-+ s = creds->pinst; while (*s) *p++ = *s++; *p++ = *s;
-+ /* Null string to repeat the realm. */
-+ *p++ = '\0';
-+
-+ PUTLONG(creds->issue_date,p);
-+ {
-+ unsigned long endTime ;
-+#ifdef HAVE_KRB_LIFE_TO_TIME
-+ endTime = (unsigned long)krb_life_to_time(creds->issue_date,
-+ creds->lifetime);
-+#else /* !HAVE_KRB_LIFE_TO_TIME */
-+ endTime = creds->issue_date + ((unsigned char)(creds->lifetime))*5*60;
-+#endif /* !HAVE_KRB_LIFE_TO_TIME */
-+ PUTLONG(endTime,p);
-+ }
-+
-+ memcpy(p,&creds->session, sizeof(creds->session));
-+ p += sizeof(creds->session);
-+
-+ PUTSHORT(creds->kvno,p);
-+ PUTLONG(creds->ticket_st.length,p);
-+
-+ memcpy(p,creds->ticket_st.dat, creds->ticket_st.length);
-+ p += creds->ticket_st.length;
-+ len = p - temp;
-+
-+ return(uuencode(temp, len, buf));
-+}
-+
-+int radix_to_creds(char *buf, CREDENTIALS *creds)
-+{
-+
-+ char *p, *s;
-+ int len, tl, status;
-+ char version;
-+ char temp[2048];
-+
-+ if (!(len = uudecode(buf, temp, sizeof(temp))))
-+ return 0;
-+
-+ p = temp;
-+
-+ /* check version and length! */
-+ if (len < 1) return 0;
-+ version = *p; p++; len--;
-+
-+ GETSTRING(creds->service, p, len);
-+ GETSTRING(creds->instance, p, len);
-+ GETSTRING(creds->realm, p, len);
-+
-+ GETSTRING(creds->pname, p, len);
-+ GETSTRING(creds->pinst, p, len);
-+ /* Ignore possibly different realm. */
-+ while (*p && len) p++, len--;
-+ if (len == 0) return 0;
-+ p++, len--;
-+
-+ /* Enough space for remaining fixed-length parts? */
-+ if (len < (4 + 4 + sizeof(creds->session) + 2 + 4))
-+ return 0;
-+
-+ GETLONG(creds->issue_date,p);
-+ len -= 4;
-+ {
-+ unsigned long endTime;
-+ GETLONG(endTime,p);
-+ len -= 4;
-+#ifdef HAVE_KRB_LIFE_TO_TIME
-+ creds->lifetime = krb_time_to_life(creds->issue_date, endTime);
-+#else
-+ creds->lifetime = ((endTime - creds->issue_date) + 5*60 - 1) / (5*60);
-+#endif
-+ }
-+
-+ memcpy(&creds->session, p, sizeof(creds->session));
-+ p += sizeof(creds->session);
-+ len -= sizeof(creds->session);
-+
-+ GETSHORT(creds->kvno,p);
-+ len -= 2;
-+ GETLONG(creds->ticket_st.length,p);
-+ len -= 4;
-+
-+ tl = creds->ticket_st.length;
-+ if (tl < 0 || tl > len || tl > sizeof(creds->ticket_st.dat))
-+ return 0;
-+
-+ memcpy(creds->ticket_st.dat, p, tl);
-+ p += tl;
-+ len -= tl;
-+
-+ return 1;
-+}
-+
-+#endif /* AFS */
diff --git a/security/ssh/patches/patch-ca b/security/ssh/patches/patch-ca
deleted file mode 100644
index df9c9be9e71..00000000000
--- a/security/ssh/patches/patch-ca
+++ /dev/null
@@ -1,13 +0,0 @@
-$NetBSD: patch-ca,v 1.2 2001/02/16 13:06:41 dmcmahill Exp $
-
---- deattack.c.orig Wed May 12 13:19:25 1999
-+++ deattack.c Tue Feb 13 11:23:07 2001
-@@ -79,7 +79,7 @@
- detect_attack(unsigned char *buf, word32 len, unsigned char *IV)
- {
- static word16 *h = (word16 *) NULL;
-- static word16 n = HASH_MINSIZE / HASH_ENTRYSIZE;
-+ static word32 n = HASH_MINSIZE / HASH_ENTRYSIZE;
- register word32 i, j;
- word32 l;
- register unsigned char *c;
diff --git a/security/ssh/patches/patch-la b/security/ssh/patches/patch-la
deleted file mode 100644
index 5e2bfb9bfa4..00000000000
--- a/security/ssh/patches/patch-la
+++ /dev/null
@@ -1,28 +0,0 @@
-$NetBSD: patch-la,v 1.2 2000/10/19 02:02:58 hubertf Exp $
-
---- userfile.c.orig Wed May 12 13:19:29 1999
-+++ userfile.c
-@@ -180,7 +180,7 @@
- #endif
-
-
--#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)
-+#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H)
- #include <login_cap.h>
- #endif
-
-@@ -644,9 +644,13 @@
- /* Child. We will start serving request. */
- if (uid != geteuid() || uid != getuid())
- {
--#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)
-+#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H) && defined(LOGIN_SETENV)
- struct passwd * pw = getpwuid(uid);
-+#if defined(__NetBSD__)
-+ login_cap_t * lc = login_getpwclass(pw);
-+#else
- login_cap_t * lc = login_getuserclass(pw);
-+#endif
- if (setusercontext(lc, pw, uid,
- LOGIN_SETALL & ~(LOGIN_SETLOGIN | LOGIN_SETPATH |
- LOGIN_SETENV)) < 0)