Import of OpenSSH 3.4p1

diff --git a/openssh/.cvsignore b/openssh/.cvsignore
index 549c5e498cc703b70795807868927ae1599b1ec7..12de9ef50509baf9e465faa9ad43ea92c6f27a05 100644 (file)
--- a/openssh/.cvsignore
+++ b/openssh/.cvsignore
@@ -4,6 +4,7 @@ sshd
 ssh-add
 ssh-keygen
 ssh-keyscan
+ssh-keysign
 ssh-agent
 sftp-server
 sftp

diff --git a/openssh/ChangeLog b/openssh/ChangeLog
index 3d59335f0dc1dc9a0eaf1530b976ea0a8dfe5cf9..53a2e3880dd075e593de4244f10db3c16c872814 100644 (file)
--- a/openssh/ChangeLog
+++ b/openssh/ChangeLog
@@ -1,6 +1,169 @@
+20020626
+ - (stevesk) [monitor.c] remove duplicate proto15 dispatch entry for PAM
+ - (bal) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2002/06/23 21:34:07
+     [channels.c]
+     tcode is u_int
+   - markus@cvs.openbsd.org 2002/06/24 13:12:23
+     [ssh-agent.1]
+     the socket name contains ssh-agent's ppid; via mpech@ from form@
+   - markus@cvs.openbsd.org 2002/06/24 14:33:27
+     [channels.c channels.h clientloop.c serverloop.c]
+     move channel counter to u_int
+   - markus@cvs.openbsd.org 2002/06/24 14:55:38
+     [authfile.c kex.c ssh-agent.c]
+     cat to (void) when output from buffer_get_X is ignored
+   - itojun@cvs.openbsd.org 2002/06/24 15:49:22
+     [msg.c]
+     printf type pedant
+   - deraadt@cvs.openbsd.org 2002/06/24 17:57:20
+     [sftp-server.c sshpty.c]
+     explicit (u_int) for uid and gid
+   - markus@cvs.openbsd.org 2002/06/25 16:22:42
+     [authfd.c]
+     unnecessary cast
+   - markus@cvs.openbsd.org 2002/06/25 18:51:04
+     [sshd.c]
+     lightweight do_setusercontext after chroot()
+ - (bal) Updated AIX package build.  Patch by dtucker@zip.com.au
+ - (tim) [Makefile.in] fix test on installing ssh-rand-helper.8
+ - (bal) added back in error check for mmap().  I screwed up, Pointed
+   out by stevesk@
+ - (tim) [README.privsep] UnixWare tip no longer needed.
+ - (bal) fixed NeXTStep missing munmap() issue. It defines HAVE_MMAP,
+   but it all damned lies.
+ - (stevesk) [README.privsep] more for sshd pseudo-account.
+ - (tim) [contrib/caldera/openssh.spec] add support for privsep
+ - (djm) setlogin needs pgid==pid on BSD/OS; from itojun@
+ - (djm) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2002/06/26 08:53:12
+     [bufaux.c]
+     limit size of BNs to 8KB; ok provos/deraadt
+   - markus@cvs.openbsd.org 2002/06/26 08:54:18
+     [buffer.c]
+     limit append to 1MB and buffers to 10MB
+   - markus@cvs.openbsd.org 2002/06/26 08:55:02
+     [channels.c]
+     limit # of channels to 10000
+   - markus@cvs.openbsd.org 2002/06/26 08:58:26
+     [session.c]
+     limit # of env vars to 1000; ok deraadt/djm
+   - deraadt@cvs.openbsd.org 2002/06/26 13:20:57
+     [monitor.c]
+     be careful in mm_zalloc
+   - deraadt@cvs.openbsd.org 2002/06/26 13:49:26
+     [session.c]
+     disclose less information from environment files; based on input 
+     from djm, and dschultz@uclink.Berkeley.EDU
+   - markus@cvs.openbsd.org 2002/06/26 13:55:37
+     [auth2-chall.c]
+     make sure # of response matches # of queries, fixes int overflow; 
+     from ISS
+   - markus@cvs.openbsd.org 2002/06/26 13:56:27
+     [version.h]
+     3.4
+ - (djm) Require krb5 devel for RPM build w/ KrbV 
+ - (djm) Improve PAMAuthenticationViaKbdInt text from Nalin Dahyabhai 
+   <nalin@redhat.com>
+ - (djm) Update spec files for release 
+ - (djm) Fix int overflow in auth2-pam.c, similar to one discovered by ISS
+ - (djm) Release 3.4p1
+
+20020625
+ - (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh
+ - (stevesk) [README.privsep] minor updates
+ - (djm) Create privsep directory and warn if privsep user is missing 
+   during make install
+ - (bal) Started list of PrivSep issues in TODO
+ - (bal) if mmap() is substandard, don't allow compression on server side.
+   Post 'event' we will add more options.
+ - (tim) [contrib/caldera/openssh.spec] Sync with Caldera
+ - (bal) moved aix_usrinfo() and noted not setting real TTY.  Patch by
+   dtucker@zip.com.au
+ - (tim) [acconfig.h configure.ac sshd.c] BROKEN_FD_PASSING fix from Markus
+   for Cygwin, Cray, & SCO
+
+20020624
+ - OpenBSD CVS Sync
+   - deraadt@cvs.openbsd.org 2002/06/23 03:25:50
+     [tildexpand.c]
+     KNF
+   - deraadt@cvs.openbsd.org 2002/06/23 03:26:19
+     [cipher.c key.c]
+     KNF
+   - deraadt@cvs.openbsd.org 2002/06/23 03:30:58
+     [scard.c ssh-dss.c ssh-rsa.c sshconnect.c sshconnect2.c sshd.c sshlogin.c
+      sshpty.c]
+     various KNF and %d for unsigned
+   - deraadt@cvs.openbsd.org 2002/06/23 09:30:14
+     [sftp-client.c sftp-client.h sftp-common.c sftp-int.c sftp-server.c
+      sftp.c]
+     bunch of u_int vs int stuff
+   - deraadt@cvs.openbsd.org 2002/06/23 09:39:55
+     [ssh-keygen.c]
+     u_int stuff
+   - deraadt@cvs.openbsd.org 2002/06/23 09:46:51
+     [bufaux.c servconf.c]
+     minor KNF.  things the fingers do while you read
+   - deraadt@cvs.openbsd.org 2002/06/23 10:29:52
+     [ssh-agent.c sshd.c]
+     some minor KNF and %u
+   - deraadt@cvs.openbsd.org 2002/06/23 20:39:45
+     [session.c]
+     compression_level is u_int
+   - deraadt@cvs.openbsd.org 2002/06/23 21:06:13
+     [sshpty.c]
+     KNF
+   - deraadt@cvs.openbsd.org 2002/06/23 21:06:41
+     [channels.c channels.h session.c session.h]
+     display, screen, row, col, xpixel, ypixel are u_int; markus ok
+   - deraadt@cvs.openbsd.org 2002/06/23 21:10:02
+     [packet.c]
+     packet_get_int() returns unsigned for reason & seqnr
+  - (bal) Also fixed IPADDR_IN_DISPLAY case where display, screen, row, col,
+    xpixel are u_int.
+
+
+20020623
+ - (stevesk) [configure.ac] bug #255 LOGIN_NEEDS_UTMPX for AIX.
+ - (bal) removed GNUism for getops in ssh-agent since glibc lacks optreset.
+ - (bal) add extern char *getopt.  Based on report by dtucker@zip.com.au 
+ - OpenBSD CVS Sync
+   - stevesk@cvs.openbsd.org 2002/06/22 02:00:29
+     [ssh.h]
+     correct comment
+   - stevesk@cvs.openbsd.org 2002/06/22 02:40:23
+     [ssh.1]
+     section 5 not 4 for ssh_config
+   - naddy@cvs.openbsd.org 2002/06/22 11:51:39
+     [ssh.1]
+     typo
+   - stevesk@cvs.openbsd.org 2002/06/22 16:32:54
+     [sshd.8]
+     add /var/empty in FILES section
+   - stevesk@cvs.openbsd.org 2002/06/22 16:40:19
+     [sshd.c]
+     check /var/empty owner mode; ok provos@
+   - stevesk@cvs.openbsd.org 2002/06/22 16:41:57
+     [scp.1]
+     typo
+   - stevesk@cvs.openbsd.org 2002/06/22 16:45:29
+     [ssh-agent.1 sshd.8 sshd_config.5]
+     use process ID vs. pid/PID/process identifier
+   - stevesk@cvs.openbsd.org 2002/06/22 20:05:27
+     [sshd.c]
+     don't call setsid() if debugging or run from inetd; no "Operation not
+     permitted" errors now; ok millert@ markus@
+   - stevesk@cvs.openbsd.org 2002/06/22 23:09:51
+     [monitor.c]
+     save auth method before monitor_reset_key_state(); bugzilla bug #284;
+     ok provos@
+
 20020622
  - (djm) Update README.privsep; spotted by fries@
  - (djm) Release 3.3p1
+ - (bal) getopt now can be staticly compiled on those platforms missing
+   optreset.  Patch by binder@arago.de
 
 20020621
  - (djm) Sync:

diff --git a/openssh/INSTALL b/openssh/INSTALL
index 84e7b47d2e241026ce686815d106f6daf5545b68..f5b3546c2b9ef811886d35e9171b1b40a75414ae 100644 (file)
--- a/openssh/INSTALL
+++ b/openssh/INSTALL
@@ -105,11 +105,6 @@ name).
 
 There are a few other options to the configure script:
 
---with-rsh=PATH allows you to specify the path to your rsh program. 
-Normally ./configure will search the current $PATH for 'rsh'. You 
-may need to specify this option if rsh is not in your path or has a
-different name.
-
 --with-pam enables PAM support.
 
 --enable-gnome-askpass will build the GNOME passphrase dialog. You

diff --git a/openssh/Makefile.in b/openssh/Makefile.in
index fd4419da43d6551ecdc8b4c0fcf07f0ef469da7f..67e948662ead2f094ebaf6675db51a82b51fbbde 100644 (file)
--- a/openssh/Makefile.in
+++ b/openssh/Makefile.in
@@ -26,6 +26,7 @@ SFTP_SERVER=$(libexecdir)/sftp-server
 SSH_KEYSIGN=$(libexecdir)/ssh-keysign
 RAND_HELPER=$(libexecdir)/ssh-rand-helper
 PRIVSEP_PATH=@PRIVSEP_PATH@
+SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
 
 PATHS= -DSSHDIR=\"$(sysconfdir)\" \
        -D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \
@@ -197,9 +198,13 @@ distprep: catman-do
        $(AUTORECONF)
        (cd scard && $(MAKE) -f Makefile.in distprep)
 
-install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key
+install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key check-user
 install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files
 
+check-user:
+       id $(SSH_PRIVSEP_USER) || \
+               echo "WARNING: Privilege separation user \"$(SSH_PRIVSEP_USER)\" does not exist"
+
 scard-install:
        (cd scard && $(MAKE) DESTDIR=$(DESTDIR) install)
 
@@ -212,6 +217,8 @@ install-files: scard-install
        $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)5
        $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8
        $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir)
+       $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH)
+       chmod 0700 $(DESTDIR)$(PRIVSEP_PATH)
        $(INSTALL) -m 0755 -s ssh $(DESTDIR)$(bindir)/ssh
        $(INSTALL) -m 0755 -s scp $(DESTDIR)$(bindir)/scp
        $(INSTALL) -m 0755 -s ssh-add $(DESTDIR)$(bindir)/ssh-add
@@ -234,7 +241,7 @@ install-files: scard-install
        $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5
        $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5
        $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8
-       if [ ! -z "$(INSTALL_SSH_PRNG_CMDS)" ]; then \
+       if [ ! -z "$(INSTALL_SSH_RAND_HELPER)" ]; then \
                $(INSTALL) -m 644 ssh-rand-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-rand-helper.8 ; \
        fi
        @NO_SFTP@$(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1

diff --git a/openssh/README.privsep b/openssh/README.privsep
index c2ce935a9acb419d3639f0df873df9a0b29e5a80..b99a66792a77751aa95a9a32dbc0e6bf330feb62 100644 (file)
--- a/openssh/README.privsep
+++ b/openssh/README.privsep
@@ -12,19 +12,20 @@ On systems which lack mmap or anonymous (MAP_ANON) memory mapping,
 compression must be disabled in order for privilege separation to 
 function.
 
-When privsep is enabled, the pre-authentication sshd process will
+When privsep is enabled, during the pre-authentication phase sshd will
 chroot(2) to "/var/empty" and change its privileges to the "sshd" user
-and its primary group.  You should do something like the following to
-prepare the privsep preauth environment:
+and its primary group.  sshd is a pseudo-account that should not be
+used by other daemons, and must be locked and should contain a
+"nologin" or invalid shell.
+
+You should do something like the following to prepare the privsep
+preauth environment:
 
        # mkdir /var/empty
        # chown root:sys /var/empty
        # chmod 755 /var/empty
        # groupadd sshd
-       # useradd -g sshd sshd
-
-If you are on UnixWare 7 or OpenUNIX 8 do this additional step.
-       # ln /usr/lib/.ns.so /usr/lib/ns.so.1
+       # useradd -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd
 
 /var/empty should not contain any files.
 
@@ -34,8 +35,8 @@ privsep user and chroot directory:
   --with-privsep-path=xxx Path for privilege separation chroot
   --with-privsep-user=user Specify non-privileged user for privilege separation
 
-Privsep requires operating system support for file descriptor passing
-and mmap(MAP_ANON).
+Privsep requires operating system support for file descriptor passing.
+Compression will be disabled on systems without a working mmap MAP_ANON.
 
 PAM-enabled OpenSSH is known to function with privsep on Linux.  
 It does not function on HP-UX with a trusted system

diff --git a/openssh/TODO b/openssh/TODO
index 11abaf67122c75c9da7c91823cc9eb8da2f1e825..d47a7fc679acc6e993231bfa2aeeeec2e00798a6 100644 (file)
--- a/openssh/TODO
+++ b/openssh/TODO
@@ -87,4 +87,20 @@ Packaging:
 - HP-UX: Provide DEPOT package scripts.
   (gilbert.r.loomis@saic.com)
 
+
+PrivSep Issues:
+- mmap() issues.
+  + /dev/zero solution (Solaris)
+  + No/broken MAP_ANON (Irix)
+  + broken /dev/zero parse (Linux)
+- PAM 
+  + See above PAM notes
+- AIX
+  + usrinfo() does not set TTY, but only required for legicy systems.  Works
+    with PrivSep.
+- OSF
+  + SIA is broken
+- Cygwin
+  + Privsep for Pre-auth only (no fd passing)
+
 $Id$

diff --git a/openssh/acconfig.h b/openssh/acconfig.h
index 96585331716b9065983431a10e56245dce39ed39..37227e7fe4c2ddee2e189ac39707d27247dc1866 100644 (file)
--- a/openssh/acconfig.h
+++ b/openssh/acconfig.h
@@ -228,9 +228,6 @@
 /* Define if xauth is found in your path */
 #undef XAUTH_PATH
 
-/* Define if rsh is found in your path */
-#undef RSH_PATH
-
 /* Define if you want to allow MD5 passwords */
 #undef HAVE_MD5_PASSWORDS
 
@@ -358,6 +355,12 @@
 /* Path that unprivileged child will chroot() to in privep mode */
 #undef PRIVSEP_PATH
 
+/* Define if you have the `mmap' function that supports MAP_ANON|SHARED */
+#undef HAVE_MMAP_ANON_SHARED
+
+/* Define if sendmsg()/recvmsg() has problems passing file descriptors */
+#undef BROKEN_FD_PASSING
+
 @BOTTOM@
 
 /* ******************* Shouldn't need to edit below this line ************** */

diff --git a/openssh/auth2-chall.c b/openssh/auth2-chall.c
index f35bfb2f8ee7968dc46e066f26f636773a53910f..e1440f47d7cb4e234420ec65d7732716e25f5286 100644 (file)
--- a/openssh/auth2-chall.c
+++ b/openssh/auth2-chall.c
@@ -23,7 +23,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: auth2-chall.c,v 1.18 2002/06/19 00:27:55 deraadt Exp $");
+RCSID("$OpenBSD: auth2-chall.c,v 1.19 2002/06/26 13:55:37 markus Exp $");
 
 #include "ssh2.h"
 #include "auth.h"
@@ -63,6 +63,7 @@ struct KbdintAuthctxt
        char *devices;
        void *ctxt;
        KbdintDevice *device;
+       u_int nreq;
 };
 
 static KbdintAuthctxt *
@@ -90,6 +91,7 @@ kbdint_alloc(const char *devs)
        debug("kbdint_alloc: devices '%s'", kbdintctxt->devices);
        kbdintctxt->ctxt = NULL;
        kbdintctxt->device = NULL;
+       kbdintctxt->nreq = 0;
 
        return kbdintctxt;
 }
@@ -209,26 +211,26 @@ send_userauth_info_request(Authctxt *authctxt)
        KbdintAuthctxt *kbdintctxt;
        char *name, *instr, **prompts;
        int i;
-       u_int numprompts, *echo_on;
+       u_int *echo_on;
 
        kbdintctxt = authctxt->kbdintctxt;
        if (kbdintctxt->device->query(kbdintctxt->ctxt,
-           &name, &instr, &numprompts, &prompts, &echo_on))
+           &name, &instr, &kbdintctxt->nreq, &prompts, &echo_on))
                return 0;
 
        packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
        packet_put_cstring(name);
        packet_put_cstring(instr);
        packet_put_cstring("");         /* language not used */
-       packet_put_int(numprompts);
-       for (i = 0; i < numprompts; i++) {
+       packet_put_int(kbdintctxt->nreq);
+       for (i = 0; i < kbdintctxt->nreq; i++) {
                packet_put_cstring(prompts[i]);
                packet_put_char(echo_on[i]);
        }
        packet_send();
        packet_write_wait();
 
-       for (i = 0; i < numprompts; i++)
+       for (i = 0; i < kbdintctxt->nreq; i++)
                xfree(prompts[i]);
        xfree(prompts);
        xfree(echo_on);
@@ -256,6 +258,10 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
 
        authctxt->postponed = 0;        /* reset */
        nresp = packet_get_int();
+       if (nresp != kbdintctxt->nreq)
+               fatal("input_userauth_info_response: wrong number of replies");
+       if (nresp > 100)
+               fatal("input_userauth_info_response: too many replies");
        if (nresp > 0) {
                response = xmalloc(nresp * sizeof(char*));
                for (i = 0; i < nresp; i++)

diff --git a/openssh/auth2-pam.c b/openssh/auth2-pam.c
index e442ca208abb429a2140abfcfbc197fd0bc1d976..b2bfa8130649958de564f64fcfebed434f1f5af0 100644 (file)
--- a/openssh/auth2-pam.c
+++ b/openssh/auth2-pam.c
@@ -140,6 +140,15 @@ input_userauth_info_response_pam(int type, u_int32_t seqnr, void *ctxt)
        nresp = packet_get_int();       /* Number of responses. */
        debug("got %d responses", nresp);
 
+
+       if (nresp != context_pam2.num_expected)
+               fatal("%s: Received incorrect number of responses "
+                   "(expected %u, received %u)", __func__, nresp,
+                   context_pam2.num_expected);
+
+       if (nresp > 100)
+               fatal("%s: too many replies", __func__);
+
        for (i = 0; i < nresp; i++) {
                int j = context_pam2.prompts[i];
 

diff --git a/openssh/authfd.c b/openssh/authfd.c
index a452a792ee666934f351af54ee98b1e571bffd83..4c4552d527f0deab67941c2b2a814ae2249a58e9 100644 (file)
--- a/openssh/authfd.c
+++ b/openssh/authfd.c
@@ -35,7 +35,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: authfd.c,v 1.55 2002/06/19 00:27:55 deraadt Exp $");
+RCSID("$OpenBSD: authfd.c,v 1.56 2002/06/25 16:22:42 markus Exp $");
 
 #include <openssl/evp.h>
 
@@ -144,7 +144,7 @@ ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply
                        error("Error reading response from authentication socket.");
                        return 0;
                }
-               buffer_append(reply, (char *) buf, l);
+               buffer_append(reply, buf, l);
                len -= l;
        }
        return 1;

diff --git a/openssh/authfile.c b/openssh/authfile.c
index 6d936de56e39e76f913bfa4b88887b3c24a1b266..1fa5d811ae314e8d44509997f7149b5f0edb24bf 100644 (file)
--- a/openssh/authfile.c
+++ b/openssh/authfile.c
@@ -36,7 +36,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: authfile.c,v 1.49 2002/05/23 19:24:30 markus Exp $");
+RCSID("$OpenBSD: authfile.c,v 1.50 2002/06/24 14:55:38 markus Exp $");
 
 #include <openssl/err.h>
 #include <openssl/evp.h>
@@ -270,7 +270,7 @@ key_load_public_rsa1(int fd, const char *filename, char **commentp)
        (void) buffer_get_int(&buffer);         /* reserved */
 
        /* Read the public key from the buffer. */
-       buffer_get_int(&buffer);
+       (void) buffer_get_int(&buffer);
        pub = key_new(KEY_RSA1);
        buffer_get_bignum(&buffer, pub->rsa->n);
        buffer_get_bignum(&buffer, pub->rsa->e);
@@ -357,7 +357,7 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase,
        (void) buffer_get_int(&buffer); /* Reserved data. */
 
        /* Read the public key from the buffer. */
-       buffer_get_int(&buffer);
+       (void) buffer_get_int(&buffer);
        prv = key_new_private(KEY_RSA1);
 
        buffer_get_bignum(&buffer, prv->rsa->n);

diff --git a/openssh/autom4te-2.53.cache/output.0 b/openssh/autom4te-2.53.cache/output.0
index 7213f80690fa02399418347e42ba97525eb0e8b5..92197818276937035ee556f06265a1adab61777f 100644 (file)
--- a/openssh/autom4te-2.53.cache/output.0
+++ b/openssh/autom4te-2.53.cache/output.0
@@ -862,7 +862,6 @@ Optional Packages:
   --with-kerberos5=PATH   Enable Kerberos 5 support
   --with-kerberos4=PATH   Enable Kerberos 4 support
   --with-afs=PATH         Enable AFS support
-  --with-rsh=PATH         Specify path to remote shell program 
   --with-privsep-path=xxx Path for privilege separation chroot 
   --with-xauth=PATH       Specify path to xauth program 
   --with-mantype=man|cat|doc  Set man page type
@@ -3635,6 +3634,10 @@ _ACEOF
 
                cat >>confdefs.h <<\_ACEOF
 @%:@define DISABLE_LASTLOG 1
+_ACEOF
+
+       cat >>confdefs.h <<\_ACEOF
+@%:@define LOGIN_NEEDS_UTMPX 1
 _ACEOF
 
        ;;
@@ -3662,6 +3665,10 @@ _ACEOF
 
        cat >>confdefs.h <<\_ACEOF
 @%:@define NO_X11_UNIX_SOCKETS 1
+_ACEOF
+
+       cat >>confdefs.h <<\_ACEOF
+@%:@define BROKEN_FD_PASSING 1
 _ACEOF
 
        cat >>confdefs.h <<\_ACEOF
@@ -4123,7 +4130,6 @@ _ACEOF
        CPPFLAGS="$CPPFLAGS -Dftruncate=chsize -I/usr/local/include"
        LDFLAGS="$LDFLAGS -L/usr/local/lib"
        LIBS="$LIBS -los -lprot -lx -ltinfo -lm"
-       rsh_path="/usr/bin/rcmd"
        RANLIB=true
        no_dev_ptmx=1
        cat >>confdefs.h <<\_ACEOF
@@ -4231,7 +4237,6 @@ done
        LDFLAGS="$LDFLAGS -L/usr/local/lib"
        LIBS="$LIBS -lprot -lx -ltinfo -lm"
        no_dev_ptmx=1
-       rsh_path="/usr/bin/rcmd"
        cat >>confdefs.h <<\_ACEOF
 @%:@define USE_PIPES 1
 _ACEOF
@@ -4244,6 +4249,10 @@ _ACEOF
 @%:@define DISABLE_SHADOW 1
 _ACEOF
 
+       cat >>confdefs.h <<\_ACEOF
+@%:@define BROKEN_FD_PASSING 1
+_ACEOF
+
        
 
 for ac_func in getluid setluid
@@ -4328,6 +4337,10 @@ done
        no_libnsl=1
        cat >>confdefs.h <<\_ACEOF
 @%:@define USE_PIPES 1
+_ACEOF
+
+       cat >>confdefs.h <<\_ACEOF
+@%:@define BROKEN_FD_PASSING 1
 _ACEOF
 
        LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal,-L/usr/local/lib"
@@ -6515,6 +6528,63 @@ fi
 done
 
 
+if test $ac_cv_func_mmap = yes ; then
+echo "$as_me:$LINENO: checking for mmap anon shared" >&5
+echo $ECHO_N "checking for mmap anon shared... $ECHO_C" >&6
+if test "$cross_compiling" = yes; then
+  { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling" >&5
+echo "$as_me: error: cannot run test program while cross compiling" >&2;}
+   { (exit 1); exit 1; }; }
+else
+  cat >conftest.$ac_ext <<_ACEOF
+#line $LINENO "configure"
+#include "confdefs.h"
+
+#include <stdio.h>
+#include <sys/mman.h>
+#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
+#define MAP_ANON MAP_ANONYMOUS
+#endif
+main() { char *p;
+p = (char *) mmap(NULL, 10, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED, -1, 0);
+if (p == (char *)-1)
+       exit(1);
+exit(0);
+}
+       
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  
+               echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+               cat >>confdefs.h <<\_ACEOF
+@%:@define HAVE_MMAP_ANON_SHARED 1
+_ACEOF
+
+       
+else
+  echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+cat conftest.$ac_ext >&5
+( exit $ac_status )
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6  
+
+fi
+rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+fi
+
 
 for ac_func in dirname
 do
@@ -8482,23 +8552,24 @@ cat >>confdefs.h <<_ACEOF
 _ACEOF
 
 
-ssh_privsep_user=sshd
+SSH_PRIVSEP_USER=sshd
 
 # Check whether --with-privsep-user or --without-privsep-user was given.
 if test "${with_privsep_user+set}" = set; then
   withval="$with_privsep_user"
   
                if test -n "$withval"; then
-                       ssh_privsep_user=$withval
+                       SSH_PRIVSEP_USER=$withval
                fi
                
 
 fi; 
 cat >>confdefs.h <<_ACEOF
-@%:@define SSH_PRIVSEP_USER "$ssh_privsep_user"
+@%:@define SSH_PRIVSEP_USER "$SSH_PRIVSEP_USER"
 _ACEOF
 
 
+
 # We do this little dance with the search path to insure
 # that programs that we select for use by installed programs
 # (which may be run by the super-user) come from trusted
@@ -15238,59 +15309,6 @@ LIBS="$LIBS $KLIBS $K5LIBS"
 
 # Looking for programs, paths and files
 
-# Check whether --with-rsh or --without-rsh was given.
-if test "${with_rsh+set}" = set; then
-  withval="$with_rsh"
-  
-               if test "x$withval" != "$no" ; then
-                       rsh_path=$withval
-               fi
-       
-else
-  
-               # Extract the first word of "rsh", so it can be a program name with args.
-set dummy rsh; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_path_rsh_path+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  case $rsh_path in
-  [\\/]* | ?:[\\/]*)
-  ac_cv_path_rsh_path="$rsh_path" # Let the user override the test with a path.
-  ;;
-  *)
-  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_path_rsh_path="$as_dir/$ac_word$ac_exec_ext"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
-
-  ;;
-esac
-fi
-rsh_path=$ac_cv_path_rsh_path
-
-if test -n "$rsh_path"; then
-  echo "$as_me:$LINENO: result: $rsh_path" >&5
-echo "${ECHO_T}$rsh_path" >&6
-else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-       
-
-fi; 
-
 PRIVSEP_PATH=/var/empty
 
 # Check whether --with-privsep-path or --without-privsep-path was given.
@@ -15372,12 +15390,6 @@ _ACEOF
 
        XAUTH_PATH=$xauth_path
        
-fi
-if test ! -z "$rsh_path" ; then
-       cat >>confdefs.h <<_ACEOF
-@%:@define RSH_PATH "$rsh_path"
-_ACEOF
-
 fi
 
 # Check for mail directory (last resort if we cannot get it from headers)
@@ -16993,6 +17005,7 @@ s,@LD@,$LD,;t t
 s,@LIBWRAP@,$LIBWRAP,;t t
 s,@LIBPAM@,$LIBPAM,;t t
 s,@INSTALL_SSH_RAND_HELPER@,$INSTALL_SSH_RAND_HELPER,;t t
+s,@SSH_PRIVSEP_USER@,$SSH_PRIVSEP_USER,;t t
 s,@PROG_LS@,$PROG_LS,;t t
 s,@PROG_NETSTAT@,$PROG_NETSTAT,;t t
 s,@PROG_ARP@,$PROG_ARP,;t t
@@ -17012,7 +17025,6 @@ s,@PROG_TAIL@,$PROG_TAIL,;t t
 s,@INSTALL_SSH_PRNG_CMDS@,$INSTALL_SSH_PRNG_CMDS,;t t
 s,@NO_SFTP@,$NO_SFTP,;t t
 s,@OPENSC_CONFIG@,$OPENSC_CONFIG,;t t
-s,@rsh_path@,$rsh_path,;t t
 s,@PRIVSEP_PATH@,$PRIVSEP_PATH,;t t
 s,@xauth_path@,$xauth_path,;t t
 s,@XAUTH_PATH@,$XAUTH_PATH,;t t

diff --git a/openssh/autom4te-2.53.cache/traces.0 b/openssh/autom4te-2.53.cache/traces.0
index 1e40d5f578fca078858324b3bbc9963604b612fa..6eb0daac79252d70f0752eb76754b54e035f887d 100644 (file)
--- a/openssh/autom4te-2.53.cache/traces.0
+++ b/openssh/autom4te-2.53.cache/traces.0
@@ -119,93 +119,97 @@ m4trace:configure.ac:74: -1- AC_DEFINE_TRACE_LITERAL([WITH_AIXAUTHENTICATE])
 m4trace:configure.ac:75: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_GETADDRINFO])
 m4trace:configure.ac:76: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_REALPATH])
 m4trace:configure.ac:78: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LASTLOG])
-m4trace:configure.ac:82: -1- AC_DEFINE_TRACE_LITERAL([HAVE_CYGWIN])
-m4trace:configure.ac:83: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
-m4trace:configure.ac:84: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
-m4trace:configure.ac:85: -1- AC_DEFINE_TRACE_LITERAL([IPV4_DEFAULT])
-m4trace:configure.ac:86: -1- AC_DEFINE_TRACE_LITERAL([IP_TOS_IS_BROKEN])
-m4trace:configure.ac:87: -1- AC_DEFINE_TRACE_LITERAL([NO_X11_UNIX_SOCKETS])
-m4trace:configure.ac:88: -1- AC_DEFINE_TRACE_LITERAL([SETGROUPS_NOOP])
-m4trace:configure.ac:91: -1- AC_DEFINE_TRACE_LITERAL([IP_TOS_IS_BROKEN])
-m4trace:configure.ac:94: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_GETADDRINFO])
-m4trace:configure.ac:102: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SECUREWARE])
-m4trace:configure.ac:103: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
-m4trace:configure.ac:104: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NO_ENDOPT])
-m4trace:configure.ac:105: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX])
-m4trace:configure.ac:106: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
-m4trace:configure.ac:107: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
-m4trace:configure.ac:108: -1- AC_DEFINE_TRACE_LITERAL([SPT_TYPE])
-m4trace:configure.ac:118: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
-m4trace:configure.ac:119: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NO_ENDOPT])
-m4trace:configure.ac:120: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX])
-m4trace:configure.ac:121: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
-m4trace:configure.ac:122: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
-m4trace:configure.ac:123: -1- AC_DEFINE_TRACE_LITERAL([SPT_TYPE])
-m4trace:configure.ac:129: -1- AC_DEFINE_TRACE_LITERAL([PAM_SUN_CODEBASE])
-m4trace:configure.ac:130: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
-m4trace:configure.ac:131: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NO_ENDOPT])
-m4trace:configure.ac:132: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX])
-m4trace:configure.ac:133: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
-m4trace:configure.ac:134: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
-m4trace:configure.ac:135: -1- AC_DEFINE_TRACE_LITERAL([SPT_TYPE])
-m4trace:configure.ac:142: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_INET_NTOA])
-m4trace:configure.ac:143: -1- AC_DEFINE_TRACE_LITERAL([WITH_ABBREV_NO_TTY])
-m4trace:configure.ac:149: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_ARRAY])
-m4trace:configure.ac:150: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_PROJECT])
-m4trace:configure.ac:151: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_AUDIT])
-m4trace:configure.ac:152: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_JOBS])
-m4trace:configure.ac:153: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_INET_NTOA])
-m4trace:configure.ac:154: -1- AC_DEFINE_TRACE_LITERAL([WITH_ABBREV_NO_TTY])
-m4trace:configure.ac:159: -1- AC_DEFINE_TRACE_LITERAL([DONT_TRY_OTHER_AF])
-m4trace:configure.ac:160: -1- AC_DEFINE_TRACE_LITERAL([PAM_TTY_KLUDGE])
-m4trace:configure.ac:164: -1- AC_DEFINE_TRACE_LITERAL([HAVE_NEWS4])
-m4trace:configure.ac:178: -1- AC_DEFINE_TRACE_LITERAL([HAVE_NEXT])
-m4trace:configure.ac:179: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_REALPATH])
-m4trace:configure.ac:180: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
-m4trace:configure.ac:181: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SAVED_UIDS])
-m4trace:configure.ac:189: -1- AC_DEFINE_TRACE_LITERAL([PAM_SUN_CODEBASE])
-m4trace:configure.ac:190: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX])
-m4trace:configure.ac:191: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_TERM])
-m4trace:configure.ac:192: -1- AC_DEFINE_TRACE_LITERAL([PAM_TTY_KLUDGE])
-m4trace:configure.ac:199: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
-m4trace:configure.ac:200: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMP])
-m4trace:configure.ac:207: -1- AC_CHECK_FUNCS([getpwanam])
-m4trace:configure.ac:207: -1- AH_OUTPUT([HAVE_GETPWANAM], [/* Define to 1 if you have the \`getpwanam' function. */
+m4trace:configure.ac:79: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX])
+m4trace:configure.ac:83: -1- AC_DEFINE_TRACE_LITERAL([HAVE_CYGWIN])
+m4trace:configure.ac:84: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
+m4trace:configure.ac:85: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
+m4trace:configure.ac:86: -1- AC_DEFINE_TRACE_LITERAL([IPV4_DEFAULT])
+m4trace:configure.ac:87: -1- AC_DEFINE_TRACE_LITERAL([IP_TOS_IS_BROKEN])
+m4trace:configure.ac:88: -1- AC_DEFINE_TRACE_LITERAL([NO_X11_UNIX_SOCKETS])
+m4trace:configure.ac:89: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_FD_PASSING])
+m4trace:configure.ac:90: -1- AC_DEFINE_TRACE_LITERAL([SETGROUPS_NOOP])
+m4trace:configure.ac:93: -1- AC_DEFINE_TRACE_LITERAL([IP_TOS_IS_BROKEN])
+m4trace:configure.ac:96: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_GETADDRINFO])
+m4trace:configure.ac:104: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SECUREWARE])
+m4trace:configure.ac:105: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
+m4trace:configure.ac:106: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NO_ENDOPT])
+m4trace:configure.ac:107: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX])
+m4trace:configure.ac:108: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
+m4trace:configure.ac:109: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
+m4trace:configure.ac:110: -1- AC_DEFINE_TRACE_LITERAL([SPT_TYPE])
+m4trace:configure.ac:120: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
+m4trace:configure.ac:121: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NO_ENDOPT])
+m4trace:configure.ac:122: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX])
+m4trace:configure.ac:123: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
+m4trace:configure.ac:124: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
+m4trace:configure.ac:125: -1- AC_DEFINE_TRACE_LITERAL([SPT_TYPE])
+m4trace:configure.ac:131: -1- AC_DEFINE_TRACE_LITERAL([PAM_SUN_CODEBASE])
+m4trace:configure.ac:132: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
+m4trace:configure.ac:133: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NO_ENDOPT])
+m4trace:configure.ac:134: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX])
+m4trace:configure.ac:135: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
+m4trace:configure.ac:136: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
+m4trace:configure.ac:137: -1- AC_DEFINE_TRACE_LITERAL([SPT_TYPE])
+m4trace:configure.ac:144: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_INET_NTOA])
+m4trace:configure.ac:145: -1- AC_DEFINE_TRACE_LITERAL([WITH_ABBREV_NO_TTY])
+m4trace:configure.ac:151: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_ARRAY])
+m4trace:configure.ac:152: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_PROJECT])
+m4trace:configure.ac:153: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_AUDIT])
+m4trace:configure.ac:154: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_JOBS])
+m4trace:configure.ac:155: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_INET_NTOA])
+m4trace:configure.ac:156: -1- AC_DEFINE_TRACE_LITERAL([WITH_ABBREV_NO_TTY])
+m4trace:configure.ac:161: -1- AC_DEFINE_TRACE_LITERAL([DONT_TRY_OTHER_AF])
+m4trace:configure.ac:162: -1- AC_DEFINE_TRACE_LITERAL([PAM_TTY_KLUDGE])
+m4trace:configure.ac:166: -1- AC_DEFINE_TRACE_LITERAL([HAVE_NEWS4])
+m4trace:configure.ac:180: -1- AC_DEFINE_TRACE_LITERAL([HAVE_NEXT])
+m4trace:configure.ac:181: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_REALPATH])
+m4trace:configure.ac:182: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
+m4trace:configure.ac:183: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SAVED_UIDS])
+m4trace:configure.ac:191: -1- AC_DEFINE_TRACE_LITERAL([PAM_SUN_CODEBASE])
+m4trace:configure.ac:192: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX])
+m4trace:configure.ac:193: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_TERM])
+m4trace:configure.ac:194: -1- AC_DEFINE_TRACE_LITERAL([PAM_TTY_KLUDGE])
+m4trace:configure.ac:201: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
+m4trace:configure.ac:202: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMP])
+m4trace:configure.ac:209: -1- AC_CHECK_FUNCS([getpwanam])
+m4trace:configure.ac:209: -1- AH_OUTPUT([HAVE_GETPWANAM], [/* Define to 1 if you have the \`getpwanam' function. */
 #undef HAVE_GETPWANAM])
-m4trace:configure.ac:208: -1- AC_DEFINE_TRACE_LITERAL([PAM_SUN_CODEBASE])
-m4trace:configure.ac:212: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
-m4trace:configure.ac:218: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
-m4trace:configure.ac:225: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
-m4trace:configure.ac:226: -1- AC_DEFINE_TRACE_LITERAL([IP_TOS_IS_BROKEN])
-m4trace:configure.ac:234: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
-m4trace:configure.ac:239: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
-m4trace:configure.ac:252: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SYS_TERMIO_H])
-m4trace:configure.ac:253: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
-m4trace:configure.ac:254: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SECUREWARE])
-m4trace:configure.ac:255: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
-m4trace:configure.ac:256: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SAVED_UIDS])
-m4trace:configure.ac:257: -1- AC_CHECK_FUNCS([getluid setluid])
-m4trace:configure.ac:257: -1- AH_OUTPUT([HAVE_GETLUID], [/* Define to 1 if you have the \`getluid' function. */
+m4trace:configure.ac:210: -1- AC_DEFINE_TRACE_LITERAL([PAM_SUN_CODEBASE])
+m4trace:configure.ac:214: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
+m4trace:configure.ac:220: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
+m4trace:configure.ac:227: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
+m4trace:configure.ac:228: -1- AC_DEFINE_TRACE_LITERAL([IP_TOS_IS_BROKEN])
+m4trace:configure.ac:236: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
+m4trace:configure.ac:241: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
+m4trace:configure.ac:253: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SYS_TERMIO_H])
+m4trace:configure.ac:254: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
+m4trace:configure.ac:255: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SECUREWARE])
+m4trace:configure.ac:256: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
+m4trace:configure.ac:257: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SAVED_UIDS])
+m4trace:configure.ac:258: -1- AC_CHECK_FUNCS([getluid setluid])
+m4trace:configure.ac:258: -1- AH_OUTPUT([HAVE_GETLUID], [/* Define to 1 if you have the \`getluid' function. */
 #undef HAVE_GETLUID])
-m4trace:configure.ac:257: -1- AH_OUTPUT([HAVE_SETLUID], [/* Define to 1 if you have the \`setluid' function. */
+m4trace:configure.ac:258: -1- AH_OUTPUT([HAVE_SETLUID], [/* Define to 1 if you have the \`setluid' function. */
 #undef HAVE_SETLUID])
 m4trace:configure.ac:267: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
 m4trace:configure.ac:268: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SECUREWARE])
 m4trace:configure.ac:269: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
-m4trace:configure.ac:270: -1- AC_CHECK_FUNCS([getluid setluid])
-m4trace:configure.ac:270: -1- AH_OUTPUT([HAVE_GETLUID], [/* Define to 1 if you have the \`getluid' function. */
+m4trace:configure.ac:270: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_FD_PASSING])
+m4trace:configure.ac:271: -1- AC_CHECK_FUNCS([getluid setluid])
+m4trace:configure.ac:271: -1- AH_OUTPUT([HAVE_GETLUID], [/* Define to 1 if you have the \`getluid' function. */
 #undef HAVE_GETLUID])
-m4trace:configure.ac:270: -1- AH_OUTPUT([HAVE_SETLUID], [/* Define to 1 if you have the \`setluid' function. */
+m4trace:configure.ac:271: -1- AH_OUTPUT([HAVE_SETLUID], [/* Define to 1 if you have the \`setluid' function. */
 #undef HAVE_SETLUID])
-m4trace:configure.ac:276: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
-m4trace:configure.ac:295: -1- AC_DEFINE_TRACE_LITERAL([HAVE_OSF_SIA])
-m4trace:configure.ac:296: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LOGIN])
-m4trace:configure.ac:305: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
-m4trace:configure.ac:306: -1- AC_DEFINE_TRACE_LITERAL([NO_X11_UNIX_SOCKETS])
-m4trace:configure.ac:307: -1- AC_DEFINE_TRACE_LITERAL([MISSING_NFDBITS])
-m4trace:configure.ac:308: -1- AC_DEFINE_TRACE_LITERAL([MISSING_HOWMANY])
-m4trace:configure.ac:309: -1- AC_DEFINE_TRACE_LITERAL([MISSING_FD_MASK])
-m4trace:configure.ac:357: -1- AC_CHECK_HEADERS([bstring.h crypt.h endian.h floatingpoint.h \
+m4trace:configure.ac:277: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
+m4trace:configure.ac:278: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_FD_PASSING])
+m4trace:configure.ac:297: -1- AC_DEFINE_TRACE_LITERAL([HAVE_OSF_SIA])
+m4trace:configure.ac:298: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LOGIN])
+m4trace:configure.ac:307: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
+m4trace:configure.ac:308: -1- AC_DEFINE_TRACE_LITERAL([NO_X11_UNIX_SOCKETS])
+m4trace:configure.ac:309: -1- AC_DEFINE_TRACE_LITERAL([MISSING_NFDBITS])
+m4trace:configure.ac:310: -1- AC_DEFINE_TRACE_LITERAL([MISSING_HOWMANY])
+m4trace:configure.ac:311: -1- AC_DEFINE_TRACE_LITERAL([MISSING_FD_MASK])
+m4trace:configure.ac:359: -1- AC_CHECK_HEADERS([bstring.h crypt.h endian.h floatingpoint.h \
        getopt.h glob.h lastlog.h limits.h login.h \
        login_cap.h maillock.h netdb.h netgroup.h \
        netinet/in_systm.h paths.h pty.h readpassphrase.h \
@@ -215,156 +219,156 @@ m4trace:configure.ac:357: -1- AC_CHECK_HEADERS([bstring.h crypt.h endian.h float
        sys/stropts.h sys/sysmacros.h sys/time.h \
        sys/un.h time.h ttyent.h usersec.h \
        util.h utime.h utmp.h utmpx.h])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_BSTRING_H], [/* Define to 1 if you have the <bstring.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_BSTRING_H], [/* Define to 1 if you have the <bstring.h> header file. */
 #undef HAVE_BSTRING_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_CRYPT_H], [/* Define to 1 if you have the <crypt.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_CRYPT_H], [/* Define to 1 if you have the <crypt.h> header file. */
 #undef HAVE_CRYPT_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_ENDIAN_H], [/* Define to 1 if you have the <endian.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_ENDIAN_H], [/* Define to 1 if you have the <endian.h> header file. */
 #undef HAVE_ENDIAN_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_FLOATINGPOINT_H], [/* Define to 1 if you have the <floatingpoint.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_FLOATINGPOINT_H], [/* Define to 1 if you have the <floatingpoint.h> header file. */
 #undef HAVE_FLOATINGPOINT_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_GETOPT_H], [/* Define to 1 if you have the <getopt.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_GETOPT_H], [/* Define to 1 if you have the <getopt.h> header file. */
 #undef HAVE_GETOPT_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_GLOB_H], [/* Define to 1 if you have the <glob.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_GLOB_H], [/* Define to 1 if you have the <glob.h> header file. */
 #undef HAVE_GLOB_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_LASTLOG_H], [/* Define to 1 if you have the <lastlog.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_LASTLOG_H], [/* Define to 1 if you have the <lastlog.h> header file. */
 #undef HAVE_LASTLOG_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_LIMITS_H], [/* Define to 1 if you have the <limits.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_LIMITS_H], [/* Define to 1 if you have the <limits.h> header file. */
 #undef HAVE_LIMITS_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_LOGIN_H], [/* Define to 1 if you have the <login.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_LOGIN_H], [/* Define to 1 if you have the <login.h> header file. */
 #undef HAVE_LOGIN_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_LOGIN_CAP_H], [/* Define to 1 if you have the <login_cap.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_LOGIN_CAP_H], [/* Define to 1 if you have the <login_cap.h> header file. */
 #undef HAVE_LOGIN_CAP_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_MAILLOCK_H], [/* Define to 1 if you have the <maillock.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_MAILLOCK_H], [/* Define to 1 if you have the <maillock.h> header file. */
 #undef HAVE_MAILLOCK_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_NETDB_H], [/* Define to 1 if you have the <netdb.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_NETDB_H], [/* Define to 1 if you have the <netdb.h> header file. */
 #undef HAVE_NETDB_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_NETGROUP_H], [/* Define to 1 if you have the <netgroup.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_NETGROUP_H], [/* Define to 1 if you have the <netgroup.h> header file. */
 #undef HAVE_NETGROUP_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_NETINET_IN_SYSTM_H], [/* Define to 1 if you have the <netinet/in_systm.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_NETINET_IN_SYSTM_H], [/* Define to 1 if you have the <netinet/in_systm.h> header file. */
 #undef HAVE_NETINET_IN_SYSTM_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_PATHS_H], [/* Define to 1 if you have the <paths.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_PATHS_H], [/* Define to 1 if you have the <paths.h> header file. */
 #undef HAVE_PATHS_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_PTY_H], [/* Define to 1 if you have the <pty.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_PTY_H], [/* Define to 1 if you have the <pty.h> header file. */
 #undef HAVE_PTY_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_READPASSPHRASE_H], [/* Define to 1 if you have the <readpassphrase.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_READPASSPHRASE_H], [/* Define to 1 if you have the <readpassphrase.h> header file. */
 #undef HAVE_READPASSPHRASE_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_RPC_TYPES_H], [/* Define to 1 if you have the <rpc/types.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_RPC_TYPES_H], [/* Define to 1 if you have the <rpc/types.h> header file. */
 #undef HAVE_RPC_TYPES_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_SECURITY_PAM_APPL_H], [/* Define to 1 if you have the <security/pam_appl.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_SECURITY_PAM_APPL_H], [/* Define to 1 if you have the <security/pam_appl.h> header file. */
 #undef HAVE_SECURITY_PAM_APPL_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_SHADOW_H], [/* Define to 1 if you have the <shadow.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_SHADOW_H], [/* Define to 1 if you have the <shadow.h> header file. */
 #undef HAVE_SHADOW_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_STDDEF_H], [/* Define to 1 if you have the <stddef.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_STDDEF_H], [/* Define to 1 if you have the <stddef.h> header file. */
 #undef HAVE_STDDEF_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_STDINT_H], [/* Define to 1 if you have the <stdint.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_STDINT_H], [/* Define to 1 if you have the <stdint.h> header file. */
 #undef HAVE_STDINT_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_STRINGS_H], [/* Define to 1 if you have the <strings.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_STRINGS_H], [/* Define to 1 if you have the <strings.h> header file. */
 #undef HAVE_STRINGS_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_SYS_BITYPES_H], [/* Define to 1 if you have the <sys/bitypes.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_SYS_BITYPES_H], [/* Define to 1 if you have the <sys/bitypes.h> header file. */
 #undef HAVE_SYS_BITYPES_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_SYS_BSDTTY_H], [/* Define to 1 if you have the <sys/bsdtty.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_SYS_BSDTTY_H], [/* Define to 1 if you have the <sys/bsdtty.h> header file. */
 #undef HAVE_SYS_BSDTTY_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_SYS_CDEFS_H], [/* Define to 1 if you have the <sys/cdefs.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_SYS_CDEFS_H], [/* Define to 1 if you have the <sys/cdefs.h> header file. */
 #undef HAVE_SYS_CDEFS_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_SYS_MMAN_H], [/* Define to 1 if you have the <sys/mman.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_SYS_MMAN_H], [/* Define to 1 if you have the <sys/mman.h> header file. */
 #undef HAVE_SYS_MMAN_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_SYS_SELECT_H], [/* Define to 1 if you have the <sys/select.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_SYS_SELECT_H], [/* Define to 1 if you have the <sys/select.h> header file. */
 #undef HAVE_SYS_SELECT_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_SYS_STAT_H], [/* Define to 1 if you have the <sys/stat.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_SYS_STAT_H], [/* Define to 1 if you have the <sys/stat.h> header file. */
 #undef HAVE_SYS_STAT_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_SYS_STROPTS_H], [/* Define to 1 if you have the <sys/stropts.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_SYS_STROPTS_H], [/* Define to 1 if you have the <sys/stropts.h> header file. */
 #undef HAVE_SYS_STROPTS_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_SYS_SYSMACROS_H], [/* Define to 1 if you have the <sys/sysmacros.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_SYS_SYSMACROS_H], [/* Define to 1 if you have the <sys/sysmacros.h> header file. */
 #undef HAVE_SYS_SYSMACROS_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_SYS_TIME_H], [/* Define to 1 if you have the <sys/time.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_SYS_TIME_H], [/* Define to 1 if you have the <sys/time.h> header file. */
 #undef HAVE_SYS_TIME_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_SYS_UN_H], [/* Define to 1 if you have the <sys/un.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_SYS_UN_H], [/* Define to 1 if you have the <sys/un.h> header file. */
 #undef HAVE_SYS_UN_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_TIME_H], [/* Define to 1 if you have the <time.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_TIME_H], [/* Define to 1 if you have the <time.h> header file. */
 #undef HAVE_TIME_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_TTYENT_H], [/* Define to 1 if you have the <ttyent.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_TTYENT_H], [/* Define to 1 if you have the <ttyent.h> header file. */
 #undef HAVE_TTYENT_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_USERSEC_H], [/* Define to 1 if you have the <usersec.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_USERSEC_H], [/* Define to 1 if you have the <usersec.h> header file. */
 #undef HAVE_USERSEC_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_UTIL_H], [/* Define to 1 if you have the <util.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_UTIL_H], [/* Define to 1 if you have the <util.h> header file. */
 #undef HAVE_UTIL_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_UTIME_H], [/* Define to 1 if you have the <utime.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_UTIME_H], [/* Define to 1 if you have the <utime.h> header file. */
 #undef HAVE_UTIME_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_UTMP_H], [/* Define to 1 if you have the <utmp.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_UTMP_H], [/* Define to 1 if you have the <utmp.h> header file. */
 #undef HAVE_UTMP_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_UTMPX_H], [/* Define to 1 if you have the <utmpx.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_UTMPX_H], [/* Define to 1 if you have the <utmpx.h> header file. */
 #undef HAVE_UTMPX_H])
-m4trace:configure.ac:357: -1- AC_HEADER_STDC
-m4trace:configure.ac:357: -1- AC_DEFINE_TRACE_LITERAL([STDC_HEADERS])
-m4trace:configure.ac:357: -1- AH_OUTPUT([STDC_HEADERS], [/* Define to 1 if you have the ANSI C header files. */
+m4trace:configure.ac:359: -1- AC_HEADER_STDC
+m4trace:configure.ac:359: -1- AC_DEFINE_TRACE_LITERAL([STDC_HEADERS])
+m4trace:configure.ac:359: -1- AH_OUTPUT([STDC_HEADERS], [/* Define to 1 if you have the ANSI C header files. */
 #undef STDC_HEADERS])
-m4trace:configure.ac:357: -1- AC_CHECK_HEADERS([sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
+m4trace:configure.ac:359: -1- AC_CHECK_HEADERS([sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
                   inttypes.h stdint.h unistd.h], [], [], [$ac_includes_default])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_SYS_TYPES_H], [/* Define to 1 if you have the <sys/types.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_SYS_TYPES_H], [/* Define to 1 if you have the <sys/types.h> header file. */
 #undef HAVE_SYS_TYPES_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_SYS_STAT_H], [/* Define to 1 if you have the <sys/stat.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_SYS_STAT_H], [/* Define to 1 if you have the <sys/stat.h> header file. */
 #undef HAVE_SYS_STAT_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_STDLIB_H], [/* Define to 1 if you have the <stdlib.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_STDLIB_H], [/* Define to 1 if you have the <stdlib.h> header file. */
 #undef HAVE_STDLIB_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_STRING_H], [/* Define to 1 if you have the <string.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_STRING_H], [/* Define to 1 if you have the <string.h> header file. */
 #undef HAVE_STRING_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_MEMORY_H], [/* Define to 1 if you have the <memory.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_MEMORY_H], [/* Define to 1 if you have the <memory.h> header file. */
 #undef HAVE_MEMORY_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_STRINGS_H], [/* Define to 1 if you have the <strings.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_STRINGS_H], [/* Define to 1 if you have the <strings.h> header file. */
 #undef HAVE_STRINGS_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_INTTYPES_H], [/* Define to 1 if you have the <inttypes.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_INTTYPES_H], [/* Define to 1 if you have the <inttypes.h> header file. */
 #undef HAVE_INTTYPES_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_STDINT_H], [/* Define to 1 if you have the <stdint.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_STDINT_H], [/* Define to 1 if you have the <stdint.h> header file. */
 #undef HAVE_STDINT_H])
-m4trace:configure.ac:357: -1- AH_OUTPUT([HAVE_UNISTD_H], [/* Define to 1 if you have the <unistd.h> header file. */
+m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_UNISTD_H], [/* Define to 1 if you have the <unistd.h> header file. */
 #undef HAVE_UNISTD_H])
-m4trace:configure.ac:360: -2- AC_CHECK_LIB([nsl], [yp_match])
-m4trace:configure.ac:360: -2- AH_OUTPUT([HAVE_LIBNSL], [/* Define to 1 if you have the \`nsl' library (-lnsl). */
+m4trace:configure.ac:362: -2- AC_CHECK_LIB([nsl], [yp_match])
+m4trace:configure.ac:362: -2- AH_OUTPUT([HAVE_LIBNSL], [/* Define to 1 if you have the \`nsl' library (-lnsl). */
 #undef HAVE_LIBNSL])
-m4trace:configure.ac:360: -2- AC_DEFINE_TRACE_LITERAL([HAVE_LIBNSL])
-m4trace:configure.ac:361: -2- AC_CHECK_LIB([socket], [setsockopt])
-m4trace:configure.ac:361: -2- AH_OUTPUT([HAVE_LIBSOCKET], [/* Define to 1 if you have the \`socket' library (-lsocket). */
+m4trace:configure.ac:362: -2- AC_DEFINE_TRACE_LITERAL([HAVE_LIBNSL])
+m4trace:configure.ac:363: -2- AC_CHECK_LIB([socket], [setsockopt])
+m4trace:configure.ac:363: -2- AH_OUTPUT([HAVE_LIBSOCKET], [/* Define to 1 if you have the \`socket' library (-lsocket). */
 #undef HAVE_LIBSOCKET])
-m4trace:configure.ac:361: -2- AC_DEFINE_TRACE_LITERAL([HAVE_LIBSOCKET])
-m4trace:configure.ac:366: -1- AC_CHECK_LIB([rpc], [innetgr], [LIBS="-lrpc -lyp -lrpc $LIBS" ], [], [-lyp -lrpc])
-m4trace:configure.ac:371: -2- AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])
-m4trace:configure.ac:413: -1- AC_CHECK_LIB([z], [deflate], [], [{ { echo "$as_me:$LINENO: error: *** zlib missing - please install first or check config.log ***" >&5
+m4trace:configure.ac:363: -2- AC_DEFINE_TRACE_LITERAL([HAVE_LIBSOCKET])
+m4trace:configure.ac:368: -1- AC_CHECK_LIB([rpc], [innetgr], [LIBS="-lrpc -lyp -lrpc $LIBS" ], [], [-lyp -lrpc])
+m4trace:configure.ac:373: -2- AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])
+m4trace:configure.ac:415: -1- AC_CHECK_LIB([z], [deflate], [], [{ { echo "$as_me:$LINENO: error: *** zlib missing - please install first or check config.log ***" >&5
 echo "$as_me: error: *** zlib missing - please install first or check config.log ***" >&2;}
    { (exit 1); exit 1; }; }])
-m4trace:configure.ac:413: -1- AH_OUTPUT([HAVE_LIBZ], [/* Define to 1 if you have the \`z' library (-lz). */
+m4trace:configure.ac:415: -1- AH_OUTPUT([HAVE_LIBZ], [/* Define to 1 if you have the \`z' library (-lz). */
 #undef HAVE_LIBZ])
-m4trace:configure.ac:413: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBZ])
-m4trace:configure.ac:418: -1- AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"])
-m4trace:configure.ac:421: -1- AC_CHECK_LIB([c89], [utimes], [LIBS="$LIBS -lc89"])
-m4trace:configure.ac:424: -1- AC_CHECK_HEADERS([libutil.h])
-m4trace:configure.ac:424: -1- AH_OUTPUT([HAVE_LIBUTIL_H], [/* Define to 1 if you have the <libutil.h> header file. */
+m4trace:configure.ac:415: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBZ])
+m4trace:configure.ac:420: -1- AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"])
+m4trace:configure.ac:423: -1- AC_CHECK_LIB([c89], [utimes], [LIBS="$LIBS -lc89"])
+m4trace:configure.ac:426: -1- AC_CHECK_HEADERS([libutil.h])
+m4trace:configure.ac:426: -1- AH_OUTPUT([HAVE_LIBUTIL_H], [/* Define to 1 if you have the <libutil.h> header file. */
 #undef HAVE_LIBUTIL_H])
-m4trace:configure.ac:425: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LOGIN])
-m4trace:configure.ac:426: -1- AC_CHECK_FUNCS([logout updwtmp logwtmp])
-m4trace:configure.ac:426: -1- AH_OUTPUT([HAVE_LOGOUT], [/* Define to 1 if you have the \`logout' function. */
+m4trace:configure.ac:427: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LOGIN])
+m4trace:configure.ac:428: -1- AC_CHECK_FUNCS([logout updwtmp logwtmp])
+m4trace:configure.ac:428: -1- AH_OUTPUT([HAVE_LOGOUT], [/* Define to 1 if you have the \`logout' function. */
 #undef HAVE_LOGOUT])
-m4trace:configure.ac:426: -1- AH_OUTPUT([HAVE_UPDWTMP], [/* Define to 1 if you have the \`updwtmp' function. */
+m4trace:configure.ac:428: -1- AH_OUTPUT([HAVE_UPDWTMP], [/* Define to 1 if you have the \`updwtmp' function. */
 #undef HAVE_UPDWTMP])
-m4trace:configure.ac:426: -1- AH_OUTPUT([HAVE_LOGWTMP], [/* Define to 1 if you have the \`logwtmp' function. */
+m4trace:configure.ac:428: -1- AH_OUTPUT([HAVE_LOGWTMP], [/* Define to 1 if you have the \`logwtmp' function. */
 #undef HAVE_LOGWTMP])
-m4trace:configure.ac:428: -1- AC_FUNC_STRFTIME
-m4trace:configure.ac:428: -1- AC_CHECK_FUNCS([strftime], [], [# strftime is in -lintl on SCO UNIX.
+m4trace:configure.ac:430: -1- AC_FUNC_STRFTIME
+m4trace:configure.ac:430: -1- AC_CHECK_FUNCS([strftime], [], [# strftime is in -lintl on SCO UNIX.
 AC_CHECK_LIB(intl, strftime,
              [AC_DEFINE(HAVE_STRFTIME)
 LIBS="-lintl $LIBS"])])
-m4trace:configure.ac:428: -1- AH_OUTPUT([HAVE_STRFTIME], [/* Define to 1 if you have the \`strftime' function. */
+m4trace:configure.ac:430: -1- AH_OUTPUT([HAVE_STRFTIME], [/* Define to 1 if you have the \`strftime' function. */
 #undef HAVE_STRFTIME])
-m4trace:configure.ac:428: -1- AC_CHECK_LIB([intl], [strftime], [AC_DEFINE(HAVE_STRFTIME)
+m4trace:configure.ac:430: -1- AC_CHECK_LIB([intl], [strftime], [AC_DEFINE(HAVE_STRFTIME)
 LIBS="-lintl $LIBS"])
-m4trace:configure.ac:428: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRFTIME])
-m4trace:configure.ac:446: -1- AC_DEFINE_TRACE_LITERAL([GLOB_HAS_ALTDIRFUNC])
-m4trace:configure.ac:462: -1- AC_DEFINE_TRACE_LITERAL([GLOB_HAS_GL_MATCHC])
-m4trace:configure.ac:476: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_ONE_BYTE_DIRENT_D_NAME])
-m4trace:configure.ac:509: -1- AC_DEFINE_TRACE_LITERAL([SKEY])
-m4trace:configure.ac:563: -1- AC_DEFINE_TRACE_LITERAL([LIBWRAP])
-m4trace:configure.ac:563: -1- AC_SUBST([LIBWRAP])
-m4trace:configure.ac:576: -1- AC_CHECK_FUNCS([arc4random b64_ntop bcopy bindresvport_sa \
+m4trace:configure.ac:430: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRFTIME])
+m4trace:configure.ac:448: -1- AC_DEFINE_TRACE_LITERAL([GLOB_HAS_ALTDIRFUNC])
+m4trace:configure.ac:464: -1- AC_DEFINE_TRACE_LITERAL([GLOB_HAS_GL_MATCHC])
+m4trace:configure.ac:478: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_ONE_BYTE_DIRENT_D_NAME])
+m4trace:configure.ac:511: -1- AC_DEFINE_TRACE_LITERAL([SKEY])
+m4trace:configure.ac:565: -1- AC_DEFINE_TRACE_LITERAL([LIBWRAP])
+m4trace:configure.ac:565: -1- AC_SUBST([LIBWRAP])
+m4trace:configure.ac:578: -1- AC_CHECK_FUNCS([arc4random b64_ntop bcopy bindresvport_sa \
        clock fchmod fchown freeaddrinfo futimes gai_strerror \
        getaddrinfo getcwd getgrouplist getnameinfo getopt \
        getrlimit getrusage getttyent glob inet_aton inet_ntoa \
@@ -375,141 +379,142 @@ m4trace:configure.ac:576: -1- AC_CHECK_FUNCS([arc4random b64_ntop bcopy bindresv
        setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \
        socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \
        truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_ARC4RANDOM], [/* Define to 1 if you have the \`arc4random' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_ARC4RANDOM], [/* Define to 1 if you have the \`arc4random' function. */
 #undef HAVE_ARC4RANDOM])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_B64_NTOP], [/* Define to 1 if you have the \`b64_ntop' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_B64_NTOP], [/* Define to 1 if you have the \`b64_ntop' function. */
 #undef HAVE_B64_NTOP])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_BCOPY], [/* Define to 1 if you have the \`bcopy' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_BCOPY], [/* Define to 1 if you have the \`bcopy' function. */
 #undef HAVE_BCOPY])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_BINDRESVPORT_SA], [/* Define to 1 if you have the \`bindresvport_sa' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_BINDRESVPORT_SA], [/* Define to 1 if you have the \`bindresvport_sa' function. */
 #undef HAVE_BINDRESVPORT_SA])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_CLOCK], [/* Define to 1 if you have the \`clock' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_CLOCK], [/* Define to 1 if you have the \`clock' function. */
 #undef HAVE_CLOCK])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_FCHMOD], [/* Define to 1 if you have the \`fchmod' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_FCHMOD], [/* Define to 1 if you have the \`fchmod' function. */
 #undef HAVE_FCHMOD])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_FCHOWN], [/* Define to 1 if you have the \`fchown' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_FCHOWN], [/* Define to 1 if you have the \`fchown' function. */
 #undef HAVE_FCHOWN])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_FREEADDRINFO], [/* Define to 1 if you have the \`freeaddrinfo' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_FREEADDRINFO], [/* Define to 1 if you have the \`freeaddrinfo' function. */
 #undef HAVE_FREEADDRINFO])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_FUTIMES], [/* Define to 1 if you have the \`futimes' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_FUTIMES], [/* Define to 1 if you have the \`futimes' function. */
 #undef HAVE_FUTIMES])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_GAI_STRERROR], [/* Define to 1 if you have the \`gai_strerror' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_GAI_STRERROR], [/* Define to 1 if you have the \`gai_strerror' function. */
 #undef HAVE_GAI_STRERROR])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_GETADDRINFO], [/* Define to 1 if you have the \`getaddrinfo' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_GETADDRINFO], [/* Define to 1 if you have the \`getaddrinfo' function. */
 #undef HAVE_GETADDRINFO])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_GETCWD], [/* Define to 1 if you have the \`getcwd' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_GETCWD], [/* Define to 1 if you have the \`getcwd' function. */
 #undef HAVE_GETCWD])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_GETGROUPLIST], [/* Define to 1 if you have the \`getgrouplist' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_GETGROUPLIST], [/* Define to 1 if you have the \`getgrouplist' function. */
 #undef HAVE_GETGROUPLIST])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_GETNAMEINFO], [/* Define to 1 if you have the \`getnameinfo' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_GETNAMEINFO], [/* Define to 1 if you have the \`getnameinfo' function. */
 #undef HAVE_GETNAMEINFO])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_GETOPT], [/* Define to 1 if you have the \`getopt' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_GETOPT], [/* Define to 1 if you have the \`getopt' function. */
 #undef HAVE_GETOPT])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_GETRLIMIT], [/* Define to 1 if you have the \`getrlimit' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_GETRLIMIT], [/* Define to 1 if you have the \`getrlimit' function. */
 #undef HAVE_GETRLIMIT])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_GETRUSAGE], [/* Define to 1 if you have the \`getrusage' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_GETRUSAGE], [/* Define to 1 if you have the \`getrusage' function. */
 #undef HAVE_GETRUSAGE])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_GETTTYENT], [/* Define to 1 if you have the \`getttyent' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_GETTTYENT], [/* Define to 1 if you have the \`getttyent' function. */
 #undef HAVE_GETTTYENT])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_GLOB], [/* Define to 1 if you have the \`glob' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_GLOB], [/* Define to 1 if you have the \`glob' function. */
 #undef HAVE_GLOB])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_INET_ATON], [/* Define to 1 if you have the \`inet_aton' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_INET_ATON], [/* Define to 1 if you have the \`inet_aton' function. */
 #undef HAVE_INET_ATON])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_INET_NTOA], [/* Define to 1 if you have the \`inet_ntoa' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_INET_NTOA], [/* Define to 1 if you have the \`inet_ntoa' function. */
 #undef HAVE_INET_NTOA])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_INET_NTOP], [/* Define to 1 if you have the \`inet_ntop' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_INET_NTOP], [/* Define to 1 if you have the \`inet_ntop' function. */
 #undef HAVE_INET_NTOP])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_INNETGR], [/* Define to 1 if you have the \`innetgr' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_INNETGR], [/* Define to 1 if you have the \`innetgr' function. */
 #undef HAVE_INNETGR])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_LOGIN_GETCAPBOOL], [/* Define to 1 if you have the \`login_getcapbool' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_LOGIN_GETCAPBOOL], [/* Define to 1 if you have the \`login_getcapbool' function. */
 #undef HAVE_LOGIN_GETCAPBOOL])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_MD5_CRYPT], [/* Define to 1 if you have the \`md5_crypt' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_MD5_CRYPT], [/* Define to 1 if you have the \`md5_crypt' function. */
 #undef HAVE_MD5_CRYPT])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_MEMMOVE], [/* Define to 1 if you have the \`memmove' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_MEMMOVE], [/* Define to 1 if you have the \`memmove' function. */
 #undef HAVE_MEMMOVE])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_MKDTEMP], [/* Define to 1 if you have the \`mkdtemp' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_MKDTEMP], [/* Define to 1 if you have the \`mkdtemp' function. */
 #undef HAVE_MKDTEMP])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_MMAP], [/* Define to 1 if you have the \`mmap' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_MMAP], [/* Define to 1 if you have the \`mmap' function. */
 #undef HAVE_MMAP])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_NGETADDRINFO], [/* Define to 1 if you have the \`ngetaddrinfo' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_NGETADDRINFO], [/* Define to 1 if you have the \`ngetaddrinfo' function. */
 #undef HAVE_NGETADDRINFO])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_OPENPTY], [/* Define to 1 if you have the \`openpty' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_OPENPTY], [/* Define to 1 if you have the \`openpty' function. */
 #undef HAVE_OPENPTY])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_OGETADDRINFO], [/* Define to 1 if you have the \`ogetaddrinfo' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_OGETADDRINFO], [/* Define to 1 if you have the \`ogetaddrinfo' function. */
 #undef HAVE_OGETADDRINFO])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_READPASSPHRASE], [/* Define to 1 if you have the \`readpassphrase' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_READPASSPHRASE], [/* Define to 1 if you have the \`readpassphrase' function. */
 #undef HAVE_READPASSPHRASE])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_REALPATH], [/* Define to 1 if you have the \`realpath' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_REALPATH], [/* Define to 1 if you have the \`realpath' function. */
 #undef HAVE_REALPATH])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_RECVMSG], [/* Define to 1 if you have the \`recvmsg' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_RECVMSG], [/* Define to 1 if you have the \`recvmsg' function. */
 #undef HAVE_RECVMSG])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_RRESVPORT_AF], [/* Define to 1 if you have the \`rresvport_af' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_RRESVPORT_AF], [/* Define to 1 if you have the \`rresvport_af' function. */
 #undef HAVE_RRESVPORT_AF])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_SENDMSG], [/* Define to 1 if you have the \`sendmsg' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SENDMSG], [/* Define to 1 if you have the \`sendmsg' function. */
 #undef HAVE_SENDMSG])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_SETDTABLESIZE], [/* Define to 1 if you have the \`setdtablesize' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SETDTABLESIZE], [/* Define to 1 if you have the \`setdtablesize' function. */
 #undef HAVE_SETDTABLESIZE])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_SETEGID], [/* Define to 1 if you have the \`setegid' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SETEGID], [/* Define to 1 if you have the \`setegid' function. */
 #undef HAVE_SETEGID])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_SETENV], [/* Define to 1 if you have the \`setenv' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SETENV], [/* Define to 1 if you have the \`setenv' function. */
 #undef HAVE_SETENV])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_SETEUID], [/* Define to 1 if you have the \`seteuid' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SETEUID], [/* Define to 1 if you have the \`seteuid' function. */
 #undef HAVE_SETEUID])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_SETGROUPS], [/* Define to 1 if you have the \`setgroups' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SETGROUPS], [/* Define to 1 if you have the \`setgroups' function. */
 #undef HAVE_SETGROUPS])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_SETLOGIN], [/* Define to 1 if you have the \`setlogin' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SETLOGIN], [/* Define to 1 if you have the \`setlogin' function. */
 #undef HAVE_SETLOGIN])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_SETPROCTITLE], [/* Define to 1 if you have the \`setproctitle' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SETPROCTITLE], [/* Define to 1 if you have the \`setproctitle' function. */
 #undef HAVE_SETPROCTITLE])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_SETRESGID], [/* Define to 1 if you have the \`setresgid' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SETRESGID], [/* Define to 1 if you have the \`setresgid' function. */
 #undef HAVE_SETRESGID])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_SETREUID], [/* Define to 1 if you have the \`setreuid' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SETREUID], [/* Define to 1 if you have the \`setreuid' function. */
 #undef HAVE_SETREUID])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_SETRLIMIT], [/* Define to 1 if you have the \`setrlimit' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SETRLIMIT], [/* Define to 1 if you have the \`setrlimit' function. */
 #undef HAVE_SETRLIMIT])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_SETSID], [/* Define to 1 if you have the \`setsid' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SETSID], [/* Define to 1 if you have the \`setsid' function. */
 #undef HAVE_SETSID])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_SETPCRED], [/* Define to 1 if you have the \`setpcred' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SETPCRED], [/* Define to 1 if you have the \`setpcred' function. */
 #undef HAVE_SETPCRED])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_SETVBUF], [/* Define to 1 if you have the \`setvbuf' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SETVBUF], [/* Define to 1 if you have the \`setvbuf' function. */
 #undef HAVE_SETVBUF])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_SIGACTION], [/* Define to 1 if you have the \`sigaction' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SIGACTION], [/* Define to 1 if you have the \`sigaction' function. */
 #undef HAVE_SIGACTION])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_SIGVEC], [/* Define to 1 if you have the \`sigvec' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SIGVEC], [/* Define to 1 if you have the \`sigvec' function. */
 #undef HAVE_SIGVEC])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_SNPRINTF], [/* Define to 1 if you have the \`snprintf' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SNPRINTF], [/* Define to 1 if you have the \`snprintf' function. */
 #undef HAVE_SNPRINTF])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_SOCKETPAIR], [/* Define to 1 if you have the \`socketpair' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SOCKETPAIR], [/* Define to 1 if you have the \`socketpair' function. */
 #undef HAVE_SOCKETPAIR])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_STRERROR], [/* Define to 1 if you have the \`strerror' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_STRERROR], [/* Define to 1 if you have the \`strerror' function. */
 #undef HAVE_STRERROR])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_STRLCAT], [/* Define to 1 if you have the \`strlcat' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_STRLCAT], [/* Define to 1 if you have the \`strlcat' function. */
 #undef HAVE_STRLCAT])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_STRLCPY], [/* Define to 1 if you have the \`strlcpy' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_STRLCPY], [/* Define to 1 if you have the \`strlcpy' function. */
 #undef HAVE_STRLCPY])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_STRMODE], [/* Define to 1 if you have the \`strmode' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_STRMODE], [/* Define to 1 if you have the \`strmode' function. */
 #undef HAVE_STRMODE])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_STRSEP], [/* Define to 1 if you have the \`strsep' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_STRSEP], [/* Define to 1 if you have the \`strsep' function. */
 #undef HAVE_STRSEP])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_SYSCONF], [/* Define to 1 if you have the \`sysconf' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SYSCONF], [/* Define to 1 if you have the \`sysconf' function. */
 #undef HAVE_SYSCONF])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_TCGETPGRP], [/* Define to 1 if you have the \`tcgetpgrp' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_TCGETPGRP], [/* Define to 1 if you have the \`tcgetpgrp' function. */
 #undef HAVE_TCGETPGRP])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_TRUNCATE], [/* Define to 1 if you have the \`truncate' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_TRUNCATE], [/* Define to 1 if you have the \`truncate' function. */
 #undef HAVE_TRUNCATE])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_UTIMES], [/* Define to 1 if you have the \`utimes' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_UTIMES], [/* Define to 1 if you have the \`utimes' function. */
 #undef HAVE_UTIMES])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_VHANGUP], [/* Define to 1 if you have the \`vhangup' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_VHANGUP], [/* Define to 1 if you have the \`vhangup' function. */
 #undef HAVE_VHANGUP])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_VSNPRINTF], [/* Define to 1 if you have the \`vsnprintf' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_VSNPRINTF], [/* Define to 1 if you have the \`vsnprintf' function. */
 #undef HAVE_VSNPRINTF])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE_WAITPID], [/* Define to 1 if you have the \`waitpid' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_WAITPID], [/* Define to 1 if you have the \`waitpid' function. */
 #undef HAVE_WAITPID])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE___B64_NTOP], [/* Define to 1 if you have the \`__b64_ntop' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE___B64_NTOP], [/* Define to 1 if you have the \`__b64_ntop' function. */
 #undef HAVE___B64_NTOP])
-m4trace:configure.ac:576: -1- AH_OUTPUT([HAVE__GETPTY], [/* Define to 1 if you have the \`_getpty' function. */
+m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE__GETPTY], [/* Define to 1 if you have the \`_getpty' function. */
 #undef HAVE__GETPTY])
-m4trace:configure.ac:613: -1- AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS(libgen.h) ], [
+m4trace:configure.ac:601: -1- AC_DEFINE_TRACE_LITERAL([HAVE_MMAP_ANON_SHARED])
+m4trace:configure.ac:639: -1- AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS(libgen.h) ], [
        AC_CHECK_LIB(gen, dirname,[
                AC_CACHE_CHECK([for broken dirname],
                        ac_cv_have_broken_dirname, [
@@ -544,12 +549,12 @@ int main(int argc, char **argv) {
                fi
        ])
 ])
-m4trace:configure.ac:613: -1- AH_OUTPUT([HAVE_DIRNAME], [/* Define to 1 if you have the \`dirname' function. */
+m4trace:configure.ac:639: -1- AH_OUTPUT([HAVE_DIRNAME], [/* Define to 1 if you have the \`dirname' function. */
 #undef HAVE_DIRNAME])
-m4trace:configure.ac:613: -1- AC_CHECK_HEADERS([libgen.h])
-m4trace:configure.ac:613: -1- AH_OUTPUT([HAVE_LIBGEN_H], [/* Define to 1 if you have the <libgen.h> header file. */
+m4trace:configure.ac:639: -1- AC_CHECK_HEADERS([libgen.h])
+m4trace:configure.ac:639: -1- AH_OUTPUT([HAVE_LIBGEN_H], [/* Define to 1 if you have the <libgen.h> header file. */
 #undef HAVE_LIBGEN_H])
-m4trace:configure.ac:613: -1- AC_CHECK_LIB([gen], [dirname], [
+m4trace:configure.ac:639: -1- AC_CHECK_LIB([gen], [dirname], [
                AC_CACHE_CHECK([for broken dirname],
                        ac_cv_have_broken_dirname, [
                        save_LIBS="$LIBS"
@@ -582,286 +587,285 @@ int main(int argc, char **argv) {
                        AC_CHECK_HEADERS(libgen.h)
                fi
        ])
-m4trace:configure.ac:613: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DIRNAME])
-m4trace:configure.ac:613: -1- AC_CHECK_HEADERS([libgen.h])
-m4trace:configure.ac:613: -1- AH_OUTPUT([HAVE_LIBGEN_H], [/* Define to 1 if you have the <libgen.h> header file. */
+m4trace:configure.ac:639: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DIRNAME])
+m4trace:configure.ac:639: -1- AC_CHECK_HEADERS([libgen.h])
+m4trace:configure.ac:639: -1- AH_OUTPUT([HAVE_LIBGEN_H], [/* Define to 1 if you have the <libgen.h> header file. */
 #undef HAVE_LIBGEN_H])
-m4trace:configure.ac:616: -1- AC_CHECK_FUNCS([gettimeofday time])
-m4trace:configure.ac:616: -1- AH_OUTPUT([HAVE_GETTIMEOFDAY], [/* Define to 1 if you have the \`gettimeofday' function. */
+m4trace:configure.ac:642: -1- AC_CHECK_FUNCS([gettimeofday time])
+m4trace:configure.ac:642: -1- AH_OUTPUT([HAVE_GETTIMEOFDAY], [/* Define to 1 if you have the \`gettimeofday' function. */
 #undef HAVE_GETTIMEOFDAY])
-m4trace:configure.ac:616: -1- AH_OUTPUT([HAVE_TIME], [/* Define to 1 if you have the \`time' function. */
+m4trace:configure.ac:642: -1- AH_OUTPUT([HAVE_TIME], [/* Define to 1 if you have the \`time' function. */
 #undef HAVE_TIME])
-m4trace:configure.ac:618: -1- AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent])
-m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_ENDUTENT], [/* Define to 1 if you have the \`endutent' function. */
+m4trace:configure.ac:644: -1- AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent])
+m4trace:configure.ac:644: -1- AH_OUTPUT([HAVE_ENDUTENT], [/* Define to 1 if you have the \`endutent' function. */
 #undef HAVE_ENDUTENT])
-m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_GETUTENT], [/* Define to 1 if you have the \`getutent' function. */
+m4trace:configure.ac:644: -1- AH_OUTPUT([HAVE_GETUTENT], [/* Define to 1 if you have the \`getutent' function. */
 #undef HAVE_GETUTENT])
-m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_GETUTID], [/* Define to 1 if you have the \`getutid' function. */
+m4trace:configure.ac:644: -1- AH_OUTPUT([HAVE_GETUTID], [/* Define to 1 if you have the \`getutid' function. */
 #undef HAVE_GETUTID])
-m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_GETUTLINE], [/* Define to 1 if you have the \`getutline' function. */
+m4trace:configure.ac:644: -1- AH_OUTPUT([HAVE_GETUTLINE], [/* Define to 1 if you have the \`getutline' function. */
 #undef HAVE_GETUTLINE])
-m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_PUTUTLINE], [/* Define to 1 if you have the \`pututline' function. */
+m4trace:configure.ac:644: -1- AH_OUTPUT([HAVE_PUTUTLINE], [/* Define to 1 if you have the \`pututline' function. */
 #undef HAVE_PUTUTLINE])
-m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SETUTENT], [/* Define to 1 if you have the \`setutent' function. */
+m4trace:configure.ac:644: -1- AH_OUTPUT([HAVE_SETUTENT], [/* Define to 1 if you have the \`setutent' function. */
 #undef HAVE_SETUTENT])
-m4trace:configure.ac:619: -1- AC_CHECK_FUNCS([utmpname])
-m4trace:configure.ac:619: -1- AH_OUTPUT([HAVE_UTMPNAME], [/* Define to 1 if you have the \`utmpname' function. */
+m4trace:configure.ac:645: -1- AC_CHECK_FUNCS([utmpname])
+m4trace:configure.ac:645: -1- AH_OUTPUT([HAVE_UTMPNAME], [/* Define to 1 if you have the \`utmpname' function. */
 #undef HAVE_UTMPNAME])
-m4trace:configure.ac:621: -1- AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline pututxline ])
-m4trace:configure.ac:621: -1- AH_OUTPUT([HAVE_ENDUTXENT], [/* Define to 1 if you have the \`endutxent' function. */
+m4trace:configure.ac:647: -1- AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline pututxline ])
+m4trace:configure.ac:647: -1- AH_OUTPUT([HAVE_ENDUTXENT], [/* Define to 1 if you have the \`endutxent' function. */
 #undef HAVE_ENDUTXENT])
-m4trace:configure.ac:621: -1- AH_OUTPUT([HAVE_GETUTXENT], [/* Define to 1 if you have the \`getutxent' function. */
+m4trace:configure.ac:647: -1- AH_OUTPUT([HAVE_GETUTXENT], [/* Define to 1 if you have the \`getutxent' function. */
 #undef HAVE_GETUTXENT])
-m4trace:configure.ac:621: -1- AH_OUTPUT([HAVE_GETUTXID], [/* Define to 1 if you have the \`getutxid' function. */
+m4trace:configure.ac:647: -1- AH_OUTPUT([HAVE_GETUTXID], [/* Define to 1 if you have the \`getutxid' function. */
 #undef HAVE_GETUTXID])
-m4trace:configure.ac:621: -1- AH_OUTPUT([HAVE_GETUTXLINE], [/* Define to 1 if you have the \`getutxline' function. */
+m4trace:configure.ac:647: -1- AH_OUTPUT([HAVE_GETUTXLINE], [/* Define to 1 if you have the \`getutxline' function. */
 #undef HAVE_GETUTXLINE])
-m4trace:configure.ac:621: -1- AH_OUTPUT([HAVE_PUTUTXLINE], [/* Define to 1 if you have the \`pututxline' function. */
+m4trace:configure.ac:647: -1- AH_OUTPUT([HAVE_PUTUTXLINE], [/* Define to 1 if you have the \`pututxline' function. */
 #undef HAVE_PUTUTXLINE])
-m4trace:configure.ac:622: -1- AC_CHECK_FUNCS([setutxent utmpxname])
-m4trace:configure.ac:622: -1- AH_OUTPUT([HAVE_SETUTXENT], [/* Define to 1 if you have the \`setutxent' function. */
+m4trace:configure.ac:648: -1- AC_CHECK_FUNCS([setutxent utmpxname])
+m4trace:configure.ac:648: -1- AH_OUTPUT([HAVE_SETUTXENT], [/* Define to 1 if you have the \`setutxent' function. */
 #undef HAVE_SETUTXENT])
-m4trace:configure.ac:622: -1- AH_OUTPUT([HAVE_UTMPXNAME], [/* Define to 1 if you have the \`utmpxname' function. */
+m4trace:configure.ac:648: -1- AH_OUTPUT([HAVE_UTMPXNAME], [/* Define to 1 if you have the \`utmpxname' function. */
 #undef HAVE_UTMPXNAME])
-m4trace:configure.ac:627: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DAEMON])
-m4trace:configure.ac:627: -1- AC_CHECK_LIB([bsd], [daemon], [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])
-m4trace:configure.ac:627: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DAEMON])
-m4trace:configure.ac:632: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETPAGESIZE])
-m4trace:configure.ac:632: -1- AC_CHECK_LIB([ucb], [getpagesize], [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])
-m4trace:configure.ac:632: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETPAGESIZE])
-m4trace:configure.ac:648: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SNPRINTF])
-m4trace:configure.ac:651: -1- AC_FUNC_GETPGRP
-m4trace:configure.ac:651: -1- AC_DEFINE_TRACE_LITERAL([GETPGRP_VOID])
-m4trace:configure.ac:651: -1- AH_OUTPUT([GETPGRP_VOID], [/* Define to 1 if the \`getpgrp' function requires zero arguments. */
+m4trace:configure.ac:653: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DAEMON])
+m4trace:configure.ac:653: -1- AC_CHECK_LIB([bsd], [daemon], [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])
+m4trace:configure.ac:653: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DAEMON])
+m4trace:configure.ac:658: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETPAGESIZE])
+m4trace:configure.ac:658: -1- AC_CHECK_LIB([ucb], [getpagesize], [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])
+m4trace:configure.ac:658: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETPAGESIZE])
+m4trace:configure.ac:674: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SNPRINTF])
+m4trace:configure.ac:677: -1- AC_FUNC_GETPGRP
+m4trace:configure.ac:677: -1- AC_DEFINE_TRACE_LITERAL([GETPGRP_VOID])
+m4trace:configure.ac:677: -1- AH_OUTPUT([GETPGRP_VOID], [/* Define to 1 if the \`getpgrp' function requires zero arguments. */
 #undef GETPGRP_VOID])
-m4trace:configure.ac:679: -1- AC_CHECK_LIB([dl], [dlopen], [], [])
-m4trace:configure.ac:679: -1- AH_OUTPUT([HAVE_LIBDL], [/* Define to 1 if you have the \`dl' library (-ldl). */
+m4trace:configure.ac:705: -1- AC_CHECK_LIB([dl], [dlopen], [], [])
+m4trace:configure.ac:705: -1- AH_OUTPUT([HAVE_LIBDL], [/* Define to 1 if you have the \`dl' library (-ldl). */
 #undef HAVE_LIBDL])
-m4trace:configure.ac:679: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBDL])
-m4trace:configure.ac:679: -1- AC_CHECK_LIB([pam], [pam_set_item], [], [{ { echo "$as_me:$LINENO: error: *** libpam missing" >&5
+m4trace:configure.ac:705: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBDL])
+m4trace:configure.ac:705: -1- AC_CHECK_LIB([pam], [pam_set_item], [], [{ { echo "$as_me:$LINENO: error: *** libpam missing" >&5
 echo "$as_me: error: *** libpam missing" >&2;}
    { (exit 1); exit 1; }; }])
-m4trace:configure.ac:679: -1- AH_OUTPUT([HAVE_LIBPAM], [/* Define to 1 if you have the \`pam' library (-lpam). */
+m4trace:configure.ac:705: -1- AH_OUTPUT([HAVE_LIBPAM], [/* Define to 1 if you have the \`pam' library (-lpam). */
 #undef HAVE_LIBPAM])
-m4trace:configure.ac:679: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBPAM])
-m4trace:configure.ac:679: -1- AC_CHECK_FUNCS([pam_getenvlist])
-m4trace:configure.ac:679: -1- AH_OUTPUT([HAVE_PAM_GETENVLIST], [/* Define to 1 if you have the \`pam_getenvlist' function. */
+m4trace:configure.ac:705: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBPAM])
+m4trace:configure.ac:705: -1- AC_CHECK_FUNCS([pam_getenvlist])
+m4trace:configure.ac:705: -1- AH_OUTPUT([HAVE_PAM_GETENVLIST], [/* Define to 1 if you have the \`pam_getenvlist' function. */
 #undef HAVE_PAM_GETENVLIST])
-m4trace:configure.ac:679: -1- AC_DEFINE_TRACE_LITERAL([USE_PAM])
-m4trace:configure.ac:679: -1- AC_SUBST([LIBPAM])
-m4trace:configure.ac:697: -1- AC_DEFINE_TRACE_LITERAL([HAVE_OLD_PAM])
-m4trace:configure.ac:729: -2- AC_DEFINE_TRACE_LITERAL([HAVE_OPENSSL])
-m4trace:configure.ac:744: -2- AC_DEFINE_TRACE_LITERAL([HAVE_OPENSSL])
-m4trace:configure.ac:767: -1- AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
-m4trace:configure.ac:815: -1- AC_DEFINE_TRACE_LITERAL([OPENSSL_PRNG_ONLY])
-m4trace:configure.ac:823: -1- AC_SUBST([INSTALL_SSH_RAND_HELPER])
-m4trace:configure.ac:846: -1- AC_DEFINE_TRACE_LITERAL([PRNGD_PORT])
-m4trace:configure.ac:896: -1- AC_DEFINE_TRACE_LITERAL([PRNGD_SOCKET])
-m4trace:configure.ac:896: -1- AC_DEFINE_TRACE_LITERAL([PRNGD_SOCKET])
-m4trace:configure.ac:908: -1- AC_DEFINE_TRACE_LITERAL([ENTROPY_TIMEOUT_MSEC])
-m4trace:configure.ac:919: -1- AC_DEFINE_TRACE_LITERAL([SSH_PRIVSEP_USER])
-m4trace:configure.ac:936: -1- AC_SUBST([PROG_LS], [$ac_cv_path_PROG_LS])
-m4trace:configure.ac:936: -1- AC_SUBST([PROG_LS])
-m4trace:configure.ac:937: -1- AC_SUBST([PROG_NETSTAT], [$ac_cv_path_PROG_NETSTAT])
-m4trace:configure.ac:937: -1- AC_SUBST([PROG_NETSTAT])
-m4trace:configure.ac:938: -1- AC_SUBST([PROG_ARP], [$ac_cv_path_PROG_ARP])
-m4trace:configure.ac:938: -1- AC_SUBST([PROG_ARP])
-m4trace:configure.ac:939: -1- AC_SUBST([PROG_IFCONFIG], [$ac_cv_path_PROG_IFCONFIG])
-m4trace:configure.ac:939: -1- AC_SUBST([PROG_IFCONFIG])
-m4trace:configure.ac:940: -1- AC_SUBST([PROG_JSTAT], [$ac_cv_path_PROG_JSTAT])
-m4trace:configure.ac:940: -1- AC_SUBST([PROG_JSTAT])
-m4trace:configure.ac:941: -1- AC_SUBST([PROG_PS], [$ac_cv_path_PROG_PS])
-m4trace:configure.ac:941: -1- AC_SUBST([PROG_PS])
-m4trace:configure.ac:942: -1- AC_SUBST([PROG_SAR], [$ac_cv_path_PROG_SAR])
-m4trace:configure.ac:942: -1- AC_SUBST([PROG_SAR])
-m4trace:configure.ac:943: -1- AC_SUBST([PROG_W], [$ac_cv_path_PROG_W])
-m4trace:configure.ac:943: -1- AC_SUBST([PROG_W])
-m4trace:configure.ac:944: -1- AC_SUBST([PROG_WHO], [$ac_cv_path_PROG_WHO])
-m4trace:configure.ac:944: -1- AC_SUBST([PROG_WHO])
-m4trace:configure.ac:945: -1- AC_SUBST([PROG_LAST], [$ac_cv_path_PROG_LAST])
-m4trace:configure.ac:945: -1- AC_SUBST([PROG_LAST])
-m4trace:configure.ac:946: -1- AC_SUBST([PROG_LASTLOG], [$ac_cv_path_PROG_LASTLOG])
-m4trace:configure.ac:946: -1- AC_SUBST([PROG_LASTLOG])
-m4trace:configure.ac:947: -1- AC_SUBST([PROG_DF], [$ac_cv_path_PROG_DF])
-m4trace:configure.ac:947: -1- AC_SUBST([PROG_DF])
-m4trace:configure.ac:948: -1- AC_SUBST([PROG_VMSTAT], [$ac_cv_path_PROG_VMSTAT])
-m4trace:configure.ac:948: -1- AC_SUBST([PROG_VMSTAT])
-m4trace:configure.ac:949: -1- AC_SUBST([PROG_UPTIME], [$ac_cv_path_PROG_UPTIME])
-m4trace:configure.ac:949: -1- AC_SUBST([PROG_UPTIME])
-m4trace:configure.ac:950: -1- AC_SUBST([PROG_IPCS], [$ac_cv_path_PROG_IPCS])
-m4trace:configure.ac:950: -1- AC_SUBST([PROG_IPCS])
-m4trace:configure.ac:951: -1- AC_SUBST([PROG_TAIL], [$ac_cv_path_PROG_TAIL])
-m4trace:configure.ac:951: -1- AC_SUBST([PROG_TAIL])
-m4trace:configure.ac:968: -1- AC_SUBST([INSTALL_SSH_PRNG_CMDS])
-m4trace:configure.ac:977: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_CHAR])
-m4trace:configure.ac:977: -1- AH_OUTPUT([SIZEOF_CHAR], [/* The size of a \`char', as computed by sizeof. */
+m4trace:configure.ac:705: -1- AC_DEFINE_TRACE_LITERAL([USE_PAM])
+m4trace:configure.ac:705: -1- AC_SUBST([LIBPAM])
+m4trace:configure.ac:723: -1- AC_DEFINE_TRACE_LITERAL([HAVE_OLD_PAM])
+m4trace:configure.ac:755: -2- AC_DEFINE_TRACE_LITERAL([HAVE_OPENSSL])
+m4trace:configure.ac:770: -2- AC_DEFINE_TRACE_LITERAL([HAVE_OPENSSL])
+m4trace:configure.ac:793: -1- AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
+m4trace:configure.ac:841: -1- AC_DEFINE_TRACE_LITERAL([OPENSSL_PRNG_ONLY])
+m4trace:configure.ac:849: -1- AC_SUBST([INSTALL_SSH_RAND_HELPER])
+m4trace:configure.ac:872: -1- AC_DEFINE_TRACE_LITERAL([PRNGD_PORT])
+m4trace:configure.ac:922: -1- AC_DEFINE_TRACE_LITERAL([PRNGD_SOCKET])
+m4trace:configure.ac:922: -1- AC_DEFINE_TRACE_LITERAL([PRNGD_SOCKET])
+m4trace:configure.ac:934: -1- AC_DEFINE_TRACE_LITERAL([ENTROPY_TIMEOUT_MSEC])
+m4trace:configure.ac:945: -1- AC_DEFINE_TRACE_LITERAL([SSH_PRIVSEP_USER])
+m4trace:configure.ac:946: -1- AC_SUBST([SSH_PRIVSEP_USER])
+m4trace:configure.ac:963: -1- AC_SUBST([PROG_LS], [$ac_cv_path_PROG_LS])
+m4trace:configure.ac:963: -1- AC_SUBST([PROG_LS])
+m4trace:configure.ac:964: -1- AC_SUBST([PROG_NETSTAT], [$ac_cv_path_PROG_NETSTAT])
+m4trace:configure.ac:964: -1- AC_SUBST([PROG_NETSTAT])
+m4trace:configure.ac:965: -1- AC_SUBST([PROG_ARP], [$ac_cv_path_PROG_ARP])
+m4trace:configure.ac:965: -1- AC_SUBST([PROG_ARP])
+m4trace:configure.ac:966: -1- AC_SUBST([PROG_IFCONFIG], [$ac_cv_path_PROG_IFCONFIG])
+m4trace:configure.ac:966: -1- AC_SUBST([PROG_IFCONFIG])
+m4trace:configure.ac:967: -1- AC_SUBST([PROG_JSTAT], [$ac_cv_path_PROG_JSTAT])
+m4trace:configure.ac:967: -1- AC_SUBST([PROG_JSTAT])
+m4trace:configure.ac:968: -1- AC_SUBST([PROG_PS], [$ac_cv_path_PROG_PS])
+m4trace:configure.ac:968: -1- AC_SUBST([PROG_PS])
+m4trace:configure.ac:969: -1- AC_SUBST([PROG_SAR], [$ac_cv_path_PROG_SAR])
+m4trace:configure.ac:969: -1- AC_SUBST([PROG_SAR])
+m4trace:configure.ac:970: -1- AC_SUBST([PROG_W], [$ac_cv_path_PROG_W])
+m4trace:configure.ac:970: -1- AC_SUBST([PROG_W])
+m4trace:configure.ac:971: -1- AC_SUBST([PROG_WHO], [$ac_cv_path_PROG_WHO])
+m4trace:configure.ac:971: -1- AC_SUBST([PROG_WHO])
+m4trace:configure.ac:972: -1- AC_SUBST([PROG_LAST], [$ac_cv_path_PROG_LAST])
+m4trace:configure.ac:972: -1- AC_SUBST([PROG_LAST])
+m4trace:configure.ac:973: -1- AC_SUBST([PROG_LASTLOG], [$ac_cv_path_PROG_LASTLOG])
+m4trace:configure.ac:973: -1- AC_SUBST([PROG_LASTLOG])
+m4trace:configure.ac:974: -1- AC_SUBST([PROG_DF], [$ac_cv_path_PROG_DF])
+m4trace:configure.ac:974: -1- AC_SUBST([PROG_DF])
+m4trace:configure.ac:975: -1- AC_SUBST([PROG_VMSTAT], [$ac_cv_path_PROG_VMSTAT])
+m4trace:configure.ac:975: -1- AC_SUBST([PROG_VMSTAT])
+m4trace:configure.ac:976: -1- AC_SUBST([PROG_UPTIME], [$ac_cv_path_PROG_UPTIME])
+m4trace:configure.ac:976: -1- AC_SUBST([PROG_UPTIME])
+m4trace:configure.ac:977: -1- AC_SUBST([PROG_IPCS], [$ac_cv_path_PROG_IPCS])
+m4trace:configure.ac:977: -1- AC_SUBST([PROG_IPCS])
+m4trace:configure.ac:978: -1- AC_SUBST([PROG_TAIL], [$ac_cv_path_PROG_TAIL])
+m4trace:configure.ac:978: -1- AC_SUBST([PROG_TAIL])
+m4trace:configure.ac:995: -1- AC_SUBST([INSTALL_SSH_PRNG_CMDS])
+m4trace:configure.ac:1004: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_CHAR])
+m4trace:configure.ac:1004: -1- AH_OUTPUT([SIZEOF_CHAR], [/* The size of a \`char', as computed by sizeof. */
 #undef SIZEOF_CHAR])
-m4trace:configure.ac:978: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_SHORT_INT])
-m4trace:configure.ac:978: -1- AH_OUTPUT([SIZEOF_SHORT_INT], [/* The size of a \`short int', as computed by sizeof. */
+m4trace:configure.ac:1005: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_SHORT_INT])
+m4trace:configure.ac:1005: -1- AH_OUTPUT([SIZEOF_SHORT_INT], [/* The size of a \`short int', as computed by sizeof. */
 #undef SIZEOF_SHORT_INT])
-m4trace:configure.ac:979: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_INT])
-m4trace:configure.ac:979: -1- AH_OUTPUT([SIZEOF_INT], [/* The size of a \`int', as computed by sizeof. */
+m4trace:configure.ac:1006: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_INT])
+m4trace:configure.ac:1006: -1- AH_OUTPUT([SIZEOF_INT], [/* The size of a \`int', as computed by sizeof. */
 #undef SIZEOF_INT])
-m4trace:configure.ac:980: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_LONG_INT])
-m4trace:configure.ac:980: -1- AH_OUTPUT([SIZEOF_LONG_INT], [/* The size of a \`long int', as computed by sizeof. */
+m4trace:configure.ac:1007: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_LONG_INT])
+m4trace:configure.ac:1007: -1- AH_OUTPUT([SIZEOF_LONG_INT], [/* The size of a \`long int', as computed by sizeof. */
 #undef SIZEOF_LONG_INT])
-m4trace:configure.ac:981: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_LONG_LONG_INT])
-m4trace:configure.ac:981: -1- AH_OUTPUT([SIZEOF_LONG_LONG_INT], [/* The size of a \`long long int', as computed by sizeof. */
+m4trace:configure.ac:1008: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_LONG_LONG_INT])
+m4trace:configure.ac:1008: -1- AH_OUTPUT([SIZEOF_LONG_LONG_INT], [/* The size of a \`long long int', as computed by sizeof. */
 #undef SIZEOF_LONG_LONG_INT])
-m4trace:configure.ac:998: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT])
-m4trace:configure.ac:1011: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INTXX_T])
-m4trace:configure.ac:1027: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INTXX_T])
-m4trace:configure.ac:1039: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INT64_T])
-m4trace:configure.ac:1053: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INT64_T])
+m4trace:configure.ac:1025: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT])
+m4trace:configure.ac:1038: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INTXX_T])
+m4trace:configure.ac:1054: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INTXX_T])
 m4trace:configure.ac:1066: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INT64_T])
-m4trace:configure.ac:1078: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INTXX_T])
-m4trace:configure.ac:1092: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INTXX_T])
-m4trace:configure.ac:1104: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT64_T])
-m4trace:configure.ac:1118: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT64_T])
-m4trace:configure.ac:1133: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UINTXX_T])
-m4trace:configure.ac:1147: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UINTXX_T])
-m4trace:configure.ac:1169: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INTXX_T])
-m4trace:configure.ac:1169: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INTXX_T])
-m4trace:configure.ac:1184: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_CHAR])
-m4trace:configure.ac:1187: -1- AC_DEFINE_TRACE_LITERAL([socklen_t])
-m4trace:configure.ac:1187: -1- AH_OUTPUT([socklen_t], [/* type to use in place of socklen_t if not defined */
+m4trace:configure.ac:1080: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INT64_T])
+m4trace:configure.ac:1093: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INT64_T])
+m4trace:configure.ac:1105: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INTXX_T])
+m4trace:configure.ac:1119: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INTXX_T])
+m4trace:configure.ac:1131: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT64_T])
+m4trace:configure.ac:1145: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT64_T])
+m4trace:configure.ac:1160: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UINTXX_T])
+m4trace:configure.ac:1174: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UINTXX_T])
+m4trace:configure.ac:1196: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INTXX_T])
+m4trace:configure.ac:1196: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INTXX_T])
+m4trace:configure.ac:1211: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_CHAR])
+m4trace:configure.ac:1214: -1- AC_DEFINE_TRACE_LITERAL([socklen_t])
+m4trace:configure.ac:1214: -1- AH_OUTPUT([socklen_t], [/* type to use in place of socklen_t if not defined */
 #undef socklen_t])
-m4trace:configure.ac:1189: -1- AC_CHECK_TYPES([sig_atomic_t], [], [], [#include <signal.h>])
-m4trace:configure.ac:1189: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SIG_ATOMIC_T])
-m4trace:configure.ac:1189: -1- AH_OUTPUT([HAVE_SIG_ATOMIC_T], [/* Define to 1 if the system has the type \`sig_atomic_t'. */
+m4trace:configure.ac:1216: -1- AC_CHECK_TYPES([sig_atomic_t], [], [], [#include <signal.h>])
+m4trace:configure.ac:1216: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SIG_ATOMIC_T])
+m4trace:configure.ac:1216: -1- AH_OUTPUT([HAVE_SIG_ATOMIC_T], [/* Define to 1 if the system has the type \`sig_atomic_t'. */
 #undef HAVE_SIG_ATOMIC_T])
-m4trace:configure.ac:1202: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SIZE_T])
-m4trace:configure.ac:1216: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SSIZE_T])
-m4trace:configure.ac:1230: -1- AC_DEFINE_TRACE_LITERAL([HAVE_CLOCK_T])
-m4trace:configure.ac:1255: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SA_FAMILY_T])
-m4trace:configure.ac:1269: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PID_T])
-m4trace:configure.ac:1283: -1- AC_DEFINE_TRACE_LITERAL([HAVE_MODE_T])
-m4trace:configure.ac:1299: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_SOCKADDR_STORAGE])
-m4trace:configure.ac:1314: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_SOCKADDR_IN6])
-m4trace:configure.ac:1329: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_IN6_ADDR])
-m4trace:configure.ac:1345: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_ADDRINFO])
-m4trace:configure.ac:1357: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_TIMEVAL])
-m4trace:configure.ac:1394: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SNPRINTF])
-m4trace:configure.ac:1396: -1- AC_SUBST([NO_SFTP])
-m4trace:configure.ac:1399: -1- AC_DEFINE_TRACE_LITERAL([HAVE_HOST_IN_UTMP])
-m4trace:configure.ac:1400: -1- AC_DEFINE_TRACE_LITERAL([HAVE_HOST_IN_UTMPX])
-m4trace:configure.ac:1401: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYSLEN_IN_UTMPX])
-m4trace:configure.ac:1402: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PID_IN_UTMP])
-m4trace:configure.ac:1403: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TYPE_IN_UTMP])
-m4trace:configure.ac:1404: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TYPE_IN_UTMPX])
-m4trace:configure.ac:1405: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TV_IN_UTMP])
-m4trace:configure.ac:1406: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ID_IN_UTMP])
-m4trace:configure.ac:1407: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ID_IN_UTMPX])
-m4trace:configure.ac:1408: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_IN_UTMP])
-m4trace:configure.ac:1409: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_IN_UTMPX])
-m4trace:configure.ac:1410: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_V6_IN_UTMP])
-m4trace:configure.ac:1411: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_V6_IN_UTMPX])
-m4trace:configure.ac:1412: -1- AC_DEFINE_TRACE_LITERAL([HAVE_EXIT_IN_UTMP])
-m4trace:configure.ac:1413: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TIME_IN_UTMP])
-m4trace:configure.ac:1414: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TIME_IN_UTMPX])
-m4trace:configure.ac:1415: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TV_IN_UTMPX])
-m4trace:configure.ac:1417: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_STAT_ST_BLKSIZE])
-m4trace:configure.ac:1417: -1- AH_OUTPUT([HAVE_STRUCT_STAT_ST_BLKSIZE], [/* Define to 1 if \`st_blksize' is member of \`struct stat'. */
+m4trace:configure.ac:1229: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SIZE_T])
+m4trace:configure.ac:1243: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SSIZE_T])
+m4trace:configure.ac:1257: -1- AC_DEFINE_TRACE_LITERAL([HAVE_CLOCK_T])
+m4trace:configure.ac:1282: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SA_FAMILY_T])
+m4trace:configure.ac:1296: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PID_T])
+m4trace:configure.ac:1310: -1- AC_DEFINE_TRACE_LITERAL([HAVE_MODE_T])
+m4trace:configure.ac:1326: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_SOCKADDR_STORAGE])
+m4trace:configure.ac:1341: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_SOCKADDR_IN6])
+m4trace:configure.ac:1356: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_IN6_ADDR])
+m4trace:configure.ac:1372: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_ADDRINFO])
+m4trace:configure.ac:1384: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_TIMEVAL])
+m4trace:configure.ac:1421: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SNPRINTF])
+m4trace:configure.ac:1423: -1- AC_SUBST([NO_SFTP])
+m4trace:configure.ac:1426: -1- AC_DEFINE_TRACE_LITERAL([HAVE_HOST_IN_UTMP])
+m4trace:configure.ac:1427: -1- AC_DEFINE_TRACE_LITERAL([HAVE_HOST_IN_UTMPX])
+m4trace:configure.ac:1428: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYSLEN_IN_UTMPX])
+m4trace:configure.ac:1429: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PID_IN_UTMP])
+m4trace:configure.ac:1430: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TYPE_IN_UTMP])
+m4trace:configure.ac:1431: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TYPE_IN_UTMPX])
+m4trace:configure.ac:1432: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TV_IN_UTMP])
+m4trace:configure.ac:1433: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ID_IN_UTMP])
+m4trace:configure.ac:1434: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ID_IN_UTMPX])
+m4trace:configure.ac:1435: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_IN_UTMP])
+m4trace:configure.ac:1436: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_IN_UTMPX])
+m4trace:configure.ac:1437: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_V6_IN_UTMP])
+m4trace:configure.ac:1438: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_V6_IN_UTMPX])
+m4trace:configure.ac:1439: -1- AC_DEFINE_TRACE_LITERAL([HAVE_EXIT_IN_UTMP])
+m4trace:configure.ac:1440: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TIME_IN_UTMP])
+m4trace:configure.ac:1441: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TIME_IN_UTMPX])
+m4trace:configure.ac:1442: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TV_IN_UTMPX])
+m4trace:configure.ac:1444: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_STAT_ST_BLKSIZE])
+m4trace:configure.ac:1444: -1- AH_OUTPUT([HAVE_STRUCT_STAT_ST_BLKSIZE], [/* Define to 1 if \`st_blksize' is member of \`struct stat'. */
 #undef HAVE_STRUCT_STAT_ST_BLKSIZE])
-m4trace:configure.ac:1432: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SS_FAMILY_IN_SS])
-m4trace:configure.ac:1448: -1- AC_DEFINE_TRACE_LITERAL([HAVE___SS_FAMILY_IN_SS])
-m4trace:configure.ac:1463: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PW_CLASS_IN_PASSWD])
-m4trace:configure.ac:1478: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PW_EXPIRE_IN_PASSWD])
-m4trace:configure.ac:1493: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PW_CHANGE_IN_PASSWD])
-m4trace:configure.ac:1518: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ACCRIGHTS_IN_MSGHDR])
-m4trace:configure.ac:1542: -1- AC_DEFINE_TRACE_LITERAL([HAVE_CONTROL_IN_MSGHDR])
-m4trace:configure.ac:1553: -1- AC_DEFINE_TRACE_LITERAL([HAVE___PROGNAME])
-m4trace:configure.ac:1566: -1- AC_DEFINE_TRACE_LITERAL([HAVE___FUNCTION__])
-m4trace:configure.ac:1579: -1- AC_DEFINE_TRACE_LITERAL([HAVE___func__])
-m4trace:configure.ac:1594: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETOPT_OPTRESET])
-m4trace:configure.ac:1605: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYS_ERRLIST])
-m4trace:configure.ac:1617: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYS_NERR])
-m4trace:configure.ac:1650: -1- AC_CHECK_HEADERS([sectok.h])
-m4trace:configure.ac:1650: -1- AH_OUTPUT([HAVE_SECTOK_H], [/* Define to 1 if you have the <sectok.h> header file. */
+m4trace:configure.ac:1459: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SS_FAMILY_IN_SS])
+m4trace:configure.ac:1475: -1- AC_DEFINE_TRACE_LITERAL([HAVE___SS_FAMILY_IN_SS])
+m4trace:configure.ac:1490: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PW_CLASS_IN_PASSWD])
+m4trace:configure.ac:1505: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PW_EXPIRE_IN_PASSWD])
+m4trace:configure.ac:1520: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PW_CHANGE_IN_PASSWD])
+m4trace:configure.ac:1545: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ACCRIGHTS_IN_MSGHDR])
+m4trace:configure.ac:1569: -1- AC_DEFINE_TRACE_LITERAL([HAVE_CONTROL_IN_MSGHDR])
+m4trace:configure.ac:1580: -1- AC_DEFINE_TRACE_LITERAL([HAVE___PROGNAME])
+m4trace:configure.ac:1593: -1- AC_DEFINE_TRACE_LITERAL([HAVE___FUNCTION__])
+m4trace:configure.ac:1606: -1- AC_DEFINE_TRACE_LITERAL([HAVE___func__])
+m4trace:configure.ac:1621: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETOPT_OPTRESET])
+m4trace:configure.ac:1632: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYS_ERRLIST])
+m4trace:configure.ac:1644: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYS_NERR])
+m4trace:configure.ac:1677: -1- AC_CHECK_HEADERS([sectok.h])
+m4trace:configure.ac:1677: -1- AH_OUTPUT([HAVE_SECTOK_H], [/* Define to 1 if you have the <sectok.h> header file. */
 #undef HAVE_SECTOK_H])
-m4trace:configure.ac:1650: -1- AC_CHECK_LIB([sectok], [sectok_open])
-m4trace:configure.ac:1650: -1- AH_OUTPUT([HAVE_LIBSECTOK], [/* Define to 1 if you have the \`sectok' library (-lsectok). */
+m4trace:configure.ac:1677: -1- AC_CHECK_LIB([sectok], [sectok_open])
+m4trace:configure.ac:1677: -1- AH_OUTPUT([HAVE_LIBSECTOK], [/* Define to 1 if you have the \`sectok' library (-lsectok). */
 #undef HAVE_LIBSECTOK])
-m4trace:configure.ac:1650: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBSECTOK])
-m4trace:configure.ac:1650: -1- AC_DEFINE_TRACE_LITERAL([SMARTCARD])
-m4trace:configure.ac:1650: -1- AC_DEFINE_TRACE_LITERAL([USE_SECTOK])
-m4trace:configure.ac:1659: -1- AC_SUBST([OPENSC_CONFIG], [$ac_cv_path_OPENSC_CONFIG])
-m4trace:configure.ac:1665: -1- AC_DEFINE_TRACE_LITERAL([SMARTCARD])
-m4trace:configure.ac:1666: -1- AC_DEFINE_TRACE_LITERAL([USE_OPENSC])
-m4trace:configure.ac:1708: -1- AC_DEFINE_TRACE_LITERAL([KRB5])
-m4trace:configure.ac:1708: -1- AC_DEFINE_TRACE_LITERAL([HEIMDAL])
-m4trace:configure.ac:1708: -1- AC_CHECK_LIB([resolv], [dn_expand], [], [])
-m4trace:configure.ac:1708: -1- AH_OUTPUT([HAVE_LIBRESOLV], [/* Define to 1 if you have the \`resolv' library (-lresolv). */
+m4trace:configure.ac:1677: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBSECTOK])
+m4trace:configure.ac:1677: -1- AC_DEFINE_TRACE_LITERAL([SMARTCARD])
+m4trace:configure.ac:1677: -1- AC_DEFINE_TRACE_LITERAL([USE_SECTOK])
+m4trace:configure.ac:1686: -1- AC_SUBST([OPENSC_CONFIG], [$ac_cv_path_OPENSC_CONFIG])
+m4trace:configure.ac:1692: -1- AC_DEFINE_TRACE_LITERAL([SMARTCARD])
+m4trace:configure.ac:1693: -1- AC_DEFINE_TRACE_LITERAL([USE_OPENSC])
+m4trace:configure.ac:1735: -1- AC_DEFINE_TRACE_LITERAL([KRB5])
+m4trace:configure.ac:1735: -1- AC_DEFINE_TRACE_LITERAL([HEIMDAL])
+m4trace:configure.ac:1735: -1- AC_CHECK_LIB([resolv], [dn_expand], [], [])
+m4trace:configure.ac:1735: -1- AH_OUTPUT([HAVE_LIBRESOLV], [/* Define to 1 if you have the \`resolv' library (-lresolv). */
 #undef HAVE_LIBRESOLV])
-m4trace:configure.ac:1708: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBRESOLV])
-m4trace:configure.ac:1762: -1- AC_CHECK_HEADERS([krb.h])
-m4trace:configure.ac:1762: -1- AH_OUTPUT([HAVE_KRB_H], [/* Define to 1 if you have the <krb.h> header file. */
+m4trace:configure.ac:1735: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBRESOLV])
+m4trace:configure.ac:1789: -1- AC_CHECK_HEADERS([krb.h])
+m4trace:configure.ac:1789: -1- AH_OUTPUT([HAVE_KRB_H], [/* Define to 1 if you have the <krb.h> header file. */
 #undef HAVE_KRB_H])
-m4trace:configure.ac:1762: -1- AC_CHECK_LIB([krb], [main])
-m4trace:configure.ac:1762: -1- AH_OUTPUT([HAVE_LIBKRB], [/* Define to 1 if you have the \`krb' library (-lkrb). */
+m4trace:configure.ac:1789: -1- AC_CHECK_LIB([krb], [main])
+m4trace:configure.ac:1789: -1- AH_OUTPUT([HAVE_LIBKRB], [/* Define to 1 if you have the \`krb' library (-lkrb). */
 #undef HAVE_LIBKRB])
-m4trace:configure.ac:1762: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBKRB])
-m4trace:configure.ac:1762: -1- AC_CHECK_LIB([krb4], [main])
-m4trace:configure.ac:1762: -1- AH_OUTPUT([HAVE_LIBKRB4], [/* Define to 1 if you have the \`krb4' library (-lkrb4). */
+m4trace:configure.ac:1789: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBKRB])
+m4trace:configure.ac:1789: -1- AC_CHECK_LIB([krb4], [main])
+m4trace:configure.ac:1789: -1- AH_OUTPUT([HAVE_LIBKRB4], [/* Define to 1 if you have the \`krb4' library (-lkrb4). */
 #undef HAVE_LIBKRB4])
-m4trace:configure.ac:1762: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBKRB4])
-m4trace:configure.ac:1762: -1- AC_CHECK_LIB([des], [des_cbc_encrypt])
-m4trace:configure.ac:1762: -1- AH_OUTPUT([HAVE_LIBDES], [/* Define to 1 if you have the \`des' library (-ldes). */
+m4trace:configure.ac:1789: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBKRB4])
+m4trace:configure.ac:1789: -1- AC_CHECK_LIB([des], [des_cbc_encrypt])
+m4trace:configure.ac:1789: -1- AH_OUTPUT([HAVE_LIBDES], [/* Define to 1 if you have the \`des' library (-ldes). */
 #undef HAVE_LIBDES])
-m4trace:configure.ac:1762: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBDES])
-m4trace:configure.ac:1762: -1- AC_CHECK_LIB([des425], [des_cbc_encrypt])
-m4trace:configure.ac:1762: -1- AH_OUTPUT([HAVE_LIBDES425], [/* Define to 1 if you have the \`des425' library (-ldes425). */
+m4trace:configure.ac:1789: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBDES])
+m4trace:configure.ac:1789: -1- AC_CHECK_LIB([des425], [des_cbc_encrypt])
+m4trace:configure.ac:1789: -1- AH_OUTPUT([HAVE_LIBDES425], [/* Define to 1 if you have the \`des425' library (-ldes425). */
 #undef HAVE_LIBDES425])
-m4trace:configure.ac:1762: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBDES425])
-m4trace:configure.ac:1762: -1- AC_CHECK_LIB([resolv], [dn_expand], [], [])
-m4trace:configure.ac:1762: -1- AH_OUTPUT([HAVE_LIBRESOLV], [/* Define to 1 if you have the \`resolv' library (-lresolv). */
+m4trace:configure.ac:1789: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBDES425])
+m4trace:configure.ac:1789: -1- AC_CHECK_LIB([resolv], [dn_expand], [], [])
+m4trace:configure.ac:1789: -1- AH_OUTPUT([HAVE_LIBRESOLV], [/* Define to 1 if you have the \`resolv' library (-lresolv). */
 #undef HAVE_LIBRESOLV])
-m4trace:configure.ac:1762: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBRESOLV])
-m4trace:configure.ac:1762: -1- AC_DEFINE_TRACE_LITERAL([KRB4])
-m4trace:configure.ac:1788: -1- AC_DEFINE_TRACE_LITERAL([AFS])
-m4trace:configure.ac:1802: -1- AC_SUBST([rsh_path], [$ac_cv_path_rsh_path])
-m4trace:configure.ac:1813: -1- AC_SUBST([PRIVSEP_PATH])
-m4trace:configure.ac:1828: -1- AC_SUBST([xauth_path], [$ac_cv_path_xauth_path])
-m4trace:configure.ac:1832: -1- AC_SUBST([XAUTH_PATH])
-m4trace:configure.ac:1834: -1- AC_DEFINE_TRACE_LITERAL([XAUTH_PATH])
-m4trace:configure.ac:1836: -1- AC_SUBST([XAUTH_PATH])
-m4trace:configure.ac:1839: -1- AC_DEFINE_TRACE_LITERAL([RSH_PATH])
-m4trace:configure.ac:1845: -1- AC_DEFINE_TRACE_LITERAL([MAIL_DIRECTORY])
-m4trace:configure.ac:1855: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DEV_PTMX])
-m4trace:configure.ac:1863: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DEV_PTS_AND_PTC])
-m4trace:configure.ac:1880: -1- AC_SUBST([NROFF], [$ac_cv_path_NROFF])
-m4trace:configure.ac:1889: -1- AC_SUBST([MANTYPE])
-m4trace:configure.ac:1895: -1- AC_SUBST([mansubdir])
-m4trace:configure.ac:1907: -1- AC_DEFINE_TRACE_LITERAL([HAVE_MD5_PASSWORDS])
-m4trace:configure.ac:1918: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
-m4trace:configure.ac:1933: -1- AC_DEFINE_TRACE_LITERAL([HAS_SHADOW_EXPIRE])
-m4trace:configure.ac:1942: -1- AC_DEFINE_TRACE_LITERAL([IPADDR_IN_DISPLAY])
-m4trace:configure.ac:1953: -1- AC_DEFINE_TRACE_LITERAL([IPADDR_IN_DISPLAY])
-m4trace:configure.ac:2030: -1- AC_DEFINE_TRACE_LITERAL([USER_PATH])
-m4trace:configure.ac:2031: -1- AC_SUBST([user_path])
-m4trace:configure.ac:2043: -1- AC_DEFINE_TRACE_LITERAL([SUPERUSER_PATH])
-m4trace:configure.ac:2056: -1- AC_DEFINE_TRACE_LITERAL([IPV4_DEFAULT])
-m4trace:configure.ac:2079: -1- AC_DEFINE_TRACE_LITERAL([IPV4_IN_IPV6])
-m4trace:configure.ac:2079: -1- AC_DEFINE_TRACE_LITERAL([IPV4_IN_IPV6])
-m4trace:configure.ac:2091: -1- AC_DEFINE_TRACE_LITERAL([BSD_AUTH])
-m4trace:configure.ac:2115: -1- AC_DEFINE_TRACE_LITERAL([_PATH_SSH_PIDDIR])
-m4trace:configure.ac:2116: -1- AC_SUBST([piddir])
-m4trace:configure.ac:2122: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LASTLOG])
-m4trace:configure.ac:2126: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
-m4trace:configure.ac:2130: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMPX])
-m4trace:configure.ac:2134: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMP])
-m4trace:configure.ac:2138: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMPX])
-m4trace:configure.ac:2142: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LOGIN])
-m4trace:configure.ac:2146: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_PUTUTLINE])
-m4trace:configure.ac:2150: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_PUTUTXLINE])
-m4trace:configure.ac:2160: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LASTLOG])
-m4trace:configure.ac:2222: -1- AC_DEFINE_TRACE_LITERAL([CONF_LASTLOG_FILE])
-m4trace:configure.ac:2247: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
-m4trace:configure.ac:2252: -1- AC_DEFINE_TRACE_LITERAL([CONF_UTMP_FILE])
-m4trace:configure.ac:2277: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMP])
-m4trace:configure.ac:2282: -1- AC_DEFINE_TRACE_LITERAL([CONF_WTMP_FILE])
-m4trace:configure.ac:2307: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMPX])
-m4trace:configure.ac:2310: -1- AC_DEFINE_TRACE_LITERAL([CONF_UTMPX_FILE])
-m4trace:configure.ac:2332: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMPX])
-m4trace:configure.ac:2335: -1- AC_DEFINE_TRACE_LITERAL([CONF_WTMPX_FILE])
-m4trace:configure.ac:2353: -1- AC_CONFIG_FILES([Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds])
+m4trace:configure.ac:1789: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBRESOLV])
+m4trace:configure.ac:1789: -1- AC_DEFINE_TRACE_LITERAL([KRB4])
+m4trace:configure.ac:1815: -1- AC_DEFINE_TRACE_LITERAL([AFS])
+m4trace:configure.ac:1829: -1- AC_SUBST([PRIVSEP_PATH])
+m4trace:configure.ac:1844: -1- AC_SUBST([xauth_path], [$ac_cv_path_xauth_path])
+m4trace:configure.ac:1848: -1- AC_SUBST([XAUTH_PATH])
+m4trace:configure.ac:1850: -1- AC_DEFINE_TRACE_LITERAL([XAUTH_PATH])
+m4trace:configure.ac:1852: -1- AC_SUBST([XAUTH_PATH])
+m4trace:configure.ac:1858: -1- AC_DEFINE_TRACE_LITERAL([MAIL_DIRECTORY])
+m4trace:configure.ac:1868: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DEV_PTMX])
+m4trace:configure.ac:1876: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DEV_PTS_AND_PTC])
+m4trace:configure.ac:1893: -1- AC_SUBST([NROFF], [$ac_cv_path_NROFF])
+m4trace:configure.ac:1902: -1- AC_SUBST([MANTYPE])
+m4trace:configure.ac:1908: -1- AC_SUBST([mansubdir])
+m4trace:configure.ac:1920: -1- AC_DEFINE_TRACE_LITERAL([HAVE_MD5_PASSWORDS])
+m4trace:configure.ac:1931: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
+m4trace:configure.ac:1946: -1- AC_DEFINE_TRACE_LITERAL([HAS_SHADOW_EXPIRE])
+m4trace:configure.ac:1955: -1- AC_DEFINE_TRACE_LITERAL([IPADDR_IN_DISPLAY])
+m4trace:configure.ac:1966: -1- AC_DEFINE_TRACE_LITERAL([IPADDR_IN_DISPLAY])
+m4trace:configure.ac:2043: -1- AC_DEFINE_TRACE_LITERAL([USER_PATH])
+m4trace:configure.ac:2044: -1- AC_SUBST([user_path])
+m4trace:configure.ac:2056: -1- AC_DEFINE_TRACE_LITERAL([SUPERUSER_PATH])
+m4trace:configure.ac:2069: -1- AC_DEFINE_TRACE_LITERAL([IPV4_DEFAULT])
+m4trace:configure.ac:2092: -1- AC_DEFINE_TRACE_LITERAL([IPV4_IN_IPV6])
+m4trace:configure.ac:2092: -1- AC_DEFINE_TRACE_LITERAL([IPV4_IN_IPV6])
+m4trace:configure.ac:2104: -1- AC_DEFINE_TRACE_LITERAL([BSD_AUTH])
+m4trace:configure.ac:2128: -1- AC_DEFINE_TRACE_LITERAL([_PATH_SSH_PIDDIR])
+m4trace:configure.ac:2129: -1- AC_SUBST([piddir])
+m4trace:configure.ac:2135: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LASTLOG])
+m4trace:configure.ac:2139: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
+m4trace:configure.ac:2143: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMPX])
+m4trace:configure.ac:2147: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMP])
+m4trace:configure.ac:2151: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMPX])
+m4trace:configure.ac:2155: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LOGIN])
+m4trace:configure.ac:2159: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_PUTUTLINE])
+m4trace:configure.ac:2163: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_PUTUTXLINE])
+m4trace:configure.ac:2173: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LASTLOG])
+m4trace:configure.ac:2235: -1- AC_DEFINE_TRACE_LITERAL([CONF_LASTLOG_FILE])
+m4trace:configure.ac:2260: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
+m4trace:configure.ac:2265: -1- AC_DEFINE_TRACE_LITERAL([CONF_UTMP_FILE])
+m4trace:configure.ac:2290: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMP])
+m4trace:configure.ac:2295: -1- AC_DEFINE_TRACE_LITERAL([CONF_WTMP_FILE])
+m4trace:configure.ac:2320: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMPX])
+m4trace:configure.ac:2323: -1- AC_DEFINE_TRACE_LITERAL([CONF_UTMPX_FILE])
+m4trace:configure.ac:2345: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMPX])
+m4trace:configure.ac:2348: -1- AC_DEFINE_TRACE_LITERAL([CONF_WTMPX_FILE])
+m4trace:configure.ac:2366: -1- AC_CONFIG_FILES([Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds])

diff --git a/openssh/bufaux.c b/openssh/bufaux.c
index 79f8bbd49667f528e6f56d39459c51573a4a2e57..d3dc674ce4043d1c62abedfb6b1a2903a03afa22 100644 (file)
--- a/openssh/bufaux.c
+++ b/openssh/bufaux.c
@@ -37,7 +37,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: bufaux.c,v 1.25 2002/04/20 09:14:58 markus Exp $");
+RCSID("$OpenBSD: bufaux.c,v 1.27 2002/06/26 08:53:12 markus Exp $");
 
 #include <openssl/bn.h>
 #include "bufaux.h"
@@ -88,6 +88,8 @@ buffer_get_bignum(Buffer *buffer, BIGNUM *value)
        bits = GET_16BIT(buf);
        /* Compute the number of binary bytes that follow. */
        bytes = (bits + 7) / 8;
+       if (bytes > 8 * 1024)
+               fatal("buffer_get_bignum: cannot handle BN of size %d", bytes);
        if (buffer_len(buffer) < bytes)
                fatal("buffer_get_bignum: input buffer too small");
        bin = buffer_ptr(buffer);
@@ -105,6 +107,7 @@ buffer_put_bignum2(Buffer *buffer, BIGNUM *value)
        u_char *buf = xmalloc(bytes);
        int oi;
        int hasnohigh = 0;
+
        buf[0] = '\0';
        /* Get the value of in binary */
        oi = BN_bn2bin(value, buf+1);
@@ -128,12 +131,15 @@ buffer_put_bignum2(Buffer *buffer, BIGNUM *value)
        xfree(buf);
 }
 
+/* XXX does not handle negative BNs */
 void
 buffer_get_bignum2(Buffer *buffer, BIGNUM *value)
 {
-       /**XXX should be two's-complement */
-       int len;
-       u_char *bin = buffer_get_string(buffer, (u_int *)&len);
+       u_int len;
+       u_char *bin = buffer_get_string(buffer, &len);
+
+       if (len > 8 * 1024)
+               fatal("buffer_get_bignum2: cannot handle BN of size %d", len);
        BN_bin2bn(bin, len, value);
        xfree(bin);
 }
@@ -145,6 +151,7 @@ u_short
 buffer_get_short(Buffer *buffer)
 {
        u_char buf[2];
+
        buffer_get(buffer, (char *) buf, 2);
        return GET_16BIT(buf);
 }
@@ -153,6 +160,7 @@ u_int
 buffer_get_int(Buffer *buffer)
 {
        u_char buf[4];
+
        buffer_get(buffer, (char *) buf, 4);
        return GET_32BIT(buf);
 }
@@ -162,6 +170,7 @@ u_int64_t
 buffer_get_int64(Buffer *buffer)
 {
        u_char buf[8];
+
        buffer_get(buffer, (char *) buf, 8);
        return GET_64BIT(buf);
 }
@@ -174,6 +183,7 @@ void
 buffer_put_short(Buffer *buffer, u_short value)
 {
        char buf[2];
+
        PUT_16BIT(buf, value);
        buffer_append(buffer, buf, 2);
 }
@@ -182,6 +192,7 @@ void
 buffer_put_int(Buffer *buffer, u_int value)
 {
        char buf[4];
+
        PUT_32BIT(buf, value);
        buffer_append(buffer, buf, 4);
 }
@@ -191,6 +202,7 @@ void
 buffer_put_int64(Buffer *buffer, u_int64_t value)
 {
        char buf[8];
+
        PUT_64BIT(buf, value);
        buffer_append(buffer, buf, 8);
 }
@@ -207,8 +219,9 @@ buffer_put_int64(Buffer *buffer, u_int64_t value)
 void *
 buffer_get_string(Buffer *buffer, u_int *length_ptr)
 {
-       u_int len;
        u_char *value;
+       u_int len;
+
        /* Get the length. */
        len = buffer_get_int(buffer);
        if (len > 256 * 1024)
@@ -249,6 +262,7 @@ int
 buffer_get_char(Buffer *buffer)
 {
        char ch;
+
        buffer_get(buffer, &ch, 1);
        return (u_char) ch;
 }
@@ -260,5 +274,6 @@ void
 buffer_put_char(Buffer *buffer, int value)
 {
        char ch = value;
+
        buffer_append(buffer, &ch, 1);
 }

diff --git a/openssh/buffer.c b/openssh/buffer.c
index 40572e5ac30e5c4e5e6ee8ced39b025377b78a8f..ad04b267e0d8c2493860a7c5fd1e067a954c767a 100644 (file)
--- a/openssh/buffer.c
+++ b/openssh/buffer.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: buffer.c,v 1.15 2002/01/18 18:14:17 stevesk Exp $");
+RCSID("$OpenBSD: buffer.c,v 1.16 2002/06/26 08:54:18 markus Exp $");
 
 #include "xmalloc.h"
 #include "buffer.h"
@@ -71,6 +71,9 @@ buffer_append_space(Buffer *buffer, u_int len)
 {
        void *p;
 
+       if (len > 0x100000)
+               fatal("buffer_append_space: len %u not supported", len);
+
        /* If the buffer is empty, start using it from the beginning. */
        if (buffer->offset == buffer->end) {
                buffer->offset = 0;
@@ -96,6 +99,9 @@ restart:
        }
        /* Increase the size of the buffer and retry. */
        buffer->alloc += len + 32768;
+       if (buffer->alloc > 0xa00000)
+               fatal("buffer_append_space: alloc %u not supported",
+                   buffer->alloc);
        buffer->buf = xrealloc(buffer->buf, buffer->alloc);
        goto restart;
        /* NOTREACHED */

diff --git a/openssh/channels.c b/openssh/channels.c
index d34411e18787d56ca764702680334a41a12c7201..29eaee7c4d6011841ad8920592aa12cb2d080d6f 100644 (file)
--- a/openssh/channels.c
+++ b/openssh/channels.c
@@ -39,7 +39,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: channels.c,v 1.175 2002/06/10 22:28:41 markus Exp $");
+RCSID("$OpenBSD: channels.c,v 1.179 2002/06/26 08:55:02 markus Exp $");
 
 #include "ssh.h"
 #include "ssh1.h"
@@ -205,7 +205,7 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd,
 
 Channel *
 channel_new(char *ctype, int type, int rfd, int wfd, int efd,
-    int window, int maxpack, int extusage, char *remote_name, int nonblock)
+    u_int window, u_int maxpack, int extusage, char *remote_name, int nonblock)
 {
        int i, found;
        Channel *c;
@@ -229,6 +229,9 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd,
                /* There are no free slots.  Take last+1 slot and expand the array.  */
                found = channels_alloc;
                channels_alloc += 10;
+               if (channels_alloc > 10000)
+                       fatal("channel_new: internal error: channels_alloc %d "
+                           "too big.", channels_alloc);
                debug2("channel: expanding %d", channels_alloc);
                channels = xrealloc(channels, channels_alloc * sizeof(Channel *));
                for (i = found; i < channels_alloc; i++)
@@ -1568,8 +1571,9 @@ channel_after_select(fd_set * readset, fd_set * writeset)
 void
 channel_output_poll(void)
 {
-       int len, i;
        Channel *c;
+       int i;
+       u_int len;
 
        for (i = 0; i < channels_alloc; i++) {
                c = channels[i];
@@ -1647,7 +1651,7 @@ channel_output_poll(void)
                    c->remote_window > 0 &&
                    (len = buffer_len(&c->extended)) > 0 &&
                    c->extended_usage == CHAN_EXTENDED_READ) {
-                       debug2("channel %d: rwin %d elen %d euse %d",
+                       debug2("channel %d: rwin %u elen %u euse %d",
                            c->self, c->remote_window, buffer_len(&c->extended),
                            c->extended_usage);
                        if (len > c->remote_window)
@@ -1717,9 +1721,8 @@ void
 channel_input_extended_data(int type, u_int32_t seq, void *ctxt)
 {
        int id;
-       int tcode;
        char *data;
-       u_int data_len;
+       u_int data_len, tcode;
        Channel *c;
 
        /* Get the channel number and verify it. */
@@ -1874,7 +1877,7 @@ channel_input_open_confirmation(int type, u_int32_t seq, void *ctxt)
                        c->confirm(c->self, NULL);
                        debug2("callback done");
                }
-               debug("channel %d: open confirm rwindow %d rmax %d", c->self,
+               debug("channel %d: open confirm rwindow %u rmax %u", c->self,
                    c->remote_window, c->remote_maxpacket);
        }
        packet_check_eom();
@@ -1931,7 +1934,8 @@ void
 channel_input_window_adjust(int type, u_int32_t seq, void *ctxt)
 {
        Channel *c;
-       int id, adjust;
+       int id;
+       u_int adjust;
 
        if (!compat20)
                return;
@@ -1947,7 +1951,7 @@ channel_input_window_adjust(int type, u_int32_t seq, void *ctxt)
        }
        adjust = packet_get_int();
        packet_check_eom();
-       debug2("channel %d: rcvd adjust %d", id, adjust);
+       debug2("channel %d: rcvd adjust %u", id, adjust);
        c->remote_window += adjust;
 }
 
@@ -2328,12 +2332,12 @@ channel_connect_to(const char *host, u_short port)
 
 /*
  * Creates an internet domain socket for listening for X11 connections.
- * Returns a suitable display number for the DISPLAY variable, or -1 if
- * an error occurs.
+ * Returns 0 and a suitable display number for the DISPLAY variable
+ * stored in display_numberp , or -1 if an error occurs.
  */
 int
 x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
-    int single_connection)
+    int single_connection, u_int *display_numberp)
 {
        Channel *nc = NULL;
        int display_number, sock;
@@ -2431,7 +2435,8 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
        }
 
        /* Return the display number for the DISPLAY environment variable. */
-       return display_number;
+       *display_numberp = display_number;
+       return (0);
 }
 
 static int

diff --git a/openssh/channels.h b/openssh/channels.h
index 9ceff3e7319904143c595f15ef0eaef6531716cd..dd54114d6c013d0840c274fc09a5b0b761592c0d 100644 (file)
--- a/openssh/channels.h
+++ b/openssh/channels.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: channels.h,v 1.68 2002/06/10 22:28:41 markus Exp $    */
+/*     $OpenBSD: channels.h,v 1.70 2002/06/24 14:33:27 markus Exp $    */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -90,12 +90,12 @@ struct Channel {
        int     host_port;      /* remote port to connect for forwards */
        char   *remote_name;    /* remote hostname */
 
-       int     remote_window;
-       int     remote_maxpacket;
-       int     local_window;
-       int     local_window_max;
-       int     local_consumed;
-       int     local_maxpacket;
+       u_int   remote_window;
+       u_int   remote_maxpacket;
+       u_int   local_window;
+       u_int   local_window_max;
+       u_int   local_consumed;
+       u_int   local_maxpacket;
        int     extended_usage;
        int     single_connection;
 
@@ -151,7 +151,7 @@ struct Channel {
 /* channel management */
 
 Channel        *channel_lookup(int);
-Channel *channel_new(char *, int, int, int, int, int, int, int, char *, int);
+Channel *channel_new(char *, int, int, int, int, u_int, u_int, int, char *, int);
 void    channel_set_fds(int, int, int, int, int, int, u_int);
 void    channel_free(Channel *);
 void    channel_free_all(void);
@@ -205,7 +205,7 @@ int  channel_setup_remote_fwd_listener(const char *, u_short, int);
 /* x11 forwarding */
 
 int     x11_connect_display(void);
-int     x11_create_display_inet(int, int, int);
+int     x11_create_display_inet(int, int, int, u_int *);
 void     x11_input_open(int, u_int32_t, void *);
 void    x11_request_forwarding_with_spoofing(int, const char *, const char *);
 void    deny_input_open(int, u_int32_t, void *);

diff --git a/openssh/cipher.c b/openssh/cipher.c
index b18c701fb03168024f7e750e49c7b3e8b326c76a..6db340d7a991c46ad477c4184aa2d50b036b1723 100644 (file)
--- a/openssh/cipher.c
+++ b/openssh/cipher.c
@@ -35,7 +35,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: cipher.c,v 1.59 2002/06/19 18:01:00 markus Exp $");
+RCSID("$OpenBSD: cipher.c,v 1.60 2002/06/23 03:26:52 deraadt Exp $");
 
 #include "xmalloc.h"
 #include "log.h"
@@ -95,11 +95,13 @@ cipher_blocksize(Cipher *c)
 {
        return (c->block_size);
 }
+
 u_int
 cipher_keylen(Cipher *c)
 {
        return (c->key_len);
 }
+
 u_int
 cipher_get_number(Cipher *c)
 {
@@ -314,6 +316,7 @@ struct ssh1_3des_ctx
 {
        EVP_CIPHER_CTX  k1, k2, k3;
 };
+
 static int
 ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
     int enc)
@@ -356,6 +359,7 @@ ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
 #endif
        return (1);
 }
+
 static int
 ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, u_int len)
 {
@@ -377,6 +381,7 @@ ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, u_int len)
 #endif
        return (1);
 }
+
 static int
 ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx)
 {
@@ -389,6 +394,7 @@ ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx)
        }
        return (1);
 }
+
 static const EVP_CIPHER *
 evp_ssh1_3des(void)
 {
@@ -430,7 +436,9 @@ swap_bytes(const u_char *src, u_char *dst, int n)
                *dst++ = c[3];
        }
 }
+
 static int (*orig_bf)(EVP_CIPHER_CTX *, u_char *, const u_char *, u_int) = NULL;
+
 static int
 bf_ssh1_cipher(EVP_CIPHER_CTX *ctx, u_char *out, const u_char *in, u_int len)
 {
@@ -441,6 +449,7 @@ bf_ssh1_cipher(EVP_CIPHER_CTX *ctx, u_char *out, const u_char *in, u_int len)
        swap_bytes(out, out, len);
        return (ret);
 }
+
 static const EVP_CIPHER *
 evp_ssh1_bf(void)
 {
@@ -483,6 +492,7 @@ ssh_rijndael_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
                memcpy(c->r_iv, iv, RIJNDAEL_BLOCKSIZE);
        return (1);
 }
+
 static int
 ssh_rijndael_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
     u_int len)
@@ -528,6 +538,7 @@ ssh_rijndael_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
        }
        return (1);
 }
+
 static int
 ssh_rijndael_cleanup(EVP_CIPHER_CTX *ctx)
 {
@@ -540,6 +551,7 @@ ssh_rijndael_cleanup(EVP_CIPHER_CTX *ctx)
        }
        return (1);
 }
+
 static const EVP_CIPHER *
 evp_rijndael(void)
 {

diff --git a/openssh/clientloop.c b/openssh/clientloop.c
index 75d24ace2b413c0e468aae868e5c3ab4f1ea34ac..cd2eab77a9c057d7ac5012636f435f73089865be 100644 (file)
--- a/openssh/clientloop.c
+++ b/openssh/clientloop.c
@@ -59,7 +59,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: clientloop.c,v 1.101 2002/06/09 13:32:01 markus Exp $");
+RCSID("$OpenBSD: clientloop.c,v 1.102 2002/06/24 14:33:27 markus Exp $");
 
 #include "ssh.h"
 #include "ssh1.h"
@@ -1208,10 +1208,8 @@ client_input_channel_open(int type, u_int32_t seq, void *ctxt)
 {
        Channel *c = NULL;
        char *ctype;
-       u_int len;
        int rchan;
-       int rmaxpack;
-       int rwindow;
+       u_int rmaxpack, rwindow, len;
 
        ctype = packet_get_string(&len);
        rchan = packet_get_int();

diff --git a/openssh/configure.ac b/openssh/configure.ac
index 38ac8449a0b118610dd5f3b0221fb209e8df1ad3..18f0e8a0285c3746b578bd629bcb9fbd6cc656e1 100644 (file)
--- a/openssh/configure.ac
+++ b/openssh/configure.ac
@@ -76,6 +76,7 @@ case "$host" in
        AC_DEFINE(BROKEN_REALPATH)
        dnl AIX handles lastlog as part of its login message
        AC_DEFINE(DISABLE_LASTLOG)
+       AC_DEFINE(LOGIN_NEEDS_UTMPX)
        ;;
 *-*-cygwin*)
        LIBS="$LIBS /usr/lib/textmode.o"
@@ -85,6 +86,7 @@ case "$host" in
        AC_DEFINE(IPV4_DEFAULT)
        AC_DEFINE(IP_TOS_IS_BROKEN)
        AC_DEFINE(NO_X11_UNIX_SOCKETS)
+       AC_DEFINE(BROKEN_FD_PASSING)
        AC_DEFINE(SETGROUPS_NOOP)
        ;;
 *-*-dgux*)
@@ -246,7 +248,6 @@ mips-sony-bsd|mips-sony-newsos4)
        CPPFLAGS="$CPPFLAGS -Dftruncate=chsize -I/usr/local/include"
        LDFLAGS="$LDFLAGS -L/usr/local/lib"
        LIBS="$LIBS -los -lprot -lx -ltinfo -lm"
-       rsh_path="/usr/bin/rcmd"
        RANLIB=true
        no_dev_ptmx=1
        AC_DEFINE(BROKEN_SYS_TERMIO_H)
@@ -263,10 +264,10 @@ mips-sony-bsd|mips-sony-newsos4)
        LDFLAGS="$LDFLAGS -L/usr/local/lib"
        LIBS="$LIBS -lprot -lx -ltinfo -lm"
        no_dev_ptmx=1
-       rsh_path="/usr/bin/rcmd"
        AC_DEFINE(USE_PIPES)
        AC_DEFINE(HAVE_SECUREWARE)
        AC_DEFINE(DISABLE_SHADOW)
+       AC_DEFINE(BROKEN_FD_PASSING)
        AC_CHECK_FUNCS(getluid setluid)
        MANTYPE=man
        ;;
@@ -274,6 +275,7 @@ mips-sony-bsd|mips-sony-newsos4)
        no_libsocket=1
        no_libnsl=1
        AC_DEFINE(USE_PIPES)
+       AC_DEFINE(BROKEN_FD_PASSING)
        LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal,-L/usr/local/lib"
        LIBS="$LIBS -lgen -lrsc"
        ;;
@@ -575,6 +577,30 @@ AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \
        socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \
        truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty)
 
+if test $ac_cv_func_mmap = yes ; then
+AC_MSG_CHECKING([for mmap anon shared])
+AC_TRY_RUN(
+       [
+#include <stdio.h>
+#include <sys/mman.h>
+#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
+#define MAP_ANON MAP_ANONYMOUS
+#endif
+main() { char *p;
+p = (char *) mmap(NULL, 10, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED, -1, 0);
+if (p == (char *)-1)
+       exit(1);
+exit(0);
+}
+       ],
+       [
+               AC_MSG_RESULT(yes)
+               AC_DEFINE(HAVE_MMAP_ANON_SHARED)
+       ],
+       [ AC_MSG_RESULT(no) ] 
+)
+fi
+
 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
        AC_CHECK_LIB(gen, dirname,[
@@ -907,16 +933,17 @@ AC_ARG_WITH(entropy-timeout,
 )
 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
 
-ssh_privsep_user=sshd
+SSH_PRIVSEP_USER=sshd
 AC_ARG_WITH(privsep-user,
        [  --with-privsep-user=user Specify non-privileged user for privilege separation],
        [
                if test -n "$withval"; then
-                       ssh_privsep_user=$withval
+                       SSH_PRIVSEP_USER=$withval
                fi
        ]       
 )
-AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$ssh_privsep_user")
+AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
+AC_SUBST(SSH_PRIVSEP_USER)
 
 # We do this little dance with the search path to insure
 # that programs that we select for use by installed programs
@@ -1789,17 +1816,6 @@ AC_ARG_WITH(afs,
 LIBS="$LIBS $KLIBS $K5LIBS"
 
 # Looking for programs, paths and files
-AC_ARG_WITH(rsh,
-       [  --with-rsh=PATH         Specify path to remote shell program ],
-       [
-               if test "x$withval" != "$no" ; then
-                       rsh_path=$withval
-               fi
-       ],
-       [
-               AC_PATH_PROG(rsh_path, rsh)
-       ]
-)
 
 PRIVSEP_PATH=/var/empty
 AC_ARG_WITH(privsep-path,
@@ -1835,9 +1851,6 @@ else
        XAUTH_PATH=$xauth_path
        AC_SUBST(XAUTH_PATH)
 fi
-if test ! -z "$rsh_path" ; then
-       AC_DEFINE_UNQUOTED(RSH_PATH, "$rsh_path")
-fi
 
 # Check for mail directory (last resort if we cannot get it from headers)
 if test ! -z "$MAIL" ; then

diff --git a/openssh/contrib/aix/README b/openssh/contrib/aix/README
index a08c08441e2b8eb826a7f94cfa6376c55c732ae8..033fd0a5d6ba0f2ebe3dbd04eda90a8021b0c79d 100644 (file)
--- a/openssh/contrib/aix/README
+++ b/openssh/contrib/aix/README
@@ -25,6 +25,10 @@ Other notes:
 The script treats all packages as USR packages (not ROOT+USR when
 appropriate).  It seems to work, though......
 
+If there are any patches to this that have not yet been integrated they
+may be found at http://www.zip.com.au/~dtucker/openssh/ or
+http://home.usf.advantra.com.au/~dtucker/openssh/.
+
 
 Disclaimer:
 

diff --git a/openssh/contrib/aix/buildbff.sh b/openssh/contrib/aix/buildbff.sh
index 4095884845d02a81cc0de041cc357053ee49c952..d531e53f432b022503e10ced90dd42447072ddf1 100755 (executable)
--- a/openssh/contrib/aix/buildbff.sh
+++ b/openssh/contrib/aix/buildbff.sh
@@ -9,28 +9,96 @@
 # Based originally on Ben Lindstrom's buildpkg.sh for Solaris
 #
 
+#
+# Tunable configuration settings
+#      create a "config.local" in your build directory to override these.
+#
+PERMIT_ROOT_LOGIN=no
+X11_FORWARDING=no
+
 umask 022
+
+#
+# We still support running from contrib/aix, but this is depreciated
+#
+if pwd | egrep 'contrib/aix$'
+then
+       echo "Changing directory to `pwd`/../.."
+       echo "Please run buildbff.sh from your build directory in future."
+       cd ../..
+       contribaix=1
+fi
+
+if [ ! -f Makefile ]
+then
+       echo "Makefile not found (did you run configure?)"
+       exit 1 
+fi
+
+#
+# Directories used during build:
+# current dir = $objdir                directory you ran ./configure in.
+# $objdir/$PKGDIR/             directory package files are constructed in
+# $objdir/$PKGDIR/root/                package root ($FAKE_ROOT)
+#
+objdir=`pwd`
 PKGNAME=openssh
 PKGDIR=package
 
-PATH=`pwd`:$PATH               # set path for external tools
-export PATH
+# Path to inventory.sh: same place as buildbff.sh
+if  echo $0 | egrep '^/'
+then
+       inventory=`dirname $0`/inventory.sh             # absolute path
+else
+       inventory=`pwd`/`dirname $0`/inventory.sh       # relative path
+fi
 
-# Clean build directory 
-rm -rf $PKGDIR
-mkdir $PKGDIR
+#
+# Collect local configuration settings to override defaults
+#
+if [ -s ./config.local ]
+then
+       echo Reading local settings from config.local
+       . ./config.local
+fi
+
+#
+# Fill in some details from Makefile, like prefix and sysconfdir
+#      the eval also expands variables like sysconfdir=${prefix}/etc
+#      provided they are eval'ed in the correct order
+#
+for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir mansubdir sysconfdir piddir srcdir
+do
+       eval $confvar=`grep "^$confvar=" $objdir/Makefile | cut -d = -f 2`
+done
+
+#
+# Collect values of privsep user and privsep path
+#      currently only found in config.h
+#
+for confvar in SSH_PRIVSEP_USER PRIVSEP_PATH
+do
+       eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' $objdir/config.h`
+done
 
-if [ ! -f ../../Makefile ]
+# Set privsep defaults if not defined
+if [ -z "$SSH_PRIVSEP_USER" ]
 then
-       echo "Top-level Makefile not found (did you run ./configure?)"
-       exit 1
+       SSH_PRIVSEP_USER=sshd
+fi
+if [ -z "$PRIVSEP_PATH" ]
+then
+       PRIVSEP_PATH=/var/empty
 fi
 
-## Start by faking root install 
+# Clean package build directory 
+rm -rf $objdir/$PKGDIR
+FAKE_ROOT=$objdir/$PKGDIR/root
+mkdir -p $FAKE_ROOT
+
+# Start by faking root install 
 echo "Faking root install..."
-START=`pwd`
-FAKE_ROOT=$START/$PKGDIR
-cd ../.. 
+cd $objdir
 make install-nokeys DESTDIR=$FAKE_ROOT
 
 if [ $? -gt 0 ]
@@ -39,6 +107,12 @@ then
        exit 1
 fi
 
+#
+# Copy informational files to include in package
+#
+cp $srcdir/LICENCE $objdir/$PKGDIR/
+cp $srcdir/README* $objdir/$PKGDIR/
+
 #
 # Extract common info requires for the 'info' part of the package.
 #      AIX requires 4-part version numbers
@@ -47,24 +121,27 @@ VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//' | cut -f 2 -d _`
 MAJOR=`echo $VERSION | cut -f 1 -d p | cut -f 1 -d .`
 MINOR=`echo $VERSION | cut -f 1 -d p | cut -f 2 -d .`
 PATCH=`echo $VERSION | cut -f 1 -d p | cut -f 3 -d .`
-PORTABLE=`echo $VERSION | cut -f 2 -d p`
-if [ "$PATCH" = "" ]
-then
-       PATCH=0
-fi
+PORTABLE=`echo $VERSION | awk 'BEGIN{FS="p"}{print $2}'`
+[ "$PATCH" = "" ] && PATCH=0
+[ "$PORTABLE" = "" ] && PORTABLE=0
 BFFVERSION=`printf "%d.%d.%d.%d" $MAJOR $MINOR $PATCH $PORTABLE`
 
 echo "Building BFF for $PKGNAME $VERSION (package version $BFFVERSION)"
 
 #
-# Fill in some details, like prefix and sysconfdir
-#      the eval also expands variables like sysconfdir=${prefix}/etc
-#      provided they are eval'ed in the correct order
+# Set ssh and sshd parameters as per config.local
 #
-for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir mansubdir sysconfdir piddir
-do
-       eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2`
-done
+if [ "${PERMIT_ROOT_LOGIN}" = no ] 
+then
+        perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \
+                $FAKE_ROOT/${sysconfdir}/sshd_config
+fi
+if [ "${X11_FORWARDING}" = yes ]
+then
+        perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \
+                $FAKE_ROOT/${sysconfdir}/sshd_config
+fi
+
 
 # Rename config files; postinstall script will copy them if necessary
 for cfgfile in ssh_config sshd_config ssh_prng_cmds
@@ -74,14 +151,18 @@ done
 
 #
 # Generate lpp control files.
-#      working dir is $FAKE_ROOT but files are generated in contrib/aix
+#      working dir is $FAKE_ROOT but files are generated in dir above
 #      and moved into place just before creation of .bff
 #
 cd $FAKE_ROOT
 echo Generating LPP control files
 find . ! -name . -print >../openssh.al
-inventory.sh >../openssh.inventory
-cp ../../../LICENCE ../openssh.copyright
+$inventory >../openssh.inventory
+
+cat <<EOD >../openssh.copyright
+This software is distributed under a BSD-style license.
+For the full text of the license, see /usr/lpp/openssh/LICENCE
+EOD
 
 #
 # Create postinstall script
@@ -89,7 +170,7 @@ cp ../../../LICENCE ../openssh.copyright
 cat <<EOF >>../openssh.post_i
 #!/bin/sh
 
-# Create configs from defaults if necessary
+echo Creating configs from defaults if necessary.
 for cfgfile in ssh_config sshd_config ssh_prng_cmds
 do
         if [ ! -f $sysconfdir/\$cfgfile ]
@@ -100,8 +181,51 @@ do
                 echo "\$cfgfile already exists."
         fi
 done
+echo
+
+# Create PrivSep user if PrivSep not disabled in config
+echo Creating PrivSep prereqs if required.
+if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null
+then
+       echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user,"
+       echo "group or chroot directory."
+else
+       echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."
+
+       # create group if required
+       if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
+       then
+               echo "PrivSep group $SSH_PRIVSEP_USER already exists."
+       else
+               echo "Creating PrivSep group $SSH_PRIVSEP_USER."
+               mkgroup -A $SSH_PRIVSEP_USER
+       fi
+
+       # Create user if required
+       if cut -f1 -d: /etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
+       then
+               echo "PrivSep user $SSH_PRIVSEP_USER already exists."
+       else
+               echo "Creating PrivSep user $SSH_PRIVSEP_USER."
+               mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER
+       fi
+
+       # create chroot directory if required
+       if [ -d $PRIVSEP_PATH ]
+       then
+               echo "PrivSep chroot directory $PRIVSEP_PATH already exists."
+       else
+               echo "Creating PrivSep chroot directory $PRIVSEP_PATH."
+               mkdir $PRIVSEP_PATH
+               chown 0 $PRIVSEP_PATH
+               chgrp 0 $PRIVSEP_PATH
+               chmod 755 $PRIVSEP_PATH
+       fi
+fi
+echo
 
 # Generate keys unless they already exist
+echo Creating host keys if required.
 if [ -f "$sysconfdir/ssh_host_key" ] ; then
         echo "$sysconfdir/ssh_host_key already exists, skipping."
 else
@@ -117,6 +241,7 @@ if [ -f $sysconfdir/ssh_host_rsa_key ] ; then
 else 
         $bindir/ssh-keygen -t rsa -f $sysconfdir/ssh_host_rsa_key -N ""
 fi
+echo
 
 # Add to system startup if required
 if grep $sbindir/sshd /etc/rc.tcpip >/dev/null
@@ -135,10 +260,10 @@ EOF
 echo Creating liblpp.a
 (
        cd ..
-       for i in al copyright inventory post_i
+       for i in openssh.al openssh.copyright openssh.inventory openssh.post_i LICENCE README*
        do
-               ar -r liblpp.a openssh.$i
-               rm openssh.$i
+               ar -r liblpp.a $i
+               rm $i
        done
 )
 
@@ -159,6 +284,8 @@ echo Creating liblpp.a
 # /usr/local/share 3
 # %
 # ]
+# }
+
 echo Creating lpp_name
 cat <<EOF >../lpp_name
 4 R I $PKGNAME {
@@ -167,11 +294,14 @@ $PKGNAME $BFFVERSION 1 N U en_US OpenSSH $VERSION Portable for AIX
 %
 EOF
 
-for i in $bindir $sysconfdir $libexecdir $mandir/man1 $mandir/man8 $sbindir $datadir
+for i in $bindir $sysconfdir $libexecdir $mandir/${mansubdir}1 $mandir/${mansubdir}8 $sbindir $datadir /usr/lpp/openssh
 do
        # get size in 512 byte blocks
-       size=`du $FAKE_ROOT/$i | awk '{print $1}'`
-       echo "$i $size" >>../lpp_name
+       if [ -d $FAKE_ROOT/$i ]
+       then
+               size=`du $FAKE_ROOT/$i | awk '{print $1}'`
+               echo "$i $size" >>../lpp_name
+       fi
 done
 
 echo '%' >>../lpp_name
@@ -187,7 +317,7 @@ mv ../lpp_name .
 
 #
 # Now invoke backup to create .bff file
-#      note: lpp_name needs to be the first file do we generate the
+#      note: lpp_name needs to be the first file so we generate the
 #      file list on the fly and feed it to backup using -i
 #
 echo Creating $PKGNAME-$VERSION.bff with backup...
@@ -197,8 +327,17 @@ rm -f $PKGNAME-$VERSION.bff
        find . ! -name lpp_name -a ! -name . -print 
 ) | backup  -i -q -f ../$PKGNAME-$VERSION.bff $filelist
 
-cd ..
+#
+# Move package into final location
+#
+if [ "$contribaix" = "1" ]
+then
+       mv ../$PKGNAME-$VERSION.bff $objdir/contrib/aix
+else
+       mv ../$PKGNAME-$VERSION.bff $objdir
+fi
+
+rm -rf $objdir/$PKGDIR
 
-rm -rf $PKGDIR
 echo $0: done.
 

diff --git a/openssh/contrib/caldera/openssh.spec b/openssh/contrib/caldera/openssh.spec
index 57dd8c7e95a2724bdad9cea50ae527536d8c931c..ca6eb257b7eadcf5bcbf58276ae1c547fb7f4f1d 100644 (file)
--- a/openssh/contrib/caldera/openssh.spec
+++ b/openssh/contrib/caldera/openssh.spec
@@ -1,22 +1,49 @@
-%define use-stable     1
-%if %{use-stable}
-  %define version      3.3p1
+
+# Some of this will need re-evaluation post-LSB.  The SVIdir is there
+# because the link appeared broken.  The rest is for easy compilation,
+# the tradeoff open to discussion.  (LC957)
+
+%define        SVIdir          /etc/rc.d/init.d
+%{!?_defaultdocdir:%define     _defaultdocdir  %{_prefix}/share/doc/packages}
+%{!?SVIcdir:%define            SVIcdir         /etc/sysconfig/daemons}
+
+%define _mandir                %{_prefix}/share/man/en
+%define _sysconfdir    /etc/ssh
+%define        _libexecdir     %{_libdir}/ssh
+
+# Do we want to disable root_login? (1=yes 0=no)
+%define no_root_login 0
+
+#old cvs stuff.  please update before use.  may be deprecated.
+%define use_stable     1
+%if %{use_stable}
+  %define version      3.4p1
   %define cvs          %{nil}
-  %define release      1
+  %define release      2
 %else
-  %define version      3.3
-  %define cvs          cvs20020515
+  %define version      2.9.9p2
+  %define cvs          cvs20011009
   %define release      0r1
 %endif
 %define xsa            x11-ssh-askpass         
 %define askpass                %{xsa}-1.2.4.1
 
+# OpenSSH privilege separation requires a user & group ID
+%define sshd_uid    67
+%define sshd_gid    67
+
 Name           : openssh
 Version        : %{version}%{cvs}
 Release        : %{release}
 Group          : System/Network
 
 Summary        : OpenSSH free Secure Shell (SSH) implementation.
+Summary(de)    : OpenSSH - freie Implementation der Secure Shell (SSH).
+Summary(es)    : OpenSSH implementación libre de Secure Shell (SSH).
+Summary(fr)    : Implémentation libre du shell sécurisé OpenSSH (SSH).
+Summary(it)    : Implementazione gratuita OpenSSH della Secure Shell.
+Summary(pt)    : Implementação livre OpenSSH do protocolo 'Secure Shell' (SSH).
+Summary(pt_BR)         : Implementação livre OpenSSH do protocolo Secure Shell (SSH).
 
 Copyright      : BSD
 Packager       : Raymund Will <ray@caldera.de>
@@ -24,140 +51,228 @@ URL               : http://www.openssh.com/
 
 Obsoletes      : ssh, ssh-clients, openssh-clients
 
-BuildRoot      : /tmp/%{Name}-%{Version}
+BuildRoot      : /tmp/%{name}-%{version}
+BuildRequires  : XFree86-imake
 
-# %{use-stable}==1:    ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable
-# %{use-stable}==0:    :pserver:cvs@bass.directhit.com:/cvs/openssh_cvs
-Source0: see-above:/.../openssh-%{Version}.tar.gz
-%if %{use-stable}
-Source1: see-above:/.../openssh-%{Version}.tar.gz.sig
+# %{use_stable}==1:    ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable
+# %{use_stable}==0:    :pserver:cvs@bass.directhit.com:/cvs/openssh_cvs
+Source0: see-above:/.../openssh-%{version}.tar.gz
+%if %{use_stable}
+Source1: see-above:/.../openssh-%{version}.tar.gz.sig
 %endif
 Source2: http://www.ntrnet.net/~jmknoble/software/%{xsa}/%{askpass}.tar.gz
 Source3: http://www.openssh.com/faq.html
 
-
 %Package server
 Group          : System/Network
-Requires       : openssh = %{Version}
+Requires       : openssh = %{version}
 Obsoletes      : ssh-server
 
 Summary        : OpenSSH Secure Shell protocol server (sshd).
+Summary(de)    : OpenSSH Secure Shell Protocol-Server (sshd).
+Summary(es)    : Servidor del protocolo OpenSSH Secure Shell (sshd).
+Summary(fr)    : Serveur de protocole du shell sécurisé OpenSSH (sshd).
+Summary(it)    : Server OpenSSH per il protocollo Secure Shell (sshd).
+Summary(pt)    : Servidor do protocolo 'Secure Shell' OpenSSH (sshd).
+Summary(pt_BR)         : Servidor do protocolo Secure Shell OpenSSH (sshd).
 
 
 %Package askpass
 Group          : System/Network
-Requires       : openssh = %{Version}
+Requires       : openssh = %{version}
 URL            : http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/
 Obsoletes      : ssh-extras
 
 Summary        : OpenSSH X11 pass-phrase dialog.
+Summary(de)    : OpenSSH X11 Passwort-Dialog.
+Summary(es)    : Aplicación de petición de frase clave OpenSSH X11.
+Summary(fr)    : Dialogue pass-phrase X11 d'OpenSSH.
+Summary(it)    : Finestra di dialogo X11 per la frase segreta di OpenSSH.
+Summary(pt)    : Diálogo de pedido de senha para X11 do OpenSSH.
+Summary(pt_BR)         : Diálogo de pedido de senha para X11 do OpenSSH.
 
 
-%Prep
-%setup %([ -z "%{cvs}" ] || echo "-n %{Name}_cvs") -a2
+%Description
+OpenSSH (Secure Shell) provides access to a remote system. It replaces
+telnet, rlogin,  rexec, and rsh, and provides secure encrypted 
+communications between two untrusted hosts over an insecure network.  
+X11 connections and arbitrary TCP/IP ports can also be forwarded over 
+the secure channel.
 
-%if ! %{use-stable}
+%Description -l de
+OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es ersetzt
+telnet, rlogin, rexec und rsh und stellt eine sichere, verschlüsselte
+Verbindung zwischen zwei nicht vertrauenswürdigen Hosts über eine unsicheres
+Netzwerk her. X11 Verbindungen und beliebige andere TCP/IP Ports können ebenso
+über den sicheren Channel weitergeleitet werden.
+
+%Description -l es
+OpenSSH (Secure Shell) proporciona acceso a sistemas remotos. Reemplaza a
+telnet, rlogin, rexec, y rsh, y proporciona comunicaciones seguras encriptadas
+entre dos equipos entre los que no se ha establecido confianza a través de una
+red insegura. Las conexiones X11 y puertos TCP/IP arbitrarios también pueden
+ser canalizadas sobre el canal seguro.
+
+%Description -l fr
+OpenSSH (Secure Shell) fournit un accès à un système distant. Il remplace
+telnet, rlogin, rexec et rsh, tout en assurant des communications cryptées
+securisées entre deux hôtes non fiabilisés sur un réseau non sécurisé. Des
+connexions X11 et des ports TCP/IP arbitraires peuvent également être
+transmis sur le canal sécurisé.
+
+%Description -l it
+OpenSSH (Secure Shell) fornisce l'accesso ad un sistema remoto.
+Sostituisce telnet, rlogin, rexec, e rsh, e fornisce comunicazioni sicure
+e crittate tra due host non fidati su una rete non sicura. Le connessioni
+X11 ad una porta TCP/IP arbitraria possono essere inoltrate attraverso
+un canale sicuro.
+
+%Description -l pt
+OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o
+telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e cifradas
+entre duas máquinas sem confiança mútua sobre uma rede insegura.
+Ligações X11 e portos TCP/IP arbitrários também poder ser reenviados
+pelo canal seguro.
+
+%Description -l pt_BR
+O OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o
+telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e criptografadas
+entre duas máquinas sem confiança mútua sobre uma rede insegura.
+Ligações X11 e portas TCP/IP arbitrárias também podem ser reenviadas
+pelo canal seguro.
+
+%Description server
+This package installs the sshd, the server portion of OpenSSH. 
+
+%Description -l de server
+Dieses Paket installiert den sshd, den Server-Teil der OpenSSH.
+
+%Description -l es server
+Este paquete instala sshd, la parte servidor de OpenSSH.
+
+%Description -l fr server
+Ce paquetage installe le 'sshd', partie serveur de OpenSSH.
+
+%Description -l it server
+Questo pacchetto installa sshd, il server di OpenSSH.
+
+%Description -l pt server
+Este pacote intala o sshd, o servidor do OpenSSH.
+
+%Description -l pt_BR server
+Este pacote intala o sshd, o servidor do OpenSSH.
+
+%Description askpass
+This package contains an X11-based pass-phrase dialog used per
+default by ssh-add(1). It is based on %{askpass}
+by Jim Knoble <jmknoble@pobox.com>.
+
+
+%Prep
+%setup %([ -z "%{cvs}" ] || echo "-n %{name}_cvs") -a2
+%if ! %{use_stable}
   autoreconf
 %endif
 
 
 %Build
 CFLAGS="$RPM_OPT_FLAGS" \
-./configure \
-            --prefix=/usr \
-            --sysconfdir=/etc/ssh \
-            --libexecdir=/usr/lib/ssh \
+%configure \
             --with-pam \
             --with-tcp-wrappers \
             --with-ipv4-default \
+           --sysconfdir=%{_sysconfdir}/ssh \
+           --libexecdir=%{_libexecdir}/openssh \
+           --with-privsep-path=%{_var}/empty/sshd \
+           #leave this line for easy edits.
 
-make
+%__make CFLAGS="$RPM_OPT_FLAGS"
 
 cd %{askpass}
-./configure
+%configure \
+           #leave this line for easy edits.
+
 xmkmf
-make includes
-make
+%__make includes
+%__make
 
 
 %Install
-%{mkDESTDIR}
-
-make DESTDIR="$DESTDIR" install
+[ %{buildroot} != "/" ] && rm -rf %{buildroot}
 
-make -C %{askpass} BINDIR="/usr/lib/ssh" install
+%makeinstall
+%makeinstall -C %{askpass} \
+    BINDIR=%{_libexecdir} \
+    MANPATH=%{_mandir} \
+    DESTDIR=%{buildroot}
 
 # OpenLinux specific configuration
-mkdir -p $DESTDIR/{etc/pam.d,%{SVIcdir},%{SVIdir}}
+mkdir -p %{buildroot}{/etc/pam.d,%{SVIcdir},%{SVIdir}}
+mkdir -p %{buildroot}%{_var}/empty/sshd
 
 # enabling X11 forwarding on the server is convenient and okay,
-# on the client side we consider it a potential security risk!
-%{fixUP} -vT  $DESTDIR/etc/ssh/sshd_config -e '
-   s/#X11Forwarding no/X11Forwarding yes/i'
+# on the client side it's a potential security risk!
+%__perl -pi -e 's:#X11Forwarding no:X11Forwarding yes:g' \
+    %{buildroot}%{_sysconfdir}/sshd_config
+
+%if %{no_root_login}
+%__perl -pi -e 's:#PermitRootLogin yes:PermitRootLogin no:g' \
+    %{buildroot}%{_sysconfdir}/sshd_config
+%endif
 
-install -m644 contrib/caldera/sshd.pam $DESTDIR/etc/pam.d/sshd
-# FIXME: disabled, find out why this doesn't work with NIS
-%{fixUP} -vT $DESTDIR/etc/pam.d/sshd -e 's/^(.*pam_limits.*)$/#$1/'
+install -m644 contrib/caldera/sshd.pam %{buildroot}/etc/pam.d/sshd
+# FIXME: disabled, find out why this doesn't work with nis
+%__perl -pi -e 's:(.*pam_limits.*):#$1:' \
+    %{buildroot}/etc/pam.d/sshd
 
-install -m 0755 contrib/caldera/sshd.init $DESTDIR%{SVIdir}/sshd
-%{fixUP} -vT $DESTDIR/%{SVIdir} -e 's:\@SVIdir\@:%{SVIdir}: +
-   s:\@sysconfdir\@:/etc/ssh:'
+install -m 0755 contrib/caldera/sshd.init %{buildroot}%{SVIdir}/sshd
 
-cat <<-EoD > $DESTDIR%{SVIcdir}/sshd
+# the last one is needless, but more future-proof
+find %{buildroot}%{SVIdir} -type f -exec \
+    %__perl -pi -e 's:\@SVIdir\@:%{SVIdir}:g;\
+                   s:\@sysconfdir\@:%{_sysconfdir}:g; \
+                   s:/usr/sbin:%{_sbindir}:g'\
+    \{\} \;
+
+cat <<-EoD > %{buildroot}%{SVIcdir}/sshd
        IDENT=sshd
        DESCRIPTIVE="OpenSSH secure shell daemon"
        # This service will be marked as 'skipped' on boot if there
-       # is no host key. Use ssh-host-keygen to generate one.
+       # is no host key. Use ssh-host-keygen to generate one
        ONBOOT="yes"
        OPTIONS=""
 EoD
 
-SKG=$DESTDIR/usr/sbin/ssh-host-keygen
+SKG=%{buildroot}%{_sbindir}/ssh-host-keygen
 install -m 0755 contrib/caldera/ssh-host-keygen $SKG
-%{fixUP} -T $SKG -e 's:\@sysconfdir\@:/etc/ssh: +
-   s:\@sshkeygen\@:/usr/bin/ssh-keygen:'
-
+# Fix up some path names in the keygen toy^Hol
+    %__perl -pi -e 's:\@sysconfdir\@:%{_sysconfdir}:g; \
+                   s:\@sshkeygen\@:%{_bindir}/ssh-keygen:g' \
+       %{buildroot}%{_sbindir}/ssh-host-keygen
 
+# This looks terrible.  Expect it to change.
 # install remaining docs
-DocD="$DESTDIR%{_defaultdocdir}/%{Name}-%{Version}"; mkdir -p $DocD/00-LEGAL
-cp -a LICENCE $DocD/00-LEGAL
-cp -a CREDITS ChangeLog OVERVIEW README* TODO  $DocD
-install -p -m 0444 -o 0 -g 0 %{SOURCE3}  $DocD/faq.html
+DocD="%{buildroot}%{_defaultdocdir}/%{name}-%{version}"
 mkdir -p $DocD/%{askpass}
+cp -a CREDITS ChangeLog LICENCE OVERVIEW README* TODO  $DocD
+install -p -m 0444 %{SOURCE3}  $DocD/faq.html
 cp -a %{askpass}/{README,ChangeLog,TODO,SshAskpass*.ad}  $DocD/%{askpass}
+%if %{use_stable}
+  cp -p %{askpass}/%{xsa}.man $DocD/%{askpass}/%{xsa}.1
+%else
+  cp -p %{askpass}/%{xsa}.man %{buildroot}%{_mandir}man1/%{xsa}.1
+  ln -s  %{xsa}.1 %{buildroot}%{_mandir}man1/ssh-askpass.1
+%endif
 
-cp -p %{askpass}/%{xsa}.man $DESTDIR/usr/man/man1/%{xsa}.1
-ln -s  %{xsa}.1 $DESTDIR/usr/man/man1/ssh-askpass.1
-
-%{fixManPages}
-
-
-# generate file lists
-%{mkLists} -c %{Name}
-%{mkLists} -d %{Name} << 'EOF'
-/etc/ssh                               base
-^/etc/                                 IGNORED
-%{_defaultdocdir}/$                    IGNORED
-askpass                                        askpass
-*                                      default
-EOF
-%{mkLists} -a -f %{Name} << 'EOF'
-^/etc                                  *               prefix(%%config)
-/usr/X11R6/lib/X11/app-defaults        IGNORED
-Ssh.bin                                IGNORED         # for now
-[Aa]skpass                             askpass
-%{_defaultdocdir}/%{Name}-%{Version}/  base
-ssh-keygen                             base
-moduli                                 server
-sshd                                   server
-sftp-server                            server
-.*                                     base
-EOF
+find %{buildroot}%{_mandir} -type f -not -name '*.gz' -print0 | xargs -0r %__gzip -9nf
+rm %{buildroot}%{_mandir}/man1/slogin.1 && \
+    ln -s %{_mandir}/man1/ssh.1.gz \
+    %{buildroot}%{_mandir}/man1/slogin.1.gz
 
 
 %Clean
-%{rmDESTDIR}
-
+#%{rmDESTDIR}
+[ %{buildroot} != "/" ] && rm -rf %{buildroot}
 
 %Post
 # Generate host key when none is present to get up and running,
@@ -166,6 +281,11 @@ EOF
 /usr/sbin/ssh-host-keygen
 : # to protect the rpm database
 
+%pre server
+%{_sbindir}/groupadd -g %{sshd_gid} sshd 2>/dev/null || :
+%{_sbindir}/useradd -d /var/empty/sshd -s /bin/false -u %{sshd_uid} \
+       -c "SSH Daemon virtual user" -g sshd sshd 2>/dev/null || :
+: # to protect the rpm database
 
 %Post server
 if [ -x %{LSBinit}-install ]; then
@@ -194,34 +314,45 @@ fi
 : # to protect the rpm database
 
 
-%Files -f files-%{Name}-base
+%Files 
 %defattr(-,root,root)
-
-
-%Files server -f files-%{Name}-server
+%dir %{_sysconfdir}
+%config %{_sysconfdir}/ssh_config
+%{_bindir}/*
+%dir %{_libexecdir}
+%{_sbindir}/ssh-host-keygen
+%dir %{_defaultdocdir}/%{name}-%{version}
+%{_defaultdocdir}/%{name}-%{version}/CREDITS
+%{_defaultdocdir}/%{name}-%{version}/ChangeLog
+%{_defaultdocdir}/%{name}-%{version}/LICENCE
+%{_defaultdocdir}/%{name}-%{version}/OVERVIEW
+%{_defaultdocdir}/%{name}-%{version}/README*
+%{_defaultdocdir}/%{name}-%{version}/TODO
+%{_defaultdocdir}/%{name}-%{version}/faq.html
+%{_mandir}/man1/*
+ 
+%Files server
 %defattr(-,root,root)
-
-
-%Files askpass -f files-%{Name}-askpass
+%dir %attr(0700,root,root) %{_var}/empty/sshd
+%config %{SVIdir}/sshd
+%config /etc/pam.d/sshd
+%config %{_sysconfdir}/moduli
+%config %{_sysconfdir}/sshd_config
+%config %{SVIcdir}/sshd
+%{_libexecdir}/sftp-server
+%{_sbindir}/sshd
+%{_mandir}/man8/sftp-server.8.gz
+%{_mandir}/man8/sshd.8.gz
+ 
+%Files askpass
 %defattr(-,root,root)
-
-
-%Description
-OpenSSH (Secure Shell) provides access to a remote system. It replaces
-telnet, rlogin,  rexec, and rsh, and provides secure encrypted 
-communications between two untrusted hosts over an insecure network.  
-X11 connections and arbitrary TCP/IP ports can also be forwarded over 
-the secure channel.
-
-%Description server
-This package installs the sshd, the server portion of OpenSSH. 
-
-%Description askpass
-This package contains an X11-based pass-phrase dialog used per
-default by ssh-add(1). It is based on %{askpass}
-by Jim Knoble <jmknoble@pobox.com>.
+%{_libexecdir}/ssh-askpass
+%{_libexecdir}/x11-ssh-askpass
+%{_defaultdocdir}/%{name}-%{version}/%{askpass}
+ 
 
 %ChangeLog
 * Mon Jan 01 1998 ...
+Template Version: 1.31
 
 $Id$

diff --git a/openssh/contrib/redhat/openssh.spec b/openssh/contrib/redhat/openssh.spec
index 6166f665950b593cbd9ad6bdc9efcf78b6d7ad48..b73fb929f83380bcb81b0ea9abe7006ca6531ffe 100644 (file)
--- a/openssh/contrib/redhat/openssh.spec
+++ b/openssh/contrib/redhat/openssh.spec
@@ -1,4 +1,4 @@
-%define ver 3.3p1
+%define ver 3.4p1
 %define rel 1
 
 # OpenSSH privilege separation requires a user & group ID
@@ -97,6 +97,10 @@ BuildPreReq: XFree86-devel
 %if ! %{no_gnome_askpass}
 BuildPreReq: gnome-libs-devel
 %endif
+%if %{kerberos5}
+BuildPreReq: krb5-devel
+BuildPreReq: krb5-libs
+%endif
 
 %package clients
 Summary: OpenSSH clients.

diff --git a/openssh/contrib/suse/openssh.spec b/openssh/contrib/suse/openssh.spec
index 6bd881053af180273d68f7884555a8a7061d98f5..126dac335cc7609727d1c52b118e54c1da798b3a 100644 (file)
--- a/openssh/contrib/suse/openssh.spec
+++ b/openssh/contrib/suse/openssh.spec
@@ -1,6 +1,6 @@
 Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
 Name: openssh
-Version: 3.3p1
+Version: 3.4p1
 URL: http://www.openssh.com/
 Release: 1
 Source0: openssh-%{version}.tar.gz

diff --git a/openssh/defines.h b/openssh/defines.h
index b057730a06af1d42fba41ccd78976728cbd799c7..3f5b28a2f447cdf991b8ef3482046563e57199fb 100644 (file)
--- a/openssh/defines.h
+++ b/openssh/defines.h
@@ -316,14 +316,6 @@ struct winsize {
 # define _PATH_MAILDIR MAILDIR
 #endif /* !defined(_PATH_MAILDIR) && defined(MAILDIR) */
 
-#ifndef _PATH_RSH
-# ifdef RSH_PATH
-#  define _PATH_RSH RSH_PATH
-# else /* RSH_PATH */
-#  define _PATH_RSH "/usr/bin/rsh"
-# endif /* RSH_PATH */
-#endif /* _PATH_RSH */
-
 #ifndef _PATH_NOLOGIN
 # define _PATH_NOLOGIN "/etc/nologin"
 #endif
@@ -417,7 +409,18 @@ struct winsize {
 #endif
 
 #ifndef HAVE_GETOPT_OPTRESET
-#define getopt(ac, av, o)  BSDgetopt(ac, av, o)
+# undef getopt
+# undef opterr
+# undef optind
+# undef optopt
+# undef optreset
+# undef optarg
+# define getopt(ac, av, o)  BSDgetopt(ac, av, o)
+# define opterr             BSDopterr
+# define optind             BSDoptind
+# define optopt             BSDoptopt
+# define optreset           BSDoptreset
+# define optarg             BSDoptarg
 #endif
 
 /* In older versions of libpam, pam_strerror takes a single argument */

diff --git a/openssh/kex.c b/openssh/kex.c
index d079ab0e388a98e83e4cbb79d89543ed068ec9de..bdbf3882c82b3d0e3505418b488e21b0637f4055 100644 (file)
--- a/openssh/kex.c
+++ b/openssh/kex.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: kex.c,v 1.50 2002/05/15 15:47:49 mouring Exp $");
+RCSID("$OpenBSD: kex.c,v 1.51 2002/06/24 14:55:38 markus Exp $");
 
 #include <openssl/crypto.h>
 
@@ -202,8 +202,8 @@ kex_input_kexinit(int type, u_int32_t seq, void *ctxt)
                packet_get_char();
        for (i = 0; i < PROPOSAL_MAX; i++)
                xfree(packet_get_string(NULL));
-       packet_get_char();
-       packet_get_int();
+       (void) packet_get_char();
+       (void) packet_get_int();
        packet_check_eom();
 
        kex_kexinit_finish(kex);

diff --git a/openssh/key.c b/openssh/key.c
index 2d850c8e5712f3ddc5c4f1f96eb0add825b74dcf..fb1f8410a19000be4f34c688cf98dc68684e8b8d 100644 (file)
--- a/openssh/key.c
+++ b/openssh/key.c
@@ -32,7 +32,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: key.c,v 1.44 2002/05/31 13:16:48 markus Exp $");
+RCSID("$OpenBSD: key.c,v 1.45 2002/06/23 03:26:19 deraadt Exp $");
 
 #include <openssl/evp.h>
 
@@ -89,6 +89,7 @@ key_new(int type)
        }
        return k;
 }
+
 Key *
 key_new_private(int type)
 {
@@ -120,6 +121,7 @@ key_new_private(int type)
        }
        return k;
 }
+
 void
 key_free(Key *k)
 {
@@ -359,6 +361,7 @@ read_bignum(char **cpp, BIGNUM * value)
        *cpp = cp;
        return 1;
 }
+
 static int
 write_bignum(FILE *f, BIGNUM *num)
 {
@@ -485,6 +488,7 @@ key_read(Key *ret, char **cpp)
        }
        return success;
 }
+
 int
 key_write(Key *key, FILE *f)
 {
@@ -516,6 +520,7 @@ key_write(Key *key, FILE *f)
        }
        return success;
 }
+
 char *
 key_type(Key *k)
 {
@@ -532,6 +537,7 @@ key_type(Key *k)
        }
        return "unknown";
 }
+
 char *
 key_ssh_name(Key *k)
 {
@@ -545,6 +551,7 @@ key_ssh_name(Key *k)
        }
        return "ssh-unknown";
 }
+
 u_int
 key_size(Key *k)
 {
@@ -807,7 +814,6 @@ key_verify(
 }
 
 /* Converts a private to a public key */
-
 Key *
 key_demote(Key *k)
 {

diff --git a/openssh/monitor.c b/openssh/monitor.c
index 39b6248d44ff9f9e954ac89ee624fb4eee32446a..89b712f2d77f28f1dbf3992940719cae7ef22988 100644 (file)
--- a/openssh/monitor.c
+++ b/openssh/monitor.c
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: monitor.c,v 1.16 2002/06/21 05:50:51 djm Exp $");
+RCSID("$OpenBSD: monitor.c,v 1.18 2002/06/26 13:20:57 deraadt Exp $");
 
 #include <openssl/dh.h>
 
@@ -188,9 +188,6 @@ struct mon_table mon_dispatch_proto15[] = {
     {MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed},
     {MONITOR_REQ_RSACHALLENGE, MON_ONCE, mm_answer_rsa_challenge},
     {MONITOR_REQ_RSARESPONSE, MON_ONCE|MON_AUTHDECIDE, mm_answer_rsa_response},
-#ifdef USE_PAM
-    {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start},
-#endif
 #ifdef BSD_AUTH
     {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},
     {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH,mm_answer_bsdauthrespond},
@@ -982,14 +979,14 @@ mm_answer_keyverify(int socket, Buffer *m)
        xfree(signature);
        xfree(data);
 
+       auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased";
+
        monitor_reset_key_state();
 
        buffer_clear(m);
        buffer_put_int(m, verified);
        mm_request_send(socket, MONITOR_ANS_KEYVERIFY, m);
 
-       auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased";
-
        return (verified);
 }
 
@@ -1456,9 +1453,13 @@ mm_get_keystate(struct monitor *pmonitor)
 void *
 mm_zalloc(struct mm_master *mm, u_int ncount, u_int size)
 {
+       int len = size * ncount;
        void *address;
 
-       address = mm_malloc(mm, size * ncount);
+       if (len <= 0)
+               fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size);
+
+       address = mm_malloc(mm, len);
 
        return (address);
 }

diff --git a/openssh/monitor_fdpass.h b/openssh/monitor_fdpass.h
index cb12c41e282062d9646234507d842f035c6d56b8..31d080e21ed643ae1066e33401ce42b3b2524d20 100644 (file)
--- a/openssh/monitor_fdpass.h
+++ b/openssh/monitor_fdpass.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: monitor_fdpass.h,v 1.2 2002/03/26 03:24:01 stevesk Exp $     */
+/*     $OpenBSD: monitor_fdpass.h,v 1.2 2002/03/26 03:24:01 stevesk Exp $      */
 
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>

diff --git a/openssh/monitor_mm.c b/openssh/monitor_mm.c
index 0076c4210d7972ba2a93250f192830972822b4b6..c363036e6720b288e9c946f45049e87a61cc65e8 100644 (file)
--- a/openssh/monitor_mm.c
+++ b/openssh/monitor_mm.c
@@ -84,13 +84,13 @@ mm_create(struct mm_master *mmalloc, size_t size)
         */
        mm->mmalloc = mmalloc;
 
-#if  defined(HAVE_MMAP) && defined(MAP_ANON)
+#ifdef HAVE_MMAP_ANON_SHARED
        address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED,
            -1, 0);
        if (address == MAP_FAILED)
                fatal("mmap(%lu): %s", (u_long)size, strerror(errno));
 #else
-       fatal("%s: UsePrivilegeSeparation=yes not supported",
+       fatal("%s: UsePrivilegeSeparation=yes and Compression=yes not supported",
            __func__);
 #endif
 
@@ -130,12 +130,12 @@ mm_destroy(struct mm_master *mm)
        mm_freelist(mm->mmalloc, &mm->rb_free);
        mm_freelist(mm->mmalloc, &mm->rb_allocated);
 
-#ifdef HAVE_MMAP
+#ifdef HAVE_MMAP_ANON_SHARED
        if (munmap(mm->address, mm->size) == -1)
                fatal("munmap(%p, %lu): %s", mm->address, (u_long)mm->size,
                    strerror(errno));
 #else
-       fatal("%s: UsePrivilegeSeparation=yes not supported",
+       fatal("%s: UsePrivilegeSeparation=yes and Compression=yes not supported",
            __func__);
 #endif
        if (mm->mmalloc == NULL)

diff --git a/openssh/monitor_mm.h b/openssh/monitor_mm.h
index c0af432d0ef33749eedbd7a90bc0cc4f7c97bc9a..c0a66d5e7c94b0600ae3bad238a162e5fd20ef7a 100644 (file)
--- a/openssh/monitor_mm.h
+++ b/openssh/monitor_mm.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: monitor_mm.h,v 1.2 2002/03/26 03:24:01 stevesk Exp $  */
+/*     $OpenBSD: monitor_mm.h,v 1.2 2002/03/26 03:24:01 stevesk Exp $  */
 
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>

diff --git a/openssh/msg.c b/openssh/msg.c
index 103aed2cde2cc8bb6c0dfc0fd8b05dd4a050a760..7275c847dabb00ead9937ad7d101ae76994fdea2 100644 (file)
--- a/openssh/msg.c
+++ b/openssh/msg.c
@@ -22,7 +22,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: msg.c,v 1.2 2002/06/19 00:27:55 deraadt Exp $");
+RCSID("$OpenBSD: msg.c,v 1.3 2002/06/24 15:49:22 itojun Exp $");
 
 #include "buffer.h"
 #include "getput.h"
@@ -36,7 +36,7 @@ msg_send(int fd, u_char type, Buffer *m)
        u_char buf[5];
        u_int mlen = buffer_len(m);
 
-       debug3("msg_send: type %d", type);
+       debug3("msg_send: type %u", (unsigned int)type & 0xff);
 
        PUT_32BIT(buf, mlen + 1);
        buf[4] = type;          /* 1st byte of payload is mesg-type */
@@ -59,7 +59,7 @@ msg_recv(int fd, Buffer *m)
        if (res != sizeof(buf)) {
                if (res == 0)
                        return -1;
-               fatal("msg_recv: read: header %d", res);
+               fatal("msg_recv: read: header %ld", (long)res);
        }
        msg_len = GET_32BIT(buf);
        if (msg_len > 256 * 1024)

diff --git a/openssh/openbsd-compat/getopt.c b/openssh/openbsd-compat/getopt.c
index 9e13504a0e4ca4f694ce2511e5368939bc874071..f4fbc9bac3ec2746bbb37741cece0f4bd7484895 100644 (file)
--- a/openssh/openbsd-compat/getopt.c
+++ b/openssh/openbsd-compat/getopt.c
@@ -42,11 +42,11 @@ static char *rcsid = "$OpenBSD: getopt.c,v 1.2 1996/08/19 08:33:32 tholo Exp $";
 #include <stdlib.h>
 #include <string.h>
 
-int    opterr = 1,             /* if error message should be printed */
-       optind = 1,             /* index into parent argv vector */
-       optopt,                 /* character checked for validity */
-       optreset;               /* reset getopt */
-char   *optarg;                /* argument associated with option */
+int    BSDopterr = 1,          /* if error message should be printed */
+       BSDoptind = 1,          /* index into parent argv vector */
+       BSDoptopt,              /* character checked for validity */
+       BSDoptreset;            /* reset getopt */
+char   *BSDoptarg;             /* argument associated with option */
 
 #define        BADCH   (int)'?'
 #define        BADARG  (int)':'
@@ -66,57 +66,57 @@ BSDgetopt(nargc, nargv, ostr)
        static char *place = EMSG;              /* option letter processing */
        char *oli;                              /* option letter list index */
 
-       if (optreset || !*place) {              /* update scanning pointer */
-               optreset = 0;
-               if (optind >= nargc || *(place = nargv[optind]) != '-') {
+       if (BSDoptreset || !*place) {           /* update scanning pointer */
+               BSDoptreset = 0;
+               if (BSDoptind >= nargc || *(place = nargv[BSDoptind]) != '-') {
                        place = EMSG;
                        return (-1);
                }
                if (place[1] && *++place == '-') {      /* found "--" */
-                       ++optind;
+                       ++BSDoptind;
                        place = EMSG;
                        return (-1);
                }
        }                                       /* option letter okay? */
-       if ((optopt = (int)*place++) == (int)':' ||
-           !(oli = strchr(ostr, optopt))) {
+       if ((BSDoptopt = (int)*place++) == (int)':' ||
+           !(oli = strchr(ostr, BSDoptopt))) {
                /*
                 * if the user didn't specify '-' as an option,
                 * assume it means -1.
                 */
-               if (optopt == (int)'-')
+               if (BSDoptopt == (int)'-')
                        return (-1);
                if (!*place)
-                       ++optind;
-               if (opterr && *ostr != ':')
+                       ++BSDoptind;
+               if (BSDopterr && *ostr != ':')
                        (void)fprintf(stderr,
-                           "%s: illegal option -- %c\n", __progname, optopt);
+                           "%s: illegal option -- %c\n", __progname, BSDoptopt);
                return (BADCH);
        }
        if (*++oli != ':') {                    /* don't need argument */
-               optarg = NULL;
+               BSDoptarg = NULL;
                if (!*place)
-                       ++optind;
+                       ++BSDoptind;
        }
        else {                                  /* need an argument */
                if (*place)                     /* no white space */
-                       optarg = place;
-               else if (nargc <= ++optind) {   /* no arg */
+                       BSDoptarg = place;
+               else if (nargc <= ++BSDoptind) {        /* no arg */
                        place = EMSG;
                        if (*ostr == ':')
                                return (BADARG);
-                       if (opterr)
+                       if (BSDopterr)
                                (void)fprintf(stderr,
                                    "%s: option requires an argument -- %c\n",
-                                   __progname, optopt);
+                                   __progname, BSDoptopt);
                        return (BADCH);
                }
                else                            /* white space */
-                       optarg = nargv[optind];
+                       BSDoptarg = nargv[BSDoptind];
                place = EMSG;
-               ++optind;
+               ++BSDoptind;
        }
-       return (optopt);                        /* dump back option letter */
+       return (BSDoptopt);                     /* dump back option letter */
 }
 
 #endif /* !defined(HAVE_GETOPT) || !defined(HAVE_OPTRESET) */

diff --git a/openssh/packet.c b/openssh/packet.c
index 86511276f963a33d933bba4aacb11fdcc3216a12..a5b2ab61a9c6c6d0673c17185ef99ae8f71f253f 100644 (file)
--- a/openssh/packet.c
+++ b/openssh/packet.c
@@ -37,7 +37,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: packet.c,v 1.95 2002/06/19 18:01:00 markus Exp $");
+RCSID("$OpenBSD: packet.c,v 1.96 2002/06/23 21:10:02 deraadt Exp $");
 
 #include "xmalloc.h"
 #include "buffer.h"
@@ -1015,7 +1015,7 @@ packet_read_poll2(u_int32_t *seqnr_p)
 int
 packet_read_poll_seqnr(u_int32_t *seqnr_p)
 {
-       int reason, seqnr;
+       u_int reason, seqnr;
        u_char type;
        char *msg;
 
@@ -1038,14 +1038,15 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p)
                        case SSH2_MSG_DISCONNECT:
                                reason = packet_get_int();
                                msg = packet_get_string(NULL);
-                               log("Received disconnect from %s: %d: %.400s", get_remote_ipaddr(),
-                                       reason, msg);
+                               log("Received disconnect from %s: %u: %.400s",
+                                   get_remote_ipaddr(), reason, msg);
                                xfree(msg);
                                fatal_cleanup();
                                break;
                        case SSH2_MSG_UNIMPLEMENTED:
                                seqnr = packet_get_int();
-                               debug("Received SSH2_MSG_UNIMPLEMENTED for %d", seqnr);
+                               debug("Received SSH2_MSG_UNIMPLEMENTED for %u",
+                                   seqnr);
                                break;
                        default:
                                return type;
@@ -1063,8 +1064,8 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p)
                                break;
                        case SSH_MSG_DISCONNECT:
                                msg = packet_get_string(NULL);
-                               log("Received disconnect from %s: %.400s", get_remote_ipaddr(),
-                                       msg);
+                               log("Received disconnect from %s: %.400s",
+                                   get_remote_ipaddr(), msg);
                                fatal_cleanup();
                                xfree(msg);
                                break;

diff --git a/openssh/scard.c b/openssh/scard.c
index db0cc4a80ca2be4a9d7d17abdeb4e7a2245a8f82..9791938c0b5a36e19a6b6eced90e9696eab523bb 100644 (file)
--- a/openssh/scard.c
+++ b/openssh/scard.c
@@ -24,7 +24,7 @@
 
 #include "includes.h"
 #if defined(SMARTCARD) && defined(USE_SECTOK)
-RCSID("$OpenBSD: scard.c,v 1.25 2002/03/26 18:46:59 rees Exp $");
+RCSID("$OpenBSD: scard.c,v 1.26 2002/06/23 03:30:17 deraadt Exp $");
 
 #include <openssl/evp.h>
 #include <sectok.h>
@@ -191,7 +191,7 @@ sc_read_pubkey(Key * k)
 
        status = 0;
        p = key_fingerprint(k, SSH_FP_MD5, SSH_FP_HEX);
-       debug("fingerprint %d %s", key_size(k), p);
+       debug("fingerprint %u %s", key_size(k), p);
        xfree(p);
 
 err:

diff --git a/openssh/scp.1 b/openssh/scp.1
index c0caff4cc8c113770c884a12b57997b963144b19..396ab64beae5ccc9413dc7ee56e45c38cee1a6e3 100644 (file)
--- a/openssh/scp.1
+++ b/openssh/scp.1
@@ -9,7 +9,7 @@
 .\"
 .\" Created: Sun May  7 00:14:37 1995 ylo
 .\"
-.\" $OpenBSD: scp.1,v 1.22 2002/06/20 20:00:05 stevesk Exp $
+.\" $OpenBSD: scp.1,v 1.23 2002/06/22 16:41:57 stevesk Exp $
 .\"
 .Dd September 25, 1999
 .Dt SCP 1
@@ -152,5 +152,5 @@ California.
 .Xr ssh-add 1 ,
 .Xr ssh-agent 1 ,
 .Xr ssh-keygen 1 ,
-.Xr ssh_config 5
+.Xr ssh_config 5 ,
 .Xr sshd 8

diff --git a/openssh/servconf.c b/openssh/servconf.c
index fb6332c31b6973f2779ec3f9cc8172dcb23d65e8..f311ae48ddea4e5a69738ae82835db66043c2cb6 100644 (file)
--- a/openssh/servconf.c
+++ b/openssh/servconf.c
@@ -10,7 +10,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.111 2002/06/20 23:05:55 markus Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.112 2002/06/23 09:46:51 deraadt Exp $");
 
 #if defined(KRB4)
 #include <krb.h>
@@ -257,7 +257,7 @@ fill_default_server_options(ServerOptions *options)
        if (use_privsep == -1)
                use_privsep = 1;
 
-#if !defined(HAVE_MMAP) || !defined(MAP_ANON)
+#if !defined(HAVE_MMAP_ANON_SHARED)
        if (use_privsep && options->compression == 1) {
                error("This platform does not support both privilege "
                    "separation and compression");
@@ -423,7 +423,7 @@ add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
        hints.ai_family = IPv4or6;
        hints.ai_socktype = SOCK_STREAM;
        hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
-       snprintf(strport, sizeof strport, "%d", port);
+       snprintf(strport, sizeof strport, "%u", port);
        if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
                fatal("bad addr or host: %s (%s)",
                    addr ? addr : "<NULL>",
@@ -439,9 +439,8 @@ process_server_config_line(ServerOptions *options, char *line,
     const char *filename, int linenum)
 {
        char *cp, **charptr, *arg, *p;
-       int *intptr, value;
+       int *intptr, value, i, n;
        ServerOpCodes opcode;
-       int i, n;
 
        cp = line;
        arg = strdelim(&cp);
@@ -765,7 +764,8 @@ parse_flag:
                        if (options->num_allow_users >= MAX_ALLOW_USERS)
                                fatal("%s line %d: too many allow users.",
                                    filename, linenum);
-                       options->allow_users[options->num_allow_users++] = xstrdup(arg);
+                       options->allow_users[options->num_allow_users++] =
+                           xstrdup(arg);
                }
                break;
 
@@ -774,7 +774,8 @@ parse_flag:
                        if (options->num_deny_users >= MAX_DENY_USERS)
                                fatal( "%s line %d: too many deny users.",
                                    filename, linenum);
-                       options->deny_users[options->num_deny_users++] = xstrdup(arg);
+                       options->deny_users[options->num_deny_users++] =
+                           xstrdup(arg);
                }
                break;
 
@@ -783,7 +784,8 @@ parse_flag:
                        if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
                                fatal("%s line %d: too many allow groups.",
                                    filename, linenum);
-                       options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
+                       options->allow_groups[options->num_allow_groups++] =
+                           xstrdup(arg);
                }
                break;
 
@@ -921,10 +923,9 @@ parse_flag:
 void
 read_server_config(ServerOptions *options, const char *filename)
 {
-       FILE *f;
+       int linenum, bad_options = 0;
        char line[1024];
-       int linenum;
-       int bad_options = 0;
+       FILE *f;
 
        f = fopen(filename, "r");
        if (!f) {

diff --git a/openssh/serverloop.c b/openssh/serverloop.c
index 1a148fcbea3be8f5b982e93490c792e1052b274a..1349213554ddb1c9651faa626b3328003330d6a6 100644 (file)
--- a/openssh/serverloop.c
+++ b/openssh/serverloop.c
@@ -35,7 +35,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: serverloop.c,v 1.102 2002/06/11 05:46:20 mpech Exp $");
+RCSID("$OpenBSD: serverloop.c,v 1.103 2002/06/24 14:33:27 markus Exp $");
 
 #include "xmalloc.h"
 #include "packet.h"
@@ -902,10 +902,8 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt)
 {
        Channel *c = NULL;
        char *ctype;
-       u_int len;
        int rchan;
-       int rmaxpack;
-       int rwindow;
+       u_int rmaxpack, rwindow, len;
 
        ctype = packet_get_string(&len);
        rchan = packet_get_int();

diff --git a/openssh/session.c b/openssh/session.c
index 6169f33073701c1dc14956b9967c5d79c7d711db..747a00afae1b5996689d24d7f68898fd05255029 100644 (file)
--- a/openssh/session.c
+++ b/openssh/session.c
@@ -33,7 +33,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.138 2002/06/20 23:05:55 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.142 2002/06/26 13:49:26 deraadt Exp $");
 
 #include "ssh.h"
 #include "ssh1.h"
@@ -252,8 +252,8 @@ do_authenticated1(Authctxt *authctxt)
        Session *s;
        char *command;
        int success, type, screen_flag;
-       int compression_level = 0, enable_compression_after_reply = 0;
-       u_int proto_len, data_len, dlen;
+       int enable_compression_after_reply = 0;
+       u_int proto_len, data_len, dlen, compression_level = 0;
 
        s = session_new();
        s->authctxt = authctxt;
@@ -849,6 +849,9 @@ child_set_env(char ***envp, u_int *envsizep, const char *name,
        } else {
                /* New variable.  Expand if necessary. */
                if (i >= (*envsizep) - 1) {
+                       if (*envsizep >= 1000)
+                               fatal("child_set_env: too many env vars,"
+                                   " skipping: %.100s", name);
                        (*envsizep) += 50;
                        env = (*envp) = xrealloc(env, (*envsizep) * sizeof(char *));
                }
@@ -874,12 +877,15 @@ read_environment_file(char ***env, u_int *envsize,
        FILE *f;
        char buf[4096];
        char *cp, *value;
+       u_int lineno = 0;
 
        f = fopen(filename, "r");
        if (!f)
                return;
 
        while (fgets(buf, sizeof(buf), f)) {
+               if (++lineno > 1000)
+                       fatal("Too many lines in environment file %s", filename);
                for (cp = buf; *cp == ' ' || *cp == '\t'; cp++)
                        ;
                if (!*cp || *cp == '#' || *cp == '\n')
@@ -888,7 +894,8 @@ read_environment_file(char ***env, u_int *envsize,
                        *strchr(cp, '\n') = '\0';
                value = strchr(cp, '=');
                if (value == NULL) {
-                       fprintf(stderr, "Bad line in %.100s: %.200s\n", filename, buf);
+                       fprintf(stderr, "Bad line %u in %.100s\n", lineno,
+                           filename);
                        continue;
                }
                /*
@@ -1152,6 +1159,8 @@ do_nologin(struct passwd *pw)
 void
 do_setusercontext(struct passwd *pw)
 {
+       char tty='\0';
+
 #ifdef HAVE_CYGWIN
        if (is_winnt) {
 #else /* HAVE_CYGWIN */
@@ -1161,6 +1170,9 @@ do_setusercontext(struct passwd *pw)
                setpcred(pw->pw_name);
 #endif /* HAVE_SETPCRED */
 #ifdef HAVE_LOGIN_CAP
+#ifdef __bsdi__
+               setpgid(0, 0);
+#endif
                if (setusercontext(lc, pw, pw->pw_uid,
                    (LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) {
                        perror("unable to set user context");
@@ -1196,6 +1208,10 @@ do_setusercontext(struct passwd *pw)
 # if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY)
                irix_setusercontext(pw);
 #  endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */
+# ifdef _AIX
+               /* XXX: Disable tty setting.  Enabled if required later */
+               aix_usrinfo(pw, &tty, -1);
+# endif /* _AIX */
                /* Permanently switch to the desired uid. */
                permanently_set_uid(pw);
 #endif
@@ -1258,9 +1274,6 @@ do_child(Session *s, const char *command)
                        do_motd();
 #else /* HAVE_OSF_SIA */
                do_nologin(pw);
-# ifdef _AIX
-               aix_usrinfo(pw, s->tty, s->ttyfd);
-# endif /* _AIX */
                do_setusercontext(pw);
 #endif /* HAVE_OSF_SIA */
        }
@@ -1970,9 +1983,9 @@ session_setup_x11fwd(Session *s)
                debug("X11 display already set.");
                return 0;
        }
-       s->display_number = x11_create_display_inet(options.x11_display_offset,
-           options.x11_use_localhost, s->single_connection);
-       if (s->display_number == -1) {
+       if (x11_create_display_inet(options.x11_display_offset,
+           options.x11_use_localhost, s->single_connection,
+           &s->display_number) == -1) {
                debug("x11_create_display_inet failed.");
                return 0;
        }
@@ -1986,9 +1999,9 @@ session_setup_x11fwd(Session *s)
         * different than the DISPLAY string for localhost displays.
         */
        if (options.x11_use_localhost) {
-               snprintf(display, sizeof display, "localhost:%d.%d",
+               snprintf(display, sizeof display, "localhost:%u.%u",
                    s->display_number, s->screen);
-               snprintf(auth_display, sizeof auth_display, "unix:%d.%d",
+               snprintf(auth_display, sizeof auth_display, "unix:%u.%u",
                    s->display_number, s->screen);
                s->display = xstrdup(display);
                s->auth_display = xstrdup(auth_display);
@@ -2004,10 +2017,10 @@ session_setup_x11fwd(Session *s)
                        return 0;
                }
                memcpy(&my_addr, he->h_addr_list[0], sizeof(struct in_addr));
-               snprintf(display, sizeof display, "%.50s:%d.%d", inet_ntoa(my_addr),
+               snprintf(display, sizeof display, "%.50s:%u.%u", inet_ntoa(my_addr),
                    s->display_number, s->screen);
 #else
-               snprintf(display, sizeof display, "%.400s:%d.%d", hostname,
+               snprintf(display, sizeof display, "%.400s:%u.%u", hostname,
                    s->display_number, s->screen);
 #endif
                s->display = xstrdup(display);

diff --git a/openssh/session.h b/openssh/session.h
index 2a7e4b224fd475d2c839497eb90683eda2999a85..3bce97891fdfc3dd46e202b93f7e7e0ca0c46fdd 100644 (file)
--- a/openssh/session.h
+++ b/openssh/session.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: session.h,v 1.17 2002/03/29 18:59:32 markus Exp $     */
+/*     $OpenBSD: session.h,v 1.18 2002/06/23 21:06:41 deraadt Exp $    */
 
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -37,15 +37,15 @@ struct Session {
        /* tty */
        char    *term;
        int     ptyfd, ttyfd, ptymaster;
-       int     row, col, xpixel, ypixel;
+       u_int   row, col, xpixel, ypixel;
        char    tty[TTYSZ];
        /* last login */
        char    hostname[MAXHOSTNAMELEN];
        time_t  last_login_time;
        /* X11 */
-       int     display_number;
+       u_int   display_number;
        char    *display;
-       int     screen;
+       u_int   screen;
        char    *auth_display;
        char    *auth_proto;
        char    *auth_data;

diff --git a/openssh/sftp-client.c b/openssh/sftp-client.c
index 779ef2fe89509efa15c7efad0a1555b7d5310b5d..10b7992d0939b5d4fc8fa8e2b893c6c2479bf1fc 100644 (file)
--- a/openssh/sftp-client.c
+++ b/openssh/sftp-client.c
@@ -28,7 +28,7 @@
 /* XXX: copy between two remote sites */
 
 #include "includes.h"
-RCSID("$OpenBSD: sftp-client.c,v 1.32 2002/06/09 13:32:01 markus Exp $");
+RCSID("$OpenBSD: sftp-client.c,v 1.33 2002/06/23 09:30:14 deraadt Exp $");
 
 #include "openbsd-compat/fake-queue.h"
 
@@ -88,7 +88,7 @@ get_msg(int fd, Buffer *m)
 
        msg_len = GET_32BIT(buf);
        if (msg_len > 256 * 1024)
-               fatal("Received message too long %d", msg_len);
+               fatal("Received message too long %u", msg_len);
 
        while (msg_len) {
                len = atomicio(read, fd, buf, MIN(msg_len, sizeof(buf)));
@@ -113,7 +113,7 @@ send_string_request(int fd, u_int id, u_int code, char *s,
        buffer_put_int(&msg, id);
        buffer_put_string(&msg, s, len);
        send_msg(fd, &msg);
-       debug3("Sent message fd %d T:%d I:%d", fd, code, id);
+       debug3("Sent message fd %d T:%u I:%u", fd, code, id);
        buffer_free(&msg);
 }
 
@@ -129,12 +129,12 @@ send_string_attrs_request(int fd, u_int id, u_int code, char *s,
        buffer_put_string(&msg, s, len);
        encode_attrib(&msg, a);
        send_msg(fd, &msg);
-       debug3("Sent message fd %d T:%d I:%d", fd, code, id);
+       debug3("Sent message fd %d T:%u I:%u", fd, code, id);
        buffer_free(&msg);
 }
 
 static u_int
-get_status(int fd, int expected_id)
+get_status(int fd, u_int expected_id)
 {
        Buffer msg;
        u_int type, id, status;
@@ -145,15 +145,15 @@ get_status(int fd, int expected_id)
        id = buffer_get_int(&msg);
 
        if (id != expected_id)
-               fatal("ID mismatch (%d != %d)", id, expected_id);
+               fatal("ID mismatch (%u != %u)", id, expected_id);
        if (type != SSH2_FXP_STATUS)
-               fatal("Expected SSH2_FXP_STATUS(%d) packet, got %d",
+               fatal("Expected SSH2_FXP_STATUS(%u) packet, got %u",
                    SSH2_FXP_STATUS, type);
 
        status = buffer_get_int(&msg);
        buffer_free(&msg);
 
-       debug3("SSH2_FXP_STATUS %d", status);
+       debug3("SSH2_FXP_STATUS %u", status);
 
        return(status);
 }
@@ -171,14 +171,14 @@ get_handle(int fd, u_int expected_id, u_int *len)
        id = buffer_get_int(&msg);
 
        if (id != expected_id)
-               fatal("ID mismatch (%d != %d)", id, expected_id);
+               fatal("ID mismatch (%u != %u)", id, expected_id);
        if (type == SSH2_FXP_STATUS) {
                int status = buffer_get_int(&msg);
 
                error("Couldn't get handle: %s", fx2txt(status));
                return(NULL);
        } else if (type != SSH2_FXP_HANDLE)
-               fatal("Expected SSH2_FXP_HANDLE(%d) packet, got %d",
+               fatal("Expected SSH2_FXP_HANDLE(%u) packet, got %u",
                    SSH2_FXP_HANDLE, type);
 
        handle = buffer_get_string(&msg, len);
@@ -200,9 +200,9 @@ get_decode_stat(int fd, u_int expected_id, int quiet)
        type = buffer_get_char(&msg);
        id = buffer_get_int(&msg);
 
-       debug3("Received stat reply T:%d I:%d", type, id);
+       debug3("Received stat reply T:%u I:%u", type, id);
        if (id != expected_id)
-               fatal("ID mismatch (%d != %d)", id, expected_id);
+               fatal("ID mismatch (%u != %u)", id, expected_id);
        if (type == SSH2_FXP_STATUS) {
                int status = buffer_get_int(&msg);
 
@@ -212,7 +212,7 @@ get_decode_stat(int fd, u_int expected_id, int quiet)
                        error("Couldn't stat remote file: %s", fx2txt(status));
                return(NULL);
        } else if (type != SSH2_FXP_ATTRS) {
-               fatal("Expected SSH2_FXP_ATTRS(%d) packet, got %d",
+               fatal("Expected SSH2_FXP_ATTRS(%u) packet, got %u",
                    SSH2_FXP_ATTRS, type);
        }
        a = decode_attrib(&msg);
@@ -224,7 +224,8 @@ get_decode_stat(int fd, u_int expected_id, int quiet)
 struct sftp_conn *
 do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests)
 {
-       int type, version;
+       u_int type;
+       int version;
        Buffer msg;
        struct sftp_conn *ret;
 
@@ -239,7 +240,7 @@ do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests)
 
        /* Expecting a VERSION reply */
        if ((type = buffer_get_char(&msg)) != SSH2_FXP_VERSION) {
-               error("Invalid packet back from SSH2_FXP_INIT (type %d)",
+               error("Invalid packet back from SSH2_FXP_INIT (type %u)",
                    type);
                buffer_free(&msg);
                return(NULL);
@@ -294,7 +295,7 @@ do_close(struct sftp_conn *conn, char *handle, u_int handle_len)
        buffer_put_int(&msg, id);
        buffer_put_string(&msg, handle, handle_len);
        send_msg(conn->fd_out, &msg);
-       debug3("Sent message SSH2_FXP_CLOSE I:%d", id);
+       debug3("Sent message SSH2_FXP_CLOSE I:%u", id);
 
        status = get_status(conn->fd_in, id);
        if (status != SSH2_FX_OK)
@@ -339,7 +340,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
 
                id = expected_id = conn->msg_id++;
 
-               debug3("Sending SSH2_FXP_READDIR I:%d", id);
+               debug3("Sending SSH2_FXP_READDIR I:%u", id);
 
                buffer_clear(&msg);
                buffer_put_char(&msg, SSH2_FXP_READDIR);
@@ -354,10 +355,10 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
                type = buffer_get_char(&msg);
                id = buffer_get_int(&msg);
 
-               debug3("Received reply T:%d I:%d", type, id);
+               debug3("Received reply T:%u I:%u", type, id);
 
                if (id != expected_id)
-                       fatal("ID mismatch (%d != %d)", id, expected_id);
+                       fatal("ID mismatch (%u != %u)", id, expected_id);
 
                if (type == SSH2_FXP_STATUS) {
                        int status = buffer_get_int(&msg);
@@ -373,7 +374,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
                                return(status);
                        }
                } else if (type != SSH2_FXP_NAME)
-                       fatal("Expected SSH2_FXP_NAME(%d) packet, got %d",
+                       fatal("Expected SSH2_FXP_NAME(%u) packet, got %u",
                            SSH2_FXP_NAME, type);
 
                count = buffer_get_int(&msg);
@@ -584,7 +585,7 @@ do_realpath(struct sftp_conn *conn, char *path)
        id = buffer_get_int(&msg);
 
        if (id != expected_id)
-               fatal("ID mismatch (%d != %d)", id, expected_id);
+               fatal("ID mismatch (%u != %u)", id, expected_id);
 
        if (type == SSH2_FXP_STATUS) {
                u_int status = buffer_get_int(&msg);
@@ -592,7 +593,7 @@ do_realpath(struct sftp_conn *conn, char *path)
                error("Couldn't canonicalise: %s", fx2txt(status));
                return(NULL);
        } else if (type != SSH2_FXP_NAME)
-               fatal("Expected SSH2_FXP_NAME(%d) packet, got %d",
+               fatal("Expected SSH2_FXP_NAME(%u) packet, got %u",
                    SSH2_FXP_NAME, type);
 
        count = buffer_get_int(&msg);
@@ -690,7 +691,7 @@ do_readlink(struct sftp_conn *conn, char *path)
        id = buffer_get_int(&msg);
 
        if (id != expected_id)
-               fatal("ID mismatch (%d != %d)", id, expected_id);
+               fatal("ID mismatch (%u != %u)", id, expected_id);
 
        if (type == SSH2_FXP_STATUS) {
                u_int status = buffer_get_int(&msg);
@@ -698,7 +699,7 @@ do_readlink(struct sftp_conn *conn, char *path)
                error("Couldn't readlink: %s", fx2txt(status));
                return(NULL);
        } else if (type != SSH2_FXP_NAME)
-               fatal("Expected SSH2_FXP_NAME(%d) packet, got %d",
+               fatal("Expected SSH2_FXP_NAME(%u) packet, got %u",
                    SSH2_FXP_NAME, type);
 
        count = buffer_get_int(&msg);
@@ -790,7 +791,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
        attrib_clear(&junk); /* Send empty attributes */
        encode_attrib(&msg, &junk);
        send_msg(conn->fd_out, &msg);
-       debug3("Sent message SSH2_FXP_OPEN I:%d P:%s", id, remote_path);
+       debug3("Sent message SSH2_FXP_OPEN I:%u P:%s", id, remote_path);
 
        handle = get_handle(conn->fd_in, id, &handle_len);
        if (handle == NULL) {
@@ -835,7 +836,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
                get_msg(conn->fd_in, &msg);
                type = buffer_get_char(&msg);
                id = buffer_get_int(&msg);
-               debug3("Received reply T:%d I:%d R:%d", type, id, max_req);
+               debug3("Received reply T:%u I:%u R:%d", type, id, max_req);
 
                /* Find the request in our queue */
                for(req = TAILQ_FIRST(&requests);
@@ -862,7 +863,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
                            (unsigned long long)req->offset + len - 1);
                        if (len > req->len)
                                fatal("Received more data than asked for "
-                                     "%d > %d", len, req->len);
+                                     "%u > %u", len, req->len);
                        if ((lseek(local_fd, req->offset, SEEK_SET) == -1 ||
                             atomicio(write, local_fd, data, len) != len) &&
                            !write_error) {
@@ -907,7 +908,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
                        }
                        break;
                default:
-                       fatal("Expected SSH2_FXP_DATA(%d) packet, got %d",
+                       fatal("Expected SSH2_FXP_DATA(%u) packet, got %u",
                            SSH2_FXP_DATA, type);
                }
        }
@@ -1006,7 +1007,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
        buffer_put_int(&msg, SSH2_FXF_WRITE|SSH2_FXF_CREAT|SSH2_FXF_TRUNC);
        encode_attrib(&msg, &a);
        send_msg(conn->fd_out, &msg);
-       debug3("Sent message SSH2_FXP_OPEN I:%d P:%s", id, remote_path);
+       debug3("Sent message SSH2_FXP_OPEN I:%u P:%s", id, remote_path);
 
        buffer_clear(&msg);
 
@@ -1051,7 +1052,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
                        buffer_put_int64(&msg, offset);
                        buffer_put_string(&msg, data, len);
                        send_msg(conn->fd_out, &msg);
-                       debug3("Sent message SSH2_FXP_WRITE I:%d O:%llu S:%u",
+                       debug3("Sent message SSH2_FXP_WRITE I:%u O:%llu S:%u",
                               id, (unsigned long long)offset, len);
                } else if (TAILQ_FIRST(&acks) == NULL)
                        break;
@@ -1081,7 +1082,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
                            ack = TAILQ_NEXT(ack, tq))
                                ;
                        if (ack == NULL)
-                               fatal("Can't find request for ID %d", r_id);
+                               fatal("Can't find request for ID %u", r_id);
                        TAILQ_REMOVE(&acks, ack, tq);
 
                        if (status != SSH2_FX_OK) {
@@ -1091,7 +1092,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
                                close(local_fd);
                                goto done;
                        }
-                       debug3("In write loop, ack for %u %d bytes at %llu",
+                       debug3("In write loop, ack for %u %u bytes at %llu",
                           ack->id, ack->len, (unsigned long long)ack->offset);
                        ++ackid;
                        free(ack);

diff --git a/openssh/sftp-client.h b/openssh/sftp-client.h
index ceda879b9283968023a060e94bb2de55e1fdccc5..b0617116816bcba7c70fc1f385e3d94d2744443a 100644 (file)
--- a/openssh/sftp-client.h
+++ b/openssh/sftp-client.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-client.h,v 1.9 2002/02/13 00:59:23 djm Exp $ */
+/* $OpenBSD: sftp-client.h,v 1.10 2002/06/23 09:30:14 deraadt Exp $ */
 
 /*
  * Copyright (c) 2001,2002 Damien Miller.  All rights reserved.
@@ -41,11 +41,9 @@ struct SFTP_DIRENT {
  * Initialiase a SSH filexfer connection. Returns -1 on error or
  * protocol version on success.
  */
-struct sftp_conn *
-do_init(int, int, u_int, u_int);
+struct sftp_conn *do_init(int, int, u_int, u_int);
 
-u_int
-sftp_proto_version(struct sftp_conn *);
+u_int sftp_proto_version(struct sftp_conn *);
 
 /* Close file referred to by 'handle' */
 int do_close(struct sftp_conn *, char *, u_int);

diff --git a/openssh/sftp-common.c b/openssh/sftp-common.c
index 4fb4496555cebfc9ac3f90c498d7602e98b9bf45..6bed0ab8a06d1f26c6af458df4e9a3b9885e3a7f 100644 (file)
--- a/openssh/sftp-common.c
+++ b/openssh/sftp-common.c
@@ -24,7 +24,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sftp-common.c,v 1.5 2001/12/02 02:08:32 deraadt Exp $");
+RCSID("$OpenBSD: sftp-common.c,v 1.6 2002/06/23 09:30:14 deraadt Exp $");
 
 #include "buffer.h"
 #include "bufaux.h"
@@ -70,6 +70,7 @@ Attrib *
 decode_attrib(Buffer *b)
 {
        static Attrib a;
+
        attrib_clear(&a);
        a.flags = buffer_get_int(b);
        if (a.flags & SSH2_FILEXFER_ATTR_SIZE)
@@ -88,6 +89,7 @@ decode_attrib(Buffer *b)
        if (a.flags & SSH2_FILEXFER_ATTR_EXTENDED) {
                char *type, *data;
                int i, count;
+
                count = buffer_get_int(b);
                for (i = 0; i < count; i++) {
                        type = buffer_get_string(b, NULL);

diff --git a/openssh/sftp-int.c b/openssh/sftp-int.c
index 5b1d3848e82895e96c4ff91ce28be7c8366eca2f..b13e5da5d5b3e1b194faaa94ce927fa392a4df0e 100644 (file)
--- a/openssh/sftp-int.c
+++ b/openssh/sftp-int.c
@@ -26,7 +26,7 @@
 /* XXX: recursive operations */
 
 #include "includes.h"
-RCSID("$OpenBSD: sftp-int.c,v 1.46 2002/03/30 18:51:15 markus Exp $");
+RCSID("$OpenBSD: sftp-int.c,v 1.47 2002/06/23 09:30:14 deraadt Exp $");
 
 #include "buffer.h"
 #include "xmalloc.h"
@@ -835,7 +835,7 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd)
                help();
                break;
        case I_VERSION:
-               printf("SFTP protocol version %d\n", sftp_proto_version(conn));
+               printf("SFTP protocol version %u\n", sftp_proto_version(conn));
                break;
        default:
                fatal("%d is not implemented", cmdnum);

diff --git a/openssh/sftp-server.c b/openssh/sftp-server.c
index 9db28e7d3c8b6ddc1c57e65ffb1564c1f6aace1f..a5c325561efb2fe5625b4603c802caf61493793d 100644 (file)
--- a/openssh/sftp-server.c
+++ b/openssh/sftp-server.c
@@ -22,7 +22,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: sftp-server.c,v 1.35 2002/06/06 17:30:11 markus Exp $");
+RCSID("$OpenBSD: sftp-server.c,v 1.37 2002/06/24 17:57:20 deraadt Exp $");
 
 #include "buffer.h"
 #include "bufaux.h"
@@ -282,7 +282,7 @@ send_status(u_int32_t id, u_int32_t error)
                "Unknown error"                 /* Others */
        };
 
-       TRACE("sent status id %d error %d", id, error);
+       TRACE("sent status id %u error %u", id, error);
        buffer_init(&msg);
        buffer_put_char(&msg, SSH2_FXP_STATUS);
        buffer_put_int(&msg, id);
@@ -311,7 +311,7 @@ send_data_or_handle(char type, u_int32_t id, char *data, int dlen)
 static void
 send_data(u_int32_t id, char *data, int dlen)
 {
-       TRACE("sent data id %d len %d", id, dlen);
+       TRACE("sent data id %u len %d", id, dlen);
        send_data_or_handle(SSH2_FXP_DATA, id, data, dlen);
 }
 
@@ -322,7 +322,7 @@ send_handle(u_int32_t id, int handle)
        int hlen;
 
        handle_to_string(handle, &string, &hlen);
-       TRACE("sent handle id %d handle %d", id, handle);
+       TRACE("sent handle id %u handle %d", id, handle);
        send_data_or_handle(SSH2_FXP_HANDLE, id, string, hlen);
        xfree(string);
 }
@@ -337,7 +337,7 @@ send_names(u_int32_t id, int count, Stat *stats)
        buffer_put_char(&msg, SSH2_FXP_NAME);
        buffer_put_int(&msg, id);
        buffer_put_int(&msg, count);
-       TRACE("sent names id %d count %d", id, count);
+       TRACE("sent names id %u count %d", id, count);
        for (i = 0; i < count; i++) {
                buffer_put_cstring(&msg, stats[i].name);
                buffer_put_cstring(&msg, stats[i].long_name);
@@ -352,7 +352,7 @@ send_attrib(u_int32_t id, Attrib *a)
 {
        Buffer msg;
 
-       TRACE("sent attrib id %d have 0x%x", id, a->flags);
+       TRACE("sent attrib id %u have 0x%x", id, a->flags);
        buffer_init(&msg);
        buffer_put_char(&msg, SSH2_FXP_ATTRS);
        buffer_put_int(&msg, id);
@@ -391,7 +391,7 @@ process_open(void)
        a = get_attrib();
        flags = flags_from_portable(pflags);
        mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm : 0666;
-       TRACE("open id %d name %s flags %d mode 0%o", id, name, pflags, mode);
+       TRACE("open id %u name %s flags %d mode 0%o", id, name, pflags, mode);
        fd = open(name, flags, mode);
        if (fd < 0) {
                status = errno_to_portable(errno);
@@ -417,7 +417,7 @@ process_close(void)
 
        id = get_int();
        handle = get_handle();
-       TRACE("close id %d handle %d", id, handle);
+       TRACE("close id %u handle %d", id, handle);
        ret = handle_close(handle);
        status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
        send_status(id, status);
@@ -436,7 +436,7 @@ process_read(void)
        off = get_int64();
        len = get_int();
 
-       TRACE("read id %d handle %d off %llu len %d", id, handle,
+       TRACE("read id %u handle %d off %llu len %d", id, handle,
            (u_int64_t)off, len);
        if (len > sizeof buf) {
                len = sizeof buf;
@@ -477,7 +477,7 @@ process_write(void)
        off = get_int64();
        data = get_string(&len);
 
-       TRACE("write id %d handle %d off %llu len %d", id, handle,
+       TRACE("write id %u handle %d off %llu len %d", id, handle,
            (u_int64_t)off, len);
        fd = handle_to_fd(handle);
        if (fd >= 0) {
@@ -512,7 +512,7 @@ process_do_stat(int do_lstat)
 
        id = get_int();
        name = get_string(NULL);
-       TRACE("%sstat id %d name %s", do_lstat ? "l" : "", id, name);
+       TRACE("%sstat id %u name %s", do_lstat ? "l" : "", id, name);
        ret = do_lstat ? lstat(name, &st) : stat(name, &st);
        if (ret < 0) {
                status = errno_to_portable(errno);
@@ -548,7 +548,7 @@ process_fstat(void)
 
        id = get_int();
        handle = get_handle();
-       TRACE("fstat id %d handle %d", id, handle);
+       TRACE("fstat id %u handle %d", id, handle);
        fd = handle_to_fd(handle);
        if (fd  >= 0) {
                ret = fstat(fd, &st);
@@ -582,13 +582,12 @@ process_setstat(void)
        Attrib *a;
        u_int32_t id;
        char *name;
-       int ret;
-       int status = SSH2_FX_OK;
+       int status = SSH2_FX_OK, ret;
 
        id = get_int();
        name = get_string(NULL);
        a = get_attrib();
-       TRACE("setstat id %d name %s", id, name);
+       TRACE("setstat id %u name %s", id, name);
        if (a->flags & SSH2_FILEXFER_ATTR_SIZE) {
                ret = truncate(name, a->size);
                if (ret == -1)
@@ -625,7 +624,7 @@ process_fsetstat(void)
        id = get_int();
        handle = get_handle();
        a = get_attrib();
-       TRACE("fsetstat id %d handle %d", id, handle);
+       TRACE("fsetstat id %u handle %d", id, handle);
        fd = handle_to_fd(handle);
        name = handle_to_name(handle);
        if (fd < 0 || name == NULL) {
@@ -677,7 +676,7 @@ process_opendir(void)
 
        id = get_int();
        path = get_string(NULL);
-       TRACE("opendir id %d path %s", id, path);
+       TRACE("opendir id %u path %s", id, path);
        dirp = opendir(path);
        if (dirp == NULL) {
                status = errno_to_portable(errno);
@@ -713,13 +712,13 @@ ls_file(char *name, struct stat *st)
        if ((pw = getpwuid(st->st_uid)) != NULL) {
                user = pw->pw_name;
        } else {
-               snprintf(ubuf, sizeof ubuf, "%d", st->st_uid);
+               snprintf(ubuf, sizeof ubuf, "%u", (u_int)st->st_uid);
                user = ubuf;
        }
        if ((gr = getgrgid(st->st_gid)) != NULL) {
                group = gr->gr_name;
        } else {
-               snprintf(gbuf, sizeof gbuf, "%d", st->st_gid);
+               snprintf(gbuf, sizeof gbuf, "%u", (u_int)st->st_gid);
                group = gbuf;
        }
        if (ltime != NULL) {
@@ -749,7 +748,7 @@ process_readdir(void)
 
        id = get_int();
        handle = get_handle();
-       TRACE("readdir id %d handle %d", id, handle);
+       TRACE("readdir id %u handle %d", id, handle);
        dirp = handle_to_dir(handle);
        path = handle_to_name(handle);
        if (dirp == NULL || path == NULL) {
@@ -759,6 +758,7 @@ process_readdir(void)
                char pathname[1024];
                Stat *stats;
                int nstats = 10, count = 0, i;
+
                stats = xmalloc(nstats * sizeof(Stat));
                while ((dp = readdir(dirp)) != NULL) {
                        if (count >= nstats) {
@@ -802,7 +802,7 @@ process_remove(void)
 
        id = get_int();
        name = get_string(NULL);
-       TRACE("remove id %d name %s", id, name);
+       TRACE("remove id %u name %s", id, name);
        ret = unlink(name);
        status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
        send_status(id, status);
@@ -822,7 +822,7 @@ process_mkdir(void)
        a = get_attrib();
        mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ?
            a->perm & 0777 : 0777;
-       TRACE("mkdir id %d name %s mode 0%o", id, name, mode);
+       TRACE("mkdir id %u name %s mode 0%o", id, name, mode);
        ret = mkdir(name, mode);
        status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
        send_status(id, status);
@@ -838,7 +838,7 @@ process_rmdir(void)
 
        id = get_int();
        name = get_string(NULL);
-       TRACE("rmdir id %d name %s", id, name);
+       TRACE("rmdir id %u name %s", id, name);
        ret = rmdir(name);
        status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
        send_status(id, status);
@@ -858,7 +858,7 @@ process_realpath(void)
                xfree(path);
                path = xstrdup(".");
        }
-       TRACE("realpath id %d path %s", id, path);
+       TRACE("realpath id %u path %s", id, path);
        if (realpath(path, resolvedname) == NULL) {
                send_status(id, errno_to_portable(errno));
        } else {
@@ -881,7 +881,7 @@ process_rename(void)
        id = get_int();
        oldpath = get_string(NULL);
        newpath = get_string(NULL);
-       TRACE("rename id %d old %s new %s", id, oldpath, newpath);
+       TRACE("rename id %u old %s new %s", id, oldpath, newpath);
        /* fail if 'newpath' exists */
        if (stat(newpath, &st) == -1) {
                ret = rename(oldpath, newpath);
@@ -902,7 +902,7 @@ process_readlink(void)
 
        id = get_int();
        path = get_string(NULL);
-       TRACE("readlink id %d path %s", id, path);
+       TRACE("readlink id %u path %s", id, path);
        if ((len = readlink(path, link, sizeof(link) - 1)) == -1)
                send_status(id, errno_to_portable(errno));
        else {
@@ -927,7 +927,7 @@ process_symlink(void)
        id = get_int();
        oldpath = get_string(NULL);
        newpath = get_string(NULL);
-       TRACE("symlink id %d old %s new %s", id, oldpath, newpath);
+       TRACE("symlink id %u old %s new %s", id, oldpath, newpath);
        /* fail if 'newpath' exists */
        if (stat(newpath, &st) == -1) {
                ret = symlink(oldpath, newpath);

diff --git a/openssh/sftp.c b/openssh/sftp.c
index f941d18faae581b8d92fb11575e955332696206c..fac2564ded5d0244ee0f78242477abad100cbd11 100644 (file)
--- a/openssh/sftp.c
+++ b/openssh/sftp.c
@@ -24,7 +24,7 @@
 
 #include "includes.h"
 
-RCSID("$OpenBSD: sftp.c,v 1.29 2002/04/02 17:37:48 markus Exp $");
+RCSID("$OpenBSD: sftp.c,v 1.30 2002/06/23 09:30:14 deraadt Exp $");
 
 /* XXX: short-form remote directory listings (like 'ls -C') */
 
@@ -53,8 +53,10 @@ static void
 connect_to_server(char *path, char **args, int *in, int *out, pid_t *sshpid)
 {
        int c_in, c_out;
+
 #ifdef USE_PIPES
        int pin[2], pout[2];
+
        if ((pipe(pin) == -1) || (pipe(pout) == -1))
                fatal("pipe: %s", strerror(errno));
        *in = pin[0];
@@ -63,6 +65,7 @@ connect_to_server(char *path, char **args, int *in, int *out, pid_t *sshpid)
        c_out = pin[1];
 #else /* USE_PIPES */
        int inout[2];
+
        if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) == -1)
                fatal("socketpair: %s", strerror(errno));
        *in = *out = inout[0];

diff --git a/openssh/ssh-agent.1 b/openssh/ssh-agent.1
index e5ea1e3255804f3e312133499a62c5b5e603e2cb..0227436c1719331fc18b571533e88c182b67deea 100644 (file)
--- a/openssh/ssh-agent.1
+++ b/openssh/ssh-agent.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-agent.1,v 1.33 2002/06/19 00:27:55 deraadt Exp $
+.\" $OpenBSD: ssh-agent.1,v 1.35 2002/06/24 13:12:23 markus Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -69,7 +69,7 @@ The options are as follows:
 Bind the agent to the unix-domain socket
 .Ar bind_address .
 The default is
-.Pa /tmp/ssh-XXXXXXXX/agent.<pid> .
+.Pa /tmp/ssh-XXXXXXXX/agent.<ppid> .
 .It Fl c
 Generate C-shell commands on
 .Dv stdout .
@@ -151,7 +151,7 @@ user.
 .Pp
 The
 .Ev SSH_AGENT_PID
-environment variable holds the agent's PID.
+environment variable holds the agent's process ID.
 .Pp
 The agent exits automatically when the command given on the command
 line terminates.
@@ -163,7 +163,7 @@ Contains the protocol version 1 RSA authentication identity of the user.
 Contains the protocol version 2 DSA authentication identity of the user.
 .It Pa $HOME/.ssh/id_rsa
 Contains the protocol version 2 RSA authentication identity of the user.
-.It Pa /tmp/ssh-XXXXXXXX/agent.<pid>
+.It Pa /tmp/ssh-XXXXXXXX/agent.<ppid>
 Unix-domain sockets used to contain the connection to the
 authentication agent.
 These sockets should only be readable by the owner.

diff --git a/openssh/ssh-agent.c b/openssh/ssh-agent.c
index c3a907798fab5fbcf0e02dace960b821b2ec25f2..ac16bae40aa59307d76a0a0b4600fb6f6d02c19f 100644 (file)
--- a/openssh/ssh-agent.c
+++ b/openssh/ssh-agent.c
@@ -35,7 +35,7 @@
 
 #include "includes.h"
 #include "openbsd-compat/fake-queue.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.95 2002/06/19 00:27:55 deraadt Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.97 2002/06/24 14:55:38 markus Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/md5.h>
@@ -110,6 +110,7 @@ static void
 idtab_init(void)
 {
        int i;
+
        for (i = 0; i <=2; i++) {
                TAILQ_INIT(&idtable[i].idlist);
                idtable[i].nentries = 0;
@@ -152,8 +153,8 @@ static void
 process_request_identities(SocketEntry *e, int version)
 {
        Idtab *tab = idtab_lookup(version);
-       Buffer msg;
        Identity *id;
+       Buffer msg;
 
        buffer_init(&msg);
        buffer_put_char(&msg, (version == 1) ?
@@ -182,21 +183,21 @@ process_request_identities(SocketEntry *e, int version)
 static void
 process_authentication_challenge1(SocketEntry *e)
 {
-       Identity *id;
-       Key *key;
+       u_char buf[32], mdbuf[16], session_id[16];
+       u_int response_type;
        BIGNUM *challenge;
+       Identity *id;
        int i, len;
        Buffer msg;
        MD5_CTX md;
-       u_char buf[32], mdbuf[16], session_id[16];
-       u_int response_type;
+       Key *key;
 
        buffer_init(&msg);
        key = key_new(KEY_RSA1);
        if ((challenge = BN_new()) == NULL)
                fatal("process_authentication_challenge1: BN_new failed");
 
-       buffer_get_int(&e->request);                            /* ignored */
+       (void) buffer_get_int(&e->request);                     /* ignored */
        buffer_get_bignum(&e->request, key->rsa->e);
        buffer_get_bignum(&e->request, key->rsa->n);
        buffer_get_bignum(&e->request, challenge);
@@ -251,13 +252,12 @@ send:
 static void
 process_sign_request2(SocketEntry *e)
 {
-       extern int datafellows;
-       Key *key;
        u_char *blob, *data, *signature = NULL;
        u_int blen, dlen, slen = 0;
-       int flags;
+       extern int datafellows;
+       int ok = -1, flags;
        Buffer msg;
-       int ok = -1;
+       Key *key;
 
        datafellows = 0;
 
@@ -296,11 +296,10 @@ process_sign_request2(SocketEntry *e)
 static void
 process_remove_identity(SocketEntry *e, int version)
 {
+       u_int blen, bits;
+       int success = 0;
        Key *key = NULL;
        u_char *blob;
-       u_int blen;
-       u_int bits;
-       int success = 0;
 
        switch (version) {
        case 1:
@@ -310,7 +309,7 @@ process_remove_identity(SocketEntry *e, int version)
                buffer_get_bignum(&e->request, key->rsa->n);
 
                if (bits != key_size(key))
-                       log("Warning: identity keysize mismatch: actual %d, announced %d",
+                       log("Warning: identity keysize mismatch: actual %u, announced %u",
                            key_size(key), bits);
                break;
        case 2:
@@ -370,10 +369,10 @@ process_remove_all_identities(SocketEntry *e, int version)
 static void
 reaper(void)
 {
-       Idtab *tab;
+       u_int now = time(NULL);
        Identity *id, *nxt;
        int version;
-       u_int now = time(NULL);
+       Idtab *tab;
 
        for (version = 1; version < 3; version++) {
                tab = idtab_lookup(version);
@@ -391,16 +390,15 @@ reaper(void)
 static void
 process_add_identity(SocketEntry *e, int version)
 {
-       Key *k = NULL;
-       char *type_name;
-       char *comment;
-       int type, success = 0, death = 0;
        Idtab *tab = idtab_lookup(version);
+       int type, success = 0, death = 0;
+       char *type_name, *comment;
+       Key *k = NULL;
 
        switch (version) {
        case 1:
                k = key_new_private(KEY_RSA1);
-               buffer_get_int(&e->request);                    /* ignored */
+               (void) buffer_get_int(&e->request);             /* ignored */
                buffer_get_bignum(&e->request, k->rsa->n);
                buffer_get_bignum(&e->request, k->rsa->e);
                buffer_get_bignum(&e->request, k->rsa->d);
@@ -481,8 +479,8 @@ send:
 static void
 process_lock_agent(SocketEntry *e, int lock)
 {
-       char *passwd;
        int success = 0;
+       char *passwd;
 
        passwd = buffer_get_string(&e->request, NULL);
        if (locked && !lock && strcmp(passwd, lock_passwd) == 0) {
@@ -523,11 +521,11 @@ no_identities(SocketEntry *e, u_int type)
 static void
 process_add_smartcard_key (SocketEntry *e)
 {
-       Identity *id;
-       Idtab *tab;
-       Key **keys, *k;
        char *sc_reader_id = NULL, *pin;
        int i, version, success = 0;
+       Key **keys, *k;
+       Identity *id;
+       Idtab *tab;
 
        sc_reader_id = buffer_get_string(&e->request, NULL);
        pin = buffer_get_string(&e->request, NULL);
@@ -566,11 +564,11 @@ send:
 static void
 process_remove_smartcard_key(SocketEntry *e)
 {
-       Identity *id;
-       Idtab *tab;
-       Key **keys, *k = NULL;
        char *sc_reader_id = NULL, *pin;
        int i, version, success = 0;
+       Key **keys, *k = NULL;
+       Identity *id;
+       Idtab *tab;
 
        sc_reader_id = buffer_get_string(&e->request, NULL);
        pin = buffer_get_string(&e->request, NULL);
@@ -608,8 +606,7 @@ send:
 static void
 process_message(SocketEntry *e)
 {
-       u_int msg_len;
-       u_int type;
+       u_int msg_len, type;
        u_char *cp;
 
        /* kill dead keys */
@@ -622,6 +619,7 @@ process_message(SocketEntry *e)
        if (msg_len > 256 * 1024) {
                shutdown(e->fd, SHUT_RDWR);
                close(e->fd);
+               e->fd = -1;
                e->type = AUTH_UNUSED;
                buffer_free(&e->input);
                buffer_free(&e->output);
@@ -717,6 +715,7 @@ static void
 new_socket(sock_type type, int fd)
 {
        u_int i, old_alloc;
+
        if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0)
                error("fcntl O_NONBLOCK: %s", strerror(errno));
 
@@ -801,11 +800,11 @@ prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl, int *nallocp)
 static void
 after_select(fd_set *readset, fd_set *writeset)
 {
-       u_int i;
-       int len, sock;
+       struct sockaddr_un sunaddr;
        socklen_t slen;
        char buf[1024];
-       struct sockaddr_un sunaddr;
+       int len, sock;
+       u_int i;
 
        for (i = 0; i < sockets_alloc; i++)
                switch (sockets[i].type) {
@@ -839,6 +838,7 @@ after_select(fd_set *readset, fd_set *writeset)
                                if (len <= 0) {
                                        shutdown(sockets[i].fd, SHUT_RDWR);
                                        close(sockets[i].fd);
+                                       sockets[i].fd = -1;
                                        sockets[i].type = AUTH_UNUSED;
                                        buffer_free(&sockets[i].input);
                                        buffer_free(&sockets[i].output);
@@ -858,6 +858,7 @@ after_select(fd_set *readset, fd_set *writeset)
                                if (len <= 0) {
                                        shutdown(sockets[i].fd, SHUT_RDWR);
                                        close(sockets[i].fd);
+                                       sockets[i].fd = -1;
                                        sockets[i].type = AUTH_UNUSED;
                                        buffer_free(&sockets[i].input);
                                        buffer_free(&sockets[i].output);
@@ -928,6 +929,8 @@ int
 main(int ac, char **av)
 {
        int sock, c_flag = 0, d_flag = 0, k_flag = 0, s_flag = 0, ch, nalloc;
+       char *shell, *format, *pidstr, *agentsocket = NULL;
+       fd_set *readsetp = NULL, *writesetp = NULL;
        struct sockaddr_un sunaddr;
 #ifdef HAVE_SETRLIMIT
        struct rlimit rlim;
@@ -935,11 +938,10 @@ main(int ac, char **av)
 #ifdef HAVE_CYGWIN
        int prev_mask;
 #endif
-       pid_t pid;
-       char *shell, *format, *pidstr, pidstrbuf[1 + 3 * sizeof pid];
-       char *agentsocket = NULL;
        extern int optind;
-       fd_set *readsetp = NULL, *writesetp = NULL;
+       extern char *optarg;
+       pid_t pid;
+       char pidstrbuf[1 + 3 * sizeof pid];
 
        SSLeay_add_all_algorithms();
 
@@ -947,11 +949,7 @@ main(int ac, char **av)
        init_rng();
        seed_rng();
 
-#ifdef __GNU_LIBRARY__
-       while ((ch = getopt(ac, av, "+cdksa:")) != -1) {
-#else /* __GNU_LIBRARY__ */
        while ((ch = getopt(ac, av, "cdksa:")) != -1) {
-#endif /* __GNU_LIBRARY__ */
                switch (ch) {
                case 'c':
                        if (s_flag)

diff --git a/openssh/ssh-dss.c b/openssh/ssh-dss.c
index 02403f550afc22388d6cc9e7f9d3aa31a5128849..dbf8465bae54612d6160c2f7e7fff0f06f4b0d01 100644 (file)
--- a/openssh/ssh-dss.c
+++ b/openssh/ssh-dss.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-dss.c,v 1.14 2002/02/28 15:46:33 markus Exp $");
+RCSID("$OpenBSD: ssh-dss.c,v 1.15 2002/06/23 03:30:17 deraadt Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/evp.h>
@@ -40,9 +40,7 @@ RCSID("$OpenBSD: ssh-dss.c,v 1.14 2002/02/28 15:46:33 markus Exp $");
 #define SIGBLOB_LEN    (2*INTBLOB_LEN)
 
 int
-ssh_dss_sign(
-    Key *key,
-    u_char **sigp, u_int *lenp,
+ssh_dss_sign(Key *key, u_char **sigp, u_int *lenp,
     u_char *data, u_int datalen)
 {
        DSA_SIG *sig;
@@ -71,7 +69,7 @@ ssh_dss_sign(
        rlen = BN_num_bytes(sig->r);
        slen = BN_num_bytes(sig->s);
        if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) {
-               error("bad sig size %d %d", rlen, slen);
+               error("bad sig size %u %u", rlen, slen);
                DSA_SIG_free(sig);
                return -1;
        }
@@ -104,9 +102,7 @@ ssh_dss_sign(
        return 0;
 }
 int
-ssh_dss_verify(
-    Key *key,
-    u_char *signature, u_int signaturelen,
+ssh_dss_verify(Key *key, u_char *signature, u_int signaturelen,
     u_char *data, u_int datalen)
 {
        DSA_SIG *sig;
@@ -151,7 +147,7 @@ ssh_dss_verify(
        }
 
        if (len != SIGBLOB_LEN) {
-               fatal("bad sigbloblen %d != SIGBLOB_LEN", len);
+               fatal("bad sigbloblen %u != SIGBLOB_LEN", len);
        }
 
        /* parse signature */

diff --git a/openssh/ssh-keygen.c b/openssh/ssh-keygen.c
index df8c90afb756a67ba807bba4ac6d00fd7561e3a7..4273c11321c8830820cd51936733b4653830ae10 100644 (file)
--- a/openssh/ssh-keygen.c
+++ b/openssh/ssh-keygen.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.100 2002/06/19 00:27:55 deraadt Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.101 2002/06/23 09:39:55 deraadt Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/pem.h>
@@ -170,7 +170,7 @@ do_convert_to_ssh2(struct passwd *pw)
        }
        fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN);
        fprintf(stdout,
-           "Comment: \"%d-bit %s, converted from OpenSSH by %s@%s\"\n",
+           "Comment: \"%u-bit %s, converted from OpenSSH by %s@%s\"\n",
            key_size(k), key_type(k),
            pw->pw_name, hostname);
        dump_base64(stdout, blob, len);
@@ -462,7 +462,7 @@ do_fingerprint(struct passwd *pw)
        public = key_load_public(identity_file, &comment);
        if (public != NULL) {
                fp = key_fingerprint(public, fptype, rep);
-               printf("%d %s %s\n", key_size(public), fp, comment);
+               printf("%u %s %s\n", key_size(public), fp, comment);
                key_free(public);
                xfree(comment);
                xfree(fp);
@@ -496,7 +496,8 @@ do_fingerprint(struct passwd *pw)
                        if (i == 0 || ep == NULL || (*ep != ' ' && *ep != '\t')) {
                                int quoted = 0;
                                comment = cp;
-                               for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
+                               for (; *cp && (quoted || (*cp != ' ' &&
+                                   *cp != '\t')); cp++) {
                                        if (*cp == '\\' && cp[1] == '"')
                                                cp++;   /* Skip both */
                                        else if (*cp == '"')
@@ -519,7 +520,7 @@ do_fingerprint(struct passwd *pw)
                        }
                        comment = *cp ? cp : comment;
                        fp = key_fingerprint(public, fptype, rep);
-                       printf("%d %s %s\n", key_size(public), fp,
+                       printf("%u %s %s\n", key_size(public), fp,
                            comment ? comment : "no comment");
                        xfree(fp);
                        key_free(public);

diff --git a/openssh/ssh-rsa.c b/openssh/ssh-rsa.c
index 3e66294e9f8c4ad939cfb0a8b40e8b5c673f5728..782279bad23b9fae75f22022bdec879cfea7bb0c 100644 (file)
--- a/openssh/ssh-rsa.c
+++ b/openssh/ssh-rsa.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-rsa.c,v 1.20 2002/06/10 16:53:06 stevesk Exp $");
+RCSID("$OpenBSD: ssh-rsa.c,v 1.21 2002/06/23 03:30:17 deraadt Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/err.h>
@@ -39,9 +39,7 @@ RCSID("$OpenBSD: ssh-rsa.c,v 1.20 2002/06/10 16:53:06 stevesk Exp $");
 
 /* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */
 int
-ssh_rsa_sign(
-    Key *key,
-    u_char **sigp, u_int *lenp,
+ssh_rsa_sign(Key *key, u_char **sigp, u_int *lenp,
     u_char *data, u_int datalen)
 {
        const EVP_MD *evp_md;
@@ -72,17 +70,18 @@ ssh_rsa_sign(
 
        if (ok != 1) {
                int ecode = ERR_get_error();
-               error("ssh_rsa_sign: RSA_sign failed: %s", ERR_error_string(ecode, NULL));
+               error("ssh_rsa_sign: RSA_sign failed: %s",
+                   ERR_error_string(ecode, NULL));
                xfree(sig);
                return -1;
        }
        if (len < slen) {
                int diff = slen - len;
-               debug("slen %d > len %d", slen, len);
+               debug("slen %u > len %u", slen, len);
                memmove(sig + diff, sig, len);
                memset(sig, 0, diff);
        } else if (len > slen) {
-               error("ssh_rsa_sign: slen %d slen2 %d", slen, len);
+               error("ssh_rsa_sign: slen %u slen2 %u", slen, len);
                xfree(sig);
                return -1;
        }
@@ -105,9 +104,7 @@ ssh_rsa_sign(
 }
 
 int
-ssh_rsa_verify(
-    Key *key,
-    u_char *signature, u_int signaturelen,
+ssh_rsa_verify(Key *key, u_char *signature, u_int signaturelen,
     u_char *data, u_int datalen)
 {
        Buffer b;
@@ -148,12 +145,12 @@ ssh_rsa_verify(
        /* RSA_verify expects a signature of RSA_size */
        modlen = RSA_size(key->rsa);
        if (len > modlen) {
-               error("ssh_rsa_verify: len %d > modlen %d", len, modlen);
+               error("ssh_rsa_verify: len %u > modlen %u", len, modlen);
                xfree(sigblob);
                return -1;
        } else if (len < modlen) {
                int diff = modlen - len;
-               debug("ssh_rsa_verify: add padding: modlen %d > len %d",
+               debug("ssh_rsa_verify: add padding: modlen %u > len %u",
                    modlen, len);
                sigblob = xrealloc(sigblob, modlen);
                memmove(sigblob + diff, sigblob, len);
@@ -176,7 +173,8 @@ ssh_rsa_verify(
        xfree(sigblob);
        if (ret == 0) {
                int ecode = ERR_get_error();
-               error("ssh_rsa_verify: RSA_verify failed: %s", ERR_error_string(ecode, NULL));
+               error("ssh_rsa_verify: RSA_verify failed: %s",
+                   ERR_error_string(ecode, NULL));
        }
        debug("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : "");
        return ret;

diff --git a/openssh/ssh.1 b/openssh/ssh.1
index 8ada41f2972354aea0ca6f21d4269c255631dd13..1f3efca78541df9eb91f4a2f59690f02642a9071 100644 (file)
--- a/openssh/ssh.1
+++ b/openssh/ssh.1
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.158 2002/06/20 19:56:07 stevesk Exp $
+.\" $OpenBSD: ssh.1,v 1.160 2002/06/22 11:51:39 naddy Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@@ -952,8 +952,8 @@ protocol versions 1.5 and 2.0.
 .Xr ssh-agent 1 ,
 .Xr ssh-keygen 1 ,
 .Xr telnet 1 ,
-.Xr ssh_config 4 ,
-.Xr ssh-keysign 8,
+.Xr ssh_config 5 ,
+.Xr ssh-keysign 8 ,
 .Xr sshd 8
 .Rs
 .%A T. Ylonen

diff --git a/openssh/ssh.h b/openssh/ssh.h
index e23bb1d5c26c1b80e39ebd65768ad182d36e27f6..07eee78b6eacd307841c742c5c0a9fc5e4faca29 100644 (file)
--- a/openssh/ssh.h
+++ b/openssh/ssh.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ssh.h,v 1.70 2002/06/03 12:04:07 deraadt Exp $        */
+/*     $OpenBSD: ssh.h,v 1.71 2002/06/22 02:00:29 stevesk Exp $        */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -65,8 +65,8 @@
 #endif
 
 /*
- * Name of the environment variable containing the pathname of the
- * authentication socket.
+ * Name of the environment variable containing the process ID of the
+ * authentication agent.
  */
 #define SSH_AGENTPID_ENV_NAME  "SSH_AGENT_PID"
 

diff --git a/openssh/sshconnect.c b/openssh/sshconnect.c
index 9b4c38835a677dfae38905eb609434b38afbfdde..b89321fb8392b9154db711ec4df28e7d058e919d 100644 (file)
--- a/openssh/sshconnect.c
+++ b/openssh/sshconnect.c
@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.125 2002/06/19 00:27:55 deraadt Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.126 2002/06/23 03:30:17 deraadt Exp $");
 
 #include <openssl/bn.h>
 
@@ -266,7 +266,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
        memset(&hints, 0, sizeof(hints));
        hints.ai_family = family;
        hints.ai_socktype = SOCK_STREAM;
-       snprintf(strport, sizeof strport, "%d", port);
+       snprintf(strport, sizeof strport, "%u", port);
        if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0)
                fatal("%s: %.100s: %s", __progname, host,
                    gai_strerror(gaierr));
@@ -489,7 +489,6 @@ confirm(const char *prompt)
  * check whether the supplied host key is valid, return -1 if the key
  * is not valid. the user_hostfile will not be updated if 'readonly' is true.
  */
-
 static int
 check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
     int readonly, const char *user_hostfile, const char *system_hostfile)

diff --git a/openssh/sshconnect2.c b/openssh/sshconnect2.c
index 7f28ab51e79da2e9afa67c8bee300833a3e87216..215f76ca2e3673f7258d7b36d0499d4194f370b1 100644 (file)
--- a/openssh/sshconnect2.c
+++ b/openssh/sshconnect2.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.104 2002/06/19 00:27:55 deraadt Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.105 2002/06/23 03:30:17 deraadt Exp $");
 
 #include "ssh.h"
 #include "ssh2.h"
@@ -299,12 +299,14 @@ userauth(Authctxt *authctxt, char *authlist)
                }
        }
 }
+
 void
 input_userauth_error(int type, u_int32_t seq, void *ctxt)
 {
        fatal("input_userauth_error: bad message during authentication: "
           "type %d", type);
 }
+
 void
 input_userauth_banner(int type, u_int32_t seq, void *ctxt)
 {
@@ -316,6 +318,7 @@ input_userauth_banner(int type, u_int32_t seq, void *ctxt)
        xfree(msg);
        xfree(lang);
 }
+
 void
 input_userauth_success(int type, u_int32_t seq, void *ctxt)
 {
@@ -327,6 +330,7 @@ input_userauth_success(int type, u_int32_t seq, void *ctxt)
        clear_auth_state(authctxt);
        authctxt->success = 1;                  /* break out */
 }
+
 void
 input_userauth_failure(int type, u_int32_t seq, void *ctxt)
 {
@@ -375,7 +379,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt)
        }
        packet_check_eom();
 
-       debug("input_userauth_pk_ok: pkalg %s blen %d lastkey %p hint %d",
+       debug("input_userauth_pk_ok: pkalg %s blen %u lastkey %p hint %d",
            pkalg, blen, authctxt->last_key, authctxt->last_key_hint);
 
        do {
@@ -894,9 +898,7 @@ input_userauth_info_req(int type, u_int32_t seq, void *ctxt)
 }
 
 static int
-ssh_keysign(
-    Key *key,
-    u_char **sigp, u_int *lenp,
+ssh_keysign(Key *key, u_char **sigp, u_int *lenp,
     u_char *data, u_int datalen)
 {
        Buffer b;
@@ -1098,6 +1100,7 @@ authmethod_lookup(const char *name)
 static Authmethod *current = NULL;
 static char *supported = NULL;
 static char *preferred = NULL;
+
 /*
  * Given the authentication method list sent by the server, return the
  * next method we should try.  If the server initially sends a nil list,

diff --git a/openssh/sshd.8 b/openssh/sshd.8
index 22f81432a37b97b076fde69e6f7d494a05488f21..37a7b58f6f35c71d64f03e5ce03a7608924152d0 100644 (file)
--- a/openssh/sshd.8
+++ b/openssh/sshd.8
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.184 2002/06/20 19:56:07 stevesk Exp $
+.\" $OpenBSD: sshd.8,v 1.186 2002/06/22 16:45:29 stevesk Exp $
 .Dd September 25, 1999
 .Dt SSHD 8
 .Os
@@ -578,11 +578,18 @@ These files are created using
 .Xr ssh-keygen 1 .
 .It Pa /etc/moduli
 Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
+.It Pa /var/empty
+.Xr chroot 2
+directory used by
+.Nm
+during privilege separation in the pre-authentication phase.
+The directory should not contain any files and must be owned by root
+and not group or world-writable.
 .It Pa /var/run/sshd.pid
 Contains the process ID of the
 .Nm
 listening for connections (if there are several daemons running
-concurrently for different ports, this contains the pid of the one
+concurrently for different ports, this contains the process ID of the one
 started last).
 The content of this file is not sensitive; it can be world-readable.
 .It Pa $HOME/.ssh/authorized_keys

diff --git a/openssh/sshd.c b/openssh/sshd.c
index feea3ce2c5ca3aedafa5385e2fa201f6390240a0..851fad4be04cb29da8073fdbcadc196d446e7dc9 100644 (file)
--- a/openssh/sshd.c
+++ b/openssh/sshd.c
@@ -42,7 +42,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.246 2002/06/20 23:05:56 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.251 2002/06/25 18:51:04 markus Exp $");
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -219,6 +219,7 @@ static void
 close_listen_socks(void)
 {
        int i;
+
        for (i = 0; i < num_listen_socks; i++)
                close(listen_socks[i]);
        num_listen_socks = -1;
@@ -228,6 +229,7 @@ static void
 close_startup_pipes(void)
 {
        int i;
+
        if (startup_pipes)
                for (i = 0; i < options.max_startups; i++)
                        if (startup_pipes[i] != -1)
@@ -260,7 +262,8 @@ sighup_restart(void)
        close_listen_socks();
        close_startup_pipes();
        execv(saved_argv[0], saved_argv);
-       log("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0], strerror(errno));
+       log("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0],
+           strerror(errno));
        exit(1);
 }
 
@@ -280,8 +283,8 @@ sigterm_handler(int sig)
 static void
 main_sigchld_handler(int sig)
 {
-       pid_t pid;
        int save_errno = errno;
+       pid_t pid;
        int status;
 
        while ((pid = waitpid(-1, &status, WNOHANG)) > 0 ||
@@ -341,6 +344,7 @@ static void
 key_regeneration_alarm(int sig)
 {
        int save_errno = errno;
+
        signal(SIGALRM, SIG_DFL);
        errno = save_errno;
        key_do_regen = 1;
@@ -372,7 +376,8 @@ sshd_exchange_identification(int sock_in, int sock_out)
 
        if (client_version_string == NULL) {
                /* Send our protocol version identification. */
-               if (atomicio(write, sock_out, server_version_string, strlen(server_version_string))
+               if (atomicio(write, sock_out, server_version_string,
+                   strlen(server_version_string))
                    != strlen(server_version_string)) {
                        log("Could not write ident string to %s", get_remote_ipaddr());
                        fatal_cleanup();
@@ -475,7 +480,6 @@ sshd_exchange_identification(int sock_in, int sock_out)
        }
 }
 
-
 /* Destroy the host and server keys.  They will no longer be needed. */
 void
 destroy_sensitive_data(void)
@@ -526,8 +530,9 @@ static void
 privsep_preauth_child(void)
 {
        u_int32_t rand[256];
-       int i;
+       gid_t gidset[2];
        struct passwd *pw;
+       int i;
 
        /* Enable challenge-response authentication for privilege separation */
        privsep_challenge_enable();
@@ -555,7 +560,17 @@ privsep_preauth_child(void)
        /* Drop our privileges */
        debug3("privsep user:group %u:%u", (u_int)pw->pw_uid,
            (u_int)pw->pw_gid);
+#if 0
+       /* XXX not ready, to heavy after chroot */
        do_setusercontext(pw);
+#else
+       gidset[0] = pw->pw_gid;
+       if (setgid(pw->pw_gid) < 0)
+               fatal("setgid failed for %u", pw->pw_gid );
+       if (setgroups(1, gidset) < 0)
+               fatal("setgroups: %.100s", strerror(errno));
+       permanently_set_uid(pw);
+#endif
 }
 
 static Authctxt*
@@ -609,7 +624,11 @@ privsep_postauth(Authctxt *authctxt)
        /* XXX - Remote port forwarding */
        x_authctxt = authctxt;
 
+#ifdef BROKEN_FD_PASSING
+       if (1) {
+#else
        if (authctxt->pw->pw_uid == 0 || options.use_login) {
+#endif
                /* File descriptor passing is broken or root login */
                monitor_apply_keystate(pmonitor);
                use_privsep = 0;
@@ -683,6 +702,7 @@ Key *
 get_hostkey_by_type(int type)
 {
        int i;
+
        for (i = 0; i < options.num_host_key_files; i++) {
                Key *key = sensitive_data.host_keys[i];
                if (key != NULL && key->type == type)
@@ -703,6 +723,7 @@ int
 get_hostkey_index(Key *key)
 {
        int i;
+
        for (i = 0; i < options.num_host_key_files; i++) {
                if (key == sensitive_data.host_keys[i])
                        return (i);
@@ -991,11 +1012,13 @@ main(int ac, char **av)
                 * hate software patents. I dont know if this can go? Niels
                 */
                if (options.server_key_bits >
-                   BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) - SSH_KEY_BITS_RESERVED &&
-                   options.server_key_bits <
-                   BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + SSH_KEY_BITS_RESERVED) {
+                   BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) -
+                   SSH_KEY_BITS_RESERVED && options.server_key_bits <
+                   BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) +
+                   SSH_KEY_BITS_RESERVED) {
                        options.server_key_bits =
-                           BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + SSH_KEY_BITS_RESERVED;
+                           BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) +
+                           SSH_KEY_BITS_RESERVED;
                        debug("Forcing server key to %d bits to make it differ from host key.",
                            options.server_key_bits);
                }
@@ -1012,6 +1035,9 @@ main(int ac, char **av)
                    (S_ISDIR(st.st_mode) == 0))
                        fatal("Missing privilege separation directory: %s",
                            _PATH_PRIVSEP_CHROOT_DIR);
+               if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
+                       fatal("Bad owner or mode for %s",
+                           _PATH_PRIVSEP_CHROOT_DIR);
        }
 
        /* Configuration looks good, so exit if in test mode. */
@@ -1351,7 +1377,7 @@ main(int ac, char **av)
         */
 #if 0
        /* XXX: this breaks Solaris */
-       if (setsid() < 0)
+       if (!debug_flag && !inetd_flag && setsid() < 0)
                error("setsid: %.100s", strerror(errno));
 #endif
 

diff --git a/openssh/sshd_config.5 b/openssh/sshd_config.5
index 1aecd485b7136d32004b469da1a5fdd71e824cbc..aa7b7c7d4eae578c04651ea89b90890d3b22ec76 100644 (file)
--- a/openssh/sshd_config.5
+++ b/openssh/sshd_config.5
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.3 2002/06/20 23:37:12 markus Exp $
+.\" $OpenBSD: sshd_config.5,v 1.4 2002/06/22 16:45:29 stevesk Exp $
 .Dd September 25, 1999
 .Dt SSHD_CONFIG 5
 .Os
@@ -305,10 +305,6 @@ To disable keepalives, the value should be set to
 .It Cm KerberosAuthentication
 Specifies whether Kerberos authentication is allowed.
 This can be in the form of a Kerberos ticket, or if
-.It Cm PAMAuthenticationViaKbdInt
-Specifies whether PAM challenge response authentication is allowed. This
-allows the use of most PAM challenge response authentication modules, but
-it will allow password authentication regardless of whether
 .Cm PasswordAuthentication
 is yes, the password provided by the user will be validated through
 the Kerberos KDC.
@@ -425,6 +421,12 @@ The probability increases linearly and all connection attempts
 are refused if the number of unauthenticated connections reaches
 .Dq full
 (60).
+.It Cm PAMAuthenticationViaKbdInt
+Specifies whether PAM challenge response authentication is allowed. This
+allows the use of most PAM challenge response authentication modules, but
+it will allow password authentication regardless of whether
+.Cm PasswordAuthentication
+is enabled.
 .It Cm PasswordAuthentication
 Specifies whether password authentication is allowed.
 The default is
@@ -464,7 +466,7 @@ If this option is set to
 .Dq no
 root is not allowed to login.
 .It Cm PidFile
-Specifies the file that contains the process identifier of the
+Specifies the file that contains the process ID of the
 .Nm sshd
 daemon.
 The default is

diff --git a/openssh/sshlogin.c b/openssh/sshlogin.c
index 78c51abd6793df415c5147cdcf1f8524230fbc7e..e76f94534daa9359c80b8d0a0120c8069b58dc3f 100644 (file)
--- a/openssh/sshlogin.c
+++ b/openssh/sshlogin.c
@@ -39,7 +39,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshlogin.c,v 1.3 2001/12/19 07:18:56 deraadt Exp $");
+RCSID("$OpenBSD: sshlogin.c,v 1.4 2002/06/23 03:30:17 deraadt Exp $");
 
 #include "loginrec.h"
 
@@ -48,10 +48,9 @@ RCSID("$OpenBSD: sshlogin.c,v 1.3 2001/12/19 07:18:56 deraadt Exp $");
  * information is not available.  This must be called before record_login.
  * The host the user logged in from will be returned in buf.
  */
-
 u_long
 get_last_login_time(uid_t uid, const char *logname,
-                   char *buf, u_int bufsize)
+    char *buf, u_int bufsize)
 {
   struct logininfo li;
 
@@ -64,10 +63,9 @@ get_last_login_time(uid_t uid, const char *logname,
  * Records that the user has logged in.  I these parts of operating systems
  * were more standardized.
  */
-
 void
 record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid,
-       const char *host, struct sockaddr * addr)
+    const char *host, struct sockaddr * addr)
 {
   struct logininfo *li;
 
@@ -92,7 +90,6 @@ record_utmp_only(pid_t pid, const char *ttyname, const char *user,
 #endif
 
 /* Records that the user has logged out. */
-
 void
 record_logout(pid_t pid, const char *ttyname, const char *user)
 {

diff --git a/openssh/sshpty.c b/openssh/sshpty.c
index a7e7e27693bb856c0849cdfeee6c2a5e1e42f2d1..64ac4e5994fa8d636431b88d043c561217c9030f 100644 (file)
--- a/openssh/sshpty.c
+++ b/openssh/sshpty.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshpty.c,v 1.4 2001/12/19 07:18:56 deraadt Exp $");
+RCSID("$OpenBSD: sshpty.c,v 1.7 2002/06/24 17:57:20 deraadt Exp $");
 
 #ifdef HAVE_UTIL_H
 # include <util.h>
@@ -343,9 +343,8 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname)
        if (fd < 0)
                error("open /dev/tty failed - could not set controlling tty: %.100s",
                    strerror(errno));
-       else {
+       else 
                close(fd);
-       }
 #endif /* _CRAY */
 }
 
@@ -356,6 +355,7 @@ pty_change_window_size(int ptyfd, int row, int col,
        int xpixel, int ypixel)
 {
        struct winsize w;
+
        w.ws_row = row;
        w.ws_col = col;
        w.ws_xpixel = xpixel;
@@ -393,13 +393,13 @@ pty_setowner(struct passwd *pw, const char *ttyname)
        if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
                if (chown(ttyname, pw->pw_uid, gid) < 0) {
                        if (errno == EROFS &&
-                          (st.st_uid == pw->pw_uid || st.st_uid == 0))
-                               error("chown(%.100s, %d, %d) failed: %.100s",
-                                   ttyname, pw->pw_uid, gid,
+                           (st.st_uid == pw->pw_uid || st.st_uid == 0))
+                               error("chown(%.100s, %u, %u) failed: %.100s",
+                                   ttyname, (u_int)pw->pw_uid, (u_int)gid,
                                    strerror(errno));
                        else
-                               fatal("chown(%.100s, %d, %d) failed: %.100s",
-                                   ttyname, pw->pw_uid, gid,
+                               fatal("chown(%.100s, %u, %u) failed: %.100s",
+                                   ttyname, (u_int)pw->pw_uid, (u_int)gid,
                                    strerror(errno));
                }
        }

diff --git a/openssh/tildexpand.c b/openssh/tildexpand.c
index e89a7ade8acdf762b3f08a89208a6521a8143034..cbe981146730b308291e9fd17a30ba40b8e1f3a9 100644 (file)
--- a/openssh/tildexpand.c
+++ b/openssh/tildexpand.c
@@ -11,7 +11,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: tildexpand.c,v 1.12 2001/08/11 22:51:27 jakob Exp $");
+RCSID("$OpenBSD: tildexpand.c,v 1.13 2002/06/23 03:25:50 deraadt Exp $");
 
 #include "xmalloc.h"
 #include "log.h"
@@ -67,6 +67,7 @@ tilde_expand_filename(const char *filename, uid_t my_uid)
        if (len > MAXPATHLEN)
                fatal("Home directory too long (%d > %d", len-1, MAXPATHLEN-1);
        expanded = xmalloc(len);
-       snprintf(expanded, len, "%s%s%s", pw->pw_dir, strcmp(pw->pw_dir, "/") ? "/" : "", cp + 1);
+       snprintf(expanded, len, "%s%s%s", pw->pw_dir,
+           strcmp(pw->pw_dir, "/") ? "/" : "", cp + 1);
        return expanded;
 }

diff --git a/openssh/version.h b/openssh/version.h
index fcd853d09578ee06e8df32a815dbc458c907bc7a..1e9b43128bb261422961ffb9f13a8126218f92eb 100644 (file)
--- a/openssh/version.h
+++ b/openssh/version.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: version.h,v 1.33 2002/06/21 15:41:20 markus Exp $ */
+/* $OpenBSD: version.h,v 1.34 2002/06/26 13:56:27 markus Exp $ */
 
-#define SSH_VERSION    "OpenSSH_3.3"
+#define SSH_VERSION    "OpenSSH_3.4p1"