[Midnightbsd-cvs] src [6462] U vendor-crypto/openssh/dist: Import OpenSSH 6.4p1
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Thu Dec 5 07:55:05 EST 2013
Revision: 6462
http://svnweb.midnightbsd.org/src/?rev=6462
Author: laffer1
Date: 2013-12-05 07:55:03 -0500 (Thu, 05 Dec 2013)
Log Message:
-----------
Import OpenSSH 6.4p1
Modified Paths:
--------------
vendor-crypto/openssh/dist/CREDITS
vendor-crypto/openssh/dist/ChangeLog
vendor-crypto/openssh/dist/INSTALL
vendor-crypto/openssh/dist/LICENCE
vendor-crypto/openssh/dist/Makefile.in
vendor-crypto/openssh/dist/PROTOCOL
vendor-crypto/openssh/dist/PROTOCOL.agent
vendor-crypto/openssh/dist/PROTOCOL.certkeys
vendor-crypto/openssh/dist/PROTOCOL.mux
vendor-crypto/openssh/dist/README
vendor-crypto/openssh/dist/README.platform
vendor-crypto/openssh/dist/README.privsep
vendor-crypto/openssh/dist/TODO
vendor-crypto/openssh/dist/aclocal.m4
vendor-crypto/openssh/dist/addrmatch.c
vendor-crypto/openssh/dist/audit-bsm.c
vendor-crypto/openssh/dist/audit-linux.c
vendor-crypto/openssh/dist/audit.c
vendor-crypto/openssh/dist/audit.h
vendor-crypto/openssh/dist/auth-chall.c
vendor-crypto/openssh/dist/auth-krb5.c
vendor-crypto/openssh/dist/auth-options.c
vendor-crypto/openssh/dist/auth-pam.c
vendor-crypto/openssh/dist/auth-pam.h
vendor-crypto/openssh/dist/auth-passwd.c
vendor-crypto/openssh/dist/auth-rsa.c
vendor-crypto/openssh/dist/auth-skey.c
vendor-crypto/openssh/dist/auth.c
vendor-crypto/openssh/dist/auth.h
vendor-crypto/openssh/dist/auth1.c
vendor-crypto/openssh/dist/auth2-chall.c
vendor-crypto/openssh/dist/auth2-gss.c
vendor-crypto/openssh/dist/auth2-hostbased.c
vendor-crypto/openssh/dist/auth2-jpake.c
vendor-crypto/openssh/dist/auth2-kbdint.c
vendor-crypto/openssh/dist/auth2-passwd.c
vendor-crypto/openssh/dist/auth2-pubkey.c
vendor-crypto/openssh/dist/auth2.c
vendor-crypto/openssh/dist/authfd.c
vendor-crypto/openssh/dist/authfile.c
vendor-crypto/openssh/dist/authfile.h
vendor-crypto/openssh/dist/bufaux.c
vendor-crypto/openssh/dist/bufbn.c
vendor-crypto/openssh/dist/bufec.c
vendor-crypto/openssh/dist/buffer.c
vendor-crypto/openssh/dist/buffer.h
vendor-crypto/openssh/dist/buildpkg.sh.in
vendor-crypto/openssh/dist/canohost.c
vendor-crypto/openssh/dist/channels.c
vendor-crypto/openssh/dist/channels.h
vendor-crypto/openssh/dist/cipher-3des1.c
vendor-crypto/openssh/dist/cipher-aes.c
vendor-crypto/openssh/dist/cipher-ctr.c
vendor-crypto/openssh/dist/cipher.c
vendor-crypto/openssh/dist/cipher.h
vendor-crypto/openssh/dist/clientloop.c
vendor-crypto/openssh/dist/clientloop.h
vendor-crypto/openssh/dist/compat.c
vendor-crypto/openssh/dist/compat.h
vendor-crypto/openssh/dist/config.guess
vendor-crypto/openssh/dist/config.sub
vendor-crypto/openssh/dist/configure.ac
vendor-crypto/openssh/dist/defines.h
vendor-crypto/openssh/dist/dh.c
vendor-crypto/openssh/dist/dns.c
vendor-crypto/openssh/dist/dns.h
vendor-crypto/openssh/dist/entropy.c
vendor-crypto/openssh/dist/entropy.h
vendor-crypto/openssh/dist/groupaccess.c
vendor-crypto/openssh/dist/gss-genr.c
vendor-crypto/openssh/dist/gss-serv-krb5.c
vendor-crypto/openssh/dist/gss-serv.c
vendor-crypto/openssh/dist/hostfile.c
vendor-crypto/openssh/dist/hostfile.h
vendor-crypto/openssh/dist/includes.h
vendor-crypto/openssh/dist/jpake.c
vendor-crypto/openssh/dist/kex.c
vendor-crypto/openssh/dist/kex.h
vendor-crypto/openssh/dist/kexdhc.c
vendor-crypto/openssh/dist/kexdhs.c
vendor-crypto/openssh/dist/kexecdh.c
vendor-crypto/openssh/dist/kexecdhc.c
vendor-crypto/openssh/dist/kexecdhs.c
vendor-crypto/openssh/dist/kexgexc.c
vendor-crypto/openssh/dist/kexgexs.c
vendor-crypto/openssh/dist/key.c
vendor-crypto/openssh/dist/key.h
vendor-crypto/openssh/dist/log.c
vendor-crypto/openssh/dist/log.h
vendor-crypto/openssh/dist/loginrec.c
vendor-crypto/openssh/dist/mac.c
vendor-crypto/openssh/dist/mac.h
vendor-crypto/openssh/dist/match.c
vendor-crypto/openssh/dist/md5crypt.h
vendor-crypto/openssh/dist/mdoc2man.awk
vendor-crypto/openssh/dist/misc.c
vendor-crypto/openssh/dist/misc.h
vendor-crypto/openssh/dist/mkinstalldirs
vendor-crypto/openssh/dist/moduli
vendor-crypto/openssh/dist/moduli.5
vendor-crypto/openssh/dist/moduli.c
vendor-crypto/openssh/dist/monitor.c
vendor-crypto/openssh/dist/monitor.h
vendor-crypto/openssh/dist/monitor_mm.c
vendor-crypto/openssh/dist/monitor_wrap.c
vendor-crypto/openssh/dist/monitor_wrap.h
vendor-crypto/openssh/dist/mux.c
vendor-crypto/openssh/dist/myproposal.h
vendor-crypto/openssh/dist/openbsd-compat/Makefile.in
vendor-crypto/openssh/dist/openbsd-compat/base64.h
vendor-crypto/openssh/dist/openbsd-compat/bsd-cray.c
vendor-crypto/openssh/dist/openbsd-compat/bsd-cray.h
vendor-crypto/openssh/dist/openbsd-compat/bsd-cygwin_util.c
vendor-crypto/openssh/dist/openbsd-compat/bsd-cygwin_util.h
vendor-crypto/openssh/dist/openbsd-compat/bsd-misc.c
vendor-crypto/openssh/dist/openbsd-compat/bsd-misc.h
vendor-crypto/openssh/dist/openbsd-compat/bsd-nextstep.h
vendor-crypto/openssh/dist/openbsd-compat/bsd-poll.c
vendor-crypto/openssh/dist/openbsd-compat/bsd-statvfs.c
vendor-crypto/openssh/dist/openbsd-compat/bsd-statvfs.h
vendor-crypto/openssh/dist/openbsd-compat/bsd-waitpid.h
vendor-crypto/openssh/dist/openbsd-compat/fake-rfc2553.h
vendor-crypto/openssh/dist/openbsd-compat/getcwd.c
vendor-crypto/openssh/dist/openbsd-compat/getgrouplist.c
vendor-crypto/openssh/dist/openbsd-compat/getrrsetbyname.c
vendor-crypto/openssh/dist/openbsd-compat/glob.c
vendor-crypto/openssh/dist/openbsd-compat/inet_ntop.c
vendor-crypto/openssh/dist/openbsd-compat/mktemp.c
vendor-crypto/openssh/dist/openbsd-compat/openbsd-compat.h
vendor-crypto/openssh/dist/openbsd-compat/openssl-compat.c
vendor-crypto/openssh/dist/openbsd-compat/openssl-compat.h
vendor-crypto/openssh/dist/openbsd-compat/port-aix.c
vendor-crypto/openssh/dist/openbsd-compat/port-aix.h
vendor-crypto/openssh/dist/openbsd-compat/port-irix.h
vendor-crypto/openssh/dist/openbsd-compat/port-linux.c
vendor-crypto/openssh/dist/openbsd-compat/port-linux.h
vendor-crypto/openssh/dist/openbsd-compat/port-solaris.c
vendor-crypto/openssh/dist/openbsd-compat/port-solaris.h
vendor-crypto/openssh/dist/openbsd-compat/regress/Makefile.in
vendor-crypto/openssh/dist/openbsd-compat/regress/closefromtest.c
vendor-crypto/openssh/dist/openbsd-compat/setenv.c
vendor-crypto/openssh/dist/openbsd-compat/sha2.c
vendor-crypto/openssh/dist/openbsd-compat/sha2.h
vendor-crypto/openssh/dist/openbsd-compat/strlcpy.c
vendor-crypto/openssh/dist/openbsd-compat/sys-queue.h
vendor-crypto/openssh/dist/openbsd-compat/sys-tree.h
vendor-crypto/openssh/dist/openbsd-compat/vis.c
vendor-crypto/openssh/dist/openbsd-compat/vis.h
vendor-crypto/openssh/dist/openbsd-compat/xcrypt.c
vendor-crypto/openssh/dist/openbsd-compat/xmmap.c
vendor-crypto/openssh/dist/packet.c
vendor-crypto/openssh/dist/packet.h
vendor-crypto/openssh/dist/pathnames.h
vendor-crypto/openssh/dist/platform.c
vendor-crypto/openssh/dist/platform.h
vendor-crypto/openssh/dist/progressmeter.c
vendor-crypto/openssh/dist/readconf.c
vendor-crypto/openssh/dist/readconf.h
vendor-crypto/openssh/dist/readpass.c
vendor-crypto/openssh/dist/regress/Makefile
vendor-crypto/openssh/dist/regress/README.regress
vendor-crypto/openssh/dist/regress/addrmatch.sh
vendor-crypto/openssh/dist/regress/agent-getpeereid.sh
vendor-crypto/openssh/dist/regress/agent-timeout.sh
vendor-crypto/openssh/dist/regress/agent.sh
vendor-crypto/openssh/dist/regress/cert-hostkey.sh
vendor-crypto/openssh/dist/regress/cert-userkey.sh
vendor-crypto/openssh/dist/regress/cfgmatch.sh
vendor-crypto/openssh/dist/regress/cipher-speed.sh
vendor-crypto/openssh/dist/regress/conch-ciphers.sh
vendor-crypto/openssh/dist/regress/connect-privsep.sh
vendor-crypto/openssh/dist/regress/dynamic-forward.sh
vendor-crypto/openssh/dist/regress/forcecommand.sh
vendor-crypto/openssh/dist/regress/forwarding.sh
vendor-crypto/openssh/dist/regress/keytype.sh
vendor-crypto/openssh/dist/regress/localcommand.sh
vendor-crypto/openssh/dist/regress/login-timeout.sh
vendor-crypto/openssh/dist/regress/multiplex.sh
vendor-crypto/openssh/dist/regress/portnum.sh
vendor-crypto/openssh/dist/regress/proto-version.sh
vendor-crypto/openssh/dist/regress/proxy-connect.sh
vendor-crypto/openssh/dist/regress/putty-ciphers.sh
vendor-crypto/openssh/dist/regress/putty-kex.sh
vendor-crypto/openssh/dist/regress/putty-transfer.sh
vendor-crypto/openssh/dist/regress/reexec.sh
vendor-crypto/openssh/dist/regress/rekey.sh
vendor-crypto/openssh/dist/regress/scp.sh
vendor-crypto/openssh/dist/regress/sftp-badcmds.sh
vendor-crypto/openssh/dist/regress/sftp-batch.sh
vendor-crypto/openssh/dist/regress/sftp-cmds.sh
vendor-crypto/openssh/dist/regress/sftp.sh
vendor-crypto/openssh/dist/regress/ssh-com-client.sh
vendor-crypto/openssh/dist/regress/ssh-com-sftp.sh
vendor-crypto/openssh/dist/regress/ssh-com.sh
vendor-crypto/openssh/dist/regress/sshd-log-wrapper.sh
vendor-crypto/openssh/dist/regress/stderr-after-eof.sh
vendor-crypto/openssh/dist/regress/stderr-data.sh
vendor-crypto/openssh/dist/regress/test-exec.sh
vendor-crypto/openssh/dist/regress/transfer.sh
vendor-crypto/openssh/dist/regress/try-ciphers.sh
vendor-crypto/openssh/dist/roaming.h
vendor-crypto/openssh/dist/roaming_client.c
vendor-crypto/openssh/dist/roaming_common.c
vendor-crypto/openssh/dist/rsa.c
vendor-crypto/openssh/dist/schnorr.c
vendor-crypto/openssh/dist/scp.1
vendor-crypto/openssh/dist/scp.c
vendor-crypto/openssh/dist/servconf.c
vendor-crypto/openssh/dist/servconf.h
vendor-crypto/openssh/dist/serverloop.c
vendor-crypto/openssh/dist/session.c
vendor-crypto/openssh/dist/sftp-client.c
vendor-crypto/openssh/dist/sftp-client.h
vendor-crypto/openssh/dist/sftp-common.c
vendor-crypto/openssh/dist/sftp-glob.c
vendor-crypto/openssh/dist/sftp-server.8
vendor-crypto/openssh/dist/sftp-server.c
vendor-crypto/openssh/dist/sftp.1
vendor-crypto/openssh/dist/sftp.c
vendor-crypto/openssh/dist/ssh-add.1
vendor-crypto/openssh/dist/ssh-add.c
vendor-crypto/openssh/dist/ssh-agent.c
vendor-crypto/openssh/dist/ssh-dss.c
vendor-crypto/openssh/dist/ssh-ecdsa.c
vendor-crypto/openssh/dist/ssh-gss.h
vendor-crypto/openssh/dist/ssh-keygen.1
vendor-crypto/openssh/dist/ssh-keygen.c
vendor-crypto/openssh/dist/ssh-keyscan.1
vendor-crypto/openssh/dist/ssh-keyscan.c
vendor-crypto/openssh/dist/ssh-keysign.8
vendor-crypto/openssh/dist/ssh-keysign.c
vendor-crypto/openssh/dist/ssh-pkcs11-client.c
vendor-crypto/openssh/dist/ssh-pkcs11-helper.8
vendor-crypto/openssh/dist/ssh-pkcs11-helper.c
vendor-crypto/openssh/dist/ssh-pkcs11.c
vendor-crypto/openssh/dist/ssh-rsa.c
vendor-crypto/openssh/dist/ssh.1
vendor-crypto/openssh/dist/ssh.c
vendor-crypto/openssh/dist/ssh_config
vendor-crypto/openssh/dist/ssh_config.5
vendor-crypto/openssh/dist/sshconnect.c
vendor-crypto/openssh/dist/sshconnect1.c
vendor-crypto/openssh/dist/sshconnect2.c
vendor-crypto/openssh/dist/sshd.8
vendor-crypto/openssh/dist/sshd.c
vendor-crypto/openssh/dist/sshd_config
vendor-crypto/openssh/dist/sshd_config.5
vendor-crypto/openssh/dist/sshlogin.c
vendor-crypto/openssh/dist/sshlogin.h
vendor-crypto/openssh/dist/uidswap.c
vendor-crypto/openssh/dist/umac.c
vendor-crypto/openssh/dist/umac.h
vendor-crypto/openssh/dist/uuencode.c
vendor-crypto/openssh/dist/version.h
vendor-crypto/openssh/dist/xmalloc.c
vendor-crypto/openssh/dist/xmalloc.h
Added Paths:
-----------
vendor-crypto/openssh/dist/PROTOCOL.krl
vendor-crypto/openssh/dist/config.h.in
vendor-crypto/openssh/dist/configure
vendor-crypto/openssh/dist/contrib/
vendor-crypto/openssh/dist/contrib/Makefile
vendor-crypto/openssh/dist/contrib/README
vendor-crypto/openssh/dist/contrib/aix/
vendor-crypto/openssh/dist/contrib/aix/README
vendor-crypto/openssh/dist/contrib/aix/buildbff.sh
vendor-crypto/openssh/dist/contrib/aix/inventory.sh
vendor-crypto/openssh/dist/contrib/aix/pam.conf
vendor-crypto/openssh/dist/contrib/caldera/
vendor-crypto/openssh/dist/contrib/caldera/openssh.spec
vendor-crypto/openssh/dist/contrib/caldera/ssh-host-keygen
vendor-crypto/openssh/dist/contrib/caldera/sshd.init
vendor-crypto/openssh/dist/contrib/caldera/sshd.pam
vendor-crypto/openssh/dist/contrib/cygwin/
vendor-crypto/openssh/dist/contrib/cygwin/Makefile
vendor-crypto/openssh/dist/contrib/cygwin/README
vendor-crypto/openssh/dist/contrib/cygwin/ssh-host-config
vendor-crypto/openssh/dist/contrib/cygwin/ssh-user-config
vendor-crypto/openssh/dist/contrib/cygwin/sshd-inetd
vendor-crypto/openssh/dist/contrib/findssl.sh
vendor-crypto/openssh/dist/contrib/gnome-ssh-askpass1.c
vendor-crypto/openssh/dist/contrib/gnome-ssh-askpass2.c
vendor-crypto/openssh/dist/contrib/hpux/
vendor-crypto/openssh/dist/contrib/hpux/README
vendor-crypto/openssh/dist/contrib/hpux/egd
vendor-crypto/openssh/dist/contrib/hpux/egd.rc
vendor-crypto/openssh/dist/contrib/hpux/sshd
vendor-crypto/openssh/dist/contrib/hpux/sshd.rc
vendor-crypto/openssh/dist/contrib/redhat/
vendor-crypto/openssh/dist/contrib/redhat/gnome-ssh-askpass.csh
vendor-crypto/openssh/dist/contrib/redhat/gnome-ssh-askpass.sh
vendor-crypto/openssh/dist/contrib/redhat/openssh.spec
vendor-crypto/openssh/dist/contrib/redhat/sshd.init
vendor-crypto/openssh/dist/contrib/redhat/sshd.init.old
vendor-crypto/openssh/dist/contrib/redhat/sshd.pam
vendor-crypto/openssh/dist/contrib/redhat/sshd.pam.old
vendor-crypto/openssh/dist/contrib/solaris/
vendor-crypto/openssh/dist/contrib/solaris/README
vendor-crypto/openssh/dist/contrib/ssh-copy-id
vendor-crypto/openssh/dist/contrib/ssh-copy-id.1
vendor-crypto/openssh/dist/contrib/sshd.pam.freebsd
vendor-crypto/openssh/dist/contrib/sshd.pam.generic
vendor-crypto/openssh/dist/contrib/suse/
vendor-crypto/openssh/dist/contrib/suse/openssh.spec
vendor-crypto/openssh/dist/contrib/suse/rc.config.sshd
vendor-crypto/openssh/dist/contrib/suse/rc.sshd
vendor-crypto/openssh/dist/contrib/suse/sysconfig.ssh
vendor-crypto/openssh/dist/fixalgorithms
vendor-crypto/openssh/dist/krl.c
vendor-crypto/openssh/dist/krl.h
vendor-crypto/openssh/dist/moduli.0
vendor-crypto/openssh/dist/openbsd-compat/bsd-setres_id.c
vendor-crypto/openssh/dist/openbsd-compat/bsd-setres_id.h
vendor-crypto/openssh/dist/openbsd-compat/getopt.h
vendor-crypto/openssh/dist/openbsd-compat/getopt_long.c
vendor-crypto/openssh/dist/openbsd-compat/getrrsetbyname-ldns.c
vendor-crypto/openssh/dist/openbsd-compat/strnlen.c
vendor-crypto/openssh/dist/openbsd-compat/strtoull.c
vendor-crypto/openssh/dist/regress/forward-control.sh
vendor-crypto/openssh/dist/regress/integrity.sh
vendor-crypto/openssh/dist/regress/keys-command.sh
vendor-crypto/openssh/dist/regress/krl.sh
vendor-crypto/openssh/dist/regress/modpipe.c
vendor-crypto/openssh/dist/regress/sftp-chroot.sh
vendor-crypto/openssh/dist/sandbox-darwin.c
vendor-crypto/openssh/dist/sandbox-null.c
vendor-crypto/openssh/dist/sandbox-rlimit.c
vendor-crypto/openssh/dist/sandbox-seccomp-filter.c
vendor-crypto/openssh/dist/sandbox-systrace.c
vendor-crypto/openssh/dist/scp.0
vendor-crypto/openssh/dist/sftp-server.0
vendor-crypto/openssh/dist/sftp.0
vendor-crypto/openssh/dist/ssh-add.0
vendor-crypto/openssh/dist/ssh-agent.0
vendor-crypto/openssh/dist/ssh-keygen.0
vendor-crypto/openssh/dist/ssh-keyscan.0
vendor-crypto/openssh/dist/ssh-keysign.0
vendor-crypto/openssh/dist/ssh-pkcs11-helper.0
vendor-crypto/openssh/dist/ssh-sandbox.h
vendor-crypto/openssh/dist/ssh.0
vendor-crypto/openssh/dist/ssh_config.0
vendor-crypto/openssh/dist/sshd.0
vendor-crypto/openssh/dist/sshd_config.0
Removed Paths:
-------------
vendor-crypto/openssh/dist/FREEBSD-Xlist
vendor-crypto/openssh/dist/FREEBSD-tricks
vendor-crypto/openssh/dist/FREEBSD-upgrade
vendor-crypto/openssh/dist/Makefile
vendor-crypto/openssh/dist/Makefile.inc
vendor-crypto/openssh/dist/README.smartcard
vendor-crypto/openssh/dist/RFC.nroff
vendor-crypto/openssh/dist/WARNING.RNG
vendor-crypto/openssh/dist/acss.c
vendor-crypto/openssh/dist/acss.h
vendor-crypto/openssh/dist/bufaux.h
vendor-crypto/openssh/dist/cipher-acss.c
vendor-crypto/openssh/dist/config.h
vendor-crypto/openssh/dist/lib/
vendor-crypto/openssh/dist/openbsd-compat/fake-queue.h
vendor-crypto/openssh/dist/openbsd-compat/getopt.c
vendor-crypto/openssh/dist/openbsd-compat/tree.h
vendor-crypto/openssh/dist/regress/bsd.regress.mk
vendor-crypto/openssh/dist/regress/copy.1
vendor-crypto/openssh/dist/regress/copy.2
vendor-crypto/openssh/dist/regress/runtests.sh
vendor-crypto/openssh/dist/scard/Makefile.in
vendor-crypto/openssh/dist/scard/Ssh.bin
vendor-crypto/openssh/dist/scard/Ssh.bin.uu
vendor-crypto/openssh/dist/scard/Ssh.java
vendor-crypto/openssh/dist/scard-opensc.c
vendor-crypto/openssh/dist/scard.c
vendor-crypto/openssh/dist/scard.h
vendor-crypto/openssh/dist/scp/
vendor-crypto/openssh/dist/sftp/
vendor-crypto/openssh/dist/sftp-server/
vendor-crypto/openssh/dist/ssh/
vendor-crypto/openssh/dist/ssh-add/
vendor-crypto/openssh/dist/ssh-agent/
vendor-crypto/openssh/dist/ssh-keygen/
vendor-crypto/openssh/dist/ssh-keyscan/
vendor-crypto/openssh/dist/ssh-keysign/
vendor-crypto/openssh/dist/ssh-pkcs11-helper/
vendor-crypto/openssh/dist/ssh-rand-helper.8
vendor-crypto/openssh/dist/ssh-rand-helper.c
vendor-crypto/openssh/dist/ssh_namespace.h
vendor-crypto/openssh/dist/ssh_prng_cmds.in
vendor-crypto/openssh/dist/sshd/
vendor-crypto/openssh/dist/typescript
vendor-crypto/openssh/dist/version.c
Property Changed:
----------------
vendor-crypto/openssh/dist/CREDITS
vendor-crypto/openssh/dist/ChangeLog
vendor-crypto/openssh/dist/INSTALL
vendor-crypto/openssh/dist/LICENCE
vendor-crypto/openssh/dist/Makefile.in
vendor-crypto/openssh/dist/OVERVIEW
vendor-crypto/openssh/dist/PROTOCOL
vendor-crypto/openssh/dist/PROTOCOL.agent
vendor-crypto/openssh/dist/PROTOCOL.certkeys
vendor-crypto/openssh/dist/PROTOCOL.mux
vendor-crypto/openssh/dist/README
vendor-crypto/openssh/dist/README.dns
vendor-crypto/openssh/dist/README.platform
vendor-crypto/openssh/dist/README.privsep
vendor-crypto/openssh/dist/README.tun
vendor-crypto/openssh/dist/TODO
vendor-crypto/openssh/dist/aclocal.m4
vendor-crypto/openssh/dist/addrmatch.c
vendor-crypto/openssh/dist/atomicio.c
vendor-crypto/openssh/dist/atomicio.h
vendor-crypto/openssh/dist/audit-bsm.c
vendor-crypto/openssh/dist/audit-linux.c
vendor-crypto/openssh/dist/audit.c
vendor-crypto/openssh/dist/audit.h
vendor-crypto/openssh/dist/auth-bsdauth.c
vendor-crypto/openssh/dist/auth-chall.c
vendor-crypto/openssh/dist/auth-krb5.c
vendor-crypto/openssh/dist/auth-options.c
vendor-crypto/openssh/dist/auth-options.h
vendor-crypto/openssh/dist/auth-pam.c
vendor-crypto/openssh/dist/auth-pam.h
vendor-crypto/openssh/dist/auth-passwd.c
vendor-crypto/openssh/dist/auth-rh-rsa.c
vendor-crypto/openssh/dist/auth-rhosts.c
vendor-crypto/openssh/dist/auth-rsa.c
vendor-crypto/openssh/dist/auth-shadow.c
vendor-crypto/openssh/dist/auth-sia.c
vendor-crypto/openssh/dist/auth-sia.h
vendor-crypto/openssh/dist/auth-skey.c
vendor-crypto/openssh/dist/auth.c
vendor-crypto/openssh/dist/auth.h
vendor-crypto/openssh/dist/auth1.c
vendor-crypto/openssh/dist/auth2-chall.c
vendor-crypto/openssh/dist/auth2-gss.c
vendor-crypto/openssh/dist/auth2-hostbased.c
vendor-crypto/openssh/dist/auth2-jpake.c
vendor-crypto/openssh/dist/auth2-kbdint.c
vendor-crypto/openssh/dist/auth2-none.c
vendor-crypto/openssh/dist/auth2-passwd.c
vendor-crypto/openssh/dist/auth2-pubkey.c
vendor-crypto/openssh/dist/auth2.c
vendor-crypto/openssh/dist/authfd.c
vendor-crypto/openssh/dist/authfd.h
vendor-crypto/openssh/dist/authfile.c
vendor-crypto/openssh/dist/authfile.h
vendor-crypto/openssh/dist/bufaux.c
vendor-crypto/openssh/dist/bufbn.c
vendor-crypto/openssh/dist/bufec.c
vendor-crypto/openssh/dist/buffer.c
vendor-crypto/openssh/dist/buffer.h
vendor-crypto/openssh/dist/buildpkg.sh.in
vendor-crypto/openssh/dist/canohost.c
vendor-crypto/openssh/dist/canohost.h
vendor-crypto/openssh/dist/channels.c
vendor-crypto/openssh/dist/channels.h
vendor-crypto/openssh/dist/cipher-3des1.c
vendor-crypto/openssh/dist/cipher-aes.c
vendor-crypto/openssh/dist/cipher-bf1.c
vendor-crypto/openssh/dist/cipher-ctr.c
vendor-crypto/openssh/dist/cipher.c
vendor-crypto/openssh/dist/cipher.h
vendor-crypto/openssh/dist/cleanup.c
vendor-crypto/openssh/dist/clientloop.c
vendor-crypto/openssh/dist/clientloop.h
vendor-crypto/openssh/dist/compat.c
vendor-crypto/openssh/dist/compat.h
vendor-crypto/openssh/dist/compress.c
vendor-crypto/openssh/dist/compress.h
vendor-crypto/openssh/dist/config.guess
vendor-crypto/openssh/dist/config.sub
vendor-crypto/openssh/dist/configure.ac
vendor-crypto/openssh/dist/crc32.c
vendor-crypto/openssh/dist/crc32.h
vendor-crypto/openssh/dist/deattack.c
vendor-crypto/openssh/dist/deattack.h
vendor-crypto/openssh/dist/defines.h
vendor-crypto/openssh/dist/dh.c
vendor-crypto/openssh/dist/dh.h
vendor-crypto/openssh/dist/dispatch.c
vendor-crypto/openssh/dist/dispatch.h
vendor-crypto/openssh/dist/dns.c
vendor-crypto/openssh/dist/dns.h
vendor-crypto/openssh/dist/entropy.c
vendor-crypto/openssh/dist/entropy.h
vendor-crypto/openssh/dist/fatal.c
vendor-crypto/openssh/dist/fixpaths
vendor-crypto/openssh/dist/fixprogs
vendor-crypto/openssh/dist/groupaccess.c
vendor-crypto/openssh/dist/groupaccess.h
vendor-crypto/openssh/dist/gss-genr.c
vendor-crypto/openssh/dist/gss-serv-krb5.c
vendor-crypto/openssh/dist/gss-serv.c
vendor-crypto/openssh/dist/hostfile.c
vendor-crypto/openssh/dist/hostfile.h
vendor-crypto/openssh/dist/includes.h
vendor-crypto/openssh/dist/install-sh
vendor-crypto/openssh/dist/jpake.c
vendor-crypto/openssh/dist/jpake.h
vendor-crypto/openssh/dist/kex.c
vendor-crypto/openssh/dist/kex.h
vendor-crypto/openssh/dist/kexdh.c
vendor-crypto/openssh/dist/kexdhc.c
vendor-crypto/openssh/dist/kexdhs.c
vendor-crypto/openssh/dist/kexecdh.c
vendor-crypto/openssh/dist/kexecdhc.c
vendor-crypto/openssh/dist/kexecdhs.c
vendor-crypto/openssh/dist/kexgex.c
vendor-crypto/openssh/dist/kexgexc.c
vendor-crypto/openssh/dist/kexgexs.c
vendor-crypto/openssh/dist/key.c
vendor-crypto/openssh/dist/key.h
vendor-crypto/openssh/dist/log.c
vendor-crypto/openssh/dist/log.h
vendor-crypto/openssh/dist/loginrec.c
vendor-crypto/openssh/dist/loginrec.h
vendor-crypto/openssh/dist/logintest.c
vendor-crypto/openssh/dist/mac.c
vendor-crypto/openssh/dist/mac.h
vendor-crypto/openssh/dist/match.c
vendor-crypto/openssh/dist/match.h
vendor-crypto/openssh/dist/md-sha256.c
vendor-crypto/openssh/dist/md5crypt.c
vendor-crypto/openssh/dist/md5crypt.h
vendor-crypto/openssh/dist/mdoc2man.awk
vendor-crypto/openssh/dist/misc.c
vendor-crypto/openssh/dist/misc.h
vendor-crypto/openssh/dist/mkinstalldirs
vendor-crypto/openssh/dist/moduli
vendor-crypto/openssh/dist/moduli.5
vendor-crypto/openssh/dist/moduli.c
vendor-crypto/openssh/dist/monitor.c
vendor-crypto/openssh/dist/monitor.h
vendor-crypto/openssh/dist/monitor_fdpass.c
vendor-crypto/openssh/dist/monitor_fdpass.h
vendor-crypto/openssh/dist/monitor_mm.c
vendor-crypto/openssh/dist/monitor_mm.h
vendor-crypto/openssh/dist/monitor_wrap.c
vendor-crypto/openssh/dist/monitor_wrap.h
vendor-crypto/openssh/dist/msg.c
vendor-crypto/openssh/dist/msg.h
vendor-crypto/openssh/dist/mux.c
vendor-crypto/openssh/dist/myproposal.h
vendor-crypto/openssh/dist/nchan.c
vendor-crypto/openssh/dist/nchan.ms
vendor-crypto/openssh/dist/nchan2.ms
vendor-crypto/openssh/dist/openbsd-compat/Makefile.in
vendor-crypto/openssh/dist/openbsd-compat/base64.c
vendor-crypto/openssh/dist/openbsd-compat/base64.h
vendor-crypto/openssh/dist/openbsd-compat/basename.c
vendor-crypto/openssh/dist/openbsd-compat/bindresvport.c
vendor-crypto/openssh/dist/openbsd-compat/bsd-arc4random.c
vendor-crypto/openssh/dist/openbsd-compat/bsd-asprintf.c
vendor-crypto/openssh/dist/openbsd-compat/bsd-closefrom.c
vendor-crypto/openssh/dist/openbsd-compat/bsd-cray.c
vendor-crypto/openssh/dist/openbsd-compat/bsd-cray.h
vendor-crypto/openssh/dist/openbsd-compat/bsd-cygwin_util.c
vendor-crypto/openssh/dist/openbsd-compat/bsd-cygwin_util.h
vendor-crypto/openssh/dist/openbsd-compat/bsd-getpeereid.c
vendor-crypto/openssh/dist/openbsd-compat/bsd-misc.c
vendor-crypto/openssh/dist/openbsd-compat/bsd-misc.h
vendor-crypto/openssh/dist/openbsd-compat/bsd-nextstep.c
vendor-crypto/openssh/dist/openbsd-compat/bsd-nextstep.h
vendor-crypto/openssh/dist/openbsd-compat/bsd-openpty.c
vendor-crypto/openssh/dist/openbsd-compat/bsd-poll.c
vendor-crypto/openssh/dist/openbsd-compat/bsd-poll.h
vendor-crypto/openssh/dist/openbsd-compat/bsd-snprintf.c
vendor-crypto/openssh/dist/openbsd-compat/bsd-statvfs.c
vendor-crypto/openssh/dist/openbsd-compat/bsd-statvfs.h
vendor-crypto/openssh/dist/openbsd-compat/bsd-waitpid.c
vendor-crypto/openssh/dist/openbsd-compat/bsd-waitpid.h
vendor-crypto/openssh/dist/openbsd-compat/charclass.h
vendor-crypto/openssh/dist/openbsd-compat/daemon.c
vendor-crypto/openssh/dist/openbsd-compat/dirname.c
vendor-crypto/openssh/dist/openbsd-compat/fake-rfc2553.c
vendor-crypto/openssh/dist/openbsd-compat/fake-rfc2553.h
vendor-crypto/openssh/dist/openbsd-compat/fmt_scaled.c
vendor-crypto/openssh/dist/openbsd-compat/getcwd.c
vendor-crypto/openssh/dist/openbsd-compat/getgrouplist.c
vendor-crypto/openssh/dist/openbsd-compat/getrrsetbyname.c
vendor-crypto/openssh/dist/openbsd-compat/getrrsetbyname.h
vendor-crypto/openssh/dist/openbsd-compat/glob.c
vendor-crypto/openssh/dist/openbsd-compat/glob.h
vendor-crypto/openssh/dist/openbsd-compat/inet_aton.c
vendor-crypto/openssh/dist/openbsd-compat/inet_ntoa.c
vendor-crypto/openssh/dist/openbsd-compat/inet_ntop.c
vendor-crypto/openssh/dist/openbsd-compat/mktemp.c
vendor-crypto/openssh/dist/openbsd-compat/openbsd-compat.h
vendor-crypto/openssh/dist/openbsd-compat/openssl-compat.c
vendor-crypto/openssh/dist/openbsd-compat/openssl-compat.h
vendor-crypto/openssh/dist/openbsd-compat/port-aix.c
vendor-crypto/openssh/dist/openbsd-compat/port-aix.h
vendor-crypto/openssh/dist/openbsd-compat/port-irix.c
vendor-crypto/openssh/dist/openbsd-compat/port-irix.h
vendor-crypto/openssh/dist/openbsd-compat/port-linux.c
vendor-crypto/openssh/dist/openbsd-compat/port-linux.h
vendor-crypto/openssh/dist/openbsd-compat/port-solaris.c
vendor-crypto/openssh/dist/openbsd-compat/port-solaris.h
vendor-crypto/openssh/dist/openbsd-compat/port-tun.c
vendor-crypto/openssh/dist/openbsd-compat/port-tun.h
vendor-crypto/openssh/dist/openbsd-compat/port-uw.c
vendor-crypto/openssh/dist/openbsd-compat/port-uw.h
vendor-crypto/openssh/dist/openbsd-compat/pwcache.c
vendor-crypto/openssh/dist/openbsd-compat/readpassphrase.c
vendor-crypto/openssh/dist/openbsd-compat/readpassphrase.h
vendor-crypto/openssh/dist/openbsd-compat/realpath.c
vendor-crypto/openssh/dist/openbsd-compat/regress/Makefile.in
vendor-crypto/openssh/dist/openbsd-compat/regress/closefromtest.c
vendor-crypto/openssh/dist/openbsd-compat/regress/snprintftest.c
vendor-crypto/openssh/dist/openbsd-compat/regress/strduptest.c
vendor-crypto/openssh/dist/openbsd-compat/regress/strtonumtest.c
vendor-crypto/openssh/dist/openbsd-compat/rresvport.c
vendor-crypto/openssh/dist/openbsd-compat/setenv.c
vendor-crypto/openssh/dist/openbsd-compat/setproctitle.c
vendor-crypto/openssh/dist/openbsd-compat/sha2.c
vendor-crypto/openssh/dist/openbsd-compat/sha2.h
vendor-crypto/openssh/dist/openbsd-compat/sigact.c
vendor-crypto/openssh/dist/openbsd-compat/sigact.h
vendor-crypto/openssh/dist/openbsd-compat/strlcat.c
vendor-crypto/openssh/dist/openbsd-compat/strlcpy.c
vendor-crypto/openssh/dist/openbsd-compat/strmode.c
vendor-crypto/openssh/dist/openbsd-compat/strptime.c
vendor-crypto/openssh/dist/openbsd-compat/strsep.c
vendor-crypto/openssh/dist/openbsd-compat/strtoll.c
vendor-crypto/openssh/dist/openbsd-compat/strtonum.c
vendor-crypto/openssh/dist/openbsd-compat/strtoul.c
vendor-crypto/openssh/dist/openbsd-compat/sys-queue.h
vendor-crypto/openssh/dist/openbsd-compat/sys-tree.h
vendor-crypto/openssh/dist/openbsd-compat/timingsafe_bcmp.c
vendor-crypto/openssh/dist/openbsd-compat/vis.c
vendor-crypto/openssh/dist/openbsd-compat/vis.h
vendor-crypto/openssh/dist/openbsd-compat/xcrypt.c
vendor-crypto/openssh/dist/openbsd-compat/xmmap.c
vendor-crypto/openssh/dist/openssh.xml.in
vendor-crypto/openssh/dist/opensshd.init.in
vendor-crypto/openssh/dist/packet.c
vendor-crypto/openssh/dist/packet.h
vendor-crypto/openssh/dist/pathnames.h
vendor-crypto/openssh/dist/pkcs11.h
vendor-crypto/openssh/dist/platform.c
vendor-crypto/openssh/dist/platform.h
vendor-crypto/openssh/dist/progressmeter.c
vendor-crypto/openssh/dist/progressmeter.h
vendor-crypto/openssh/dist/readconf.c
vendor-crypto/openssh/dist/readconf.h
vendor-crypto/openssh/dist/readpass.c
vendor-crypto/openssh/dist/regress/Makefile
vendor-crypto/openssh/dist/regress/README.regress
vendor-crypto/openssh/dist/regress/addrmatch.sh
vendor-crypto/openssh/dist/regress/agent-getpeereid.sh
vendor-crypto/openssh/dist/regress/agent-pkcs11.sh
vendor-crypto/openssh/dist/regress/agent-ptrace.sh
vendor-crypto/openssh/dist/regress/agent-timeout.sh
vendor-crypto/openssh/dist/regress/agent.sh
vendor-crypto/openssh/dist/regress/banner.sh
vendor-crypto/openssh/dist/regress/broken-pipe.sh
vendor-crypto/openssh/dist/regress/brokenkeys.sh
vendor-crypto/openssh/dist/regress/cert-hostkey.sh
vendor-crypto/openssh/dist/regress/cert-userkey.sh
vendor-crypto/openssh/dist/regress/cfgmatch.sh
vendor-crypto/openssh/dist/regress/cipher-speed.sh
vendor-crypto/openssh/dist/regress/conch-ciphers.sh
vendor-crypto/openssh/dist/regress/connect-privsep.sh
vendor-crypto/openssh/dist/regress/connect.sh
vendor-crypto/openssh/dist/regress/dsa_ssh2.prv
vendor-crypto/openssh/dist/regress/dsa_ssh2.pub
vendor-crypto/openssh/dist/regress/dynamic-forward.sh
vendor-crypto/openssh/dist/regress/envpass.sh
vendor-crypto/openssh/dist/regress/exit-status.sh
vendor-crypto/openssh/dist/regress/forcecommand.sh
vendor-crypto/openssh/dist/regress/forwarding.sh
vendor-crypto/openssh/dist/regress/host-expand.sh
vendor-crypto/openssh/dist/regress/kextype.sh
vendor-crypto/openssh/dist/regress/key-options.sh
vendor-crypto/openssh/dist/regress/keygen-change.sh
vendor-crypto/openssh/dist/regress/keygen-convert.sh
vendor-crypto/openssh/dist/regress/keyscan.sh
vendor-crypto/openssh/dist/regress/keytype.sh
vendor-crypto/openssh/dist/regress/localcommand.sh
vendor-crypto/openssh/dist/regress/login-timeout.sh
vendor-crypto/openssh/dist/regress/multiplex.sh
vendor-crypto/openssh/dist/regress/portnum.sh
vendor-crypto/openssh/dist/regress/proto-mismatch.sh
vendor-crypto/openssh/dist/regress/proto-version.sh
vendor-crypto/openssh/dist/regress/proxy-connect.sh
vendor-crypto/openssh/dist/regress/putty-ciphers.sh
vendor-crypto/openssh/dist/regress/putty-kex.sh
vendor-crypto/openssh/dist/regress/putty-transfer.sh
vendor-crypto/openssh/dist/regress/reconfigure.sh
vendor-crypto/openssh/dist/regress/reexec.sh
vendor-crypto/openssh/dist/regress/rekey.sh
vendor-crypto/openssh/dist/regress/rsa_openssh.prv
vendor-crypto/openssh/dist/regress/rsa_openssh.pub
vendor-crypto/openssh/dist/regress/rsa_ssh2.prv
vendor-crypto/openssh/dist/regress/scp-ssh-wrapper.sh
vendor-crypto/openssh/dist/regress/scp.sh
vendor-crypto/openssh/dist/regress/sftp-badcmds.sh
vendor-crypto/openssh/dist/regress/sftp-batch.sh
vendor-crypto/openssh/dist/regress/sftp-cmds.sh
vendor-crypto/openssh/dist/regress/sftp-glob.sh
vendor-crypto/openssh/dist/regress/sftp.sh
vendor-crypto/openssh/dist/regress/ssh-com-client.sh
vendor-crypto/openssh/dist/regress/ssh-com-keygen.sh
vendor-crypto/openssh/dist/regress/ssh-com-sftp.sh
vendor-crypto/openssh/dist/regress/ssh-com.sh
vendor-crypto/openssh/dist/regress/ssh2putty.sh
vendor-crypto/openssh/dist/regress/sshd-log-wrapper.sh
vendor-crypto/openssh/dist/regress/stderr-after-eof.sh
vendor-crypto/openssh/dist/regress/stderr-data.sh
vendor-crypto/openssh/dist/regress/t4.ok
vendor-crypto/openssh/dist/regress/t5.ok
vendor-crypto/openssh/dist/regress/test-exec.sh
vendor-crypto/openssh/dist/regress/transfer.sh
vendor-crypto/openssh/dist/regress/try-ciphers.sh
vendor-crypto/openssh/dist/regress/yes-head.sh
vendor-crypto/openssh/dist/rijndael.c
vendor-crypto/openssh/dist/rijndael.h
vendor-crypto/openssh/dist/roaming.h
vendor-crypto/openssh/dist/roaming_client.c
vendor-crypto/openssh/dist/roaming_common.c
vendor-crypto/openssh/dist/roaming_dummy.c
vendor-crypto/openssh/dist/roaming_serv.c
vendor-crypto/openssh/dist/rsa.c
vendor-crypto/openssh/dist/rsa.h
vendor-crypto/openssh/dist/schnorr.c
vendor-crypto/openssh/dist/schnorr.h
vendor-crypto/openssh/dist/scp.1
vendor-crypto/openssh/dist/scp.c
vendor-crypto/openssh/dist/servconf.c
vendor-crypto/openssh/dist/servconf.h
vendor-crypto/openssh/dist/serverloop.c
vendor-crypto/openssh/dist/serverloop.h
vendor-crypto/openssh/dist/session.c
vendor-crypto/openssh/dist/session.h
vendor-crypto/openssh/dist/sftp-client.c
vendor-crypto/openssh/dist/sftp-client.h
vendor-crypto/openssh/dist/sftp-common.c
vendor-crypto/openssh/dist/sftp-common.h
vendor-crypto/openssh/dist/sftp-glob.c
vendor-crypto/openssh/dist/sftp-server-main.c
vendor-crypto/openssh/dist/sftp-server.8
vendor-crypto/openssh/dist/sftp-server.c
vendor-crypto/openssh/dist/sftp.1
vendor-crypto/openssh/dist/sftp.c
vendor-crypto/openssh/dist/sftp.h
vendor-crypto/openssh/dist/ssh-add.1
vendor-crypto/openssh/dist/ssh-add.c
vendor-crypto/openssh/dist/ssh-agent.1
vendor-crypto/openssh/dist/ssh-agent.c
vendor-crypto/openssh/dist/ssh-dss.c
vendor-crypto/openssh/dist/ssh-ecdsa.c
vendor-crypto/openssh/dist/ssh-gss.h
vendor-crypto/openssh/dist/ssh-keygen.1
vendor-crypto/openssh/dist/ssh-keygen.c
vendor-crypto/openssh/dist/ssh-keyscan.1
vendor-crypto/openssh/dist/ssh-keyscan.c
vendor-crypto/openssh/dist/ssh-keysign.8
vendor-crypto/openssh/dist/ssh-keysign.c
vendor-crypto/openssh/dist/ssh-pkcs11-client.c
vendor-crypto/openssh/dist/ssh-pkcs11-helper.8
vendor-crypto/openssh/dist/ssh-pkcs11-helper.c
vendor-crypto/openssh/dist/ssh-pkcs11.c
vendor-crypto/openssh/dist/ssh-pkcs11.h
vendor-crypto/openssh/dist/ssh-rsa.c
vendor-crypto/openssh/dist/ssh.1
vendor-crypto/openssh/dist/ssh.c
vendor-crypto/openssh/dist/ssh.h
vendor-crypto/openssh/dist/ssh1.h
vendor-crypto/openssh/dist/ssh2.h
vendor-crypto/openssh/dist/ssh_config
vendor-crypto/openssh/dist/ssh_config.5
vendor-crypto/openssh/dist/sshconnect.c
vendor-crypto/openssh/dist/sshconnect.h
vendor-crypto/openssh/dist/sshconnect1.c
vendor-crypto/openssh/dist/sshconnect2.c
vendor-crypto/openssh/dist/sshd.8
vendor-crypto/openssh/dist/sshd.c
vendor-crypto/openssh/dist/sshd_config
vendor-crypto/openssh/dist/sshd_config.5
vendor-crypto/openssh/dist/sshlogin.c
vendor-crypto/openssh/dist/sshlogin.h
vendor-crypto/openssh/dist/sshpty.c
vendor-crypto/openssh/dist/sshpty.h
vendor-crypto/openssh/dist/sshtty.c
vendor-crypto/openssh/dist/survey.sh.in
vendor-crypto/openssh/dist/ttymodes.c
vendor-crypto/openssh/dist/ttymodes.h
vendor-crypto/openssh/dist/uidswap.c
vendor-crypto/openssh/dist/uidswap.h
vendor-crypto/openssh/dist/umac.c
vendor-crypto/openssh/dist/umac.h
vendor-crypto/openssh/dist/uuencode.c
vendor-crypto/openssh/dist/uuencode.h
vendor-crypto/openssh/dist/version.h
vendor-crypto/openssh/dist/xmalloc.c
vendor-crypto/openssh/dist/xmalloc.h
Modified: vendor-crypto/openssh/dist/CREDITS
===================================================================
--- vendor-crypto/openssh/dist/CREDITS 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/CREDITS 2013-12-05 12:55:03 UTC (rev 6462)
@@ -101,5 +101,5 @@
Damien Miller <djm at mindrot.org>
-$Id: CREDITS,v 1.1.1.3 2006-10-03 02:03:03 raven Exp $
+$Id: CREDITS,v 1.81 2006/08/30 17:24:41 djm Exp $
Property changes on: vendor-crypto/openssh/dist/CREDITS
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/ChangeLog
===================================================================
--- vendor-crypto/openssh/dist/ChangeLog 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/ChangeLog 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,13 +1,2436 @@
-20110403
+20131108
+ - (djm) OpenBSD CVS Sync
+ - markus at cvs.openbsd.org 2013/11/06 16:52:11
+ [monitor_wrap.c]
+ fix rekeying for AES-GCM modes; ok deraadt
+ - djm at cvs.openbsd.org 2013/11/08 00:39:15
+ [auth-options.c auth2-chall.c authfd.c channels.c cipher-3des1.c]
+ [clientloop.c gss-genr.c monitor_mm.c packet.c schnorr.c umac.c]
+ [sftp-client.c sftp-glob.c]
+ use calloc for all structure allocations; from markus@
- (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
- [contrib/suse/openssh.spec] Prepare for 5.8p2 release.
- - (djm) [version.h] crank version
- - Release 5.8p2
+ [contrib/suse/openssh.spec] update version numbers
+ - djm at cvs.openbsd.org 2013/11/08 01:38:11
+ [version.h]
+ openssh-6.4
+ - (djm) Release 6.4p1
-20110329
- - (djm) [entropy.c] closefrom() before running ssh-rand-helper; leftover fds
- noticed by tmraz AT redhat.com
-
+20130913
+ - (djm) [channels.c] Fix unaligned access on sparc machines in SOCKS5 code;
+ ok dtucker@
+ - (djm) [channels.c] sigh, typo s/buffet_/buffer_/
+ - (djm) Release 6.3p1
+
+20130808
+ - (dtucker) [regress/Makefile regress/test-exec.sh] Don't try to use test -nt
+ since some platforms (eg really old FreeBSD) don't have it. Instead,
+ run "make clean" before a complete regress run. ok djm.
+ - (dtucker) [misc.c] Fall back to time(2) at runtime if clock_gettime(
+ CLOCK_MONOTONIC...) fails. Some older versions of RHEL have the
+ CLOCK_MONOTONIC define but don't actually support it. Found and tested
+ by Kevin Brott, ok djm.
+ - (dtucker) [misc.c] Remove define added for fallback testing that was
+ mistakenly included in the previous commit.
+ - (dtucker) [regress/Makefile regress/test-exec.sh] Roll back the -nt
+ removal. The "make clean" removes modpipe which is built by the top-level
+ directory before running the tests. Spotted by tim@
+
+20130804
+ - (dtucker) [auth-krb5.c configure.ac openbsd-compat/bsd-misc.h] Add support
+ for building with older Heimdal versions. ok djm.
+
+20130801
+ - (djm) [channels.c channels.h] bz#2135: On Solaris, isatty() on a non-
+ blocking connecting socket will clear any stored errno that might
+ otherwise have been retrievable via getsockopt(). A hack to limit writes
+ to TTYs on AIX was triggering this. Since only AIX needs the hack, wrap
+ it in an #ifdef. Diagnosis and patch from Ivo Raisr.
+ - (djm) [sshlogin.h] Fix prototype merge botch from 2006; bz#2134
+
+20130725
+ - (djm) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2013/07/20 22:20:42
+ [krl.c]
+ fix verification error in (as-yet usused) KRL signature checking path
+ - djm at cvs.openbsd.org 2013/07/22 05:00:17
+ [umac.c]
+ make MAC key, data to be hashed and nonce for final hash const;
+ checked with -Wcast-qual
+ - djm at cvs.openbsd.org 2013/07/22 12:20:02
+ [umac.h]
+ oops, forgot to commit corresponding header change;
+ spotted by jsg and jasper
+ - djm at cvs.openbsd.org 2013/07/25 00:29:10
+ [ssh.c]
+ daemonise backgrounded (ControlPersist'ed) multiplexing master to ensure
+ it is fully detached from its controlling terminal. based on debugging
+ - djm at cvs.openbsd.org 2013/07/25 00:56:52
+ [sftp-client.c sftp-client.h sftp.1 sftp.c]
+ sftp support for resuming partial downloads; patch mostly by Loganaden
+ Velvindron/AfriNIC with some tweaks by me; feedback and ok dtucker@
+ "Just be careful" deraadt@
+ - djm at cvs.openbsd.org 2013/07/25 00:57:37
+ [version.h]
+ openssh-6.3 for release
+ - dtucker at cvs.openbsd.org 2013/05/30 20:12:32
+ [regress/test-exec.sh]
+ use ssh and sshd as testdata since it needs to be >256k for the rekey test
+ - dtucker at cvs.openbsd.org 2013/06/10 21:56:43
+ [regress/forwarding.sh]
+ Add test for forward config parsing
+ - djm at cvs.openbsd.org 2013/06/21 02:26:26
+ [regress/sftp-cmds.sh regress/test-exec.sh]
+ unbreak sftp-cmds for renamed test data (s/ls/data/)
+ - (tim) [sftp-client.c] Use of a gcc extension trips up native compilers on
+ Solaris and UnixWare. Feedback and OK djm@
+ - (tim) [regress/forwarding.sh] Fix for building outside source tree.
+
+20130720
+ - (djm) OpenBSD CVS Sync
+ - markus at cvs.openbsd.org 2013/07/19 07:37:48
+ [auth.h kex.h kexdhs.c kexecdhs.c kexgexs.c monitor.c servconf.c]
+ [servconf.h session.c sshd.c sshd_config.5]
+ add ssh-agent(1) support to sshd(8); allows encrypted hostkeys,
+ or hostkeys on smartcards; most of the work by Zev Weiss; bz #1974
+ ok djm@
+ - djm at cvs.openbsd.org 2013/07/20 01:43:46
+ [umac.c]
+ use a union to ensure correct alignment; ok deraadt
+ - djm at cvs.openbsd.org 2013/07/20 01:44:37
+ [ssh-keygen.c ssh.c]
+ More useful error message on missing current user in /etc/passwd
+ - djm at cvs.openbsd.org 2013/07/20 01:50:20
+ [ssh-agent.c]
+ call cleanup_handler on SIGINT when in debug mode to ensure sockets
+ are cleaned up on manual exit; bz#2120
+ - djm at cvs.openbsd.org 2013/07/20 01:55:13
+ [auth-krb5.c gss-serv-krb5.c gss-serv.c]
+ fix kerberos/GSSAPI deprecation warnings and linking; "looks okay" millert@
+
+20130718
+ - (djm) OpenBSD CVS Sync
+ - dtucker at cvs.openbsd.org 2013/06/10 19:19:44
+ [readconf.c]
+ revert 1.203 while we investigate crashes reported by okan@
+ - guenther at cvs.openbsd.org 2013/06/17 04:48:42
+ [scp.c]
+ Handle time_t values as long long's when formatting them and when
+ parsing them from remote servers.
+ Improve error checking in parsing of 'T' lines.
+ ok dtucker@ deraadt@
+ - markus at cvs.openbsd.org 2013/06/20 19:15:06
+ [krl.c]
+ don't leak the rdata blob on errors; ok djm@
+ - djm at cvs.openbsd.org 2013/06/21 00:34:49
+ [auth-rsa.c auth.h auth2-hostbased.c auth2-pubkey.c monitor.c]
+ for hostbased authentication, print the client host and user on
+ the auth success/failure line; bz#2064, ok dtucker@
+ - djm at cvs.openbsd.org 2013/06/21 00:37:49
+ [ssh_config.5]
+ explicitly mention that IdentitiesOnly can be used with IdentityFile
+ to control which keys are offered from an agent.
+ - djm at cvs.openbsd.org 2013/06/21 05:42:32
+ [dh.c]
+ sprinkle in some error() to explain moduli(5) parse failures
+ - djm at cvs.openbsd.org 2013/06/21 05:43:10
+ [scp.c]
+ make this -Wsign-compare clean after time_t conversion
+ - djm at cvs.openbsd.org 2013/06/22 06:31:57
+ [scp.c]
+ improved time_t overflow check suggested by guenther@
+ - jmc at cvs.openbsd.org 2013/06/27 14:05:37
+ [ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5]
+ do not use Sx for sections outwith the man page - ingo informs me that
+ stuff like html will render with broken links;
+ issue reported by Eric S. Raymond, via djm
+ - markus at cvs.openbsd.org 2013/07/02 12:31:43
+ [dh.c]
+ remove extra whitespace
+ - djm at cvs.openbsd.org 2013/07/12 00:19:59
+ [auth-options.c auth-rsa.c bufaux.c buffer.h channels.c hostfile.c]
+ [hostfile.h mux.c packet.c packet.h roaming_common.c serverloop.c]
+ fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@
+ - djm at cvs.openbsd.org 2013/07/12 00:20:00
+ [sftp.c ssh-keygen.c ssh-pkcs11.c]
+ fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@
+ - djm at cvs.openbsd.org 2013/07/12 00:43:50
+ [misc.c]
+ in ssh_gai_strerror() don't fallback to strerror for EAI_SYSTEM when
+ errno == 0. Avoids confusing error message in some broken resolver
+ cases. bz#2122 patch from plautrba AT redhat.com; ok dtucker
+ - djm at cvs.openbsd.org 2013/07/12 05:42:03
+ [ssh-keygen.c]
+ do_print_resource_record() can never be called with a NULL filename, so
+ don't attempt (and bungle) asking for one if it has not been specified
+ bz#2127 ok dtucker@
+ - djm at cvs.openbsd.org 2013/07/12 05:48:55
+ [ssh.c]
+ set TCP nodelay for connections started with -N; bz#2124 ok dtucker@
+ - schwarze at cvs.openbsd.org 2013/07/16 00:07:52
+ [scp.1 sftp-server.8 ssh-keyscan.1 ssh-keysign.8 ssh-pkcs11-helper.8]
+ use .Mt for email addresses; from Jan Stary <hans at stare dot cz>; ok jmc@
+ - djm at cvs.openbsd.org 2013/07/18 01:12:26
+ [ssh.1]
+ be more exact wrt perms for ~/.ssh/config; bz#2078
+
+20130702
+ - (dtucker) [contrib/cygwin/README contrib/cygwin/ssh-host-config
+ contrib/cygwin/ssh-user-config] Modernizes and improve readability of
+ the Cygwin README file (which hasn't been updated for ages), drop
+ unsupported OSes from the ssh-host-config help text, and drop an
+ unneeded option from ssh-user-config. Patch from vinschen at redhat com.
+
+20130610
+ - (djm) OpenBSD CVS Sync
+ - dtucker at cvs.openbsd.org 2013/06/07 15:37:52
+ [channels.c channels.h clientloop.c]
+ Add an "ABANDONED" channel state and use for mux sessions that are
+ disconnected via the ~. escape sequence. Channels in this state will
+ be able to close if the server responds, but do not count as active channels.
+ This means that if you ~. all of the mux clients when using ControlPersist
+ on a broken network, the backgrounded mux master will exit when the
+ Control Persist time expires rather than hanging around indefinitely.
+ bz#1917, also reported and tested by tedu at . ok djm@ markus at .
+ - (dtucker) [Makefile.in configure.ac fixalgorithms] Remove unsupported
+ algorithms (Ciphers, MACs and HostKeyAlgorithms) from man pages.
+ - (dtucker) [myproposal.h] Do not advertise AES GSM ciphers if we don't have
+ the required OpenSSL support. Patch from naddy at freebsd.
+ - (dtucker) [myproposal.h] Make the conditional algorithm support consistent
+ and add some comments so it's clear what goes where.
+
+20130605
+ - (dtucker) [myproposal.h] Enable sha256 kex methods based on the presence of
+ the necessary functions, not from the openssl version.
+ - (dtucker) [contrib/ssh-copy-id] bz#2117: Use portable operator in test.
+ Patch from cjwatson at debian.
+ - (dtucker) [regress/forwarding.sh] For (as yet unknown) reason, the
+ forwarding test is extremely slow copying data on some machines so switch
+ back to copying the much smaller ls binary until we can figure out why
+ this is.
+ - (dtucker) [Makefile.in] append $CFLAGS to compiler options when building
+ modpipe in case there's anything in there we need.
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker at cvs.openbsd.org 2013/06/02 21:01:51
+ [channels.h]
+ typo in comment
+ - dtucker at cvs.openbsd.org 2013/06/02 23:36:29
+ [clientloop.h clientloop.c mux.c]
+ No need for the mux cleanup callback to be visible so restore it to static
+ and call it through the detach_user function pointer. ok djm@
+ - dtucker at cvs.openbsd.org 2013/06/03 00:03:18
+ [mac.c]
+ force the MAC output to be 64-bit aligned so umac won't see unaligned
+ accesses on strict-alignment architectures. bz#2101, patch from
+ tomas.kuthan at oracle.com, ok djm@
+ - dtucker at cvs.openbsd.org 2013/06/04 19:12:23
+ [scp.c]
+ use MAXPATHLEN for buffer size instead of fixed value. ok markus
+ - dtucker at cvs.openbsd.org 2013/06/04 20:42:36
+ [sftp.c]
+ Make sftp's libedit interface marginally multibyte aware by building up
+ the quoted string by character instead of by byte. Prevents failures
+ when linked against a libedit built with wide character support (bz#1990).
+ "looks ok" djm
+ - dtucker at cvs.openbsd.org 2013/06/05 02:07:29
+ [mux.c]
+ fix leaks in mux error paths, from Zhenbo Xu, found by Melton. bz#1967,
+ ok djm
+ - dtucker at cvs.openbsd.org 2013/06/05 02:27:50
+ [sshd.c]
+ When running sshd -D, close stderr unless we have explicitly requesting
+ logging to stderr. From james.hunt at ubuntu.com via bz#1976, djm's patch
+ so, err, ok dtucker.
+ - dtucker at cvs.openbsd.org 2013/06/05 12:52:38
+ [sshconnect2.c]
+ Fix memory leaks found by Zhenbo Xu and the Melton tool. bz#1967, ok djm
+ - dtucker at cvs.openbsd.org 2013/06/05 22:00:28
+ [readconf.c]
+ plug another memleak. bz#1967, from Zhenbo Xu, detected by Melton, ok djm
+ - (dtucker) [configure.ac sftp.c openbsd-compat/openbsd-compat.h] Cater for
+ platforms that don't have multibyte character support (specifically,
+ mblen).
+
+20130602
+ - (tim) [Makefile.in] Make Solaris, UnixWare, & OpenServer linkers happy
+ linking regress/modpipe.
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker at cvs.openbsd.org 2013/06/02 13:33:05
+ [progressmeter.c]
+ Add misc.h for monotime prototype. (ID sync only).
+ - dtucker at cvs.openbsd.org 2013/06/02 13:35:58
+ [ssh-agent.c]
+ Make parent_alive_interval time_t to avoid signed/unsigned comparison
+ - (dtucker) [configure.ac] sys/un.h needs sys/socket.h on some platforms
+ to prevent noise from configure. Patch from Nathan Osman. (bz#2114).
+ - (dtucker) [configure.ac] bz#2111: don't try to use lastlog on Android.
+ Patch from Nathan Osman.
+ - (tim) [configure.ac regress/Makefile] With rev 1.47 of test-exec.sh we
+ need a shell that can handle "[ file1 -nt file2 ]". Rather than keep
+ dealing with shell portability issues in regression tests, we let
+ configure find us a capable shell on those platforms with an old /bin/sh.
+ - (tim) [aclocal.m4] Enhance OSSH_CHECK_CFLAG_COMPILE to check stderr.
+ feedback and ok dtucker
+ - (tim) [regress/sftp-chroot.sh] skip if no sudo. ok dtucker
+ - (dtucker) [configure.ac] Some platforms need sys/types.h before sys/un.h.
+ - (dtucker) [configure.ac] Some other platforms need sys/types.h before
+ sys/socket.h.
+
+20130601
+ - (dtucker) [configure.ac openbsd-compat/xcrypt.c] bz#2112: fall back to
+ using openssl's DES_crypt function on platorms that don't have a native
+ one, eg Android. Based on a patch from Nathan Osman.
+ - (dtucker) [configure.ac defines.h] Test for fd_mask, howmany and NFDBITS
+ rather than trying to enumerate the plaforms that don't have them.
+ Based on a patch from Nathan Osman, with help from tim at .
+ - (dtucker) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2013/05/17 00:13:13
+ [xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
+ ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
+ gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
+ auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
+ servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
+ auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
+ sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
+ kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
+ kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
+ monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
+ ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
+ sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
+ ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
+ dns.c packet.c readpass.c authfd.c moduli.c]
+ bye, bye xfree(); ok markus@
+ - djm at cvs.openbsd.org 2013/05/19 02:38:28
+ [auth2-pubkey.c]
+ fix failure to recognise cert-authority keys if a key of a different type
+ appeared in authorized_keys before it; ok markus@
+ - djm at cvs.openbsd.org 2013/05/19 02:42:42
+ [auth.h auth.c key.c monitor.c auth-rsa.c auth2.c auth1.c key.h]
+ Standardise logging of supplemental information during userauth. Keys
+ and ruser is now logged in the auth success/failure message alongside
+ the local username, remote host/port and protocol in use. Certificates
+ contents and CA are logged too.
+ Pushing all logging onto a single line simplifies log analysis as it is
+ no longer necessary to relate information scattered across multiple log
+ entries. "I like it" markus@
+ - dtucker at cvs.openbsd.org 2013/05/31 12:28:10
+ [ssh-agent.c]
+ Use time_t where appropriate. ok djm
+ - dtucker at cvs.openbsd.org 2013/06/01 13:15:52
+ [ssh-agent.c clientloop.c misc.h packet.c progressmeter.c misc.c
+ channels.c sandbox-systrace.c]
+ Use clock_gettime(CLOCK_MONOTONIC ...) for ssh timers so that things like
+ keepalives and rekeying will work properly over clock steps. Suggested by
+ markus@, "looks good" djm at .
+ - dtucker at cvs.openbsd.org 2013/06/01 20:59:25
+ [scp.c sftp-client.c]
+ Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch
+ from Nathan Osman via bz#2085. ok deraadt.
+ - dtucker at cvs.openbsd.org 2013/06/01 22:34:50
+ [sftp-client.c]
+ Update progressmeter when data is acked, not when it's sent. bz#2108, from
+ Debian via Colin Watson, ok djm@
+ - (dtucker) [M auth-chall.c auth-krb5.c auth-pam.c cipher-aes.c cipher-ctr.c
+ groupaccess.c loginrec.c monitor.c monitor_wrap.c session.c sshd.c
+ sshlogin.c uidswap.c openbsd-compat/bsd-cygwin_util.c
+ openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/port-aix.c
+ openbsd-compat/port-linux.c] Replace portable-specific instances of xfree
+ with the equivalent calls to free.
+ - (dtucker) [configure.ac misc.c] Look for clock_gettime in librt and fall
+ back to time(NULL) if we can't find it anywhere.
+ - (dtucker) [sandbox-seccomp-filter.c] Allow clock_gettimeofday.
+
+20130529
+ - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] bz#2087: Add a null
+ implementation of endgrent for platforms that don't have it (eg Android).
+ Loosely based on a patch from Nathan Osman, ok djm
+
+ 20130517
+ - (dtucker) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2013/03/07 00:20:34
+ [regress/proxy-connect.sh]
+ repeat test with a style appended to the username
+ - dtucker at cvs.openbsd.org 2013/03/23 11:09:43
+ [regress/test-exec.sh]
+ Only regenerate host keys if they don't exist or if ssh-keygen has changed
+ since they were. Reduces test runtime by 5-30% depending on machine
+ speed.
+ - dtucker at cvs.openbsd.org 2013/04/06 06:00:22
+ [regress/rekey.sh regress/test-exec.sh regress/integrity.sh
+ regress/multiplex.sh Makefile regress/cfgmatch.sh]
+ Split the regress log into 3 parts: the debug output from ssh, the debug
+ log from sshd and the output from the client command (ssh, scp or sftp).
+ Somewhat functional now, will become more useful when ssh/sshd -E is added.
+ - dtucker at cvs.openbsd.org 2013/04/07 02:16:03
+ [regress/Makefile regress/rekey.sh regress/integrity.sh
+ regress/sshd-log-wrapper.sh regress/forwarding.sh regress/test-exec.sh]
+ use -E option for ssh and sshd to write debuging logs to ssh{,d}.log and
+ save the output from any failing tests. If a test fails the debug output
+ from ssh and sshd for the failing tests (and only the failing tests) should
+ be available in failed-ssh{,d}.log.
+ - djm at cvs.openbsd.org 2013/04/18 02:46:12
+ [regress/Makefile regress/sftp-chroot.sh]
+ test sshd ChrootDirectory+internal-sftp; feedback & ok dtucker@
+ - dtucker at cvs.openbsd.org 2013/04/22 07:23:08
+ [regress/multiplex.sh]
+ Write mux master logs to regress.log instead of ssh.log to keep separate
+ - djm at cvs.openbsd.org 2013/05/10 03:46:14
+ [regress/modpipe.c]
+ sync some portability changes from portable OpenSSH (id sync only)
+ - dtucker at cvs.openbsd.org 2013/05/16 02:10:35
+ [regress/rekey.sh]
+ Add test for time-based rekeying
+ - dtucker at cvs.openbsd.org 2013/05/16 03:33:30
+ [regress/rekey.sh]
+ test rekeying when there's no data being transferred
+ - dtucker at cvs.openbsd.org 2013/05/16 04:26:10
+ [regress/rekey.sh]
+ add server-side rekey test
+ - dtucker at cvs.openbsd.org 2013/05/16 05:48:31
+ [regress/rekey.sh]
+ add tests for RekeyLimit parsing
+ - dtucker at cvs.openbsd.org 2013/05/17 00:37:40
+ [regress/agent.sh regress/keytype.sh regress/cfgmatch.sh
+ regress/forcecommand.sh regress/proto-version.sh regress/test-exec.sh
+ regress/cipher-speed.sh regress/cert-hostkey.sh regress/cert-userkey.sh
+ regress/ssh-com.sh]
+ replace 'echo -n' with 'printf' since it's more portable
+ also remove "echon" hack.
+ - dtucker at cvs.openbsd.org 2013/05/17 01:16:09
+ [regress/agent-timeout.sh]
+ Pull back some portability changes from -portable:
+ - TIMEOUT is a read-only variable in some shells
+ - not all greps have -q so redirect to /dev/null instead.
+ (ID sync only)
+ - dtucker at cvs.openbsd.org 2013/05/17 01:32:11
+ [regress/integrity.sh]
+ don't print output from ssh before getting it (it's available in ssh.log)
+ - dtucker at cvs.openbsd.org 2013/05/17 04:29:14
+ [regress/sftp.sh regress/putty-ciphers.sh regress/cipher-speed.sh
+ regress/test-exec.sh regress/sftp-batch.sh regress/dynamic-forward.sh
+ regress/putty-transfer.sh regress/conch-ciphers.sh regress/sftp-cmds.sh
+ regress/scp.sh regress/ssh-com-sftp.sh regress/rekey.sh
+ regress/putty-kex.sh regress/stderr-data.sh regress/stderr-after-eof.sh
+ regress/sftp-badcmds.sh regress/reexec.sh regress/ssh-com-client.sh
+ regress/sftp-chroot.sh regress/forwarding.sh regress/transfer.sh
+ regress/multiplex.sh]
+ Move the setting of DATA and COPY into test-exec.sh
+ - dtucker at cvs.openbsd.org 2013/05/17 10:16:26
+ [regress/try-ciphers.sh]
+ use expr for math to keep diffs vs portable down
+ (id sync only)
+ - dtucker at cvs.openbsd.org 2013/05/17 10:23:52
+ [regress/login-timeout.sh regress/reexec.sh regress/test-exec.sh]
+ Use SUDO when cat'ing pid files and running the sshd log wrapper so that
+ it works with a restrictive umask and the pid files are not world readable.
+ Changes from -portable. (id sync only)
+ - dtucker at cvs.openbsd.org 2013/05/17 10:24:48
+ [regress/localcommand.sh]
+ use backticks for portability. (id sync only)
+ - dtucker at cvs.openbsd.org 2013/05/17 10:26:26
+ [regress/sftp-badcmds.sh]
+ remove unused BATCH variable. (id sync only)
+ - dtucker at cvs.openbsd.org 2013/05/17 10:28:11
+ [regress/sftp.sh]
+ only compare copied data if sftp succeeds. from portable (id sync only)
+ - dtucker at cvs.openbsd.org 2013/05/17 10:30:07
+ [regress/test-exec.sh]
+ wait a bit longer for startup and use case for absolute path.
+ from portable (id sync only)
+ - dtucker at cvs.openbsd.org 2013/05/17 10:33:09
+ [regress/agent-getpeereid.sh]
+ don't redirect stdout from sudo. from portable (id sync only)
+ - dtucker at cvs.openbsd.org 2013/05/17 10:34:30
+ [regress/portnum.sh]
+ use a more portable negated if structure. from portable (id sync only)
+ - dtucker at cvs.openbsd.org 2013/05/17 10:35:43
+ [regress/scp.sh]
+ use a file extention that's not special on some platforms. from portable
+ (id sync only)
+ - (dtucker) [regress/bsd.regress.mk] Remove unused file. We've never used it
+ in portable and it's long gone in openbsd.
+ - (dtucker) [regress/integrity.sh]. Force fixed Diffie-Hellman key exchange
+ methods. When the openssl version doesn't support ECDH then next one on
+ the list is DH group exchange, but that causes a bit more traffic which can
+ mean that the tests flip bits in the initial exchange rather than the MACed
+ traffic and we get different errors to what the tests look for.
+ - (dtucker) [openbsd-compat/getopt.h] Remove unneeded bits.
+ - (dtucker) [regress/cfgmatch.sh] Resync config file setup with openbsd.
+ - (dtucker) [regress/agent-getpeereid.sh] Resync spaces with openbsd.
+ - (dtucker) [regress/integrity.sh regress/krl.sh regress/test-exec.sh]
+ Move the jot helper function to portable-specific part of test-exec.sh.
+ - (dtucker) [regress/test-exec.sh] Move the portable-specific functions
+ together and add a couple of missing lines from openbsd.
+ - (dtucker) [regress/stderr-after-eof.sh regress/test-exec.sh] Move the md5
+ helper function to the portable part of test-exec.sh.
+ - (dtucker) [regress/runtests.sh] Remove obsolete test driver script.
+ - (dtucker) [regress/cfgmatch.sh] Remove unneeded sleep renderd obsolete by
+ rev 1.6 which calls wait.
+
+20130516
+ - (djm) [contrib/ssh-copy-id] Fix bug that could cause "rm *" to be
+ executed if mktemp failed; bz#2105 ok dtucker@
+ - (dtucker) OpenBSD CVS Sync
+ - tedu at cvs.openbsd.org 2013/04/23 17:49:45
+ [misc.c]
+ use xasprintf instead of a series of strlcats and strdup. ok djm
+ - tedu at cvs.openbsd.org 2013/04/24 16:01:46
+ [misc.c]
+ remove extra parens noticed by nicm
+ - dtucker at cvs.openbsd.org 2013/05/06 07:35:12
+ [sftp-server.8]
+ Reference the version of the sftp draft we actually implement. ok djm@
+ - djm at cvs.openbsd.org 2013/05/10 03:40:07
+ [sshconnect2.c]
+ fix bzero(ptr_to_struct, sizeof(ptr_to_struct)); bz#2100 from
+ Colin Watson
+ - djm at cvs.openbsd.org 2013/05/10 04:08:01
+ [key.c]
+ memleak in cert_free(), wasn't actually freeing the struct;
+ bz#2096 from shm AT digitalsun.pl
+ - dtucker at cvs.openbsd.org 2013/05/10 10:13:50
+ [ssh-pkcs11-helper.c]
+ remove unused extern optarg. ok markus@
+ - dtucker at cvs.openbsd.org 2013/05/16 02:00:34
+ [ssh_config sshconnect2.c packet.c readconf.h readconf.c clientloop.c
+ ssh_config.5 packet.h]
+ Add an optional second argument to RekeyLimit in the client to allow
+ rekeying based on elapsed time in addition to amount of traffic.
+ with djm@ jmc@, ok djm
+ - dtucker at cvs.openbsd.org 2013/05/16 04:09:14
+ [sshd_config.5 servconf.c servconf.h packet.c serverloop.c monitor.c sshd_config
+ sshd.c] Add RekeyLimit to sshd with the same syntax as the client allowing
+ rekeying based on traffic volume or time. ok djm@, help & ok jmc@ for the man
+ page.
+ - djm at cvs.openbsd.org 2013/05/16 04:27:50
+ [ssh_config.5 readconf.h readconf.c]
+ add the ability to ignore specific unrecognised ssh_config options;
+ bz#866; ok markus@
+ - jmc at cvs.openbsd.org 2013/05/16 06:28:45
+ [ssh_config.5]
+ put IgnoreUnknown in the right place;
+ - jmc at cvs.openbsd.org 2013/05/16 06:30:06
+ [sshd_config.5]
+ oops! avoid Xr to self;
+ - dtucker at cvs.openbsd.org 2013/05/16 09:08:41
+ [log.c scp.c sshd.c serverloop.c schnorr.c sftp.c]
+ Fix some "unused result" warnings found via clang and -portable.
+ ok markus@
+ - dtucker at cvs.openbsd.org 2013/05/16 09:12:31
+ [readconf.c servconf.c]
+ switch RekeyLimit traffic volume parsing to scan_scaled. ok djm@
+ - dtucker at cvs.openbsd.org 2013/05/16 10:43:34
+ [servconf.c readconf.c]
+ remove now-unused variables
+ - dtucker at cvs.openbsd.org 2013/05/16 10:44:06
+ [servconf.c]
+ remove another now-unused variable
+ - (dtucker) [configure.ac readconf.c servconf.c
+ openbsd-compat/openbsd-compat.h] Add compat bits for scan_scaled.
+
+20130510
+ - (dtucker) [configure.ac] Enable -Wsizeof-pointer-memaccess if the compiler
+ supports it. Mentioned by Colin Watson in bz#2100, ok djm.
+ - (dtucker) [openbsd-compat/getopt.c] Factor out portibility changes to
+ getopt.c. Preprocessed source is identical other than line numbers.
+ - (dtucker) [openbsd-compat/getopt_long.c] Import from OpenBSD. No
+ portability changes yet.
+ - (dtucker) [openbsd-compat/Makefile.in openbsd-compat/getopt.c
+ openbsd-compat/getopt_long.c regress/modpipe.c] Remove getopt.c, add
+ portability code to getopt_long.c and switch over Makefile and the ugly
+ hack in modpipe.c. Fixes bz#1448.
+ - (dtucker) [openbsd-compat/getopt.h openbsd-compat/getopt_long.c
+ openbsd-compat/openbsd-compat.h] pull in getopt.h from openbsd and plumb
+ in to use it when we're using our own getopt.
+ - (dtucker) [kex.c] Only include sha256 and ECC key exchange methods when the
+ underlying libraries support them.
+ - (dtucker) [configure.ac] Add -Werror to the -Qunused-arguments test so
+ we don't get a warning on compilers that *don't* support it. Add
+ -Wno-unknown-warning-option. Move both to the start of the list for
+ maximum noise suppression. Tested with gcc 4.6.3, gcc 2.95.4 and clang 2.9.
+
+20130423
+ - (djm) [auth.c configure.ac misc.c monitor.c monitor_wrap.c] Support
+ platforms, such as Android, that lack struct passwd.pw_gecos. Report
+ and initial patch from Nathan Osman bz#2086; feedback tim@ ok dtucker@
+ - (djm) OpenBSD CVS Sync
+ - markus at cvs.openbsd.org 2013/03/05 20:16:09
+ [sshconnect2.c]
+ reset pubkey order on partial success; ok djm@
+ - djm at cvs.openbsd.org 2013/03/06 23:35:23
+ [session.c]
+ fatal() when ChrootDirectory specified by running without root privileges;
+ ok markus@
+ - djm at cvs.openbsd.org 2013/03/06 23:36:53
+ [readconf.c]
+ g/c unused variable (-Wunused)
+ - djm at cvs.openbsd.org 2013/03/07 00:19:59
+ [auth2-pubkey.c monitor.c]
+ reconstruct the original username that was sent by the client, which may
+ have included a style (e.g. "root:skey") when checking public key
+ signatures. Fixes public key and hostbased auth when the client specified
+ a style; ok markus@
+ - markus at cvs.openbsd.org 2013/03/07 19:27:25
+ [auth.h auth2-chall.c auth2.c monitor.c sshd_config.5]
+ add submethod support to AuthenticationMethods; ok and freedback djm@
+ - djm at cvs.openbsd.org 2013/03/08 06:32:58
+ [ssh.c]
+ allow "ssh -f none ..." ok markus@
+ - djm at cvs.openbsd.org 2013/04/05 00:14:00
+ [auth2-gss.c krl.c sshconnect2.c]
+ hush some {unused, printf type} warnings
+ - djm at cvs.openbsd.org 2013/04/05 00:31:49
+ [pathnames.h]
+ use the existing _PATH_SSH_USER_RC define to construct the other
+ pathnames; bz#2077, ok dtucker@ (no binary change)
+ - djm at cvs.openbsd.org 2013/04/05 00:58:51
+ [mux.c]
+ cleanup mux-created channels that are in SSH_CHANNEL_OPENING state too
+ (in addition to ones already in OPEN); bz#2079, ok dtucker@
+ - markus at cvs.openbsd.org 2013/04/06 16:07:00
+ [channels.c sshd.c]
+ handle ECONNABORTED for accept(); ok deraadt some time ago...
+ - dtucker at cvs.openbsd.org 2013/04/07 02:10:33
+ [log.c log.h ssh.1 ssh.c sshd.8 sshd.c]
+ Add -E option to ssh and sshd to append debugging logs to a specified file
+ instead of stderr or syslog. ok markus@, man page help jmc@
+ - dtucker at cvs.openbsd.org 2013/04/07 09:40:27
+ [sshd.8]
+ clarify -e text. suggested by & ok jmc@
+ - djm at cvs.openbsd.org 2013/04/11 02:27:50
+ [packet.c]
+ quiet disconnect notifications on the server from error() back to logit()
+ if it is a normal client closure; bz#2057 ok+feedback dtucker@
+ - dtucker at cvs.openbsd.org 2013/04/17 09:04:09
+ [session.c]
+ revert rev 1.262; it fails because uid is already set here. ok djm@
+ - djm at cvs.openbsd.org 2013/04/18 02:16:07
+ [sftp.c]
+ make "sftp -q" do what it says on the sticker: hush everything but errors;
+ ok dtucker@
+ - djm at cvs.openbsd.org 2013/04/19 01:00:10
+ [sshd_config.5]
+ document the requirment that the AuthorizedKeysCommand be owned by root;
+ ok dtucker@ markus@
+ - djm at cvs.openbsd.org 2013/04/19 01:01:00
+ [ssh-keygen.c]
+ fix some memory leaks; bz#2088 ok dtucker@
+ - djm at cvs.openbsd.org 2013/04/19 01:03:01
+ [session.c]
+ reintroduce 1.262 without the connection-killing bug:
+ fatal() when ChrootDirectory specified by running without root privileges;
+ ok markus@
+ - djm at cvs.openbsd.org 2013/04/19 01:06:50
+ [authfile.c cipher.c cipher.h kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c]
+ [key.c key.h mac.c mac.h packet.c ssh.1 ssh.c]
+ add the ability to query supported ciphers, MACs, key type and KEX
+ algorithms to ssh. Includes some refactoring of KEX and key type handling
+ to be table-driven; ok markus@
+ - djm at cvs.openbsd.org 2013/04/19 11:10:18
+ [ssh.c]
+ add -Q to usage; reminded by jmc@
+ - djm at cvs.openbsd.org 2013/04/19 12:07:08
+ [kex.c]
+ remove duplicated list entry pointed out by naddy@
+ - dtucker at cvs.openbsd.org 2013/04/22 01:17:18
+ [mux.c]
+ typo in debug output: evitval->exitval
+
+20130418
+ - (djm) [config.guess config.sub] Update to last versions before they switch
+ to GPL3. ok dtucker@
+ - (dtucker) [configure.ac] Use -Qunused-arguments to suppress warnings from
+ unused argument warnings (in particular, -fno-builtin-memset) from clang.
+
+20130404
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker at cvs.openbsd.org 2013/02/17 23:16:57
+ [readconf.c ssh.c readconf.h sshconnect2.c]
+ Keep track of which IndentityFile options were manually supplied and which
+ were default options, and don't warn if the latter are missing.
+ ok markus@
+ - dtucker at cvs.openbsd.org 2013/02/19 02:12:47
+ [krl.c]
+ Remove bogus include. ok djm
+ - dtucker at cvs.openbsd.org 2013/02/22 04:45:09
+ [ssh.c readconf.c readconf.h]
+ Don't complain if IdentityFiles specified in system-wide configs are
+ missing. ok djm, deraadt.
+ - markus at cvs.openbsd.org 2013/02/22 19:13:56
+ [sshconnect.c]
+ support ProxyCommand=- (stdin/out already point to the proxy); ok djm@
+ - djm at cvs.openbsd.org 2013/02/22 22:09:01
+ [ssh.c]
+ Allow IdenityFile=none; ok markus deraadt (and dtucker for an earlier
+ version)
+
+20130401
+ - (dtucker) [openbsd-compat/bsd-cygwin_util.{c,h}] Don't include windows.h
+ to avoid conflicting definitions of __int64, adding the required bits.
+ Patch from Corinna Vinschen.
+
+20120323
+ - (tim) [Makefile.in] remove some duplication introduced in 20130220 commit.
+
+20120322
+ - (djm) [contrib/ssh-copy-id contrib/ssh-copy-id.1] Updated to Phil
+ Hands' greatly revised version.
+ - (djm) Release 6.2p1
+ - (dtucker) [configure.ac] Add stdlib.h to zlib check for exit() prototype.
+ - (dtucker) [includes.h] Check if _GNU_SOURCE is already defined before
+ defining it again. Prevents warnings if someone, eg, sets it in CFLAGS.
+
+20120318
+ - (djm) [configure.ac log.c scp.c sshconnect2.c openbsd-compat/vis.c]
+ [openbsd-compat/vis.h] FreeBSD's strnvis isn't compatible with OpenBSD's
+ so mark it as broken. Patch from des AT des.no
+
+20120317
+ - (tim) [configure.ac] OpenServer 5 wants lastlog even though it has none
+ of the bits the configure test looks for.
+
+20120316
+ - (djm) [configure.ac] Disable utmp, wtmp and/or lastlog if the platform
+ is unable to successfully compile them. Based on patch from des AT
+ des.no
+ - (djm) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
+ Add a usleep replacement for platforms that lack it; ok dtucker
+ - (djm) [session.c] FreeBSD needs setusercontext(..., LOGIN_SETUMASK) to
+ occur after UID switch; patch from John Marshall via des AT des.no;
+ ok dtucker@
+
+20120312
+ - (dtucker) [regress/Makefile regress/cipher-speed.sh regress/test-exec.sh]
+ Improve portability of cipher-speed test, based mostly on a patch from
+ Iain Morgan.
+ - (dtucker) [auth.c configure.ac platform.c platform.h] Accept uid 2 ("bin")
+ in addition to root as an owner of system directories on AIX and HP-UX.
+ ok djm@
+
+20130307
+ - (dtucker) [INSTALL] Bump documented autoconf version to what we're
+ currently using.
+ - (dtucker) [defines.h] Remove SIZEOF_CHAR bits since the test for it
+ was removed in configure.ac rev 1.481 as it was redundant.
+ - (tim) [Makefile.in] Add another missing $(EXEEXT) I should have seen 3 days
+ ago.
+ - (djm) [configure.ac] Add a timeout to the select/rlimit test to give it a
+ chance to complete on broken systems; ok dtucker@
+
+20130306
+ - (dtucker) [regress/forward-control.sh] Wait longer for the forwarding
+ connection to start so that the test works on slower machines.
+ - (dtucker) [configure.ac] test that we can set number of file descriptors
+ to zero with setrlimit before enabling the rlimit sandbox. This affects
+ (at least) HPUX 11.11.
+
+20130305
+ - (djm) [regress/modpipe.c] Compilation fix for AIX and parsing fix for
+ HP/UX. Spotted by Kevin Brott
+ - (dtucker) [configure.ac] use "=" for shell test and not "==". Spotted by
+ Amit Kulkarni and Kevin Brott.
+ - (dtucker) [Makefile.in] Remove trailing "\" on PATHS, which caused obscure
+ build breakage on (at least) HP-UX 11.11. Found by Amit Kulkarni and Kevin
+ Brott.
+ - (tim) [Makefile.in] Add missing $(EXEEXT). Found by Roumen Petrov.
+
+20130227
+ - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
+ [contrib/suse/openssh.spec] Crank version numbers
+ - (tim) [regress/forward-control.sh] use sh in case login shell is csh.
+ - (tim) [regress/integrity.sh] shell portability fix.
+ - (tim) [regress/integrity.sh] keep old solaris awk from hanging.
+ - (tim) [regress/krl.sh] keep old solaris awk from hanging.
+
+20130226
+ - OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2013/02/20 08:27:50
+ [integrity.sh]
+ Add an option to modpipe that warns if the modification offset it not
+ reached in it's stream and turn it on for t-integrity. This should catch
+ cases where the session is not fuzzed for being too short (cf. my last
+ "oops" commit)
+ - (djm) [regress/integrity.sh] Run sshd via $SUDO; fixes tinderbox breakage
+ for UsePAM=yes configuration
+
+20130225
+ - (dtucker) [configure.ac ssh-gss.h] bz#2073: additional #includes needed
+ to use Solaris native GSS libs. Patch from Pierre Ossman.
+
+20130223
+ - (djm) [configure.ac includes.h loginrec.c mux.c sftp.c] Prefer
+ bsd/libutil.h to libutil.h to avoid deprecation warnings on Ubuntu.
+ ok tim
+
+20130222
+ - (dtucker) [Makefile.in configure.ac] bz#2072: don't link krb5 libs to
+ ssh(1) since they're not needed. Patch from Pierre Ossman, ok djm.
+ - (dtucker) [configure.ac] bz#2073: look for Solaris' differently-named
+ libgss too. Patch from Pierre Ossman, ok djm.
+ - (djm) [configure.ac sandbox-seccomp-filter.c] Support for Linux
+ seccomp-bpf sandbox on ARM. Patch from shawnlandden AT gmail.com;
+ ok dtucker
+
+20130221
+ - (tim) [regress/forward-control.sh] shell portability fix.
+
+20130220
+ - (tim) [regress/cipher-speed.sh regress/try-ciphers.sh] shell portability fix.
+ - (tim) [krl.c Makefile.in regress/Makefile regress/modpipe.c] remove unneeded
+ err.h include from krl.c. Additional portability fixes for modpipe. OK djm
+ - OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2013/02/20 08:27:50
+ [regress/integrity.sh regress/modpipe.c]
+ Add an option to modpipe that warns if the modification offset it not
+ reached in it's stream and turn it on for t-integrity. This should catch
+ cases where the session is not fuzzed for being too short (cf. my last
+ "oops" commit)
+ - djm at cvs.openbsd.org 2013/02/20 08:29:27
+ [regress/modpipe.c]
+ s/Id/OpenBSD/ in RCS tag
+
+20130219
+ - OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2013/02/18 22:26:47
+ [integrity.sh]
+ crank the offset yet again; it was still fuzzing KEX one of Darren's
+ portable test hosts at 2800
+ - djm at cvs.openbsd.org 2013/02/19 02:14:09
+ [integrity.sh]
+ oops, forgot to increase the output of the ssh command to ensure that
+ we actually reach $offset
+ - (djm) [regress/integrity.sh] Skip SHA2-based MACs on configurations that
+ lack support for SHA2.
+ - (djm) [regress/modpipe.c] Add local err, and errx functions for platforms
+ that do not have them.
+
+20130217
+ - OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2013/02/17 23:16:55
+ [integrity.sh]
+ make the ssh command generates some output to ensure that there are at
+ least offset+tries bytes in the stream.
+
+20130216
+ - OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2013/02/16 06:08:45
+ [integrity.sh]
+ make sure the fuzz offset is actually past the end of KEX for all KEX
+ types. diffie-hellman-group-exchange-sha256 requires an offset around
+ 2700. Noticed via test failures in portable OpenSSH on platforms that
+ lack ECC and this the more byte-frugal ECDH KEX algorithms.
+
+20130215
+ - (djm) [contrib/suse/rc.sshd] Use SSHD_BIN consistently; bz#2056 from
+ Iain Morgan
+ - (dtucker) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
+ Use getpgrp() if we don't have getpgid() (old BSDs, maybe others).
+ - (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoull.c
+ openbsd-compat/openbsd-compat.h] Add strtoull to compat library for
+ platforms that don't have it.
+ - (dtucker) [openbsd-compat/openbsd-compat.h] Add prototype for strtoul,
+ group strto* function prototypes together.
+ - (dtucker) [openbsd-compat/bsd-misc.c] Handle the case where setpgrp() takes
+ an argument. Pointed out by djm.
+ - (djm) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2013/02/14 21:35:59
+ [auth2-pubkey.c]
+ Correct error message that had a typo and was logging the wrong thing;
+ patch from Petr Lautrbach
+ - dtucker at cvs.openbsd.org 2013/02/15 00:21:01
+ [sshconnect2.c]
+ Warn more loudly if an IdentityFile provided by the user cannot be read.
+ bz #1981, ok djm@
+
+20130214
+ - (djm) [regress/krl.sh] Don't use ecdsa keys in environment that lack ECC.
+ - (djm) [regress/krl.sh] typo; found by Iain Morgan
+ - (djm) [regress/integrity.sh] Start fuzzing from offset 2500 (instead
+ of 2300) to avoid clobbering the end of (non-MAC'd) KEX. Verified by
+ Iain Morgan
+
+20130212
+ - (djm) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2013/01/24 21:45:37
+ [krl.c]
+ fix handling of (unused) KRL signatures; skip string in correct buffer
+ - djm at cvs.openbsd.org 2013/01/24 22:08:56
+ [krl.c]
+ skip serial lookup when cert's serial number is zero
+ - krw at cvs.openbsd.org 2013/01/25 05:00:27
+ [krl.c]
+ Revert last. Breaks due to likely typo. Let djm@ fix later.
+ ok djm@ via dlg@
+ - djm at cvs.openbsd.org 2013/01/25 10:22:19
+ [krl.c]
+ redo last commit without the vi-vomit that snuck in:
+ skip serial lookup when cert's serial number is zero
+ (now with 100% better comment)
+ - djm at cvs.openbsd.org 2013/01/26 06:11:05
+ [Makefile.in acss.c acss.h cipher-acss.c cipher.c]
+ [openbsd-compat/openssl-compat.h]
+ remove ACSS, now that it is gone from libcrypto too
+ - djm at cvs.openbsd.org 2013/01/27 10:06:12
+ [krl.c]
+ actually use the xrealloc() return value; spotted by xi.wang AT gmail.com
+ - dtucker at cvs.openbsd.org 2013/02/06 00:20:42
+ [servconf.c sshd_config sshd_config.5]
+ Change default of MaxStartups to 10:30:100 to start doing random early
+ drop at 10 connections up to 100 connections. This will make it harder
+ to DoS as CPUs have come a long way since the original value was set
+ back in 2000. Prompted by nion at debian org, ok markus@
+ - dtucker at cvs.openbsd.org 2013/02/06 00:22:21
+ [auth.c]
+ Fix comment, from jfree.e1 at gmail
+ - djm at cvs.openbsd.org 2013/02/08 00:41:12
+ [sftp.c]
+ fix NULL deref when built without libedit and control characters
+ entered as command; debugging and patch from Iain Morgan an
+ Loganaden Velvindron in bz#1956
+ - markus at cvs.openbsd.org 2013/02/10 21:19:34
+ [version.h]
+ openssh 6.2
+ - djm at cvs.openbsd.org 2013/02/10 23:32:10
+ [ssh-keygen.c]
+ append to moduli file when screening candidates rather than overwriting.
+ allows resumption of interrupted screen; patch from Christophe Garault
+ in bz#1957; ok dtucker@
+ - djm at cvs.openbsd.org 2013/02/10 23:35:24
+ [packet.c]
+ record "Received disconnect" messages at ERROR rather than INFO priority,
+ since they are abnormal and result in a non-zero ssh exit status; patch
+ from Iain Morgan in bz#2057; ok dtucker@
+ - dtucker at cvs.openbsd.org 2013/02/11 21:21:58
+ [sshd.c]
+ Add openssl version to debug output similar to the client. ok markus@
+ - djm at cvs.openbsd.org 2013/02/11 23:58:51
+ [regress/try-ciphers.sh]
+ remove acss here too
+ - (djm) [regress/try-ciphers.sh] clean up CVS merge botch
+
+20130211
+ - (djm) [configure.ac openbsd-compat/openssl-compat.h] Repair build on old
+ libcrypto that lacks EVP_CIPHER_CTX_ctrl
+
+20130208
+ - (djm) [contrib/redhat/sshd.init] treat RETVAL as an integer;
+ patch from Iain Morgan in bz#2059
+ - (dtucker) [configure.ac openbsd-compat/sys-tree.h] Test if compiler allows
+ __attribute__ on return values and work around if necessary. ok djm@
+
+20130207
+ - (djm) [configure.ac] Don't probe seccomp capability of running kernel
+ at configure time; the seccomp sandbox will fall back to rlimit at
+ runtime anyway. Patch from plautrba AT redhat.com in bz#2011
+
+20130120
+ - (djm) [cipher-aes.c cipher-ctr.c openbsd-compat/openssl-compat.h]
+ Move prototypes for replacement ciphers to openssl-compat.h; fix EVP
+ prototypes for openssl-1.0.0-fips.
+ - (djm) OpenBSD CVS Sync
+ - jmc at cvs.openbsd.org 2013/01/18 07:57:47
+ [ssh-keygen.1]
+ tweak previous;
+ - jmc at cvs.openbsd.org 2013/01/18 07:59:46
+ [ssh-keygen.c]
+ -u before -V in usage();
+ - jmc at cvs.openbsd.org 2013/01/18 08:00:49
+ [sshd_config.5]
+ tweak previous;
+ - jmc at cvs.openbsd.org 2013/01/18 08:39:04
+ [ssh-keygen.1]
+ add -Q to the options list; ok djm
+ - jmc at cvs.openbsd.org 2013/01/18 21:48:43
+ [ssh-keygen.1]
+ command-line (adj.) -> command line (n.);
+ - jmc at cvs.openbsd.org 2013/01/19 07:13:25
+ [ssh-keygen.1]
+ fix some formatting; ok djm
+ - markus at cvs.openbsd.org 2013/01/19 12:34:55
+ [krl.c]
+ RB_INSERT does not remove existing elments; ok djm@
+ - (djm) [openbsd-compat/sys-tree.h] Sync with OpenBSD. krl.c needs newer
+ version.
+ - (djm) [regress/krl.sh] replacement for jot; most platforms lack it
+
+20130118
+ - (djm) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2013/01/17 23:00:01
+ [auth.c key.c key.h ssh-keygen.1 ssh-keygen.c sshd_config.5]
+ [krl.c krl.h PROTOCOL.krl]
+ add support for Key Revocation Lists (KRLs). These are a compact way to
+ represent lists of revoked keys and certificates, taking as little as
+ a single bit of incremental cost to revoke a certificate by serial number.
+ KRLs are loaded via the existing RevokedKeys sshd_config option.
+ feedback and ok markus@
+ - djm at cvs.openbsd.org 2013/01/18 00:45:29
+ [regress/Makefile regress/cert-userkey.sh regress/krl.sh]
+ Tests for Key Revocation Lists (KRLs)
+ - djm at cvs.openbsd.org 2013/01/18 03:00:32
+ [krl.c]
+ fix KRL generation bug for list sections
+
+20130117
+ - (djm) [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh]
+ check for GCM support before testing GCM ciphers.
+
+20130112
+ - (djm) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2013/01/12 11:22:04
+ [cipher.c]
+ improve error message for integrity failure in AES-GCM modes; ok markus@
+ - djm at cvs.openbsd.org 2013/01/12 11:23:53
+ [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh]
+ test AES-GCM modes; feedback markus@
+ - (djm) [regress/integrity.sh] repair botched merge
+
+20130109
+ - (djm) OpenBSD CVS Sync
+ - dtucker at cvs.openbsd.org 2012/12/14 05:26:43
+ [auth.c]
+ use correct string in error message; from rustybsd at gmx.fr
+ - djm at cvs.openbsd.org 2013/01/02 00:32:07
+ [clientloop.c mux.c]
+ channel_setup_local_fwd_listener() returns 0 on failure, not -ve
+ bz#2055 reported by mathieu.lacage AT gmail.com
+ - djm at cvs.openbsd.org 2013/01/02 00:33:49
+ [PROTOCOL.agent]
+ correct format description for SSH_AGENTC_ADD_RSA_ID_CONSTRAINED
+ bz#2051 from david AT lechnology.com
+ - djm at cvs.openbsd.org 2013/01/03 05:49:36
+ [servconf.h]
+ add a couple of ServerOptions members that should be copied to the privsep
+ child (for consistency, in this case they happen only to be accessed in
+ the monitor); ok dtucker@
+ - djm at cvs.openbsd.org 2013/01/03 12:49:01
+ [PROTOCOL]
+ fix description of MAC calculation for EtM modes; ok markus@
+ - djm at cvs.openbsd.org 2013/01/03 12:54:49
+ [sftp-server.8 sftp-server.c]
+ allow specification of an alternate start directory for sftp-server(8)
+ "I like this" markus@
+ - djm at cvs.openbsd.org 2013/01/03 23:22:58
+ [ssh-keygen.c]
+ allow fingerprinting of keys hosted in PKCS#11 tokens: ssh-keygen -lD ...
+ ok markus@
+ - jmc at cvs.openbsd.org 2013/01/04 19:26:38
+ [sftp-server.8 sftp-server.c]
+ sftp-server.8: add argument name to -d
+ sftp-server.c: add -d to usage()
+ ok djm
+ - markus at cvs.openbsd.org 2013/01/08 18:49:04
+ [PROTOCOL authfile.c cipher.c cipher.h kex.c kex.h monitor_wrap.c]
+ [myproposal.h packet.c ssh_config.5 sshd_config.5]
+ support AES-GCM as defined in RFC 5647 (but with simpler KEX handling)
+ ok and feedback djm@
+ - djm at cvs.openbsd.org 2013/01/09 05:40:17
+ [ssh-keygen.c]
+ correctly initialise fingerprint type for fingerprinting PKCS#11 keys
+ - (djm) [cipher.c configure.ac openbsd-compat/openssl-compat.h]
+ Fix merge botch, automatically detect AES-GCM in OpenSSL, move a little
+ cipher compat code to openssl-compat.h
+
+20121217
+ - (dtucker) [Makefile.in] Add some scaffolding so that the new regress
+ tests will work with VPATH directories.
+
+20121213
+ - (djm) OpenBSD CVS Sync
+ - markus at cvs.openbsd.org 2012/12/12 16:45:52
+ [packet.c]
+ reset incoming_packet buffer for each new packet in EtM-case, too;
+ this happens if packets are parsed only parially (e.g. ignore
+ messages sent when su/sudo turn off echo); noted by sthen/millert
+ - naddy at cvs.openbsd.org 2012/12/12 16:46:10
+ [cipher.c]
+ use OpenSSL's EVP_aes_{128,192,256}_ctr() API and remove our hand-rolled
+ counter mode code; ok djm@
+ - (djm) [configure.ac cipher-ctr.c] Adapt EVP AES CTR change to retain our
+ compat code for older OpenSSL
+ - (djm) [cipher.c] Fix missing prototype for compat code
+
+20121212
+ - (djm) OpenBSD CVS Sync
+ - markus at cvs.openbsd.org 2012/12/11 22:16:21
+ [monitor.c]
+ drain the log messages after receiving the keystate from the unpriv
+ child. otherwise it might block while sending. ok djm@
+ - markus at cvs.openbsd.org 2012/12/11 22:31:18
+ [PROTOCOL authfile.c cipher.c cipher.h kex.h mac.c myproposal.h]
+ [packet.c ssh_config.5 sshd_config.5]
+ add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms
+ that change the packet format and compute the MAC over the encrypted
+ message (including the packet size) instead of the plaintext data;
+ these EtM modes are considered more secure and used by default.
+ feedback and ok djm@
+ - sthen at cvs.openbsd.org 2012/12/11 22:51:45
+ [mac.c]
+ fix typo, s/tem/etm in hmac-ripemd160-tem. ok markus@
+ - markus at cvs.openbsd.org 2012/12/11 22:32:56
+ [regress/try-ciphers.sh]
+ add etm modes
+ - markus at cvs.openbsd.org 2012/12/11 22:42:11
+ [regress/Makefile regress/modpipe.c regress/integrity.sh]
+ test the integrity of the packets; with djm@
+ - markus at cvs.openbsd.org 2012/12/11 23:12:13
+ [try-ciphers.sh]
+ add hmac-ripemd160-etm at openssh.com
+ - (djm) [mac.c] fix merge botch
+ - (djm) [regress/Makefile regress/integrity.sh] Make the integrity.sh test
+ work on platforms without 'jot'
+ - (djm) [regress/integrity.sh] Fix awk quoting, packet length skip
+ - (djm) [regress/Makefile] fix t-exec rule
+
+20121207
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker at cvs.openbsd.org 2012/12/06 06:06:54
+ [regress/keys-command.sh]
+ Fix some problems with the keys-command test:
+ - use string comparison rather than numeric comparison
+ - check for existing KEY_COMMAND file and don't clobber if it exists
+ - clean up KEY_COMMAND file if we do create it.
+ - check that KEY_COMMAND is executable (which it won't be if eg /var/run
+ is mounted noexec).
+ ok djm.
+ - jmc at cvs.openbsd.org 2012/12/03 08:33:03
+ [ssh-add.1 sshd_config.5]
+ tweak previous;
+ - markus at cvs.openbsd.org 2012/12/05 15:42:52
+ [ssh-add.c]
+ prevent double-free of comment; ok djm@
+ - dtucker at cvs.openbsd.org 2012/12/07 01:51:35
+ [serverloop.c]
+ Cast signal to int for logging. A no-op on openbsd (they're always ints)
+ but will prevent warnings in portable. ok djm@
+
+20121205
+ - (tim) [defines.h] Some platforms are missing ULLONG_MAX. Feedback djm at .
+
+20121203
+ - (djm) [openbsd-compat/sys-queue.h] Sync with OpenBSD to get
+ TAILQ_FOREACH_SAFE needed for upcoming changes.
+ - (djm) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2012/12/02 20:26:11
+ [ssh_config.5 sshconnect2.c]
+ Make IdentitiesOnly apply to keys obtained from a PKCS11Provider.
+ This allows control of which keys are offered from tokens using
+ IdentityFile. ok markus@
+ - djm at cvs.openbsd.org 2012/12/02 20:42:15
+ [ssh-add.1 ssh-add.c]
+ make deleting explicit keys "ssh-add -d" symmetric with adding keys -
+ try to delete the corresponding certificate too and respect the -k option
+ to allow deleting of the key only; feedback and ok markus@
+ - djm at cvs.openbsd.org 2012/12/02 20:46:11
+ [auth-options.c channels.c servconf.c servconf.h serverloop.c session.c]
+ [sshd_config.5]
+ make AllowTcpForwarding accept "local" and "remote" in addition to its
+ current "yes"/"no" to allow the server to specify whether just local or
+ remote TCP forwarding is enabled. ok markus@
+ - dtucker at cvs.openbsd.org 2012/10/05 02:20:48
+ [regress/cipher-speed.sh regress/try-ciphers.sh]
+ Add umac-128 at openssh.com to the list of MACs to be tested
+ - djm at cvs.openbsd.org 2012/10/19 05:10:42
+ [regress/cert-userkey.sh]
+ include a serial number when generating certs
+ - djm at cvs.openbsd.org 2012/11/22 22:49:30
+ [regress/Makefile regress/keys-command.sh]
+ regress for AuthorizedKeysCommand; hints from markus@
+ - djm at cvs.openbsd.org 2012/12/02 20:47:48
+ [Makefile regress/forward-control.sh]
+ regress for AllowTcpForwarding local/remote; ok markus@
+ - djm at cvs.openbsd.org 2012/12/03 00:14:06
+ [auth2-chall.c ssh-keygen.c]
+ Fix compilation with -Wall -Werror (trivial type fixes)
+ - (djm) [configure.ac] Turn on -g for gcc compilers. Helps pre-installation
+ debugging. ok dtucker@
+ - (djm) [configure.ac] Revert previous. configure.ac already does this
+ for us.
+
+20121114
+ - (djm) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2012/11/14 02:24:27
+ [auth2-pubkey.c]
+ fix username passed to helper program
+ prepare stdio fds before closefrom()
+ spotted by landry@
+ - djm at cvs.openbsd.org 2012/11/14 02:32:15
+ [ssh-keygen.c]
+ allow the full range of unsigned serial numbers; 'fine' deraadt@
+ - djm at cvs.openbsd.org 2012/12/02 20:34:10
+ [auth.c auth.h auth1.c auth2-chall.c auth2-gss.c auth2-jpake.c auth2.c]
+ [monitor.c monitor.h]
+ Fixes logging of partial authentication when privsep is enabled
+ Previously, we recorded "Failed xxx" since we reset authenticated before
+ calling auth_log() in auth2.c. This adds an explcit "Partial" state.
+
+ Add a "submethod" to auth_log() to report which submethod is used
+ for keyboard-interactive.
+
+ Fix multiple authentication when one of the methods is
+ keyboard-interactive.
+
+ ok markus@
+ - dtucker at cvs.openbsd.org 2012/10/05 02:05:30
+ [regress/multiplex.sh]
+ Use 'kill -0' to test for the presence of a pid since it's more portable
+
+20121107
+ - (djm) OpenBSD CVS Sync
+ - eric at cvs.openbsd.org 2011/11/28 08:46:27
+ [moduli.5]
+ fix formula
+ ok djm@
+ - jmc at cvs.openbsd.org 2012/09/26 17:34:38
+ [moduli.5]
+ last stage of rfc changes, using consistent Rs/Re blocks, and moving the
+ references into a STANDARDS section;
+
+20121105
+ - (dtucker) [uidswap.c openbsd-compat/Makefile.in
+ openbsd-compat/bsd-setres_id.c openbsd-compat/bsd-setres_id.h
+ openbsd-compat/openbsd-compat.h] Move the fallback code for setting uids
+ and gids from uidswap.c to the compat library, which allows it to work with
+ the new setresuid calls in auth2-pubkey. with tim@, ok djm@
+ - (dtucker) [auth2-pubkey.c] wrap paths.h in an ifdef for platforms that
+ don't have it. Spotted by tim at .
+
+20121104
+ - (djm) OpenBSD CVS Sync
+ - jmc at cvs.openbsd.org 2012/10/31 08:04:50
+ [sshd_config.5]
+ tweak previous;
+ - djm at cvs.openbsd.org 2012/11/04 10:38:43
+ [auth2-pubkey.c sshd.c sshd_config.5]
+ Remove default of AuthorizedCommandUser. Administrators are now expected
+ to explicitly specify a user. feedback and ok markus@
+ - djm at cvs.openbsd.org 2012/11/04 11:09:15
+ [auth.h auth1.c auth2.c monitor.c servconf.c servconf.h sshd.c]
+ [sshd_config.5]
+ Support multiple required authentication via an AuthenticationMethods
+ option. This option lists one or more comma-separated lists of
+ authentication method names. Successful completion of all the methods in
+ any list is required for authentication to complete;
+ feedback and ok markus@
+
+20121030
+ - (djm) OpenBSD CVS Sync
+ - markus at cvs.openbsd.org 2012/10/05 12:34:39
+ [sftp.c]
+ fix signed vs unsigned warning; feedback & ok: djm@
+ - djm at cvs.openbsd.org 2012/10/30 21:29:55
+ [auth-rsa.c auth.c auth.h auth2-pubkey.c servconf.c servconf.h]
+ [sshd.c sshd_config sshd_config.5]
+ new sshd_config option AuthorizedKeysCommand to support fetching
+ authorized_keys from a command in addition to (or instead of) from
+ the filesystem. The command is run as the target server user unless
+ another specified via a new AuthorizedKeysCommandUser option.
+
+ patch originally by jchadima AT redhat.com, reworked by me; feedback
+ and ok markus@
+
+20121019
+ - (tim) [buildpkg.sh.in] Double up on some backslashes so they end up in
+ the generated file as intended.
+
+20121005
+ - (dtucker) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2012/09/17 09:54:44
+ [sftp.c]
+ an XXX for later
+ - markus at cvs.openbsd.org 2012/09/17 13:04:11
+ [packet.c]
+ clear old keys on rekeing; ok djm
+ - dtucker at cvs.openbsd.org 2012/09/18 10:36:12
+ [sftp.c]
+ Add bounds check on sftp tab-completion. Part of a patch from from
+ Jean-Marc Robert via tech@, ok djm
+ - dtucker at cvs.openbsd.org 2012/09/21 10:53:07
+ [sftp.c]
+ Fix improper handling of absolute paths when PWD is part of the completed
+ path. Patch from Jean-Marc Robert via tech@, ok djm.
+ - dtucker at cvs.openbsd.org 2012/09/21 10:55:04
+ [sftp.c]
+ Fix handling of filenames containing escaped globbing characters and
+ escape "#" and "*". Patch from Jean-Marc Robert via tech@, ok djm.
+ - jmc at cvs.openbsd.org 2012/09/26 16:12:13
+ [ssh.1]
+ last stage of rfc changes, using consistent Rs/Re blocks, and moving the
+ references into a STANDARDS section;
+ - naddy at cvs.openbsd.org 2012/10/01 13:59:51
+ [monitor_wrap.c]
+ pasto; ok djm@
+ - djm at cvs.openbsd.org 2012/10/02 07:07:45
+ [ssh-keygen.c]
+ fix -z option, broken in revision 1.215
+ - markus at cvs.openbsd.org 2012/10/04 13:21:50
+ [myproposal.h ssh_config.5 umac.h sshd_config.5 ssh.1 sshd.8 mac.c]
+ add umac128 variant; ok djm@ at n2k12
+ - dtucker at cvs.openbsd.org 2012/09/06 04:11:07
+ [regress/try-ciphers.sh]
+ Restore missing space. (Id sync only).
+ - dtucker at cvs.openbsd.org 2012/09/09 11:51:25
+ [regress/multiplex.sh]
+ Add test for ssh -Ostop
+ - dtucker at cvs.openbsd.org 2012/09/10 00:49:21
+ [regress/multiplex.sh]
+ Log -O cmd output to the log file and make logging consistent with the
+ other tests. Test clean shutdown of an existing channel when testing
+ "stop".
+ - dtucker at cvs.openbsd.org 2012/09/10 01:51:19
+ [regress/multiplex.sh]
+ use -Ocheck and waiting for completions by PID to make multiplexing test
+ less racy and (hopefully) more reliable on slow hardware.
+ - [Makefile umac.c] Add special-case target to build umac128.o.
+ - [umac.c] Enforce allowed umac output sizes. From djm at .
+ - [Makefile.in] "Using $< in a non-suffix rule context is a GNUmake idiom".
+
+20120917
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker at cvs.openbsd.org 2012/09/13 23:37:36
+ [servconf.c]
+ Fix comment line length
+ - markus at cvs.openbsd.org 2012/09/14 16:51:34
+ [sshconnect.c]
+ remove unused variable
+
+20120907
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker at cvs.openbsd.org 2012/09/06 09:50:13
+ [clientloop.c]
+ Make the escape command help (~?) context sensitive so that only commands
+ that will work in the current session are shown. ok markus@
+ - jmc at cvs.openbsd.org 2012/09/06 13:57:42
+ [ssh.1]
+ missing letter in previous;
+ - dtucker at cvs.openbsd.org 2012/09/07 00:30:19
+ [clientloop.c]
+ Print '^Z' instead of a raw ^Z when the sequence is not supported. ok djm@
+ - dtucker at cvs.openbsd.org 2012/09/07 01:10:21
+ [clientloop.c]
+ Merge escape help text for ~v and ~V; ok djm@
+ - dtucker at cvs.openbsd.org 2012/09/07 06:34:21
+ [clientloop.c]
+ when muxmaster is run with -N, make it shut down gracefully when a client
+ sends it "-O stop" rather than hanging around (bz#1985). ok djm@
+
+20120906
+ - (dtucker) OpenBSD CVS Sync
+ - jmc at cvs.openbsd.org 2012/08/15 18:25:50
+ [ssh-keygen.1]
+ a little more info on certificate validity;
+ requested by Ross L Richardson, and provided by djm
+ - dtucker at cvs.openbsd.org 2012/08/17 00:45:45
+ [clientloop.c clientloop.h mux.c]
+ Force a clean shutdown of ControlMaster client sessions when the ~. escape
+ sequence is used. This means that ~. should now work in mux clients even
+ if the server is no longer responding. Found by tedu, ok djm.
+ - djm at cvs.openbsd.org 2012/08/17 01:22:56
+ [kex.c]
+ add some comments about better handling first-KEX-follows notifications
+ from the server. Nothing uses these right now. No binary change
+ - djm at cvs.openbsd.org 2012/08/17 01:25:58
+ [ssh-keygen.c]
+ print details of which host lines were deleted when using
+ "ssh-keygen -R host"; ok markus@
+ - djm at cvs.openbsd.org 2012/08/17 01:30:00
+ [compat.c sshconnect.c]
+ Send client banner immediately, rather than waiting for the server to
+ move first for SSH protocol 2 connections (the default). Patch based on
+ one in bz#1999 by tls AT panix.com, feedback dtucker@ ok markus@
+ - dtucker at cvs.openbsd.org 2012/09/06 04:37:39
+ [clientloop.c log.c ssh.1 log.h]
+ Add ~v and ~V escape sequences to raise and lower the logging level
+ respectively. Man page help from jmc, ok deraadt jmc
+
+20120830
+ - (dtucker) [moduli] Import new moduli file.
+
+20120828
+ - (djm) Release openssh-6.1
+
+20120828
+ - (dtucker) [openbsd-compat/bsd-cygwin_util.h] define WIN32_LEAN_AND_MEAN
+ for compatibility with future mingw-w64 headers. Patch from vinschen at
+ redhat com.
+
+20120822
+ - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
+ [contrib/suse/openssh.spec] Update version numbers
+
+20120731
+ - (djm) OpenBSD CVS Sync
+ - jmc at cvs.openbsd.org 2012/07/06 06:38:03
+ [ssh-keygen.c]
+ missing full stop in usage();
+ - djm at cvs.openbsd.org 2012/07/10 02:19:15
+ [servconf.c servconf.h sshd.c sshd_config]
+ Turn on systrace sandboxing of pre-auth sshd by default for new installs
+ by shipping a config that overrides the current UsePrivilegeSeparation=yes
+ default. Make it easier to flip the default in the future by adding too.
+ prodded markus@ feedback dtucker@ "get it in" deraadt@
+ - dtucker at cvs.openbsd.org 2012/07/13 01:35:21
+ [servconf.c]
+ handle long comments in config files better. bz#2025, ok markus
+ - markus at cvs.openbsd.org 2012/07/22 18:19:21
+ [version.h]
+ openssh 6.1
+
+20120720
+ - (dtucker) Import regened moduli file.
+
+20120706
+ - (djm) [sandbox-seccomp-filter.c] fallback to rlimit if seccomp filter is
+ not available. Allows use of sshd compiled on host with a filter-capable
+ kernel on hosts that lack the support. bz#2011 ok dtucker@
+ - (djm) [configure.ac] Recursively expand $(bindir) to ensure it has no
+ unexpanded $(prefix) embedded. bz#2007 patch from nix-corp AT
+ esperi.org.uk; ok dtucker@
+- (djm) OpenBSD CVS Sync
+ - dtucker at cvs.openbsd.org 2012/07/06 00:41:59
+ [moduli.c ssh-keygen.1 ssh-keygen.c]
+ Add options to specify starting line number and number of lines to process
+ when screening moduli candidates. This allows processing of different
+ parts of a candidate moduli file in parallel. man page help jmc@, ok djm@
+ - djm at cvs.openbsd.org 2012/07/06 01:37:21
+ [mux.c]
+ fix memory leak of passed-in environment variables and connection
+ context when new session message is malformed; bz#2003 from Bert.Wesarg
+ AT googlemail.com
+ - djm at cvs.openbsd.org 2012/07/06 01:47:38
+ [ssh.c]
+ move setting of tty_flag to after config parsing so RequestTTY options
+ are correctly picked up. bz#1995 patch from przemoc AT gmail.com;
+ ok dtucker@
+
+20120704
+ - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] Add setlinebuf for
+ platforms that don't have it. "looks good" tim@
+
+20120703
+ - (dtucker) [configure.ac] Detect platforms that can't use select(2) with
+ setrlimit(RLIMIT_NOFILE, rl_zero) and disable the rlimit sandbox on those.
+ - (dtucker) [configure.ac sandbox-rlimit.c] Test whether or not
+ setrlimit(RLIMIT_FSIZE, rl_zero) and skip it if it's not supported. Its
+ benefit is minor, so it's not worth disabling the sandbox if it doesn't
+ work.
+
+20120702
+- (dtucker) OpenBSD CVS Sync
+ - naddy at cvs.openbsd.org 2012/06/29 13:57:25
+ [ssh_config.5 sshd_config.5]
+ match the documented MAC order of preference to the actual one;
+ ok dtucker@
+ - markus at cvs.openbsd.org 2012/06/30 14:35:09
+ [sandbox-systrace.c sshd.c]
+ fix a during the load of the sandbox policies (child can still make
+ the read-syscall and wait forever for systrace-answers) by replacing
+ the read/write synchronisation with SIGSTOP/SIGCONT;
+ report and help hshoexer@; ok djm@, dtucker@
+ - dtucker at cvs.openbsd.org 2012/07/02 08:50:03
+ [ssh.c]
+ set interactive ToS for forwarded X11 sessions. ok djm@
+ - dtucker at cvs.openbsd.org 2012/07/02 12:13:26
+ [ssh-pkcs11-helper.c sftp-client.c]
+ fix a couple of "assigned but not used" warnings. ok markus@
+ - dtucker at cvs.openbsd.org 2012/07/02 14:37:06
+ [regress/connect-privsep.sh]
+ remove exit from end of test since it prevents reporting failure
+ - (dtucker) [regress/reexec.sh regress/sftp-cmds.sh regress/test-exec.sh]
+ Move cygwin detection to test-exec and use to skip reexec test on cygwin.
+ - (dtucker) [regress/test-exec.sh] Correct uname for cygwin/w2k.
+
+20120629
+ - OpenBSD CVS Sync
+ - dtucker at cvs.openbsd.org 2012/06/21 00:16:07
+ [addrmatch.c]
+ fix strlcpy truncation check. from carsten at debian org, ok markus
+ - dtucker at cvs.openbsd.org 2012/06/22 12:30:26
+ [monitor.c sshconnect2.c]
+ remove dead code following 'for (;;)' loops.
+ From Steve.McClellan at radisys com, ok markus@
+ - dtucker at cvs.openbsd.org 2012/06/22 14:36:33
+ [sftp.c]
+ Remove unused variable leftover from tab-completion changes.
+ From Steve.McClellan at radisys com, ok markus@
+ - dtucker at cvs.openbsd.org 2012/06/26 11:02:30
+ [sandbox-systrace.c]
+ Add mquery to the list of allowed syscalls for "UsePrivilegeSeparation
+ sandbox" since malloc now uses it. From johnw.mail at gmail com.
+ - dtucker at cvs.openbsd.org 2012/06/28 05:07:45
+ [mac.c myproposal.h ssh_config.5 sshd_config.5]
+ Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed
+ from draft6 of the spec and will not be in the RFC when published. Patch
+ from mdb at juniper net via bz#2023, ok markus.
+ - naddy at cvs.openbsd.org 2012/06/29 13:57:25
+ [ssh_config.5 sshd_config.5]
+ match the documented MAC order of preference to the actual one; ok dtucker@
+ - dtucker at cvs.openbsd.org 2012/05/13 01:42:32
+ [regress/addrmatch.sh]
+ Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests
+ to match. Feedback and ok djm@ markus at .
+ - djm at cvs.openbsd.org 2012/06/01 00:47:35
+ [regress/multiplex.sh regress/forwarding.sh]
+ append to rather than truncate test log; bz#2013 from openssh AT
+ roumenpetrov.info
+ - djm at cvs.openbsd.org 2012/06/01 00:52:52
+ [regress/sftp-cmds.sh]
+ don't delete .* on cleanup due to unintended env expansion; pointed out in
+ bz#2014 by openssh AT roumenpetrov.info
+ - dtucker at cvs.openbsd.org 2012/06/26 12:06:59
+ [regress/connect-privsep.sh]
+ test sandbox with every malloc option
+ - dtucker at cvs.openbsd.org 2012/06/28 05:07:45
+ [regress/try-ciphers.sh regress/cipher-speed.sh]
+ Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed
+ from draft6 of the spec and will not be in the RFC when published. Patch
+ from mdb at juniper net via bz#2023, ok markus.
+ - (dtucker) [myproposal.h] Remove trailing backslash to fix compile error.
+ - (dtucker) [key.c] ifdef out sha256 key types on platforms that don't have
+ the required functions in libcrypto.
+
+20120628
+ - (dtucker) [openbsd-compat/getrrsetbyname-ldns.c] bz #2022: prevent null
+ pointer deref in the client when built with LDNS and using DNSSEC with a
+ CNAME. Patch from gregdlg+mr at hochet info.
+
+20120622
+ - (dtucker) [contrib/cygwin/ssh-host-config] Ensure that user sshd runs as
+ can logon as a service. Patch from vinschen at redhat com.
+
+20120620
+ - (djm) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2011/12/02 00:41:56
+ [mux.c]
+ fix bz#1948: ssh -f doesn't fork for multiplexed connection.
+ ok dtucker@
+ - djm at cvs.openbsd.org 2011/12/04 23:16:12
+ [mux.c]
+ revert:
+ > revision 1.32
+ > date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1
+ > fix bz#1948: ssh -f doesn't fork for multiplexed connection.
+ > ok dtucker@
+ it interacts badly with ControlPersist
+ - djm at cvs.openbsd.org 2012/01/07 21:11:36
+ [mux.c]
+ fix double-free in new session handler
+ NB. Id sync only
+ - djm at cvs.openbsd.org 2012/05/23 03:28:28
+ [dns.c dns.h key.c key.h ssh-keygen.c]
+ add support for RFC6594 SSHFP DNS records for ECDSA key types.
+ patch from bugzilla-m67 AT nulld.me in bz#1978; ok + tweak markus@
+ (Original authors Ondřej Surý, Ondřej Caletka and Daniel Black)
+ - djm at cvs.openbsd.org 2012/06/01 00:49:35
+ [PROTOCOL.mux]
+ correct types of port numbers (integers, not strings); bz#2004 from
+ bert.wesarg AT googlemail.com
+ - djm at cvs.openbsd.org 2012/06/01 01:01:22
+ [mux.c]
+ fix memory leak when mux socket creation fails; bz#2002 from bert.wesarg
+ AT googlemail.com
+ - dtucker at cvs.openbsd.org 2012/06/18 11:43:53
+ [jpake.c]
+ correct sizeof usage. patch from saw at online.de, ok deraadt
+ - dtucker at cvs.openbsd.org 2012/06/18 11:49:58
+ [ssh_config.5]
+ RSA instead of DSA twice. From Steve.McClellan at radisys com
+ - dtucker at cvs.openbsd.org 2012/06/18 12:07:07
+ [ssh.1 sshd.8]
+ Remove mention of 'three' key files since there are now four. From
+ Steve.McClellan at radisys com.
+ - dtucker at cvs.openbsd.org 2012/06/18 12:17:18
+ [ssh.1]
+ Clarify description of -W. Noted by Steve.McClellan at radisys com,
+ ok jmc
+ - markus at cvs.openbsd.org 2012/06/19 18:25:28
+ [servconf.c servconf.h sshd_config.5]
+ sshd_config: extend Match to allow AcceptEnv and {Allow,Deny}{Users,Groups}
+ this allows 'Match LocalPort 1022' combined with 'AllowUser bauer'
+ ok djm@ (back in March)
+ - jmc at cvs.openbsd.org 2012/06/19 21:35:54
+ [sshd_config.5]
+ tweak previous; ok markus
+ - djm at cvs.openbsd.org 2012/06/20 04:42:58
+ [clientloop.c serverloop.c]
+ initialise accept() backoff timer to avoid EINVAL from select(2) in
+ rekeying
+
+20120519
+ - (dtucker) [configure.ac] bz#2010: fix non-portable shell construct. Patch
+ from cjwatson at debian org.
+ - (dtucker) [configure.ac contrib/Makefile] bz#1996: use AC_PATH_TOOL to find
+ pkg-config so it does the right thing when cross-compiling. Patch from
+ cjwatson at debian org.
+- (dtucker) OpenBSD CVS Sync
+ - dtucker at cvs.openbsd.org 2012/05/13 01:42:32
+ [servconf.h servconf.c sshd.8 sshd.c auth.c sshd_config.5]
+ Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests
+ to match. Feedback and ok djm@ markus at .
+ - dtucker at cvs.openbsd.org 2012/05/19 06:30:30
+ [sshd_config.5]
+ Document PermitOpen none. bz#2001, patch from Loganaden Velvindron
+
+20120504
+ - (dtucker) [configure.ac] Include <sys/param.h> rather than <sys/types.h>
+ to fix building on some plaforms. Fom bowman at math utah edu and
+ des at des no.
+
+20120427
+ - (dtucker) [regress/addrmatch.sh] skip tests when running on a non-ipv6
+ platform rather than exiting early, so that we still clean up and return
+ success or failure to test-exec.sh
+
+20120426
+ - (djm) [auth-passwd.c] Handle crypt() returning NULL; from Paul Wouters
+ via Niels
+ - (djm) [auth-krb5.c] Save errno across calls that might modify it;
+ ok dtucker@
+
+20120423
+ - OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2012/04/23 08:18:17
+ [channels.c]
+ fix function proto/source mismatch
+
+20120422
+ - OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2012/02/29 11:21:26
+ [ssh-keygen.c]
+ allow conversion of RSA1 keys to public PEM and PKCS8; "nice" markus@
+ - guenther at cvs.openbsd.org 2012/03/15 03:10:27
+ [session.c]
+ root should always be excluded from the test for /etc/nologin instead
+ of having it always enforced even when marked as ignorenologin. This
+ regressed when the logic was incompletely flipped around in rev 1.251
+ ok halex@ millert@
+ - djm at cvs.openbsd.org 2012/03/28 07:23:22
+ [PROTOCOL.certkeys]
+ explain certificate extensions/crit split rationale. Mention requirement
+ that each appear at most once per cert.
+ - dtucker at cvs.openbsd.org 2012/03/29 23:54:36
+ [channels.c channels.h servconf.c]
+ Add PermitOpen none option based on patch from Loganaden Velvindron
+ (bz #1949). ok djm@
+ - djm at cvs.openbsd.org 2012/04/11 13:16:19
+ [channels.c channels.h clientloop.c serverloop.c]
+ don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a
+ while; ok deraadt@ markus@
+ - djm at cvs.openbsd.org 2012/04/11 13:17:54
+ [auth.c]
+ Support "none" as an argument for AuthorizedPrincipalsFile to indicate
+ no file should be read.
+ - djm at cvs.openbsd.org 2012/04/11 13:26:40
+ [sshd.c]
+ don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a
+ while; ok deraadt@ markus@
+ - djm at cvs.openbsd.org 2012/04/11 13:34:17
+ [ssh-keyscan.1 ssh-keyscan.c]
+ now that sshd defaults to offering ECDSA keys, ssh-keyscan should also
+ look for them by default; bz#1971
+ - djm at cvs.openbsd.org 2012/04/12 02:42:32
+ [servconf.c servconf.h sshd.c sshd_config sshd_config.5]
+ VersionAddendum option to allow server operators to append some arbitrary
+ text to the SSH-... banner; ok deraadt@ "don't care" markus@
+ - djm at cvs.openbsd.org 2012/04/12 02:43:55
+ [sshd_config sshd_config.5]
+ mention AuthorizedPrincipalsFile=none default
+ - djm at cvs.openbsd.org 2012/04/20 03:24:23
+ [sftp.c]
+ setlinebuf(3) is more readable than setvbuf(.., _IOLBF, ...)
+ - jmc at cvs.openbsd.org 2012/04/20 16:26:22
+ [ssh.1]
+ use "brackets" instead of "braces", for consistency;
+
+20120420
+ - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
+ [contrib/suse/openssh.spec] Update for release 6.0
+ - (djm) [README] Update URL to release notes.
+ - (djm) Release openssh-6.0
+
+20120419
+ - (djm) [configure.ac] Fix compilation error on FreeBSD, whose libutil
+ contains openpty() but not login()
+
+20120404
+ - (djm) [Makefile.in configure.ac sandbox-seccomp-filter.c] Add sandbox
+ mode for Linux's new seccomp filter; patch from Will Drewry; feedback
+ and ok dtucker@
+
+20120330
+ - (dtucker) [contrib/redhat/openssh.spec] Bug #1992: remove now-gone WARNING
+ file from spec file. From crighter at nuclioss com.
+ - (djm) [entropy.c] bz#1991: relax OpenSSL version test to allow running
+ openssh binaries on a newer fix release than they were compiled on.
+ with and ok dtucker@
+ - (djm) [openbsd-compat/bsd-cygwin_util.h] #undef _WIN32 to avoid incorrect
+ assumptions when building on Cygwin; patch from Corinna Vinschen
+
+20120309
+ - (djm) [openbsd-compat/port-linux.c] bz#1960: fix crash on SELinux
+ systems where sshd is run in te wrong context. Patch from Sven
+ Vermeulen; ok dtucker@
+ - (djm) [packet.c] bz#1963: Fix IPQoS not being set on non-mapped v4-in-v6
+ addressed connections. ok dtucker@
+
+20120224
+ - (dtucker) [audit-bsm.c configure.ac] bug #1968: enable workarounds for BSM
+ audit breakage in Solaris 11. Patch from Magnus Johansson.
+
+20120215
+ - (tim) [openbsd-compat/bsd-misc.h sshd.c] Fix conflicting return type for
+ unsetenv due to rev 1.14 change to setenv.c. Cast unsetenv to void in sshd.c
+ ok dtucker@
+ - (tim) [defines.h] move chunk introduced in 1.125 before MAXPATHLEN so
+ it actually works.
+ - (tim) [regress/keytype.sh] stderr redirection needs to be inside back quote
+ to work. Spotted by Angel Gonzalez
+
+20120214
+ - (djm) [openbsd-compat/bsd-cygwin_util.c] Add PROGRAMFILES to list of
+ preserved Cygwin environment variables; from Corinna Vinschen
+
+20120211
+ - (djm) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2012/01/05 00:16:56
+ [monitor.c]
+ memleak on error path
+ - djm at cvs.openbsd.org 2012/01/07 21:11:36
+ [mux.c]
+ fix double-free in new session handler
+ - miod at cvs.openbsd.org 2012/01/08 13:17:11
+ [ssh-ecdsa.c]
+ Fix memory leak in ssh_ecdsa_verify(); from Loganaden Velvindron,
+ ok markus@
+ - miod at cvs.openbsd.org 2012/01/16 20:34:09
+ [ssh-pkcs11-client.c]
+ Fix a memory leak in pkcs11_rsa_private_encrypt(), reported by Jan Klemkow.
+ While there, be sure to buffer_clear() between send_msg() and recv_msg().
+ ok markus@
+ - dtucker at cvs.openbsd.org 2012/01/18 21:46:43
+ [clientloop.c]
+ Ensure that $DISPLAY contains only valid characters before using it to
+ extract xauth data so that it can't be used to play local shell
+ metacharacter games. Report from r00t_ati at ihteam.net, ok markus.
+ - markus at cvs.openbsd.org 2012/01/25 19:26:43
+ [packet.c]
+ do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during rekeying;
+ ok dtucker@, djm@
+ - markus at cvs.openbsd.org 2012/01/25 19:36:31
+ [authfile.c]
+ memleak in key_load_file(); from Jan Klemkow
+ - markus at cvs.openbsd.org 2012/01/25 19:40:09
+ [packet.c packet.h]
+ packet_read_poll() is not used anymore.
+ - markus at cvs.openbsd.org 2012/02/09 20:00:18
+ [version.h]
+ move from 6.0-beta to 6.0
+
+20120206
+ - (djm) [ssh-keygen.c] Don't fail in do_gen_all_hostkeys on platforms
+ that don't support ECC. Patch from Phil Oleson
+
+20111219
+ - OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2011/12/02 00:41:56
+ [mux.c]
+ fix bz#1948: ssh -f doesn't fork for multiplexed connection.
+ ok dtucker@
+ - djm at cvs.openbsd.org 2011/12/02 00:43:57
+ [mac.c]
+ fix bz#1934: newer OpenSSL versions will require HMAC_CTX_Init before
+ HMAC_init (this change in policy seems insane to me)
+ ok dtucker@
+ - djm at cvs.openbsd.org 2011/12/04 23:16:12
+ [mux.c]
+ revert:
+ > revision 1.32
+ > date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1
+ > fix bz#1948: ssh -f doesn't fork for multiplexed connection.
+ > ok dtucker@
+ it interacts badly with ControlPersist
+ - djm at cvs.openbsd.org 2011/12/07 05:44:38
+ [auth2.c dh.c packet.c roaming.h roaming_client.c roaming_common.c]
+ fix some harmless and/or unreachable int overflows;
+ reported Xi Wang, ok markus@
+
+20111125
+ - OpenBSD CVS Sync
+ - oga at cvs.openbsd.org 2011/11/16 12:24:28
+ [sftp.c]
+ Don't leak list in complete_cmd_parse if there are no commands found.
+ Discovered when I was ``borrowing'' this code for something else.
+ ok djm@
+
+20111121
+ - (dtucker) [configure.ac] Set _FORTIFY_SOURCE. ok djm@
+
+20111104
+ - (dtucker) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2011/10/18 05:15:28
+ [ssh.c]
+ ssh(1): skip attempting to create ~/.ssh when -F is passed; ok markus@
+ - djm at cvs.openbsd.org 2011/10/18 23:37:42
+ [ssh-add.c]
+ add -k to usage(); reminded by jmc@
+ - djm at cvs.openbsd.org 2011/10/19 00:06:10
+ [moduli.c]
+ s/tmpfile/tmp/ to make this -Wshadow clean
+ - djm at cvs.openbsd.org 2011/10/19 10:39:48
+ [umac.c]
+ typo in comment; patch from Michael W. Bombardieri
+ - djm at cvs.openbsd.org 2011/10/24 02:10:46
+ [ssh.c]
+ bz#1943: unbreak stdio forwarding when ControlPersist is in user - ssh
+ was incorrectly requesting the forward in both the control master and
+ slave. skip requesting it in the master to fix. ok markus@
+ - djm at cvs.openbsd.org 2011/10/24 02:13:13
+ [session.c]
+ bz#1859: send tty break to pty master instead of (probably already
+ closed) slave side; "looks good" markus@
+ - dtucker at cvs.openbsd.org 011/11/04 00:09:39
+ [moduli]
+ regenerated moduli file; ok deraadt
+ - (dtucker) [INSTALL LICENCE configure.ac openbsd-compat/Makefile.in
+ openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/getrrsetbyname.c]
+ bz 1320: Add optional support for LDNS, a BSD licensed DNS resolver library
+ which supports DNSSEC. Patch from Simon Vallet (svallet at genoscope cns fr)
+ with some rework from myself and djm. ok djm.
+
+20111025
+ - (dtucker) [contrib/cygwin/Makefile] Continue if installing a doc file
+ fails. Patch from Corinna Vinschen.
+
+20111018
+ - (djm) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2011/10/04 14:17:32
+ [sftp-glob.c]
+ silence error spam for "ls */foo" in directory with files; bz#1683
+ - dtucker at cvs.openbsd.org 2011/10/16 11:02:46
+ [moduli.c ssh-keygen.1 ssh-keygen.c]
+ Add optional checkpoints for moduli screening. feedback & ok deraadt
+ - jmc at cvs.openbsd.org 2011/10/16 15:02:41
+ [ssh-keygen.c]
+ put -K in the right place (usage());
+ - stsp at cvs.openbsd.org 2011/10/16 15:51:39
+ [moduli.c]
+ add missing includes to unbreak tree; fix from rpointel
+ - djm at cvs.openbsd.org 2011/10/18 04:58:26
+ [auth-options.c key.c]
+ remove explict search for \0 in packet strings, this job is now done
+ implicitly by buffer_get_cstring; ok markus
+ - djm at cvs.openbsd.org 2011/10/18 05:00:48
+ [ssh-add.1 ssh-add.c]
+ new "ssh-add -k" option to load plain keys (skipping certificates);
+ "looks ok" markus@
+
+20111001
+ - (dtucker) [openbsd-compat/mktemp.c] Fix compiler warning. ok djm
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker at cvs.openbsd.org 2011/09/23 00:22:04
+ [channels.c auth-options.c servconf.c channels.h sshd.8]
+ Add wildcard support to PermitOpen, allowing things like "PermitOpen
+ localhost:*". bz #1857, ok djm markus.
+ - markus at cvs.openbsd.org 2011/09/23 07:45:05
+ [mux.c readconf.h channels.h compat.h compat.c ssh.c readconf.c channels.c
+ version.h]
+ unbreak remote portforwarding with dynamic allocated listen ports:
+ 1) send the actual listen port in the open message (instead of 0).
+ this allows multiple forwardings with a dynamic listen port
+ 2) update the matching permit-open entry, so we can identify where
+ to connect to
+ report: den at skbkontur.ru and P. Szczygielski
+ feedback and ok djm@
+ - djm at cvs.openbsd.org 2011/09/25 05:44:47
+ [auth2-pubkey.c]
+ improve the AuthorizedPrincipalsFile debug log message to include
+ file and line number
+ - dtucker at cvs.openbsd.org 2011/09/30 00:47:37
+ [sshd.c]
+ don't attempt privsep cleanup when not using privsep; ok markus@
+ - djm at cvs.openbsd.org 2011/09/30 21:22:49
+ [sshd.c]
+ fix inverted test that caused logspam; spotted by henning@
+
+20110929
+ - (djm) [configure.ac defines.h] No need to detect sizeof(char); patch
+ from des AT des.no
+ - (dtucker) [configure.ac openbsd-compat/Makefile.in
+ openbsd-compat/strnlen.c] Add strnlen to the compat library.
+
+20110923
+ - (djm) [openbsd-compat/getcwd.c] Remove OpenBSD rcsid marker since we no
+ longer want to sync this file (OpenBSD uses a __getcwd syscall now, we
+ want this longhand version)
+ - (djm) [openbsd-compat/getgrouplist.c] Remove OpenBSD rcsid marker: the
+ upstream version is YPified and we don't want this
+ - (djm) [openbsd-compat/mktemp.c] forklift upgrade to -current version.
+ The file was totally rewritten between what we had in tree and -current.
+ - (djm) [openbsd-compat/sha2.c openbsd-compat/sha2.h] Remove OpenBSD rcsid
+ marker. The upstream API has changed (function and structure names)
+ enough to put it out of sync with other providers of this interface.
+ - (djm) [openbsd-compat/setenv.c] Forklift upgrade, including inclusion
+ of static __findenv() function from upstream setenv.c
+ - OpenBSD CVS Sync
+ - millert at cvs.openbsd.org 2006/05/05 15:27:38
+ [openbsd-compat/strlcpy.c]
+ Convert do {} while loop -> while {} for clarity. No binary change
+ on most architectures. From Oliver Smith. OK deraadt@ and henning@
+ - tobias at cvs.openbsd.org 2007/10/21 11:09:30
+ [openbsd-compat/mktemp.c]
+ Comment fix about time consumption of _gettemp.
+ FreeBSD did this in revision 1.20.
+ OK deraadt@, krw@
+ - deraadt at cvs.openbsd.org 2008/07/22 21:47:45
+ [openbsd-compat/mktemp.c]
+ use arc4random_uniform(); ok djm millert
+ - millert at cvs.openbsd.org 2008/08/21 16:54:44
+ [openbsd-compat/mktemp.c]
+ Remove useless code, the kernel will set errno appropriately if an
+ element in the path does not exist. OK deraadt@ pvalchev@
+ - otto at cvs.openbsd.org 2008/12/09 19:38:38
+ [openbsd-compat/inet_ntop.c]
+ fix inet_ntop(3) prototype; ok millert@ libc to be bumbed very soon
+
+20110922
+ - OpenBSD CVS Sync
+ - pyr at cvs.openbsd.org 2011/05/12 07:15:10
+ [openbsd-compat/glob.c]
+ When the max number of items for a directory has reached GLOB_LIMIT_READDIR
+ an error is returned but closedir() is not called.
+ spotted and fix provided by Frank Denis obsd-tech at pureftpd.org
+ ok otto@, millert@
+ - stsp at cvs.openbsd.org 2011/09/20 10:18:46
+ [glob.c]
+ In glob(3), limit recursion during matching attempts. Similar to
+ fnmatch fix. Also collapse consecutive '*' (from NetBSD).
+ ok miod deraadt
+ - djm at cvs.openbsd.org 2011/09/22 06:27:29
+ [glob.c]
+ fix GLOB_KEEPSTAT without GLOB_NOSORT; the implicit sort was being
+ applied only to the gl_pathv vector and not the corresponding gl_statv
+ array. reported in OpenSSH bz#1935; feedback and okay matthew@
+ - djm at cvs.openbsd.org 2011/08/26 01:45:15
+ [ssh.1]
+ Add some missing ssh_config(5) options that can be used in ssh(1)'s
+ -o argument. Patch from duclare AT guu.fi
+ - djm at cvs.openbsd.org 2011/09/05 05:56:13
+ [scp.1 sftp.1]
+ mention ControlPersist and KbdInteractiveAuthentication in the -o
+ verbiage in these pages too (prompted by jmc@)
+ - djm at cvs.openbsd.org 2011/09/05 05:59:08
+ [misc.c]
+ fix typo in IPQoS parsing: there is no "AF14" class, but there is
+ an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk
+ - jmc at cvs.openbsd.org 2011/09/05 07:01:44
+ [scp.1]
+ knock out a useless Ns;
+ - deraadt at cvs.openbsd.org 2011/09/07 02:18:31
+ [ssh-keygen.1]
+ typo (they vs the) found by Lawrence Teo
+ - djm at cvs.openbsd.org 2011/09/09 00:43:00
+ [ssh_config.5 sshd_config.5]
+ fix typo in IPQoS parsing: there is no "AF14" class, but there is
+ an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk
+ - djm at cvs.openbsd.org 2011/09/09 00:44:07
+ [PROTOCOL.mux]
+ MUX_C_CLOSE_FWD includes forward type in message (though it isn't
+ implemented anyway)
+ - djm at cvs.openbsd.org 2011/09/09 22:37:01
+ [scp.c]
+ suppress adding '--' to remote commandlines when the first argument
+ does not start with '-'. saves breakage on some difficult-to-upgrade
+ embedded/router platforms; feedback & ok dtucker ok markus
+ - djm at cvs.openbsd.org 2011/09/09 22:38:21
+ [sshd.c]
+ kill the preauth privsep child on fatal errors in the monitor;
+ ok markus@
+ - djm at cvs.openbsd.org 2011/09/09 22:46:44
+ [channels.c channels.h clientloop.h mux.c ssh.c]
+ support for cancelling local and remote port forwards via the multiplex
+ socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user at host" to request
+ the cancellation of the specified forwardings; ok markus@
+ - markus at cvs.openbsd.org 2011/09/10 22:26:34
+ [channels.c channels.h clientloop.c ssh.1]
+ support cancellation of local/dynamic forwardings from ~C commandline;
+ ok & feedback djm@
+ - okan at cvs.openbsd.org 2011/09/11 06:59:05
+ [ssh.1]
+ document new -O cancel command; ok djm@
+ - markus at cvs.openbsd.org 2011/09/11 16:07:26
+ [sftp-client.c]
+ fix leaks in do_hardlink() and do_readlink(); bz#1921
+ from Loganaden Velvindron
+ - markus at cvs.openbsd.org 2011/09/12 08:46:15
+ [sftp-client.c]
+ fix leak in do_lsreaddir(); ok djm
+ - djm at cvs.openbsd.org 2011/09/22 06:29:03
+ [sftp.c]
+ don't let remote_glob() implicitly sort its results in do_globbed_ls() -
+ in all likelihood, they will be resorted anyway
+
+20110909
+ - (dtucker) [entropy.h] Bug #1932: remove old definition of init_rng. From
+ Colin Watson.
+
+20110906
+ - (djm) [README version.h] Correct version
+ - (djm) [contrib/redhat/openssh.spec] Correct restorcon => restorecon
+ - (djm) Respin OpenSSH-5.9p1 release
+
+20110905
+ - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
+ [contrib/suse/openssh.spec] Update version numbers.
+
+20110904
+ - (djm) [regress/connect-privsep.sh regress/test-exec.sh] demote fatal
+ regress errors for the sandbox to warnings. ok tim dtucker
+ - (dtucker) [ssh-keygen.c ssh-pkcs11.c] Bug #1929: add null implementations
+ ofsh-pkcs11.cpkcs_init and pkcs_terminate for building without dlopen
+ support.
+
+20110829
+ - (djm) [openbsd-compat/port-linux.c] Suppress logging when attempting
+ to switch SELinux context away from unconfined_t, based on patch from
+ Jan Chadima; bz#1919 ok dtucker@
+
+20110827
+ - (dtucker) [auth-skey.c] Add log.h to fix build --with-skey.
+
+20110818
+ - (tim) [configure.ac] Typo in error message spotted by Andy Tsouladze
+
+20110817
+ - (tim) [mac.c myproposal.h] Wrap SHA256 and SHA512 in ifdefs for
+ OpenSSL 0.9.7. ok djm
+ - (djm) [ openbsd-compat/bsd-cygwin_util.c openbsd-compat/bsd-cygwin_util.h]
+ binary_pipe is no longer required on Cygwin; patch from Corinna Vinschen
+ - (djm) [configure.ac] error out if the host lacks the necessary bits for
+ an explicitly requested sandbox type
+ - (djm) [contrib/ssh-copy-id] Missing backlslash; spotted by
+ bisson AT archlinux.org
+ - (djm) OpenBSD CVS Sync
+ - dtucker at cvs.openbsd.org 2011/06/03 05:35:10
+ [regress/cfgmatch.sh]
+ use OBJ to find test configs, patch from Tim Rice
+ - markus at cvs.openbsd.org 2011/06/30 22:44:43
+ [regress/connect-privsep.sh]
+ test with sandbox enabled; ok djm@
+ - djm at cvs.openbsd.org 2011/08/02 01:23:41
+ [regress/cipher-speed.sh regress/try-ciphers.sh]
+ add SHA256/SHA512 based HMAC modes
+ - (djm) [regress/cipher-speed.sh regress/try-ciphers.sh] disable HMAC-SHA2
+ MAC tests for platforms that hack EVP_SHA2 support
+
+20110812
+ - (dtucker) [openbsd-compat/port-linux.c] Bug 1924: Improve selinux context
+ change error by reporting old and new context names Patch from
+ jchadima at redhat.
+ - (djm) [contrib/redhat/openssh.spec contrib/redhat/sshd.init]
+ [contrib/suse/openssh.spec contrib/suse/rc.sshd] Updated RHEL and SLES
+ init scrips from imorgan AT nas.nasa.gov; bz#1920
+ - (djm) [contrib/ssh-copy-id] Fix failure for cases where the path to the
+ identify file contained whitespace. bz#1828 patch from gwenael.lambrouin
+ AT gmail.com; ok dtucker@
+
+20110807
+ - (dtucker) OpenBSD CVS Sync
+ - jmc at cvs.openbsd.org 2008/06/26 06:59:39
+ [moduli.5]
+ tweak previous;
+ - sobrado at cvs.openbsd.org 2009/10/28 08:56:54
+ [moduli.5]
+ "Diffie-Hellman" is the usual spelling for the cryptographic protocol
+ first published by Whitfield Diffie and Martin Hellman in 1976.
+ ok jmc@
+ - jmc at cvs.openbsd.org 2010/10/14 20:41:28
+ [moduli.5]
+ probabalistic -> probabilistic; from naddy
+ - dtucker at cvs.openbsd.org 2011/08/07 12:55:30
+ [sftp.1]
+ typo, fix from Laurent Gautrot
+
+20110805
+ - OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2011/06/23 23:35:42
+ [monitor.c]
+ ignore EINTR errors from poll()
+ - tedu at cvs.openbsd.org 2011/07/06 18:09:21
+ [authfd.c]
+ bzero the agent address. the kernel was for a while very cranky about
+ these things. evne though that's fixed, always good to initialize
+ memory. ok deraadt djm
+ - djm at cvs.openbsd.org 2011/07/29 14:42:45
+ [sandbox-systrace.c]
+ fail open(2) with EPERM rather than SIGKILLing the whole process. libc
+ will call open() to do strerror() when NLS is enabled;
+ feedback and ok markus@
+ - markus at cvs.openbsd.org 2011/08/01 19:18:15
+ [gss-serv.c]
+ prevent post-auth resource exhaustion (int overflow leading to 4GB malloc);
+ report Adam Zabrock; ok djm@, deraadt@
+ - djm at cvs.openbsd.org 2011/08/02 01:22:11
+ [mac.c myproposal.h ssh.1 ssh_config.5 sshd.8 sshd_config.5]
+ Add new SHA256 and SHA512 based HMAC modes from
+ http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt
+ Patch from mdb AT juniper.net; feedback and ok markus@
+ - djm at cvs.openbsd.org 2011/08/02 23:13:01
+ [version.h]
+ crank now, release later
+ - djm at cvs.openbsd.org 2011/08/02 23:15:03
+ [ssh.c]
+ typo in comment
+
+20110624
+ - (djm) [configure.ac Makefile.in sandbox-darwin.c] Add a sandbox for
+ Darwin/OS X using sandbox_init() + setrlimit(); feedback and testing
+ markus@
+
+20110623
+ - OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2011/06/22 21:47:28
+ [servconf.c]
+ reuse the multistate option arrays to pretty-print options for "sshd -T"
+ - djm at cvs.openbsd.org 2011/06/22 21:57:01
+ [servconf.c servconf.h sshd.c sshd_config.5]
+ [configure.ac Makefile.in]
+ introduce sandboxing of the pre-auth privsep child using systrace(4).
+
+ This introduces a new "UsePrivilegeSeparation=sandbox" option for
+ sshd_config that applies mandatory restrictions on the syscalls the
+ privsep child can perform. This prevents a compromised privsep child
+ from being used to attack other hosts (by opening sockets and proxying)
+ or probing local kernel attack surface.
+
+ The sandbox is implemented using systrace(4) in unsupervised "fast-path"
+ mode, where a list of permitted syscalls is supplied. Any syscall not
+ on the list results in SIGKILL being sent to the privsep child. Note
+ that this requires a kernel with the new SYSTR_POLICY_KILL option.
+
+ UsePrivilegeSeparation=sandbox will become the default in the future
+ so please start testing it now.
+
+ feedback dtucker@; ok markus@
+ - djm at cvs.openbsd.org 2011/06/22 22:08:42
+ [channels.c channels.h clientloop.c clientloop.h mux.c ssh.c]
+ hook up a channel confirm callback to warn the user then requested X11
+ forwarding was refused by the server; ok markus@
+ - djm at cvs.openbsd.org 2011/06/23 09:34:13
+ [sshd.c ssh-sandbox.h sandbox.h sandbox-rlimit.c sandbox-systrace.c]
+ [sandbox-null.c]
+ rename sandbox.h => ssh-sandbox.h to make things easier for portable
+ - (djm) [sandbox-null.c] Dummy sandbox for platforms that don't support
+ setrlimit(2)
+
+20110620
+ - OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2011/06/04 00:10:26
+ [ssh_config.5]
+ explain IdentifyFile's semantics a little better, prompted by bz#1898
+ ok dtucker jmc
+ - markus at cvs.openbsd.org 2011/06/14 22:49:18
+ [authfile.c]
+ make sure key_parse_public/private_rsa1() no longer consumes its input
+ buffer. fixes ssh-add for passphrase-protected ssh1-keys;
+ noted by naddy@; ok djm@
+ - djm at cvs.openbsd.org 2011/06/17 21:44:31
+ [log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h sshd.c]
+ make the pre-auth privsep slave log via a socketpair shared with the
+ monitor rather than /var/empty/dev/log; ok dtucker@ deraadt@ markus@
+ - djm at cvs.openbsd.org 2011/06/17 21:46:16
+ [sftp-server.c]
+ the protocol version should be unsigned; bz#1913 reported by mb AT
+ smartftp.com
+ - djm at cvs.openbsd.org 2011/06/17 21:47:35
+ [servconf.c]
+ factor out multi-choice option parsing into a parse_multistate label
+ and some support structures; ok dtucker@
+ - djm at cvs.openbsd.org 2011/06/17 21:57:25
+ [clientloop.c]
+ setproctitle for a mux master that has been gracefully stopped;
+ bz#1911 from Bert.Wesarg AT googlemail.com
+
+20110603
+ - (dtucker) [README version.h contrib/caldera/openssh.spec
+ contrib/redhat/openssh.spec contrib/suse/openssh.spec] Pull the version
+ bumps from the 5.8p2 branch into HEAD. ok djm.
+ - (tim) [configure.ac defines.h] Run test program to detect system mail
+ directory. Add --with-maildir option to override. Fixed OpenServer 6
+ getting it wrong. Fixed many systems having MAIL=/var/mail//username
+ ok dtucker
+ - (dtucker) [monitor.c] Remove the !HAVE_SOCKETPAIR case. We use socketpair
+ unconditionally in other places and the survey data we have does not show
+ any systems that use it. "nuke it" djm@
+ - (djm) [configure.ac] enable setproctitle emulation for OS X
+ - (djm) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2011/06/03 00:54:38
+ [ssh.c]
+ bz#1883 - setproctitle() to identify mux master; patch from Bert.Wesarg
+ AT googlemail.com; ok dtucker@
+ NB. includes additional portability code to enable setproctitle emulation
+ on platforms that don't support it.
+ - dtucker at cvs.openbsd.org 2011/06/03 01:37:40
+ [ssh-agent.c]
+ Check current parent process ID against saved one to determine if the parent
+ has exited, rather than attempting to send a zero signal, since the latter
+ won't work if the parent has changed privs. bz#1905, patch from Daniel Kahn
+ Gillmor, ok djm@
+ - dtucker at cvs.openbsd.org 2011/05/31 02:01:58
+ [regress/dynamic-forward.sh]
+ back out revs 1.6 and 1.5 since it's not reliable
+ - dtucker at cvs.openbsd.org 2011/05/31 02:03:34
+ [regress/dynamic-forward.sh]
+ work around startup and teardown races; caught by deraadt
+ - dtucker at cvs.openbsd.org 2011/06/03 00:29:52
+ [regress/dynamic-forward.sh]
+ Retry establishing the port forwarding after a small delay, should make
+ the tests less flaky when the previous test is slow to shut down and free
+ up the port.
+ - (tim) [regress/cfgmatch.sh] Build/test out of tree fix.
+
+20110529
+ - (djm) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2011/05/23 03:30:07
+ [auth-rsa.c auth.c auth.h auth2-pubkey.c monitor.c monitor_wrap.c]
+ [pathnames.h servconf.c servconf.h sshd.8 sshd_config sshd_config.5]
+ allow AuthorizedKeysFile to specify multiple files, separated by spaces.
+ Bring back authorized_keys2 as a default search path (to avoid breaking
+ existing users of this file), but override this in sshd_config so it will
+ be no longer used on fresh installs. Maybe in 2015 we can remove it
+ entierly :)
+
+ feedback and ok markus@ dtucker@
+ - djm at cvs.openbsd.org 2011/05/23 03:33:38
+ [auth.c]
+ make secure_filename() spam debug logs less
+ - djm at cvs.openbsd.org 2011/05/23 03:52:55
+ [sshconnect.c]
+ remove extra newline
+ - jmc at cvs.openbsd.org 2011/05/23 07:10:21
+ [sshd.8 sshd_config.5]
+ tweak previous; ok djm
+ - djm at cvs.openbsd.org 2011/05/23 07:24:57
+ [authfile.c]
+ read in key comments for v.2 keys (though note that these are not
+ passed over the agent protocol); bz#439, based on patch from binder
+ AT arago.de; ok markus@
+ - djm at cvs.openbsd.org 2011/05/24 07:15:47
+ [readconf.c readconf.h ssh.c ssh_config.5 sshconnect.c sshconnect2.c]
+ Remove undocumented legacy options UserKnownHostsFile2 and
+ GlobalKnownHostsFile2 by making UserKnownHostsFile/GlobalKnownHostsFile
+ accept multiple paths per line and making their defaults include
+ known_hosts2; ok markus
+ - djm at cvs.openbsd.org 2011/05/23 03:31:31
+ [regress/cfgmatch.sh]
+ include testing of multiple/overridden AuthorizedKeysFiles
+ refactor to simply daemon start/stop and get rid of racy constructs
+
+20110520
+ - (djm) [session.c] call setexeccon() before executing passwd for pw
+ changes; bz#1891 reported by jchadima AT redhat.com; ok dtucker@
+ - (djm) [aclocal.m4 configure.ac] since gcc-4.x ignores all -Wno-options
+ options, we should corresponding -W-option when trying to determine
+ whether it is accepted. Also includes a warning fix on the program
+ fragment uses (bad main() return type).
+ bz#1900 and bz#1901 reported by g.esp AT free.fr; ok dtucker@
+ - (djm) [servconf.c] remove leftover droppings of AuthorizedKeysFile2
+ - OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2011/05/15 08:09:01
+ [authfd.c monitor.c serverloop.c]
+ use FD_CLOEXEC consistently; patch from zion AT x96.org
+ - djm at cvs.openbsd.org 2011/05/17 07:13:31
+ [key.c]
+ fatal() if asked to generate a legacy ECDSA cert (these don't exist)
+ and fix the regress test that was trying to generate them :)
+ - djm at cvs.openbsd.org 2011/05/20 00:55:02
+ [servconf.c]
+ the options TrustedUserCAKeys, RevokedKeysFile, AuthorizedKeysFile
+ and AuthorizedPrincipalsFile were not being correctly applied in
+ Match blocks, despite being overridable there; ok dtucker@
+ - dtucker at cvs.openbsd.org 2011/05/20 02:00:19
+ [servconf.c]
+ Add comment documenting what should be after the preauth check. ok djm
+ - djm at cvs.openbsd.org 2011/05/20 03:25:45
+ [monitor.c monitor_wrap.c servconf.c servconf.h]
+ use a macro to define which string options to copy between configs
+ for Match. This avoids problems caused by forgetting to keep three
+ code locations in perfect sync and ordering
+
+ "this is at once beautiful and horrible" + ok dtucker@
+ - djm at cvs.openbsd.org 2011/05/17 07:13:31
+ [regress/cert-userkey.sh]
+ fatal() if asked to generate a legacy ECDSA cert (these don't exist)
+ and fix the regress test that was trying to generate them :)
+ - djm at cvs.openbsd.org 2011/05/20 02:43:36
+ [cert-hostkey.sh]
+ another attempt to generate a v00 ECDSA key that broke the test
+ ID sync only - portable already had this somehow
+ - dtucker at cvs.openbsd.org 2011/05/20 05:19:50
+ [dynamic-forward.sh]
+ Prevent races in dynamic forwarding test; ok djm
+ - dtucker at cvs.openbsd.org 2011/05/20 06:32:30
+ [dynamic-forward.sh]
+ fix dumb error in dynamic-forward test
+
+20110515
+ - (djm) OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2011/05/05 05:12:08
+ [mux.c]
+ gracefully fall back when ControlPath is too large for a
+ sockaddr_un. ok markus@ as part of a larger diff
+ - dtucker at cvs.openbsd.org 2011/05/06 01:03:35
+ [sshd_config]
+ clarify language about overriding defaults. bz#1892, from Petr Cerny
+ - djm at cvs.openbsd.org 2011/05/06 01:09:53
+ [sftp.1]
+ mention that IPv6 addresses must be enclosed in square brackets;
+ bz#1845
+ - djm at cvs.openbsd.org 2011/05/06 02:05:41
+ [sshconnect2.c]
+ fix memory leak; bz#1849 ok dtucker@
+ - djm at cvs.openbsd.org 2011/05/06 21:14:05
+ [packet.c packet.h]
+ set traffic class for IPv6 traffic as we do for IPv4 TOS;
+ patch from lionel AT mamane.lu via Colin Watson in bz#1855;
+ ok markus@
+ - djm at cvs.openbsd.org 2011/05/06 21:18:02
+ [ssh.c ssh_config.5]
+ add a %L expansion (short-form of the local host name) for ControlPath;
+ sync some more expansions with LocalCommand; ok markus@
+ - djm at cvs.openbsd.org 2011/05/06 21:31:38
+ [readconf.c ssh_config.5]
+ support negated Host matching, e.g.
+
+ Host *.example.org !c.example.org
+ User mekmitasdigoat
+
+ Will match "a.example.org", "b.example.org", but not "c.example.org"
+ ok markus@
+ - djm at cvs.openbsd.org 2011/05/06 21:34:32
+ [clientloop.c mux.c readconf.c readconf.h ssh.c ssh_config.5]
+ Add a RequestTTY ssh_config option to allow configuration-based
+ control over tty allocation (like -t/-T); ok markus@
+ - djm at cvs.openbsd.org 2011/05/06 21:38:58
+ [ssh.c]
+ fix dropping from previous diff
+ - djm at cvs.openbsd.org 2011/05/06 22:20:10
+ [PROTOCOL.mux]
+ fix numbering; from bert.wesarg AT googlemail.com
+ - jmc at cvs.openbsd.org 2011/05/07 23:19:39
+ [ssh_config.5]
+ - tweak previous
+ - come consistency fixes
+ ok djm
+ - jmc at cvs.openbsd.org 2011/05/07 23:20:25
+ [ssh.1]
+ +.It RequestTTY
+ - djm at cvs.openbsd.org 2011/05/08 12:52:01
+ [PROTOCOL.mux clientloop.c clientloop.h mux.c]
+ improve our behaviour when TTY allocation fails: if we are in
+ RequestTTY=auto mode (the default), then do not treat at TTY
+ allocation error as fatal but rather just restore the local TTY
+ to cooked mode and continue. This is more graceful on devices that
+ never allocate TTYs.
+
+ If RequestTTY is set to "yes" or "force", then failure to allocate
+ a TTY is fatal.
+
+ ok markus@
+ - djm at cvs.openbsd.org 2011/05/10 05:46:46
+ [authfile.c]
+ despam debug() logs by detecting that we are trying to load a private key
+ in key_try_load_public() and returning early; ok markus@
+ - djm at cvs.openbsd.org 2011/05/11 04:47:06
+ [auth.c auth.h auth2-pubkey.c pathnames.h servconf.c servconf.h]
+ remove support for authorized_keys2; it is a relic from the early days
+ of protocol v.2 support and has been undocumented for many years;
+ ok markus@
+ - djm at cvs.openbsd.org 2011/05/13 00:05:36
+ [authfile.c]
+ warn on unexpected key type in key_parse_private_type()
+ - (djm) [packet.c] unbreak portability #endif
+
+20110510
+ - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Bug #1882: fix
+ --with-ssl-engine which was broken with the change from deprecated
+ SSLeay_add_all_algorithms(). ok djm
+
+20110506
+ - (dtucker) [openbsd-compat/regress/closefromtest.c] Bug #1875: add prototype
+ for closefrom() in test code. Report from Dan Wallis via Gentoo.
+
+20110505
+ - (djm) [defines.h] Move up include of netinet/ip.h for IPTOS
+ definitions. From des AT des.no
+ - (djm) [Makefile.in WARNING.RNG aclocal.m4 buildpkg.sh.in configure.ac]
+ [entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c]
+ [ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c]
+ [ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh]
+ [regress/README.regress] Remove ssh-rand-helper and all its
+ tentacles. PRNGd seeding has been rolled into entropy.c directly.
+ Thanks to tim@ for testing on affected platforms.
+ - OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2011/03/10 02:52:57
+ [auth2-gss.c auth2.c auth.h]
+ allow GSSAPI authentication to detect when a server-side failure causes
+ authentication failure and don't count such failures against MaxAuthTries;
+ bz#1244 from simon AT sxw.org.uk; ok markus@ before lock
+ - okan at cvs.openbsd.org 2011/03/15 10:36:02
+ [ssh-keyscan.c]
+ use timerclear macro
+ ok djm@
+ - stevesk at cvs.openbsd.org 2011/03/23 15:16:22
+ [ssh-keygen.1 ssh-keygen.c]
+ Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa)
+ for which host keys do not exist, generate the host keys with the
+ default key file path, an empty passphrase, default bits for the key
+ type, and default comment. This will be used by /etc/rc to generate
+ new host keys. Idea from deraadt.
+ ok deraadt
+ - stevesk at cvs.openbsd.org 2011/03/23 16:24:56
+ [ssh-keygen.1]
+ -q not used in /etc/rc now so remove statement.
+ - stevesk at cvs.openbsd.org 2011/03/23 16:50:04
+ [ssh-keygen.c]
+ remove -d, documentation removed >10 years ago; ok markus
+ - jmc at cvs.openbsd.org 2011/03/24 15:29:30
+ [ssh-keygen.1]
+ zap trailing whitespace;
+ - stevesk at cvs.openbsd.org 2011/03/24 22:14:54
+ [ssh-keygen.c]
+ use strcasecmp() for "clear" cert permission option also; ok djm
+ - stevesk at cvs.openbsd.org 2011/03/29 18:54:17
+ [misc.c misc.h servconf.c]
+ print ipqos friendly string for sshd -T; ok markus
+ # sshd -Tf sshd_config|grep ipqos
+ ipqos lowdelay throughput
+ - djm at cvs.openbsd.org 2011/04/12 04:23:50
+ [ssh-keygen.c]
+ fix -Wshadow
+ - djm at cvs.openbsd.org 2011/04/12 05:32:49
+ [sshd.c]
+ exit with 0 status on SIGTERM; bz#1879
+ - djm at cvs.openbsd.org 2011/04/13 04:02:48
+ [ssh-keygen.1]
+ improve wording; bz#1861
+ - djm at cvs.openbsd.org 2011/04/13 04:09:37
+ [ssh-keygen.1]
+ mention valid -b sizes for ECDSA keys; bz#1862
+ - djm at cvs.openbsd.org 2011/04/17 22:42:42
+ [PROTOCOL.mux clientloop.c clientloop.h mux.c ssh.1 ssh.c]
+ allow graceful shutdown of multiplexing: request that a mux server
+ removes its listener socket and refuse future multiplexing requests;
+ ok markus@
+ - djm at cvs.openbsd.org 2011/04/18 00:46:05
+ [ssh-keygen.c]
+ certificate options are supposed to be packed in lexical order of
+ option name (though we don't actually enforce this at present).
+ Move one up that was out of sequence
+ - djm at cvs.openbsd.org 2011/05/04 21:15:29
+ [authfile.c authfile.h ssh-add.c]
+ allow "ssh-add - < key"; feedback and ok markus@
+ - (tim) [configure.ac] Add AC_LANG_SOURCE to OPENSSH_CHECK_CFLAG_COMPILE
+ so autoreconf 2.68 is happy.
+ - (tim) [defines.h] Deal with platforms that do not have S_IFSOCK ok djm@
+
20110221
- (dtucker) [contrib/cygwin/ssh-host-config] From Corinna: revamp of the
Cygwin-specific service installer script ssh-host-config. The actual
@@ -19,6 +2442,13 @@
The new script also is more thorough to inform the user why the
script failed. Patch from vinschen at redhat com.
+20110218
+ - OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2011/02/16 00:31:14
+ [ssh-keysign.c]
+ make hostbased auth with ECDSA keys work correctly. Based on patch
+ by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
+
20110206
- (dtucker) [openbsd-compat/port-linux.c] Bug #1851: fix syntax error in
selinux code. Patch from Leonardo Chiquitto
@@ -46,6 +2476,14 @@
succeeded before using its result. Patch from cjwatson AT debian.org;
bz#1851
+20110127
+ - (tim) [config.guess config.sub] Sync with upstream.
+ - (tim) [configure.ac] Consistent M4 quoting throughout, updated obsolete
+ AC_TRY_COMPILE with AC_COMPILE_IFELSE, updated obsolete AC_TRY_LINK with
+ AC_LINK_IFELSE, updated obsolete AC_TRY_RUN with AC_RUN_IFELSE, misc white
+ space changes for consistency/readability. Makes autoconf 2.68 happy.
+ "Nice work" djm
+
20110125
- (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c
openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to
@@ -1256,4 +3694,3 @@
(use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate)
ok markus@
-
Property changes on: vendor-crypto/openssh/dist/ChangeLog
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.10
\ No newline at end of property
Deleted: vendor-crypto/openssh/dist/FREEBSD-Xlist
===================================================================
--- vendor-crypto/openssh/dist/FREEBSD-Xlist 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/FREEBSD-Xlist 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,10 +0,0 @@
-$FreeBSD: src/crypto/openssh/FREEBSD-Xlist,v 1.3 2004/02/26 10:37:34 des Exp $
-*.0
-*/.cvsignore
-.cvsignore
-autom4te*
-config.h.in
-configure
-contrib
-regress/*.[0-9]
-stamp-h.in
Deleted: vendor-crypto/openssh/dist/FREEBSD-tricks
===================================================================
--- vendor-crypto/openssh/dist/FREEBSD-tricks 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/FREEBSD-tricks 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,20 +0,0 @@
-# $FreeBSD: src/crypto/openssh/FREEBSD-tricks,v 1.5.2.2 2006/10/06 14:07:11 des Exp $
-
-# Shell code to remove FreeBSD tags before merging
-grep -rl '\$Fre[e]BSD:' . | grep -v FREEBSD >tags
-cat tags | while read f ; do
- sed -i.orig -e '/\$Fre[e]BSD:/d' $f
-done
-
-# Shell + Perl code to add FreeBSD tags wherever an OpenBSD or Id tag occurs
-cat tags |
-xargs perl -n -i.orig -e 'print; s/\$(Id|OpenBSD): [^\$]*/\$FreeBSD/ && print'
-
-# Shell code to reexpand FreeBSD tags
-cat tags | while read f ; do
- id=$(cvs diff $f | grep '\$Fre[e]BSD:' |
- sed 's/.*\(\$Fre[e]BSD:.*\$\).*/\1/') ;
- if [ -n "$id" ] ; then
- sed -i.orig -e "s@\\\$Fre[e]BSD\\\$@$id@" $f ;
- fi ;
-done
Deleted: vendor-crypto/openssh/dist/FREEBSD-upgrade
===================================================================
--- vendor-crypto/openssh/dist/FREEBSD-upgrade 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/FREEBSD-upgrade 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,137 +0,0 @@
-
-
- FreeBSD maintainer's guide to OpenSSH-portable
- ==============================================
-
-
-0) Make sure your mail spool has plenty of free space. It'll fill up
- pretty fast once you're done with this checklist.
-
-1) Grab the latest OpenSSH-portable tarball from the OpenBSD FTP
- site (ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/)
-
-2) Unpack the tarball in a suitable directory.
-
-3) Remove trash:
-
- $ sh -c 'while read glob ; do rm -rvf $glob ; done' \
- </usr/src/crypto/openssh/FREEBSD-Xlist
-
- Make sure that took care of everything, and if it didn't, make sure
- to update FREEBSD-Xlist so you won't miss it the next time. A good
- way to do this is to run a test import and see if any new files
- show up:
-
- $ cvs -n import src/crypto/openssh OPENSSH x | grep \^N
-
-4) Import the sources:
-
- $ cvs import src/crypto/openssh OPENSSH OpenSSH_X_YpZ
-
-5) Resolve conflicts. Remember to bump the version number and
- addendum in version.h, and update the default value in
- ssh{,d}_config and ssh{,d}_config.5.
-
-6) Generate configure and config.h.in:
-
- $ autoconf
- $ autoheader
-
- Note: this requires a recent version of autoconf, not autoconf213.
-
-7) Run configure with the appropriate arguments:
-
- $ ./configure --prefix=/usr --sysconfdir=/etc/ssh \
- --with-pam --with-tcp-wrappers --with-libedit \
- --with-ssl-engine
-
- This will regenerate config.h, which must be committed along with
- the rest.
-
- Note that we don't want to configure OpenSSH for Kerberos using
- configure since we have to be able to turn it on or off depending
- on the value of MK_KERBEROS. Our Makefiles take care of this.
-
-8) If source files have been added or removed, update the appropriate
- makefiles to reflect changes in the vendor's Makefile.in.
-
-9) Build libssh. Follow the instructions in ssh_namespace.h to get a
- list of new symbols. Update ssh_namespace.h, build everything,
- install and test.
-
-A) Build and test the pam_ssh PAM module. It gropes around libssh's
- internals and will break if something significant changes or if
- ssh_namespace.h is out of whack.
-
-B) Re-commit everything on repoman (you *did* use a test repo for
- this, didn't you?)
-
-
-
- An overview of FreeBSD changes to OpenSSH-portable
- ==================================================
-
-0) VersionAddendum
-
- The SSH protocol allows for a human-readable version string of up
- to 40 characters to be appended to the protocol version string.
- FreeBSD takes advantage of this to include a date indicating the
- "patch level", so people can easily determine whether their system
- is vulnerable when an OpenSSH advisory goes out. Some people,
- however, dislike advertising their patch level in the protocol
- handshake, so we've added a VersionAddendum configuration variable
- to allow them to change or disable it.
-
-1) Modified server-side defaults
-
- We've modified some configuration defaults in sshd:
-
- - Protocol defaults to "2".
-
- - PasswordAuthentication defaults to "no" when PAM is enabled.
-
- - For protocol version 2, we don't load RSA host keys by
- default. If both RSA and DSA keys are present, we prefer DSA
- to RSA.
-
- - LoginGraceTime defaults to 120 seconds instead of 600.
-
- - PermitRootLogin defaults to "no".
-
- - X11Forwarding defaults to "yes" (it's a threat to the client,
- not to the server.)
-
-2) Modified client-side defaults
-
- We've modified some configuration defaults in ssh:
-
- - For protocol version 2, if both RSA and DSA keys are present,
- we prefer DSA to RSA.
-
- - CheckHostIP defaults to "no".
-
-3) Canonic host names
-
- We've added code to ssh.c to canonicize the target host name after
- reading options but before trying to connect. This eliminates the
- usual problem with duplicate known_hosts entries.
-
-4) OPIE
-
- We've added support for using OPIE as a drop-in replacement for
- S/Key.
-
-5) setusercontext() environment
-
- Our setusercontext(3) can set environment variables, which we must
- take care to transfer to the child's environment.
-
-
-
-This port was brought to you by (in no particular order) DARPA, NAI
-Labs, ThinkSec, Nescaf\xE9, the Aberlour Glenlivet Distillery Co.,
-Suzanne Vega, and a Sanford's #69 Deluxe Marker.
-
- -- des at FreeBSD.org
-
-$FreeBSD: src/crypto/openssh/FREEBSD-upgrade,v 1.10.2.1 2006/10/06 14:07:11 des Exp $
Modified: vendor-crypto/openssh/dist/INSTALL
===================================================================
--- vendor-crypto/openssh/dist/INSTALL 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/INSTALL 2013-12-05 12:55:03 UTC (rev 6462)
@@ -16,9 +16,7 @@
NB. If you operating system supports /dev/random, you should configure
OpenSSL to use it. OpenSSH relies on OpenSSL's direct support of
-/dev/random, or failing that, either prngd or egd. If you don't have
-any of these you will have to rely on ssh-rand-helper, which is inferior
-to a good kernel-based solution or prngd.
+/dev/random, or failing that, either prngd or egd
PRNGD:
@@ -82,10 +80,16 @@
http://www.thrysoee.dk/editline/
http://sourceforge.net/projects/libedit/
+LDNS:
+
+LDNS is a DNS BSD-licensed resolver library which supports DNSSEC.
+
+http://nlnetlabs.nl/projects/ldns/
+
Autoconf:
If you modify configure.ac or configure doesn't exist (eg if you checked
-the code out of CVS yourself) then you will need autoconf-2.61 to rebuild
+the code out of CVS yourself) then you will need autoconf-2.68 to rebuild
the automatically generated files by running "autoreconf". Earlier
versions may also work but this is not guaranteed.
@@ -262,4 +266,4 @@
http://www.openssh.com/
-$Id: INSTALL,v 1.1.1.6 2011-02-04 14:04:19 laffer1 Exp $
+$Id: INSTALL,v 1.88 2013/03/07 01:33:35 dtucker Exp $
Property changes on: vendor-crypto/openssh/dist/INSTALL
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.6
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/LICENCE
===================================================================
--- vendor-crypto/openssh/dist/LICENCE 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/LICENCE 2013-12-05 12:55:03 UTC (rev 6462)
@@ -207,6 +207,7 @@
The SCO Group
Daniel Walsh
Red Hat, Inc
+ Simon Vallet / Genoscope
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
Property changes on: vendor-crypto/openssh/dist/LICENCE
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Deleted: vendor-crypto/openssh/dist/Makefile
===================================================================
--- vendor-crypto/openssh/dist/Makefile 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/Makefile 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,14 +0,0 @@
-# $OpenBSD: Makefile,v 1.15 2010/02/09 08:55:31 markus Exp $
-
-.include <bsd.own.mk>
-
-SUBDIR= lib ssh sshd ssh-add ssh-keygen ssh-agent scp sftp-server \
- ssh-keysign ssh-keyscan sftp ssh-pkcs11-helper
-
-distribution:
- ${INSTALL} -C -o root -g wheel -m 0644 ${.CURDIR}/ssh_config \
- ${DESTDIR}/etc/ssh/ssh_config
- ${INSTALL} -C -o root -g wheel -m 0644 ${.CURDIR}/sshd_config \
- ${DESTDIR}/etc/ssh/sshd_config
-
-.include <bsd.subdir.mk>
Modified: vendor-crypto/openssh/dist/Makefile.in
===================================================================
--- vendor-crypto/openssh/dist/Makefile.in 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/Makefile.in 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.1.1.9 2013-01-22 13:42:06 laffer1 Exp $
+# $Id: Makefile.in,v 1.340 2013/06/11 01:26:10 dtucker Exp $
# uncomment if you run a non bourne compatable shell. Ie. csh
#SHELL = @SH@
@@ -26,7 +26,6 @@
SFTP_SERVER=$(libexecdir)/sftp-server
SSH_KEYSIGN=$(libexecdir)/ssh-keysign
SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
-RAND_HELPER=$(libexecdir)/ssh-rand-helper
PRIVSEP_PATH=@PRIVSEP_PATH@
SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
STRIP_OPT=@STRIP_OPT@
@@ -38,8 +37,7 @@
-D_PATH_SSH_KEY_SIGN=\"$(SSH_KEYSIGN)\" \
-D_PATH_SSH_PKCS11_HELPER=\"$(SSH_PKCS11_HELPER)\" \
-D_PATH_SSH_PIDDIR=\"$(piddir)\" \
- -D_PATH_PRIVSEP_CHROOT_DIR=\"$(PRIVSEP_PATH)\" \
- -DSSH_RAND_HELPER=\"$(RAND_HELPER)\"
+ -D_PATH_PRIVSEP_CHROOT_DIR=\"$(PRIVSEP_PATH)\"
CC=@CC@
LD=@LD@
@@ -46,6 +44,8 @@
CFLAGS=@CFLAGS@
CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
LIBS=@LIBS@
+K5LIBS=@K5LIBS@
+GSSLIBS=@GSSLIBS@
SSHLIBS=@SSHLIBS@
SSHDLIBS=@SSHDLIBS@
LIBEDIT=@LIBEDIT@
@@ -61,13 +61,10 @@
EXEEXT=@EXEEXT@
MANFMT=@MANFMT@
-INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@
-INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@
+TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT)
-TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} sftp-server$(EXEEXT) sftp$(EXEEXT)
-
-LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \
- canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \
+LIBSSH_OBJS=authfd.o authfile.o bufaux.o bufbn.o buffer.o \
+ canohost.o channels.o cipher.o cipher-aes.o \
cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \
compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \
log.o match.o md-sha256.o moduli.o nchan.o packet.o \
@@ -75,8 +72,8 @@
atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \
- msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o jpake.o \
- schnorr.o ssh-pkcs11.o
+ msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \
+ jpake.o schnorr.o ssh-pkcs11.o krl.o
SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
sshconnect.o sshconnect1.o sshconnect2.o mux.o \
@@ -94,10 +91,12 @@
auth2-gss.o gss-serv.o gss-serv-krb5.o \
loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
sftp-server.o sftp-common.o \
- roaming_common.o roaming_serv.o
+ roaming_common.o roaming_serv.o \
+ sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
+ sandbox-seccomp-filter.o
-MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
-MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
+MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
+MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
MANTYPE = @MANTYPE@
CONFIGFILES=sshd_config.out ssh_config.out moduli.out
@@ -104,7 +103,6 @@
CONFIGFILES_IN=sshd_config ssh_config moduli
PATHSUBS = \
- -e 's|/etc/ssh/ssh_prng_cmds|$(sysconfdir)/ssh_prng_cmds|g' \
-e 's|/etc/ssh/ssh_config|$(sysconfdir)/ssh_config|g' \
-e 's|/etc/ssh/ssh_known_hosts|$(sysconfdir)/ssh_known_hosts|g' \
-e 's|/etc/ssh/sshd_config|$(sysconfdir)/sshd_config|g' \
@@ -123,8 +121,10 @@
-e 's|/usr/bin:/bin:/usr/sbin:/sbin|@user_path@|g'
FIXPATHSCMD = $(SED) $(PATHSUBS)
+FIXALGORITHMSCMD= $(SHELL) $(srcdir)/fixalgorithms $(SED) \
+ @UNSUPPORTED_ALGORITHMS@
-all: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS)
+all: $(CONFIGFILES) $(MANPAGES) $(TARGETS)
$(LIBSSH_OBJS): Makefile.in config.h
$(SSHOBJS): Makefile.in config.h
@@ -143,10 +143,10 @@
$(RANLIB) $@
ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
- $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS)
+ $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS) $(GSSLIBS)
sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
- $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS)
+ $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS)
scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
$(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
@@ -175,9 +175,6 @@
sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o
$(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT)
-ssh-rand-helper${EXEEXT}: $(LIBCOMPAT) libssh.a ssh-rand-helper.o
- $(LD) -o $@ ssh-rand-helper.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-
# test driver for the loginrec code - not built by default
logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o
$(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS)
@@ -189,9 +186,10 @@
manpage=$(srcdir)/`echo $@ | sed 's/\.out$$//'`; \
fi; \
if test "$(MANTYPE)" = "man"; then \
- $(FIXPATHSCMD) $${manpage} | $(AWK) -f $(srcdir)/mdoc2man.awk > $@; \
+ $(FIXPATHSCMD) $${manpage} | $(FIXALGORITHMSCMD) | \
+ $(AWK) -f $(srcdir)/mdoc2man.awk > $@; \
else \
- $(FIXPATHSCMD) $${manpage} > $@; \
+ $(FIXPATHSCMD) $${manpage} | $(FIXALGORITHMSCMD) > $@; \
fi
$(CONFIGFILES): $(CONFIGFILES_IN)
@@ -198,15 +196,17 @@
conffile=`echo $@ | sed 's/.out$$//'`; \
$(FIXPATHSCMD) $(srcdir)/$${conffile} > $@
-ssh_prng_cmds.out: ssh_prng_cmds
- if test ! -z "$(INSTALL_SSH_PRNG_CMDS)"; then \
- $(PERL) $(srcdir)/fixprogs ssh_prng_cmds $(ENT); \
- fi
-
# fake rule to stop make trying to compile moduli.o into a binary "moduli.o"
moduli:
echo
+# special case target for umac128
+umac128.o: umac.c
+ $(CC) $(CFLAGS) $(CPPFLAGS) -o umac128.o -c $(srcdir)/umac.c \
+ -DUMAC_OUTPUT_LEN=16 -Dumac_new=umac128_new \
+ -Dumac_update=umac128_update -Dumac_final=umac128_final \
+ -Dumac_delete=umac128_delete
+
clean: regressclean
rm -f *.o *.a $(TARGETS) logintest config.cache config.log
rm -f *.out core survey
@@ -215,7 +215,7 @@
distclean: regressclean
rm -f *.o *.a $(TARGETS) logintest config.cache config.log
rm -f *.out core opensshd.init openssh.xml
- rm -f Makefile buildpkg.sh config.h config.status ssh_prng_cmds
+ rm -f Makefile buildpkg.sh config.h config.status
rm -f survey.sh openbsd-compat/regress/Makefile *~
rm -rf autom4te.cache
(cd openbsd-compat && $(MAKE) distclean)
@@ -226,6 +226,8 @@
veryclean: distclean
rm -f configure config.h.in *.0
+cleandir: veryclean
+
mrproper: veryclean
realclean: veryclean
@@ -242,9 +244,9 @@
$(AUTORECONF)
-rm -rf autom4te.cache
-install: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config
-install-nokeys: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf
-install-nosysconf: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files
+install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config
+install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf
+install-nosysconf: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files
check-config:
-$(DESTDIR)$(sbindir)/sshd -t -f $(DESTDIR)$(sysconfdir)/sshd_config
@@ -265,9 +267,6 @@
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-keygen$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-keyscan$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT) $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
- if test ! -z "$(INSTALL_SSH_RAND_HELPER)" ; then \
- $(INSTALL) -m 0755 $(STRIP_OPT) ssh-rand-helper$(EXEEXT) $(DESTDIR)$(libexecdir)/ssh-rand-helper$(EXEEXT) ; \
- fi
$(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign$(EXEEXT) $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
@@ -282,9 +281,6 @@
$(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5
$(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5
$(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8
- if [ ! -z "$(INSTALL_SSH_RAND_HELPER)" ]; then \
- $(INSTALL) -m 644 ssh-rand-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-rand-helper.8 ; \
- fi
$(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1
$(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
$(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
@@ -308,13 +304,6 @@
else \
echo "$(DESTDIR)$(sysconfdir)/sshd_config already exists, install will not overwrite"; \
fi
- @if [ -f ssh_prng_cmds ] && [ ! -z "$(INSTALL_SSH_PRNG_CMDS)" ]; then \
- if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_prng_cmds ] ; then \
- $(INSTALL) -m 644 ssh_prng_cmds.out $(DESTDIR)$(sysconfdir)/ssh_prng_cmds; \
- else \
- echo "$(DESTDIR)$(sysconfdir)/ssh_prng_cmds already exists, install will not overwrite"; \
- fi ; \
- fi
@if [ ! -f $(DESTDIR)$(sysconfdir)/moduli ]; then \
if [ -f $(DESTDIR)$(sysconfdir)/primes ]; then \
echo "moving $(DESTDIR)$(sysconfdir)/primes to $(DESTDIR)$(sysconfdir)/moduli"; \
@@ -361,7 +350,6 @@
uninstallall: uninstall
-rm -f $(DESTDIR)$(sysconfdir)/ssh_config
-rm -f $(DESTDIR)$(sysconfdir)/sshd_config
- -rm -f $(DESTDIR)$(sysconfdir)/ssh_prng_cmds
-rmdir $(DESTDIR)$(sysconfdir)
-rmdir $(DESTDIR)$(bindir)
-rmdir $(DESTDIR)$(sbindir)
@@ -383,7 +371,6 @@
-rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
-rm -f $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
-rm -f $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
- -rm -f $(DESTDIR)$(RAND_HELPER)$(EXEEXT)
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
@@ -392,17 +379,20 @@
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8
- -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-rand-helper.8
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
-tests interop-tests: $(TARGETS)
+regress/modpipe$(EXEEXT): $(srcdir)/regress/modpipe.c
+ [ -d `pwd`/regress ] || mkdir -p `pwd`/regress
+ [ -f `pwd`/regress/Makefile ] || \
+ ln -s `cd $(srcdir) && pwd`/regress/Makefile `pwd`/regress/Makefile
+ $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $? \
+ $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
+
+tests interop-tests: $(TARGETS) regress/modpipe$(EXEEXT)
BUILDDIR=`pwd`; \
- [ -d `pwd`/regress ] || mkdir -p `pwd`/regress; \
- [ -f `pwd`/regress/Makefile ] || \
- ln -s `cd $(srcdir) && pwd`/regress/Makefile `pwd`/regress/Makefile ; \
TEST_SHELL="@TEST_SHELL@"; \
TEST_SSH_SSH="$${BUILDDIR}/ssh"; \
TEST_SSH_SSHD="$${BUILDDIR}/sshd"; \
@@ -462,7 +452,7 @@
send-survey: survey
mail portable-survey at mindrot.org <survey
-package: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS)
+package: $(CONFIGFILES) $(MANPAGES) $(TARGETS)
if [ "@MAKE_PACKAGE_SUPPORTED@" = yes ]; then \
sh buildpkg.sh; \
fi
Property changes on: vendor-crypto/openssh/dist/Makefile.in
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.9
\ No newline at end of property
Deleted: vendor-crypto/openssh/dist/Makefile.inc
===================================================================
--- vendor-crypto/openssh/dist/Makefile.inc 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/Makefile.inc 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,34 +0,0 @@
-# $OpenBSD: Makefile.inc,v 1.39 2010/10/01 23:10:48 djm Exp $
-
-CFLAGS+= -I${.CURDIR}/..
-
-CDIAGFLAGS= -Wall
-#CDIAGFLAGS+= -Werror
-CDIAGFLAGS+= -Wpointer-arith
-CDIAGFLAGS+= -Wuninitialized
-CDIAGFLAGS+= -Wstrict-prototypes
-CDIAGFLAGS+= -Wmissing-prototypes
-CDIAGFLAGS+= -Wunused
-CDIAGFLAGS+= -Wsign-compare
-CDIAGFLAGS+= -Wbounded
-CDIAGFLAGS+= -Wshadow
-
-#DEBUG=-g
-
-#CFLAGS+= -DJPAKE
-
-CFLAGS+= -DENABLE_PKCS11
-.include <bsd.own.mk>
-.ifndef NOPIC
-CFLAGS+= -DHAVE_DLOPEN
-.endif
-
-.include <bsd.obj.mk>
-
-.if exists(${.CURDIR}/../lib/${__objdir})
-LDADD+= -L${.CURDIR}/../lib/${__objdir} -lssh
-DPADD+= ${.CURDIR}/../lib/${__objdir}/libssh.a
-.else
-LDADD+= -L${.CURDIR}/../lib -lssh
-DPADD+= ${.CURDIR}/../lib/libssh.a
-.endif
Index: vendor-crypto/openssh/dist/OVERVIEW
===================================================================
--- vendor-crypto/openssh/dist/OVERVIEW 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/OVERVIEW 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/OVERVIEW
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/PROTOCOL
===================================================================
--- vendor-crypto/openssh/dist/PROTOCOL 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/PROTOCOL 2013-12-05 12:55:03 UTC (rev 6462)
@@ -51,6 +51,46 @@
curve points encoded using point compression are NOT accepted or
generated.
+1.5 transport: Protocol 2 Encrypt-then-MAC MAC algorithms
+
+OpenSSH supports MAC algorithms, whose names contain "-etm", that
+perform the calculations in a different order to that defined in RFC
+4253. These variants use the so-called "encrypt then MAC" ordering,
+calculating the MAC over the packet ciphertext rather than the
+plaintext. This ordering closes a security flaw in the SSH transport
+protocol, where decryption of unauthenticated ciphertext provided a
+"decryption oracle" that could, in conjunction with cipher flaws, reveal
+session plaintext.
+
+Specifically, the "-etm" MAC algorithms modify the transport protocol
+to calculate the MAC over the packet ciphertext and to send the packet
+length unencrypted. This is necessary for the transport to obtain the
+length of the packet and location of the MAC tag so that it may be
+verified without decrypting unauthenticated data.
+
+As such, the MAC covers:
+
+ mac = MAC(key, sequence_number || packet_length || encrypted_packet)
+
+where "packet_length" is encoded as a uint32 and "encrypted_packet"
+contains:
+
+ byte padding_length
+ byte[n1] payload; n1 = packet_length - padding_length - 1
+ byte[n2] random padding; n2 = padding_length
+
+1.6 transport: AES-GCM
+
+OpenSSH supports the AES-GCM algorithm as specified in RFC 5647.
+Because of problems with the specification of the key exchange
+the behaviour of OpenSSH differs from the RFC as follows:
+
+AES-GCM is only negotiated as the cipher algorithms
+"aes128-gcm at openssh.com" or "aes256-gcm at openssh.com" and never as
+an MAC algorithm. Additionally, if AES-GCM is selected as the cipher
+the exchanged MAC algorithms are ignored and there doesn't have to be
+a matching MAC.
+
2. Connection protocol changes
2.1. connection: Channel write close extension "eow at openssh.com"
@@ -291,4 +331,4 @@
This extension is advertised in the SSH_FXP_VERSION hello with version
"1".
-$OpenBSD: PROTOCOL,v 1.17 2010/12/04 00:18:01 djm Exp $
+$OpenBSD: PROTOCOL,v 1.20 2013/01/08 18:49:04 markus Exp $
Property changes on: vendor-crypto/openssh/dist/PROTOCOL
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/PROTOCOL.agent
===================================================================
--- vendor-crypto/openssh/dist/PROTOCOL.agent 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/PROTOCOL.agent 2013-12-05 12:55:03 UTC (rev 6462)
@@ -152,7 +152,7 @@
computation.
"key_constraints" may only be present if the request type is
-SSH_AGENTC_ADD_RSA_IDENTITY.
+SSH_AGENTC_ADD_RSA_ID_CONSTRAINED.
The agent will reply with a SSH_AGENT_SUCCESS if the key has been
successfully added or a SSH_AGENT_FAILURE if an error occurred.
@@ -557,4 +557,4 @@
SSH_AGENT_CONSTRAIN_LIFETIME 1
SSH_AGENT_CONSTRAIN_CONFIRM 2
-$OpenBSD: PROTOCOL.agent,v 1.6 2010/08/31 11:54:45 djm Exp $
+$OpenBSD: PROTOCOL.agent,v 1.7 2013/01/02 00:33:49 djm Exp $
Property changes on: vendor-crypto/openssh/dist/PROTOCOL.agent
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/PROTOCOL.certkeys
===================================================================
--- vendor-crypto/openssh/dist/PROTOCOL.certkeys 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/PROTOCOL.certkeys 2013-12-05 12:55:03 UTC (rev 6462)
@@ -162,6 +162,13 @@
are not critical, and an implementation that encounters one that it does
not recognise may safely ignore it.
+Generally, critical options are used to control features that restrict
+access where extensions are used to enable features that grant access.
+This ensures that certificates containing unknown restrictions do not
+inadvertently grant access while allowing new protocol features to be
+enabled via extensions without breaking certificates' backwards
+compatibility.
+
The reserved field is currently unused and is ignored in this version of
the protocol.
@@ -189,7 +196,7 @@
string data
Options must be lexically ordered by "name" if they appear in the
-sequence.
+sequence. Each named option may only appear once in a certificate.
The name field identifies the option and the data field encodes
option-specific information (see below). All options are
@@ -220,7 +227,9 @@
The extensions section of the certificate specifies zero or more
non-critical certificate extensions. The encoding and ordering of
-extensions in this field is identical to that of the critical options.
+extensions in this field is identical to that of the critical options,
+as is the requirement that each name appear only once.
+
If an implementation does not recognise an extension, then it should
ignore it.
@@ -253,4 +262,4 @@
of this script will not be permitted if
this option is not present.
-$OpenBSD: PROTOCOL.certkeys,v 1.8 2010/08/31 11:54:45 djm Exp $
+$OpenBSD: PROTOCOL.certkeys,v 1.9 2012/03/28 07:23:22 djm Exp $
Property changes on: vendor-crypto/openssh/dist/PROTOCOL.certkeys
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Added: vendor-crypto/openssh/dist/PROTOCOL.krl
===================================================================
--- vendor-crypto/openssh/dist/PROTOCOL.krl (rev 0)
+++ vendor-crypto/openssh/dist/PROTOCOL.krl 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,164 @@
+This describes the key/certificate revocation list format for OpenSSH.
+
+1. Overall format
+
+The KRL consists of a header and zero or more sections. The header is:
+
+#define KRL_MAGIC 0x5353484b524c0a00ULL /* "SSHKRL\n\0" */
+#define KRL_FORMAT_VERSION 1
+
+ uint64 KRL_MAGIC
+ uint32 KRL_FORMAT_VERSION
+ uint64 krl_version
+ uint64 generated_date
+ uint64 flags
+ string reserved
+ string comment
+
+Where "krl_version" is a version number that increases each time the KRL
+is modified, "generated_date" is the time in seconds since 1970-01-01
+00:00:00 UTC that the KRL was generated, "comment" is an optional comment
+and "reserved" an extension field whose contents are currently ignored.
+No "flags" are currently defined.
+
+Following the header are zero or more sections, each consisting of:
+
+ byte section_type
+ string section_data
+
+Where "section_type" indicates the type of the "section_data". An exception
+to this is the KRL_SECTION_SIGNATURE section, that has a slightly different
+format (see below).
+
+The available section types are:
+
+#define KRL_SECTION_CERTIFICATES 1
+#define KRL_SECTION_EXPLICIT_KEY 2
+#define KRL_SECTION_FINGERPRINT_SHA1 3
+#define KRL_SECTION_SIGNATURE 4
+
+3. Certificate serial section
+
+These sections use type KRL_SECTION_CERTIFICATES to revoke certificates by
+serial number or key ID. The consist of the CA key that issued the
+certificates to be revoked and a reserved field whose contents is currently
+ignored.
+
+ string ca_key
+ string reserved
+
+Followed by one or more sections:
+
+ byte cert_section_type
+ string cert_section_data
+
+The certificate section types are:
+
+#define KRL_SECTION_CERT_SERIAL_LIST 0x20
+#define KRL_SECTION_CERT_SERIAL_RANGE 0x21
+#define KRL_SECTION_CERT_SERIAL_BITMAP 0x22
+#define KRL_SECTION_CERT_KEY_ID 0x23
+
+2.1 Certificate serial list section
+
+This section is identified as KRL_SECTION_CERT_SERIAL_LIST. It revokes
+certificates by listing their serial numbers. The cert_section_data in this
+case contains:
+
+ uint64 revoked_cert_serial
+ uint64 ...
+
+This section may appear multiple times.
+
+2.2. Certificate serial range section
+
+These sections use type KRL_SECTION_CERT_SERIAL_RANGE and hold
+a range of serial numbers of certificates:
+
+ uint64 serial_min
+ uint64 serial_max
+
+All certificates in the range serial_min <= serial <= serial_max are
+revoked.
+
+This section may appear multiple times.
+
+2.3. Certificate serial bitmap section
+
+Bitmap sections use type KRL_SECTION_CERT_SERIAL_BITMAP and revoke keys
+by listing their serial number in a bitmap.
+
+ uint64 serial_offset
+ mpint revoked_keys_bitmap
+
+A bit set at index N in the bitmap corresponds to revocation of a keys with
+serial number (serial_offset + N).
+
+This section may appear multiple times.
+
+2.4. Revoked key ID sections
+
+KRL_SECTION_CERT_KEY_ID sections revoke particular certificate "key
+ID" strings. This may be useful in revoking all certificates
+associated with a particular identity, e.g. a host or a user.
+
+ string key_id[0]
+ ...
+
+This section must contain at least one "key_id". This section may appear
+multiple times.
+
+3. Explicit key sections
+
+These sections, identified as KRL_SECTION_EXPLICIT_KEY, revoke keys
+(not certificates). They are less space efficient than serial numbers,
+but are able to revoke plain keys.
+
+ string public_key_blob[0]
+ ....
+
+This section must contain at least one "public_key_blob". The blob
+must be a raw key (i.e. not a certificate).
+
+This section may appear multiple times.
+
+4. SHA1 fingerprint sections
+
+These sections, identified as KRL_SECTION_FINGERPRINT_SHA1, revoke
+plain keys (i.e. not certificates) by listing their SHA1 hashes:
+
+ string public_key_hash[0]
+ ....
+
+This section must contain at least one "public_key_hash". The hash blob
+is obtained by taking the SHA1 hash of the public key blob. Hashes in
+this section must appear in numeric order, treating each hash as a big-
+endian integer.
+
+This section may appear multiple times.
+
+5. KRL signature sections
+
+The KRL_SECTION_SIGNATURE section serves a different purpose to the
+preceeding ones: to provide cryptographic authentication of a KRL that
+is retrieved over a channel that does not provide integrity protection.
+Its format is slightly different to the previously-described sections:
+in order to simplify the signature generation, it includes as a "body"
+two string components instead of one.
+
+ byte KRL_SECTION_SIGNATURE
+ string signature_key
+ string signature
+
+The signature is calculated over the entire KRL from the KRL_MAGIC
+to this subsection's "signature_key", including both and using the
+signature generation rules appropriate for the type of "signature_key".
+
+This section must appear last in the KRL. If multiple signature sections
+appear, they must appear consecutively at the end of the KRL file.
+
+Implementations that retrieve KRLs over untrusted channels must verify
+signatures. Signature sections are optional for KRLs distributed by
+trusted means.
+
+$OpenBSD: PROTOCOL.krl,v 1.2 2013/01/18 00:24:58 djm Exp $
Modified: vendor-crypto/openssh/dist/PROTOCOL.mux
===================================================================
--- vendor-crypto/openssh/dist/PROTOCOL.mux 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/PROTOCOL.mux 2013-12-05 12:55:03 UTC (rev 6462)
@@ -73,6 +73,13 @@
client must cope with are it receiving a signal itself and the
server disconnecting without sending an exit message.
+A master may also send a MUX_S_TTY_ALLOC_FAIL before MUX_S_EXIT_MESSAGE
+if remote TTY allocation was unsuccessful. The client may use this to
+return its local tty to "cooked" mode.
+
+ uint32 MUX_S_TTY_ALLOC_FAIL
+ uint32 session id
+
3. Health checks
The client may request a health check/PID report from a server:
@@ -103,9 +110,9 @@
uint32 request id
uint32 forwarding type
string listen host
- string listen port
+ uint32 listen port
string connect host
- string connect port
+ uint32 connect port
forwarding type may be MUX_FWD_LOCAL, MUX_FWD_REMOTE, MUX_FWD_DYNAMIC.
@@ -126,10 +133,11 @@
uint32 MUX_C_CLOSE_FWD
uint32 request id
+ uint32 forwarding type
string listen host
- string listen port
+ uint32 listen port
string connect host
- string connect port
+ uint32 connect port
A server may reply with a MUX_S_OK, a MUX_S_PERMISSION_DENIED or a
MUX_S_FAILURE.
@@ -149,11 +157,22 @@
The contents of "reserved" are currently ignored.
-A server may reply with a MUX_S_SESSION_OPEED, a MUX_S_PERMISSION_DENIED
+A server may reply with a MUX_S_SESSION_OPENED, a MUX_S_PERMISSION_DENIED
or a MUX_S_FAILURE.
-8. Status messages
+8. Requesting shutdown of mux listener
+A client may request the master to stop accepting new multiplexing requests
+and remove its listener socket.
+
+ uint32 MUX_C_STOP_LISTENING
+ uint32 request id
+
+A server may reply with a MUX_S_OK, a MUX_S_PERMISSION_DENIED or a
+MUX_S_FAILURE.
+
+9. Status messages
+
The MUX_S_OK message is empty:
uint32 MUX_S_OK
@@ -169,7 +188,7 @@
uint32 client request id
string reason
-9. Protocol numbers
+10. Protocol numbers
#define MUX_MSG_HELLO 0x00000001
#define MUX_C_NEW_SESSION 0x10000002
@@ -178,6 +197,7 @@
#define MUX_C_OPEN_FWD 0x10000006
#define MUX_C_CLOSE_FWD 0x10000007
#define MUX_C_NEW_STDIO_FWD 0x10000008
+#define MUX_C_STOP_LISTENING 0x10000009
#define MUX_S_OK 0x80000001
#define MUX_S_PERMISSION_DENIED 0x80000002
#define MUX_S_FAILURE 0x80000003
@@ -185,6 +205,7 @@
#define MUX_S_ALIVE 0x80000005
#define MUX_S_SESSION_OPENED 0x80000006
#define MUX_S_REMOTE_PORT 0x80000007
+#define MUX_S_TTY_ALLOC_FAIL 0x80000008
#define MUX_FWD_LOCAL 1
#define MUX_FWD_REMOTE 2
@@ -192,12 +213,10 @@
XXX TODO
XXX extended status (e.g. report open channels / forwards)
-XXX graceful close (delete listening socket, but keep existing sessions active)
XXX lock (maybe)
XXX watch in/out traffic (pre/post crypto)
XXX inject packet (what about replies)
XXX server->client error/warning notifications
-XXX port0 rfwd (need custom response message)
XXX send signals via mux
-$OpenBSD: PROTOCOL.mux,v 1.4 2011/01/31 21:42:15 djm Exp $
+$OpenBSD: PROTOCOL.mux,v 1.9 2012/06/01 00:49:35 djm Exp $
Property changes on: vendor-crypto/openssh/dist/PROTOCOL.mux
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/README
===================================================================
--- vendor-crypto/openssh/dist/README 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/README 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-See http://www.openssh.com/txt/release-5.8p2 for the release notes.
+See http://www.openssh.com/txt/release-6.4 for the release notes.
- A Japanese translation of this document and of the OpenSSH FAQ is
- available at http://www.unixuser.org/~haruyama/security/openssh/index.html
@@ -62,4 +62,4 @@
[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
[7] http://www.openssh.com/faq.html
-$Id: README,v 1.1.1.11 2013-01-22 13:42:06 laffer1 Exp $
+$Id: README,v 1.83.4.1 2013/11/08 01:36:17 djm Exp $
Property changes on: vendor-crypto/openssh/dist/README
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.11
\ No newline at end of property
Index: vendor-crypto/openssh/dist/README.dns
===================================================================
--- vendor-crypto/openssh/dist/README.dns 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/README.dns 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/README.dns
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/README.platform
===================================================================
--- vendor-crypto/openssh/dist/README.platform 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/README.platform 2013-12-05 12:55:03 UTC (rev 6462)
@@ -93,4 +93,4 @@
return the output from pam_nologin to the client.
-$Id: README.platform,v 1.1.1.5 2009-11-26 16:04:47 laffer1 Exp $
+$Id: README.platform,v 1.10 2009/08/28 23:14:48 dtucker Exp $
Property changes on: vendor-crypto/openssh/dist/README.platform
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/README.privsep
===================================================================
--- vendor-crypto/openssh/dist/README.privsep 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/README.privsep 2013-12-05 12:55:03 UTC (rev 6462)
@@ -60,4 +60,4 @@
process 6917 is the privileged monitor process, 6919 is the user owned
sshd process and 6921 is the shell process.
-$Id: README.privsep,v 1.1.1.2 2006-02-25 02:34:23 laffer1 Exp $
+$Id: README.privsep,v 1.16 2005/06/04 23:21:41 djm Exp $
Property changes on: vendor-crypto/openssh/dist/README.privsep
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Deleted: vendor-crypto/openssh/dist/README.smartcard
===================================================================
--- vendor-crypto/openssh/dist/README.smartcard 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/README.smartcard 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,93 +0,0 @@
-How to use smartcards with OpenSSH?
-
-OpenSSH contains experimental support for authentication using
-Cyberflex smartcards and TODOS card readers, in addition to the cards
-with PKCS#15 structure supported by OpenSC. To enable this you
-need to:
-
-Using libsectok:
-
-(1) enable sectok support in OpenSSH:
-
- $ ./configure --with-sectok
-
-(2) If you have used a previous version of ssh with your card, you
- must remove the old applet and keys.
-
- $ sectok
- sectok> login -d
- sectok> junload Ssh.bin
- sectok> delete 0012
- sectok> delete sh
- sectok> quit
-
-(3) load the Java Cardlet to the Cyberflex card and set card passphrase:
-
- $ sectok
- sectok> login -d
- sectok> jload /usr/libdata/ssh/Ssh.bin
- sectok> setpass
- Enter new AUT0 passphrase:
- Re-enter passphrase:
- sectok> quit
-
- Do not forget the passphrase. There is no way to
- recover if you do.
-
- IMPORTANT WARNING: If you attempt to login with the
- wrong passphrase three times in a row, you will
- destroy your card.
-
-(4) load a RSA key to the card:
-
- $ ssh-keygen -f /path/to/rsakey -U 1
- (where 1 is the reader number, you can also try 0)
-
- In spite of the name, this does not generate a key.
- It just loads an already existing key on to the card.
-
-(5) Optional: If you don't want to use a card passphrase, change the
- acl on the private key file:
-
- $ sectok
- sectok> login -d
- sectok> acl 0012 world: w
- world: w
- AUT0: w inval
- sectok> quit
-
- If you do this, anyone who has access to your card
- can assume your identity. This is not recommended.
-
-
-Using OpenSC:
-
-(1) install OpenSC:
-
- Sources and instructions are available from
- http://www.opensc.org/
-
-(2) enable OpenSC support in OpenSSH:
-
- $ ./configure --with-opensc[=/path/to/opensc] [options]
-
-(3) load a RSA key to the card:
-
- Not supported yet.
-
-
-Common operations:
-
-(1) tell the ssh client to use the card reader:
-
- $ ssh -I 1 otherhost
-
-(2) or tell the agent (don't forget to restart) to use the smartcard:
-
- $ ssh-add -s 1
-
-
--markus,
-Tue Jul 17 23:54:51 CEST 2001
-
-$OpenBSD: README.smartcard,v 1.9 2003/11/21 11:57:02 djm Exp $
Index: vendor-crypto/openssh/dist/README.tun
===================================================================
--- vendor-crypto/openssh/dist/README.tun 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/README.tun 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/README.tun
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Deleted: vendor-crypto/openssh/dist/RFC.nroff
===================================================================
--- vendor-crypto/openssh/dist/RFC.nroff 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/RFC.nroff 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,1780 +0,0 @@
-.\" -*- nroff -*-
-.\"
-.\" $OpenBSD: RFC.nroff,v 1.2 2000/10/16 09:38:44 djm Exp $
-.\"
-.pl 10.0i
-.po 0
-.ll 7.2i
-.lt 7.2i
-.nr LL 7.2i
-.nr LT 7.2i
-.ds LF Ylonen
-.ds RF FORMFEED[Page %]
-.ds CF
-.ds LH Internet-Draft
-.ds RH 15 November 1995
-.ds CH SSH (Secure Shell) Remote Login Protocol
-.na
-.hy 0
-.in 0
-Network Working Group T. Ylonen
-Internet-Draft Helsinki University of Technology
-draft-ylonen-ssh-protocol-00.txt 15 November 1995
-Expires: 15 May 1996
-
-.in 3
-
-.ce
-The SSH (Secure Shell) Remote Login Protocol
-
-.ti 0
-Status of This Memo
-
-This document is an Internet-Draft. Internet-Drafts are working
-documents of the Internet Engineering Task Force (IETF), its areas,
-and its working groups. Note that other groups may also distribute
-working documents as Internet-Drafts.
-
-Internet-Drafts are draft documents valid for a maximum of six
-months and may be updated, replaced, or obsoleted by other docu-
-ments at any time. It is inappropriate to use Internet-Drafts as
-reference material or to cite them other than as ``work in pro-
-gress.''
-
-To learn the current status of any Internet-Draft, please check the
-``1id-abstracts.txt'' listing contained in the Internet- Drafts Shadow
-Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe),
-munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or
-ftp.isi.edu (US West Coast).
-
-The distribution of this memo is unlimited.
-
-.ti 0
-Introduction
-
-SSH (Secure Shell) is a program to log into another computer over a
-network, to execute commands in a remote machine, and to move files
-from one machine to another. It provides strong authentication and
-secure communications over insecure networks. Its features include
-the following:
-.IP o
-Closes several security holes (e.g., IP, routing, and DNS spoofing).
-New authentication methods: .rhosts together with RSA [RSA] based host
-authentication, and pure RSA authentication.
-.IP o
-All communications are automatically and transparently encrypted.
-Encryption is also used to protect integrity.
-.IP o
-X11 connection forwarding provides secure X11 sessions.
-.IP o
-Arbitrary TCP/IP ports can be redirected over the encrypted channel
-in both directions.
-.IP o
-Client RSA-authenticates the server machine in the beginning of every
-connection to prevent trojan horses (by routing or DNS spoofing) and
-man-in-the-middle attacks, and the server RSA-authenticates the client
-machine before accepting .rhosts or /etc/hosts.equiv authentication
-(to prevent DNS, routing, or IP spoofing).
-.IP o
-An authentication agent, running in the user's local workstation or
-laptop, can be used to hold the user's RSA authentication keys.
-.RT
-
-The goal has been to make the software as easy to use as possible for
-ordinary users. The protocol has been designed to be as secure as
-possible while making it possible to create implementations that
-are easy to use and install. The sample implementation has a number
-of convenient features that are not described in this document as they
-are not relevant for the protocol.
-
-
-.ti 0
-Overview of the Protocol
-
-The software consists of a server program running on a server machine,
-and a client program running on a client machine (plus a few auxiliary
-programs). The machines are connected by an insecure IP [RFC0791]
-network (that can be monitored, tampered with, and spoofed by hostile
-parties).
-
-A connection is always initiated by the client side. The server
-listens on a specific port waiting for connections. Many clients may
-connect to the same server machine.
-
-The client and the server are connected via a TCP/IP [RFC0793] socket
-that is used for bidirectional communication. Other types of
-transport can be used but are currently not defined.
-
-When the client connects the server, the server accepts the connection
-and responds by sending back its version identification string. The
-client parses the server's identification, and sends its own
-identification. The purpose of the identification strings is to
-validate that the connection was to the correct port, declare the
-protocol version number used, and to declare the software version used
-on each side (for debugging purposes). The identification strings are
-human-readable. If either side fails to understand or support the
-other side's version, it closes the connection.
-
-After the protocol identification phase, both sides switch to a packet
-based binary protocol. The server starts by sending its host key
-(every host has an RSA key used to authenticate the host), server key
-(an RSA key regenerated every hour), and other information to the
-client. The client then generates a 256 bit session key, encrypts it
-using both RSA keys (see below for details), and sends the encrypted
-session key and selected cipher type to the server. Both sides then
-turn on encryption using the selected algorithm and key. The server
-sends an encrypted confirmation message to the client.
-
-The client then authenticates itself using any of a number of
-authentication methods. The currently supported authentication
-methods are .rhosts or /etc/hosts.equiv authentication (disabled by
-default), the same with RSA-based host authentication, RSA
-authentication, and password authentication.
-
-After successful authentication, the client makes a number of requests
-to prepare for the session. Typical requests include allocating a
-pseudo tty, starting X11 [X11] or TCP/IP port forwarding, starting
-authentication agent forwarding, and executing the shell or a command.
-
-When a shell or command is executed, the connection enters interactive
-session mode. In this mode, data is passed in both directions,
-new forwarded connections may be opened, etc. The interactive session
-normally terminates when the server sends the exit status of the
-program to the client.
-
-
-The protocol makes several reservations for future extensibility.
-First of all, the initial protocol identification messages include the
-protocol version number. Second, the first packet by both sides
-includes a protocol flags field, which can be used to agree on
-extensions in a compatible manner. Third, the authentication and
-session preparation phases work so that the client sends requests to
-the server, and the server responds with success or failure. If the
-client sends a request that the server does not support, the server
-simply returns failure for it. This permits compatible addition of
-new authentication methods and preparation operations. The
-interactive session phase, on the other hand, works asynchronously and
-does not permit the use of any extensions (because there is no easy
-and reliable way to signal rejection to the other side and problems
-would be hard to debug). Any compatible extensions to this phase must
-be agreed upon during any of the earlier phases.
-
-.ti 0
-The Binary Packet Protocol
-
-After the protocol identification strings, both sides only send
-specially formatted packets. The packet layout is as follows:
-.IP o
-Packet length: 32 bit unsigned integer, coded as four 8-bit bytes, msb
-first. Gives the length of the packet, not including the length field
-and padding. The maximum length of a packet (not including the length
-field and padding) is 262144 bytes.
-.IP o
-Padding: 1-8 bytes of random data (or zeroes if not encrypting). The
-amount of padding is (8 - (length % 8)) bytes (where % stands for the
-modulo operator). The rationale for always having some random padding
-at the beginning of each packet is to make known plaintext attacks
-more difficult.
-.IP o
-Packet type: 8-bit unsigned byte. The value 255 is reserved for
-future extension.
-.IP o
-Data: binary data bytes, depending on the packet type. The number of
-data bytes is the "length" field minus 5.
-.IP o
-Check bytes: 32-bit crc, four 8-bit bytes, msb first. The crc is the
-Cyclic Redundancy Check, with the polynomial 0xedb88320, of the
-Padding, Packet type, and Data fields. The crc is computed before
-any encryption.
-.RT
-
-The packet, except for the length field, may be encrypted using any of
-a number of algorithms. The length of the encrypted part (Padding +
-Type + Data + Check) is always a multiple of 8 bytes. Typically the
-cipher is used in a chained mode, with all packets chained together as
-if it was a single data stream (the length field is never included in
-the encryption process). Details of encryption are described below.
-
-When the session starts, encryption is turned off. Encryption is
-enabled after the client has sent the session key. The encryption
-algorithm to use is selected by the client.
-
-
-.ti 0
-Packet Compression
-
-If compression is supported (it is an optional feature, see
-SSH_CMSG_REQUEST_COMPRESSION below), the packet type and data fields
-of the packet are compressed using the gzip deflate algorithm [GZIP].
-If compression is in effect, the packet length field indicates the
-length of the compressed data, plus 4 for the crc. The amount of
-padding is computed from the compressed data, so that the amount of
-data to be encrypted becomes a multiple of 8 bytes.
-
-When compressing, the packets (type + data portions) in each direction
-are compressed as if they formed a continuous data stream, with only the
-current compression block flushed between packets. This corresponds
-to the GNU ZLIB library Z_PARTIAL_FLUSH option. The compression
-dictionary is not flushed between packets. The two directions are
-compressed independently of each other.
-
-
-.ti 0
-Packet Encryption
-
-The protocol supports several encryption methods. During session
-initialization, the server sends a bitmask of all encryption methods
-that it supports, and the client selects one of these methods. The
-client also generates a 256-bit random session key (32 8-bit bytes) and
-sends it to the server.
-
-The encryption methods supported by the current implementation, and
-their codes are:
-.TS
-center;
-l r l.
-SSH_CIPHER_NONE 0 No encryption
-SSH_CIPHER_IDEA 1 IDEA in CFB mode
-SSH_CIPHER_DES 2 DES in CBC mode
-SSH_CIPHER_3DES 3 Triple-DES in CBC mode
-SSH_CIPHER_TSS 4 An experimental stream cipher
-SSH_CIPHER_RC4 5 RC4
-.TE
-
-All implementations are required to support SSH_CIPHER_DES and
-SSH_CIPHER_3DES. Supporting SSH_CIPHER_IDEA, SSH_CIPHER_RC4, and
-SSH_CIPHER_NONE is recommended. Support for SSH_CIPHER_TSS is
-optional (and it is not described in this document). Other ciphers
-may be added at a later time; support for them is optional.
-
-For encryption, the encrypted portion of the packet is considered a
-linear byte stream. The length of the stream is always a multiple of
-8. The encrypted portions of consecutive packets (in the same
-direction) are encrypted as if they were a continuous buffer (that is,
-any initialization vectors are passed from the previous packet to the
-next packet). Data in each direction is encrypted independently.
-.IP SSH_CIPHER_DES
-The key is taken from the first 8 bytes of the session key. The least
-significant bit of each byte is ignored. This results in 56 bits of
-key data. DES [DES] is used in CBC mode. The iv (initialization vector) is
-initialized to all zeroes.
-.IP SSH_CIPHER_3DES
-The variant of triple-DES used here works as follows: there are three
-independent DES-CBC ciphers, with independent initialization vectors.
-The data (the whole encrypted data stream) is first encrypted with the
-first cipher, then decrypted with the second cipher, and finally
-encrypted with the third cipher. All these operations are performed
-in CBC mode.
-
-The key for the first cipher is taken from the first 8 bytes of the
-session key; the key for the next cipher from the next 8 bytes, and
-the key for the third cipher from the following 8 bytes. All three
-initialization vectors are initialized to zero.
-
-(Note: the variant of 3DES used here differs from some other
-descriptions.)
-.IP SSH_CIPHER_IDEA
-The key is taken from the first 16 bytes of the session key. IDEA
-[IDEA] is used in CFB mode. The initialization vector is initialized
-to all zeroes.
-.IP SSH_CIPHER_TSS
-All 32 bytes of the session key are used as the key.
-
-There is no reference available for the TSS algorithm; it is currently
-only documented in the sample implementation source code. The
-security of this cipher is unknown (but it is quite fast). The cipher
-is basically a stream cipher that uses MD5 as a random number
-generator and takes feedback from the data.
-.IP SSH_CIPHER_RC4
-The first 16 bytes of the session key are used as the key for the
-server to client direction. The remaining 16 bytes are used as the
-key for the client to server direction. This gives independent
-128-bit keys for each direction.
-
-This algorithm is the alleged RC4 cipher posted to the Usenet in 1995.
-It is widely believed to be equivalent with the original RSADSI RC4
-cipher. This is a very fast algorithm.
-.RT
-
-
-.ti 0
-Data Type Encodings
-
-The Data field of each packet contains data encoded as described in
-this section. There may be several data items; each item is coded as
-described here, and their representations are concatenated together
-(without any alignment or padding).
-
-Each data type is stored as follows:
-.IP "8-bit byte"
-The byte is stored directly as a single byte.
-.IP "32-bit unsigned integer"
-Stored in 4 bytes, msb first.
-.IP "Arbitrary length binary string"
-First 4 bytes are the length of the string, msb first (not including
-the length itself). The following "length" bytes are the string
-value. There are no terminating null characters.
-.IP "Multiple-precision integer"
-First 2 bytes are the number of bits in the integer, msb first (for
-example, the value 0x00012345 would have 17 bits). The value zero has
-zero bits. It is permissible that the number of bits be larger than the
-real number of bits.
-
-The number of bits is followed by (bits + 7) / 8 bytes of binary data,
-msb first, giving the value of the integer.
-.RT
-
-
-.ti 0
-TCP/IP Port Number and Other Options
-
-The server listens for connections on TCP/IP port 22.
-
-The client may connect the server from any port. However, if the
-client wishes to use any form of .rhosts or /etc/hosts.equiv
-authentication, it must connect from a privileged port (less than
-1024).
-
-For the IP Type of Service field [RFC0791], it is recommended that
-interactive sessions (those having a user terminal or forwarding X11
-connections) use the IPTOS_LOWDELAY, and non-interactive connections
-use IPTOS_THROUGHPUT.
-
-It is recommended that keepalives are used, because otherwise programs
-on the server may never notice if the other end of the connection is
-rebooted.
-
-
-.ti 0
-Protocol Version Identification
-
-After the socket is opened, the server sends an identification string,
-which is of the form
-"SSH-<protocolmajor>.<protocolminor>-<version>\\n", where
-<protocolmajor> and <protocolminor> are integers and specify the
-protocol version number (not software distribution version).
-<version> is server side software version string (max 40 characters);
-it is not interpreted by the remote side but may be useful for
-debugging.
-
-The client parses the server's string, and sends a corresponding
-string with its own information in response. If the server has lower
-version number, and the client contains special code to emulate it,
-the client responds with the lower number; otherwise it responds with
-its own number. The server then compares the version number the
-client sent with its own, and determines whether they can work
-together. The server either disconnects, or sends the first packet
-using the binary packet protocol and both sides start working
-according to the lower of the protocol versions.
-
-By convention, changes which keep the protocol compatible with
-previous versions keep the same major protocol version; changes that
-are not compatible increment the major version (which will hopefully
-never happen). The version described in this document is 1.3.
-
-The client will
-
-.ti 0
-Key Exchange and Server Host Authentication
-
-The first message sent by the server using the packet protocol is
-SSH_SMSG_PUBLIC_KEY. It declares the server's host key, server public
-key, supported ciphers, supported authentication methods, and flags
-for protocol extensions. It also contains a 64-bit random number
-(cookie) that must be returned in the client's reply (to make IP
-spoofing more difficult). No encryption is used for this message.
-
-Both sides compute a session id as follows. The modulus of the server
-key is interpreted as a byte string (without explicit length field,
-with minimum length able to hold the whole value), most significant
-byte first. This string is concatenated with the server host key
-interpreted the same way. Additionally, the cookie is concatenated
-with this. Both sides compute MD5 of the resulting string. The
-resulting 16 bytes (128 bits) are stored by both parties and are
-called the session id.
-
-The client responds with a SSH_CMSG_SESSION_KEY message, which
-contains the selected cipher type, a copy of the 64-bit cookie sent by
-the server, client's protocol flags, and a session key encrypted
-with both the server's host key and server key. No encryption is used
-for this message.
-
-The session key is 32 8-bit bytes (a total of 256 random bits
-generated by the client). The client first xors the 16 bytes of the
-session id with the first 16 bytes of the session key. The resulting
-string is then encrypted using the smaller key (one with smaller
-modulus), and the result is then encrypted using the other key. The
-number of bits in the public modulus of the two keys must differ by at
-least 128 bits.
-
-At each encryption step, a multiple-precision integer is constructed
-from the data to be encrypted as follows (the integer is here
-interpreted as a sequence of bytes, msb first; the number of bytes is
-the number of bytes needed to represent the modulus).
-
-The most significant byte (which is only partial as the value must be
-less than the public modulus, which is never a power of two) is zero.
-
-The next byte contains the value 2 (which stands for public-key
-encrypted data in the PKCS standard [PKCS#1]). Then, there are
-non-zero random bytes to fill any unused space, a zero byte, and the
-data to be encrypted in the least significant bytes, the last byte of
-the data in the least significant byte.
-
-This algorithm is used twice. First, it is used to encrypt the 32
-random bytes generated by the client to be used as the session key
-(xored by the session id). This value is converted to an integer as
-described above, and encrypted with RSA using the key with the smaller
-modulus. The resulting integer is converted to a byte stream, msb
-first. This byte stream is padded and encrypted identically using the
-key with the larger modulus.
-
-After the client has sent the session key, it starts to use the
-selected algorithm and key for decrypting any received packets, and
-for encrypting any sent packets. Separate ciphers are used for
-different directions (that is, both directions have separate
-initialization vectors or other state for the ciphers).
-
-When the server has received the session key message, and has turned
-on encryption, it sends a SSH_SMSG_SUCCESS message to the client.
-
-The recommended size of the host key is 1024 bits, and 768 bits for
-the server key. The minimum size is 512 bits for the smaller key.
-
-
-.ti 0
-Declaring the User Name
-
-The client then sends a SSH_CMSG_USER message to the server. This
-message specifies the user name to log in as.
-
-The server validates that such a user exists, checks whether
-authentication is needed, and responds with either SSH_SMSG_SUCCESS or
-SSH_SMSG_FAILURE. SSH_SMSG_SUCCESS indicates that no authentication
-is needed for this user (no password), and authentication phase has
-now been completed. SSH_SMSG_FAILURE indicates that authentication is
-needed (or the user does not exist).
-
-If the user does not exist, it is recommended that this returns
-failure, but the server keeps reading messages from the client, and
-responds to any messages (except SSH_MSG_DISCONNECT, SSH_MSG_IGNORE,
-and SSH_MSG_DEBUG) with SSH_SMSG_FAILURE. This way the client cannot
-be certain whether the user exists.
-
-
-.ti 0
-Authentication Phase
-
-Provided the server didn't immediately accept the login, an
-authentication exchange begins. The client sends messages to the
-server requesting different types of authentication in arbitrary order as
-many times as desired (however, the server may close the connection
-after a timeout). The server always responds with SSH_SMSG_SUCCESS if
-it has accepted the authentication, and with SSH_SMSG_FAILURE if it has
-denied authentication with the requested method or it does not
-recognize the message. Some authentication methods cause an exchange
-of further messages before the final result is sent. The
-authentication phase ends when the server responds with success.
-
-The recommended value for the authentication timeout (timeout before
-disconnecting if no successful authentication has been made) is 5
-minutes.
-
-The following authentication methods are currently supported:
-.TS
-center;
-l r l.
-SSH_AUTH_RHOSTS 1 .rhosts or /etc/hosts.equiv
-SSH_AUTH_RSA 2 pure RSA authentication
-SSH_AUTH_PASSWORD 3 password authentication
-SSH_AUTH_RHOSTS_RSA 4 .rhosts with RSA host authentication
-.TE
-.IP SSH_AUTH_RHOSTS
-
-This is the authentication method used by rlogin and rsh [RFC1282].
-
-The client sends SSH_CMSG_AUTH_RHOSTS with the client-side user name
-as an argument.
-
-The server checks whether to permit authentication. On UNIX systems,
-this is usually done by checking /etc/hosts.equiv, and .rhosts in the
-user's home directory. The connection must come from a privileged
-port.
-
-It is recommended that the server checks that there are no IP options
-(such as source routing) specified for the socket before accepting
-this type of authentication. The client host name should be
-reverse-mapped and then forward mapped to ensure that it has the
-proper IP-address.
-
-This authentication method trusts the remote host (root on the remote
-host can pretend to be any other user on that host), the name
-services, and partially the network: anyone who can see packets coming
-out from the server machine can do IP-spoofing and pretend to be any
-machine; however, the protocol prevents blind IP-spoofing (which used
-to be possible with rlogin).
-
-Many sites probably want to disable this authentication method because
-of the fundamental insecurity of conventional .rhosts or
-/etc/hosts.equiv authentication when faced with spoofing. It is
-recommended that this method not be supported by the server by
-default.
-.IP SSH_AUTH_RHOSTS_RSA
-
-In addition to conventional .rhosts and hosts.equiv authentication,
-this method additionally requires that the client host be
-authenticated using RSA.
-
-The client sends SSH_CMSG_AUTH_RHOSTS_RSA specifying the client-side
-user name, and the public host key of the client host.
-
-The server first checks if normal .rhosts or /etc/hosts.equiv
-authentication would be accepted, and if not, responds with
-SSH_SMSG_FAILURE. Otherwise, it checks whether it knows the host key
-for the client machine (using the same name for the host that was used
-for checking the .rhosts and /etc/hosts.equiv files). If it does not
-know the RSA key for the client, access is denied and SSH_SMSG_FAILURE
-is sent.
-
-If the server knows the host key of the client machine, it verifies
-that the given host key matches that known for the client. If not,
-access is denied and SSH_SMSG_FAILURE is sent.
-
-The server then sends a SSH_SMSG_AUTH_RSA_CHALLENGE message containing
-an encrypted challenge for the client. The challenge is 32 8-bit
-random bytes (256 bits). When encrypted, the highest (partial) byte
-is left as zero, the next byte contains the value 2, the following are
-non-zero random bytes, followed by a zero byte, and the challenge put
-in the remaining bytes. This is then encrypted using RSA with the
-client host's public key. (The padding and encryption algorithm is
-the same as that used for the session key.)
-
-The client decrypts the challenge using its private host key,
-concatenates this with the session id, and computes an MD5 checksum
-of the resulting 48 bytes. The MD5 output is returned as 16 bytes in
-a SSH_CMSG_AUTH_RSA_RESPONSE message. (MD5 is used to deter chosen
-plaintext attacks against RSA; the session id binds it to a specific
-session).
-
-The server verifies that the MD5 of the decrypted challenge returned by
-the client matches that of the original value, and sends SSH_SMSG_SUCCESS if
-so. Otherwise it sends SSH_SMSG_FAILURE and refuses the
-authentication attempt.
-
-This authentication method trusts the client side machine in that root
-on that machine can pretend to be any user on that machine.
-Additionally, it trusts the client host key. The name and/or IP
-address of the client host is only used to select the public host key.
-The same host name is used when scanning .rhosts or /etc/hosts.equiv
-and when selecting the host key. It would in principle be possible to
-eliminate the host name entirely and substitute it directly by the
-host key. IP and/or DNS [RFC1034] spoofing can only be used
-to pretend to be a host for which the attacker has the private host
-key.
-.IP SSH_AUTH_RSA
-
-The idea behind RSA authentication is that the server recognizes the
-public key offered by the client, generates a random challenge, and
-encrypts the challenge with the public key. The client must then
-prove that it has the corresponding private key by decrypting the
-challenge.
-
-The client sends SSH_CMSG_AUTH_RSA with public key modulus (n) as an
-argument.
-
-The server may respond immediately with SSH_SMSG_FAILURE if it does
-not permit authentication with this key. Otherwise it generates a
-challenge, encrypts it using the user's public key (stored on the
-server and identified using the modulus), and sends
-SSH_SMSG_AUTH_RSA_CHALLENGE with the challenge (mp-int) as an
-argument.
-
-The challenge is 32 8-bit random bytes (256 bits). When encrypted,
-the highest (partial) byte is left as zero, the next byte contains the
-value 2, the following are non-zero random bytes, followed by a zero
-byte, and the challenge put in the remaining bytes. This is then
-encrypted with the public key. (The padding and encryption algorithm
-is the same as that used for the session key.)
-
-The client decrypts the challenge using its private key, concatenates
-it with the session id, and computes an MD5 checksum of the resulting
-48 bytes. The MD5 output is returned as 16 bytes in a
-SSH_CMSG_AUTH_RSA_RESPONSE message. (Note that the MD5 is necessary
-to avoid chosen plaintext attacks against RSA; the session id binds it
-to a specific session.)
-
-The server verifies that the MD5 of the decrypted challenge returned
-by the client matches that of the original value, and sends
-SSH_SMSG_SUCCESS if so. Otherwise it sends SSH_SMSG_FAILURE and
-refuses the authentication attempt.
-
-This authentication method does not trust the remote host, the
-network, name services, or anything else. Authentication is based
-solely on the possession of the private identification keys. Anyone
-in possession of the private keys can log in, but nobody else.
-
-The server may have additional requirements for a successful
-authentiation. For example, to limit damage due to a compromised RSA
-key, a server might restrict access to a limited set of hosts.
-.IP SSH_AUTH_PASSWORD
-
-The client sends a SSH_CMSG_AUTH_PASSWORD message with the plain text
-password. (Note that even though the password is plain text inside
-the message, it is normally encrypted by the packet mechanism.)
-
-The server verifies the password, and sends SSH_SMSG_SUCCESS if
-authentication was accepted and SSH_SMSG_FAILURE otherwise.
-
-Note that the password is read from the user by the client; the user
-never interacts with a login program.
-
-This authentication method does not trust the remote host, the
-network, name services or anything else. Authentication is based
-solely on the possession of the password. Anyone in possession of the
-password can log in, but nobody else.
-.RT
-
-.ti 0
-Preparatory Operations
-
-After successful authentication, the server waits for a request from
-the client, processes the request, and responds with SSH_SMSG_SUCCESS
-whenever a request has been successfully processed. If it receives a
-message that it does not recognize or it fails to honor a request, it
-returns SSH_SMSG_FAILURE. It is expected that new message types might
-be added to this phase in future.
-
-The following messages are currently defined for this phase.
-.IP SSH_CMSG_REQUEST_COMPRESSION
-Requests that compression be enabled for this session. A
-gzip-compatible compression level (1-9) is passed as an argument.
-.IP SSH_CMSG_REQUEST_PTY
-Requests that a pseudo terminal device be allocated for this session.
-The user terminal type and terminal modes are supplied as arguments.
-.IP SSH_CMSG_X11_REQUEST_FORWARDING
-Requests forwarding of X11 connections from the remote machine to the
-local machine over the secure channel. Causes an internet-domain
-socket to be allocated and the DISPLAY variable to be set on the server.
-X11 authentication data is automatically passed to the server, and the
-client may implement spoofing of authentication data for added
-security. The authentication data is passed as arguments.
-.IP SSH_CMSG_PORT_FORWARD_REQUEST
-Requests forwarding of a TCP/IP port on the server host over the
-secure channel. What happens is that whenever a connection is made to
-the port on the server, a connection will be made from the client end
-to the specified host/port. Any user can forward unprivileged ports;
-only the root can forward privileged ports (as determined by
-authentication done earlier).
-.IP SSH_CMSG_AGENT_REQUEST_FORWARDING
-Requests forwarding of the connection to the authentication agent.
-.IP SSH_CMSG_EXEC_SHELL
-Starts a shell (command interpreter) for the user, and moves into
-interactive session mode.
-.IP SSH_CMSG_EXEC_CMD
-Executes the given command (actually "<shell> -c <command>" or
-equivalent) for the user, and moves into interactive session mode.
-.RT
-
-
-.ti 0
-Interactive Session and Exchange of Data
-
-During the interactive session, any data written by the shell or
-command running on the server machine is forwarded to stdin or
-stderr on the client machine, and any input available from stdin on
-the client machine is forwarded to the program on the server machine.
-
-All exchange is asynchronous; either side can send at any time, and
-there are no acknowledgements (TCP/IP already provides reliable
-transport, and the packet protocol protects against tampering or IP
-spoofing).
-
-When the client receives EOF from its standard input, it will send
-SSH_CMSG_EOF; however, this in no way terminates the exchange. The
-exchange terminates and interactive mode is left when the server sends
-SSH_SMSG_EXITSTATUS to indicate that the client program has
-terminated. Alternatively, either side may disconnect at any time by
-sending SSH_MSG_DISCONNECT or closing the connection.
-
-The server may send any of the following messages:
-.IP SSH_SMSG_STDOUT_DATA
-Data written to stdout by the program running on the server. The data
-is passed as a string argument. The client writes this data to
-stdout.
-.IP SSH_SMSG_STDERR_DATA
-Data written to stderr by the program running on the server. The data
-is passed as a string argument. The client writes this data to
-stderr. (Note that if the program is running on a tty, it is not
-possible to separate stdout and stderr data, and all data will be sent
-as stdout data.)
-.IP SSH_SMSG_EXITSTATUS
-Indicates that the shell or command has exited. Exit status is passed
-as an integer argument. This message causes termination of the
-interactive session.
-.IP SSH_SMSG_AGENT_OPEN
-Indicates that someone on the server side is requesting a connection
-to the authentication agent. The server-side channel number is passed
-as an argument. The client must respond with either
-SSH_CHANNEL_OPEN_CONFIRMATION or SSH_CHANNEL_OPEN_FAILURE.
-.IP SSH_SMSG_X11_OPEN
-Indicates that a connection has been made to the X11 socket on the
-server side and should be forwarded to the real X server. An integer
-argument indicates the channel number allocated for this connection on
-the server side. The client should send back either
-SSH_MSG_CHANNEL_OPEN_CONFIRMATION or SSH_MSG_CHANNEL_OPEN_FAILURE with
-the same server side channel number.
-.IP SSH_MSG_PORT_OPEN
-Indicates that a connection has been made to a port on the server side
-for which forwarding has been requested. Arguments are server side
-channel number, host name to connect to, and port to connect to. The
-client should send back either
-SSH_MSG_CHANNEL_OPEN_CONFIRMATION or SSH_MSG_CHANNEL_OPEN_FAILURE with
-the same server side channel number.
-.IP SSH_MSG_CHANNEL_OPEN_CONFIRMATION
-This is sent by the server to indicate that it has opened a connection
-as requested in a previous message. The first argument indicates the
-client side channel number, and the second argument is the channel number
-that the server has allocated for this connection.
-.IP SSH_MSG_CHANNEL_OPEN_FAILURE
-This is sent by the server to indicate that it failed to open a
-connection as requested in a previous message. The client-side
-channel number is passed as an argument. The client will close the
-descriptor associated with the channel and free the channel.
-.IP SSH_MSG_CHANNEL_DATA
-This packet contains data for a channel from the server. The first
-argument is the client-side channel number, and the second argument (a
-string) is the data.
-.IP SSH_MSG_CHANNEL_CLOSE
-This is sent by the server to indicate that whoever was in the other
-end of the channel has closed it. The argument is the client side channel
-number. The client will let all buffered data in the channel to
-drain, and when ready, will close the socket, free the channel, and
-send the server a SSH_MSG_CHANNEL_CLOSE_CONFIRMATION message for the
-channel.
-.IP SSH_MSG_CHANNEL_CLOSE_CONFIRMATION
-This is send by the server to indicate that a channel previously
-closed by the client has now been closed on the server side as well.
-The argument indicates the client channel number. The client frees
-the channel.
-.RT
-
-The client may send any of the following messages:
-.IP SSH_CMSG_STDIN_DATA
-This is data to be sent as input to the program running on the server.
-The data is passed as a string.
-.IP SSH_CMSG_EOF
-Indicates that the client has encountered EOF while reading standard
-input. The server will allow any buffered input data to drain, and
-will then close the input to the program.
-.IP SSH_CMSG_WINDOW_SIZE
-Indicates that window size on the client has been changed. The server
-updates the window size of the tty and causes SIGWINCH to be sent to
-the program. The new window size is passed as four integer arguments:
-row, col, xpixel, ypixel.
-.IP SSH_MSG_PORT_OPEN
-Indicates that a connection has been made to a port on the client side
-for which forwarding has been requested. Arguments are client side
-channel number, host name to connect to, and port to connect to. The
-server should send back either SSH_MSG_CHANNEL_OPEN_CONFIRMATION or
-SSH_MSG_CHANNEL_OPEN_FAILURE with the same client side channel number.
-.IP SSH_MSG_CHANNEL_OPEN_CONFIRMATION
-This is sent by the client to indicate that it has opened a connection
-as requested in a previous message. The first argument indicates the
-server side channel number, and the second argument is the channel
-number that the client has allocated for this connection.
-.IP SSH_MSG_CHANNEL_OPEN_FAILURE
-This is sent by the client to indicate that it failed to open a
-connection as requested in a previous message. The server side
-channel number is passed as an argument. The server will close the
-descriptor associated with the channel and free the channel.
-.IP SSH_MSG_CHANNEL_DATA
-This packet contains data for a channel from the client. The first
-argument is the server side channel number, and the second argument (a
-string) is the data.
-.IP SSH_MSG_CHANNEL_CLOSE
-This is sent by the client to indicate that whoever was in the other
-end of the channel has closed it. The argument is the server channel
-number. The server will allow buffered data to drain, and when ready,
-will close the socket, free the channel, and send the client a
-SSH_MSG_CHANNEL_CLOSE_CONFIRMATION message for the channel.
-.IP SSH_MSG_CHANNEL_CLOSE_CONFIRMATION
-This is send by the client to indicate that a channel previously
-closed by the server has now been closed on the client side as well.
-The argument indicates the server channel number. The server frees
-the channel.
-.RT
-
-Any unsupported messages during interactive mode cause the connection
-to be terminated with SSH_MSG_DISCONNECT and an error message.
-Compatible protocol upgrades should agree about any extensions during
-the preparation phase or earlier.
-
-
-.ti 0
-Termination of the Connection
-
-Normal termination of the connection is always initiated by the server
-by sending SSH_SMSG_EXITSTATUS after the program has exited. The
-client responds to this message by sending SSH_CMSG_EXIT_CONFIRMATION
-and closes the socket; the server then closes the socket. There are
-two purposes for the confirmation: some systems may lose previously
-sent data when the socket is closed, and closing the client side first
-causes any TCP/IP TIME_WAIT [RFC0793] waits to occur on the client side, not
-consuming server resources.
-
-If the program terminates due to a signal, the server will send
-SSH_MSG_DISCONNECT with an appropriate message. If the connection is
-closed, all file descriptors to the program will be closed and the
-server will exit. If the program runs on a tty, the kernel sends it
-the SIGHUP signal when the pty master side is closed.
-
-.ti 0
-Protocol Flags
-
-Both the server and the client pass 32 bits of protocol flags to the
-other side. The flags are intended for compatible protocol extension;
-the server first announces which added capabilities it supports, and
-the client then sends the capabilities that it supports.
-
-The following flags are currently defined (the values are bit masks):
-.IP "1 SSH_PROTOFLAG_SCREEN_NUMBER"
-This flag can only be sent by the client. It indicates that the X11
-forwarding requests it sends will include the screen number.
-.IP "2 SSH_PROTOFLAG_HOST_IN_FWD_OPEN"
-If both sides specify this flag, SSH_SMSG_X11_OPEN and
-SSH_MSG_PORT_OPEN messages will contain an additional field containing
-a description of the host at the other end of the connection.
-.RT
-
-.ti 0
-Detailed Description of Packet Types and Formats
-
-The supported packet types and the corresponding message numbers are
-given in the following table. Messages with _MSG_ in their name may
-be sent by either side. Messages with _CMSG_ are only sent by the
-client, and messages with _SMSG_ only by the server.
-
-A packet may contain additional data after the arguments specified
-below. Any such data should be ignored by the receiver. However, it
-is recommended that no such data be stored without good reason. (This
-helps build compatible extensions.)
-.IP "0 SSH_MSG_NONE"
-This code is reserved. This message type is never sent.
-.IP "1 SSH_MSG_DISCONNECT"
-.TS
-;
-l l.
-string Cause of disconnection
-.TE
-This message may be sent by either party at any time. It causes the
-immediate disconnection of the connection. The message is intended to
-be displayed to a human, and describes the reason for disconnection.
-.IP "2 SSH_SMSG_PUBLIC_KEY"
-.TS
-;
-l l.
-8 bytes anti_spoofing_cookie
-32-bit int server_key_bits
-mp-int server_key_public_exponent
-mp-int server_key_public_modulus
-32-bit int host_key_bits
-mp-int host_key_public_exponent
-mp-int host_key_public_modulus
-32-bit int protocol_flags
-32-bit int supported_ciphers_mask
-32-bit int supported_authentications_mask
-.TE
-Sent as the first message by the server. This message gives the
-server's host key, server key, protocol flags (intended for compatible
-protocol extension), supported_ciphers_mask (which is the
-bitwise or of (1 << cipher_number), where << is the left shift
-operator, for all supported ciphers), and
-supported_authentications_mask (which is the bitwise or of (1 <<
-authentication_type) for all supported authentication types). The
-anti_spoofing_cookie is 64 random bytes, and must be sent back
-verbatim by the client in its reply. It is used to make IP-spoofing
-more difficult (encryption and host keys are the real defense against
-spoofing).
-.IP "3 SSH_CMSG_SESSION_KEY"
-.TS
-;
-l l.
-1 byte cipher_type (must be one of the supported values)
-8 bytes anti_spoofing_cookie (must match data sent by the server)
-mp-int double-encrypted session key
-32-bit int protocol_flags
-.TE
-Sent by the client as the first message in the session. Selects the
-cipher to use, and sends the encrypted session key to the server. The
-anti_spoofing_cookie must be the same bytes that were sent by the
-server. Protocol_flags is intended for negotiating compatible
-protocol extensions.
-.IP "4 SSH_CMSG_USER"
-.TS
-;
-l l.
-string user login name on server
-.TE
-Sent by the client to begin authentication. Specifies the user name
-on the server to log in as. The server responds with SSH_SMSG_SUCCESS
-if no authentication is needed for this user, or SSH_SMSG_FAILURE if
-authentication is needed (or the user does not exist). [Note to the
-implementator: the user name is of arbitrary size. The implementation
-must be careful not to overflow internal buffers.]
-.IP "5 SSH_CMSG_AUTH_RHOSTS"
-.TS
-;
-l l.
-string client-side user name
-.TE
-Requests authentication using /etc/hosts.equiv and .rhosts (or
-equivalent mechanisms). This authentication method is normally
-disabled in the server because it is not secure (but this is the
-method used by rsh and rlogin). The server responds with
-SSH_SMSG_SUCCESS if authentication was successful, and
-SSH_SMSG_FAILURE if access was not granted. The server should check
-that the client side port number is less than 1024 (a privileged
-port), and immediately reject authentication if it is not. Supporting
-this authentication method is optional. This method should normally
-not be enabled in the server because it is not safe. (However, not
-enabling this only helps if rlogind and rshd are disabled.)
-.IP "6 SSH_CMSG_AUTH_RSA"
-.TS
-;
-l l.
-mp-int identity_public_modulus
-.TE
-Requests authentication using pure RSA authentication. The server
-checks if the given key is permitted to log in, and if so, responds
-with SSH_SMSG_AUTH_RSA_CHALLENGE. Otherwise, it responds with
-SSH_SMSG_FAILURE. The client often tries several different keys in
-sequence until one supported by the server is found. Authentication
-is accepted if the client gives the correct response to the challenge.
-The server is free to add other criteria for authentication, such as a
-requirement that the connection must come from a certain host. Such
-additions are not visible at the protocol level. Supporting this
-authentication method is optional but recommended.
-.IP "7 SSH_SMSG_AUTH_RSA_CHALLENGE"
-.TS
-;
-l l.
-mp-int encrypted challenge
-.TE
-Presents an RSA authentication challenge to the client. The challenge
-is a 256-bit random value encrypted as described elsewhere in this
-document. The client must decrypt the challenge using the RSA private
-key, compute MD5 of the challenge plus session id, and send back the
-resulting 16 bytes using SSH_CMSG_AUTH_RSA_RESPONSE.
-.IP "8 SSH_CMSG_AUTH_RSA_RESPONSE"
-.TS
-;
-l l.
-16 bytes MD5 of decrypted challenge
-.TE
-This message is sent by the client in response to an RSA challenge.
-The MD5 checksum is returned instead of the decrypted challenge to
-deter known-plaintext attacks against the RSA key. The server
-responds to this message with either SSH_SMSG_SUCCESS or
-SSH_SMSG_FAILURE.
-.IP "9 SSH_CMSG_AUTH_PASSWORD"
-.TS
-;
-l l.
-string plain text password
-.TE
-Requests password authentication using the given password. Note that
-even though the password is plain text inside the packet, the whole
-packet is normally encrypted by the packet layer. It would not be
-possible for the client to perform password encryption/hashing,
-because it cannot know which kind of encryption/hashing, if any, the
-server uses. The server responds to this message with
-SSH_SMSG_SUCCESS or SSH_SMSG_FAILURE.
-.IP "10 SSH_CMSG_REQUEST_PTY"
-.TS
-;
-l l.
-string TERM environment variable value (e.g. vt100)
-32-bit int terminal height, rows (e.g., 24)
-32-bit int terminal width, columns (e.g., 80)
-32-bit int terminal width, pixels (0 if no graphics) (e.g., 480)
-32-bit int terminal height, pixels (0 if no graphics) (e.g., 640)
-n bytes tty modes encoded in binary
-.TE
-Requests a pseudo-terminal to be allocated for this command. This
-message can be used regardless of whether the session will later
-execute the shell or a command. If a pty has been requested with this
-message, the shell or command will run on a pty. Otherwise it will
-communicate with the server using pipes, sockets or some other similar
-mechanism.
-
-The terminal type gives the type of the user's terminal. In the UNIX
-environment it is passed to the shell or command in the TERM
-environment variable.
-
-The width and height values give the initial size of the user's
-terminal or window. All values can be zero if not supported by the
-operating system. The server will pass these values to the kernel if
-supported.
-
-Terminal modes are encoded into a byte stream in a portable format.
-The exact format is described later in this document.
-
-The server responds to the request with either SSH_SMSG_SUCCESS or
-SSH_SMSG_FAILURE. If the server does not have the concept of pseudo
-terminals, it should return success if it is possible to execute a
-shell or a command so that it looks to the client as if it was running
-on a pseudo terminal.
-.IP "11 SSH_CMSG_WINDOW_SIZE"
-.TS
-;
-l l.
-32-bit int terminal height, rows
-32-bit int terminal width, columns
-32-bit int terminal width, pixels
-32-bit int terminal height, pixels
-.TE
-This message can only be sent by the client during the interactive
-session. This indicates that the size of the user's window has
-changed, and provides the new size. The server will update the
-kernel's notion of the window size, and a SIGWINCH signal or
-equivalent will be sent to the shell or command (if supported by the
-operating system).
-.IP "12 SSH_CMSG_EXEC_SHELL"
-
-(no arguments)
-
-Starts a shell (command interpreter), and enters interactive session
-mode.
-.IP "13 SSH_CMSG_EXEC_CMD"
-.TS
-;
-l l.
-string command to execute
-.TE
-Starts executing the given command, and enters interactive session
-mode. On UNIX, the command is run as "<shell> -c <command>", where
-<shell> is the user's login shell.
-.IP "14 SSH_SMSG_SUCCESS"
-
-(no arguments)
-
-This message is sent by the server in response to the session key, a
-successful authentication request, and a successfully completed
-preparatory operation.
-.IP "15 SSH_SMSG_FAILURE"
-
-(no arguments)
-
-This message is sent by the server in response to a failed
-authentication operation to indicate that the user has not yet been
-successfully authenticated, and in response to a failed preparatory
-operation. This is also sent in response to an authentication or
-preparatory operation request that is not recognized or supported.
-.IP "16 SSH_CMSG_STDIN_DATA"
-.TS
-;
-l l.
-string data
-.TE
-Delivers data from the client to be supplied as input to the shell or
-program running on the server side. This message can only be used in
-the interactive session mode. No acknowledgement is sent for this
-message.
-.IP "17 SSH_SMSG_STDOUT_DATA"
-.TS
-;
-l l.
-string data
-.TE
-Delivers data from the server that was read from the standard output of
-the shell or program running on the server side. This message can
-only be used in the interactive session mode. No acknowledgement is
-sent for this message.
-.IP "18 SSH_SMSG_STDERR_DATA"
-.TS
-;
-l l.
-string data
-.TE
-Delivers data from the server that was read from the standard error of
-the shell or program running on the server side. This message can
-only be used in the interactive session mode. No acknowledgement is
-sent for this message.
-.IP "19 SSH_CMSG_EOF"
-
-(no arguments)
-
-This message is sent by the client to indicate that EOF has been
-reached on the input. Upon receiving this message, and after all
-buffered input data has been sent to the shell or program, the server
-will close the input file descriptor to the program. This message can
-only be used in the interactive session mode. No acknowledgement is
-sent for this message.
-.IP "20 SSH_SMSG_EXITSTATUS"
-.TS
-;
-l l.
-32-bit int exit status of the command
-.TE
-Returns the exit status of the shell or program after it has exited.
-The client should respond with SSH_CMSG_EXIT_CONFIRMATION when it has
-received this message. This will be the last message sent by the
-server. If the program being executed dies with a signal instead of
-exiting normally, the server should terminate the session with
-SSH_MSG_DISCONNECT (which can be used to pass a human-readable string
-indicating that the program died due to a signal) instead of using
-this message.
-.IP "21 SSH_MSG_CHANNEL_OPEN_CONFIRMATION"
-.TS
-;
-l l.
-32-bit int remote_channel
-32-bit int local_channel
-.TE
-This is sent in response to any channel open request if the channel
-has been successfully opened. Remote_channel is the channel number
-received in the initial open request; local_channel is the channel
-number the side sending this message has allocated for the channel.
-Data can be transmitted on the channel after this message.
-.IP "22 SSH_MSG_CHANNEL_OPEN_FAILURE"
-.TS
-;
-l l.
-32-bit int remote_channel
-.TE
-This message indicates that an earlier channel open request by the
-other side has failed or has been denied. Remote_channel is the
-channel number given in the original request.
-.IP "23 SSH_MSG_CHANNEL_DATA"
-.TS
-;
-l l.
-32-bit int remote_channel
-string data
-.TE
-Data is transmitted in a channel in these messages. A channel is
-bidirectional, and both sides can send these messages. There is no
-acknowledgement for these messages. It is possible that either side
-receives these messages after it has sent SSH_MSG_CHANNEL_CLOSE for
-the channel. These messages cannot be received after the party has
-sent or received SSH_MSG_CHANNEL_CLOSE_CONFIRMATION.
-.IP "24 SSH_MSG_CHANNEL_CLOSE"
-.TS
-;
-l l.
-32-bit int remote_channel
-.TE
-When a channel is closed at one end of the connection, that side sends
-this message. Upon receiving this message, the channel should be
-closed. When this message is received, if the channel is already
-closed (the receiving side has sent this message for the same channel
-earlier), the channel is freed and no further action is taken;
-otherwise the channel is freed and SSH_MSG_CHANNEL_CLOSE_CONFIRMATION
-is sent in response. (It is possible that the channel is closed
-simultaneously at both ends.)
-.IP "25 SSH_MSG_CHANNEL_CLOSE_CONFIRMATION"
-.TS
-;
-l l.
-32-bit int remote_channel
-.TE
-This message is sent in response to SSH_MSG_CHANNEL_CLOSE unless the
-channel was already closed. When this message is sent or received,
-the channel is freed.
-.IP "26 (OBSOLETED; was unix-domain X11 forwarding)
-.IP "27 SSH_SMSG_X11_OPEN"
-.TS
-;
-l l.
-32-bit int local_channel
-string originator_string (see below)
-.TE
-This message can be sent by the server during the interactive session
-mode to indicate that a client has connected the fake X server.
-Local_channel is the channel number that the server has allocated for
-the connection. The client should try to open a connection to the
-real X server, and respond with SSH_MSG_CHANNEL_OPEN_CONFIRMATION or
-SSH_MSG_CHANNEL_OPEN_FAILURE.
-
-The field originator_string is present if both sides
-specified SSH_PROTOFLAG_HOST_IN_FWD_OPEN in the protocol flags. It
-contains a description of the host originating the connection.
-.IP "28 SSH_CMSG_PORT_FORWARD_REQUEST"
-.TS
-;
-l l.
-32-bit int server_port
-string host_to_connect
-32-bit int port_to_connect
-.TE
-Sent by the client in the preparatory phase, this message requests
-that server_port on the server machine be forwarded over the secure
-channel to the client machine, and from there to the specified host
-and port. The server should start listening on the port, and send
-SSH_MSG_PORT_OPEN whenever a connection is made to it. Supporting
-this message is optional, and the server is free to reject any forward
-request. For example, it is highly recommended that unless the user
-has been authenticated as root, forwarding any privileged port numbers
-(below 1024) is denied.
-.IP "29 SSH_MSG_PORT_OPEN"
-.TS
-;
-l l.
-32-bit int local_channel
-string host_name
-32-bit int port
-string originator_string (see below)
-.TE
-Sent by either party in interactive session mode, this message
-indicates that a connection has been opened to a forwarded TCP/IP
-port. Local_channel is the channel number that the sending party has
-allocated for the connection. Host_name is the host the connection
-should be be forwarded to, and the port is the port on that host to
-connect. The receiving party should open the connection, and respond
-with SSH_MSG_CHANNEL_OPEN_CONFIRMATION or
-SSH_MSG_CHANNEL_OPEN_FAILURE. It is recommended that the receiving
-side check the host_name and port for validity to avoid compromising
-local security by compromised remote side software. Particularly, it
-is recommended that the client permit connections only to those ports
-for which it has requested forwarding with SSH_CMSG_PORT_FORWARD_REQUEST.
-
-The field originator_string is present if both sides
-specified SSH_PROTOFLAG_HOST_IN_FWD_OPEN in the protocol flags. It
-contains a description of the host originating the connection.
-.IP "30 SSH_CMSG_AGENT_REQUEST_FORWARDING"
-
-(no arguments)
-
-Requests that the connection to the authentication agent be forwarded
-over the secure channel. The method used by clients to contact the
-authentication agent within each machine is implementation and machine
-dependent. If the server accepts this request, it should arrange that
-any clients run from this session will actually contact the server
-program when they try to contact the authentication agent. The server
-should then send a SSH_SMSG_AGENT_OPEN to open a channel to the agent,
-and the client should forward the connection to the real
-authentication agent. Supporting this message is optional.
-.IP "31 SSH_SMSG_AGENT_OPEN"
-.TS
-;
-l l.
-32-bit int local_channel
-.TE
-Sent by the server in interactive session mode, this message requests
-opening a channel to the authentication agent. The client should open
-a channel, and respond with either SSH_MSG_CHANNEL_OPEN_CONFIRMATION
-or SSH_MSG_CHANNEL_OPEN_FAILURE.
-.IP "32 SSH_MSG_IGNORE"
-.TS
-;
-l l.
-string data
-.TE
-Either party may send this message at any time. This message, and the
-argument string, is silently ignored. This message might be used in
-some implementations to make traffic analysis more difficult. This
-message is not currently sent by the implementation, but all
-implementations are required to recognize and ignore it.
-.IP "33 SSH_CMSG_EXIT_CONFIRMATION"
-
-(no arguments)
-
-Sent by the client in response to SSH_SMSG_EXITSTATUS. This is the
-last message sent by the client.
-.IP "34 SSH_CMSG_X11_REQUEST_FORWARDING"
-.TS
-;
-l l.
-string x11_authentication_protocol
-string x11_authentication_data
-32-bit int screen number (if SSH_PROTOFLAG_SCREEN_NUMBER)
-.TE
-Sent by the client during the preparatory phase, this message requests
-that the server create a fake X11 display and set the DISPLAY
-environment variable accordingly. An internet-domain display is
-preferable. The given authentication protocol and the associated data
-should be recorded by the server so that it is used as authentication
-on connections (e.g., in .Xauthority). The authentication protocol
-must be one of the supported X11 authentication protocols, e.g.,
-"MIT-MAGIC-COOKIE-1". Authentication data must be a lowercase hex
-string of even length. Its interpretation is protocol dependent.
-The data is in a format that can be used with e.g. the xauth program.
-Supporting this message is optional.
-
-The client is permitted (and recommended) to generate fake
-authentication information and send fake information to the server.
-This way, a corrupt server will not have access to the user's terminal
-after the connection has terminated. The correct authorization codes
-will also not be left hanging around in files on the server (many
-users keep the same X session for months, thus protecting the
-authorization data becomes important).
-
-X11 authentication spoofing works by initially sending fake (random)
-authentication data to the server, and interpreting the first packet
-sent by the X11 client after the connection has been opened. The
-first packet contains the client's authentication. If the packet
-contains the correct fake data, it is replaced by the client by the
-correct authentication data, and then sent to the X server.
-.IP "35 SSH_CMSG_AUTH_RHOSTS_RSA"
-.TS
-;
-l l.
-string clint-side user name
-32-bit int client_host_key_bits
-mp-int client_host_key_public_exponent
-mp-int client_host_key_public_modulus
-.TE
-Requests authentication using /etc/hosts.equiv and .rhosts (or
-equivalent) together with RSA host authentication. The server should
-check that the client side port number is less than 1024 (a privileged
-port), and immediately reject authentication if it is not. The server
-responds with SSH_SMSG_FAILURE or SSH_SMSG_AUTH_RSA_CHALLENGE. The
-client must respond to the challenge with the proper
-SSH_CMSG_AUTH_RSA_RESPONSE. The server then responds with success if
-access was granted, or failure if the client gave a wrong response.
-Supporting this authentication method is optional but recommended in
-most environments.
-.IP "36 SSH_MSG_DEBUG"
-.TS
-;
-l l.
-string debugging message sent to the other side
-.TE
-This message may be sent by either party at any time. It is used to
-send debugging messages that may be informative to the user in
-solving various problems. For example, if authentication fails
-because of some configuration error (e.g., incorrect permissions for
-some file), it can be very helpful for the user to make the cause of
-failure available. On the other hand, one should not make too much
-information available for security reasons. It is recommended that
-the client provides an option to display the debugging information
-sent by the sender (the user probably does not want to see it by default).
-The server can log debugging data sent by the client (if any). Either
-party is free to ignore any received debugging data. Every
-implementation must be able to receive this message, but no
-implementation is required to send these.
-.IP "37 SSH_CMSG_REQUEST_COMPRESSION"
-.TS
-;
-l l.
-32-bit int gzip compression level (1-9)
-.TE
-This message can be sent by the client in the preparatory operations
-phase. The server responds with SSH_SMSG_FAILURE if it does not
-support compression or does not want to compress; it responds with
-SSH_SMSG_SUCCESS if it accepted the compression request. In the
-latter case the response to this packet will still be uncompressed,
-but all further packets in either direction will be compressed by gzip.
-.RT
-
-
-.ti 0
-Encoding of Terminal Modes
-
-Terminal modes (as passed in SSH_CMSG_REQUEST_PTY) are encoded into a
-byte stream. It is intended that the coding be portable across
-different environments.
-
-The tty mode description is a stream of bytes. The stream consists of
-opcode-argument pairs. It is terminated by opcode TTY_OP_END (0).
-Opcodes 1-127 have one-byte arguments. Opcodes 128-159 have 32-bit
-integer arguments (stored msb first). Opcodes 160-255 are not yet
-defined, and cause parsing to stop (they should only be used after any
-other data).
-
-The client puts in the stream any modes it knows about, and the server
-ignores any modes it does not know about. This allows some degree of
-machine-independence, at least between systems that use a POSIX-like
-[POSIX] tty interface. The protocol can support other systems as
-well, but the client may need to fill reasonable values for a number
-of parameters so the server pty gets set to a reasonable mode (the
-server leaves all unspecified mode bits in their default values, and
-only some combinations make sense).
-
-The following opcodes have been defined. The naming of opcodes mostly
-follows the POSIX terminal mode flags.
-.IP "0 TTY_OP_END"
-Indicates end of options.
-.IP "1 VINTR"
-Interrupt character; 255 if none. Similarly for the other characters.
-Not all of these characters are supported on all systems.
-.IP "2 VQUIT"
-The quit character (sends SIGQUIT signal on UNIX systems).
-.IP "3 VERASE"
-Erase the character to left of the cursor.
-.IP "4 VKILL"
-Kill the current input line.
-.IP "5 VEOF "
-End-of-file character (sends EOF from the terminal).
-.IP "6 VEOL "
-End-of-line character in addition to carriage return and/or linefeed.
-.IP "7 VEOL2"
-Additional end-of-line character.
-.IP "8 VSTART"
-Continues paused output (normally ^Q).
-.IP "9 VSTOP"
-Pauses output (^S).
-.IP "10 VSUSP"
-Suspends the current program.
-.IP "11 VDSUSP"
-Another suspend character.
-.IP "12 VREPRINT"
-Reprints the current input line.
-.IP "13 VWERASE"
-Erases a word left of cursor.
-.IP "14 VLNEXT"
-More special input characters; these are probably not supported on
-most systems.
-.IP "15 VFLUSH"
-.IP "16 VSWTCH"
-.IP "17 VSTATUS"
-.IP "18 VDISCARD"
-
-.IP "30 IGNPAR"
-The ignore parity flag. The next byte should be 0 if this flag is not
-set, and 1 if it is set.
-.IP "31 PARMRK"
-More flags. The exact definitions can be found in the POSIX standard.
-.IP "32 INPCK"
-.IP "33 ISTRIP"
-.IP "34 INLCR"
-.IP "35 IGNCR"
-.IP "36 ICRNL"
-.IP "37 IUCLC"
-.IP "38 IXON"
-.IP "39 IXANY"
-.IP "40 IXOFF"
-.IP "41 IMAXBEL"
-
-.IP "50 ISIG"
-.IP "51 ICANON"
-.IP "52 XCASE"
-.IP "53 ECHO"
-.IP "54 ECHOE"
-.IP "55 ECHOK"
-.IP "56 ECHONL"
-.IP "57 NOFLSH"
-.IP "58 TOSTOP"
-.IP "59 IEXTEN"
-.IP "60 ECHOCTL"
-.IP "61 ECHOKE"
-.IP "62 PENDIN"
-
-.IP "70 OPOST"
-.IP "71 OLCUC"
-.IP "72 ONLCR"
-.IP "73 OCRNL"
-.IP "74 ONOCR"
-.IP "75 ONLRET"
-
-.IP "90 CS7"
-.IP "91 CS8"
-.IP "92 PARENB"
-.IP "93 PARODD"
-
-.IP "192 TTY_OP_ISPEED"
-Specifies the input baud rate in bits per second.
-.IP "193 TTY_OP_OSPEED"
-Specifies the output baud rate in bits per second.
-.RT
-
-
-.ti 0
-The Authentication Agent Protocol
-
-The authentication agent is a program that can be used to hold RSA
-authentication keys for the user (in future, it might hold data for
-other authentication types as well). An authorized program can send
-requests to the agent to generate a proper response to an RSA
-challenge. How the connection is made to the agent (or its
-representative) inside a host and how access control is done inside a
-host is implementation-dependent; however, how it is forwarded and how
-one interacts with it is specified in this protocol. The connection
-to the agent is normally automatically forwarded over the secure
-channel.
-
-A program that wishes to use the agent first opens a connection to its
-local representative (typically, the agent itself or an SSH server).
-It then writes a request to the connection, and waits for response.
-It is recommended that at least five minutes of timeout are provided
-waiting for the agent to respond to an authentication challenge (this
-gives sufficient time for the user to cut-and-paste the challenge to a
-separate machine, perform the computation there, and cut-and-paste the
-result back if so desired).
-
-Messages sent to and by the agent are in the following format:
-.TS
-;
-l l.
-4 bytes Length, msb first. Does not include length itself.
-1 byte Packet type. The value 255 is reserved for future extensions.
-data Any data, depending on packet type. Encoding as in the ssh packet
-protocol.
-.TE
-
-The following message types are currently defined:
-.IP "1 SSH_AGENTC_REQUEST_RSA_IDENTITIES"
-
-(no arguments)
-
-Requests the agent to send a list of all RSA keys for which it can
-answer a challenge.
-.IP "2 SSH_AGENT_RSA_IDENTITIES_ANSWER"
-.TS
-;
-l l.
-32-bit int howmany
-howmany times:
-32-bit int bits
-mp-int public exponent
-mp-int public modulus
-string comment
-.TE
-The agent sends this message in response to the to
-SSH_AGENTC_REQUEST_RSA_IDENTITIES. The answer lists all RSA keys for
-which the agent can answer a challenge. The comment field is intended
-to help identify each key; it may be printed by an application to
-indicate which key is being used. If the agent is not holding any
-keys, howmany will be zero.
-.IP "3 SSH_AGENTC_RSA_CHALLENGE
-.TS
-;
-l l.
-32-bit int bits
-mp-int public exponent
-mp-int public modulus
-mp-int challenge
-16 bytes session_id
-32-bit int response_type
-.TE
-Requests RSA decryption of random challenge to authenticate the other
-side. The challenge will be decrypted with the RSA private key
-corresponding to the given public key.
-
-The decrypted challenge must contain a zero in the highest (partial)
-byte, 2 in the next byte, followed by non-zero random bytes, a zero
-byte, and then the real challenge value in the lowermost bytes. The
-real challenge must be 32 8-bit bytes (256 bits).
-
-Response_type indicates the format of the response to be returned.
-Currently the only supported value is 1, which means to compute MD5 of
-the real challenge plus session id, and return the resulting 16 bytes
-in a SSH_AGENT_RSA_RESPONSE message.
-.IP "4 SSH_AGENT_RSA_RESPONSE"
-.TS
-;
-l l.
-16 bytes MD5 of decrypted challenge
-.TE
-Answers an RSA authentication challenge. The response is 16 bytes:
-the MD5 checksum of the 32-byte challenge.
-.IP "5 SSH_AGENT_FAILURE"
-
-(no arguments)
-
-This message is sent whenever the agent fails to answer a request
-properly. For example, if the agent cannot answer a challenge (e.g.,
-no longer has the proper key), it can respond with this. The agent
-also responds with this message if it receives a message it does not
-recognize.
-.IP "6 SSH_AGENT_SUCCESS"
-
-(no arguments)
-
-This message is sent by the agent as a response to certain requests
-that do not otherwise cause a message be sent. Currently, this is
-only sent in response to SSH_AGENTC_ADD_RSA_IDENTITY and
-SSH_AGENTC_REMOVE_RSA_IDENTITY.
-.IP "7 SSH_AGENTC_ADD_RSA_IDENTITY"
-.TS
-;
-l l.
-32-bit int bits
-mp-int public modulus
-mp-int public exponent
-mp-int private exponent
-mp-int multiplicative inverse of p mod q
-mp-int p
-mp-int q
-string comment
-.TE
-Registers an RSA key with the agent. After this request, the agent can
-use this RSA key to answer requests. The agent responds with
-SSH_AGENT_SUCCESS or SSH_AGENT_FAILURE.
-.IP "8 SSH_AGENT_REMOVE_RSA_IDENTITY"
-.TS
-;
-l l.
-32-bit int bits
-mp-int public exponent
-mp-int public modulus
-.TE
-Removes an RSA key from the agent. The agent will no longer accept
-challenges for this key and will not list it as a supported identity.
-The agent responds with SSH_AGENT_SUCCESS or SSH_AGENT_FAILURE.
-.RT
-
-If the agent receives a message that it does not understand, it
-responds with SSH_AGENT_FAILURE. This permits compatible future
-extensions.
-
-It is possible that several clients have a connection open to the
-authentication agent simultaneously. Each client will use a separate
-connection (thus, any SSH connection can have multiple agent
-connections active simultaneously).
-
-
-.ti 0
-References
-
-.IP "[DES] "
-FIPS PUB 46-1: Data Encryption Standard. National Bureau of
-Standards, January 1988. FIPS PUB 81: DES Modes of Operation.
-National Bureau of Standards, December 1980. Bruce Schneier: Applied
-Cryptography. John Wiley & Sons, 1994. J. Seberry and J. Pieprzyk:
-Cryptography: An Introduction to Computer Security. Prentice-Hall,
-1989.
-.IP "[GZIP] "
-The GNU GZIP program; available for anonymous ftp at prep.ai.mit.edu.
-Please let me know if you know a paper describing the algorithm.
-.IP "[IDEA] "
-Xuejia Lai: On the Design and Security of Block Ciphers, ETH Series in
-Information Processing, vol. 1, Hartung-Gorre Verlag, Konstanz,
-Switzerland, 1992. Bruce Schneier: Applied Cryptography, John Wiley &
-Sons, 1994. See also the following patents: PCT/CH91/00117, EP 0 482
-154 B1, US Pat. 5,214,703.
-.IP [PKCS#1]
-PKCS #1: RSA Encryption Standard. Version 1.5, RSA Laboratories,
-November 1993. Available for anonymous ftp at ftp.rsa.com.
-.IP [POSIX]
-Portable Operating System Interface (POSIX) - Part 1: Application
-Program Interface (API) [C language], ISO/IEC 9945-1, IEEE Std 1003.1,
-1990.
-.IP [RFC0791]
-J. Postel: Internet Protocol, RFC 791, USC/ISI, September 1981.
-.IP [RFC0793]
-J. Postel: Transmission Control Protocol, RFC 793, USC/ISI, September
-1981.
-.IP [RFC1034]
-P. Mockapetris: Domain Names - Concepts and Facilities, RFC 1034,
-USC/ISI, November 1987.
-.IP [RFC1282]
-B. Kantor: BSD Rlogin, RFC 1258, UCSD, December 1991.
-.IP "[RSA] "
-Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1994. See
-also R. Rivest, A. Shamir, and L. M. Adleman: Cryptographic
-Communications System and Method. US Patent 4,405,829, 1983.
-.IP "[X11] "
-R. Scheifler: X Window System Protocol, X Consortium Standard, Version
-11, Release 6. Massachusetts Institute of Technology, Laboratory of
-Computer Science, 1994.
-.RT
-
-
-.ti 0
-Security Considerations
-
-This protocol deals with the very issue of user authentication and
-security.
-
-First of all, as an implementation issue, the server program will have
-to run as root (or equivalent) on the server machine. This is because
-the server program will need be able to change to an arbitrary user
-id. The server must also be able to create a privileged TCP/IP port.
-
-The client program will need to run as root if any variant of .rhosts
-authentication is to be used. This is because the client program will
-need to create a privileged port. The client host key is also usually
-stored in a file which is readable by root only. The client needs the
-host key in .rhosts authentication only. Root privileges can be
-dropped as soon as the privileged port has been created and the host
-key has been read.
-
-The SSH protocol offers major security advantages over existing telnet
-and rlogin protocols.
-.IP o
-IP spoofing is restricted to closing a connection (by encryption, host
-keys, and the special random cookie). If encryption is not used, IP
-spoofing is possible for those who can hear packets going out from the
-server.
-.IP o
-DNS spoofing is made ineffective (by host keys).
-.IP o
-Routing spoofing is made ineffective (by host keys).
-.IP o
-All data is encrypted with strong algorithms to make eavesdropping as
-difficult as possible. This includes encrypting any authentication
-information such as passwords. The information for decrypting session
-keys is destroyed every hour.
-.IP o
-Strong authentication methods: .rhosts combined with RSA host
-authentication, and pure RSA authentication.
-.IP o
-X11 connections and arbitrary TCP/IP ports can be forwarded securely.
-.IP o
-Man-in-the-middle attacks are deterred by using the server host key to
-encrypt the session key.
-.IP o
-Trojan horses to catch a password by routing manipulation are deterred
-by checking that the host key of the server machine matches that
-stored on the client host.
-.RT
-
-The security of SSH against man-in-the-middle attacks and the security
-of the new form of .rhosts authentication, as well as server host
-validation, depends on the integrity of the host key and the files
-containing known host keys.
-
-The host key is normally stored in a root-readable file. If the host
-key is compromised, it permits attackers to use IP, DNS and routing
-spoofing as with current rlogin and rsh. It should never be any worse
-than the current situation.
-
-The files containing known host keys are not sensitive. However, if an
-attacker gets to modify the known host key files, it has the same
-consequences as a compromised host key, because the attacker can then
-change the recorded host key.
-
-The security improvements obtained by this protocol for X11 are of
-particular significance. Previously, there has been no way to protect
-data communicated between an X server and a client running on a remote
-machine. By creating a fake display on the server, and forwarding all
-X11 requests over the secure channel, SSH can be used to run any X11
-applications securely without any cooperation with the vendors of the
-X server or the application.
-
-Finally, the security of this program relies on the strength of the
-underlying cryptographic algorithms. The RSA algorithm is used for
-authentication key exchange. It is widely believed to be secure. Of
-the algorithms used to encrypt the session, DES has a rather small key
-these days, probably permitting governments and organized criminals to
-break it in very short time with specialized hardware. 3DES is
-probably safe (but slower). IDEA is widely believed to be secure.
-People have varying degrees of confidence in the other algorithms.
-This program is not secure if used with no encryption at all.
-
-
-.ti 0
-Additional Information
-
-Additional information (especially on the implementation and mailing
-lists) is available via WWW at http://www.cs.hut.fi/ssh.
-
-Comments should be sent to Tatu Ylonen <ylo at cs.hut.fi> or the SSH
-Mailing List <ssh at clinet.fi>.
-
-.ti 0
-Author's Address
-
-.TS
-;
-l.
-Tatu Ylonen
-Helsinki University of Technology
-Otakaari 1
-FIN-02150 Espoo, Finland
-
-Phone: +358-0-451-3374
-Fax: +358-0-451-3293
-EMail: ylo at cs.hut.fi
-.TE
Modified: vendor-crypto/openssh/dist/TODO
===================================================================
--- vendor-crypto/openssh/dist/TODO 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/TODO 2013-12-05 12:55:03 UTC (rev 6462)
@@ -83,4 +83,4 @@
- Cygwin
+ Privsep for Pre-auth only (no fd passing)
-$Id: TODO,v 1.1.1.2 2006-02-25 02:34:23 laffer1 Exp $
+$Id: TODO,v 1.58 2004/12/06 11:40:11 dtucker Exp $
Property changes on: vendor-crypto/openssh/dist/TODO
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Deleted: vendor-crypto/openssh/dist/WARNING.RNG
===================================================================
--- vendor-crypto/openssh/dist/WARNING.RNG 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/WARNING.RNG 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,95 +0,0 @@
-This document contains a description of portable OpenSSH's random
-number collection code. An alternate reading of this text could
-well be titled "Why I should pressure my system vendor to supply
-/dev/random in their OS".
-
-Why is this important? OpenSSH depends on good, unpredictable numbers
-for generating keys, performing digital signatures and forming
-cryptographic challenges. If the random numbers that it uses are
-predictable, then the strength of the whole system is compromised.
-
-A particularly pernicious problem arises with DSA keys (used by the
-ssh2 protocol). Performing a DSA signature (which is required for
-authentication), entails the use of a 160 bit random number. If an
-attacker can predict this number, then they can deduce your *private*
-key and impersonate you or your hosts.
-
-If you are using the builtin random number support (configure will
-tell you if this is the case), then read this document in its entirety.
-Alternately, you can use Lutz Jaenicke's PRNGd - a small daemon which
-collects random numbers and makes them available by a socket.
-
-Please also request that your OS vendor provides a kernel-based random
-number collector (/dev/random) in future versions of your operating
-systems by default.
-
-On to the description...
-
-The portable OpenSSH contains random number collection support for
-systems which lack a kernel entropy pool (/dev/random).
-
-This collector (as of 3.1 and beyond) comes as an external application
-that allows the local admin to decide on how to implement entropy
-collection.
-
-The default entropy collector operates by executing the programs listed
-in ($etcdir)/ssh_prng_cmds, reading their output and adding it to the
-PRNG supplied by OpenSSL (which is hash-based). It also stirs in the
-output of several system calls and timings from the execution of the
-programs that it runs.
-
-The ssh_prng_cmds file also specifies a 'rate' for each program. This
-represents the number of bits of randomness per byte of output from
-the specified program.
-
-The random number code will also read and save a seed file to
-~/.ssh/prng_seed. This contents of this file are added to the random
-number generator at startup. The goal here is to maintain as much
-randomness between sessions as possible.
-
-The default entropy collection code has two main problems:
-
-1. It is slow.
-
-Executing each program in the list can take a large amount of time,
-especially on slower machines. Additionally some program can take a
-disproportionate time to execute.
-
-Tuning the random helper can be done by running ./ssh-random-helper in
-very verbose mode ("-vvv") and identifying the commands that are taking
-excessive amounts of time or hanging altogher. Any problem commands can
-be modified or removed from ssh_prng_cmds.
-
-The default entropy collector will timeout programs which take too long
-to execute, the actual timeout used can be adjusted with the
---with-entropy-timeout configure option. OpenSSH will not try to
-re-execute programs which have not been found, have had a non-zero
-exit status or have timed out more than a couple of times.
-
-2. Estimating the real 'rate' of program outputs is non-trivial
-
-The shear volume of the task is problematic: there are currently
-around 50 commands in the ssh_prng_cmds list, portable OpenSSH
-supports at least 12 different OSs. That is already 600 sets of data
-to be analysed, without taking into account the numerous differences
-between versions of each OS.
-
-On top of this, the different commands can produce varying amounts of
-usable data depending on how busy the machine is, how long it has been
-up and various other factors.
-
-To make matters even more complex, some of the commands are reporting
-largely the same data as other commands (eg. the various "ps" calls).
-
-
-How to avoid the default entropy code?
-
-The best way is to read the OpenSSL documentation and recompile OpenSSL
-to use prngd or egd. Some platforms (like earily solaris) have 3rd
-party /dev/random devices that can be also used for this task.
-
-If you are forced to use ssh-rand-helper consider still downloading
-prngd/egd and configure OpenSSH using --with-prngd-port=xx or
---with-prngd-socket=xx (refer to INSTALL for more information).
-
-$Id: WARNING.RNG,v 1.1.1.2 2006-02-25 02:34:23 laffer1 Exp $
Modified: vendor-crypto/openssh/dist/aclocal.m4
===================================================================
--- vendor-crypto/openssh/dist/aclocal.m4 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/aclocal.m4 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,9 +1,34 @@
-dnl $Id: aclocal.m4,v 1.1.1.3 2006-10-03 02:03:02 raven Exp $
+dnl $Id: aclocal.m4,v 1.9 2013/06/02 21:31:27 tim Exp $
dnl
dnl OpenSSH-specific autoconf macros
dnl
+dnl OSSH_CHECK_CFLAG_COMPILE(check_flag[, define_flag])
+dnl Check that $CC accepts a flag 'check_flag'. If it is supported append
+dnl 'define_flag' to $CFLAGS. If 'define_flag' is not specified, then append
+dnl 'check_flag'.
+AC_DEFUN([OSSH_CHECK_CFLAG_COMPILE], [{
+ AC_MSG_CHECKING([if $CC supports $1])
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS $1"
+ _define_flag="$2"
+ test "x$_define_flag" = "x" && _define_flag="$1"
+ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])],
+ [
+if `grep -i "unrecognized option" conftest.err >/dev/null`
+then
+ AC_MSG_RESULT([no])
+ CFLAGS="$saved_CFLAGS"
+else
+ AC_MSG_RESULT([yes])
+ CFLAGS="$saved_CFLAGS $_define_flag"
+fi],
+ [ AC_MSG_RESULT([no])
+ CFLAGS="$saved_CFLAGS" ]
+ )
+}])
+
dnl OSSH_CHECK_HEADER_FOR_FIELD(field, header, symbol)
dnl Does AC_EGREP_HEADER on 'header' for the string 'field'
dnl If found, set 'symbol' to be defined. Cache the result.
@@ -33,16 +58,6 @@
fi
])
-dnl OSSH_PATH_ENTROPY_PROG(variablename, command):
-dnl Tidiness function, sets 'undef' if not found, and does the AC_SUBST
-AC_DEFUN(OSSH_PATH_ENTROPY_PROG, [
- AC_PATH_PROG($1, $2)
- if test -z "[$]$1" ; then
- $1="undef"
- fi
- AC_SUBST($1)
-])
-
dnl Check for socklen_t: historically on BSD it is an int, and in
dnl POSIX 1g it is a type of its own, but some platforms use different
dnl types for the argument to getsockopt, getpeername, etc. So we
Property changes on: vendor-crypto/openssh/dist/aclocal.m4
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Deleted: vendor-crypto/openssh/dist/acss.c
===================================================================
--- vendor-crypto/openssh/dist/acss.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/acss.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,267 +0,0 @@
-/* $Id: acss.c,v 1.1.1.3 2006-10-03 02:03:03 raven Exp $ */
-/*
- * Copyright (c) 2004 The OpenBSD project
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include "includes.h"
-
-#include <string.h>
-
-#include <openssl/evp.h>
-
-#if !defined(EVP_CTRL_SET_ACSS_MODE) && (OPENSSL_VERSION_NUMBER >= 0x00906000L)
-
-#include "acss.h"
-
-/* decryption sbox */
-static unsigned char sboxdec[] = {
- 0x33, 0x73, 0x3b, 0x26, 0x63, 0x23, 0x6b, 0x76,
- 0x3e, 0x7e, 0x36, 0x2b, 0x6e, 0x2e, 0x66, 0x7b,
- 0xd3, 0x93, 0xdb, 0x06, 0x43, 0x03, 0x4b, 0x96,
- 0xde, 0x9e, 0xd6, 0x0b, 0x4e, 0x0e, 0x46, 0x9b,
- 0x57, 0x17, 0x5f, 0x82, 0xc7, 0x87, 0xcf, 0x12,
- 0x5a, 0x1a, 0x52, 0x8f, 0xca, 0x8a, 0xc2, 0x1f,
- 0xd9, 0x99, 0xd1, 0x00, 0x49, 0x09, 0x41, 0x90,
- 0xd8, 0x98, 0xd0, 0x01, 0x48, 0x08, 0x40, 0x91,
- 0x3d, 0x7d, 0x35, 0x24, 0x6d, 0x2d, 0x65, 0x74,
- 0x3c, 0x7c, 0x34, 0x25, 0x6c, 0x2c, 0x64, 0x75,
- 0xdd, 0x9d, 0xd5, 0x04, 0x4d, 0x0d, 0x45, 0x94,
- 0xdc, 0x9c, 0xd4, 0x05, 0x4c, 0x0c, 0x44, 0x95,
- 0x59, 0x19, 0x51, 0x80, 0xc9, 0x89, 0xc1, 0x10,
- 0x58, 0x18, 0x50, 0x81, 0xc8, 0x88, 0xc0, 0x11,
- 0xd7, 0x97, 0xdf, 0x02, 0x47, 0x07, 0x4f, 0x92,
- 0xda, 0x9a, 0xd2, 0x0f, 0x4a, 0x0a, 0x42, 0x9f,
- 0x53, 0x13, 0x5b, 0x86, 0xc3, 0x83, 0xcb, 0x16,
- 0x5e, 0x1e, 0x56, 0x8b, 0xce, 0x8e, 0xc6, 0x1b,
- 0xb3, 0xf3, 0xbb, 0xa6, 0xe3, 0xa3, 0xeb, 0xf6,
- 0xbe, 0xfe, 0xb6, 0xab, 0xee, 0xae, 0xe6, 0xfb,
- 0x37, 0x77, 0x3f, 0x22, 0x67, 0x27, 0x6f, 0x72,
- 0x3a, 0x7a, 0x32, 0x2f, 0x6a, 0x2a, 0x62, 0x7f,
- 0xb9, 0xf9, 0xb1, 0xa0, 0xe9, 0xa9, 0xe1, 0xf0,
- 0xb8, 0xf8, 0xb0, 0xa1, 0xe8, 0xa8, 0xe0, 0xf1,
- 0x5d, 0x1d, 0x55, 0x84, 0xcd, 0x8d, 0xc5, 0x14,
- 0x5c, 0x1c, 0x54, 0x85, 0xcc, 0x8c, 0xc4, 0x15,
- 0xbd, 0xfd, 0xb5, 0xa4, 0xed, 0xad, 0xe5, 0xf4,
- 0xbc, 0xfc, 0xb4, 0xa5, 0xec, 0xac, 0xe4, 0xf5,
- 0x39, 0x79, 0x31, 0x20, 0x69, 0x29, 0x61, 0x70,
- 0x38, 0x78, 0x30, 0x21, 0x68, 0x28, 0x60, 0x71,
- 0xb7, 0xf7, 0xbf, 0xa2, 0xe7, 0xa7, 0xef, 0xf2,
- 0xba, 0xfa, 0xb2, 0xaf, 0xea, 0xaa, 0xe2, 0xff
-};
-
-/* encryption sbox */
-static unsigned char sboxenc[] = {
- 0x33, 0x3b, 0x73, 0x15, 0x53, 0x5b, 0x13, 0x75,
- 0x3d, 0x35, 0x7d, 0x1b, 0x5d, 0x55, 0x1d, 0x7b,
- 0x67, 0x6f, 0x27, 0x81, 0xc7, 0xcf, 0x87, 0x21,
- 0x69, 0x61, 0x29, 0x8f, 0xc9, 0xc1, 0x89, 0x2f,
- 0xe3, 0xeb, 0xa3, 0x05, 0x43, 0x4b, 0x03, 0xa5,
- 0xed, 0xe5, 0xad, 0x0b, 0x4d, 0x45, 0x0d, 0xab,
- 0xea, 0xe2, 0xaa, 0x00, 0x4a, 0x42, 0x0a, 0xa0,
- 0xe8, 0xe0, 0xa8, 0x02, 0x48, 0x40, 0x08, 0xa2,
- 0x3e, 0x36, 0x7e, 0x14, 0x5e, 0x56, 0x1e, 0x74,
- 0x3c, 0x34, 0x7c, 0x16, 0x5c, 0x54, 0x1c, 0x76,
- 0x6a, 0x62, 0x2a, 0x80, 0xca, 0xc2, 0x8a, 0x20,
- 0x68, 0x60, 0x28, 0x82, 0xc8, 0xc0, 0x88, 0x22,
- 0xee, 0xe6, 0xae, 0x04, 0x4e, 0x46, 0x0e, 0xa4,
- 0xec, 0xe4, 0xac, 0x06, 0x4c, 0x44, 0x0c, 0xa6,
- 0xe7, 0xef, 0xa7, 0x01, 0x47, 0x4f, 0x07, 0xa1,
- 0xe9, 0xe1, 0xa9, 0x0f, 0x49, 0x41, 0x09, 0xaf,
- 0x63, 0x6b, 0x23, 0x85, 0xc3, 0xcb, 0x83, 0x25,
- 0x6d, 0x65, 0x2d, 0x8b, 0xcd, 0xc5, 0x8d, 0x2b,
- 0x37, 0x3f, 0x77, 0x11, 0x57, 0x5f, 0x17, 0x71,
- 0x39, 0x31, 0x79, 0x1f, 0x59, 0x51, 0x19, 0x7f,
- 0xb3, 0xbb, 0xf3, 0x95, 0xd3, 0xdb, 0x93, 0xf5,
- 0xbd, 0xb5, 0xfd, 0x9b, 0xdd, 0xd5, 0x9d, 0xfb,
- 0xba, 0xb2, 0xfa, 0x90, 0xda, 0xd2, 0x9a, 0xf0,
- 0xb8, 0xb0, 0xf8, 0x92, 0xd8, 0xd0, 0x98, 0xf2,
- 0x6e, 0x66, 0x2e, 0x84, 0xce, 0xc6, 0x8e, 0x24,
- 0x6c, 0x64, 0x2c, 0x86, 0xcc, 0xc4, 0x8c, 0x26,
- 0x3a, 0x32, 0x7a, 0x10, 0x5a, 0x52, 0x1a, 0x70,
- 0x38, 0x30, 0x78, 0x12, 0x58, 0x50, 0x18, 0x72,
- 0xbe, 0xb6, 0xfe, 0x94, 0xde, 0xd6, 0x9e, 0xf4,
- 0xbc, 0xb4, 0xfc, 0x96, 0xdc, 0xd4, 0x9c, 0xf6,
- 0xb7, 0xbf, 0xf7, 0x91, 0xd7, 0xdf, 0x97, 0xf1,
- 0xb9, 0xb1, 0xf9, 0x9f, 0xd9, 0xd1, 0x99, 0xff
-};
-
-static unsigned char reverse[] = {
- 0x00, 0x80, 0x40, 0xc0, 0x20, 0xa0, 0x60, 0xe0,
- 0x10, 0x90, 0x50, 0xd0, 0x30, 0xb0, 0x70, 0xf0,
- 0x08, 0x88, 0x48, 0xc8, 0x28, 0xa8, 0x68, 0xe8,
- 0x18, 0x98, 0x58, 0xd8, 0x38, 0xb8, 0x78, 0xf8,
- 0x04, 0x84, 0x44, 0xc4, 0x24, 0xa4, 0x64, 0xe4,
- 0x14, 0x94, 0x54, 0xd4, 0x34, 0xb4, 0x74, 0xf4,
- 0x0c, 0x8c, 0x4c, 0xcc, 0x2c, 0xac, 0x6c, 0xec,
- 0x1c, 0x9c, 0x5c, 0xdc, 0x3c, 0xbc, 0x7c, 0xfc,
- 0x02, 0x82, 0x42, 0xc2, 0x22, 0xa2, 0x62, 0xe2,
- 0x12, 0x92, 0x52, 0xd2, 0x32, 0xb2, 0x72, 0xf2,
- 0x0a, 0x8a, 0x4a, 0xca, 0x2a, 0xaa, 0x6a, 0xea,
- 0x1a, 0x9a, 0x5a, 0xda, 0x3a, 0xba, 0x7a, 0xfa,
- 0x06, 0x86, 0x46, 0xc6, 0x26, 0xa6, 0x66, 0xe6,
- 0x16, 0x96, 0x56, 0xd6, 0x36, 0xb6, 0x76, 0xf6,
- 0x0e, 0x8e, 0x4e, 0xce, 0x2e, 0xae, 0x6e, 0xee,
- 0x1e, 0x9e, 0x5e, 0xde, 0x3e, 0xbe, 0x7e, 0xfe,
- 0x01, 0x81, 0x41, 0xc1, 0x21, 0xa1, 0x61, 0xe1,
- 0x11, 0x91, 0x51, 0xd1, 0x31, 0xb1, 0x71, 0xf1,
- 0x09, 0x89, 0x49, 0xc9, 0x29, 0xa9, 0x69, 0xe9,
- 0x19, 0x99, 0x59, 0xd9, 0x39, 0xb9, 0x79, 0xf9,
- 0x05, 0x85, 0x45, 0xc5, 0x25, 0xa5, 0x65, 0xe5,
- 0x15, 0x95, 0x55, 0xd5, 0x35, 0xb5, 0x75, 0xf5,
- 0x0d, 0x8d, 0x4d, 0xcd, 0x2d, 0xad, 0x6d, 0xed,
- 0x1d, 0x9d, 0x5d, 0xdd, 0x3d, 0xbd, 0x7d, 0xfd,
- 0x03, 0x83, 0x43, 0xc3, 0x23, 0xa3, 0x63, 0xe3,
- 0x13, 0x93, 0x53, 0xd3, 0x33, 0xb3, 0x73, 0xf3,
- 0x0b, 0x8b, 0x4b, 0xcb, 0x2b, 0xab, 0x6b, 0xeb,
- 0x1b, 0x9b, 0x5b, 0xdb, 0x3b, 0xbb, 0x7b, 0xfb,
- 0x07, 0x87, 0x47, 0xc7, 0x27, 0xa7, 0x67, 0xe7,
- 0x17, 0x97, 0x57, 0xd7, 0x37, 0xb7, 0x77, 0xf7,
- 0x0f, 0x8f, 0x4f, 0xcf, 0x2f, 0xaf, 0x6f, 0xef,
- 0x1f, 0x9f, 0x5f, 0xdf, 0x3f, 0xbf, 0x7f, 0xff
-};
-
-/*
- * Two linear feedback shift registers are used:
- *
- * lfsr17: polynomial of degree 17, primitive modulo 2 (listed in Schneier)
- * x^15 + x + 1
- * lfsr25: polynomial of degree 25, not know if primitive modulo 2
- * x^13 + x^5 + x^4 + x^1 + 1
- *
- * Output bits are discarded, instead the feedback bits are added to produce
- * the cipher stream. Depending on the mode, feedback bytes may be inverted
- * bit-wise before addition.
- *
- * The lfsrs are seeded with bytes from the raw key:
- *
- * lfsr17: byte 0[0:7] at bit 9
- * byte 1[0:7] at bit 0
- *
- * lfsr25: byte 2[0:4] at bit 16
- * byte 2[5:7] at bit 22
- * byte 3[0:7] at bit 8
- * byte 4[0:7] at bit 0
- *
- * To prevent 0 cycles, 1's are inject at bit 8 in lfrs17 and bit 21 in
- * lfsr25.
- *
- */
-
-int
-acss(ACSS_KEY *key, unsigned long len, const unsigned char *in,
- unsigned char *out)
-{
- unsigned long i;
- unsigned long lfsr17tmp, lfsr25tmp, lfsrsumtmp;
-
- lfsrsumtmp = lfsr17tmp = lfsr25tmp = 0;
-
- /* keystream is sum of lfsrs */
- for (i = 0; i < len; i++) {
- lfsr17tmp = key->lfsr17 ^ (key->lfsr17 >> 14);
- key->lfsr17 = (key->lfsr17 >> 8)
- ^ (lfsr17tmp << 9)
- ^ (lfsr17tmp << 12)
- ^ (lfsr17tmp << 15);
- key->lfsr17 &= 0x1ffff; /* 17 bit LFSR */
-
- lfsr25tmp = key->lfsr25
- ^ (key->lfsr25 >> 3)
- ^ (key->lfsr25 >> 4)
- ^ (key->lfsr25 >> 12);
- key->lfsr25 = (key->lfsr25 >> 8) ^ (lfsr25tmp << 17);
- key->lfsr25 &= 0x1ffffff; /* 25 bit LFSR */
-
- lfsrsumtmp = key->lfsrsum;
-
- /* addition */
- switch (key->mode) {
- case ACSS_AUTHENTICATE:
- case ACSS_DATA:
- key->lfsrsum = 0xff & ~(key->lfsr17 >> 9);
- key->lfsrsum += key->lfsr25 >> 17;
- break;
- case ACSS_SESSIONKEY:
- key->lfsrsum = key->lfsr17 >> 9;
- key->lfsrsum += key->lfsr25 >> 17;
- break;
- case ACSS_TITLEKEY:
- key->lfsrsum = key->lfsr17 >> 9;
- key->lfsrsum += 0xff & ~(key->lfsr25 >> 17);
- break;
- default:
- return 1;
- }
- key->lfsrsum += (lfsrsumtmp >> 8);
-
- if (key->encrypt) {
- out[i] = sboxenc[(in[i] ^ key->lfsrsum) & 0xff];
- } else {
- out[i] = (sboxdec[in[i]] ^ key->lfsrsum) & 0xff;
- }
- }
-
- return 0;
-}
-
-static void
-acss_seed(ACSS_KEY *key)
-{
- int i;
-
- /* if available, mangle with subkey */
- if (key->subkey_avilable) {
- for (i = 0; i < ACSS_KEYSIZE; i++)
- key->seed[i] = reverse[key->data[i] ^ key->subkey[i]];
- } else {
- for (i = 0; i < ACSS_KEYSIZE; i++)
- key->seed[i] = reverse[key->data[i]];
- }
-
- /* seed lfsrs */
- key->lfsr17 = key->seed[1]
- | (key->seed[0] << 9)
- | (1 << 8); /* inject 1 at bit 9 */
- key->lfsr25 = key->seed[4]
- | (key->seed[3] << 8)
- | ((key->seed[2] & 0x1f) << 16)
- | ((key->seed[2] & 0xe0) << 17)
- | (1 << 21); /* inject 1 at bit 22 */
-
- key->lfsrsum = 0;
-}
-
-void
-acss_setkey(ACSS_KEY *key, const unsigned char *data, int enc, int mode)
-{
- memcpy(key->data, data, sizeof(key->data));
- memset(key->subkey, 0, sizeof(key->subkey));
-
- if (enc != -1)
- key->encrypt = enc;
- key->mode = mode;
- key->subkey_avilable = 0;
-
- acss_seed(key);
-}
-
-void
-acss_setsubkey(ACSS_KEY *key, const unsigned char *subkey)
-{
- memcpy(key->subkey, subkey, sizeof(key->subkey));
- key->subkey_avilable = 1;
- acss_seed(key);
-}
-#endif
Deleted: vendor-crypto/openssh/dist/acss.h
===================================================================
--- vendor-crypto/openssh/dist/acss.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/acss.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,47 +0,0 @@
-/* $Id: acss.h,v 1.1.1.2 2006-02-25 02:34:23 laffer1 Exp $ */
-/*
- * Copyright (c) 2004 The OpenBSD project
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#ifndef _ACSS_H_
-#define _ACSS_H_
-
-/* 40bit key */
-#define ACSS_KEYSIZE 5
-
-/* modes of acss */
-#define ACSS_AUTHENTICATE 0
-#define ACSS_SESSIONKEY 1
-#define ACSS_TITLEKEY 2
-#define ACSS_DATA 3
-
-typedef struct acss_key_st {
- unsigned int lfsr17; /* current state of lfsrs */
- unsigned int lfsr25;
- unsigned int lfsrsum;
- unsigned char seed[ACSS_KEYSIZE];
- unsigned char data[ACSS_KEYSIZE];
- unsigned char subkey[ACSS_KEYSIZE];
- int encrypt; /* XXX make these bit flags? */
- int mode;
- int seeded;
- int subkey_avilable;
-} ACSS_KEY;
-
-void acss_setkey(ACSS_KEY *, const unsigned char *, int, int);
-void acss_setsubkey(ACSS_KEY *, const unsigned char *);
-int acss(ACSS_KEY *, unsigned long, const unsigned char *, unsigned char *);
-
-#endif /* ifndef _ACSS_H_ */
Modified: vendor-crypto/openssh/dist/addrmatch.c
===================================================================
--- vendor-crypto/openssh/dist/addrmatch.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/addrmatch.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: addrmatch.c,v 1.5 2010/02/26 20:29:54 djm Exp $ */
+/* $OpenBSD: addrmatch.c,v 1.7 2013/05/17 00:13:13 djm Exp $ */
/*
* Copyright (c) 2004-2008 Damien Miller <djm at mindrot.org>
@@ -318,7 +318,7 @@
char addrbuf[64], *mp, *cp;
/* Don't modify argument */
- if (p == NULL || strlcpy(addrbuf, p, sizeof(addrbuf)) > sizeof(addrbuf))
+ if (p == NULL || strlcpy(addrbuf, p, sizeof(addrbuf)) >= sizeof(addrbuf))
return -1;
if ((mp = strchr(addrbuf, '/')) != NULL) {
@@ -420,7 +420,7 @@
goto foundit;
}
}
- xfree(o);
+ free(o);
return ret;
}
@@ -494,7 +494,7 @@
continue;
}
}
- xfree(o);
+ free(o);
return ret;
}
Property changes on: vendor-crypto/openssh/dist/addrmatch.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Index: vendor-crypto/openssh/dist/atomicio.c
===================================================================
--- vendor-crypto/openssh/dist/atomicio.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/atomicio.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/atomicio.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.6
\ No newline at end of property
Index: vendor-crypto/openssh/dist/atomicio.h
===================================================================
--- vendor-crypto/openssh/dist/atomicio.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/atomicio.h 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/atomicio.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/audit-bsm.c
===================================================================
--- vendor-crypto/openssh/dist/audit-bsm.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/audit-bsm.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $Id: audit-bsm.c,v 1.1.1.7 2011-02-04 14:04:19 laffer1 Exp $ */
+/* $Id: audit-bsm.c,v 1.8 2012/02/23 23:40:43 dtucker Exp $ */
/*
* TODO
@@ -45,6 +45,10 @@
#include <string.h>
#include <unistd.h>
+#ifdef BROKEN_BSM_API
+#include <libscf.h>
+#endif
+
#include "ssh.h"
#include "log.h"
#include "key.h"
@@ -114,6 +118,12 @@
extern Authctxt *the_authctxt;
static AuditInfoTermID ssh_bsm_tid;
+#ifdef BROKEN_BSM_API
+/* For some reason this constant is no longer defined
+ in Solaris 11. */
+#define BSM_TEXTBUFSZ 256
+#endif
+
/* Below is the low-level BSM interface code */
/*
@@ -161,7 +171,66 @@
}
#endif
+#ifdef BROKEN_BSM_API
/*
+ In Solaris 11 the audit daemon has been moved to SMF. In the process
+ they simply dropped getacna() from the API, since it read from a now
+ non-existent config file. This function re-implements getacna() to
+ read from the SMF repository instead.
+ */
+int
+getacna(char *auditstring, int len)
+{
+ scf_handle_t *handle = NULL;
+ scf_property_t *property = NULL;
+ scf_value_t *value = NULL;
+ int ret = 0;
+
+ handle = scf_handle_create(SCF_VERSION);
+ if (handle == NULL)
+ return -2; /* The man page for getacna on Solaris 10 states
+ we should return -2 in case of error and set
+ errno to indicate the error. We don't bother
+ with errno here, though, since the only use
+ of this function below doesn't check for errors
+ anyway.
+ */
+
+ ret = scf_handle_bind(handle);
+ if (ret == -1)
+ return -2;
+
+ property = scf_property_create(handle);
+ if (property == NULL)
+ return -2;
+
+ ret = scf_handle_decode_fmri(handle,
+ "svc:/system/auditd:default/:properties/preselection/naflags",
+ NULL, NULL, NULL, NULL, property, 0);
+ if (ret == -1)
+ return -2;
+
+ value = scf_value_create(handle);
+ if (value == NULL)
+ return -2;
+
+ ret = scf_property_get_value(property, value);
+ if (ret == -1)
+ return -2;
+
+ ret = scf_value_get_astring(value, auditstring, len);
+ if (ret == -1)
+ return -2;
+
+ scf_value_destroy(value);
+ scf_property_destroy(property);
+ scf_handle_destroy(handle);
+
+ return 0;
+}
+#endif
+
+/*
* Check if the specified event is selected (enabled) for auditing.
* Returns 1 if the event is selected, 0 if not and -1 on failure.
*/
@@ -213,7 +282,15 @@
(void) au_write(ad, au_to_text(string));
(void) au_write(ad, AUToReturnFunc(typ, rc));
+#ifdef BROKEN_BSM_API
+ /* The last argument is the event modifier flags. For
+ some seemingly undocumented reason it was added in
+ Solaris 11. */
+ rc = au_close(ad, AU_TO_WRITE, event_no, 0);
+#else
rc = au_close(ad, AU_TO_WRITE, event_no);
+#endif
+
if (rc < 0)
error("BSM audit: %s failed to write \"%s\" record: %s",
__func__, string, strerror(errno));
Property changes on: vendor-crypto/openssh/dist/audit-bsm.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.7
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/audit-linux.c
===================================================================
--- vendor-crypto/openssh/dist/audit-linux.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/audit-linux.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $Id: audit-linux.c,v 1.1.1.1 2011-02-04 14:04:19 laffer1 Exp $ */
+/* $Id: audit-linux.c,v 1.1 2011/01/17 10:15:30 dtucker Exp $ */
/*
* Copyright 2010 Red Hat, Inc. All rights reserved.
Property changes on: vendor-crypto/openssh/dist/audit-linux.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/audit.c
===================================================================
--- vendor-crypto/openssh/dist/audit.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/audit.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $Id: audit.c,v 1.1.1.4 2011-02-04 14:04:19 laffer1 Exp $ */
+/* $Id: audit.c,v 1.6 2011/01/17 10:15:30 dtucker Exp $ */
/*
* Copyright (c) 2004, 2005 Darren Tucker. All rights reserved.
Property changes on: vendor-crypto/openssh/dist/audit.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/audit.h
===================================================================
--- vendor-crypto/openssh/dist/audit.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/audit.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $Id: audit.h,v 1.1.1.4 2011-02-04 14:04:19 laffer1 Exp $ */
+/* $Id: audit.h,v 1.4 2011/01/17 10:15:30 dtucker Exp $ */
/*
* Copyright (c) 2004, 2005 Darren Tucker. All rights reserved.
Property changes on: vendor-crypto/openssh/dist/audit.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Index: vendor-crypto/openssh/dist/auth-bsdauth.c
===================================================================
--- vendor-crypto/openssh/dist/auth-bsdauth.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/auth-bsdauth.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/auth-bsdauth.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/auth-chall.c
===================================================================
--- vendor-crypto/openssh/dist/auth-chall.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/auth-chall.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-chall.c,v 1.12 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: auth-chall.c,v 1.13 2013/05/17 00:13:13 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@@ -69,11 +69,11 @@
fatal("get_challenge: numprompts < 1");
challenge = xstrdup(prompts[0]);
for (i = 0; i < numprompts; i++)
- xfree(prompts[i]);
- xfree(prompts);
- xfree(name);
- xfree(echo_on);
- xfree(info);
+ free(prompts[i]);
+ free(prompts);
+ free(name);
+ free(echo_on);
+ free(info);
return (challenge);
}
@@ -102,11 +102,11 @@
authenticated = 1;
for (i = 0; i < numprompts; i++)
- xfree(prompts[i]);
- xfree(prompts);
- xfree(name);
- xfree(echo_on);
- xfree(info);
+ free(prompts[i]);
+ free(prompts);
+ free(name);
+ free(echo_on);
+ free(info);
break;
}
device->free_ctx(authctxt->kbdintctxt);
Property changes on: vendor-crypto/openssh/dist/auth-chall.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.6
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/auth-krb5.c
===================================================================
--- vendor-crypto/openssh/dist/auth-krb5.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/auth-krb5.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-krb5.c,v 1.19 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: auth-krb5.c,v 1.20 2013/07/20 01:55:13 djm Exp $ */
/*
* Kerberos v5 authentication and ticket-passing routines.
*
@@ -79,6 +79,7 @@
krb5_ccache ccache = NULL;
int len;
char *client, *platform_client;
+ const char *errmsg;
/* get platform-specific kerberos client principal name (if it exists) */
platform_client = platform_krb5_get_principal_name(authctxt->pw->pw_name);
@@ -96,7 +97,12 @@
goto out;
#ifdef HEIMDAL
+# ifdef HAVE_KRB5_CC_NEW_UNIQUE
+ problem = krb5_cc_new_unique(authctxt->krb5_ctx,
+ krb5_mcc_ops.prefix, NULL, &ccache);
+# else
problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_mcc_ops, &ccache);
+# endif
if (problem)
goto out;
@@ -115,8 +121,13 @@
if (problem)
goto out;
+# ifdef HAVE_KRB5_CC_NEW_UNIQUE
+ problem = krb5_cc_new_unique(authctxt->krb5_ctx,
+ krb5_fcc_ops.prefix, NULL, &authctxt->krb5_fwd_ccache);
+# else
problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_fcc_ops,
&authctxt->krb5_fwd_ccache);
+# endif
if (problem)
goto out;
@@ -181,17 +192,19 @@
out:
restore_uid();
- if (platform_client != NULL)
- xfree(platform_client);
+ free(platform_client);
if (problem) {
if (ccache)
krb5_cc_destroy(authctxt->krb5_ctx, ccache);
- if (authctxt->krb5_ctx != NULL && problem!=-1)
- debug("Kerberos password authentication failed: %s",
- krb5_get_err_text(authctxt->krb5_ctx, problem));
- else
+ if (authctxt->krb5_ctx != NULL && problem!=-1) {
+ errmsg = krb5_get_error_message(authctxt->krb5_ctx,
+ problem);
+ debug("Kerberos password authentication failed: %s",
+ errmsg);
+ krb5_free_error_message(authctxt->krb5_ctx, errmsg);
+ } else
debug("Kerberos password authentication failed: %d",
problem);
@@ -226,7 +239,7 @@
#ifndef HEIMDAL
krb5_error_code
ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) {
- int tmpfd, ret;
+ int tmpfd, ret, oerrno;
char ccname[40];
mode_t old_umask;
@@ -237,16 +250,18 @@
old_umask = umask(0177);
tmpfd = mkstemp(ccname + strlen("FILE:"));
+ oerrno = errno;
umask(old_umask);
if (tmpfd == -1) {
- logit("mkstemp(): %.100s", strerror(errno));
- return errno;
+ logit("mkstemp(): %.100s", strerror(oerrno));
+ return oerrno;
}
if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) {
- logit("fchmod(): %.100s", strerror(errno));
+ oerrno = errno;
+ logit("fchmod(): %.100s", strerror(oerrno));
close(tmpfd);
- return errno;
+ return oerrno;
}
close(tmpfd);
Property changes on: vendor-crypto/openssh/dist/auth-krb5.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.6
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/auth-options.c
===================================================================
--- vendor-crypto/openssh/dist/auth-options.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/auth-options.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.c,v 1.54 2010/12/24 21:41:48 djm Exp $ */
+/* $OpenBSD: auth-options.c,v 1.61 2013/11/08 00:39:14 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -72,15 +72,15 @@
while (custom_environment) {
struct envstring *ce = custom_environment;
custom_environment = ce->next;
- xfree(ce->s);
- xfree(ce);
+ free(ce->s);
+ free(ce);
}
if (forced_command) {
- xfree(forced_command);
+ free(forced_command);
forced_command = NULL;
}
if (authorized_principals) {
- xfree(authorized_principals);
+ free(authorized_principals);
authorized_principals = NULL;
}
forced_tun_device = -1;
@@ -149,7 +149,7 @@
if (strncasecmp(opts, cp, strlen(cp)) == 0) {
opts += strlen(cp);
if (forced_command != NULL)
- xfree(forced_command);
+ free(forced_command);
forced_command = xmalloc(strlen(opts) + 1);
i = 0;
while (*opts) {
@@ -167,7 +167,7 @@
file, linenum);
auth_debug_add("%.100s, line %lu: missing end quote",
file, linenum);
- xfree(forced_command);
+ free(forced_command);
forced_command = NULL;
goto bad_option;
}
@@ -180,7 +180,7 @@
if (strncasecmp(opts, cp, strlen(cp)) == 0) {
opts += strlen(cp);
if (authorized_principals != NULL)
- xfree(authorized_principals);
+ free(authorized_principals);
authorized_principals = xmalloc(strlen(opts) + 1);
i = 0;
while (*opts) {
@@ -198,7 +198,7 @@
file, linenum);
auth_debug_add("%.100s, line %lu: missing end quote",
file, linenum);
- xfree(authorized_principals);
+ free(authorized_principals);
authorized_principals = NULL;
goto bad_option;
}
@@ -232,7 +232,7 @@
file, linenum);
auth_debug_add("%.100s, line %lu: missing end quote",
file, linenum);
- xfree(s);
+ free(s);
goto bad_option;
}
s[i] = '\0';
@@ -239,7 +239,7 @@
auth_debug_add("Adding to environment: %.900s", s);
debug("Adding to environment: %.900s", s);
opts++;
- new_envstring = xmalloc(sizeof(struct envstring));
+ new_envstring = xcalloc(1, sizeof(struct envstring));
new_envstring->s = s;
new_envstring->next = custom_environment;
custom_environment = new_envstring;
@@ -269,7 +269,7 @@
file, linenum);
auth_debug_add("%.100s, line %lu: missing end quote",
file, linenum);
- xfree(patterns);
+ free(patterns);
goto bad_option;
}
patterns[i] = '\0';
@@ -277,7 +277,7 @@
switch (match_host_and_ip(remote_host, remote_ip,
patterns)) {
case 1:
- xfree(patterns);
+ free(patterns);
/* Host name matches. */
goto next_option;
case -1:
@@ -287,7 +287,7 @@
"invalid criteria", file, linenum);
/* FALLTHROUGH */
case 0:
- xfree(patterns);
+ free(patterns);
logit("Authentication tried for %.100s with "
"correct key but not from a permitted "
"host (host=%.200s, ip=%.200s).",
@@ -323,7 +323,7 @@
file, linenum);
auth_debug_add("%.100s, line %lu: missing "
"end quote", file, linenum);
- xfree(patterns);
+ free(patterns);
goto bad_option;
}
patterns[i] = '\0';
@@ -337,21 +337,21 @@
auth_debug_add("%.100s, line %lu: "
"Bad permitopen specification", file,
linenum);
- xfree(patterns);
+ free(patterns);
goto bad_option;
}
host = cleanhostname(host);
- if (p == NULL || (port = a2port(p)) <= 0) {
+ if (p == NULL || (port = permitopen_port(p)) < 0) {
debug("%.100s, line %lu: Bad permitopen port "
"<%.100s>", file, linenum, p ? p : "");
auth_debug_add("%.100s, line %lu: "
"Bad permitopen port", file, linenum);
- xfree(patterns);
+ free(patterns);
goto bad_option;
}
- if (options.allow_tcp_forwarding)
+ if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0)
channel_add_permitted_opens(host, port);
- xfree(patterns);
+ free(patterns);
goto next_option;
}
cp = "tunnel=\"";
@@ -370,13 +370,13 @@
file, linenum);
auth_debug_add("%.100s, line %lu: missing end quote",
file, linenum);
- xfree(tun);
+ free(tun);
forced_tun_device = -1;
goto bad_option;
}
tun[i] = '\0';
forced_tun_device = a2tun(tun, NULL);
- xfree(tun);
+ free(tun);
if (forced_tun_device == SSH_TUNID_ERR) {
debug("%.100s, line %lu: invalid tun device",
file, linenum);
@@ -432,7 +432,8 @@
{
char *command, *allowed;
const char *remote_ip;
- u_char *name = NULL, *data_blob = NULL;
+ char *name = NULL;
+ u_char *data_blob = NULL;
u_int nlen, dlen, clen;
Buffer c, data;
int ret = -1, found;
@@ -452,10 +453,6 @@
buffer_append(&data, data_blob, dlen);
debug3("found certificate option \"%.100s\" len %u",
name, dlen);
- if (strlen(name) != nlen) {
- error("Certificate constraint name contains \\0");
- goto out;
- }
found = 0;
if ((which & OPTIONS_EXTENSIONS) != 0) {
if (strcmp(name, "permit-X11-forwarding") == 0) {
@@ -485,15 +482,10 @@
"corrupt", name);
goto out;
}
- if (strlen(command) != clen) {
- error("force-command constraint "
- "contains \\0");
- goto out;
- }
if (*cert_forced_command != NULL) {
error("Certificate has multiple "
"force-command options");
- xfree(command);
+ free(command);
goto out;
}
*cert_forced_command = command;
@@ -506,15 +498,10 @@
"\"%s\" corrupt", name);
goto out;
}
- if (strlen(allowed) != clen) {
- error("source-address constraint "
- "contains \\0");
- goto out;
- }
if ((*cert_source_address_done)++) {
error("Certificate has multiple "
"source-address options");
- xfree(allowed);
+ free(allowed);
goto out;
}
remote_ip = get_remote_ipaddr();
@@ -522,7 +509,7 @@
allowed)) {
case 1:
/* accepted */
- xfree(allowed);
+ free(allowed);
break;
case 0:
/* no match */
@@ -535,12 +522,12 @@
"is not permitted to use this "
"certificate for login.",
remote_ip);
- xfree(allowed);
+ free(allowed);
goto out;
case -1:
error("Certificate source-address "
"contents invalid");
- xfree(allowed);
+ free(allowed);
goto out;
}
found = 1;
@@ -562,9 +549,10 @@
goto out;
}
buffer_clear(&data);
- xfree(name);
- xfree(data_blob);
- name = data_blob = NULL;
+ free(name);
+ free(data_blob);
+ name = NULL;
+ data_blob = NULL;
}
/* successfully parsed all options */
ret = 0;
@@ -573,13 +561,13 @@
if (ret != 0 &&
cert_forced_command != NULL &&
*cert_forced_command != NULL) {
- xfree(*cert_forced_command);
+ free(*cert_forced_command);
*cert_forced_command = NULL;
}
if (name != NULL)
- xfree(name);
+ free(name);
if (data_blob != NULL)
- xfree(data_blob);
+ free(data_blob);
buffer_free(&data);
buffer_free(&c);
return ret;
@@ -641,7 +629,7 @@
/* CA-specified forced command supersedes key option */
if (cert_forced_command != NULL) {
if (forced_command != NULL)
- xfree(forced_command);
+ free(forced_command);
forced_command = cert_forced_command;
}
return 0;
Property changes on: vendor-crypto/openssh/dist/auth-options.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.6
\ No newline at end of property
Index: vendor-crypto/openssh/dist/auth-options.h
===================================================================
--- vendor-crypto/openssh/dist/auth-options.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/auth-options.h 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/auth-options.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/auth-pam.c
===================================================================
--- vendor-crypto/openssh/dist/auth-pam.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/auth-pam.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -412,10 +412,9 @@
fail:
for(i = 0; i < n; i++) {
- if (reply[i].resp != NULL)
- xfree(reply[i].resp);
+ free(reply[i].resp);
}
- xfree(reply);
+ free(reply);
buffer_free(&buffer);
return (PAM_CONV_ERR);
}
@@ -586,10 +585,9 @@
fail:
for(i = 0; i < n; i++) {
- if (reply[i].resp != NULL)
- xfree(reply[i].resp);
+ free(reply[i].resp);
}
- xfree(reply);
+ free(reply);
return (PAM_CONV_ERR);
}
@@ -693,7 +691,7 @@
/* Start the authentication thread */
if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, socks) == -1) {
error("PAM: failed create sockets: %s", strerror(errno));
- xfree(ctxt);
+ free(ctxt);
return (NULL);
}
ctxt->pam_psock = socks[0];
@@ -703,7 +701,7 @@
strerror(errno));
close(socks[0]);
close(socks[1]);
- xfree(ctxt);
+ free(ctxt);
return (NULL);
}
cleanup_ctxt = ctxt;
@@ -742,7 +740,7 @@
strlcpy(**prompts + plen, msg, len - plen);
plen += mlen;
**echo_on = (type == PAM_PROMPT_ECHO_ON);
- xfree(msg);
+ free(msg);
return (0);
case PAM_ERROR_MSG:
case PAM_TEXT_INFO:
@@ -753,7 +751,7 @@
plen += mlen;
strlcat(**prompts + plen, "\n", len - plen);
plen++;
- xfree(msg);
+ free(msg);
break;
case PAM_ACCT_EXPIRED:
sshpam_account_status = 0;
@@ -766,7 +764,7 @@
*num = 0;
**echo_on = 0;
ctxt->pam_done = -1;
- xfree(msg);
+ free(msg);
return 0;
}
/* FALLTHROUGH */
@@ -776,7 +774,7 @@
debug("PAM: %s", **prompts);
buffer_append(&loginmsg, **prompts,
strlen(**prompts));
- xfree(**prompts);
+ free(**prompts);
**prompts = NULL;
}
if (type == PAM_SUCCESS) {
@@ -790,7 +788,7 @@
*num = 0;
**echo_on = 0;
ctxt->pam_done = 1;
- xfree(msg);
+ free(msg);
return (0);
}
error("PAM: %s for %s%.100s from %.100s", msg,
@@ -801,7 +799,7 @@
default:
*num = 0;
**echo_on = 0;
- xfree(msg);
+ free(msg);
ctxt->pam_done = -1;
return (-1);
}
@@ -852,7 +850,7 @@
debug3("PAM: %s entering", __func__);
sshpam_thread_cleanup();
- xfree(ctxt);
+ free(ctxt);
/*
* We don't call sshpam_cleanup() here because we may need the PAM
* handle at a later stage, e.g. when setting up a session. It's
@@ -1006,10 +1004,9 @@
fail:
for(i = 0; i < n; i++) {
- if (reply[i].resp != NULL)
- xfree(reply[i].resp);
+ free(reply[i].resp);
}
- xfree(reply);
+ free(reply);
return (PAM_CONV_ERR);
}
@@ -1081,7 +1078,7 @@
snprintf(compound, len, "%s=%s", name, value);
ret = pam_putenv(sshpam_handle, compound);
- xfree(compound);
+ free(compound);
#endif
return (ret);
@@ -1108,8 +1105,8 @@
return;
for (envp = env; *envp; envp++)
- xfree(*envp);
- xfree(env);
+ free(*envp);
+ free(env);
}
/*
@@ -1165,10 +1162,9 @@
fail:
for(i = 0; i < n; i++) {
- if (reply[i].resp != NULL)
- xfree(reply[i].resp);
+ free(reply[i].resp);
}
- xfree(reply);
+ free(reply);
return (PAM_CONV_ERR);
}
Property changes on: vendor-crypto/openssh/dist/auth-pam.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.7
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/auth-pam.h
===================================================================
--- vendor-crypto/openssh/dist/auth-pam.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/auth-pam.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $Id: auth-pam.h,v 1.1.1.5 2007-03-13 21:36:54 laffer1 Exp $ */
+/* $Id: auth-pam.h,v 1.27 2004/09/11 12:17:26 dtucker Exp $ */
/*
* Copyright (c) 2000 Damien Miller. All rights reserved.
Property changes on: vendor-crypto/openssh/dist/auth-pam.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/auth-passwd.c
===================================================================
--- vendor-crypto/openssh/dist/auth-passwd.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/auth-passwd.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -209,6 +209,7 @@
* Authentication is accepted if the encrypted passwords
* are identical.
*/
- return (strcmp(encrypted_password, pw_password) == 0);
+ return encrypted_password != NULL &&
+ strcmp(encrypted_password, pw_password) == 0;
}
#endif
Property changes on: vendor-crypto/openssh/dist/auth-passwd.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.8
\ No newline at end of property
Index: vendor-crypto/openssh/dist/auth-rh-rsa.c
===================================================================
--- vendor-crypto/openssh/dist/auth-rh-rsa.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/auth-rh-rsa.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/auth-rh-rsa.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Index: vendor-crypto/openssh/dist/auth-rhosts.c
===================================================================
--- vendor-crypto/openssh/dist/auth-rhosts.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/auth-rhosts.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/auth-rhosts.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/auth-rsa.c
===================================================================
--- vendor-crypto/openssh/dist/auth-rsa.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/auth-rsa.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-rsa.c,v 1.79 2010/12/03 23:55:27 djm Exp $ */
+/* $OpenBSD: auth-rsa.c,v 1.85 2013/07/12 00:19:58 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -160,44 +160,26 @@
return (success);
}
-/*
- * check if there's user key matching client_n,
- * return key if login is allowed, NULL otherwise
- */
-
-int
-auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
+static int
+rsa_key_allowed_in_file(struct passwd *pw, char *file,
+ const BIGNUM *client_n, Key **rkey)
{
- char line[SSH_MAX_PUBKEY_BYTES], *file;
- int allowed = 0;
- u_int bits;
+ char *fp, line[SSH_MAX_PUBKEY_BYTES];
+ int allowed = 0, bits;
FILE *f;
u_long linenum = 0;
Key *key;
- /* Temporarily use the user's uid. */
- temporarily_use_uid(pw);
-
- /* The authorized keys. */
- file = authorized_keys_file(pw);
debug("trying public RSA key file %s", file);
- f = auth_openkeyfile(file, pw, options.strict_modes);
- if (!f) {
- xfree(file);
- restore_uid();
- return (0);
- }
+ if ((f = auth_openkeyfile(file, pw, options.strict_modes)) == NULL)
+ return 0;
- /* Flag indicating whether the key is allowed. */
- allowed = 0;
-
- key = key_new(KEY_RSA1);
-
/*
* Go though the accepted keys, looking for the current key. If
* found, perform a challenge-response dialog to verify that the
* user really has the corresponding private key.
*/
+ key = key_new(KEY_RSA1);
while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
char *cp;
char *key_options;
@@ -235,17 +217,25 @@
}
/* cp now points to the comment part. */
- /* Check if the we have found the desired key (identified by its modulus). */
+ /*
+ * Check if the we have found the desired key (identified
+ * by its modulus).
+ */
if (BN_cmp(key->rsa->n, client_n) != 0)
continue;
/* check the real bits */
keybits = BN_num_bits(key->rsa->n);
- if (keybits < 0 || bits != (u_int)keybits)
+ if (keybits < 0 || bits != keybits)
logit("Warning: %s, line %lu: keysize mismatch: "
"actual %d vs. announced %d.",
file, linenum, BN_num_bits(key->rsa->n), bits);
+ fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
+ debug("matching key found: file %s, line %lu %s %s",
+ file, linenum, key_type(key), fp);
+ free(fp);
+
/* Never accept a revoked key */
if (auth_key_is_revoked(key))
break;
@@ -264,11 +254,7 @@
break;
}
- /* Restore the privileged uid. */
- restore_uid();
-
/* Close the file. */
- xfree(file);
fclose(f);
/* return key if allowed */
@@ -276,10 +262,38 @@
*rkey = key;
else
key_free(key);
- return (allowed);
+
+ return allowed;
}
/*
+ * check if there's user key matching client_n,
+ * return key if login is allowed, NULL otherwise
+ */
+
+int
+auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
+{
+ char *file;
+ u_int i, allowed = 0;
+
+ temporarily_use_uid(pw);
+
+ for (i = 0; !allowed && i < options.num_authkeys_files; i++) {
+ if (strcasecmp(options.authorized_keys_files[i], "none") == 0)
+ continue;
+ file = expand_authorized_keys(
+ options.authorized_keys_files[i], pw);
+ allowed = rsa_key_allowed_in_file(pw, file, client_n, rkey);
+ free(file);
+ }
+
+ restore_uid();
+
+ return allowed;
+}
+
+/*
* Performs the RSA authentication dialog with the client. This returns
* 0 if the client could not be authenticated, and 1 if authentication was
* successful. This may exit if there is a serious protocol violation.
@@ -288,7 +302,6 @@
auth_rsa(Authctxt *authctxt, BIGNUM *client_n)
{
Key *key;
- char *fp;
struct passwd *pw = authctxt->pw;
/* no user given */
@@ -318,11 +331,7 @@
* options; this will be reset if the options cause the
* authentication to be rejected.
*/
- fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
- verbose("Found matching %s key: %s",
- key_type(key), fp);
- xfree(fp);
- key_free(key);
+ pubkey_auth_info(authctxt, key, NULL);
packet_send_debug("RSA authentication accepted.");
return (1);
Property changes on: vendor-crypto/openssh/dist/auth-rsa.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.6
\ No newline at end of property
Index: vendor-crypto/openssh/dist/auth-shadow.c
===================================================================
--- vendor-crypto/openssh/dist/auth-shadow.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/auth-shadow.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/auth-shadow.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Index: vendor-crypto/openssh/dist/auth-sia.c
===================================================================
--- vendor-crypto/openssh/dist/auth-sia.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/auth-sia.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/auth-sia.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Index: vendor-crypto/openssh/dist/auth-sia.h
===================================================================
--- vendor-crypto/openssh/dist/auth-sia.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/auth-sia.h 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/auth-sia.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/auth-skey.c
===================================================================
--- vendor-crypto/openssh/dist/auth-skey.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/auth-skey.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -39,6 +39,7 @@
#include "hostfile.h"
#include "auth.h"
#include "ssh-gss.h"
+#include "log.h"
#include "monitor_wrap.h"
static void *
Property changes on: vendor-crypto/openssh/dist/auth-skey.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/auth.c
===================================================================
--- vendor-crypto/openssh/dist/auth.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/auth.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.91 2010/11/29 23:45:51 djm Exp $ */
+/* $OpenBSD: auth.c,v 1.103 2013/05/19 02:42:42 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -71,6 +71,8 @@
#endif
#include "authfile.h"
#include "monitor_wrap.h"
+#include "krl.h"
+#include "compat.h"
/* import */
extern ServerOptions options;
@@ -164,7 +166,7 @@
if (stat(shell, &st) != 0) {
logit("User %.100s not allowed because shell %.100s "
"does not exist", pw->pw_name, shell);
- xfree(shell);
+ free(shell);
return 0;
}
if (S_ISREG(st.st_mode) == 0 ||
@@ -171,10 +173,10 @@
(st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) {
logit("User %.100s not allowed because shell %.100s "
"is not executable", pw->pw_name, shell);
- xfree(shell);
+ free(shell);
return 0;
}
- xfree(shell);
+ free(shell);
}
if (options.num_deny_users > 0 || options.num_allow_users > 0 ||
@@ -251,8 +253,26 @@
}
void
-auth_log(Authctxt *authctxt, int authenticated, char *method, char *info)
+auth_info(Authctxt *authctxt, const char *fmt, ...)
{
+ va_list ap;
+ int i;
+
+ free(authctxt->info);
+ authctxt->info = NULL;
+
+ va_start(ap, fmt);
+ i = vasprintf(&authctxt->info, fmt, ap);
+ va_end(ap);
+
+ if (i < 0 || authctxt->info == NULL)
+ fatal("vasprintf failed");
+}
+
+void
+auth_log(Authctxt *authctxt, int authenticated, int partial,
+ const char *method, const char *submethod)
+{
void (*authlog) (const char *fmt,...) = verbose;
char *authmsg;
@@ -268,17 +288,24 @@
if (authctxt->postponed)
authmsg = "Postponed";
+ else if (partial)
+ authmsg = "Partial";
else
authmsg = authenticated ? "Accepted" : "Failed";
- authlog("%s %s for %s%.100s from %.200s port %d%s",
+ authlog("%s %s%s%s for %s%.100s from %.200s port %d %s%s%s",
authmsg,
method,
+ submethod != NULL ? "/" : "", submethod == NULL ? "" : submethod,
authctxt->valid ? "" : "invalid user ",
authctxt->user,
get_remote_ipaddr(),
get_remote_port(),
- info);
+ compat20 ? "ssh2" : "ssh1",
+ authctxt->info != NULL ? ": " : "",
+ authctxt->info != NULL ? authctxt->info : "");
+ free(authctxt->info);
+ authctxt->info = NULL;
#ifdef CUSTOM_FAILED_LOGIN
if (authenticated == 0 && !authctxt->postponed &&
@@ -303,7 +330,7 @@
* Check whether root logins are disallowed.
*/
int
-auth_root_allowed(char *method)
+auth_root_allowed(const char *method)
{
switch (options.permit_root_login) {
case PERMIT_YES:
@@ -331,7 +358,7 @@
*
* This returns a buffer allocated by xmalloc.
*/
-static char *
+char *
expand_authorized_keys(const char *filename, struct passwd *pw)
{
char *file, ret[MAXPATHLEN];
@@ -350,26 +377,15 @@
i = snprintf(ret, sizeof(ret), "%s/%s", pw->pw_dir, file);
if (i < 0 || (size_t)i >= sizeof(ret))
fatal("expand_authorized_keys: path too long");
- xfree(file);
+ free(file);
return (xstrdup(ret));
}
char *
-authorized_keys_file(struct passwd *pw)
-{
- return expand_authorized_keys(options.authorized_keys_file, pw);
-}
-
-char *
-authorized_keys_file2(struct passwd *pw)
-{
- return expand_authorized_keys(options.authorized_keys_file2, pw);
-}
-
-char *
authorized_principals_file(struct passwd *pw)
{
- if (options.authorized_principals_file == NULL)
+ if (options.authorized_principals_file == NULL ||
+ strcasecmp(options.authorized_principals_file, "none") == 0)
return NULL;
return expand_authorized_keys(options.authorized_principals_file, pw);
}
@@ -403,7 +419,7 @@
load_hostkeys(hostkeys, host, user_hostfile);
restore_uid();
}
- xfree(user_hostfile);
+ free(user_hostfile);
}
host_status = check_key_in_hostkeys(hostkeys, key, &found);
if (host_status == HOST_REVOKED)
@@ -420,41 +436,42 @@
return host_status;
}
-
/*
- * Check a given file for security. This is defined as all components
+ * Check a given path for security. This is defined as all components
* of the path to the file must be owned by either the owner of
* of the file or root and no directories must be group or world writable.
*
* XXX Should any specific check be done for sym links ?
*
- * Takes an open file descriptor, the file name, a uid and and
+ * Takes a file name, its stat information (preferably from fstat() to
+ * avoid races), the uid of the expected owner, their home directory and an
* error buffer plus max size as arguments.
*
* Returns 0 on success and -1 on failure
*/
-static int
-secure_filename(FILE *f, const char *file, struct passwd *pw,
- char *err, size_t errlen)
+int
+auth_secure_path(const char *name, struct stat *stp, const char *pw_dir,
+ uid_t uid, char *err, size_t errlen)
{
- uid_t uid = pw->pw_uid;
char buf[MAXPATHLEN], homedir[MAXPATHLEN];
char *cp;
int comparehome = 0;
struct stat st;
- if (realpath(file, buf) == NULL) {
- snprintf(err, errlen, "realpath %s failed: %s", file,
+ if (realpath(name, buf) == NULL) {
+ snprintf(err, errlen, "realpath %s failed: %s", name,
strerror(errno));
return -1;
}
- if (realpath(pw->pw_dir, homedir) != NULL)
+ if (pw_dir != NULL && realpath(pw_dir, homedir) != NULL)
comparehome = 1;
- /* check the open file to avoid races */
- if (fstat(fileno(f), &st) < 0 ||
- (st.st_uid != 0 && st.st_uid != uid) ||
- (st.st_mode & 022) != 0) {
+ if (!S_ISREG(stp->st_mode)) {
+ snprintf(err, errlen, "%s is not a regular file", buf);
+ return -1;
+ }
+ if ((!platform_sys_dir_uid(stp->st_uid) && stp->st_uid != uid) ||
+ (stp->st_mode & 022) != 0) {
snprintf(err, errlen, "bad ownership or modes for file %s",
buf);
return -1;
@@ -468,9 +485,8 @@
}
strlcpy(buf, cp, sizeof(buf));
- debug3("secure_filename: checking '%s'", buf);
if (stat(buf, &st) < 0 ||
- (st.st_uid != 0 && st.st_uid != uid) ||
+ (!platform_sys_dir_uid(st.st_uid) && st.st_uid != uid) ||
(st.st_mode & 022) != 0) {
snprintf(err, errlen,
"bad ownership or modes for directory %s", buf);
@@ -478,11 +494,9 @@
}
/* If are past the homedir then we can stop */
- if (comparehome && strcmp(homedir, buf) == 0) {
- debug3("secure_filename: terminating check at '%s'",
- buf);
+ if (comparehome && strcmp(homedir, buf) == 0)
break;
- }
+
/*
* dirname should always complete with a "/" path,
* but we can be paranoid and check for "." too
@@ -493,6 +507,27 @@
return 0;
}
+/*
+ * Version of secure_path() that accepts an open file descriptor to
+ * avoid races.
+ *
+ * Returns 0 on success and -1 on failure
+ */
+static int
+secure_filename(FILE *f, const char *file, struct passwd *pw,
+ char *err, size_t errlen)
+{
+ struct stat st;
+
+ /* check the open file to avoid races */
+ if (fstat(fileno(f), &st) < 0) {
+ snprintf(err, errlen, "cannot stat file %s: %s",
+ file, strerror(errno));
+ return -1;
+ }
+ return auth_secure_path(file, &st, pw->pw_dir, pw->pw_uid, err, errlen);
+}
+
static FILE *
auth_openfile(const char *file, struct passwd *pw, int strict_modes,
int log_missing, char *file_type)
@@ -559,9 +594,10 @@
#endif
#endif
struct passwd *pw;
+ struct connection_info *ci = get_connection_info(1, options.use_dns);
- parse_server_match_config(&options, user,
- get_canonical_hostname(options.use_dns), get_remote_ipaddr());
+ ci->user = user;
+ parse_server_match_config(&options, ci);
#if defined(_AIX) && defined(HAVE_SETAUTHDB)
aix_setauthdb(user);
@@ -627,7 +663,16 @@
if (options.revoked_keys_file == NULL)
return 0;
-
+ switch (ssh_krl_file_contains_key(options.revoked_keys_file, key)) {
+ case 0:
+ return 0; /* Not revoked */
+ case -2:
+ break; /* Not a KRL */
+ default:
+ goto revoked;
+ }
+ debug3("%s: treating %s as a key list", __func__,
+ options.revoked_keys_file);
switch (key_in_file(key, options.revoked_keys_file, 0)) {
case 0:
/* key not revoked */
@@ -638,11 +683,12 @@
"authentication");
return 1;
case 1:
+ revoked:
/* Key revoked */
key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
error("WARNING: authentication attempt with a revoked "
"%s key %s ", key_type(key), key_fp);
- xfree(key_fp);
+ free(key_fp);
return 1;
}
fatal("key_in_file returned junk");
@@ -673,7 +719,7 @@
while (buffer_len(&auth_debug)) {
msg = buffer_get_string(&auth_debug, NULL);
packet_send_debug("%s", msg);
- xfree(msg);
+ free(msg);
}
}
@@ -697,10 +743,12 @@
fake.pw_name = "NOUSER";
fake.pw_passwd =
"$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK";
+#ifdef HAVE_STRUCT_PASSWD_PW_GECOS
fake.pw_gecos = "NOUSER";
+#endif
fake.pw_uid = privsep_pw == NULL ? (uid_t)-1 : privsep_pw->pw_uid;
fake.pw_gid = privsep_pw == NULL ? (gid_t)-1 : privsep_pw->pw_gid;
-#ifdef HAVE_PW_CLASS_IN_PASSWD
+#ifdef HAVE_STRUCT_PASSWD_PW_CLASS
fake.pw_class = "";
#endif
fake.pw_dir = "/nonexist";
Property changes on: vendor-crypto/openssh/dist/auth.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.8
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/auth.h
===================================================================
--- vendor-crypto/openssh/dist/auth.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/auth.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.h,v 1.66 2010/05/07 11:30:29 djm Exp $ */
+/* $OpenBSD: auth.h,v 1.76 2013/07/19 07:37:48 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -53,6 +53,7 @@
int valid; /* user exists and is allowed to login */
int attempt;
int failures;
+ int server_caused_failure;
int force_pwchange;
char *user; /* username sent by the client */
char *service;
@@ -59,10 +60,13 @@
struct passwd *pw; /* set if 'valid' */
char *style;
void *kbdintctxt;
+ char *info; /* Extra info for next auth_log */
void *jpake_ctx;
#ifdef BSD_AUTH
auth_session_t *as;
#endif
+ char **auth_methods; /* modified from server config */
+ u_int num_auth_methods;
#ifdef KRB5
krb5_context krb5_ctx;
krb5_ccache krb5_fwd_ccache;
@@ -118,7 +122,13 @@
int auth_rhosts_rsa_key_allowed(struct passwd *, char *, char *, Key *);
int hostbased_key_allowed(struct passwd *, const char *, char *, Key *);
int user_key_allowed(struct passwd *, Key *);
+void pubkey_auth_info(Authctxt *, const Key *, const char *, ...)
+ __attribute__((__format__ (printf, 3, 4)));
+struct stat;
+int auth_secure_path(const char *, struct stat *, const char *, uid_t,
+ char *, size_t);
+
#ifdef KRB5
int auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client, krb5_data *);
int auth_krb5_tgt(Authctxt *authctxt, krb5_data *tgt);
@@ -141,12 +151,20 @@
void do_authentication(Authctxt *);
void do_authentication2(Authctxt *);
-void auth_log(Authctxt *, int, char *, char *);
-void userauth_finish(Authctxt *, int, char *);
+void auth_info(Authctxt *authctxt, const char *, ...)
+ __attribute__((__format__ (printf, 2, 3)))
+ __attribute__((__nonnull__ (2)));
+void auth_log(Authctxt *, int, int, const char *, const char *);
+void userauth_finish(Authctxt *, int, const char *, const char *);
+int auth_root_allowed(const char *);
+
void userauth_send_banner(const char *);
-int auth_root_allowed(char *);
char *auth2_read_banner(void);
+int auth2_methods_valid(const char *, int);
+int auth2_update_methods_lists(Authctxt *, const char *, const char *);
+int auth2_setup_methods_lists(Authctxt *);
+int auth2_method_allowed(Authctxt *, const char *, const char *);
void privsep_challenge_enable(void);
@@ -167,8 +185,7 @@
int verify_response(Authctxt *, const char *);
void abandon_challenge_response(Authctxt *);
-char *authorized_keys_file(struct passwd *);
-char *authorized_keys_file2(struct passwd *);
+char *expand_authorized_keys(const char *, struct passwd *pw);
char *authorized_principals_file(struct passwd *);
FILE *auth_openkeyfile(const char *, struct passwd *, int);
@@ -181,10 +198,12 @@
/* hostkey handling */
Key *get_hostkey_by_index(int);
+Key *get_hostkey_public_by_index(int);
Key *get_hostkey_public_by_type(int);
Key *get_hostkey_private_by_type(int);
int get_hostkey_index(Key *);
int ssh1_session_key(BIGNUM *);
+void sshd_hostkey_sign(Key *, Key *, u_char **, u_int *, u_char *, u_int);
/* debug messages during authentication */
void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2)));
Property changes on: vendor-crypto/openssh/dist/auth.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.8
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/auth1.c
===================================================================
--- vendor-crypto/openssh/dist/auth1.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/auth1.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth1.c,v 1.75 2010/08/31 09:58:37 djm Exp $ */
+/* $OpenBSD: auth1.c,v 1.79 2013/05/19 02:42:42 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -45,11 +45,11 @@
extern ServerOptions options;
extern Buffer loginmsg;
-static int auth1_process_password(Authctxt *, char *, size_t);
-static int auth1_process_rsa(Authctxt *, char *, size_t);
-static int auth1_process_rhosts_rsa(Authctxt *, char *, size_t);
-static int auth1_process_tis_challenge(Authctxt *, char *, size_t);
-static int auth1_process_tis_response(Authctxt *, char *, size_t);
+static int auth1_process_password(Authctxt *);
+static int auth1_process_rsa(Authctxt *);
+static int auth1_process_rhosts_rsa(Authctxt *);
+static int auth1_process_tis_challenge(Authctxt *);
+static int auth1_process_tis_response(Authctxt *);
static char *client_user = NULL; /* Used to fill in remote user for PAM */
@@ -57,7 +57,7 @@
int type;
char *name;
int *enabled;
- int (*method)(Authctxt *, char *, size_t);
+ int (*method)(Authctxt *);
};
const struct AuthMethod1 auth1_methods[] = {
@@ -112,7 +112,7 @@
/*ARGSUSED*/
static int
-auth1_process_password(Authctxt *authctxt, char *info, size_t infolen)
+auth1_process_password(Authctxt *authctxt)
{
int authenticated = 0;
char *password;
@@ -130,7 +130,7 @@
authenticated = PRIVSEP(auth_password(authctxt, password));
memset(password, 0, dlen);
- xfree(password);
+ free(password);
return (authenticated);
}
@@ -137,7 +137,7 @@
/*ARGSUSED*/
static int
-auth1_process_rsa(Authctxt *authctxt, char *info, size_t infolen)
+auth1_process_rsa(Authctxt *authctxt)
{
int authenticated = 0;
BIGNUM *n;
@@ -155,7 +155,7 @@
/*ARGSUSED*/
static int
-auth1_process_rhosts_rsa(Authctxt *authctxt, char *info, size_t infolen)
+auth1_process_rhosts_rsa(Authctxt *authctxt)
{
int keybits, authenticated = 0;
u_int bits;
@@ -187,7 +187,7 @@
client_host_key);
key_free(client_host_key);
- snprintf(info, infolen, " ruser %.100s", client_user);
+ auth_info(authctxt, "ruser %.100s", client_user);
return (authenticated);
}
@@ -194,7 +194,7 @@
/*ARGSUSED*/
static int
-auth1_process_tis_challenge(Authctxt *authctxt, char *info, size_t infolen)
+auth1_process_tis_challenge(Authctxt *authctxt)
{
char *challenge;
@@ -204,7 +204,7 @@
debug("sending challenge '%s'", challenge);
packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE);
packet_put_cstring(challenge);
- xfree(challenge);
+ free(challenge);
packet_send();
packet_write_wait();
@@ -213,7 +213,7 @@
/*ARGSUSED*/
static int
-auth1_process_tis_response(Authctxt *authctxt, char *info, size_t infolen)
+auth1_process_tis_response(Authctxt *authctxt)
{
int authenticated = 0;
char *response;
@@ -223,7 +223,7 @@
packet_check_eom();
authenticated = verify_response(authctxt, response);
memset(response, 'r', dlen);
- xfree(response);
+ free(response);
return (authenticated);
}
@@ -236,7 +236,6 @@
do_authloop(Authctxt *authctxt)
{
int authenticated = 0;
- char info[1024];
int prev = 0, type = 0;
const struct AuthMethod1 *meth;
@@ -253,7 +252,8 @@
if (options.use_pam && (PRIVSEP(do_pam_account())))
#endif
{
- auth_log(authctxt, 1, "without authentication", "");
+ auth_log(authctxt, 1, 0, "without authentication",
+ NULL);
return;
}
}
@@ -267,7 +267,6 @@
/* default to fail */
authenticated = 0;
- info[0] = '\0';
/* Get a packet from the client. */
prev = type;
@@ -297,7 +296,7 @@
goto skip;
}
- authenticated = meth->method(authctxt, info, sizeof(info));
+ authenticated = meth->method(authctxt);
if (authenticated == -1)
continue; /* "postponed" */
@@ -352,12 +351,10 @@
skip:
/* Log before sending the reply */
- auth_log(authctxt, authenticated, get_authname(type), info);
+ auth_log(authctxt, authenticated, 0, get_authname(type), NULL);
- if (client_user != NULL) {
- xfree(client_user);
- client_user = NULL;
- }
+ free(client_user);
+ client_user = NULL;
if (authenticated)
return;
@@ -406,6 +403,11 @@
authctxt->pw = fakepw();
}
+ /* Configuration may have changed as a result of Match */
+ if (options.num_auth_methods != 0)
+ fatal("AuthenticationMethods is not supported with SSH "
+ "protocol 1");
+
setproctitle("%s%s", authctxt->valid ? user : "unknown",
use_privsep ? " [net]" : "");
Property changes on: vendor-crypto/openssh/dist/auth1.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.9
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/auth2-chall.c
===================================================================
--- vendor-crypto/openssh/dist/auth2-chall.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/auth2-chall.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-chall.c,v 1.34 2008/12/09 04:32:22 djm Exp $ */
+/* $OpenBSD: auth2-chall.c,v 1.39 2013/11/08 00:39:14 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2001 Per Allansson. All rights reserved.
@@ -111,7 +111,7 @@
remove_kbdint_device("pam");
#endif
- kbdintctxt = xmalloc(sizeof(KbdintAuthctxt));
+ kbdintctxt = xcalloc(1, sizeof(KbdintAuthctxt));
if (strcmp(devs, "") == 0) {
buffer_init(&b);
for (i = 0; devices[i]; i++) {
@@ -147,15 +147,13 @@
{
if (kbdintctxt->device)
kbdint_reset_device(kbdintctxt);
- if (kbdintctxt->devices) {
- xfree(kbdintctxt->devices);
- kbdintctxt->devices = NULL;
- }
- xfree(kbdintctxt);
+ free(kbdintctxt->devices);
+ bzero(kbdintctxt, sizeof(*kbdintctxt));
+ free(kbdintctxt);
}
/* get next device */
static int
-kbdint_next_device(KbdintAuthctxt *kbdintctxt)
+kbdint_next_device(Authctxt *authctxt, KbdintAuthctxt *kbdintctxt)
{
size_t len;
char *t;
@@ -169,12 +167,16 @@
if (len == 0)
break;
- for (i = 0; devices[i]; i++)
+ for (i = 0; devices[i]; i++) {
+ if (!auth2_method_allowed(authctxt,
+ "keyboard-interactive", devices[i]->name))
+ continue;
if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0)
kbdintctxt->device = devices[i];
+ }
t = kbdintctxt->devices;
kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL;
- xfree(t);
+ free(t);
debug2("kbdint_next_device: devices %s", kbdintctxt->devices ?
kbdintctxt->devices : "<empty>");
} while (kbdintctxt->devices && !kbdintctxt->device);
@@ -221,7 +223,7 @@
debug2("auth2_challenge_start: devices %s",
kbdintctxt->devices ? kbdintctxt->devices : "<empty>");
- if (kbdint_next_device(kbdintctxt) == 0) {
+ if (kbdint_next_device(authctxt, kbdintctxt) == 0) {
auth2_challenge_stop(authctxt);
return 0;
}
@@ -268,11 +270,11 @@
packet_write_wait();
for (i = 0; i < kbdintctxt->nreq; i++)
- xfree(prompts[i]);
- xfree(prompts);
- xfree(echo_on);
- xfree(name);
- xfree(instr);
+ free(prompts[i]);
+ free(prompts);
+ free(echo_on);
+ free(name);
+ free(instr);
return 1;
}
@@ -283,7 +285,8 @@
KbdintAuthctxt *kbdintctxt;
int authenticated = 0, res;
u_int i, nresp;
- char **response = NULL, *method;
+ const char *devicename = NULL;
+ char **response = NULL;
if (authctxt == NULL)
fatal("input_userauth_info_response: no authctxt");
@@ -310,10 +313,9 @@
for (i = 0; i < nresp; i++) {
memset(response[i], 'r', strlen(response[i]));
- xfree(response[i]);
+ free(response[i]);
}
- if (response)
- xfree(response);
+ free(response);
switch (res) {
case 0:
@@ -329,9 +331,7 @@
/* Failure! */
break;
}
-
- xasprintf(&method, "keyboard-interactive/%s", kbdintctxt->device->name);
-
+ devicename = kbdintctxt->device->name;
if (!authctxt->postponed) {
if (authenticated) {
auth2_challenge_stop(authctxt);
@@ -341,8 +341,8 @@
auth2_challenge_start(authctxt);
}
}
- userauth_finish(authctxt, authenticated, method);
- xfree(method);
+ userauth_finish(authctxt, authenticated, "keyboard-interactive",
+ devicename);
}
void
Property changes on: vendor-crypto/openssh/dist/auth2-chall.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.8
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/auth2-gss.c
===================================================================
--- vendor-crypto/openssh/dist/auth2-gss.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/auth2-gss.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-gss.c,v 1.16 2007/10/29 00:52:45 dtucker Exp $ */
+/* $OpenBSD: auth2-gss.c,v 1.20 2013/05/17 00:13:13 djm Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -81,8 +81,7 @@
do {
mechs--;
- if (doid)
- xfree(doid);
+ free(doid);
present = 0;
doid = packet_get_string(&len);
@@ -101,7 +100,8 @@
gss_release_oid_set(&ms, &supported);
if (!present) {
- xfree(doid);
+ free(doid);
+ authctxt->server_caused_failure = 1;
return (0);
}
@@ -108,7 +108,8 @@
if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) {
if (ctxt != NULL)
ssh_gssapi_delete_ctx(&ctxt);
- xfree(doid);
+ free(doid);
+ authctxt->server_caused_failure = 1;
return (0);
}
@@ -120,7 +121,7 @@
packet_put_string(doid, len);
packet_send();
- xfree(doid);
+ free(doid);
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token);
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok);
@@ -151,7 +152,7 @@
maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok,
&send_tok, &flags));
- xfree(recv_tok.value);
+ free(recv_tok.value);
if (GSS_ERROR(maj_status)) {
if (send_tok.length != 0) {
@@ -161,7 +162,7 @@
}
authctxt->postponed = 0;
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
- userauth_finish(authctxt, 0, "gssapi-with-mic");
+ userauth_finish(authctxt, 0, "gssapi-with-mic", NULL);
} else {
if (send_tok.length != 0) {
packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
@@ -206,7 +207,7 @@
maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok,
&send_tok, NULL));
- xfree(recv_tok.value);
+ free(recv_tok.value);
/* We can't return anything to the client, even if we wanted to */
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
@@ -227,14 +228,11 @@
input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt)
{
Authctxt *authctxt = ctxt;
- Gssctxt *gssctxt;
int authenticated;
if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep))
fatal("No authentication or GSSAPI context");
- gssctxt = authctxt->methoddata;
-
/*
* We don't need to check the status, because we're only enabled in
* the dispatcher once the exchange is complete
@@ -249,7 +247,7 @@
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL);
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_MIC, NULL);
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL);
- userauth_finish(authctxt, authenticated, "gssapi-with-mic");
+ userauth_finish(authctxt, authenticated, "gssapi-with-mic", NULL);
}
static void
@@ -282,7 +280,7 @@
logit("GSSAPI MIC check failed");
buffer_free(&b);
- xfree(mic.value);
+ free(mic.value);
authctxt->postponed = 0;
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
@@ -289,7 +287,7 @@
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL);
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_MIC, NULL);
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL);
- userauth_finish(authctxt, authenticated, "gssapi-with-mic");
+ userauth_finish(authctxt, authenticated, "gssapi-with-mic", NULL);
}
Authmethod method_gssapi = {
Property changes on: vendor-crypto/openssh/dist/auth2-gss.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/auth2-hostbased.c
===================================================================
--- vendor-crypto/openssh/dist/auth2-hostbased.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/auth2-hostbased.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-hostbased.c,v 1.14 2010/08/04 05:42:47 djm Exp $ */
+/* $OpenBSD: auth2-hostbased.c,v 1.16 2013/06/21 00:34:49 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -116,6 +116,10 @@
#ifdef DEBUG_PK
buffer_dump(&b);
#endif
+
+ pubkey_auth_info(authctxt, key,
+ "client user \"%.100s\", client host \"%.100s\"", cuser, chost);
+
/* test for allowed key and correct signature */
authenticated = 0;
if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) &&
@@ -128,11 +132,11 @@
debug2("userauth_hostbased: authenticated %d", authenticated);
if (key != NULL)
key_free(key);
- xfree(pkalg);
- xfree(pkblob);
- xfree(cuser);
- xfree(chost);
- xfree(sig);
+ free(pkalg);
+ free(pkblob);
+ free(cuser);
+ free(chost);
+ free(sig);
return authenticated;
}
@@ -207,7 +211,7 @@
verbose("Accepted %s public key %s from %s@%s",
key_type(key), fp, cuser, lookup);
}
- xfree(fp);
+ free(fp);
}
return (host_status == HOST_OK);
Property changes on: vendor-crypto/openssh/dist/auth2-hostbased.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/auth2-jpake.c
===================================================================
--- vendor-crypto/openssh/dist/auth2-jpake.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/auth2-jpake.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-jpake.c,v 1.4 2010/08/31 11:54:45 djm Exp $ */
+/* $OpenBSD: auth2-jpake.c,v 1.6 2013/05/17 00:13:13 djm Exp $ */
/*
* Copyright (c) 2008 Damien Miller. All rights reserved.
*
@@ -179,7 +179,7 @@
__func__, len, digest_len);
memcpy(rawsalt, digest, len);
bzero(digest, digest_len);
- xfree(digest);
+ free(digest);
}
/* ASCII an integer [0, 64) for inclusion in a password/salt */
@@ -258,7 +258,7 @@
makesalt(22, authctxt->user));
*scheme = xstrdup("bcrypt");
}
- xfree(style);
+ free(style);
debug3("%s: fake %s salt for user %s: %s",
__func__, *scheme, authctxt->user, *salt);
}
@@ -361,7 +361,7 @@
JPAKE_DEBUG_BN((*s, "%s: s = ", __func__));
#endif
bzero(secret, secret_len);
- xfree(secret);
+ free(secret);
}
/*
@@ -403,12 +403,12 @@
bzero(hash_scheme, strlen(hash_scheme));
bzero(salt, strlen(salt));
- xfree(hash_scheme);
- xfree(salt);
+ free(hash_scheme);
+ free(salt);
bzero(x3_proof, x3_proof_len);
bzero(x4_proof, x4_proof_len);
- xfree(x3_proof);
- xfree(x4_proof);
+ free(x3_proof);
+ free(x4_proof);
/* Expect step 1 packet from peer */
dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP1,
@@ -455,8 +455,8 @@
bzero(x1_proof, x1_proof_len);
bzero(x2_proof, x2_proof_len);
- xfree(x1_proof);
- xfree(x2_proof);
+ free(x1_proof);
+ free(x2_proof);
if (!use_privsep)
JPAKE_DEBUG_CTX((pctx, "step 2 sending in %s", __func__));
@@ -469,7 +469,7 @@
packet_write_wait();
bzero(x4_s_proof, x4_s_proof_len);
- xfree(x4_s_proof);
+ free(x4_s_proof);
/* Expect step 2 packet from peer */
dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP2,
@@ -510,7 +510,7 @@
&pctx->h_k_sid_sessid, &pctx->h_k_sid_sessid_len));
bzero(x2_s_proof, x2_s_proof_len);
- xfree(x2_s_proof);
+ free(x2_s_proof);
if (!use_privsep)
JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__));
@@ -556,7 +556,7 @@
authctxt->postponed = 0;
jpake_free(authctxt->jpake_ctx);
authctxt->jpake_ctx = NULL;
- userauth_finish(authctxt, authenticated, method_jpake.name);
+ userauth_finish(authctxt, authenticated, method_jpake.name, NULL);
}
#endif /* JPAKE */
Property changes on: vendor-crypto/openssh/dist/auth2-jpake.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/auth2-kbdint.c
===================================================================
--- vendor-crypto/openssh/dist/auth2-kbdint.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/auth2-kbdint.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-kbdint.c,v 1.5 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: auth2-kbdint.c,v 1.6 2013/05/17 00:13:13 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -56,8 +56,8 @@
if (options.challenge_response_authentication)
authenticated = auth2_challenge(authctxt, devs);
- xfree(devs);
- xfree(lang);
+ free(devs);
+ free(lang);
return authenticated;
}
Property changes on: vendor-crypto/openssh/dist/auth2-kbdint.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.7
\ No newline at end of property
Index: vendor-crypto/openssh/dist/auth2-none.c
===================================================================
--- vendor-crypto/openssh/dist/auth2-none.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/auth2-none.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/auth2-none.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.7
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/auth2-passwd.c
===================================================================
--- vendor-crypto/openssh/dist/auth2-passwd.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/auth2-passwd.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-passwd.c,v 1.9 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: auth2-passwd.c,v 1.10 2013/05/17 00:13:13 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -60,7 +60,7 @@
/* discard new password from packet */
newpass = packet_get_string(&newlen);
memset(newpass, 0, newlen);
- xfree(newpass);
+ free(newpass);
}
packet_check_eom();
@@ -69,7 +69,7 @@
else if (PRIVSEP(auth_password(authctxt, password)) == 1)
authenticated = 1;
memset(password, 0, len);
- xfree(password);
+ free(password);
return authenticated;
}
Property changes on: vendor-crypto/openssh/dist/auth2-passwd.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/auth2-pubkey.c
===================================================================
--- vendor-crypto/openssh/dist/auth2-pubkey.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/auth2-pubkey.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.27 2010/11/20 05:12:38 deraadt Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.38 2013/06/21 00:34:49 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -27,9 +27,15 @@
#include <sys/types.h>
#include <sys/stat.h>
+#include <sys/wait.h>
+#include <errno.h>
#include <fcntl.h>
+#ifdef HAVE_PATHS_H
+# include <paths.h>
+#endif
#include <pwd.h>
+#include <signal.h>
#include <stdio.h>
#include <stdarg.h>
#include <string.h>
@@ -69,7 +75,7 @@
{
Buffer b;
Key *key = NULL;
- char *pkalg;
+ char *pkalg, *userstyle;
u_char *pkblob, *sig;
u_int alen, blen, slen;
int have_sig, pktype;
@@ -121,7 +127,11 @@
}
/* reconstruct packet */
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
- buffer_put_cstring(&b, authctxt->user);
+ xasprintf(&userstyle, "%s%s%s", authctxt->user,
+ authctxt->style ? ":" : "",
+ authctxt->style ? authctxt->style : "");
+ buffer_put_cstring(&b, userstyle);
+ free(userstyle);
buffer_put_cstring(&b,
datafellows & SSH_BUG_PKSERVICE ?
"ssh-userauth" :
@@ -137,6 +147,8 @@
#ifdef DEBUG_PK
buffer_dump(&b);
#endif
+ pubkey_auth_info(authctxt, key, NULL);
+
/* test for correct signature */
authenticated = 0;
if (PRIVSEP(user_key_allowed(authctxt->pw, key)) &&
@@ -144,7 +156,7 @@
buffer_len(&b))) == 1)
authenticated = 1;
buffer_free(&b);
- xfree(sig);
+ free(sig);
} else {
debug("test whether pkalg/pkblob are acceptable");
packet_check_eom();
@@ -172,11 +184,45 @@
debug2("userauth_pubkey: authenticated %d pkalg %s", authenticated, pkalg);
if (key != NULL)
key_free(key);
- xfree(pkalg);
- xfree(pkblob);
+ free(pkalg);
+ free(pkblob);
return authenticated;
}
+void
+pubkey_auth_info(Authctxt *authctxt, const Key *key, const char *fmt, ...)
+{
+ char *fp, *extra;
+ va_list ap;
+ int i;
+
+ extra = NULL;
+ if (fmt != NULL) {
+ va_start(ap, fmt);
+ i = vasprintf(&extra, fmt, ap);
+ va_end(ap);
+ if (i < 0 || extra == NULL)
+ fatal("%s: vasprintf failed", __func__);
+ }
+
+ if (key_is_cert(key)) {
+ fp = key_fingerprint(key->cert->signature_key,
+ SSH_FP_MD5, SSH_FP_HEX);
+ auth_info(authctxt, "%s ID %s (serial %llu) CA %s %s%s%s",
+ key_type(key), key->cert->key_id,
+ (unsigned long long)key->cert->serial,
+ key_type(key->cert->signature_key), fp,
+ extra == NULL ? "" : ", ", extra == NULL ? "" : extra);
+ free(fp);
+ } else {
+ fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
+ auth_info(authctxt, "%s %s%s%s", key_type(key), fp,
+ extra == NULL ? "" : ", ", extra == NULL ? "" : extra);
+ free(fp);
+ }
+ free(extra);
+}
+
static int
match_principals_option(const char *principal_list, struct KeyCert *cert)
{
@@ -190,7 +236,7 @@
principal_list, NULL)) != NULL) {
debug3("matched principal from key options \"%.100s\"",
result);
- xfree(result);
+ free(result);
return 1;
}
}
@@ -238,8 +284,9 @@
}
for (i = 0; i < cert->nprincipals; i++) {
if (strcmp(cp, cert->principals[i]) == 0) {
- debug3("matched principal from file \"%.100s\"",
- cert->principals[i]);
+ debug3("matched principal \"%.100s\" "
+ "from file \"%s\" on line %lu",
+ cert->principals[i], file, linenum);
if (auth_parse_options(pw, line_opts,
file, linenum) != 1)
continue;
@@ -252,37 +299,30 @@
fclose(f);
restore_uid();
return 0;
-}
+}
-/* return 1 if user allows given key */
+/*
+ * Checks whether key is allowed in authorized_keys-format file,
+ * returns 1 if the key is allowed or 0 otherwise.
+ */
static int
-user_key_allowed2(struct passwd *pw, Key *key, char *file)
+check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
{
char line[SSH_MAX_PUBKEY_BYTES];
const char *reason;
int found_key = 0;
- FILE *f;
u_long linenum = 0;
Key *found;
char *fp;
- /* Temporarily use the user's uid. */
- temporarily_use_uid(pw);
-
- debug("trying public key file %s", file);
- f = auth_openkeyfile(file, pw, options.strict_modes);
-
- if (!f) {
- restore_uid();
- return 0;
- }
-
found_key = 0;
- found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type);
+ found = NULL;
while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
char *cp, *key_options = NULL;
-
+ if (found != NULL)
+ key_free(found);
+ found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type);
auth_clear_options();
/* Skip leading whitespace, empty and comment lines. */
@@ -334,7 +374,7 @@
reason = "Certificate does not contain an "
"authorized principal";
fail_reason:
- xfree(fp);
+ free(fp);
error("%s", reason);
auth_debug_add("%s", reason);
continue;
@@ -344,13 +384,13 @@
&reason) != 0)
goto fail_reason;
if (auth_cert_options(key, pw) != 0) {
- xfree(fp);
+ free(fp);
continue;
}
verbose("Accepted certificate ID \"%s\" "
"signed by %s CA %s via %s", key->cert->key_id,
key_type(found), fp, file);
- xfree(fp);
+ free(fp);
found_key = 1;
break;
} else if (key_equal(found, key)) {
@@ -360,18 +400,15 @@
if (key_is_cert_authority)
continue;
found_key = 1;
- debug("matching key found: file %s, line %lu",
- file, linenum);
fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX);
- verbose("Found matching %s key: %s",
- key_type(found), fp);
- xfree(fp);
+ debug("matching key found: file %s, line %lu %s %s",
+ file, linenum, key_type(found), fp);
+ free(fp);
break;
}
}
- restore_uid();
- fclose(f);
- key_free(found);
+ if (found != NULL)
+ key_free(found);
if (!found_key)
debug2("key not found");
return found_key;
@@ -425,18 +462,189 @@
ret = 1;
out:
- if (principals_file != NULL)
- xfree(principals_file);
- if (ca_fp != NULL)
- xfree(ca_fp);
+ free(principals_file);
+ free(ca_fp);
return ret;
}
-/* check whether given key is in .ssh/authorized_keys* */
+/*
+ * Checks whether key is allowed in file.
+ * returns 1 if the key is allowed or 0 otherwise.
+ */
+static int
+user_key_allowed2(struct passwd *pw, Key *key, char *file)
+{
+ FILE *f;
+ int found_key = 0;
+
+ /* Temporarily use the user's uid. */
+ temporarily_use_uid(pw);
+
+ debug("trying public key file %s", file);
+ if ((f = auth_openkeyfile(file, pw, options.strict_modes)) != NULL) {
+ found_key = check_authkeys_file(f, file, key, pw);
+ fclose(f);
+ }
+
+ restore_uid();
+ return found_key;
+}
+
+/*
+ * Checks whether key is allowed in output of command.
+ * returns 1 if the key is allowed or 0 otherwise.
+ */
+static int
+user_key_command_allowed2(struct passwd *user_pw, Key *key)
+{
+ FILE *f;
+ int ok, found_key = 0;
+ struct passwd *pw;
+ struct stat st;
+ int status, devnull, p[2], i;
+ pid_t pid;
+ char *username, errmsg[512];
+
+ if (options.authorized_keys_command == NULL ||
+ options.authorized_keys_command[0] != '/')
+ return 0;
+
+ if (options.authorized_keys_command_user == NULL) {
+ error("No user for AuthorizedKeysCommand specified, skipping");
+ return 0;
+ }
+
+ username = percent_expand(options.authorized_keys_command_user,
+ "u", user_pw->pw_name, (char *)NULL);
+ pw = getpwnam(username);
+ if (pw == NULL) {
+ error("AuthorizedKeysCommandUser \"%s\" not found: %s",
+ username, strerror(errno));
+ free(username);
+ return 0;
+ }
+ free(username);
+
+ temporarily_use_uid(pw);
+
+ if (stat(options.authorized_keys_command, &st) < 0) {
+ error("Could not stat AuthorizedKeysCommand \"%s\": %s",
+ options.authorized_keys_command, strerror(errno));
+ goto out;
+ }
+ if (auth_secure_path(options.authorized_keys_command, &st, NULL, 0,
+ errmsg, sizeof(errmsg)) != 0) {
+ error("Unsafe AuthorizedKeysCommand: %s", errmsg);
+ goto out;
+ }
+
+ if (pipe(p) != 0) {
+ error("%s: pipe: %s", __func__, strerror(errno));
+ goto out;
+ }
+
+ debug3("Running AuthorizedKeysCommand: \"%s %s\" as \"%s\"",
+ options.authorized_keys_command, user_pw->pw_name, pw->pw_name);
+
+ /*
+ * Don't want to call this in the child, where it can fatal() and
+ * run cleanup_exit() code.
+ */
+ restore_uid();
+
+ switch ((pid = fork())) {
+ case -1: /* error */
+ error("%s: fork: %s", __func__, strerror(errno));
+ close(p[0]);
+ close(p[1]);
+ return 0;
+ case 0: /* child */
+ for (i = 0; i < NSIG; i++)
+ signal(i, SIG_DFL);
+
+ if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
+ error("%s: open %s: %s", __func__, _PATH_DEVNULL,
+ strerror(errno));
+ _exit(1);
+ }
+ /* Keep stderr around a while longer to catch errors */
+ if (dup2(devnull, STDIN_FILENO) == -1 ||
+ dup2(p[1], STDOUT_FILENO) == -1) {
+ error("%s: dup2: %s", __func__, strerror(errno));
+ _exit(1);
+ }
+ closefrom(STDERR_FILENO + 1);
+
+ /* Don't use permanently_set_uid() here to avoid fatal() */
+ if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) {
+ error("setresgid %u: %s", (u_int)pw->pw_gid,
+ strerror(errno));
+ _exit(1);
+ }
+ if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) != 0) {
+ error("setresuid %u: %s", (u_int)pw->pw_uid,
+ strerror(errno));
+ _exit(1);
+ }
+ /* stdin is pointed to /dev/null at this point */
+ if (dup2(STDIN_FILENO, STDERR_FILENO) == -1) {
+ error("%s: dup2: %s", __func__, strerror(errno));
+ _exit(1);
+ }
+
+ execl(options.authorized_keys_command,
+ options.authorized_keys_command, user_pw->pw_name, NULL);
+
+ error("AuthorizedKeysCommand %s exec failed: %s",
+ options.authorized_keys_command, strerror(errno));
+ _exit(127);
+ default: /* parent */
+ break;
+ }
+
+ temporarily_use_uid(pw);
+
+ close(p[1]);
+ if ((f = fdopen(p[0], "r")) == NULL) {
+ error("%s: fdopen: %s", __func__, strerror(errno));
+ close(p[0]);
+ /* Don't leave zombie child */
+ kill(pid, SIGTERM);
+ while (waitpid(pid, NULL, 0) == -1 && errno == EINTR)
+ ;
+ goto out;
+ }
+ ok = check_authkeys_file(f, options.authorized_keys_command, key, pw);
+ fclose(f);
+
+ while (waitpid(pid, &status, 0) == -1) {
+ if (errno != EINTR) {
+ error("%s: waitpid: %s", __func__, strerror(errno));
+ goto out;
+ }
+ }
+ if (WIFSIGNALED(status)) {
+ error("AuthorizedKeysCommand %s exited on signal %d",
+ options.authorized_keys_command, WTERMSIG(status));
+ goto out;
+ } else if (WEXITSTATUS(status) != 0) {
+ error("AuthorizedKeysCommand %s returned status %d",
+ options.authorized_keys_command, WEXITSTATUS(status));
+ goto out;
+ }
+ found_key = ok;
+ out:
+ restore_uid();
+ return found_key;
+}
+
+/*
+ * Check whether key authenticates and authorises the user.
+ */
int
user_key_allowed(struct passwd *pw, Key *key)
{
- int success;
+ u_int success, i;
char *file;
if (auth_key_is_revoked(key))
@@ -448,16 +656,21 @@
if (success)
return success;
- file = authorized_keys_file(pw);
- success = user_key_allowed2(pw, key, file);
- xfree(file);
- if (success)
+ success = user_key_command_allowed2(pw, key);
+ if (success > 0)
return success;
- /* try suffix "2" for backward compat, too */
- file = authorized_keys_file2(pw);
- success = user_key_allowed2(pw, key, file);
- xfree(file);
+ for (i = 0; !success && i < options.num_authkeys_files; i++) {
+
+ if (strcasecmp(options.authorized_keys_files[i], "none") == 0)
+ continue;
+ file = expand_authorized_keys(
+ options.authorized_keys_files[i], pw);
+
+ success = user_key_allowed2(pw, key, file);
+ free(file);
+ }
+
return success;
}
Property changes on: vendor-crypto/openssh/dist/auth2-pubkey.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.6
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/auth2.c
===================================================================
--- vendor-crypto/openssh/dist/auth2.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/auth2.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2.c,v 1.122 2010/08/31 09:58:37 djm Exp $ */
+/* $OpenBSD: auth2.c,v 1.129 2013/05/19 02:42:42 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -96,9 +96,15 @@
static void input_userauth_request(int, u_int32_t, void *);
/* helper */
-static Authmethod *authmethod_lookup(const char *);
-static char *authmethods_get(void);
+static Authmethod *authmethod_lookup(Authctxt *, const char *);
+static char *authmethods_get(Authctxt *authctxt);
+#define MATCH_NONE 0 /* method or submethod mismatch */
+#define MATCH_METHOD 1 /* method matches (no submethod specified) */
+#define MATCH_BOTH 2 /* method and submethod match */
+#define MATCH_PARTIAL 3 /* method matches, submethod can't be checked */
+static int list_starts_with(const char *, const char *, const char *);
+
char *
auth2_read_banner(void)
{
@@ -113,7 +119,7 @@
close(fd);
return (NULL);
}
- if (st.st_size > 1*1024*1024) {
+ if (st.st_size <= 0 || st.st_size > 1*1024*1024) {
close(fd);
return (NULL);
}
@@ -124,7 +130,7 @@
close(fd);
if (n != len) {
- xfree(banner);
+ free(banner);
return (NULL);
}
banner[n] = '\0';
@@ -160,8 +166,7 @@
userauth_send_banner(banner);
done:
- if (banner)
- xfree(banner);
+ free(banner);
}
/*
@@ -206,7 +211,7 @@
debug("bad service request %s", service);
packet_disconnect("bad service request %s", service);
}
- xfree(service);
+ free(service);
}
/*ARGSUSED*/
@@ -255,6 +260,8 @@
if (use_privsep)
mm_inform_authserv(service, style);
userauth_banner();
+ if (auth2_setup_methods_lists(authctxt) != 0)
+ packet_disconnect("no authentication methods enabled");
} else if (strcmp(user, authctxt->user) != 0 ||
strcmp(service, authctxt->service) != 0) {
packet_disconnect("Change of username or service not allowed: "
@@ -274,28 +281,33 @@
#endif
authctxt->postponed = 0;
+ authctxt->server_caused_failure = 0;
/* try to authenticate user */
- m = authmethod_lookup(method);
+ m = authmethod_lookup(authctxt, method);
if (m != NULL && authctxt->failures < options.max_authtries) {
debug2("input_userauth_request: try method %s", method);
authenticated = m->userauth(authctxt);
}
- userauth_finish(authctxt, authenticated, method);
+ userauth_finish(authctxt, authenticated, method, NULL);
- xfree(service);
- xfree(user);
- xfree(method);
+ free(service);
+ free(user);
+ free(method);
}
void
-userauth_finish(Authctxt *authctxt, int authenticated, char *method)
+userauth_finish(Authctxt *authctxt, int authenticated, const char *method,
+ const char *submethod)
{
char *methods;
+ int partial = 0;
if (!authctxt->valid && authenticated)
fatal("INTERNAL ERROR: authenticated invalid user %s",
authctxt->user);
+ if (authenticated && authctxt->postponed)
+ fatal("INTERNAL ERROR: authenticated and postponed");
/* Special handling for root */
if (authenticated && authctxt->pw->pw_uid == 0 &&
@@ -306,6 +318,19 @@
#endif
}
+ if (authenticated && options.num_auth_methods != 0) {
+ if (!auth2_update_methods_lists(authctxt, method, submethod)) {
+ authenticated = 0;
+ partial = 1;
+ }
+ }
+
+ /* Log before sending the reply */
+ auth_log(authctxt, authenticated, partial, method, submethod);
+
+ if (authctxt->postponed)
+ return;
+
#ifdef USE_PAM
if (options.use_pam && authenticated) {
if (!PRIVSEP(do_pam_account())) {
@@ -324,17 +349,10 @@
#ifdef _UNICOS
if (authenticated && cray_access_denied(authctxt->user)) {
authenticated = 0;
- fatal("Access denied for user %s.",authctxt->user);
+ fatal("Access denied for user %s.", authctxt->user);
}
#endif /* _UNICOS */
- /* Log before sending the reply */
- auth_log(authctxt, authenticated, method, " ssh2");
-
- if (authctxt->postponed)
- return;
-
- /* XXX todo: check if multiple auth methods are needed */
if (authenticated == 1) {
/* turn off userauth */
dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &dispatch_protocol_ignore);
@@ -346,7 +364,8 @@
} else {
/* Allow initial try of "none" auth without failure penalty */
- if (authctxt->attempt > 1 || strcmp(method, "none") != 0)
+ if (!authctxt->server_caused_failure &&
+ (authctxt->attempt > 1 || strcmp(method, "none") != 0))
authctxt->failures++;
if (authctxt->failures >= options.max_authtries) {
#ifdef SSH_AUDIT_EVENTS
@@ -354,34 +373,64 @@
#endif
packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
}
- methods = authmethods_get();
+ methods = authmethods_get(authctxt);
+ debug3("%s: failure partial=%d next methods=\"%s\"", __func__,
+ partial, methods);
packet_start(SSH2_MSG_USERAUTH_FAILURE);
packet_put_cstring(methods);
- packet_put_char(0); /* XXX partial success, unused */
+ packet_put_char(partial);
packet_send();
packet_write_wait();
- xfree(methods);
+ free(methods);
}
}
+/*
+ * Checks whether method is allowed by at least one AuthenticationMethods
+ * methods list. Returns 1 if allowed, or no methods lists configured.
+ * 0 otherwise.
+ */
+int
+auth2_method_allowed(Authctxt *authctxt, const char *method,
+ const char *submethod)
+{
+ u_int i;
+
+ /*
+ * NB. authctxt->num_auth_methods might be zero as a result of
+ * auth2_setup_methods_lists(), so check the configuration.
+ */
+ if (options.num_auth_methods == 0)
+ return 1;
+ for (i = 0; i < authctxt->num_auth_methods; i++) {
+ if (list_starts_with(authctxt->auth_methods[i], method,
+ submethod) != MATCH_NONE)
+ return 1;
+ }
+ return 0;
+}
+
static char *
-authmethods_get(void)
+authmethods_get(Authctxt *authctxt)
{
Buffer b;
char *list;
- int i;
+ u_int i;
buffer_init(&b);
for (i = 0; authmethods[i] != NULL; i++) {
if (strcmp(authmethods[i]->name, "none") == 0)
continue;
- if (authmethods[i]->enabled != NULL &&
- *(authmethods[i]->enabled) != 0) {
- if (buffer_len(&b) > 0)
- buffer_append(&b, ",", 1);
- buffer_append(&b, authmethods[i]->name,
- strlen(authmethods[i]->name));
- }
+ if (authmethods[i]->enabled == NULL ||
+ *(authmethods[i]->enabled) == 0)
+ continue;
+ if (!auth2_method_allowed(authctxt, authmethods[i]->name,
+ NULL))
+ continue;
+ if (buffer_len(&b) > 0)
+ buffer_append(&b, ",", 1);
+ buffer_append(&b, authmethods[i]->name,
+ strlen(authmethods[i]->name));
}
buffer_append(&b, "\0", 1);
list = xstrdup(buffer_ptr(&b));
@@ -390,7 +439,7 @@
}
static Authmethod *
-authmethod_lookup(const char *name)
+authmethod_lookup(Authctxt *authctxt, const char *name)
{
int i;
@@ -398,7 +447,9 @@
for (i = 0; authmethods[i] != NULL; i++)
if (authmethods[i]->enabled != NULL &&
*(authmethods[i]->enabled) != 0 &&
- strcmp(name, authmethods[i]->name) == 0)
+ strcmp(name, authmethods[i]->name) == 0 &&
+ auth2_method_allowed(authctxt,
+ authmethods[i]->name, NULL))
return authmethods[i];
debug2("Unrecognized authentication method name: %s",
name ? name : "NULL");
@@ -405,3 +456,172 @@
return NULL;
}
+/*
+ * Check a comma-separated list of methods for validity. Is need_enable is
+ * non-zero, then also require that the methods are enabled.
+ * Returns 0 on success or -1 if the methods list is invalid.
+ */
+int
+auth2_methods_valid(const char *_methods, int need_enable)
+{
+ char *methods, *omethods, *method, *p;
+ u_int i, found;
+ int ret = -1;
+
+ if (*_methods == '\0') {
+ error("empty authentication method list");
+ return -1;
+ }
+ omethods = methods = xstrdup(_methods);
+ while ((method = strsep(&methods, ",")) != NULL) {
+ for (found = i = 0; !found && authmethods[i] != NULL; i++) {
+ if ((p = strchr(method, ':')) != NULL)
+ *p = '\0';
+ if (strcmp(method, authmethods[i]->name) != 0)
+ continue;
+ if (need_enable) {
+ if (authmethods[i]->enabled == NULL ||
+ *(authmethods[i]->enabled) == 0) {
+ error("Disabled method \"%s\" in "
+ "AuthenticationMethods list \"%s\"",
+ method, _methods);
+ goto out;
+ }
+ }
+ found = 1;
+ break;
+ }
+ if (!found) {
+ error("Unknown authentication method \"%s\" in list",
+ method);
+ goto out;
+ }
+ }
+ ret = 0;
+ out:
+ free(omethods);
+ return ret;
+}
+
+/*
+ * Prune the AuthenticationMethods supplied in the configuration, removing
+ * any methods lists that include disabled methods. Note that this might
+ * leave authctxt->num_auth_methods == 0, even when multiple required auth
+ * has been requested. For this reason, all tests for whether multiple is
+ * enabled should consult options.num_auth_methods directly.
+ */
+int
+auth2_setup_methods_lists(Authctxt *authctxt)
+{
+ u_int i;
+
+ if (options.num_auth_methods == 0)
+ return 0;
+ debug3("%s: checking methods", __func__);
+ authctxt->auth_methods = xcalloc(options.num_auth_methods,
+ sizeof(*authctxt->auth_methods));
+ authctxt->num_auth_methods = 0;
+ for (i = 0; i < options.num_auth_methods; i++) {
+ if (auth2_methods_valid(options.auth_methods[i], 1) != 0) {
+ logit("Authentication methods list \"%s\" contains "
+ "disabled method, skipping",
+ options.auth_methods[i]);
+ continue;
+ }
+ debug("authentication methods list %d: %s",
+ authctxt->num_auth_methods, options.auth_methods[i]);
+ authctxt->auth_methods[authctxt->num_auth_methods++] =
+ xstrdup(options.auth_methods[i]);
+ }
+ if (authctxt->num_auth_methods == 0) {
+ error("No AuthenticationMethods left after eliminating "
+ "disabled methods");
+ return -1;
+ }
+ return 0;
+}
+
+static int
+list_starts_with(const char *methods, const char *method,
+ const char *submethod)
+{
+ size_t l = strlen(method);
+ int match;
+ const char *p;
+
+ if (strncmp(methods, method, l) != 0)
+ return MATCH_NONE;
+ p = methods + l;
+ match = MATCH_METHOD;
+ if (*p == ':') {
+ if (!submethod)
+ return MATCH_PARTIAL;
+ l = strlen(submethod);
+ p += 1;
+ if (strncmp(submethod, p, l))
+ return MATCH_NONE;
+ p += l;
+ match = MATCH_BOTH;
+ }
+ if (*p != ',' && *p != '\0')
+ return MATCH_NONE;
+ return match;
+}
+
+/*
+ * Remove method from the start of a comma-separated list of methods.
+ * Returns 0 if the list of methods did not start with that method or 1
+ * if it did.
+ */
+static int
+remove_method(char **methods, const char *method, const char *submethod)
+{
+ char *omethods = *methods, *p;
+ size_t l = strlen(method);
+ int match;
+
+ match = list_starts_with(omethods, method, submethod);
+ if (match != MATCH_METHOD && match != MATCH_BOTH)
+ return 0;
+ p = omethods + l;
+ if (submethod && match == MATCH_BOTH)
+ p += 1 + strlen(submethod); /* include colon */
+ if (*p == ',')
+ p++;
+ *methods = xstrdup(p);
+ free(omethods);
+ return 1;
+}
+
+/*
+ * Called after successful authentication. Will remove the successful method
+ * from the start of each list in which it occurs. If it was the last method
+ * in any list, then authentication is deemed successful.
+ * Returns 1 if the method completed any authentication list or 0 otherwise.
+ */
+int
+auth2_update_methods_lists(Authctxt *authctxt, const char *method,
+ const char *submethod)
+{
+ u_int i, found = 0;
+
+ debug3("%s: updating methods list after \"%s\"", __func__, method);
+ for (i = 0; i < authctxt->num_auth_methods; i++) {
+ if (!remove_method(&(authctxt->auth_methods[i]), method,
+ submethod))
+ continue;
+ found = 1;
+ if (*authctxt->auth_methods[i] == '\0') {
+ debug2("authentication methods list %d complete", i);
+ return 1;
+ }
+ debug3("authentication methods list %d remaining: \"%s\"",
+ i, authctxt->auth_methods[i]);
+ }
+ /* This should not happen, but would be bad if it did */
+ if (!found)
+ fatal("%s: method not in AuthenticationMethods", __func__);
+ return 0;
+}
+
+
Property changes on: vendor-crypto/openssh/dist/auth2.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.9
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/authfd.c
===================================================================
--- vendor-crypto/openssh/dist/authfd.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/authfd.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfd.c,v 1.84 2010/08/31 11:54:45 djm Exp $ */
+/* $OpenBSD: authfd.c,v 1.88 2013/11/08 00:39:14 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -102,6 +102,7 @@
if (!authsocket)
return -1;
+ bzero(&sunaddr, sizeof(sunaddr));
sunaddr.sun_family = AF_UNIX;
strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path));
@@ -110,7 +111,7 @@
return -1;
/* close on exec */
- if (fcntl(sock, F_SETFD, 1) == -1) {
+ if (fcntl(sock, F_SETFD, FD_CLOEXEC) == -1) {
close(sock);
return -1;
}
@@ -205,7 +206,7 @@
if (sock < 0)
return NULL;
- auth = xmalloc(sizeof(*auth));
+ auth = xcalloc(1, sizeof(*auth));
auth->fd = sock;
buffer_init(&auth->identities);
auth->howmany = 0;
@@ -223,7 +224,7 @@
{
buffer_free(&auth->identities);
close(auth->fd);
- xfree(auth);
+ free(auth);
}
/* Lock/unlock agent */
@@ -342,7 +343,7 @@
blob = buffer_get_string(&auth->identities, &blen);
*comment = buffer_get_string(&auth->identities, NULL);
key = key_from_blob(blob, blen);
- xfree(blob);
+ free(blob);
break;
default:
return NULL;
@@ -435,7 +436,7 @@
buffer_put_string(&msg, blob, blen);
buffer_put_string(&msg, data, datalen);
buffer_put_int(&msg, flags);
- xfree(blob);
+ free(blob);
if (ssh_request_reply(auth, &msg, &msg) == 0) {
buffer_free(&msg);
@@ -611,7 +612,7 @@
key_to_blob(key, &blob, &blen);
buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY);
buffer_put_string(&msg, blob, blen);
- xfree(blob);
+ free(blob);
} else {
buffer_free(&msg);
return 0;
Property changes on: vendor-crypto/openssh/dist/authfd.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Index: vendor-crypto/openssh/dist/authfd.h
===================================================================
--- vendor-crypto/openssh/dist/authfd.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/authfd.h 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/authfd.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/authfile.c
===================================================================
--- vendor-crypto/openssh/dist/authfile.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/authfile.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfile.c,v 1.87 2010/11/29 18:57:04 markus Exp $ */
+/* $OpenBSD: authfile.c,v 1.97 2013/05/17 00:13:13 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -69,6 +69,8 @@
#include "misc.h"
#include "atomicio.h"
+#define MAX_KEY_FILE_SIZE (1024 * 1024)
+
/* Version identification string for SSH v1 identity files. */
static const char authfile_id_string[] =
"SSH PRIVATE KEY FILE FORMAT 1.1\n";
@@ -87,7 +89,7 @@
u_char buf[100], *cp;
int i, cipher_num;
CipherContext ciphercontext;
- Cipher *cipher;
+ const Cipher *cipher;
u_int32_t rnd;
/*
@@ -148,7 +150,7 @@
cipher_set_key_string(&ciphercontext, cipher, passphrase,
CIPHER_ENCRYPT);
cipher_crypt(&ciphercontext, cp,
- buffer_ptr(&buffer), buffer_len(&buffer));
+ buffer_ptr(&buffer), buffer_len(&buffer), 0, 0);
cipher_cleanup(&ciphercontext);
memset(&ciphercontext, 0, sizeof(ciphercontext));
@@ -277,6 +279,7 @@
key_parse_public_rsa1(Buffer *blob, char **commentp)
{
Key *pub;
+ Buffer copy;
/* Check that it is at least big enough to contain the ID string. */
if (buffer_len(blob) < sizeof(authfile_id_string)) {
@@ -293,31 +296,33 @@
debug3("Incorrect RSA1 identifier");
return NULL;
}
- buffer_consume(blob, sizeof(authfile_id_string));
+ buffer_init(©);
+ buffer_append(©, buffer_ptr(blob), buffer_len(blob));
+ buffer_consume(©, sizeof(authfile_id_string));
/* Skip cipher type and reserved data. */
- (void) buffer_get_char(blob); /* cipher type */
- (void) buffer_get_int(blob); /* reserved */
+ (void) buffer_get_char(©); /* cipher type */
+ (void) buffer_get_int(©); /* reserved */
/* Read the public key from the buffer. */
- (void) buffer_get_int(blob);
+ (void) buffer_get_int(©);
pub = key_new(KEY_RSA1);
- buffer_get_bignum(blob, pub->rsa->n);
- buffer_get_bignum(blob, pub->rsa->e);
+ buffer_get_bignum(©, pub->rsa->n);
+ buffer_get_bignum(©, pub->rsa->e);
if (commentp)
- *commentp = buffer_get_string(blob, NULL);
+ *commentp = buffer_get_string(©, NULL);
/* The encrypted private part is not parsed by this function. */
- buffer_clear(blob);
+ buffer_free(©);
return pub;
}
-/* Load the contents of a key file into a buffer */
-static int
+/* Load a key from a fd into a buffer */
+int
key_load_file(int fd, const char *filename, Buffer *blob)
{
+ u_char buf[1024];
size_t len;
- u_char *cp;
struct stat st;
if (fstat(fd, &st) < 0) {
@@ -325,30 +330,45 @@
filename == NULL ? "" : filename,
filename == NULL ? "" : " ",
strerror(errno));
- close(fd);
return 0;
}
- if (st.st_size > 1*1024*1024) {
+ if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
+ st.st_size > MAX_KEY_FILE_SIZE) {
+ toobig:
error("%s: key file %.200s%stoo large", __func__,
filename == NULL ? "" : filename,
filename == NULL ? "" : " ");
- close(fd);
return 0;
}
- len = (size_t)st.st_size; /* truncated */
-
- buffer_init(blob);
- cp = buffer_append_space(blob, len);
-
- if (atomicio(read, fd, cp, len) != len) {
- debug("%s: read from key file %.200s%sfailed: %.100s", __func__,
- filename == NULL ? "" : filename,
- filename == NULL ? "" : " ",
- strerror(errno));
+ buffer_clear(blob);
+ for (;;) {
+ if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) {
+ if (errno == EPIPE)
+ break;
+ debug("%s: read from key file %.200s%sfailed: %.100s",
+ __func__, filename == NULL ? "" : filename,
+ filename == NULL ? "" : " ", strerror(errno));
+ buffer_clear(blob);
+ bzero(buf, sizeof(buf));
+ return 0;
+ }
+ buffer_append(blob, buf, len);
+ if (buffer_len(blob) > MAX_KEY_FILE_SIZE) {
+ buffer_clear(blob);
+ bzero(buf, sizeof(buf));
+ goto toobig;
+ }
+ }
+ bzero(buf, sizeof(buf));
+ if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
+ st.st_size != buffer_len(blob)) {
+ debug("%s: key file %.200s%schanged size while reading",
+ __func__, filename == NULL ? "" : filename,
+ filename == NULL ? "" : " ");
buffer_clear(blob);
- close(fd);
return 0;
}
+
return 1;
}
@@ -401,8 +421,9 @@
Buffer decrypted;
u_char *cp;
CipherContext ciphercontext;
- Cipher *cipher;
+ const Cipher *cipher;
Key *prv = NULL;
+ Buffer copy;
/* Check that it is at least big enough to contain the ID string. */
if (buffer_len(blob) < sizeof(authfile_id_string)) {
@@ -419,41 +440,44 @@
debug3("Incorrect RSA1 identifier");
return NULL;
}
- buffer_consume(blob, sizeof(authfile_id_string));
+ buffer_init(©);
+ buffer_append(©, buffer_ptr(blob), buffer_len(blob));
+ buffer_consume(©, sizeof(authfile_id_string));
/* Read cipher type. */
- cipher_type = buffer_get_char(blob);
- (void) buffer_get_int(blob); /* Reserved data. */
+ cipher_type = buffer_get_char(©);
+ (void) buffer_get_int(©); /* Reserved data. */
/* Read the public key from the buffer. */
- (void) buffer_get_int(blob);
+ (void) buffer_get_int(©);
prv = key_new_private(KEY_RSA1);
- buffer_get_bignum(blob, prv->rsa->n);
- buffer_get_bignum(blob, prv->rsa->e);
+ buffer_get_bignum(©, prv->rsa->n);
+ buffer_get_bignum(©, prv->rsa->e);
if (commentp)
- *commentp = buffer_get_string(blob, NULL);
+ *commentp = buffer_get_string(©, NULL);
else
- (void)buffer_get_string_ptr(blob, NULL);
+ (void)buffer_get_string_ptr(©, NULL);
/* Check that it is a supported cipher. */
cipher = cipher_by_number(cipher_type);
if (cipher == NULL) {
debug("Unsupported RSA1 cipher %d", cipher_type);
+ buffer_free(©);
goto fail;
}
/* Initialize space for decrypted data. */
buffer_init(&decrypted);
- cp = buffer_append_space(&decrypted, buffer_len(blob));
+ cp = buffer_append_space(&decrypted, buffer_len(©));
/* Rest of the buffer is encrypted. Decrypt it using the passphrase. */
cipher_set_key_string(&ciphercontext, cipher, passphrase,
CIPHER_DECRYPT);
cipher_crypt(&ciphercontext, cp,
- buffer_ptr(blob), buffer_len(blob));
+ buffer_ptr(©), buffer_len(©), 0, 0);
cipher_cleanup(&ciphercontext);
memset(&ciphercontext, 0, sizeof(ciphercontext));
- buffer_clear(blob);
+ buffer_free(©);
check1 = buffer_get_char(&decrypted);
check2 = buffer_get_char(&decrypted);
@@ -485,8 +509,8 @@
return prv;
fail:
- if (commentp)
- xfree(*commentp);
+ if (commentp != NULL)
+ free(*commentp);
key_free(prv);
return NULL;
}
@@ -606,7 +630,7 @@
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
error("Permissions 0%3.3o for '%s' are too open.",
(u_int)st.st_mode & 0777, filename);
- error("It is recommended that your private key files are NOT accessible by others.");
+ error("It is required that your private key files are NOT accessible by others.");
error("This private key will be ignored.");
return 0;
}
@@ -626,6 +650,7 @@
case KEY_UNSPEC:
return key_parse_private_pem(blob, type, passphrase, commentp);
default:
+ error("%s: cannot parse key type %d", __func__, type);
break;
}
return NULL;
@@ -670,11 +695,34 @@
}
Key *
+key_parse_private(Buffer *buffer, const char *filename,
+ const char *passphrase, char **commentp)
+{
+ Key *pub, *prv;
+
+ /* it's a SSH v1 key if the public key part is readable */
+ pub = key_parse_public_rsa1(buffer, commentp);
+ if (pub == NULL) {
+ prv = key_parse_private_type(buffer, KEY_UNSPEC,
+ passphrase, NULL);
+ /* use the filename as a comment for PEM */
+ if (commentp && prv)
+ *commentp = xstrdup(filename);
+ } else {
+ key_free(pub);
+ /* key_parse_public_rsa1() has already loaded the comment */
+ prv = key_parse_private_type(buffer, KEY_RSA1, passphrase,
+ NULL);
+ }
+ return prv;
+}
+
+Key *
key_load_private(const char *filename, const char *passphrase,
char **commentp)
{
- Key *pub, *prv;
- Buffer buffer, pubcopy;
+ Key *prv;
+ Buffer buffer;
int fd;
fd = open(filename, O_RDONLY);
@@ -697,23 +745,7 @@
}
close(fd);
- buffer_init(&pubcopy);
- buffer_append(&pubcopy, buffer_ptr(&buffer), buffer_len(&buffer));
- /* it's a SSH v1 key if the public key part is readable */
- pub = key_parse_public_rsa1(&pubcopy, commentp);
- buffer_free(&pubcopy);
- if (pub == NULL) {
- prv = key_parse_private_type(&buffer, KEY_UNSPEC,
- passphrase, NULL);
- /* use the filename as a comment for PEM */
- if (commentp && prv)
- *commentp = xstrdup(filename);
- } else {
- key_free(pub);
- /* key_parse_public_rsa1() has already loaded the comment */
- prv = key_parse_private_type(&buffer, KEY_RSA1, passphrase,
- NULL);
- }
+ prv = key_parse_private(&buffer, filename, passphrase, commentp);
buffer_free(&buffer);
return prv;
}
@@ -737,13 +769,19 @@
case '\0':
continue;
}
+ /* Abort loading if this looks like a private key */
+ if (strncmp(cp, "-----BEGIN", 10) == 0)
+ break;
/* Skip leading whitespace. */
for (; *cp && (*cp == ' ' || *cp == '\t'); cp++)
;
if (*cp) {
if (key_read(k, &cp) == 1) {
- if (commentp)
- *commentp=xstrdup(filename);
+ cp[strcspn(cp, "\r\n")] = '\0';
+ if (commentp) {
+ *commentp = xstrdup(*cp ?
+ cp : filename);
+ }
fclose(f);
return 1;
}
@@ -794,10 +832,10 @@
pub = key_new(KEY_UNSPEC);
xasprintf(&file, "%s-cert.pub", filename);
if (key_try_load_public(pub, file, NULL) == 1) {
- xfree(file);
+ free(file);
return pub;
}
- xfree(file);
+ free(file);
key_free(pub);
return NULL;
}
Property changes on: vendor-crypto/openssh/dist/authfile.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/authfile.h
===================================================================
--- vendor-crypto/openssh/dist/authfile.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/authfile.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfile.h,v 1.15 2010/08/04 05:42:47 djm Exp $ */
+/* $OpenBSD: authfile.h,v 1.16 2011/05/04 21:15:29 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -16,9 +16,11 @@
#define AUTHFILE_H
int key_save_private(Key *, const char *, const char *, const char *);
+int key_load_file(int, const char *, Buffer *);
Key *key_load_cert(const char *);
Key *key_load_public(const char *, char **);
Key *key_load_public_type(int, const char *, char **);
+Key *key_parse_private(Buffer *, const char *, const char *, char **);
Key *key_load_private(const char *, const char *, char **);
Key *key_load_private_cert(int, const char *, const char *, int *);
Key *key_load_private_type(int, const char *, const char *, char **, int *);
Property changes on: vendor-crypto/openssh/dist/authfile.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/bufaux.c
===================================================================
--- vendor-crypto/openssh/dist/bufaux.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/bufaux.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: bufaux.c,v 1.50 2010/08/31 09:58:37 djm Exp $ */
+/* $OpenBSD: bufaux.c,v 1.52 2013/07/12 00:19:58 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -181,7 +181,7 @@
/* Get the string. */
if (buffer_get_ret(buffer, value, len) == -1) {
error("buffer_get_string_ret: buffer_get failed");
- xfree(value);
+ free(value);
return (NULL);
}
/* Append a null character to make processing easier. */
@@ -216,7 +216,7 @@
error("buffer_get_cstring_ret: string contains \\0");
else {
bzero(ret, length);
- xfree(ret);
+ free(ret);
return NULL;
}
}
@@ -285,7 +285,7 @@
* Returns a character from the buffer (0 - 255).
*/
int
-buffer_get_char_ret(char *ret, Buffer *buffer)
+buffer_get_char_ret(u_char *ret, Buffer *buffer)
{
if (buffer_get_ret(buffer, ret, 1) == -1) {
error("buffer_get_char_ret: buffer_get_ret failed");
@@ -297,11 +297,11 @@
int
buffer_get_char(Buffer *buffer)
{
- char ch;
+ u_char ch;
if (buffer_get_char_ret(&ch, buffer) == -1)
fatal("buffer_get_char: buffer error");
- return (u_char) ch;
+ return ch;
}
/*
Property changes on: vendor-crypto/openssh/dist/bufaux.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.7
\ No newline at end of property
Deleted: vendor-crypto/openssh/dist/bufaux.h
===================================================================
--- vendor-crypto/openssh/dist/bufaux.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/bufaux.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,55 +0,0 @@
-/* $OpenBSD: bufaux.h,v 1.22 2006/03/25 22:22:42 djm Exp $ */
-
-/*
- * Author: Tatu Ylonen <ylo at cs.hut.fi>
- * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
- * All rights reserved
- *
- * As far as I am concerned, the code I have written for this software
- * can be used freely for any purpose. Any derived versions of this
- * software must be clearly marked as such, and if the derived work is
- * incompatible with the protocol description in the RFC file, it must be
- * called by a name other than "ssh" or "Secure Shell".
- */
-
-#ifndef BUFAUX_H
-#define BUFAUX_H
-
-#include "buffer.h"
-#include <openssl/bn.h>
-
-void buffer_put_bignum(Buffer *, const BIGNUM *);
-void buffer_put_bignum2(Buffer *, const BIGNUM *);
-void buffer_get_bignum(Buffer *, BIGNUM *);
-void buffer_get_bignum2(Buffer *, BIGNUM *);
-
-u_short buffer_get_short(Buffer *);
-void buffer_put_short(Buffer *, u_short);
-
-u_int buffer_get_int(Buffer *);
-void buffer_put_int(Buffer *, u_int);
-
-u_int64_t buffer_get_int64(Buffer *);
-void buffer_put_int64(Buffer *, u_int64_t);
-
-int buffer_get_char(Buffer *);
-void buffer_put_char(Buffer *, int);
-
-void *buffer_get_string(Buffer *, u_int *);
-void buffer_put_string(Buffer *, const void *, u_int);
-void buffer_put_cstring(Buffer *, const char *);
-
-#define buffer_skip_string(b) \
- do { u_int l = buffer_get_int(b); buffer_consume(b, l); } while (0)
-
-int buffer_put_bignum_ret(Buffer *, const BIGNUM *);
-int buffer_get_bignum_ret(Buffer *, BIGNUM *);
-int buffer_put_bignum2_ret(Buffer *, const BIGNUM *);
-int buffer_get_bignum2_ret(Buffer *, BIGNUM *);
-int buffer_get_short_ret(u_short *, Buffer *);
-int buffer_get_int_ret(u_int *, Buffer *);
-int buffer_get_int64_ret(u_int64_t *, Buffer *);
-void *buffer_get_string_ret(Buffer *, u_int *);
-int buffer_get_char_ret(char *, Buffer *);
-
-#endif /* BUFAUX_H */
Modified: vendor-crypto/openssh/dist/bufbn.c
===================================================================
--- vendor-crypto/openssh/dist/bufbn.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/bufbn.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: bufbn.c,v 1.6 2007/06/02 09:04:58 djm Exp $*/
+/* $OpenBSD: bufbn.c,v 1.7 2013/05/17 00:13:13 djm Exp $*/
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -69,7 +69,7 @@
if (oi != bin_size) {
error("buffer_put_bignum_ret: BN_bn2bin() failed: oi %d != bin_size %d",
oi, bin_size);
- xfree(buf);
+ free(buf);
return (-1);
}
@@ -80,7 +80,7 @@
buffer_append(buffer, buf, oi);
memset(buf, 0, bin_size);
- xfree(buf);
+ free(buf);
return (0);
}
@@ -167,13 +167,13 @@
if (oi < 0 || (u_int)oi != bytes - 1) {
error("buffer_put_bignum2_ret: BN_bn2bin() failed: "
"oi %d != bin_size %d", oi, bytes);
- xfree(buf);
+ free(buf);
return (-1);
}
hasnohigh = (buf[1] & 0x80) ? 0 : 1;
buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh);
memset(buf, 0, bytes);
- xfree(buf);
+ free(buf);
return (0);
}
@@ -197,21 +197,21 @@
if (len > 0 && (bin[0] & 0x80)) {
error("buffer_get_bignum2_ret: negative numbers not supported");
- xfree(bin);
+ free(bin);
return (-1);
}
if (len > 8 * 1024) {
error("buffer_get_bignum2_ret: cannot handle BN of size %d",
len);
- xfree(bin);
+ free(bin);
return (-1);
}
if (BN_bin2bn(bin, len, value) == NULL) {
error("buffer_get_bignum2_ret: BN_bin2bn failed");
- xfree(bin);
+ free(bin);
return (-1);
}
- xfree(bin);
+ free(bin);
return (0);
}
Property changes on: vendor-crypto/openssh/dist/bufbn.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/bufec.c
===================================================================
--- vendor-crypto/openssh/dist/bufec.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/bufec.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: bufec.c,v 1.1 2010/08/31 11:54:45 djm Exp $ */
+/* $OpenBSD: bufec.c,v 1.2 2013/05/17 00:13:13 djm Exp $ */
/*
* Copyright (c) 2010 Damien Miller <djm at mindrot.org>
*
@@ -78,7 +78,7 @@
out:
if (buf != NULL) {
bzero(buf, len);
- xfree(buf);
+ free(buf);
}
BN_CTX_free(bnctx);
return ret;
@@ -131,7 +131,7 @@
out:
BN_CTX_free(bnctx);
bzero(buf, len);
- xfree(buf);
+ free(buf);
return ret;
}
Property changes on: vendor-crypto/openssh/dist/bufec.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/buffer.c
===================================================================
--- vendor-crypto/openssh/dist/buffer.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/buffer.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: buffer.c,v 1.32 2010/02/09 03:56:28 djm Exp $ */
+/* $OpenBSD: buffer.c,v 1.33 2013/05/17 00:13:13 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -50,7 +50,7 @@
if (buffer->alloc > 0) {
memset(buffer->buf, 0, buffer->alloc);
buffer->alloc = 0;
- xfree(buffer->buf);
+ free(buffer->buf);
}
}
Property changes on: vendor-crypto/openssh/dist/buffer.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/buffer.h
===================================================================
--- vendor-crypto/openssh/dist/buffer.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/buffer.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: buffer.h,v 1.21 2010/08/31 11:54:45 djm Exp $ */
+/* $OpenBSD: buffer.h,v 1.22 2013/07/12 00:19:58 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -84,7 +84,7 @@
void *buffer_get_string_ret(Buffer *, u_int *);
char *buffer_get_cstring_ret(Buffer *, u_int *);
void *buffer_get_string_ptr_ret(Buffer *, u_int *);
-int buffer_get_char_ret(char *, Buffer *);
+int buffer_get_char_ret(u_char *, Buffer *);
#ifdef OPENSSL_HAS_ECC
#include <openssl/ec.h>
Property changes on: vendor-crypto/openssh/dist/buffer.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/buildpkg.sh.in
===================================================================
--- vendor-crypto/openssh/dist/buildpkg.sh.in 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/buildpkg.sh.in 2013-12-05 12:55:03 UTC (rev 6462)
@@ -229,8 +229,6 @@
# We don't want to overwrite config files on multiple installs
mv $FAKE_ROOT${sysconfdir}/ssh_config $FAKE_ROOT${sysconfdir}/ssh_config.default
mv $FAKE_ROOT${sysconfdir}/sshd_config $FAKE_ROOT${sysconfdir}/sshd_config.default
-[ -f $FAKE_ROOT${sysconfdir}/ssh_prng_cmds ] && \
-mv $FAKE_ROOT${sysconfdir}/ssh_prng_cmds $FAKE_ROOT${sysconfdir}/ssh_prng_cmds.default
# local tweeks here
[ -s "${POST_MAKE_INSTALL_FIXES}" ] && . ${POST_MAKE_INSTALL_FIXES}
@@ -317,11 +315,6 @@
[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config ] || \\
cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config.default \\
\${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config
-[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default ] && {
- [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds ] || \\
- cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default \\
- \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds
-}
# make rc?.d dirs only if we are doing a test install
[ -n "${TEST_DIR}" ] && [ $DO_SMF -ne 1 ] && {
@@ -344,17 +337,17 @@
else
if [ "\${USE_SYM_LINKS}" = yes ]
then
- [ "$RCS_D" = yes ] && \
+ [ "$RCS_D" = yes ] && \\
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
- [ "$RC1_D" = no ] || \
+ [ "$RC1_D" = no ] || \\
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
else
- [ "$RCS_D" = yes ] && \
+ [ "$RCS_D" = yes ] && \\
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
- [ "$RC1_D" = no ] || \
+ [ "$RC1_D" = no ] || \\
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
fi
@@ -545,10 +538,10 @@
PRE_INS_STOP=no
POST_INS_START=no
# determine if should restart the daemon
-if [ -s ${piddir}/sshd.pid ] && \
+if [ -s ${piddir}/sshd.pid ] && \\
/usr/bin/svcs -H $OPENSSH_FMRI 2>&1 | egrep "^online" > /dev/null 2>&1
then
- ans=\`ckyorn -d n \
+ ans=\`ckyorn -d n \\
-p "Should the running sshd daemon be restarted? ${DEF_MSG}"\` || exit \$?
case \$ans in
[y,Y]*) PRE_INS_STOP=yes
@@ -559,7 +552,7 @@
else
# determine if we should start sshd
- ans=\`ckyorn -d n \
+ ans=\`ckyorn -d n \\
-p "Start the sshd daemon after installing this package? ${DEF_MSG}"\` || exit \$?
case \$ans in
[y,Y]*) POST_INS_START=yes ;;
@@ -580,7 +573,7 @@
PRE_INS_STOP=no
POST_INS_START=no
# Use symbolic links?
-ans=\`ckyorn -d n \
+ans=\`ckyorn -d n \\
-p "Do you want symbolic links for the start/stop scripts? ${DEF_MSG}"\` || exit \$?
case \$ans in
[y,Y]*) USE_SYM_LINKS=yes ;;
@@ -589,7 +582,7 @@
# determine if should restart the daemon
if [ -s ${piddir}/sshd.pid -a -f ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} ]
then
- ans=\`ckyorn -d n \
+ ans=\`ckyorn -d n \\
-p "Should the running sshd daemon be restarted? ${DEF_MSG}"\` || exit \$?
case \$ans in
[y,Y]*) PRE_INS_STOP=yes
@@ -600,7 +593,7 @@
else
# determine if we should start sshd
- ans=\`ckyorn -d n \
+ ans=\`ckyorn -d n \\
-p "Start the sshd daemon after installing this package? ${DEF_MSG}"\` || exit \$?
case \$ans in
[y,Y]*) POST_INS_START=yes ;;
Property changes on: vendor-crypto/openssh/dist/buildpkg.sh.in
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/canohost.c
===================================================================
--- vendor-crypto/openssh/dist/canohost.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/canohost.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: canohost.c,v 1.66 2010/01/13 01:20:20 dtucker Exp $ */
+/* $OpenBSD: canohost.c,v 1.67 2013/05/17 00:13:13 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -41,7 +41,7 @@
/*
* Return the canonical name of the host at the other end of the socket. The
- * caller should free the returned string with xfree.
+ * caller should free the returned string.
*/
static char *
@@ -323,10 +323,8 @@
void
clear_cached_addr(void)
{
- if (canonical_host_ip != NULL) {
- xfree(canonical_host_ip);
- canonical_host_ip = NULL;
- }
+ free(canonical_host_ip);
+ canonical_host_ip = NULL;
cached_port = -1;
}
Property changes on: vendor-crypto/openssh/dist/canohost.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.7
\ No newline at end of property
Index: vendor-crypto/openssh/dist/canohost.h
===================================================================
--- vendor-crypto/openssh/dist/canohost.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/canohost.h 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/canohost.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.6
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/channels.c
===================================================================
--- vendor-crypto/openssh/dist/channels.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/channels.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.c,v 1.310 2010/11/24 01:24:14 djm Exp $ */
+/* $OpenBSD: channels.c,v 1.327 2013/11/08 00:39:15 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -125,6 +125,9 @@
/* Number of permitted host/port pair in the array permitted by the admin. */
static int num_adm_permitted_opens = 0;
+/* special-case port number meaning allow any port */
+#define FWD_PERMIT_ANY_PORT 0
+
/*
* If this is true, all opens are permitted. This is the case on the server
* on which we have to trust the client anyway, and the user could do
@@ -210,6 +213,7 @@
case SSH_CHANNEL_OPEN:
case SSH_CHANNEL_INPUT_DRAINING:
case SSH_CHANNEL_OUTPUT_DRAINING:
+ case SSH_CHANNEL_ABANDONED:
return (c);
}
logit("Non-public channel %d, type %d.", id, c->type);
@@ -244,7 +248,10 @@
if ((c->isatty = is_tty) != 0)
debug2("channel %d: rfd %d isatty", c->self, c->rfd);
+#ifdef _AIX
+ /* XXX: Later AIX versions can't push as much data to tty */
c->wfd_isatty = is_tty || isatty(c->wfd);
+#endif
/* enable nonblocking mode */
if (nonblock) {
@@ -302,10 +309,13 @@
buffer_init(&c->output);
buffer_init(&c->extended);
c->path = NULL;
+ c->listening_addr = NULL;
+ c->listening_port = 0;
c->ostate = CHAN_OUTPUT_OPEN;
c->istate = CHAN_INPUT_OPEN;
c->flags = 0;
channel_register_fds(c, rfd, wfd, efd, extusage, nonblock, 0);
+ c->notbefore = 0;
c->self = found;
c->type = type;
c->ctype = ctype;
@@ -395,7 +405,7 @@
s = channel_open_message();
debug3("channel %d: status: %s", c->self, s);
- xfree(s);
+ free(s);
if (c->sock != -1)
shutdown(c->sock, SHUT_RDWR);
@@ -403,25 +413,23 @@
buffer_free(&c->input);
buffer_free(&c->output);
buffer_free(&c->extended);
- if (c->remote_name) {
- xfree(c->remote_name);
- c->remote_name = NULL;
- }
- if (c->path) {
- xfree(c->path);
- c->path = NULL;
- }
+ free(c->remote_name);
+ c->remote_name = NULL;
+ free(c->path);
+ c->path = NULL;
+ free(c->listening_addr);
+ c->listening_addr = NULL;
while ((cc = TAILQ_FIRST(&c->status_confirms)) != NULL) {
if (cc->abandon_cb != NULL)
cc->abandon_cb(c, cc->ctx);
TAILQ_REMOVE(&c->status_confirms, cc, entry);
bzero(cc, sizeof(*cc));
- xfree(cc);
+ free(cc);
}
if (c->filter_cleanup != NULL && c->filter_ctx != NULL)
c->filter_cleanup(c->self, c->filter_ctx);
channels[c->self] = NULL;
- xfree(c);
+ free(c);
}
void
@@ -526,6 +534,7 @@
case SSH_CHANNEL_DYNAMIC:
case SSH_CHANNEL_CONNECTING:
case SSH_CHANNEL_ZOMBIE:
+ case SSH_CHANNEL_ABANDONED:
continue;
case SSH_CHANNEL_LARVAL:
if (!compat20)
@@ -571,6 +580,7 @@
case SSH_CHANNEL_OPENING:
case SSH_CHANNEL_CONNECTING:
case SSH_CHANNEL_ZOMBIE:
+ case SSH_CHANNEL_ABANDONED:
continue;
case SSH_CHANNEL_LARVAL:
case SSH_CHANNEL_AUTH_SOCKET:
@@ -618,6 +628,7 @@
case SSH_CHANNEL_CLOSED:
case SSH_CHANNEL_AUTH_SOCKET:
case SSH_CHANNEL_ZOMBIE:
+ case SSH_CHANNEL_ABANDONED:
case SSH_CHANNEL_MUX_CLIENT:
case SSH_CHANNEL_MUX_LISTENER:
continue;
@@ -693,7 +704,7 @@
if ((c = channel_lookup(id)) == NULL)
fatal("channel_register_expect: %d: bad id", id);
- cc = xmalloc(sizeof(*cc));
+ cc = xcalloc(1, sizeof(*cc));
cc->cb = cb;
cc->abandon_cb = abandon_cb;
cc->ctx = ctx;
@@ -1070,10 +1081,8 @@
strlcpy(username, p, sizeof(username));
buffer_consume(&c->input, len);
- if (c->path != NULL) {
- xfree(c->path);
- c->path = NULL;
- }
+ free(c->path);
+ c->path = NULL;
if (need == 1) { /* SOCKS4: one string */
host = inet_ntoa(s4_req.dest_addr);
c->path = xstrdup(host);
@@ -1133,7 +1142,8 @@
u_int8_t atyp;
} s5_req, s5_rsp;
u_int16_t dest_port;
- u_char *p, dest_addr[255+1], ntop[INET6_ADDRSTRLEN];
+ char dest_addr[255+1], ntop[INET6_ADDRSTRLEN];
+ u_char *p;
u_int have, need, i, found, nmethods, addrlen, af;
debug2("channel %d: decode socks5", c->self);
@@ -1203,13 +1213,11 @@
buffer_consume(&c->input, sizeof(s5_req));
if (s5_req.atyp == SSH_SOCKS5_DOMAIN)
buffer_consume(&c->input, 1); /* host string length */
- buffer_get(&c->input, (char *)&dest_addr, addrlen);
+ buffer_get(&c->input, &dest_addr, addrlen);
buffer_get(&c->input, (char *)&dest_port, 2);
dest_addr[addrlen] = '\0';
- if (c->path != NULL) {
- xfree(c->path);
- c->path = NULL;
- }
+ free(c->path);
+ c->path = NULL;
if (s5_req.atyp == SSH_SOCKS5_DOMAIN) {
if (addrlen >= NI_MAXHOST) {
error("channel %d: dynamic request: socks5 hostname "
@@ -1231,11 +1239,10 @@
s5_rsp.command = SSH_SOCKS5_SUCCESS;
s5_rsp.reserved = 0; /* ignored */
s5_rsp.atyp = SSH_SOCKS5_IPV4;
- ((struct in_addr *)&dest_addr)->s_addr = INADDR_ANY;
dest_port = 0; /* ignored */
buffer_append(&c->output, &s5_rsp, sizeof(s5_rsp));
- buffer_append(&c->output, &dest_addr, sizeof(struct in_addr));
+ buffer_put_int(&c->output, ntohl(INADDR_ANY)); /* bind address */
buffer_append(&c->output, &dest_port, sizeof(dest_port));
return 1;
}
@@ -1314,7 +1321,7 @@
{
Channel *nc;
struct sockaddr_storage addr;
- int newsock;
+ int newsock, oerrno;
socklen_t addrlen;
char buf[16384], *remote_ipaddr;
int remote_port;
@@ -1324,12 +1331,18 @@
addrlen = sizeof(addr);
newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen);
if (c->single_connection) {
+ oerrno = errno;
debug2("single_connection: closing X11 listener.");
channel_close_fd(&c->sock);
chan_mark_dead(c);
+ errno = oerrno;
}
if (newsock < 0) {
- error("accept: %.100s", strerror(errno));
+ if (errno != EINTR && errno != EWOULDBLOCK &&
+ errno != ECONNABORTED)
+ error("accept: %.100s", strerror(errno));
+ if (errno == EMFILE || errno == ENFILE)
+ c->notbefore = monotime() + 1;
return;
}
set_nodelay(newsock);
@@ -1363,7 +1376,7 @@
packet_put_cstring(buf);
packet_send();
}
- xfree(remote_ipaddr);
+ free(remote_ipaddr);
}
}
@@ -1377,7 +1390,7 @@
if (remote_port == -1) {
/* Fake addr/port to appease peers that validate it (Tectia) */
- xfree(remote_ipaddr);
+ free(remote_ipaddr);
remote_ipaddr = xstrdup("127.0.0.1");
remote_port = 65535;
}
@@ -1390,7 +1403,7 @@
rtype, c->listening_port, c->path, c->host_port,
remote_ipaddr, remote_port);
- xfree(c->remote_name);
+ free(c->remote_name);
c->remote_name = xstrdup(buf);
if (compat20) {
@@ -1422,7 +1435,7 @@
packet_put_cstring(c->remote_name);
packet_send();
}
- xfree(remote_ipaddr);
+ free(remote_ipaddr);
}
static void
@@ -1472,7 +1485,11 @@
addrlen = sizeof(addr);
newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen);
if (newsock < 0) {
- error("accept: %.100s", strerror(errno));
+ if (errno != EINTR && errno != EWOULDBLOCK &&
+ errno != ECONNABORTED)
+ error("accept: %.100s", strerror(errno));
+ if (errno == EMFILE || errno == ENFILE)
+ c->notbefore = monotime() + 1;
return;
}
set_nodelay(newsock);
@@ -1505,7 +1522,10 @@
addrlen = sizeof(addr);
newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen);
if (newsock < 0) {
- error("accept from auth socket: %.100s", strerror(errno));
+ error("accept from auth socket: %.100s",
+ strerror(errno));
+ if (errno == EMFILE || errno == ENFILE)
+ c->notbefore = monotime() + 1;
return;
}
nc = channel_new("accepted auth socket",
@@ -1668,7 +1688,7 @@
if (c->datagram) {
/* ignore truncated writes, datagrams might get lost */
len = write(c->wfd, buf, dlen);
- xfree(data);
+ free(data);
if (len < 0 && (errno == EINTR || errno == EAGAIN ||
errno == EWOULDBLOCK))
return 1;
@@ -1908,6 +1928,8 @@
if ((newsock = accept(c->sock, (struct sockaddr*)&addr,
&addrlen)) == -1) {
error("%s accept: %s", __func__, strerror(errno));
+ if (errno == EMFILE || errno == ENFILE)
+ c->notbefore = monotime() + 1;
return;
}
@@ -2058,16 +2080,21 @@
}
static void
-channel_handler(chan_fn *ftab[], fd_set *readset, fd_set *writeset)
+channel_handler(chan_fn *ftab[], fd_set *readset, fd_set *writeset,
+ time_t *unpause_secs)
{
static int did_init = 0;
u_int i, oalloc;
Channel *c;
+ time_t now;
if (!did_init) {
channel_handler_init();
did_init = 1;
}
+ now = monotime();
+ if (unpause_secs != NULL)
+ *unpause_secs = 0;
for (i = 0, oalloc = channels_alloc; i < oalloc; i++) {
c = channels[i];
if (c == NULL)
@@ -2078,10 +2105,30 @@
else
continue;
}
- if (ftab[c->type] != NULL)
- (*ftab[c->type])(c, readset, writeset);
+ if (ftab[c->type] != NULL) {
+ /*
+ * Run handlers that are not paused.
+ */
+ if (c->notbefore <= now)
+ (*ftab[c->type])(c, readset, writeset);
+ else if (unpause_secs != NULL) {
+ /*
+ * Collect the time that the earliest
+ * channel comes off pause.
+ */
+ debug3("%s: chan %d: skip for %d more seconds",
+ __func__, c->self,
+ (int)(c->notbefore - now));
+ if (*unpause_secs == 0 ||
+ (c->notbefore - now) < *unpause_secs)
+ *unpause_secs = c->notbefore - now;
+ }
+ }
channel_garbage_collect(c);
}
+ if (unpause_secs != NULL && *unpause_secs != 0)
+ debug3("%s: first channel unpauses in %d seconds",
+ __func__, (int)*unpause_secs);
}
/*
@@ -2090,7 +2137,7 @@
*/
void
channel_prepare_select(fd_set **readsetp, fd_set **writesetp, int *maxfdp,
- u_int *nallocp, int rekeying)
+ u_int *nallocp, time_t *minwait_secs, int rekeying)
{
u_int n, sz, nfdset;
@@ -2113,7 +2160,8 @@
memset(*writesetp, 0, sz);
if (!rekeying)
- channel_handler(channel_pre, *readsetp, *writesetp);
+ channel_handler(channel_pre, *readsetp, *writesetp,
+ minwait_secs);
}
/*
@@ -2123,7 +2171,7 @@
void
channel_after_select(fd_set *readset, fd_set *writeset)
{
- channel_handler(channel_post, readset, writeset);
+ channel_handler(channel_post, readset, writeset, NULL);
}
@@ -2174,7 +2222,7 @@
debug("channel %d: datagram "
"too big for channel",
c->self);
- xfree(data);
+ free(data);
continue;
}
packet_start(SSH2_MSG_CHANNEL_DATA);
@@ -2182,7 +2230,7 @@
packet_put_string(data, dlen);
packet_send();
c->remote_window -= dlen + 4;
- xfree(data);
+ free(data);
}
continue;
}
@@ -2354,13 +2402,13 @@
if (data_len > c->local_window) {
logit("channel %d: rcvd too much extended_data %d, win %d",
c->self, data_len, c->local_window);
- xfree(data);
+ free(data);
return;
}
debug2("channel %d: rcvd ext data %d", c->self, data_len);
c->local_window -= data_len;
buffer_append(&c->extended, data, data_len);
- xfree(data);
+ free(data);
}
/* ARGSUSED */
@@ -2450,7 +2498,7 @@
if (c == NULL)
packet_disconnect("Received close confirmation for "
"out-of-range channel %d.", id);
- if (c->type != SSH_CHANNEL_CLOSED)
+ if (c->type != SSH_CHANNEL_CLOSED && c->type != SSH_CHANNEL_ABANDONED)
packet_disconnect("Received close confirmation for "
"non-closed channel %d (type %d).", id, c->type);
channel_free(c);
@@ -2526,10 +2574,8 @@
}
logit("channel %d: open failed: %s%s%s", id,
reason2txt(reason), msg ? ": ": "", msg ? msg : "");
- if (msg != NULL)
- xfree(msg);
- if (lang != NULL)
- xfree(lang);
+ free(msg);
+ free(lang);
if (c->open_confirm) {
debug2("callback start");
c->open_confirm(c->self, 0, c->open_confirm_ctx);
@@ -2587,8 +2633,8 @@
packet_check_eom();
c = channel_connect_to(host, host_port,
"connected socket", originator_string);
- xfree(originator_string);
- xfree(host);
+ free(originator_string);
+ free(host);
if (c == NULL) {
packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE);
packet_put_int(remote_id);
@@ -2623,7 +2669,7 @@
cc->cb(type, c, cc->ctx);
TAILQ_REMOVE(&c->status_confirms, cc, entry);
bzero(cc, sizeof(*cc));
- xfree(cc);
+ free(cc);
}
/* -- tcp forwarding */
@@ -2634,6 +2680,46 @@
IPv4or6 = af;
}
+
+/*
+ * Determine whether or not a port forward listens to loopback, the
+ * specified address or wildcard. On the client, a specified bind
+ * address will always override gateway_ports. On the server, a
+ * gateway_ports of 1 (``yes'') will override the client's specification
+ * and force a wildcard bind, whereas a value of 2 (``clientspecified'')
+ * will bind to whatever address the client asked for.
+ *
+ * Special-case listen_addrs are:
+ *
+ * "0.0.0.0" -> wildcard v4/v6 if SSH_OLD_FORWARD_ADDR
+ * "" (empty string), "*" -> wildcard v4/v6
+ * "localhost" -> loopback v4/v6
+ */
+static const char *
+channel_fwd_bind_addr(const char *listen_addr, int *wildcardp,
+ int is_client, int gateway_ports)
+{
+ const char *addr = NULL;
+ int wildcard = 0;
+
+ if (listen_addr == NULL) {
+ /* No address specified: default to gateway_ports setting */
+ if (gateway_ports)
+ wildcard = 1;
+ } else if (gateway_ports || is_client) {
+ if (((datafellows & SSH_OLD_FORWARD_ADDR) &&
+ strcmp(listen_addr, "0.0.0.0") == 0 && is_client == 0) ||
+ *listen_addr == '\0' || strcmp(listen_addr, "*") == 0 ||
+ (!is_client && gateway_ports == 1))
+ wildcard = 1;
+ else if (strcmp(listen_addr, "localhost") != 0)
+ addr = listen_addr;
+ }
+ if (wildcardp != NULL)
+ *wildcardp = wildcard;
+ return addr;
+}
+
static int
channel_setup_fwd_listener(int type, const char *listen_addr,
u_short listen_port, int *allocated_listen_port,
@@ -2659,36 +2745,9 @@
return 0;
}
- /*
- * Determine whether or not a port forward listens to loopback,
- * specified address or wildcard. On the client, a specified bind
- * address will always override gateway_ports. On the server, a
- * gateway_ports of 1 (``yes'') will override the client's
- * specification and force a wildcard bind, whereas a value of 2
- * (``clientspecified'') will bind to whatever address the client
- * asked for.
- *
- * Special-case listen_addrs are:
- *
- * "0.0.0.0" -> wildcard v4/v6 if SSH_OLD_FORWARD_ADDR
- * "" (empty string), "*" -> wildcard v4/v6
- * "localhost" -> loopback v4/v6
- */
- addr = NULL;
- if (listen_addr == NULL) {
- /* No address specified: default to gateway_ports setting */
- if (gateway_ports)
- wildcard = 1;
- } else if (gateway_ports || is_client) {
- if (((datafellows & SSH_OLD_FORWARD_ADDR) &&
- strcmp(listen_addr, "0.0.0.0") == 0 && is_client == 0) ||
- *listen_addr == '\0' || strcmp(listen_addr, "*") == 0 ||
- (!is_client && gateway_ports == 1))
- wildcard = 1;
- else if (strcmp(listen_addr, "localhost") != 0)
- addr = listen_addr;
- }
-
+ /* Determine the bind address, cf. channel_fwd_bind_addr() comment */
+ addr = channel_fwd_bind_addr(listen_addr, &wildcard,
+ is_client, gateway_ports);
debug3("channel_setup_fwd_listener: type %d wildcard %d addr %s",
type, wildcard, (addr == NULL) ? "NULL" : addr);
@@ -2792,7 +2851,12 @@
0, "port listener", 1);
c->path = xstrdup(host);
c->host_port = port_to_connect;
- c->listening_port = listen_port;
+ c->listening_addr = addr == NULL ? NULL : xstrdup(addr);
+ if (listen_port == 0 && allocated_listen_port != NULL &&
+ !(datafellows & SSH_BUG_DYNAMIC_RPORT))
+ c->listening_port = *allocated_listen_port;
+ else
+ c->listening_port = listen_port;
success = 1;
}
if (success == 0)
@@ -2810,9 +2874,44 @@
for (i = 0; i < channels_alloc; i++) {
Channel *c = channels[i];
+ if (c == NULL || c->type != SSH_CHANNEL_RPORT_LISTENER)
+ continue;
+ if (strcmp(c->path, host) == 0 && c->listening_port == port) {
+ debug2("%s: close channel %d", __func__, i);
+ channel_free(c);
+ found = 1;
+ }
+ }
- if (c != NULL && c->type == SSH_CHANNEL_RPORT_LISTENER &&
- strcmp(c->path, host) == 0 && c->listening_port == port) {
+ return (found);
+}
+
+int
+channel_cancel_lport_listener(const char *lhost, u_short lport,
+ int cport, int gateway_ports)
+{
+ u_int i;
+ int found = 0;
+ const char *addr = channel_fwd_bind_addr(lhost, NULL, 1, gateway_ports);
+
+ for (i = 0; i < channels_alloc; i++) {
+ Channel *c = channels[i];
+ if (c == NULL || c->type != SSH_CHANNEL_PORT_LISTENER)
+ continue;
+ if (c->listening_port != lport)
+ continue;
+ if (cport == CHANNEL_CANCEL_PORT_STATIC) {
+ /* skip dynamic forwardings */
+ if (c->host_port == 0)
+ continue;
+ } else {
+ if (c->host_port != cport)
+ continue;
+ }
+ if ((c->listening_addr == NULL && addr != NULL) ||
+ (c->listening_addr != NULL && addr == NULL))
+ continue;
+ if (addr == NULL || strcmp(c->listening_addr, addr) == 0) {
debug2("%s: close channel %d", __func__, i);
channel_free(c);
found = 1;
@@ -2843,37 +2942,44 @@
}
/*
+ * Translate the requested rfwd listen host to something usable for
+ * this server.
+ */
+static const char *
+channel_rfwd_bind_host(const char *listen_host)
+{
+ if (listen_host == NULL) {
+ if (datafellows & SSH_BUG_RFWD_ADDR)
+ return "127.0.0.1";
+ else
+ return "localhost";
+ } else if (*listen_host == '\0' || strcmp(listen_host, "*") == 0) {
+ if (datafellows & SSH_BUG_RFWD_ADDR)
+ return "0.0.0.0";
+ else
+ return "";
+ } else
+ return listen_host;
+}
+
+/*
* Initiate forwarding of connections to port "port" on remote host through
* the secure channel to host:port from local side.
+ * Returns handle (index) for updating the dynamic listen port with
+ * channel_update_permitted_opens().
*/
-
int
channel_request_remote_forwarding(const char *listen_host, u_short listen_port,
const char *host_to_connect, u_short port_to_connect)
{
- int type, success = 0;
+ int type, success = 0, idx = -1;
/* Send the forward request to the remote side. */
if (compat20) {
- const char *address_to_bind;
- if (listen_host == NULL) {
- if (datafellows & SSH_BUG_RFWD_ADDR)
- address_to_bind = "127.0.0.1";
- else
- address_to_bind = "localhost";
- } else if (*listen_host == '\0' ||
- strcmp(listen_host, "*") == 0) {
- if (datafellows & SSH_BUG_RFWD_ADDR)
- address_to_bind = "0.0.0.0";
- else
- address_to_bind = "";
- } else
- address_to_bind = listen_host;
-
packet_start(SSH2_MSG_GLOBAL_REQUEST);
packet_put_cstring("tcpip-forward");
- packet_put_char(1); /* boolean: want reply */
- packet_put_cstring(address_to_bind);
+ packet_put_char(1); /* boolean: want reply */
+ packet_put_cstring(channel_rfwd_bind_host(listen_host));
packet_put_int(listen_port);
packet_send();
packet_write_wait();
@@ -2905,12 +3011,12 @@
/* Record that connection to this host/port is permitted. */
permitted_opens = xrealloc(permitted_opens,
num_permitted_opens + 1, sizeof(*permitted_opens));
- permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host_to_connect);
- permitted_opens[num_permitted_opens].port_to_connect = port_to_connect;
- permitted_opens[num_permitted_opens].listen_port = listen_port;
- num_permitted_opens++;
+ idx = num_permitted_opens++;
+ permitted_opens[idx].host_to_connect = xstrdup(host_to_connect);
+ permitted_opens[idx].port_to_connect = port_to_connect;
+ permitted_opens[idx].listen_port = listen_port;
}
- return (success ? 0 : -1);
+ return (idx);
}
/*
@@ -2917,13 +3023,13 @@
* Request cancellation of remote forwarding of connection host:port from
* local side.
*/
-void
+int
channel_request_rforward_cancel(const char *host, u_short port)
{
int i;
if (!compat20)
- return;
+ return -1;
for (i = 0; i < num_permitted_opens; i++) {
if (permitted_opens[i].host_to_connect != NULL &&
@@ -2932,19 +3038,21 @@
}
if (i >= num_permitted_opens) {
debug("%s: requested forward not found", __func__);
- return;
+ return -1;
}
packet_start(SSH2_MSG_GLOBAL_REQUEST);
packet_put_cstring("cancel-tcpip-forward");
packet_put_char(0);
- packet_put_cstring(host == NULL ? "" : host);
+ packet_put_cstring(channel_rfwd_bind_host(host));
packet_put_int(port);
packet_send();
permitted_opens[i].listen_port = 0;
permitted_opens[i].port_to_connect = 0;
- xfree(permitted_opens[i].host_to_connect);
+ free(permitted_opens[i].host_to_connect);
permitted_opens[i].host_to_connect = NULL;
+
+ return 0;
}
/*
@@ -2982,7 +3090,7 @@
host_port, gateway_ports);
/* Free the argument string. */
- xfree(hostname);
+ free(hostname);
return (success ? 0 : -1);
}
@@ -3013,6 +3121,35 @@
all_opens_permitted = 0;
}
+/*
+ * Update the listen port for a dynamic remote forward, after
+ * the actual 'newport' has been allocated. If 'newport' < 0 is
+ * passed then they entry will be invalidated.
+ */
+void
+channel_update_permitted_opens(int idx, int newport)
+{
+ if (idx < 0 || idx >= num_permitted_opens) {
+ debug("channel_update_permitted_opens: index out of range:"
+ " %d num_permitted_opens %d", idx, num_permitted_opens);
+ return;
+ }
+ debug("%s allowed port %d for forwarding to host %s port %d",
+ newport > 0 ? "Updating" : "Removing",
+ newport,
+ permitted_opens[idx].host_to_connect,
+ permitted_opens[idx].port_to_connect);
+ if (newport >= 0) {
+ permitted_opens[idx].listen_port =
+ (datafellows & SSH_BUG_DYNAMIC_RPORT) ? 0 : newport;
+ } else {
+ permitted_opens[idx].listen_port = 0;
+ permitted_opens[idx].port_to_connect = 0;
+ free(permitted_opens[idx].host_to_connect);
+ permitted_opens[idx].host_to_connect = NULL;
+ }
+}
+
int
channel_add_adm_permitted_opens(char *host, int port)
{
@@ -3027,17 +3164,23 @@
}
void
+channel_disable_adm_local_opens(void)
+{
+ channel_clear_adm_permitted_opens();
+ permitted_adm_opens = xmalloc(sizeof(*permitted_adm_opens));
+ permitted_adm_opens[num_adm_permitted_opens].host_to_connect = NULL;
+ num_adm_permitted_opens = 1;
+}
+
+void
channel_clear_permitted_opens(void)
{
int i;
for (i = 0; i < num_permitted_opens; i++)
- if (permitted_opens[i].host_to_connect != NULL)
- xfree(permitted_opens[i].host_to_connect);
- if (num_permitted_opens > 0) {
- xfree(permitted_opens);
- permitted_opens = NULL;
- }
+ free(permitted_opens[i].host_to_connect);
+ free(permitted_opens);
+ permitted_opens = NULL;
num_permitted_opens = 0;
}
@@ -3047,12 +3190,9 @@
int i;
for (i = 0; i < num_adm_permitted_opens; i++)
- if (permitted_adm_opens[i].host_to_connect != NULL)
- xfree(permitted_adm_opens[i].host_to_connect);
- if (num_adm_permitted_opens > 0) {
- xfree(permitted_adm_opens);
- permitted_adm_opens = NULL;
- }
+ free(permitted_adm_opens[i].host_to_connect);
+ free(permitted_adm_opens);
+ permitted_adm_opens = NULL;
num_adm_permitted_opens = 0;
}
@@ -3067,12 +3207,36 @@
return;
}
for (i = 0; i < num_adm_permitted_opens; i++)
- if (permitted_adm_opens[i].host_to_connect != NULL)
+ if (permitted_adm_opens[i].host_to_connect == NULL)
+ printf(" none");
+ else
printf(" %s:%d", permitted_adm_opens[i].host_to_connect,
permitted_adm_opens[i].port_to_connect);
printf("\n");
}
+/* returns port number, FWD_PERMIT_ANY_PORT or -1 on error */
+int
+permitopen_port(const char *p)
+{
+ int port;
+
+ if (strcmp(p, "*") == 0)
+ return FWD_PERMIT_ANY_PORT;
+ if ((port = a2port(p)) > 0)
+ return port;
+ return -1;
+}
+
+static int
+port_match(u_short allowedport, u_short requestedport)
+{
+ if (allowedport == FWD_PERMIT_ANY_PORT ||
+ allowedport == requestedport)
+ return 1;
+ return 0;
+}
+
/* Try to start non-blocking connect to next host in cctx list */
static int
connect_next(struct channel_connect *cctx)
@@ -3122,7 +3286,7 @@
static void
channel_connect_ctx_free(struct channel_connect *cctx)
{
- xfree(cctx->host);
+ free(cctx->host);
if (cctx->aitop)
freeaddrinfo(cctx->aitop);
bzero(cctx, sizeof(*cctx));
@@ -3175,7 +3339,7 @@
for (i = 0; i < num_permitted_opens; i++) {
if (permitted_opens[i].host_to_connect != NULL &&
- permitted_opens[i].listen_port == listen_port) {
+ port_match(permitted_opens[i].listen_port, listen_port)) {
return connect_to(
permitted_opens[i].host_to_connect,
permitted_opens[i].port_to_connect, ctype, rname);
@@ -3196,7 +3360,7 @@
if (!permit) {
for (i = 0; i < num_permitted_opens; i++)
if (permitted_opens[i].host_to_connect != NULL &&
- permitted_opens[i].port_to_connect == port &&
+ port_match(permitted_opens[i].port_to_connect, port) &&
strcmp(permitted_opens[i].host_to_connect, host) == 0)
permit = 1;
}
@@ -3205,7 +3369,7 @@
permit_adm = 0;
for (i = 0; i < num_adm_permitted_opens; i++)
if (permitted_adm_opens[i].host_to_connect != NULL &&
- permitted_adm_opens[i].port_to_connect == port &&
+ port_match(permitted_adm_opens[i].port_to_connect, port) &&
strcmp(permitted_adm_opens[i].host_to_connect, host)
== 0)
permit_adm = 1;
@@ -3517,7 +3681,7 @@
c->remote_id = remote_id;
c->force_drain = 1;
}
- xfree(remote_host);
+ free(remote_host);
if (c == NULL) {
/* Send refusal to the remote host. */
packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE);
@@ -3562,7 +3726,7 @@
*/
void
x11_request_forwarding_with_spoofing(int client_session_id, const char *disp,
- const char *proto, const char *data)
+ const char *proto, const char *data, int want_reply)
{
u_int data_len = (u_int) strlen(data) / 2;
u_int i, value;
@@ -3615,7 +3779,7 @@
/* Send the request packet. */
if (compat20) {
- channel_request_start(client_session_id, "x11-req", 0);
+ channel_request_start(client_session_id, "x11-req", want_reply);
packet_put_char(0); /* XXX bool single connection */
} else {
packet_start(SSH_CMSG_X11_REQUEST_FORWARDING);
@@ -3625,7 +3789,7 @@
packet_put_int(screen_number);
packet_send();
packet_write_wait();
- xfree(new_data);
+ free(new_data);
}
Property changes on: vendor-crypto/openssh/dist/channels.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.9
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/channels.h
===================================================================
--- vendor-crypto/openssh/dist/channels.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/channels.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.h,v 1.104 2010/05/14 23:29:23 djm Exp $ */
+/* $OpenBSD: channels.h,v 1.113 2013/06/07 15:37:52 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -55,8 +55,11 @@
#define SSH_CHANNEL_ZOMBIE 14 /* Almost dead. */
#define SSH_CHANNEL_MUX_LISTENER 15 /* Listener for mux conn. */
#define SSH_CHANNEL_MUX_CLIENT 16 /* Conn. to mux slave */
-#define SSH_CHANNEL_MAX_TYPE 17
+#define SSH_CHANNEL_ABANDONED 17 /* Abandoned session, eg mux */
+#define SSH_CHANNEL_MAX_TYPE 18
+#define CHANNEL_CANCEL_PORT_STATIC -1
+
struct Channel;
typedef struct Channel Channel;
@@ -100,14 +103,17 @@
int sock; /* sock fd */
int ctl_chan; /* control channel (multiplexed connections) */
int isatty; /* rfd is a tty */
+#ifdef _AIX
int wfd_isatty; /* wfd is a tty */
+#endif
int client_tty; /* (client) TTY has been requested */
int force_drain; /* force close on iEOF */
+ time_t notbefore; /* Pause IO until deadline (time_t) */
int delayed; /* post-select handlers for newly created
* channels are delayed until the first call
* to a matching pre-select handler.
* this way post-select handlers are not
- * accidenly called if a FD gets reused */
+ * accidentally called if a FD gets reused */
Buffer input; /* data read from socket, to be sent over
* encrypted connection */
Buffer output; /* data received over encrypted connection for
@@ -116,6 +122,7 @@
char *path;
/* path for unix domain sockets, or host name for forwards */
int listening_port; /* port being listened for forwards */
+ char *listening_addr; /* addr being listened for forwards */
int host_port; /* remote port to connect for forwards */
char *remote_name; /* remote hostname */
@@ -235,7 +242,8 @@
/* file descriptor handling (read/write) */
-void channel_prepare_select(fd_set **, fd_set **, int *, u_int*, int);
+void channel_prepare_select(fd_set **, fd_set **, int *, u_int*,
+ time_t*, int);
void channel_after_select(fd_set *, fd_set *);
void channel_output_poll(void);
@@ -250,6 +258,8 @@
void channel_permit_all_opens(void);
void channel_add_permitted_opens(char *, int);
int channel_add_adm_permitted_opens(char *, int);
+void channel_disable_adm_local_opens(void);
+void channel_update_permitted_opens(int, int);
void channel_clear_permitted_opens(void);
void channel_clear_adm_permitted_opens(void);
void channel_print_adm_permitted_opens(void);
@@ -261,9 +271,11 @@
const char *, u_short);
int channel_setup_local_fwd_listener(const char *, u_short,
const char *, u_short, int);
-void channel_request_rforward_cancel(const char *host, u_short port);
+int channel_request_rforward_cancel(const char *host, u_short port);
int channel_setup_remote_fwd_listener(const char *, u_short, int *, int);
int channel_cancel_rport_listener(const char *, u_short);
+int channel_cancel_lport_listener(const char *, u_short, int, int);
+int permitopen_port(const char *);
/* x11 forwarding */
@@ -271,7 +283,7 @@
int x11_create_display_inet(int, int, int, u_int *, int **);
void x11_input_open(int, u_int32_t, void *);
void x11_request_forwarding_with_spoofing(int, const char *, const char *,
- const char *);
+ const char *, int);
void deny_input_open(int, u_int32_t, void *);
/* agent forwarding */
Property changes on: vendor-crypto/openssh/dist/channels.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.6
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/cipher-3des1.c
===================================================================
--- vendor-crypto/openssh/dist/cipher-3des1.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/cipher-3des1.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: cipher-3des1.c,v 1.7 2010/10/01 23:05:32 djm Exp $ */
+/* $OpenBSD: cipher-3des1.c,v 1.9 2013/11/08 00:39:15 djm Exp $ */
/*
* Copyright (c) 2003 Markus Friedl. All rights reserved.
*
@@ -67,7 +67,7 @@
u_char *k1, *k2, *k3;
if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
- c = xmalloc(sizeof(*c));
+ c = xcalloc(1, sizeof(*c));
EVP_CIPHER_CTX_set_app_data(ctx, c);
}
if (key == NULL)
@@ -94,7 +94,7 @@
EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 ||
EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) {
memset(c, 0, sizeof(*c));
- xfree(c);
+ free(c);
EVP_CIPHER_CTX_set_app_data(ctx, NULL);
return (0);
}
@@ -135,7 +135,7 @@
EVP_CIPHER_CTX_cleanup(&c->k2);
EVP_CIPHER_CTX_cleanup(&c->k3);
memset(c, 0, sizeof(*c));
- xfree(c);
+ free(c);
EVP_CIPHER_CTX_set_app_data(ctx, NULL);
}
return (1);
Property changes on: vendor-crypto/openssh/dist/cipher-3des1.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Deleted: vendor-crypto/openssh/dist/cipher-acss.c
===================================================================
--- vendor-crypto/openssh/dist/cipher-acss.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/cipher-acss.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,86 +0,0 @@
-/*
- * Copyright (c) 2004 The OpenBSD project
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include "includes.h"
-
-#include <openssl/evp.h>
-
-#include <string.h>
-
-#if !defined(EVP_CTRL_SET_ACSS_MODE) && (OPENSSL_VERSION_NUMBER >= 0x00907000L)
-
-#include "acss.h"
-#include "openbsd-compat/openssl-compat.h"
-
-#define data(ctx) ((EVP_ACSS_KEY *)(ctx)->cipher_data)
-
-typedef struct {
- ACSS_KEY ks;
-} EVP_ACSS_KEY;
-
-#define EVP_CTRL_SET_ACSS_MODE 0xff06
-#define EVP_CTRL_SET_ACSS_SUBKEY 0xff07
-
-static int
-acss_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
-{
- acss_setkey(&data(ctx)->ks,key,enc,ACSS_DATA);
- return 1;
-}
-
-static int
-acss_ciph(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in,
- LIBCRYPTO_EVP_INL_TYPE inl)
-{
- acss(&data(ctx)->ks,inl,in,out);
- return 1;
-}
-
-static int
-acss_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
-{
- switch(type) {
- case EVP_CTRL_SET_ACSS_MODE:
- data(ctx)->ks.mode = arg;
- return 1;
- case EVP_CTRL_SET_ACSS_SUBKEY:
- acss_setsubkey(&data(ctx)->ks,(unsigned char *)ptr);
- return 1;
- default:
- return -1;
- }
-}
-
-const EVP_CIPHER *
-evp_acss(void)
-{
- static EVP_CIPHER acss_cipher;
-
- memset(&acss_cipher, 0, sizeof(EVP_CIPHER));
-
- acss_cipher.nid = NID_undef;
- acss_cipher.block_size = 1;
- acss_cipher.key_len = 5;
- acss_cipher.init = acss_init_key;
- acss_cipher.do_cipher = acss_ciph;
- acss_cipher.ctx_size = sizeof(EVP_ACSS_KEY);
- acss_cipher.ctrl = acss_ctrl;
-
- return (&acss_cipher);
-}
-#endif
-
Modified: vendor-crypto/openssh/dist/cipher-aes.c
===================================================================
--- vendor-crypto/openssh/dist/cipher-aes.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/cipher-aes.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -46,9 +46,6 @@
u_char r_iv[RIJNDAEL_BLOCKSIZE];
};
-const EVP_CIPHER * evp_rijndael(void);
-void ssh_rijndael_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
-
static int
ssh_rijndael_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
int enc)
@@ -123,7 +120,7 @@
if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
memset(c, 0, sizeof(*c));
- xfree(c);
+ free(c);
EVP_CIPHER_CTX_set_app_data(ctx, NULL);
}
return (1);
Property changes on: vendor-crypto/openssh/dist/cipher-aes.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Index: vendor-crypto/openssh/dist/cipher-bf1.c
===================================================================
--- vendor-crypto/openssh/dist/cipher-bf1.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/cipher-bf1.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/cipher-bf1.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/cipher-ctr.c
===================================================================
--- vendor-crypto/openssh/dist/cipher-ctr.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/cipher-ctr.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -16,6 +16,7 @@
*/
#include "includes.h"
+#ifndef OPENSSL_HAVE_EVPCTR
#include <sys/types.h>
#include <stdarg.h>
@@ -33,9 +34,6 @@
#include <openssl/aes.h>
#endif
-const EVP_CIPHER *evp_aes_128_ctr(void);
-void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, size_t);
-
struct ssh_aes_ctr_ctx
{
AES_KEY aes_ctx;
@@ -106,7 +104,7 @@
if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
memset(c, 0, sizeof(*c));
- xfree(c);
+ free(c);
EVP_CIPHER_CTX_set_app_data(ctx, NULL);
}
return (1);
@@ -144,3 +142,5 @@
#endif
return (&aes_ctr);
}
+
+#endif /* OPENSSL_HAVE_EVPCTR */
Property changes on: vendor-crypto/openssh/dist/cipher-ctr.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/cipher.c
===================================================================
--- vendor-crypto/openssh/dist/cipher.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/cipher.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: cipher.c,v 1.82 2009/01/26 09:58:15 markus Exp $ */
+/* $OpenBSD: cipher.c,v 1.89 2013/05/17 00:13:13 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -54,8 +54,6 @@
extern const EVP_CIPHER *evp_ssh1_bf(void);
extern const EVP_CIPHER *evp_ssh1_3des(void);
extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
-extern const EVP_CIPHER *evp_aes_128_ctr(void);
-extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
struct Cipher {
char *name;
@@ -62,37 +60,67 @@
int number; /* for ssh1 only */
u_int block_size;
u_int key_len;
+ u_int iv_len; /* defaults to block_size */
+ u_int auth_len;
u_int discard_len;
u_int cbc_mode;
const EVP_CIPHER *(*evptype)(void);
-} ciphers[] = {
- { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, EVP_enc_null },
- { "des", SSH_CIPHER_DES, 8, 8, 0, 1, EVP_des_cbc },
- { "3des", SSH_CIPHER_3DES, 8, 16, 0, 1, evp_ssh1_3des },
- { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, 1, evp_ssh1_bf },
+};
- { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 1, EVP_des_ede3_cbc },
- { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, 0, 1, EVP_bf_cbc },
- { "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, 0, 1, EVP_cast5_cbc },
- { "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, 0, EVP_rc4 },
- { "arcfour128", SSH_CIPHER_SSH2, 8, 16, 1536, 0, EVP_rc4 },
- { "arcfour256", SSH_CIPHER_SSH2, 8, 32, 1536, 0, EVP_rc4 },
- { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, 1, EVP_aes_128_cbc },
- { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, 1, EVP_aes_192_cbc },
- { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc },
+static const struct Cipher ciphers[] = {
+ { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null },
+ { "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc },
+ { "3des", SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des },
+ { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, 0, 0, 1, evp_ssh1_bf },
+
+ { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc },
+ { "blowfish-cbc",
+ SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc },
+ { "cast128-cbc",
+ SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_cast5_cbc },
+ { "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 0, EVP_rc4 },
+ { "arcfour128", SSH_CIPHER_SSH2, 8, 16, 0, 0, 1536, 0, EVP_rc4 },
+ { "arcfour256", SSH_CIPHER_SSH2, 8, 32, 0, 0, 1536, 0, EVP_rc4 },
+ { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, 1, EVP_aes_128_cbc },
+ { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, 1, EVP_aes_192_cbc },
+ { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 1, EVP_aes_256_cbc },
{ "rijndael-cbc at lysator.liu.se",
- SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc },
- { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, evp_aes_128_ctr },
- { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, evp_aes_128_ctr },
- { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, evp_aes_128_ctr },
-#ifdef USE_CIPHER_ACSS
- { "acss at openssh.org", SSH_CIPHER_SSH2, 16, 5, 0, 0, EVP_acss },
+ SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 1, EVP_aes_256_cbc },
+ { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, 0, EVP_aes_128_ctr },
+ { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, 0, EVP_aes_192_ctr },
+ { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 0, EVP_aes_256_ctr },
+#ifdef OPENSSL_HAVE_EVPGCM
+ { "aes128-gcm at openssh.com",
+ SSH_CIPHER_SSH2, 16, 16, 12, 16, 0, 0, EVP_aes_128_gcm },
+ { "aes256-gcm at openssh.com",
+ SSH_CIPHER_SSH2, 16, 32, 12, 16, 0, 0, EVP_aes_256_gcm },
#endif
- { NULL, SSH_CIPHER_INVALID, 0, 0, 0, 0, NULL }
+ { NULL, SSH_CIPHER_INVALID, 0, 0, 0, 0, 0, 0, NULL }
};
/*--*/
+/* Returns a comma-separated list of supported ciphers. */
+char *
+cipher_alg_list(void)
+{
+ char *ret = NULL;
+ size_t nlen, rlen = 0;
+ const Cipher *c;
+
+ for (c = ciphers; c->name != NULL; c++) {
+ if (c->number != SSH_CIPHER_SSH2)
+ continue;
+ if (ret != NULL)
+ ret[rlen++] = '\n';
+ nlen = strlen(c->name);
+ ret = xrealloc(ret, 1, rlen + nlen + 2);
+ memcpy(ret + rlen, c->name, nlen + 1);
+ rlen += nlen;
+ }
+ return ret;
+}
+
u_int
cipher_blocksize(const Cipher *c)
{
@@ -106,6 +134,18 @@
}
u_int
+cipher_authlen(const Cipher *c)
+{
+ return (c->auth_len);
+}
+
+u_int
+cipher_ivlen(const Cipher *c)
+{
+ return (c->iv_len ? c->iv_len : c->block_size);
+}
+
+u_int
cipher_get_number(const Cipher *c)
{
return (c->number);
@@ -129,10 +169,10 @@
return mask;
}
-Cipher *
+const Cipher *
cipher_by_name(const char *name)
{
- Cipher *c;
+ const Cipher *c;
for (c = ciphers; c->name != NULL; c++)
if (strcmp(c->name, name) == 0)
return c;
@@ -139,10 +179,10 @@
return NULL;
}
-Cipher *
+const Cipher *
cipher_by_number(int id)
{
- Cipher *c;
+ const Cipher *c;
for (c = ciphers; c->name != NULL; c++)
if (c->number == id)
return c;
@@ -153,7 +193,7 @@
int
ciphers_valid(const char *names)
{
- Cipher *c;
+ const Cipher *c;
char *cipher_list, *cp;
char *p;
@@ -165,7 +205,7 @@
c = cipher_by_name(p);
if (c == NULL || c->number != SSH_CIPHER_SSH2) {
debug("bad cipher %s [%s]", p, names);
- xfree(cipher_list);
+ free(cipher_list);
return 0;
} else {
debug3("cipher ok: %s [%s]", p, names);
@@ -172,7 +212,7 @@
}
}
debug3("ciphers ok: [%s]", names);
- xfree(cipher_list);
+ free(cipher_list);
return 1;
}
@@ -184,7 +224,7 @@
int
cipher_number(const char *name)
{
- Cipher *c;
+ const Cipher *c;
if (name == NULL)
return -1;
for (c = ciphers; c->name != NULL; c++)
@@ -196,12 +236,12 @@
char *
cipher_name(int id)
{
- Cipher *c = cipher_by_number(id);
+ const Cipher *c = cipher_by_number(id);
return (c==NULL) ? "<unknown>" : c->name;
}
void
-cipher_init(CipherContext *cc, Cipher *cipher,
+cipher_init(CipherContext *cc, const Cipher *cipher,
const u_char *key, u_int keylen, const u_char *iv, u_int ivlen,
int do_encrypt)
{
@@ -224,11 +264,12 @@
keylen = 8;
}
cc->plaintext = (cipher->number == SSH_CIPHER_NONE);
+ cc->encrypt = do_encrypt;
if (keylen < cipher->key_len)
fatal("cipher_init: key length %d is insufficient for %s.",
keylen, cipher->name);
- if (iv != NULL && ivlen < cipher->block_size)
+ if (iv != NULL && ivlen < cipher_ivlen(cipher))
fatal("cipher_init: iv length %d is insufficient for %s.",
ivlen, cipher->name);
cc->cipher = cipher;
@@ -249,6 +290,11 @@
(do_encrypt == CIPHER_ENCRYPT)) == 0)
fatal("cipher_init: EVP_CipherInit failed for %s",
cipher->name);
+ if (cipher_authlen(cipher) &&
+ !EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_SET_IV_FIXED,
+ -1, (u_char *)iv))
+ fatal("cipher_init: EVP_CTRL_GCM_SET_IV_FIXED failed for %s",
+ cipher->name);
klen = EVP_CIPHER_CTX_key_length(&cc->evp);
if (klen > 0 && keylen != (u_int)klen) {
debug2("cipher_init: set keylen (%d -> %d)", klen, keylen);
@@ -268,18 +314,64 @@
cipher->discard_len) == 0)
fatal("evp_crypt: EVP_Cipher failed during discard");
memset(discard, 0, cipher->discard_len);
- xfree(junk);
- xfree(discard);
+ free(junk);
+ free(discard);
}
}
+/*
+ * cipher_crypt() operates as following:
+ * Copy 'aadlen' bytes (without en/decryption) from 'src' to 'dest'.
+ * Theses bytes are treated as additional authenticated data for
+ * authenticated encryption modes.
+ * En/Decrypt 'len' bytes at offset 'aadlen' from 'src' to 'dest'.
+ * Use 'authlen' bytes at offset 'len'+'aadlen' as the authentication tag.
+ * This tag is written on encryption and verified on decryption.
+ * Both 'aadlen' and 'authlen' can be set to 0.
+ */
void
-cipher_crypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
+cipher_crypt(CipherContext *cc, u_char *dest, const u_char *src,
+ u_int len, u_int aadlen, u_int authlen)
{
+ if (authlen) {
+ u_char lastiv[1];
+
+ if (authlen != cipher_authlen(cc->cipher))
+ fatal("%s: authlen mismatch %d", __func__, authlen);
+ /* increment IV */
+ if (!EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_IV_GEN,
+ 1, lastiv))
+ fatal("%s: EVP_CTRL_GCM_IV_GEN", __func__);
+ /* set tag on decyption */
+ if (!cc->encrypt &&
+ !EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_SET_TAG,
+ authlen, (u_char *)src + aadlen + len))
+ fatal("%s: EVP_CTRL_GCM_SET_TAG", __func__);
+ }
+ if (aadlen) {
+ if (authlen &&
+ EVP_Cipher(&cc->evp, NULL, (u_char *)src, aadlen) < 0)
+ fatal("%s: EVP_Cipher(aad) failed", __func__);
+ memcpy(dest, src, aadlen);
+ }
if (len % cc->cipher->block_size)
- fatal("cipher_encrypt: bad plaintext length %d", len);
- if (EVP_Cipher(&cc->evp, dest, (u_char *)src, len) == 0)
- fatal("evp_crypt: EVP_Cipher failed");
+ fatal("%s: bad plaintext length %d", __func__, len);
+ if (EVP_Cipher(&cc->evp, dest + aadlen, (u_char *)src + aadlen,
+ len) < 0)
+ fatal("%s: EVP_Cipher failed", __func__);
+ if (authlen) {
+ /* compute tag (on encrypt) or verify tag (on decrypt) */
+ if (EVP_Cipher(&cc->evp, NULL, NULL, 0) < 0) {
+ if (cc->encrypt)
+ fatal("%s: EVP_Cipher(final) failed", __func__);
+ else
+ fatal("Decryption integrity check failed");
+ }
+ if (cc->encrypt &&
+ !EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_GET_TAG,
+ authlen, dest + aadlen + len))
+ fatal("%s: EVP_CTRL_GCM_GET_TAG", __func__);
+ }
}
void
@@ -295,7 +387,7 @@
*/
void
-cipher_set_key_string(CipherContext *cc, Cipher *cipher,
+cipher_set_key_string(CipherContext *cc, const Cipher *cipher,
const char *passphrase, int do_encrypt)
{
MD5_CTX md;
@@ -320,7 +412,7 @@
int
cipher_get_keyiv_len(const CipherContext *cc)
{
- Cipher *c = cc->cipher;
+ const Cipher *c = cc->cipher;
int ivlen;
if (c->number == SSH_CIPHER_3DES)
@@ -333,7 +425,7 @@
void
cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)
{
- Cipher *c = cc->cipher;
+ const Cipher *c = cc->cipher;
int evplen;
switch (c->number) {
@@ -351,10 +443,12 @@
ssh_rijndael_iv(&cc->evp, 0, iv, len);
else
#endif
+#ifndef OPENSSL_HAVE_EVPCTR
if (c->evptype == evp_aes_128_ctr)
ssh_aes_ctr_iv(&cc->evp, 0, iv, len);
else
- memcpy(iv, cc->evp.iv, len);
+#endif
+ memcpy(iv, cc->evp.iv, len);
break;
case SSH_CIPHER_3DES:
ssh1_3des_iv(&cc->evp, 0, iv, 24);
@@ -367,7 +461,7 @@
void
cipher_set_keyiv(CipherContext *cc, u_char *iv)
{
- Cipher *c = cc->cipher;
+ const Cipher *c = cc->cipher;
int evplen = 0;
switch (c->number) {
@@ -382,10 +476,12 @@
ssh_rijndael_iv(&cc->evp, 1, iv, evplen);
else
#endif
+#ifndef OPENSSL_HAVE_EVPCTR
if (c->evptype == evp_aes_128_ctr)
ssh_aes_ctr_iv(&cc->evp, 1, iv, evplen);
else
- memcpy(cc->evp.iv, iv, evplen);
+#endif
+ memcpy(cc->evp.iv, iv, evplen);
break;
case SSH_CIPHER_3DES:
ssh1_3des_iv(&cc->evp, 1, iv, 24);
@@ -395,21 +491,13 @@
}
}
-#if OPENSSL_VERSION_NUMBER < 0x00907000L
-#define EVP_X_STATE(evp) &(evp).c
-#define EVP_X_STATE_LEN(evp) sizeof((evp).c)
-#else
-#define EVP_X_STATE(evp) (evp).cipher_data
-#define EVP_X_STATE_LEN(evp) (evp).cipher->ctx_size
-#endif
-
int
cipher_get_keycontext(const CipherContext *cc, u_char *dat)
{
- Cipher *c = cc->cipher;
+ const Cipher *c = cc->cipher;
int plen = 0;
- if (c->evptype == EVP_rc4 || c->evptype == EVP_acss) {
+ if (c->evptype == EVP_rc4) {
plen = EVP_X_STATE_LEN(cc->evp);
if (dat == NULL)
return (plen);
@@ -421,10 +509,10 @@
void
cipher_set_keycontext(CipherContext *cc, u_char *dat)
{
- Cipher *c = cc->cipher;
+ const Cipher *c = cc->cipher;
int plen;
- if (c->evptype == EVP_rc4 || c->evptype == EVP_acss) {
+ if (c->evptype == EVP_rc4) {
plen = EVP_X_STATE_LEN(cc->evp);
memcpy(EVP_X_STATE(cc->evp), dat, plen);
}
Property changes on: vendor-crypto/openssh/dist/cipher.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/cipher.h
===================================================================
--- vendor-crypto/openssh/dist/cipher.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/cipher.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: cipher.h,v 1.37 2009/01/26 09:58:15 markus Exp $ */
+/* $OpenBSD: cipher.h,v 1.40 2013/04/19 01:06:50 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -64,23 +64,28 @@
struct Cipher;
struct CipherContext {
int plaintext;
+ int encrypt;
EVP_CIPHER_CTX evp;
- Cipher *cipher;
+ const Cipher *cipher;
};
u_int cipher_mask_ssh1(int);
-Cipher *cipher_by_name(const char *);
-Cipher *cipher_by_number(int);
+const Cipher *cipher_by_name(const char *);
+const Cipher *cipher_by_number(int);
int cipher_number(const char *);
char *cipher_name(int);
int ciphers_valid(const char *);
-void cipher_init(CipherContext *, Cipher *, const u_char *, u_int,
+char *cipher_alg_list(void);
+void cipher_init(CipherContext *, const Cipher *, const u_char *, u_int,
const u_char *, u_int, int);
-void cipher_crypt(CipherContext *, u_char *, const u_char *, u_int);
+void cipher_crypt(CipherContext *, u_char *, const u_char *,
+ u_int, u_int, u_int);
void cipher_cleanup(CipherContext *);
-void cipher_set_key_string(CipherContext *, Cipher *, const char *, int);
+void cipher_set_key_string(CipherContext *, const Cipher *, const char *, int);
u_int cipher_blocksize(const Cipher *);
u_int cipher_keylen(const Cipher *);
+u_int cipher_authlen(const Cipher *);
+u_int cipher_ivlen(const Cipher *);
u_int cipher_is_cbc(const Cipher *);
u_int cipher_get_number(const Cipher *);
Property changes on: vendor-crypto/openssh/dist/cipher.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Index: vendor-crypto/openssh/dist/cleanup.c
===================================================================
--- vendor-crypto/openssh/dist/cleanup.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/cleanup.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/cleanup.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/clientloop.c
===================================================================
--- vendor-crypto/openssh/dist/clientloop.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/clientloop.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.231 2011/01/16 12:05:59 djm Exp $ */
+/* $OpenBSD: clientloop.c,v 1.255 2013/11/08 00:39:15 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -130,9 +130,6 @@
*/
extern char *host;
-/* Force TTY allocation */
-extern int force_tty_flag;
-
/*
* Flag to indicate that we have received a window change signal which has
* not yet been processed. This will cause a message indicating the new
@@ -179,7 +176,8 @@
/* Context for channel confirmation replies */
struct channel_reply_ctx {
const char *request_type;
- int id, do_close;
+ int id;
+ enum confirm_action action;
};
/* Global request success/failure callbacks */
@@ -265,10 +263,10 @@
set_control_persist_exit_time(void)
{
if (muxserver_sock == -1 || !options.control_persist
- || options.control_persist_timeout == 0)
+ || options.control_persist_timeout == 0) {
/* not using a ControlPersist timeout */
control_persist_exit_time = 0;
- else if (channel_still_open()) {
+ } else if (channel_still_open()) {
/* some client connections are still open */
if (control_persist_exit_time > 0)
debug2("%s: cancel scheduled exit", __func__);
@@ -275,7 +273,7 @@
control_persist_exit_time = 0;
} else if (control_persist_exit_time <= 0) {
/* a client connection has recently closed */
- control_persist_exit_time = time(NULL) +
+ control_persist_exit_time = monotime() +
(time_t)options.control_persist_timeout;
debug2("%s: schedule exit in %d seconds", __func__,
options.control_persist_timeout);
@@ -283,6 +281,23 @@
/* else we are already counting down to the timeout */
}
+#define SSH_X11_VALID_DISPLAY_CHARS ":/.-_"
+static int
+client_x11_display_valid(const char *display)
+{
+ size_t i, dlen;
+
+ dlen = strlen(display);
+ for (i = 0; i < dlen; i++) {
+ if (!isalnum(display[i]) &&
+ strchr(SSH_X11_VALID_DISPLAY_CHARS, display[i]) == NULL) {
+ debug("Invalid character '%c' in DISPLAY", display[i]);
+ return 0;
+ }
+ }
+ return 1;
+}
+
#define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1"
void
client_x11_get_proto(const char *display, const char *xauth_path,
@@ -305,6 +320,9 @@
if (xauth_path == NULL ||(stat(xauth_path, &st) == -1)) {
debug("No xauth program.");
+ } else if (!client_x11_display_valid(display)) {
+ logit("DISPLAY '%s' invalid, falling back to fake xauth data",
+ display);
} else {
if (display == NULL) {
debug("x11_get_proto: DISPLAY not set");
@@ -338,7 +356,7 @@
if (system(cmd) == 0)
generated = 1;
if (x11_refuse_time == 0) {
- now = time(NULL) + 1;
+ now = monotime() + 1;
if (UINT_MAX - timeout < now)
x11_refuse_time = UINT_MAX;
else
@@ -375,10 +393,8 @@
unlink(xauthfile);
rmdir(xauthdir);
}
- if (xauthdir)
- xfree(xauthdir);
- if (xauthfile)
- xfree(xauthfile);
+ free(xauthdir);
+ free(xauthfile);
/*
* If we didn't get authentication data, just make up some
@@ -534,7 +550,7 @@
if (--gc->ref_count <= 0) {
TAILQ_REMOVE(&global_confirms, gc, entry);
bzero(gc, sizeof(*gc));
- xfree(gc);
+ free(gc);
}
packet_set_alive_timeouts(0);
@@ -565,10 +581,12 @@
{
struct timeval tv, *tvp;
int timeout_secs;
+ time_t minwait_secs = 0, server_alive_time = 0, now = monotime();
int ret;
/* Add any selections by the channel mechanism. */
- channel_prepare_select(readsetp, writesetp, maxfdp, nallocp, rekeying);
+ channel_prepare_select(readsetp, writesetp, maxfdp, nallocp,
+ &minwait_secs, rekeying);
if (!compat20) {
/* Read from the connection, unless our buffers are full. */
@@ -612,15 +630,21 @@
*/
timeout_secs = INT_MAX; /* we use INT_MAX to mean no timeout */
- if (options.server_alive_interval > 0 && compat20)
+ if (options.server_alive_interval > 0 && compat20) {
timeout_secs = options.server_alive_interval;
+ server_alive_time = now + options.server_alive_interval;
+ }
+ if (options.rekey_interval > 0 && compat20 && !rekeying)
+ timeout_secs = MIN(timeout_secs, packet_get_rekey_timeout());
set_control_persist_exit_time();
if (control_persist_exit_time > 0) {
timeout_secs = MIN(timeout_secs,
- control_persist_exit_time - time(NULL));
+ control_persist_exit_time - now);
if (timeout_secs < 0)
timeout_secs = 0;
}
+ if (minwait_secs != 0)
+ timeout_secs = MIN(timeout_secs, (int)minwait_secs);
if (timeout_secs == INT_MAX)
tvp = NULL;
else {
@@ -647,8 +671,15 @@
snprintf(buf, sizeof buf, "select: %s\r\n", strerror(errno));
buffer_append(&stderr_buffer, buf, strlen(buf));
quit_pending = 1;
- } else if (ret == 0)
- server_alive_check();
+ } else if (ret == 0) {
+ /*
+ * Timeout. Could have been either keepalive or rekeying.
+ * Keepalive we check here, rekeying is checked in clientloop.
+ */
+ if (server_alive_time != 0 && server_alive_time <= monotime())
+ server_alive_check();
+ }
+
}
static void
@@ -662,7 +693,7 @@
atomicio(vwrite, fileno(stderr), buffer_ptr(berr),
buffer_len(berr));
- leave_raw_mode(force_tty_flag);
+ leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
/*
* Free (and clear) the buffer to reduce the amount of data that gets
@@ -683,7 +714,7 @@
buffer_init(bout);
buffer_init(berr);
- enter_raw_mode(force_tty_flag);
+ enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
}
static void
@@ -742,6 +773,15 @@
char errmsg[256];
int tochan;
+ /*
+ * If a TTY was explicitly requested, then a failure to allocate
+ * one is fatal.
+ */
+ if (cr->action == CONFIRM_TTY &&
+ (options.request_tty == REQUEST_TTY_FORCE ||
+ options.request_tty == REQUEST_TTY_YES))
+ cr->action = CONFIRM_CLOSE;
+
/* XXX supress on mux _client_ quietmode */
tochan = options.log_level >= SYSLOG_LEVEL_ERROR &&
c->ctl_chan != -1 && c->extended_usage == CHAN_EXTENDED_WRITE;
@@ -759,34 +799,48 @@
cr->request_type, c->self);
}
/* If error occurred on primary session channel, then exit */
- if (cr->do_close && c->self == session_ident)
+ if (cr->action == CONFIRM_CLOSE && c->self == session_ident)
fatal("%s", errmsg);
- /* If error occurred on mux client, append to their stderr */
- if (tochan)
- buffer_append(&c->extended, errmsg, strlen(errmsg));
- else
+ /*
+ * If error occurred on mux client, append to
+ * their stderr.
+ */
+ if (tochan) {
+ buffer_append(&c->extended, errmsg,
+ strlen(errmsg));
+ } else
error("%s", errmsg);
- if (cr->do_close) {
+ if (cr->action == CONFIRM_TTY) {
+ /*
+ * If a TTY allocation error occurred, then arrange
+ * for the correct TTY to leave raw mode.
+ */
+ if (c->self == session_ident)
+ leave_raw_mode(0);
+ else
+ mux_tty_alloc_failed(c);
+ } else if (cr->action == CONFIRM_CLOSE) {
chan_read_failed(c);
chan_write_failed(c);
}
}
- xfree(cr);
+ free(cr);
}
static void
client_abandon_status_confirm(Channel *c, void *ctx)
{
- xfree(ctx);
+ free(ctx);
}
-static void
-client_expect_confirm(int id, const char *request, int do_close)
+void
+client_expect_confirm(int id, const char *request,
+ enum confirm_action action)
{
- struct channel_reply_ctx *cr = xmalloc(sizeof(*cr));
+ struct channel_reply_ctx *cr = xcalloc(1, sizeof(*cr));
cr->request_type = request;
- cr->do_close = do_close;
+ cr->action = action;
channel_register_status_confirm(id, client_status_confirm,
client_abandon_status_confirm, cr);
@@ -806,7 +860,7 @@
return;
}
- gc = xmalloc(sizeof(*gc));
+ gc = xcalloc(1, sizeof(*gc));
gc->cb = cb;
gc->ctx = ctx;
gc->ref_count = 1;
@@ -818,15 +872,14 @@
{
void (*handler)(int);
char *s, *cmd, *cancel_host;
- int delete = 0;
- int local = 0, remote = 0, dynamic = 0;
- int cancel_port;
+ int delete = 0, local = 0, remote = 0, dynamic = 0;
+ int cancel_port, ok;
Forward fwd;
bzero(&fwd, sizeof(fwd));
fwd.listen_host = fwd.connect_host = NULL;
- leave_raw_mode(force_tty_flag);
+ leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
handler = signal(SIGINT, SIG_IGN);
cmd = s = read_passphrase("\r\nssh> ", RP_ECHO);
if (s == NULL)
@@ -846,8 +899,12 @@
"Request remote forward");
logit(" -D[bind_address:]port "
"Request dynamic forward");
+ logit(" -KL[bind_address:]port "
+ "Cancel local forward");
logit(" -KR[bind_address:]port "
"Cancel remote forward");
+ logit(" -KD[bind_address:]port "
+ "Cancel dynamic forward");
if (!options.permit_local_command)
goto out;
logit(" !args "
@@ -876,11 +933,7 @@
goto out;
}
- if ((local || dynamic) && delete) {
- logit("Not supported.");
- goto out;
- }
- if (remote && delete && !compat20) {
+ if (delete && !compat20) {
logit("Not supported for SSH protocol version 1.");
goto out;
}
@@ -903,7 +956,21 @@
logit("Bad forwarding close port");
goto out;
}
- channel_request_rforward_cancel(cancel_host, cancel_port);
+ if (remote)
+ ok = channel_request_rforward_cancel(cancel_host,
+ cancel_port) == 0;
+ else if (dynamic)
+ ok = channel_cancel_lport_listener(cancel_host,
+ cancel_port, 0, options.gateway_ports) > 0;
+ else
+ ok = channel_cancel_lport_listener(cancel_host,
+ cancel_port, CHANNEL_CANCEL_PORT_STATIC,
+ options.gateway_ports) > 0;
+ if (!ok) {
+ logit("Unkown port forwarding.");
+ goto out;
+ }
+ logit("Canceled forwarding.");
} else {
if (!parse_forward(&fwd, s, dynamic, remote)) {
logit("Bad forwarding specification.");
@@ -910,9 +977,9 @@
goto out;
}
if (local || dynamic) {
- if (channel_setup_local_fwd_listener(fwd.listen_host,
+ if (!channel_setup_local_fwd_listener(fwd.listen_host,
fwd.listen_port, fwd.connect_host,
- fwd.connect_port, options.gateway_ports) < 0) {
+ fwd.connect_port, options.gateway_ports)) {
logit("Port forwarding failed.");
goto out;
}
@@ -924,21 +991,74 @@
goto out;
}
}
-
logit("Forwarding port.");
}
out:
signal(SIGINT, handler);
- enter_raw_mode(force_tty_flag);
- if (cmd)
- xfree(cmd);
- if (fwd.listen_host != NULL)
- xfree(fwd.listen_host);
- if (fwd.connect_host != NULL)
- xfree(fwd.connect_host);
+ enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
+ free(cmd);
+ free(fwd.listen_host);
+ free(fwd.connect_host);
}
+/* reasons to suppress output of an escape command in help output */
+#define SUPPRESS_NEVER 0 /* never suppress, always show */
+#define SUPPRESS_PROTO1 1 /* don't show in protocol 1 sessions */
+#define SUPPRESS_MUXCLIENT 2 /* don't show in mux client sessions */
+#define SUPPRESS_MUXMASTER 4 /* don't show in mux master sessions */
+#define SUPPRESS_SYSLOG 8 /* don't show when logging to syslog */
+struct escape_help_text {
+ const char *cmd;
+ const char *text;
+ unsigned int flags;
+};
+static struct escape_help_text esc_txt[] = {
+ {".", "terminate session", SUPPRESS_MUXMASTER},
+ {".", "terminate connection (and any multiplexed sessions)",
+ SUPPRESS_MUXCLIENT},
+ {"B", "send a BREAK to the remote system", SUPPRESS_PROTO1},
+ {"C", "open a command line", SUPPRESS_MUXCLIENT},
+ {"R", "request rekey", SUPPRESS_PROTO1},
+ {"V/v", "decrease/increase verbosity (LogLevel)", SUPPRESS_MUXCLIENT},
+ {"^Z", "suspend ssh", SUPPRESS_MUXCLIENT},
+ {"#", "list forwarded connections", SUPPRESS_NEVER},
+ {"&", "background ssh (when waiting for connections to terminate)",
+ SUPPRESS_MUXCLIENT},
+ {"?", "this message", SUPPRESS_NEVER},
+};
+
+static void
+print_escape_help(Buffer *b, int escape_char, int protocol2, int mux_client,
+ int using_stderr)
+{
+ unsigned int i, suppress_flags;
+ char string[1024];
+
+ snprintf(string, sizeof string, "%c?\r\n"
+ "Supported escape sequences:\r\n", escape_char);
+ buffer_append(b, string, strlen(string));
+
+ suppress_flags = (protocol2 ? 0 : SUPPRESS_PROTO1) |
+ (mux_client ? SUPPRESS_MUXCLIENT : 0) |
+ (mux_client ? 0 : SUPPRESS_MUXMASTER) |
+ (using_stderr ? 0 : SUPPRESS_SYSLOG);
+
+ for (i = 0; i < sizeof(esc_txt)/sizeof(esc_txt[0]); i++) {
+ if (esc_txt[i].flags & suppress_flags)
+ continue;
+ snprintf(string, sizeof string, " %c%-3s - %s\r\n",
+ escape_char, esc_txt[i].cmd, esc_txt[i].text);
+ buffer_append(b, string, strlen(string));
+ }
+
+ snprintf(string, sizeof string,
+ " %c%c - send the escape character by typing it twice\r\n"
+ "(Note that escapes are only recognized immediately after "
+ "newline.)\r\n", escape_char, escape_char);
+ buffer_append(b, string, strlen(string));
+}
+
/*
* Process the characters one by one, call with c==NULL for proto1 case.
*/
@@ -989,6 +1109,11 @@
if (c && c->ctl_chan != -1) {
chan_read_failed(c);
chan_write_failed(c);
+ if (c->detach_user)
+ c->detach_user(c->self, NULL);
+ c->type = SSH_CHANNEL_ABANDONED;
+ buffer_clear(&c->input);
+ chan_ibuf_empty(c);
return 0;
} else
quit_pending = 1;
@@ -997,11 +1122,16 @@
case 'Z' - 64:
/* XXX support this for mux clients */
if (c && c->ctl_chan != -1) {
+ char b[16];
noescape:
+ if (ch == 'Z' - 64)
+ snprintf(b, sizeof b, "^Z");
+ else
+ snprintf(b, sizeof b, "%c", ch);
snprintf(string, sizeof string,
- "%c%c escape not available to "
+ "%c%s escape not available to "
"multiplexed sessions\r\n",
- escape_char, ch);
+ escape_char, b);
buffer_append(berr, string,
strlen(string));
continue;
@@ -1040,6 +1170,31 @@
}
continue;
+ case 'V':
+ /* FALLTHROUGH */
+ case 'v':
+ if (c && c->ctl_chan != -1)
+ goto noescape;
+ if (!log_is_on_stderr()) {
+ snprintf(string, sizeof string,
+ "%c%c [Logging to syslog]\r\n",
+ escape_char, ch);
+ buffer_append(berr, string,
+ strlen(string));
+ continue;
+ }
+ if (ch == 'V' && options.log_level >
+ SYSLOG_LEVEL_QUIET)
+ log_change_level(--options.log_level);
+ if (ch == 'v' && options.log_level <
+ SYSLOG_LEVEL_DEBUG3)
+ log_change_level(++options.log_level);
+ snprintf(string, sizeof string,
+ "%c%c [LogLevel %s]\r\n", escape_char, ch,
+ log_level_name(options.log_level));
+ buffer_append(berr, string, strlen(string));
+ continue;
+
case '&':
if (c && c->ctl_chan != -1)
goto noescape;
@@ -1049,7 +1204,8 @@
* more new connections).
*/
/* Restore tty modes. */
- leave_raw_mode(force_tty_flag);
+ leave_raw_mode(
+ options.request_tty == REQUEST_TTY_FORCE);
/* Stop listening for new connections. */
channel_stop_listening();
@@ -1092,43 +1248,9 @@
continue;
case '?':
- if (c && c->ctl_chan != -1) {
- snprintf(string, sizeof string,
-"%c?\r\n\
-Supported escape sequences:\r\n\
- %c. - terminate session\r\n\
- %cB - send a BREAK to the remote system\r\n\
- %cR - Request rekey (SSH protocol 2 only)\r\n\
- %c# - list forwarded connections\r\n\
- %c? - this message\r\n\
- %c%c - send the escape character by typing it twice\r\n\
-(Note that escapes are only recognized immediately after newline.)\r\n",
- escape_char, escape_char,
- escape_char, escape_char,
- escape_char, escape_char,
- escape_char, escape_char);
- } else {
- snprintf(string, sizeof string,
-"%c?\r\n\
-Supported escape sequences:\r\n\
- %c. - terminate connection (and any multiplexed sessions)\r\n\
- %cB - send a BREAK to the remote system\r\n\
- %cC - open a command line\r\n\
- %cR - Request rekey (SSH protocol 2 only)\r\n\
- %c^Z - suspend ssh\r\n\
- %c# - list forwarded connections\r\n\
- %c& - background ssh (when waiting for connections to terminate)\r\n\
- %c? - this message\r\n\
- %c%c - send the escape character by typing it twice\r\n\
-(Note that escapes are only recognized immediately after newline.)\r\n",
- escape_char, escape_char,
- escape_char, escape_char,
- escape_char, escape_char,
- escape_char, escape_char,
- escape_char, escape_char,
- escape_char);
- }
- buffer_append(berr, string, strlen(string));
+ print_escape_help(berr, escape_char, compat20,
+ (c && c->ctl_chan != -1),
+ log_is_on_stderr());
continue;
case '#':
@@ -1137,7 +1259,7 @@
buffer_append(berr, string, strlen(string));
s = channel_open_message();
buffer_append(berr, s, strlen(s));
- xfree(s);
+ free(s);
continue;
case 'C':
@@ -1316,7 +1438,7 @@
{
struct escape_filter_ctx *ret;
- ret = xmalloc(sizeof(*ret));
+ ret = xcalloc(1, sizeof(*ret));
ret->escape_pending = 0;
ret->escape_char = escape_char;
return (void *)ret;
@@ -1326,7 +1448,7 @@
void
client_filter_cleanup(int cid, void *ctx)
{
- xfree(ctx);
+ free(ctx);
}
int
@@ -1344,7 +1466,7 @@
{
channel_cancel_cleanup(id);
session_closed = 1;
- leave_raw_mode(force_tty_flag);
+ leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
}
/*
@@ -1415,18 +1537,21 @@
signal(SIGWINCH, window_change_handler);
if (have_pty)
- enter_raw_mode(force_tty_flag);
+ enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
if (compat20) {
session_ident = ssh2_chan_id;
- if (escape_char_arg != SSH_ESCAPECHAR_NONE)
- channel_register_filter(session_ident,
- client_simple_escape_filter, NULL,
- client_filter_cleanup,
- client_new_escape_filter_ctx(escape_char_arg));
- if (session_ident != -1)
+ if (session_ident != -1) {
+ if (escape_char_arg != SSH_ESCAPECHAR_NONE) {
+ channel_register_filter(session_ident,
+ client_simple_escape_filter, NULL,
+ client_filter_cleanup,
+ client_new_escape_filter_ctx(
+ escape_char_arg));
+ }
channel_register_cleanup(session_ident,
client_channel_closed, 0);
+ }
} else {
/* Check if we should immediately send eof on stdin. */
client_check_initial_eof_on_stdin();
@@ -1528,16 +1653,14 @@
* connections, then quit.
*/
if (control_persist_exit_time > 0) {
- if (time(NULL) >= control_persist_exit_time) {
+ if (monotime() >= control_persist_exit_time) {
debug("ControlPersist timeout expired");
break;
}
}
}
- if (readset)
- xfree(readset);
- if (writeset)
- xfree(writeset);
+ free(readset);
+ free(writeset);
/* Terminate the session. */
@@ -1556,7 +1679,7 @@
channel_free_all();
if (have_pty)
- leave_raw_mode(force_tty_flag);
+ leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
/* restore blocking io */
if (!isatty(fileno(stdin)))
@@ -1639,7 +1762,7 @@
packet_check_eom();
buffer_append(&stdout_buffer, data, data_len);
memset(data, 0, data_len);
- xfree(data);
+ free(data);
}
static void
client_input_stderr_data(int type, u_int32_t seq, void *ctxt)
@@ -1649,7 +1772,7 @@
packet_check_eom();
buffer_append(&stderr_buffer, data, data_len);
memset(data, 0, data_len);
- xfree(data);
+ free(data);
}
static void
client_input_exit_status(int type, u_int32_t seq, void *ctxt)
@@ -1729,8 +1852,8 @@
c = channel_connect_by_listen_address(listen_port,
"forwarded-tcpip", originator_address);
- xfree(originator_address);
- xfree(listen_address);
+ free(originator_address);
+ free(listen_address);
return c;
}
@@ -1748,7 +1871,7 @@
"malicious server.");
return NULL;
}
- if (x11_refuse_time != 0 && time(NULL) >= x11_refuse_time) {
+ if (x11_refuse_time != 0 && monotime() >= x11_refuse_time) {
verbose("Rejected X11 connection after ForwardX11Timeout "
"expired");
return NULL;
@@ -1764,7 +1887,7 @@
/* XXX check permission */
debug("client_request_x11: request from %s %d", originator,
originator_port);
- xfree(originator);
+ free(originator);
sock = x11_connect_display();
if (sock < 0)
return NULL;
@@ -1891,7 +2014,7 @@
}
packet_send();
}
- xfree(ctype);
+ free(ctype);
}
static void
client_input_channel_req(int type, u_int32_t seq, void *ctxt)
@@ -1937,7 +2060,7 @@
packet_put_int(c->remote_id);
packet_send();
}
- xfree(rtype);
+ free(rtype);
}
static void
client_input_global_request(int type, u_int32_t seq, void *ctxt)
@@ -1956,7 +2079,7 @@
packet_send();
packet_write_wait();
}
- xfree(rtype);
+ free(rtype);
}
void
@@ -1982,7 +2105,7 @@
memset(&ws, 0, sizeof(ws));
channel_request_start(id, "pty-req", 1);
- client_expect_confirm(id, "PTY allocation", 1);
+ client_expect_confirm(id, "PTY allocation", CONFIRM_TTY);
packet_put_cstring(term != NULL ? term : "");
packet_put_int((u_int)ws.ws_col);
packet_put_int((u_int)ws.ws_row);
@@ -2006,7 +2129,7 @@
/* Split */
name = xstrdup(env[i]);
if ((val = strchr(name, '=')) == NULL) {
- xfree(name);
+ free(name);
continue;
}
*val++ = '\0';
@@ -2020,7 +2143,7 @@
}
if (!matched) {
debug3("Ignored env %s", name);
- xfree(name);
+ free(name);
continue;
}
@@ -2029,7 +2152,7 @@
packet_put_cstring(name);
packet_put_cstring(val);
packet_send();
- xfree(name);
+ free(name);
}
}
@@ -2041,18 +2164,18 @@
debug("Sending subsystem: %.*s",
len, (u_char*)buffer_ptr(cmd));
channel_request_start(id, "subsystem", 1);
- client_expect_confirm(id, "subsystem", 1);
+ client_expect_confirm(id, "subsystem", CONFIRM_CLOSE);
} else {
debug("Sending command: %.*s",
len, (u_char*)buffer_ptr(cmd));
channel_request_start(id, "exec", 1);
- client_expect_confirm(id, "exec", 1);
+ client_expect_confirm(id, "exec", CONFIRM_CLOSE);
}
packet_put_string(buffer_ptr(cmd), buffer_len(cmd));
packet_send();
} else {
channel_request_start(id, "shell", 1);
- client_expect_confirm(id, "shell", 1);
+ client_expect_confirm(id, "shell", CONFIRM_CLOSE);
packet_send();
}
}
@@ -2122,11 +2245,26 @@
client_init_dispatch_15();
}
+void
+client_stop_mux(void)
+{
+ if (options.control_path != NULL && muxserver_sock != -1)
+ unlink(options.control_path);
+ /*
+ * If we are in persist mode, or don't have a shell, signal that we
+ * should close when all active channels are closed.
+ */
+ if (options.control_persist || no_shell_flag) {
+ session_closed = 1;
+ setproctitle("[stopped mux]");
+ }
+}
+
/* client specific fatal cleanup */
void
cleanup_exit(int i)
{
- leave_raw_mode(force_tty_flag);
+ leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
leave_non_blocking();
if (options.control_path != NULL && muxserver_sock != -1)
unlink(options.control_path);
Property changes on: vendor-crypto/openssh/dist/clientloop.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.8
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/clientloop.h
===================================================================
--- vendor-crypto/openssh/dist/clientloop.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/clientloop.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.h,v 1.25 2010/06/25 23:15:36 djm Exp $ */
+/* $OpenBSD: clientloop.h,v 1.31 2013/06/02 23:36:29 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -45,6 +45,7 @@
void client_session2_setup(int, int, int, const char *, struct termios *,
int, Buffer *, char **);
int client_request_tun_fwd(int, int, int);
+void client_stop_mux(void);
/* Escape filter for protocol 2 sessions */
void *client_new_escape_filter_ctx(int);
@@ -55,6 +56,10 @@
typedef void global_confirm_cb(int, u_int32_t seq, void *);
void client_register_global_confirm(global_confirm_cb *, void *);
+/* Channel request confirmation callbacks */
+enum confirm_action { CONFIRM_WARN = 0, CONFIRM_CLOSE, CONFIRM_TTY };
+void client_expect_confirm(int, const char *, enum confirm_action);
+
/* Multiplexing protocol version */
#define SSHMUX_VER 4
@@ -64,7 +69,11 @@
#define SSHMUX_COMMAND_TERMINATE 3 /* Ask master to exit */
#define SSHMUX_COMMAND_STDIO_FWD 4 /* Open stdio fwd (ssh -W) */
#define SSHMUX_COMMAND_FORWARD 5 /* Forward only, no command */
+#define SSHMUX_COMMAND_STOP 6 /* Disable mux but not conn */
+#define SSHMUX_COMMAND_CANCEL_FWD 7 /* Cancel forwarding(s) */
void muxserver_listen(void);
void muxclient(const char *);
void mux_exit_message(Channel *, int);
+void mux_tty_alloc_failed(Channel *);
+
Property changes on: vendor-crypto/openssh/dist/clientloop.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/compat.c
===================================================================
--- vendor-crypto/openssh/dist/compat.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/compat.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: compat.c,v 1.78 2008/09/11 14:22:37 markus Exp $ */
+/* $OpenBSD: compat.c,v 1.81 2013/05/17 00:13:13 djm Exp $ */
/*
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
*
@@ -45,6 +45,8 @@
void
enable_compat20(void)
{
+ if (compat20)
+ return;
debug("Enabling compatibility mode for protocol 2.0");
compat20 = 1;
}
@@ -92,6 +94,7 @@
{ "OpenSSH_3.*", SSH_OLD_FORWARD_ADDR },
{ "Sun_SSH_1.0*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF},
{ "OpenSSH_4*", 0 },
+ { "OpenSSH_5*", SSH_NEW_OPENSSH|SSH_BUG_DYNAMIC_RPORT},
{ "OpenSSH*", SSH_NEW_OPENSSH },
{ "*MindTerm*", 0 },
{ "2.1.0*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
@@ -201,7 +204,7 @@
break;
}
}
- xfree(s);
+ free(s);
return ret;
}
@@ -227,7 +230,7 @@
buffer_append(&b, "\0", 1);
fix_ciphers = xstrdup(buffer_ptr(&b));
buffer_free(&b);
- xfree(orig_prop);
+ free(orig_prop);
debug2("Original cipher proposal: %s", cipher_prop);
debug2("Compat cipher proposal: %s", fix_ciphers);
if (!*fix_ciphers)
Property changes on: vendor-crypto/openssh/dist/compat.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.7
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/compat.h
===================================================================
--- vendor-crypto/openssh/dist/compat.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/compat.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: compat.h,v 1.42 2008/09/11 14:22:37 markus Exp $ */
+/* $OpenBSD: compat.h,v 1.43 2011/09/23 07:45:05 markus Exp $ */
/*
* Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved.
@@ -58,6 +58,7 @@
#define SSH_OLD_FORWARD_ADDR 0x01000000
#define SSH_BUG_RFWD_ADDR 0x02000000
#define SSH_NEW_OPENSSH 0x04000000
+#define SSH_BUG_DYNAMIC_RPORT 0x08000000
void enable_compat13(void);
void enable_compat20(void);
Property changes on: vendor-crypto/openssh/dist/compat.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Index: vendor-crypto/openssh/dist/compress.c
===================================================================
--- vendor-crypto/openssh/dist/compress.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/compress.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/compress.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Index: vendor-crypto/openssh/dist/compress.h
===================================================================
--- vendor-crypto/openssh/dist/compress.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/compress.h 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/compress.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/config.guess
===================================================================
--- vendor-crypto/openssh/dist/config.guess 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/config.guess 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,10 +1,10 @@
#! /bin/sh
# Attempt to guess a canonical system name.
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
-# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
-# Free Software Foundation, Inc.
+# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
+# 2011, 2012, 2013 Free Software Foundation, Inc.
-timestamp='2009-12-30'
+timestamp='2012-12-23'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
@@ -17,9 +17,7 @@
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
-# 02110-1301, USA.
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
#
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
@@ -57,8 +55,8 @@
Originally written by Per Bothner.
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
-2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free
-Software Foundation, Inc.
+2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011,
+2012, 2013 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@@ -145,7 +143,7 @@
case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
*:NetBSD:*:*)
# NetBSD (nbsd) targets should (where applicable) match one or
- # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
+ # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*,
# *-*-netbsdecoff* and *-*-netbsd*. For targets that recently
# switched to ELF, *-*-netbsd* would select the old
# object file format. This provides both forward
@@ -181,7 +179,7 @@
fi
;;
*)
- os=netbsd
+ os=netbsd
;;
esac
# The OS release
@@ -202,6 +200,10 @@
# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
echo "${machine}-${os}${release}"
exit ;;
+ *:Bitrig:*:*)
+ UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'`
+ echo ${UNAME_MACHINE_ARCH}-unknown-bitrig${UNAME_RELEASE}
+ exit ;;
*:OpenBSD:*:*)
UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
@@ -224,7 +226,7 @@
UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
;;
*5.*)
- UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
+ UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
;;
esac
# According to Compaq, /usr/sbin/psrinfo has been available on
@@ -270,7 +272,10 @@
# A Xn.n version is an unreleased experimental baselevel.
# 1.2 uses "1.2" for uname -r.
echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
- exit ;;
+ # Reset EXIT trap before exiting to avoid spurious non-zero exit code.
+ exitcode=$?
+ trap '' 0
+ exit $exitcode ;;
Alpha\ *:Windows_NT*:*)
# How do we know it's Interix rather than the generic POSIX subsystem?
# Should we change UNAME_MACHINE based on the output of uname instead
@@ -296,12 +301,12 @@
echo s390-ibm-zvmoe
exit ;;
*:OS400:*:*)
- echo powerpc-ibm-os400
+ echo powerpc-ibm-os400
exit ;;
arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
echo arm-acorn-riscix${UNAME_RELEASE}
exit ;;
- arm:riscos:*:*|arm:RISCOS:*:*)
+ arm*:riscos:*:*|arm*:RISCOS:*:*)
echo arm-unknown-riscos
exit ;;
SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
@@ -395,23 +400,23 @@
# MiNT. But MiNT is downward compatible to TOS, so this should
# be no problem.
atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
- echo m68k-atari-mint${UNAME_RELEASE}
+ echo m68k-atari-mint${UNAME_RELEASE}
exit ;;
atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
echo m68k-atari-mint${UNAME_RELEASE}
- exit ;;
+ exit ;;
*falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
- echo m68k-atari-mint${UNAME_RELEASE}
+ echo m68k-atari-mint${UNAME_RELEASE}
exit ;;
milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
- echo m68k-milan-mint${UNAME_RELEASE}
- exit ;;
+ echo m68k-milan-mint${UNAME_RELEASE}
+ exit ;;
hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
- echo m68k-hades-mint${UNAME_RELEASE}
- exit ;;
+ echo m68k-hades-mint${UNAME_RELEASE}
+ exit ;;
*:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
- echo m68k-unknown-mint${UNAME_RELEASE}
- exit ;;
+ echo m68k-unknown-mint${UNAME_RELEASE}
+ exit ;;
m68k:machten:*:*)
echo m68k-apple-machten${UNAME_RELEASE}
exit ;;
@@ -481,8 +486,8 @@
echo m88k-motorola-sysv3
exit ;;
AViiON:dgux:*:*)
- # DG/UX returns AViiON for all architectures
- UNAME_PROCESSOR=`/usr/bin/uname -p`
+ # DG/UX returns AViiON for all architectures
+ UNAME_PROCESSOR=`/usr/bin/uname -p`
if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
then
if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
@@ -495,7 +500,7 @@
else
echo i586-dg-dgux${UNAME_RELEASE}
fi
- exit ;;
+ exit ;;
M88*:DolphinOS:*:*) # DolphinOS (SVR3)
echo m88k-dolphin-sysv3
exit ;;
@@ -552,7 +557,7 @@
echo rs6000-ibm-aix3.2
fi
exit ;;
- *:AIX:*:[456])
+ *:AIX:*:[4567])
IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
IBM_ARCH=rs6000
@@ -595,52 +600,52 @@
9000/[678][0-9][0-9])
if [ -x /usr/bin/getconf ]; then
sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
- sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
- case "${sc_cpu_version}" in
- 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
- 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
- 532) # CPU_PA_RISC2_0
- case "${sc_kernel_bits}" in
- 32) HP_ARCH="hppa2.0n" ;;
- 64) HP_ARCH="hppa2.0w" ;;
+ sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
+ case "${sc_cpu_version}" in
+ 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
+ 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
+ 532) # CPU_PA_RISC2_0
+ case "${sc_kernel_bits}" in
+ 32) HP_ARCH="hppa2.0n" ;;
+ 64) HP_ARCH="hppa2.0w" ;;
'') HP_ARCH="hppa2.0" ;; # HP-UX 10.20
- esac ;;
- esac
+ esac ;;
+ esac
fi
if [ "${HP_ARCH}" = "" ]; then
eval $set_cc_for_build
- sed 's/^ //' << EOF >$dummy.c
+ sed 's/^ //' << EOF >$dummy.c
- #define _HPUX_SOURCE
- #include <stdlib.h>
- #include <unistd.h>
+ #define _HPUX_SOURCE
+ #include <stdlib.h>
+ #include <unistd.h>
- int main ()
- {
- #if defined(_SC_KERNEL_BITS)
- long bits = sysconf(_SC_KERNEL_BITS);
- #endif
- long cpu = sysconf (_SC_CPU_VERSION);
+ int main ()
+ {
+ #if defined(_SC_KERNEL_BITS)
+ long bits = sysconf(_SC_KERNEL_BITS);
+ #endif
+ long cpu = sysconf (_SC_CPU_VERSION);
- switch (cpu)
- {
- case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
- case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
- case CPU_PA_RISC2_0:
- #if defined(_SC_KERNEL_BITS)
- switch (bits)
- {
- case 64: puts ("hppa2.0w"); break;
- case 32: puts ("hppa2.0n"); break;
- default: puts ("hppa2.0"); break;
- } break;
- #else /* !defined(_SC_KERNEL_BITS) */
- puts ("hppa2.0"); break;
- #endif
- default: puts ("hppa1.0"); break;
- }
- exit (0);
- }
+ switch (cpu)
+ {
+ case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
+ case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
+ case CPU_PA_RISC2_0:
+ #if defined(_SC_KERNEL_BITS)
+ switch (bits)
+ {
+ case 64: puts ("hppa2.0w"); break;
+ case 32: puts ("hppa2.0n"); break;
+ default: puts ("hppa2.0"); break;
+ } break;
+ #else /* !defined(_SC_KERNEL_BITS) */
+ puts ("hppa2.0"); break;
+ #endif
+ default: puts ("hppa1.0"); break;
+ }
+ exit (0);
+ }
EOF
(CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
test -z "$HP_ARCH" && HP_ARCH=hppa
@@ -731,22 +736,22 @@
exit ;;
C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
echo c1-convex-bsd
- exit ;;
+ exit ;;
C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
if getsysinfo -f scalar_acc
then echo c32-convex-bsd
else echo c2-convex-bsd
fi
- exit ;;
+ exit ;;
C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
echo c34-convex-bsd
- exit ;;
+ exit ;;
C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
echo c38-convex-bsd
- exit ;;
+ exit ;;
C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
echo c4-convex-bsd
- exit ;;
+ exit ;;
CRAY*Y-MP:*:*:*)
echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
exit ;;
@@ -770,14 +775,14 @@
exit ;;
F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
- FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
- FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
- echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
- exit ;;
+ FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+ FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
+ echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+ exit ;;
5000:UNIX_System_V:4.*:*)
- FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
- FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
- echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+ FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+ FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
+ echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
exit ;;
i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
@@ -789,30 +794,35 @@
echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
exit ;;
*:FreeBSD:*:*)
- case ${UNAME_MACHINE} in
- pc98)
- echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+ UNAME_PROCESSOR=`/usr/bin/uname -p`
+ case ${UNAME_PROCESSOR} in
amd64)
echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
*)
- echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+ echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
esac
exit ;;
i*:CYGWIN*:*)
echo ${UNAME_MACHINE}-pc-cygwin
exit ;;
+ *:MINGW64*:*)
+ echo ${UNAME_MACHINE}-pc-mingw64
+ exit ;;
*:MINGW*:*)
echo ${UNAME_MACHINE}-pc-mingw32
exit ;;
+ i*:MSYS*:*)
+ echo ${UNAME_MACHINE}-pc-msys
+ exit ;;
i*:windows32*:*)
- # uname -m includes "-pc" on this system.
- echo ${UNAME_MACHINE}-mingw32
+ # uname -m includes "-pc" on this system.
+ echo ${UNAME_MACHINE}-mingw32
exit ;;
i*:PW*:*)
echo ${UNAME_MACHINE}-pc-pw32
exit ;;
*:Interix*:*)
- case ${UNAME_MACHINE} in
+ case ${UNAME_MACHINE} in
x86)
echo i586-pc-interix${UNAME_RELEASE}
exit ;;
@@ -858,6 +868,13 @@
i*86:Minix:*:*)
echo ${UNAME_MACHINE}-pc-minix
exit ;;
+ aarch64:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ aarch64_be:Linux:*:*)
+ UNAME_MACHINE=aarch64_be
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
alpha:Linux:*:*)
case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
EV5) UNAME_MACHINE=alphaev5 ;;
@@ -867,7 +884,7 @@
EV6) UNAME_MACHINE=alphaev6 ;;
EV67) UNAME_MACHINE=alphaev67 ;;
EV68*) UNAME_MACHINE=alphaev68 ;;
- esac
+ esac
objdump --private-headers /bin/sh | grep -q ld.so.1
if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
@@ -879,7 +896,13 @@
then
echo ${UNAME_MACHINE}-unknown-linux-gnu
else
- echo ${UNAME_MACHINE}-unknown-linux-gnueabi
+ if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \
+ | grep -q __ARM_PCS_VFP
+ then
+ echo ${UNAME_MACHINE}-unknown-linux-gnueabi
+ else
+ echo ${UNAME_MACHINE}-unknown-linux-gnueabihf
+ fi
fi
exit ;;
avr32*:Linux:*:*)
@@ -886,14 +909,17 @@
echo ${UNAME_MACHINE}-unknown-linux-gnu
exit ;;
cris:Linux:*:*)
- echo cris-axis-linux-gnu
+ echo ${UNAME_MACHINE}-axis-linux-gnu
exit ;;
crisv32:Linux:*:*)
- echo crisv32-axis-linux-gnu
+ echo ${UNAME_MACHINE}-axis-linux-gnu
exit ;;
frv:Linux:*:*)
- echo frv-unknown-linux-gnu
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
exit ;;
+ hexagon:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
i*86:Linux:*:*)
LIBC=gnu
eval $set_cc_for_build
@@ -934,7 +960,7 @@
test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
;;
or32:Linux:*:*)
- echo or32-unknown-linux-gnu
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
exit ;;
padre:Linux:*:*)
echo sparc-unknown-linux-gnu
@@ -960,7 +986,7 @@
echo ${UNAME_MACHINE}-ibm-linux
exit ;;
sh64*:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-gnu
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
exit ;;
sh*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
@@ -968,14 +994,17 @@
sparc:Linux:*:* | sparc64:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
exit ;;
+ tile*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
vax:Linux:*:*)
echo ${UNAME_MACHINE}-dec-linux-gnu
exit ;;
x86_64:Linux:*:*)
- echo x86_64-unknown-linux-gnu
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
exit ;;
xtensa*:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-gnu
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
exit ;;
i*86:DYNIX/ptx:4*:*)
# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
@@ -984,11 +1013,11 @@
echo i386-sequent-sysv4
exit ;;
i*86:UNIX_SV:4.2MP:2.*)
- # Unixware is an offshoot of SVR4, but it has its own version
- # number series starting with 2...
- # I am not positive that other SVR4 systems won't match this,
+ # Unixware is an offshoot of SVR4, but it has its own version
+ # number series starting with 2...
+ # I am not positive that other SVR4 systems won't match this,
# I just have to hope. -- rms.
- # Use sysv4.2uw... so that sysv4* matches it.
+ # Use sysv4.2uw... so that sysv4* matches it.
echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
exit ;;
i*86:OS/2:*:*)
@@ -1020,7 +1049,7 @@
fi
exit ;;
i*86:*:5:[678]*)
- # UnixWare 7.x, OpenUNIX and OpenServer 6.
+ # UnixWare 7.x, OpenUNIX and OpenServer 6.
case `/bin/uname -X | grep "^Machine"` in
*486*) UNAME_MACHINE=i486 ;;
*Pentium) UNAME_MACHINE=i586 ;;
@@ -1048,13 +1077,13 @@
exit ;;
pc:*:*:*)
# Left here for compatibility:
- # uname -m prints for DJGPP always 'pc', but it prints nothing about
- # the processor, so we play safe by assuming i586.
+ # uname -m prints for DJGPP always 'pc', but it prints nothing about
+ # the processor, so we play safe by assuming i586.
# Note: whatever this is, it MUST be the same as what config.sub
# prints for the "djgpp" host, or else GDB configury will decide that
# this is a cross-build.
echo i586-pc-msdosdjgpp
- exit ;;
+ exit ;;
Intel:Mach:3*:*)
echo i386-pc-mach3
exit ;;
@@ -1089,8 +1118,8 @@
/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
&& { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
- /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
- && { echo i486-ncr-sysv4; exit; } ;;
+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+ && { echo i486-ncr-sysv4; exit; } ;;
NCR*:*:4.2:* | MPRAS*:*:4.2:*)
OS_REL='.3'
test -r /etc/.relid \
@@ -1133,10 +1162,10 @@
echo ns32k-sni-sysv
fi
exit ;;
- PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
- # says <Richard.M.Bartel at ccMail.Census.GOV>
- echo i586-unisys-sysv4
- exit ;;
+ PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
+ # says <Richard.M.Bartel at ccMail.Census.GOV>
+ echo i586-unisys-sysv4
+ exit ;;
*:UNIX_System_V:4*:FTX*)
# From Gerald Hewes <hewes at openmarket.com>.
# How about differentiating between stratus architectures? -djm
@@ -1162,11 +1191,11 @@
exit ;;
R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
if [ -d /usr/nec ]; then
- echo mips-nec-sysv${UNAME_RELEASE}
+ echo mips-nec-sysv${UNAME_RELEASE}
else
- echo mips-unknown-sysv${UNAME_RELEASE}
+ echo mips-unknown-sysv${UNAME_RELEASE}
fi
- exit ;;
+ exit ;;
BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only.
echo powerpc-be-beos
exit ;;
@@ -1179,6 +1208,9 @@
BePC:Haiku:*:*) # Haiku running on Intel PC compatible.
echo i586-pc-haiku
exit ;;
+ x86_64:Haiku:*:*)
+ echo x86_64-unknown-haiku
+ exit ;;
SX-4:SUPER-UX:*:*)
echo sx4-nec-superux${UNAME_RELEASE}
exit ;;
@@ -1231,7 +1263,10 @@
*:QNX:*:4*)
echo i386-pc-qnx
exit ;;
- NSE-?:NONSTOP_KERNEL:*:*)
+ NEO-?:NONSTOP_KERNEL:*:*)
+ echo neo-tandem-nsk${UNAME_RELEASE}
+ exit ;;
+ NSE-*:NONSTOP_KERNEL:*:*)
echo nse-tandem-nsk${UNAME_RELEASE}
exit ;;
NSR-?:NONSTOP_KERNEL:*:*)
@@ -1276,13 +1311,13 @@
echo pdp10-unknown-its
exit ;;
SEI:*:*:SEIUX)
- echo mips-sei-seiux${UNAME_RELEASE}
+ echo mips-sei-seiux${UNAME_RELEASE}
exit ;;
*:DragonFly:*:*)
echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
exit ;;
*:*VMS:*:*)
- UNAME_MACHINE=`(uname -p) 2>/dev/null`
+ UNAME_MACHINE=`(uname -p) 2>/dev/null`
case "${UNAME_MACHINE}" in
A*) echo alpha-dec-vms ; exit ;;
I*) echo ia64-dec-vms ; exit ;;
@@ -1300,11 +1335,11 @@
i*86:AROS:*:*)
echo ${UNAME_MACHINE}-pc-aros
exit ;;
+ x86_64:VMkernel:*:*)
+ echo ${UNAME_MACHINE}-unknown-esx
+ exit ;;
esac
-#echo '(No uname command or uname output not recognized.)' 1>&2
-#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
-
eval $set_cc_for_build
cat >$dummy.c <<EOF
#ifdef _SEQUENT_
@@ -1322,11 +1357,11 @@
#include <sys/param.h>
printf ("m68k-sony-newsos%s\n",
#ifdef NEWSOS4
- "4"
+ "4"
#else
- ""
+ ""
#endif
- ); exit (0);
+ ); exit (0);
#endif
#endif
Property changes on: vendor-crypto/openssh/dist/config.guess
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Deleted: vendor-crypto/openssh/dist/config.h
===================================================================
--- vendor-crypto/openssh/dist/config.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/config.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,1344 +0,0 @@
-/* config.h. Generated by configure. */
-/* config.h.in. Generated from configure.ac by autoheader. */
-
-/* Define if you have a getaddrinfo that fails for the all-zeros IPv6 address
- */
-/* #undef AIX_GETNAMEINFO_HACK */
-
-/* Define if your AIX loginfailed() function takes 4 arguments (AIX >= 5.2) */
-/* #undef AIX_LOGINFAILED_4ARG */
-
-/* Define if your resolver libs need this for getrrsetbyname */
-/* #undef BIND_8_COMPAT */
-
-/* Define if cmsg_type is not passed correctly */
-/* #undef BROKEN_CMSG_TYPE */
-
-/* getaddrinfo is broken (if present) */
-/* #undef BROKEN_GETADDRINFO */
-
-/* getgroups(0,NULL) will return -1 */
-/* #undef BROKEN_GETGROUPS */
-
-/* Define if you system's inet_ntoa is busted (e.g. Irix gcc issue) */
-/* #undef BROKEN_INET_NTOA */
-
-/* ia_uinfo routines not supported by OS yet */
-/* #undef BROKEN_LIBIAF */
-
-/* Ultrix mmap can't map files */
-/* #undef BROKEN_MMAP */
-
-/* Define if your struct dirent expects you to allocate extra space for d_name
- */
-/* #undef BROKEN_ONE_BYTE_DIRENT_D_NAME */
-
-/* Define if you have a broken realpath. */
-/* #undef BROKEN_REALPATH */
-
-/* Needed for NeXT */
-/* #undef BROKEN_SAVED_UIDS */
-
-/* Define if your setregid() is broken */
-/* #undef BROKEN_SETREGID */
-
-/* Define if your setresgid() is broken */
-/* #undef BROKEN_SETRESGID */
-
-/* Define if your setresuid() is broken */
-/* #undef BROKEN_SETRESUID */
-
-/* Define if your setreuid() is broken */
-/* #undef BROKEN_SETREUID */
-
-/* LynxOS has broken setvbuf() implementation */
-/* #undef BROKEN_SETVBUF */
-
-/* Define if your snprintf is busted */
-/* #undef BROKEN_SNPRINTF */
-
-/* updwtmpx is broken (if present) */
-/* #undef BROKEN_UPDWTMPX */
-
-/* Define if you have BSD auth support */
-/* #undef BSD_AUTH */
-
-/* Define if you want to specify the path to your lastlog file */
-/* #undef CONF_LASTLOG_FILE */
-
-/* Define if you want to specify the path to your utmpx file */
-/* #undef CONF_UTMPX_FILE */
-
-/* Define if you want to specify the path to your utmp file */
-#define CONF_UTMP_FILE "/var/run/utmp"
-
-/* Define if you want to specify the path to your wtmpx file */
-/* #undef CONF_WTMPX_FILE */
-
-/* Define if you want to specify the path to your wtmp file */
-#define CONF_WTMP_FILE "/var/log/wtmp"
-
-/* Define if your platform needs to skip post auth file descriptor passing */
-/* #undef DISABLE_FD_PASSING */
-
-/* Define if you don't want to use lastlog */
-/* #undef DISABLE_LASTLOG */
-
-/* Define if you don't want to use your system's login() call */
-/* #undef DISABLE_LOGIN */
-
-/* Define if you don't want to use pututline() etc. to write [uw]tmp */
-/* #undef DISABLE_PUTUTLINE */
-
-/* Define if you don't want to use pututxline() etc. to write [uw]tmpx */
-/* #undef DISABLE_PUTUTXLINE */
-
-/* Define if you want to disable shadow passwords */
-/* #undef DISABLE_SHADOW */
-
-/* Define if you don't want to use utmp */
-/* #undef DISABLE_UTMP */
-
-/* Define if you don't want to use utmpx */
-#define DISABLE_UTMPX 1
-
-/* Define if you don't want to use wtmp */
-/* #undef DISABLE_WTMP */
-
-/* Define if you don't want to use wtmpx */
-#define DISABLE_WTMPX 1
-
-/* Workaround more Linux IPv6 quirks */
-/* #undef DONT_TRY_OTHER_AF */
-
-/* Builtin PRNG command timeout */
-#define ENTROPY_TIMEOUT_MSEC 200
-
-/* Define to 1 if the `getpgrp' function requires zero arguments. */
-#define GETPGRP_VOID 1
-
-/* Conflicting defs for getspnam */
-/* #undef GETSPNAM_CONFLICTING_DEFS */
-
-/* Define if your system glob() function has the GLOB_ALTDIRFUNC extension */
-#define GLOB_HAS_ALTDIRFUNC 1
-
-/* Define if your system glob() function has gl_matchc options in glob_t */
-#define GLOB_HAS_GL_MATCHC 1
-
-/* Define this if you want GSSAPI support in the version 2 protocol */
-/* #undef GSSAPI */
-
-/* Define if you want to use shadow password expire field */
-/* #undef HAS_SHADOW_EXPIRE */
-
-/* Define if your system uses access rights style file descriptor passing */
-/* #undef HAVE_ACCRIGHTS_IN_MSGHDR */
-
-/* Define if you have ut_addr in utmp.h */
-/* #undef HAVE_ADDR_IN_UTMP */
-
-/* Define if you have ut_addr in utmpx.h */
-/* #undef HAVE_ADDR_IN_UTMPX */
-
-/* Define if you have ut_addr_v6 in utmp.h */
-/* #undef HAVE_ADDR_V6_IN_UTMP */
-
-/* Define if you have ut_addr_v6 in utmpx.h */
-/* #undef HAVE_ADDR_V6_IN_UTMPX */
-
-/* Define to 1 if you have the `arc4random' function. */
-#define HAVE_ARC4RANDOM 1
-
-/* Define to 1 if you have the `asprintf' function. */
-#define HAVE_ASPRINTF 1
-
-/* OpenBSD's gcc has bounded */
-/* #undef HAVE_ATTRIBUTE__BOUNDED__ */
-
-/* OpenBSD's gcc has sentinel */
-/* #undef HAVE_ATTRIBUTE__SENTINEL__ */
-
-/* Define to 1 if you have the `b64_ntop' function. */
-/* #undef HAVE_B64_NTOP */
-
-/* Define to 1 if you have the `b64_pton' function. */
-/* #undef HAVE_B64_PTON */
-
-/* Define if you have the basename function. */
-#define HAVE_BASENAME 1
-
-/* Define to 1 if you have the `bcopy' function. */
-#define HAVE_BCOPY 1
-
-/* Define to 1 if you have the `bindresvport_sa' function. */
-#define HAVE_BINDRESVPORT_SA 1
-
-/* Define to 1 if you have the <bsm/audit.h> header file. */
-/* #undef HAVE_BSM_AUDIT_H */
-
-/* Define to 1 if you have the <bstring.h> header file. */
-/* #undef HAVE_BSTRING_H */
-
-/* Define to 1 if you have the `clock' function. */
-#define HAVE_CLOCK 1
-
-/* define if you have clock_t data type */
-#define HAVE_CLOCK_T 1
-
-/* Define to 1 if you have the `closefrom' function. */
-/* #undef HAVE_CLOSEFROM */
-
-/* Define if gai_strerror() returns const char * */
-#define HAVE_CONST_GAI_STRERROR_PROTO 1
-
-/* Define if your system uses ancillary data style file descriptor passing */
-#define HAVE_CONTROL_IN_MSGHDR 1
-
-/* Define to 1 if you have the <crypto/sha2.h> header file. */
-/* #undef HAVE_CRYPTO_SHA2_H */
-
-/* Define to 1 if you have the <crypt.h> header file. */
-/* #undef HAVE_CRYPT_H */
-
-/* Define if you are on Cygwin */
-/* #undef HAVE_CYGWIN */
-
-/* Define if your libraries define daemon() */
-#define HAVE_DAEMON 1
-
-/* Define to 1 if you have the declaration of `authenticate', and to 0 if you
- don't. */
-/* #undef HAVE_DECL_AUTHENTICATE */
-
-/* Define to 1 if you have the declaration of `GLOB_NOMATCH', and to 0 if you
- don't. */
-#define HAVE_DECL_GLOB_NOMATCH 1
-
-/* Define to 1 if you have the declaration of `h_errno', and to 0 if you
- don't. */
-#define HAVE_DECL_H_ERRNO 1
-
-/* Define to 1 if you have the declaration of `loginfailed', and to 0 if you
- don't. */
-/* #undef HAVE_DECL_LOGINFAILED */
-
-/* Define to 1 if you have the declaration of `loginrestrictions', and to 0 if
- you don't. */
-/* #undef HAVE_DECL_LOGINRESTRICTIONS */
-
-/* Define to 1 if you have the declaration of `loginsuccess', and to 0 if you
- don't. */
-/* #undef HAVE_DECL_LOGINSUCCESS */
-
-/* Define to 1 if you have the declaration of `O_NONBLOCK', and to 0 if you
- don't. */
-#define HAVE_DECL_O_NONBLOCK 1
-
-/* Define to 1 if you have the declaration of `passwdexpired', and to 0 if you
- don't. */
-/* #undef HAVE_DECL_PASSWDEXPIRED */
-
-/* Define to 1 if you have the declaration of `setauthdb', and to 0 if you
- don't. */
-/* #undef HAVE_DECL_SETAUTHDB */
-
-/* Define to 1 if you have the declaration of `SHUT_RD', and to 0 if you
- don't. */
-#define HAVE_DECL_SHUT_RD 1
-
-/* Define to 1 if you have the declaration of `writev', and to 0 if you don't.
- */
-#define HAVE_DECL_WRITEV 1
-
-/* Define to 1 if you have the declaration of `_getlong', and to 0 if you
- don't. */
-#define HAVE_DECL__GETLONG 0
-
-/* Define to 1 if you have the declaration of `_getshort', and to 0 if you
- don't. */
-#define HAVE_DECL__GETSHORT 0
-
-/* Define if you have /dev/ptmx */
-/* #undef HAVE_DEV_PTMX */
-
-/* Define if you have /dev/ptc */
-/* #undef HAVE_DEV_PTS_AND_PTC */
-
-/* Define to 1 if you have the <dirent.h> header file. */
-#define HAVE_DIRENT_H 1
-
-/* Define to 1 if you have the `dirfd' function. */
-/* #undef HAVE_DIRFD */
-
-/* Define to 1 if you have the `dirname' function. */
-#define HAVE_DIRNAME 1
-
-/* Define to 1 if you have the <endian.h> header file. */
-/* #undef HAVE_ENDIAN_H */
-
-/* Define to 1 if you have the `endutent' function. */
-/* #undef HAVE_ENDUTENT */
-
-/* Define to 1 if you have the `endutxent' function. */
-/* #undef HAVE_ENDUTXENT */
-
-/* Define if your system has /etc/default/login */
-/* #undef HAVE_ETC_DEFAULT_LOGIN */
-
-/* Define to 1 if you have the `EVP_sha256' function. */
-/* #undef HAVE_EVP_SHA256 */
-
-/* Define if you have ut_exit in utmp.h */
-/* #undef HAVE_EXIT_IN_UTMP */
-
-/* Define to 1 if you have the `fchmod' function. */
-#define HAVE_FCHMOD 1
-
-/* Define to 1 if you have the `fchown' function. */
-#define HAVE_FCHOWN 1
-
-/* Use F_CLOSEM fcntl for closefrom */
-/* #undef HAVE_FCNTL_CLOSEM */
-
-/* Define to 1 if you have the <fcntl.h> header file. */
-#define HAVE_FCNTL_H 1
-
-/* Define to 1 if you have the <features.h> header file. */
-/* #undef HAVE_FEATURES_H */
-
-/* Define to 1 if you have the <floatingpoint.h> header file. */
-#define HAVE_FLOATINGPOINT_H 1
-
-/* Define to 1 if you have the `freeaddrinfo' function. */
-#define HAVE_FREEADDRINFO 1
-
-/* Define to 1 if you have the `futimes' function. */
-#define HAVE_FUTIMES 1
-
-/* Define to 1 if you have the `gai_strerror' function. */
-#define HAVE_GAI_STRERROR 1
-
-/* Define to 1 if you have the `getaddrinfo' function. */
-#define HAVE_GETADDRINFO 1
-
-/* Define to 1 if you have the `getaudit' function. */
-/* #undef HAVE_GETAUDIT */
-
-/* Define to 1 if you have the `getaudit_addr' function. */
-/* #undef HAVE_GETAUDIT_ADDR */
-
-/* Define to 1 if you have the `getcwd' function. */
-#define HAVE_GETCWD 1
-
-/* Define to 1 if you have the `getgrouplist' function. */
-#define HAVE_GETGROUPLIST 1
-
-/* Define to 1 if you have the `getluid' function. */
-/* #undef HAVE_GETLUID */
-
-/* Define to 1 if you have the `getnameinfo' function. */
-#define HAVE_GETNAMEINFO 1
-
-/* Define to 1 if you have the `getopt' function. */
-#define HAVE_GETOPT 1
-
-/* Define to 1 if you have the <getopt.h> header file. */
-#define HAVE_GETOPT_H 1
-
-/* Define if your getopt(3) defines and uses optreset */
-#define HAVE_GETOPT_OPTRESET 1
-
-/* Define if your libraries define getpagesize() */
-#define HAVE_GETPAGESIZE 1
-
-/* Define to 1 if you have the `getpeereid' function. */
-#define HAVE_GETPEEREID 1
-
-/* Define to 1 if you have the `getpwanam' function. */
-/* #undef HAVE_GETPWANAM */
-
-/* Define to 1 if you have the `getrlimit' function. */
-#define HAVE_GETRLIMIT 1
-
-/* Define if getrrsetbyname() exists */
-/* #undef HAVE_GETRRSETBYNAME */
-
-/* Define to 1 if you have the `getrusage' function. */
-/* #undef HAVE_GETRUSAGE */
-
-/* Define to 1 if you have the `getseuserbyname' function. */
-/* #undef HAVE_GETSEUSERBYNAME */
-
-/* Define to 1 if you have the `gettimeofday' function. */
-#define HAVE_GETTIMEOFDAY 1
-
-/* Define to 1 if you have the `getttyent' function. */
-#define HAVE_GETTTYENT 1
-
-/* Define to 1 if you have the `getutent' function. */
-/* #undef HAVE_GETUTENT */
-
-/* Define to 1 if you have the `getutid' function. */
-/* #undef HAVE_GETUTID */
-
-/* Define to 1 if you have the `getutline' function. */
-/* #undef HAVE_GETUTLINE */
-
-/* Define to 1 if you have the `getutxent' function. */
-/* #undef HAVE_GETUTXENT */
-
-/* Define to 1 if you have the `getutxid' function. */
-/* #undef HAVE_GETUTXID */
-
-/* Define to 1 if you have the `getutxline' function. */
-/* #undef HAVE_GETUTXLINE */
-
-/* Define to 1 if you have the `get_default_context_with_level' function. */
-/* #undef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL */
-
-/* Define to 1 if you have the `glob' function. */
-#define HAVE_GLOB 1
-
-/* Define to 1 if you have the <glob.h> header file. */
-#define HAVE_GLOB_H 1
-
-/* Define to 1 if you have the <gssapi_generic.h> header file. */
-/* #undef HAVE_GSSAPI_GENERIC_H */
-
-/* Define to 1 if you have the <gssapi/gssapi_generic.h> header file. */
-/* #undef HAVE_GSSAPI_GSSAPI_GENERIC_H */
-
-/* Define to 1 if you have the <gssapi/gssapi.h> header file. */
-/* #undef HAVE_GSSAPI_GSSAPI_H */
-
-/* Define to 1 if you have the <gssapi/gssapi_krb5.h> header file. */
-/* #undef HAVE_GSSAPI_GSSAPI_KRB5_H */
-
-/* Define to 1 if you have the <gssapi.h> header file. */
-/* #undef HAVE_GSSAPI_H */
-
-/* Define to 1 if you have the <gssapi_krb5.h> header file. */
-/* #undef HAVE_GSSAPI_KRB5_H */
-
-/* Define if HEADER.ad exists in arpa/nameser.h */
-#define HAVE_HEADER_AD 1
-
-/* Define if you have ut_host in utmp.h */
-#define HAVE_HOST_IN_UTMP 1
-
-/* Define if you have ut_host in utmpx.h */
-/* #undef HAVE_HOST_IN_UTMPX */
-
-/* Define to 1 if you have the <iaf.h> header file. */
-/* #undef HAVE_IAF_H */
-
-/* Define to 1 if you have the <ia.h> header file. */
-/* #undef HAVE_IA_H */
-
-/* Define if you have ut_id in utmp.h */
-/* #undef HAVE_ID_IN_UTMP */
-
-/* Define if you have ut_id in utmpx.h */
-/* #undef HAVE_ID_IN_UTMPX */
-
-/* Define to 1 if you have the `inet_aton' function. */
-#define HAVE_INET_ATON 1
-
-/* Define to 1 if you have the `inet_ntoa' function. */
-#define HAVE_INET_NTOA 1
-
-/* Define to 1 if you have the `inet_ntop' function. */
-#define HAVE_INET_NTOP 1
-
-/* Define to 1 if you have the `innetgr' function. */
-#define HAVE_INNETGR 1
-
-/* define if you have int64_t data type */
-#define HAVE_INT64_T 1
-
-/* Define to 1 if you have the <inttypes.h> header file. */
-#define HAVE_INTTYPES_H 1
-
-/* define if you have intxx_t data type */
-#define HAVE_INTXX_T 1
-
-/* Define to 1 if the system has the type `in_addr_t'. */
-#define HAVE_IN_ADDR_T 1
-
-/* Define to 1 if you have the <lastlog.h> header file. */
-/* #undef HAVE_LASTLOG_H */
-
-/* Define to 1 if you have the `bsm' library (-lbsm). */
-/* #undef HAVE_LIBBSM */
-
-/* Define to 1 if you have the `crypt' library (-lcrypt). */
-/* #undef HAVE_LIBCRYPT */
-
-/* Define to 1 if you have the `dl' library (-ldl). */
-/* #undef HAVE_LIBDL */
-
-/* Define to 1 if you have the <libgen.h> header file. */
-#define HAVE_LIBGEN_H 1
-
-/* Define to 1 if you have the `iaf' library (-liaf). */
-/* #undef HAVE_LIBIAF */
-
-/* Define to 1 if you have the `nsl' library (-lnsl). */
-/* #undef HAVE_LIBNSL */
-
-/* Define to 1 if you have the `pam' library (-lpam). */
-#define HAVE_LIBPAM 1
-
-/* Define to 1 if you have the `sectok' library (-lsectok). */
-/* #undef HAVE_LIBSECTOK */
-
-/* Define to 1 if you have the `socket' library (-lsocket). */
-/* #undef HAVE_LIBSOCKET */
-
-/* Define to 1 if you have the <libutil.h> header file. */
-#define HAVE_LIBUTIL_H 1
-
-/* Define to 1 if you have the `xnet' library (-lxnet). */
-/* #undef HAVE_LIBXNET */
-
-/* Define to 1 if you have the `z' library (-lz). */
-#define HAVE_LIBZ 1
-
-/* Define to 1 if you have the <limits.h> header file. */
-#define HAVE_LIMITS_H 1
-
-/* Define to 1 if you have the <linux/if_tun.h> header file. */
-/* #undef HAVE_LINUX_IF_TUN_H */
-
-/* Define if your libraries define login() */
-#define HAVE_LOGIN 1
-
-/* Define to 1 if you have the <login_cap.h> header file. */
-#define HAVE_LOGIN_CAP_H 1
-
-/* Define to 1 if you have the `login_getcapbool' function. */
-#define HAVE_LOGIN_GETCAPBOOL 1
-
-/* Define to 1 if you have the <login.h> header file. */
-/* #undef HAVE_LOGIN_H */
-
-/* Define to 1 if you have the `logout' function. */
-#define HAVE_LOGOUT 1
-
-/* Define to 1 if you have the `logwtmp' function. */
-#define HAVE_LOGWTMP 1
-
-/* Define to 1 if the system has the type `long double'. */
-#define HAVE_LONG_DOUBLE 1
-
-/* Define to 1 if the system has the type `long long'. */
-#define HAVE_LONG_LONG 1
-
-/* Define to 1 if you have the <maillock.h> header file. */
-/* #undef HAVE_MAILLOCK_H */
-
-/* Define to 1 if you have the `md5_crypt' function. */
-/* #undef HAVE_MD5_CRYPT */
-
-/* Define if you want to allow MD5 passwords */
-/* #undef HAVE_MD5_PASSWORDS */
-
-/* Define to 1 if you have the `memmove' function. */
-#define HAVE_MEMMOVE 1
-
-/* Define to 1 if you have the <memory.h> header file. */
-#define HAVE_MEMORY_H 1
-
-/* Define to 1 if you have the `mkdtemp' function. */
-#define HAVE_MKDTEMP 1
-
-/* Define to 1 if you have the `mmap' function. */
-#define HAVE_MMAP 1
-
-/* define if you have mode_t data type */
-#define HAVE_MODE_T 1
-
-/* Some systems put nanosleep outside of libc */
-#define HAVE_NANOSLEEP 1
-
-/* Define to 1 if you have the <ndir.h> header file. */
-/* #undef HAVE_NDIR_H */
-
-/* Define to 1 if you have the <netdb.h> header file. */
-#define HAVE_NETDB_H 1
-
-/* Define to 1 if you have the <netgroup.h> header file. */
-/* #undef HAVE_NETGROUP_H */
-
-/* Define to 1 if you have the <net/if_tun.h> header file. */
-#define HAVE_NET_IF_TUN_H 1
-
-/* Define if you are on NeXT */
-/* #undef HAVE_NEXT */
-
-/* Define to 1 if you have the `ngetaddrinfo' function. */
-/* #undef HAVE_NGETADDRINFO */
-
-/* Define to 1 if you have the `nsleep' function. */
-/* #undef HAVE_NSLEEP */
-
-/* Define to 1 if you have the `ogetaddrinfo' function. */
-/* #undef HAVE_OGETADDRINFO */
-
-/* Define if you have an old version of PAM which takes only one argument to
- pam_strerror */
-/* #undef HAVE_OLD_PAM */
-
-/* Define to 1 if you have the `openlog_r' function. */
-/* #undef HAVE_OPENLOG_R */
-
-/* Define to 1 if you have the `openpty' function. */
-#define HAVE_OPENPTY 1
-
-/* Define if your ssl headers are included with #include <openssl/header.h> */
-#define HAVE_OPENSSL 1
-
-/* Define if you have Digital Unix Security Integration Architecture */
-/* #undef HAVE_OSF_SIA */
-
-/* Define to 1 if you have the `pam_getenvlist' function. */
-#define HAVE_PAM_GETENVLIST 1
-
-/* Define to 1 if you have the <pam/pam_appl.h> header file. */
-/* #undef HAVE_PAM_PAM_APPL_H */
-
-/* Define to 1 if you have the `pam_putenv' function. */
-#define HAVE_PAM_PUTENV 1
-
-/* Define to 1 if you have the <paths.h> header file. */
-#define HAVE_PATHS_H 1
-
-/* Define if you have ut_pid in utmp.h */
-/* #undef HAVE_PID_IN_UTMP */
-
-/* define if you have pid_t data type */
-#define HAVE_PID_T 1
-
-/* Define to 1 if you have the `prctl' function. */
-/* #undef HAVE_PRCTL */
-
-/* Define if you have /proc/$pid/fd */
-/* #undef HAVE_PROC_PID */
-
-/* Define to 1 if you have the `pstat' function. */
-/* #undef HAVE_PSTAT */
-
-/* Define to 1 if you have the <pty.h> header file. */
-/* #undef HAVE_PTY_H */
-
-/* Define to 1 if you have the `pututline' function. */
-/* #undef HAVE_PUTUTLINE */
-
-/* Define to 1 if you have the `pututxline' function. */
-/* #undef HAVE_PUTUTXLINE */
-
-/* Define if your password has a pw_change field */
-#define HAVE_PW_CHANGE_IN_PASSWD 1
-
-/* Define if your password has a pw_class field */
-#define HAVE_PW_CLASS_IN_PASSWD 1
-
-/* Define if your password has a pw_expire field */
-#define HAVE_PW_EXPIRE_IN_PASSWD 1
-
-/* Define to 1 if you have the `readpassphrase' function. */
-#define HAVE_READPASSPHRASE 1
-
-/* Define to 1 if you have the <readpassphrase.h> header file. */
-#define HAVE_READPASSPHRASE_H 1
-
-/* Define to 1 if you have the `realpath' function. */
-#define HAVE_REALPATH 1
-
-/* Define to 1 if you have the `recvmsg' function. */
-#define HAVE_RECVMSG 1
-
-/* Define to 1 if you have the <rpc/types.h> header file. */
-#define HAVE_RPC_TYPES_H 1
-
-/* Define to 1 if you have the `rresvport_af' function. */
-#define HAVE_RRESVPORT_AF 1
-
-/* define if you have sa_family_t data type */
-#define HAVE_SA_FAMILY_T 1
-
-/* Define to 1 if you have the <sectok.h> header file. */
-/* #undef HAVE_SECTOK_H */
-
-/* Define if you have SecureWare-based protected password database */
-/* #undef HAVE_SECUREWARE */
-
-/* Define to 1 if you have the <security/pam_appl.h> header file. */
-#define HAVE_SECURITY_PAM_APPL_H 1
-
-/* Define to 1 if you have the `sendmsg' function. */
-#define HAVE_SENDMSG 1
-
-/* Define to 1 if you have the `setauthdb' function. */
-/* #undef HAVE_SETAUTHDB */
-
-/* Define to 1 if you have the `setdtablesize' function. */
-/* #undef HAVE_SETDTABLESIZE */
-
-/* Define to 1 if you have the `setegid' function. */
-#define HAVE_SETEGID 1
-
-/* Define to 1 if you have the `setenv' function. */
-#define HAVE_SETENV 1
-
-/* Define to 1 if you have the `seteuid' function. */
-#define HAVE_SETEUID 1
-
-/* Define to 1 if you have the `setgroups' function. */
-#define HAVE_SETGROUPS 1
-
-/* Define to 1 if you have the `setlogin' function. */
-#define HAVE_SETLOGIN 1
-
-/* Define to 1 if you have the `setluid' function. */
-/* #undef HAVE_SETLUID */
-
-/* Define to 1 if you have the `setpcred' function. */
-/* #undef HAVE_SETPCRED */
-
-/* Define to 1 if you have the `setproctitle' function. */
-#define HAVE_SETPROCTITLE 1
-
-/* Define to 1 if you have the `setregid' function. */
-#define HAVE_SETREGID 1
-
-/* Define to 1 if you have the `setresgid' function. */
-#define HAVE_SETRESGID 1
-
-/* Define to 1 if you have the `setresuid' function. */
-#define HAVE_SETRESUID 1
-
-/* Define to 1 if you have the `setreuid' function. */
-#define HAVE_SETREUID 1
-
-/* Define to 1 if you have the `setrlimit' function. */
-#define HAVE_SETRLIMIT 1
-
-/* Define to 1 if you have the `setsid' function. */
-#define HAVE_SETSID 1
-
-/* Define to 1 if you have the `setutent' function. */
-/* #undef HAVE_SETUTENT */
-
-/* Define to 1 if you have the `setutxent' function. */
-/* #undef HAVE_SETUTXENT */
-
-/* Define to 1 if you have the `setvbuf' function. */
-#define HAVE_SETVBUF 1
-
-/* Define to 1 if you have the `SHA256_Update' function. */
-/* #undef HAVE_SHA256_UPDATE */
-
-/* Define to 1 if you have the <sha2.h> header file. */
-/* #undef HAVE_SHA2_H */
-
-/* Define to 1 if you have the <shadow.h> header file. */
-/* #undef HAVE_SHADOW_H */
-
-/* Define to 1 if you have the `sigaction' function. */
-#define HAVE_SIGACTION 1
-
-/* Define to 1 if you have the `sigvec' function. */
-#define HAVE_SIGVEC 1
-
-/* Define to 1 if the system has the type `sig_atomic_t'. */
-#define HAVE_SIG_ATOMIC_T 1
-
-/* define if you have size_t data type */
-#define HAVE_SIZE_T 1
-
-/* Define to 1 if you have the `snprintf' function. */
-#define HAVE_SNPRINTF 1
-
-/* Define to 1 if you have the `socketpair' function. */
-#define HAVE_SOCKETPAIR 1
-
-/* Have PEERCRED socket option */
-/* #undef HAVE_SO_PEERCRED */
-
-/* define if you have ssize_t data type */
-#define HAVE_SSIZE_T 1
-
-/* Fields in struct sockaddr_storage */
-#define HAVE_SS_FAMILY_IN_SS 1
-
-/* Define to 1 if you have the <stddef.h> header file. */
-#define HAVE_STDDEF_H 1
-
-/* Define to 1 if you have the <stdint.h> header file. */
-#define HAVE_STDINT_H 1
-
-/* Define to 1 if you have the <stdlib.h> header file. */
-#define HAVE_STDLIB_H 1
-
-/* Define to 1 if you have the `strdup' function. */
-#define HAVE_STRDUP 1
-
-/* Define to 1 if you have the `strerror' function. */
-#define HAVE_STRERROR 1
-
-/* Define to 1 if you have the `strftime' function. */
-#define HAVE_STRFTIME 1
-
-/* Silly mkstemp() */
-/* #undef HAVE_STRICT_MKSTEMP */
-
-/* Define to 1 if you have the <strings.h> header file. */
-#define HAVE_STRINGS_H 1
-
-/* Define to 1 if you have the <string.h> header file. */
-#define HAVE_STRING_H 1
-
-/* Define to 1 if you have the `strlcat' function. */
-#define HAVE_STRLCAT 1
-
-/* Define to 1 if you have the `strlcpy' function. */
-#define HAVE_STRLCPY 1
-
-/* Define to 1 if you have the `strmode' function. */
-#define HAVE_STRMODE 1
-
-/* Define to 1 if you have the `strnvis' function. */
-/* #undef HAVE_STRNVIS */
-
-/* Define to 1 if you have the `strsep' function. */
-#define HAVE_STRSEP 1
-
-/* Define to 1 if you have the `strtoll' function. */
-#define HAVE_STRTOLL 1
-
-/* Define to 1 if you have the `strtonum' function. */
-#define HAVE_STRTONUM 1
-
-/* Define to 1 if you have the `strtoul' function. */
-#define HAVE_STRTOUL 1
-
-/* define if you have struct addrinfo data type */
-#define HAVE_STRUCT_ADDRINFO 1
-
-/* define if you have struct in6_addr data type */
-#define HAVE_STRUCT_IN6_ADDR 1
-
-/* define if you have struct sockaddr_in6 data type */
-#define HAVE_STRUCT_SOCKADDR_IN6 1
-
-/* define if you have struct sockaddr_storage data type */
-#define HAVE_STRUCT_SOCKADDR_STORAGE 1
-
-/* Define to 1 if `st_blksize' is member of `struct stat'. */
-#define HAVE_STRUCT_STAT_ST_BLKSIZE 1
-
-/* Define to 1 if the system has the type `struct timespec'. */
-#define HAVE_STRUCT_TIMESPEC 1
-
-/* define if you have struct timeval */
-#define HAVE_STRUCT_TIMEVAL 1
-
-/* Define to 1 if you have the `sysconf' function. */
-#define HAVE_SYSCONF 1
-
-/* Define if you have syslen in utmpx.h */
-/* #undef HAVE_SYSLEN_IN_UTMPX */
-
-/* Define to 1 if you have the <sys/audit.h> header file. */
-/* #undef HAVE_SYS_AUDIT_H */
-
-/* Define to 1 if you have the <sys/bitypes.h> header file. */
-/* #undef HAVE_SYS_BITYPES_H */
-
-/* Define to 1 if you have the <sys/bsdtty.h> header file. */
-/* #undef HAVE_SYS_BSDTTY_H */
-
-/* Define to 1 if you have the <sys/cdefs.h> header file. */
-#define HAVE_SYS_CDEFS_H 1
-
-/* Define to 1 if you have the <sys/dir.h> header file. */
-#define HAVE_SYS_DIR_H 1
-
-/* Define if your system defines sys_errlist[] */
-#define HAVE_SYS_ERRLIST 1
-
-/* Define to 1 if you have the <sys/mman.h> header file. */
-#define HAVE_SYS_MMAN_H 1
-
-/* Define to 1 if you have the <sys/ndir.h> header file. */
-/* #undef HAVE_SYS_NDIR_H */
-
-/* Define if your system defines sys_nerr */
-#define HAVE_SYS_NERR 1
-
-/* Define to 1 if you have the <sys/prctl.h> header file. */
-/* #undef HAVE_SYS_PRCTL_H */
-
-/* Define to 1 if you have the <sys/pstat.h> header file. */
-/* #undef HAVE_SYS_PSTAT_H */
-
-/* Define to 1 if you have the <sys/ptms.h> header file. */
-/* #undef HAVE_SYS_PTMS_H */
-
-/* Define to 1 if you have the <sys/select.h> header file. */
-#define HAVE_SYS_SELECT_H 1
-
-/* Define to 1 if you have the <sys/stat.h> header file. */
-#define HAVE_SYS_STAT_H 1
-
-/* Define to 1 if you have the <sys/stream.h> header file. */
-/* #undef HAVE_SYS_STREAM_H */
-
-/* Define to 1 if you have the <sys/stropts.h> header file. */
-/* #undef HAVE_SYS_STROPTS_H */
-
-/* Define to 1 if you have the <sys/strtio.h> header file. */
-/* #undef HAVE_SYS_STRTIO_H */
-
-/* Force use of sys/syslog.h on Ultrix */
-/* #undef HAVE_SYS_SYSLOG_H */
-
-/* Define to 1 if you have the <sys/sysmacros.h> header file. */
-/* #undef HAVE_SYS_SYSMACROS_H */
-
-/* Define to 1 if you have the <sys/timers.h> header file. */
-#define HAVE_SYS_TIMERS_H 1
-
-/* Define to 1 if you have the <sys/time.h> header file. */
-#define HAVE_SYS_TIME_H 1
-
-/* Define to 1 if you have the <sys/types.h> header file. */
-#define HAVE_SYS_TYPES_H 1
-
-/* Define to 1 if you have the <sys/un.h> header file. */
-#define HAVE_SYS_UN_H 1
-
-/* Define to 1 if you have the `tcgetpgrp' function. */
-#define HAVE_TCGETPGRP 1
-
-/* Define to 1 if you have the `tcsendbreak' function. */
-#define HAVE_TCSENDBREAK 1
-
-/* Define to 1 if you have the `time' function. */
-#define HAVE_TIME 1
-
-/* Define to 1 if you have the <time.h> header file. */
-#define HAVE_TIME_H 1
-
-/* Define if you have ut_time in utmp.h */
-#define HAVE_TIME_IN_UTMP 1
-
-/* Define if you have ut_time in utmpx.h */
-/* #undef HAVE_TIME_IN_UTMPX */
-
-/* Define to 1 if you have the <tmpdir.h> header file. */
-/* #undef HAVE_TMPDIR_H */
-
-/* Define to 1 if you have the `truncate' function. */
-#define HAVE_TRUNCATE 1
-
-/* Define to 1 if you have the <ttyent.h> header file. */
-#define HAVE_TTYENT_H 1
-
-/* Define if you have ut_tv in utmp.h */
-/* #undef HAVE_TV_IN_UTMP */
-
-/* Define if you have ut_tv in utmpx.h */
-/* #undef HAVE_TV_IN_UTMPX */
-
-/* Define if you have ut_type in utmp.h */
-/* #undef HAVE_TYPE_IN_UTMP */
-
-/* Define if you have ut_type in utmpx.h */
-/* #undef HAVE_TYPE_IN_UTMPX */
-
-/* define if you have uintxx_t data type */
-#define HAVE_UINTXX_T 1
-
-/* Define to 1 if you have the <unistd.h> header file. */
-#define HAVE_UNISTD_H 1
-
-/* Define to 1 if you have the `unsetenv' function. */
-#define HAVE_UNSETENV 1
-
-/* Define to 1 if the system has the type `unsigned long long'. */
-#define HAVE_UNSIGNED_LONG_LONG 1
-
-/* Define to 1 if you have the `updwtmp' function. */
-/* #undef HAVE_UPDWTMP */
-
-/* Define to 1 if you have the `updwtmpx' function. */
-/* #undef HAVE_UPDWTMPX */
-
-/* Define to 1 if you have the <usersec.h> header file. */
-/* #undef HAVE_USERSEC_H */
-
-/* Define to 1 if you have the <util.h> header file. */
-/* #undef HAVE_UTIL_H */
-
-/* Define to 1 if you have the `utimes' function. */
-#define HAVE_UTIMES 1
-
-/* Define to 1 if you have the <utime.h> header file. */
-#define HAVE_UTIME_H 1
-
-/* Define to 1 if you have the `utmpname' function. */
-/* #undef HAVE_UTMPNAME */
-
-/* Define to 1 if you have the `utmpxname' function. */
-/* #undef HAVE_UTMPXNAME */
-
-/* Define to 1 if you have the <utmpx.h> header file. */
-/* #undef HAVE_UTMPX_H */
-
-/* Define to 1 if you have the <utmp.h> header file. */
-#define HAVE_UTMP_H 1
-
-/* define if you have u_char data type */
-#define HAVE_U_CHAR 1
-
-/* define if you have u_int data type */
-#define HAVE_U_INT 1
-
-/* define if you have u_int64_t data type */
-#define HAVE_U_INT64_T 1
-
-/* define if you have u_intxx_t data type */
-#define HAVE_U_INTXX_T 1
-
-/* Define to 1 if you have the `vasprintf' function. */
-#define HAVE_VASPRINTF 1
-
-/* Define if va_copy exists */
-#define HAVE_VA_COPY 1
-
-/* Define to 1 if you have the `vhangup' function. */
-/* #undef HAVE_VHANGUP */
-
-/* Define to 1 if you have the <vis.h> header file. */
-#define HAVE_VIS_H 1
-
-/* Define to 1 if you have the `vsnprintf' function. */
-#define HAVE_VSNPRINTF 1
-
-/* Define to 1 if you have the `waitpid' function. */
-#define HAVE_WAITPID 1
-
-/* Define to 1 if you have the `_getlong' function. */
-#define HAVE__GETLONG 1
-
-/* Define to 1 if you have the `_getpty' function. */
-/* #undef HAVE__GETPTY */
-
-/* Define to 1 if you have the `_getshort' function. */
-#define HAVE__GETSHORT 1
-
-/* Define to 1 if you have the `__b64_ntop' function. */
-#define HAVE___B64_NTOP 1
-
-/* Define to 1 if you have the `__b64_pton' function. */
-#define HAVE___B64_PTON 1
-
-/* Define if compiler implements __FUNCTION__ */
-#define HAVE___FUNCTION__ 1
-
-/* Define if libc defines __progname */
-#define HAVE___PROGNAME 1
-
-/* Fields in struct sockaddr_storage */
-/* #undef HAVE___SS_FAMILY_IN_SS */
-
-/* Define if __va_copy exists */
-/* #undef HAVE___VA_COPY */
-
-/* Define if compiler implements __func__ */
-#define HAVE___func__ 1
-
-/* Define this if you are using the Heimdal version of Kerberos V5 */
-/* #undef HEIMDAL */
-
-/* Define if you need to use IP address instead of hostname in $DISPLAY */
-/* #undef IPADDR_IN_DISPLAY */
-
-/* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */
-/* #undef IPV4_IN_IPV6 */
-
-/* Define if your system choked on IP TOS setting */
-/* #undef IP_TOS_IS_BROKEN */
-
-/* Define if you want Kerberos 5 support */
-/* #undef KRB5 */
-
-/* Define if you want TCP Wrappers support */
-#define LIBWRAP 1
-
-/* Define to whatever link() returns for "not supported" if it doesn't return
- EOPNOTSUPP. */
-/* #undef LINK_OPNOTSUPP_ERRNO */
-
-/* max value of long long calculated by configure */
-/* #undef LLONG_MAX */
-
-/* min value of long long calculated by configure */
-/* #undef LLONG_MIN */
-
-/* Account locked with pw(1) */
-#define LOCKED_PASSWD_PREFIX "*LOCKED*"
-
-/* String used in /etc/passwd to denote locked account */
-/* #undef LOCKED_PASSWD_STRING */
-
-/* String used in /etc/passwd to denote locked account */
-/* #undef LOCKED_PASSWD_SUBSTR */
-
-/* Some versions of /bin/login need the TERM supplied on the commandline */
-/* #undef LOGIN_NEEDS_TERM */
-
-/* Some systems need a utmpx entry for /bin/login to work */
-/* #undef LOGIN_NEEDS_UTMPX */
-
-/* Define if your login program cannot handle end of options ("--") */
-/* #undef LOGIN_NO_ENDOPT */
-
-/* If your header files don't define LOGIN_PROGRAM, then use this (detected)
- from environment and PATH */
-#define LOGIN_PROGRAM_FALLBACK "/usr/bin/login"
-
-/* Set this to your mail directory if you don't have maillock.h */
-/* #undef MAIL_DIRECTORY */
-
-/* Define on *nto-qnx systems */
-/* #undef MISSING_FD_MASK */
-
-/* Define on *nto-qnx systems */
-/* #undef MISSING_HOWMANY */
-
-/* Define on *nto-qnx systems */
-/* #undef MISSING_NFDBITS */
-
-/* Need setpgrp to acquire controlling tty */
-/* #undef NEED_SETPGRP */
-
-/* Define if the concept of ports only accessible to superusers isn't known */
-/* #undef NO_IPPORT_RESERVED_CONCEPT */
-
-/* Define if you don't want to use lastlog in session.c */
-/* #undef NO_SSH_LASTLOG */
-
-/* Define if X11 doesn't support AF_UNIX sockets on that system */
-/* #undef NO_X11_UNIX_SOCKETS */
-
-/* libcrypto is missing AES 192 and 256 bit functions */
-/* #undef OPENSSL_LOBOTOMISED_AES */
-
-/* Define if you want OpenSSL's internally seeded PRNG only */
-#define OPENSSL_PRNG_ONLY 1
-
-/* Define if S/Key is actually OPIE */
-/* #undef OPIE */
-
-/* Define to the address where bug reports for this package should be sent. */
-#define PACKAGE_BUGREPORT "openssh-unix-dev at mindrot.org"
-
-/* Define to the full name of this package. */
-#define PACKAGE_NAME "OpenSSH"
-
-/* Define to the full name and version of this package. */
-#define PACKAGE_STRING "OpenSSH Portable"
-
-/* Define to the one symbol short name of this package. */
-#define PACKAGE_TARNAME "openssh"
-
-/* Define to the version of this package. */
-#define PACKAGE_VERSION "Portable"
-
-/* Define if you are using Solaris-derived PAM which passes pam_messages to
- the conversation function with an extra level of indirection */
-/* #undef PAM_SUN_CODEBASE */
-
-/* Work around problematic Linux PAM modules handling of PAM_TTY */
-/* #undef PAM_TTY_KLUDGE */
-
-/* must supply username to passwd */
-/* #undef PASSWD_NEEDS_USERNAME */
-
-/* Port number of PRNGD/EGD random number socket */
-/* #undef PRNGD_PORT */
-
-/* Location of PRNGD/EGD random number socket */
-/* #undef PRNGD_SOCKET */
-
-/* read(1) can return 0 for a non-closed fd */
-/* #undef PTY_ZEROREAD */
-
-/* Define if your platform breaks doing a seteuid before a setuid */
-/* #undef SETEUID_BREAKS_SETUID */
-
-/* The size of a `char', as computed by sizeof. */
-#define SIZEOF_CHAR 1
-
-/* The size of a `int', as computed by sizeof. */
-#define SIZEOF_INT 4
-
-/* The size of a `long int', as computed by sizeof. */
-#define SIZEOF_LONG_INT 4
-
-/* The size of a `long long int', as computed by sizeof. */
-#define SIZEOF_LONG_LONG_INT 8
-
-/* The size of a `short int', as computed by sizeof. */
-#define SIZEOF_SHORT_INT 2
-
-/* Define if you want S/Key support */
-/* #undef SKEY */
-
-/* Define if your skeychallenge() function takes 4 arguments (NetBSD) */
-/* #undef SKEYCHALLENGE_4ARG */
-
-/* Define if you want smartcard support */
-/* #undef SMARTCARD */
-
-/* Define as const if snprintf() can declare const char *fmt */
-#define SNPRINTF_CONST const
-
-/* Define to a Set Process Title type if your system is supported by
- bsd-setproctitle.c */
-/* #undef SPT_TYPE */
-
-/* Define if sshd somehow reacquires a controlling TTY after setsid() */
-/* #undef SSHD_ACQUIRES_CTTY */
-
-/* Define if pam_chauthtok wants real uid set to the unpriv'ed user */
-/* #undef SSHPAM_CHAUTHTOK_NEEDS_RUID */
-
-/* Use audit debugging module */
-/* #undef SSH_AUDIT_EVENTS */
-
-/* non-privileged user for privilege separation */
-#define SSH_PRIVSEP_USER "sshd"
-
-/* Use tunnel device compatibility to OpenBSD */
-/* #undef SSH_TUN_COMPAT_AF */
-
-/* Open tunnel devices the FreeBSD way */
-#define SSH_TUN_FREEBSD 1
-
-/* Open tunnel devices the Linux tun/tap way */
-/* #undef SSH_TUN_LINUX */
-
-/* No layer 2 tunnel support */
-/* #undef SSH_TUN_NO_L2 */
-
-/* Open tunnel devices the OpenBSD way */
-/* #undef SSH_TUN_OPENBSD */
-
-/* Prepend the address family to IP tunnel traffic */
-/* #undef SSH_TUN_PREPEND_AF */
-
-/* Define to 1 if you have the ANSI C header files. */
-#define STDC_HEADERS 1
-
-/* Define if you want a different $PATH for the superuser */
-/* #undef SUPERUSER_PATH */
-
-/* syslog_r function is safe to use in in a signal handler */
-/* #undef SYSLOG_R_SAFE_IN_SIGHAND */
-
-/* Support passwords > 8 chars */
-/* #undef UNIXWARE_LONG_PASSWORDS */
-
-/* Specify default $PATH */
-/* #undef USER_PATH */
-
-/* Define this if you want to use libkafs' AFS support */
-/* #undef USE_AFS */
-
-/* Use BSM audit module */
-/* #undef USE_BSM_AUDIT */
-
-/* Use btmp to log bad logins */
-/* #undef USE_BTMP */
-
-/* Use libedit for sftp */
-#define USE_LIBEDIT 1
-
-/* Define if you want smartcard support using OpenSC */
-/* #undef USE_OPENSC */
-
-/* Enable OpenSSL engine support */
-#define USE_OPENSSL_ENGINE 1
-
-/* Define if you want to enable PAM support */
-#define USE_PAM 1
-
-/* Use PIPES instead of a socketpair() */
-/* #undef USE_PIPES */
-
-/* Define if you want smartcard support using sectok */
-/* #undef USE_SECTOK */
-
-/* Define if you have Solaris process contracts */
-/* #undef USE_SOLARIS_PROCESS_CONTRACTS */
-
-/* Define if you shouldn't strip 'tty' from your ttyname in [uw]tmp */
-/* #undef WITH_ABBREV_NO_TTY */
-
-/* Define if you want to enable AIX4's authenticate function */
-/* #undef WITH_AIXAUTHENTICATE */
-
-/* Define if you have/want arrays (cluster-wide session managment, not C
- arrays) */
-/* #undef WITH_IRIX_ARRAY */
-
-/* Define if you want IRIX audit trails */
-/* #undef WITH_IRIX_AUDIT */
-
-/* Define if you want IRIX kernel jobs */
-/* #undef WITH_IRIX_JOBS */
-
-/* Define if you want IRIX project management */
-/* #undef WITH_IRIX_PROJECT */
-
-/* Define if you want SELinux support. */
-/* #undef WITH_SELINUX */
-
-/* Define to 1 if your processor stores words with the most significant byte
- first (like Motorola and SPARC, unlike Intel and VAX). */
-/* #undef WORDS_BIGENDIAN */
-
-/* Define if xauth is found in your path */
-/* #undef XAUTH_PATH */
-
-/* Number of bits in a file offset, on hosts where this is settable. */
-/* #undef _FILE_OFFSET_BITS */
-
-/* Define for large files, on AIX-style hosts. */
-/* #undef _LARGE_FILES */
-
-/* log for bad login attempts */
-/* #undef _PATH_BTMP */
-
-/* Full path of your "passwd" program */
-#define _PATH_PASSWD_PROG "/usr/bin/passwd"
-
-/* Specify location of ssh.pid */
-#define _PATH_SSH_PIDDIR "/var/run"
-
-/* Define if we don't have struct __res_state in resolv.h */
-/* #undef __res_state */
-
-/* Define to `__inline__' or `__inline' if that's what the C compiler
- calls it, or to nothing if 'inline' is not supported under any name. */
-#ifndef __cplusplus
-/* #undef inline */
-#endif
-
-/* type to use in place of socklen_t if not defined */
-/* #undef socklen_t */
Added: vendor-crypto/openssh/dist/config.h.in
===================================================================
--- vendor-crypto/openssh/dist/config.h.in (rev 0)
+++ vendor-crypto/openssh/dist/config.h.in 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,1632 @@
+/* config.h.in. Generated from configure.ac by autoheader. */
+
+/* Define if building universal (internal helper macro) */
+#undef AC_APPLE_UNIVERSAL_BUILD
+
+/* Define if you have a getaddrinfo that fails for the all-zeros IPv6 address
+ */
+#undef AIX_GETNAMEINFO_HACK
+
+/* Define if your AIX loginfailed() function takes 4 arguments (AIX >= 5.2) */
+#undef AIX_LOGINFAILED_4ARG
+
+/* System only supports IPv4 audit records */
+#undef AU_IPv4
+
+/* Define if your resolver libs need this for getrrsetbyname */
+#undef BIND_8_COMPAT
+
+/* The system has incomplete BSM API */
+#undef BROKEN_BSM_API
+
+/* Define if cmsg_type is not passed correctly */
+#undef BROKEN_CMSG_TYPE
+
+/* getaddrinfo is broken (if present) */
+#undef BROKEN_GETADDRINFO
+
+/* getgroups(0,NULL) will return -1 */
+#undef BROKEN_GETGROUPS
+
+/* FreeBSD glob does not do what we need */
+#undef BROKEN_GLOB
+
+/* Define if you system's inet_ntoa is busted (e.g. Irix gcc issue) */
+#undef BROKEN_INET_NTOA
+
+/* ia_uinfo routines not supported by OS yet */
+#undef BROKEN_LIBIAF
+
+/* Ultrix mmap can't map files */
+#undef BROKEN_MMAP
+
+/* Define if your struct dirent expects you to allocate extra space for d_name
+ */
+#undef BROKEN_ONE_BYTE_DIRENT_D_NAME
+
+/* Can't do comparisons on readv */
+#undef BROKEN_READV_COMPARISON
+
+/* Define if you have a broken realpath. */
+#undef BROKEN_REALPATH
+
+/* Needed for NeXT */
+#undef BROKEN_SAVED_UIDS
+
+/* Define if your setregid() is broken */
+#undef BROKEN_SETREGID
+
+/* Define if your setresgid() is broken */
+#undef BROKEN_SETRESGID
+
+/* Define if your setresuid() is broken */
+#undef BROKEN_SETRESUID
+
+/* Define if your setreuid() is broken */
+#undef BROKEN_SETREUID
+
+/* LynxOS has broken setvbuf() implementation */
+#undef BROKEN_SETVBUF
+
+/* QNX shadow support is broken */
+#undef BROKEN_SHADOW_EXPIRE
+
+/* Define if your snprintf is busted */
+#undef BROKEN_SNPRINTF
+
+/* FreeBSD strnvis does not do what we need */
+#undef BROKEN_STRNVIS
+
+/* tcgetattr with ICANON may hang */
+#undef BROKEN_TCGETATTR_ICANON
+
+/* updwtmpx is broken (if present) */
+#undef BROKEN_UPDWTMPX
+
+/* Define if you have BSD auth support */
+#undef BSD_AUTH
+
+/* Define if you want to specify the path to your lastlog file */
+#undef CONF_LASTLOG_FILE
+
+/* Define if you want to specify the path to your utmp file */
+#undef CONF_UTMP_FILE
+
+/* Define if you want to specify the path to your wtmpx file */
+#undef CONF_WTMPX_FILE
+
+/* Define if you want to specify the path to your wtmp file */
+#undef CONF_WTMP_FILE
+
+/* Define if your platform needs to skip post auth file descriptor passing */
+#undef DISABLE_FD_PASSING
+
+/* Define if you don't want to use lastlog */
+#undef DISABLE_LASTLOG
+
+/* Define if you don't want to use your system's login() call */
+#undef DISABLE_LOGIN
+
+/* Define if you don't want to use pututline() etc. to write [uw]tmp */
+#undef DISABLE_PUTUTLINE
+
+/* Define if you don't want to use pututxline() etc. to write [uw]tmpx */
+#undef DISABLE_PUTUTXLINE
+
+/* Define if you want to disable shadow passwords */
+#undef DISABLE_SHADOW
+
+/* Define if you don't want to use utmp */
+#undef DISABLE_UTMP
+
+/* Define if you don't want to use utmpx */
+#undef DISABLE_UTMPX
+
+/* Define if you don't want to use wtmp */
+#undef DISABLE_WTMP
+
+/* Define if you don't want to use wtmpx */
+#undef DISABLE_WTMPX
+
+/* Enable for PKCS#11 support */
+#undef ENABLE_PKCS11
+
+/* File names may not contain backslash characters */
+#undef FILESYSTEM_NO_BACKSLASH
+
+/* fsid_t has member val */
+#undef FSID_HAS_VAL
+
+/* fsid_t has member __val */
+#undef FSID_HAS___VAL
+
+/* Define to 1 if the `getpgrp' function requires zero arguments. */
+#undef GETPGRP_VOID
+
+/* Conflicting defs for getspnam */
+#undef GETSPNAM_CONFLICTING_DEFS
+
+/* Define if your system glob() function has the GLOB_ALTDIRFUNC extension */
+#undef GLOB_HAS_ALTDIRFUNC
+
+/* Define if your system glob() function has gl_matchc options in glob_t */
+#undef GLOB_HAS_GL_MATCHC
+
+/* Define if your system glob() function has gl_statv options in glob_t */
+#undef GLOB_HAS_GL_STATV
+
+/* Define this if you want GSSAPI support in the version 2 protocol */
+#undef GSSAPI
+
+/* Define if you want to use shadow password expire field */
+#undef HAS_SHADOW_EXPIRE
+
+/* Define if your system uses access rights style file descriptor passing */
+#undef HAVE_ACCRIGHTS_IN_MSGHDR
+
+/* Define if you have ut_addr in utmp.h */
+#undef HAVE_ADDR_IN_UTMP
+
+/* Define if you have ut_addr in utmpx.h */
+#undef HAVE_ADDR_IN_UTMPX
+
+/* Define if you have ut_addr_v6 in utmp.h */
+#undef HAVE_ADDR_V6_IN_UTMP
+
+/* Define if you have ut_addr_v6 in utmpx.h */
+#undef HAVE_ADDR_V6_IN_UTMPX
+
+/* Define to 1 if you have the `arc4random' function. */
+#undef HAVE_ARC4RANDOM
+
+/* Define to 1 if you have the `arc4random_buf' function. */
+#undef HAVE_ARC4RANDOM_BUF
+
+/* Define to 1 if you have the `arc4random_uniform' function. */
+#undef HAVE_ARC4RANDOM_UNIFORM
+
+/* Define to 1 if you have the `asprintf' function. */
+#undef HAVE_ASPRINTF
+
+/* OpenBSD's gcc has bounded */
+#undef HAVE_ATTRIBUTE__BOUNDED__
+
+/* Have attribute nonnull */
+#undef HAVE_ATTRIBUTE__NONNULL__
+
+/* OpenBSD's gcc has sentinel */
+#undef HAVE_ATTRIBUTE__SENTINEL__
+
+/* Define to 1 if you have the `aug_get_machine' function. */
+#undef HAVE_AUG_GET_MACHINE
+
+/* Define to 1 if you have the `b64_ntop' function. */
+#undef HAVE_B64_NTOP
+
+/* Define to 1 if you have the `b64_pton' function. */
+#undef HAVE_B64_PTON
+
+/* Define if you have the basename function. */
+#undef HAVE_BASENAME
+
+/* Define to 1 if you have the `bcopy' function. */
+#undef HAVE_BCOPY
+
+/* Define to 1 if you have the `bindresvport_sa' function. */
+#undef HAVE_BINDRESVPORT_SA
+
+/* Define to 1 if you have the `BN_is_prime_ex' function. */
+#undef HAVE_BN_IS_PRIME_EX
+
+/* Define to 1 if you have the <bsd/libutil.h> header file. */
+#undef HAVE_BSD_LIBUTIL_H
+
+/* Define to 1 if you have the <bsm/audit.h> header file. */
+#undef HAVE_BSM_AUDIT_H
+
+/* Define to 1 if you have the <bstring.h> header file. */
+#undef HAVE_BSTRING_H
+
+/* Define to 1 if you have the `clock' function. */
+#undef HAVE_CLOCK
+
+/* Have clock_gettime */
+#undef HAVE_CLOCK_GETTIME
+
+/* define if you have clock_t data type */
+#undef HAVE_CLOCK_T
+
+/* Define to 1 if you have the `closefrom' function. */
+#undef HAVE_CLOSEFROM
+
+/* Define if gai_strerror() returns const char * */
+#undef HAVE_CONST_GAI_STRERROR_PROTO
+
+/* Define if your system uses ancillary data style file descriptor passing */
+#undef HAVE_CONTROL_IN_MSGHDR
+
+/* Define to 1 if you have the `crypt' function. */
+#undef HAVE_CRYPT
+
+/* Define to 1 if you have the <crypto/sha2.h> header file. */
+#undef HAVE_CRYPTO_SHA2_H
+
+/* Define to 1 if you have the <crypt.h> header file. */
+#undef HAVE_CRYPT_H
+
+/* Define if you are on Cygwin */
+#undef HAVE_CYGWIN
+
+/* Define if your libraries define daemon() */
+#undef HAVE_DAEMON
+
+/* Define to 1 if you have the declaration of `authenticate', and to 0 if you
+ don't. */
+#undef HAVE_DECL_AUTHENTICATE
+
+/* Define to 1 if you have the declaration of `GLOB_NOMATCH', and to 0 if you
+ don't. */
+#undef HAVE_DECL_GLOB_NOMATCH
+
+/* Define to 1 if you have the declaration of `GSS_C_NT_HOSTBASED_SERVICE',
+ and to 0 if you don't. */
+#undef HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE
+
+/* Define to 1 if you have the declaration of `howmany', and to 0 if you
+ don't. */
+#undef HAVE_DECL_HOWMANY
+
+/* Define to 1 if you have the declaration of `h_errno', and to 0 if you
+ don't. */
+#undef HAVE_DECL_H_ERRNO
+
+/* Define to 1 if you have the declaration of `loginfailed', and to 0 if you
+ don't. */
+#undef HAVE_DECL_LOGINFAILED
+
+/* Define to 1 if you have the declaration of `loginrestrictions', and to 0 if
+ you don't. */
+#undef HAVE_DECL_LOGINRESTRICTIONS
+
+/* Define to 1 if you have the declaration of `loginsuccess', and to 0 if you
+ don't. */
+#undef HAVE_DECL_LOGINSUCCESS
+
+/* Define to 1 if you have the declaration of `MAXSYMLINKS', and to 0 if you
+ don't. */
+#undef HAVE_DECL_MAXSYMLINKS
+
+/* Define to 1 if you have the declaration of `NFDBITS', and to 0 if you
+ don't. */
+#undef HAVE_DECL_NFDBITS
+
+/* Define to 1 if you have the declaration of `offsetof', and to 0 if you
+ don't. */
+#undef HAVE_DECL_OFFSETOF
+
+/* Define to 1 if you have the declaration of `O_NONBLOCK', and to 0 if you
+ don't. */
+#undef HAVE_DECL_O_NONBLOCK
+
+/* Define to 1 if you have the declaration of `passwdexpired', and to 0 if you
+ don't. */
+#undef HAVE_DECL_PASSWDEXPIRED
+
+/* Define to 1 if you have the declaration of `setauthdb', and to 0 if you
+ don't. */
+#undef HAVE_DECL_SETAUTHDB
+
+/* Define to 1 if you have the declaration of `SHUT_RD', and to 0 if you
+ don't. */
+#undef HAVE_DECL_SHUT_RD
+
+/* Define to 1 if you have the declaration of `writev', and to 0 if you don't.
+ */
+#undef HAVE_DECL_WRITEV
+
+/* Define to 1 if you have the declaration of `_getlong', and to 0 if you
+ don't. */
+#undef HAVE_DECL__GETLONG
+
+/* Define to 1 if you have the declaration of `_getshort', and to 0 if you
+ don't. */
+#undef HAVE_DECL__GETSHORT
+
+/* Define to 1 if you have the `DES_crypt' function. */
+#undef HAVE_DES_CRYPT
+
+/* Define if you have /dev/ptmx */
+#undef HAVE_DEV_PTMX
+
+/* Define if you have /dev/ptc */
+#undef HAVE_DEV_PTS_AND_PTC
+
+/* Define to 1 if you have the <dirent.h> header file. */
+#undef HAVE_DIRENT_H
+
+/* Define to 1 if you have the `dirfd' function. */
+#undef HAVE_DIRFD
+
+/* Define to 1 if you have the `dirname' function. */
+#undef HAVE_DIRNAME
+
+/* Define to 1 if you have the `DSA_generate_parameters_ex' function. */
+#undef HAVE_DSA_GENERATE_PARAMETERS_EX
+
+/* Define to 1 if you have the <elf.h> header file. */
+#undef HAVE_ELF_H
+
+/* Define to 1 if you have the `endgrent' function. */
+#undef HAVE_ENDGRENT
+
+/* Define to 1 if you have the <endian.h> header file. */
+#undef HAVE_ENDIAN_H
+
+/* Define to 1 if you have the `endutent' function. */
+#undef HAVE_ENDUTENT
+
+/* Define to 1 if you have the `endutxent' function. */
+#undef HAVE_ENDUTXENT
+
+/* Define if your system has /etc/default/login */
+#undef HAVE_ETC_DEFAULT_LOGIN
+
+/* Define if libcrypto has EVP_CIPHER_CTX_ctrl */
+#undef HAVE_EVP_CIPHER_CTX_CTRL
+
+/* Define to 1 if you have the `EVP_sha256' function. */
+#undef HAVE_EVP_SHA256
+
+/* Define if you have ut_exit in utmp.h */
+#undef HAVE_EXIT_IN_UTMP
+
+/* Define to 1 if you have the `fchmod' function. */
+#undef HAVE_FCHMOD
+
+/* Define to 1 if you have the `fchown' function. */
+#undef HAVE_FCHOWN
+
+/* Use F_CLOSEM fcntl for closefrom */
+#undef HAVE_FCNTL_CLOSEM
+
+/* Define to 1 if you have the <fcntl.h> header file. */
+#undef HAVE_FCNTL_H
+
+/* Define to 1 if the system has the type `fd_mask'. */
+#undef HAVE_FD_MASK
+
+/* Define to 1 if you have the <features.h> header file. */
+#undef HAVE_FEATURES_H
+
+/* Define to 1 if you have the <floatingpoint.h> header file. */
+#undef HAVE_FLOATINGPOINT_H
+
+/* Define to 1 if you have the `fmt_scaled' function. */
+#undef HAVE_FMT_SCALED
+
+/* Define to 1 if you have the `freeaddrinfo' function. */
+#undef HAVE_FREEADDRINFO
+
+/* Define to 1 if the system has the type `fsblkcnt_t'. */
+#undef HAVE_FSBLKCNT_T
+
+/* Define to 1 if the system has the type `fsfilcnt_t'. */
+#undef HAVE_FSFILCNT_T
+
+/* Define to 1 if you have the `fstatvfs' function. */
+#undef HAVE_FSTATVFS
+
+/* Define to 1 if you have the `futimes' function. */
+#undef HAVE_FUTIMES
+
+/* Define to 1 if you have the `gai_strerror' function. */
+#undef HAVE_GAI_STRERROR
+
+/* Define to 1 if you have the `getaddrinfo' function. */
+#undef HAVE_GETADDRINFO
+
+/* Define to 1 if you have the `getaudit' function. */
+#undef HAVE_GETAUDIT
+
+/* Define to 1 if you have the `getaudit_addr' function. */
+#undef HAVE_GETAUDIT_ADDR
+
+/* Define to 1 if you have the `getcwd' function. */
+#undef HAVE_GETCWD
+
+/* Define to 1 if you have the `getgrouplist' function. */
+#undef HAVE_GETGROUPLIST
+
+/* Define to 1 if you have the `getgrset' function. */
+#undef HAVE_GETGRSET
+
+/* Define to 1 if you have the `getlastlogxbyname' function. */
+#undef HAVE_GETLASTLOGXBYNAME
+
+/* Define to 1 if you have the `getluid' function. */
+#undef HAVE_GETLUID
+
+/* Define to 1 if you have the `getnameinfo' function. */
+#undef HAVE_GETNAMEINFO
+
+/* Define to 1 if you have the `getopt' function. */
+#undef HAVE_GETOPT
+
+/* Define to 1 if you have the <getopt.h> header file. */
+#undef HAVE_GETOPT_H
+
+/* Define if your getopt(3) defines and uses optreset */
+#undef HAVE_GETOPT_OPTRESET
+
+/* Define if your libraries define getpagesize() */
+#undef HAVE_GETPAGESIZE
+
+/* Define to 1 if you have the `getpeereid' function. */
+#undef HAVE_GETPEEREID
+
+/* Define to 1 if you have the `getpeerucred' function. */
+#undef HAVE_GETPEERUCRED
+
+/* Define to 1 if you have the `getpgid' function. */
+#undef HAVE_GETPGID
+
+/* Define to 1 if you have the `getpgrp' function. */
+#undef HAVE_GETPGRP
+
+/* Define to 1 if you have the `getpwanam' function. */
+#undef HAVE_GETPWANAM
+
+/* Define to 1 if you have the `getrlimit' function. */
+#undef HAVE_GETRLIMIT
+
+/* Define if getrrsetbyname() exists */
+#undef HAVE_GETRRSETBYNAME
+
+/* Define to 1 if you have the `getrusage' function. */
+#undef HAVE_GETRUSAGE
+
+/* Define to 1 if you have the `getseuserbyname' function. */
+#undef HAVE_GETSEUSERBYNAME
+
+/* Define to 1 if you have the `gettimeofday' function. */
+#undef HAVE_GETTIMEOFDAY
+
+/* Define to 1 if you have the `getttyent' function. */
+#undef HAVE_GETTTYENT
+
+/* Define to 1 if you have the `getutent' function. */
+#undef HAVE_GETUTENT
+
+/* Define to 1 if you have the `getutid' function. */
+#undef HAVE_GETUTID
+
+/* Define to 1 if you have the `getutline' function. */
+#undef HAVE_GETUTLINE
+
+/* Define to 1 if you have the `getutxent' function. */
+#undef HAVE_GETUTXENT
+
+/* Define to 1 if you have the `getutxid' function. */
+#undef HAVE_GETUTXID
+
+/* Define to 1 if you have the `getutxline' function. */
+#undef HAVE_GETUTXLINE
+
+/* Define to 1 if you have the `getutxuser' function. */
+#undef HAVE_GETUTXUSER
+
+/* Define to 1 if you have the `get_default_context_with_level' function. */
+#undef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL
+
+/* Define to 1 if you have the `glob' function. */
+#undef HAVE_GLOB
+
+/* Define to 1 if you have the <glob.h> header file. */
+#undef HAVE_GLOB_H
+
+/* Define to 1 if you have the `group_from_gid' function. */
+#undef HAVE_GROUP_FROM_GID
+
+/* Define to 1 if you have the <gssapi_generic.h> header file. */
+#undef HAVE_GSSAPI_GENERIC_H
+
+/* Define to 1 if you have the <gssapi/gssapi_generic.h> header file. */
+#undef HAVE_GSSAPI_GSSAPI_GENERIC_H
+
+/* Define to 1 if you have the <gssapi/gssapi.h> header file. */
+#undef HAVE_GSSAPI_GSSAPI_H
+
+/* Define to 1 if you have the <gssapi/gssapi_krb5.h> header file. */
+#undef HAVE_GSSAPI_GSSAPI_KRB5_H
+
+/* Define to 1 if you have the <gssapi.h> header file. */
+#undef HAVE_GSSAPI_H
+
+/* Define to 1 if you have the <gssapi_krb5.h> header file. */
+#undef HAVE_GSSAPI_KRB5_H
+
+/* Define if HEADER.ad exists in arpa/nameser.h */
+#undef HAVE_HEADER_AD
+
+/* Define to 1 if you have the `HMAC_CTX_init' function. */
+#undef HAVE_HMAC_CTX_INIT
+
+/* Define if you have ut_host in utmp.h */
+#undef HAVE_HOST_IN_UTMP
+
+/* Define if you have ut_host in utmpx.h */
+#undef HAVE_HOST_IN_UTMPX
+
+/* Define to 1 if you have the <iaf.h> header file. */
+#undef HAVE_IAF_H
+
+/* Define to 1 if you have the <ia.h> header file. */
+#undef HAVE_IA_H
+
+/* Define if you have ut_id in utmp.h */
+#undef HAVE_ID_IN_UTMP
+
+/* Define if you have ut_id in utmpx.h */
+#undef HAVE_ID_IN_UTMPX
+
+/* Define to 1 if you have the `inet_aton' function. */
+#undef HAVE_INET_ATON
+
+/* Define to 1 if you have the `inet_ntoa' function. */
+#undef HAVE_INET_NTOA
+
+/* Define to 1 if you have the `inet_ntop' function. */
+#undef HAVE_INET_NTOP
+
+/* Define to 1 if you have the `innetgr' function. */
+#undef HAVE_INNETGR
+
+/* define if you have int64_t data type */
+#undef HAVE_INT64_T
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#undef HAVE_INTTYPES_H
+
+/* define if you have intxx_t data type */
+#undef HAVE_INTXX_T
+
+/* Define to 1 if the system has the type `in_addr_t'. */
+#undef HAVE_IN_ADDR_T
+
+/* Define to 1 if the system has the type `in_port_t'. */
+#undef HAVE_IN_PORT_T
+
+/* Define if you have isblank(3C). */
+#undef HAVE_ISBLANK
+
+/* Define to 1 if you have the `krb5_cc_new_unique' function. */
+#undef HAVE_KRB5_CC_NEW_UNIQUE
+
+/* Define to 1 if you have the `krb5_free_error_message' function. */
+#undef HAVE_KRB5_FREE_ERROR_MESSAGE
+
+/* Define to 1 if you have the `krb5_get_error_message' function. */
+#undef HAVE_KRB5_GET_ERROR_MESSAGE
+
+/* Define to 1 if you have the <lastlog.h> header file. */
+#undef HAVE_LASTLOG_H
+
+/* Define if you want ldns support */
+#undef HAVE_LDNS
+
+/* Define to 1 if you have the <libaudit.h> header file. */
+#undef HAVE_LIBAUDIT_H
+
+/* Define to 1 if you have the `bsm' library (-lbsm). */
+#undef HAVE_LIBBSM
+
+/* Define to 1 if you have the `crypt' library (-lcrypt). */
+#undef HAVE_LIBCRYPT
+
+/* Define to 1 if you have the `dl' library (-ldl). */
+#undef HAVE_LIBDL
+
+/* Define to 1 if you have the <libgen.h> header file. */
+#undef HAVE_LIBGEN_H
+
+/* Define if system has libiaf that supports set_id */
+#undef HAVE_LIBIAF
+
+/* Define to 1 if you have the `network' library (-lnetwork). */
+#undef HAVE_LIBNETWORK
+
+/* Define to 1 if you have the `nsl' library (-lnsl). */
+#undef HAVE_LIBNSL
+
+/* Define to 1 if you have the `pam' library (-lpam). */
+#undef HAVE_LIBPAM
+
+/* Define to 1 if you have the `socket' library (-lsocket). */
+#undef HAVE_LIBSOCKET
+
+/* Define to 1 if you have the <libutil.h> header file. */
+#undef HAVE_LIBUTIL_H
+
+/* Define to 1 if you have the `xnet' library (-lxnet). */
+#undef HAVE_LIBXNET
+
+/* Define to 1 if you have the `z' library (-lz). */
+#undef HAVE_LIBZ
+
+/* Define to 1 if you have the <limits.h> header file. */
+#undef HAVE_LIMITS_H
+
+/* Define to 1 if you have the <linux/audit.h> header file. */
+#undef HAVE_LINUX_AUDIT_H
+
+/* Define to 1 if you have the <linux/filter.h> header file. */
+#undef HAVE_LINUX_FILTER_H
+
+/* Define to 1 if you have the <linux/if_tun.h> header file. */
+#undef HAVE_LINUX_IF_TUN_H
+
+/* Define to 1 if you have the <linux/seccomp.h> header file. */
+#undef HAVE_LINUX_SECCOMP_H
+
+/* Define to 1 if you have the <locale.h> header file. */
+#undef HAVE_LOCALE_H
+
+/* Define to 1 if you have the `login' function. */
+#undef HAVE_LOGIN
+
+/* Define to 1 if you have the <login_cap.h> header file. */
+#undef HAVE_LOGIN_CAP_H
+
+/* Define to 1 if you have the `login_getcapbool' function. */
+#undef HAVE_LOGIN_GETCAPBOOL
+
+/* Define to 1 if you have the <login.h> header file. */
+#undef HAVE_LOGIN_H
+
+/* Define to 1 if you have the `logout' function. */
+#undef HAVE_LOGOUT
+
+/* Define to 1 if you have the `logwtmp' function. */
+#undef HAVE_LOGWTMP
+
+/* Define to 1 if the system has the type `long double'. */
+#undef HAVE_LONG_DOUBLE
+
+/* Define to 1 if the system has the type `long long'. */
+#undef HAVE_LONG_LONG
+
+/* Define to 1 if you have the <maillock.h> header file. */
+#undef HAVE_MAILLOCK_H
+
+/* Define to 1 if you have the `mblen' function. */
+#undef HAVE_MBLEN
+
+/* Define to 1 if you have the `md5_crypt' function. */
+#undef HAVE_MD5_CRYPT
+
+/* Define if you want to allow MD5 passwords */
+#undef HAVE_MD5_PASSWORDS
+
+/* Define to 1 if you have the `memmove' function. */
+#undef HAVE_MEMMOVE
+
+/* Define to 1 if you have the <memory.h> header file. */
+#undef HAVE_MEMORY_H
+
+/* Define to 1 if you have the `mkdtemp' function. */
+#undef HAVE_MKDTEMP
+
+/* Define to 1 if you have the `mmap' function. */
+#undef HAVE_MMAP
+
+/* define if you have mode_t data type */
+#undef HAVE_MODE_T
+
+/* Some systems put nanosleep outside of libc */
+#undef HAVE_NANOSLEEP
+
+/* Define to 1 if you have the <ndir.h> header file. */
+#undef HAVE_NDIR_H
+
+/* Define to 1 if you have the <netdb.h> header file. */
+#undef HAVE_NETDB_H
+
+/* Define to 1 if you have the <netgroup.h> header file. */
+#undef HAVE_NETGROUP_H
+
+/* Define to 1 if you have the <net/if_tun.h> header file. */
+#undef HAVE_NET_IF_TUN_H
+
+/* Define if you are on NeXT */
+#undef HAVE_NEXT
+
+/* Define to 1 if you have the `ngetaddrinfo' function. */
+#undef HAVE_NGETADDRINFO
+
+/* Define to 1 if you have the `nsleep' function. */
+#undef HAVE_NSLEEP
+
+/* Define to 1 if you have the `ogetaddrinfo' function. */
+#undef HAVE_OGETADDRINFO
+
+/* Define if you have an old version of PAM which takes only one argument to
+ pam_strerror */
+#undef HAVE_OLD_PAM
+
+/* Define to 1 if you have the `openlog_r' function. */
+#undef HAVE_OPENLOG_R
+
+/* Define to 1 if you have the `openpty' function. */
+#undef HAVE_OPENPTY
+
+/* Define if your ssl headers are included with #include <openssl/header.h> */
+#undef HAVE_OPENSSL
+
+/* Define if you have Digital Unix Security Integration Architecture */
+#undef HAVE_OSF_SIA
+
+/* Define to 1 if you have the `pam_getenvlist' function. */
+#undef HAVE_PAM_GETENVLIST
+
+/* Define to 1 if you have the <pam/pam_appl.h> header file. */
+#undef HAVE_PAM_PAM_APPL_H
+
+/* Define to 1 if you have the `pam_putenv' function. */
+#undef HAVE_PAM_PUTENV
+
+/* Define to 1 if you have the <paths.h> header file. */
+#undef HAVE_PATHS_H
+
+/* Define if you have ut_pid in utmp.h */
+#undef HAVE_PID_IN_UTMP
+
+/* define if you have pid_t data type */
+#undef HAVE_PID_T
+
+/* Define to 1 if you have the `poll' function. */
+#undef HAVE_POLL
+
+/* Define to 1 if you have the <poll.h> header file. */
+#undef HAVE_POLL_H
+
+/* Define to 1 if you have the `prctl' function. */
+#undef HAVE_PRCTL
+
+/* Define if you have /proc/$pid/fd */
+#undef HAVE_PROC_PID
+
+/* Define to 1 if you have the `pstat' function. */
+#undef HAVE_PSTAT
+
+/* Define to 1 if you have the <pty.h> header file. */
+#undef HAVE_PTY_H
+
+/* Define to 1 if you have the `pututline' function. */
+#undef HAVE_PUTUTLINE
+
+/* Define to 1 if you have the `pututxline' function. */
+#undef HAVE_PUTUTXLINE
+
+/* Define to 1 if you have the `readpassphrase' function. */
+#undef HAVE_READPASSPHRASE
+
+/* Define to 1 if you have the <readpassphrase.h> header file. */
+#undef HAVE_READPASSPHRASE_H
+
+/* Define to 1 if you have the `realpath' function. */
+#undef HAVE_REALPATH
+
+/* Define to 1 if you have the `recvmsg' function. */
+#undef HAVE_RECVMSG
+
+/* sys/resource.h has RLIMIT_NPROC */
+#undef HAVE_RLIMIT_NPROC
+
+/* Define to 1 if you have the <rpc/types.h> header file. */
+#undef HAVE_RPC_TYPES_H
+
+/* Define to 1 if you have the `rresvport_af' function. */
+#undef HAVE_RRESVPORT_AF
+
+/* Define to 1 if you have the `RSA_generate_key_ex' function. */
+#undef HAVE_RSA_GENERATE_KEY_EX
+
+/* Define to 1 if you have the `RSA_get_default_method' function. */
+#undef HAVE_RSA_GET_DEFAULT_METHOD
+
+/* Define to 1 if you have the <sandbox.h> header file. */
+#undef HAVE_SANDBOX_H
+
+/* Define to 1 if you have the `sandbox_init' function. */
+#undef HAVE_SANDBOX_INIT
+
+/* define if you have sa_family_t data type */
+#undef HAVE_SA_FAMILY_T
+
+/* Define to 1 if you have the `scan_scaled' function. */
+#undef HAVE_SCAN_SCALED
+
+/* Define if you have SecureWare-based protected password database */
+#undef HAVE_SECUREWARE
+
+/* Define to 1 if you have the <security/pam_appl.h> header file. */
+#undef HAVE_SECURITY_PAM_APPL_H
+
+/* Define to 1 if you have the `sendmsg' function. */
+#undef HAVE_SENDMSG
+
+/* Define to 1 if you have the `setauthdb' function. */
+#undef HAVE_SETAUTHDB
+
+/* Define to 1 if you have the `setdtablesize' function. */
+#undef HAVE_SETDTABLESIZE
+
+/* Define to 1 if you have the `setegid' function. */
+#undef HAVE_SETEGID
+
+/* Define to 1 if you have the `setenv' function. */
+#undef HAVE_SETENV
+
+/* Define to 1 if you have the `seteuid' function. */
+#undef HAVE_SETEUID
+
+/* Define to 1 if you have the `setgroupent' function. */
+#undef HAVE_SETGROUPENT
+
+/* Define to 1 if you have the `setgroups' function. */
+#undef HAVE_SETGROUPS
+
+/* Define to 1 if you have the `setlinebuf' function. */
+#undef HAVE_SETLINEBUF
+
+/* Define to 1 if you have the `setlogin' function. */
+#undef HAVE_SETLOGIN
+
+/* Define to 1 if you have the `setluid' function. */
+#undef HAVE_SETLUID
+
+/* Define to 1 if you have the `setpassent' function. */
+#undef HAVE_SETPASSENT
+
+/* Define to 1 if you have the `setpcred' function. */
+#undef HAVE_SETPCRED
+
+/* Define to 1 if you have the `setproctitle' function. */
+#undef HAVE_SETPROCTITLE
+
+/* Define to 1 if you have the `setregid' function. */
+#undef HAVE_SETREGID
+
+/* Define to 1 if you have the `setresgid' function. */
+#undef HAVE_SETRESGID
+
+/* Define to 1 if you have the `setresuid' function. */
+#undef HAVE_SETRESUID
+
+/* Define to 1 if you have the `setreuid' function. */
+#undef HAVE_SETREUID
+
+/* Define to 1 if you have the `setrlimit' function. */
+#undef HAVE_SETRLIMIT
+
+/* Define to 1 if you have the `setsid' function. */
+#undef HAVE_SETSID
+
+/* Define to 1 if you have the `setutent' function. */
+#undef HAVE_SETUTENT
+
+/* Define to 1 if you have the `setutxdb' function. */
+#undef HAVE_SETUTXDB
+
+/* Define to 1 if you have the `setutxent' function. */
+#undef HAVE_SETUTXENT
+
+/* Define to 1 if you have the `setvbuf' function. */
+#undef HAVE_SETVBUF
+
+/* Define to 1 if you have the `set_id' function. */
+#undef HAVE_SET_ID
+
+/* Define to 1 if you have the `SHA256_Update' function. */
+#undef HAVE_SHA256_UPDATE
+
+/* Define to 1 if you have the <sha2.h> header file. */
+#undef HAVE_SHA2_H
+
+/* Define to 1 if you have the <shadow.h> header file. */
+#undef HAVE_SHADOW_H
+
+/* Define to 1 if you have the `sigaction' function. */
+#undef HAVE_SIGACTION
+
+/* Define to 1 if you have the `sigvec' function. */
+#undef HAVE_SIGVEC
+
+/* Define to 1 if the system has the type `sig_atomic_t'. */
+#undef HAVE_SIG_ATOMIC_T
+
+/* define if you have size_t data type */
+#undef HAVE_SIZE_T
+
+/* Define to 1 if you have the `snprintf' function. */
+#undef HAVE_SNPRINTF
+
+/* Define to 1 if you have the `socketpair' function. */
+#undef HAVE_SOCKETPAIR
+
+/* Have PEERCRED socket option */
+#undef HAVE_SO_PEERCRED
+
+/* define if you have ssize_t data type */
+#undef HAVE_SSIZE_T
+
+/* Fields in struct sockaddr_storage */
+#undef HAVE_SS_FAMILY_IN_SS
+
+/* Define to 1 if you have the `statfs' function. */
+#undef HAVE_STATFS
+
+/* Define to 1 if you have the `statvfs' function. */
+#undef HAVE_STATVFS
+
+/* Define to 1 if you have the <stddef.h> header file. */
+#undef HAVE_STDDEF_H
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#undef HAVE_STDINT_H
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#undef HAVE_STDLIB_H
+
+/* Define to 1 if you have the `strdup' function. */
+#undef HAVE_STRDUP
+
+/* Define to 1 if you have the `strerror' function. */
+#undef HAVE_STRERROR
+
+/* Define to 1 if you have the `strftime' function. */
+#undef HAVE_STRFTIME
+
+/* Silly mkstemp() */
+#undef HAVE_STRICT_MKSTEMP
+
+/* Define to 1 if you have the <strings.h> header file. */
+#undef HAVE_STRINGS_H
+
+/* Define to 1 if you have the <string.h> header file. */
+#undef HAVE_STRING_H
+
+/* Define to 1 if you have the `strlcat' function. */
+#undef HAVE_STRLCAT
+
+/* Define to 1 if you have the `strlcpy' function. */
+#undef HAVE_STRLCPY
+
+/* Define to 1 if you have the `strmode' function. */
+#undef HAVE_STRMODE
+
+/* Define to 1 if you have the `strnlen' function. */
+#undef HAVE_STRNLEN
+
+/* Define to 1 if you have the `strnvis' function. */
+#undef HAVE_STRNVIS
+
+/* Define to 1 if you have the `strptime' function. */
+#undef HAVE_STRPTIME
+
+/* Define to 1 if you have the `strsep' function. */
+#undef HAVE_STRSEP
+
+/* Define to 1 if you have the `strtoll' function. */
+#undef HAVE_STRTOLL
+
+/* Define to 1 if you have the `strtonum' function. */
+#undef HAVE_STRTONUM
+
+/* Define to 1 if you have the `strtoul' function. */
+#undef HAVE_STRTOUL
+
+/* Define to 1 if you have the `strtoull' function. */
+#undef HAVE_STRTOULL
+
+/* define if you have struct addrinfo data type */
+#undef HAVE_STRUCT_ADDRINFO
+
+/* define if you have struct in6_addr data type */
+#undef HAVE_STRUCT_IN6_ADDR
+
+/* Define to 1 if `pw_change' is a member of `struct passwd'. */
+#undef HAVE_STRUCT_PASSWD_PW_CHANGE
+
+/* Define to 1 if `pw_class' is a member of `struct passwd'. */
+#undef HAVE_STRUCT_PASSWD_PW_CLASS
+
+/* Define to 1 if `pw_expire' is a member of `struct passwd'. */
+#undef HAVE_STRUCT_PASSWD_PW_EXPIRE
+
+/* Define to 1 if `pw_gecos' is a member of `struct passwd'. */
+#undef HAVE_STRUCT_PASSWD_PW_GECOS
+
+/* define if you have struct sockaddr_in6 data type */
+#undef HAVE_STRUCT_SOCKADDR_IN6
+
+/* Define to 1 if `sin6_scope_id' is a member of `struct sockaddr_in6'. */
+#undef HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID
+
+/* define if you have struct sockaddr_storage data type */
+#undef HAVE_STRUCT_SOCKADDR_STORAGE
+
+/* Define to 1 if `st_blksize' is a member of `struct stat'. */
+#undef HAVE_STRUCT_STAT_ST_BLKSIZE
+
+/* Define to 1 if the system has the type `struct timespec'. */
+#undef HAVE_STRUCT_TIMESPEC
+
+/* define if you have struct timeval */
+#undef HAVE_STRUCT_TIMEVAL
+
+/* Define to 1 if you have the `swap32' function. */
+#undef HAVE_SWAP32
+
+/* Define to 1 if you have the `sysconf' function. */
+#undef HAVE_SYSCONF
+
+/* Define if you have syslen in utmpx.h */
+#undef HAVE_SYSLEN_IN_UTMPX
+
+/* Define to 1 if you have the <sys/audit.h> header file. */
+#undef HAVE_SYS_AUDIT_H
+
+/* Define to 1 if you have the <sys/bitypes.h> header file. */
+#undef HAVE_SYS_BITYPES_H
+
+/* Define to 1 if you have the <sys/bsdtty.h> header file. */
+#undef HAVE_SYS_BSDTTY_H
+
+/* Define to 1 if you have the <sys/cdefs.h> header file. */
+#undef HAVE_SYS_CDEFS_H
+
+/* Define to 1 if you have the <sys/dir.h> header file. */
+#undef HAVE_SYS_DIR_H
+
+/* Define if your system defines sys_errlist[] */
+#undef HAVE_SYS_ERRLIST
+
+/* Define to 1 if you have the <sys/mman.h> header file. */
+#undef HAVE_SYS_MMAN_H
+
+/* Define to 1 if you have the <sys/mount.h> header file. */
+#undef HAVE_SYS_MOUNT_H
+
+/* Define to 1 if you have the <sys/ndir.h> header file. */
+#undef HAVE_SYS_NDIR_H
+
+/* Define if your system defines sys_nerr */
+#undef HAVE_SYS_NERR
+
+/* Define to 1 if you have the <sys/poll.h> header file. */
+#undef HAVE_SYS_POLL_H
+
+/* Define to 1 if you have the <sys/prctl.h> header file. */
+#undef HAVE_SYS_PRCTL_H
+
+/* Define to 1 if you have the <sys/pstat.h> header file. */
+#undef HAVE_SYS_PSTAT_H
+
+/* Define to 1 if you have the <sys/ptms.h> header file. */
+#undef HAVE_SYS_PTMS_H
+
+/* Define to 1 if you have the <sys/select.h> header file. */
+#undef HAVE_SYS_SELECT_H
+
+/* Define to 1 if you have the <sys/statvfs.h> header file. */
+#undef HAVE_SYS_STATVFS_H
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#undef HAVE_SYS_STAT_H
+
+/* Define to 1 if you have the <sys/stream.h> header file. */
+#undef HAVE_SYS_STREAM_H
+
+/* Define to 1 if you have the <sys/stropts.h> header file. */
+#undef HAVE_SYS_STROPTS_H
+
+/* Define to 1 if you have the <sys/strtio.h> header file. */
+#undef HAVE_SYS_STRTIO_H
+
+/* Force use of sys/syslog.h on Ultrix */
+#undef HAVE_SYS_SYSLOG_H
+
+/* Define to 1 if you have the <sys/sysmacros.h> header file. */
+#undef HAVE_SYS_SYSMACROS_H
+
+/* Define to 1 if you have the <sys/timers.h> header file. */
+#undef HAVE_SYS_TIMERS_H
+
+/* Define to 1 if you have the <sys/time.h> header file. */
+#undef HAVE_SYS_TIME_H
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#undef HAVE_SYS_TYPES_H
+
+/* Define to 1 if you have the <sys/un.h> header file. */
+#undef HAVE_SYS_UN_H
+
+/* Define to 1 if you have the `tcgetpgrp' function. */
+#undef HAVE_TCGETPGRP
+
+/* Define to 1 if you have the `tcsendbreak' function. */
+#undef HAVE_TCSENDBREAK
+
+/* Define to 1 if you have the `time' function. */
+#undef HAVE_TIME
+
+/* Define to 1 if you have the <time.h> header file. */
+#undef HAVE_TIME_H
+
+/* Define if you have ut_time in utmp.h */
+#undef HAVE_TIME_IN_UTMP
+
+/* Define if you have ut_time in utmpx.h */
+#undef HAVE_TIME_IN_UTMPX
+
+/* Define to 1 if you have the `timingsafe_bcmp' function. */
+#undef HAVE_TIMINGSAFE_BCMP
+
+/* Define to 1 if you have the <tmpdir.h> header file. */
+#undef HAVE_TMPDIR_H
+
+/* Define to 1 if you have the `truncate' function. */
+#undef HAVE_TRUNCATE
+
+/* Define to 1 if you have the <ttyent.h> header file. */
+#undef HAVE_TTYENT_H
+
+/* Define if you have ut_tv in utmp.h */
+#undef HAVE_TV_IN_UTMP
+
+/* Define if you have ut_tv in utmpx.h */
+#undef HAVE_TV_IN_UTMPX
+
+/* Define if you have ut_type in utmp.h */
+#undef HAVE_TYPE_IN_UTMP
+
+/* Define if you have ut_type in utmpx.h */
+#undef HAVE_TYPE_IN_UTMPX
+
+/* Define to 1 if you have the <ucred.h> header file. */
+#undef HAVE_UCRED_H
+
+/* define if you have uintxx_t data type */
+#undef HAVE_UINTXX_T
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#undef HAVE_UNISTD_H
+
+/* Define to 1 if you have the `unsetenv' function. */
+#undef HAVE_UNSETENV
+
+/* Define to 1 if the system has the type `unsigned long long'. */
+#undef HAVE_UNSIGNED_LONG_LONG
+
+/* Define to 1 if you have the `updwtmp' function. */
+#undef HAVE_UPDWTMP
+
+/* Define to 1 if you have the `updwtmpx' function. */
+#undef HAVE_UPDWTMPX
+
+/* Define to 1 if you have the <usersec.h> header file. */
+#undef HAVE_USERSEC_H
+
+/* Define to 1 if you have the `user_from_uid' function. */
+#undef HAVE_USER_FROM_UID
+
+/* Define to 1 if you have the `usleep' function. */
+#undef HAVE_USLEEP
+
+/* Define to 1 if you have the <util.h> header file. */
+#undef HAVE_UTIL_H
+
+/* Define to 1 if you have the `utimes' function. */
+#undef HAVE_UTIMES
+
+/* Define to 1 if you have the <utime.h> header file. */
+#undef HAVE_UTIME_H
+
+/* Define to 1 if you have the `utmpname' function. */
+#undef HAVE_UTMPNAME
+
+/* Define to 1 if you have the `utmpxname' function. */
+#undef HAVE_UTMPXNAME
+
+/* Define to 1 if you have the <utmpx.h> header file. */
+#undef HAVE_UTMPX_H
+
+/* Define to 1 if you have the <utmp.h> header file. */
+#undef HAVE_UTMP_H
+
+/* define if you have u_char data type */
+#undef HAVE_U_CHAR
+
+/* define if you have u_int data type */
+#undef HAVE_U_INT
+
+/* define if you have u_int64_t data type */
+#undef HAVE_U_INT64_T
+
+/* define if you have u_intxx_t data type */
+#undef HAVE_U_INTXX_T
+
+/* Define to 1 if you have the `vasprintf' function. */
+#undef HAVE_VASPRINTF
+
+/* Define if va_copy exists */
+#undef HAVE_VA_COPY
+
+/* Define to 1 if you have the `vhangup' function. */
+#undef HAVE_VHANGUP
+
+/* Define to 1 if you have the <vis.h> header file. */
+#undef HAVE_VIS_H
+
+/* Define to 1 if you have the `vsnprintf' function. */
+#undef HAVE_VSNPRINTF
+
+/* Define to 1 if you have the `waitpid' function. */
+#undef HAVE_WAITPID
+
+/* Define to 1 if you have the `_getlong' function. */
+#undef HAVE__GETLONG
+
+/* Define to 1 if you have the `_getpty' function. */
+#undef HAVE__GETPTY
+
+/* Define to 1 if you have the `_getshort' function. */
+#undef HAVE__GETSHORT
+
+/* Define if you have struct __res_state _res as an extern */
+#undef HAVE__RES_EXTERN
+
+/* Define to 1 if you have the `__b64_ntop' function. */
+#undef HAVE___B64_NTOP
+
+/* Define to 1 if you have the `__b64_pton' function. */
+#undef HAVE___B64_PTON
+
+/* Define if compiler implements __FUNCTION__ */
+#undef HAVE___FUNCTION__
+
+/* Define if libc defines __progname */
+#undef HAVE___PROGNAME
+
+/* Fields in struct sockaddr_storage */
+#undef HAVE___SS_FAMILY_IN_SS
+
+/* Define if __va_copy exists */
+#undef HAVE___VA_COPY
+
+/* Define if compiler implements __func__ */
+#undef HAVE___func__
+
+/* Define this if you are using the Heimdal version of Kerberos V5 */
+#undef HEIMDAL
+
+/* Define if you need to use IP address instead of hostname in $DISPLAY */
+#undef IPADDR_IN_DISPLAY
+
+/* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */
+#undef IPV4_IN_IPV6
+
+/* Define if your system choked on IP TOS setting */
+#undef IP_TOS_IS_BROKEN
+
+/* Define if you want Kerberos 5 support */
+#undef KRB5
+
+/* Define if pututxline updates lastlog too */
+#undef LASTLOG_WRITE_PUTUTXLINE
+
+/* Define if you want TCP Wrappers support */
+#undef LIBWRAP
+
+/* Define to whatever link() returns for "not supported" if it doesn't return
+ EOPNOTSUPP. */
+#undef LINK_OPNOTSUPP_ERRNO
+
+/* Adjust Linux out-of-memory killer */
+#undef LINUX_OOM_ADJUST
+
+/* max value of long long calculated by configure */
+#undef LLONG_MAX
+
+/* min value of long long calculated by configure */
+#undef LLONG_MIN
+
+/* Account locked with pw(1) */
+#undef LOCKED_PASSWD_PREFIX
+
+/* String used in /etc/passwd to denote locked account */
+#undef LOCKED_PASSWD_STRING
+
+/* String used in /etc/passwd to denote locked account */
+#undef LOCKED_PASSWD_SUBSTR
+
+/* Some versions of /bin/login need the TERM supplied on the commandline */
+#undef LOGIN_NEEDS_TERM
+
+/* Some systems need a utmpx entry for /bin/login to work */
+#undef LOGIN_NEEDS_UTMPX
+
+/* Define if your login program cannot handle end of options ("--") */
+#undef LOGIN_NO_ENDOPT
+
+/* If your header files don't define LOGIN_PROGRAM, then use this (detected)
+ from environment and PATH */
+#undef LOGIN_PROGRAM_FALLBACK
+
+/* Set this to your mail directory if you do not have _PATH_MAILDIR */
+#undef MAIL_DIRECTORY
+
+/* Need setpgrp to acquire controlling tty */
+#undef NEED_SETPGRP
+
+/* compiler does not accept __attribute__ on return types */
+#undef NO_ATTRIBUTE_ON_RETURN_TYPE
+
+/* Define if the concept of ports only accessible to superusers isn't known */
+#undef NO_IPPORT_RESERVED_CONCEPT
+
+/* Define if you don't want to use lastlog in session.c */
+#undef NO_SSH_LASTLOG
+
+/* Define if X11 doesn't support AF_UNIX sockets on that system */
+#undef NO_X11_UNIX_SOCKETS
+
+/* Define if EVP_DigestUpdate returns void */
+#undef OPENSSL_EVP_DIGESTUPDATE_VOID
+
+/* libcrypto includes complete ECC support */
+#undef OPENSSL_HAS_ECC
+
+/* libcrypto has EVP AES CTR */
+#undef OPENSSL_HAVE_EVPCTR
+
+/* libcrypto has EVP AES GCM */
+#undef OPENSSL_HAVE_EVPGCM
+
+/* libcrypto is missing AES 192 and 256 bit functions */
+#undef OPENSSL_LOBOTOMISED_AES
+
+/* Define if you want OpenSSL's internally seeded PRNG only */
+#undef OPENSSL_PRNG_ONLY
+
+/* Define to the address where bug reports for this package should be sent. */
+#undef PACKAGE_BUGREPORT
+
+/* Define to the full name of this package. */
+#undef PACKAGE_NAME
+
+/* Define to the full name and version of this package. */
+#undef PACKAGE_STRING
+
+/* Define to the one symbol short name of this package. */
+#undef PACKAGE_TARNAME
+
+/* Define to the home page for this package. */
+#undef PACKAGE_URL
+
+/* Define to the version of this package. */
+#undef PACKAGE_VERSION
+
+/* Define if you are using Solaris-derived PAM which passes pam_messages to
+ the conversation function with an extra level of indirection */
+#undef PAM_SUN_CODEBASE
+
+/* Work around problematic Linux PAM modules handling of PAM_TTY */
+#undef PAM_TTY_KLUDGE
+
+/* must supply username to passwd */
+#undef PASSWD_NEEDS_USERNAME
+
+/* System dirs owned by bin (uid 2) */
+#undef PLATFORM_SYS_DIR_UID
+
+/* Port number of PRNGD/EGD random number socket */
+#undef PRNGD_PORT
+
+/* Location of PRNGD/EGD random number socket */
+#undef PRNGD_SOCKET
+
+/* read(1) can return 0 for a non-closed fd */
+#undef PTY_ZEROREAD
+
+/* Sandbox using Darwin sandbox_init(3) */
+#undef SANDBOX_DARWIN
+
+/* no privsep sandboxing */
+#undef SANDBOX_NULL
+
+/* Sandbox using setrlimit(2) */
+#undef SANDBOX_RLIMIT
+
+/* Sandbox using seccomp filter */
+#undef SANDBOX_SECCOMP_FILTER
+
+/* setrlimit RLIMIT_FSIZE works */
+#undef SANDBOX_SKIP_RLIMIT_FSIZE
+
+/* Sandbox using systrace(4) */
+#undef SANDBOX_SYSTRACE
+
+/* Specify the system call convention in use */
+#undef SECCOMP_AUDIT_ARCH
+
+/* Define if your platform breaks doing a seteuid before a setuid */
+#undef SETEUID_BREAKS_SETUID
+
+/* The size of `int', as computed by sizeof. */
+#undef SIZEOF_INT
+
+/* The size of `long int', as computed by sizeof. */
+#undef SIZEOF_LONG_INT
+
+/* The size of `long long int', as computed by sizeof. */
+#undef SIZEOF_LONG_LONG_INT
+
+/* The size of `short int', as computed by sizeof. */
+#undef SIZEOF_SHORT_INT
+
+/* Define if you want S/Key support */
+#undef SKEY
+
+/* Define if your skeychallenge() function takes 4 arguments (NetBSD) */
+#undef SKEYCHALLENGE_4ARG
+
+/* Define as const if snprintf() can declare const char *fmt */
+#undef SNPRINTF_CONST
+
+/* Define to a Set Process Title type if your system is supported by
+ bsd-setproctitle.c */
+#undef SPT_TYPE
+
+/* Define if sshd somehow reacquires a controlling TTY after setsid() */
+#undef SSHD_ACQUIRES_CTTY
+
+/* Define if pam_chauthtok wants real uid set to the unpriv'ed user */
+#undef SSHPAM_CHAUTHTOK_NEEDS_RUID
+
+/* Use audit debugging module */
+#undef SSH_AUDIT_EVENTS
+
+/* Windows is sensitive to read buffer size */
+#undef SSH_IOBUFSZ
+
+/* non-privileged user for privilege separation */
+#undef SSH_PRIVSEP_USER
+
+/* Use tunnel device compatibility to OpenBSD */
+#undef SSH_TUN_COMPAT_AF
+
+/* Open tunnel devices the FreeBSD way */
+#undef SSH_TUN_FREEBSD
+
+/* Open tunnel devices the Linux tun/tap way */
+#undef SSH_TUN_LINUX
+
+/* No layer 2 tunnel support */
+#undef SSH_TUN_NO_L2
+
+/* Open tunnel devices the OpenBSD way */
+#undef SSH_TUN_OPENBSD
+
+/* Prepend the address family to IP tunnel traffic */
+#undef SSH_TUN_PREPEND_AF
+
+/* Define to 1 if you have the ANSI C header files. */
+#undef STDC_HEADERS
+
+/* Define if you want a different $PATH for the superuser */
+#undef SUPERUSER_PATH
+
+/* syslog_r function is safe to use in in a signal handler */
+#undef SYSLOG_R_SAFE_IN_SIGHAND
+
+/* Support passwords > 8 chars */
+#undef UNIXWARE_LONG_PASSWORDS
+
+/* Specify default $PATH */
+#undef USER_PATH
+
+/* Define this if you want to use libkafs' AFS support */
+#undef USE_AFS
+
+/* Use BSM audit module */
+#undef USE_BSM_AUDIT
+
+/* Use btmp to log bad logins */
+#undef USE_BTMP
+
+/* Use libedit for sftp */
+#undef USE_LIBEDIT
+
+/* Use Linux audit module */
+#undef USE_LINUX_AUDIT
+
+/* Enable OpenSSL engine support */
+#undef USE_OPENSSL_ENGINE
+
+/* Define if you want to enable PAM support */
+#undef USE_PAM
+
+/* Use PIPES instead of a socketpair() */
+#undef USE_PIPES
+
+/* Define if you have Solaris process contracts */
+#undef USE_SOLARIS_PROCESS_CONTRACTS
+
+/* Define if you have Solaris projects */
+#undef USE_SOLARIS_PROJECTS
+
+/* Define if you shouldn't strip 'tty' from your ttyname in [uw]tmp */
+#undef WITH_ABBREV_NO_TTY
+
+/* Define if you want to enable AIX4's authenticate function */
+#undef WITH_AIXAUTHENTICATE
+
+/* Define if you have/want arrays (cluster-wide session managment, not C
+ arrays) */
+#undef WITH_IRIX_ARRAY
+
+/* Define if you want IRIX audit trails */
+#undef WITH_IRIX_AUDIT
+
+/* Define if you want IRIX kernel jobs */
+#undef WITH_IRIX_JOBS
+
+/* Define if you want IRIX project management */
+#undef WITH_IRIX_PROJECT
+
+/* Define if you want SELinux support. */
+#undef WITH_SELINUX
+
+/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
+ significant byte first (like Motorola and SPARC, unlike Intel). */
+#if defined AC_APPLE_UNIVERSAL_BUILD
+# if defined __BIG_ENDIAN__
+# define WORDS_BIGENDIAN 1
+# endif
+#else
+# ifndef WORDS_BIGENDIAN
+# undef WORDS_BIGENDIAN
+# endif
+#endif
+
+/* Define if xauth is found in your path */
+#undef XAUTH_PATH
+
+/* Number of bits in a file offset, on hosts where this is settable. */
+#undef _FILE_OFFSET_BITS
+
+/* Define for large files, on AIX-style hosts. */
+#undef _LARGE_FILES
+
+/* log for bad login attempts */
+#undef _PATH_BTMP
+
+/* Full path of your "passwd" program */
+#undef _PATH_PASSWD_PROG
+
+/* Specify location of ssh.pid */
+#undef _PATH_SSH_PIDDIR
+
+/* Define if we don't have struct __res_state in resolv.h */
+#undef __res_state
+
+/* Define to `__inline__' or `__inline' if that's what the C compiler
+ calls it, or to nothing if 'inline' is not supported under any name. */
+#ifndef __cplusplus
+#undef inline
+#endif
+
+/* type to use in place of socklen_t if not defined */
+#undef socklen_t
Modified: vendor-crypto/openssh/dist/config.sub
===================================================================
--- vendor-crypto/openssh/dist/config.sub 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/config.sub 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,10 +1,10 @@
#! /bin/sh
# Configuration validation subroutine script.
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
-# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
-# Free Software Foundation, Inc.
+# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
+# 2011, 2012, 2013 Free Software Foundation, Inc.
-timestamp='2010-01-22'
+timestamp='2012-12-23'
# This file is (in principle) common to ALL GNU software.
# The presence of a machine in this file suggests that SOME GNU software
@@ -21,9 +21,7 @@
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
-# 02110-1301, USA.
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
#
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
@@ -76,8 +74,8 @@
GNU config.sub ($timestamp)
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
-2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free
-Software Foundation, Inc.
+2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011,
+2012, 2013 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@@ -124,13 +122,18 @@
# Here we must recognize all the valid KERNEL-OS combinations.
maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
case $maybe_os in
- nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \
- uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \
+ nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \
+ linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \
+ knetbsd*-gnu* | netbsd*-gnu* | \
kopensolaris*-gnu* | \
storm-chaos* | os2-emx* | rtmk-nova*)
os=-$maybe_os
basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
;;
+ android-linux)
+ os=-linux-android
+ basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown
+ ;;
*)
basic_machine=`echo $1 | sed 's/-[^-]*$//'`
if [ $basic_machine != $1 ]
@@ -153,12 +156,12 @@
-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
- -apple | -axis | -knuth | -cray | -microblaze)
+ -apple | -axis | -knuth | -cray | -microblaze*)
os=
basic_machine=$1
;;
- -bluegene*)
- os=-cnk
+ -bluegene*)
+ os=-cnk
;;
-sim | -cisco | -oki | -wec | -winbond)
os=
@@ -174,10 +177,10 @@
os=-chorusos
basic_machine=$1
;;
- -chorusrdb)
- os=-chorusrdb
+ -chorusrdb)
+ os=-chorusrdb
basic_machine=$1
- ;;
+ ;;
-hiux*)
os=-hiuxwe2
;;
@@ -222,6 +225,12 @@
-isc*)
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
;;
+ -lynx*178)
+ os=-lynxos178
+ ;;
+ -lynx*5)
+ os=-lynxos5
+ ;;
-lynx*)
os=-lynxos
;;
@@ -246,20 +255,27 @@
# Some are omitted here because they have special meanings below.
1750a | 580 \
| a29k \
+ | aarch64 | aarch64_be \
| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
| am33_2.0 \
- | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \
+ | arc \
+ | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \
+ | avr | avr32 \
+ | be32 | be64 \
| bfin \
| c4x | clipper \
| d10v | d30v | dlx | dsp16xx \
+ | epiphany \
| fido | fr30 | frv \
| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
+ | hexagon \
| i370 | i860 | i960 | ia64 \
| ip2k | iq2000 \
+ | le32 | le64 \
| lm32 \
| m32c | m32r | m32rle | m68000 | m68k | m88k \
- | maxq | mb | microblaze | mcore | mep | metag \
+ | maxq | mb | microblaze | microblazeel | mcore | mep | metag \
| mips | mipsbe | mipseb | mipsel | mipsle \
| mips16 \
| mips64 | mips64el \
@@ -282,29 +298,39 @@
| moxie \
| mt \
| msp430 \
+ | nds32 | nds32le | nds32be \
| nios | nios2 \
| ns16k | ns32k \
+ | open8 \
| or32 \
| pdp10 | pdp11 | pj | pjl \
- | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
+ | powerpc | powerpc64 | powerpc64le | powerpcle \
| pyramid \
- | rx \
+ | rl78 | rx \
| score \
| sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
| sh64 | sh64le \
| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
| sparcv8 | sparcv9 | sparcv9b | sparcv9v \
- | spu | strongarm \
- | tahoe | thumb | tic4x | tic80 | tron \
+ | spu \
+ | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \
| ubicom32 \
- | v850 | v850e \
+ | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \
| we32k \
- | x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \
+ | x86 | xc16x | xstormy16 | xtensa \
| z8k | z80)
basic_machine=$basic_machine-unknown
;;
- m6811 | m68hc11 | m6812 | m68hc12 | picochip)
- # Motorola 68HC11/12.
+ c54x)
+ basic_machine=tic54x-unknown
+ ;;
+ c55x)
+ basic_machine=tic55x-unknown
+ ;;
+ c6x)
+ basic_machine=tic6x-unknown
+ ;;
+ m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | picochip)
basic_machine=$basic_machine-unknown
os=-none
;;
@@ -314,6 +340,21 @@
basic_machine=mt-unknown
;;
+ strongarm | thumb | xscale)
+ basic_machine=arm-unknown
+ ;;
+ xgate)
+ basic_machine=$basic_machine-unknown
+ os=-none
+ ;;
+ xscaleeb)
+ basic_machine=armeb-unknown
+ ;;
+
+ xscaleel)
+ basic_machine=armel-unknown
+ ;;
+
# We use `pc' rather than `unknown'
# because (1) that's what they normally are, and
# (2) the word "unknown" tends to confuse beginning users.
@@ -328,13 +369,15 @@
# Recognize the basic CPU types with company name.
580-* \
| a29k-* \
+ | aarch64-* | aarch64_be-* \
| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
| arm-* | armbe-* | armle-* | armeb-* | armv*-* \
| avr-* | avr32-* \
+ | be32-* | be64-* \
| bfin-* | bs2000-* \
- | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
+ | c[123]* | c30-* | [cjt]90-* | c4x-* \
| clipper-* | craynv-* | cydra-* \
| d10v-* | d30v-* | dlx-* \
| elxsi-* \
@@ -341,12 +384,15 @@
| f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
| h8300-* | h8500-* \
| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
+ | hexagon-* \
| i*86-* | i860-* | i960-* | ia64-* \
| ip2k-* | iq2000-* \
+ | le32-* | le64-* \
| lm32-* \
| m32c-* | m32r-* | m32rle-* \
| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
- | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \
+ | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \
+ | microblaze-* | microblazeel-* \
| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
| mips16-* \
| mips64-* | mips64el-* \
@@ -368,26 +414,29 @@
| mmix-* \
| mt-* \
| msp430-* \
+ | nds32-* | nds32le-* | nds32be-* \
| nios-* | nios2-* \
| none-* | np1-* | ns16k-* | ns32k-* \
+ | open8-* \
| orion-* \
| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
- | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
+ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \
| pyramid-* \
- | romp-* | rs6000-* | rx-* \
+ | rl78-* | romp-* | rs6000-* | rx-* \
| sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
| sparclite-* \
- | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \
- | tahoe-* | thumb-* \
+ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \
+ | tahoe-* \
| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
- | tile-* | tilegx-* \
+ | tile*-* \
| tron-* \
| ubicom32-* \
- | v850-* | v850e-* | vax-* \
+ | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \
+ | vax-* \
| we32k-* \
- | x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \
+ | x86-* | x86_64-* | xc16x-* | xps100-* \
| xstormy16-* | xtensa*-* \
| ymp-* \
| z8k-* | z80-*)
@@ -412,7 +461,7 @@
basic_machine=a29k-amd
os=-udi
;;
- abacus)
+ abacus)
basic_machine=abacus-unknown
;;
adobe68k)
@@ -482,11 +531,20 @@
basic_machine=powerpc-ibm
os=-cnk
;;
+ c54x-*)
+ basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ c55x-*)
+ basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ c6x-*)
+ basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
c90)
basic_machine=c90-cray
os=-unicos
;;
- cegcc)
+ cegcc)
basic_machine=arm-unknown
os=-cegcc
;;
@@ -518,7 +576,7 @@
basic_machine=craynv-cray
os=-unicosmp
;;
- cr16)
+ cr16 | cr16-*)
basic_machine=cr16-unknown
os=-elf
;;
@@ -676,7 +734,6 @@
i370-ibm* | ibm*)
basic_machine=i370-ibm
;;
-# I'm not sure what "Sysv32" means. Should this be sysv3.2?
i*86v32)
basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
os=-sysv32
@@ -734,9 +791,13 @@
basic_machine=ns32k-utek
os=-sysv
;;
- microblaze)
+ microblaze*)
basic_machine=microblaze-xilinx
;;
+ mingw64)
+ basic_machine=x86_64-pc
+ os=-mingw64
+ ;;
mingw32)
basic_machine=i386-pc
os=-mingw32
@@ -773,10 +834,18 @@
ms1-*)
basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
;;
+ msys)
+ basic_machine=i386-pc
+ os=-msys
+ ;;
mvs)
basic_machine=i370-ibm
os=-mvs
;;
+ nacl)
+ basic_machine=le32-unknown
+ os=-nacl
+ ;;
ncr3000)
basic_machine=i486-ncr
os=-sysv4
@@ -841,6 +910,12 @@
np1)
basic_machine=np1-gould
;;
+ neo-tandem)
+ basic_machine=neo-tandem
+ ;;
+ nse-tandem)
+ basic_machine=nse-tandem
+ ;;
nsr-tandem)
basic_machine=nsr-tandem
;;
@@ -923,9 +998,10 @@
;;
power) basic_machine=power-ibm
;;
- ppc) basic_machine=powerpc-unknown
+ ppc | ppcbe) basic_machine=powerpc-unknown
;;
- ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ppc-* | ppcbe-*)
+ basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
ppcle | powerpclittle | ppc-le | powerpc-little)
basic_machine=powerpcle-unknown
@@ -950,7 +1026,11 @@
basic_machine=i586-unknown
os=-pw32
;;
- rdos)
+ rdos | rdos64)
+ basic_machine=x86_64-pc
+ os=-rdos
+ ;;
+ rdos32)
basic_machine=i386-pc
os=-rdos
;;
@@ -1019,6 +1099,9 @@
basic_machine=i860-stratus
os=-sysv4
;;
+ strongarm-* | thumb-*)
+ basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
sun2)
basic_machine=m68000-sun
;;
@@ -1075,25 +1158,8 @@
basic_machine=t90-cray
os=-unicos
;;
- tic54x | c54x*)
- basic_machine=tic54x-unknown
- os=-coff
- ;;
- tic55x | c55x*)
- basic_machine=tic55x-unknown
- os=-coff
- ;;
- tic6x | c6x*)
- basic_machine=tic6x-unknown
- os=-coff
- ;;
- # This must be matched before tile*.
- tilegx*)
- basic_machine=tilegx-unknown
- os=-linux-gnu
- ;;
tile*)
- basic_machine=tile-unknown
+ basic_machine=$basic_machine-unknown
os=-linux-gnu
;;
tx39)
@@ -1163,6 +1229,9 @@
xps | xps100)
basic_machine=xps100-honeywell
;;
+ xscale-* | xscalee[bl]-*)
+ basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'`
+ ;;
ymp)
basic_machine=ymp-cray
os=-unicos
@@ -1260,11 +1329,11 @@
if [ x"$os" != x"" ]
then
case $os in
- # First match some system type aliases
- # that might get confused with valid system types.
+ # First match some system type aliases
+ # that might get confused with valid system types.
# -solaris* is a basic system type, with this one exception.
- -auroraux)
- os=-auroraux
+ -auroraux)
+ os=-auroraux
;;
-solaris1 | -solaris1.*)
os=`echo $os | sed -e 's|solaris1|sunos4|'`
@@ -1294,14 +1363,15 @@
| -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
| -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
| -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
- | -openbsd* | -solidbsd* \
+ | -bitrig* | -openbsd* | -solidbsd* \
| -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
| -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
| -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
| -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
| -chorusos* | -chorusrdb* | -cegcc* \
- | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
- | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \
+ | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
+ | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \
+ | -linux-newlib* | -linux-musl* | -linux-uclibc* \
| -uxpv* | -beos* | -mpeix* | -udk* \
| -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
| -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
@@ -1348,7 +1418,7 @@
-opened*)
os=-openedition
;;
- -os400*)
+ -os400*)
os=-os400
;;
-wince*)
@@ -1397,7 +1467,7 @@
-sinix*)
os=-sysv4
;;
- -tpf*)
+ -tpf*)
os=-tpf
;;
-triton*)
@@ -1442,8 +1512,8 @@
-dicos*)
os=-dicos
;;
- -nacl*)
- ;;
+ -nacl*)
+ ;;
-none)
;;
*)
@@ -1466,10 +1536,10 @@
# system, and we'll never get to this point.
case $basic_machine in
- score-*)
+ score-*)
os=-elf
;;
- spu-*)
+ spu-*)
os=-elf
;;
*-acorn)
@@ -1481,9 +1551,21 @@
arm*-semi)
os=-aout
;;
- c4x-* | tic4x-*)
- os=-coff
+ c4x-* | tic4x-*)
+ os=-coff
;;
+ hexagon-*)
+ os=-elf
+ ;;
+ tic54x-*)
+ os=-coff
+ ;;
+ tic55x-*)
+ os=-coff
+ ;;
+ tic6x-*)
+ os=-coff
+ ;;
# This must come before the *-dec entry.
pdp10-*)
os=-tops20
@@ -1502,14 +1584,11 @@
;;
m68000-sun)
os=-sunos3
- # This also exists in the configure program, but was not the
- # default.
- # os=-sunos4
;;
m68*-cisco)
os=-aout
;;
- mep-*)
+ mep-*)
os=-elf
;;
mips*-cisco)
@@ -1536,7 +1615,7 @@
*-ibm)
os=-aix
;;
- *-knuth)
+ *-knuth)
os=-mmixware
;;
*-wec)
Property changes on: vendor-crypto/openssh/dist/config.sub
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Added: vendor-crypto/openssh/dist/configure
===================================================================
--- vendor-crypto/openssh/dist/configure (rev 0)
+++ vendor-crypto/openssh/dist/configure 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,18897 @@
+#! /bin/sh
+# From configure.ac Revision: 1.536 .
+# Guess values for system-dependent variables and create Makefiles.
+# Generated by GNU Autoconf 2.68 for OpenSSH Portable.
+#
+# Report bugs to <openssh-unix-dev at mindrot.org>.
+#
+#
+# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
+# 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software
+# Foundation, Inc.
+#
+#
+# This configure script is free software; the Free Software Foundation
+# gives unlimited permission to copy, distribute and modify it.
+## -------------------- ##
+## M4sh Initialization. ##
+## -------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
+ emulate sh
+ NULLCMD=:
+ # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '${1+"$@"}'='"$@"'
+ setopt NO_GLOB_SUBST
+else
+ case `(set -o) 2>/dev/null` in #(
+ *posix*) :
+ set -o posix ;; #(
+ *) :
+ ;;
+esac
+fi
+
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+# Prefer a ksh shell builtin over an external printf program on Solaris,
+# but without wasting forks for bash or zsh.
+if test -z "$BASH_VERSION$ZSH_VERSION" \
+ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
+ as_echo='print -r --'
+ as_echo_n='print -rn --'
+elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+ as_echo='printf %s\n'
+ as_echo_n='printf %s'
+else
+ if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+ as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+ as_echo_n='/usr/ucb/echo -n'
+ else
+ as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+ as_echo_n_body='eval
+ arg=$1;
+ case $arg in #(
+ *"$as_nl"*)
+ expr "X$arg" : "X\\(.*\\)$as_nl";
+ arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+ esac;
+ expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+ '
+ export as_echo_n_body
+ as_echo_n='sh -c $as_echo_n_body as_echo'
+ fi
+ export as_echo_body
+ as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+ PATH_SEPARATOR=:
+ (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+ (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+ PATH_SEPARATOR=';'
+ }
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order. Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" "" $as_nl"
+
+# Find who we are. Look in the path if we contain no directory separator.
+as_myself=
+case $0 in #((
+ *[\\/]* ) as_myself=$0 ;;
+ *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+ as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+ $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+ exit 1
+fi
+
+# Unset variables that we do not need and which cause bugs (e.g. in
+# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
+# suppresses any "Segmentation fault" message there. '((' could
+# trigger a bug in pdksh 5.2.14.
+for as_var in BASH_ENV ENV MAIL MAILPATH
+do eval test x\${$as_var+set} = xset \
+ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# CDPATH.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+if test "x$CONFIG_SHELL" = x; then
+ as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then :
+ emulate sh
+ NULLCMD=:
+ # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '\${1+\"\$@\"}'='\"\$@\"'
+ setopt NO_GLOB_SUBST
+else
+ case \`(set -o) 2>/dev/null\` in #(
+ *posix*) :
+ set -o posix ;; #(
+ *) :
+ ;;
+esac
+fi
+"
+ as_required="as_fn_return () { (exit \$1); }
+as_fn_success () { as_fn_return 0; }
+as_fn_failure () { as_fn_return 1; }
+as_fn_ret_success () { return 0; }
+as_fn_ret_failure () { return 1; }
+
+exitcode=0
+as_fn_success || { exitcode=1; echo as_fn_success failed.; }
+as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; }
+as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; }
+as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; }
+if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then :
+
+else
+ exitcode=1; echo positional parameters were not saved.
+fi
+test x\$exitcode = x0 || exit 1"
+ as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
+ as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
+ eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" &&
+ test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1
+test \$(( 1 + 1 )) = 2 || exit 1"
+ if (eval "$as_required") 2>/dev/null; then :
+ as_have_required=yes
+else
+ as_have_required=no
+fi
+ if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then :
+
+else
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_found=false
+for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ as_found=:
+ case $as_dir in #(
+ /*)
+ for as_base in sh bash ksh sh5; do
+ # Try only shells that exist, to save several forks.
+ as_shell=$as_dir/$as_base
+ if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
+ { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then :
+ CONFIG_SHELL=$as_shell as_have_required=yes
+ if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then :
+ break 2
+fi
+fi
+ done;;
+ esac
+ as_found=false
+done
+$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
+ { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then :
+ CONFIG_SHELL=$SHELL as_have_required=yes
+fi; }
+IFS=$as_save_IFS
+
+
+ if test "x$CONFIG_SHELL" != x; then :
+ # We cannot yet assume a decent shell, so we have to provide a
+ # neutralization value for shells without unset; and this also
+ # works around shells that cannot unset nonexistent variables.
+ # Preserve -v and -x to the replacement shell.
+ BASH_ENV=/dev/null
+ ENV=/dev/null
+ (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
+ export CONFIG_SHELL
+ case $- in # ((((
+ *v*x* | *x*v* ) as_opts=-vx ;;
+ *v* ) as_opts=-v ;;
+ *x* ) as_opts=-x ;;
+ * ) as_opts= ;;
+ esac
+ exec "$CONFIG_SHELL" $as_opts "$as_myself" ${1+"$@"}
+fi
+
+ if test x$as_have_required = xno; then :
+ $as_echo "$0: This script requires a shell more modern than all"
+ $as_echo "$0: the shells that I found on your system."
+ if test x${ZSH_VERSION+set} = xset ; then
+ $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should"
+ $as_echo "$0: be upgraded to zsh 4.3.4 or later."
+ else
+ $as_echo "$0: Please tell bug-autoconf at gnu.org and
+$0: openssh-unix-dev at mindrot.org about your system,
+$0: including any error possibly output before this
+$0: message. Then install a modern shell, or manually run
+$0: the script under such a shell if you do have one."
+ fi
+ exit 1
+fi
+fi
+fi
+SHELL=${CONFIG_SHELL-/bin/sh}
+export SHELL
+# Unset more variables known to interfere with behavior of common tools.
+CLICOLOR_FORCE= GREP_OPTIONS=
+unset CLICOLOR_FORCE GREP_OPTIONS
+
+## --------------------- ##
+## M4sh Shell Functions. ##
+## --------------------- ##
+# as_fn_unset VAR
+# ---------------
+# Portably unset VAR.
+as_fn_unset ()
+{
+ { eval $1=; unset $1;}
+}
+as_unset=as_fn_unset
+
+# as_fn_set_status STATUS
+# -----------------------
+# Set $? to STATUS, without forking.
+as_fn_set_status ()
+{
+ return $1
+} # as_fn_set_status
+
+# as_fn_exit STATUS
+# -----------------
+# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
+as_fn_exit ()
+{
+ set +e
+ as_fn_set_status $1
+ exit $1
+} # as_fn_exit
+
+# as_fn_mkdir_p
+# -------------
+# Create "$as_dir" as a directory, including parents if necessary.
+as_fn_mkdir_p ()
+{
+
+ case $as_dir in #(
+ -*) as_dir=./$as_dir;;
+ esac
+ test -d "$as_dir" || eval $as_mkdir_p || {
+ as_dirs=
+ while :; do
+ case $as_dir in #(
+ *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+ *) as_qdir=$as_dir;;
+ esac
+ as_dirs="'$as_qdir' $as_dirs"
+ as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$as_dir" : 'X\(//\)[^/]' \| \
+ X"$as_dir" : 'X\(//\)$' \| \
+ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ test -d "$as_dir" && break
+ done
+ test -z "$as_dirs" || eval "mkdir $as_dirs"
+ } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
+
+
+} # as_fn_mkdir_p
+# as_fn_append VAR VALUE
+# ----------------------
+# Append the text in VALUE to the end of the definition contained in VAR. Take
+# advantage of any shell optimizations that allow amortized linear growth over
+# repeated appends, instead of the typical quadratic growth present in naive
+# implementations.
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
+ eval 'as_fn_append ()
+ {
+ eval $1+=\$2
+ }'
+else
+ as_fn_append ()
+ {
+ eval $1=\$$1\$2
+ }
+fi # as_fn_append
+
+# as_fn_arith ARG...
+# ------------------
+# Perform arithmetic evaluation on the ARGs, and store the result in the
+# global $as_val. Take advantage of shells that can avoid forks. The arguments
+# must be portable across $(()) and expr.
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
+ eval 'as_fn_arith ()
+ {
+ as_val=$(( $* ))
+ }'
+else
+ as_fn_arith ()
+ {
+ as_val=`expr "$@" || test $? -eq 1`
+ }
+fi # as_fn_arith
+
+
+# as_fn_error STATUS ERROR [LINENO LOG_FD]
+# ----------------------------------------
+# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
+# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
+# script with STATUS, using 1 if that was 0.
+as_fn_error ()
+{
+ as_status=$1; test $as_status -eq 0 && as_status=1
+ if test "$4"; then
+ as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
+ fi
+ $as_echo "$as_me: error: $2" >&2
+ as_fn_exit $as_status
+} # as_fn_error
+
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+ test "X`expr 00001 : '.*\(...\)'`" = X001; then
+ as_expr=expr
+else
+ as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+ as_basename=basename
+else
+ as_basename=false
+fi
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+ as_dirname=dirname
+else
+ as_dirname=false
+fi
+
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+ X"$0" : 'X\(//\)$' \| \
+ X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+ sed '/^.*\/\([^/][^/]*\)\/*$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+
+ as_lineno_1=$LINENO as_lineno_1a=$LINENO
+ as_lineno_2=$LINENO as_lineno_2a=$LINENO
+ eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" &&
+ test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || {
+ # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-)
+ sed -n '
+ p
+ /[$]LINENO/=
+ ' <$as_myself |
+ sed '
+ s/[$]LINENO.*/&-/
+ t lineno
+ b
+ :lineno
+ N
+ :loop
+ s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
+ t loop
+ s/-\n.*//
+ ' >$as_me.lineno &&
+ chmod +x "$as_me.lineno" ||
+ { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
+
+ # Don't try to exec as it changes $[0], causing all sort of problems
+ # (the dirname of $[0] is not the place where we might find the
+ # original and so on. Autoconf is especially sensitive to this).
+ . "./$as_me.lineno"
+ # Exit status is that of the last command.
+ exit
+}
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in #(((((
+-n*)
+ case `echo 'xy\c'` in
+ *c*) ECHO_T=' ';; # ECHO_T is single tab character.
+ xy) ECHO_C='\c';;
+ *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
+ ECHO_T=' ';;
+ esac;;
+*)
+ ECHO_N='-n';;
+esac
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+ rm -f conf$$.dir/conf$$.file
+else
+ rm -f conf$$.dir
+ mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+ if ln -s conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s='ln -s'
+ # ... but there are two gotchas:
+ # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+ # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+ # In both cases, we have to default to `cp -p'.
+ ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+ as_ln_s='cp -p'
+ elif ln conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s=ln
+ else
+ as_ln_s='cp -p'
+ fi
+else
+ as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+if mkdir -p . 2>/dev/null; then
+ as_mkdir_p='mkdir -p "$as_dir"'
+else
+ test -d ./-p && rmdir ./-p
+ as_mkdir_p=false
+fi
+
+if test -x / >/dev/null 2>&1; then
+ as_test_x='test -x'
+else
+ if ls -dL / >/dev/null 2>&1; then
+ as_ls_L_option=L
+ else
+ as_ls_L_option=
+ fi
+ as_test_x='
+ eval sh -c '\''
+ if test -d "$1"; then
+ test -d "$1/.";
+ else
+ case $1 in #(
+ -*)set "./$1";;
+ esac;
+ case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #((
+ ???[sx]*):;;*)false;;esac;fi
+ '\'' sh
+ '
+fi
+as_executable_p=$as_test_x
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+test -n "$DJDIR" || exec 7<&0 </dev/null
+exec 6>&1
+
+# Name of the host.
+# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status,
+# so uname gets run too.
+ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
+
+#
+# Initializations.
+#
+ac_default_prefix=/usr/local
+ac_clean_files=
+ac_config_libobj_dir=.
+LIBOBJS=
+cross_compiling=no
+subdirs=
+MFLAGS=
+MAKEFLAGS=
+
+# Identity of this package.
+PACKAGE_NAME='OpenSSH'
+PACKAGE_TARNAME='openssh'
+PACKAGE_VERSION='Portable'
+PACKAGE_STRING='OpenSSH Portable'
+PACKAGE_BUGREPORT='openssh-unix-dev at mindrot.org'
+PACKAGE_URL=''
+
+ac_unique_file="ssh.c"
+# Factoring default headers for most tests.
+ac_includes_default="\
+#include <stdio.h>
+#ifdef HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+# include <sys/stat.h>
+#endif
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif
+#ifdef HAVE_STRING_H
+# if !defined STDC_HEADERS && defined HAVE_MEMORY_H
+# include <memory.h>
+# endif
+# include <string.h>
+#endif
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif
+#ifdef HAVE_INTTYPES_H
+# include <inttypes.h>
+#endif
+#ifdef HAVE_STDINT_H
+# include <stdint.h>
+#endif
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif"
+
+ac_subst_vars='LTLIBOBJS
+LIBOBJS
+UNSUPPORTED_ALGORITHMS
+TEST_SSH_IPV6
+piddir
+user_path
+mansubdir
+MANTYPE
+XAUTH_PATH
+STRIP_OPT
+xauth_path
+PRIVSEP_PATH
+K5LIBS
+GSSLIBS
+KRB5CONF
+SSHDLIBS
+SSHLIBS
+SSH_PRIVSEP_USER
+COMMENT_OUT_ECC
+TEST_SSH_ECC
+TEST_SSH_SHA256
+LIBEDIT
+PKGCONFIG
+LD
+PATH_PASSWD_PROG
+LOGIN_PROGRAM_FALLBACK
+STARTUP_SCRIPT_SHELL
+MAKE_PACKAGE_SUPPORTED
+PATH_USERADD_PROG
+PATH_GROUPADD_PROG
+MANFMT
+TEST_SHELL
+MANDOC
+NROFF
+GROFF
+SH
+TEST_MINUS_S_SH
+ENT
+SED
+PERL
+KILL
+CAT
+AR
+INSTALL_DATA
+INSTALL_SCRIPT
+INSTALL_PROGRAM
+RANLIB
+AWK
+EGREP
+GREP
+CPP
+host_os
+host_vendor
+host_cpu
+host
+build_os
+build_vendor
+build_cpu
+build
+OBJEXT
+EXEEXT
+ac_ct_CC
+CPPFLAGS
+LDFLAGS
+CFLAGS
+CC
+target_alias
+host_alias
+build_alias
+LIBS
+ECHO_T
+ECHO_N
+ECHO_C
+DEFS
+mandir
+localedir
+libdir
+psdir
+pdfdir
+dvidir
+htmldir
+infodir
+docdir
+oldincludedir
+includedir
+localstatedir
+sharedstatedir
+sysconfdir
+datadir
+datarootdir
+libexecdir
+sbindir
+bindir
+program_transform_name
+prefix
+exec_prefix
+PACKAGE_URL
+PACKAGE_BUGREPORT
+PACKAGE_STRING
+PACKAGE_VERSION
+PACKAGE_TARNAME
+PACKAGE_NAME
+PATH_SEPARATOR
+SHELL'
+ac_subst_files=''
+ac_user_opts='
+enable_option_checking
+enable_largefile
+with_stackprotect
+with_rpath
+with_cflags
+with_cppflags
+with_ldflags
+with_libs
+with_Werror
+with_solaris_contracts
+with_solaris_projects
+with_osfsia
+with_zlib
+with_zlib_version_check
+with_skey
+with_tcp_wrappers
+with_ldns
+with_libedit
+with_audit
+with_ssl_dir
+with_openssl_header_check
+with_ssl_engine
+with_prngd_port
+with_prngd_socket
+with_pam
+with_privsep_user
+with_sandbox
+with_selinux
+with_kerberos5
+with_privsep_path
+with_xauth
+enable_strip
+with_maildir
+with_mantype
+with_md5_passwords
+with_shadow
+with_ipaddr_display
+enable_etc_default_login
+with_default_path
+with_superuser_path
+with_4in6
+with_bsd_auth
+with_pid_dir
+enable_lastlog
+enable_utmp
+enable_utmpx
+enable_wtmp
+enable_wtmpx
+enable_libutil
+enable_pututline
+enable_pututxline
+with_lastlog
+'
+ ac_precious_vars='build_alias
+host_alias
+target_alias
+CC
+CFLAGS
+LDFLAGS
+LIBS
+CPPFLAGS
+CPP'
+
+
+# Initialize some variables set by options.
+ac_init_help=
+ac_init_version=false
+ac_unrecognized_opts=
+ac_unrecognized_sep=
+# The variables have the same names as the options, with
+# dashes changed to underlines.
+cache_file=/dev/null
+exec_prefix=NONE
+no_create=
+no_recursion=
+prefix=NONE
+program_prefix=NONE
+program_suffix=NONE
+program_transform_name=s,x,x,
+silent=
+site=
+srcdir=
+verbose=
+x_includes=NONE
+x_libraries=NONE
+
+# Installation directory options.
+# These are left unexpanded so users can "make install exec_prefix=/foo"
+# and all the variables that are supposed to be based on exec_prefix
+# by default will actually change.
+# Use braces instead of parens because sh, perl, etc. also accept them.
+# (The list follows the same order as the GNU Coding Standards.)
+bindir='${exec_prefix}/bin'
+sbindir='${exec_prefix}/sbin'
+libexecdir='${exec_prefix}/libexec'
+datarootdir='${prefix}/share'
+datadir='${datarootdir}'
+sysconfdir='${prefix}/etc'
+sharedstatedir='${prefix}/com'
+localstatedir='${prefix}/var'
+includedir='${prefix}/include'
+oldincludedir='/usr/include'
+docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
+infodir='${datarootdir}/info'
+htmldir='${docdir}'
+dvidir='${docdir}'
+pdfdir='${docdir}'
+psdir='${docdir}'
+libdir='${exec_prefix}/lib'
+localedir='${datarootdir}/locale'
+mandir='${datarootdir}/man'
+
+ac_prev=
+ac_dashdash=
+for ac_option
+do
+ # If the previous option needs an argument, assign it.
+ if test -n "$ac_prev"; then
+ eval $ac_prev=\$ac_option
+ ac_prev=
+ continue
+ fi
+
+ case $ac_option in
+ *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
+ *=) ac_optarg= ;;
+ *) ac_optarg=yes ;;
+ esac
+
+ # Accept the important Cygnus configure options, so we can diagnose typos.
+
+ case $ac_dashdash$ac_option in
+ --)
+ ac_dashdash=yes ;;
+
+ -bindir | --bindir | --bindi | --bind | --bin | --bi)
+ ac_prev=bindir ;;
+ -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
+ bindir=$ac_optarg ;;
+
+ -build | --build | --buil | --bui | --bu)
+ ac_prev=build_alias ;;
+ -build=* | --build=* | --buil=* | --bui=* | --bu=*)
+ build_alias=$ac_optarg ;;
+
+ -cache-file | --cache-file | --cache-fil | --cache-fi \
+ | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
+ ac_prev=cache_file ;;
+ -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
+ | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
+ cache_file=$ac_optarg ;;
+
+ --config-cache | -C)
+ cache_file=config.cache ;;
+
+ -datadir | --datadir | --datadi | --datad)
+ ac_prev=datadir ;;
+ -datadir=* | --datadir=* | --datadi=* | --datad=*)
+ datadir=$ac_optarg ;;
+
+ -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \
+ | --dataroo | --dataro | --datar)
+ ac_prev=datarootdir ;;
+ -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \
+ | --dataroot=* | --dataroo=* | --dataro=* | --datar=*)
+ datarootdir=$ac_optarg ;;
+
+ -disable-* | --disable-*)
+ ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error $? "invalid feature name: $ac_useropt"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"enable_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
+ esac
+ eval enable_$ac_useropt=no ;;
+
+ -docdir | --docdir | --docdi | --doc | --do)
+ ac_prev=docdir ;;
+ -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*)
+ docdir=$ac_optarg ;;
+
+ -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv)
+ ac_prev=dvidir ;;
+ -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*)
+ dvidir=$ac_optarg ;;
+
+ -enable-* | --enable-*)
+ ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error $? "invalid feature name: $ac_useropt"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"enable_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
+ esac
+ eval enable_$ac_useropt=\$ac_optarg ;;
+
+ -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
+ | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
+ | --exec | --exe | --ex)
+ ac_prev=exec_prefix ;;
+ -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
+ | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
+ | --exec=* | --exe=* | --ex=*)
+ exec_prefix=$ac_optarg ;;
+
+ -gas | --gas | --ga | --g)
+ # Obsolete; use --with-gas.
+ with_gas=yes ;;
+
+ -help | --help | --hel | --he | -h)
+ ac_init_help=long ;;
+ -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
+ ac_init_help=recursive ;;
+ -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
+ ac_init_help=short ;;
+
+ -host | --host | --hos | --ho)
+ ac_prev=host_alias ;;
+ -host=* | --host=* | --hos=* | --ho=*)
+ host_alias=$ac_optarg ;;
+
+ -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht)
+ ac_prev=htmldir ;;
+ -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \
+ | --ht=*)
+ htmldir=$ac_optarg ;;
+
+ -includedir | --includedir | --includedi | --included | --include \
+ | --includ | --inclu | --incl | --inc)
+ ac_prev=includedir ;;
+ -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
+ | --includ=* | --inclu=* | --incl=* | --inc=*)
+ includedir=$ac_optarg ;;
+
+ -infodir | --infodir | --infodi | --infod | --info | --inf)
+ ac_prev=infodir ;;
+ -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
+ infodir=$ac_optarg ;;
+
+ -libdir | --libdir | --libdi | --libd)
+ ac_prev=libdir ;;
+ -libdir=* | --libdir=* | --libdi=* | --libd=*)
+ libdir=$ac_optarg ;;
+
+ -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
+ | --libexe | --libex | --libe)
+ ac_prev=libexecdir ;;
+ -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
+ | --libexe=* | --libex=* | --libe=*)
+ libexecdir=$ac_optarg ;;
+
+ -localedir | --localedir | --localedi | --localed | --locale)
+ ac_prev=localedir ;;
+ -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*)
+ localedir=$ac_optarg ;;
+
+ -localstatedir | --localstatedir | --localstatedi | --localstated \
+ | --localstate | --localstat | --localsta | --localst | --locals)
+ ac_prev=localstatedir ;;
+ -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
+ | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*)
+ localstatedir=$ac_optarg ;;
+
+ -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
+ ac_prev=mandir ;;
+ -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
+ mandir=$ac_optarg ;;
+
+ -nfp | --nfp | --nf)
+ # Obsolete; use --without-fp.
+ with_fp=no ;;
+
+ -no-create | --no-create | --no-creat | --no-crea | --no-cre \
+ | --no-cr | --no-c | -n)
+ no_create=yes ;;
+
+ -no-recursion | --no-recursion | --no-recursio | --no-recursi \
+ | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
+ no_recursion=yes ;;
+
+ -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
+ | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
+ | --oldin | --oldi | --old | --ol | --o)
+ ac_prev=oldincludedir ;;
+ -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
+ | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
+ | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
+ oldincludedir=$ac_optarg ;;
+
+ -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
+ ac_prev=prefix ;;
+ -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
+ prefix=$ac_optarg ;;
+
+ -program-prefix | --program-prefix | --program-prefi | --program-pref \
+ | --program-pre | --program-pr | --program-p)
+ ac_prev=program_prefix ;;
+ -program-prefix=* | --program-prefix=* | --program-prefi=* \
+ | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
+ program_prefix=$ac_optarg ;;
+
+ -program-suffix | --program-suffix | --program-suffi | --program-suff \
+ | --program-suf | --program-su | --program-s)
+ ac_prev=program_suffix ;;
+ -program-suffix=* | --program-suffix=* | --program-suffi=* \
+ | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
+ program_suffix=$ac_optarg ;;
+
+ -program-transform-name | --program-transform-name \
+ | --program-transform-nam | --program-transform-na \
+ | --program-transform-n | --program-transform- \
+ | --program-transform | --program-transfor \
+ | --program-transfo | --program-transf \
+ | --program-trans | --program-tran \
+ | --progr-tra | --program-tr | --program-t)
+ ac_prev=program_transform_name ;;
+ -program-transform-name=* | --program-transform-name=* \
+ | --program-transform-nam=* | --program-transform-na=* \
+ | --program-transform-n=* | --program-transform-=* \
+ | --program-transform=* | --program-transfor=* \
+ | --program-transfo=* | --program-transf=* \
+ | --program-trans=* | --program-tran=* \
+ | --progr-tra=* | --program-tr=* | --program-t=*)
+ program_transform_name=$ac_optarg ;;
+
+ -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd)
+ ac_prev=pdfdir ;;
+ -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*)
+ pdfdir=$ac_optarg ;;
+
+ -psdir | --psdir | --psdi | --psd | --ps)
+ ac_prev=psdir ;;
+ -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
+ psdir=$ac_optarg ;;
+
+ -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+ | -silent | --silent | --silen | --sile | --sil)
+ silent=yes ;;
+
+ -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
+ ac_prev=sbindir ;;
+ -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
+ | --sbi=* | --sb=*)
+ sbindir=$ac_optarg ;;
+
+ -sharedstatedir | --sharedstatedir | --sharedstatedi \
+ | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
+ | --sharedst | --shareds | --shared | --share | --shar \
+ | --sha | --sh)
+ ac_prev=sharedstatedir ;;
+ -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
+ | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
+ | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
+ | --sha=* | --sh=*)
+ sharedstatedir=$ac_optarg ;;
+
+ -site | --site | --sit)
+ ac_prev=site ;;
+ -site=* | --site=* | --sit=*)
+ site=$ac_optarg ;;
+
+ -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
+ ac_prev=srcdir ;;
+ -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
+ srcdir=$ac_optarg ;;
+
+ -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
+ | --syscon | --sysco | --sysc | --sys | --sy)
+ ac_prev=sysconfdir ;;
+ -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
+ | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
+ sysconfdir=$ac_optarg ;;
+
+ -target | --target | --targe | --targ | --tar | --ta | --t)
+ ac_prev=target_alias ;;
+ -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
+ target_alias=$ac_optarg ;;
+
+ -v | -verbose | --verbose | --verbos | --verbo | --verb)
+ verbose=yes ;;
+
+ -version | --version | --versio | --versi | --vers | -V)
+ ac_init_version=: ;;
+
+ -with-* | --with-*)
+ ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error $? "invalid package name: $ac_useropt"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"with_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
+ esac
+ eval with_$ac_useropt=\$ac_optarg ;;
+
+ -without-* | --without-*)
+ ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error $? "invalid package name: $ac_useropt"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"with_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
+ esac
+ eval with_$ac_useropt=no ;;
+
+ --x)
+ # Obsolete; use --with-x.
+ with_x=yes ;;
+
+ -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
+ | --x-incl | --x-inc | --x-in | --x-i)
+ ac_prev=x_includes ;;
+ -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
+ | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
+ x_includes=$ac_optarg ;;
+
+ -x-libraries | --x-libraries | --x-librarie | --x-librari \
+ | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
+ ac_prev=x_libraries ;;
+ -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
+ | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
+ x_libraries=$ac_optarg ;;
+
+ -*) as_fn_error $? "unrecognized option: \`$ac_option'
+Try \`$0 --help' for more information"
+ ;;
+
+ *=*)
+ ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
+ # Reject names that are not valid shell variable names.
+ case $ac_envvar in #(
+ '' | [0-9]* | *[!_$as_cr_alnum]* )
+ as_fn_error $? "invalid variable name: \`$ac_envvar'" ;;
+ esac
+ eval $ac_envvar=\$ac_optarg
+ export $ac_envvar ;;
+
+ *)
+ # FIXME: should be removed in autoconf 3.0.
+ $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2
+ expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
+ $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2
+ : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}"
+ ;;
+
+ esac
+done
+
+if test -n "$ac_prev"; then
+ ac_option=--`echo $ac_prev | sed 's/_/-/g'`
+ as_fn_error $? "missing argument to $ac_option"
+fi
+
+if test -n "$ac_unrecognized_opts"; then
+ case $enable_option_checking in
+ no) ;;
+ fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;;
+ *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
+ esac
+fi
+
+# Check all directory arguments for consistency.
+for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
+ datadir sysconfdir sharedstatedir localstatedir includedir \
+ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
+ libdir localedir mandir
+do
+ eval ac_val=\$$ac_var
+ # Remove trailing slashes.
+ case $ac_val in
+ */ )
+ ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'`
+ eval $ac_var=\$ac_val;;
+ esac
+ # Be sure to have absolute directory names.
+ case $ac_val in
+ [\\/$]* | ?:[\\/]* ) continue;;
+ NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
+ esac
+ as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val"
+done
+
+# There might be people who depend on the old broken behavior: `$host'
+# used to hold the argument of --host etc.
+# FIXME: To remove some day.
+build=$build_alias
+host=$host_alias
+target=$target_alias
+
+# FIXME: To remove some day.
+if test "x$host_alias" != x; then
+ if test "x$build_alias" = x; then
+ cross_compiling=maybe
+ $as_echo "$as_me: WARNING: if you wanted to set the --build type, don't use --host.
+ If a cross compiler is detected then cross compile mode will be used" >&2
+ elif test "x$build_alias" != "x$host_alias"; then
+ cross_compiling=yes
+ fi
+fi
+
+ac_tool_prefix=
+test -n "$host_alias" && ac_tool_prefix=$host_alias-
+
+test "$silent" = yes && exec 6>/dev/null
+
+
+ac_pwd=`pwd` && test -n "$ac_pwd" &&
+ac_ls_di=`ls -di .` &&
+ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
+ as_fn_error $? "working directory cannot be determined"
+test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
+ as_fn_error $? "pwd does not report name of working directory"
+
+
+# Find the source files, if location was not specified.
+if test -z "$srcdir"; then
+ ac_srcdir_defaulted=yes
+ # Try the directory containing this script, then the parent directory.
+ ac_confdir=`$as_dirname -- "$as_myself" ||
+$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$as_myself" : 'X\(//\)[^/]' \| \
+ X"$as_myself" : 'X\(//\)$' \| \
+ X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_myself" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ srcdir=$ac_confdir
+ if test ! -r "$srcdir/$ac_unique_file"; then
+ srcdir=..
+ fi
+else
+ ac_srcdir_defaulted=no
+fi
+if test ! -r "$srcdir/$ac_unique_file"; then
+ test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
+ as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir"
+fi
+ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
+ac_abs_confdir=`(
+ cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg"
+ pwd)`
+# When building in place, set srcdir=.
+if test "$ac_abs_confdir" = "$ac_pwd"; then
+ srcdir=.
+fi
+# Remove unnecessary trailing slashes from srcdir.
+# Double slashes in file names in object file debugging info
+# mess up M-x gdb in Emacs.
+case $srcdir in
+*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;;
+esac
+for ac_var in $ac_precious_vars; do
+ eval ac_env_${ac_var}_set=\${${ac_var}+set}
+ eval ac_env_${ac_var}_value=\$${ac_var}
+ eval ac_cv_env_${ac_var}_set=\${${ac_var}+set}
+ eval ac_cv_env_${ac_var}_value=\$${ac_var}
+done
+
+#
+# Report the --help message.
+#
+if test "$ac_init_help" = "long"; then
+ # Omit some internal or obsolete options to make the list less imposing.
+ # This message is too long to be a string in the A/UX 3.1 sh.
+ cat <<_ACEOF
+\`configure' configures OpenSSH Portable to adapt to many kinds of systems.
+
+Usage: $0 [OPTION]... [VAR=VALUE]...
+
+To assign environment variables (e.g., CC, CFLAGS...), specify them as
+VAR=VALUE. See below for descriptions of some of the useful variables.
+
+Defaults for the options are specified in brackets.
+
+Configuration:
+ -h, --help display this help and exit
+ --help=short display options specific to this package
+ --help=recursive display the short help of all the included packages
+ -V, --version display version information and exit
+ -q, --quiet, --silent do not print \`checking ...' messages
+ --cache-file=FILE cache test results in FILE [disabled]
+ -C, --config-cache alias for \`--cache-file=config.cache'
+ -n, --no-create do not create output files
+ --srcdir=DIR find the sources in DIR [configure dir or \`..']
+
+Installation directories:
+ --prefix=PREFIX install architecture-independent files in PREFIX
+ [$ac_default_prefix]
+ --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
+ [PREFIX]
+
+By default, \`make install' will install all the files in
+\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify
+an installation prefix other than \`$ac_default_prefix' using \`--prefix',
+for instance \`--prefix=\$HOME'.
+
+For better control, use the options below.
+
+Fine tuning of the installation directories:
+ --bindir=DIR user executables [EPREFIX/bin]
+ --sbindir=DIR system admin executables [EPREFIX/sbin]
+ --libexecdir=DIR program executables [EPREFIX/libexec]
+ --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
+ --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
+ --localstatedir=DIR modifiable single-machine data [PREFIX/var]
+ --libdir=DIR object code libraries [EPREFIX/lib]
+ --includedir=DIR C header files [PREFIX/include]
+ --oldincludedir=DIR C header files for non-gcc [/usr/include]
+ --datarootdir=DIR read-only arch.-independent data root [PREFIX/share]
+ --datadir=DIR read-only architecture-independent data [DATAROOTDIR]
+ --infodir=DIR info documentation [DATAROOTDIR/info]
+ --localedir=DIR locale-dependent data [DATAROOTDIR/locale]
+ --mandir=DIR man documentation [DATAROOTDIR/man]
+ --docdir=DIR documentation root [DATAROOTDIR/doc/openssh]
+ --htmldir=DIR html documentation [DOCDIR]
+ --dvidir=DIR dvi documentation [DOCDIR]
+ --pdfdir=DIR pdf documentation [DOCDIR]
+ --psdir=DIR ps documentation [DOCDIR]
+_ACEOF
+
+ cat <<\_ACEOF
+
+System types:
+ --build=BUILD configure for building on BUILD [guessed]
+ --host=HOST cross-compile to build programs to run on HOST [BUILD]
+_ACEOF
+fi
+
+if test -n "$ac_init_help"; then
+ case $ac_init_help in
+ short | recursive ) echo "Configuration of OpenSSH Portable:";;
+ esac
+ cat <<\_ACEOF
+
+Optional Features:
+ --disable-option-checking ignore unrecognized --enable/--with options
+ --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
+ --enable-FEATURE[=ARG] include FEATURE [ARG=yes]
+ --disable-largefile omit support for large files
+ --disable-strip Disable calling strip(1) on install
+ --disable-etc-default-login Disable using PATH from /etc/default/login no
+ --disable-lastlog disable use of lastlog even if detected no
+ --disable-utmp disable use of utmp even if detected no
+ --disable-utmpx disable use of utmpx even if detected no
+ --disable-wtmp disable use of wtmp even if detected no
+ --disable-wtmpx disable use of wtmpx even if detected no
+ --disable-libutil disable use of libutil (login() etc.) no
+ --disable-pututline disable use of pututline() etc. (uwtmp) no
+ --disable-pututxline disable use of pututxline() etc. (uwtmpx) no
+
+Optional Packages:
+ --with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
+ --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
+ --without-stackprotect Don't use compiler's stack protection
+ --without-rpath Disable auto-added -R linker paths
+ --with-cflags Specify additional flags to pass to compiler
+ --with-cppflags Specify additional flags to pass to preprocessor
+ --with-ldflags Specify additional flags to pass to linker
+ --with-libs Specify additional libraries to link with
+ --with-Werror Build main code with -Werror
+ --with-solaris-contracts Enable Solaris process contracts (experimental)
+ --with-solaris-projects Enable Solaris projects (experimental)
+ --with-osfsia Enable Digital Unix SIA
+ --with-zlib=PATH Use zlib in PATH
+ --without-zlib-version-check Disable zlib version check
+ --with-skey[=PATH] Enable S/Key support (optionally in PATH)
+ --with-tcp-wrappers[=PATH] Enable tcpwrappers support (optionally in PATH)
+ --with-ldns[=PATH] Use ldns for DNSSEC support (optionally in PATH)
+ --with-libedit[=PATH] Enable libedit support for sftp
+ --with-audit=module Enable audit support (modules=debug,bsm,linux)
+ --with-ssl-dir=PATH Specify path to OpenSSL installation
+ --without-openssl-header-check Disable OpenSSL version consistency check
+ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support
+ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT
+ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)
+ --with-pam Enable PAM support
+ --with-privsep-user=user Specify non-privileged user for privilege separation
+ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter)
+ --with-selinux Enable SELinux support
+ --with-kerberos5=PATH Enable Kerberos 5 support
+ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)
+ --with-xauth=PATH Specify path to xauth program
+ --with-maildir=/path/to/mail Specify your system mail directory
+ --with-mantype=man|cat|doc Set man page type
+ --with-md5-passwords Enable use of MD5 passwords
+ --without-shadow Disable shadow password support
+ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY
+ --with-default-path= Specify default \$PATH environment for server
+ --with-superuser-path= Specify different path for super-user
+ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses
+ --with-bsd-auth Enable BSD auth support
+ --with-pid-dir=PATH Specify location of ssh.pid file
+ --with-lastlog=FILE|DIR specify lastlog location common locations
+
+Some influential environment variables:
+ CC C compiler command
+ CFLAGS C compiler flags
+ LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
+ nonstandard directory <lib dir>
+ LIBS libraries to pass to the linker, e.g. -l<library>
+ CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
+ you have headers in a nonstandard directory <include dir>
+ CPP C preprocessor
+
+Use these variables to override the choices made by `configure' or to help
+it to find libraries and programs with nonstandard names/locations.
+
+Report bugs to <openssh-unix-dev at mindrot.org>.
+_ACEOF
+ac_status=$?
+fi
+
+if test "$ac_init_help" = "recursive"; then
+ # If there are subdirs, report their specific --help.
+ for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
+ test -d "$ac_dir" ||
+ { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } ||
+ continue
+ ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+ ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+ # A ".." for each directory in $ac_dir_suffix.
+ ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+ case $ac_top_builddir_sub in
+ "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+ *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+ esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+ .) # We are building in place.
+ ac_srcdir=.
+ ac_top_srcdir=$ac_top_builddir_sub
+ ac_abs_top_srcdir=$ac_pwd ;;
+ [\\/]* | ?:[\\/]* ) # Absolute name.
+ ac_srcdir=$srcdir$ac_dir_suffix;
+ ac_top_srcdir=$srcdir
+ ac_abs_top_srcdir=$srcdir ;;
+ *) # Relative name.
+ ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+ ac_top_srcdir=$ac_top_build_prefix$srcdir
+ ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+ cd "$ac_dir" || { ac_status=$?; continue; }
+ # Check for guested configure.
+ if test -f "$ac_srcdir/configure.gnu"; then
+ echo &&
+ $SHELL "$ac_srcdir/configure.gnu" --help=recursive
+ elif test -f "$ac_srcdir/configure"; then
+ echo &&
+ $SHELL "$ac_srcdir/configure" --help=recursive
+ else
+ $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
+ fi || ac_status=$?
+ cd "$ac_pwd" || { ac_status=$?; break; }
+ done
+fi
+
+test -n "$ac_init_help" && exit $ac_status
+if $ac_init_version; then
+ cat <<\_ACEOF
+OpenSSH configure Portable
+generated by GNU Autoconf 2.68
+
+Copyright (C) 2010 Free Software Foundation, Inc.
+This configure script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it.
+_ACEOF
+ exit
+fi
+
+## ------------------------ ##
+## Autoconf initialization. ##
+## ------------------------ ##
+
+# ac_fn_c_try_compile LINENO
+# --------------------------
+# Try to compile conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_compile ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ rm -f conftest.$ac_objext
+ if { { ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_compile") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ grep -v '^ *+' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ mv -f conftest.er1 conftest.err
+ fi
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=1
+fi
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_compile
+
+# ac_fn_c_try_run LINENO
+# ----------------------
+# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes
+# that executables *can* be run.
+ac_fn_c_try_run ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ if { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && { ac_try='./conftest$ac_exeext'
+ { { case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; }; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: program exited with status $ac_status" >&5
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=$ac_status
+fi
+ rm -rf conftest.dSYM conftest_ipa8_conftest.oo
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_run
+
+# ac_fn_c_try_cpp LINENO
+# ----------------------
+# Try to preprocess conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_cpp ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ if { { ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ grep -v '^ *+' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ mv -f conftest.er1 conftest.err
+ fi
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } > conftest.i && {
+ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ }; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=1
+fi
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_cpp
+
+# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES
+# -------------------------------------------------------
+# Tests whether HEADER exists and can be compiled using the include files in
+# INCLUDES, setting the cache variable VAR accordingly.
+ac_fn_c_check_header_compile ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval \${$3+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+#include <$2>
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ eval "$3=yes"
+else
+ eval "$3=no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+
+} # ac_fn_c_check_header_compile
+
+# ac_fn_c_check_decl LINENO SYMBOL VAR INCLUDES
+# ---------------------------------------------
+# Tests whether SYMBOL is declared in INCLUDES, setting cache variable VAR
+# accordingly.
+ac_fn_c_check_decl ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ as_decl_name=`echo $2|sed 's/ *(.*//'`
+ as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'`
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $as_decl_name is declared" >&5
+$as_echo_n "checking whether $as_decl_name is declared... " >&6; }
+if eval \${$3+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+#ifndef $as_decl_name
+#ifdef __cplusplus
+ (void) $as_decl_use;
+#else
+ (void) $as_decl_name;
+#endif
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ eval "$3=yes"
+else
+ eval "$3=no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+
+} # ac_fn_c_check_decl
+
+# ac_fn_c_try_link LINENO
+# -----------------------
+# Try to link conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_link ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ rm -f conftest.$ac_objext conftest$ac_exeext
+ if { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ grep -v '^ *+' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ mv -f conftest.er1 conftest.err
+ fi
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext && {
+ test "$cross_compiling" = yes ||
+ $as_test_x conftest$ac_exeext
+ }; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=1
+fi
+ # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
+ # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
+ # interfere with the next link command; also delete a directory that is
+ # left behind by Apple's compiler. We do this before executing the actions.
+ rm -rf conftest.dSYM conftest_ipa8_conftest.oo
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_link
+
+# ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES
+# -------------------------------------------------------
+# Tests whether HEADER exists, giving a warning if it cannot be compiled using
+# the include files in INCLUDES and setting the cache variable VAR
+# accordingly.
+ac_fn_c_check_header_mongrel ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ if eval \${$3+:} false; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval \${$3+:} false; then :
+ $as_echo_n "(cached) " >&6
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+else
+ # Is the header compilable?
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5
+$as_echo_n "checking $2 usability... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+#include <$2>
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_header_compiler=yes
+else
+ ac_header_compiler=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5
+$as_echo "$ac_header_compiler" >&6; }
+
+# Is the header present?
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5
+$as_echo_n "checking $2 presence... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <$2>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+ ac_header_preproc=yes
+else
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5
+$as_echo "$ac_header_preproc" >&6; }
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #((
+ yes:no: )
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5
+$as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
+$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
+ ;;
+ no:yes:* )
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5
+$as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5
+$as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5
+$as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5
+$as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
+$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
+( $as_echo "## ------------------------------------------- ##
+## Report this to openssh-unix-dev at mindrot.org ##
+## ------------------------------------------- ##"
+ ) | sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval \${$3+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ eval "$3=\$ac_header_compiler"
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+fi
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+
+} # ac_fn_c_check_header_mongrel
+
+# ac_fn_c_check_func LINENO FUNC VAR
+# ----------------------------------
+# Tests whether FUNC exists, setting the cache variable VAR accordingly
+ac_fn_c_check_func ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval \${$3+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+/* Define $2 to an innocuous variant, in case <limits.h> declares $2.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $2 innocuous_$2
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $2 (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $2
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $2 ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$2 || defined __stub___$2
+choke me
+#endif
+
+int
+main ()
+{
+return $2 ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ eval "$3=yes"
+else
+ eval "$3=no"
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+
+} # ac_fn_c_check_func
+
+# ac_fn_c_check_type LINENO TYPE VAR INCLUDES
+# -------------------------------------------
+# Tests whether TYPE exists after having included INCLUDES, setting cache
+# variable VAR accordingly.
+ac_fn_c_check_type ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval \${$3+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ eval "$3=no"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+if (sizeof ($2))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+if (sizeof (($2)))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+else
+ eval "$3=yes"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+
+} # ac_fn_c_check_type
+
+# ac_fn_c_compute_int LINENO EXPR VAR INCLUDES
+# --------------------------------------------
+# Tries to find the compile-time value of EXPR in a program that includes
+# INCLUDES, setting VAR accordingly. Returns whether the value could be
+# computed
+ac_fn_c_compute_int ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ if test "$cross_compiling" = yes; then
+ # Depending upon the size, compute the lo and hi bounds.
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) >= 0)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_lo=0 ac_mid=0
+ while :; do
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) <= $ac_mid)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_hi=$ac_mid; break
+else
+ as_fn_arith $ac_mid + 1 && ac_lo=$as_val
+ if test $ac_lo -le $ac_mid; then
+ ac_lo= ac_hi=
+ break
+ fi
+ as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ done
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) < 0)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_hi=-1 ac_mid=-1
+ while :; do
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) >= $ac_mid)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_lo=$ac_mid; break
+else
+ as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val
+ if test $ac_mid -le $ac_hi; then
+ ac_lo= ac_hi=
+ break
+ fi
+ as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ done
+else
+ ac_lo= ac_hi=
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+# Binary search between lo and hi bounds.
+while test "x$ac_lo" != "x$ac_hi"; do
+ as_fn_arith '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo && ac_mid=$as_val
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) <= $ac_mid)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_hi=$ac_mid
+else
+ as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+done
+case $ac_lo in #((
+?*) eval "$3=\$ac_lo"; ac_retval=0 ;;
+'') ac_retval=1 ;;
+esac
+ else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+static long int longval () { return $2; }
+static unsigned long int ulongval () { return $2; }
+#include <stdio.h>
+#include <stdlib.h>
+int
+main ()
+{
+
+ FILE *f = fopen ("conftest.val", "w");
+ if (! f)
+ return 1;
+ if (($2) < 0)
+ {
+ long int i = longval ();
+ if (i != ($2))
+ return 1;
+ fprintf (f, "%ld", i);
+ }
+ else
+ {
+ unsigned long int i = ulongval ();
+ if (i != ($2))
+ return 1;
+ fprintf (f, "%lu", i);
+ }
+ /* Do not output a trailing newline, as this causes \r\n confusion
+ on some platforms. */
+ return ferror (f) || fclose (f) != 0;
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ echo >>conftest.val; read $3 <conftest.val; ac_retval=0
+else
+ ac_retval=1
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+rm -f conftest.val
+
+ fi
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_compute_int
+
+# ac_fn_c_check_member LINENO AGGR MEMBER VAR INCLUDES
+# ----------------------------------------------------
+# Tries to find if the field MEMBER exists in type AGGR, after including
+# INCLUDES, setting cache variable VAR accordingly.
+ac_fn_c_check_member ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2.$3" >&5
+$as_echo_n "checking for $2.$3... " >&6; }
+if eval \${$4+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$5
+int
+main ()
+{
+static $2 ac_aggr;
+if (ac_aggr.$3)
+return 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ eval "$4=yes"
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$5
+int
+main ()
+{
+static $2 ac_aggr;
+if (sizeof ac_aggr.$3)
+return 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ eval "$4=yes"
+else
+ eval "$4=no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+eval ac_res=\$$4
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+
+} # ac_fn_c_check_member
+cat >config.log <<_ACEOF
+This file contains any messages produced by compilers while
+running configure, to aid debugging if configure makes a mistake.
+
+It was created by OpenSSH $as_me Portable, which was
+generated by GNU Autoconf 2.68. Invocation command line was
+
+ $ $0 $@
+
+_ACEOF
+exec 5>>config.log
+{
+cat <<_ASUNAME
+## --------- ##
+## Platform. ##
+## --------- ##
+
+hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
+/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown`
+
+/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown`
+/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
+/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown`
+/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown`
+/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown`
+/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown`
+
+_ASUNAME
+
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ $as_echo "PATH: $as_dir"
+ done
+IFS=$as_save_IFS
+
+} >&5
+
+cat >&5 <<_ACEOF
+
+
+## ----------- ##
+## Core tests. ##
+## ----------- ##
+
+_ACEOF
+
+
+# Keep a trace of the command line.
+# Strip out --no-create and --no-recursion so they do not pile up.
+# Strip out --silent because we don't want to record it for future runs.
+# Also quote any args containing shell meta-characters.
+# Make two passes to allow for proper duplicate-argument suppression.
+ac_configure_args=
+ac_configure_args0=
+ac_configure_args1=
+ac_must_keep_next=false
+for ac_pass in 1 2
+do
+ for ac_arg
+ do
+ case $ac_arg in
+ -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
+ -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+ | -silent | --silent | --silen | --sile | --sil)
+ continue ;;
+ *\'*)
+ ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ esac
+ case $ac_pass in
+ 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;;
+ 2)
+ as_fn_append ac_configure_args1 " '$ac_arg'"
+ if test $ac_must_keep_next = true; then
+ ac_must_keep_next=false # Got value, back to normal.
+ else
+ case $ac_arg in
+ *=* | --config-cache | -C | -disable-* | --disable-* \
+ | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
+ | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
+ | -with-* | --with-* | -without-* | --without-* | --x)
+ case "$ac_configure_args0 " in
+ "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
+ esac
+ ;;
+ -* ) ac_must_keep_next=true ;;
+ esac
+ fi
+ as_fn_append ac_configure_args " '$ac_arg'"
+ ;;
+ esac
+ done
+done
+{ ac_configure_args0=; unset ac_configure_args0;}
+{ ac_configure_args1=; unset ac_configure_args1;}
+
+# When interrupted or exit'd, cleanup temporary files, and complete
+# config.log. We remove comments because anyway the quotes in there
+# would cause problems or look ugly.
+# WARNING: Use '\'' to represent an apostrophe within the trap.
+# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
+trap 'exit_status=$?
+ # Save into config.log some information that might help in debugging.
+ {
+ echo
+
+ $as_echo "## ---------------- ##
+## Cache variables. ##
+## ---------------- ##"
+ echo
+ # The following way of writing the cache mishandles newlines in values,
+(
+ for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
+ eval ac_val=\$$ac_var
+ case $ac_val in #(
+ *${as_nl}*)
+ case $ac_var in #(
+ *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+ esac
+ case $ac_var in #(
+ _ | IFS | as_nl) ;; #(
+ BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+ *) { eval $ac_var=; unset $ac_var;} ;;
+ esac ;;
+ esac
+ done
+ (set) 2>&1 |
+ case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
+ *${as_nl}ac_space=\ *)
+ sed -n \
+ "s/'\''/'\''\\\\'\'''\''/g;
+ s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
+ ;; #(
+ *)
+ sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+ ;;
+ esac |
+ sort
+)
+ echo
+
+ $as_echo "## ----------------- ##
+## Output variables. ##
+## ----------------- ##"
+ echo
+ for ac_var in $ac_subst_vars
+ do
+ eval ac_val=\$$ac_var
+ case $ac_val in
+ *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+ esac
+ $as_echo "$ac_var='\''$ac_val'\''"
+ done | sort
+ echo
+
+ if test -n "$ac_subst_files"; then
+ $as_echo "## ------------------- ##
+## File substitutions. ##
+## ------------------- ##"
+ echo
+ for ac_var in $ac_subst_files
+ do
+ eval ac_val=\$$ac_var
+ case $ac_val in
+ *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+ esac
+ $as_echo "$ac_var='\''$ac_val'\''"
+ done | sort
+ echo
+ fi
+
+ if test -s confdefs.h; then
+ $as_echo "## ----------- ##
+## confdefs.h. ##
+## ----------- ##"
+ echo
+ cat confdefs.h
+ echo
+ fi
+ test "$ac_signal" != 0 &&
+ $as_echo "$as_me: caught signal $ac_signal"
+ $as_echo "$as_me: exit $exit_status"
+ } >&5
+ rm -f core *.core core.conftest.* &&
+ rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
+ exit $exit_status
+' 0
+for ac_signal in 1 2 13 15; do
+ trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal
+done
+ac_signal=0
+
+# confdefs.h avoids OS command line length limits that DEFS can exceed.
+rm -f -r conftest* confdefs.h
+
+$as_echo "/* confdefs.h */" > confdefs.h
+
+# Predefined preprocessor variables.
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_NAME "$PACKAGE_NAME"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_VERSION "$PACKAGE_VERSION"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_STRING "$PACKAGE_STRING"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_URL "$PACKAGE_URL"
+_ACEOF
+
+
+# Let the site file select an alternate cache file if it wants to.
+# Prefer an explicitly selected file to automatically selected ones.
+ac_site_file1=NONE
+ac_site_file2=NONE
+if test -n "$CONFIG_SITE"; then
+ # We do not want a PATH search for config.site.
+ case $CONFIG_SITE in #((
+ -*) ac_site_file1=./$CONFIG_SITE;;
+ */*) ac_site_file1=$CONFIG_SITE;;
+ *) ac_site_file1=./$CONFIG_SITE;;
+ esac
+elif test "x$prefix" != xNONE; then
+ ac_site_file1=$prefix/share/config.site
+ ac_site_file2=$prefix/etc/config.site
+else
+ ac_site_file1=$ac_default_prefix/share/config.site
+ ac_site_file2=$ac_default_prefix/etc/config.site
+fi
+for ac_site_file in "$ac_site_file1" "$ac_site_file2"
+do
+ test "x$ac_site_file" = xNONE && continue
+ if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
+$as_echo "$as_me: loading site script $ac_site_file" >&6;}
+ sed 's/^/| /' "$ac_site_file" >&5
+ . "$ac_site_file" \
+ || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "failed to load site script $ac_site_file
+See \`config.log' for more details" "$LINENO" 5; }
+ fi
+done
+
+if test -r "$cache_file"; then
+ # Some versions of bash will fail to source /dev/null (special files
+ # actually), so we avoid doing that. DJGPP emulates it as a regular file.
+ if test /dev/null != "$cache_file" && test -f "$cache_file"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
+$as_echo "$as_me: loading cache $cache_file" >&6;}
+ case $cache_file in
+ [\\/]* | ?:[\\/]* ) . "$cache_file";;
+ *) . "./$cache_file";;
+ esac
+ fi
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5
+$as_echo "$as_me: creating cache $cache_file" >&6;}
+ >$cache_file
+fi
+
+# Check that the precious variables saved in the cache have kept the same
+# value.
+ac_cache_corrupted=false
+for ac_var in $ac_precious_vars; do
+ eval ac_old_set=\$ac_cv_env_${ac_var}_set
+ eval ac_new_set=\$ac_env_${ac_var}_set
+ eval ac_old_val=\$ac_cv_env_${ac_var}_value
+ eval ac_new_val=\$ac_env_${ac_var}_value
+ case $ac_old_set,$ac_new_set in
+ set,)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
+ ac_cache_corrupted=: ;;
+ ,set)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
+ ac_cache_corrupted=: ;;
+ ,);;
+ *)
+ if test "x$ac_old_val" != "x$ac_new_val"; then
+ # differences in whitespace do not lead to failure.
+ ac_old_val_w=`echo x $ac_old_val`
+ ac_new_val_w=`echo x $ac_new_val`
+ if test "$ac_old_val_w" != "$ac_new_val_w"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5
+$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
+ ac_cache_corrupted=:
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
+$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
+ eval $ac_var=\$ac_old_val
+ fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5
+$as_echo "$as_me: former value: \`$ac_old_val'" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5
+$as_echo "$as_me: current value: \`$ac_new_val'" >&2;}
+ fi;;
+ esac
+ # Pass precious variables to config.status.
+ if test "$ac_new_set" = set; then
+ case $ac_new_val in
+ *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
+ *) ac_arg=$ac_var=$ac_new_val ;;
+ esac
+ case " $ac_configure_args " in
+ *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy.
+ *) as_fn_append ac_configure_args " '$ac_arg'" ;;
+ esac
+ fi
+done
+if $ac_cache_corrupted; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5
+$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;}
+ as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5
+fi
+## -------------------- ##
+## Main body of script. ##
+## -------------------- ##
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+ac_config_headers="$ac_config_headers config.h"
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}gcc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_CC="${ac_tool_prefix}gcc"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_CC"; then
+ ac_ct_CC=$CC
+ # Extract the first word of "gcc", so it can be a program name with args.
+set dummy gcc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_CC"; then
+ ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_CC="gcc"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_CC" = x; then
+ CC=""
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ CC=$ac_ct_CC
+ fi
+else
+ CC="$ac_cv_prog_CC"
+fi
+
+if test -z "$CC"; then
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}cc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_CC="${ac_tool_prefix}cc"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ fi
+fi
+if test -z "$CC"; then
+ # Extract the first word of "cc", so it can be a program name with args.
+set dummy cc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+ ac_prog_rejected=no
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
+ ac_prog_rejected=yes
+ continue
+ fi
+ ac_cv_prog_CC="cc"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+if test $ac_prog_rejected = yes; then
+ # We found a bogon in the path, so make sure we never use it.
+ set dummy $ac_cv_prog_CC
+ shift
+ if test $# != 0; then
+ # We chose a different compiler from the bogus one.
+ # However, it has the same basename, so the bogon will be chosen
+ # first if we set CC to just the basename; use the full file name.
+ shift
+ ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
+ fi
+fi
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$CC"; then
+ if test -n "$ac_tool_prefix"; then
+ for ac_prog in cl.exe
+ do
+ # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$CC" && break
+ done
+fi
+if test -z "$CC"; then
+ ac_ct_CC=$CC
+ for ac_prog in cl.exe
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_CC"; then
+ ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_CC="$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$ac_ct_CC" && break
+done
+
+ if test "x$ac_ct_CC" = x; then
+ CC=""
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ CC=$ac_ct_CC
+ fi
+fi
+
+fi
+
+
+test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "no acceptable C compiler found in \$PATH
+See \`config.log' for more details" "$LINENO" 5; }
+
+# Provide some information about the compiler.
+$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
+set X $ac_compile
+ac_compiler=$2
+for ac_option in --version -v -V -qversion; do
+ { { ac_try="$ac_compiler $ac_option >&5"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_compiler $ac_option >&5") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ sed '10a\
+... rest of stderr output deleted ...
+ 10q' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ fi
+ rm -f conftest.er1 conftest.err
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+done
+
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out"
+# Try to create an executable without -o first, disregard a.out.
+# It will help us diagnose broken compilers, and finding out an intuition
+# of exeext.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5
+$as_echo_n "checking whether the C compiler works... " >&6; }
+ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
+
+# The possible output files:
+ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*"
+
+ac_rmfiles=
+for ac_file in $ac_files
+do
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+ * ) ac_rmfiles="$ac_rmfiles $ac_file";;
+ esac
+done
+rm -f $ac_rmfiles
+
+if { { ac_try="$ac_link_default"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link_default") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then :
+ # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
+# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
+# in a Makefile. We should not override ac_cv_exeext if it was cached,
+# so that the user can short-circuit this test for compilers unknown to
+# Autoconf.
+for ac_file in $ac_files ''
+do
+ test -f "$ac_file" || continue
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj )
+ ;;
+ [ab].out )
+ # We found the default executable, but exeext='' is most
+ # certainly right.
+ break;;
+ *.* )
+ if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no;
+ then :; else
+ ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+ fi
+ # We set ac_cv_exeext here because the later test for it is not
+ # safe: cross compilers may not add the suffix if given an `-o'
+ # argument, so we may need to know it at that point already.
+ # Even if this section looks crufty: it has the advantage of
+ # actually working.
+ break;;
+ * )
+ break;;
+ esac
+done
+test "$ac_cv_exeext" = no && ac_cv_exeext=
+
+else
+ ac_file=''
+fi
+if test -z "$ac_file"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+$as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "C compiler cannot create executables
+See \`config.log' for more details" "$LINENO" 5; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5
+$as_echo_n "checking for C compiler default output file name... " >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5
+$as_echo "$ac_file" >&6; }
+ac_exeext=$ac_cv_exeext
+
+rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
+ac_clean_files=$ac_clean_files_save
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5
+$as_echo_n "checking for suffix of executables... " >&6; }
+if { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then :
+ # If both `conftest.exe' and `conftest' are `present' (well, observable)
+# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will
+# work properly (i.e., refer to `conftest.exe'), while it won't with
+# `rm'.
+for ac_file in conftest.exe conftest conftest.*; do
+ test -f "$ac_file" || continue
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+ *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+ break;;
+ * ) break;;
+ esac
+done
+else
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot compute suffix of executables: cannot compile and link
+See \`config.log' for more details" "$LINENO" 5; }
+fi
+rm -f conftest conftest$ac_cv_exeext
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
+$as_echo "$ac_cv_exeext" >&6; }
+
+rm -f conftest.$ac_ext
+EXEEXT=$ac_cv_exeext
+ac_exeext=$EXEEXT
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdio.h>
+int
+main ()
+{
+FILE *f = fopen ("conftest.out", "w");
+ return ferror (f) || fclose (f) != 0;
+
+ ;
+ return 0;
+}
+_ACEOF
+ac_clean_files="$ac_clean_files conftest.out"
+# Check that the compiler produces executables we can run. If not, either
+# the compiler is broken, or we cross compile.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5
+$as_echo_n "checking whether we are cross compiling... " >&6; }
+if test "$cross_compiling" != yes; then
+ { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+ if { ac_try='./conftest$ac_cv_exeext'
+ { { case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; }; then
+ cross_compiling=no
+ else
+ if test "$cross_compiling" = maybe; then
+ cross_compiling=yes
+ else
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot run C compiled programs.
+If you meant to cross compile, use \`--host'.
+See \`config.log' for more details" "$LINENO" 5; }
+ fi
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
+$as_echo "$cross_compiling" >&6; }
+
+rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out
+ac_clean_files=$ac_clean_files_save
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
+$as_echo_n "checking for suffix of object files... " >&6; }
+if ${ac_cv_objext+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.o conftest.obj
+if { { ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_compile") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then :
+ for ac_file in conftest.o conftest.obj conftest.*; do
+ test -f "$ac_file" || continue;
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;;
+ *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
+ break;;
+ esac
+done
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot compute suffix of object files: cannot compile
+See \`config.log' for more details" "$LINENO" 5; }
+fi
+rm -f conftest.$ac_cv_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5
+$as_echo "$ac_cv_objext" >&6; }
+OBJEXT=$ac_cv_objext
+ac_objext=$OBJEXT
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5
+$as_echo_n "checking whether we are using the GNU C compiler... " >&6; }
+if ${ac_cv_c_compiler_gnu+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+#ifndef __GNUC__
+ choke me
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_compiler_gnu=yes
+else
+ ac_compiler_gnu=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_cv_c_compiler_gnu=$ac_compiler_gnu
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
+$as_echo "$ac_cv_c_compiler_gnu" >&6; }
+if test $ac_compiler_gnu = yes; then
+ GCC=yes
+else
+ GCC=
+fi
+ac_test_CFLAGS=${CFLAGS+set}
+ac_save_CFLAGS=$CFLAGS
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
+$as_echo_n "checking whether $CC accepts -g... " >&6; }
+if ${ac_cv_prog_cc_g+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_save_c_werror_flag=$ac_c_werror_flag
+ ac_c_werror_flag=yes
+ ac_cv_prog_cc_g=no
+ CFLAGS="-g"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_prog_cc_g=yes
+else
+ CFLAGS=""
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+else
+ ac_c_werror_flag=$ac_save_c_werror_flag
+ CFLAGS="-g"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_prog_cc_g=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ ac_c_werror_flag=$ac_save_c_werror_flag
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
+$as_echo "$ac_cv_prog_cc_g" >&6; }
+if test "$ac_test_CFLAGS" = set; then
+ CFLAGS=$ac_save_CFLAGS
+elif test $ac_cv_prog_cc_g = yes; then
+ if test "$GCC" = yes; then
+ CFLAGS="-g -O2"
+ else
+ CFLAGS="-g"
+ fi
+else
+ if test "$GCC" = yes; then
+ CFLAGS="-O2"
+ else
+ CFLAGS=
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5
+$as_echo_n "checking for $CC option to accept ISO C89... " >&6; }
+if ${ac_cv_prog_cc_c89+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_cv_prog_cc_c89=no
+ac_save_CC=$CC
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdarg.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */
+struct buf { int x; };
+FILE * (*rcsopen) (struct buf *, struct stat *, int);
+static char *e (p, i)
+ char **p;
+ int i;
+{
+ return p[i];
+}
+static char *f (char * (*g) (char **, int), char **p, ...)
+{
+ char *s;
+ va_list v;
+ va_start (v,p);
+ s = g (p, va_arg (v,int));
+ va_end (v);
+ return s;
+}
+
+/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has
+ function prototypes and stuff, but not '\xHH' hex character constants.
+ These don't provoke an error unfortunately, instead are silently treated
+ as 'x'. The following induces an error, until -std is added to get
+ proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an
+ array size at least. It's necessary to write '\x00'==0 to get something
+ that's true only with -std. */
+int osf4_cc_array ['\x00' == 0 ? 1 : -1];
+
+/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
+ inside strings and character constants. */
+#define FOO(x) 'x'
+int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
+
+int test (int i, double x);
+struct s1 {int (*f) (int a);};
+struct s2 {int (*f) (double a);};
+int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
+int argc;
+char **argv;
+int
+main ()
+{
+return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1];
+ ;
+ return 0;
+}
+_ACEOF
+for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
+ -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
+do
+ CC="$ac_save_CC $ac_arg"
+ if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_prog_cc_c89=$ac_arg
+fi
+rm -f core conftest.err conftest.$ac_objext
+ test "x$ac_cv_prog_cc_c89" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CC=$ac_save_CC
+
+fi
+# AC_CACHE_VAL
+case "x$ac_cv_prog_cc_c89" in
+ x)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
+$as_echo "none needed" >&6; } ;;
+ xno)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
+$as_echo "unsupported" >&6; } ;;
+ *)
+ CC="$CC $ac_cv_prog_cc_c89"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
+$as_echo "$ac_cv_prog_cc_c89" >&6; } ;;
+esac
+if test "x$ac_cv_prog_cc_c89" != xno; then :
+
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+ac_aux_dir=
+for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
+ if test -f "$ac_dir/install-sh"; then
+ ac_aux_dir=$ac_dir
+ ac_install_sh="$ac_aux_dir/install-sh -c"
+ break
+ elif test -f "$ac_dir/install.sh"; then
+ ac_aux_dir=$ac_dir
+ ac_install_sh="$ac_aux_dir/install.sh -c"
+ break
+ elif test -f "$ac_dir/shtool"; then
+ ac_aux_dir=$ac_dir
+ ac_install_sh="$ac_aux_dir/shtool install -c"
+ break
+ fi
+done
+if test -z "$ac_aux_dir"; then
+ as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5
+fi
+
+# These three variables are undocumented and unsupported,
+# and are intended to be withdrawn in a future Autoconf release.
+# They can cause serious problems if a builder's source tree is in a directory
+# whose full name contains unusual characters.
+ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var.
+ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var.
+ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var.
+
+
+# Make sure we can run config.sub.
+$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 ||
+ as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5
+$as_echo_n "checking build system type... " >&6; }
+if ${ac_cv_build+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_build_alias=$build_alias
+test "x$ac_build_alias" = x &&
+ ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"`
+test "x$ac_build_alias" = x &&
+ as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5
+ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` ||
+ as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5
+$as_echo "$ac_cv_build" >&6; }
+case $ac_cv_build in
+*-*-*) ;;
+*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;;
+esac
+build=$ac_cv_build
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_build
+shift
+build_cpu=$1
+build_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+build_os=$*
+IFS=$ac_save_IFS
+case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5
+$as_echo_n "checking host system type... " >&6; }
+if ${ac_cv_host+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test "x$host_alias" = x; then
+ ac_cv_host=$ac_cv_build
+else
+ ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` ||
+ as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5
+$as_echo "$ac_cv_host" >&6; }
+case $ac_cv_host in
+*-*-*) ;;
+*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;;
+esac
+host=$ac_cv_host
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_host
+shift
+host_cpu=$1
+host_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+host_os=$*
+IFS=$ac_save_IFS
+case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac
+
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5
+$as_echo_n "checking how to run the C preprocessor... " >&6; }
+# On Suns, sometimes $CPP names a directory.
+if test -n "$CPP" && test -d "$CPP"; then
+ CPP=
+fi
+if test -z "$CPP"; then
+ if ${ac_cv_prog_CPP+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ # Double quotes because CPP needs to be expanded
+ for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
+ do
+ ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+ # Use a header file that comes with gcc, so configuring glibc
+ # with a fresh cross-compiler works.
+ # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ # <limits.h> exists even on freestanding compilers.
+ # On the NeXT, cc -E runs the code through the compiler's parser,
+ # not just through cpp. "Syntax error" is here to catch this case.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+ Syntax error
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+
+else
+ # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+ # OK, works on sane cases. Now check whether nonexistent headers
+ # can be detected and how.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <ac_nonexistent.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+ # Broken: success on invalid input.
+continue
+else
+ # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.i conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then :
+ break
+fi
+
+ done
+ ac_cv_prog_CPP=$CPP
+
+fi
+ CPP=$ac_cv_prog_CPP
+else
+ ac_cv_prog_CPP=$CPP
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5
+$as_echo "$CPP" >&6; }
+ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+ # Use a header file that comes with gcc, so configuring glibc
+ # with a fresh cross-compiler works.
+ # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ # <limits.h> exists even on freestanding compilers.
+ # On the NeXT, cc -E runs the code through the compiler's parser,
+ # not just through cpp. "Syntax error" is here to catch this case.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+ Syntax error
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+
+else
+ # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+ # OK, works on sane cases. Now check whether nonexistent headers
+ # can be detected and how.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <ac_nonexistent.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+ # Broken: success on invalid input.
+continue
+else
+ # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.i conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then :
+
+else
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "C preprocessor \"$CPP\" fails sanity check
+See \`config.log' for more details" "$LINENO" 5; }
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5
+$as_echo_n "checking for grep that handles long lines and -e... " >&6; }
+if ${ac_cv_path_GREP+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -z "$GREP"; then
+ ac_path_GREP_found=false
+ # Loop through the user's path and test for each of PROGNAME-LIST
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_prog in grep ggrep; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext"
+ { test -f "$ac_path_GREP" && $as_test_x "$ac_path_GREP"; } || continue
+# Check for GNU ac_path_GREP and select it if it is found.
+ # Check for GNU $ac_path_GREP
+case `"$ac_path_GREP" --version 2>&1` in
+*GNU*)
+ ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;;
+*)
+ ac_count=0
+ $as_echo_n 0123456789 >"conftest.in"
+ while :
+ do
+ cat "conftest.in" "conftest.in" >"conftest.tmp"
+ mv "conftest.tmp" "conftest.in"
+ cp "conftest.in" "conftest.nl"
+ $as_echo 'GREP' >> "conftest.nl"
+ "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break
+ diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+ as_fn_arith $ac_count + 1 && ac_count=$as_val
+ if test $ac_count -gt ${ac_path_GREP_max-0}; then
+ # Best one so far, save it but keep looking for a better one
+ ac_cv_path_GREP="$ac_path_GREP"
+ ac_path_GREP_max=$ac_count
+ fi
+ # 10*(2^10) chars as input seems more than enough
+ test $ac_count -gt 10 && break
+ done
+ rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+ $ac_path_GREP_found && break 3
+ done
+ done
+ done
+IFS=$as_save_IFS
+ if test -z "$ac_cv_path_GREP"; then
+ as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+ fi
+else
+ ac_cv_path_GREP=$GREP
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5
+$as_echo "$ac_cv_path_GREP" >&6; }
+ GREP="$ac_cv_path_GREP"
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5
+$as_echo_n "checking for egrep... " >&6; }
+if ${ac_cv_path_EGREP+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
+ then ac_cv_path_EGREP="$GREP -E"
+ else
+ if test -z "$EGREP"; then
+ ac_path_EGREP_found=false
+ # Loop through the user's path and test for each of PROGNAME-LIST
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_prog in egrep; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext"
+ { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue
+# Check for GNU ac_path_EGREP and select it if it is found.
+ # Check for GNU $ac_path_EGREP
+case `"$ac_path_EGREP" --version 2>&1` in
+*GNU*)
+ ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
+*)
+ ac_count=0
+ $as_echo_n 0123456789 >"conftest.in"
+ while :
+ do
+ cat "conftest.in" "conftest.in" >"conftest.tmp"
+ mv "conftest.tmp" "conftest.in"
+ cp "conftest.in" "conftest.nl"
+ $as_echo 'EGREP' >> "conftest.nl"
+ "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
+ diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+ as_fn_arith $ac_count + 1 && ac_count=$as_val
+ if test $ac_count -gt ${ac_path_EGREP_max-0}; then
+ # Best one so far, save it but keep looking for a better one
+ ac_cv_path_EGREP="$ac_path_EGREP"
+ ac_path_EGREP_max=$ac_count
+ fi
+ # 10*(2^10) chars as input seems more than enough
+ test $ac_count -gt 10 && break
+ done
+ rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+ $ac_path_EGREP_found && break 3
+ done
+ done
+ done
+IFS=$as_save_IFS
+ if test -z "$ac_cv_path_EGREP"; then
+ as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+ fi
+else
+ ac_cv_path_EGREP=$EGREP
+fi
+
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5
+$as_echo "$ac_cv_path_EGREP" >&6; }
+ EGREP="$ac_cv_path_EGREP"
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5
+$as_echo_n "checking for ANSI C header files... " >&6; }
+if ${ac_cv_header_stdc+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <float.h>
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_header_stdc=yes
+else
+ ac_cv_header_stdc=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+if test $ac_cv_header_stdc = yes; then
+ # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <string.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "memchr" >/dev/null 2>&1; then :
+
+else
+ ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+ # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdlib.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "free" >/dev/null 2>&1; then :
+
+else
+ ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+ # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
+ if test "$cross_compiling" = yes; then :
+ :
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <ctype.h>
+#include <stdlib.h>
+#if ((' ' & 0x0FF) == 0x020)
+# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
+# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
+#else
+# define ISLOWER(c) \
+ (('a' <= (c) && (c) <= 'i') \
+ || ('j' <= (c) && (c) <= 'r') \
+ || ('s' <= (c) && (c) <= 'z'))
+# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
+#endif
+
+#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
+int
+main ()
+{
+ int i;
+ for (i = 0; i < 256; i++)
+ if (XOR (islower (i), ISLOWER (i))
+ || toupper (i) != TOUPPER (i))
+ return 2;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+
+else
+ ac_cv_header_stdc=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5
+$as_echo "$ac_cv_header_stdc" >&6; }
+if test $ac_cv_header_stdc = yes; then
+
+$as_echo "#define STDC_HEADERS 1" >>confdefs.h
+
+fi
+
+# On IRIX 5.3, sys/types and inttypes.h are conflicting.
+for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
+ inttypes.h stdint.h unistd.h
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
+"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether byte ordering is bigendian" >&5
+$as_echo_n "checking whether byte ordering is bigendian... " >&6; }
+if ${ac_cv_c_bigendian+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_cv_c_bigendian=unknown
+ # See if we're dealing with a universal compiler.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#ifndef __APPLE_CC__
+ not a universal capable compiler
+ #endif
+ typedef int dummy;
+
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+ # Check for potential -arch flags. It is not universal unless
+ # there are at least two -arch flags with different values.
+ ac_arch=
+ ac_prev=
+ for ac_word in $CC $CFLAGS $CPPFLAGS $LDFLAGS; do
+ if test -n "$ac_prev"; then
+ case $ac_word in
+ i?86 | x86_64 | ppc | ppc64)
+ if test -z "$ac_arch" || test "$ac_arch" = "$ac_word"; then
+ ac_arch=$ac_word
+ else
+ ac_cv_c_bigendian=universal
+ break
+ fi
+ ;;
+ esac
+ ac_prev=
+ elif test "x$ac_word" = "x-arch"; then
+ ac_prev=arch
+ fi
+ done
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ if test $ac_cv_c_bigendian = unknown; then
+ # See if sys/param.h defines the BYTE_ORDER macro.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <sys/types.h>
+ #include <sys/param.h>
+
+int
+main ()
+{
+#if ! (defined BYTE_ORDER && defined BIG_ENDIAN \
+ && defined LITTLE_ENDIAN && BYTE_ORDER && BIG_ENDIAN \
+ && LITTLE_ENDIAN)
+ bogus endian macros
+ #endif
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ # It does; now see whether it defined to BIG_ENDIAN or not.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <sys/types.h>
+ #include <sys/param.h>
+
+int
+main ()
+{
+#if BYTE_ORDER != BIG_ENDIAN
+ not big endian
+ #endif
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_c_bigendian=yes
+else
+ ac_cv_c_bigendian=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ fi
+ if test $ac_cv_c_bigendian = unknown; then
+ # See if <limits.h> defines _LITTLE_ENDIAN or _BIG_ENDIAN (e.g., Solaris).
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <limits.h>
+
+int
+main ()
+{
+#if ! (defined _LITTLE_ENDIAN || defined _BIG_ENDIAN)
+ bogus endian macros
+ #endif
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ # It does; now see whether it defined to _BIG_ENDIAN or not.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <limits.h>
+
+int
+main ()
+{
+#ifndef _BIG_ENDIAN
+ not big endian
+ #endif
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_c_bigendian=yes
+else
+ ac_cv_c_bigendian=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ fi
+ if test $ac_cv_c_bigendian = unknown; then
+ # Compile a test program.
+ if test "$cross_compiling" = yes; then :
+ # Try to guess by grepping values from an object file.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+short int ascii_mm[] =
+ { 0x4249, 0x4765, 0x6E44, 0x6961, 0x6E53, 0x7953, 0 };
+ short int ascii_ii[] =
+ { 0x694C, 0x5454, 0x656C, 0x6E45, 0x6944, 0x6E61, 0 };
+ int use_ascii (int i) {
+ return ascii_mm[i] + ascii_ii[i];
+ }
+ short int ebcdic_ii[] =
+ { 0x89D3, 0xE3E3, 0x8593, 0x95C5, 0x89C4, 0x9581, 0 };
+ short int ebcdic_mm[] =
+ { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 };
+ int use_ebcdic (int i) {
+ return ebcdic_mm[i] + ebcdic_ii[i];
+ }
+ extern int foo;
+
+int
+main ()
+{
+return use_ascii (foo) == use_ebcdic (foo);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ if grep BIGenDianSyS conftest.$ac_objext >/dev/null; then
+ ac_cv_c_bigendian=yes
+ fi
+ if grep LiTTleEnDian conftest.$ac_objext >/dev/null ; then
+ if test "$ac_cv_c_bigendian" = unknown; then
+ ac_cv_c_bigendian=no
+ else
+ # finding both strings is unlikely to happen, but who knows?
+ ac_cv_c_bigendian=unknown
+ fi
+ fi
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+
+ /* Are we little or big endian? From Harbison&Steele. */
+ union
+ {
+ long int l;
+ char c[sizeof (long int)];
+ } u;
+ u.l = 1;
+ return u.c[sizeof (long int) - 1] == 1;
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ ac_cv_c_bigendian=no
+else
+ ac_cv_c_bigendian=yes
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_bigendian" >&5
+$as_echo "$ac_cv_c_bigendian" >&6; }
+ case $ac_cv_c_bigendian in #(
+ yes)
+ $as_echo "#define WORDS_BIGENDIAN 1" >>confdefs.h
+;; #(
+ no)
+ ;; #(
+ universal)
+
+$as_echo "#define AC_APPLE_UNIVERSAL_BUILD 1" >>confdefs.h
+
+ ;; #(
+ *)
+ as_fn_error $? "unknown endianness
+ presetting ac_cv_c_bigendian=no (or yes) will help" "$LINENO" 5 ;;
+ esac
+
+
+# Checks for programs.
+for ac_prog in gawk mawk nawk awk
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_AWK+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$AWK"; then
+ ac_cv_prog_AWK="$AWK" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_AWK="$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+AWK=$ac_cv_prog_AWK
+if test -n "$AWK"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5
+$as_echo "$AWK" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$AWK" && break
+done
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5
+$as_echo_n "checking how to run the C preprocessor... " >&6; }
+# On Suns, sometimes $CPP names a directory.
+if test -n "$CPP" && test -d "$CPP"; then
+ CPP=
+fi
+if test -z "$CPP"; then
+ if ${ac_cv_prog_CPP+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ # Double quotes because CPP needs to be expanded
+ for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
+ do
+ ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+ # Use a header file that comes with gcc, so configuring glibc
+ # with a fresh cross-compiler works.
+ # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ # <limits.h> exists even on freestanding compilers.
+ # On the NeXT, cc -E runs the code through the compiler's parser,
+ # not just through cpp. "Syntax error" is here to catch this case.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+ Syntax error
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+
+else
+ # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+ # OK, works on sane cases. Now check whether nonexistent headers
+ # can be detected and how.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <ac_nonexistent.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+ # Broken: success on invalid input.
+continue
+else
+ # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.i conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then :
+ break
+fi
+
+ done
+ ac_cv_prog_CPP=$CPP
+
+fi
+ CPP=$ac_cv_prog_CPP
+else
+ ac_cv_prog_CPP=$CPP
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5
+$as_echo "$CPP" >&6; }
+ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+ # Use a header file that comes with gcc, so configuring glibc
+ # with a fresh cross-compiler works.
+ # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ # <limits.h> exists even on freestanding compilers.
+ # On the NeXT, cc -E runs the code through the compiler's parser,
+ # not just through cpp. "Syntax error" is here to catch this case.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+ Syntax error
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+
+else
+ # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+ # OK, works on sane cases. Now check whether nonexistent headers
+ # can be detected and how.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <ac_nonexistent.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+ # Broken: success on invalid input.
+continue
+else
+ # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.i conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then :
+
+else
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "C preprocessor \"$CPP\" fails sanity check
+See \`config.log' for more details" "$LINENO" 5; }
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
+set dummy ${ac_tool_prefix}ranlib; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_RANLIB+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$RANLIB"; then
+ ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+RANLIB=$ac_cv_prog_RANLIB
+if test -n "$RANLIB"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5
+$as_echo "$RANLIB" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_RANLIB"; then
+ ac_ct_RANLIB=$RANLIB
+ # Extract the first word of "ranlib", so it can be a program name with args.
+set dummy ranlib; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_RANLIB+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_RANLIB"; then
+ ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_RANLIB="ranlib"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
+if test -n "$ac_ct_RANLIB"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5
+$as_echo "$ac_ct_RANLIB" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_RANLIB" = x; then
+ RANLIB=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ RANLIB=$ac_ct_RANLIB
+ fi
+else
+ RANLIB="$ac_cv_prog_RANLIB"
+fi
+
+# Find a good install program. We prefer a C program (faster),
+# so one script is as good as another. But avoid the broken or
+# incompatible versions:
+# SysV /etc/install, /usr/sbin/install
+# SunOS /usr/etc/install
+# IRIX /sbin/install
+# AIX /bin/install
+# AmigaOS /C/install, which installs bootblocks on floppy discs
+# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
+# AFS /usr/afsws/bin/install, which mishandles nonexistent args
+# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
+# OS/2's system install, which has a completely different semantic
+# ./install, which can be erroneously created by make from ./install.sh.
+# Reject install programs that cannot install multiple files.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5
+$as_echo_n "checking for a BSD-compatible install... " >&6; }
+if test -z "$INSTALL"; then
+if ${ac_cv_path_install+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ # Account for people who put trailing slashes in PATH elements.
+case $as_dir/ in #((
+ ./ | .// | /[cC]/* | \
+ /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
+ ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \
+ /usr/ucb/* ) ;;
+ *)
+ # OSF1 and SCO ODT 3.0 have their own names for install.
+ # Don't use installbsd from OSF since it installs stuff as root
+ # by default.
+ for ac_prog in ginstall scoinst install; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; }; then
+ if test $ac_prog = install &&
+ grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+ # AIX install. It has an incompatible calling convention.
+ :
+ elif test $ac_prog = install &&
+ grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+ # program-specific install script used by HP pwplus--don't use.
+ :
+ else
+ rm -rf conftest.one conftest.two conftest.dir
+ echo one > conftest.one
+ echo two > conftest.two
+ mkdir conftest.dir
+ if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" &&
+ test -s conftest.one && test -s conftest.two &&
+ test -s conftest.dir/conftest.one &&
+ test -s conftest.dir/conftest.two
+ then
+ ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c"
+ break 3
+ fi
+ fi
+ fi
+ done
+ done
+ ;;
+esac
+
+ done
+IFS=$as_save_IFS
+
+rm -rf conftest.one conftest.two conftest.dir
+
+fi
+ if test "${ac_cv_path_install+set}" = set; then
+ INSTALL=$ac_cv_path_install
+ else
+ # As a last resort, use the slow shell script. Don't cache a
+ # value for INSTALL within a source directory, because that will
+ # break other packages using the cache if that directory is
+ # removed, or if the value is a relative name.
+ INSTALL=$ac_install_sh
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5
+$as_echo "$INSTALL" >&6; }
+
+# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
+# It thinks the first close brace ends the variable substitution.
+test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
+
+test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
+
+test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5
+$as_echo_n "checking for egrep... " >&6; }
+if ${ac_cv_path_EGREP+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
+ then ac_cv_path_EGREP="$GREP -E"
+ else
+ if test -z "$EGREP"; then
+ ac_path_EGREP_found=false
+ # Loop through the user's path and test for each of PROGNAME-LIST
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_prog in egrep; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext"
+ { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue
+# Check for GNU ac_path_EGREP and select it if it is found.
+ # Check for GNU $ac_path_EGREP
+case `"$ac_path_EGREP" --version 2>&1` in
+*GNU*)
+ ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
+*)
+ ac_count=0
+ $as_echo_n 0123456789 >"conftest.in"
+ while :
+ do
+ cat "conftest.in" "conftest.in" >"conftest.tmp"
+ mv "conftest.tmp" "conftest.in"
+ cp "conftest.in" "conftest.nl"
+ $as_echo 'EGREP' >> "conftest.nl"
+ "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
+ diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+ as_fn_arith $ac_count + 1 && ac_count=$as_val
+ if test $ac_count -gt ${ac_path_EGREP_max-0}; then
+ # Best one so far, save it but keep looking for a better one
+ ac_cv_path_EGREP="$ac_path_EGREP"
+ ac_path_EGREP_max=$ac_count
+ fi
+ # 10*(2^10) chars as input seems more than enough
+ test $ac_count -gt 10 && break
+ done
+ rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+ $ac_path_EGREP_found && break 3
+ done
+ done
+ done
+IFS=$as_save_IFS
+ if test -z "$ac_cv_path_EGREP"; then
+ as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+ fi
+else
+ ac_cv_path_EGREP=$EGREP
+fi
+
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5
+$as_echo "$ac_cv_path_EGREP" >&6; }
+ EGREP="$ac_cv_path_EGREP"
+
+
+# Extract the first word of "ar", so it can be a program name with args.
+set dummy ar; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_AR+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $AR in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_AR="$AR" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_AR="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+AR=$ac_cv_path_AR
+if test -n "$AR"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5
+$as_echo "$AR" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# Extract the first word of "cat", so it can be a program name with args.
+set dummy cat; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_CAT+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $CAT in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_CAT="$CAT" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_CAT="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+CAT=$ac_cv_path_CAT
+if test -n "$CAT"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CAT" >&5
+$as_echo "$CAT" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# Extract the first word of "kill", so it can be a program name with args.
+set dummy kill; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_KILL+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $KILL in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_KILL="$KILL" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_KILL="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+KILL=$ac_cv_path_KILL
+if test -n "$KILL"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $KILL" >&5
+$as_echo "$KILL" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+for ac_prog in perl5 perl
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_PERL+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $PERL in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_PERL="$PERL" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_PERL="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+PERL=$ac_cv_path_PERL
+if test -n "$PERL"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PERL" >&5
+$as_echo "$PERL" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$PERL" && break
+done
+
+# Extract the first word of "sed", so it can be a program name with args.
+set dummy sed; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_SED+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $SED in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_SED="$SED" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_SED="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+SED=$ac_cv_path_SED
+if test -n "$SED"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SED" >&5
+$as_echo "$SED" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+
+# Extract the first word of "ent", so it can be a program name with args.
+set dummy ent; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_ENT+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $ENT in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_ENT="$ENT" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_ENT="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+ENT=$ac_cv_path_ENT
+if test -n "$ENT"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ENT" >&5
+$as_echo "$ENT" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+
+# Extract the first word of "bash", so it can be a program name with args.
+set dummy bash; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_TEST_MINUS_S_SH+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $TEST_MINUS_S_SH in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_TEST_MINUS_S_SH="$TEST_MINUS_S_SH" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_TEST_MINUS_S_SH="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+TEST_MINUS_S_SH=$ac_cv_path_TEST_MINUS_S_SH
+if test -n "$TEST_MINUS_S_SH"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $TEST_MINUS_S_SH" >&5
+$as_echo "$TEST_MINUS_S_SH" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# Extract the first word of "ksh", so it can be a program name with args.
+set dummy ksh; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_TEST_MINUS_S_SH+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $TEST_MINUS_S_SH in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_TEST_MINUS_S_SH="$TEST_MINUS_S_SH" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_TEST_MINUS_S_SH="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+TEST_MINUS_S_SH=$ac_cv_path_TEST_MINUS_S_SH
+if test -n "$TEST_MINUS_S_SH"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $TEST_MINUS_S_SH" >&5
+$as_echo "$TEST_MINUS_S_SH" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# Extract the first word of "sh", so it can be a program name with args.
+set dummy sh; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_TEST_MINUS_S_SH+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $TEST_MINUS_S_SH in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_TEST_MINUS_S_SH="$TEST_MINUS_S_SH" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_TEST_MINUS_S_SH="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+TEST_MINUS_S_SH=$ac_cv_path_TEST_MINUS_S_SH
+if test -n "$TEST_MINUS_S_SH"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $TEST_MINUS_S_SH" >&5
+$as_echo "$TEST_MINUS_S_SH" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# Extract the first word of "sh", so it can be a program name with args.
+set dummy sh; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_SH+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $SH in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_SH="$SH" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_SH="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+SH=$ac_cv_path_SH
+if test -n "$SH"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SH" >&5
+$as_echo "$SH" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# Extract the first word of "groff", so it can be a program name with args.
+set dummy groff; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_GROFF+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $GROFF in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_GROFF="$GROFF" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_GROFF="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+GROFF=$ac_cv_path_GROFF
+if test -n "$GROFF"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GROFF" >&5
+$as_echo "$GROFF" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# Extract the first word of "nroff", so it can be a program name with args.
+set dummy nroff; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_NROFF+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $NROFF in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_NROFF="$NROFF" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_NROFF="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+NROFF=$ac_cv_path_NROFF
+if test -n "$NROFF"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NROFF" >&5
+$as_echo "$NROFF" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# Extract the first word of "mandoc", so it can be a program name with args.
+set dummy mandoc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_MANDOC+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $MANDOC in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_MANDOC="$MANDOC" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_MANDOC="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+MANDOC=$ac_cv_path_MANDOC
+if test -n "$MANDOC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MANDOC" >&5
+$as_echo "$MANDOC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+TEST_SHELL=sh
+
+
+if test "x$MANDOC" != "x" ; then
+ MANFMT="$MANDOC"
+elif test "x$NROFF" != "x" ; then
+ MANFMT="$NROFF -mandoc"
+elif test "x$GROFF" != "x" ; then
+ MANFMT="$GROFF -mandoc -Tascii"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: no manpage formatted found" >&5
+$as_echo "$as_me: WARNING: no manpage formatted found" >&2;}
+ MANFMT="false"
+fi
+
+
+# Extract the first word of "groupadd", so it can be a program name with args.
+set dummy groupadd; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_PATH_GROUPADD_PROG+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $PATH_GROUPADD_PROG in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_PATH_GROUPADD_PROG="$PATH_GROUPADD_PROG" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in /usr/sbin${PATH_SEPARATOR}/etc
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_PATH_GROUPADD_PROG="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ test -z "$ac_cv_path_PATH_GROUPADD_PROG" && ac_cv_path_PATH_GROUPADD_PROG="groupadd"
+ ;;
+esac
+fi
+PATH_GROUPADD_PROG=$ac_cv_path_PATH_GROUPADD_PROG
+if test -n "$PATH_GROUPADD_PROG"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PATH_GROUPADD_PROG" >&5
+$as_echo "$PATH_GROUPADD_PROG" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# Extract the first word of "useradd", so it can be a program name with args.
+set dummy useradd; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_PATH_USERADD_PROG+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $PATH_USERADD_PROG in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_PATH_USERADD_PROG="$PATH_USERADD_PROG" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in /usr/sbin${PATH_SEPARATOR}/etc
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_PATH_USERADD_PROG="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ test -z "$ac_cv_path_PATH_USERADD_PROG" && ac_cv_path_PATH_USERADD_PROG="useradd"
+ ;;
+esac
+fi
+PATH_USERADD_PROG=$ac_cv_path_PATH_USERADD_PROG
+if test -n "$PATH_USERADD_PROG"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PATH_USERADD_PROG" >&5
+$as_echo "$PATH_USERADD_PROG" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# Extract the first word of "pkgmk", so it can be a program name with args.
+set dummy pkgmk; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_MAKE_PACKAGE_SUPPORTED+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$MAKE_PACKAGE_SUPPORTED"; then
+ ac_cv_prog_MAKE_PACKAGE_SUPPORTED="$MAKE_PACKAGE_SUPPORTED" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_MAKE_PACKAGE_SUPPORTED="yes"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ test -z "$ac_cv_prog_MAKE_PACKAGE_SUPPORTED" && ac_cv_prog_MAKE_PACKAGE_SUPPORTED="no"
+fi
+fi
+MAKE_PACKAGE_SUPPORTED=$ac_cv_prog_MAKE_PACKAGE_SUPPORTED
+if test -n "$MAKE_PACKAGE_SUPPORTED"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAKE_PACKAGE_SUPPORTED" >&5
+$as_echo "$MAKE_PACKAGE_SUPPORTED" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+if test -x /sbin/sh; then
+ STARTUP_SCRIPT_SHELL=/sbin/sh
+
+else
+ STARTUP_SCRIPT_SHELL=/bin/sh
+
+fi
+
+# System features
+# Check whether --enable-largefile was given.
+if test "${enable_largefile+set}" = set; then :
+ enableval=$enable_largefile;
+fi
+
+if test "$enable_largefile" != no; then
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for special C compiler options needed for large files" >&5
+$as_echo_n "checking for special C compiler options needed for large files... " >&6; }
+if ${ac_cv_sys_largefile_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_cv_sys_largefile_CC=no
+ if test "$GCC" != yes; then
+ ac_save_CC=$CC
+ while :; do
+ # IRIX 6.2 and later do not support large files by default,
+ # so use the C compiler's -n32 option if that helps.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <sys/types.h>
+ /* Check that off_t can represent 2**63 - 1 correctly.
+ We can't simply define LARGE_OFF_T to be 9223372036854775807,
+ since some C++ compilers masquerading as C compilers
+ incorrectly reject 9223372036854775807. */
+#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
+ int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
+ && LARGE_OFF_T % 2147483647 == 1)
+ ? 1 : -1];
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+ if ac_fn_c_try_compile "$LINENO"; then :
+ break
+fi
+rm -f core conftest.err conftest.$ac_objext
+ CC="$CC -n32"
+ if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_sys_largefile_CC=' -n32'; break
+fi
+rm -f core conftest.err conftest.$ac_objext
+ break
+ done
+ CC=$ac_save_CC
+ rm -f conftest.$ac_ext
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_CC" >&5
+$as_echo "$ac_cv_sys_largefile_CC" >&6; }
+ if test "$ac_cv_sys_largefile_CC" != no; then
+ CC=$CC$ac_cv_sys_largefile_CC
+ fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _FILE_OFFSET_BITS value needed for large files" >&5
+$as_echo_n "checking for _FILE_OFFSET_BITS value needed for large files... " >&6; }
+if ${ac_cv_sys_file_offset_bits+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ while :; do
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <sys/types.h>
+ /* Check that off_t can represent 2**63 - 1 correctly.
+ We can't simply define LARGE_OFF_T to be 9223372036854775807,
+ since some C++ compilers masquerading as C compilers
+ incorrectly reject 9223372036854775807. */
+#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
+ int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
+ && LARGE_OFF_T % 2147483647 == 1)
+ ? 1 : -1];
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_sys_file_offset_bits=no; break
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#define _FILE_OFFSET_BITS 64
+#include <sys/types.h>
+ /* Check that off_t can represent 2**63 - 1 correctly.
+ We can't simply define LARGE_OFF_T to be 9223372036854775807,
+ since some C++ compilers masquerading as C compilers
+ incorrectly reject 9223372036854775807. */
+#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
+ int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
+ && LARGE_OFF_T % 2147483647 == 1)
+ ? 1 : -1];
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_sys_file_offset_bits=64; break
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ ac_cv_sys_file_offset_bits=unknown
+ break
+done
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_file_offset_bits" >&5
+$as_echo "$ac_cv_sys_file_offset_bits" >&6; }
+case $ac_cv_sys_file_offset_bits in #(
+ no | unknown) ;;
+ *)
+cat >>confdefs.h <<_ACEOF
+#define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits
+_ACEOF
+;;
+esac
+rm -rf conftest*
+ if test $ac_cv_sys_file_offset_bits = unknown; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _LARGE_FILES value needed for large files" >&5
+$as_echo_n "checking for _LARGE_FILES value needed for large files... " >&6; }
+if ${ac_cv_sys_large_files+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ while :; do
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <sys/types.h>
+ /* Check that off_t can represent 2**63 - 1 correctly.
+ We can't simply define LARGE_OFF_T to be 9223372036854775807,
+ since some C++ compilers masquerading as C compilers
+ incorrectly reject 9223372036854775807. */
+#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
+ int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
+ && LARGE_OFF_T % 2147483647 == 1)
+ ? 1 : -1];
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_sys_large_files=no; break
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#define _LARGE_FILES 1
+#include <sys/types.h>
+ /* Check that off_t can represent 2**63 - 1 correctly.
+ We can't simply define LARGE_OFF_T to be 9223372036854775807,
+ since some C++ compilers masquerading as C compilers
+ incorrectly reject 9223372036854775807. */
+#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
+ int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
+ && LARGE_OFF_T % 2147483647 == 1)
+ ? 1 : -1];
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_sys_large_files=1; break
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ ac_cv_sys_large_files=unknown
+ break
+done
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_large_files" >&5
+$as_echo "$ac_cv_sys_large_files" >&6; }
+case $ac_cv_sys_large_files in #(
+ no | unknown) ;;
+ *)
+cat >>confdefs.h <<_ACEOF
+#define _LARGE_FILES $ac_cv_sys_large_files
+_ACEOF
+;;
+esac
+rm -rf conftest*
+ fi
+fi
+
+
+if test -z "$AR" ; then
+ as_fn_error $? "*** 'ar' missing, please install or fix your \$PATH ***" "$LINENO" 5
+fi
+
+# Use LOGIN_PROGRAM from environment if possible
+if test ! -z "$LOGIN_PROGRAM" ; then
+
+cat >>confdefs.h <<_ACEOF
+#define LOGIN_PROGRAM_FALLBACK "$LOGIN_PROGRAM"
+_ACEOF
+
+else
+ # Search for login
+ # Extract the first word of "login", so it can be a program name with args.
+set dummy login; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_LOGIN_PROGRAM_FALLBACK+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $LOGIN_PROGRAM_FALLBACK in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_LOGIN_PROGRAM_FALLBACK="$LOGIN_PROGRAM_FALLBACK" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_LOGIN_PROGRAM_FALLBACK="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+LOGIN_PROGRAM_FALLBACK=$ac_cv_path_LOGIN_PROGRAM_FALLBACK
+if test -n "$LOGIN_PROGRAM_FALLBACK"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LOGIN_PROGRAM_FALLBACK" >&5
+$as_echo "$LOGIN_PROGRAM_FALLBACK" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
+ cat >>confdefs.h <<_ACEOF
+#define LOGIN_PROGRAM_FALLBACK "$LOGIN_PROGRAM_FALLBACK"
+_ACEOF
+
+ fi
+fi
+
+# Extract the first word of "passwd", so it can be a program name with args.
+set dummy passwd; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_PATH_PASSWD_PROG+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $PATH_PASSWD_PROG in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_PATH_PASSWD_PROG="$PATH_PASSWD_PROG" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_PATH_PASSWD_PROG="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+PATH_PASSWD_PROG=$ac_cv_path_PATH_PASSWD_PROG
+if test -n "$PATH_PASSWD_PROG"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PATH_PASSWD_PROG" >&5
+$as_echo "$PATH_PASSWD_PROG" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+if test ! -z "$PATH_PASSWD_PROG" ; then
+
+cat >>confdefs.h <<_ACEOF
+#define _PATH_PASSWD_PROG "$PATH_PASSWD_PROG"
+_ACEOF
+
+fi
+
+if test -z "$LD" ; then
+ LD=$CC
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for inline" >&5
+$as_echo_n "checking for inline... " >&6; }
+if ${ac_cv_c_inline+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_cv_c_inline=no
+for ac_kw in inline __inline__ __inline; do
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#ifndef __cplusplus
+typedef int foo_t;
+static $ac_kw foo_t static_foo () {return 0; }
+$ac_kw foo_t foo () {return 0; }
+#endif
+
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_c_inline=$ac_kw
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ test "$ac_cv_c_inline" != no && break
+done
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_inline" >&5
+$as_echo "$ac_cv_c_inline" >&6; }
+
+case $ac_cv_c_inline in
+ inline | yes) ;;
+ *)
+ case $ac_cv_c_inline in
+ no) ac_val=;;
+ *) ac_val=$ac_cv_c_inline;;
+ esac
+ cat >>confdefs.h <<_ACEOF
+#ifndef __cplusplus
+#define inline $ac_val
+#endif
+_ACEOF
+ ;;
+esac
+
+
+ac_fn_c_check_decl "$LINENO" "LLONG_MAX" "ac_cv_have_decl_LLONG_MAX" "#include <limits.h>
+"
+if test "x$ac_cv_have_decl_LLONG_MAX" = xyes; then :
+ have_llong_max=1
+fi
+
+ac_fn_c_check_decl "$LINENO" "SYSTR_POLICY_KILL" "ac_cv_have_decl_SYSTR_POLICY_KILL" "
+ #include <sys/types.h>
+ #include <sys/param.h>
+ #include <dev/systrace.h>
+
+"
+if test "x$ac_cv_have_decl_SYSTR_POLICY_KILL" = xyes; then :
+ have_systr_policy_kill=1
+fi
+
+ac_fn_c_check_decl "$LINENO" "RLIMIT_NPROC" "ac_cv_have_decl_RLIMIT_NPROC" "
+ #include <sys/types.h>
+ #include <sys/resource.h>
+
+"
+if test "x$ac_cv_have_decl_RLIMIT_NPROC" = xyes; then :
+
+$as_echo "#define HAVE_RLIMIT_NPROC /**/" >>confdefs.h
+
+fi
+
+ac_fn_c_check_decl "$LINENO" "PR_SET_NO_NEW_PRIVS" "ac_cv_have_decl_PR_SET_NO_NEW_PRIVS" "
+ #include <sys/types.h>
+ #include <linux/prctl.h>
+
+"
+if test "x$ac_cv_have_decl_PR_SET_NO_NEW_PRIVS" = xyes; then :
+ have_linux_no_new_privs=1
+fi
+
+use_stack_protector=1
+
+# Check whether --with-stackprotect was given.
+if test "${with_stackprotect+set}" = set; then :
+ withval=$with_stackprotect;
+ if test "x$withval" = "xno"; then
+ use_stack_protector=0
+ fi
+fi
+
+
+
+if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
+ {
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Qunused-arguments -Werror" >&5
+$as_echo_n "checking if $CC supports -Qunused-arguments -Werror... " >&6; }
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -Qunused-arguments -Werror"
+ _define_flag="-Qunused-arguments"
+ test "x$_define_flag" = "x" && _define_flag="-Qunused-arguments -Werror"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+int main(void) { return 0; }
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+if `grep -i "unrecognized option" conftest.err >/dev/null`
+then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ CFLAGS="$saved_CFLAGS $_define_flag"
+fi
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+}
+ {
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wunknown-warning-option -Werror" >&5
+$as_echo_n "checking if $CC supports -Wunknown-warning-option -Werror... " >&6; }
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -Wunknown-warning-option -Werror"
+ _define_flag="-Wno-unknown-warning-option"
+ test "x$_define_flag" = "x" && _define_flag="-Wunknown-warning-option -Werror"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+int main(void) { return 0; }
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+if `grep -i "unrecognized option" conftest.err >/dev/null`
+then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ CFLAGS="$saved_CFLAGS $_define_flag"
+fi
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+}
+ {
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wall" >&5
+$as_echo_n "checking if $CC supports -Wall... " >&6; }
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -Wall"
+ _define_flag=""
+ test "x$_define_flag" = "x" && _define_flag="-Wall"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+int main(void) { return 0; }
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+if `grep -i "unrecognized option" conftest.err >/dev/null`
+then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ CFLAGS="$saved_CFLAGS $_define_flag"
+fi
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+}
+ {
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wpointer-arith" >&5
+$as_echo_n "checking if $CC supports -Wpointer-arith... " >&6; }
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -Wpointer-arith"
+ _define_flag=""
+ test "x$_define_flag" = "x" && _define_flag="-Wpointer-arith"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+int main(void) { return 0; }
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+if `grep -i "unrecognized option" conftest.err >/dev/null`
+then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ CFLAGS="$saved_CFLAGS $_define_flag"
+fi
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+}
+ {
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wuninitialized" >&5
+$as_echo_n "checking if $CC supports -Wuninitialized... " >&6; }
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -Wuninitialized"
+ _define_flag=""
+ test "x$_define_flag" = "x" && _define_flag="-Wuninitialized"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+int main(void) { return 0; }
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+if `grep -i "unrecognized option" conftest.err >/dev/null`
+then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ CFLAGS="$saved_CFLAGS $_define_flag"
+fi
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+}
+ {
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wsign-compare" >&5
+$as_echo_n "checking if $CC supports -Wsign-compare... " >&6; }
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -Wsign-compare"
+ _define_flag=""
+ test "x$_define_flag" = "x" && _define_flag="-Wsign-compare"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+int main(void) { return 0; }
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+if `grep -i "unrecognized option" conftest.err >/dev/null`
+then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ CFLAGS="$saved_CFLAGS $_define_flag"
+fi
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+}
+ {
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wformat-security" >&5
+$as_echo_n "checking if $CC supports -Wformat-security... " >&6; }
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -Wformat-security"
+ _define_flag=""
+ test "x$_define_flag" = "x" && _define_flag="-Wformat-security"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+int main(void) { return 0; }
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+if `grep -i "unrecognized option" conftest.err >/dev/null`
+then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ CFLAGS="$saved_CFLAGS $_define_flag"
+fi
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+}
+ {
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wsizeof-pointer-memaccess" >&5
+$as_echo_n "checking if $CC supports -Wsizeof-pointer-memaccess... " >&6; }
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -Wsizeof-pointer-memaccess"
+ _define_flag=""
+ test "x$_define_flag" = "x" && _define_flag="-Wsizeof-pointer-memaccess"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+int main(void) { return 0; }
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+if `grep -i "unrecognized option" conftest.err >/dev/null`
+then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ CFLAGS="$saved_CFLAGS $_define_flag"
+fi
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+}
+ {
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wpointer-sign" >&5
+$as_echo_n "checking if $CC supports -Wpointer-sign... " >&6; }
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -Wpointer-sign"
+ _define_flag="-Wno-pointer-sign"
+ test "x$_define_flag" = "x" && _define_flag="-Wpointer-sign"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+int main(void) { return 0; }
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+if `grep -i "unrecognized option" conftest.err >/dev/null`
+then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ CFLAGS="$saved_CFLAGS $_define_flag"
+fi
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+}
+ {
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wunused-result" >&5
+$as_echo_n "checking if $CC supports -Wunused-result... " >&6; }
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -Wunused-result"
+ _define_flag="-Wno-unused-result"
+ test "x$_define_flag" = "x" && _define_flag="-Wunused-result"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+int main(void) { return 0; }
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+if `grep -i "unrecognized option" conftest.err >/dev/null`
+then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ CFLAGS="$saved_CFLAGS $_define_flag"
+fi
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+}
+ {
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -fno-strict-aliasing" >&5
+$as_echo_n "checking if $CC supports -fno-strict-aliasing... " >&6; }
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -fno-strict-aliasing"
+ _define_flag=""
+ test "x$_define_flag" = "x" && _define_flag="-fno-strict-aliasing"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+int main(void) { return 0; }
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+if `grep -i "unrecognized option" conftest.err >/dev/null`
+then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ CFLAGS="$saved_CFLAGS $_define_flag"
+fi
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+}
+ {
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -D_FORTIFY_SOURCE=2" >&5
+$as_echo_n "checking if $CC supports -D_FORTIFY_SOURCE=2... " >&6; }
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2"
+ _define_flag=""
+ test "x$_define_flag" = "x" && _define_flag="-D_FORTIFY_SOURCE=2"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+int main(void) { return 0; }
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+if `grep -i "unrecognized option" conftest.err >/dev/null`
+then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ CFLAGS="$saved_CFLAGS $_define_flag"
+fi
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking gcc version" >&5
+$as_echo_n "checking gcc version... " >&6; }
+ GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
+ case $GCC_VER in
+ 1.*) no_attrib_nonnull=1 ;;
+ 2.8* | 2.9*)
+ no_attrib_nonnull=1
+ ;;
+ 2.*) no_attrib_nonnull=1 ;;
+ *) ;;
+ esac
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GCC_VER" >&5
+$as_echo "$GCC_VER" >&6; }
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC accepts -fno-builtin-memset" >&5
+$as_echo_n "checking if $CC accepts -fno-builtin-memset... " >&6; }
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -fno-builtin-memset"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <string.h>
+int
+main ()
+{
+ char b[10]; memset(b, 0, sizeof(b));
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ # -fstack-protector-all doesn't always work for some GCC versions
+ # and/or platforms, so we test if we can. If it's not supported
+ # on a given platform gcc will emit a warning so we use -Werror.
+ if test "x$use_stack_protector" = "x1"; then
+ for t in -fstack-protector-all -fstack-protector; do
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports $t" >&5
+$as_echo_n "checking if $CC supports $t... " >&6; }
+ saved_CFLAGS="$CFLAGS"
+ saved_LDFLAGS="$LDFLAGS"
+ CFLAGS="$CFLAGS $t -Werror"
+ LDFLAGS="$LDFLAGS $t -Werror"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <stdio.h>
+int
+main ()
+{
+
+ char x[256];
+ snprintf(x, sizeof(x), "XXX");
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ CFLAGS="$saved_CFLAGS $t"
+ LDFLAGS="$saved_LDFLAGS $t"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $t works" >&5
+$as_echo_n "checking if $t works... " >&6; }
+ if test "$cross_compiling" = yes; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: cannot test" >&5
+$as_echo "$as_me: WARNING: cross compiling: cannot test" >&2;}
+ break
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <stdio.h>
+int
+main ()
+{
+
+ char x[256];
+ snprintf(x, sizeof(x), "XXX");
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ break
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ CFLAGS="$saved_CFLAGS"
+ LDFLAGS="$saved_LDFLAGS"
+ done
+ fi
+
+ if test -z "$have_llong_max"; then
+ # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
+ unset ac_cv_have_decl_LLONG_MAX
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -std=gnu99"
+ ac_fn_c_check_decl "$LINENO" "LLONG_MAX" "ac_cv_have_decl_LLONG_MAX" "#include <limits.h>
+
+"
+if test "x$ac_cv_have_decl_LLONG_MAX" = xyes; then :
+ have_llong_max=1
+else
+ CFLAGS="$saved_CFLAGS"
+fi
+
+ fi
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if compiler allows __attribute__ on return types" >&5
+$as_echo_n "checking if compiler allows __attribute__ on return types... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdlib.h>
+__attribute__((__unused__)) static void foo(void){return;}
+int
+main ()
+{
+ exit(0);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+$as_echo "#define NO_ATTRIBUTE_ON_RETURN_TYPE 1" >>confdefs.h
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+if test "x$no_attrib_nonnull" != "x1" ; then
+
+$as_echo "#define HAVE_ATTRIBUTE__NONNULL__ 1" >>confdefs.h
+
+fi
+
+
+# Check whether --with-rpath was given.
+if test "${with_rpath+set}" = set; then :
+ withval=$with_rpath;
+ if test "x$withval" = "xno" ; then
+ need_dash_r=""
+ fi
+ if test "x$withval" = "xyes" ; then
+ need_dash_r=1
+ fi
+
+
+fi
+
+
+# Allow user to specify flags
+
+# Check whether --with-cflags was given.
+if test "${with_cflags+set}" = set; then :
+ withval=$with_cflags;
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
+ CFLAGS="$CFLAGS $withval"
+ fi
+
+
+fi
+
+
+# Check whether --with-cppflags was given.
+if test "${with_cppflags+set}" = set; then :
+ withval=$with_cppflags;
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
+ CPPFLAGS="$CPPFLAGS $withval"
+ fi
+
+
+fi
+
+
+# Check whether --with-ldflags was given.
+if test "${with_ldflags+set}" = set; then :
+ withval=$with_ldflags;
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
+ LDFLAGS="$LDFLAGS $withval"
+ fi
+
+
+fi
+
+
+# Check whether --with-libs was given.
+if test "${with_libs+set}" = set; then :
+ withval=$with_libs;
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
+ LIBS="$LIBS $withval"
+ fi
+
+
+fi
+
+
+# Check whether --with-Werror was given.
+if test "${with_Werror+set}" = set; then :
+ withval=$with_Werror;
+ if test -n "$withval" && test "x$withval" != "xno"; then
+ werror_flags="-Werror"
+ if test "x${withval}" != "xyes"; then
+ werror_flags="$withval"
+ fi
+ fi
+
+
+fi
+
+
+for ac_header in \
+ bstring.h \
+ crypt.h \
+ crypto/sha2.h \
+ dirent.h \
+ endian.h \
+ elf.h \
+ features.h \
+ fcntl.h \
+ floatingpoint.h \
+ getopt.h \
+ glob.h \
+ ia.h \
+ iaf.h \
+ limits.h \
+ locale.h \
+ login.h \
+ maillock.h \
+ ndir.h \
+ net/if_tun.h \
+ netdb.h \
+ netgroup.h \
+ pam/pam_appl.h \
+ paths.h \
+ poll.h \
+ pty.h \
+ readpassphrase.h \
+ rpc/types.h \
+ security/pam_appl.h \
+ sha2.h \
+ shadow.h \
+ stddef.h \
+ stdint.h \
+ string.h \
+ strings.h \
+ sys/audit.h \
+ sys/bitypes.h \
+ sys/bsdtty.h \
+ sys/cdefs.h \
+ sys/dir.h \
+ sys/mman.h \
+ sys/ndir.h \
+ sys/poll.h \
+ sys/prctl.h \
+ sys/pstat.h \
+ sys/select.h \
+ sys/stat.h \
+ sys/stream.h \
+ sys/stropts.h \
+ sys/strtio.h \
+ sys/statvfs.h \
+ sys/sysmacros.h \
+ sys/time.h \
+ sys/timers.h \
+ time.h \
+ tmpdir.h \
+ ttyent.h \
+ ucred.h \
+ unistd.h \
+ usersec.h \
+ util.h \
+ utime.h \
+ utmp.h \
+ utmpx.h \
+ vis.h \
+
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+# lastlog.h requires sys/time.h to be included first on Solaris
+for ac_header in lastlog.h
+do :
+ ac_fn_c_check_header_compile "$LINENO" "lastlog.h" "ac_cv_header_lastlog_h" "
+#ifdef HAVE_SYS_TIME_H
+# include <sys/time.h>
+#endif
+
+"
+if test "x$ac_cv_header_lastlog_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LASTLOG_H 1
+_ACEOF
+
+fi
+
+done
+
+
+# sys/ptms.h requires sys/stream.h to be included first on Solaris
+for ac_header in sys/ptms.h
+do :
+ ac_fn_c_check_header_compile "$LINENO" "sys/ptms.h" "ac_cv_header_sys_ptms_h" "
+#ifdef HAVE_SYS_STREAM_H
+# include <sys/stream.h>
+#endif
+
+"
+if test "x$ac_cv_header_sys_ptms_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_SYS_PTMS_H 1
+_ACEOF
+
+fi
+
+done
+
+
+# login_cap.h requires sys/types.h on NetBSD
+for ac_header in login_cap.h
+do :
+ ac_fn_c_check_header_compile "$LINENO" "login_cap.h" "ac_cv_header_login_cap_h" "
+#include <sys/types.h>
+
+"
+if test "x$ac_cv_header_login_cap_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LOGIN_CAP_H 1
+_ACEOF
+
+fi
+
+done
+
+
+# older BSDs need sys/param.h before sys/mount.h
+for ac_header in sys/mount.h
+do :
+ ac_fn_c_check_header_compile "$LINENO" "sys/mount.h" "ac_cv_header_sys_mount_h" "
+#include <sys/param.h>
+
+"
+if test "x$ac_cv_header_sys_mount_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_SYS_MOUNT_H 1
+_ACEOF
+
+fi
+
+done
+
+
+# Android requires sys/socket.h to be included before sys/un.h
+for ac_header in sys/un.h
+do :
+ ac_fn_c_check_header_compile "$LINENO" "sys/un.h" "ac_cv_header_sys_un_h" "
+#include <sys/types.h>
+#include <sys/socket.h>
+
+"
+if test "x$ac_cv_header_sys_un_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_SYS_UN_H 1
+_ACEOF
+
+fi
+
+done
+
+
+# Messages for features tested for in target-specific section
+SIA_MSG="no"
+SPC_MSG="no"
+SP_MSG="no"
+
+# Check for some target-specific stuff
+case "$host" in
+*-*-aix*)
+ # Some versions of VAC won't allow macro redefinitions at
+ # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
+ # particularly with older versions of vac or xlc.
+ # It also throws errors about null macro argments, but these are
+ # not fatal.
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if compiler allows macro redefinitions" >&5
+$as_echo_n "checking if compiler allows macro redefinitions... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#define testmacro foo
+#define testmacro bar
+int
+main ()
+{
+ exit(0);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
+ LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
+ CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
+ CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to specify blibpath for linker ($LD)" >&5
+$as_echo_n "checking how to specify blibpath for linker ($LD)... " >&6; }
+ if (test -z "$blibpath"); then
+ blibpath="/usr/lib:/lib"
+ fi
+ saved_LDFLAGS="$LDFLAGS"
+ if test "$GCC" = "yes"; then
+ flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
+ else
+ flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
+ fi
+ for tryflags in $flags ;do
+ if (test -z "$blibflags"); then
+ LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ blibflags=$tryflags
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ fi
+ done
+ if (test -z "$blibflags"); then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5
+$as_echo "not found" >&6; }
+ as_fn_error $? "*** must be able to specify blibpath on AIX - check config.log" "$LINENO" 5
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $blibflags" >&5
+$as_echo "$blibflags" >&6; }
+ fi
+ LDFLAGS="$saved_LDFLAGS"
+ ac_fn_c_check_func "$LINENO" "authenticate" "ac_cv_func_authenticate"
+if test "x$ac_cv_func_authenticate" = xyes; then :
+
+$as_echo "#define WITH_AIXAUTHENTICATE 1" >>confdefs.h
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for authenticate in -ls" >&5
+$as_echo_n "checking for authenticate in -ls... " >&6; }
+if ${ac_cv_lib_s_authenticate+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ls $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char authenticate ();
+int
+main ()
+{
+return authenticate ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_s_authenticate=yes
+else
+ ac_cv_lib_s_authenticate=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_s_authenticate" >&5
+$as_echo "$ac_cv_lib_s_authenticate" >&6; }
+if test "x$ac_cv_lib_s_authenticate" = xyes; then :
+ $as_echo "#define WITH_AIXAUTHENTICATE 1" >>confdefs.h
+
+ LIBS="$LIBS -ls"
+
+fi
+
+
+fi
+
+ ac_fn_c_check_decl "$LINENO" "authenticate" "ac_cv_have_decl_authenticate" "#include <usersec.h>
+"
+if test "x$ac_cv_have_decl_authenticate" = xyes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_AUTHENTICATE $ac_have_decl
+_ACEOF
+ac_fn_c_check_decl "$LINENO" "loginrestrictions" "ac_cv_have_decl_loginrestrictions" "#include <usersec.h>
+"
+if test "x$ac_cv_have_decl_loginrestrictions" = xyes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_LOGINRESTRICTIONS $ac_have_decl
+_ACEOF
+ac_fn_c_check_decl "$LINENO" "loginsuccess" "ac_cv_have_decl_loginsuccess" "#include <usersec.h>
+"
+if test "x$ac_cv_have_decl_loginsuccess" = xyes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_LOGINSUCCESS $ac_have_decl
+_ACEOF
+ac_fn_c_check_decl "$LINENO" "passwdexpired" "ac_cv_have_decl_passwdexpired" "#include <usersec.h>
+"
+if test "x$ac_cv_have_decl_passwdexpired" = xyes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_PASSWDEXPIRED $ac_have_decl
+_ACEOF
+ac_fn_c_check_decl "$LINENO" "setauthdb" "ac_cv_have_decl_setauthdb" "#include <usersec.h>
+"
+if test "x$ac_cv_have_decl_setauthdb" = xyes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_SETAUTHDB $ac_have_decl
+_ACEOF
+
+ ac_fn_c_check_decl "$LINENO" "loginfailed" "ac_cv_have_decl_loginfailed" "#include <usersec.h>
+
+"
+if test "x$ac_cv_have_decl_loginfailed" = xyes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_LOGINFAILED $ac_have_decl
+_ACEOF
+if test $ac_have_decl = 1; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if loginfailed takes 4 arguments" >&5
+$as_echo_n "checking if loginfailed takes 4 arguments... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <usersec.h>
+int
+main ()
+{
+ (void)loginfailed("user","host","tty",0);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define AIX_LOGINFAILED_4ARG 1" >>confdefs.h
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+ for ac_func in getgrset setauthdb
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+ ac_fn_c_check_decl "$LINENO" "F_CLOSEM" "ac_cv_have_decl_F_CLOSEM" " #include <limits.h>
+ #include <fcntl.h>
+
+"
+if test "x$ac_cv_have_decl_F_CLOSEM" = xyes; then :
+
+$as_echo "#define HAVE_FCNTL_CLOSEM 1" >>confdefs.h
+
+fi
+
+ check_for_aix_broken_getaddrinfo=1
+
+$as_echo "#define BROKEN_REALPATH 1" >>confdefs.h
+
+
+$as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
+
+
+$as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
+
+
+$as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
+
+
+$as_echo "#define DISABLE_LASTLOG 1" >>confdefs.h
+
+
+$as_echo "#define LOGIN_NEEDS_UTMPX 1" >>confdefs.h
+
+
+$as_echo "#define SPT_TYPE SPT_REUSEARGV" >>confdefs.h
+
+
+$as_echo "#define SSHPAM_CHAUTHTOK_NEEDS_RUID 1" >>confdefs.h
+
+
+$as_echo "#define PTY_ZEROREAD 1" >>confdefs.h
+
+
+$as_echo "#define PLATFORM_SYS_DIR_UID 2" >>confdefs.h
+
+ ;;
+*-*-android*)
+
+$as_echo "#define DISABLE_UTMP 1" >>confdefs.h
+
+
+$as_echo "#define DISABLE_WTMP 1" >>confdefs.h
+
+ ;;
+*-*-cygwin*)
+ check_for_libcrypt_later=1
+ LIBS="$LIBS /usr/lib/textreadmode.o"
+
+$as_echo "#define HAVE_CYGWIN 1" >>confdefs.h
+
+
+$as_echo "#define USE_PIPES 1" >>confdefs.h
+
+
+$as_echo "#define DISABLE_SHADOW 1" >>confdefs.h
+
+
+$as_echo "#define NO_X11_UNIX_SOCKETS 1" >>confdefs.h
+
+
+$as_echo "#define NO_IPPORT_RESERVED_CONCEPT 1" >>confdefs.h
+
+
+$as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h
+
+
+$as_echo "#define SSH_IOBUFSZ 65535" >>confdefs.h
+
+
+$as_echo "#define FILESYSTEM_NO_BACKSLASH 1" >>confdefs.h
+
+ ;;
+*-*-dgux*)
+
+$as_echo "#define IP_TOS_IS_BROKEN 1" >>confdefs.h
+
+ $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
+
+ ;;
+*-*-darwin*)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we have working getaddrinfo" >&5
+$as_echo_n "checking if we have working getaddrinfo... " >&6; }
+ if test "$cross_compiling" = yes; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: assume it is working" >&5
+$as_echo "assume it is working" >&6; }
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <mach-o/dyld.h>
+main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
+ exit(0);
+ else
+ exit(1);
+}
+
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: working" >&5
+$as_echo "working" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: buggy" >&5
+$as_echo "buggy" >&6; }
+
+$as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h
+
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+ $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
+
+
+$as_echo "#define BROKEN_GLOB 1" >>confdefs.h
+
+
+cat >>confdefs.h <<_ACEOF
+#define BIND_8_COMPAT 1
+_ACEOF
+
+
+$as_echo "#define SSH_TUN_FREEBSD 1" >>confdefs.h
+
+
+$as_echo "#define SSH_TUN_COMPAT_AF 1" >>confdefs.h
+
+
+$as_echo "#define SSH_TUN_PREPEND_AF 1" >>confdefs.h
+
+
+ ac_fn_c_check_decl "$LINENO" "AU_IPv4" "ac_cv_have_decl_AU_IPv4" "$ac_includes_default"
+if test "x$ac_cv_have_decl_AU_IPv4" = xyes; then :
+
+else
+
+$as_echo "#define AU_IPv4 0" >>confdefs.h
+
+ #include <bsm/audit.h>
+
+$as_echo "#define LASTLOG_WRITE_PUTUTXLINE 1" >>confdefs.h
+
+
+fi
+
+
+$as_echo "#define SPT_TYPE SPT_REUSEARGV" >>confdefs.h
+
+ for ac_func in sandbox_init
+do :
+ ac_fn_c_check_func "$LINENO" "sandbox_init" "ac_cv_func_sandbox_init"
+if test "x$ac_cv_func_sandbox_init" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_SANDBOX_INIT 1
+_ACEOF
+
+fi
+done
+
+ for ac_header in sandbox.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "sandbox.h" "ac_cv_header_sandbox_h" "$ac_includes_default"
+if test "x$ac_cv_header_sandbox_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_SANDBOX_H 1
+_ACEOF
+
+fi
+
+done
+
+ ;;
+*-*-dragonfly*)
+ SSHDLIBS="$SSHDLIBS -lcrypt"
+ ;;
+*-*-haiku*)
+ LIBS="$LIBS -lbsd "
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socket in -lnetwork" >&5
+$as_echo_n "checking for socket in -lnetwork... " >&6; }
+if ${ac_cv_lib_network_socket+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lnetwork $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char socket ();
+int
+main ()
+{
+return socket ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_network_socket=yes
+else
+ ac_cv_lib_network_socket=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_network_socket" >&5
+$as_echo "$ac_cv_lib_network_socket" >&6; }
+if test "x$ac_cv_lib_network_socket" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBNETWORK 1
+_ACEOF
+
+ LIBS="-lnetwork $LIBS"
+
+fi
+
+ $as_echo "#define HAVE_U_INT64_T 1" >>confdefs.h
+
+ MANTYPE=man
+ ;;
+*-*-hpux*)
+ # first we define all of the options common to all HP-UX releases
+ CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
+ IPADDR_IN_DISPLAY=yes
+ $as_echo "#define USE_PIPES 1" >>confdefs.h
+
+
+$as_echo "#define LOGIN_NO_ENDOPT 1" >>confdefs.h
+
+ $as_echo "#define LOGIN_NEEDS_UTMPX 1" >>confdefs.h
+
+
+$as_echo "#define LOCKED_PASSWD_STRING \"*\"" >>confdefs.h
+
+ $as_echo "#define SPT_TYPE SPT_PSTAT" >>confdefs.h
+
+
+$as_echo "#define PLATFORM_SYS_DIR_UID 2" >>confdefs.h
+
+ maildir="/var/mail"
+ LIBS="$LIBS -lsec"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for t_error in -lxnet" >&5
+$as_echo_n "checking for t_error in -lxnet... " >&6; }
+if ${ac_cv_lib_xnet_t_error+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lxnet $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char t_error ();
+int
+main ()
+{
+return t_error ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_xnet_t_error=yes
+else
+ ac_cv_lib_xnet_t_error=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_xnet_t_error" >&5
+$as_echo "$ac_cv_lib_xnet_t_error" >&6; }
+if test "x$ac_cv_lib_xnet_t_error" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBXNET 1
+_ACEOF
+
+ LIBS="-lxnet $LIBS"
+
+else
+ as_fn_error $? "*** -lxnet needed on HP-UX - check config.log ***" "$LINENO" 5
+fi
+
+
+ # next, we define all of the options specific to major releases
+ case "$host" in
+ *-*-hpux10*)
+ if test -z "$GCC"; then
+ CFLAGS="$CFLAGS -Ae"
+ fi
+ ;;
+ *-*-hpux11*)
+
+$as_echo "#define PAM_SUN_CODEBASE 1" >>confdefs.h
+
+
+$as_echo "#define DISABLE_UTMP 1" >>confdefs.h
+
+
+$as_echo "#define USE_BTMP 1" >>confdefs.h
+
+ check_for_hpux_broken_getaddrinfo=1
+ check_for_conflicting_getspnam=1
+ ;;
+ esac
+
+ # lastly, we define options specific to minor releases
+ case "$host" in
+ *-*-hpux10.26)
+
+$as_echo "#define HAVE_SECUREWARE 1" >>confdefs.h
+
+ disable_ptmx_check=yes
+ LIBS="$LIBS -lsecpw"
+ ;;
+ esac
+ ;;
+*-*-irix5*)
+ PATH="$PATH:/usr/etc"
+
+$as_echo "#define BROKEN_INET_NTOA 1" >>confdefs.h
+
+ $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
+
+
+$as_echo "#define WITH_ABBREV_NO_TTY 1" >>confdefs.h
+
+ $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h
+
+ ;;
+*-*-irix6*)
+ PATH="$PATH:/usr/etc"
+
+$as_echo "#define WITH_IRIX_ARRAY 1" >>confdefs.h
+
+
+$as_echo "#define WITH_IRIX_PROJECT 1" >>confdefs.h
+
+
+$as_echo "#define WITH_IRIX_AUDIT 1" >>confdefs.h
+
+ ac_fn_c_check_func "$LINENO" "jlimit_startjob" "ac_cv_func_jlimit_startjob"
+if test "x$ac_cv_func_jlimit_startjob" = xyes; then :
+
+$as_echo "#define WITH_IRIX_JOBS 1" >>confdefs.h
+
+fi
+
+ $as_echo "#define BROKEN_INET_NTOA 1" >>confdefs.h
+
+ $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
+
+
+$as_echo "#define BROKEN_UPDWTMPX 1" >>confdefs.h
+
+ $as_echo "#define WITH_ABBREV_NO_TTY 1" >>confdefs.h
+
+ $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h
+
+ ;;
+*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
+ check_for_libcrypt_later=1
+ $as_echo "#define PAM_TTY_KLUDGE 1" >>confdefs.h
+
+ $as_echo "#define LOCKED_PASSWD_PREFIX \"!\"" >>confdefs.h
+
+ $as_echo "#define SPT_TYPE SPT_REUSEARGV" >>confdefs.h
+
+
+$as_echo "#define _PATH_BTMP \"/var/log/btmp\"" >>confdefs.h
+
+
+$as_echo "#define USE_BTMP 1" >>confdefs.h
+
+ ;;
+*-*-linux*)
+ no_dev_ptmx=1
+ check_for_libcrypt_later=1
+ check_for_openpty_ctty_bug=1
+
+$as_echo "#define PAM_TTY_KLUDGE 1" >>confdefs.h
+
+
+$as_echo "#define LOCKED_PASSWD_PREFIX \"!\"" >>confdefs.h
+
+ $as_echo "#define SPT_TYPE SPT_REUSEARGV" >>confdefs.h
+
+
+$as_echo "#define LINK_OPNOTSUPP_ERRNO EPERM" >>confdefs.h
+
+
+$as_echo "#define _PATH_BTMP \"/var/log/btmp\"" >>confdefs.h
+
+ $as_echo "#define USE_BTMP 1" >>confdefs.h
+
+
+$as_echo "#define LINUX_OOM_ADJUST 1" >>confdefs.h
+
+ inet6_default_4in6=yes
+ case `uname -r` in
+ 1.*|2.0.*)
+
+$as_echo "#define BROKEN_CMSG_TYPE 1" >>confdefs.h
+
+ ;;
+ esac
+ # tun(4) forwarding compat code
+ for ac_header in linux/if_tun.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "linux/if_tun.h" "ac_cv_header_linux_if_tun_h" "$ac_includes_default"
+if test "x$ac_cv_header_linux_if_tun_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LINUX_IF_TUN_H 1
+_ACEOF
+
+fi
+
+done
+
+ if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
+
+$as_echo "#define SSH_TUN_LINUX 1" >>confdefs.h
+
+
+$as_echo "#define SSH_TUN_COMPAT_AF 1" >>confdefs.h
+
+
+$as_echo "#define SSH_TUN_PREPEND_AF 1" >>confdefs.h
+
+ fi
+ for ac_header in linux/seccomp.h linux/filter.h linux/audit.h
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "#include <linux/types.h>
+"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+ for ac_func in prctl
+do :
+ ac_fn_c_check_func "$LINENO" "prctl" "ac_cv_func_prctl"
+if test "x$ac_cv_func_prctl" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_PRCTL 1
+_ACEOF
+
+fi
+done
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for seccomp architecture" >&5
+$as_echo_n "checking for seccomp architecture... " >&6; }
+ seccomp_audit_arch=
+ case "$host" in
+ x86_64-*)
+ seccomp_audit_arch=AUDIT_ARCH_X86_64
+ ;;
+ i*86-*)
+ seccomp_audit_arch=AUDIT_ARCH_I386
+ ;;
+ arm*-*)
+ seccomp_audit_arch=AUDIT_ARCH_ARM
+ ;;
+ esac
+ if test "x$seccomp_audit_arch" != "x" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: \"$seccomp_audit_arch\"" >&5
+$as_echo "\"$seccomp_audit_arch\"" >&6; }
+
+cat >>confdefs.h <<_ACEOF
+#define SECCOMP_AUDIT_ARCH $seccomp_audit_arch
+_ACEOF
+
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: architecture not supported" >&5
+$as_echo "architecture not supported" >&6; }
+ fi
+ ;;
+mips-sony-bsd|mips-sony-newsos4)
+
+$as_echo "#define NEED_SETPGRP 1" >>confdefs.h
+
+ SONY=1
+ ;;
+*-*-netbsd*)
+ check_for_libcrypt_before=1
+ if test "x$withval" != "xno" ; then
+ need_dash_r=1
+ fi
+
+$as_echo "#define SSH_TUN_FREEBSD 1" >>confdefs.h
+
+ ac_fn_c_check_header_mongrel "$LINENO" "net/if_tap.h" "ac_cv_header_net_if_tap_h" "$ac_includes_default"
+if test "x$ac_cv_header_net_if_tap_h" = xyes; then :
+
+else
+
+$as_echo "#define SSH_TUN_NO_L2 1" >>confdefs.h
+
+fi
+
+
+
+$as_echo "#define SSH_TUN_PREPEND_AF 1" >>confdefs.h
+
+ ;;
+*-*-freebsd*)
+ check_for_libcrypt_later=1
+
+$as_echo "#define LOCKED_PASSWD_PREFIX \"*LOCKED*\"" >>confdefs.h
+
+
+$as_echo "#define SSH_TUN_FREEBSD 1" >>confdefs.h
+
+ ac_fn_c_check_header_mongrel "$LINENO" "net/if_tap.h" "ac_cv_header_net_if_tap_h" "$ac_includes_default"
+if test "x$ac_cv_header_net_if_tap_h" = xyes; then :
+
+else
+
+$as_echo "#define SSH_TUN_NO_L2 1" >>confdefs.h
+
+fi
+
+
+
+$as_echo "#define BROKEN_GLOB 1" >>confdefs.h
+
+
+$as_echo "#define BROKEN_STRNVIS 1" >>confdefs.h
+
+ ;;
+*-*-bsdi*)
+ $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
+
+ ;;
+*-next-*)
+ conf_lastlog_location="/usr/adm/lastlog"
+ conf_utmp_location=/etc/utmp
+ conf_wtmp_location=/usr/adm/wtmp
+ maildir=/usr/spool/mail
+
+$as_echo "#define HAVE_NEXT 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_REALPATH 1" >>confdefs.h
+
+ $as_echo "#define USE_PIPES 1" >>confdefs.h
+
+
+$as_echo "#define BROKEN_SAVED_UIDS 1" >>confdefs.h
+
+ ;;
+*-*-openbsd*)
+
+$as_echo "#define HAVE_ATTRIBUTE__SENTINEL__ 1" >>confdefs.h
+
+
+$as_echo "#define HAVE_ATTRIBUTE__BOUNDED__ 1" >>confdefs.h
+
+
+$as_echo "#define SSH_TUN_OPENBSD 1" >>confdefs.h
+
+
+$as_echo "#define SYSLOG_R_SAFE_IN_SIGHAND 1" >>confdefs.h
+
+ ;;
+*-*-solaris*)
+ if test "x$withval" != "xno" ; then
+ need_dash_r=1
+ fi
+ $as_echo "#define PAM_SUN_CODEBASE 1" >>confdefs.h
+
+ $as_echo "#define LOGIN_NEEDS_UTMPX 1" >>confdefs.h
+
+
+$as_echo "#define LOGIN_NEEDS_TERM 1" >>confdefs.h
+
+ $as_echo "#define PAM_TTY_KLUDGE 1" >>confdefs.h
+
+
+$as_echo "#define SSHPAM_CHAUTHTOK_NEEDS_RUID 1" >>confdefs.h
+
+ $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h
+
+ # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
+
+$as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h
+
+
+$as_echo "#define PASSWD_NEEDS_USERNAME 1" >>confdefs.h
+
+
+$as_echo "#define BROKEN_TCGETATTR_ICANON 1" >>confdefs.h
+
+ external_path_file=/etc/default/login
+ # hardwire lastlog location (can't detect it on some versions)
+ conf_lastlog_location="/var/adm/lastlog"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for obsolete utmp and wtmp in solaris2.x" >&5
+$as_echo_n "checking for obsolete utmp and wtmp in solaris2.x... " >&6; }
+ sol2ver=`echo "$host"| sed -e 's/.*[0-9]\.//'`
+ if test "$sol2ver" -ge 8; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ $as_echo "#define DISABLE_UTMP 1" >>confdefs.h
+
+
+$as_echo "#define DISABLE_WTMP 1" >>confdefs.h
+
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+
+# Check whether --with-solaris-contracts was given.
+if test "${with_solaris_contracts+set}" = set; then :
+ withval=$with_solaris_contracts;
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ct_tmpl_activate in -lcontract" >&5
+$as_echo_n "checking for ct_tmpl_activate in -lcontract... " >&6; }
+if ${ac_cv_lib_contract_ct_tmpl_activate+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lcontract $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char ct_tmpl_activate ();
+int
+main ()
+{
+return ct_tmpl_activate ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_contract_ct_tmpl_activate=yes
+else
+ ac_cv_lib_contract_ct_tmpl_activate=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_contract_ct_tmpl_activate" >&5
+$as_echo "$ac_cv_lib_contract_ct_tmpl_activate" >&6; }
+if test "x$ac_cv_lib_contract_ct_tmpl_activate" = xyes; then :
+
+$as_echo "#define USE_SOLARIS_PROCESS_CONTRACTS 1" >>confdefs.h
+
+ SSHDLIBS="$SSHDLIBS -lcontract"
+ SPC_MSG="yes"
+fi
+
+
+fi
+
+
+# Check whether --with-solaris-projects was given.
+if test "${with_solaris_projects+set}" = set; then :
+ withval=$with_solaris_projects;
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for setproject in -lproject" >&5
+$as_echo_n "checking for setproject in -lproject... " >&6; }
+if ${ac_cv_lib_project_setproject+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lproject $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char setproject ();
+int
+main ()
+{
+return setproject ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_project_setproject=yes
+else
+ ac_cv_lib_project_setproject=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_project_setproject" >&5
+$as_echo "$ac_cv_lib_project_setproject" >&6; }
+if test "x$ac_cv_lib_project_setproject" = xyes; then :
+
+$as_echo "#define USE_SOLARIS_PROJECTS 1" >>confdefs.h
+
+ SSHDLIBS="$SSHDLIBS -lproject"
+ SP_MSG="yes"
+fi
+
+
+fi
+
+ TEST_SHELL=$SHELL # let configure find us a capable shell
+ ;;
+*-*-sunos4*)
+ CPPFLAGS="$CPPFLAGS -DSUNOS4"
+ for ac_func in getpwanam
+do :
+ ac_fn_c_check_func "$LINENO" "getpwanam" "ac_cv_func_getpwanam"
+if test "x$ac_cv_func_getpwanam" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_GETPWANAM 1
+_ACEOF
+
+fi
+done
+
+ $as_echo "#define PAM_SUN_CODEBASE 1" >>confdefs.h
+
+ conf_utmp_location=/etc/utmp
+ conf_wtmp_location=/var/adm/wtmp
+ conf_lastlog_location=/var/adm/lastlog
+ $as_echo "#define USE_PIPES 1" >>confdefs.h
+
+ ;;
+*-ncr-sysv*)
+ LIBS="$LIBS -lc89"
+ $as_echo "#define USE_PIPES 1" >>confdefs.h
+
+ $as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h
+
+ $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
+
+ ;;
+*-sni-sysv*)
+ # /usr/ucblib MUST NOT be searched on ReliantUNIX
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlsym in -ldl" >&5
+$as_echo_n "checking for dlsym in -ldl... " >&6; }
+if ${ac_cv_lib_dl_dlsym+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldl $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlsym ();
+int
+main ()
+{
+return dlsym ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_dl_dlsym=yes
+else
+ ac_cv_lib_dl_dlsym=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlsym" >&5
+$as_echo "$ac_cv_lib_dl_dlsym" >&6; }
+if test "x$ac_cv_lib_dl_dlsym" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBDL 1
+_ACEOF
+
+ LIBS="-ldl $LIBS"
+
+fi
+
+ # -lresolv needs to be at the end of LIBS or DNS lookups break
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for res_query in -lresolv" >&5
+$as_echo_n "checking for res_query in -lresolv... " >&6; }
+if ${ac_cv_lib_resolv_res_query+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lresolv $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char res_query ();
+int
+main ()
+{
+return res_query ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_resolv_res_query=yes
+else
+ ac_cv_lib_resolv_res_query=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv_res_query" >&5
+$as_echo "$ac_cv_lib_resolv_res_query" >&6; }
+if test "x$ac_cv_lib_resolv_res_query" = xyes; then :
+ LIBS="$LIBS -lresolv"
+fi
+
+ IPADDR_IN_DISPLAY=yes
+ $as_echo "#define USE_PIPES 1" >>confdefs.h
+
+ $as_echo "#define IP_TOS_IS_BROKEN 1" >>confdefs.h
+
+ $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
+
+ $as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h
+
+ external_path_file=/etc/default/login
+ # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
+ # Attention: always take care to bind libsocket and libnsl before libc,
+ # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
+ ;;
+# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
+*-*-sysv4.2*)
+ $as_echo "#define USE_PIPES 1" >>confdefs.h
+
+ $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
+
+
+$as_echo "#define PASSWD_NEEDS_USERNAME 1" >>confdefs.h
+
+ $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h
+
+ TEST_SHELL=$SHELL # let configure find us a capable shell
+ ;;
+# UnixWare 7.x, OpenUNIX 8
+*-*-sysv5*)
+ CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
+
+$as_echo "#define UNIXWARE_LONG_PASSWORDS 1" >>confdefs.h
+
+ $as_echo "#define USE_PIPES 1" >>confdefs.h
+
+ $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
+
+ $as_echo "#define PASSWD_NEEDS_USERNAME 1" >>confdefs.h
+
+ TEST_SHELL=$SHELL # let configure find us a capable shell
+ case "$host" in
+ *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
+ maildir=/var/spool/mail
+
+$as_echo "#define BROKEN_LIBIAF 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_UPDWTMPX 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getluid in -lprot" >&5
+$as_echo_n "checking for getluid in -lprot... " >&6; }
+if ${ac_cv_lib_prot_getluid+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lprot $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char getluid ();
+int
+main ()
+{
+return getluid ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_prot_getluid=yes
+else
+ ac_cv_lib_prot_getluid=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_prot_getluid" >&5
+$as_echo "$ac_cv_lib_prot_getluid" >&6; }
+if test "x$ac_cv_lib_prot_getluid" = xyes; then :
+ LIBS="$LIBS -lprot"
+ for ac_func in getluid setluid
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+ $as_echo "#define HAVE_SECUREWARE 1" >>confdefs.h
+
+ $as_echo "#define DISABLE_SHADOW 1" >>confdefs.h
+
+
+fi
+
+ ;;
+ *) $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h
+
+ check_for_libcrypt_later=1
+ ;;
+ esac
+ ;;
+*-*-sysv*)
+ ;;
+# SCO UNIX and OEM versions of SCO UNIX
+*-*-sco3.2v4*)
+ as_fn_error $? "\"This Platform is no longer supported.\"" "$LINENO" 5
+ ;;
+# SCO OpenServer 5.x
+*-*-sco3.2v5*)
+ if test -z "$GCC"; then
+ CFLAGS="$CFLAGS -belf"
+ fi
+ LIBS="$LIBS -lprot -lx -ltinfo -lm"
+ no_dev_ptmx=1
+ $as_echo "#define USE_PIPES 1" >>confdefs.h
+
+ $as_echo "#define HAVE_SECUREWARE 1" >>confdefs.h
+
+ $as_echo "#define DISABLE_SHADOW 1" >>confdefs.h
+
+ $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h
+
+ $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
+
+ $as_echo "#define WITH_ABBREV_NO_TTY 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_UPDWTMPX 1" >>confdefs.h
+
+ $as_echo "#define PASSWD_NEEDS_USERNAME 1" >>confdefs.h
+
+ for ac_func in getluid setluid
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+ MANTYPE=man
+ TEST_SHELL=$SHELL # let configure find us a capable shell
+ SKIP_DISABLE_LASTLOG_DEFINE=yes
+ ;;
+*-*-unicosmk*)
+
+$as_echo "#define NO_SSH_LASTLOG 1" >>confdefs.h
+
+ $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
+
+ $as_echo "#define USE_PIPES 1" >>confdefs.h
+
+ $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h
+
+ LDFLAGS="$LDFLAGS"
+ LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
+ MANTYPE=cat
+ ;;
+*-*-unicosmp*)
+ $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
+
+ $as_echo "#define WITH_ABBREV_NO_TTY 1" >>confdefs.h
+
+ $as_echo "#define USE_PIPES 1" >>confdefs.h
+
+ $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h
+
+ LDFLAGS="$LDFLAGS"
+ LIBS="$LIBS -lgen -lacid -ldb"
+ MANTYPE=cat
+ ;;
+*-*-unicos*)
+ $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
+
+ $as_echo "#define USE_PIPES 1" >>confdefs.h
+
+ $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h
+
+ $as_echo "#define NO_SSH_LASTLOG 1" >>confdefs.h
+
+ LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
+ LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
+ MANTYPE=cat
+ ;;
+*-dec-osf*)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Digital Unix SIA" >&5
+$as_echo_n "checking for Digital Unix SIA... " >&6; }
+ no_osfsia=""
+
+# Check whether --with-osfsia was given.
+if test "${with_osfsia+set}" = set; then :
+ withval=$with_osfsia;
+ if test "x$withval" = "xno" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: disabled" >&5
+$as_echo "disabled" >&6; }
+ no_osfsia=1
+ fi
+
+fi
+
+ if test -z "$no_osfsia" ; then
+ if test -f /etc/sia/matrix.conf; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define HAVE_OSF_SIA 1" >>confdefs.h
+
+
+$as_echo "#define DISABLE_LOGIN 1" >>confdefs.h
+
+ $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h
+
+ LIBS="$LIBS -lsecurity -ldb -lm -laud"
+ SIA_MSG="yes"
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+$as_echo "#define LOCKED_PASSWD_SUBSTR \"Nologin\"" >>confdefs.h
+
+ fi
+ fi
+ $as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h
+
+ $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
+
+
+$as_echo "#define BROKEN_READV_COMPARISON 1" >>confdefs.h
+
+ ;;
+
+*-*-nto-qnx*)
+ $as_echo "#define USE_PIPES 1" >>confdefs.h
+
+ $as_echo "#define NO_X11_UNIX_SOCKETS 1" >>confdefs.h
+
+ $as_echo "#define DISABLE_LASTLOG 1" >>confdefs.h
+
+ $as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h
+
+
+$as_echo "#define BROKEN_SHADOW_EXPIRE 1" >>confdefs.h
+
+ enable_etc_default_login=no # has incompatible /etc/default/login
+ case "$host" in
+ *-*-nto-qnx6*)
+ $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h
+
+ ;;
+ esac
+ ;;
+
+*-*-ultrix*)
+
+$as_echo "#define BROKEN_GETGROUPS 1" >>confdefs.h
+
+
+$as_echo "#define BROKEN_MMAP 1" >>confdefs.h
+
+ $as_echo "#define NEED_SETPGRP 1" >>confdefs.h
+
+
+$as_echo "#define HAVE_SYS_SYSLOG_H 1" >>confdefs.h
+
+ ;;
+
+*-*-lynxos)
+ CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
+
+$as_echo "#define BROKEN_SETVBUF 1" >>confdefs.h
+
+ ;;
+esac
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking compiler and flags for sanity" >&5
+$as_echo_n "checking compiler and flags for sanity... " >&6; }
+if test "$cross_compiling" = yes; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking compiler sanity" >&5
+$as_echo "$as_me: WARNING: cross compiling: not checking compiler sanity" >&2;}
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <stdio.h>
+int
+main ()
+{
+ exit(0);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ as_fn_error $? "*** compiler cannot create working executables, check config.log ***" "$LINENO" 5
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+
+# Checks for libraries.
+ac_fn_c_check_func "$LINENO" "yp_match" "ac_cv_func_yp_match"
+if test "x$ac_cv_func_yp_match" = xyes; then :
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for yp_match in -lnsl" >&5
+$as_echo_n "checking for yp_match in -lnsl... " >&6; }
+if ${ac_cv_lib_nsl_yp_match+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lnsl $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char yp_match ();
+int
+main ()
+{
+return yp_match ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_nsl_yp_match=yes
+else
+ ac_cv_lib_nsl_yp_match=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nsl_yp_match" >&5
+$as_echo "$ac_cv_lib_nsl_yp_match" >&6; }
+if test "x$ac_cv_lib_nsl_yp_match" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBNSL 1
+_ACEOF
+
+ LIBS="-lnsl $LIBS"
+
+fi
+
+fi
+
+ac_fn_c_check_func "$LINENO" "setsockopt" "ac_cv_func_setsockopt"
+if test "x$ac_cv_func_setsockopt" = xyes; then :
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for setsockopt in -lsocket" >&5
+$as_echo_n "checking for setsockopt in -lsocket... " >&6; }
+if ${ac_cv_lib_socket_setsockopt+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lsocket $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char setsockopt ();
+int
+main ()
+{
+return setsockopt ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_socket_setsockopt=yes
+else
+ ac_cv_lib_socket_setsockopt=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_socket_setsockopt" >&5
+$as_echo "$ac_cv_lib_socket_setsockopt" >&6; }
+if test "x$ac_cv_lib_socket_setsockopt" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBSOCKET 1
+_ACEOF
+
+ LIBS="-lsocket $LIBS"
+
+fi
+
+fi
+
+
+for ac_func in dirname
+do :
+ ac_fn_c_check_func "$LINENO" "dirname" "ac_cv_func_dirname"
+if test "x$ac_cv_func_dirname" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_DIRNAME 1
+_ACEOF
+ for ac_header in libgen.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "libgen.h" "ac_cv_header_libgen_h" "$ac_includes_default"
+if test "x$ac_cv_header_libgen_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBGEN_H 1
+_ACEOF
+
+fi
+
+done
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dirname in -lgen" >&5
+$as_echo_n "checking for dirname in -lgen... " >&6; }
+if ${ac_cv_lib_gen_dirname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lgen $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dirname ();
+int
+main ()
+{
+return dirname ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_gen_dirname=yes
+else
+ ac_cv_lib_gen_dirname=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gen_dirname" >&5
+$as_echo "$ac_cv_lib_gen_dirname" >&6; }
+if test "x$ac_cv_lib_gen_dirname" = xyes; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for broken dirname" >&5
+$as_echo_n "checking for broken dirname... " >&6; }
+if ${ac_cv_have_broken_dirname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ save_LIBS="$LIBS"
+ LIBS="$LIBS -lgen"
+ if test "$cross_compiling" = yes; then :
+ ac_cv_have_broken_dirname="no"
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <libgen.h>
+#include <string.h>
+
+int main(int argc, char **argv) {
+ char *s, buf[32];
+
+ strncpy(buf,"/etc", 32);
+ s = dirname(buf);
+ if (!s || strncmp(s, "/", 32) != 0) {
+ exit(1);
+ } else {
+ exit(0);
+ }
+}
+
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ ac_cv_have_broken_dirname="no"
+else
+ ac_cv_have_broken_dirname="yes"
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+ LIBS="$save_LIBS"
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_broken_dirname" >&5
+$as_echo "$ac_cv_have_broken_dirname" >&6; }
+ if test "x$ac_cv_have_broken_dirname" = "xno" ; then
+ LIBS="$LIBS -lgen"
+ $as_echo "#define HAVE_DIRNAME 1" >>confdefs.h
+
+ for ac_header in libgen.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "libgen.h" "ac_cv_header_libgen_h" "$ac_includes_default"
+if test "x$ac_cv_header_libgen_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBGEN_H 1
+_ACEOF
+
+fi
+
+done
+
+ fi
+
+fi
+
+
+fi
+done
+
+
+ac_fn_c_check_func "$LINENO" "getspnam" "ac_cv_func_getspnam"
+if test "x$ac_cv_func_getspnam" = xyes; then :
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getspnam in -lgen" >&5
+$as_echo_n "checking for getspnam in -lgen... " >&6; }
+if ${ac_cv_lib_gen_getspnam+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lgen $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char getspnam ();
+int
+main ()
+{
+return getspnam ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_gen_getspnam=yes
+else
+ ac_cv_lib_gen_getspnam=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gen_getspnam" >&5
+$as_echo "$ac_cv_lib_gen_getspnam" >&6; }
+if test "x$ac_cv_lib_gen_getspnam" = xyes; then :
+ LIBS="$LIBS -lgen"
+fi
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing basename" >&5
+$as_echo_n "checking for library containing basename... " >&6; }
+if ${ac_cv_search_basename+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char basename ();
+int
+main ()
+{
+return basename ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' gen; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_basename=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_basename+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_basename+:} false; then :
+
+else
+ ac_cv_search_basename=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_basename" >&5
+$as_echo "$ac_cv_search_basename" >&6; }
+ac_res=$ac_cv_search_basename
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+$as_echo "#define HAVE_BASENAME 1" >>confdefs.h
+
+fi
+
+
+
+# Check whether --with-zlib was given.
+if test "${with_zlib+set}" = set; then :
+ withval=$with_zlib; if test "x$withval" = "xno" ; then
+ as_fn_error $? "*** zlib is required ***" "$LINENO" 5
+ elif test "x$withval" != "xyes"; then
+ if test -d "$withval/lib"; then
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
+ else
+ LDFLAGS="-L${withval}/lib ${LDFLAGS}"
+ fi
+ else
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
+ else
+ LDFLAGS="-L${withval} ${LDFLAGS}"
+ fi
+ fi
+ if test -d "$withval/include"; then
+ CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
+ else
+ CPPFLAGS="-I${withval} ${CPPFLAGS}"
+ fi
+ fi
+
+fi
+
+
+ac_fn_c_check_header_mongrel "$LINENO" "zlib.h" "ac_cv_header_zlib_h" "$ac_includes_default"
+if test "x$ac_cv_header_zlib_h" = xyes; then :
+
+else
+ as_fn_error $? "*** zlib.h missing - please install first or check config.log ***" "$LINENO" 5
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for deflate in -lz" >&5
+$as_echo_n "checking for deflate in -lz... " >&6; }
+if ${ac_cv_lib_z_deflate+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lz $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char deflate ();
+int
+main ()
+{
+return deflate ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_z_deflate=yes
+else
+ ac_cv_lib_z_deflate=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_deflate" >&5
+$as_echo "$ac_cv_lib_z_deflate" >&6; }
+if test "x$ac_cv_lib_z_deflate" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBZ 1
+_ACEOF
+
+ LIBS="-lz $LIBS"
+
+else
+
+ saved_CPPFLAGS="$CPPFLAGS"
+ saved_LDFLAGS="$LDFLAGS"
+ save_LIBS="$LIBS"
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
+ else
+ LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
+ fi
+ CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
+ LIBS="$LIBS -lz"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char deflate ();
+int
+main ()
+{
+return deflate ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ $as_echo "#define HAVE_LIBZ 1" >>confdefs.h
+
+else
+
+ as_fn_error $? "*** zlib missing - please install first or check config.log ***" "$LINENO" 5
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+
+fi
+
+
+
+# Check whether --with-zlib-version-check was given.
+if test "${with_zlib_version_check+set}" = set; then :
+ withval=$with_zlib_version_check; if test "x$withval" = "xno" ; then
+ zlib_check_nonfatal=1
+ fi
+
+
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for possibly buggy zlib" >&5
+$as_echo_n "checking for possibly buggy zlib... " >&6; }
+if test "$cross_compiling" = yes; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking zlib version" >&5
+$as_echo "$as_me: WARNING: cross compiling: not checking zlib version" >&2;}
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <zlib.h>
+
+int
+main ()
+{
+
+ int a=0, b=0, c=0, d=0, n, v;
+ n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
+ if (n != 3 && n != 4)
+ exit(1);
+ v = a*1000000 + b*10000 + c*100 + d;
+ fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
+
+ /* 1.1.4 is OK */
+ if (a == 1 && b == 1 && c >= 4)
+ exit(0);
+
+ /* 1.2.3 and up are OK */
+ if (v >= 1020300)
+ exit(0);
+
+ exit(2);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ if test -z "$zlib_check_nonfatal" ; then
+ as_fn_error $? "*** zlib too old - check config.log ***
+Your reported zlib version has known security problems. It's possible your
+vendor has fixed these problems without changing the version number. If you
+are sure this is the case, you can disable the check by running
+\"./configure --without-zlib-version-check\".
+If you are in doubt, upgrade zlib to version 1.2.3 or greater.
+See http://www.gzip.org/zlib/ for details." "$LINENO" 5
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: zlib version may have security problems" >&5
+$as_echo "$as_me: WARNING: zlib version may have security problems" >&2;}
+ fi
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+
+ac_fn_c_check_func "$LINENO" "strcasecmp" "ac_cv_func_strcasecmp"
+if test "x$ac_cv_func_strcasecmp" = xyes; then :
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for strcasecmp in -lresolv" >&5
+$as_echo_n "checking for strcasecmp in -lresolv... " >&6; }
+if ${ac_cv_lib_resolv_strcasecmp+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lresolv $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char strcasecmp ();
+int
+main ()
+{
+return strcasecmp ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_resolv_strcasecmp=yes
+else
+ ac_cv_lib_resolv_strcasecmp=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv_strcasecmp" >&5
+$as_echo "$ac_cv_lib_resolv_strcasecmp" >&6; }
+if test "x$ac_cv_lib_resolv_strcasecmp" = xyes; then :
+ LIBS="$LIBS -lresolv"
+fi
+
+
+fi
+
+for ac_func in utimes
+do :
+ ac_fn_c_check_func "$LINENO" "utimes" "ac_cv_func_utimes"
+if test "x$ac_cv_func_utimes" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_UTIMES 1
+_ACEOF
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for utimes in -lc89" >&5
+$as_echo_n "checking for utimes in -lc89... " >&6; }
+if ${ac_cv_lib_c89_utimes+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lc89 $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char utimes ();
+int
+main ()
+{
+return utimes ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_c89_utimes=yes
+else
+ ac_cv_lib_c89_utimes=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_c89_utimes" >&5
+$as_echo "$ac_cv_lib_c89_utimes" >&6; }
+if test "x$ac_cv_lib_c89_utimes" = xyes; then :
+ $as_echo "#define HAVE_UTIMES 1" >>confdefs.h
+
+ LIBS="$LIBS -lc89"
+fi
+
+
+fi
+done
+
+
+for ac_header in bsd/libutil.h libutil.h
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing fmt_scaled" >&5
+$as_echo_n "checking for library containing fmt_scaled... " >&6; }
+if ${ac_cv_search_fmt_scaled+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char fmt_scaled ();
+int
+main ()
+{
+return fmt_scaled ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' util bsd; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_fmt_scaled=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_fmt_scaled+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_fmt_scaled+:} false; then :
+
+else
+ ac_cv_search_fmt_scaled=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_fmt_scaled" >&5
+$as_echo "$ac_cv_search_fmt_scaled" >&6; }
+ac_res=$ac_cv_search_fmt_scaled
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing scan_scaled" >&5
+$as_echo_n "checking for library containing scan_scaled... " >&6; }
+if ${ac_cv_search_scan_scaled+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char scan_scaled ();
+int
+main ()
+{
+return scan_scaled ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' util bsd; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_scan_scaled=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_scan_scaled+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_scan_scaled+:} false; then :
+
+else
+ ac_cv_search_scan_scaled=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_scan_scaled" >&5
+$as_echo "$ac_cv_search_scan_scaled" >&6; }
+ac_res=$ac_cv_search_scan_scaled
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing login" >&5
+$as_echo_n "checking for library containing login... " >&6; }
+if ${ac_cv_search_login+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char login ();
+int
+main ()
+{
+return login ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' util bsd; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_login=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_login+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_login+:} false; then :
+
+else
+ ac_cv_search_login=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_login" >&5
+$as_echo "$ac_cv_search_login" >&6; }
+ac_res=$ac_cv_search_login
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing logout" >&5
+$as_echo_n "checking for library containing logout... " >&6; }
+if ${ac_cv_search_logout+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char logout ();
+int
+main ()
+{
+return logout ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' util bsd; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_logout=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_logout+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_logout+:} false; then :
+
+else
+ ac_cv_search_logout=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_logout" >&5
+$as_echo "$ac_cv_search_logout" >&6; }
+ac_res=$ac_cv_search_logout
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing logwtmp" >&5
+$as_echo_n "checking for library containing logwtmp... " >&6; }
+if ${ac_cv_search_logwtmp+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char logwtmp ();
+int
+main ()
+{
+return logwtmp ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' util bsd; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_logwtmp=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_logwtmp+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_logwtmp+:} false; then :
+
+else
+ ac_cv_search_logwtmp=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_logwtmp" >&5
+$as_echo "$ac_cv_search_logwtmp" >&6; }
+ac_res=$ac_cv_search_logwtmp
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing openpty" >&5
+$as_echo_n "checking for library containing openpty... " >&6; }
+if ${ac_cv_search_openpty+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char openpty ();
+int
+main ()
+{
+return openpty ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' util bsd; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_openpty=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_openpty+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_openpty+:} false; then :
+
+else
+ ac_cv_search_openpty=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_openpty" >&5
+$as_echo "$ac_cv_search_openpty" >&6; }
+ac_res=$ac_cv_search_openpty
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing updwtmp" >&5
+$as_echo_n "checking for library containing updwtmp... " >&6; }
+if ${ac_cv_search_updwtmp+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char updwtmp ();
+int
+main ()
+{
+return updwtmp ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' util bsd; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_updwtmp=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_updwtmp+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_updwtmp+:} false; then :
+
+else
+ ac_cv_search_updwtmp=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_updwtmp" >&5
+$as_echo "$ac_cv_search_updwtmp" >&6; }
+ac_res=$ac_cv_search_updwtmp
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+for ac_func in fmt_scaled scan_scaled login logout openpty updwtmp logwtmp
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
+for ac_func in strftime
+do :
+ ac_fn_c_check_func "$LINENO" "strftime" "ac_cv_func_strftime"
+if test "x$ac_cv_func_strftime" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_STRFTIME 1
+_ACEOF
+
+else
+ # strftime is in -lintl on SCO UNIX.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for strftime in -lintl" >&5
+$as_echo_n "checking for strftime in -lintl... " >&6; }
+if ${ac_cv_lib_intl_strftime+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lintl $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char strftime ();
+int
+main ()
+{
+return strftime ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_intl_strftime=yes
+else
+ ac_cv_lib_intl_strftime=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_intl_strftime" >&5
+$as_echo "$ac_cv_lib_intl_strftime" >&6; }
+if test "x$ac_cv_lib_intl_strftime" = xyes; then :
+ $as_echo "#define HAVE_STRFTIME 1" >>confdefs.h
+
+LIBS="-lintl $LIBS"
+fi
+
+fi
+done
+
+
+# Check for ALTDIRFUNC glob() extension
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for GLOB_ALTDIRFUNC support" >&5
+$as_echo_n "checking for GLOB_ALTDIRFUNC support... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+ #include <glob.h>
+ #ifdef GLOB_ALTDIRFUNC
+ FOUNDIT
+ #endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "FOUNDIT" >/dev/null 2>&1; then :
+
+
+$as_echo "#define GLOB_HAS_ALTDIRFUNC 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+
+fi
+rm -f conftest*
+
+
+# Check for g.gl_matchc glob() extension
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for gl_matchc field in glob_t" >&5
+$as_echo_n "checking for gl_matchc field in glob_t... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <glob.h>
+int
+main ()
+{
+ glob_t g; g.gl_matchc = 1;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+
+$as_echo "#define GLOB_HAS_GL_MATCHC 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+# Check for g.gl_statv glob() extension
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for gl_statv and GLOB_KEEPSTAT extensions for glob" >&5
+$as_echo_n "checking for gl_statv and GLOB_KEEPSTAT extensions for glob... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <glob.h>
+int
+main ()
+{
+
+#ifndef GLOB_KEEPSTAT
+#error "glob does not support GLOB_KEEPSTAT extension"
+#endif
+glob_t g;
+g.gl_statv = NULL;
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+
+$as_echo "#define GLOB_HAS_GL_STATV 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+ac_fn_c_check_decl "$LINENO" "GLOB_NOMATCH" "ac_cv_have_decl_GLOB_NOMATCH" "#include <glob.h>
+"
+if test "x$ac_cv_have_decl_GLOB_NOMATCH" = xyes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_GLOB_NOMATCH $ac_have_decl
+_ACEOF
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether struct dirent allocates space for d_name" >&5
+$as_echo_n "checking whether struct dirent allocates space for d_name... " >&6; }
+if test "$cross_compiling" = yes; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME" >&5
+$as_echo "$as_me: WARNING: cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME" >&2;}
+ $as_echo "#define BROKEN_ONE_BYTE_DIRENT_D_NAME 1" >>confdefs.h
+
+
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <dirent.h>
+int
+main ()
+{
+
+ struct dirent d;
+ exit(sizeof(d.d_name)<=sizeof(char));
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+$as_echo "#define BROKEN_ONE_BYTE_DIRENT_D_NAME 1" >>confdefs.h
+
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for /proc/pid/fd directory" >&5
+$as_echo_n "checking for /proc/pid/fd directory... " >&6; }
+if test -d "/proc/$$/fd" ; then
+
+$as_echo "#define HAVE_PROC_PID 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+# Check whether user wants S/Key support
+SKEY_MSG="no"
+
+# Check whether --with-skey was given.
+if test "${with_skey+set}" = set; then :
+ withval=$with_skey;
+ if test "x$withval" != "xno" ; then
+
+ if test "x$withval" != "xyes" ; then
+ CPPFLAGS="$CPPFLAGS -I${withval}/include"
+ LDFLAGS="$LDFLAGS -L${withval}/lib"
+ fi
+
+
+$as_echo "#define SKEY 1" >>confdefs.h
+
+ LIBS="-lskey $LIBS"
+ SKEY_MSG="yes"
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for s/key support" >&5
+$as_echo_n "checking for s/key support... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdio.h>
+#include <skey.h>
+
+int
+main ()
+{
+
+ char *ff = skey_keyinfo(""); ff="";
+ exit(0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ as_fn_error $? "** Incomplete or missing s/key libraries." "$LINENO" 5
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if skeychallenge takes 4 arguments" >&5
+$as_echo_n "checking if skeychallenge takes 4 arguments... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdio.h>
+#include <skey.h>
+
+int
+main ()
+{
+
+ (void)skeychallenge(NULL,"name","",0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define SKEYCHALLENGE_4ARG 1" >>confdefs.h
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ fi
+
+
+fi
+
+
+# Check whether user wants TCP wrappers support
+TCPW_MSG="no"
+
+# Check whether --with-tcp-wrappers was given.
+if test "${with_tcp_wrappers+set}" = set; then :
+ withval=$with_tcp_wrappers;
+ if test "x$withval" != "xno" ; then
+ saved_LIBS="$LIBS"
+ saved_LDFLAGS="$LDFLAGS"
+ saved_CPPFLAGS="$CPPFLAGS"
+ if test -n "${withval}" && \
+ test "x${withval}" != "xyes"; then
+ if test -d "${withval}/lib"; then
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
+ else
+ LDFLAGS="-L${withval}/lib ${LDFLAGS}"
+ fi
+ else
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
+ else
+ LDFLAGS="-L${withval} ${LDFLAGS}"
+ fi
+ fi
+ if test -d "${withval}/include"; then
+ CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
+ else
+ CPPFLAGS="-I${withval} ${CPPFLAGS}"
+ fi
+ fi
+ LIBS="-lwrap $LIBS"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libwrap" >&5
+$as_echo_n "checking for libwrap... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <tcpd.h>
+int deny_severity = 0, allow_severity = 0;
+
+int
+main ()
+{
+
+ hosts_access(0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define LIBWRAP 1" >>confdefs.h
+
+ SSHDLIBS="$SSHDLIBS -lwrap"
+ TCPW_MSG="yes"
+
+else
+
+ as_fn_error $? "*** libwrap missing" "$LINENO" 5
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LIBS="$saved_LIBS"
+ fi
+
+
+fi
+
+
+# Check whether user wants to use ldns
+LDNS_MSG="no"
+
+# Check whether --with-ldns was given.
+if test "${with_ldns+set}" = set; then :
+ withval=$with_ldns;
+ if test "x$withval" != "xno" ; then
+
+ if test "x$withval" != "xyes" ; then
+ CPPFLAGS="$CPPFLAGS -I${withval}/include"
+ LDFLAGS="$LDFLAGS -L${withval}/lib"
+ fi
+
+
+$as_echo "#define HAVE_LDNS 1" >>confdefs.h
+
+ LIBS="-lldns $LIBS"
+ LDNS_MSG="yes"
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ldns support" >&5
+$as_echo_n "checking for ldns support... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <ldns/ldns.h>
+int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
+
+
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ as_fn_error $? "** Incomplete or missing ldns libraries." "$LINENO" 5
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ fi
+
+
+fi
+
+
+# Check whether user wants libedit support
+LIBEDIT_MSG="no"
+
+# Check whether --with-libedit was given.
+if test "${with_libedit+set}" = set; then :
+ withval=$with_libedit; if test "x$withval" != "xno" ; then
+ if test "x$withval" = "xyes" ; then
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args.
+set dummy ${ac_tool_prefix}pkg-config; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_PKGCONFIG+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $PKGCONFIG in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_PKGCONFIG="$PKGCONFIG" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+PKGCONFIG=$ac_cv_path_PKGCONFIG
+if test -n "$PKGCONFIG"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKGCONFIG" >&5
+$as_echo "$PKGCONFIG" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_path_PKGCONFIG"; then
+ ac_pt_PKGCONFIG=$PKGCONFIG
+ # Extract the first word of "pkg-config", so it can be a program name with args.
+set dummy pkg-config; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_ac_pt_PKGCONFIG+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $ac_pt_PKGCONFIG in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_ac_pt_PKGCONFIG="$ac_pt_PKGCONFIG" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_ac_pt_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+ac_pt_PKGCONFIG=$ac_cv_path_ac_pt_PKGCONFIG
+if test -n "$ac_pt_PKGCONFIG"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKGCONFIG" >&5
+$as_echo "$ac_pt_PKGCONFIG" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_pt_PKGCONFIG" = x; then
+ PKGCONFIG="no"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ PKGCONFIG=$ac_pt_PKGCONFIG
+ fi
+else
+ PKGCONFIG="$ac_cv_path_PKGCONFIG"
+fi
+
+ if test "x$PKGCONFIG" != "xno"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $PKGCONFIG knows about libedit" >&5
+$as_echo_n "checking if $PKGCONFIG knows about libedit... " >&6; }
+ if "$PKGCONFIG" libedit; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ use_pkgconfig_for_libedit=yes
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+ fi
+ else
+ CPPFLAGS="$CPPFLAGS -I${withval}/include"
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
+ else
+ LDFLAGS="-L${withval}/lib ${LDFLAGS}"
+ fi
+ fi
+ if test "x$use_pkgconfig_for_libedit" = "xyes"; then
+ LIBEDIT=`$PKGCONFIG --libs-only-l libedit`
+ CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
+ else
+ LIBEDIT="-ledit -lcurses"
+ fi
+ OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for el_init in -ledit" >&5
+$as_echo_n "checking for el_init in -ledit... " >&6; }
+if ${ac_cv_lib_edit_el_init+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ledit $OTHERLIBS
+ $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char el_init ();
+int
+main ()
+{
+return el_init ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_edit_el_init=yes
+else
+ ac_cv_lib_edit_el_init=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_edit_el_init" >&5
+$as_echo "$ac_cv_lib_edit_el_init" >&6; }
+if test "x$ac_cv_lib_edit_el_init" = xyes; then :
+
+$as_echo "#define USE_LIBEDIT 1" >>confdefs.h
+
+ LIBEDIT_MSG="yes"
+
+
+else
+ as_fn_error $? "libedit not found" "$LINENO" 5
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libedit version is compatible" >&5
+$as_echo_n "checking if libedit version is compatible... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <histedit.h>
+int
+main ()
+{
+
+ int i = H_SETSIZE;
+ el_init("", NULL, NULL, NULL);
+ exit(0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ as_fn_error $? "libedit version is not compatible" "$LINENO" 5
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ fi
+
+fi
+
+
+AUDIT_MODULE=none
+
+# Check whether --with-audit was given.
+if test "${with_audit+set}" = set; then :
+ withval=$with_audit;
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for supported audit module" >&5
+$as_echo_n "checking for supported audit module... " >&6; }
+ case "$withval" in
+ bsm)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: bsm" >&5
+$as_echo "bsm" >&6; }
+ AUDIT_MODULE=bsm
+ for ac_header in bsm/audit.h
+do :
+ ac_fn_c_check_header_compile "$LINENO" "bsm/audit.h" "ac_cv_header_bsm_audit_h" "
+#ifdef HAVE_TIME_H
+# include <time.h>
+#endif
+
+
+"
+if test "x$ac_cv_header_bsm_audit_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_BSM_AUDIT_H 1
+_ACEOF
+
+else
+ as_fn_error $? "BSM enabled and bsm/audit.h not found" "$LINENO" 5
+fi
+
+done
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getaudit in -lbsm" >&5
+$as_echo_n "checking for getaudit in -lbsm... " >&6; }
+if ${ac_cv_lib_bsm_getaudit+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lbsm $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char getaudit ();
+int
+main ()
+{
+return getaudit ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_bsm_getaudit=yes
+else
+ ac_cv_lib_bsm_getaudit=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_bsm_getaudit" >&5
+$as_echo "$ac_cv_lib_bsm_getaudit" >&6; }
+if test "x$ac_cv_lib_bsm_getaudit" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBBSM 1
+_ACEOF
+
+ LIBS="-lbsm $LIBS"
+
+else
+ as_fn_error $? "BSM enabled and required library not found" "$LINENO" 5
+fi
+
+ for ac_func in getaudit
+do :
+ ac_fn_c_check_func "$LINENO" "getaudit" "ac_cv_func_getaudit"
+if test "x$ac_cv_func_getaudit" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_GETAUDIT 1
+_ACEOF
+
+else
+ as_fn_error $? "BSM enabled and required function not found" "$LINENO" 5
+fi
+done
+
+ # These are optional
+ for ac_func in getaudit_addr aug_get_machine
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
+$as_echo "#define USE_BSM_AUDIT 1" >>confdefs.h
+
+ if test "$sol2ver" -eq 11; then
+ SSHDLIBS="$SSHDLIBS -lscf"
+
+$as_echo "#define BROKEN_BSM_API 1" >>confdefs.h
+
+ fi
+ ;;
+ linux)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: linux" >&5
+$as_echo "linux" >&6; }
+ AUDIT_MODULE=linux
+ for ac_header in libaudit.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "libaudit.h" "ac_cv_header_libaudit_h" "$ac_includes_default"
+if test "x$ac_cv_header_libaudit_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBAUDIT_H 1
+_ACEOF
+
+fi
+
+done
+
+ SSHDLIBS="$SSHDLIBS -laudit"
+
+$as_echo "#define USE_LINUX_AUDIT 1" >>confdefs.h
+
+ ;;
+ debug)
+ AUDIT_MODULE=debug
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: debug" >&5
+$as_echo "debug" >&6; }
+
+$as_echo "#define SSH_AUDIT_EVENTS 1" >>confdefs.h
+
+ ;;
+ no)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ ;;
+ *)
+ as_fn_error $? "Unknown audit module $withval" "$LINENO" 5
+ ;;
+ esac
+
+fi
+
+
+for ac_func in \
+ arc4random \
+ arc4random_buf \
+ arc4random_uniform \
+ asprintf \
+ b64_ntop \
+ __b64_ntop \
+ b64_pton \
+ __b64_pton \
+ bcopy \
+ bindresvport_sa \
+ clock \
+ closefrom \
+ dirfd \
+ endgrent \
+ fchmod \
+ fchown \
+ freeaddrinfo \
+ fstatvfs \
+ futimes \
+ getaddrinfo \
+ getcwd \
+ getgrouplist \
+ getnameinfo \
+ getopt \
+ getpeereid \
+ getpeerucred \
+ getpgid \
+ getpgrp \
+ _getpty \
+ getrlimit \
+ getttyent \
+ glob \
+ group_from_gid \
+ inet_aton \
+ inet_ntoa \
+ inet_ntop \
+ innetgr \
+ login_getcapbool \
+ mblen \
+ md5_crypt \
+ memmove \
+ mkdtemp \
+ mmap \
+ ngetaddrinfo \
+ nsleep \
+ ogetaddrinfo \
+ openlog_r \
+ poll \
+ prctl \
+ pstat \
+ readpassphrase \
+ realpath \
+ recvmsg \
+ rresvport_af \
+ sendmsg \
+ setdtablesize \
+ setegid \
+ setenv \
+ seteuid \
+ setgroupent \
+ setgroups \
+ setlinebuf \
+ setlogin \
+ setpassent\
+ setpcred \
+ setproctitle \
+ setregid \
+ setreuid \
+ setrlimit \
+ setsid \
+ setvbuf \
+ sigaction \
+ sigvec \
+ snprintf \
+ socketpair \
+ statfs \
+ statvfs \
+ strdup \
+ strerror \
+ strlcat \
+ strlcpy \
+ strmode \
+ strnlen \
+ strnvis \
+ strptime \
+ strtonum \
+ strtoll \
+ strtoul \
+ strtoull \
+ swap32 \
+ sysconf \
+ tcgetpgrp \
+ timingsafe_bcmp \
+ truncate \
+ unsetenv \
+ updwtmpx \
+ user_from_uid \
+ usleep \
+ vasprintf \
+ vhangup \
+ vsnprintf \
+ waitpid \
+
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <ctype.h>
+int
+main ()
+{
+ return (isblank('a'));
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+$as_echo "#define HAVE_ISBLANK 1" >>confdefs.h
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+# PKCS#11 support requires dlopen() and co
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dlopen" >&5
+$as_echo_n "checking for library containing dlopen... " >&6; }
+if ${ac_cv_search_dlopen+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlopen ();
+int
+main ()
+{
+return dlopen ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' dl; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_dlopen=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_dlopen+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_dlopen+:} false; then :
+
+else
+ ac_cv_search_dlopen=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dlopen" >&5
+$as_echo "$ac_cv_search_dlopen" >&6; }
+ac_res=$ac_cv_search_dlopen
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+$as_echo "#define ENABLE_PKCS11 /**/" >>confdefs.h
+
+
+fi
+
+
+# IRIX has a const char return value for gai_strerror()
+for ac_func in gai_strerror
+do :
+ ac_fn_c_check_func "$LINENO" "gai_strerror" "ac_cv_func_gai_strerror"
+if test "x$ac_cv_func_gai_strerror" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_GAI_STRERROR 1
+_ACEOF
+
+ $as_echo "#define HAVE_GAI_STRERROR 1" >>confdefs.h
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netdb.h>
+
+const char *gai_strerror(int);
+
+int
+main ()
+{
+
+ char *str;
+ str = gai_strerror(0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+
+$as_echo "#define HAVE_CONST_GAI_STRERROR_PROTO 1" >>confdefs.h
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+done
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing nanosleep" >&5
+$as_echo_n "checking for library containing nanosleep... " >&6; }
+if ${ac_cv_search_nanosleep+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char nanosleep ();
+int
+main ()
+{
+return nanosleep ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' rt posix4; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_nanosleep=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_nanosleep+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_nanosleep+:} false; then :
+
+else
+ ac_cv_search_nanosleep=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_nanosleep" >&5
+$as_echo "$ac_cv_search_nanosleep" >&6; }
+ac_res=$ac_cv_search_nanosleep
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+$as_echo "#define HAVE_NANOSLEEP 1" >>confdefs.h
+
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing clock_gettime" >&5
+$as_echo_n "checking for library containing clock_gettime... " >&6; }
+if ${ac_cv_search_clock_gettime+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char clock_gettime ();
+int
+main ()
+{
+return clock_gettime ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' rt; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_clock_gettime=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_clock_gettime+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_clock_gettime+:} false; then :
+
+else
+ ac_cv_search_clock_gettime=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_clock_gettime" >&5
+$as_echo "$ac_cv_search_clock_gettime" >&6; }
+ac_res=$ac_cv_search_clock_gettime
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+$as_echo "#define HAVE_CLOCK_GETTIME 1" >>confdefs.h
+
+fi
+
+
+ac_fn_c_check_decl "$LINENO" "getrusage" "ac_cv_have_decl_getrusage" "$ac_includes_default"
+if test "x$ac_cv_have_decl_getrusage" = xyes; then :
+ for ac_func in getrusage
+do :
+ ac_fn_c_check_func "$LINENO" "getrusage" "ac_cv_func_getrusage"
+if test "x$ac_cv_func_getrusage" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_GETRUSAGE 1
+_ACEOF
+
+fi
+done
+
+fi
+
+ac_fn_c_check_decl "$LINENO" "strsep" "ac_cv_have_decl_strsep" "
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif
+
+"
+if test "x$ac_cv_have_decl_strsep" = xyes; then :
+ for ac_func in strsep
+do :
+ ac_fn_c_check_func "$LINENO" "strsep" "ac_cv_func_strsep"
+if test "x$ac_cv_func_strsep" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_STRSEP 1
+_ACEOF
+
+fi
+done
+
+fi
+
+
+ac_fn_c_check_decl "$LINENO" "tcsendbreak" "ac_cv_have_decl_tcsendbreak" "#include <termios.h>
+
+"
+if test "x$ac_cv_have_decl_tcsendbreak" = xyes; then :
+ $as_echo "#define HAVE_TCSENDBREAK 1" >>confdefs.h
+
+else
+ for ac_func in tcsendbreak
+do :
+ ac_fn_c_check_func "$LINENO" "tcsendbreak" "ac_cv_func_tcsendbreak"
+if test "x$ac_cv_func_tcsendbreak" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_TCSENDBREAK 1
+_ACEOF
+
+fi
+done
+
+fi
+
+
+ac_fn_c_check_decl "$LINENO" "h_errno" "ac_cv_have_decl_h_errno" "#include <netdb.h>
+"
+if test "x$ac_cv_have_decl_h_errno" = xyes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_H_ERRNO $ac_have_decl
+_ACEOF
+
+
+ac_fn_c_check_decl "$LINENO" "SHUT_RD" "ac_cv_have_decl_SHUT_RD" "
+#include <sys/types.h>
+#include <sys/socket.h>
+
+"
+if test "x$ac_cv_have_decl_SHUT_RD" = xyes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_SHUT_RD $ac_have_decl
+_ACEOF
+
+
+ac_fn_c_check_decl "$LINENO" "O_NONBLOCK" "ac_cv_have_decl_O_NONBLOCK" "
+#include <sys/types.h>
+#ifdef HAVE_SYS_STAT_H
+# include <sys/stat.h>
+#endif
+#ifdef HAVE_FCNTL_H
+# include <fcntl.h>
+#endif
+
+"
+if test "x$ac_cv_have_decl_O_NONBLOCK" = xyes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_O_NONBLOCK $ac_have_decl
+_ACEOF
+
+
+ac_fn_c_check_decl "$LINENO" "writev" "ac_cv_have_decl_writev" "
+#include <sys/types.h>
+#include <sys/uio.h>
+#include <unistd.h>
+
+"
+if test "x$ac_cv_have_decl_writev" = xyes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_WRITEV $ac_have_decl
+_ACEOF
+
+
+ac_fn_c_check_decl "$LINENO" "MAXSYMLINKS" "ac_cv_have_decl_MAXSYMLINKS" "
+#include <sys/param.h>
+
+"
+if test "x$ac_cv_have_decl_MAXSYMLINKS" = xyes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_MAXSYMLINKS $ac_have_decl
+_ACEOF
+
+
+ac_fn_c_check_decl "$LINENO" "offsetof" "ac_cv_have_decl_offsetof" "
+#include <stddef.h>
+
+"
+if test "x$ac_cv_have_decl_offsetof" = xyes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_OFFSETOF $ac_have_decl
+_ACEOF
+
+
+# extra bits for select(2)
+ac_fn_c_check_decl "$LINENO" "howmany" "ac_cv_have_decl_howmany" "
+#include <sys/param.h>
+#include <sys/types.h>
+#ifdef HAVE_SYS_SYSMACROS_H
+#include <sys/sysmacros.h>
+#endif
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+#ifdef HAVE_SYS_TIME_H
+#include <sys/time.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+"
+if test "x$ac_cv_have_decl_howmany" = xyes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_HOWMANY $ac_have_decl
+_ACEOF
+ac_fn_c_check_decl "$LINENO" "NFDBITS" "ac_cv_have_decl_NFDBITS" "
+#include <sys/param.h>
+#include <sys/types.h>
+#ifdef HAVE_SYS_SYSMACROS_H
+#include <sys/sysmacros.h>
+#endif
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+#ifdef HAVE_SYS_TIME_H
+#include <sys/time.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+"
+if test "x$ac_cv_have_decl_NFDBITS" = xyes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_NFDBITS $ac_have_decl
+_ACEOF
+
+ac_fn_c_check_type "$LINENO" "fd_mask" "ac_cv_type_fd_mask" "
+#include <sys/param.h>
+#include <sys/types.h>
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+#ifdef HAVE_SYS_TIME_H
+#include <sys/time.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+"
+if test "x$ac_cv_type_fd_mask" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_FD_MASK 1
+_ACEOF
+
+
+fi
+
+
+for ac_func in setresuid
+do :
+ ac_fn_c_check_func "$LINENO" "setresuid" "ac_cv_func_setresuid"
+if test "x$ac_cv_func_setresuid" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_SETRESUID 1
+_ACEOF
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if setresuid seems to work" >&5
+$as_echo_n "checking if setresuid seems to work... " >&6; }
+ if test "$cross_compiling" = yes; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking setresuid" >&5
+$as_echo "$as_me: WARNING: cross compiling: not checking setresuid" >&2;}
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdlib.h>
+#include <errno.h>
+
+int
+main ()
+{
+
+ errno=0;
+ setresuid(0,0,0);
+ if (errno==ENOSYS)
+ exit(1);
+ else
+ exit(0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+
+$as_echo "#define BROKEN_SETRESUID 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: not implemented" >&5
+$as_echo "not implemented" >&6; }
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+
+fi
+done
+
+
+for ac_func in setresgid
+do :
+ ac_fn_c_check_func "$LINENO" "setresgid" "ac_cv_func_setresgid"
+if test "x$ac_cv_func_setresgid" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_SETRESGID 1
+_ACEOF
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if setresgid seems to work" >&5
+$as_echo_n "checking if setresgid seems to work... " >&6; }
+ if test "$cross_compiling" = yes; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking setresuid" >&5
+$as_echo "$as_me: WARNING: cross compiling: not checking setresuid" >&2;}
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdlib.h>
+#include <errno.h>
+
+int
+main ()
+{
+
+ errno=0;
+ setresgid(0,0,0);
+ if (errno==ENOSYS)
+ exit(1);
+ else
+ exit(0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+
+$as_echo "#define BROKEN_SETRESGID 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: not implemented" >&5
+$as_echo "not implemented" >&6; }
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+
+fi
+done
+
+
+for ac_func in gettimeofday time
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+for ac_func in endutent getutent getutid getutline pututline setutent
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+for ac_func in utmpname
+do :
+ ac_fn_c_check_func "$LINENO" "utmpname" "ac_cv_func_utmpname"
+if test "x$ac_cv_func_utmpname" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_UTMPNAME 1
+_ACEOF
+
+fi
+done
+
+for ac_func in endutxent getutxent getutxid getutxline getutxuser pututxline
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+for ac_func in setutxdb setutxent utmpxname
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+for ac_func in getlastlogxbyname
+do :
+ ac_fn_c_check_func "$LINENO" "getlastlogxbyname" "ac_cv_func_getlastlogxbyname"
+if test "x$ac_cv_func_getlastlogxbyname" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_GETLASTLOGXBYNAME 1
+_ACEOF
+
+fi
+done
+
+
+ac_fn_c_check_func "$LINENO" "daemon" "ac_cv_func_daemon"
+if test "x$ac_cv_func_daemon" = xyes; then :
+
+$as_echo "#define HAVE_DAEMON 1" >>confdefs.h
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for daemon in -lbsd" >&5
+$as_echo_n "checking for daemon in -lbsd... " >&6; }
+if ${ac_cv_lib_bsd_daemon+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lbsd $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char daemon ();
+int
+main ()
+{
+return daemon ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_bsd_daemon=yes
+else
+ ac_cv_lib_bsd_daemon=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_bsd_daemon" >&5
+$as_echo "$ac_cv_lib_bsd_daemon" >&6; }
+if test "x$ac_cv_lib_bsd_daemon" = xyes; then :
+ LIBS="$LIBS -lbsd"; $as_echo "#define HAVE_DAEMON 1" >>confdefs.h
+
+fi
+
+
+fi
+
+
+ac_fn_c_check_func "$LINENO" "getpagesize" "ac_cv_func_getpagesize"
+if test "x$ac_cv_func_getpagesize" = xyes; then :
+
+$as_echo "#define HAVE_GETPAGESIZE 1" >>confdefs.h
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getpagesize in -lucb" >&5
+$as_echo_n "checking for getpagesize in -lucb... " >&6; }
+if ${ac_cv_lib_ucb_getpagesize+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lucb $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char getpagesize ();
+int
+main ()
+{
+return getpagesize ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_ucb_getpagesize=yes
+else
+ ac_cv_lib_ucb_getpagesize=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ucb_getpagesize" >&5
+$as_echo "$ac_cv_lib_ucb_getpagesize" >&6; }
+if test "x$ac_cv_lib_ucb_getpagesize" = xyes; then :
+ LIBS="$LIBS -lucb"; $as_echo "#define HAVE_GETPAGESIZE 1" >>confdefs.h
+
+fi
+
+
+fi
+
+
+# Check for broken snprintf
+if test "x$ac_cv_func_snprintf" = "xyes" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether snprintf correctly terminates long strings" >&5
+$as_echo_n "checking whether snprintf correctly terminates long strings... " >&6; }
+ if test "$cross_compiling" = yes; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Assuming working snprintf()" >&5
+$as_echo "$as_me: WARNING: cross compiling: Assuming working snprintf()" >&2;}
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <stdio.h>
+int
+main ()
+{
+
+ char b[5];
+ snprintf(b,5,"123456789");
+ exit(b[4]!='\0');
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+$as_echo "#define BROKEN_SNPRINTF 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: ****** Your snprintf() function is broken, complain to your vendor" >&5
+$as_echo "$as_me: WARNING: ****** Your snprintf() function is broken, complain to your vendor" >&2;}
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+
+# If we don't have a working asprintf, then we strongly depend on vsnprintf
+# returning the right thing on overflow: the number of characters it tried to
+# create (as per SUSv3)
+if test "x$ac_cv_func_asprintf" != "xyes" && \
+ test "x$ac_cv_func_vsnprintf" = "xyes" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether vsnprintf returns correct values on overflow" >&5
+$as_echo_n "checking whether vsnprintf returns correct values on overflow... " >&6; }
+ if test "$cross_compiling" = yes; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Assuming working vsnprintf()" >&5
+$as_echo "$as_me: WARNING: cross compiling: Assuming working vsnprintf()" >&2;}
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <stdio.h>
+#include <stdarg.h>
+
+int x_snprintf(char *str,size_t count,const char *fmt,...)
+{
+ size_t ret; va_list ap;
+ va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
+ return ret;
+}
+
+int
+main ()
+{
+
+ char x[1];
+ exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+$as_echo "#define BROKEN_SNPRINTF 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: ****** Your vsnprintf() function is broken, complain to your vendor" >&5
+$as_echo "$as_me: WARNING: ****** Your vsnprintf() function is broken, complain to your vendor" >&2;}
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+
+# On systems where [v]snprintf is broken, but is declared in stdio,
+# check that the fmt argument is const char * or just char *.
+# This is only useful for when BROKEN_SNPRINTF
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether snprintf can declare const char *fmt" >&5
+$as_echo_n "checking whether snprintf can declare const char *fmt... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdio.h>
+int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
+
+int
+main ()
+{
+
+ snprintf(0, 0, 0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define SNPRINTF_CONST const" >>confdefs.h
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ $as_echo "#define SNPRINTF_CONST /* not const */" >>confdefs.h
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+# Check for missing getpeereid (or equiv) support
+NO_PEERCHECK=""
+if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether system supports SO_PEERCRED getsockopt" >&5
+$as_echo_n "checking whether system supports SO_PEERCRED getsockopt... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+int
+main ()
+{
+int i = SO_PEERCRED;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define HAVE_SO_PEERCRED 1" >>confdefs.h
+
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ NO_PEERCHECK=1
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for (overly) strict mkstemp" >&5
+$as_echo_n "checking for (overly) strict mkstemp... " >&6; }
+if test "$cross_compiling" = yes; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ $as_echo "#define HAVE_STRICT_MKSTEMP 1" >>confdefs.h
+
+
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdlib.h>
+
+int
+main ()
+{
+
+ char template[]="conftest.mkstemp-test";
+ if (mkstemp(template) == -1)
+ exit(1);
+ unlink(template);
+ exit(0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define HAVE_STRICT_MKSTEMP 1" >>confdefs.h
+
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+
+if test ! -z "$check_for_openpty_ctty_bug"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if openpty correctly handles controlling tty" >&5
+$as_echo_n "checking if openpty correctly handles controlling tty... " >&6; }
+ if test "$cross_compiling" = yes; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: cross-compiling, assuming yes" >&5
+$as_echo "cross-compiling, assuming yes" >&6; }
+
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdio.h>
+#include <sys/fcntl.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+
+int
+main ()
+{
+
+ pid_t pid;
+ int fd, ptyfd, ttyfd, status;
+
+ pid = fork();
+ if (pid < 0) { /* failed */
+ exit(1);
+ } else if (pid > 0) { /* parent */
+ waitpid(pid, &status, 0);
+ if (WIFEXITED(status))
+ exit(WEXITSTATUS(status));
+ else
+ exit(2);
+ } else { /* child */
+ close(0); close(1); close(2);
+ setsid();
+ openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
+ fd = open("/dev/tty", O_RDWR | O_NOCTTY);
+ if (fd >= 0)
+ exit(3); /* Acquired ctty: broken */
+ else
+ exit(0); /* Did not acquire ctty: OK */
+ }
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ $as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h
+
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+
+if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
+ test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if getaddrinfo seems to work" >&5
+$as_echo_n "checking if getaddrinfo seems to work... " >&6; }
+ if test "$cross_compiling" = yes; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: cross-compiling, assuming yes" >&5
+$as_echo "cross-compiling, assuming yes" >&6; }
+
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdio.h>
+#include <sys/socket.h>
+#include <netdb.h>
+#include <errno.h>
+#include <netinet/in.h>
+
+#define TEST_PORT "2222"
+
+int
+main ()
+{
+
+ int err, sock;
+ struct addrinfo *gai_ai, *ai, hints;
+ char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
+
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_family = PF_UNSPEC;
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_flags = AI_PASSIVE;
+
+ err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
+ if (err != 0) {
+ fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
+ exit(1);
+ }
+
+ for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
+ if (ai->ai_family != AF_INET6)
+ continue;
+
+ err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
+ sizeof(ntop), strport, sizeof(strport),
+ NI_NUMERICHOST|NI_NUMERICSERV);
+
+ if (err != 0) {
+ if (err == EAI_SYSTEM)
+ perror("getnameinfo EAI_SYSTEM");
+ else
+ fprintf(stderr, "getnameinfo failed: %s\n",
+ gai_strerror(err));
+ exit(2);
+ }
+
+ sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
+ if (sock < 0)
+ perror("socket");
+ if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
+ if (errno == EBADF)
+ exit(3);
+ }
+ }
+ exit(0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ $as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h
+
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+
+if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
+ test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if getaddrinfo seems to work" >&5
+$as_echo_n "checking if getaddrinfo seems to work... " >&6; }
+ if test "$cross_compiling" = yes; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: cross-compiling, assuming no" >&5
+$as_echo "cross-compiling, assuming no" >&6; }
+
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdio.h>
+#include <sys/socket.h>
+#include <netdb.h>
+#include <errno.h>
+#include <netinet/in.h>
+
+#define TEST_PORT "2222"
+
+int
+main ()
+{
+
+ int err, sock;
+ struct addrinfo *gai_ai, *ai, hints;
+ char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
+
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_family = PF_UNSPEC;
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_flags = AI_PASSIVE;
+
+ err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
+ if (err != 0) {
+ fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
+ exit(1);
+ }
+
+ for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
+ if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
+ continue;
+
+ err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
+ sizeof(ntop), strport, sizeof(strport),
+ NI_NUMERICHOST|NI_NUMERICSERV);
+
+ if (ai->ai_family == AF_INET && err != 0) {
+ perror("getnameinfo");
+ exit(2);
+ }
+ }
+ exit(0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define AIX_GETNAMEINFO_HACK 1" >>confdefs.h
+
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ $as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h
+
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+
+if test "x$check_for_conflicting_getspnam" = "x1"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for conflicting getspnam in shadow.h" >&5
+$as_echo_n "checking for conflicting getspnam in shadow.h... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <shadow.h>
+int
+main ()
+{
+ exit(0);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define GETSPNAM_CONFLICTING_DEFS 1" >>confdefs.h
+
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether getpgrp requires zero arguments" >&5
+$as_echo_n "checking whether getpgrp requires zero arguments... " >&6; }
+if ${ac_cv_func_getpgrp_void+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ # Use it with a single arg.
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+getpgrp (0);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_func_getpgrp_void=no
+else
+ ac_cv_func_getpgrp_void=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_getpgrp_void" >&5
+$as_echo "$ac_cv_func_getpgrp_void" >&6; }
+if test $ac_cv_func_getpgrp_void = yes; then
+
+$as_echo "#define GETPGRP_VOID 1" >>confdefs.h
+
+fi
+
+
+# Search for OpenSSL
+saved_CPPFLAGS="$CPPFLAGS"
+saved_LDFLAGS="$LDFLAGS"
+
+# Check whether --with-ssl-dir was given.
+if test "${with_ssl_dir+set}" = set; then :
+ withval=$with_ssl_dir;
+ if test "x$withval" != "xno" ; then
+ case "$withval" in
+ # Relative paths
+ ./*|../*) withval="`pwd`/$withval"
+ esac
+ if test -d "$withval/lib"; then
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
+ else
+ LDFLAGS="-L${withval}/lib ${LDFLAGS}"
+ fi
+ elif test -d "$withval/lib64"; then
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}"
+ else
+ LDFLAGS="-L${withval}/lib64 ${LDFLAGS}"
+ fi
+ else
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
+ else
+ LDFLAGS="-L${withval} ${LDFLAGS}"
+ fi
+ fi
+ if test -d "$withval/include"; then
+ CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
+ else
+ CPPFLAGS="-I${withval} ${CPPFLAGS}"
+ fi
+ fi
+
+
+fi
+
+LIBS="-lcrypto $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char RAND_add ();
+int
+main ()
+{
+return RAND_add ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+$as_echo "#define HAVE_OPENSSL 1" >>confdefs.h
+
+else
+
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
+ else
+ LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
+ fi
+ CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
+ ac_fn_c_check_header_mongrel "$LINENO" "openssl/opensslv.h" "ac_cv_header_openssl_opensslv_h" "$ac_includes_default"
+if test "x$ac_cv_header_openssl_opensslv_h" = xyes; then :
+
+else
+ as_fn_error $? "*** OpenSSL headers missing - please install first or check config.log ***" "$LINENO" 5
+fi
+
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char RAND_add ();
+int
+main ()
+{
+return RAND_add ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ $as_echo "#define HAVE_OPENSSL 1" >>confdefs.h
+
+else
+
+ as_fn_error $? "*** Can't find recent OpenSSL libcrypto (see config.log for details) ***" "$LINENO" 5
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+# Determine OpenSSL header version
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking OpenSSL header version" >&5
+$as_echo_n "checking OpenSSL header version... " >&6; }
+if test "$cross_compiling" = yes; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking" >&5
+$as_echo "$as_me: WARNING: cross compiling: not checking" >&2;}
+
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/opensslv.h>
+#define DATA "conftest.sslincver"
+
+int
+main ()
+{
+
+ FILE *fd;
+ int rc;
+
+ fd = fopen(DATA,"w");
+ if(fd == NULL)
+ exit(1);
+
+ if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
+ exit(1);
+
+ exit(0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+
+ ssl_header_ver=`cat conftest.sslincver`
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ssl_header_ver" >&5
+$as_echo "$ssl_header_ver" >&6; }
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5
+$as_echo "not found" >&6; }
+ as_fn_error $? "OpenSSL version header not found." "$LINENO" 5
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+
+# Determine OpenSSL library version
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking OpenSSL library version" >&5
+$as_echo_n "checking OpenSSL library version... " >&6; }
+if test "$cross_compiling" = yes; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking" >&5
+$as_echo "$as_me: WARNING: cross compiling: not checking" >&2;}
+
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/opensslv.h>
+#include <openssl/crypto.h>
+#define DATA "conftest.ssllibver"
+
+int
+main ()
+{
+
+ FILE *fd;
+ int rc;
+
+ fd = fopen(DATA,"w");
+ if(fd == NULL)
+ exit(1);
+
+ if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
+ exit(1);
+
+ exit(0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+
+ ssl_library_ver=`cat conftest.ssllibver`
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ssl_library_ver" >&5
+$as_echo "$ssl_library_ver" >&6; }
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5
+$as_echo "not found" >&6; }
+ as_fn_error $? "OpenSSL library not found." "$LINENO" 5
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+
+
+# Check whether --with-openssl-header-check was given.
+if test "${with_openssl_header_check+set}" = set; then :
+ withval=$with_openssl_header_check; if test "x$withval" = "xno" ; then
+ openssl_check_nonfatal=1
+ fi
+
+
+fi
+
+
+# Sanity check OpenSSL headers
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL's headers match the library" >&5
+$as_echo_n "checking whether OpenSSL's headers match the library... " >&6; }
+if test "$cross_compiling" = yes; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking" >&5
+$as_echo "$as_me: WARNING: cross compiling: not checking" >&2;}
+
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <string.h>
+#include <openssl/opensslv.h>
+
+int
+main ()
+{
+
+ exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ if test "x$openssl_check_nonfatal" = "x"; then
+ as_fn_error $? "Your OpenSSL headers do not match your
+library. Check config.log for details.
+If you are sure your installation is consistent, you can disable the check
+by running \"./configure --without-openssl-header-check\".
+Also see contrib/findssl.sh for help identifying header/library mismatches.
+" "$LINENO" 5
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Your OpenSSL headers do not match your
+library. Check config.log for details.
+Also see contrib/findssl.sh for help identifying header/library mismatches." >&5
+$as_echo "$as_me: WARNING: Your OpenSSL headers do not match your
+library. Check config.log for details.
+Also see contrib/findssl.sh for help identifying header/library mismatches." >&2;}
+ fi
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if programs using OpenSSL functions will link" >&5
+$as_echo_n "checking if programs using OpenSSL functions will link... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <openssl/evp.h>
+int
+main ()
+{
+ SSLeay_add_all_algorithms();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ saved_LIBS="$LIBS"
+ LIBS="$LIBS -ldl"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if programs using OpenSSL need -ldl" >&5
+$as_echo_n "checking if programs using OpenSSL need -ldl... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <openssl/evp.h>
+int
+main ()
+{
+ SSLeay_add_all_algorithms();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ LIBS="$saved_LIBS"
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+for ac_func in RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex RSA_get_default_method HMAC_CTX_init
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
+
+# Check whether --with-ssl-engine was given.
+if test "${with_ssl_engine+set}" = set; then :
+ withval=$with_ssl_engine; if test "x$withval" != "xno" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL ENGINE support" >&5
+$as_echo_n "checking for OpenSSL ENGINE support... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <openssl/engine.h>
+
+int
+main ()
+{
+
+ ENGINE_load_builtin_engines();
+ ENGINE_register_all_complete();
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define USE_OPENSSL_ENGINE 1" >>confdefs.h
+
+
+else
+ as_fn_error $? "OpenSSL ENGINE support not found" "$LINENO" 5
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ fi
+
+fi
+
+
+# Check for OpenSSL without EVP_aes_{192,256}_cbc
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has crippled AES support" >&5
+$as_echo_n "checking whether OpenSSL has crippled AES support... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <string.h>
+#include <openssl/evp.h>
+
+int
+main ()
+{
+
+ exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define OPENSSL_LOBOTOMISED_AES 1" >>confdefs.h
+
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+# Check for OpenSSL with EVP_aes_*ctr
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has AES CTR via EVP" >&5
+$as_echo_n "checking whether OpenSSL has AES CTR via EVP... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <string.h>
+#include <openssl/evp.h>
+
+int
+main ()
+{
+
+ exit(EVP_aes_128_ctr() == NULL ||
+ EVP_aes_192_cbc() == NULL ||
+ EVP_aes_256_cbc() == NULL);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define OPENSSL_HAVE_EVPCTR 1" >>confdefs.h
+
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+# Check for OpenSSL with EVP_aes_*gcm
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has AES GCM via EVP" >&5
+$as_echo_n "checking whether OpenSSL has AES GCM via EVP... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <string.h>
+#include <openssl/evp.h>
+
+int
+main ()
+{
+
+ exit(EVP_aes_128_gcm() == NULL ||
+ EVP_aes_256_gcm() == NULL ||
+ EVP_CTRL_GCM_SET_IV_FIXED == 0 ||
+ EVP_CTRL_GCM_IV_GEN == 0 ||
+ EVP_CTRL_GCM_SET_TAG == 0 ||
+ EVP_CTRL_GCM_GET_TAG == 0 ||
+ EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define OPENSSL_HAVE_EVPGCM 1" >>confdefs.h
+
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ unsupported_algorithms="$unsupported_cipers \
+ aes128-gcm at openssh.com aes256-gcm at openssh.com"
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing EVP_CIPHER_CTX_ctrl" >&5
+$as_echo_n "checking for library containing EVP_CIPHER_CTX_ctrl... " >&6; }
+if ${ac_cv_search_EVP_CIPHER_CTX_ctrl+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char EVP_CIPHER_CTX_ctrl ();
+int
+main ()
+{
+return EVP_CIPHER_CTX_ctrl ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' crypto; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_EVP_CIPHER_CTX_ctrl=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_EVP_CIPHER_CTX_ctrl+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_EVP_CIPHER_CTX_ctrl+:} false; then :
+
+else
+ ac_cv_search_EVP_CIPHER_CTX_ctrl=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_EVP_CIPHER_CTX_ctrl" >&5
+$as_echo "$ac_cv_search_EVP_CIPHER_CTX_ctrl" >&6; }
+ac_res=$ac_cv_search_EVP_CIPHER_CTX_ctrl
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+$as_echo "#define HAVE_EVP_CIPHER_CTX_CTRL 1" >>confdefs.h
+
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if EVP_DigestUpdate returns an int" >&5
+$as_echo_n "checking if EVP_DigestUpdate returns an int... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <string.h>
+#include <openssl/evp.h>
+
+int
+main ()
+{
+
+ if(EVP_DigestUpdate(NULL, NULL,0))
+ exit(0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+$as_echo "#define OPENSSL_EVP_DIGESTUPDATE_VOID 1" >>confdefs.h
+
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
+# because the system crypt() is more featureful.
+if test "x$check_for_libcrypt_before" = "x1"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for crypt in -lcrypt" >&5
+$as_echo_n "checking for crypt in -lcrypt... " >&6; }
+if ${ac_cv_lib_crypt_crypt+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lcrypt $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char crypt ();
+int
+main ()
+{
+return crypt ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_crypt_crypt=yes
+else
+ ac_cv_lib_crypt_crypt=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypt_crypt" >&5
+$as_echo "$ac_cv_lib_crypt_crypt" >&6; }
+if test "x$ac_cv_lib_crypt_crypt" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBCRYPT 1
+_ACEOF
+
+ LIBS="-lcrypt $LIBS"
+
+fi
+
+fi
+
+# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
+# version in OpenSSL.
+if test "x$check_for_libcrypt_later" = "x1"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for crypt in -lcrypt" >&5
+$as_echo_n "checking for crypt in -lcrypt... " >&6; }
+if ${ac_cv_lib_crypt_crypt+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lcrypt $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char crypt ();
+int
+main ()
+{
+return crypt ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_crypt_crypt=yes
+else
+ ac_cv_lib_crypt_crypt=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypt_crypt" >&5
+$as_echo "$ac_cv_lib_crypt_crypt" >&6; }
+if test "x$ac_cv_lib_crypt_crypt" = xyes; then :
+ LIBS="$LIBS -lcrypt"
+fi
+
+fi
+for ac_func in crypt DES_crypt
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
+# Search for SHA256 support in libc and/or OpenSSL
+for ac_func in SHA256_Update EVP_sha256
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+ TEST_SSH_SHA256=yes
+else
+ TEST_SSH_SHA256=no
+ unsupported_algorithms="$unsupported_algorithms \
+ hmac-sha2-256 hmac-sha2-512 \
+ diffie-hellman-group-exchange-sha256 \
+ hmac-sha2-256-etm at openssh.com hmac-sha2-512-etm at openssh.com"
+
+
+fi
+done
+
+
+
+# Check complete ECC support in OpenSSL
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has complete ECC support" >&5
+$as_echo_n "checking whether OpenSSL has complete ECC support... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <openssl/ec.h>
+#include <openssl/ecdh.h>
+#include <openssl/ecdsa.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/opensslv.h>
+#if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
+# error "OpenSSL < 0.9.8g has unreliable ECC code"
+#endif
+
+int
+main ()
+{
+
+ EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
+ const EVP_MD *m = EVP_sha512(); /* We need this too */
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define OPENSSL_HAS_ECC 1" >>confdefs.h
+
+ TEST_SSH_ECC=yes
+ COMMENT_OUT_ECC=""
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ TEST_SSH_ECC=no
+ COMMENT_OUT_ECC="#no ecc#"
+ unsupported_algorithms="$unsupported_algorithms \
+ ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 \
+ ecdsa-sha2-nistp256-cert-v01 at openssh.com \
+ ecdsa-sha2-nistp384-cert-v01 at openssh.com \
+ ecdsa-sha2-nistp521-cert-v01 at openssh.com \
+ ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521"
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+
+
+saved_LIBS="$LIBS"
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ia_openinfo in -liaf" >&5
+$as_echo_n "checking for ia_openinfo in -liaf... " >&6; }
+if ${ac_cv_lib_iaf_ia_openinfo+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-liaf $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char ia_openinfo ();
+int
+main ()
+{
+return ia_openinfo ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_iaf_ia_openinfo=yes
+else
+ ac_cv_lib_iaf_ia_openinfo=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_iaf_ia_openinfo" >&5
+$as_echo "$ac_cv_lib_iaf_ia_openinfo" >&6; }
+if test "x$ac_cv_lib_iaf_ia_openinfo" = xyes; then :
+
+ LIBS="$LIBS -liaf"
+ for ac_func in set_id
+do :
+ ac_fn_c_check_func "$LINENO" "set_id" "ac_cv_func_set_id"
+if test "x$ac_cv_func_set_id" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_SET_ID 1
+_ACEOF
+ SSHDLIBS="$SSHDLIBS -liaf"
+
+$as_echo "#define HAVE_LIBIAF 1" >>confdefs.h
+
+
+fi
+done
+
+
+fi
+
+LIBS="$saved_LIBS"
+
+### Configure cryptographic random number support
+
+# Check wheter OpenSSL seeds itself
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL's PRNG is internally seeded" >&5
+$as_echo_n "checking whether OpenSSL's PRNG is internally seeded... " >&6; }
+if test "$cross_compiling" = yes; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5
+$as_echo "$as_me: WARNING: cross compiling: assuming yes" >&2;}
+ # This is safe, since we will fatal() at runtime if
+ # OpenSSL is not seeded correctly.
+ OPENSSL_SEEDS_ITSELF=yes
+
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <string.h>
+#include <openssl/rand.h>
+
+int
+main ()
+{
+
+ exit(RAND_status() == 1 ? 0 : 1);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+
+ OPENSSL_SEEDS_ITSELF=yes
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+
+# PRNGD TCP socket
+
+# Check whether --with-prngd-port was given.
+if test "${with_prngd_port+set}" = set; then :
+ withval=$with_prngd_port;
+ case "$withval" in
+ no)
+ withval=""
+ ;;
+ [0-9]*)
+ ;;
+ *)
+ as_fn_error $? "You must specify a numeric port number for --with-prngd-port" "$LINENO" 5
+ ;;
+ esac
+ if test ! -z "$withval" ; then
+ PRNGD_PORT="$withval"
+
+cat >>confdefs.h <<_ACEOF
+#define PRNGD_PORT $PRNGD_PORT
+_ACEOF
+
+ fi
+
+
+fi
+
+
+# PRNGD Unix domain socket
+
+# Check whether --with-prngd-socket was given.
+if test "${with_prngd_socket+set}" = set; then :
+ withval=$with_prngd_socket;
+ case "$withval" in
+ yes)
+ withval="/var/run/egd-pool"
+ ;;
+ no)
+ withval=""
+ ;;
+ /*)
+ ;;
+ *)
+ as_fn_error $? "You must specify an absolute path to the entropy socket" "$LINENO" 5
+ ;;
+ esac
+
+ if test ! -z "$withval" ; then
+ if test ! -z "$PRNGD_PORT" ; then
+ as_fn_error $? "You may not specify both a PRNGD/EGD port and socket" "$LINENO" 5
+ fi
+ if test ! -r "$withval" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Entropy socket is not readable" >&5
+$as_echo "$as_me: WARNING: Entropy socket is not readable" >&2;}
+ fi
+ PRNGD_SOCKET="$withval"
+
+cat >>confdefs.h <<_ACEOF
+#define PRNGD_SOCKET "$PRNGD_SOCKET"
+_ACEOF
+
+ fi
+
+else
+
+ # Check for existing socket only if we don't have a random device already
+ if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for PRNGD/EGD socket" >&5
+$as_echo_n "checking for PRNGD/EGD socket... " >&6; }
+ # Insert other locations here
+ for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
+ if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
+ PRNGD_SOCKET="$sock"
+ cat >>confdefs.h <<_ACEOF
+#define PRNGD_SOCKET "$PRNGD_SOCKET"
+_ACEOF
+
+ break;
+ fi
+ done
+ if test ! -z "$PRNGD_SOCKET" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PRNGD_SOCKET" >&5
+$as_echo "$PRNGD_SOCKET" >&6; }
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5
+$as_echo "not found" >&6; }
+ fi
+ fi
+
+
+fi
+
+
+# Which randomness source do we use?
+if test ! -z "$PRNGD_PORT" ; then
+ RAND_MSG="PRNGd port $PRNGD_PORT"
+elif test ! -z "$PRNGD_SOCKET" ; then
+ RAND_MSG="PRNGd socket $PRNGD_SOCKET"
+elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then
+
+$as_echo "#define OPENSSL_PRNG_ONLY 1" >>confdefs.h
+
+ RAND_MSG="OpenSSL internal ONLY"
+else
+ as_fn_error $? "OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options" "$LINENO" 5
+fi
+
+# Check for PAM libs
+PAM_MSG="no"
+
+# Check whether --with-pam was given.
+if test "${with_pam+set}" = set; then :
+ withval=$with_pam;
+ if test "x$withval" != "xno" ; then
+ if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
+ test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
+ as_fn_error $? "PAM headers not found" "$LINENO" 5
+ fi
+
+ saved_LIBS="$LIBS"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
+$as_echo_n "checking for dlopen in -ldl... " >&6; }
+if ${ac_cv_lib_dl_dlopen+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldl $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlopen ();
+int
+main ()
+{
+return dlopen ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_dl_dlopen=yes
+else
+ ac_cv_lib_dl_dlopen=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
+$as_echo "$ac_cv_lib_dl_dlopen" >&6; }
+if test "x$ac_cv_lib_dl_dlopen" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBDL 1
+_ACEOF
+
+ LIBS="-ldl $LIBS"
+
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pam_set_item in -lpam" >&5
+$as_echo_n "checking for pam_set_item in -lpam... " >&6; }
+if ${ac_cv_lib_pam_pam_set_item+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lpam $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char pam_set_item ();
+int
+main ()
+{
+return pam_set_item ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_pam_pam_set_item=yes
+else
+ ac_cv_lib_pam_pam_set_item=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pam_pam_set_item" >&5
+$as_echo "$ac_cv_lib_pam_pam_set_item" >&6; }
+if test "x$ac_cv_lib_pam_pam_set_item" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBPAM 1
+_ACEOF
+
+ LIBS="-lpam $LIBS"
+
+else
+ as_fn_error $? "*** libpam missing" "$LINENO" 5
+fi
+
+ for ac_func in pam_getenvlist
+do :
+ ac_fn_c_check_func "$LINENO" "pam_getenvlist" "ac_cv_func_pam_getenvlist"
+if test "x$ac_cv_func_pam_getenvlist" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_PAM_GETENVLIST 1
+_ACEOF
+
+fi
+done
+
+ for ac_func in pam_putenv
+do :
+ ac_fn_c_check_func "$LINENO" "pam_putenv" "ac_cv_func_pam_putenv"
+if test "x$ac_cv_func_pam_putenv" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_PAM_PUTENV 1
+_ACEOF
+
+fi
+done
+
+ LIBS="$saved_LIBS"
+
+ PAM_MSG="yes"
+
+ SSHDLIBS="$SSHDLIBS -lpam"
+
+$as_echo "#define USE_PAM 1" >>confdefs.h
+
+
+ if test $ac_cv_lib_dl_dlopen = yes; then
+ case "$LIBS" in
+ *-ldl*)
+ # libdl already in LIBS
+ ;;
+ *)
+ SSHDLIBS="$SSHDLIBS -ldl"
+ ;;
+ esac
+ fi
+ fi
+
+
+fi
+
+
+# Check for older PAM
+if test "x$PAM_MSG" = "xyes" ; then
+ # Check PAM strerror arguments (old PAM)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether pam_strerror takes only one argument" >&5
+$as_echo_n "checking whether pam_strerror takes only one argument... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdlib.h>
+#if defined(HAVE_SECURITY_PAM_APPL_H)
+#include <security/pam_appl.h>
+#elif defined (HAVE_PAM_PAM_APPL_H)
+#include <pam/pam_appl.h>
+#endif
+
+int
+main ()
+{
+
+(void)pam_strerror((pam_handle_t *)NULL, -1);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+else
+
+
+$as_echo "#define HAVE_OLD_PAM 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ PAM_MSG="yes (old library)"
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+SSH_PRIVSEP_USER=sshd
+
+# Check whether --with-privsep-user was given.
+if test "${with_privsep_user+set}" = set; then :
+ withval=$with_privsep_user;
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
+ SSH_PRIVSEP_USER=$withval
+ fi
+
+
+fi
+
+
+cat >>confdefs.h <<_ACEOF
+#define SSH_PRIVSEP_USER "$SSH_PRIVSEP_USER"
+_ACEOF
+
+
+
+if test "x$have_linux_no_new_privs" = "x1" ; then
+ac_fn_c_check_decl "$LINENO" "SECCOMP_MODE_FILTER" "ac_cv_have_decl_SECCOMP_MODE_FILTER" "
+ #include <sys/types.h>
+ #include <linux/seccomp.h>
+
+"
+if test "x$ac_cv_have_decl_SECCOMP_MODE_FILTER" = xyes; then :
+ have_seccomp_filter=1
+fi
+
+fi
+if test "x$have_seccomp_filter" = "x1" ; then
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking kernel for seccomp_filter support" >&5
+$as_echo_n "checking kernel for seccomp_filter support... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+ #include <errno.h>
+ #include <elf.h>
+ #include <linux/audit.h>
+ #include <linux/seccomp.h>
+ #include <stdlib.h>
+ #include <sys/prctl.h>
+
+int
+main ()
+{
+ int i = $seccomp_audit_arch;
+ errno = 0;
+ prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
+ exit(errno == EFAULT ? 0 : 1);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ # Disable seccomp filter as a target
+ have_seccomp_filter=0
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+
+# Decide which sandbox style to use
+sandbox_arg=""
+
+# Check whether --with-sandbox was given.
+if test "${with_sandbox+set}" = set; then :
+ withval=$with_sandbox;
+ if test "x$withval" = "xyes" ; then
+ sandbox_arg=""
+ else
+ sandbox_arg="$withval"
+ fi
+
+
+fi
+
+
+# Some platforms (seems to be the ones that have a kernel poll(2)-type
+# function with which they implement select(2)) use an extra file descriptor
+# when calling select(2), which means we can't use the rlimit sandbox.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if select works with descriptor rlimit" >&5
+$as_echo_n "checking if select works with descriptor rlimit... " >&6; }
+if test "$cross_compiling" = yes; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5
+$as_echo "$as_me: WARNING: cross compiling: assuming yes" >&2;}
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#ifdef HAVE_SYS_TIME_H
+# include <sys/time.h>
+#endif
+#include <sys/resource.h>
+#ifdef HAVE_SYS_SELECT_H
+# include <sys/select.h>
+#endif
+#include <errno.h>
+#include <fcntl.h>
+#include <stdlib.h>
+
+int
+main ()
+{
+
+ struct rlimit rl_zero;
+ int fd, r;
+ fd_set fds;
+ struct timeval tv;
+
+ fd = open("/dev/null", O_RDONLY);
+ FD_ZERO(&fds);
+ FD_SET(fd, &fds);
+ rl_zero.rlim_cur = rl_zero.rlim_max = 0;
+ setrlimit(RLIMIT_FSIZE, &rl_zero);
+ setrlimit(RLIMIT_NOFILE, &rl_zero);
+ tv.tv_sec = 1;
+ tv.tv_usec = 0;
+ r = select(fd+1, &fds, NULL, NULL, &tv);
+ exit (r == -1 ? 1 : 0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ select_works_with_rlimit=yes
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ select_works_with_rlimit=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if setrlimit(RLIMIT_NOFILE,{0,0}) works" >&5
+$as_echo_n "checking if setrlimit(RLIMIT_NOFILE,{0,0}) works... " >&6; }
+if test "$cross_compiling" = yes; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5
+$as_echo "$as_me: WARNING: cross compiling: assuming yes" >&2;}
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#ifdef HAVE_SYS_TIME_H
+# include <sys/time.h>
+#endif
+#include <sys/resource.h>
+#include <errno.h>
+#include <stdlib.h>
+
+int
+main ()
+{
+
+ struct rlimit rl_zero;
+ int fd, r;
+ fd_set fds;
+
+ rl_zero.rlim_cur = rl_zero.rlim_max = 0;
+ r = setrlimit(RLIMIT_NOFILE, &rl_zero);
+ exit (r == -1 ? 1 : 0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ rlimit_nofile_zero_works=yes
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ rlimit_nofile_zero_works=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if setrlimit RLIMIT_FSIZE works" >&5
+$as_echo_n "checking if setrlimit RLIMIT_FSIZE works... " >&6; }
+if test "$cross_compiling" = yes; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5
+$as_echo "$as_me: WARNING: cross compiling: assuming yes" >&2;}
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <sys/resource.h>
+#include <stdlib.h>
+
+int
+main ()
+{
+
+ struct rlimit rl_zero;
+
+ rl_zero.rlim_cur = rl_zero.rlim_max = 0;
+ exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+$as_echo "#define SANDBOX_SKIP_RLIMIT_FSIZE 1" >>confdefs.h
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+
+if test "x$sandbox_arg" = "xsystrace" || \
+ ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
+ test "x$have_systr_policy_kill" != "x1" && \
+ as_fn_error $? "systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support" "$LINENO" 5
+ SANDBOX_STYLE="systrace"
+
+$as_echo "#define SANDBOX_SYSTRACE 1" >>confdefs.h
+
+elif test "x$sandbox_arg" = "xdarwin" || \
+ ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
+ test "x$ac_cv_header_sandbox_h" = "xyes") ; then
+ test "x$ac_cv_func_sandbox_init" != "xyes" -o \
+ "x$ac_cv_header_sandbox_h" != "xyes" && \
+ as_fn_error $? "Darwin seatbelt sandbox requires sandbox.h and sandbox_init function" "$LINENO" 5
+ SANDBOX_STYLE="darwin"
+
+$as_echo "#define SANDBOX_DARWIN 1" >>confdefs.h
+
+elif test "x$sandbox_arg" = "xseccomp_filter" || \
+ ( test -z "$sandbox_arg" && \
+ test "x$have_seccomp_filter" = "x1" && \
+ test "x$ac_cv_header_elf_h" = "xyes" && \
+ test "x$ac_cv_header_linux_audit_h" = "xyes" && \
+ test "x$ac_cv_header_linux_filter_h" = "xyes" && \
+ test "x$seccomp_audit_arch" != "x" && \
+ test "x$have_linux_no_new_privs" = "x1" && \
+ test "x$ac_cv_func_prctl" = "xyes" ) ; then
+ test "x$seccomp_audit_arch" = "x" && \
+ as_fn_error $? "seccomp_filter sandbox not supported on $host" "$LINENO" 5
+ test "x$have_linux_no_new_privs" != "x1" && \
+ as_fn_error $? "seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS" "$LINENO" 5
+ test "x$have_seccomp_filter" != "x1" && \
+ as_fn_error $? "seccomp_filter sandbox requires seccomp headers" "$LINENO" 5
+ test "x$ac_cv_func_prctl" != "xyes" && \
+ as_fn_error $? "seccomp_filter sandbox requires prctl function" "$LINENO" 5
+ SANDBOX_STYLE="seccomp_filter"
+
+$as_echo "#define SANDBOX_SECCOMP_FILTER 1" >>confdefs.h
+
+elif test "x$sandbox_arg" = "xrlimit" || \
+ ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \
+ test "x$select_works_with_rlimit" = "xyes" && \
+ test "x$rlimit_nofile_zero_works" = "xyes" ) ; then
+ test "x$ac_cv_func_setrlimit" != "xyes" && \
+ as_fn_error $? "rlimit sandbox requires setrlimit function" "$LINENO" 5
+ test "x$select_works_with_rlimit" != "xyes" && \
+ as_fn_error $? "rlimit sandbox requires select to work with rlimit" "$LINENO" 5
+ SANDBOX_STYLE="rlimit"
+
+$as_echo "#define SANDBOX_RLIMIT 1" >>confdefs.h
+
+elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
+ test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
+ SANDBOX_STYLE="none"
+
+$as_echo "#define SANDBOX_NULL 1" >>confdefs.h
+
+else
+ as_fn_error $? "unsupported --with-sandbox" "$LINENO" 5
+fi
+
+# Cheap hack to ensure NEWS-OS libraries are arranged right.
+if test ! -z "$SONY" ; then
+ LIBS="$LIBS -liberty";
+fi
+
+# Check for long long datatypes
+ac_fn_c_check_type "$LINENO" "long long" "ac_cv_type_long_long" "$ac_includes_default"
+if test "x$ac_cv_type_long_long" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_LONG_LONG 1
+_ACEOF
+
+
+fi
+ac_fn_c_check_type "$LINENO" "unsigned long long" "ac_cv_type_unsigned_long_long" "$ac_includes_default"
+if test "x$ac_cv_type_unsigned_long_long" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_UNSIGNED_LONG_LONG 1
+_ACEOF
+
+
+fi
+ac_fn_c_check_type "$LINENO" "long double" "ac_cv_type_long_double" "$ac_includes_default"
+if test "x$ac_cv_type_long_double" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_LONG_DOUBLE 1
+_ACEOF
+
+
+fi
+
+
+# Check datatype sizes
+# The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of short int" >&5
+$as_echo_n "checking size of short int... " >&6; }
+if ${ac_cv_sizeof_short_int+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (short int))" "ac_cv_sizeof_short_int" "$ac_includes_default"; then :
+
+else
+ if test "$ac_cv_type_short_int" = yes; then
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (short int)
+See \`config.log' for more details" "$LINENO" 5; }
+ else
+ ac_cv_sizeof_short_int=0
+ fi
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_short_int" >&5
+$as_echo "$ac_cv_sizeof_short_int" >&6; }
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_SHORT_INT $ac_cv_sizeof_short_int
+_ACEOF
+
+
+# The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of int" >&5
+$as_echo_n "checking size of int... " >&6; }
+if ${ac_cv_sizeof_int+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (int))" "ac_cv_sizeof_int" "$ac_includes_default"; then :
+
+else
+ if test "$ac_cv_type_int" = yes; then
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (int)
+See \`config.log' for more details" "$LINENO" 5; }
+ else
+ ac_cv_sizeof_int=0
+ fi
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_int" >&5
+$as_echo "$ac_cv_sizeof_int" >&6; }
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_INT $ac_cv_sizeof_int
+_ACEOF
+
+
+# The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of long int" >&5
+$as_echo_n "checking size of long int... " >&6; }
+if ${ac_cv_sizeof_long_int+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (long int))" "ac_cv_sizeof_long_int" "$ac_includes_default"; then :
+
+else
+ if test "$ac_cv_type_long_int" = yes; then
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (long int)
+See \`config.log' for more details" "$LINENO" 5; }
+ else
+ ac_cv_sizeof_long_int=0
+ fi
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_long_int" >&5
+$as_echo "$ac_cv_sizeof_long_int" >&6; }
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_LONG_INT $ac_cv_sizeof_long_int
+_ACEOF
+
+
+# The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of long long int" >&5
+$as_echo_n "checking size of long long int... " >&6; }
+if ${ac_cv_sizeof_long_long_int+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (long long int))" "ac_cv_sizeof_long_long_int" "$ac_includes_default"; then :
+
+else
+ if test "$ac_cv_type_long_long_int" = yes; then
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (long long int)
+See \`config.log' for more details" "$LINENO" 5; }
+ else
+ ac_cv_sizeof_long_long_int=0
+ fi
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_long_long_int" >&5
+$as_echo "$ac_cv_sizeof_long_long_int" >&6; }
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_LONG_LONG_INT $ac_cv_sizeof_long_long_int
+_ACEOF
+
+
+
+# Sanity check long long for some platforms (AIX)
+if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
+ ac_cv_sizeof_long_long_int=0
+fi
+
+# compute LLONG_MIN and LLONG_MAX if we don't know them.
+if test -z "$have_llong_max"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for max value of long long" >&5
+$as_echo_n "checking for max value of long long... " >&6; }
+ if test "$cross_compiling" = yes; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking" >&5
+$as_echo "$as_me: WARNING: cross compiling: not checking" >&2;}
+
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdio.h>
+/* Why is this so damn hard? */
+#ifdef __GNUC__
+# undef __GNUC__
+#endif
+#define __USE_ISOC99
+#include <limits.h>
+#define DATA "conftest.llminmax"
+#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
+
+/*
+ * printf in libc on some platforms (eg old Tru64) does not understand %lld so
+ * we do this the hard way.
+ */
+static int
+fprint_ll(FILE *f, long long n)
+{
+ unsigned int i;
+ int l[sizeof(long long) * 8];
+
+ if (n < 0)
+ if (fprintf(f, "-") < 0)
+ return -1;
+ for (i = 0; n != 0; i++) {
+ l[i] = my_abs(n % 10);
+ n /= 10;
+ }
+ do {
+ if (fprintf(f, "%d", l[--i]) < 0)
+ return -1;
+ } while (i != 0);
+ if (fprintf(f, " ") < 0)
+ return -1;
+ return 0;
+}
+
+int
+main ()
+{
+
+ FILE *f;
+ long long i, llmin, llmax = 0;
+
+ if((f = fopen(DATA,"w")) == NULL)
+ exit(1);
+
+#if defined(LLONG_MIN) && defined(LLONG_MAX)
+ fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
+ llmin = LLONG_MIN;
+ llmax = LLONG_MAX;
+#else
+ fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
+ /* This will work on one's complement and two's complement */
+ for (i = 1; i > llmax; i <<= 1, i++)
+ llmax = i;
+ llmin = llmax + 1LL; /* wrap */
+#endif
+
+ /* Sanity check */
+ if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
+ || llmax - 1 > llmax || llmin == llmax || llmin == 0
+ || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
+ fprintf(f, "unknown unknown\n");
+ exit(2);
+ }
+
+ if (fprint_ll(f, llmin) < 0)
+ exit(3);
+ if (fprint_ll(f, llmax) < 0)
+ exit(4);
+ if (fclose(f) < 0)
+ exit(5);
+ exit(0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+
+ llong_min=`$AWK '{print $1}' conftest.llminmax`
+ llong_max=`$AWK '{print $2}' conftest.llminmax`
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $llong_max" >&5
+$as_echo "$llong_max" >&6; }
+
+cat >>confdefs.h <<_ACEOF
+#define LLONG_MAX ${llong_max}LL
+_ACEOF
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for min value of long long" >&5
+$as_echo_n "checking for min value of long long... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $llong_min" >&5
+$as_echo "$llong_min" >&6; }
+
+cat >>confdefs.h <<_ACEOF
+#define LLONG_MIN ${llong_min}LL
+_ACEOF
+
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5
+$as_echo "not found" >&6; }
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+
+
+# More checks for data types
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_int type" >&5
+$as_echo_n "checking for u_int type... " >&6; }
+if ${ac_cv_have_u_int+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <sys/types.h>
+int
+main ()
+{
+ u_int a; a = 1;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_u_int="yes"
+else
+ ac_cv_have_u_int="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_u_int" >&5
+$as_echo "$ac_cv_have_u_int" >&6; }
+if test "x$ac_cv_have_u_int" = "xyes" ; then
+
+$as_echo "#define HAVE_U_INT 1" >>confdefs.h
+
+ have_u_int=1
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for intXX_t types" >&5
+$as_echo_n "checking for intXX_t types... " >&6; }
+if ${ac_cv_have_intxx_t+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <sys/types.h>
+int
+main ()
+{
+ int8_t a; int16_t b; int32_t c; a = b = c = 1;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_intxx_t="yes"
+else
+ ac_cv_have_intxx_t="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_intxx_t" >&5
+$as_echo "$ac_cv_have_intxx_t" >&6; }
+if test "x$ac_cv_have_intxx_t" = "xyes" ; then
+
+$as_echo "#define HAVE_INTXX_T 1" >>confdefs.h
+
+ have_intxx_t=1
+fi
+
+if (test -z "$have_intxx_t" && \
+ test "x$ac_cv_header_stdint_h" = "xyes")
+then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for intXX_t types in stdint.h" >&5
+$as_echo_n "checking for intXX_t types in stdint.h... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <stdint.h>
+int
+main ()
+{
+ int8_t a; int16_t b; int32_t c; a = b = c = 1;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+ $as_echo "#define HAVE_INTXX_T 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for int64_t type" >&5
+$as_echo_n "checking for int64_t type... " >&6; }
+if ${ac_cv_have_int64_t+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#ifdef HAVE_STDINT_H
+# include <stdint.h>
+#endif
+#include <sys/socket.h>
+#ifdef HAVE_SYS_BITYPES_H
+# include <sys/bitypes.h>
+#endif
+
+int
+main ()
+{
+
+int64_t a; a = 1;
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_int64_t="yes"
+else
+ ac_cv_have_int64_t="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_int64_t" >&5
+$as_echo "$ac_cv_have_int64_t" >&6; }
+if test "x$ac_cv_have_int64_t" = "xyes" ; then
+
+$as_echo "#define HAVE_INT64_T 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_intXX_t types" >&5
+$as_echo_n "checking for u_intXX_t types... " >&6; }
+if ${ac_cv_have_u_intxx_t+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <sys/types.h>
+int
+main ()
+{
+ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_u_intxx_t="yes"
+else
+ ac_cv_have_u_intxx_t="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_u_intxx_t" >&5
+$as_echo "$ac_cv_have_u_intxx_t" >&6; }
+if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
+
+$as_echo "#define HAVE_U_INTXX_T 1" >>confdefs.h
+
+ have_u_intxx_t=1
+fi
+
+if test -z "$have_u_intxx_t" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_intXX_t types in sys/socket.h" >&5
+$as_echo_n "checking for u_intXX_t types in sys/socket.h... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <sys/socket.h>
+int
+main ()
+{
+ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+ $as_echo "#define HAVE_U_INTXX_T 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_int64_t types" >&5
+$as_echo_n "checking for u_int64_t types... " >&6; }
+if ${ac_cv_have_u_int64_t+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <sys/types.h>
+int
+main ()
+{
+ u_int64_t a; a = 1;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_u_int64_t="yes"
+else
+ ac_cv_have_u_int64_t="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_u_int64_t" >&5
+$as_echo "$ac_cv_have_u_int64_t" >&6; }
+if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
+
+$as_echo "#define HAVE_U_INT64_T 1" >>confdefs.h
+
+ have_u_int64_t=1
+fi
+
+if test -z "$have_u_int64_t" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_int64_t type in sys/bitypes.h" >&5
+$as_echo_n "checking for u_int64_t type in sys/bitypes.h... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <sys/bitypes.h>
+int
+main ()
+{
+ u_int64_t a; a = 1
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+ $as_echo "#define HAVE_U_INT64_T 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+if test -z "$have_u_intxx_t" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for uintXX_t types" >&5
+$as_echo_n "checking for uintXX_t types... " >&6; }
+if ${ac_cv_have_uintxx_t+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+
+int
+main ()
+{
+
+ uint8_t a;
+ uint16_t b;
+ uint32_t c;
+ a = b = c = 1;
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_uintxx_t="yes"
+else
+ ac_cv_have_uintxx_t="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_uintxx_t" >&5
+$as_echo "$ac_cv_have_uintxx_t" >&6; }
+ if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
+
+$as_echo "#define HAVE_UINTXX_T 1" >>confdefs.h
+
+ fi
+fi
+
+if test -z "$have_uintxx_t" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for uintXX_t types in stdint.h" >&5
+$as_echo_n "checking for uintXX_t types in stdint.h... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <stdint.h>
+int
+main ()
+{
+ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+ $as_echo "#define HAVE_UINTXX_T 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
+ test "x$ac_cv_header_sys_bitypes_h" = "xyes")
+then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for intXX_t and u_intXX_t types in sys/bitypes.h" >&5
+$as_echo_n "checking for intXX_t and u_intXX_t types in sys/bitypes.h... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/bitypes.h>
+
+int
+main ()
+{
+
+ int8_t a; int16_t b; int32_t c;
+ u_int8_t e; u_int16_t f; u_int32_t g;
+ a = b = c = e = f = g = 1;
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+ $as_echo "#define HAVE_U_INTXX_T 1" >>confdefs.h
+
+ $as_echo "#define HAVE_INTXX_T 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_char" >&5
+$as_echo_n "checking for u_char... " >&6; }
+if ${ac_cv_have_u_char+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <sys/types.h>
+int
+main ()
+{
+ u_char foo; foo = 125;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_u_char="yes"
+else
+ ac_cv_have_u_char="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_u_char" >&5
+$as_echo "$ac_cv_have_u_char" >&6; }
+if test "x$ac_cv_have_u_char" = "xyes" ; then
+
+$as_echo "#define HAVE_U_CHAR 1" >>confdefs.h
+
+fi
+
+
+ ac_fn_c_check_type "$LINENO" "socklen_t" "ac_cv_type_socklen_t" "#include <sys/types.h>
+#include <sys/socket.h>
+"
+if test "x$ac_cv_type_socklen_t" = xyes; then :
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socklen_t equivalent" >&5
+$as_echo_n "checking for socklen_t equivalent... " >&6; }
+ if ${curl_cv_socklen_t_equiv+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ # Systems have either "struct sockaddr *" or
+ # "void *" as the second argument to getpeername
+ curl_cv_socklen_t_equiv=
+ for arg2 in "struct sockaddr" void; do
+ for t in int size_t unsigned long "unsigned long"; do
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+ #include <sys/types.h>
+ #include <sys/socket.h>
+
+ int getpeername (int, $arg2 *, $t *);
+
+int
+main ()
+{
+
+ $t len;
+ getpeername(0,0,&len);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+ curl_cv_socklen_t_equiv="$t"
+ break
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ done
+ done
+
+ if test "x$curl_cv_socklen_t_equiv" = x; then
+ as_fn_error $? "Cannot find a type to use in place of socklen_t" "$LINENO" 5
+ fi
+
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $curl_cv_socklen_t_equiv" >&5
+$as_echo "$curl_cv_socklen_t_equiv" >&6; }
+
+cat >>confdefs.h <<_ACEOF
+#define socklen_t $curl_cv_socklen_t_equiv
+_ACEOF
+
+fi
+
+
+
+ac_fn_c_check_type "$LINENO" "sig_atomic_t" "ac_cv_type_sig_atomic_t" "#include <signal.h>
+"
+if test "x$ac_cv_type_sig_atomic_t" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_SIG_ATOMIC_T 1
+_ACEOF
+
+
+fi
+
+ac_fn_c_check_type "$LINENO" "fsblkcnt_t" "ac_cv_type_fsblkcnt_t" "
+#include <sys/types.h>
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#ifdef HAVE_SYS_STATFS_H
+#include <sys/statfs.h>
+#endif
+#ifdef HAVE_SYS_STATVFS_H
+#include <sys/statvfs.h>
+#endif
+
+"
+if test "x$ac_cv_type_fsblkcnt_t" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_FSBLKCNT_T 1
+_ACEOF
+
+
+fi
+ac_fn_c_check_type "$LINENO" "fsfilcnt_t" "ac_cv_type_fsfilcnt_t" "
+#include <sys/types.h>
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#ifdef HAVE_SYS_STATFS_H
+#include <sys/statfs.h>
+#endif
+#ifdef HAVE_SYS_STATVFS_H
+#include <sys/statvfs.h>
+#endif
+
+"
+if test "x$ac_cv_type_fsfilcnt_t" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_FSFILCNT_T 1
+_ACEOF
+
+
+fi
+
+
+ac_fn_c_check_type "$LINENO" "in_addr_t" "ac_cv_type_in_addr_t" "#include <sys/types.h>
+#include <netinet/in.h>
+"
+if test "x$ac_cv_type_in_addr_t" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_IN_ADDR_T 1
+_ACEOF
+
+
+fi
+ac_fn_c_check_type "$LINENO" "in_port_t" "ac_cv_type_in_port_t" "#include <sys/types.h>
+#include <netinet/in.h>
+"
+if test "x$ac_cv_type_in_port_t" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_IN_PORT_T 1
+_ACEOF
+
+
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for size_t" >&5
+$as_echo_n "checking for size_t... " >&6; }
+if ${ac_cv_have_size_t+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <sys/types.h>
+int
+main ()
+{
+ size_t foo; foo = 1235;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_size_t="yes"
+else
+ ac_cv_have_size_t="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_size_t" >&5
+$as_echo "$ac_cv_have_size_t" >&6; }
+if test "x$ac_cv_have_size_t" = "xyes" ; then
+
+$as_echo "#define HAVE_SIZE_T 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ssize_t" >&5
+$as_echo_n "checking for ssize_t... " >&6; }
+if ${ac_cv_have_ssize_t+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <sys/types.h>
+int
+main ()
+{
+ ssize_t foo; foo = 1235;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_ssize_t="yes"
+else
+ ac_cv_have_ssize_t="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_ssize_t" >&5
+$as_echo "$ac_cv_have_ssize_t" >&6; }
+if test "x$ac_cv_have_ssize_t" = "xyes" ; then
+
+$as_echo "#define HAVE_SSIZE_T 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for clock_t" >&5
+$as_echo_n "checking for clock_t... " >&6; }
+if ${ac_cv_have_clock_t+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <time.h>
+int
+main ()
+{
+ clock_t foo; foo = 1235;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_clock_t="yes"
+else
+ ac_cv_have_clock_t="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_clock_t" >&5
+$as_echo "$ac_cv_have_clock_t" >&6; }
+if test "x$ac_cv_have_clock_t" = "xyes" ; then
+
+$as_echo "#define HAVE_CLOCK_T 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for sa_family_t" >&5
+$as_echo_n "checking for sa_family_t... " >&6; }
+if ${ac_cv_have_sa_family_t+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+
+int
+main ()
+{
+ sa_family_t foo; foo = 1235;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_sa_family_t="yes"
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+
+int
+main ()
+{
+ sa_family_t foo; foo = 1235;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_sa_family_t="yes"
+else
+ ac_cv_have_sa_family_t="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_sa_family_t" >&5
+$as_echo "$ac_cv_have_sa_family_t" >&6; }
+if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
+
+$as_echo "#define HAVE_SA_FAMILY_T 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pid_t" >&5
+$as_echo_n "checking for pid_t... " >&6; }
+if ${ac_cv_have_pid_t+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <sys/types.h>
+int
+main ()
+{
+ pid_t foo; foo = 1235;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_pid_t="yes"
+else
+ ac_cv_have_pid_t="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_pid_t" >&5
+$as_echo "$ac_cv_have_pid_t" >&6; }
+if test "x$ac_cv_have_pid_t" = "xyes" ; then
+
+$as_echo "#define HAVE_PID_T 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for mode_t" >&5
+$as_echo_n "checking for mode_t... " >&6; }
+if ${ac_cv_have_mode_t+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <sys/types.h>
+int
+main ()
+{
+ mode_t foo; foo = 1235;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_mode_t="yes"
+else
+ ac_cv_have_mode_t="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_mode_t" >&5
+$as_echo "$ac_cv_have_mode_t" >&6; }
+if test "x$ac_cv_have_mode_t" = "xyes" ; then
+
+$as_echo "#define HAVE_MODE_T 1" >>confdefs.h
+
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct sockaddr_storage" >&5
+$as_echo_n "checking for struct sockaddr_storage... " >&6; }
+if ${ac_cv_have_struct_sockaddr_storage+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+
+int
+main ()
+{
+ struct sockaddr_storage s;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_struct_sockaddr_storage="yes"
+else
+ ac_cv_have_struct_sockaddr_storage="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_sockaddr_storage" >&5
+$as_echo "$ac_cv_have_struct_sockaddr_storage" >&6; }
+if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
+
+$as_echo "#define HAVE_STRUCT_SOCKADDR_STORAGE 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct sockaddr_in6" >&5
+$as_echo_n "checking for struct sockaddr_in6... " >&6; }
+if ${ac_cv_have_struct_sockaddr_in6+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <netinet/in.h>
+
+int
+main ()
+{
+ struct sockaddr_in6 s; s.sin6_family = 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_struct_sockaddr_in6="yes"
+else
+ ac_cv_have_struct_sockaddr_in6="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_sockaddr_in6" >&5
+$as_echo "$ac_cv_have_struct_sockaddr_in6" >&6; }
+if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
+
+$as_echo "#define HAVE_STRUCT_SOCKADDR_IN6 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct in6_addr" >&5
+$as_echo_n "checking for struct in6_addr... " >&6; }
+if ${ac_cv_have_struct_in6_addr+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <netinet/in.h>
+
+int
+main ()
+{
+ struct in6_addr s; s.s6_addr[0] = 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_struct_in6_addr="yes"
+else
+ ac_cv_have_struct_in6_addr="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_in6_addr" >&5
+$as_echo "$ac_cv_have_struct_in6_addr" >&6; }
+if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
+
+$as_echo "#define HAVE_STRUCT_IN6_ADDR 1" >>confdefs.h
+
+
+ ac_fn_c_check_member "$LINENO" "struct sockaddr_in6" "sin6_scope_id" "ac_cv_member_struct_sockaddr_in6_sin6_scope_id" "
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#include <netinet/in.h>
+
+"
+if test "x$ac_cv_member_struct_sockaddr_in6_sin6_scope_id" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID 1
+_ACEOF
+
+
+fi
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct addrinfo" >&5
+$as_echo_n "checking for struct addrinfo... " >&6; }
+if ${ac_cv_have_struct_addrinfo+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netdb.h>
+
+int
+main ()
+{
+ struct addrinfo s; s.ai_flags = AI_PASSIVE;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_struct_addrinfo="yes"
+else
+ ac_cv_have_struct_addrinfo="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_addrinfo" >&5
+$as_echo "$ac_cv_have_struct_addrinfo" >&6; }
+if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
+
+$as_echo "#define HAVE_STRUCT_ADDRINFO 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct timeval" >&5
+$as_echo_n "checking for struct timeval... " >&6; }
+if ${ac_cv_have_struct_timeval+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <sys/time.h>
+int
+main ()
+{
+ struct timeval tv; tv.tv_sec = 1;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_struct_timeval="yes"
+else
+ ac_cv_have_struct_timeval="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_timeval" >&5
+$as_echo "$ac_cv_have_struct_timeval" >&6; }
+if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
+
+$as_echo "#define HAVE_STRUCT_TIMEVAL 1" >>confdefs.h
+
+ have_struct_timeval=1
+fi
+
+ac_fn_c_check_type "$LINENO" "struct timespec" "ac_cv_type_struct_timespec" "$ac_includes_default"
+if test "x$ac_cv_type_struct_timespec" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_TIMESPEC 1
+_ACEOF
+
+
+fi
+
+
+# We need int64_t or else certian parts of the compile will fail.
+if test "x$ac_cv_have_int64_t" = "xno" && \
+ test "x$ac_cv_sizeof_long_int" != "x8" && \
+ test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
+ echo "OpenSSH requires int64_t support. Contact your vendor or install"
+ echo "an alternative compiler (I.E., GCC) before continuing."
+ echo ""
+ exit 1;
+else
+ if test "$cross_compiling" = yes; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Assuming working snprintf()" >&5
+$as_echo "$as_me: WARNING: cross compiling: Assuming working snprintf()" >&2;}
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdio.h>
+#include <string.h>
+#ifdef HAVE_SNPRINTF
+main()
+{
+ char buf[50];
+ char expected_out[50];
+ int mazsize = 50 ;
+#if (SIZEOF_LONG_INT == 8)
+ long int num = 0x7fffffffffffffff;
+#else
+ long long num = 0x7fffffffffffffffll;
+#endif
+ strcpy(expected_out, "9223372036854775807");
+ snprintf(buf, mazsize, "%lld", num);
+ if(strcmp(buf, expected_out) != 0)
+ exit(1);
+ exit(0);
+}
+#else
+main() { exit(0); }
+#endif
+
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ true
+else
+ $as_echo "#define BROKEN_SNPRINTF 1" >>confdefs.h
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+
+
+# look for field 'ut_host' in header 'utmp.h'
+ ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
+ ossh_varname="ossh_cv_$ossh_safe""_has_"ut_host
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_host field in utmp.h" >&5
+$as_echo_n "checking for ut_host field in utmp.h... " >&6; }
+ if eval \${$ossh_varname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <utmp.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "ut_host" >/dev/null 2>&1; then :
+ eval "$ossh_varname=yes"
+else
+ eval "$ossh_varname=no"
+fi
+rm -f conftest*
+
+fi
+
+ ossh_result=`eval 'echo $'"$ossh_varname"`
+ if test -n "`echo $ossh_varname`"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
+$as_echo "$ossh_result" >&6; }
+ if test "x$ossh_result" = "xyes"; then
+
+$as_echo "#define HAVE_HOST_IN_UTMP 1" >>confdefs.h
+
+ fi
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+
+
+# look for field 'ut_host' in header 'utmpx.h'
+ ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
+ ossh_varname="ossh_cv_$ossh_safe""_has_"ut_host
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_host field in utmpx.h" >&5
+$as_echo_n "checking for ut_host field in utmpx.h... " >&6; }
+ if eval \${$ossh_varname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <utmpx.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "ut_host" >/dev/null 2>&1; then :
+ eval "$ossh_varname=yes"
+else
+ eval "$ossh_varname=no"
+fi
+rm -f conftest*
+
+fi
+
+ ossh_result=`eval 'echo $'"$ossh_varname"`
+ if test -n "`echo $ossh_varname`"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
+$as_echo "$ossh_result" >&6; }
+ if test "x$ossh_result" = "xyes"; then
+
+$as_echo "#define HAVE_HOST_IN_UTMPX 1" >>confdefs.h
+
+ fi
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+
+
+# look for field 'syslen' in header 'utmpx.h'
+ ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
+ ossh_varname="ossh_cv_$ossh_safe""_has_"syslen
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for syslen field in utmpx.h" >&5
+$as_echo_n "checking for syslen field in utmpx.h... " >&6; }
+ if eval \${$ossh_varname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <utmpx.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "syslen" >/dev/null 2>&1; then :
+ eval "$ossh_varname=yes"
+else
+ eval "$ossh_varname=no"
+fi
+rm -f conftest*
+
+fi
+
+ ossh_result=`eval 'echo $'"$ossh_varname"`
+ if test -n "`echo $ossh_varname`"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
+$as_echo "$ossh_result" >&6; }
+ if test "x$ossh_result" = "xyes"; then
+
+$as_echo "#define HAVE_SYSLEN_IN_UTMPX 1" >>confdefs.h
+
+ fi
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+
+
+# look for field 'ut_pid' in header 'utmp.h'
+ ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
+ ossh_varname="ossh_cv_$ossh_safe""_has_"ut_pid
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_pid field in utmp.h" >&5
+$as_echo_n "checking for ut_pid field in utmp.h... " >&6; }
+ if eval \${$ossh_varname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <utmp.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "ut_pid" >/dev/null 2>&1; then :
+ eval "$ossh_varname=yes"
+else
+ eval "$ossh_varname=no"
+fi
+rm -f conftest*
+
+fi
+
+ ossh_result=`eval 'echo $'"$ossh_varname"`
+ if test -n "`echo $ossh_varname`"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
+$as_echo "$ossh_result" >&6; }
+ if test "x$ossh_result" = "xyes"; then
+
+$as_echo "#define HAVE_PID_IN_UTMP 1" >>confdefs.h
+
+ fi
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+
+
+# look for field 'ut_type' in header 'utmp.h'
+ ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
+ ossh_varname="ossh_cv_$ossh_safe""_has_"ut_type
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_type field in utmp.h" >&5
+$as_echo_n "checking for ut_type field in utmp.h... " >&6; }
+ if eval \${$ossh_varname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <utmp.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "ut_type" >/dev/null 2>&1; then :
+ eval "$ossh_varname=yes"
+else
+ eval "$ossh_varname=no"
+fi
+rm -f conftest*
+
+fi
+
+ ossh_result=`eval 'echo $'"$ossh_varname"`
+ if test -n "`echo $ossh_varname`"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
+$as_echo "$ossh_result" >&6; }
+ if test "x$ossh_result" = "xyes"; then
+
+$as_echo "#define HAVE_TYPE_IN_UTMP 1" >>confdefs.h
+
+ fi
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+
+
+# look for field 'ut_type' in header 'utmpx.h'
+ ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
+ ossh_varname="ossh_cv_$ossh_safe""_has_"ut_type
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_type field in utmpx.h" >&5
+$as_echo_n "checking for ut_type field in utmpx.h... " >&6; }
+ if eval \${$ossh_varname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <utmpx.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "ut_type" >/dev/null 2>&1; then :
+ eval "$ossh_varname=yes"
+else
+ eval "$ossh_varname=no"
+fi
+rm -f conftest*
+
+fi
+
+ ossh_result=`eval 'echo $'"$ossh_varname"`
+ if test -n "`echo $ossh_varname`"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
+$as_echo "$ossh_result" >&6; }
+ if test "x$ossh_result" = "xyes"; then
+
+$as_echo "#define HAVE_TYPE_IN_UTMPX 1" >>confdefs.h
+
+ fi
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+
+
+# look for field 'ut_tv' in header 'utmp.h'
+ ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
+ ossh_varname="ossh_cv_$ossh_safe""_has_"ut_tv
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_tv field in utmp.h" >&5
+$as_echo_n "checking for ut_tv field in utmp.h... " >&6; }
+ if eval \${$ossh_varname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <utmp.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "ut_tv" >/dev/null 2>&1; then :
+ eval "$ossh_varname=yes"
+else
+ eval "$ossh_varname=no"
+fi
+rm -f conftest*
+
+fi
+
+ ossh_result=`eval 'echo $'"$ossh_varname"`
+ if test -n "`echo $ossh_varname`"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
+$as_echo "$ossh_result" >&6; }
+ if test "x$ossh_result" = "xyes"; then
+
+$as_echo "#define HAVE_TV_IN_UTMP 1" >>confdefs.h
+
+ fi
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+
+
+# look for field 'ut_id' in header 'utmp.h'
+ ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
+ ossh_varname="ossh_cv_$ossh_safe""_has_"ut_id
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_id field in utmp.h" >&5
+$as_echo_n "checking for ut_id field in utmp.h... " >&6; }
+ if eval \${$ossh_varname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <utmp.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "ut_id" >/dev/null 2>&1; then :
+ eval "$ossh_varname=yes"
+else
+ eval "$ossh_varname=no"
+fi
+rm -f conftest*
+
+fi
+
+ ossh_result=`eval 'echo $'"$ossh_varname"`
+ if test -n "`echo $ossh_varname`"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
+$as_echo "$ossh_result" >&6; }
+ if test "x$ossh_result" = "xyes"; then
+
+$as_echo "#define HAVE_ID_IN_UTMP 1" >>confdefs.h
+
+ fi
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+
+
+# look for field 'ut_id' in header 'utmpx.h'
+ ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
+ ossh_varname="ossh_cv_$ossh_safe""_has_"ut_id
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_id field in utmpx.h" >&5
+$as_echo_n "checking for ut_id field in utmpx.h... " >&6; }
+ if eval \${$ossh_varname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <utmpx.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "ut_id" >/dev/null 2>&1; then :
+ eval "$ossh_varname=yes"
+else
+ eval "$ossh_varname=no"
+fi
+rm -f conftest*
+
+fi
+
+ ossh_result=`eval 'echo $'"$ossh_varname"`
+ if test -n "`echo $ossh_varname`"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
+$as_echo "$ossh_result" >&6; }
+ if test "x$ossh_result" = "xyes"; then
+
+$as_echo "#define HAVE_ID_IN_UTMPX 1" >>confdefs.h
+
+ fi
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+
+
+# look for field 'ut_addr' in header 'utmp.h'
+ ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
+ ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_addr field in utmp.h" >&5
+$as_echo_n "checking for ut_addr field in utmp.h... " >&6; }
+ if eval \${$ossh_varname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <utmp.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "ut_addr" >/dev/null 2>&1; then :
+ eval "$ossh_varname=yes"
+else
+ eval "$ossh_varname=no"
+fi
+rm -f conftest*
+
+fi
+
+ ossh_result=`eval 'echo $'"$ossh_varname"`
+ if test -n "`echo $ossh_varname`"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
+$as_echo "$ossh_result" >&6; }
+ if test "x$ossh_result" = "xyes"; then
+
+$as_echo "#define HAVE_ADDR_IN_UTMP 1" >>confdefs.h
+
+ fi
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+
+
+# look for field 'ut_addr' in header 'utmpx.h'
+ ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
+ ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_addr field in utmpx.h" >&5
+$as_echo_n "checking for ut_addr field in utmpx.h... " >&6; }
+ if eval \${$ossh_varname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <utmpx.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "ut_addr" >/dev/null 2>&1; then :
+ eval "$ossh_varname=yes"
+else
+ eval "$ossh_varname=no"
+fi
+rm -f conftest*
+
+fi
+
+ ossh_result=`eval 'echo $'"$ossh_varname"`
+ if test -n "`echo $ossh_varname`"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
+$as_echo "$ossh_result" >&6; }
+ if test "x$ossh_result" = "xyes"; then
+
+$as_echo "#define HAVE_ADDR_IN_UTMPX 1" >>confdefs.h
+
+ fi
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+
+
+# look for field 'ut_addr_v6' in header 'utmp.h'
+ ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
+ ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr_v6
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_addr_v6 field in utmp.h" >&5
+$as_echo_n "checking for ut_addr_v6 field in utmp.h... " >&6; }
+ if eval \${$ossh_varname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <utmp.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "ut_addr_v6" >/dev/null 2>&1; then :
+ eval "$ossh_varname=yes"
+else
+ eval "$ossh_varname=no"
+fi
+rm -f conftest*
+
+fi
+
+ ossh_result=`eval 'echo $'"$ossh_varname"`
+ if test -n "`echo $ossh_varname`"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
+$as_echo "$ossh_result" >&6; }
+ if test "x$ossh_result" = "xyes"; then
+
+$as_echo "#define HAVE_ADDR_V6_IN_UTMP 1" >>confdefs.h
+
+ fi
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+
+
+# look for field 'ut_addr_v6' in header 'utmpx.h'
+ ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
+ ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr_v6
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_addr_v6 field in utmpx.h" >&5
+$as_echo_n "checking for ut_addr_v6 field in utmpx.h... " >&6; }
+ if eval \${$ossh_varname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <utmpx.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "ut_addr_v6" >/dev/null 2>&1; then :
+ eval "$ossh_varname=yes"
+else
+ eval "$ossh_varname=no"
+fi
+rm -f conftest*
+
+fi
+
+ ossh_result=`eval 'echo $'"$ossh_varname"`
+ if test -n "`echo $ossh_varname`"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
+$as_echo "$ossh_result" >&6; }
+ if test "x$ossh_result" = "xyes"; then
+
+$as_echo "#define HAVE_ADDR_V6_IN_UTMPX 1" >>confdefs.h
+
+ fi
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+
+
+# look for field 'ut_exit' in header 'utmp.h'
+ ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
+ ossh_varname="ossh_cv_$ossh_safe""_has_"ut_exit
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_exit field in utmp.h" >&5
+$as_echo_n "checking for ut_exit field in utmp.h... " >&6; }
+ if eval \${$ossh_varname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <utmp.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "ut_exit" >/dev/null 2>&1; then :
+ eval "$ossh_varname=yes"
+else
+ eval "$ossh_varname=no"
+fi
+rm -f conftest*
+
+fi
+
+ ossh_result=`eval 'echo $'"$ossh_varname"`
+ if test -n "`echo $ossh_varname`"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
+$as_echo "$ossh_result" >&6; }
+ if test "x$ossh_result" = "xyes"; then
+
+$as_echo "#define HAVE_EXIT_IN_UTMP 1" >>confdefs.h
+
+ fi
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+
+
+# look for field 'ut_time' in header 'utmp.h'
+ ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
+ ossh_varname="ossh_cv_$ossh_safe""_has_"ut_time
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_time field in utmp.h" >&5
+$as_echo_n "checking for ut_time field in utmp.h... " >&6; }
+ if eval \${$ossh_varname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <utmp.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "ut_time" >/dev/null 2>&1; then :
+ eval "$ossh_varname=yes"
+else
+ eval "$ossh_varname=no"
+fi
+rm -f conftest*
+
+fi
+
+ ossh_result=`eval 'echo $'"$ossh_varname"`
+ if test -n "`echo $ossh_varname`"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
+$as_echo "$ossh_result" >&6; }
+ if test "x$ossh_result" = "xyes"; then
+
+$as_echo "#define HAVE_TIME_IN_UTMP 1" >>confdefs.h
+
+ fi
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+
+
+# look for field 'ut_time' in header 'utmpx.h'
+ ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
+ ossh_varname="ossh_cv_$ossh_safe""_has_"ut_time
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_time field in utmpx.h" >&5
+$as_echo_n "checking for ut_time field in utmpx.h... " >&6; }
+ if eval \${$ossh_varname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <utmpx.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "ut_time" >/dev/null 2>&1; then :
+ eval "$ossh_varname=yes"
+else
+ eval "$ossh_varname=no"
+fi
+rm -f conftest*
+
+fi
+
+ ossh_result=`eval 'echo $'"$ossh_varname"`
+ if test -n "`echo $ossh_varname`"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
+$as_echo "$ossh_result" >&6; }
+ if test "x$ossh_result" = "xyes"; then
+
+$as_echo "#define HAVE_TIME_IN_UTMPX 1" >>confdefs.h
+
+ fi
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+
+
+# look for field 'ut_tv' in header 'utmpx.h'
+ ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
+ ossh_varname="ossh_cv_$ossh_safe""_has_"ut_tv
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_tv field in utmpx.h" >&5
+$as_echo_n "checking for ut_tv field in utmpx.h... " >&6; }
+ if eval \${$ossh_varname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <utmpx.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "ut_tv" >/dev/null 2>&1; then :
+ eval "$ossh_varname=yes"
+else
+ eval "$ossh_varname=no"
+fi
+rm -f conftest*
+
+fi
+
+ ossh_result=`eval 'echo $'"$ossh_varname"`
+ if test -n "`echo $ossh_varname`"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
+$as_echo "$ossh_result" >&6; }
+ if test "x$ossh_result" = "xyes"; then
+
+$as_echo "#define HAVE_TV_IN_UTMPX 1" >>confdefs.h
+
+ fi
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+
+
+ac_fn_c_check_member "$LINENO" "struct stat" "st_blksize" "ac_cv_member_struct_stat_st_blksize" "$ac_includes_default"
+if test "x$ac_cv_member_struct_stat_st_blksize" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_STAT_ST_BLKSIZE 1
+_ACEOF
+
+
+fi
+
+ac_fn_c_check_member "$LINENO" "struct passwd" "pw_gecos" "ac_cv_member_struct_passwd_pw_gecos" "
+#include <sys/types.h>
+#include <pwd.h>
+
+"
+if test "x$ac_cv_member_struct_passwd_pw_gecos" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_PASSWD_PW_GECOS 1
+_ACEOF
+
+
+fi
+ac_fn_c_check_member "$LINENO" "struct passwd" "pw_class" "ac_cv_member_struct_passwd_pw_class" "
+#include <sys/types.h>
+#include <pwd.h>
+
+"
+if test "x$ac_cv_member_struct_passwd_pw_class" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_PASSWD_PW_CLASS 1
+_ACEOF
+
+
+fi
+ac_fn_c_check_member "$LINENO" "struct passwd" "pw_change" "ac_cv_member_struct_passwd_pw_change" "
+#include <sys/types.h>
+#include <pwd.h>
+
+"
+if test "x$ac_cv_member_struct_passwd_pw_change" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_PASSWD_PW_CHANGE 1
+_ACEOF
+
+
+fi
+ac_fn_c_check_member "$LINENO" "struct passwd" "pw_expire" "ac_cv_member_struct_passwd_pw_expire" "
+#include <sys/types.h>
+#include <pwd.h>
+
+"
+if test "x$ac_cv_member_struct_passwd_pw_expire" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_PASSWD_PW_EXPIRE 1
+_ACEOF
+
+
+fi
+
+
+ac_fn_c_check_member "$LINENO" "struct __res_state" "retrans" "ac_cv_member_struct___res_state_retrans" "
+#include <stdio.h>
+#if HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <resolv.h>
+
+"
+if test "x$ac_cv_member_struct___res_state_retrans" = xyes; then :
+
+else
+
+$as_echo "#define __res_state state" >>confdefs.h
+
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ss_family field in struct sockaddr_storage" >&5
+$as_echo_n "checking for ss_family field in struct sockaddr_storage... " >&6; }
+if ${ac_cv_have_ss_family_in_struct_ss+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+
+int
+main ()
+{
+ struct sockaddr_storage s; s.ss_family = 1;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_ss_family_in_struct_ss="yes"
+else
+ ac_cv_have_ss_family_in_struct_ss="no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_ss_family_in_struct_ss" >&5
+$as_echo "$ac_cv_have_ss_family_in_struct_ss" >&6; }
+if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
+
+$as_echo "#define HAVE_SS_FAMILY_IN_SS 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for __ss_family field in struct sockaddr_storage" >&5
+$as_echo_n "checking for __ss_family field in struct sockaddr_storage... " >&6; }
+if ${ac_cv_have___ss_family_in_struct_ss+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+
+int
+main ()
+{
+ struct sockaddr_storage s; s.__ss_family = 1;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have___ss_family_in_struct_ss="yes"
+else
+ ac_cv_have___ss_family_in_struct_ss="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have___ss_family_in_struct_ss" >&5
+$as_echo "$ac_cv_have___ss_family_in_struct_ss" >&6; }
+if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
+
+$as_echo "#define HAVE___SS_FAMILY_IN_SS 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for msg_accrights field in struct msghdr" >&5
+$as_echo_n "checking for msg_accrights field in struct msghdr... " >&6; }
+if ${ac_cv_have_accrights_in_msghdr+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/uio.h>
+
+int
+main ()
+{
+
+#ifdef msg_accrights
+#error "msg_accrights is a macro"
+exit(1);
+#endif
+struct msghdr m;
+m.msg_accrights = 0;
+exit(0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_accrights_in_msghdr="yes"
+else
+ ac_cv_have_accrights_in_msghdr="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_accrights_in_msghdr" >&5
+$as_echo "$ac_cv_have_accrights_in_msghdr" >&6; }
+if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
+
+$as_echo "#define HAVE_ACCRIGHTS_IN_MSGHDR 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if struct statvfs.f_fsid is integral type" >&5
+$as_echo_n "checking if struct statvfs.f_fsid is integral type... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/param.h>
+#include <sys/stat.h>
+#ifdef HAVE_SYS_TIME_H
+# include <sys/time.h>
+#endif
+#ifdef HAVE_SYS_MOUNT_H
+#include <sys/mount.h>
+#endif
+#ifdef HAVE_SYS_STATVFS_H
+#include <sys/statvfs.h>
+#endif
+
+int
+main ()
+{
+ struct statvfs s; s.f_fsid = 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if fsid_t has member val" >&5
+$as_echo_n "checking if fsid_t has member val... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <sys/statvfs.h>
+
+int
+main ()
+{
+ fsid_t t; t.val[0] = 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define FSID_HAS_VAL 1" >>confdefs.h
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if f_fsid has member __val" >&5
+$as_echo_n "checking if f_fsid has member __val... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <sys/statvfs.h>
+
+int
+main ()
+{
+ fsid_t t; t.__val[0] = 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define FSID_HAS___VAL 1" >>confdefs.h
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for msg_control field in struct msghdr" >&5
+$as_echo_n "checking for msg_control field in struct msghdr... " >&6; }
+if ${ac_cv_have_control_in_msghdr+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/uio.h>
+
+int
+main ()
+{
+
+#ifdef msg_control
+#error "msg_control is a macro"
+exit(1);
+#endif
+struct msghdr m;
+m.msg_control = 0;
+exit(0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_control_in_msghdr="yes"
+else
+ ac_cv_have_control_in_msghdr="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_control_in_msghdr" >&5
+$as_echo "$ac_cv_have_control_in_msghdr" >&6; }
+if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
+
+$as_echo "#define HAVE_CONTROL_IN_MSGHDR 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if libc defines __progname" >&5
+$as_echo_n "checking if libc defines __progname... " >&6; }
+if ${ac_cv_libc_defines___progname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+ extern char *__progname; printf("%s", __progname);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_libc_defines___progname="yes"
+else
+ ac_cv_libc_defines___progname="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libc_defines___progname" >&5
+$as_echo "$ac_cv_libc_defines___progname" >&6; }
+if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
+
+$as_echo "#define HAVE___PROGNAME 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC implements __FUNCTION__" >&5
+$as_echo_n "checking whether $CC implements __FUNCTION__... " >&6; }
+if ${ac_cv_cc_implements___FUNCTION__+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <stdio.h>
+int
+main ()
+{
+ printf("%s", __FUNCTION__);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_cc_implements___FUNCTION__="yes"
+else
+ ac_cv_cc_implements___FUNCTION__="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_cc_implements___FUNCTION__" >&5
+$as_echo "$ac_cv_cc_implements___FUNCTION__" >&6; }
+if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
+
+$as_echo "#define HAVE___FUNCTION__ 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC implements __func__" >&5
+$as_echo_n "checking whether $CC implements __func__... " >&6; }
+if ${ac_cv_cc_implements___func__+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <stdio.h>
+int
+main ()
+{
+ printf("%s", __func__);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_cc_implements___func__="yes"
+else
+ ac_cv_cc_implements___func__="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_cc_implements___func__" >&5
+$as_echo "$ac_cv_cc_implements___func__" >&6; }
+if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
+
+$as_echo "#define HAVE___func__ 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether va_copy exists" >&5
+$as_echo_n "checking whether va_copy exists... " >&6; }
+if ${ac_cv_have_va_copy+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdarg.h>
+va_list x,y;
+
+int
+main ()
+{
+ va_copy(x,y);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_have_va_copy="yes"
+else
+ ac_cv_have_va_copy="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_va_copy" >&5
+$as_echo "$ac_cv_have_va_copy" >&6; }
+if test "x$ac_cv_have_va_copy" = "xyes" ; then
+
+$as_echo "#define HAVE_VA_COPY 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether __va_copy exists" >&5
+$as_echo_n "checking whether __va_copy exists... " >&6; }
+if ${ac_cv_have___va_copy+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdarg.h>
+va_list x,y;
+
+int
+main ()
+{
+ __va_copy(x,y);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_have___va_copy="yes"
+else
+ ac_cv_have___va_copy="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have___va_copy" >&5
+$as_echo "$ac_cv_have___va_copy" >&6; }
+if test "x$ac_cv_have___va_copy" = "xyes" ; then
+
+$as_echo "#define HAVE___VA_COPY 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether getopt has optreset support" >&5
+$as_echo_n "checking whether getopt has optreset support... " >&6; }
+if ${ac_cv_have_getopt_optreset+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <getopt.h>
+int
+main ()
+{
+ extern int optreset; optreset = 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_have_getopt_optreset="yes"
+else
+ ac_cv_have_getopt_optreset="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_getopt_optreset" >&5
+$as_echo "$ac_cv_have_getopt_optreset" >&6; }
+if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
+
+$as_echo "#define HAVE_GETOPT_OPTRESET 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if libc defines sys_errlist" >&5
+$as_echo_n "checking if libc defines sys_errlist... " >&6; }
+if ${ac_cv_libc_defines_sys_errlist+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_libc_defines_sys_errlist="yes"
+else
+ ac_cv_libc_defines_sys_errlist="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libc_defines_sys_errlist" >&5
+$as_echo "$ac_cv_libc_defines_sys_errlist" >&6; }
+if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
+
+$as_echo "#define HAVE_SYS_ERRLIST 1" >>confdefs.h
+
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if libc defines sys_nerr" >&5
+$as_echo_n "checking if libc defines sys_nerr... " >&6; }
+if ${ac_cv_libc_defines_sys_nerr+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+ extern int sys_nerr; printf("%i", sys_nerr);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_libc_defines_sys_nerr="yes"
+else
+ ac_cv_libc_defines_sys_nerr="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libc_defines_sys_nerr" >&5
+$as_echo "$ac_cv_libc_defines_sys_nerr" >&6; }
+if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
+
+$as_echo "#define HAVE_SYS_NERR 1" >>confdefs.h
+
+fi
+
+# Check libraries needed by DNS fingerprint support
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing getrrsetbyname" >&5
+$as_echo_n "checking for library containing getrrsetbyname... " >&6; }
+if ${ac_cv_search_getrrsetbyname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char getrrsetbyname ();
+int
+main ()
+{
+return getrrsetbyname ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' resolv; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_getrrsetbyname=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_getrrsetbyname+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_getrrsetbyname+:} false; then :
+
+else
+ ac_cv_search_getrrsetbyname=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_getrrsetbyname" >&5
+$as_echo "$ac_cv_search_getrrsetbyname" >&6; }
+ac_res=$ac_cv_search_getrrsetbyname
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+$as_echo "#define HAVE_GETRRSETBYNAME 1" >>confdefs.h
+
+else
+
+ # Needed by our getrrsetbyname()
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing res_query" >&5
+$as_echo_n "checking for library containing res_query... " >&6; }
+if ${ac_cv_search_res_query+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char res_query ();
+int
+main ()
+{
+return res_query ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' resolv; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_res_query=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_res_query+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_res_query+:} false; then :
+
+else
+ ac_cv_search_res_query=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_res_query" >&5
+$as_echo "$ac_cv_search_res_query" >&6; }
+ac_res=$ac_cv_search_res_query
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dn_expand" >&5
+$as_echo_n "checking for library containing dn_expand... " >&6; }
+if ${ac_cv_search_dn_expand+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dn_expand ();
+int
+main ()
+{
+return dn_expand ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' resolv; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_dn_expand=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_dn_expand+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_dn_expand+:} false; then :
+
+else
+ ac_cv_search_dn_expand=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dn_expand" >&5
+$as_echo "$ac_cv_search_dn_expand" >&6; }
+ac_res=$ac_cv_search_dn_expand
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if res_query will link" >&5
+$as_echo_n "checking if res_query will link... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <netdb.h>
+#include <resolv.h>
+
+int
+main ()
+{
+
+ res_query (0, 0, 0, 0, 0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ saved_LIBS="$LIBS"
+ LIBS="$LIBS -lresolv"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for res_query in -lresolv" >&5
+$as_echo_n "checking for res_query in -lresolv... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <netdb.h>
+#include <resolv.h>
+
+int
+main ()
+{
+
+ res_query (0, 0, 0, 0, 0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ LIBS="$saved_LIBS"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ for ac_func in _getshort _getlong
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+ ac_fn_c_check_decl "$LINENO" "_getshort" "ac_cv_have_decl__getshort" "#include <sys/types.h>
+ #include <arpa/nameser.h>
+"
+if test "x$ac_cv_have_decl__getshort" = xyes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL__GETSHORT $ac_have_decl
+_ACEOF
+ac_fn_c_check_decl "$LINENO" "_getlong" "ac_cv_have_decl__getlong" "#include <sys/types.h>
+ #include <arpa/nameser.h>
+"
+if test "x$ac_cv_have_decl__getlong" = xyes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL__GETLONG $ac_have_decl
+_ACEOF
+
+ ac_fn_c_check_member "$LINENO" "HEADER" "ad" "ac_cv_member_HEADER_ad" "#include <arpa/nameser.h>
+"
+if test "x$ac_cv_member_HEADER_ad" = xyes; then :
+
+$as_echo "#define HAVE_HEADER_AD 1" >>confdefs.h
+
+fi
+
+
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if struct __res_state _res is an extern" >&5
+$as_echo_n "checking if struct __res_state _res is an extern... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdio.h>
+#if HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <resolv.h>
+extern struct __res_state _res;
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define HAVE__RES_EXTERN 1" >>confdefs.h
+
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+# Check whether user wants SELinux support
+SELINUX_MSG="no"
+LIBSELINUX=""
+
+# Check whether --with-selinux was given.
+if test "${with_selinux+set}" = set; then :
+ withval=$with_selinux; if test "x$withval" != "xno" ; then
+ save_LIBS="$LIBS"
+
+$as_echo "#define WITH_SELINUX 1" >>confdefs.h
+
+ SELINUX_MSG="yes"
+ ac_fn_c_check_header_mongrel "$LINENO" "selinux/selinux.h" "ac_cv_header_selinux_selinux_h" "$ac_includes_default"
+if test "x$ac_cv_header_selinux_selinux_h" = xyes; then :
+
+else
+ as_fn_error $? "SELinux support requires selinux.h header" "$LINENO" 5
+fi
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for setexeccon in -lselinux" >&5
+$as_echo_n "checking for setexeccon in -lselinux... " >&6; }
+if ${ac_cv_lib_selinux_setexeccon+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lselinux $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char setexeccon ();
+int
+main ()
+{
+return setexeccon ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_selinux_setexeccon=yes
+else
+ ac_cv_lib_selinux_setexeccon=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_selinux_setexeccon" >&5
+$as_echo "$ac_cv_lib_selinux_setexeccon" >&6; }
+if test "x$ac_cv_lib_selinux_setexeccon" = xyes; then :
+ LIBSELINUX="-lselinux"
+ LIBS="$LIBS -lselinux"
+
+else
+ as_fn_error $? "SELinux support requires libselinux library" "$LINENO" 5
+fi
+
+ SSHLIBS="$SSHLIBS $LIBSELINUX"
+ SSHDLIBS="$SSHDLIBS $LIBSELINUX"
+ for ac_func in getseuserbyname get_default_context_with_level
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+ LIBS="$save_LIBS"
+ fi
+
+fi
+
+
+
+
+# Check whether user wants Kerberos 5 support
+KRB5_MSG="no"
+
+# Check whether --with-kerberos5 was given.
+if test "${with_kerberos5+set}" = set; then :
+ withval=$with_kerberos5; if test "x$withval" != "xno" ; then
+ if test "x$withval" = "xyes" ; then
+ KRB5ROOT="/usr/local"
+ else
+ KRB5ROOT=${withval}
+ fi
+
+
+$as_echo "#define KRB5 1" >>confdefs.h
+
+ KRB5_MSG="yes"
+
+ # Extract the first word of "krb5-config", so it can be a program name with args.
+set dummy krb5-config; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_KRB5CONF+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $KRB5CONF in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_KRB5CONF="$KRB5CONF" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_dummy="$KRB5ROOT/bin:$PATH"
+for as_dir in $as_dummy
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_KRB5CONF="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ test -z "$ac_cv_path_KRB5CONF" && ac_cv_path_KRB5CONF="$KRB5ROOT/bin/krb5-config"
+ ;;
+esac
+fi
+KRB5CONF=$ac_cv_path_KRB5CONF
+if test -n "$KRB5CONF"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $KRB5CONF" >&5
+$as_echo "$KRB5CONF" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ if test -x $KRB5CONF ; then
+ K5CFLAGS="`$KRB5CONF --cflags`"
+ K5LIBS="`$KRB5CONF --libs`"
+ CPPFLAGS="$CPPFLAGS $K5CFLAGS"
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gssapi support" >&5
+$as_echo_n "checking for gssapi support... " >&6; }
+ if $KRB5CONF | grep gssapi >/dev/null ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define GSSAPI 1" >>confdefs.h
+
+ GSSCFLAGS="`$KRB5CONF --cflags gssapi`"
+ GSSLIBS="`$KRB5CONF --libs gssapi`"
+ CPPFLAGS="$CPPFLAGS $GSSCFLAGS"
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using Heimdal" >&5
+$as_echo_n "checking whether we are using Heimdal... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <krb5.h>
+
+int
+main ()
+{
+ char *tmp = heimdal_version;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define HEIMDAL 1" >>confdefs.h
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ else
+ CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
+ LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using Heimdal" >&5
+$as_echo_n "checking whether we are using Heimdal... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <krb5.h>
+
+int
+main ()
+{
+ char *tmp = heimdal_version;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ $as_echo "#define HEIMDAL 1" >>confdefs.h
+
+ K5LIBS="-lkrb5"
+ K5LIBS="$K5LIBS -lcom_err -lasn1"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for net_write in -lroken" >&5
+$as_echo_n "checking for net_write in -lroken... " >&6; }
+if ${ac_cv_lib_roken_net_write+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lroken $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char net_write ();
+int
+main ()
+{
+return net_write ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_roken_net_write=yes
+else
+ ac_cv_lib_roken_net_write=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_roken_net_write" >&5
+$as_echo "$ac_cv_lib_roken_net_write" >&6; }
+if test "x$ac_cv_lib_roken_net_write" = xyes; then :
+ K5LIBS="$K5LIBS -lroken"
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for des_cbc_encrypt in -ldes" >&5
+$as_echo_n "checking for des_cbc_encrypt in -ldes... " >&6; }
+if ${ac_cv_lib_des_des_cbc_encrypt+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldes $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char des_cbc_encrypt ();
+int
+main ()
+{
+return des_cbc_encrypt ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_des_des_cbc_encrypt=yes
+else
+ ac_cv_lib_des_des_cbc_encrypt=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_des_des_cbc_encrypt" >&5
+$as_echo "$ac_cv_lib_des_des_cbc_encrypt" >&6; }
+if test "x$ac_cv_lib_des_des_cbc_encrypt" = xyes; then :
+ K5LIBS="$K5LIBS -ldes"
+fi
+
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ K5LIBS="-lkrb5 -lk5crypto -lcom_err"
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dn_expand" >&5
+$as_echo_n "checking for library containing dn_expand... " >&6; }
+if ${ac_cv_search_dn_expand+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dn_expand ();
+int
+main ()
+{
+return dn_expand ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' resolv; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_dn_expand=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_dn_expand+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_dn_expand+:} false; then :
+
+else
+ ac_cv_search_dn_expand=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dn_expand" >&5
+$as_echo "$ac_cv_search_dn_expand" >&6; }
+ac_res=$ac_cv_search_dn_expand
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gss_init_sec_context in -lgssapi_krb5" >&5
+$as_echo_n "checking for gss_init_sec_context in -lgssapi_krb5... " >&6; }
+if ${ac_cv_lib_gssapi_krb5_gss_init_sec_context+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lgssapi_krb5 $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char gss_init_sec_context ();
+int
+main ()
+{
+return gss_init_sec_context ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_gssapi_krb5_gss_init_sec_context=yes
+else
+ ac_cv_lib_gssapi_krb5_gss_init_sec_context=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gssapi_krb5_gss_init_sec_context" >&5
+$as_echo "$ac_cv_lib_gssapi_krb5_gss_init_sec_context" >&6; }
+if test "x$ac_cv_lib_gssapi_krb5_gss_init_sec_context" = xyes; then :
+ $as_echo "#define GSSAPI 1" >>confdefs.h
+
+ GSSLIBS="-lgssapi_krb5"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gss_init_sec_context in -lgssapi" >&5
+$as_echo_n "checking for gss_init_sec_context in -lgssapi... " >&6; }
+if ${ac_cv_lib_gssapi_gss_init_sec_context+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lgssapi $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char gss_init_sec_context ();
+int
+main ()
+{
+return gss_init_sec_context ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_gssapi_gss_init_sec_context=yes
+else
+ ac_cv_lib_gssapi_gss_init_sec_context=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gssapi_gss_init_sec_context" >&5
+$as_echo "$ac_cv_lib_gssapi_gss_init_sec_context" >&6; }
+if test "x$ac_cv_lib_gssapi_gss_init_sec_context" = xyes; then :
+ $as_echo "#define GSSAPI 1" >>confdefs.h
+
+ GSSLIBS="-lgssapi"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gss_init_sec_context in -lgss" >&5
+$as_echo_n "checking for gss_init_sec_context in -lgss... " >&6; }
+if ${ac_cv_lib_gss_gss_init_sec_context+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lgss $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char gss_init_sec_context ();
+int
+main ()
+{
+return gss_init_sec_context ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_gss_gss_init_sec_context=yes
+else
+ ac_cv_lib_gss_gss_init_sec_context=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gss_gss_init_sec_context" >&5
+$as_echo "$ac_cv_lib_gss_gss_init_sec_context" >&6; }
+if test "x$ac_cv_lib_gss_gss_init_sec_context" = xyes; then :
+ $as_echo "#define GSSAPI 1" >>confdefs.h
+
+ GSSLIBS="-lgss"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Cannot find any suitable gss-api library - build may fail" >&5
+$as_echo "$as_me: WARNING: Cannot find any suitable gss-api library - build may fail" >&2;}
+fi
+
+
+fi
+
+
+fi
+
+
+ ac_fn_c_check_header_mongrel "$LINENO" "gssapi.h" "ac_cv_header_gssapi_h" "$ac_includes_default"
+if test "x$ac_cv_header_gssapi_h" = xyes; then :
+
+else
+ unset ac_cv_header_gssapi_h
+ CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
+ for ac_header in gssapi.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "gssapi.h" "ac_cv_header_gssapi_h" "$ac_includes_default"
+if test "x$ac_cv_header_gssapi_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_GSSAPI_H 1
+_ACEOF
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Cannot find any suitable gss-api header - build may fail" >&5
+$as_echo "$as_me: WARNING: Cannot find any suitable gss-api header - build may fail" >&2;}
+
+fi
+
+done
+
+
+
+fi
+
+
+
+ oldCPP="$CPPFLAGS"
+ CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
+ ac_fn_c_check_header_mongrel "$LINENO" "gssapi_krb5.h" "ac_cv_header_gssapi_krb5_h" "$ac_includes_default"
+if test "x$ac_cv_header_gssapi_krb5_h" = xyes; then :
+
+else
+ CPPFLAGS="$oldCPP"
+fi
+
+
+
+ fi
+ if test ! -z "$need_dash_r" ; then
+ LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
+ fi
+ if test ! -z "$blibpath" ; then
+ blibpath="$blibpath:${KRB5ROOT}/lib"
+ fi
+
+ for ac_header in gssapi.h gssapi/gssapi.h
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+ for ac_header in gssapi_krb5.h gssapi/gssapi_krb5.h
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+ for ac_header in gssapi_generic.h gssapi/gssapi_generic.h
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing k_hasafs" >&5
+$as_echo_n "checking for library containing k_hasafs... " >&6; }
+if ${ac_cv_search_k_hasafs+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char k_hasafs ();
+int
+main ()
+{
+return k_hasafs ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' kafs; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_k_hasafs=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_k_hasafs+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_k_hasafs+:} false; then :
+
+else
+ ac_cv_search_k_hasafs=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_k_hasafs" >&5
+$as_echo "$ac_cv_search_k_hasafs" >&6; }
+ac_res=$ac_cv_search_k_hasafs
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+$as_echo "#define USE_AFS 1" >>confdefs.h
+
+fi
+
+
+ ac_fn_c_check_decl "$LINENO" "GSS_C_NT_HOSTBASED_SERVICE" "ac_cv_have_decl_GSS_C_NT_HOSTBASED_SERVICE" "
+#ifdef HAVE_GSSAPI_H
+# include <gssapi.h>
+#elif defined(HAVE_GSSAPI_GSSAPI_H)
+# include <gssapi/gssapi.h>
+#endif
+
+#ifdef HAVE_GSSAPI_GENERIC_H
+# include <gssapi_generic.h>
+#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H)
+# include <gssapi/gssapi_generic.h>
+#endif
+
+"
+if test "x$ac_cv_have_decl_GSS_C_NT_HOSTBASED_SERVICE" = xyes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE $ac_have_decl
+_ACEOF
+
+ saved_LIBS="$LIBS"
+ LIBS="$LIBS $K5LIBS"
+ for ac_func in krb5_cc_new_unique krb5_get_error_message krb5_free_error_message
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+ LIBS="$saved_LIBS"
+
+ fi
+
+
+fi
+
+
+
+
+# Looking for programs, paths and files
+
+PRIVSEP_PATH=/var/empty
+
+# Check whether --with-privsep-path was given.
+if test "${with_privsep_path+set}" = set; then :
+ withval=$with_privsep_path;
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
+ PRIVSEP_PATH=$withval
+ fi
+
+
+fi
+
+
+
+
+# Check whether --with-xauth was given.
+if test "${with_xauth+set}" = set; then :
+ withval=$with_xauth;
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
+ xauth_path=$withval
+ fi
+
+else
+
+ TestPath="$PATH"
+ TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
+ TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
+ TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
+ TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
+ # Extract the first word of "xauth", so it can be a program name with args.
+set dummy xauth; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_xauth_path+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $xauth_path in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_xauth_path="$xauth_path" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $TestPath
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_xauth_path="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+xauth_path=$ac_cv_path_xauth_path
+if test -n "$xauth_path"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $xauth_path" >&5
+$as_echo "$xauth_path" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
+ xauth_path="/usr/openwin/bin/xauth"
+ fi
+
+
+fi
+
+
+STRIP_OPT=-s
+# Check whether --enable-strip was given.
+if test "${enable_strip+set}" = set; then :
+ enableval=$enable_strip;
+ if test "x$enableval" = "xno" ; then
+ STRIP_OPT=
+ fi
+
+
+fi
+
+
+
+if test -z "$xauth_path" ; then
+ XAUTH_PATH="undefined"
+
+else
+
+cat >>confdefs.h <<_ACEOF
+#define XAUTH_PATH "$xauth_path"
+_ACEOF
+
+ XAUTH_PATH=$xauth_path
+
+fi
+
+# Check for mail directory
+
+# Check whether --with-maildir was given.
+if test "${with_maildir+set}" = set; then :
+ withval=$with_maildir;
+ if test "X$withval" != X && test "x$withval" != xno && \
+ test "x${withval}" != xyes; then
+
+cat >>confdefs.h <<_ACEOF
+#define MAIL_DIRECTORY "$withval"
+_ACEOF
+
+ fi
+
+else
+
+ if test "X$maildir" != "X"; then
+ cat >>confdefs.h <<_ACEOF
+#define MAIL_DIRECTORY "$maildir"
+_ACEOF
+
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking Discovering system mail directory" >&5
+$as_echo_n "checking Discovering system mail directory... " >&6; }
+ if test "$cross_compiling" = yes; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: use --with-maildir=/path/to/mail" >&5
+$as_echo "$as_me: WARNING: cross compiling: use --with-maildir=/path/to/mail" >&2;}
+
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdio.h>
+#include <string.h>
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
+#ifdef HAVE_MAILLOCK_H
+#include <maillock.h>
+#endif
+#define DATA "conftest.maildir"
+
+int
+main ()
+{
+
+ FILE *fd;
+ int rc;
+
+ fd = fopen(DATA,"w");
+ if(fd == NULL)
+ exit(1);
+
+#if defined (_PATH_MAILDIR)
+ if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0)
+ exit(1);
+#elif defined (MAILDIR)
+ if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0)
+ exit(1);
+#elif defined (_PATH_MAIL)
+ if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0)
+ exit(1);
+#else
+ exit (2);
+#endif
+
+ exit(0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+
+ maildir_what=`awk -F: '{print $1}' conftest.maildir`
+ maildir=`awk -F: '{print $2}' conftest.maildir \
+ | sed 's|/$||'`
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: Using: $maildir from $maildir_what" >&5
+$as_echo "Using: $maildir from $maildir_what" >&6; }
+ if test "x$maildir_what" != "x_PATH_MAILDIR"; then
+ cat >>confdefs.h <<_ACEOF
+#define MAIL_DIRECTORY "$maildir"
+_ACEOF
+
+ fi
+
+else
+
+ if test "X$ac_status" = "X2";then
+# our test program didn't find it. Default to /var/spool/mail
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: Using: default value of /var/spool/mail" >&5
+$as_echo "Using: default value of /var/spool/mail" >&6; }
+ cat >>confdefs.h <<_ACEOF
+#define MAIL_DIRECTORY "/var/spool/mail"
+_ACEOF
+
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: *** not found ***" >&5
+$as_echo "*** not found ***" >&6; }
+ fi
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+ fi
+
+
+fi
+ # maildir
+
+if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Disabling /dev/ptmx test" >&5
+$as_echo "$as_me: WARNING: cross compiling: Disabling /dev/ptmx test" >&2;}
+ disable_ptmx_check=yes
+fi
+if test -z "$no_dev_ptmx" ; then
+ if test "x$disable_ptmx_check" != "xyes" ; then
+ as_ac_File=`$as_echo "ac_cv_file_"/dev/ptmx"" | $as_tr_sh`
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for \"/dev/ptmx\"" >&5
+$as_echo_n "checking for \"/dev/ptmx\"... " >&6; }
+if eval \${$as_ac_File+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ test "$cross_compiling" = yes &&
+ as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5
+if test -r ""/dev/ptmx""; then
+ eval "$as_ac_File=yes"
+else
+ eval "$as_ac_File=no"
+fi
+fi
+eval ac_res=\$$as_ac_File
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+if eval test \"x\$"$as_ac_File"\" = x"yes"; then :
+
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DEV_PTMX 1
+_ACEOF
+
+ have_dev_ptmx=1
+
+
+fi
+
+ fi
+fi
+
+if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
+ as_ac_File=`$as_echo "ac_cv_file_"/dev/ptc"" | $as_tr_sh`
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for \"/dev/ptc\"" >&5
+$as_echo_n "checking for \"/dev/ptc\"... " >&6; }
+if eval \${$as_ac_File+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ test "$cross_compiling" = yes &&
+ as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5
+if test -r ""/dev/ptc""; then
+ eval "$as_ac_File=yes"
+else
+ eval "$as_ac_File=no"
+fi
+fi
+eval ac_res=\$$as_ac_File
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+if eval test \"x\$"$as_ac_File"\" = x"yes"; then :
+
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DEV_PTS_AND_PTC 1
+_ACEOF
+
+ have_dev_ptc=1
+
+
+fi
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Disabling /dev/ptc test" >&5
+$as_echo "$as_me: WARNING: cross compiling: Disabling /dev/ptc test" >&2;}
+fi
+
+# Options from here on. Some of these are preset by platform above
+
+# Check whether --with-mantype was given.
+if test "${with_mantype+set}" = set; then :
+ withval=$with_mantype;
+ case "$withval" in
+ man|cat|doc)
+ MANTYPE=$withval
+ ;;
+ *)
+ as_fn_error $? "invalid man type: $withval" "$LINENO" 5
+ ;;
+ esac
+
+
+fi
+
+if test -z "$MANTYPE"; then
+ TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
+ for ac_prog in nroff awf
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_NROFF+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $NROFF in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_NROFF="$NROFF" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $TestPath
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_NROFF="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+NROFF=$ac_cv_path_NROFF
+if test -n "$NROFF"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NROFF" >&5
+$as_echo "$NROFF" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$NROFF" && break
+done
+test -n "$NROFF" || NROFF="/bin/false"
+
+ if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
+ MANTYPE=doc
+ elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
+ MANTYPE=man
+ else
+ MANTYPE=cat
+ fi
+fi
+
+if test "$MANTYPE" = "doc"; then
+ mansubdir=man;
+else
+ mansubdir=$MANTYPE;
+fi
+
+
+# Check whether to enable MD5 passwords
+MD5_MSG="no"
+
+# Check whether --with-md5-passwords was given.
+if test "${with_md5_passwords+set}" = set; then :
+ withval=$with_md5_passwords;
+ if test "x$withval" != "xno" ; then
+
+$as_echo "#define HAVE_MD5_PASSWORDS 1" >>confdefs.h
+
+ MD5_MSG="yes"
+ fi
+
+
+fi
+
+
+# Whether to disable shadow password support
+
+# Check whether --with-shadow was given.
+if test "${with_shadow+set}" = set; then :
+ withval=$with_shadow;
+ if test "x$withval" = "xno" ; then
+ $as_echo "#define DISABLE_SHADOW 1" >>confdefs.h
+
+ disable_shadow=yes
+ fi
+
+
+fi
+
+
+if test -z "$disable_shadow" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if the systems has expire shadow information" >&5
+$as_echo_n "checking if the systems has expire shadow information... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <shadow.h>
+struct spwd sp;
+
+int
+main ()
+{
+ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ sp_expire_available=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+ if test "x$sp_expire_available" = "xyes" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define HAS_SHADOW_EXPIRE 1" >>confdefs.h
+
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+fi
+
+# Use ip address instead of hostname in $DISPLAY
+if test ! -z "$IPADDR_IN_DISPLAY" ; then
+ DISPLAY_HACK_MSG="yes"
+
+$as_echo "#define IPADDR_IN_DISPLAY 1" >>confdefs.h
+
+else
+ DISPLAY_HACK_MSG="no"
+
+# Check whether --with-ipaddr-display was given.
+if test "${with_ipaddr_display+set}" = set; then :
+ withval=$with_ipaddr_display;
+ if test "x$withval" != "xno" ; then
+ $as_echo "#define IPADDR_IN_DISPLAY 1" >>confdefs.h
+
+ DISPLAY_HACK_MSG="yes"
+ fi
+
+
+fi
+
+fi
+
+# check for /etc/default/login and use it if present.
+# Check whether --enable-etc-default-login was given.
+if test "${enable_etc_default_login+set}" = set; then :
+ enableval=$enable_etc_default_login; if test "x$enableval" = "xno"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: /etc/default/login handling disabled" >&5
+$as_echo "$as_me: /etc/default/login handling disabled" >&6;}
+ etc_default_login=no
+ else
+ etc_default_login=yes
+ fi
+else
+ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
+ then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking /etc/default/login" >&5
+$as_echo "$as_me: WARNING: cross compiling: not checking /etc/default/login" >&2;}
+ etc_default_login=no
+ else
+ etc_default_login=yes
+ fi
+
+fi
+
+
+if test "x$etc_default_login" != "xno"; then
+ as_ac_File=`$as_echo "ac_cv_file_"/etc/default/login"" | $as_tr_sh`
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for \"/etc/default/login\"" >&5
+$as_echo_n "checking for \"/etc/default/login\"... " >&6; }
+if eval \${$as_ac_File+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ test "$cross_compiling" = yes &&
+ as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5
+if test -r ""/etc/default/login""; then
+ eval "$as_ac_File=yes"
+else
+ eval "$as_ac_File=no"
+fi
+fi
+eval ac_res=\$$as_ac_File
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+if eval test \"x\$"$as_ac_File"\" = x"yes"; then :
+ external_path_file=/etc/default/login
+fi
+
+ if test "x$external_path_file" = "x/etc/default/login"; then
+
+$as_echo "#define HAVE_ETC_DEFAULT_LOGIN 1" >>confdefs.h
+
+ fi
+fi
+
+if test $ac_cv_func_login_getcapbool = "yes" && \
+ test $ac_cv_header_login_cap_h = "yes" ; then
+ external_path_file=/etc/login.conf
+fi
+
+# Whether to mess with the default path
+SERVER_PATH_MSG="(default)"
+
+# Check whether --with-default-path was given.
+if test "${with_default_path+set}" = set; then :
+ withval=$with_default_path;
+ if test "x$external_path_file" = "x/etc/login.conf" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING:
+--with-default-path=PATH has no effect on this system.
+Edit /etc/login.conf instead." >&5
+$as_echo "$as_me: WARNING:
+--with-default-path=PATH has no effect on this system.
+Edit /etc/login.conf instead." >&2;}
+ elif test "x$withval" != "xno" ; then
+ if test ! -z "$external_path_file" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING:
+--with-default-path=PATH will only be used if PATH is not defined in
+$external_path_file ." >&5
+$as_echo "$as_me: WARNING:
+--with-default-path=PATH will only be used if PATH is not defined in
+$external_path_file ." >&2;}
+ fi
+ user_path="$withval"
+ SERVER_PATH_MSG="$withval"
+ fi
+
+else
+ if test "x$external_path_file" = "x/etc/login.conf" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Make sure the path to scp is in /etc/login.conf" >&5
+$as_echo "$as_me: WARNING: Make sure the path to scp is in /etc/login.conf" >&2;}
+ else
+ if test ! -z "$external_path_file" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING:
+If PATH is defined in $external_path_file, ensure the path to scp is included,
+otherwise scp will not work." >&5
+$as_echo "$as_me: WARNING:
+If PATH is defined in $external_path_file, ensure the path to scp is included,
+otherwise scp will not work." >&2;}
+ fi
+ if test "$cross_compiling" = yes; then :
+ user_path="/usr/bin:/bin:/usr/sbin:/sbin"
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* find out what STDPATH is */
+#include <stdio.h>
+#ifdef HAVE_PATHS_H
+# include <paths.h>
+#endif
+#ifndef _PATH_STDPATH
+# ifdef _PATH_USERPATH /* Irix */
+# define _PATH_STDPATH _PATH_USERPATH
+# else
+# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
+# endif
+#endif
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#define DATA "conftest.stdpath"
+
+int
+main ()
+{
+
+ FILE *fd;
+ int rc;
+
+ fd = fopen(DATA,"w");
+ if(fd == NULL)
+ exit(1);
+
+ if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
+ exit(1);
+
+ exit(0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ user_path=`cat conftest.stdpath`
+else
+ user_path="/usr/bin:/bin:/usr/sbin:/sbin"
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+# make sure $bindir is in USER_PATH so scp will work
+ t_bindir="${bindir}"
+ while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do
+ t_bindir=`eval echo ${t_bindir}`
+ case $t_bindir in
+ NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
+ esac
+ case $t_bindir in
+ NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
+ esac
+ done
+ echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
+ if test $? -ne 0 ; then
+ echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
+ if test $? -ne 0 ; then
+ user_path=$user_path:$t_bindir
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: Adding $t_bindir to USER_PATH so scp will work" >&5
+$as_echo "Adding $t_bindir to USER_PATH so scp will work" >&6; }
+ fi
+ fi
+ fi
+
+fi
+
+if test "x$external_path_file" != "x/etc/login.conf" ; then
+
+cat >>confdefs.h <<_ACEOF
+#define USER_PATH "$user_path"
+_ACEOF
+
+
+fi
+
+# Set superuser path separately to user path
+
+# Check whether --with-superuser-path was given.
+if test "${with_superuser_path+set}" = set; then :
+ withval=$with_superuser_path;
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
+
+cat >>confdefs.h <<_ACEOF
+#define SUPERUSER_PATH "$withval"
+_ACEOF
+
+ superuser_path=$withval
+ fi
+
+
+fi
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if we need to convert IPv4 in IPv6-mapped addresses" >&5
+$as_echo_n "checking if we need to convert IPv4 in IPv6-mapped addresses... " >&6; }
+IPV4_IN6_HACK_MSG="no"
+
+# Check whether --with-4in6 was given.
+if test "${with_4in6+set}" = set; then :
+ withval=$with_4in6;
+ if test "x$withval" != "xno" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define IPV4_IN_IPV6 1" >>confdefs.h
+
+ IPV4_IN6_HACK_MSG="yes"
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+
+else
+
+ if test "x$inet6_default_4in6" = "xyes"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes (default)" >&5
+$as_echo "yes (default)" >&6; }
+ $as_echo "#define IPV4_IN_IPV6 1" >>confdefs.h
+
+ IPV4_IN6_HACK_MSG="yes"
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no (default)" >&5
+$as_echo "no (default)" >&6; }
+ fi
+
+
+fi
+
+
+# Whether to enable BSD auth support
+BSD_AUTH_MSG=no
+
+# Check whether --with-bsd-auth was given.
+if test "${with_bsd_auth+set}" = set; then :
+ withval=$with_bsd_auth;
+ if test "x$withval" != "xno" ; then
+
+$as_echo "#define BSD_AUTH 1" >>confdefs.h
+
+ BSD_AUTH_MSG=yes
+ fi
+
+
+fi
+
+
+# Where to place sshd.pid
+piddir=/var/run
+# make sure the directory exists
+if test ! -d $piddir ; then
+ piddir=`eval echo ${sysconfdir}`
+ case $piddir in
+ NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
+ esac
+fi
+
+
+# Check whether --with-pid-dir was given.
+if test "${with_pid_dir+set}" = set; then :
+ withval=$with_pid_dir;
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
+ piddir=$withval
+ if test ! -d $piddir ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: ** no $piddir directory on this system **" >&5
+$as_echo "$as_me: WARNING: ** no $piddir directory on this system **" >&2;}
+ fi
+ fi
+
+
+fi
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define _PATH_SSH_PIDDIR "$piddir"
+_ACEOF
+
+
+
+# Check whether --enable-lastlog was given.
+if test "${enable_lastlog+set}" = set; then :
+ enableval=$enable_lastlog;
+ if test "x$enableval" = "xno" ; then
+ $as_echo "#define DISABLE_LASTLOG 1" >>confdefs.h
+
+ fi
+
+
+fi
+
+# Check whether --enable-utmp was given.
+if test "${enable_utmp+set}" = set; then :
+ enableval=$enable_utmp;
+ if test "x$enableval" = "xno" ; then
+ $as_echo "#define DISABLE_UTMP 1" >>confdefs.h
+
+ fi
+
+
+fi
+
+# Check whether --enable-utmpx was given.
+if test "${enable_utmpx+set}" = set; then :
+ enableval=$enable_utmpx;
+ if test "x$enableval" = "xno" ; then
+
+$as_echo "#define DISABLE_UTMPX 1" >>confdefs.h
+
+ fi
+
+
+fi
+
+# Check whether --enable-wtmp was given.
+if test "${enable_wtmp+set}" = set; then :
+ enableval=$enable_wtmp;
+ if test "x$enableval" = "xno" ; then
+ $as_echo "#define DISABLE_WTMP 1" >>confdefs.h
+
+ fi
+
+
+fi
+
+# Check whether --enable-wtmpx was given.
+if test "${enable_wtmpx+set}" = set; then :
+ enableval=$enable_wtmpx;
+ if test "x$enableval" = "xno" ; then
+
+$as_echo "#define DISABLE_WTMPX 1" >>confdefs.h
+
+ fi
+
+
+fi
+
+# Check whether --enable-libutil was given.
+if test "${enable_libutil+set}" = set; then :
+ enableval=$enable_libutil;
+ if test "x$enableval" = "xno" ; then
+ $as_echo "#define DISABLE_LOGIN 1" >>confdefs.h
+
+ fi
+
+
+fi
+
+# Check whether --enable-pututline was given.
+if test "${enable_pututline+set}" = set; then :
+ enableval=$enable_pututline;
+ if test "x$enableval" = "xno" ; then
+
+$as_echo "#define DISABLE_PUTUTLINE 1" >>confdefs.h
+
+ fi
+
+
+fi
+
+# Check whether --enable-pututxline was given.
+if test "${enable_pututxline+set}" = set; then :
+ enableval=$enable_pututxline;
+ if test "x$enableval" = "xno" ; then
+
+$as_echo "#define DISABLE_PUTUTXLINE 1" >>confdefs.h
+
+ fi
+
+
+fi
+
+
+# Check whether --with-lastlog was given.
+if test "${with_lastlog+set}" = set; then :
+ withval=$with_lastlog;
+ if test "x$withval" = "xno" ; then
+ $as_echo "#define DISABLE_LASTLOG 1" >>confdefs.h
+
+ elif test -n "$withval" && test "x${withval}" != "xyes"; then
+ conf_lastlog_location=$withval
+ fi
+
+
+fi
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if your system defines LASTLOG_FILE" >&5
+$as_echo_n "checking if your system defines LASTLOG_FILE... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <utmp.h>
+#ifdef HAVE_LASTLOG_H
+# include <lastlog.h>
+#endif
+#ifdef HAVE_PATHS_H
+# include <paths.h>
+#endif
+#ifdef HAVE_LOGIN_H
+# include <login.h>
+#endif
+
+int
+main ()
+{
+ char *lastlog = LASTLOG_FILE;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if your system defines _PATH_LASTLOG" >&5
+$as_echo_n "checking if your system defines _PATH_LASTLOG... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <utmp.h>
+#ifdef HAVE_LASTLOG_H
+# include <lastlog.h>
+#endif
+#ifdef HAVE_PATHS_H
+# include <paths.h>
+#endif
+
+int
+main ()
+{
+ char *lastlog = _PATH_LASTLOG;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ system_lastlog_path=no
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+if test -z "$conf_lastlog_location"; then
+ if test x"$system_lastlog_path" = x"no" ; then
+ for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
+ if (test -d "$f" || test -f "$f") ; then
+ conf_lastlog_location=$f
+ fi
+ done
+ if test -z "$conf_lastlog_location"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: ** Cannot find lastlog **" >&5
+$as_echo "$as_me: WARNING: ** Cannot find lastlog **" >&2;}
+ fi
+ fi
+fi
+
+if test -n "$conf_lastlog_location"; then
+
+cat >>confdefs.h <<_ACEOF
+#define CONF_LASTLOG_FILE "$conf_lastlog_location"
+_ACEOF
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if your system defines UTMP_FILE" >&5
+$as_echo_n "checking if your system defines UTMP_FILE... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <utmp.h>
+#ifdef HAVE_PATHS_H
+# include <paths.h>
+#endif
+
+int
+main ()
+{
+ char *utmp = UTMP_FILE;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ system_utmp_path=no
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+if test -z "$conf_utmp_location"; then
+ if test x"$system_utmp_path" = x"no" ; then
+ for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
+ if test -f $f ; then
+ conf_utmp_location=$f
+ fi
+ done
+ if test -z "$conf_utmp_location"; then
+ $as_echo "#define DISABLE_UTMP 1" >>confdefs.h
+
+ fi
+ fi
+fi
+if test -n "$conf_utmp_location"; then
+
+cat >>confdefs.h <<_ACEOF
+#define CONF_UTMP_FILE "$conf_utmp_location"
+_ACEOF
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if your system defines WTMP_FILE" >&5
+$as_echo_n "checking if your system defines WTMP_FILE... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <utmp.h>
+#ifdef HAVE_PATHS_H
+# include <paths.h>
+#endif
+
+int
+main ()
+{
+ char *wtmp = WTMP_FILE;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ system_wtmp_path=no
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+if test -z "$conf_wtmp_location"; then
+ if test x"$system_wtmp_path" = x"no" ; then
+ for f in /usr/adm/wtmp /var/log/wtmp; do
+ if test -f $f ; then
+ conf_wtmp_location=$f
+ fi
+ done
+ if test -z "$conf_wtmp_location"; then
+ $as_echo "#define DISABLE_WTMP 1" >>confdefs.h
+
+ fi
+ fi
+fi
+if test -n "$conf_wtmp_location"; then
+
+cat >>confdefs.h <<_ACEOF
+#define CONF_WTMP_FILE "$conf_wtmp_location"
+_ACEOF
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if your system defines WTMPX_FILE" >&5
+$as_echo_n "checking if your system defines WTMPX_FILE... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <utmp.h>
+#ifdef HAVE_UTMPX_H
+#include <utmpx.h>
+#endif
+#ifdef HAVE_PATHS_H
+# include <paths.h>
+#endif
+
+int
+main ()
+{
+ char *wtmpx = WTMPX_FILE;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ system_wtmpx_path=no
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+if test -z "$conf_wtmpx_location"; then
+ if test x"$system_wtmpx_path" = x"no" ; then
+ $as_echo "#define DISABLE_WTMPX 1" >>confdefs.h
+
+ fi
+else
+
+cat >>confdefs.h <<_ACEOF
+#define CONF_WTMPX_FILE "$conf_wtmpx_location"
+_ACEOF
+
+fi
+
+
+if test ! -z "$blibpath" ; then
+ LDFLAGS="$LDFLAGS $blibflags$blibpath"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Please check and edit blibpath in LDFLAGS in Makefile" >&5
+$as_echo "$as_me: WARNING: Please check and edit blibpath in LDFLAGS in Makefile" >&2;}
+fi
+
+ac_fn_c_check_member "$LINENO" "struct lastlog" "ll_line" "ac_cv_member_struct_lastlog_ll_line" "
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_UTMP_H
+#include <utmp.h>
+#endif
+#ifdef HAVE_UTMPX_H
+#include <utmpx.h>
+#endif
+#ifdef HAVE_LASTLOG_H
+#include <lastlog.h>
+#endif
+
+"
+if test "x$ac_cv_member_struct_lastlog_ll_line" = xyes; then :
+
+else
+
+ if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then
+ $as_echo "#define DISABLE_LASTLOG 1" >>confdefs.h
+
+ fi
+
+fi
+
+
+ac_fn_c_check_member "$LINENO" "struct utmp" "ut_line" "ac_cv_member_struct_utmp_ut_line" "
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_UTMP_H
+#include <utmp.h>
+#endif
+#ifdef HAVE_UTMPX_H
+#include <utmpx.h>
+#endif
+#ifdef HAVE_LASTLOG_H
+#include <lastlog.h>
+#endif
+
+"
+if test "x$ac_cv_member_struct_utmp_ut_line" = xyes; then :
+
+else
+
+ $as_echo "#define DISABLE_UTMP 1" >>confdefs.h
+
+ $as_echo "#define DISABLE_WTMP 1" >>confdefs.h
+
+
+fi
+
+
+CFLAGS="$CFLAGS $werror_flags"
+
+if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
+ TEST_SSH_IPV6=no
+else
+ TEST_SSH_IPV6=yes
+fi
+ac_fn_c_check_decl "$LINENO" "BROKEN_GETADDRINFO" "ac_cv_have_decl_BROKEN_GETADDRINFO" "$ac_includes_default"
+if test "x$ac_cv_have_decl_BROKEN_GETADDRINFO" = xyes; then :
+ TEST_SSH_IPV6=no
+fi
+
+TEST_SSH_IPV6=$TEST_SSH_IPV6
+
+UNSUPPORTED_ALGORITHMS=$unsupported_algorithms
+
+
+
+ac_config_files="$ac_config_files Makefile buildpkg.sh opensshd.init openssh.xml openbsd-compat/Makefile openbsd-compat/regress/Makefile survey.sh"
+
+cat >confcache <<\_ACEOF
+# This file is a shell script that caches the results of configure
+# tests run on this system so they can be shared between configure
+# scripts and configure runs, see configure's option --config-cache.
+# It is not useful on other systems. If it contains results you don't
+# want to keep, you may remove or edit it.
+#
+# config.status only pays attention to the cache file if you give it
+# the --recheck option to rerun configure.
+#
+# `ac_cv_env_foo' variables (set or unset) will be overridden when
+# loading this file, other *unset* `ac_cv_foo' will be assigned the
+# following values.
+
+_ACEOF
+
+# The following way of writing the cache mishandles newlines in values,
+# but we know of no workaround that is simple, portable, and efficient.
+# So, we kill variables containing newlines.
+# Ultrix sh set writes to stderr and can't be redirected directly,
+# and sets the high bit in the cache file unless we assign to the vars.
+(
+ for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do
+ eval ac_val=\$$ac_var
+ case $ac_val in #(
+ *${as_nl}*)
+ case $ac_var in #(
+ *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+ esac
+ case $ac_var in #(
+ _ | IFS | as_nl) ;; #(
+ BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+ *) { eval $ac_var=; unset $ac_var;} ;;
+ esac ;;
+ esac
+ done
+
+ (set) 2>&1 |
+ case $as_nl`(ac_space=' '; set) 2>&1` in #(
+ *${as_nl}ac_space=\ *)
+ # `set' does not quote correctly, so add quotes: double-quote
+ # substitution turns \\\\ into \\, and sed turns \\ into \.
+ sed -n \
+ "s/'/'\\\\''/g;
+ s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
+ ;; #(
+ *)
+ # `set' quotes correctly as required by POSIX, so do not add quotes.
+ sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+ ;;
+ esac |
+ sort
+) |
+ sed '
+ /^ac_cv_env_/b end
+ t clear
+ :clear
+ s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
+ t end
+ s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
+ :end' >>confcache
+if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
+ if test -w "$cache_file"; then
+ if test "x$cache_file" != "x/dev/null"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5
+$as_echo "$as_me: updating cache $cache_file" >&6;}
+ if test ! -f "$cache_file" || test -h "$cache_file"; then
+ cat confcache >"$cache_file"
+ else
+ case $cache_file in #(
+ */* | ?:*)
+ mv -f confcache "$cache_file"$$ &&
+ mv -f "$cache_file"$$ "$cache_file" ;; #(
+ *)
+ mv -f confcache "$cache_file" ;;
+ esac
+ fi
+ fi
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5
+$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;}
+ fi
+fi
+rm -f confcache
+
+test "x$prefix" = xNONE && prefix=$ac_default_prefix
+# Let make expand exec_prefix.
+test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
+
+DEFS=-DHAVE_CONFIG_H
+
+ac_libobjs=
+ac_ltlibobjs=
+U=
+for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
+ # 1. Remove the extension, and $U if already installed.
+ ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
+ ac_i=`$as_echo "$ac_i" | sed "$ac_script"`
+ # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR
+ # will be set to the directory where LIBOBJS objects are built.
+ as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext"
+ as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo'
+done
+LIBOBJS=$ac_libobjs
+
+LTLIBOBJS=$ac_ltlibobjs
+
+
+
+
+: "${CONFIG_STATUS=./config.status}"
+ac_write_fail=0
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files $CONFIG_STATUS"
+{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5
+$as_echo "$as_me: creating $CONFIG_STATUS" >&6;}
+as_write_fail=0
+cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1
+#! $SHELL
+# Generated by $as_me.
+# Run this file to recreate the current configuration.
+# Compiler output produced by configure, useful for debugging
+# configure, is in config.log if it exists.
+
+debug=false
+ac_cs_recheck=false
+ac_cs_silent=false
+
+SHELL=\${CONFIG_SHELL-$SHELL}
+export SHELL
+_ASEOF
+cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1
+## -------------------- ##
+## M4sh Initialization. ##
+## -------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
+ emulate sh
+ NULLCMD=:
+ # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '${1+"$@"}'='"$@"'
+ setopt NO_GLOB_SUBST
+else
+ case `(set -o) 2>/dev/null` in #(
+ *posix*) :
+ set -o posix ;; #(
+ *) :
+ ;;
+esac
+fi
+
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+# Prefer a ksh shell builtin over an external printf program on Solaris,
+# but without wasting forks for bash or zsh.
+if test -z "$BASH_VERSION$ZSH_VERSION" \
+ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
+ as_echo='print -r --'
+ as_echo_n='print -rn --'
+elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+ as_echo='printf %s\n'
+ as_echo_n='printf %s'
+else
+ if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+ as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+ as_echo_n='/usr/ucb/echo -n'
+ else
+ as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+ as_echo_n_body='eval
+ arg=$1;
+ case $arg in #(
+ *"$as_nl"*)
+ expr "X$arg" : "X\\(.*\\)$as_nl";
+ arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+ esac;
+ expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+ '
+ export as_echo_n_body
+ as_echo_n='sh -c $as_echo_n_body as_echo'
+ fi
+ export as_echo_body
+ as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+ PATH_SEPARATOR=:
+ (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+ (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+ PATH_SEPARATOR=';'
+ }
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order. Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" "" $as_nl"
+
+# Find who we are. Look in the path if we contain no directory separator.
+as_myself=
+case $0 in #((
+ *[\\/]* ) as_myself=$0 ;;
+ *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+ as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+ $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+ exit 1
+fi
+
+# Unset variables that we do not need and which cause bugs (e.g. in
+# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
+# suppresses any "Segmentation fault" message there. '((' could
+# trigger a bug in pdksh 5.2.14.
+for as_var in BASH_ENV ENV MAIL MAILPATH
+do eval test x\${$as_var+set} = xset \
+ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# CDPATH.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+
+# as_fn_error STATUS ERROR [LINENO LOG_FD]
+# ----------------------------------------
+# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
+# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
+# script with STATUS, using 1 if that was 0.
+as_fn_error ()
+{
+ as_status=$1; test $as_status -eq 0 && as_status=1
+ if test "$4"; then
+ as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
+ fi
+ $as_echo "$as_me: error: $2" >&2
+ as_fn_exit $as_status
+} # as_fn_error
+
+
+# as_fn_set_status STATUS
+# -----------------------
+# Set $? to STATUS, without forking.
+as_fn_set_status ()
+{
+ return $1
+} # as_fn_set_status
+
+# as_fn_exit STATUS
+# -----------------
+# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
+as_fn_exit ()
+{
+ set +e
+ as_fn_set_status $1
+ exit $1
+} # as_fn_exit
+
+# as_fn_unset VAR
+# ---------------
+# Portably unset VAR.
+as_fn_unset ()
+{
+ { eval $1=; unset $1;}
+}
+as_unset=as_fn_unset
+# as_fn_append VAR VALUE
+# ----------------------
+# Append the text in VALUE to the end of the definition contained in VAR. Take
+# advantage of any shell optimizations that allow amortized linear growth over
+# repeated appends, instead of the typical quadratic growth present in naive
+# implementations.
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
+ eval 'as_fn_append ()
+ {
+ eval $1+=\$2
+ }'
+else
+ as_fn_append ()
+ {
+ eval $1=\$$1\$2
+ }
+fi # as_fn_append
+
+# as_fn_arith ARG...
+# ------------------
+# Perform arithmetic evaluation on the ARGs, and store the result in the
+# global $as_val. Take advantage of shells that can avoid forks. The arguments
+# must be portable across $(()) and expr.
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
+ eval 'as_fn_arith ()
+ {
+ as_val=$(( $* ))
+ }'
+else
+ as_fn_arith ()
+ {
+ as_val=`expr "$@" || test $? -eq 1`
+ }
+fi # as_fn_arith
+
+
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+ test "X`expr 00001 : '.*\(...\)'`" = X001; then
+ as_expr=expr
+else
+ as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+ as_basename=basename
+else
+ as_basename=false
+fi
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+ as_dirname=dirname
+else
+ as_dirname=false
+fi
+
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+ X"$0" : 'X\(//\)$' \| \
+ X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+ sed '/^.*\/\([^/][^/]*\)\/*$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in #(((((
+-n*)
+ case `echo 'xy\c'` in
+ *c*) ECHO_T=' ';; # ECHO_T is single tab character.
+ xy) ECHO_C='\c';;
+ *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
+ ECHO_T=' ';;
+ esac;;
+*)
+ ECHO_N='-n';;
+esac
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+ rm -f conf$$.dir/conf$$.file
+else
+ rm -f conf$$.dir
+ mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+ if ln -s conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s='ln -s'
+ # ... but there are two gotchas:
+ # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+ # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+ # In both cases, we have to default to `cp -p'.
+ ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+ as_ln_s='cp -p'
+ elif ln conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s=ln
+ else
+ as_ln_s='cp -p'
+ fi
+else
+ as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+
+# as_fn_mkdir_p
+# -------------
+# Create "$as_dir" as a directory, including parents if necessary.
+as_fn_mkdir_p ()
+{
+
+ case $as_dir in #(
+ -*) as_dir=./$as_dir;;
+ esac
+ test -d "$as_dir" || eval $as_mkdir_p || {
+ as_dirs=
+ while :; do
+ case $as_dir in #(
+ *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+ *) as_qdir=$as_dir;;
+ esac
+ as_dirs="'$as_qdir' $as_dirs"
+ as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$as_dir" : 'X\(//\)[^/]' \| \
+ X"$as_dir" : 'X\(//\)$' \| \
+ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ test -d "$as_dir" && break
+ done
+ test -z "$as_dirs" || eval "mkdir $as_dirs"
+ } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
+
+
+} # as_fn_mkdir_p
+if mkdir -p . 2>/dev/null; then
+ as_mkdir_p='mkdir -p "$as_dir"'
+else
+ test -d ./-p && rmdir ./-p
+ as_mkdir_p=false
+fi
+
+if test -x / >/dev/null 2>&1; then
+ as_test_x='test -x'
+else
+ if ls -dL / >/dev/null 2>&1; then
+ as_ls_L_option=L
+ else
+ as_ls_L_option=
+ fi
+ as_test_x='
+ eval sh -c '\''
+ if test -d "$1"; then
+ test -d "$1/.";
+ else
+ case $1 in #(
+ -*)set "./$1";;
+ esac;
+ case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #((
+ ???[sx]*):;;*)false;;esac;fi
+ '\'' sh
+ '
+fi
+as_executable_p=$as_test_x
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+exec 6>&1
+## ----------------------------------- ##
+## Main body of $CONFIG_STATUS script. ##
+## ----------------------------------- ##
+_ASEOF
+test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# Save the log message, to keep $0 and so on meaningful, and to
+# report actual input values of CONFIG_FILES etc. instead of their
+# values after options handling.
+ac_log="
+This file was extended by OpenSSH $as_me Portable, which was
+generated by GNU Autoconf 2.68. Invocation command line was
+
+ CONFIG_FILES = $CONFIG_FILES
+ CONFIG_HEADERS = $CONFIG_HEADERS
+ CONFIG_LINKS = $CONFIG_LINKS
+ CONFIG_COMMANDS = $CONFIG_COMMANDS
+ $ $0 $@
+
+on `(hostname || uname -n) 2>/dev/null | sed 1q`
+"
+
+_ACEOF
+
+case $ac_config_files in *"
+"*) set x $ac_config_files; shift; ac_config_files=$*;;
+esac
+
+case $ac_config_headers in *"
+"*) set x $ac_config_headers; shift; ac_config_headers=$*;;
+esac
+
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+# Files that config.status was made for.
+config_files="$ac_config_files"
+config_headers="$ac_config_headers"
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+ac_cs_usage="\
+\`$as_me' instantiates files and other configuration actions
+from templates according to the current configuration. Unless the files
+and actions are specified as TAGs, all are instantiated by default.
+
+Usage: $0 [OPTION]... [TAG]...
+
+ -h, --help print this help, then exit
+ -V, --version print version number and configuration settings, then exit
+ --config print configuration, then exit
+ -q, --quiet, --silent
+ do not print progress messages
+ -d, --debug don't remove temporary files
+ --recheck update $as_me by reconfiguring in the same conditions
+ --file=FILE[:TEMPLATE]
+ instantiate the configuration file FILE
+ --header=FILE[:TEMPLATE]
+ instantiate the configuration header FILE
+
+Configuration files:
+$config_files
+
+Configuration headers:
+$config_headers
+
+Report bugs to <openssh-unix-dev at mindrot.org>."
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
+ac_cs_version="\\
+OpenSSH config.status Portable
+configured by $0, generated by GNU Autoconf 2.68,
+ with options \\"\$ac_cs_config\\"
+
+Copyright (C) 2010 Free Software Foundation, Inc.
+This config.status script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it."
+
+ac_pwd='$ac_pwd'
+srcdir='$srcdir'
+INSTALL='$INSTALL'
+AWK='$AWK'
+test -n "\$AWK" || AWK=awk
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# The default lists apply if the user does not specify any file.
+ac_need_defaults=:
+while test $# != 0
+do
+ case $1 in
+ --*=?*)
+ ac_option=`expr "X$1" : 'X\([^=]*\)='`
+ ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
+ ac_shift=:
+ ;;
+ --*=)
+ ac_option=`expr "X$1" : 'X\([^=]*\)='`
+ ac_optarg=
+ ac_shift=:
+ ;;
+ *)
+ ac_option=$1
+ ac_optarg=$2
+ ac_shift=shift
+ ;;
+ esac
+
+ case $ac_option in
+ # Handling of the options.
+ -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
+ ac_cs_recheck=: ;;
+ --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
+ $as_echo "$ac_cs_version"; exit ;;
+ --config | --confi | --conf | --con | --co | --c )
+ $as_echo "$ac_cs_config"; exit ;;
+ --debug | --debu | --deb | --de | --d | -d )
+ debug=: ;;
+ --file | --fil | --fi | --f )
+ $ac_shift
+ case $ac_optarg in
+ *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ '') as_fn_error $? "missing file argument" ;;
+ esac
+ as_fn_append CONFIG_FILES " '$ac_optarg'"
+ ac_need_defaults=false;;
+ --header | --heade | --head | --hea )
+ $ac_shift
+ case $ac_optarg in
+ *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ esac
+ as_fn_append CONFIG_HEADERS " '$ac_optarg'"
+ ac_need_defaults=false;;
+ --he | --h)
+ # Conflict between --help and --header
+ as_fn_error $? "ambiguous option: \`$1'
+Try \`$0 --help' for more information.";;
+ --help | --hel | -h )
+ $as_echo "$ac_cs_usage"; exit ;;
+ -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+ | -silent | --silent | --silen | --sile | --sil | --si | --s)
+ ac_cs_silent=: ;;
+
+ # This is an error.
+ -*) as_fn_error $? "unrecognized option: \`$1'
+Try \`$0 --help' for more information." ;;
+
+ *) as_fn_append ac_config_targets " $1"
+ ac_need_defaults=false ;;
+
+ esac
+ shift
+done
+
+ac_configure_extra_args=
+
+if $ac_cs_silent; then
+ exec 6>/dev/null
+ ac_configure_extra_args="$ac_configure_extra_args --silent"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+if \$ac_cs_recheck; then
+ set X '$SHELL' '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
+ shift
+ \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6
+ CONFIG_SHELL='$SHELL'
+ export CONFIG_SHELL
+ exec "\$@"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+exec 5>>config.log
+{
+ echo
+ sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
+## Running $as_me. ##
+_ASBOX
+ $as_echo "$ac_log"
+} >&5
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+
+# Handling of arguments.
+for ac_config_target in $ac_config_targets
+do
+ case $ac_config_target in
+ "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
+ "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
+ "buildpkg.sh") CONFIG_FILES="$CONFIG_FILES buildpkg.sh" ;;
+ "opensshd.init") CONFIG_FILES="$CONFIG_FILES opensshd.init" ;;
+ "openssh.xml") CONFIG_FILES="$CONFIG_FILES openssh.xml" ;;
+ "openbsd-compat/Makefile") CONFIG_FILES="$CONFIG_FILES openbsd-compat/Makefile" ;;
+ "openbsd-compat/regress/Makefile") CONFIG_FILES="$CONFIG_FILES openbsd-compat/regress/Makefile" ;;
+ "survey.sh") CONFIG_FILES="$CONFIG_FILES survey.sh" ;;
+
+ *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
+ esac
+done
+
+
+# If the user did not use the arguments to specify the items to instantiate,
+# then the envvar interface is used. Set only those that are not.
+# We use the long form for the default assignment because of an extremely
+# bizarre bug on SunOS 4.1.3.
+if $ac_need_defaults; then
+ test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
+ test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
+fi
+
+# Have a temporary directory for convenience. Make it in the build tree
+# simply because there is no reason against having it here, and in addition,
+# creating and moving files from /tmp can sometimes cause problems.
+# Hook for its removal unless debugging.
+# Note that there is a small window in which the directory will not be cleaned:
+# after its creation but before its name has been assigned to `$tmp'.
+$debug ||
+{
+ tmp= ac_tmp=
+ trap 'exit_status=$?
+ : "${ac_tmp:=$tmp}"
+ { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status
+' 0
+ trap 'as_fn_exit 1' 1 2 13 15
+}
+# Create a (secure) tmp directory for tmp files.
+
+{
+ tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
+ test -d "$tmp"
+} ||
+{
+ tmp=./conf$$-$RANDOM
+ (umask 077 && mkdir "$tmp")
+} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5
+ac_tmp=$tmp
+
+# Set up the scripts for CONFIG_FILES section.
+# No need to generate them if there are no CONFIG_FILES.
+# This happens for instance with `./config.status config.h'.
+if test -n "$CONFIG_FILES"; then
+
+
+ac_cr=`echo X | tr X '\015'`
+# On cygwin, bash can eat \r inside `` if the user requested igncr.
+# But we know of no other shell where ac_cr would be empty at this
+# point, so we can use a bashism as a fallback.
+if test "x$ac_cr" = x; then
+ eval ac_cr=\$\'\\r\'
+fi
+ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
+if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
+ ac_cs_awk_cr='\\r'
+else
+ ac_cs_awk_cr=$ac_cr
+fi
+
+echo 'BEGIN {' >"$ac_tmp/subs1.awk" &&
+_ACEOF
+
+
+{
+ echo "cat >conf$$subs.awk <<_ACEOF" &&
+ echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' &&
+ echo "_ACEOF"
+} >conf$$subs.sh ||
+ as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'`
+ac_delim='%!_!# '
+for ac_last_try in false false false false false :; do
+ . ./conf$$subs.sh ||
+ as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+
+ ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X`
+ if test $ac_delim_n = $ac_delim_num; then
+ break
+ elif $ac_last_try; then
+ as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+ else
+ ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+ fi
+done
+rm -f conf$$subs.sh
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK &&
+_ACEOF
+sed -n '
+h
+s/^/S["/; s/!.*/"]=/
+p
+g
+s/^[^!]*!//
+:repl
+t repl
+s/'"$ac_delim"'$//
+t delim
+:nl
+h
+s/\(.\{148\}\)..*/\1/
+t more1
+s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/
+p
+n
+b repl
+:more1
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t nl
+:delim
+h
+s/\(.\{148\}\)..*/\1/
+t more2
+s/["\\]/\\&/g; s/^/"/; s/$/"/
+p
+b
+:more2
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t delim
+' <conf$$subs.awk | sed '
+/^[^""]/{
+ N
+ s/\n//
+}
+' >>$CONFIG_STATUS || ac_write_fail=1
+rm -f conf$$subs.awk
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+_ACAWK
+cat >>"\$ac_tmp/subs1.awk" <<_ACAWK &&
+ for (key in S) S_is_set[key] = 1
+ FS = "�"
+
+}
+{
+ line = $ 0
+ nfields = split(line, field, "@")
+ substed = 0
+ len = length(field[1])
+ for (i = 2; i < nfields; i++) {
+ key = field[i]
+ keylen = length(key)
+ if (S_is_set[key]) {
+ value = S[key]
+ line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
+ len += length(value) + length(field[++i])
+ substed = 1
+ } else
+ len += 1 + keylen
+ }
+
+ print line
+}
+
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
+ sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
+else
+ cat
+fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \
+ || as_fn_error $? "could not setup config files machinery" "$LINENO" 5
+_ACEOF
+
+# VPATH may cause trouble with some makes, so we remove sole $(srcdir),
+# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and
+# trailing colons and then remove the whole line if VPATH becomes empty
+# (actually we leave an empty line to preserve line numbers).
+if test "x$srcdir" = x.; then
+ ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{
+h
+s///
+s/^/:/
+s/[ ]*$/:/
+s/:\$(srcdir):/:/g
+s/:\${srcdir}:/:/g
+s/:@srcdir@:/:/g
+s/^:*//
+s/:*$//
+x
+s/\(=[ ]*\).*/\1/
+G
+s/\n//
+s/^[^=]*=[ ]*$//
+}'
+fi
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+fi # test -n "$CONFIG_FILES"
+
+# Set up the scripts for CONFIG_HEADERS section.
+# No need to generate them if there are no CONFIG_HEADERS.
+# This happens for instance with `./config.status Makefile'.
+if test -n "$CONFIG_HEADERS"; then
+cat >"$ac_tmp/defines.awk" <<\_ACAWK ||
+BEGIN {
+_ACEOF
+
+# Transform confdefs.h into an awk script `defines.awk', embedded as
+# here-document in config.status, that substitutes the proper values into
+# config.h.in to produce config.h.
+
+# Create a delimiter string that does not exist in confdefs.h, to ease
+# handling of long lines.
+ac_delim='%!_!# '
+for ac_last_try in false false :; do
+ ac_tt=`sed -n "/$ac_delim/p" confdefs.h`
+ if test -z "$ac_tt"; then
+ break
+ elif $ac_last_try; then
+ as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5
+ else
+ ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+ fi
+done
+
+# For the awk script, D is an array of macro values keyed by name,
+# likewise P contains macro parameters if any. Preserve backslash
+# newline sequences.
+
+ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]*
+sed -n '
+s/.\{148\}/&'"$ac_delim"'/g
+t rset
+:rset
+s/^[ ]*#[ ]*define[ ][ ]*/ /
+t def
+d
+:def
+s/\\$//
+t bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3"/p
+s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p
+d
+:bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3\\\\\\n"\\/p
+t cont
+s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p
+t cont
+d
+:cont
+n
+s/.\{148\}/&'"$ac_delim"'/g
+t clear
+:clear
+s/\\$//
+t bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/"/p
+d
+:bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p
+b cont
+' <confdefs.h | sed '
+s/'"$ac_delim"'/"\\\
+"/g' >>$CONFIG_STATUS || ac_write_fail=1
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ for (key in D) D_is_set[key] = 1
+ FS = "�"
+}
+/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ {
+ line = \$ 0
+ split(line, arg, " ")
+ if (arg[1] == "#") {
+ defundef = arg[2]
+ mac1 = arg[3]
+ } else {
+ defundef = substr(arg[1], 2)
+ mac1 = arg[2]
+ }
+ split(mac1, mac2, "(") #)
+ macro = mac2[1]
+ prefix = substr(line, 1, index(line, defundef) - 1)
+ if (D_is_set[macro]) {
+ # Preserve the white space surrounding the "#".
+ print prefix "define", macro P[macro] D[macro]
+ next
+ } else {
+ # Replace #undef with comments. This is necessary, for example,
+ # in the case of _POSIX_SOURCE, which is predefined and required
+ # on some systems where configure will not decide to define it.
+ if (defundef == "undef") {
+ print "/*", prefix defundef, macro, "*/"
+ next
+ }
+ }
+}
+{ print }
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+ as_fn_error $? "could not setup config headers machinery" "$LINENO" 5
+fi # test -n "$CONFIG_HEADERS"
+
+
+eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS "
+shift
+for ac_tag
+do
+ case $ac_tag in
+ :[FHLC]) ac_mode=$ac_tag; continue;;
+ esac
+ case $ac_mode$ac_tag in
+ :[FHL]*:*);;
+ :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;;
+ :[FH]-) ac_tag=-:-;;
+ :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
+ esac
+ ac_save_IFS=$IFS
+ IFS=:
+ set x $ac_tag
+ IFS=$ac_save_IFS
+ shift
+ ac_file=$1
+ shift
+
+ case $ac_mode in
+ :L) ac_source=$1;;
+ :[FH])
+ ac_file_inputs=
+ for ac_f
+ do
+ case $ac_f in
+ -) ac_f="$ac_tmp/stdin";;
+ *) # Look for the file first in the build tree, then in the source tree
+ # (if the path is not absolute). The absolute path cannot be DOS-style,
+ # because $ac_f cannot contain `:'.
+ test -f "$ac_f" ||
+ case $ac_f in
+ [\\/$]*) false;;
+ *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
+ esac ||
+ as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;;
+ esac
+ case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
+ as_fn_append ac_file_inputs " '$ac_f'"
+ done
+
+ # Let's still pretend it is `configure' which instantiates (i.e., don't
+ # use $as_me), people would be surprised to read:
+ # /* config.h. Generated by config.status. */
+ configure_input='Generated from '`
+ $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
+ `' by configure.'
+ if test x"$ac_file" != x-; then
+ configure_input="$ac_file. $configure_input"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5
+$as_echo "$as_me: creating $ac_file" >&6;}
+ fi
+ # Neutralize special characters interpreted by sed in replacement strings.
+ case $configure_input in #(
+ *\&* | *\|* | *\\* )
+ ac_sed_conf_input=`$as_echo "$configure_input" |
+ sed 's/[\\\\&|]/\\\\&/g'`;; #(
+ *) ac_sed_conf_input=$configure_input;;
+ esac
+
+ case $ac_tag in
+ *:-:* | *:-) cat >"$ac_tmp/stdin" \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;;
+ esac
+ ;;
+ esac
+
+ ac_dir=`$as_dirname -- "$ac_file" ||
+$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$ac_file" : 'X\(//\)[^/]' \| \
+ X"$ac_file" : 'X\(//\)$' \| \
+ X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$ac_file" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ as_dir="$ac_dir"; as_fn_mkdir_p
+ ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+ ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+ # A ".." for each directory in $ac_dir_suffix.
+ ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+ case $ac_top_builddir_sub in
+ "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+ *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+ esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+ .) # We are building in place.
+ ac_srcdir=.
+ ac_top_srcdir=$ac_top_builddir_sub
+ ac_abs_top_srcdir=$ac_pwd ;;
+ [\\/]* | ?:[\\/]* ) # Absolute name.
+ ac_srcdir=$srcdir$ac_dir_suffix;
+ ac_top_srcdir=$srcdir
+ ac_abs_top_srcdir=$srcdir ;;
+ *) # Relative name.
+ ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+ ac_top_srcdir=$ac_top_build_prefix$srcdir
+ ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+
+ case $ac_mode in
+ :F)
+ #
+ # CONFIG_FILE
+ #
+
+ case $INSTALL in
+ [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
+ *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;;
+ esac
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# If the template does not know about datarootdir, expand it.
+# FIXME: This hack should be removed a few years after 2.60.
+ac_datarootdir_hack=; ac_datarootdir_seen=
+ac_sed_dataroot='
+/datarootdir/ {
+ p
+ q
+}
+/@datadir@/p
+/@docdir@/p
+/@infodir@/p
+/@localedir@/p
+/@mandir@/p'
+case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
+*datarootdir*) ac_datarootdir_seen=yes;;
+*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
+$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ ac_datarootdir_hack='
+ s&@datadir@&$datadir&g
+ s&@docdir@&$docdir&g
+ s&@infodir@&$infodir&g
+ s&@localedir@&$localedir&g
+ s&@mandir@&$mandir&g
+ s&\\\${datarootdir}&$datarootdir&g' ;;
+esac
+_ACEOF
+
+# Neutralize VPATH when `$srcdir' = `.'.
+# Shell code in configure.ac might set extrasub.
+# FIXME: do we really want to maintain this feature?
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_sed_extra="$ac_vpsub
+$extrasub
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+:t
+/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
+s|@configure_input@|$ac_sed_conf_input|;t t
+s&@top_builddir@&$ac_top_builddir_sub&;t t
+s&@top_build_prefix@&$ac_top_build_prefix&;t t
+s&@srcdir@&$ac_srcdir&;t t
+s&@abs_srcdir@&$ac_abs_srcdir&;t t
+s&@top_srcdir@&$ac_top_srcdir&;t t
+s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
+s&@builddir@&$ac_builddir&;t t
+s&@abs_builddir@&$ac_abs_builddir&;t t
+s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
+s&@INSTALL@&$ac_INSTALL&;t t
+$ac_datarootdir_hack
+"
+eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \
+ >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+
+test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
+ { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } &&
+ { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \
+ "$ac_tmp/out"`; test -z "$ac_out"; } &&
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined. Please make sure it is defined" >&5
+$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined. Please make sure it is defined" >&2;}
+
+ rm -f "$ac_tmp/stdin"
+ case $ac_file in
+ -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";;
+ *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";;
+ esac \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+ ;;
+ :H)
+ #
+ # CONFIG_HEADER
+ #
+ if test x"$ac_file" != x-; then
+ {
+ $as_echo "/* $configure_input */" \
+ && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs"
+ } >"$ac_tmp/config.h" \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+ if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5
+$as_echo "$as_me: $ac_file is unchanged" >&6;}
+ else
+ rm -f "$ac_file"
+ mv "$ac_tmp/config.h" "$ac_file" \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+ fi
+ else
+ $as_echo "/* $configure_input */" \
+ && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \
+ || as_fn_error $? "could not create -" "$LINENO" 5
+ fi
+ ;;
+
+
+ esac
+
+done # for ac_tag
+
+
+as_fn_exit 0
+_ACEOF
+ac_clean_files=$ac_clean_files_save
+
+test $ac_write_fail = 0 ||
+ as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5
+
+
+# configure is writing to config.log, and then calls config.status.
+# config.status does its own redirection, appending to config.log.
+# Unfortunately, on DOS this fails, as config.log is still kept open
+# by configure, so config.status won't be able to write to it; its
+# output is simply discarded. So we exec the FD to /dev/null,
+# effectively closing config.log, so it can be properly (re)opened and
+# appended to by config.status. When coming back to configure, we
+# need to make the FD available again.
+if test "$no_create" != yes; then
+ ac_cs_success=:
+ ac_config_status_args=
+ test "$silent" = yes &&
+ ac_config_status_args="$ac_config_status_args --quiet"
+ exec 5>/dev/null
+ $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
+ exec 5>>config.log
+ # Use ||, not &&, to avoid exiting from the if with $? = 1, which
+ # would make configure fail if this is the last instruction.
+ $ac_cs_success || as_fn_exit 1
+fi
+if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
+$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
+fi
+
+
+# Print summary of options
+
+# Someone please show me a better way :)
+A=`eval echo ${prefix}` ; A=`eval echo ${A}`
+B=`eval echo ${bindir}` ; B=`eval echo ${B}`
+C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
+D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
+E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
+F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
+G=`eval echo ${piddir}` ; G=`eval echo ${G}`
+H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
+I=`eval echo ${user_path}` ; I=`eval echo ${I}`
+J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
+
+echo ""
+echo "OpenSSH has been configured with the following options:"
+echo " User binaries: $B"
+echo " System binaries: $C"
+echo " Configuration files: $D"
+echo " Askpass program: $E"
+echo " Manual pages: $F"
+echo " PID file: $G"
+echo " Privilege separation chroot path: $H"
+if test "x$external_path_file" = "x/etc/login.conf" ; then
+echo " At runtime, sshd will use the path defined in $external_path_file"
+echo " Make sure the path to scp is present, otherwise scp will not work"
+else
+echo " sshd default user PATH: $I"
+ if test ! -z "$external_path_file"; then
+echo " (If PATH is set in $external_path_file it will be used instead. If"
+echo " used, ensure the path to scp is present, otherwise scp will not work.)"
+ fi
+fi
+if test ! -z "$superuser_path" ; then
+echo " sshd superuser user PATH: $J"
+fi
+echo " Manpage format: $MANTYPE"
+echo " PAM support: $PAM_MSG"
+echo " OSF SIA support: $SIA_MSG"
+echo " KerberosV support: $KRB5_MSG"
+echo " SELinux support: $SELINUX_MSG"
+echo " Smartcard support: $SCARD_MSG"
+echo " S/KEY support: $SKEY_MSG"
+echo " TCP Wrappers support: $TCPW_MSG"
+echo " MD5 password support: $MD5_MSG"
+echo " libedit support: $LIBEDIT_MSG"
+echo " Solaris process contract support: $SPC_MSG"
+echo " Solaris project support: $SP_MSG"
+echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
+echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
+echo " BSD Auth support: $BSD_AUTH_MSG"
+echo " Random number source: $RAND_MSG"
+echo " Privsep sandbox style: $SANDBOX_STYLE"
+
+echo ""
+
+echo " Host: ${host}"
+echo " Compiler: ${CC}"
+echo " Compiler flags: ${CFLAGS}"
+echo "Preprocessor flags: ${CPPFLAGS}"
+echo " Linker flags: ${LDFLAGS}"
+echo " Libraries: ${LIBS}"
+if test ! -z "${SSHDLIBS}"; then
+echo " +for sshd: ${SSHDLIBS}"
+fi
+if test ! -z "${SSHLIBS}"; then
+echo " +for ssh: ${SSHLIBS}"
+fi
+
+echo ""
+
+if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
+ echo "SVR4 style packages are supported with \"make package\""
+ echo ""
+fi
+
+if test "x$PAM_MSG" = "xyes" ; then
+ echo "PAM is enabled. You may need to install a PAM control file "
+ echo "for sshd, otherwise password authentication may fail. "
+ echo "Example PAM control files can be found in the contrib/ "
+ echo "subdirectory"
+ echo ""
+fi
+
+if test ! -z "$NO_PEERCHECK" ; then
+ echo "WARNING: the operating system that you are using does not"
+ echo "appear to support getpeereid(), getpeerucred() or the"
+ echo "SO_PEERCRED getsockopt() option. These facilities are used to"
+ echo "enforce security checks to prevent unauthorised connections to"
+ echo "ssh-agent. Their absence increases the risk that a malicious"
+ echo "user can connect to your agent."
+ echo ""
+fi
+
+if test "$AUDIT_MODULE" = "bsm" ; then
+ echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
+ echo "See the Solaris section in README.platform for details."
+fi
Modified: vendor-crypto/openssh/dist/configure.ac
===================================================================
--- vendor-crypto/openssh/dist/configure.ac 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/configure.ac 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.1.1.10 2013-01-22 13:42:06 laffer1 Exp $
+# $Id: configure.ac,v 1.536 2013/08/04 11:48:41 dtucker Exp $
#
# Copyright (c) 1999-2004 Damien Miller
#
@@ -14,23 +14,12 @@
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-AC_INIT(OpenSSH, Portable, openssh-unix-dev at mindrot.org)
-AC_REVISION($Revision: 1.1.1.10 $)
+AC_INIT([OpenSSH], [Portable], [openssh-unix-dev at mindrot.org])
+AC_REVISION($Revision: 1.536 $)
AC_CONFIG_SRCDIR([ssh.c])
+AC_LANG([C])
-# local macros
-AC_DEFUN([OPENSSH_CHECK_CFLAG_COMPILE], [{
- AC_MSG_CHECKING([if $CC supports $1])
- saved_CFLAGS="$CFLAGS"
- CFLAGS="$CFLAGS $1"
- AC_COMPILE_IFELSE([void main(void) { return 0; }],
- [ AC_MSG_RESULT(yes) ],
- [ AC_MSG_RESULT(no)
- CFLAGS="$saved_CFLAGS" ]
- )
-}])
-
-AC_CONFIG_HEADER(config.h)
+AC_CONFIG_HEADER([config.h])
AC_PROG_CC
AC_CANONICAL_HOST
AC_C_BIGENDIAN
@@ -41,22 +30,22 @@
AC_PROG_RANLIB
AC_PROG_INSTALL
AC_PROG_EGREP
-AC_PATH_PROG(AR, ar)
-AC_PATH_PROG(CAT, cat)
-AC_PATH_PROG(KILL, kill)
-AC_PATH_PROGS(PERL, perl5 perl)
-AC_PATH_PROG(SED, sed)
-AC_SUBST(PERL)
-AC_PATH_PROG(ENT, ent)
-AC_SUBST(ENT)
-AC_PATH_PROG(TEST_MINUS_S_SH, bash)
-AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
-AC_PATH_PROG(TEST_MINUS_S_SH, sh)
-AC_PATH_PROG(SH, sh)
-AC_PATH_PROG(GROFF, groff)
-AC_PATH_PROG(NROFF, nroff)
-AC_PATH_PROG(MANDOC, mandoc)
-AC_SUBST(TEST_SHELL,sh)
+AC_PATH_PROG([AR], [ar])
+AC_PATH_PROG([CAT], [cat])
+AC_PATH_PROG([KILL], [kill])
+AC_PATH_PROGS([PERL], [perl5 perl])
+AC_PATH_PROG([SED], [sed])
+AC_SUBST([PERL])
+AC_PATH_PROG([ENT], [ent])
+AC_SUBST([ENT])
+AC_PATH_PROG([TEST_MINUS_S_SH], [bash])
+AC_PATH_PROG([TEST_MINUS_S_SH], [ksh])
+AC_PATH_PROG([TEST_MINUS_S_SH], [sh])
+AC_PATH_PROG([SH], [sh])
+AC_PATH_PROG([GROFF], [groff])
+AC_PATH_PROG([NROFF], [nroff])
+AC_PATH_PROG([MANDOC], [mandoc])
+AC_SUBST([TEST_SHELL], [sh])
dnl select manpage formatter
if test "x$MANDOC" != "x" ; then
@@ -69,18 +58,18 @@
AC_MSG_WARN([no manpage formatted found])
MANFMT="false"
fi
-AC_SUBST(MANFMT)
+AC_SUBST([MANFMT])
dnl for buildpkg.sh
-AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
+AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd],
[/usr/sbin${PATH_SEPARATOR}/etc])
-AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
+AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd],
[/usr/sbin${PATH_SEPARATOR}/etc])
-AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
+AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no])
if test -x /sbin/sh; then
- AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
+ AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh])
else
- AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
+ AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh])
fi
# System features
@@ -92,20 +81,20 @@
# Use LOGIN_PROGRAM from environment if possible
if test ! -z "$LOGIN_PROGRAM" ; then
- AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
+ AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM"],
[If your header files don't define LOGIN_PROGRAM,
then use this (detected) from environment and PATH])
else
# Search for login
- AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
+ AC_PATH_PROG([LOGIN_PROGRAM_FALLBACK], [login])
if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
- AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
+ AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM_FALLBACK"])
fi
fi
-AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
+AC_PATH_PROG([PATH_PASSWD_PROG], [passwd])
if test ! -z "$PATH_PASSWD_PROG" ; then
- AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
+ AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"],
[Full path of your "passwd" program])
fi
@@ -112,14 +101,27 @@
if test -z "$LD" ; then
LD=$CC
fi
-AC_SUBST(LD)
+AC_SUBST([LD])
AC_C_INLINE
-AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
-
+AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>])
+AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [
+ #include <sys/types.h>
+ #include <sys/param.h>
+ #include <dev/systrace.h>
+])
+AC_CHECK_DECL([RLIMIT_NPROC],
+ [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [
+ #include <sys/types.h>
+ #include <sys/resource.h>
+])
+AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [
+ #include <sys/types.h>
+ #include <linux/prctl.h>
+])
use_stack_protector=1
-AC_ARG_WITH(stackprotect,
+AC_ARG_WITH([stackprotect],
[ --without-stackprotect Don't use compiler's stack protection], [
if test "x$withval" = "xno"; then
use_stack_protector=0
@@ -127,15 +129,21 @@
if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
- OPENSSH_CHECK_CFLAG_COMPILE([-Wall])
- OPENSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
- OPENSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
- OPENSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
- OPENSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
- OPENSSH_CHECK_CFLAG_COMPILE([-Wno-pointer-sign])
- OPENSSH_CHECK_CFLAG_COMPILE([-Wno-unused-result])
- OPENSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
- AC_MSG_CHECKING(gcc version)
+ OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments -Werror],
+ [-Qunused-arguments])
+ OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option -Werror],
+ [-Wno-unknown-warning-option])
+ OSSH_CHECK_CFLAG_COMPILE([-Wall])
+ OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
+ OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
+ OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
+ OSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
+ OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess])
+ OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])
+ OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
+ OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
+ OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
+ AC_MSG_CHECKING([gcc version])
GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
case $GCC_VER in
1.*) no_attrib_nonnull=1 ;;
@@ -145,19 +153,17 @@
2.*) no_attrib_nonnull=1 ;;
*) ;;
esac
- AC_MSG_RESULT($GCC_VER)
+ AC_MSG_RESULT([$GCC_VER])
- AC_MSG_CHECKING(if $CC accepts -fno-builtin-memset)
+ AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset])
saved_CFLAGS="$CFLAGS"
CFLAGS="$CFLAGS -fno-builtin-memset"
- AC_LINK_IFELSE( [AC_LANG_SOURCE([[
-#include <string.h>
-int main(void){char b[10]; memset(b, 0, sizeof(b));}
- ]])],
- [ AC_MSG_RESULT(yes) ],
- [ AC_MSG_RESULT(no)
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]],
+ [[ char b[10]; memset(b, 0, sizeof(b)); ]])],
+ [ AC_MSG_RESULT([yes]) ],
+ [ AC_MSG_RESULT([no])
CFLAGS="$saved_CFLAGS" ]
-)
+ )
# -fstack-protector-all doesn't always work for some GCC versions
# and/or platforms, so we test if we can. If it's not supported
@@ -164,33 +170,35 @@
# on a given platform gcc will emit a warning so we use -Werror.
if test "x$use_stack_protector" = "x1"; then
for t in -fstack-protector-all -fstack-protector; do
- AC_MSG_CHECKING(if $CC supports $t)
+ AC_MSG_CHECKING([if $CC supports $t])
saved_CFLAGS="$CFLAGS"
saved_LDFLAGS="$LDFLAGS"
CFLAGS="$CFLAGS $t -Werror"
LDFLAGS="$LDFLAGS $t -Werror"
AC_LINK_IFELSE(
- [AC_LANG_SOURCE([
-#include <stdio.h>
-int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
- ])],
- [ AC_MSG_RESULT(yes)
+ [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
+ [[
+ char x[256];
+ snprintf(x, sizeof(x), "XXX");
+ ]])],
+ [ AC_MSG_RESULT([yes])
CFLAGS="$saved_CFLAGS $t"
LDFLAGS="$saved_LDFLAGS $t"
- AC_MSG_CHECKING(if $t works)
+ AC_MSG_CHECKING([if $t works])
AC_RUN_IFELSE(
- [AC_LANG_SOURCE([
-#include <stdio.h>
-int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
- ])],
- [ AC_MSG_RESULT(yes)
+ [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
+ [[
+ char x[256];
+ snprintf(x, sizeof(x), "XXX");
+ ]])],
+ [ AC_MSG_RESULT([yes])
break ],
- [ AC_MSG_RESULT(no) ],
+ [ AC_MSG_RESULT([no]) ],
[ AC_MSG_WARN([cross compiling: cannot test])
break ]
)
],
- [ AC_MSG_RESULT(no) ]
+ [ AC_MSG_RESULT([no]) ]
)
CFLAGS="$saved_CFLAGS"
LDFLAGS="$saved_LDFLAGS"
@@ -202,7 +210,7 @@
unset ac_cv_have_decl_LLONG_MAX
saved_CFLAGS="$CFLAGS"
CFLAGS="$CFLAGS -std=gnu99"
- AC_CHECK_DECL(LLONG_MAX,
+ AC_CHECK_DECL([LLONG_MAX],
[have_llong_max=1],
[CFLAGS="$saved_CFLAGS"],
[#include <limits.h>]
@@ -210,11 +218,23 @@
fi
fi
+AC_MSG_CHECKING([if compiler allows __attribute__ on return types])
+AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM([[
+#include <stdlib.h>
+__attribute__((__unused__)) static void foo(void){return;}]],
+ [[ exit(0); ]])],
+ [ AC_MSG_RESULT([yes]) ],
+ [ AC_MSG_RESULT([no])
+ AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1,
+ [compiler does not accept __attribute__ on return types]) ]
+)
+
if test "x$no_attrib_nonnull" != "x1" ; then
- AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
+ AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull])
fi
-AC_ARG_WITH(rpath,
+AC_ARG_WITH([rpath],
[ --without-rpath Disable auto-added -R linker paths],
[
if test "x$withval" = "xno" ; then
@@ -227,7 +247,7 @@
)
# Allow user to specify flags
-AC_ARG_WITH(cflags,
+AC_ARG_WITH([cflags],
[ --with-cflags Specify additional flags to pass to compiler],
[
if test -n "$withval" && test "x$withval" != "xno" && \
@@ -236,7 +256,7 @@
fi
]
)
-AC_ARG_WITH(cppflags,
+AC_ARG_WITH([cppflags],
[ --with-cppflags Specify additional flags to pass to preprocessor] ,
[
if test -n "$withval" && test "x$withval" != "xno" && \
@@ -245,7 +265,7 @@
fi
]
)
-AC_ARG_WITH(ldflags,
+AC_ARG_WITH([ldflags],
[ --with-ldflags Specify additional flags to pass to linker],
[
if test -n "$withval" && test "x$withval" != "xno" && \
@@ -254,7 +274,7 @@
fi
]
)
-AC_ARG_WITH(libs,
+AC_ARG_WITH([libs],
[ --with-libs Specify additional libraries to link with],
[
if test -n "$withval" && test "x$withval" != "xno" && \
@@ -263,7 +283,7 @@
fi
]
)
-AC_ARG_WITH(Werror,
+AC_ARG_WITH([Werror],
[ --with-Werror Build main code with -Werror],
[
if test -n "$withval" && test "x$withval" != "xno"; then
@@ -275,12 +295,13 @@
]
)
-AC_CHECK_HEADERS( \
+AC_CHECK_HEADERS([ \
bstring.h \
crypt.h \
crypto/sha2.h \
dirent.h \
endian.h \
+ elf.h \
features.h \
fcntl.h \
floatingpoint.h \
@@ -289,6 +310,7 @@
ia.h \
iaf.h \
limits.h \
+ locale.h \
login.h \
maillock.h \
ndir.h \
@@ -327,7 +349,6 @@
sys/sysmacros.h \
sys/time.h \
sys/timers.h \
- sys/un.h \
time.h \
tmpdir.h \
ttyent.h \
@@ -339,10 +360,10 @@
utmp.h \
utmpx.h \
vis.h \
-)
+])
# lastlog.h requires sys/time.h to be included first on Solaris
-AC_CHECK_HEADERS(lastlog.h, [], [], [
+AC_CHECK_HEADERS([lastlog.h], [], [], [
#ifdef HAVE_SYS_TIME_H
# include <sys/time.h>
#endif
@@ -349,7 +370,7 @@
])
# sys/ptms.h requires sys/stream.h to be included first on Solaris
-AC_CHECK_HEADERS(sys/ptms.h, [], [], [
+AC_CHECK_HEADERS([sys/ptms.h], [], [], [
#ifdef HAVE_SYS_STREAM_H
# include <sys/stream.h>
#endif
@@ -356,15 +377,21 @@
])
# login_cap.h requires sys/types.h on NetBSD
-AC_CHECK_HEADERS(login_cap.h, [], [], [
+AC_CHECK_HEADERS([login_cap.h], [], [], [
#include <sys/types.h>
])
# older BSDs need sys/param.h before sys/mount.h
-AC_CHECK_HEADERS(sys/mount.h, [], [], [
+AC_CHECK_HEADERS([sys/mount.h], [], [], [
#include <sys/param.h>
])
+# Android requires sys/socket.h to be included before sys/un.h
+AC_CHECK_HEADERS([sys/un.h], [], [], [
+#include <sys/types.h>
+#include <sys/socket.h>
+])
+
# Messages for features tested for in target-specific section
SIA_MSG="no"
SPC_MSG="no"
@@ -378,15 +405,14 @@
# particularly with older versions of vac or xlc.
# It also throws errors about null macro argments, but these are
# not fatal.
- AC_MSG_CHECKING(if compiler allows macro redefinitions)
+ AC_MSG_CHECKING([if compiler allows macro redefinitions])
AC_COMPILE_IFELSE(
- [AC_LANG_SOURCE([[
+ [AC_LANG_PROGRAM([[
#define testmacro foo
-#define testmacro bar
-int main(void) { exit(0); }
- ]])],
- [ AC_MSG_RESULT(yes) ],
- [ AC_MSG_RESULT(no)
+#define testmacro bar]],
+ [[ exit(0); ]])],
+ [ AC_MSG_RESULT([yes]) ],
+ [ AC_MSG_RESULT([no])
CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
@@ -407,21 +433,22 @@
for tryflags in $flags ;do
if (test -z "$blibflags"); then
LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
- AC_TRY_LINK([], [], [blibflags=$tryflags])
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
+ [blibflags=$tryflags], [])
fi
done
if (test -z "$blibflags"); then
- AC_MSG_RESULT(not found)
+ AC_MSG_RESULT([not found])
AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
else
- AC_MSG_RESULT($blibflags)
+ AC_MSG_RESULT([$blibflags])
fi
LDFLAGS="$saved_LDFLAGS"
dnl Check for authenticate. Might be in libs.a on older AIXes
- AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
+ AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1],
[Define if you want to enable AIX4's authenticate function])],
- [AC_CHECK_LIB(s,authenticate,
- [ AC_DEFINE(WITH_AIXAUTHENTICATE)
+ [AC_CHECK_LIB([s], [authenticate],
+ [ AC_DEFINE([WITH_AIXAUTHENTICATE])
LIBS="$LIBS -ls"
])
])
@@ -429,98 +456,110 @@
AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
passwdexpired, setauthdb], , , [#include <usersec.h>])
dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
- AC_CHECK_DECLS(loginfailed,
- [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
- AC_TRY_COMPILE(
- [#include <usersec.h>],
- [(void)loginfailed("user","host","tty",0);],
- [AC_MSG_RESULT(yes)
- AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
- [Define if your AIX loginfailed() function
- takes 4 arguments (AIX >= 5.2)])],
- [AC_MSG_RESULT(no)]
- )],
- [],
- [#include <usersec.h>]
+ AC_CHECK_DECLS([loginfailed],
+ [AC_MSG_CHECKING([if loginfailed takes 4 arguments])
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]],
+ [[ (void)loginfailed("user","host","tty",0); ]])],
+ [AC_MSG_RESULT([yes])
+ AC_DEFINE([AIX_LOGINFAILED_4ARG], [1],
+ [Define if your AIX loginfailed() function
+ takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no])
+ ])],
+ [],
+ [#include <usersec.h>]
)
- AC_CHECK_FUNCS(getgrset setauthdb)
- AC_CHECK_DECL(F_CLOSEM,
- AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
+ AC_CHECK_FUNCS([getgrset setauthdb])
+ AC_CHECK_DECL([F_CLOSEM],
+ AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]),
[],
[ #include <limits.h>
#include <fcntl.h> ]
)
check_for_aix_broken_getaddrinfo=1
- AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
- AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
+ AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.])
+ AC_DEFINE([SETEUID_BREAKS_SETUID], [1],
[Define if your platform breaks doing a seteuid before a setuid])
- AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
- AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
+ AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken])
+ AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken])
dnl AIX handles lastlog as part of its login message
- AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
- AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
+ AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog])
+ AC_DEFINE([LOGIN_NEEDS_UTMPX], [1],
[Some systems need a utmpx entry for /bin/login to work])
- AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
+ AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
[Define to a Set Process Title type if your system is
supported by bsd-setproctitle.c])
- AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
+ AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
[AIX 5.2 and 5.3 (and presumably newer) require this])
- AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
+ AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd])
+ AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
;;
+*-*-android*)
+ AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp])
+ AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp])
+ ;;
*-*-cygwin*)
check_for_libcrypt_later=1
LIBS="$LIBS /usr/lib/textreadmode.o"
- AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
- AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
- AC_DEFINE(DISABLE_SHADOW, 1,
+ AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin])
+ AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()])
+ AC_DEFINE([DISABLE_SHADOW], [1],
[Define if you want to disable shadow passwords])
- AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
+ AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],
[Define if X11 doesn't support AF_UNIX sockets on that system])
- AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
+ AC_DEFINE([NO_IPPORT_RESERVED_CONCEPT], [1],
[Define if the concept of ports only accessible to
superusers isn't known])
- AC_DEFINE(DISABLE_FD_PASSING, 1,
+ AC_DEFINE([DISABLE_FD_PASSING], [1],
[Define if your platform needs to skip post auth
file descriptor passing])
- AC_DEFINE(SSH_IOBUFSZ, 65535, [Windows is sensitive to read buffer size])
- AC_DEFINE(FILESYSTEM_NO_BACKSLASH, 1, [File names may not contain backslash characters])
+ AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size])
+ AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters])
;;
*-*-dgux*)
- AC_DEFINE(IP_TOS_IS_BROKEN, 1,
+ AC_DEFINE([IP_TOS_IS_BROKEN], [1],
[Define if your system choked on IP TOS setting])
- AC_DEFINE(SETEUID_BREAKS_SETUID)
- AC_DEFINE(BROKEN_SETREUID)
- AC_DEFINE(BROKEN_SETREGID)
+ AC_DEFINE([SETEUID_BREAKS_SETUID])
+ AC_DEFINE([BROKEN_SETREUID])
+ AC_DEFINE([BROKEN_SETREGID])
;;
*-*-darwin*)
- AC_MSG_CHECKING(if we have working getaddrinfo)
- AC_TRY_RUN([#include <mach-o/dyld.h>
+ AC_MSG_CHECKING([if we have working getaddrinfo])
+ AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h>
main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
exit(0);
else
exit(1);
-}], [AC_MSG_RESULT(working)],
- [AC_MSG_RESULT(buggy)
- AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
- [AC_MSG_RESULT(assume it is working)])
- AC_DEFINE(SETEUID_BREAKS_SETUID)
- AC_DEFINE(BROKEN_SETREUID)
- AC_DEFINE(BROKEN_SETREGID)
- AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect])
- AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
+}
+ ]])],
+ [AC_MSG_RESULT([working])],
+ [AC_MSG_RESULT([buggy])
+ AC_DEFINE([BROKEN_GETADDRINFO], [1],
+ [getaddrinfo is broken (if present)])
+ ],
+ [AC_MSG_RESULT([assume it is working])])
+ AC_DEFINE([SETEUID_BREAKS_SETUID])
+ AC_DEFINE([BROKEN_SETREUID])
+ AC_DEFINE([BROKEN_SETREGID])
+ AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect])
+ AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1],
[Define if your resolver libs need this for getrrsetbyname])
- AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
- AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
+ AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
+ AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
[Use tunnel device compatibility to OpenBSD])
- AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
+ AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
[Prepend the address family to IP tunnel traffic])
- m4_pattern_allow(AU_IPv)
- AC_CHECK_DECL(AU_IPv4, [],
- AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
+ m4_pattern_allow([AU_IPv])
+ AC_CHECK_DECL([AU_IPv4], [],
+ AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
[#include <bsm/audit.h>]
- AC_DEFINE(LASTLOG_WRITE_PUTUTXLINE, 1,
+ AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1],
[Define if pututxline updates lastlog too])
)
+ AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
+ [Define to a Set Process Title type if your system is
+ supported by bsd-setproctitle.c])
+ AC_CHECK_FUNCS([sandbox_init])
+ AC_CHECK_HEADERS([sandbox.h])
;;
*-*-dragonfly*)
SSHDLIBS="$SSHDLIBS -lcrypt"
@@ -527,8 +566,8 @@
;;
*-*-haiku*)
LIBS="$LIBS -lbsd "
- AC_CHECK_LIB(network, socket)
- AC_DEFINE(HAVE_U_INT64_T)
+ AC_CHECK_LIB([network], [socket])
+ AC_DEFINE([HAVE_U_INT64_T])
MANTYPE=man
;;
*-*-hpux*)
@@ -535,17 +574,18 @@
# first we define all of the options common to all HP-UX releases
CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
IPADDR_IN_DISPLAY=yes
- AC_DEFINE(USE_PIPES)
- AC_DEFINE(LOGIN_NO_ENDOPT, 1,
+ AC_DEFINE([USE_PIPES])
+ AC_DEFINE([LOGIN_NO_ENDOPT], [1],
[Define if your login program cannot handle end of options ("--")])
- AC_DEFINE(LOGIN_NEEDS_UTMPX)
- AC_DEFINE(LOCKED_PASSWD_STRING, "*",
+ AC_DEFINE([LOGIN_NEEDS_UTMPX])
+ AC_DEFINE([LOCKED_PASSWD_STRING], ["*"],
[String used in /etc/passwd to denote locked account])
- AC_DEFINE(SPT_TYPE,SPT_PSTAT)
- MAIL="/var/mail/username"
+ AC_DEFINE([SPT_TYPE], [SPT_PSTAT])
+ AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
+ maildir="/var/mail"
LIBS="$LIBS -lsec"
- AC_CHECK_LIB(xnet, t_error, ,
- AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
+ AC_CHECK_LIB([xnet], [t_error], ,
+ [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])])
# next, we define all of the options specific to major releases
case "$host" in
@@ -555,13 +595,13 @@
fi
;;
*-*-hpux11*)
- AC_DEFINE(PAM_SUN_CODEBASE, 1,
+ AC_DEFINE([PAM_SUN_CODEBASE], [1],
[Define if you are using Solaris-derived PAM which
passes pam_messages to the conversation function
with an extra level of indirection])
- AC_DEFINE(DISABLE_UTMP, 1,
+ AC_DEFINE([DISABLE_UTMP], [1],
[Define if you don't want to use utmp])
- AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
+ AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
check_for_hpux_broken_getaddrinfo=1
check_for_conflicting_getspnam=1
;;
@@ -570,7 +610,7 @@
# lastly, we define options specific to minor releases
case "$host" in
*-*-hpux10.26)
- AC_DEFINE(HAVE_SECUREWARE, 1,
+ AC_DEFINE([HAVE_SECUREWARE], [1],
[Define if you have SecureWare-based
protected password database])
disable_ptmx_check=yes
@@ -580,79 +620,102 @@
;;
*-*-irix5*)
PATH="$PATH:/usr/etc"
- AC_DEFINE(BROKEN_INET_NTOA, 1,
+ AC_DEFINE([BROKEN_INET_NTOA], [1],
[Define if you system's inet_ntoa is busted
(e.g. Irix gcc issue)])
- AC_DEFINE(SETEUID_BREAKS_SETUID)
- AC_DEFINE(BROKEN_SETREUID)
- AC_DEFINE(BROKEN_SETREGID)
- AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
+ AC_DEFINE([SETEUID_BREAKS_SETUID])
+ AC_DEFINE([BROKEN_SETREUID])
+ AC_DEFINE([BROKEN_SETREGID])
+ AC_DEFINE([WITH_ABBREV_NO_TTY], [1],
[Define if you shouldn't strip 'tty' from your
ttyname in [uw]tmp])
- AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
+ AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
;;
*-*-irix6*)
PATH="$PATH:/usr/etc"
- AC_DEFINE(WITH_IRIX_ARRAY, 1,
+ AC_DEFINE([WITH_IRIX_ARRAY], [1],
[Define if you have/want arrays
(cluster-wide session managment, not C arrays)])
- AC_DEFINE(WITH_IRIX_PROJECT, 1,
+ AC_DEFINE([WITH_IRIX_PROJECT], [1],
[Define if you want IRIX project management])
- AC_DEFINE(WITH_IRIX_AUDIT, 1,
+ AC_DEFINE([WITH_IRIX_AUDIT], [1],
[Define if you want IRIX audit trails])
- AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
+ AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1],
[Define if you want IRIX kernel jobs])])
- AC_DEFINE(BROKEN_INET_NTOA)
- AC_DEFINE(SETEUID_BREAKS_SETUID)
- AC_DEFINE(BROKEN_SETREUID)
- AC_DEFINE(BROKEN_SETREGID)
- AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
- AC_DEFINE(WITH_ABBREV_NO_TTY)
- AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
+ AC_DEFINE([BROKEN_INET_NTOA])
+ AC_DEFINE([SETEUID_BREAKS_SETUID])
+ AC_DEFINE([BROKEN_SETREUID])
+ AC_DEFINE([BROKEN_SETREGID])
+ AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)])
+ AC_DEFINE([WITH_ABBREV_NO_TTY])
+ AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
;;
*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
check_for_libcrypt_later=1
- AC_DEFINE(PAM_TTY_KLUDGE)
- AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
- AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
- AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
- AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
+ AC_DEFINE([PAM_TTY_KLUDGE])
+ AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"])
+ AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
+ AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
+ AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
;;
*-*-linux*)
no_dev_ptmx=1
check_for_libcrypt_later=1
check_for_openpty_ctty_bug=1
- AC_DEFINE(PAM_TTY_KLUDGE, 1,
+ AC_DEFINE([PAM_TTY_KLUDGE], [1],
[Work around problematic Linux PAM modules handling of PAM_TTY])
- AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
+ AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"],
[String used in /etc/passwd to denote locked account])
- AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
- AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
+ AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
+ AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM],
[Define to whatever link() returns for "not supported"
if it doesn't return EOPNOTSUPP.])
- AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
- AC_DEFINE(USE_BTMP)
- AC_DEFINE(LINUX_OOM_ADJUST, 1, [Adjust Linux out-of-memory killer])
+ AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
+ AC_DEFINE([USE_BTMP])
+ AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer])
inet6_default_4in6=yes
case `uname -r` in
1.*|2.0.*)
- AC_DEFINE(BROKEN_CMSG_TYPE, 1,
+ AC_DEFINE([BROKEN_CMSG_TYPE], [1],
[Define if cmsg_type is not passed correctly])
;;
esac
# tun(4) forwarding compat code
- AC_CHECK_HEADERS(linux/if_tun.h)
+ AC_CHECK_HEADERS([linux/if_tun.h])
if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
- AC_DEFINE(SSH_TUN_LINUX, 1,
+ AC_DEFINE([SSH_TUN_LINUX], [1],
[Open tunnel devices the Linux tun/tap way])
- AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
+ AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
[Use tunnel device compatibility to OpenBSD])
- AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
+ AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
[Prepend the address family to IP tunnel traffic])
fi
+ AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [],
+ [], [#include <linux/types.h>])
+ AC_CHECK_FUNCS([prctl])
+ AC_MSG_CHECKING([for seccomp architecture])
+ seccomp_audit_arch=
+ case "$host" in
+ x86_64-*)
+ seccomp_audit_arch=AUDIT_ARCH_X86_64
+ ;;
+ i*86-*)
+ seccomp_audit_arch=AUDIT_ARCH_I386
+ ;;
+ arm*-*)
+ seccomp_audit_arch=AUDIT_ARCH_ARM
+ ;;
+ esac
+ if test "x$seccomp_audit_arch" != "x" ; then
+ AC_MSG_RESULT(["$seccomp_audit_arch"])
+ AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch],
+ [Specify the system call convention in use])
+ else
+ AC_MSG_RESULT([architecture not supported])
+ fi
;;
mips-sony-bsd|mips-sony-newsos4)
- AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
+ AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty])
SONY=1
;;
*-*-netbsd*)
@@ -660,40 +723,41 @@
if test "x$withval" != "xno" ; then
need_dash_r=1
fi
- AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
+ AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
AC_CHECK_HEADER([net/if_tap.h], ,
- AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
- AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
+ AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
+ AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
[Prepend the address family to IP tunnel traffic])
;;
*-*-freebsd*)
check_for_libcrypt_later=1
- AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
- AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
+ AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)])
+ AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
AC_CHECK_HEADER([net/if_tap.h], ,
- AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
- AC_DEFINE(BROKEN_GLOB, 1, [FreeBSD glob does not do what we need])
+ AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
+ AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need])
+ AC_DEFINE([BROKEN_STRNVIS], [1], [FreeBSD strnvis does not do what we need])
;;
*-*-bsdi*)
- AC_DEFINE(SETEUID_BREAKS_SETUID)
- AC_DEFINE(BROKEN_SETREUID)
- AC_DEFINE(BROKEN_SETREGID)
+ AC_DEFINE([SETEUID_BREAKS_SETUID])
+ AC_DEFINE([BROKEN_SETREUID])
+ AC_DEFINE([BROKEN_SETREGID])
;;
*-next-*)
conf_lastlog_location="/usr/adm/lastlog"
conf_utmp_location=/etc/utmp
conf_wtmp_location=/usr/adm/wtmp
- MAIL=/usr/spool/mail
- AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
- AC_DEFINE(BROKEN_REALPATH)
- AC_DEFINE(USE_PIPES)
- AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
+ maildir=/usr/spool/mail
+ AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT])
+ AC_DEFINE([BROKEN_REALPATH])
+ AC_DEFINE([USE_PIPES])
+ AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT])
;;
*-*-openbsd*)
- AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
- AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
- AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
- AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
+ AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel])
+ AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded])
+ AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way])
+ AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1],
[syslog_r function is safe to use in in a signal handler])
;;
*-*-solaris*)
@@ -700,86 +764,87 @@
if test "x$withval" != "xno" ; then
need_dash_r=1
fi
- AC_DEFINE(PAM_SUN_CODEBASE)
- AC_DEFINE(LOGIN_NEEDS_UTMPX)
- AC_DEFINE(LOGIN_NEEDS_TERM, 1,
+ AC_DEFINE([PAM_SUN_CODEBASE])
+ AC_DEFINE([LOGIN_NEEDS_UTMPX])
+ AC_DEFINE([LOGIN_NEEDS_TERM], [1],
[Some versions of /bin/login need the TERM supplied
on the commandline])
- AC_DEFINE(PAM_TTY_KLUDGE)
- AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
+ AC_DEFINE([PAM_TTY_KLUDGE])
+ AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
[Define if pam_chauthtok wants real uid set
to the unpriv'ed user])
- AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
+ AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
# Pushing STREAMS modules will cause sshd to acquire a controlling tty.
- AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
+ AC_DEFINE([SSHD_ACQUIRES_CTTY], [1],
[Define if sshd somehow reacquires a controlling TTY
after setsid()])
- AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
+ AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd
in case the name is longer than 8 chars])
- AC_DEFINE(BROKEN_TCGETATTR_ICANON, 1, [tcgetattr with ICANON may hang])
+ AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang])
external_path_file=/etc/default/login
# hardwire lastlog location (can't detect it on some versions)
conf_lastlog_location="/var/adm/lastlog"
- AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
+ AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x])
sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
if test "$sol2ver" -ge 8; then
- AC_MSG_RESULT(yes)
- AC_DEFINE(DISABLE_UTMP)
- AC_DEFINE(DISABLE_WTMP, 1,
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([DISABLE_UTMP])
+ AC_DEFINE([DISABLE_WTMP], [1],
[Define if you don't want to use wtmp])
else
- AC_MSG_RESULT(no)
+ AC_MSG_RESULT([no])
fi
- AC_ARG_WITH(solaris-contracts,
+ AC_ARG_WITH([solaris-contracts],
[ --with-solaris-contracts Enable Solaris process contracts (experimental)],
[
- AC_CHECK_LIB(contract, ct_tmpl_activate,
- [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
+ AC_CHECK_LIB([contract], [ct_tmpl_activate],
+ [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1],
[Define if you have Solaris process contracts])
SSHDLIBS="$SSHDLIBS -lcontract"
SPC_MSG="yes" ], )
],
)
- AC_ARG_WITH(solaris-projects,
+ AC_ARG_WITH([solaris-projects],
[ --with-solaris-projects Enable Solaris projects (experimental)],
[
- AC_CHECK_LIB(project, setproject,
- [ AC_DEFINE(USE_SOLARIS_PROJECTS, 1,
+ AC_CHECK_LIB([project], [setproject],
+ [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1],
[Define if you have Solaris projects])
SSHDLIBS="$SSHDLIBS -lproject"
SP_MSG="yes" ], )
],
)
+ TEST_SHELL=$SHELL # let configure find us a capable shell
;;
*-*-sunos4*)
CPPFLAGS="$CPPFLAGS -DSUNOS4"
- AC_CHECK_FUNCS(getpwanam)
- AC_DEFINE(PAM_SUN_CODEBASE)
+ AC_CHECK_FUNCS([getpwanam])
+ AC_DEFINE([PAM_SUN_CODEBASE])
conf_utmp_location=/etc/utmp
conf_wtmp_location=/var/adm/wtmp
conf_lastlog_location=/var/adm/lastlog
- AC_DEFINE(USE_PIPES)
+ AC_DEFINE([USE_PIPES])
;;
*-ncr-sysv*)
LIBS="$LIBS -lc89"
- AC_DEFINE(USE_PIPES)
- AC_DEFINE(SSHD_ACQUIRES_CTTY)
- AC_DEFINE(SETEUID_BREAKS_SETUID)
- AC_DEFINE(BROKEN_SETREUID)
- AC_DEFINE(BROKEN_SETREGID)
+ AC_DEFINE([USE_PIPES])
+ AC_DEFINE([SSHD_ACQUIRES_CTTY])
+ AC_DEFINE([SETEUID_BREAKS_SETUID])
+ AC_DEFINE([BROKEN_SETREUID])
+ AC_DEFINE([BROKEN_SETREGID])
;;
*-sni-sysv*)
# /usr/ucblib MUST NOT be searched on ReliantUNIX
- AC_CHECK_LIB(dl, dlsym, ,)
+ AC_CHECK_LIB([dl], [dlsym], ,)
# -lresolv needs to be at the end of LIBS or DNS lookups break
- AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
+ AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ])
IPADDR_IN_DISPLAY=yes
- AC_DEFINE(USE_PIPES)
- AC_DEFINE(IP_TOS_IS_BROKEN)
- AC_DEFINE(SETEUID_BREAKS_SETUID)
- AC_DEFINE(BROKEN_SETREUID)
- AC_DEFINE(BROKEN_SETREGID)
- AC_DEFINE(SSHD_ACQUIRES_CTTY)
+ AC_DEFINE([USE_PIPES])
+ AC_DEFINE([IP_TOS_IS_BROKEN])
+ AC_DEFINE([SETEUID_BREAKS_SETUID])
+ AC_DEFINE([BROKEN_SETREUID])
+ AC_DEFINE([BROKEN_SETREGID])
+ AC_DEFINE([SSHD_ACQUIRES_CTTY])
external_path_file=/etc/default/login
# /usr/ucblib/libucb.a no longer needed on ReliantUNIX
# Attention: always take care to bind libsocket and libnsl before libc,
@@ -787,36 +852,38 @@
;;
# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
*-*-sysv4.2*)
- AC_DEFINE(USE_PIPES)
- AC_DEFINE(SETEUID_BREAKS_SETUID)
- AC_DEFINE(BROKEN_SETREUID)
- AC_DEFINE(BROKEN_SETREGID)
- AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
- AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
+ AC_DEFINE([USE_PIPES])
+ AC_DEFINE([SETEUID_BREAKS_SETUID])
+ AC_DEFINE([BROKEN_SETREUID])
+ AC_DEFINE([BROKEN_SETREGID])
+ AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd])
+ AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
+ TEST_SHELL=$SHELL # let configure find us a capable shell
;;
# UnixWare 7.x, OpenUNIX 8
*-*-sysv5*)
CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
- AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
- AC_DEFINE(USE_PIPES)
- AC_DEFINE(SETEUID_BREAKS_SETUID)
- AC_DEFINE(BROKEN_GETADDRINFO)
- AC_DEFINE(BROKEN_SETREUID)
- AC_DEFINE(BROKEN_SETREGID)
- AC_DEFINE(PASSWD_NEEDS_USERNAME)
+ AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars])
+ AC_DEFINE([USE_PIPES])
+ AC_DEFINE([SETEUID_BREAKS_SETUID])
+ AC_DEFINE([BROKEN_GETADDRINFO])
+ AC_DEFINE([BROKEN_SETREUID])
+ AC_DEFINE([BROKEN_SETREGID])
+ AC_DEFINE([PASSWD_NEEDS_USERNAME])
+ TEST_SHELL=$SHELL # let configure find us a capable shell
case "$host" in
*-*-sysv5SCO_SV*) # SCO OpenServer 6.x
- TEST_SHELL=/u95/bin/sh
- AC_DEFINE(BROKEN_LIBIAF, 1,
+ maildir=/var/spool/mail
+ AC_DEFINE([BROKEN_LIBIAF], [1],
[ia_uinfo routines not supported by OS yet])
- AC_DEFINE(BROKEN_UPDWTMPX)
- AC_CHECK_LIB(prot, getluid,[ LIBS="$LIBS -lprot"
- AC_CHECK_FUNCS(getluid setluid,,,-lprot)
- AC_DEFINE(HAVE_SECUREWARE)
- AC_DEFINE(DISABLE_SHADOW)
- ],,)
+ AC_DEFINE([BROKEN_UPDWTMPX])
+ AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot"
+ AC_CHECK_FUNCS([getluid setluid], , , [-lprot])
+ AC_DEFINE([HAVE_SECUREWARE])
+ AC_DEFINE([DISABLE_SHADOW])
+ ], , )
;;
- *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
+ *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
check_for_libcrypt_later=1
;;
esac
@@ -834,63 +901,64 @@
fi
LIBS="$LIBS -lprot -lx -ltinfo -lm"
no_dev_ptmx=1
- AC_DEFINE(USE_PIPES)
- AC_DEFINE(HAVE_SECUREWARE)
- AC_DEFINE(DISABLE_SHADOW)
- AC_DEFINE(DISABLE_FD_PASSING)
- AC_DEFINE(SETEUID_BREAKS_SETUID)
- AC_DEFINE(BROKEN_GETADDRINFO)
- AC_DEFINE(BROKEN_SETREUID)
- AC_DEFINE(BROKEN_SETREGID)
- AC_DEFINE(WITH_ABBREV_NO_TTY)
- AC_DEFINE(BROKEN_UPDWTMPX)
- AC_DEFINE(PASSWD_NEEDS_USERNAME)
- AC_CHECK_FUNCS(getluid setluid)
+ AC_DEFINE([USE_PIPES])
+ AC_DEFINE([HAVE_SECUREWARE])
+ AC_DEFINE([DISABLE_SHADOW])
+ AC_DEFINE([DISABLE_FD_PASSING])
+ AC_DEFINE([SETEUID_BREAKS_SETUID])
+ AC_DEFINE([BROKEN_GETADDRINFO])
+ AC_DEFINE([BROKEN_SETREUID])
+ AC_DEFINE([BROKEN_SETREGID])
+ AC_DEFINE([WITH_ABBREV_NO_TTY])
+ AC_DEFINE([BROKEN_UPDWTMPX])
+ AC_DEFINE([PASSWD_NEEDS_USERNAME])
+ AC_CHECK_FUNCS([getluid setluid])
MANTYPE=man
- TEST_SHELL=ksh
+ TEST_SHELL=$SHELL # let configure find us a capable shell
+ SKIP_DISABLE_LASTLOG_DEFINE=yes
;;
*-*-unicosmk*)
- AC_DEFINE(NO_SSH_LASTLOG, 1,
+ AC_DEFINE([NO_SSH_LASTLOG], [1],
[Define if you don't want to use lastlog in session.c])
- AC_DEFINE(SETEUID_BREAKS_SETUID)
- AC_DEFINE(BROKEN_SETREUID)
- AC_DEFINE(BROKEN_SETREGID)
- AC_DEFINE(USE_PIPES)
- AC_DEFINE(DISABLE_FD_PASSING)
+ AC_DEFINE([SETEUID_BREAKS_SETUID])
+ AC_DEFINE([BROKEN_SETREUID])
+ AC_DEFINE([BROKEN_SETREGID])
+ AC_DEFINE([USE_PIPES])
+ AC_DEFINE([DISABLE_FD_PASSING])
LDFLAGS="$LDFLAGS"
LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
MANTYPE=cat
;;
*-*-unicosmp*)
- AC_DEFINE(SETEUID_BREAKS_SETUID)
- AC_DEFINE(BROKEN_SETREUID)
- AC_DEFINE(BROKEN_SETREGID)
- AC_DEFINE(WITH_ABBREV_NO_TTY)
- AC_DEFINE(USE_PIPES)
- AC_DEFINE(DISABLE_FD_PASSING)
+ AC_DEFINE([SETEUID_BREAKS_SETUID])
+ AC_DEFINE([BROKEN_SETREUID])
+ AC_DEFINE([BROKEN_SETREGID])
+ AC_DEFINE([WITH_ABBREV_NO_TTY])
+ AC_DEFINE([USE_PIPES])
+ AC_DEFINE([DISABLE_FD_PASSING])
LDFLAGS="$LDFLAGS"
LIBS="$LIBS -lgen -lacid -ldb"
MANTYPE=cat
;;
*-*-unicos*)
- AC_DEFINE(SETEUID_BREAKS_SETUID)
- AC_DEFINE(BROKEN_SETREUID)
- AC_DEFINE(BROKEN_SETREGID)
- AC_DEFINE(USE_PIPES)
- AC_DEFINE(DISABLE_FD_PASSING)
- AC_DEFINE(NO_SSH_LASTLOG)
+ AC_DEFINE([SETEUID_BREAKS_SETUID])
+ AC_DEFINE([BROKEN_SETREUID])
+ AC_DEFINE([BROKEN_SETREGID])
+ AC_DEFINE([USE_PIPES])
+ AC_DEFINE([DISABLE_FD_PASSING])
+ AC_DEFINE([NO_SSH_LASTLOG])
LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
MANTYPE=cat
;;
*-dec-osf*)
- AC_MSG_CHECKING(for Digital Unix SIA)
+ AC_MSG_CHECKING([for Digital Unix SIA])
no_osfsia=""
- AC_ARG_WITH(osfsia,
+ AC_ARG_WITH([osfsia],
[ --with-osfsia Enable Digital Unix SIA],
[
if test "x$withval" = "xno" ; then
- AC_MSG_RESULT(disabled)
+ AC_MSG_RESULT([disabled])
no_osfsia=1
fi
],
@@ -897,69 +965,61 @@
)
if test -z "$no_osfsia" ; then
if test -f /etc/sia/matrix.conf; then
- AC_MSG_RESULT(yes)
- AC_DEFINE(HAVE_OSF_SIA, 1,
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([HAVE_OSF_SIA], [1],
[Define if you have Digital Unix Security
Integration Architecture])
- AC_DEFINE(DISABLE_LOGIN, 1,
+ AC_DEFINE([DISABLE_LOGIN], [1],
[Define if you don't want to use your
system's login() call])
- AC_DEFINE(DISABLE_FD_PASSING)
+ AC_DEFINE([DISABLE_FD_PASSING])
LIBS="$LIBS -lsecurity -ldb -lm -laud"
SIA_MSG="yes"
else
- AC_MSG_RESULT(no)
- AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
+ AC_MSG_RESULT([no])
+ AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"],
[String used in /etc/passwd to denote locked account])
fi
fi
- AC_DEFINE(BROKEN_GETADDRINFO)
- AC_DEFINE(SETEUID_BREAKS_SETUID)
- AC_DEFINE(BROKEN_SETREUID)
- AC_DEFINE(BROKEN_SETREGID)
- AC_DEFINE(BROKEN_READV_COMPARISON, 1, [Can't do comparisons on readv])
+ AC_DEFINE([BROKEN_GETADDRINFO])
+ AC_DEFINE([SETEUID_BREAKS_SETUID])
+ AC_DEFINE([BROKEN_SETREUID])
+ AC_DEFINE([BROKEN_SETREGID])
+ AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv])
;;
*-*-nto-qnx*)
- AC_DEFINE(USE_PIPES)
- AC_DEFINE(NO_X11_UNIX_SOCKETS)
- AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
- AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
- AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
- AC_DEFINE(DISABLE_LASTLOG)
- AC_DEFINE(SSHD_ACQUIRES_CTTY)
- AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
+ AC_DEFINE([USE_PIPES])
+ AC_DEFINE([NO_X11_UNIX_SOCKETS])
+ AC_DEFINE([DISABLE_LASTLOG])
+ AC_DEFINE([SSHD_ACQUIRES_CTTY])
+ AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken])
enable_etc_default_login=no # has incompatible /etc/default/login
case "$host" in
*-*-nto-qnx6*)
- AC_DEFINE(DISABLE_FD_PASSING)
+ AC_DEFINE([DISABLE_FD_PASSING])
;;
esac
;;
*-*-ultrix*)
- AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
- AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
- AC_DEFINE(NEED_SETPGRP)
- AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
+ AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1])
+ AC_DEFINE([BROKEN_MMAP], [1], [Ultrix mmap can't map files])
+ AC_DEFINE([NEED_SETPGRP])
+ AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix])
;;
*-*-lynxos)
CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
- AC_DEFINE(MISSING_HOWMANY)
- AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
+ AC_DEFINE([BROKEN_SETVBUF], [1], [LynxOS has broken setvbuf() implementation])
;;
esac
-AC_MSG_CHECKING(compiler and flags for sanity)
-AC_RUN_IFELSE(
- [AC_LANG_SOURCE([
-#include <stdio.h>
-int main(){exit(0);}
- ])],
- [ AC_MSG_RESULT(yes) ],
+AC_MSG_CHECKING([compiler and flags for sanity])
+AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])],
+ [ AC_MSG_RESULT([yes]) ],
[
- AC_MSG_RESULT(no)
+ AC_MSG_RESULT([no])
AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
],
[ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
@@ -967,12 +1027,12 @@
dnl Checks for header files.
# Checks for libraries.
-AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
-AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
+AC_CHECK_FUNC([yp_match], , [AC_CHECK_LIB([nsl], [yp_match])])
+AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])])
dnl IRIX and Solaris 2.5.1 have dirname() in libgen
-AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
- AC_CHECK_LIB(gen, dirname,[
+AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [
+ AC_CHECK_LIB([gen], [dirname], [
AC_CACHE_CHECK([for broken dirname],
ac_cv_have_broken_dirname, [
save_LIBS="$LIBS"
@@ -1002,19 +1062,19 @@
])
if test "x$ac_cv_have_broken_dirname" = "xno" ; then
LIBS="$LIBS -lgen"
- AC_DEFINE(HAVE_DIRNAME)
- AC_CHECK_HEADERS(libgen.h)
+ AC_DEFINE([HAVE_DIRNAME])
+ AC_CHECK_HEADERS([libgen.h])
fi
])
])
-AC_CHECK_FUNC(getspnam, ,
- AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
-AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
- [Define if you have the basename function.]))
+AC_CHECK_FUNC([getspnam], ,
+ [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])])
+AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1],
+ [Define if you have the basename function.])])
dnl zlib is required
-AC_ARG_WITH(zlib,
+AC_ARG_WITH([zlib],
[ --with-zlib=PATH Use zlib in PATH],
[ if test "x$withval" = "xno" ; then
AC_MSG_ERROR([*** zlib is required ***])
@@ -1040,8 +1100,8 @@
fi ]
)
-AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
-AC_CHECK_LIB(z, deflate, ,
+AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])])
+AC_CHECK_LIB([z], [deflate], ,
[
saved_CPPFLAGS="$CPPFLAGS"
saved_LDFLAGS="$LDFLAGS"
@@ -1054,7 +1114,7 @@
fi
CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
LIBS="$LIBS -lz"
- AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
+ AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])],
[
AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
]
@@ -1062,7 +1122,7 @@
]
)
-AC_ARG_WITH(zlib-version-check,
+AC_ARG_WITH([zlib-version-check],
[ --without-zlib-version-check Disable zlib version check],
[ if test "x$withval" = "xno" ; then
zlib_check_nonfatal=1
@@ -1070,12 +1130,13 @@
]
)
-AC_MSG_CHECKING(for possibly buggy zlib)
-AC_RUN_IFELSE([AC_LANG_SOURCE([[
+AC_MSG_CHECKING([for possibly buggy zlib])
+AC_RUN_IFELSE([AC_LANG_PROGRAM([[
#include <stdio.h>
+#include <stdlib.h>
#include <zlib.h>
-int main()
-{
+ ]],
+ [[
int a=0, b=0, c=0, d=0, n, v;
n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
if (n != 3 && n != 4)
@@ -1092,10 +1153,9 @@
exit(0);
exit(2);
-}
]])],
- AC_MSG_RESULT(no),
- [ AC_MSG_RESULT(yes)
+ AC_MSG_RESULT([no]),
+ [ AC_MSG_RESULT([yes])
if test -z "$zlib_check_nonfatal" ; then
AC_MSG_ERROR([*** zlib too old - check config.log ***
Your reported zlib version has known security problems. It's possible your
@@ -1112,25 +1172,30 @@
)
dnl UnixWare 2.x
-AC_CHECK_FUNC(strcasecmp,
- [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
+AC_CHECK_FUNC([strcasecmp],
+ [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ]
)
-AC_CHECK_FUNCS(utimes,
- [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
+AC_CHECK_FUNCS([utimes],
+ [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES])
LIBS="$LIBS -lc89"]) ]
)
dnl Checks for libutil functions
-AC_CHECK_HEADERS(libutil.h)
-AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
- [Define if your libraries define login()])])
-AC_CHECK_FUNCS(fmt_scaled logout updwtmp logwtmp)
+AC_CHECK_HEADERS([bsd/libutil.h libutil.h])
+AC_SEARCH_LIBS([fmt_scaled], [util bsd])
+AC_SEARCH_LIBS([scan_scaled], [util bsd])
+AC_SEARCH_LIBS([login], [util bsd])
+AC_SEARCH_LIBS([logout], [util bsd])
+AC_SEARCH_LIBS([logwtmp], [util bsd])
+AC_SEARCH_LIBS([openpty], [util bsd])
+AC_SEARCH_LIBS([updwtmp], [util bsd])
+AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp])
AC_FUNC_STRFTIME
# Check for ALTDIRFUNC glob() extension
-AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
-AC_EGREP_CPP(FOUNDIT,
+AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support])
+AC_EGREP_CPP([FOUNDIT],
[
#include <glob.h>
#ifdef GLOB_ALTDIRFUNC
@@ -1138,87 +1203,83 @@
#endif
],
[
- AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
+ AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1],
[Define if your system glob() function has
the GLOB_ALTDIRFUNC extension])
- AC_MSG_RESULT(yes)
+ AC_MSG_RESULT([yes])
],
[
- AC_MSG_RESULT(no)
+ AC_MSG_RESULT([no])
]
)
# Check for g.gl_matchc glob() extension
-AC_MSG_CHECKING(for gl_matchc field in glob_t)
-AC_TRY_COMPILE(
- [ #include <glob.h> ],
- [glob_t g; g.gl_matchc = 1;],
+AC_MSG_CHECKING([for gl_matchc field in glob_t])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]],
+ [[ glob_t g; g.gl_matchc = 1; ]])],
[
- AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
+ AC_DEFINE([GLOB_HAS_GL_MATCHC], [1],
[Define if your system glob() function has
gl_matchc options in glob_t])
- AC_MSG_RESULT(yes)
- ],
- [
- AC_MSG_RESULT(no)
- ]
-)
+ AC_MSG_RESULT([yes])
+ ], [
+ AC_MSG_RESULT([no])
+])
# Check for g.gl_statv glob() extension
-AC_MSG_CHECKING(for gl_statv and GLOB_KEEPSTAT extensions for glob)
-AC_TRY_COMPILE(
- [ #include <glob.h> ],
- [
+AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[
#ifndef GLOB_KEEPSTAT
#error "glob does not support GLOB_KEEPSTAT extension"
#endif
glob_t g;
g.gl_statv = NULL;
-],
+]])],
[
- AC_DEFINE(GLOB_HAS_GL_STATV, 1,
+ AC_DEFINE([GLOB_HAS_GL_STATV], [1],
[Define if your system glob() function has
gl_statv options in glob_t])
- AC_MSG_RESULT(yes)
- ],
- [
- AC_MSG_RESULT(no)
- ]
-)
+ AC_MSG_RESULT([yes])
+ ], [
+ AC_MSG_RESULT([no])
+
+])
-AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
+AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>])
AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
AC_RUN_IFELSE(
- [AC_LANG_SOURCE([[
+ [AC_LANG_PROGRAM([[
#include <sys/types.h>
-#include <dirent.h>
-int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
+#include <dirent.h>]],
+ [[
+ struct dirent d;
+ exit(sizeof(d.d_name)<=sizeof(char));
]])],
- [AC_MSG_RESULT(yes)],
+ [AC_MSG_RESULT([yes])],
[
- AC_MSG_RESULT(no)
- AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
+ AC_MSG_RESULT([no])
+ AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1],
[Define if your struct dirent expects you to
allocate extra space for d_name])
],
[
AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
- AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
+ AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME])
]
)
AC_MSG_CHECKING([for /proc/pid/fd directory])
if test -d "/proc/$$/fd" ; then
- AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
- AC_MSG_RESULT(yes)
+ AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd])
+ AC_MSG_RESULT([yes])
else
- AC_MSG_RESULT(no)
+ AC_MSG_RESULT([no])
fi
# Check whether user wants S/Key support
SKEY_MSG="no"
-AC_ARG_WITH(skey,
+AC_ARG_WITH([skey],
[ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
[
if test "x$withval" != "xno" ; then
@@ -1228,33 +1289,39 @@
LDFLAGS="$LDFLAGS -L${withval}/lib"
fi
- AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
+ AC_DEFINE([SKEY], [1], [Define if you want S/Key support])
LIBS="-lskey $LIBS"
SKEY_MSG="yes"
AC_MSG_CHECKING([for s/key support])
AC_LINK_IFELSE(
- [AC_LANG_SOURCE([[
+ [AC_LANG_PROGRAM([[
#include <stdio.h>
#include <skey.h>
-int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
+ ]], [[
+ char *ff = skey_keyinfo(""); ff="";
+ exit(0);
]])],
- [AC_MSG_RESULT(yes)],
+ [AC_MSG_RESULT([yes])],
[
- AC_MSG_RESULT(no)
+ AC_MSG_RESULT([no])
AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
])
- AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
- AC_TRY_COMPILE(
- [#include <stdio.h>
- #include <skey.h>],
- [(void)skeychallenge(NULL,"name","",0);],
- [AC_MSG_RESULT(yes)
- AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
+ AC_MSG_CHECKING([if skeychallenge takes 4 arguments])
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <stdio.h>
+#include <skey.h>
+ ]], [[
+ (void)skeychallenge(NULL,"name","",0);
+ ]])],
+ [
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([SKEYCHALLENGE_4ARG], [1],
[Define if your skeychallenge()
function takes 4 arguments (NetBSD)])],
- [AC_MSG_RESULT(no)]
- )
+ [
+ AC_MSG_RESULT([no])
+ ])
fi
]
)
@@ -1261,7 +1328,7 @@
# Check whether user wants TCP wrappers support
TCPW_MSG="no"
-AC_ARG_WITH(tcp-wrappers,
+AC_ARG_WITH([tcp-wrappers],
[ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
[
if test "x$withval" != "xno" ; then
@@ -1290,47 +1357,80 @@
fi
fi
LIBS="-lwrap $LIBS"
- AC_MSG_CHECKING(for libwrap)
- AC_TRY_LINK(
- [
+ AC_MSG_CHECKING([for libwrap])
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <tcpd.h>
- int deny_severity = 0, allow_severity = 0;
- ],
- [hosts_access(0);],
- [
- AC_MSG_RESULT(yes)
- AC_DEFINE(LIBWRAP, 1,
+int deny_severity = 0, allow_severity = 0;
+ ]], [[
+ hosts_access(0);
+ ]])], [
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([LIBWRAP], [1],
[Define if you want
TCP Wrappers support])
SSHDLIBS="$SSHDLIBS -lwrap"
TCPW_MSG="yes"
- ],
- [
+ ], [
AC_MSG_ERROR([*** libwrap missing])
- ]
- )
+
+ ])
LIBS="$saved_LIBS"
fi
]
)
+# Check whether user wants to use ldns
+LDNS_MSG="no"
+AC_ARG_WITH(ldns,
+ [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)],
+ [
+ if test "x$withval" != "xno" ; then
+
+ if test "x$withval" != "xyes" ; then
+ CPPFLAGS="$CPPFLAGS -I${withval}/include"
+ LDFLAGS="$LDFLAGS -L${withval}/lib"
+ fi
+
+ AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support])
+ LIBS="-lldns $LIBS"
+ LDNS_MSG="yes"
+
+ AC_MSG_CHECKING([for ldns support])
+ AC_LINK_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <ldns/ldns.h>
+int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
+ ]])
+ ],
+ [AC_MSG_RESULT(yes)],
+ [
+ AC_MSG_RESULT(no)
+ AC_MSG_ERROR([** Incomplete or missing ldns libraries.])
+ ])
+ fi
+ ]
+)
+
# Check whether user wants libedit support
LIBEDIT_MSG="no"
-AC_ARG_WITH(libedit,
+AC_ARG_WITH([libedit],
[ --with-libedit[[=PATH]] Enable libedit support for sftp],
[ if test "x$withval" != "xno" ; then
if test "x$withval" = "xyes" ; then
- AC_PATH_PROG(PKGCONFIG, pkg-config, no)
+ AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
if test "x$PKGCONFIG" != "xno"; then
- AC_MSG_CHECKING(if $PKGCONFIG knows about libedit)
+ AC_MSG_CHECKING([if $PKGCONFIG knows about libedit])
if "$PKGCONFIG" libedit; then
- AC_MSG_RESULT(yes)
+ AC_MSG_RESULT([yes])
use_pkgconfig_for_libedit=yes
else
- AC_MSG_RESULT(no)
+ AC_MSG_RESULT([no])
fi
fi
else
@@ -1348,44 +1448,41 @@
LIBEDIT="-ledit -lcurses"
fi
OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
- AC_CHECK_LIB(edit, el_init,
- [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
+ AC_CHECK_LIB([edit], [el_init],
+ [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp])
LIBEDIT_MSG="yes"
- AC_SUBST(LIBEDIT)
+ AC_SUBST([LIBEDIT])
],
- [ AC_MSG_ERROR(libedit not found) ],
+ [ AC_MSG_ERROR([libedit not found]) ],
[ $OTHERLIBS ]
)
- AC_MSG_CHECKING(if libedit version is compatible)
+ AC_MSG_CHECKING([if libedit version is compatible])
AC_COMPILE_IFELSE(
- [AC_LANG_SOURCE([[
-#include <histedit.h>
-int main(void)
-{
+ [AC_LANG_PROGRAM([[ #include <histedit.h> ]],
+ [[
int i = H_SETSIZE;
el_init("", NULL, NULL, NULL);
exit(0);
-}
]])],
- [ AC_MSG_RESULT(yes) ],
- [ AC_MSG_RESULT(no)
- AC_MSG_ERROR(libedit version is not compatible) ]
+ [ AC_MSG_RESULT([yes]) ],
+ [ AC_MSG_RESULT([no])
+ AC_MSG_ERROR([libedit version is not compatible]) ]
)
fi ]
)
AUDIT_MODULE=none
-AC_ARG_WITH(audit,
+AC_ARG_WITH([audit],
[ --with-audit=module Enable audit support (modules=debug,bsm,linux)],
[
- AC_MSG_CHECKING(for supported audit module)
+ AC_MSG_CHECKING([for supported audit module])
case "$withval" in
bsm)
- AC_MSG_RESULT(bsm)
+ AC_MSG_RESULT([bsm])
AUDIT_MODULE=bsm
dnl Checks for headers, libs and functions
- AC_CHECK_HEADERS(bsm/audit.h, [],
- [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
+ AC_CHECK_HEADERS([bsm/audit.h], [],
+ [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])],
[
#ifdef HAVE_TIME_H
# include <time.h>
@@ -1392,29 +1489,34 @@
#endif
]
)
- AC_CHECK_LIB(bsm, getaudit, [],
- [AC_MSG_ERROR(BSM enabled and required library not found)])
- AC_CHECK_FUNCS(getaudit, [],
- [AC_MSG_ERROR(BSM enabled and required function not found)])
+ AC_CHECK_LIB([bsm], [getaudit], [],
+ [AC_MSG_ERROR([BSM enabled and required library not found])])
+ AC_CHECK_FUNCS([getaudit], [],
+ [AC_MSG_ERROR([BSM enabled and required function not found])])
# These are optional
- AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
- AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
+ AC_CHECK_FUNCS([getaudit_addr aug_get_machine])
+ AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module])
+ if test "$sol2ver" -eq 11; then
+ SSHDLIBS="$SSHDLIBS -lscf"
+ AC_DEFINE([BROKEN_BSM_API], [1],
+ [The system has incomplete BSM API])
+ fi
;;
linux)
- AC_MSG_RESULT(linux)
+ AC_MSG_RESULT([linux])
AUDIT_MODULE=linux
dnl Checks for headers, libs and functions
- AC_CHECK_HEADERS(libaudit.h)
+ AC_CHECK_HEADERS([libaudit.h])
SSHDLIBS="$SSHDLIBS -laudit"
- AC_DEFINE(USE_LINUX_AUDIT, 1, [Use Linux audit module])
+ AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module])
;;
debug)
AUDIT_MODULE=debug
- AC_MSG_RESULT(debug)
- AC_DEFINE(SSH_AUDIT_EVENTS, 1, [Use audit debugging module])
+ AC_MSG_RESULT([debug])
+ AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module])
;;
no)
- AC_MSG_RESULT(no)
+ AC_MSG_RESULT([no])
;;
*)
AC_MSG_ERROR([Unknown audit module $withval])
@@ -1423,7 +1525,7 @@
)
dnl Checks for library functions. Please keep in alphabetical order
-AC_CHECK_FUNCS( \
+AC_CHECK_FUNCS([ \
arc4random \
arc4random_buf \
arc4random_uniform \
@@ -1437,6 +1539,7 @@
clock \
closefrom \
dirfd \
+ endgrent \
fchmod \
fchown \
freeaddrinfo \
@@ -1449,6 +1552,8 @@
getopt \
getpeereid \
getpeerucred \
+ getpgid \
+ getpgrp \
_getpty \
getrlimit \
getttyent \
@@ -1459,6 +1564,7 @@
inet_ntop \
innetgr \
login_getcapbool \
+ mblen \
md5_crypt \
memmove \
mkdtemp \
@@ -1467,7 +1573,6 @@
nsleep \
ogetaddrinfo \
openlog_r \
- openpty \
poll \
prctl \
pstat \
@@ -1482,6 +1587,7 @@
seteuid \
setgroupent \
setgroups \
+ setlinebuf \
setlogin \
setpassent\
setpcred \
@@ -1502,11 +1608,13 @@
strlcat \
strlcpy \
strmode \
+ strnlen \
strnvis \
strptime \
strtonum \
strtoll \
strtoul \
+ strtoull \
swap32 \
sysconf \
tcgetpgrp \
@@ -1515,50 +1623,51 @@
unsetenv \
updwtmpx \
user_from_uid \
+ usleep \
vasprintf \
vhangup \
vsnprintf \
waitpid \
-)
+])
AC_LINK_IFELSE(
-[
-#include <ctype.h>
-int main(void)
-{
- return (isblank('a'));
-}
-],
- [AC_DEFINE(HAVE_ISBLANK, 1, [Define if you have isblank(3C).])
+ [AC_LANG_PROGRAM(
+ [[ #include <ctype.h> ]],
+ [[ return (isblank('a')); ]])],
+ [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).])
])
# PKCS#11 support requires dlopen() and co
-AC_SEARCH_LIBS(dlopen, dl,
- AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])
+AC_SEARCH_LIBS([dlopen], [dl],
+ [AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])]
)
# IRIX has a const char return value for gai_strerror()
-AC_CHECK_FUNCS(gai_strerror,[
- AC_DEFINE(HAVE_GAI_STRERROR)
- AC_TRY_COMPILE([
+AC_CHECK_FUNCS([gai_strerror], [
+ AC_DEFINE([HAVE_GAI_STRERROR])
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
-const char *gai_strerror(int);],[
-char *str;
+const char *gai_strerror(int);
+ ]], [[
+ char *str;
+ str = gai_strerror(0);
+ ]])], [
+ AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1],
+ [Define if gai_strerror() returns const char *])], [])])
-str = gai_strerror(0);],[
- AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
- [Define if gai_strerror() returns const char *])])])
+AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1],
+ [Some systems put nanosleep outside of libc])])
-AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
- [Some systems put nanosleep outside of libc]))
+AC_SEARCH_LIBS([clock_gettime], [rt],
+ [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])])
dnl Make sure prototypes are defined for these before using them.
-AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
-AC_CHECK_DECL(strsep,
- [AC_CHECK_FUNCS(strsep)],
+AC_CHECK_DECL([getrusage], [AC_CHECK_FUNCS([getrusage])])
+AC_CHECK_DECL([strsep],
+ [AC_CHECK_FUNCS([strsep])],
[],
[
#ifdef HAVE_STRING_H
@@ -1567,21 +1676,21 @@
])
dnl tcsendbreak might be a macro
-AC_CHECK_DECL(tcsendbreak,
- [AC_DEFINE(HAVE_TCSENDBREAK)],
- [AC_CHECK_FUNCS(tcsendbreak)],
+AC_CHECK_DECL([tcsendbreak],
+ [AC_DEFINE([HAVE_TCSENDBREAK])],
+ [AC_CHECK_FUNCS([tcsendbreak])],
[#include <termios.h>]
)
-AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
+AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>])
-AC_CHECK_DECLS(SHUT_RD, , ,
+AC_CHECK_DECLS([SHUT_RD], , ,
[
#include <sys/types.h>
#include <sys/socket.h>
])
-AC_CHECK_DECLS(O_NONBLOCK, , ,
+AC_CHECK_DECLS([O_NONBLOCK], , ,
[
#include <sys/types.h>
#ifdef HAVE_SYS_STAT_H
@@ -1592,76 +1701,119 @@
#endif
])
-AC_CHECK_DECLS(writev, , , [
+AC_CHECK_DECLS([writev], , , [
#include <sys/types.h>
#include <sys/uio.h>
#include <unistd.h>
])
-AC_CHECK_DECLS(MAXSYMLINKS, , , [
+AC_CHECK_DECLS([MAXSYMLINKS], , , [
#include <sys/param.h>
])
-AC_CHECK_DECLS(offsetof, , , [
+AC_CHECK_DECLS([offsetof], , , [
#include <stddef.h>
])
-AC_CHECK_FUNCS(setresuid, [
+# extra bits for select(2)
+AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[
+#include <sys/param.h>
+#include <sys/types.h>
+#ifdef HAVE_SYS_SYSMACROS_H
+#include <sys/sysmacros.h>
+#endif
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+#ifdef HAVE_SYS_TIME_H
+#include <sys/time.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+ ]])
+AC_CHECK_TYPES([fd_mask], [], [], [[
+#include <sys/param.h>
+#include <sys/types.h>
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+#ifdef HAVE_SYS_TIME_H
+#include <sys/time.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+ ]])
+
+AC_CHECK_FUNCS([setresuid], [
dnl Some platorms have setresuid that isn't implemented, test for this
- AC_MSG_CHECKING(if setresuid seems to work)
+ AC_MSG_CHECKING([if setresuid seems to work])
AC_RUN_IFELSE(
- [AC_LANG_SOURCE([[
+ [AC_LANG_PROGRAM([[
#include <stdlib.h>
#include <errno.h>
-int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
+ ]], [[
+ errno=0;
+ setresuid(0,0,0);
+ if (errno==ENOSYS)
+ exit(1);
+ else
+ exit(0);
]])],
- [AC_MSG_RESULT(yes)],
- [AC_DEFINE(BROKEN_SETRESUID, 1,
+ [AC_MSG_RESULT([yes])],
+ [AC_DEFINE([BROKEN_SETRESUID], [1],
[Define if your setresuid() is broken])
- AC_MSG_RESULT(not implemented)],
+ AC_MSG_RESULT([not implemented])],
[AC_MSG_WARN([cross compiling: not checking setresuid])]
)
])
-AC_CHECK_FUNCS(setresgid, [
+AC_CHECK_FUNCS([setresgid], [
dnl Some platorms have setresgid that isn't implemented, test for this
- AC_MSG_CHECKING(if setresgid seems to work)
+ AC_MSG_CHECKING([if setresgid seems to work])
AC_RUN_IFELSE(
- [AC_LANG_SOURCE([[
+ [AC_LANG_PROGRAM([[
#include <stdlib.h>
#include <errno.h>
-int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
+ ]], [[
+ errno=0;
+ setresgid(0,0,0);
+ if (errno==ENOSYS)
+ exit(1);
+ else
+ exit(0);
]])],
- [AC_MSG_RESULT(yes)],
- [AC_DEFINE(BROKEN_SETRESGID, 1,
+ [AC_MSG_RESULT([yes])],
+ [AC_DEFINE([BROKEN_SETRESGID], [1],
[Define if your setresgid() is broken])
- AC_MSG_RESULT(not implemented)],
+ AC_MSG_RESULT([not implemented])],
[AC_MSG_WARN([cross compiling: not checking setresuid])]
)
])
dnl Checks for time functions
-AC_CHECK_FUNCS(gettimeofday time)
+AC_CHECK_FUNCS([gettimeofday time])
dnl Checks for utmp functions
-AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
-AC_CHECK_FUNCS(utmpname)
+AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent])
+AC_CHECK_FUNCS([utmpname])
dnl Checks for utmpx functions
-AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline getutxuser pututxline)
-AC_CHECK_FUNCS(setutxdb setutxent utmpxname)
+AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline])
+AC_CHECK_FUNCS([setutxdb setutxent utmpxname])
dnl Checks for lastlog functions
-AC_CHECK_FUNCS(getlastlogxbyname)
+AC_CHECK_FUNCS([getlastlogxbyname])
-AC_CHECK_FUNC(daemon,
- [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
- [AC_CHECK_LIB(bsd, daemon,
- [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
+AC_CHECK_FUNC([daemon],
+ [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])],
+ [AC_CHECK_LIB([bsd], [daemon],
+ [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])]
)
-AC_CHECK_FUNC(getpagesize,
- [AC_DEFINE(HAVE_GETPAGESIZE, 1,
+AC_CHECK_FUNC([getpagesize],
+ [AC_DEFINE([HAVE_GETPAGESIZE], [1],
[Define if your libraries define getpagesize()])],
- [AC_CHECK_LIB(ucb, getpagesize,
- [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
+ [AC_CHECK_LIB([ucb], [getpagesize],
+ [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])]
)
# Check for broken snprintf
@@ -1668,14 +1820,16 @@
if test "x$ac_cv_func_snprintf" = "xyes" ; then
AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
AC_RUN_IFELSE(
- [AC_LANG_SOURCE([[
-#include <stdio.h>
-int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
+ [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
+ [[
+ char b[5];
+ snprintf(b,5,"123456789");
+ exit(b[4]!='\0');
]])],
- [AC_MSG_RESULT(yes)],
+ [AC_MSG_RESULT([yes])],
[
- AC_MSG_RESULT(no)
- AC_DEFINE(BROKEN_SNPRINTF, 1,
+ AC_MSG_RESULT([no])
+ AC_DEFINE([BROKEN_SNPRINTF], [1],
[Define if your snprintf is busted])
AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
],
@@ -1690,7 +1844,7 @@
test "x$ac_cv_func_vsnprintf" = "xyes" ; then
AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
AC_RUN_IFELSE(
- [AC_LANG_SOURCE([[
+ [AC_LANG_PROGRAM([[
#include <sys/types.h>
#include <stdio.h>
#include <stdarg.h>
@@ -1701,15 +1855,14 @@
va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
return ret;
}
-int main(void)
-{
+ ]], [[
char x[1];
exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
-} ]])],
- [AC_MSG_RESULT(yes)],
+ ]])],
+ [AC_MSG_RESULT([yes])],
[
- AC_MSG_RESULT(no)
- AC_DEFINE(BROKEN_SNPRINTF, 1,
+ AC_MSG_RESULT([no])
+ AC_DEFINE([BROKEN_SNPRINTF], [1],
[Define if your snprintf is busted])
AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
],
@@ -1721,30 +1874,30 @@
# check that the fmt argument is const char * or just char *.
# This is only useful for when BROKEN_SNPRINTF
AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
-AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
- int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
- int main(void) { snprintf(0, 0, 0); }
- ]])],
- [AC_MSG_RESULT(yes)
- AC_DEFINE(SNPRINTF_CONST, [const],
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <stdio.h>
+int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
+ ]], [[
+ snprintf(0, 0, 0);
+ ]])],
+ [AC_MSG_RESULT([yes])
+ AC_DEFINE([SNPRINTF_CONST], [const],
[Define as const if snprintf() can declare const char *fmt])],
- [AC_MSG_RESULT(no)
- AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
+ [AC_MSG_RESULT([no])
+ AC_DEFINE([SNPRINTF_CONST], [/* not const */])])
# Check for missing getpeereid (or equiv) support
NO_PEERCHECK=""
if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
- AC_TRY_COMPILE(
- [#include <sys/types.h>
- #include <sys/socket.h>],
- [int i = SO_PEERCRED;],
- [ AC_MSG_RESULT(yes)
- AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
- ],
- [AC_MSG_RESULT(no)
- NO_PEERCHECK=1]
- )
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])],
+ [ AC_MSG_RESULT([yes])
+ AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option])
+ ], [AC_MSG_RESULT([no])
+ NO_PEERCHECK=1
+ ])
fi
dnl see whether mkstemp() requires XXXXXX
@@ -1751,24 +1904,25 @@
if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
AC_MSG_CHECKING([for (overly) strict mkstemp])
AC_RUN_IFELSE(
- [AC_LANG_SOURCE([[
+ [AC_LANG_PROGRAM([[
#include <stdlib.h>
-main() { char template[]="conftest.mkstemp-test";
-if (mkstemp(template) == -1)
- exit(1);
-unlink(template); exit(0);
-}
+ ]], [[
+ char template[]="conftest.mkstemp-test";
+ if (mkstemp(template) == -1)
+ exit(1);
+ unlink(template);
+ exit(0);
]])],
[
- AC_MSG_RESULT(no)
+ AC_MSG_RESULT([no])
],
[
- AC_MSG_RESULT(yes)
- AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()])
],
[
- AC_MSG_RESULT(yes)
- AC_DEFINE(HAVE_STRICT_MKSTEMP)
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([HAVE_STRICT_MKSTEMP])
]
)
fi
@@ -1775,17 +1929,14 @@
dnl make sure that openpty does not reacquire controlling terminal
if test ! -z "$check_for_openpty_ctty_bug"; then
- AC_MSG_CHECKING(if openpty correctly handles controlling tty)
+ AC_MSG_CHECKING([if openpty correctly handles controlling tty])
AC_RUN_IFELSE(
- [AC_LANG_SOURCE([[
+ [AC_LANG_PROGRAM([[
#include <stdio.h>
#include <sys/fcntl.h>
#include <sys/types.h>
#include <sys/wait.h>
-
-int
-main()
-{
+ ]], [[
pid_t pid;
int fd, ptyfd, ttyfd, status;
@@ -1808,17 +1959,16 @@
else
exit(0); /* Did not acquire ctty: OK */
}
-}
]])],
[
- AC_MSG_RESULT(yes)
+ AC_MSG_RESULT([yes])
],
[
- AC_MSG_RESULT(no)
- AC_DEFINE(SSHD_ACQUIRES_CTTY)
+ AC_MSG_RESULT([no])
+ AC_DEFINE([SSHD_ACQUIRES_CTTY])
],
[
- AC_MSG_RESULT(cross-compiling, assuming yes)
+ AC_MSG_RESULT([cross-compiling, assuming yes])
]
)
fi
@@ -1825,9 +1975,9 @@
if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
- AC_MSG_CHECKING(if getaddrinfo seems to work)
+ AC_MSG_CHECKING([if getaddrinfo seems to work])
AC_RUN_IFELSE(
- [AC_LANG_SOURCE([[
+ [AC_LANG_PROGRAM([[
#include <stdio.h>
#include <sys/socket.h>
#include <netdb.h>
@@ -1835,10 +1985,7 @@
#include <netinet/in.h>
#define TEST_PORT "2222"
-
-int
-main(void)
-{
+ ]], [[
int err, sock;
struct addrinfo *gai_ai, *ai, hints;
char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
@@ -1880,17 +2027,16 @@
}
}
exit(0);
-}
]])],
[
- AC_MSG_RESULT(yes)
+ AC_MSG_RESULT([yes])
],
[
- AC_MSG_RESULT(no)
- AC_DEFINE(BROKEN_GETADDRINFO)
+ AC_MSG_RESULT([no])
+ AC_DEFINE([BROKEN_GETADDRINFO])
],
[
- AC_MSG_RESULT(cross-compiling, assuming yes)
+ AC_MSG_RESULT([cross-compiling, assuming yes])
]
)
fi
@@ -1897,9 +2043,9 @@
if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
- AC_MSG_CHECKING(if getaddrinfo seems to work)
+ AC_MSG_CHECKING([if getaddrinfo seems to work])
AC_RUN_IFELSE(
- [AC_LANG_SOURCE([[
+ [AC_LANG_PROGRAM([[
#include <stdio.h>
#include <sys/socket.h>
#include <netdb.h>
@@ -1907,10 +2053,7 @@
#include <netinet/in.h>
#define TEST_PORT "2222"
-
-int
-main(void)
-{
+ ]], [[
int err, sock;
struct addrinfo *gai_ai, *ai, hints;
char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
@@ -1940,37 +2083,33 @@
}
}
exit(0);
-}
]])],
[
- AC_MSG_RESULT(yes)
- AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([AIX_GETNAMEINFO_HACK], [1],
[Define if you have a getaddrinfo that fails
for the all-zeros IPv6 address])
],
[
- AC_MSG_RESULT(no)
- AC_DEFINE(BROKEN_GETADDRINFO)
+ AC_MSG_RESULT([no])
+ AC_DEFINE([BROKEN_GETADDRINFO])
],
[
- AC_MSG_RESULT(cross-compiling, assuming no)
+ AC_MSG_RESULT([cross-compiling, assuming no])
]
)
fi
if test "x$check_for_conflicting_getspnam" = "x1"; then
- AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
- AC_COMPILE_IFELSE(
+ AC_MSG_CHECKING([for conflicting getspnam in shadow.h])
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]],
+ [[ exit(0); ]])],
[
-#include <shadow.h>
-int main(void) {exit(0);}
+ AC_MSG_RESULT([no])
],
[
- AC_MSG_RESULT(no)
- ],
- [
- AC_MSG_RESULT(yes)
- AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1],
[Conflicting defs for getspnam])
]
)
@@ -1981,7 +2120,7 @@
# Search for OpenSSL
saved_CPPFLAGS="$CPPFLAGS"
saved_LDFLAGS="$LDFLAGS"
-AC_ARG_WITH(ssl-dir,
+AC_ARG_WITH([ssl-dir],
[ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
[
if test "x$withval" != "xno" ; then
@@ -2017,9 +2156,9 @@
]
)
LIBS="-lcrypto $LIBS"
-AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
+AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1],
[Define if your ssl headers are included
- with #include <openssl/header.h>]),
+ with #include <openssl/header.h>])],
[
dnl Check default openssl install dir
if test -n "${need_dash_r}"; then
@@ -2029,8 +2168,8 @@
fi
CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
AC_CHECK_HEADER([openssl/opensslv.h], ,
- AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***]))
- AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
+ [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])])
+ AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])],
[
AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
]
@@ -2041,12 +2180,12 @@
# Determine OpenSSL header version
AC_MSG_CHECKING([OpenSSL header version])
AC_RUN_IFELSE(
- [AC_LANG_SOURCE([[
+ [AC_LANG_PROGRAM([[
#include <stdio.h>
#include <string.h>
#include <openssl/opensslv.h>
#define DATA "conftest.sslincver"
-int main(void) {
+ ]], [[
FILE *fd;
int rc;
@@ -2058,15 +2197,14 @@
exit(1);
exit(0);
-}
]])],
[
ssl_header_ver=`cat conftest.sslincver`
- AC_MSG_RESULT($ssl_header_ver)
+ AC_MSG_RESULT([$ssl_header_ver])
],
[
- AC_MSG_RESULT(not found)
- AC_MSG_ERROR(OpenSSL version header not found.)
+ AC_MSG_RESULT([not found])
+ AC_MSG_ERROR([OpenSSL version header not found.])
],
[
AC_MSG_WARN([cross compiling: not checking])
@@ -2076,13 +2214,13 @@
# Determine OpenSSL library version
AC_MSG_CHECKING([OpenSSL library version])
AC_RUN_IFELSE(
- [AC_LANG_SOURCE([[
+ [AC_LANG_PROGRAM([[
#include <stdio.h>
#include <string.h>
#include <openssl/opensslv.h>
#include <openssl/crypto.h>
#define DATA "conftest.ssllibver"
-int main(void) {
+ ]], [[
FILE *fd;
int rc;
@@ -2094,15 +2232,14 @@
exit(1);
exit(0);
-}
]])],
[
ssl_library_ver=`cat conftest.ssllibver`
- AC_MSG_RESULT($ssl_library_ver)
+ AC_MSG_RESULT([$ssl_library_ver])
],
[
- AC_MSG_RESULT(not found)
- AC_MSG_ERROR(OpenSSL library not found.)
+ AC_MSG_RESULT([not found])
+ AC_MSG_ERROR([OpenSSL library not found.])
],
[
AC_MSG_WARN([cross compiling: not checking])
@@ -2109,7 +2246,7 @@
]
)
-AC_ARG_WITH(openssl-header-check,
+AC_ARG_WITH([openssl-header-check],
[ --without-openssl-header-check Disable OpenSSL version consistency check],
[ if test "x$withval" = "xno" ; then
openssl_check_nonfatal=1
@@ -2120,16 +2257,17 @@
# Sanity check OpenSSL headers
AC_MSG_CHECKING([whether OpenSSL's headers match the library])
AC_RUN_IFELSE(
- [AC_LANG_SOURCE([[
+ [AC_LANG_PROGRAM([[
#include <string.h>
#include <openssl/opensslv.h>
-int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
+ ]], [[
+ exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1);
]])],
[
- AC_MSG_RESULT(yes)
+ AC_MSG_RESULT([yes])
],
[
- AC_MSG_RESULT(no)
+ AC_MSG_RESULT([no])
if test "x$openssl_check_nonfatal" = "x"; then
AC_MSG_ERROR([Your OpenSSL headers do not match your
library. Check config.log for details.
@@ -2150,28 +2288,24 @@
AC_MSG_CHECKING([if programs using OpenSSL functions will link])
AC_LINK_IFELSE(
- [AC_LANG_SOURCE([[
-#include <openssl/evp.h>
-int main(void) { SSLeay_add_all_algorithms(); }
- ]])],
+ [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
+ [[ SSLeay_add_all_algorithms(); ]])],
[
- AC_MSG_RESULT(yes)
+ AC_MSG_RESULT([yes])
],
[
- AC_MSG_RESULT(no)
+ AC_MSG_RESULT([no])
saved_LIBS="$LIBS"
LIBS="$LIBS -ldl"
AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
AC_LINK_IFELSE(
- [AC_LANG_SOURCE([[
-#include <openssl/evp.h>
-int main(void) { SSLeay_add_all_algorithms(); }
- ]])],
+ [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
+ [[ SSLeay_add_all_algorithms(); ]])],
[
- AC_MSG_RESULT(yes)
+ AC_MSG_RESULT([yes])
],
[
- AC_MSG_RESULT(no)
+ AC_MSG_RESULT([no])
LIBS="$saved_LIBS"
]
)
@@ -2178,23 +2312,23 @@
]
)
-AC_CHECK_FUNCS(RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex RSA_get_default_method)
+AC_CHECK_FUNCS([RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex RSA_get_default_method HMAC_CTX_init])
-AC_ARG_WITH(ssl-engine,
+AC_ARG_WITH([ssl-engine],
[ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
[ if test "x$withval" != "xno" ; then
- AC_MSG_CHECKING(for OpenSSL ENGINE support)
- AC_TRY_COMPILE(
- [ #include <openssl/engine.h>],
- [
-ENGINE_load_builtin_engines();ENGINE_register_all_complete();
- ],
- [ AC_MSG_RESULT(yes)
- AC_DEFINE(USE_OPENSSL_ENGINE, 1,
+ AC_MSG_CHECKING([for OpenSSL ENGINE support])
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <openssl/engine.h>
+ ]], [[
+ ENGINE_load_builtin_engines();
+ ENGINE_register_all_complete();
+ ]])],
+ [ AC_MSG_RESULT([yes])
+ AC_DEFINE([USE_OPENSSL_ENGINE], [1],
[Enable OpenSSL engine support])
- ],
- [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
- )
+ ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found])
+ ])
fi ]
)
@@ -2201,34 +2335,89 @@
# Check for OpenSSL without EVP_aes_{192,256}_cbc
AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
AC_LINK_IFELSE(
- [AC_LANG_SOURCE([[
+ [AC_LANG_PROGRAM([[
#include <string.h>
#include <openssl/evp.h>
-int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
+ ]], [[
+ exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);
]])],
[
- AC_MSG_RESULT(no)
+ AC_MSG_RESULT([no])
],
[
- AC_MSG_RESULT(yes)
- AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1],
[libcrypto is missing AES 192 and 256 bit functions])
]
)
+# Check for OpenSSL with EVP_aes_*ctr
+AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP])
+AC_LINK_IFELSE(
+ [AC_LANG_PROGRAM([[
+#include <string.h>
+#include <openssl/evp.h>
+ ]], [[
+ exit(EVP_aes_128_ctr() == NULL ||
+ EVP_aes_192_cbc() == NULL ||
+ EVP_aes_256_cbc() == NULL);
+ ]])],
+ [
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1],
+ [libcrypto has EVP AES CTR])
+ ],
+ [
+ AC_MSG_RESULT([no])
+ ]
+)
+
+# Check for OpenSSL with EVP_aes_*gcm
+AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP])
+AC_LINK_IFELSE(
+ [AC_LANG_PROGRAM([[
+#include <string.h>
+#include <openssl/evp.h>
+ ]], [[
+ exit(EVP_aes_128_gcm() == NULL ||
+ EVP_aes_256_gcm() == NULL ||
+ EVP_CTRL_GCM_SET_IV_FIXED == 0 ||
+ EVP_CTRL_GCM_IV_GEN == 0 ||
+ EVP_CTRL_GCM_SET_TAG == 0 ||
+ EVP_CTRL_GCM_GET_TAG == 0 ||
+ EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0);
+ ]])],
+ [
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1],
+ [libcrypto has EVP AES GCM])
+ ],
+ [
+ AC_MSG_RESULT([no])
+ unsupported_algorithms="$unsupported_cipers \
+ aes128-gcm at openssh.com aes256-gcm at openssh.com"
+ ]
+)
+
+AC_SEARCH_LIBS([EVP_CIPHER_CTX_ctrl], [crypto],
+ [AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1],
+ [Define if libcrypto has EVP_CIPHER_CTX_ctrl])])
+
AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
AC_LINK_IFELSE(
- [AC_LANG_SOURCE([[
+ [AC_LANG_PROGRAM([[
#include <string.h>
#include <openssl/evp.h>
-int main(void) { if(EVP_DigestUpdate(NULL, NULL,0)) exit(0); }
+ ]], [[
+ if(EVP_DigestUpdate(NULL, NULL,0))
+ exit(0);
]])],
[
- AC_MSG_RESULT(yes)
+ AC_MSG_RESULT([yes])
],
[
- AC_MSG_RESULT(no)
- AC_DEFINE(OPENSSL_EVP_DIGESTUPDATE_VOID, 1,
+ AC_MSG_RESULT([no])
+ AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1],
[Define if EVP_DigestUpdate returns void])
]
)
@@ -2236,24 +2425,32 @@
# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
# because the system crypt() is more featureful.
if test "x$check_for_libcrypt_before" = "x1"; then
- AC_CHECK_LIB(crypt, crypt)
+ AC_CHECK_LIB([crypt], [crypt])
fi
# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
# version in OpenSSL.
if test "x$check_for_libcrypt_later" = "x1"; then
- AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
+ AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
fi
+AC_CHECK_FUNCS([crypt DES_crypt])
# Search for SHA256 support in libc and/or OpenSSL
-AC_CHECK_FUNCS(SHA256_Update EVP_sha256, [TEST_SSH_SHA256=yes],
- [TEST_SSH_SHA256=no])
-AC_SUBST(TEST_SSH_SHA256)
+AC_CHECK_FUNCS([SHA256_Update EVP_sha256],
+ [TEST_SSH_SHA256=yes],
+ [TEST_SSH_SHA256=no
+ unsupported_algorithms="$unsupported_algorithms \
+ hmac-sha2-256 hmac-sha2-512 \
+ diffie-hellman-group-exchange-sha256 \
+ hmac-sha2-256-etm at openssh.com hmac-sha2-512-etm at openssh.com"
+ ]
+)
+AC_SUBST([TEST_SSH_SHA256])
# Check complete ECC support in OpenSSL
AC_MSG_CHECKING([whether OpenSSL has complete ECC support])
AC_LINK_IFELSE(
- [AC_LANG_SOURCE([[
+ [AC_LANG_PROGRAM([[
#include <openssl/ec.h>
#include <openssl/ecdh.h>
#include <openssl/ecdsa.h>
@@ -2263,32 +2460,37 @@
#if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
# error "OpenSSL < 0.9.8g has unreliable ECC code"
#endif
-int main(void) {
+ ]], [[
EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
const EVP_MD *m = EVP_sha512(); /* We need this too */
-}
]])],
[
- AC_MSG_RESULT(yes)
- AC_DEFINE(OPENSSL_HAS_ECC, 1,
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([OPENSSL_HAS_ECC], [1],
[libcrypto includes complete ECC support])
TEST_SSH_ECC=yes
COMMENT_OUT_ECC=""
],
[
- AC_MSG_RESULT(no)
+ AC_MSG_RESULT([no])
TEST_SSH_ECC=no
COMMENT_OUT_ECC="#no ecc#"
+ unsupported_algorithms="$unsupported_algorithms \
+ ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 \
+ ecdsa-sha2-nistp256-cert-v01 at openssh.com \
+ ecdsa-sha2-nistp384-cert-v01 at openssh.com \
+ ecdsa-sha2-nistp521-cert-v01 at openssh.com \
+ ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521"
]
)
-AC_SUBST(TEST_SSH_ECC)
-AC_SUBST(COMMENT_OUT_ECC)
+AC_SUBST([TEST_SSH_ECC])
+AC_SUBST([COMMENT_OUT_ECC])
saved_LIBS="$LIBS"
-AC_CHECK_LIB(iaf, ia_openinfo, [
+AC_CHECK_LIB([iaf], [ia_openinfo], [
LIBS="$LIBS -liaf"
- AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
- AC_DEFINE(HAVE_LIBIAF, 1,
+ AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf"
+ AC_DEFINE([HAVE_LIBIAF], [1],
[Define if system has libiaf that supports set_id])
])
])
@@ -2299,128 +2501,29 @@
# Check wheter OpenSSL seeds itself
AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
AC_RUN_IFELSE(
- [AC_LANG_SOURCE([[
+ [AC_LANG_PROGRAM([[
#include <string.h>
#include <openssl/rand.h>
-int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
+ ]], [[
+ exit(RAND_status() == 1 ? 0 : 1);
]])],
[
OPENSSL_SEEDS_ITSELF=yes
- AC_MSG_RESULT(yes)
+ AC_MSG_RESULT([yes])
],
[
- AC_MSG_RESULT(no)
- # Default to use of the rand helper if OpenSSL doesn't
- # seed itself
- USE_RAND_HELPER=yes
+ AC_MSG_RESULT([no])
],
[
AC_MSG_WARN([cross compiling: assuming yes])
- # This is safe, since all recent OpenSSL versions will
- # complain at runtime if not seeded correctly.
+ # This is safe, since we will fatal() at runtime if
+ # OpenSSL is not seeded correctly.
OPENSSL_SEEDS_ITSELF=yes
]
)
-# Check for PAM libs
-PAM_MSG="no"
-AC_ARG_WITH(pam,
- [ --with-pam Enable PAM support ],
- [
- if test "x$withval" != "xno" ; then
- if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
- test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
- AC_MSG_ERROR([PAM headers not found])
- fi
-
- saved_LIBS="$LIBS"
- AC_CHECK_LIB(dl, dlopen, , )
- AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
- AC_CHECK_FUNCS(pam_getenvlist)
- AC_CHECK_FUNCS(pam_putenv)
- LIBS="$saved_LIBS"
-
- PAM_MSG="yes"
-
- SSHDLIBS="$SSHDLIBS -lpam"
- AC_DEFINE(USE_PAM, 1,
- [Define if you want to enable PAM support])
-
- if test $ac_cv_lib_dl_dlopen = yes; then
- case "$LIBS" in
- *-ldl*)
- # libdl already in LIBS
- ;;
- *)
- SSHDLIBS="$SSHDLIBS -ldl"
- ;;
- esac
- fi
- fi
- ]
-)
-
-# Check for older PAM
-if test "x$PAM_MSG" = "xyes" ; then
- # Check PAM strerror arguments (old PAM)
- AC_MSG_CHECKING([whether pam_strerror takes only one argument])
- AC_TRY_COMPILE(
- [
-#include <stdlib.h>
-#if defined(HAVE_SECURITY_PAM_APPL_H)
-#include <security/pam_appl.h>
-#elif defined (HAVE_PAM_PAM_APPL_H)
-#include <pam/pam_appl.h>
-#endif
- ],
- [(void)pam_strerror((pam_handle_t *)NULL, -1);],
- [AC_MSG_RESULT(no)],
- [
- AC_DEFINE(HAVE_OLD_PAM, 1,
- [Define if you have an old version of PAM
- which takes only one argument to pam_strerror])
- AC_MSG_RESULT(yes)
- PAM_MSG="yes (old library)"
- ]
- )
-fi
-
-# Do we want to force the use of the rand helper?
-AC_ARG_WITH(rand-helper,
- [ --with-rand-helper Use subprocess to gather strong randomness ],
- [
- if test "x$withval" = "xno" ; then
- # Force use of OpenSSL's internal RNG, even if
- # the previous test showed it to be unseeded.
- if test -z "$OPENSSL_SEEDS_ITSELF" ; then
- AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
- OPENSSL_SEEDS_ITSELF=yes
- USE_RAND_HELPER=""
- fi
- else
- USE_RAND_HELPER=yes
- fi
- ],
-)
-
-# Which randomness source do we use?
-if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
- # OpenSSL only
- AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
- [Define if you want OpenSSL's internally seeded PRNG only])
- RAND_MSG="OpenSSL internal ONLY"
- INSTALL_SSH_RAND_HELPER=""
-elif test ! -z "$USE_RAND_HELPER" ; then
- # install rand helper
- RAND_MSG="ssh-rand-helper"
- INSTALL_SSH_RAND_HELPER="yes"
-fi
-AC_SUBST(INSTALL_SSH_RAND_HELPER)
-
-### Configuration of ssh-rand-helper
-
# PRNGD TCP socket
-AC_ARG_WITH(prngd-port,
+AC_ARG_WITH([prngd-port],
[ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
[
case "$withval" in
@@ -2430,12 +2533,12 @@
[[0-9]]*)
;;
*)
- AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
+ AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port])
;;
esac
if test ! -z "$withval" ; then
PRNGD_PORT="$withval"
- AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
+ AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT],
[Port number of PRNGD/EGD random number socket])
fi
]
@@ -2442,7 +2545,7 @@
)
# PRNGD Unix domain socket
-AC_ARG_WITH(prngd-socket,
+AC_ARG_WITH([prngd-socket],
[ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
[
case "$withval" in
@@ -2455,59 +2558,119 @@
/*)
;;
*)
- AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
+ AC_MSG_ERROR([You must specify an absolute path to the entropy socket])
;;
esac
if test ! -z "$withval" ; then
if test ! -z "$PRNGD_PORT" ; then
- AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
+ AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket])
fi
if test ! -r "$withval" ; then
- AC_MSG_WARN(Entropy socket is not readable)
+ AC_MSG_WARN([Entropy socket is not readable])
fi
PRNGD_SOCKET="$withval"
- AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
+ AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"],
[Location of PRNGD/EGD random number socket])
fi
],
[
# Check for existing socket only if we don't have a random device already
- if test "$USE_RAND_HELPER" = yes ; then
- AC_MSG_CHECKING(for PRNGD/EGD socket)
+ if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then
+ AC_MSG_CHECKING([for PRNGD/EGD socket])
# Insert other locations here
for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
PRNGD_SOCKET="$sock"
- AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
+ AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"])
break;
fi
done
if test ! -z "$PRNGD_SOCKET" ; then
- AC_MSG_RESULT($PRNGD_SOCKET)
+ AC_MSG_RESULT([$PRNGD_SOCKET])
else
- AC_MSG_RESULT(not found)
+ AC_MSG_RESULT([not found])
fi
fi
]
)
-# Change default command timeout for hashing entropy source
-entropy_timeout=200
-AC_ARG_WITH(entropy-timeout,
- [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
+# Which randomness source do we use?
+if test ! -z "$PRNGD_PORT" ; then
+ RAND_MSG="PRNGd port $PRNGD_PORT"
+elif test ! -z "$PRNGD_SOCKET" ; then
+ RAND_MSG="PRNGd socket $PRNGD_SOCKET"
+elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then
+ AC_DEFINE([OPENSSL_PRNG_ONLY], [1],
+ [Define if you want OpenSSL's internally seeded PRNG only])
+ RAND_MSG="OpenSSL internal ONLY"
+else
+ AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options])
+fi
+
+# Check for PAM libs
+PAM_MSG="no"
+AC_ARG_WITH([pam],
+ [ --with-pam Enable PAM support ],
[
- if test -n "$withval" && test "x$withval" != "xno" && \
- test "x${withval}" != "xyes"; then
- entropy_timeout=$withval
+ if test "x$withval" != "xno" ; then
+ if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
+ test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
+ AC_MSG_ERROR([PAM headers not found])
+ fi
+
+ saved_LIBS="$LIBS"
+ AC_CHECK_LIB([dl], [dlopen], , )
+ AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])])
+ AC_CHECK_FUNCS([pam_getenvlist])
+ AC_CHECK_FUNCS([pam_putenv])
+ LIBS="$saved_LIBS"
+
+ PAM_MSG="yes"
+
+ SSHDLIBS="$SSHDLIBS -lpam"
+ AC_DEFINE([USE_PAM], [1],
+ [Define if you want to enable PAM support])
+
+ if test $ac_cv_lib_dl_dlopen = yes; then
+ case "$LIBS" in
+ *-ldl*)
+ # libdl already in LIBS
+ ;;
+ *)
+ SSHDLIBS="$SSHDLIBS -ldl"
+ ;;
+ esac
+ fi
fi
]
)
-AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
- [Builtin PRNG command timeout])
+# Check for older PAM
+if test "x$PAM_MSG" = "xyes" ; then
+ # Check PAM strerror arguments (old PAM)
+ AC_MSG_CHECKING([whether pam_strerror takes only one argument])
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <stdlib.h>
+#if defined(HAVE_SECURITY_PAM_APPL_H)
+#include <security/pam_appl.h>
+#elif defined (HAVE_PAM_PAM_APPL_H)
+#include <pam/pam_appl.h>
+#endif
+ ]], [[
+(void)pam_strerror((pam_handle_t *)NULL, -1);
+ ]])], [AC_MSG_RESULT([no])], [
+ AC_DEFINE([HAVE_OLD_PAM], [1],
+ [Define if you have an old version of PAM
+ which takes only one argument to pam_strerror])
+ AC_MSG_RESULT([yes])
+ PAM_MSG="yes (old library)"
+
+ ])
+fi
+
SSH_PRIVSEP_USER=sshd
-AC_ARG_WITH(privsep-user,
+AC_ARG_WITH([privsep-user],
[ --with-privsep-user=user Specify non-privileged user for privilege separation],
[
if test -n "$withval" && test "x$withval" != "xno" && \
@@ -2516,60 +2679,188 @@
fi
]
)
-AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
+AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"],
[non-privileged user for privilege separation])
-AC_SUBST(SSH_PRIVSEP_USER)
+AC_SUBST([SSH_PRIVSEP_USER])
-# We do this little dance with the search path to insure
-# that programs that we select for use by installed programs
-# (which may be run by the super-user) come from trusted
-# locations before they come from the user's private area.
-# This should help avoid accidentally configuring some
-# random version of a program in someone's personal bin.
+if test "x$have_linux_no_new_privs" = "x1" ; then
+AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [
+ #include <sys/types.h>
+ #include <linux/seccomp.h>
+])
+fi
+if test "x$have_seccomp_filter" = "x1" ; then
+AC_MSG_CHECKING([kernel for seccomp_filter support])
+AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+ #include <errno.h>
+ #include <elf.h>
+ #include <linux/audit.h>
+ #include <linux/seccomp.h>
+ #include <stdlib.h>
+ #include <sys/prctl.h>
+ ]],
+ [[ int i = $seccomp_audit_arch;
+ errno = 0;
+ prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
+ exit(errno == EFAULT ? 0 : 1); ]])],
+ [ AC_MSG_RESULT([yes]) ], [
+ AC_MSG_RESULT([no])
+ # Disable seccomp filter as a target
+ have_seccomp_filter=0
+ ]
+)
+fi
-OPATH=$PATH
-PATH=/bin:/usr/bin
-test -h /bin 2> /dev/null && PATH=/usr/bin
-test -d /sbin && PATH=$PATH:/sbin
-test -d /usr/sbin && PATH=$PATH:/usr/sbin
-PATH=$PATH:/etc:$OPATH
+# Decide which sandbox style to use
+sandbox_arg=""
+AC_ARG_WITH([sandbox],
+ [ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter)],
+ [
+ if test "x$withval" = "xyes" ; then
+ sandbox_arg=""
+ else
+ sandbox_arg="$withval"
+ fi
+ ]
+)
-# These programs are used by the command hashing source to gather entropy
-OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
-OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
-OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
-OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
-OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
-OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
-OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
-OSSH_PATH_ENTROPY_PROG(PROG_W, w)
-OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
-OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
-OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
-OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
-OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
-OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
-OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
-OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
-# restore PATH
-PATH=$OPATH
+# Some platforms (seems to be the ones that have a kernel poll(2)-type
+# function with which they implement select(2)) use an extra file descriptor
+# when calling select(2), which means we can't use the rlimit sandbox.
+AC_MSG_CHECKING([if select works with descriptor rlimit])
+AC_RUN_IFELSE(
+ [AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#ifdef HAVE_SYS_TIME_H
+# include <sys/time.h>
+#endif
+#include <sys/resource.h>
+#ifdef HAVE_SYS_SELECT_H
+# include <sys/select.h>
+#endif
+#include <errno.h>
+#include <fcntl.h>
+#include <stdlib.h>
+ ]],[[
+ struct rlimit rl_zero;
+ int fd, r;
+ fd_set fds;
+ struct timeval tv;
-# Where does ssh-rand-helper get its randomness from?
-INSTALL_SSH_PRNG_CMDS=""
-if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
- if test ! -z "$PRNGD_PORT" ; then
- RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
- elif test ! -z "$PRNGD_SOCKET" ; then
- RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
- else
- RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
- RAND_HELPER_CMDHASH=yes
- INSTALL_SSH_PRNG_CMDS="yes"
- fi
+ fd = open("/dev/null", O_RDONLY);
+ FD_ZERO(&fds);
+ FD_SET(fd, &fds);
+ rl_zero.rlim_cur = rl_zero.rlim_max = 0;
+ setrlimit(RLIMIT_FSIZE, &rl_zero);
+ setrlimit(RLIMIT_NOFILE, &rl_zero);
+ tv.tv_sec = 1;
+ tv.tv_usec = 0;
+ r = select(fd+1, &fds, NULL, NULL, &tv);
+ exit (r == -1 ? 1 : 0);
+ ]])],
+ [AC_MSG_RESULT([yes])
+ select_works_with_rlimit=yes],
+ [AC_MSG_RESULT([no])
+ select_works_with_rlimit=no],
+ [AC_MSG_WARN([cross compiling: assuming yes])]
+)
+
+AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works])
+AC_RUN_IFELSE(
+ [AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#ifdef HAVE_SYS_TIME_H
+# include <sys/time.h>
+#endif
+#include <sys/resource.h>
+#include <errno.h>
+#include <stdlib.h>
+ ]],[[
+ struct rlimit rl_zero;
+ int fd, r;
+ fd_set fds;
+
+ rl_zero.rlim_cur = rl_zero.rlim_max = 0;
+ r = setrlimit(RLIMIT_NOFILE, &rl_zero);
+ exit (r == -1 ? 1 : 0);
+ ]])],
+ [AC_MSG_RESULT([yes])
+ rlimit_nofile_zero_works=yes],
+ [AC_MSG_RESULT([no])
+ rlimit_nofile_zero_works=no],
+ [AC_MSG_WARN([cross compiling: assuming yes])]
+)
+
+AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works])
+AC_RUN_IFELSE(
+ [AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <sys/resource.h>
+#include <stdlib.h>
+ ]],[[
+ struct rlimit rl_zero;
+
+ rl_zero.rlim_cur = rl_zero.rlim_max = 0;
+ exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0);
+ ]])],
+ [AC_MSG_RESULT([yes])],
+ [AC_MSG_RESULT([no])
+ AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1,
+ [setrlimit RLIMIT_FSIZE works])],
+ [AC_MSG_WARN([cross compiling: assuming yes])]
+)
+
+if test "x$sandbox_arg" = "xsystrace" || \
+ ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
+ test "x$have_systr_policy_kill" != "x1" && \
+ AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support])
+ SANDBOX_STYLE="systrace"
+ AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)])
+elif test "x$sandbox_arg" = "xdarwin" || \
+ ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
+ test "x$ac_cv_header_sandbox_h" = "xyes") ; then
+ test "x$ac_cv_func_sandbox_init" != "xyes" -o \
+ "x$ac_cv_header_sandbox_h" != "xyes" && \
+ AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
+ SANDBOX_STYLE="darwin"
+ AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
+elif test "x$sandbox_arg" = "xseccomp_filter" || \
+ ( test -z "$sandbox_arg" && \
+ test "x$have_seccomp_filter" = "x1" && \
+ test "x$ac_cv_header_elf_h" = "xyes" && \
+ test "x$ac_cv_header_linux_audit_h" = "xyes" && \
+ test "x$ac_cv_header_linux_filter_h" = "xyes" && \
+ test "x$seccomp_audit_arch" != "x" && \
+ test "x$have_linux_no_new_privs" = "x1" && \
+ test "x$ac_cv_func_prctl" = "xyes" ) ; then
+ test "x$seccomp_audit_arch" = "x" && \
+ AC_MSG_ERROR([seccomp_filter sandbox not supported on $host])
+ test "x$have_linux_no_new_privs" != "x1" && \
+ AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS])
+ test "x$have_seccomp_filter" != "x1" && \
+ AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers])
+ test "x$ac_cv_func_prctl" != "xyes" && \
+ AC_MSG_ERROR([seccomp_filter sandbox requires prctl function])
+ SANDBOX_STYLE="seccomp_filter"
+ AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter])
+elif test "x$sandbox_arg" = "xrlimit" || \
+ ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \
+ test "x$select_works_with_rlimit" = "xyes" && \
+ test "x$rlimit_nofile_zero_works" = "xyes" ) ; then
+ test "x$ac_cv_func_setrlimit" != "xyes" && \
+ AC_MSG_ERROR([rlimit sandbox requires setrlimit function])
+ test "x$select_works_with_rlimit" != "xyes" && \
+ AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit])
+ SANDBOX_STYLE="rlimit"
+ AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])
+elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
+ test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
+ SANDBOX_STYLE="none"
+ AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing])
+else
+ AC_MSG_ERROR([unsupported --with-sandbox])
fi
-AC_SUBST(INSTALL_SSH_PRNG_CMDS)
-
# Cheap hack to ensure NEWS-OS libraries are arranged right.
if test ! -z "$SONY" ; then
LIBS="$LIBS -liberty";
@@ -2579,11 +2870,10 @@
AC_CHECK_TYPES([long long, unsigned long long, long double])
# Check datatype sizes
-AC_CHECK_SIZEOF(char, 1)
-AC_CHECK_SIZEOF(short int, 2)
-AC_CHECK_SIZEOF(int, 4)
-AC_CHECK_SIZEOF(long int, 4)
-AC_CHECK_SIZEOF(long long int, 8)
+AC_CHECK_SIZEOF([short int], [2])
+AC_CHECK_SIZEOF([int], [4])
+AC_CHECK_SIZEOF([long int], [4])
+AC_CHECK_SIZEOF([long long int], [8])
# Sanity check long long for some platforms (AIX)
if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
@@ -2594,7 +2884,7 @@
if test -z "$have_llong_max"; then
AC_MSG_CHECKING([for max value of long long])
AC_RUN_IFELSE(
- [AC_LANG_SOURCE([[
+ [AC_LANG_PROGRAM([[
#include <stdio.h>
/* Why is this so damn hard? */
#ifdef __GNUC__
@@ -2630,8 +2920,7 @@
return -1;
return 0;
}
-
-int main(void) {
+ ]], [[
FILE *f;
long long i, llmin, llmax = 0;
@@ -2665,22 +2954,21 @@
if (fclose(f) < 0)
exit(5);
exit(0);
-}
]])],
[
llong_min=`$AWK '{print $1}' conftest.llminmax`
llong_max=`$AWK '{print $2}' conftest.llminmax`
- AC_MSG_RESULT($llong_max)
- AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
+ AC_MSG_RESULT([$llong_max])
+ AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL],
[max value of long long calculated by configure])
AC_MSG_CHECKING([for min value of long long])
- AC_MSG_RESULT($llong_min)
- AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
+ AC_MSG_RESULT([$llong_min])
+ AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL],
[min value of long long calculated by configure])
],
[
- AC_MSG_RESULT(not found)
+ AC_MSG_RESULT([not found])
],
[
AC_MSG_WARN([cross compiling: not checking])
@@ -2691,28 +2979,24 @@
# More checks for data types
AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
- AC_TRY_COMPILE(
- [ #include <sys/types.h> ],
- [ u_int a; a = 1;],
- [ ac_cv_have_u_int="yes" ],
- [ ac_cv_have_u_int="no" ]
- )
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
+ [[ u_int a; a = 1;]])],
+ [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no"
+ ])
])
if test "x$ac_cv_have_u_int" = "xyes" ; then
- AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
+ AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type])
have_u_int=1
fi
AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
- AC_TRY_COMPILE(
- [ #include <sys/types.h> ],
- [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
- [ ac_cv_have_intxx_t="yes" ],
- [ ac_cv_have_intxx_t="no" ]
- )
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
+ [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
+ [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no"
+ ])
])
if test "x$ac_cv_have_intxx_t" = "xyes" ; then
- AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
+ AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type])
have_intxx_t=1
fi
@@ -2720,20 +3004,17 @@
test "x$ac_cv_header_stdint_h" = "xyes")
then
AC_MSG_CHECKING([for intXX_t types in stdint.h])
- AC_TRY_COMPILE(
- [ #include <stdint.h> ],
- [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
+ [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
[
- AC_DEFINE(HAVE_INTXX_T)
- AC_MSG_RESULT(yes)
- ],
- [ AC_MSG_RESULT(no) ]
- )
+ AC_DEFINE([HAVE_INTXX_T])
+ AC_MSG_RESULT([yes])
+ ], [ AC_MSG_RESULT([no])
+ ])
fi
AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
- AC_TRY_COMPILE(
- [
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <sys/types.h>
#ifdef HAVE_STDINT_H
# include <stdint.h>
@@ -2742,81 +3023,75 @@
#ifdef HAVE_SYS_BITYPES_H
# include <sys/bitypes.h>
#endif
- ],
- [ int64_t a; a = 1;],
- [ ac_cv_have_int64_t="yes" ],
- [ ac_cv_have_int64_t="no" ]
- )
+ ]], [[
+int64_t a; a = 1;
+ ]])],
+ [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no"
+ ])
])
if test "x$ac_cv_have_int64_t" = "xyes" ; then
- AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
+ AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type])
fi
AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
- AC_TRY_COMPILE(
- [ #include <sys/types.h> ],
- [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
- [ ac_cv_have_u_intxx_t="yes" ],
- [ ac_cv_have_u_intxx_t="no" ]
- )
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
+ [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
+ [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no"
+ ])
])
if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
- AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
+ AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type])
have_u_intxx_t=1
fi
if test -z "$have_u_intxx_t" ; then
AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
- AC_TRY_COMPILE(
- [ #include <sys/socket.h> ],
- [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]],
+ [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
[
- AC_DEFINE(HAVE_U_INTXX_T)
- AC_MSG_RESULT(yes)
- ],
- [ AC_MSG_RESULT(no) ]
- )
+ AC_DEFINE([HAVE_U_INTXX_T])
+ AC_MSG_RESULT([yes])
+ ], [ AC_MSG_RESULT([no])
+ ])
fi
AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
- AC_TRY_COMPILE(
- [ #include <sys/types.h> ],
- [ u_int64_t a; a = 1;],
- [ ac_cv_have_u_int64_t="yes" ],
- [ ac_cv_have_u_int64_t="no" ]
- )
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
+ [[ u_int64_t a; a = 1;]])],
+ [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no"
+ ])
])
if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
- AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
+ AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type])
have_u_int64_t=1
fi
if test -z "$have_u_int64_t" ; then
AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
- AC_TRY_COMPILE(
- [ #include <sys/bitypes.h> ],
- [ u_int64_t a; a = 1],
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]],
+ [[ u_int64_t a; a = 1]])],
[
- AC_DEFINE(HAVE_U_INT64_T)
- AC_MSG_RESULT(yes)
- ],
- [ AC_MSG_RESULT(no) ]
- )
+ AC_DEFINE([HAVE_U_INT64_T])
+ AC_MSG_RESULT([yes])
+ ], [ AC_MSG_RESULT([no])
+ ])
fi
if test -z "$have_u_intxx_t" ; then
AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
- AC_TRY_COMPILE(
- [
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <sys/types.h>
- ],
- [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
- [ ac_cv_have_uintxx_t="yes" ],
- [ ac_cv_have_uintxx_t="no" ]
- )
+ ]], [[
+ uint8_t a;
+ uint16_t b;
+ uint32_t c;
+ a = b = c = 1;
+ ]])],
+ [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no"
+ ])
])
if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
- AC_DEFINE(HAVE_UINTXX_T, 1,
+ AC_DEFINE([HAVE_UINTXX_T], [1],
[define if you have uintxx_t data type])
fi
fi
@@ -2823,15 +3098,13 @@
if test -z "$have_uintxx_t" ; then
AC_MSG_CHECKING([for uintXX_t types in stdint.h])
- AC_TRY_COMPILE(
- [ #include <stdint.h> ],
- [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
+ [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
[
- AC_DEFINE(HAVE_UINTXX_T)
- AC_MSG_RESULT(yes)
- ],
- [ AC_MSG_RESULT(no) ]
- )
+ AC_DEFINE([HAVE_UINTXX_T])
+ AC_MSG_RESULT([yes])
+ ], [ AC_MSG_RESULT([no])
+ ])
fi
if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
@@ -2838,43 +3111,36 @@
test "x$ac_cv_header_sys_bitypes_h" = "xyes")
then
AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
- AC_TRY_COMPILE(
- [
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <sys/bitypes.h>
- ],
- [
+ ]], [[
int8_t a; int16_t b; int32_t c;
u_int8_t e; u_int16_t f; u_int32_t g;
a = b = c = e = f = g = 1;
- ],
+ ]])],
[
- AC_DEFINE(HAVE_U_INTXX_T)
- AC_DEFINE(HAVE_INTXX_T)
- AC_MSG_RESULT(yes)
- ],
- [AC_MSG_RESULT(no)]
- )
+ AC_DEFINE([HAVE_U_INTXX_T])
+ AC_DEFINE([HAVE_INTXX_T])
+ AC_MSG_RESULT([yes])
+ ], [AC_MSG_RESULT([no])
+ ])
fi
AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
- AC_TRY_COMPILE(
- [
-#include <sys/types.h>
- ],
- [ u_char foo; foo = 125; ],
- [ ac_cv_have_u_char="yes" ],
- [ ac_cv_have_u_char="no" ]
- )
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
+ [[ u_char foo; foo = 125; ]])],
+ [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no"
+ ])
])
if test "x$ac_cv_have_u_char" = "xyes" ; then
- AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
+ AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type])
fi
TYPE_SOCKLEN_T
-AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
-AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t],,,[
+AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>])
+AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [
#include <sys/types.h>
#ifdef HAVE_SYS_BITYPES_H
#include <sys/bitypes.h>
@@ -2887,156 +3153,125 @@
#endif
])
-AC_CHECK_TYPES([in_addr_t, in_port_t],,,
+AC_CHECK_TYPES([in_addr_t, in_port_t], , ,
[#include <sys/types.h>
#include <netinet/in.h>])
AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
- AC_TRY_COMPILE(
- [
-#include <sys/types.h>
- ],
- [ size_t foo; foo = 1235; ],
- [ ac_cv_have_size_t="yes" ],
- [ ac_cv_have_size_t="no" ]
- )
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
+ [[ size_t foo; foo = 1235; ]])],
+ [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no"
+ ])
])
if test "x$ac_cv_have_size_t" = "xyes" ; then
- AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
+ AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type])
fi
AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
- AC_TRY_COMPILE(
- [
-#include <sys/types.h>
- ],
- [ ssize_t foo; foo = 1235; ],
- [ ac_cv_have_ssize_t="yes" ],
- [ ac_cv_have_ssize_t="no" ]
- )
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
+ [[ ssize_t foo; foo = 1235; ]])],
+ [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no"
+ ])
])
if test "x$ac_cv_have_ssize_t" = "xyes" ; then
- AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
+ AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type])
fi
AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
- AC_TRY_COMPILE(
- [
-#include <time.h>
- ],
- [ clock_t foo; foo = 1235; ],
- [ ac_cv_have_clock_t="yes" ],
- [ ac_cv_have_clock_t="no" ]
- )
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]],
+ [[ clock_t foo; foo = 1235; ]])],
+ [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no"
+ ])
])
if test "x$ac_cv_have_clock_t" = "xyes" ; then
- AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
+ AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type])
fi
AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
- AC_TRY_COMPILE(
- [
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <sys/types.h>
#include <sys/socket.h>
- ],
- [ sa_family_t foo; foo = 1235; ],
- [ ac_cv_have_sa_family_t="yes" ],
- [ AC_TRY_COMPILE(
- [
+ ]], [[ sa_family_t foo; foo = 1235; ]])],
+ [ ac_cv_have_sa_family_t="yes" ],
+ [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
- ],
- [ sa_family_t foo; foo = 1235; ],
+ ]], [[ sa_family_t foo; foo = 1235; ]])],
[ ac_cv_have_sa_family_t="yes" ],
-
[ ac_cv_have_sa_family_t="no" ]
- )]
)
+ ])
])
if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
- AC_DEFINE(HAVE_SA_FAMILY_T, 1,
+ AC_DEFINE([HAVE_SA_FAMILY_T], [1],
[define if you have sa_family_t data type])
fi
AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
- AC_TRY_COMPILE(
- [
-#include <sys/types.h>
- ],
- [ pid_t foo; foo = 1235; ],
- [ ac_cv_have_pid_t="yes" ],
- [ ac_cv_have_pid_t="no" ]
- )
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
+ [[ pid_t foo; foo = 1235; ]])],
+ [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no"
+ ])
])
if test "x$ac_cv_have_pid_t" = "xyes" ; then
- AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
+ AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type])
fi
AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
- AC_TRY_COMPILE(
- [
-#include <sys/types.h>
- ],
- [ mode_t foo; foo = 1235; ],
- [ ac_cv_have_mode_t="yes" ],
- [ ac_cv_have_mode_t="no" ]
- )
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
+ [[ mode_t foo; foo = 1235; ]])],
+ [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no"
+ ])
])
if test "x$ac_cv_have_mode_t" = "xyes" ; then
- AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
+ AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type])
fi
AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
- AC_TRY_COMPILE(
- [
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <sys/types.h>
#include <sys/socket.h>
- ],
- [ struct sockaddr_storage s; ],
- [ ac_cv_have_struct_sockaddr_storage="yes" ],
- [ ac_cv_have_struct_sockaddr_storage="no" ]
- )
+ ]], [[ struct sockaddr_storage s; ]])],
+ [ ac_cv_have_struct_sockaddr_storage="yes" ],
+ [ ac_cv_have_struct_sockaddr_storage="no"
+ ])
])
if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
- AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
+ AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1],
[define if you have struct sockaddr_storage data type])
fi
AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
- AC_TRY_COMPILE(
- [
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <sys/types.h>
#include <netinet/in.h>
- ],
- [ struct sockaddr_in6 s; s.sin6_family = 0; ],
- [ ac_cv_have_struct_sockaddr_in6="yes" ],
- [ ac_cv_have_struct_sockaddr_in6="no" ]
- )
+ ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])],
+ [ ac_cv_have_struct_sockaddr_in6="yes" ],
+ [ ac_cv_have_struct_sockaddr_in6="no"
+ ])
])
if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
- AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
+ AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1],
[define if you have struct sockaddr_in6 data type])
fi
AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
- AC_TRY_COMPILE(
- [
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <sys/types.h>
#include <netinet/in.h>
- ],
- [ struct in6_addr s; s.s6_addr[0] = 0; ],
- [ ac_cv_have_struct_in6_addr="yes" ],
- [ ac_cv_have_struct_in6_addr="no" ]
- )
+ ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])],
+ [ ac_cv_have_struct_in6_addr="yes" ],
+ [ ac_cv_have_struct_in6_addr="no"
+ ])
])
if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
- AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
+ AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1],
[define if you have struct in6_addr data type])
dnl Now check for sin6_scope_id
- AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id],,,
+ AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , ,
[
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
@@ -3046,36 +3281,33 @@
fi
AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
- AC_TRY_COMPILE(
- [
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
- ],
- [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
- [ ac_cv_have_struct_addrinfo="yes" ],
- [ ac_cv_have_struct_addrinfo="no" ]
- )
+ ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])],
+ [ ac_cv_have_struct_addrinfo="yes" ],
+ [ ac_cv_have_struct_addrinfo="no"
+ ])
])
if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
- AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
+ AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1],
[define if you have struct addrinfo data type])
fi
AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
- AC_TRY_COMPILE(
- [ #include <sys/time.h> ],
- [ struct timeval tv; tv.tv_sec = 1;],
- [ ac_cv_have_struct_timeval="yes" ],
- [ ac_cv_have_struct_timeval="no" ]
- )
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]],
+ [[ struct timeval tv; tv.tv_sec = 1;]])],
+ [ ac_cv_have_struct_timeval="yes" ],
+ [ ac_cv_have_struct_timeval="no"
+ ])
])
if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
- AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
+ AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval])
have_struct_timeval=1
fi
-AC_CHECK_TYPES(struct timespec)
+AC_CHECK_TYPES([struct timespec])
# We need int64_t or else certian parts of the compile will fail.
if test "x$ac_cv_have_int64_t" = "xno" && \
@@ -3111,34 +3343,41 @@
#else
main() { exit(0); }
#endif
- ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
+ ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ],
AC_MSG_WARN([cross compiling: Assuming working snprintf()])
)
fi
dnl Checks for structure members
-OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
-OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
-OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
-OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
-OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
-OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
-OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
-OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
-OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
-OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
-OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
-OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
-OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
-OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
-OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
-OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
-OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
+OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP])
+OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX])
+OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX])
+OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP])
+OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP])
+OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX])
+OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP])
+OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP])
+OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX])
+OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP])
+OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX])
+OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP])
+OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX])
+OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP])
+OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP])
+OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX])
+OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX])
AC_CHECK_MEMBERS([struct stat.st_blksize])
-AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
+AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class,
+struct passwd.pw_change, struct passwd.pw_expire],
+[], [], [[
+#include <sys/types.h>
+#include <pwd.h>
+]])
+
+AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state],
[Define if we don't have struct __res_state in resolv.h])],
-[
+[[
#include <stdio.h>
#if HAVE_SYS_TYPES_H
# include <sys/types.h>
@@ -3146,98 +3385,44 @@
#include <netinet/in.h>
#include <arpa/nameser.h>
#include <resolv.h>
-])
+]])
AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
ac_cv_have_ss_family_in_struct_ss, [
- AC_TRY_COMPILE(
- [
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <sys/types.h>
#include <sys/socket.h>
- ],
- [ struct sockaddr_storage s; s.ss_family = 1; ],
- [ ac_cv_have_ss_family_in_struct_ss="yes" ],
- [ ac_cv_have_ss_family_in_struct_ss="no" ],
- )
+ ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])],
+ [ ac_cv_have_ss_family_in_struct_ss="yes" ],
+ [ ac_cv_have_ss_family_in_struct_ss="no" ])
])
if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
- AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
+ AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage])
fi
AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
ac_cv_have___ss_family_in_struct_ss, [
- AC_TRY_COMPILE(
- [
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <sys/types.h>
#include <sys/socket.h>
- ],
- [ struct sockaddr_storage s; s.__ss_family = 1; ],
- [ ac_cv_have___ss_family_in_struct_ss="yes" ],
- [ ac_cv_have___ss_family_in_struct_ss="no" ]
- )
+ ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])],
+ [ ac_cv_have___ss_family_in_struct_ss="yes" ],
+ [ ac_cv_have___ss_family_in_struct_ss="no"
+ ])
])
if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
- AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
+ AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1],
[Fields in struct sockaddr_storage])
fi
-AC_CACHE_CHECK([for pw_class field in struct passwd],
- ac_cv_have_pw_class_in_struct_passwd, [
- AC_TRY_COMPILE(
- [
-#include <pwd.h>
- ],
- [ struct passwd p; p.pw_class = 0; ],
- [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
- [ ac_cv_have_pw_class_in_struct_passwd="no" ]
- )
-])
-if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
- AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
- [Define if your password has a pw_class field])
-fi
-
-AC_CACHE_CHECK([for pw_expire field in struct passwd],
- ac_cv_have_pw_expire_in_struct_passwd, [
- AC_TRY_COMPILE(
- [
-#include <pwd.h>
- ],
- [ struct passwd p; p.pw_expire = 0; ],
- [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
- [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
- )
-])
-if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
- AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
- [Define if your password has a pw_expire field])
-fi
-
-AC_CACHE_CHECK([for pw_change field in struct passwd],
- ac_cv_have_pw_change_in_struct_passwd, [
- AC_TRY_COMPILE(
- [
-#include <pwd.h>
- ],
- [ struct passwd p; p.pw_change = 0; ],
- [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
- [ ac_cv_have_pw_change_in_struct_passwd="no" ]
- )
-])
-if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
- AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
- [Define if your password has a pw_change field])
-fi
-
dnl make sure we're using the real structure members and not defines
AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
ac_cv_have_accrights_in_msghdr, [
- AC_COMPILE_IFELSE(
- [
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/uio.h>
-int main() {
+ ]], [[
#ifdef msg_accrights
#error "msg_accrights is a macro"
exit(1);
@@ -3245,21 +3430,20 @@
struct msghdr m;
m.msg_accrights = 0;
exit(0);
-}
- ],
+ ]])],
[ ac_cv_have_accrights_in_msghdr="yes" ],
[ ac_cv_have_accrights_in_msghdr="no" ]
)
])
if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
- AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
+ AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1],
[Define if your system uses access rights style
file descriptor passing])
fi
-AC_MSG_CHECKING(if struct statvfs.f_fsid is integral type)
-AC_TRY_COMPILE([
-#include <sys/types.h>
+AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/param.h>
#include <sys/stat.h>
#ifdef HAVE_SYS_TIME_H
# include <sys/time.h>
@@ -3270,37 +3454,36 @@
#ifdef HAVE_SYS_STATVFS_H
#include <sys/statvfs.h>
#endif
-], [struct statvfs s; s.f_fsid = 0;],
-[ AC_MSG_RESULT(yes) ],
-[ AC_MSG_RESULT(no)
+ ]], [[ struct statvfs s; s.f_fsid = 0; ]])],
+ [ AC_MSG_RESULT([yes]) ],
+ [ AC_MSG_RESULT([no])
- AC_MSG_CHECKING(if fsid_t has member val)
- AC_TRY_COMPILE([
+ AC_MSG_CHECKING([if fsid_t has member val])
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <sys/types.h>
-#include <sys/statvfs.h>],
- [fsid_t t; t.val[0] = 0;],
- [ AC_MSG_RESULT(yes)
- AC_DEFINE(FSID_HAS_VAL, 1, fsid_t has member val) ],
- [ AC_MSG_RESULT(no) ])
+#include <sys/statvfs.h>
+ ]], [[ fsid_t t; t.val[0] = 0; ]])],
+ [ AC_MSG_RESULT([yes])
+ AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ],
+ [ AC_MSG_RESULT([no]) ])
- AC_MSG_CHECKING(if f_fsid has member __val)
- AC_TRY_COMPILE([
+ AC_MSG_CHECKING([if f_fsid has member __val])
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <sys/types.h>
-#include <sys/statvfs.h>],
- [fsid_t t; t.__val[0] = 0;],
- [ AC_MSG_RESULT(yes)
- AC_DEFINE(FSID_HAS___VAL, 1, fsid_t has member __val) ],
- [ AC_MSG_RESULT(no) ])
+#include <sys/statvfs.h>
+ ]], [[ fsid_t t; t.__val[0] = 0; ]])],
+ [ AC_MSG_RESULT([yes])
+ AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ],
+ [ AC_MSG_RESULT([no]) ])
])
AC_CACHE_CHECK([for msg_control field in struct msghdr],
ac_cv_have_control_in_msghdr, [
- AC_COMPILE_IFELSE(
- [
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/uio.h>
-int main() {
+ ]], [[
#ifdef msg_control
#error "msg_control is a macro"
exit(1);
@@ -3308,178 +3491,161 @@
struct msghdr m;
m.msg_control = 0;
exit(0);
-}
- ],
+ ]])],
[ ac_cv_have_control_in_msghdr="yes" ],
[ ac_cv_have_control_in_msghdr="no" ]
)
])
if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
- AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
+ AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1],
[Define if your system uses ancillary data style
file descriptor passing])
fi
AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
- AC_TRY_LINK([],
- [ extern char *__progname; printf("%s", __progname); ],
- [ ac_cv_libc_defines___progname="yes" ],
- [ ac_cv_libc_defines___progname="no" ]
- )
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
+ [[ extern char *__progname; printf("%s", __progname); ]])],
+ [ ac_cv_libc_defines___progname="yes" ],
+ [ ac_cv_libc_defines___progname="no"
+ ])
])
if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
- AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
+ AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname])
fi
AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
- AC_TRY_LINK([
-#include <stdio.h>
-],
- [ printf("%s", __FUNCTION__); ],
- [ ac_cv_cc_implements___FUNCTION__="yes" ],
- [ ac_cv_cc_implements___FUNCTION__="no" ]
- )
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
+ [[ printf("%s", __FUNCTION__); ]])],
+ [ ac_cv_cc_implements___FUNCTION__="yes" ],
+ [ ac_cv_cc_implements___FUNCTION__="no"
+ ])
])
if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
- AC_DEFINE(HAVE___FUNCTION__, 1,
+ AC_DEFINE([HAVE___FUNCTION__], [1],
[Define if compiler implements __FUNCTION__])
fi
AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
- AC_TRY_LINK([
-#include <stdio.h>
-],
- [ printf("%s", __func__); ],
- [ ac_cv_cc_implements___func__="yes" ],
- [ ac_cv_cc_implements___func__="no" ]
- )
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
+ [[ printf("%s", __func__); ]])],
+ [ ac_cv_cc_implements___func__="yes" ],
+ [ ac_cv_cc_implements___func__="no"
+ ])
])
if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
- AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
+ AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__])
fi
AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
- AC_TRY_LINK(
- [#include <stdarg.h>
- va_list x,y;],
- [va_copy(x,y);],
- [ ac_cv_have_va_copy="yes" ],
- [ ac_cv_have_va_copy="no" ]
- )
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+#include <stdarg.h>
+va_list x,y;
+ ]], [[ va_copy(x,y); ]])],
+ [ ac_cv_have_va_copy="yes" ],
+ [ ac_cv_have_va_copy="no"
+ ])
])
if test "x$ac_cv_have_va_copy" = "xyes" ; then
- AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
+ AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists])
fi
AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
- AC_TRY_LINK(
- [#include <stdarg.h>
- va_list x,y;],
- [__va_copy(x,y);],
- [ ac_cv_have___va_copy="yes" ],
- [ ac_cv_have___va_copy="no" ]
- )
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+#include <stdarg.h>
+va_list x,y;
+ ]], [[ __va_copy(x,y); ]])],
+ [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
+ ])
])
if test "x$ac_cv_have___va_copy" = "xyes" ; then
- AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
+ AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
fi
AC_CACHE_CHECK([whether getopt has optreset support],
ac_cv_have_getopt_optreset, [
- AC_TRY_LINK(
- [
-#include <getopt.h>
- ],
- [ extern int optreset; optreset = 0; ],
- [ ac_cv_have_getopt_optreset="yes" ],
- [ ac_cv_have_getopt_optreset="no" ]
- )
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]],
+ [[ extern int optreset; optreset = 0; ]])],
+ [ ac_cv_have_getopt_optreset="yes" ],
+ [ ac_cv_have_getopt_optreset="no"
+ ])
])
if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
- AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
+ AC_DEFINE([HAVE_GETOPT_OPTRESET], [1],
[Define if your getopt(3) defines and uses optreset])
fi
AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
- AC_TRY_LINK([],
- [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
- [ ac_cv_libc_defines_sys_errlist="yes" ],
- [ ac_cv_libc_defines_sys_errlist="no" ]
- )
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
+[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])],
+ [ ac_cv_libc_defines_sys_errlist="yes" ],
+ [ ac_cv_libc_defines_sys_errlist="no"
+ ])
])
if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
- AC_DEFINE(HAVE_SYS_ERRLIST, 1,
+ AC_DEFINE([HAVE_SYS_ERRLIST], [1],
[Define if your system defines sys_errlist[]])
fi
AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
- AC_TRY_LINK([],
- [ extern int sys_nerr; printf("%i", sys_nerr);],
- [ ac_cv_libc_defines_sys_nerr="yes" ],
- [ ac_cv_libc_defines_sys_nerr="no" ]
- )
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
+[[ extern int sys_nerr; printf("%i", sys_nerr);]])],
+ [ ac_cv_libc_defines_sys_nerr="yes" ],
+ [ ac_cv_libc_defines_sys_nerr="no"
+ ])
])
if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
- AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
+ AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr])
fi
# Check libraries needed by DNS fingerprint support
-AC_SEARCH_LIBS(getrrsetbyname, resolv,
- [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
+AC_SEARCH_LIBS([getrrsetbyname], [resolv],
+ [AC_DEFINE([HAVE_GETRRSETBYNAME], [1],
[Define if getrrsetbyname() exists])],
[
# Needed by our getrrsetbyname()
- AC_SEARCH_LIBS(res_query, resolv)
- AC_SEARCH_LIBS(dn_expand, resolv)
- AC_MSG_CHECKING(if res_query will link)
- AC_LINK_IFELSE([
-#include "confdefs.h"
+ AC_SEARCH_LIBS([res_query], [resolv])
+ AC_SEARCH_LIBS([dn_expand], [resolv])
+ AC_MSG_CHECKING([if res_query will link])
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[
#include <sys/types.h>
#include <netinet/in.h>
#include <arpa/nameser.h>
#include <netdb.h>
#include <resolv.h>
-int main()
-{
+ ]], [[
res_query (0, 0, 0, 0, 0);
- return 0;
-}
- ],
- AC_MSG_RESULT(yes),
- [AC_MSG_RESULT(no)
+ ]])],
+ AC_MSG_RESULT([yes]),
+ [AC_MSG_RESULT([no])
saved_LIBS="$LIBS"
LIBS="$LIBS -lresolv"
- AC_MSG_CHECKING(for res_query in -lresolv)
- AC_LINK_IFELSE([
-#include "confdefs.h"
+ AC_MSG_CHECKING([for res_query in -lresolv])
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[
#include <sys/types.h>
#include <netinet/in.h>
#include <arpa/nameser.h>
#include <netdb.h>
#include <resolv.h>
-int main()
-{
+ ]], [[
res_query (0, 0, 0, 0, 0);
- return 0;
-}
- ],
- [AC_MSG_RESULT(yes)],
+ ]])],
+ [AC_MSG_RESULT([yes])],
[LIBS="$saved_LIBS"
- AC_MSG_RESULT(no)])
+ AC_MSG_RESULT([no])])
])
- AC_CHECK_FUNCS(_getshort _getlong)
+ AC_CHECK_FUNCS([_getshort _getlong])
AC_CHECK_DECLS([_getshort, _getlong], , ,
[#include <sys/types.h>
#include <arpa/nameser.h>])
- AC_CHECK_MEMBER(HEADER.ad,
- [AC_DEFINE(HAVE_HEADER_AD, 1,
- [Define if HEADER.ad exists in arpa/nameser.h])],,
+ AC_CHECK_MEMBER([HEADER.ad],
+ [AC_DEFINE([HAVE_HEADER_AD], [1],
+ [Define if HEADER.ad exists in arpa/nameser.h])], ,
[#include <arpa/nameser.h>])
])
-AC_MSG_CHECKING(if struct __res_state _res is an extern)
-AC_LINK_IFELSE([
+AC_MSG_CHECKING([if struct __res_state _res is an extern])
+AC_LINK_IFELSE([AC_LANG_PROGRAM([[
#include <stdio.h>
#if HAVE_SYS_TYPES_H
# include <sys/types.h>
@@ -3488,43 +3654,43 @@
#include <arpa/nameser.h>
#include <resolv.h>
extern struct __res_state _res;
-int main() { return 0; }
- ],
- [AC_MSG_RESULT(yes)
- AC_DEFINE(HAVE__RES_EXTERN, 1,
+ ]], [[ ]])],
+ [AC_MSG_RESULT([yes])
+ AC_DEFINE([HAVE__RES_EXTERN], [1],
[Define if you have struct __res_state _res as an extern])
],
- [ AC_MSG_RESULT(no) ]
+ [ AC_MSG_RESULT([no]) ]
)
# Check whether user wants SELinux support
SELINUX_MSG="no"
LIBSELINUX=""
-AC_ARG_WITH(selinux,
+AC_ARG_WITH([selinux],
[ --with-selinux Enable SELinux support],
[ if test "x$withval" != "xno" ; then
save_LIBS="$LIBS"
- AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
+ AC_DEFINE([WITH_SELINUX], [1],
+ [Define if you want SELinux support.])
SELINUX_MSG="yes"
AC_CHECK_HEADER([selinux/selinux.h], ,
- AC_MSG_ERROR(SELinux support requires selinux.h header))
- AC_CHECK_LIB(selinux, setexeccon,
+ AC_MSG_ERROR([SELinux support requires selinux.h header]))
+ AC_CHECK_LIB([selinux], [setexeccon],
[ LIBSELINUX="-lselinux"
LIBS="$LIBS -lselinux"
],
- AC_MSG_ERROR(SELinux support requires libselinux library))
+ AC_MSG_ERROR([SELinux support requires libselinux library]))
SSHLIBS="$SSHLIBS $LIBSELINUX"
SSHDLIBS="$SSHDLIBS $LIBSELINUX"
- AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
+ AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level])
LIBS="$save_LIBS"
fi ]
)
-AC_SUBST(SSHLIBS)
-AC_SUBST(SSHDLIBS)
+AC_SUBST([SSHLIBS])
+AC_SUBST([SSHDLIBS])
# Check whether user wants Kerberos 5 support
KRB5_MSG="no"
-AC_ARG_WITH(kerberos5,
+AC_ARG_WITH([kerberos5],
[ --with-kerberos5=PATH Enable Kerberos 5 support],
[ if test "x$withval" != "xno" ; then
if test "x$withval" = "xyes" ; then
@@ -3533,73 +3699,75 @@
KRB5ROOT=${withval}
fi
- AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
+ AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support])
KRB5_MSG="yes"
- AC_PATH_PROG([KRB5CONF],[krb5-config],
+ AC_PATH_PROG([KRB5CONF], [krb5-config],
[$KRB5ROOT/bin/krb5-config],
[$KRB5ROOT/bin:$PATH])
if test -x $KRB5CONF ; then
+ K5CFLAGS="`$KRB5CONF --cflags`"
+ K5LIBS="`$KRB5CONF --libs`"
+ CPPFLAGS="$CPPFLAGS $K5CFLAGS"
- AC_MSG_CHECKING(for gssapi support)
+ AC_MSG_CHECKING([for gssapi support])
if $KRB5CONF | grep gssapi >/dev/null ; then
- AC_MSG_RESULT(yes)
- AC_DEFINE(GSSAPI, 1,
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([GSSAPI], [1],
[Define this if you want GSSAPI
support in the version 2 protocol])
- k5confopts=gssapi
+ GSSCFLAGS="`$KRB5CONF --cflags gssapi`"
+ GSSLIBS="`$KRB5CONF --libs gssapi`"
+ CPPFLAGS="$CPPFLAGS $GSSCFLAGS"
else
- AC_MSG_RESULT(no)
- k5confopts=""
+ AC_MSG_RESULT([no])
fi
- K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
- K5LIBS="`$KRB5CONF --libs $k5confopts`"
- CPPFLAGS="$CPPFLAGS $K5CFLAGS"
- AC_MSG_CHECKING(whether we are using Heimdal)
- AC_TRY_COMPILE([ #include <krb5.h> ],
- [ char *tmp = heimdal_version; ],
- [ AC_MSG_RESULT(yes)
- AC_DEFINE(HEIMDAL, 1,
- [Define this if you are using the
- Heimdal version of Kerberos V5]) ],
- AC_MSG_RESULT(no)
- )
+ AC_MSG_CHECKING([whether we are using Heimdal])
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
+ ]], [[ char *tmp = heimdal_version; ]])],
+ [ AC_MSG_RESULT([yes])
+ AC_DEFINE([HEIMDAL], [1],
+ [Define this if you are using the Heimdal
+ version of Kerberos V5]) ],
+ [AC_MSG_RESULT([no])
+ ])
else
CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
- AC_MSG_CHECKING(whether we are using Heimdal)
- AC_TRY_COMPILE([ #include <krb5.h> ],
- [ char *tmp = heimdal_version; ],
- [ AC_MSG_RESULT(yes)
- AC_DEFINE(HEIMDAL)
+ AC_MSG_CHECKING([whether we are using Heimdal])
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
+ ]], [[ char *tmp = heimdal_version; ]])],
+ [ AC_MSG_RESULT([yes])
+ AC_DEFINE([HEIMDAL])
K5LIBS="-lkrb5"
K5LIBS="$K5LIBS -lcom_err -lasn1"
- AC_CHECK_LIB(roken, net_write,
+ AC_CHECK_LIB([roken], [net_write],
[K5LIBS="$K5LIBS -lroken"])
- AC_CHECK_LIB(des, des_cbc_encrypt,
+ AC_CHECK_LIB([des], [des_cbc_encrypt],
[K5LIBS="$K5LIBS -ldes"])
- ],
- [ AC_MSG_RESULT(no)
+ ], [ AC_MSG_RESULT([no])
K5LIBS="-lkrb5 -lk5crypto -lcom_err"
- ]
- )
- AC_SEARCH_LIBS(dn_expand, resolv)
+
+ ])
+ AC_SEARCH_LIBS([dn_expand], [resolv])
- AC_CHECK_LIB(gssapi_krb5, gss_init_sec_context,
- [ AC_DEFINE(GSSAPI)
- K5LIBS="-lgssapi_krb5 $K5LIBS" ],
- [ AC_CHECK_LIB(gssapi, gss_init_sec_context,
- [ AC_DEFINE(GSSAPI)
- K5LIBS="-lgssapi $K5LIBS" ],
- AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
- $K5LIBS)
- ],
- $K5LIBS)
+ AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context],
+ [ AC_DEFINE([GSSAPI])
+ GSSLIBS="-lgssapi_krb5" ],
+ [ AC_CHECK_LIB([gssapi], [gss_init_sec_context],
+ [ AC_DEFINE([GSSAPI])
+ GSSLIBS="-lgssapi" ],
+ [ AC_CHECK_LIB([gss], [gss_init_sec_context],
+ [ AC_DEFINE([GSSAPI])
+ GSSLIBS="-lgss" ],
+ AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]))
+ ])
+ ])
- AC_CHECK_HEADER(gssapi.h, ,
+ AC_CHECK_HEADER([gssapi.h], ,
[ unset ac_cv_header_gssapi_h
CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
- AC_CHECK_HEADERS(gssapi.h, ,
+ AC_CHECK_HEADERS([gssapi.h], ,
AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
)
]
@@ -3607,7 +3775,7 @@
oldCPP="$CPPFLAGS"
CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
- AC_CHECK_HEADER(gssapi_krb5.h, ,
+ AC_CHECK_HEADER([gssapi_krb5.h], ,
[ CPPFLAGS="$oldCPP" ])
fi
@@ -3618,21 +3786,41 @@
blibpath="$blibpath:${KRB5ROOT}/lib"
fi
- AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
- AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
- AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
+ AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h])
+ AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h])
+ AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h])
+ AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1],
+ [Define this if you want to use libkafs' AFS support])])
+
+ AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[
+#ifdef HAVE_GSSAPI_H
+# include <gssapi.h>
+#elif defined(HAVE_GSSAPI_GSSAPI_H)
+# include <gssapi/gssapi.h>
+#endif
+
+#ifdef HAVE_GSSAPI_GENERIC_H
+# include <gssapi_generic.h>
+#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H)
+# include <gssapi/gssapi_generic.h>
+#endif
+ ]])
+ saved_LIBS="$LIBS"
LIBS="$LIBS $K5LIBS"
- AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
- [Define this if you want to use libkafs' AFS support]))
+ AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message])
+ LIBS="$saved_LIBS"
+
fi
]
)
+AC_SUBST([GSSLIBS])
+AC_SUBST([K5LIBS])
# Looking for programs, paths and files
PRIVSEP_PATH=/var/empty
-AC_ARG_WITH(privsep-path,
+AC_ARG_WITH([privsep-path],
[ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
[
if test -n "$withval" && test "x$withval" != "xno" && \
@@ -3641,9 +3829,9 @@
fi
]
)
-AC_SUBST(PRIVSEP_PATH)
+AC_SUBST([PRIVSEP_PATH])
-AC_ARG_WITH(xauth,
+AC_ARG_WITH([xauth],
[ --with-xauth=PATH Specify path to xauth program ],
[
if test -n "$withval" && test "x$withval" != "xno" && \
@@ -3657,7 +3845,7 @@
TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
- AC_PATH_PROG(xauth_path, xauth, , $TestPath)
+ AC_PATH_PROG([xauth_path], [xauth], , [$TestPath])
if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
xauth_path="/usr/openwin/bin/xauth"
fi
@@ -3665,7 +3853,7 @@
)
STRIP_OPT=-s
-AC_ARG_ENABLE(strip,
+AC_ARG_ENABLE([strip],
[ --disable-strip Disable calling strip(1) on install],
[
if test "x$enableval" = "xno" ; then
@@ -3673,25 +3861,100 @@
fi
]
)
-AC_SUBST(STRIP_OPT)
+AC_SUBST([STRIP_OPT])
if test -z "$xauth_path" ; then
XAUTH_PATH="undefined"
- AC_SUBST(XAUTH_PATH)
+ AC_SUBST([XAUTH_PATH])
else
- AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
+ AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"],
[Define if xauth is found in your path])
XAUTH_PATH=$xauth_path
- AC_SUBST(XAUTH_PATH)
+ AC_SUBST([XAUTH_PATH])
fi
-# Check for mail directory (last resort if we cannot get it from headers)
-if test ! -z "$MAIL" ; then
- maildir=`dirname $MAIL`
- AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
- [Set this to your mail directory if you don't have maillock.h])
-fi
+dnl # --with-maildir=/path/to/mail gets top priority.
+dnl # if maildir is set in the platform case statement above we use that.
+dnl # Otherwise we run a program to get the dir from system headers.
+dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL
+dnl # If we find _PATH_MAILDIR we do nothing because that is what
+dnl # session.c expects anyway. Otherwise we set to the value found
+dnl # stripping any trailing slash. If for some strage reason our program
+dnl # does not find what it needs, we default to /var/spool/mail.
+# Check for mail directory
+AC_ARG_WITH([maildir],
+ [ --with-maildir=/path/to/mail Specify your system mail directory],
+ [
+ if test "X$withval" != X && test "x$withval" != xno && \
+ test "x${withval}" != xyes; then
+ AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"],
+ [Set this to your mail directory if you do not have _PATH_MAILDIR])
+ fi
+ ],[
+ if test "X$maildir" != "X"; then
+ AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
+ else
+ AC_MSG_CHECKING([Discovering system mail directory])
+ AC_RUN_IFELSE(
+ [AC_LANG_PROGRAM([[
+#include <stdio.h>
+#include <string.h>
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
+#ifdef HAVE_MAILLOCK_H
+#include <maillock.h>
+#endif
+#define DATA "conftest.maildir"
+ ]], [[
+ FILE *fd;
+ int rc;
+ fd = fopen(DATA,"w");
+ if(fd == NULL)
+ exit(1);
+
+#if defined (_PATH_MAILDIR)
+ if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0)
+ exit(1);
+#elif defined (MAILDIR)
+ if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0)
+ exit(1);
+#elif defined (_PATH_MAIL)
+ if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0)
+ exit(1);
+#else
+ exit (2);
+#endif
+
+ exit(0);
+ ]])],
+ [
+ maildir_what=`awk -F: '{print $1}' conftest.maildir`
+ maildir=`awk -F: '{print $2}' conftest.maildir \
+ | sed 's|/$||'`
+ AC_MSG_RESULT([Using: $maildir from $maildir_what])
+ if test "x$maildir_what" != "x_PATH_MAILDIR"; then
+ AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
+ fi
+ ],
+ [
+ if test "X$ac_status" = "X2";then
+# our test program didn't find it. Default to /var/spool/mail
+ AC_MSG_RESULT([Using: default value of /var/spool/mail])
+ AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"])
+ else
+ AC_MSG_RESULT([*** not found ***])
+ fi
+ ],
+ [
+ AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail])
+ ]
+ )
+ fi
+ ]
+) # maildir
+
if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
disable_ptmx_check=yes
@@ -3698,9 +3961,9 @@
fi
if test -z "$no_dev_ptmx" ; then
if test "x$disable_ptmx_check" != "xyes" ; then
- AC_CHECK_FILE("/dev/ptmx",
+ AC_CHECK_FILE(["/dev/ptmx"],
[
- AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
+ AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1],
[Define if you have /dev/ptmx])
have_dev_ptmx=1
]
@@ -3709,9 +3972,9 @@
fi
if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
- AC_CHECK_FILE("/dev/ptc",
+ AC_CHECK_FILE(["/dev/ptc"],
[
- AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
+ AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1],
[Define if you have /dev/ptc])
have_dev_ptc=1
]
@@ -3721,7 +3984,7 @@
fi
# Options from here on. Some of these are preset by platform above
-AC_ARG_WITH(mantype,
+AC_ARG_WITH([mantype],
[ --with-mantype=man|cat|doc Set man page type],
[
case "$withval" in
@@ -3729,7 +3992,7 @@
MANTYPE=$withval
;;
*)
- AC_MSG_ERROR(invalid man type: $withval)
+ AC_MSG_ERROR([invalid man type: $withval])
;;
esac
]
@@ -3736,7 +3999,7 @@
)
if test -z "$MANTYPE"; then
TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
- AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
+ AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath])
if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
MANTYPE=doc
elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
@@ -3745,21 +4008,21 @@
MANTYPE=cat
fi
fi
-AC_SUBST(MANTYPE)
+AC_SUBST([MANTYPE])
if test "$MANTYPE" = "doc"; then
mansubdir=man;
else
mansubdir=$MANTYPE;
fi
-AC_SUBST(mansubdir)
+AC_SUBST([mansubdir])
# Check whether to enable MD5 passwords
MD5_MSG="no"
-AC_ARG_WITH(md5-passwords,
+AC_ARG_WITH([md5-passwords],
[ --with-md5-passwords Enable use of MD5 passwords],
[
if test "x$withval" != "xno" ; then
- AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
+ AC_DEFINE([HAVE_MD5_PASSWORDS], [1],
[Define if you want to allow MD5 passwords])
MD5_MSG="yes"
fi
@@ -3767,11 +4030,11 @@
)
# Whether to disable shadow password support
-AC_ARG_WITH(shadow,
+AC_ARG_WITH([shadow],
[ --without-shadow Disable shadow password support],
[
if test "x$withval" = "xno" ; then
- AC_DEFINE(DISABLE_SHADOW)
+ AC_DEFINE([DISABLE_SHADOW])
disable_shadow=yes
fi
]
@@ -3779,21 +4042,20 @@
if test -z "$disable_shadow" ; then
AC_MSG_CHECKING([if the systems has expire shadow information])
- AC_TRY_COMPILE(
- [
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <sys/types.h>
#include <shadow.h>
- struct spwd sp;
- ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
- [ sp_expire_available=yes ], []
- )
+struct spwd sp;
+ ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])],
+ [ sp_expire_available=yes ], [
+ ])
if test "x$sp_expire_available" = "xyes" ; then
- AC_MSG_RESULT(yes)
- AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([HAS_SHADOW_EXPIRE], [1],
[Define if you want to use shadow password expire field])
else
- AC_MSG_RESULT(no)
+ AC_MSG_RESULT([no])
fi
fi
@@ -3800,16 +4062,16 @@
# Use ip address instead of hostname in $DISPLAY
if test ! -z "$IPADDR_IN_DISPLAY" ; then
DISPLAY_HACK_MSG="yes"
- AC_DEFINE(IPADDR_IN_DISPLAY, 1,
+ AC_DEFINE([IPADDR_IN_DISPLAY], [1],
[Define if you need to use IP address
instead of hostname in $DISPLAY])
else
DISPLAY_HACK_MSG="no"
- AC_ARG_WITH(ipaddr-display,
+ AC_ARG_WITH([ipaddr-display],
[ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
[
if test "x$withval" != "xno" ; then
- AC_DEFINE(IPADDR_IN_DISPLAY)
+ AC_DEFINE([IPADDR_IN_DISPLAY])
DISPLAY_HACK_MSG="yes"
fi
]
@@ -3817,7 +4079,7 @@
fi
# check for /etc/default/login and use it if present.
-AC_ARG_ENABLE(etc-default-login,
+AC_ARG_ENABLE([etc-default-login],
[ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
[ if test "x$enableval" = "xno"; then
AC_MSG_NOTICE([/etc/default/login handling disabled])
@@ -3835,10 +4097,10 @@
)
if test "x$etc_default_login" != "xno"; then
- AC_CHECK_FILE("/etc/default/login",
+ AC_CHECK_FILE(["/etc/default/login"],
[ external_path_file=/etc/default/login ])
if test "x$external_path_file" = "x/etc/default/login"; then
- AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
+ AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1],
[Define if your system has /etc/default/login])
fi
fi
@@ -3851,7 +4113,7 @@
# Whether to mess with the default path
SERVER_PATH_MSG="(default)"
-AC_ARG_WITH(default-path,
+AC_ARG_WITH([default-path],
[ --with-default-path= Specify default \$PATH environment for server],
[
if test "x$external_path_file" = "x/etc/login.conf" ; then
@@ -3877,7 +4139,7 @@
otherwise scp will not work.])
fi
AC_RUN_IFELSE(
- [AC_LANG_SOURCE([[
+ [AC_LANG_PROGRAM([[
/* find out what STDPATH is */
#include <stdio.h>
#ifdef HAVE_PATHS_H
@@ -3894,9 +4156,7 @@
#include <sys/stat.h>
#include <fcntl.h>
#define DATA "conftest.stdpath"
-
-main()
-{
+ ]], [[
FILE *fd;
int rc;
@@ -3908,7 +4168,6 @@
exit(1);
exit(0);
-}
]])],
[ user_path=`cat conftest.stdpath` ],
[ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
@@ -3915,35 +4174,38 @@
[ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
)
# make sure $bindir is in USER_PATH so scp will work
- t_bindir=`eval echo ${bindir}`
- case $t_bindir in
- NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
- esac
- case $t_bindir in
- NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
- esac
+ t_bindir="${bindir}"
+ while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do
+ t_bindir=`eval echo ${t_bindir}`
+ case $t_bindir in
+ NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
+ esac
+ case $t_bindir in
+ NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
+ esac
+ done
echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
if test $? -ne 0 ; then
echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
if test $? -ne 0 ; then
user_path=$user_path:$t_bindir
- AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
+ AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work])
fi
fi
fi ]
)
if test "x$external_path_file" != "x/etc/login.conf" ; then
- AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
- AC_SUBST(user_path)
+ AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH])
+ AC_SUBST([user_path])
fi
# Set superuser path separately to user path
-AC_ARG_WITH(superuser-path,
+AC_ARG_WITH([superuser-path],
[ --with-superuser-path= Specify different path for super-user],
[
if test -n "$withval" && test "x$withval" != "xno" && \
test "x${withval}" != "xyes"; then
- AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
+ AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"],
[Define if you want a different $PATH
for the superuser])
superuser_path=$withval
@@ -3958,18 +4220,18 @@
[ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
[
if test "x$withval" != "xno" ; then
- AC_MSG_RESULT(yes)
- AC_DEFINE(IPV4_IN_IPV6, 1,
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([IPV4_IN_IPV6], [1],
[Detect IPv4 in IPv6 mapped addresses
and treat as IPv4])
IPV4_IN6_HACK_MSG="yes"
else
- AC_MSG_RESULT(no)
+ AC_MSG_RESULT([no])
fi
- ],[
+ ], [
if test "x$inet6_default_4in6" = "xyes"; then
AC_MSG_RESULT([yes (default)])
- AC_DEFINE(IPV4_IN_IPV6)
+ AC_DEFINE([IPV4_IN_IPV6])
IPV4_IN6_HACK_MSG="yes"
else
AC_MSG_RESULT([no (default)])
@@ -3979,11 +4241,11 @@
# Whether to enable BSD auth support
BSD_AUTH_MSG=no
-AC_ARG_WITH(bsd-auth,
+AC_ARG_WITH([bsd-auth],
[ --with-bsd-auth Enable BSD auth support],
[
if test "x$withval" != "xno" ; then
- AC_DEFINE(BSD_AUTH, 1,
+ AC_DEFINE([BSD_AUTH], [1],
[Define if you have BSD auth support])
BSD_AUTH_MSG=yes
fi
@@ -4000,7 +4262,7 @@
esac
fi
-AC_ARG_WITH(pid-dir,
+AC_ARG_WITH([pid-dir],
[ --with-pid-dir=PATH Specify location of ssh.pid file],
[
if test -n "$withval" && test "x$withval" != "xno" && \
@@ -4013,85 +4275,86 @@
]
)
-AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
-AC_SUBST(piddir)
+AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"],
+ [Specify location of ssh.pid])
+AC_SUBST([piddir])
dnl allow user to disable some login recording features
-AC_ARG_ENABLE(lastlog,
+AC_ARG_ENABLE([lastlog],
[ --disable-lastlog disable use of lastlog even if detected [no]],
[
if test "x$enableval" = "xno" ; then
- AC_DEFINE(DISABLE_LASTLOG)
+ AC_DEFINE([DISABLE_LASTLOG])
fi
]
)
-AC_ARG_ENABLE(utmp,
+AC_ARG_ENABLE([utmp],
[ --disable-utmp disable use of utmp even if detected [no]],
[
if test "x$enableval" = "xno" ; then
- AC_DEFINE(DISABLE_UTMP)
+ AC_DEFINE([DISABLE_UTMP])
fi
]
)
-AC_ARG_ENABLE(utmpx,
+AC_ARG_ENABLE([utmpx],
[ --disable-utmpx disable use of utmpx even if detected [no]],
[
if test "x$enableval" = "xno" ; then
- AC_DEFINE(DISABLE_UTMPX, 1,
+ AC_DEFINE([DISABLE_UTMPX], [1],
[Define if you don't want to use utmpx])
fi
]
)
-AC_ARG_ENABLE(wtmp,
+AC_ARG_ENABLE([wtmp],
[ --disable-wtmp disable use of wtmp even if detected [no]],
[
if test "x$enableval" = "xno" ; then
- AC_DEFINE(DISABLE_WTMP)
+ AC_DEFINE([DISABLE_WTMP])
fi
]
)
-AC_ARG_ENABLE(wtmpx,
+AC_ARG_ENABLE([wtmpx],
[ --disable-wtmpx disable use of wtmpx even if detected [no]],
[
if test "x$enableval" = "xno" ; then
- AC_DEFINE(DISABLE_WTMPX, 1,
+ AC_DEFINE([DISABLE_WTMPX], [1],
[Define if you don't want to use wtmpx])
fi
]
)
-AC_ARG_ENABLE(libutil,
+AC_ARG_ENABLE([libutil],
[ --disable-libutil disable use of libutil (login() etc.) [no]],
[
if test "x$enableval" = "xno" ; then
- AC_DEFINE(DISABLE_LOGIN)
+ AC_DEFINE([DISABLE_LOGIN])
fi
]
)
-AC_ARG_ENABLE(pututline,
+AC_ARG_ENABLE([pututline],
[ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
[
if test "x$enableval" = "xno" ; then
- AC_DEFINE(DISABLE_PUTUTLINE, 1,
+ AC_DEFINE([DISABLE_PUTUTLINE], [1],
[Define if you don't want to use pututline()
etc. to write [uw]tmp])
fi
]
)
-AC_ARG_ENABLE(pututxline,
+AC_ARG_ENABLE([pututxline],
[ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
[
if test "x$enableval" = "xno" ; then
- AC_DEFINE(DISABLE_PUTUTXLINE, 1,
+ AC_DEFINE([DISABLE_PUTUTXLINE], [1],
[Define if you don't want to use pututxline()
etc. to write [uw]tmpx])
fi
]
)
-AC_ARG_WITH(lastlog,
+AC_ARG_WITH([lastlog],
[ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
[
if test "x$withval" = "xno" ; then
- AC_DEFINE(DISABLE_LASTLOG)
+ AC_DEFINE([DISABLE_LASTLOG])
elif test -n "$withval" && test "x${withval}" != "xyes"; then
conf_lastlog_location=$withval
fi
@@ -4106,7 +4369,7 @@
dnl lastlog detection
dnl NOTE: the code itself will detect if lastlog is a directory
AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
-AC_TRY_COMPILE([
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <sys/types.h>
#include <utmp.h>
#ifdef HAVE_LASTLOG_H
@@ -4118,13 +4381,12 @@
#ifdef HAVE_LOGIN_H
# include <login.h>
#endif
- ],
- [ char *lastlog = LASTLOG_FILE; ],
- [ AC_MSG_RESULT(yes) ],
- [
- AC_MSG_RESULT(no)
+ ]], [[ char *lastlog = LASTLOG_FILE; ]])],
+ [ AC_MSG_RESULT([yes]) ],
+ [
+ AC_MSG_RESULT([no])
AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
- AC_TRY_COMPILE([
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <sys/types.h>
#include <utmp.h>
#ifdef HAVE_LASTLOG_H
@@ -4133,15 +4395,13 @@
#ifdef HAVE_PATHS_H
# include <paths.h>
#endif
- ],
- [ char *lastlog = _PATH_LASTLOG; ],
- [ AC_MSG_RESULT(yes) ],
+ ]], [[ char *lastlog = _PATH_LASTLOG; ]])],
+ [ AC_MSG_RESULT([yes]) ],
[
- AC_MSG_RESULT(no)
+ AC_MSG_RESULT([no])
system_lastlog_path=no
])
- ]
-)
+])
if test -z "$conf_lastlog_location"; then
if test x"$system_lastlog_path" = x"no" ; then
@@ -4158,24 +4418,23 @@
fi
if test -n "$conf_lastlog_location"; then
- AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
+ AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"],
[Define if you want to specify the path to your lastlog file])
fi
dnl utmp detection
AC_MSG_CHECKING([if your system defines UTMP_FILE])
-AC_TRY_COMPILE([
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <sys/types.h>
#include <utmp.h>
#ifdef HAVE_PATHS_H
# include <paths.h>
#endif
- ],
- [ char *utmp = UTMP_FILE; ],
- [ AC_MSG_RESULT(yes) ],
- [ AC_MSG_RESULT(no)
- system_utmp_path=no ]
-)
+ ]], [[ char *utmp = UTMP_FILE; ]])],
+ [ AC_MSG_RESULT([yes]) ],
+ [ AC_MSG_RESULT([no])
+ system_utmp_path=no
+])
if test -z "$conf_utmp_location"; then
if test x"$system_utmp_path" = x"no" ; then
for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
@@ -4184,29 +4443,28 @@
fi
done
if test -z "$conf_utmp_location"; then
- AC_DEFINE(DISABLE_UTMP)
+ AC_DEFINE([DISABLE_UTMP])
fi
fi
fi
if test -n "$conf_utmp_location"; then
- AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
+ AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"],
[Define if you want to specify the path to your utmp file])
fi
dnl wtmp detection
AC_MSG_CHECKING([if your system defines WTMP_FILE])
-AC_TRY_COMPILE([
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <sys/types.h>
#include <utmp.h>
#ifdef HAVE_PATHS_H
# include <paths.h>
#endif
- ],
- [ char *wtmp = WTMP_FILE; ],
- [ AC_MSG_RESULT(yes) ],
- [ AC_MSG_RESULT(no)
- system_wtmp_path=no ]
-)
+ ]], [[ char *wtmp = WTMP_FILE; ]])],
+ [ AC_MSG_RESULT([yes]) ],
+ [ AC_MSG_RESULT([no])
+ system_wtmp_path=no
+])
if test -z "$conf_wtmp_location"; then
if test x"$system_wtmp_path" = x"no" ; then
for f in /usr/adm/wtmp /var/log/wtmp; do
@@ -4215,19 +4473,18 @@
fi
done
if test -z "$conf_wtmp_location"; then
- AC_DEFINE(DISABLE_WTMP)
+ AC_DEFINE([DISABLE_WTMP])
fi
fi
fi
if test -n "$conf_wtmp_location"; then
- AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
+ AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"],
[Define if you want to specify the path to your wtmp file])
fi
-
dnl wtmpx detection
AC_MSG_CHECKING([if your system defines WTMPX_FILE])
-AC_TRY_COMPILE([
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <sys/types.h>
#include <utmp.h>
#ifdef HAVE_UTMPX_H
@@ -4236,18 +4493,17 @@
#ifdef HAVE_PATHS_H
# include <paths.h>
#endif
- ],
- [ char *wtmpx = WTMPX_FILE; ],
- [ AC_MSG_RESULT(yes) ],
- [ AC_MSG_RESULT(no)
- system_wtmpx_path=no ]
-)
+ ]], [[ char *wtmpx = WTMPX_FILE; ]])],
+ [ AC_MSG_RESULT([yes]) ],
+ [ AC_MSG_RESULT([no])
+ system_wtmpx_path=no
+])
if test -z "$conf_wtmpx_location"; then
if test x"$system_wtmpx_path" = x"no" ; then
- AC_DEFINE(DISABLE_WTMPX)
+ AC_DEFINE([DISABLE_WTMPX])
fi
else
- AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
+ AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"],
[Define if you want to specify the path to your wtmpx file])
fi
@@ -4257,6 +4513,43 @@
AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
fi
+AC_CHECK_MEMBER([struct lastlog.ll_line], [], [
+ if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then
+ AC_DEFINE([DISABLE_LASTLOG])
+ fi
+ ], [
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_UTMP_H
+#include <utmp.h>
+#endif
+#ifdef HAVE_UTMPX_H
+#include <utmpx.h>
+#endif
+#ifdef HAVE_LASTLOG_H
+#include <lastlog.h>
+#endif
+ ])
+
+AC_CHECK_MEMBER([struct utmp.ut_line], [], [
+ AC_DEFINE([DISABLE_UTMP])
+ AC_DEFINE([DISABLE_WTMP])
+ ], [
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_UTMP_H
+#include <utmp.h>
+#endif
+#ifdef HAVE_UTMPX_H
+#include <utmpx.h>
+#endif
+#ifdef HAVE_LASTLOG_H
+#include <lastlog.h>
+#endif
+ ])
+
dnl Adding -Werror to CFLAGS early prevents configure tests from running.
dnl Add now.
CFLAGS="$CFLAGS $werror_flags"
@@ -4266,13 +4559,14 @@
else
TEST_SSH_IPV6=yes
fi
-AC_CHECK_DECL(BROKEN_GETADDRINFO, TEST_SSH_IPV6=no)
-AC_SUBST(TEST_SSH_IPV6, $TEST_SSH_IPV6)
+AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no])
+AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6])
+AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms])
AC_EXEEXT
AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
openbsd-compat/Makefile openbsd-compat/regress/Makefile \
- ssh_prng_cmds survey.sh])
+ survey.sh])
AC_OUTPUT
# Print summary of options
@@ -4327,9 +4621,7 @@
echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
echo " BSD Auth support: $BSD_AUTH_MSG"
echo " Random number source: $RAND_MSG"
-if test ! -z "$USE_RAND_HELPER" ; then
-echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
-fi
+echo " Privsep sandbox style: $SANDBOX_STYLE"
echo ""
@@ -4361,14 +4653,6 @@
echo ""
fi
-if test ! -z "$RAND_HELPER_CMDHASH" ; then
- echo "WARNING: you are using the builtin random number collection "
- echo "service. Please read WARNING.RNG and request that your OS "
- echo "vendor includes kernel-based random number collection in "
- echo "future versions of your OS."
- echo ""
-fi
-
if test ! -z "$NO_PEERCHECK" ; then
echo "WARNING: the operating system that you are using does not"
echo "appear to support getpeereid(), getpeerucred() or the"
Property changes on: vendor-crypto/openssh/dist/configure.ac
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.10
\ No newline at end of property
Added: vendor-crypto/openssh/dist/contrib/Makefile
===================================================================
--- vendor-crypto/openssh/dist/contrib/Makefile (rev 0)
+++ vendor-crypto/openssh/dist/contrib/Makefile 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,17 @@
+PKG_CONFIG = pkg-config
+
+all:
+ @echo "Valid targets: gnome-ssh-askpass1 gnome-ssh-askpass2"
+
+gnome-ssh-askpass1: gnome-ssh-askpass1.c
+ $(CC) `gnome-config --cflags gnome gnomeui` \
+ gnome-ssh-askpass1.c -o gnome-ssh-askpass1 \
+ `gnome-config --libs gnome gnomeui`
+
+gnome-ssh-askpass2: gnome-ssh-askpass2.c
+ $(CC) `$(PKG_CONFIG) --cflags gtk+-2.0` \
+ gnome-ssh-askpass2.c -o gnome-ssh-askpass2 \
+ `$(PKG_CONFIG) --libs gtk+-2.0 x11`
+
+clean:
+ rm -f *.o gnome-ssh-askpass1 gnome-ssh-askpass2 gnome-ssh-askpass
Added: vendor-crypto/openssh/dist/contrib/README
===================================================================
--- vendor-crypto/openssh/dist/contrib/README (rev 0)
+++ vendor-crypto/openssh/dist/contrib/README 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,70 @@
+Other patches and addons for OpenSSH. Please send submissions to
+djm at mindrot.org
+
+Externally maintained
+---------------------
+
+SSH Proxy Command -- connect.c
+
+Shun-ichi GOTO <gotoh at imasy.or.jp> has written a very useful ProxyCommand
+which allows the use of outbound SSH from behind a SOCKS4, SOCKS5 or
+https CONNECT style proxy server. His page for connect.c has extensive
+documentation on its use as well as compiled versions for Win32.
+
+http://www.taiyo.co.jp/~gotoh/ssh/connect.html
+
+
+X11 SSH Askpass:
+
+Jim Knoble <jmknoble at pobox.com> has written an excellent X11
+passphrase requester. This is highly recommended:
+
+http://www.jmknoble.net/software/x11-ssh-askpass/
+
+
+In this directory
+-----------------
+
+ssh-copy-id:
+
+Phil Hands' <phil at hands.com> shell script to automate the process of adding
+your public key to a remote machine's ~/.ssh/authorized_keys file.
+
+gnome-ssh-askpass[12]:
+
+A GNOME and Gtk2 passphrase requesters. Use "make gnome-ssh-askpass1" or
+"make gnome-ssh-askpass2" to build.
+
+sshd.pam.generic:
+
+A generic PAM config file which may be useful on your system. YMMV
+
+sshd.pam.freebsd:
+
+A PAM config file which works with FreeBSD's PAM port. Contributed by
+Dominik Brettnacher <domi at saargate.de>
+
+findssl.sh:
+
+Search for all instances of OpenSSL headers and libraries and print their
+versions. This is intended to help diagnose OpenSSH's "OpenSSL headers do not
+match your library" errors.
+
+aix:
+ Files to build an AIX native (installp or SMIT installable) package.
+
+caldera:
+ RPM spec file and scripts for building Caldera OpenLinuix packages
+
+cygwin:
+ Support files for Cygwin
+
+hpux:
+ Support files for HP-UX
+
+redhat:
+ RPM spec file and scripts for building Redhat packages
+
+suse:
+ RPM spec file and scripts for building SuSE packages
+
Added: vendor-crypto/openssh/dist/contrib/aix/README
===================================================================
--- vendor-crypto/openssh/dist/contrib/aix/README (rev 0)
+++ vendor-crypto/openssh/dist/contrib/aix/README 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,50 @@
+Overview:
+
+This directory contains files to build an AIX native (installp or SMIT
+installable) openssh package.
+
+
+Directions:
+
+(optional) create config.local in your build dir
+./configure [options]
+contrib/aix/buildbff.sh
+
+The file config.local or the environment is read to set the following options
+(default first):
+PERMIT_ROOT_LOGIN=[no|yes]
+X11_FORWARDING=[no|yes]
+AIX_SRC=[no|yes]
+
+Acknowledgements:
+
+The contents of this directory are based on Ben Lindstrom's Solaris
+buildpkg.sh. Ben also supplied inventory.sh.
+
+Jim Abbey's (GPL'ed) lppbuild-2.1 was used to learn how to build .bff's
+and for comparison with the output from this script, however no code
+from lppbuild is included and it is not required for operation.
+
+SRC support based on examples provided by Sandor Sklar and Maarten Kreuger.
+PrivSep account handling fixes contributed by W. Earl Allen.
+
+
+Other notes:
+
+The script treats all packages as USR packages (not ROOT+USR when
+appropriate). It seems to work, though......
+
+If there are any patches to this that have not yet been integrated they
+may be found at http://www.zip.com.au/~dtucker/openssh/.
+
+
+Disclaimer:
+
+It is hoped that it is useful but there is no warranty. If it breaks
+you get to keep both pieces.
+
+
+ - Darren Tucker (dtucker at zip dot com dot au)
+ 2002/03/01
+
+$Id: README,v 1.4 2003/08/25 05:01:04 dtucker Exp $
Added: vendor-crypto/openssh/dist/contrib/aix/buildbff.sh
===================================================================
--- vendor-crypto/openssh/dist/contrib/aix/buildbff.sh (rev 0)
+++ vendor-crypto/openssh/dist/contrib/aix/buildbff.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,381 @@
+#!/bin/sh
+#
+# buildbff.sh: Create AIX SMIT-installable OpenSSH packages
+# $Id: buildbff.sh,v 1.13 2011/05/05 03:48:41 djm Exp $
+#
+# Author: Darren Tucker (dtucker at zip dot com dot au)
+# This file is placed in the public domain and comes with absolutely
+# no warranty.
+#
+# Based originally on Ben Lindstrom's buildpkg.sh for Solaris
+#
+
+#
+# Tunable configuration settings
+# create a "config.local" in your build directory or set
+# environment variables to override these.
+#
+[ -z "$PERMIT_ROOT_LOGIN" ] && PERMIT_ROOT_LOGIN=no
+[ -z "$X11_FORWARDING" ] && X11_FORWARDING=no
+[ -z "$AIX_SRC" ] && AIX_SRC=no
+
+umask 022
+
+startdir=`pwd`
+
+perl -v >/dev/null || (echo perl required; exit 1)
+
+# Path to inventory.sh: same place as buildbff.sh
+if echo $0 | egrep '^/'
+then
+ inventory=`dirname $0`/inventory.sh # absolute path
+else
+ inventory=`pwd`/`dirname $0`/inventory.sh # relative path
+fi
+
+#
+# We still support running from contrib/aix, but this is deprecated
+#
+if pwd | egrep 'contrib/aix$'
+then
+ echo "Changing directory to `pwd`/../.."
+ echo "Please run buildbff.sh from your build directory in future."
+ cd ../..
+ contribaix=1
+fi
+
+if [ ! -f Makefile ]
+then
+ echo "Makefile not found (did you run configure?)"
+ exit 1
+fi
+
+#
+# Directories used during build:
+# current dir = $objdir directory you ran ./configure in.
+# $objdir/$PKGDIR/ directory package files are constructed in
+# $objdir/$PKGDIR/root/ package root ($FAKE_ROOT)
+#
+objdir=`pwd`
+PKGNAME=openssh
+PKGDIR=package
+
+#
+# Collect local configuration settings to override defaults
+#
+if [ -s ./config.local ]
+then
+ echo Reading local settings from config.local
+ . ./config.local
+fi
+
+#
+# Fill in some details from Makefile, like prefix and sysconfdir
+# the eval also expands variables like sysconfdir=${prefix}/etc
+# provided they are eval'ed in the correct order
+#
+for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir mansubdir sysconfdir piddir srcdir
+do
+ eval $confvar=`grep "^$confvar=" $objdir/Makefile | cut -d = -f 2`
+done
+
+#
+# Collect values of privsep user and privsep path
+# currently only found in config.h
+#
+for confvar in SSH_PRIVSEP_USER PRIVSEP_PATH
+do
+ eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' $objdir/config.h`
+done
+
+# Set privsep defaults if not defined
+if [ -z "$SSH_PRIVSEP_USER" ]
+then
+ SSH_PRIVSEP_USER=sshd
+fi
+if [ -z "$PRIVSEP_PATH" ]
+then
+ PRIVSEP_PATH=/var/empty
+fi
+
+# Clean package build directory
+rm -rf $objdir/$PKGDIR
+FAKE_ROOT=$objdir/$PKGDIR/root
+mkdir -p $FAKE_ROOT
+
+# Start by faking root install
+echo "Faking root install..."
+cd $objdir
+make install-nokeys DESTDIR=$FAKE_ROOT
+
+if [ $? -gt 0 ]
+then
+ echo "Fake root install failed, stopping."
+ exit 1
+fi
+
+#
+# Copy informational files to include in package
+#
+cp $srcdir/LICENCE $objdir/$PKGDIR/
+cp $srcdir/README* $objdir/$PKGDIR/
+
+#
+# Extract common info requires for the 'info' part of the package.
+# AIX requires 4-part version numbers
+#
+VERSION=`./ssh -V 2>&1 | cut -f 1 -d , | cut -f 2 -d _`
+MAJOR=`echo $VERSION | cut -f 1 -d p | cut -f 1 -d .`
+MINOR=`echo $VERSION | cut -f 1 -d p | cut -f 2 -d .`
+PATCH=`echo $VERSION | cut -f 1 -d p | cut -f 3 -d .`
+PORTABLE=`echo $VERSION | awk 'BEGIN{FS="p"}{print $2}'`
+[ "$PATCH" = "" ] && PATCH=0
+[ "$PORTABLE" = "" ] && PORTABLE=0
+BFFVERSION=`printf "%d.%d.%d.%d" $MAJOR $MINOR $PATCH $PORTABLE`
+
+echo "Building BFF for $PKGNAME $VERSION (package version $BFFVERSION)"
+
+#
+# Set ssh and sshd parameters as per config.local
+#
+if [ "${PERMIT_ROOT_LOGIN}" = no ]
+then
+ perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \
+ $FAKE_ROOT/${sysconfdir}/sshd_config
+fi
+if [ "${X11_FORWARDING}" = yes ]
+then
+ perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \
+ $FAKE_ROOT/${sysconfdir}/sshd_config
+fi
+
+
+# Rename config files; postinstall script will copy them if necessary
+for cfgfile in ssh_config sshd_config
+do
+ mv $FAKE_ROOT/$sysconfdir/$cfgfile $FAKE_ROOT/$sysconfdir/$cfgfile.default
+done
+
+#
+# Generate lpp control files.
+# working dir is $FAKE_ROOT but files are generated in dir above
+# and moved into place just before creation of .bff
+#
+cd $FAKE_ROOT
+echo Generating LPP control files
+find . ! -name . -print >../openssh.al
+$inventory >../openssh.inventory
+
+cat <<EOD >../openssh.copyright
+This software is distributed under a BSD-style license.
+For the full text of the license, see /usr/lpp/openssh/LICENCE
+EOD
+
+#
+# openssh.size file allows filesystem expansion as required
+# generate list of directories containing files
+# then calculate disk usage for each directory and store in openssh.size
+#
+files=`find . -type f -print`
+dirs=`for file in $files; do dirname $file; done | sort -u`
+for dir in $dirs
+do
+ du $dir
+done > ../openssh.size
+
+#
+# Create postinstall script
+#
+cat <<EOF >>../openssh.post_i
+#!/bin/sh
+
+echo Creating configs from defaults if necessary.
+for cfgfile in ssh_config sshd_config
+do
+ if [ ! -f $sysconfdir/\$cfgfile ]
+ then
+ echo "Creating \$cfgfile from default"
+ cp $sysconfdir/\$cfgfile.default $sysconfdir/\$cfgfile
+ else
+ echo "\$cfgfile already exists."
+ fi
+done
+echo
+
+# Create PrivilegeSeparation user and group if not present
+echo Checking for PrivilegeSeparation user and group.
+if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
+then
+ echo "PrivSep group $SSH_PRIVSEP_USER already exists."
+else
+ echo "Creating PrivSep group $SSH_PRIVSEP_USER."
+ mkgroup -A $SSH_PRIVSEP_USER
+fi
+
+# Create user if required
+if lsuser "$SSH_PRIVSEP_USER" >/dev/null
+then
+ echo "PrivSep user $SSH_PRIVSEP_USER already exists."
+else
+ echo "Creating PrivSep user $SSH_PRIVSEP_USER."
+ mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER
+fi
+
+if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null
+then
+ echo UsePrivilegeSeparation not enabled, privsep directory not required.
+else
+ # create chroot directory if required
+ if [ -d $PRIVSEP_PATH ]
+ then
+ echo "PrivSep chroot directory $PRIVSEP_PATH already exists."
+ else
+ echo "Creating PrivSep chroot directory $PRIVSEP_PATH."
+ mkdir $PRIVSEP_PATH
+ chown 0 $PRIVSEP_PATH
+ chgrp 0 $PRIVSEP_PATH
+ chmod 755 $PRIVSEP_PATH
+ fi
+fi
+echo
+
+# Generate keys unless they already exist
+echo Creating host keys if required.
+if [ -f "$sysconfdir/ssh_host_key" ] ; then
+ echo "$sysconfdir/ssh_host_key already exists, skipping."
+else
+ $bindir/ssh-keygen -t rsa1 -f $sysconfdir/ssh_host_key -N ""
+fi
+if [ -f $sysconfdir/ssh_host_dsa_key ] ; then
+ echo "$sysconfdir/ssh_host_dsa_key already exists, skipping."
+else
+ $bindir/ssh-keygen -t dsa -f $sysconfdir/ssh_host_dsa_key -N ""
+fi
+if [ -f $sysconfdir/ssh_host_rsa_key ] ; then
+ echo "$sysconfdir/ssh_host_rsa_key already exists, skipping."
+else
+ $bindir/ssh-keygen -t rsa -f $sysconfdir/ssh_host_rsa_key -N ""
+fi
+echo
+
+# Set startup command depending on SRC support
+if [ "$AIX_SRC" = "yes" ]
+then
+ echo Creating SRC sshd subsystem.
+ rmssys -s sshd 2>&1 >/dev/null
+ mkssys -s sshd -p "$sbindir/sshd" -a '-D' -u 0 -S -n 15 -f 9 -R -G tcpip
+ startupcmd="start $sbindir/sshd \\\"\\\$src_running\\\""
+ oldstartcmd="$sbindir/sshd"
+else
+ startupcmd="$sbindir/sshd"
+ oldstartcmd="start $sbindir/sshd \\\"$src_running\\\""
+fi
+
+# If migrating to or from SRC, change previous startup command
+# otherwise add to rc.tcpip
+if egrep "^\$oldstartcmd" /etc/rc.tcpip >/dev/null
+then
+ if sed "s|^\$oldstartcmd|\$startupcmd|g" /etc/rc.tcpip >/etc/rc.tcpip.new
+ then
+ chmod 0755 /etc/rc.tcpip.new
+ mv /etc/rc.tcpip /etc/rc.tcpip.old && \
+ mv /etc/rc.tcpip.new /etc/rc.tcpip
+ else
+ echo "Updating /etc/rc.tcpip failed, please check."
+ fi
+else
+ # Add to system startup if required
+ if grep "^\$startupcmd" /etc/rc.tcpip >/dev/null
+ then
+ echo "sshd found in rc.tcpip, not adding."
+ else
+ echo "Adding sshd to rc.tcpip"
+ echo >>/etc/rc.tcpip
+ echo "# Start sshd" >>/etc/rc.tcpip
+ echo "\$startupcmd" >>/etc/rc.tcpip
+ fi
+fi
+EOF
+
+#
+# Create liblpp.a and move control files into it
+#
+echo Creating liblpp.a
+(
+ cd ..
+ for i in openssh.al openssh.copyright openssh.inventory openssh.post_i openssh.size LICENCE README*
+ do
+ ar -r liblpp.a $i
+ rm $i
+ done
+)
+
+#
+# Create lpp_name
+#
+# This will end up looking something like:
+# 4 R I OpenSSH {
+# OpenSSH 3.0.2.1 1 N U en_US OpenSSH 3.0.2p1 Portable for AIX
+# [
+# %
+# /usr/local/bin 8073
+# /usr/local/etc 189
+# /usr/local/libexec 185
+# /usr/local/man/man1 145
+# /usr/local/man/man8 83
+# /usr/local/sbin 2105
+# /usr/local/share 3
+# %
+# ]
+# }
+
+echo Creating lpp_name
+cat <<EOF >../lpp_name
+4 R I $PKGNAME {
+$PKGNAME $BFFVERSION 1 N U en_US OpenSSH $VERSION Portable for AIX
+[
+%
+EOF
+
+for i in $bindir $sysconfdir $libexecdir $mandir/${mansubdir}1 $mandir/${mansubdir}8 $sbindir $datadir /usr/lpp/openssh
+do
+ # get size in 512 byte blocks
+ if [ -d $FAKE_ROOT/$i ]
+ then
+ size=`du $FAKE_ROOT/$i | awk '{print $1}'`
+ echo "$i $size" >>../lpp_name
+ fi
+done
+
+echo '%' >>../lpp_name
+echo ']' >>../lpp_name
+echo '}' >>../lpp_name
+
+#
+# Move pieces into place
+#
+mkdir -p usr/lpp/openssh
+mv ../liblpp.a usr/lpp/openssh
+mv ../lpp_name .
+
+#
+# Now invoke backup to create .bff file
+# note: lpp_name needs to be the first file so we generate the
+# file list on the fly and feed it to backup using -i
+#
+echo Creating $PKGNAME-$VERSION.bff with backup...
+rm -f $PKGNAME-$VERSION.bff
+(
+ echo "./lpp_name"
+ find . ! -name lpp_name -a ! -name . -print
+) | backup -i -q -f ../$PKGNAME-$VERSION.bff $filelist
+
+#
+# Move package into final location and clean up
+#
+mv ../$PKGNAME-$VERSION.bff $startdir
+cd $startdir
+rm -rf $objdir/$PKGDIR
+
+echo $0: done.
+
Added: vendor-crypto/openssh/dist/contrib/aix/inventory.sh
===================================================================
--- vendor-crypto/openssh/dist/contrib/aix/inventory.sh (rev 0)
+++ vendor-crypto/openssh/dist/contrib/aix/inventory.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,63 @@
+#!/bin/sh
+#
+# inventory.sh
+# $Id: inventory.sh,v 1.6 2003/11/21 12:48:56 djm Exp $
+#
+# Originally written by Ben Lindstrom, modified by Darren Tucker to use perl
+# This file is placed into the public domain.
+#
+# This will produce an AIX package inventory file, which looks like:
+#
+# /usr/local/bin:
+# class=apply,inventory,openssh
+# owner=root
+# group=system
+# mode=755
+# type=DIRECTORY
+# /usr/local/bin/slogin:
+# class=apply,inventory,openssh
+# owner=root
+# group=system
+# mode=777
+# type=SYMLINK
+# target=ssh
+# /usr/local/share/Ssh.bin:
+# class=apply,inventory,openssh
+# owner=root
+# group=system
+# mode=644
+# type=FILE
+# size=VOLATILE
+# checksum=VOLATILE
+
+find . ! -name . -print | perl -ne '{
+ chomp;
+ if ( -l $_ ) {
+ ($dev,$ino,$mod,$nl,$uid,$gid,$rdev,$sz,$at,$mt,$ct,$bsz,$blk)=lstat;
+ } else {
+ ($dev,$ino,$mod,$nl,$uid,$gid,$rdev,$sz,$at,$mt,$ct,$bsz,$blk)=stat;
+ }
+
+ # Start to display inventory information
+ $name = $_;
+ $name =~ s|^.||; # Strip leading dot from path
+ print "$name:\n";
+ print "\tclass=apply,inventory,openssh\n";
+ print "\towner=root\n";
+ print "\tgroup=system\n";
+ printf "\tmode=%lo\n", $mod & 07777; # Mask perm bits
+
+ if ( -l $_ ) {
+ # Entry is SymLink
+ print "\ttype=SYMLINK\n";
+ printf "\ttarget=%s\n", readlink($_);
+ } elsif ( -f $_ ) {
+ # Entry is File
+ print "\ttype=FILE\n";
+ print "\tsize=$sz\n";
+ print "\tchecksum=VOLATILE\n";
+ } elsif ( -d $_ ) {
+ # Entry is Directory
+ print "\ttype=DIRECTORY\n";
+ }
+}'
Added: vendor-crypto/openssh/dist/contrib/aix/pam.conf
===================================================================
--- vendor-crypto/openssh/dist/contrib/aix/pam.conf (rev 0)
+++ vendor-crypto/openssh/dist/contrib/aix/pam.conf 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,20 @@
+#
+# PAM configuration file /etc/pam.conf
+# Example for OpenSSH on AIX 5.2
+#
+
+# Authentication Management
+sshd auth required /usr/lib/security/pam_aix
+OTHER auth required /usr/lib/security/pam_aix
+
+# Account Management
+sshd account required /usr/lib/security/pam_aix
+OTHER account required /usr/lib/security/pam_aix
+
+# Password Management
+sshd password required /usr/lib/security/pam_aix
+OTHER password required /usr/lib/security/pam_aix
+
+# Session Management
+sshd session required /usr/lib/security/pam_aix
+OTHER session required /usr/lib/security/pam_aix
Added: vendor-crypto/openssh/dist/contrib/caldera/openssh.spec
===================================================================
--- vendor-crypto/openssh/dist/contrib/caldera/openssh.spec (rev 0)
+++ vendor-crypto/openssh/dist/contrib/caldera/openssh.spec 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,366 @@
+
+# Some of this will need re-evaluation post-LSB. The SVIdir is there
+# because the link appeared broken. The rest is for easy compilation,
+# the tradeoff open to discussion. (LC957)
+
+%define SVIdir /etc/rc.d/init.d
+%{!?_defaultdocdir:%define _defaultdocdir %{_prefix}/share/doc/packages}
+%{!?SVIcdir:%define SVIcdir /etc/sysconfig/daemons}
+
+%define _mandir %{_prefix}/share/man/en
+%define _sysconfdir /etc/ssh
+%define _libexecdir %{_libdir}/ssh
+
+# Do we want to disable root_login? (1=yes 0=no)
+%define no_root_login 0
+
+#old cvs stuff. please update before use. may be deprecated.
+%define use_stable 1
+%define version 6.4p1
+%if %{use_stable}
+ %define cvs %{nil}
+ %define release 1
+%else
+ %define cvs cvs20050315
+ %define release 0r1
+%endif
+%define xsa x11-ssh-askpass
+%define askpass %{xsa}-1.2.4.1
+
+# OpenSSH privilege separation requires a user & group ID
+%define sshd_uid 67
+%define sshd_gid 67
+
+Name : openssh
+Version : %{version}%{cvs}
+Release : %{release}
+Group : System/Network
+
+Summary : OpenSSH free Secure Shell (SSH) implementation.
+Summary(de) : OpenSSH - freie Implementation der Secure Shell (SSH).
+Summary(es) : OpenSSH implementaci\xF3n libre de Secure Shell (SSH).
+Summary(fr) : Impl\xE9mentation libre du shell s\xE9curis\xE9 OpenSSH (SSH).
+Summary(it) : Implementazione gratuita OpenSSH della Secure Shell.
+Summary(pt) : Implementa\xE7\xE3o livre OpenSSH do protocolo 'Secure Shell' (SSH).
+Summary(pt_BR) : Implementa\xE7\xE3o livre OpenSSH do protocolo Secure Shell (SSH).
+
+Copyright : BSD
+Packager : Raymund Will <ray at caldera.de>
+URL : http://www.openssh.com/
+
+Obsoletes : ssh, ssh-clients, openssh-clients
+
+BuildRoot : /tmp/%{name}-%{version}
+BuildRequires : XFree86-imake
+
+# %{use_stable}==1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable
+# %{use_stable}==0: :pserver:cvs at bass.directhit.com:/cvs/openssh_cvs
+Source0: see-above:/.../openssh-%{version}.tar.gz
+%if %{use_stable}
+Source1: see-above:/.../openssh-%{version}.tar.gz.asc
+%endif
+Source2: http://www.jmknoble.net/software/%{xsa}/%{askpass}.tar.gz
+Source3: http://www.openssh.com/faq.html
+
+%Package server
+Group : System/Network
+Requires : openssh = %{version}
+Obsoletes : ssh-server
+
+Summary : OpenSSH Secure Shell protocol server (sshd).
+Summary(de) : OpenSSH Secure Shell Protocol-Server (sshd).
+Summary(es) : Servidor del protocolo OpenSSH Secure Shell (sshd).
+Summary(fr) : Serveur de protocole du shell s\xE9curis\xE9 OpenSSH (sshd).
+Summary(it) : Server OpenSSH per il protocollo Secure Shell (sshd).
+Summary(pt) : Servidor do protocolo 'Secure Shell' OpenSSH (sshd).
+Summary(pt_BR) : Servidor do protocolo Secure Shell OpenSSH (sshd).
+
+
+%Package askpass
+Group : System/Network
+Requires : openssh = %{version}
+URL : http://www.jmknoble.net/software/x11-ssh-askpass/
+Obsoletes : ssh-extras
+
+Summary : OpenSSH X11 pass-phrase dialog.
+Summary(de) : OpenSSH X11 Passwort-Dialog.
+Summary(es) : Aplicaci\xF3n de petici\xF3n de frase clave OpenSSH X11.
+Summary(fr) : Dialogue pass-phrase X11 d'OpenSSH.
+Summary(it) : Finestra di dialogo X11 per la frase segreta di OpenSSH.
+Summary(pt) : Di\xE1logo de pedido de senha para X11 do OpenSSH.
+Summary(pt_BR) : Di\xE1logo de pedido de senha para X11 do OpenSSH.
+
+
+%Description
+OpenSSH (Secure Shell) provides access to a remote system. It replaces
+telnet, rlogin, rexec, and rsh, and provides secure encrypted
+communications between two untrusted hosts over an insecure network.
+X11 connections and arbitrary TCP/IP ports can also be forwarded over
+the secure channel.
+
+%Description -l de
+OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es ersetzt
+telnet, rlogin, rexec und rsh und stellt eine sichere, verschl\xFCsselte
+Verbindung zwischen zwei nicht vertrauensw\xFCrdigen Hosts \xFCber eine unsicheres
+Netzwerk her. X11 Verbindungen und beliebige andere TCP/IP Ports k\xF6nnen ebenso
+\xFCber den sicheren Channel weitergeleitet werden.
+
+%Description -l es
+OpenSSH (Secure Shell) proporciona acceso a sistemas remotos. Reemplaza a
+telnet, rlogin, rexec, y rsh, y proporciona comunicaciones seguras encriptadas
+entre dos equipos entre los que no se ha establecido confianza a trav\xE9s de una
+red insegura. Las conexiones X11 y puertos TCP/IP arbitrarios tambi\xE9n pueden
+ser canalizadas sobre el canal seguro.
+
+%Description -l fr
+OpenSSH (Secure Shell) fournit un acc\xE8s \xE0 un syst\xE8me distant. Il remplace
+telnet, rlogin, rexec et rsh, tout en assurant des communications crypt\xE9es
+securis\xE9es entre deux h\xF4tes non fiabilis\xE9s sur un r\xE9seau non s\xE9curis\xE9. Des
+connexions X11 et des ports TCP/IP arbitraires peuvent \xE9galement \xEAtre
+transmis sur le canal s\xE9curis\xE9.
+
+%Description -l it
+OpenSSH (Secure Shell) fornisce l'accesso ad un sistema remoto.
+Sostituisce telnet, rlogin, rexec, e rsh, e fornisce comunicazioni sicure
+e crittate tra due host non fidati su una rete non sicura. Le connessioni
+X11 ad una porta TCP/IP arbitraria possono essere inoltrate attraverso
+un canale sicuro.
+
+%Description -l pt
+OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o
+telnet, rlogin, rexec, e o rsh e fornece comunica\xE7\xF5es seguras e cifradas
+entre duas m\xE1quinas sem confian\xE7a m\xFAtua sobre uma rede insegura.
+Liga\xE7\xF5es X11 e portos TCP/IP arbitr\xE1rios tamb\xE9m poder ser reenviados
+pelo canal seguro.
+
+%Description -l pt_BR
+O OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o
+telnet, rlogin, rexec, e o rsh e fornece comunica\xE7\xF5es seguras e criptografadas
+entre duas m\xE1quinas sem confian\xE7a m\xFAtua sobre uma rede insegura.
+Liga\xE7\xF5es X11 e portas TCP/IP arbitr\xE1rias tamb\xE9m podem ser reenviadas
+pelo canal seguro.
+
+%Description server
+This package installs the sshd, the server portion of OpenSSH.
+
+%Description -l de server
+Dieses Paket installiert den sshd, den Server-Teil der OpenSSH.
+
+%Description -l es server
+Este paquete instala sshd, la parte servidor de OpenSSH.
+
+%Description -l fr server
+Ce paquetage installe le 'sshd', partie serveur de OpenSSH.
+
+%Description -l it server
+Questo pacchetto installa sshd, il server di OpenSSH.
+
+%Description -l pt server
+Este pacote intala o sshd, o servidor do OpenSSH.
+
+%Description -l pt_BR server
+Este pacote intala o sshd, o servidor do OpenSSH.
+
+%Description askpass
+This package contains an X11-based pass-phrase dialog used per
+default by ssh-add(1). It is based on %{askpass}
+by Jim Knoble <jmknoble at pobox.com>.
+
+
+%Prep
+%setup %([ -z "%{cvs}" ] || echo "-n %{name}_cvs") -a2
+%if ! %{use_stable}
+ autoreconf
+%endif
+
+
+%Build
+CFLAGS="$RPM_OPT_FLAGS" \
+%configure \
+ --with-pam \
+ --with-tcp-wrappers \
+ --with-privsep-path=%{_var}/empty/sshd \
+ #leave this line for easy edits.
+
+%__make
+
+cd %{askpass}
+%configure \
+ #leave this line for easy edits.
+
+xmkmf
+%__make includes
+%__make
+
+
+%Install
+[ %{buildroot} != "/" ] && rm -rf %{buildroot}
+
+make install DESTDIR=%{buildroot}
+%makeinstall -C %{askpass} \
+ BINDIR=%{_libexecdir} \
+ MANPATH=%{_mandir} \
+ DESTDIR=%{buildroot}
+
+# OpenLinux specific configuration
+mkdir -p %{buildroot}{/etc/pam.d,%{SVIcdir},%{SVIdir}}
+mkdir -p %{buildroot}%{_var}/empty/sshd
+
+# enabling X11 forwarding on the server is convenient and okay,
+# on the client side it's a potential security risk!
+%__perl -pi -e 's:#X11Forwarding no:X11Forwarding yes:g' \
+ %{buildroot}%{_sysconfdir}/sshd_config
+
+%if %{no_root_login}
+%__perl -pi -e 's:#PermitRootLogin yes:PermitRootLogin no:g' \
+ %{buildroot}%{_sysconfdir}/sshd_config
+%endif
+
+install -m644 contrib/caldera/sshd.pam %{buildroot}/etc/pam.d/sshd
+# FIXME: disabled, find out why this doesn't work with nis
+%__perl -pi -e 's:(.*pam_limits.*):#$1:' \
+ %{buildroot}/etc/pam.d/sshd
+
+install -m 0755 contrib/caldera/sshd.init %{buildroot}%{SVIdir}/sshd
+
+# the last one is needless, but more future-proof
+find %{buildroot}%{SVIdir} -type f -exec \
+ %__perl -pi -e 's:\@SVIdir\@:%{SVIdir}:g;\
+ s:\@sysconfdir\@:%{_sysconfdir}:g; \
+ s:/usr/sbin:%{_sbindir}:g'\
+ \{\} \;
+
+cat <<-EoD > %{buildroot}%{SVIcdir}/sshd
+ IDENT=sshd
+ DESCRIPTIVE="OpenSSH secure shell daemon"
+ # This service will be marked as 'skipped' on boot if there
+ # is no host key. Use ssh-host-keygen to generate one
+ ONBOOT="yes"
+ OPTIONS=""
+EoD
+
+SKG=%{buildroot}%{_sbindir}/ssh-host-keygen
+install -m 0755 contrib/caldera/ssh-host-keygen $SKG
+# Fix up some path names in the keygen toy^Hol
+ %__perl -pi -e 's:\@sysconfdir\@:%{_sysconfdir}:g; \
+ s:\@sshkeygen\@:%{_bindir}/ssh-keygen:g' \
+ %{buildroot}%{_sbindir}/ssh-host-keygen
+
+# This looks terrible. Expect it to change.
+# install remaining docs
+DocD="%{buildroot}%{_defaultdocdir}/%{name}-%{version}"
+mkdir -p $DocD/%{askpass}
+cp -a CREDITS ChangeLog LICENCE OVERVIEW README* TODO PROTOCOL* $DocD
+install -p -m 0444 %{SOURCE3} $DocD/faq.html
+cp -a %{askpass}/{README,ChangeLog,TODO,SshAskpass*.ad} $DocD/%{askpass}
+%if %{use_stable}
+ cp -p %{askpass}/%{xsa}.man $DocD/%{askpass}/%{xsa}.1
+%else
+ cp -p %{askpass}/%{xsa}.man %{buildroot}%{_mandir}man1/%{xsa}.1
+ ln -s %{xsa}.1 %{buildroot}%{_mandir}man1/ssh-askpass.1
+%endif
+
+find %{buildroot}%{_mandir} -type f -not -name '*.gz' -print0 | xargs -0r %__gzip -9nf
+rm %{buildroot}%{_mandir}/man1/slogin.1 && \
+ ln -s %{_mandir}/man1/ssh.1.gz \
+ %{buildroot}%{_mandir}/man1/slogin.1.gz
+
+
+%Clean
+#%{rmDESTDIR}
+[ %{buildroot} != "/" ] && rm -rf %{buildroot}
+
+%Post
+# Generate host key when none is present to get up and running,
+# both client and server require this for host-based auth!
+# ssh-host-keygen checks for existing keys.
+/usr/sbin/ssh-host-keygen
+: # to protect the rpm database
+
+%pre server
+%{_sbindir}/groupadd -g %{sshd_gid} sshd 2>/dev/null || :
+%{_sbindir}/useradd -d /var/empty/sshd -s /bin/false -u %{sshd_uid} \
+ -c "SSH Daemon virtual user" -g sshd sshd 2>/dev/null || :
+: # to protect the rpm database
+
+%Post server
+if [ -x %{LSBinit}-install ]; then
+ %{LSBinit}-install sshd
+else
+ lisa --SysV-init install sshd S55 2:3:4:5 K45 0:1:6
+fi
+
+! %{SVIdir}/sshd status || %{SVIdir}/sshd restart
+: # to protect the rpm database
+
+
+%PreUn server
+[ "$1" = 0 ] || exit 0
+! %{SVIdir}/sshd status || %{SVIdir}/sshd stop
+if [ -x %{LSBinit}-remove ]; then
+ %{LSBinit}-remove sshd
+else
+ lisa --SysV-init remove sshd $1
+fi
+: # to protect the rpm database
+
+%Files
+%defattr(-,root,root)
+%dir %{_sysconfdir}
+%config %{_sysconfdir}/ssh_config
+%{_bindir}/scp
+%{_bindir}/sftp
+%{_bindir}/ssh
+%{_bindir}/slogin
+%{_bindir}/ssh-add
+%attr(2755,root,nobody) %{_bindir}/ssh-agent
+%{_bindir}/ssh-keygen
+%{_bindir}/ssh-keyscan
+%dir %{_libexecdir}
+%attr(4711,root,root) %{_libexecdir}/ssh-keysign
+%{_libexecdir}/ssh-pkcs11-helper
+%{_sbindir}/ssh-host-keygen
+%dir %{_defaultdocdir}/%{name}-%{version}
+%{_defaultdocdir}/%{name}-%{version}/CREDITS
+%{_defaultdocdir}/%{name}-%{version}/ChangeLog
+%{_defaultdocdir}/%{name}-%{version}/LICENCE
+%{_defaultdocdir}/%{name}-%{version}/OVERVIEW
+%{_defaultdocdir}/%{name}-%{version}/README*
+%{_defaultdocdir}/%{name}-%{version}/TODO
+%{_defaultdocdir}/%{name}-%{version}/faq.html
+%{_mandir}/man1/*
+%{_mandir}/man8/ssh-keysign.8.gz
+%{_mandir}/man8/ssh-pkcs11-helper.8.gz
+%{_mandir}/man5/ssh_config.5.gz
+
+%Files server
+%defattr(-,root,root)
+%dir %{_var}/empty/sshd
+%config %{SVIdir}/sshd
+%config /etc/pam.d/sshd
+%config %{_sysconfdir}/moduli
+%config %{_sysconfdir}/sshd_config
+%config %{SVIcdir}/sshd
+%{_libexecdir}/sftp-server
+%{_sbindir}/sshd
+%{_mandir}/man5/moduli.5.gz
+%{_mandir}/man5/sshd_config.5.gz
+%{_mandir}/man8/sftp-server.8.gz
+%{_mandir}/man8/sshd.8.gz
+
+%Files askpass
+%defattr(-,root,root)
+%{_libexecdir}/ssh-askpass
+%{_libexecdir}/x11-ssh-askpass
+%{_defaultdocdir}/%{name}-%{version}/%{askpass}
+
+
+%ChangeLog
+* Tue Jan 18 2011 Tim Rice <tim at multitalents.net>
+- Use CFLAGS from Makefile instead of RPM so build completes.
+- Signatures were changed to .asc since 4.1p1.
+
+* Mon Jan 01 1998 ...
+Template Version: 1.31
+
+$Id: openssh.spec,v 1.80.4.1 2013/11/08 01:36:19 djm Exp $
Added: vendor-crypto/openssh/dist/contrib/caldera/ssh-host-keygen
===================================================================
--- vendor-crypto/openssh/dist/contrib/caldera/ssh-host-keygen (rev 0)
+++ vendor-crypto/openssh/dist/contrib/caldera/ssh-host-keygen 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,36 @@
+#! /bin/sh
+#
+# $Id: ssh-host-keygen,v 1.3 2008/11/03 09:16:01 djm Exp $
+#
+# This script is normally run only *once* for a given host
+# (in a given period of time) -- on updates/upgrades/recovery
+# the ssh_host_key* files _should_ be retained! Otherwise false
+# "man-in-the-middle-attack" alerts will frighten unsuspecting
+# clients...
+
+keydir=@sysconfdir@
+keygen=@sshkeygen@
+
+if [ -f $keydir/ssh_host_key -o \
+ -f $keydir/ssh_host_key.pub ]; then
+ echo "You already have an SSH1 RSA host key in $keydir/ssh_host_key."
+else
+ echo "Generating SSH1 RSA host key."
+ $keygen -t rsa1 -f $keydir/ssh_host_key -C '' -N ''
+fi
+
+if [ -f $keydir/ssh_host_rsa_key -o \
+ -f $keydir/ssh_host_rsa_key.pub ]; then
+ echo "You already have an SSH2 RSA host key in $keydir/ssh_host_rsa_key."
+else
+ echo "Generating SSH2 RSA host key."
+ $keygen -t rsa -f $keydir/ssh_host_rsa_key -C '' -N ''
+fi
+
+if [ -f $keydir/ssh_host_dsa_key -o \
+ -f $keydir/ssh_host_dsa_key.pub ]; then
+ echo "You already have an SSH2 DSA host key in $keydir/ssh_host_dsa_key."
+else
+ echo "Generating SSH2 DSA host key."
+ $keygen -t dsa -f $keydir/ssh_host_dsa_key -C '' -N ''
+fi
Added: vendor-crypto/openssh/dist/contrib/caldera/sshd.init
===================================================================
--- vendor-crypto/openssh/dist/contrib/caldera/sshd.init (rev 0)
+++ vendor-crypto/openssh/dist/contrib/caldera/sshd.init 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,125 @@
+#! /bin/bash
+#
+# $Id: sshd.init,v 1.4 2003/11/21 12:48:57 djm Exp $
+#
+### BEGIN INIT INFO
+# Provides:
+# Required-Start: $network
+# Required-Stop:
+# Default-Start: 3 4 5
+# Default-Stop: 0 1 2 6
+# Description: sshd
+# Bring up/down the OpenSSH secure shell daemon.
+### END INIT INFO
+#
+# Written by Miquel van Smoorenburg <miquels at drinkel.ow.org>.
+# Modified for Debian GNU/Linux by Ian Murdock <imurdock at gnu.ai.mit.edu>.
+# Modified for OpenLinux by Raymund Will <ray at caldera.de>
+
+NAME=sshd
+DAEMON=/usr/sbin/$NAME
+# Hack-Alert(TM)! This is necessary to get around the 'reload'-problem
+# created by recent OpenSSH daemon/ssd combinations. See Caldera internal
+# PR [linux/8278] for details...
+PIDF=/var/run/$NAME.pid
+NAME=$DAEMON
+
+_status() {
+ [ -z "$1" ] || local pidf="$1"
+ local ret=-1
+ local pid
+ if [ -n "$pidf" ] && [ -r "$pidf" ]; then
+ pid=$(head -1 $pidf)
+ else
+ pid=$(pidof $NAME)
+ fi
+
+ if [ ! -e $SVIlock ]; then
+ # no lock-file => not started == stopped?
+ ret=3
+ elif [ -n "$pidf" -a ! -f "$pidf" ] || [ -z "$pid" ]; then
+ # pid-file given but not present or no pid => died, but was not stopped
+ ret=2
+ elif [ -r /proc/$pid/cmdline ] &&
+ echo -ne $NAME'\000' | cmp -s - /proc/$pid/cmdline; then
+ # pid-file given and present or pid found => check process...
+ # but don't compare exe, as this will fail after an update!
+ # compares OK => all's well, that ends well...
+ ret=0
+ else
+ # no such process or exe does not match => stale pid-file or process died
+ # just recently...
+ ret=1
+ fi
+ return $ret
+}
+
+# Source function library (and set vital variables).
+. @SVIdir@/functions
+
+case "$1" in
+ start)
+ [ ! -e $SVIlock ] || exit 0
+ [ -x $DAEMON ] || exit 5
+ SVIemptyConfig @sysconfdir@/sshd_config && exit 6
+
+ if [ ! \( -f @sysconfdir@/ssh_host_key -a \
+ -f @sysconfdir@/ssh_host_key.pub \) -a \
+ ! \( -f @sysconfdir@/ssh_host_rsa_key -a \
+ -f @sysconfdir@/ssh_host_rsa_key.pub \) -a \
+ ! \( -f @sysconfdir@/ssh_host_dsa_key -a \
+ -f @sysconfdir@/ssh_host_dsa_key.pub \) ]; then
+
+ echo "$SVIsubsys: host key not initialized: skipped!"
+ echo "$SVIsubsys: use ssh-host-keygen to generate one!"
+ exit 6
+ fi
+
+ echo -n "Starting $SVIsubsys services: "
+ ssd -S -x $DAEMON -n $NAME -- $OPTIONS
+ ret=$?
+
+ echo "."
+ touch $SVIlock
+ ;;
+
+ stop)
+ [ -e $SVIlock ] || exit 0
+
+ echo -n "Stopping $SVIsubsys services: "
+ ssd -K -p $PIDF -n $NAME
+ ret=$?
+
+ echo "."
+ rm -f $SVIlock
+ ;;
+
+ force-reload|reload)
+ [ -e $SVIlock ] || exit 0
+
+ echo "Reloading $SVIsubsys configuration files: "
+ ssd -K --signal 1 -q -p $PIDF -n $NAME
+ ret=$?
+ echo "done."
+ ;;
+
+ restart)
+ $0 stop
+ $0 start
+ ret=$?
+ ;;
+
+ status)
+ _status $PIDF
+ ret=$?
+ ;;
+
+ *)
+ echo "Usage: $SVIscript {[re]start|stop|[force-]reload|status}"
+ ret=2
+ ;;
+
+esac
+
+exit $ret
+
Added: vendor-crypto/openssh/dist/contrib/caldera/sshd.pam
===================================================================
--- vendor-crypto/openssh/dist/contrib/caldera/sshd.pam (rev 0)
+++ vendor-crypto/openssh/dist/contrib/caldera/sshd.pam 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,8 @@
+#%PAM-1.0
+auth required /lib/security/pam_pwdb.so shadow nodelay
+account required /lib/security/pam_nologin.so
+account required /lib/security/pam_pwdb.so
+password required /lib/security/pam_cracklib.so
+password required /lib/security/pam_pwdb.so shadow nullok use_authtok
+session required /lib/security/pam_pwdb.so
+session required /lib/security/pam_limits.so
Added: vendor-crypto/openssh/dist/contrib/cygwin/Makefile
===================================================================
--- vendor-crypto/openssh/dist/contrib/cygwin/Makefile (rev 0)
+++ vendor-crypto/openssh/dist/contrib/cygwin/Makefile 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,77 @@
+srcdir=../..
+copyidsrcdir=..
+prefix=/usr
+exec_prefix=$(prefix)
+bindir=$(prefix)/bin
+datadir=$(prefix)/share
+mandir=$(datadir)/man
+docdir=$(datadir)/doc
+sshdocdir=$(docdir)/openssh
+cygdocdir=$(docdir)/Cygwin
+sysconfdir=/etc
+defaultsdir=$(sysconfdir)/defaults/etc
+inetdefdir=$(defaultsdir)/inetd.d
+PRIVSEP_PATH=/var/empty
+INSTALL=/usr/bin/install -c
+
+DESTDIR=
+
+all:
+ @echo
+ @echo "Use \`make cygwin-postinstall DESTDIR=[package directory]'"
+ @echo "Be sure having DESTDIR set correctly!"
+ @echo
+
+move-config-files: $(DESTDIR)$(sysconfdir)/ssh_config $(DESTDIR)$(sysconfdir)/sshd_config
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(defaultsdir)
+ mv $(DESTDIR)$(sysconfdir)/ssh_config $(DESTDIR)$(defaultsdir)
+ mv $(DESTDIR)$(sysconfdir)/sshd_config $(DESTDIR)$(defaultsdir)
+
+remove-empty-dir:
+ rm -rf $(DESTDIR)$(PRIVSEP_PATH)
+
+install-inetd-config:
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(inetdefdir)
+ $(INSTALL) -m 644 sshd-inetd $(DESTDIR)$(inetdefdir)/sshd-inetd
+
+install-sshdoc:
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(sshdocdir)
+ -$(INSTALL) -m 644 $(srcdir)/CREDITS $(DESTDIR)$(sshdocdir)/CREDITS
+ -$(INSTALL) -m 644 $(srcdir)/ChangeLog $(DESTDIR)$(sshdocdir)/ChangeLog
+ -$(INSTALL) -m 644 $(srcdir)/LICENCE $(DESTDIR)$(sshdocdir)/LICENCE
+ -$(INSTALL) -m 644 $(srcdir)/OVERVIEW $(DESTDIR)$(sshdocdir)/OVERVIEW
+ -$(INSTALL) -m 644 $(srcdir)/PROTOCOL $(DESTDIR)$(sshdocdir)/PROTOCOL
+ -$(INSTALL) -m 644 $(srcdir)/PROTOCOL.agent $(DESTDIR)$(sshdocdir)/PROTOCOL.agent
+ -$(INSTALL) -m 644 $(srcdir)/PROTOCOL.certkeys $(DESTDIR)$(sshdocdir)/PROTOCOL.certkeys
+ -$(INSTALL) -m 644 $(srcdir)/PROTOCOL.mux $(DESTDIR)$(sshdocdir)/PROTOCOL.mux
+ -$(INSTALL) -m 644 $(srcdir)/README $(DESTDIR)$(sshdocdir)/README
+ -$(INSTALL) -m 644 $(srcdir)/README.dns $(DESTDIR)$(sshdocdir)/README.dns
+ -$(INSTALL) -m 644 $(srcdir)/README.platform $(DESTDIR)$(sshdocdir)/README.platform
+ -$(INSTALL) -m 644 $(srcdir)/README.privsep $(DESTDIR)$(sshdocdir)/README.privsep
+ -$(INSTALL) -m 644 $(srcdir)/README.tun $(DESTDIR)$(sshdocdir)/README.tun
+ -$(INSTALL) -m 644 $(srcdir)/TODO $(DESTDIR)$(sshdocdir)/TODO
+
+install-cygwindoc: README
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(cygdocdir)
+ $(INSTALL) -m 644 README $(DESTDIR)$(cygdocdir)/openssh.README
+
+install-doc: install-sshdoc install-cygwindoc
+
+install-scripts: ssh-host-config ssh-user-config
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(bindir)
+ $(INSTALL) -m 755 ssh-host-config $(DESTDIR)$(bindir)/ssh-host-config
+ $(INSTALL) -m 755 ssh-user-config $(DESTDIR)$(bindir)/ssh-user-config
+
+install-copy-id: $(copyidsrcdir)/ssh-copy-id $(copyidsrcdir)/ssh-copy-id.1
+ $(INSTALL) -m 755 $(copyidsrcdir)/ssh-copy-id $(DESTDIR)$(bindir)/ssh-copy-id
+ $(INSTALL) -m 644 $(copyidsrcdir)/ssh-copy-id.1 $(DESTDIR)$(mandir)/man1/ssh-copy-id.1
+
+gzip-man-pages:
+ rm $(DESTDIR)$(mandir)/man1/slogin.1
+ gzip $(DESTDIR)$(mandir)/man1/*.1
+ gzip $(DESTDIR)$(mandir)/man5/*.5
+ gzip $(DESTDIR)$(mandir)/man8/*.8
+ cd $(DESTDIR)$(mandir)/man1 && ln -s ssh.1.gz slogin.1.gz
+
+cygwin-postinstall: move-config-files remove-empty-dir install-inetd-config install-doc install-scripts install-copy-id gzip-man-pages
+ @echo "Cygwin specific configuration finished."
Added: vendor-crypto/openssh/dist/contrib/cygwin/README
===================================================================
--- vendor-crypto/openssh/dist/contrib/cygwin/README (rev 0)
+++ vendor-crypto/openssh/dist/contrib/cygwin/README 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,91 @@
+This package describes important Cygwin specific stuff concerning OpenSSH.
+
+The binary package is usually built for recent Cygwin versions and might
+not run on older versions. Please check http://cygwin.com/ for information
+about current Cygwin releases.
+
+==================
+Host configuration
+==================
+
+If you are installing OpenSSH the first time, you can generate global config
+files and server keys, as well as installing sshd as a service, by running
+
+ /usr/bin/ssh-host-config
+
+Note that this binary archive doesn't contain default config files in /etc.
+That files are only created if ssh-host-config is started.
+
+To support testing and unattended installation ssh-host-config got
+some options:
+
+usage: ssh-host-config [OPTION]...
+Options:
+ --debug -d Enable shell's debug output.
+ --yes -y Answer all questions with "yes" automatically.
+ --no -n Answer all questions with "no" automatically.
+ --cygwin -c <options> Use "options" as value for CYGWIN environment var.
+ --port -p <n> sshd listens on port n.
+ --user -u <account> privileged user for service, default 'cyg_server'.
+ --pwd -w <passwd> Use "pwd" as password for privileged user.
+ --privileged On Windows XP, require privileged user
+ instead of LocalSystem for sshd service.
+
+Installing sshd as daemon via ssh-host-config is recommended.
+
+Alternatively you can start sshd via inetd, if you have the inetutils
+package installed. Just run ssh-host-config, but answer "no" when asked
+to install sshd as service. The ssh-host-config script also adds the
+required lines to /etc/inetd.conf and /etc/services.
+
+==================
+User configuration
+==================
+
+Any user can simplify creating the own private and public keys by running
+
+ /usr/bin/ssh-user-config
+
+To support testing and unattended installation ssh-user-config got
+some options as well:
+
+usage: ssh-user-config [OPTION]...
+Options:
+ --debug -d Enable shell's debug output.
+ --yes -y Answer all questions with "yes" automatically.
+ --no -n Answer all questions with "no" automatically.
+ --passphrase -p word Use "word" as passphrase automatically.
+
+Please note that OpenSSH does never use the value of $HOME to
+search for the users configuration files! It always uses the
+value of the pw_dir field in /etc/passwd as the home directory.
+If no home diretory is set in /etc/passwd, the root directory
+is used instead!
+
+================
+Building OpenSSH
+================
+
+Building from source is easy. Just unpack the source archive, cd to that
+directory, and call cygport:
+
+ cygport openssh.cygport almostall
+
+You must have installed the following packages to be able to build OpenSSH
+with the aforementioned cygport script:
+
+ zlib
+ crypt
+ openssl-devel
+ libwrap-devel
+ libedit-devel
+ libkrb5-devel
+
+Please send requests, error reports etc. to cygwin at cygwin.com.
+
+
+Have fun,
+
+Corinna Vinschen
+Cygwin Developer
+Red Hat Inc.
Added: vendor-crypto/openssh/dist/contrib/cygwin/ssh-host-config
===================================================================
--- vendor-crypto/openssh/dist/contrib/cygwin/ssh-host-config (rev 0)
+++ vendor-crypto/openssh/dist/contrib/cygwin/ssh-host-config 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,758 @@
+#!/bin/bash
+#
+# ssh-host-config, Copyright 2000-2011 Red Hat Inc.
+#
+# This file is part of the Cygwin port of OpenSSH.
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+# IN NO EVENT SHALL THE ABOVE COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+# DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
+# OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
+# THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+# ======================================================================
+# Initialization
+# ======================================================================
+
+CSIH_SCRIPT=/usr/share/csih/cygwin-service-installation-helper.sh
+
+# List of apps used. This is checkad for existance in csih_sanity_check
+# Don't use *any* transient commands before sourcing the csih helper script,
+# otherwise the sanity checks are short-circuited.
+declare -a csih_required_commands=(
+ /usr/bin/basename coreutils
+ /usr/bin/cat coreutils
+ /usr/bin/chmod coreutils
+ /usr/bin/dirname coreutils
+ /usr/bin/id coreutils
+ /usr/bin/mv coreutils
+ /usr/bin/rm coreutils
+ /usr/bin/cygpath cygwin
+ /usr/bin/mount cygwin
+ /usr/bin/ps cygwin
+ /usr/bin/setfacl cygwin
+ /usr/bin/umount cygwin
+ /usr/bin/cmp diffutils
+ /usr/bin/grep grep
+ /usr/bin/awk gawk
+ /usr/bin/ssh-keygen openssh
+ /usr/sbin/sshd openssh
+ /usr/bin/sed sed
+)
+csih_sanity_check_server=yes
+source ${CSIH_SCRIPT}
+
+PROGNAME=$(/usr/bin/basename $0)
+_tdir=$(/usr/bin/dirname $0)
+PROGDIR=$(cd $_tdir && pwd)
+
+# Subdirectory where the new package is being installed
+PREFIX=/usr
+
+# Directory where the config files are stored
+SYSCONFDIR=/etc
+LOCALSTATEDIR=/var
+
+port_number=22
+privsep_configured=no
+privsep_used=yes
+cygwin_value=""
+user_account=
+password_value=
+opt_force=no
+
+# ======================================================================
+# Routine: create_host_keys
+# ======================================================================
+create_host_keys() {
+ local ret=0
+
+ if [ ! -f "${SYSCONFDIR}/ssh_host_key" ]
+ then
+ csih_inform "Generating ${SYSCONFDIR}/ssh_host_key"
+ if ! /usr/bin/ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null
+ then
+ csih_warning "Generating ${SYSCONFDIR}/ssh_host_key failed!"
+ let ++ret
+ fi
+ fi
+
+ if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ]
+ then
+ csih_inform "Generating ${SYSCONFDIR}/ssh_host_rsa_key"
+ if ! /usr/bin/ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null
+ then
+ csih_warning "Generating ${SYSCONFDIR}/ssh_host_key failed!"
+ let ++ret
+ fi
+ fi
+
+ if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ]
+ then
+ csih_inform "Generating ${SYSCONFDIR}/ssh_host_dsa_key"
+ if ! /usr/bin/ssh-keygen -t dsa -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' > /dev/null
+ then
+ csih_warning "Generating ${SYSCONFDIR}/ssh_host_key failed!"
+ let ++ret
+ fi
+ fi
+
+ if [ ! -f "${SYSCONFDIR}/ssh_host_ecdsa_key" ]
+ then
+ csih_inform "Generating ${SYSCONFDIR}/ssh_host_ecdsa_key"
+ if ! /usr/bin/ssh-keygen -t ecdsa -f ${SYSCONFDIR}/ssh_host_ecdsa_key -N '' > /dev/null
+ then
+ csih_warning "Generating ${SYSCONFDIR}/ssh_host_key failed!"
+ let ++ret
+ fi
+ fi
+ return $ret
+} # --- End of create_host_keys --- #
+
+# ======================================================================
+# Routine: update_services_file
+# ======================================================================
+update_services_file() {
+ local _my_etcdir="/ssh-host-config.$$"
+ local _win_etcdir
+ local _services
+ local _spaces
+ local _serv_tmp
+ local _wservices
+ local ret=0
+
+ _win_etcdir="${SYSTEMROOT}\\system32\\drivers\\etc"
+ _services="${_my_etcdir}/services"
+ _spaces=" #"
+ _serv_tmp="${_my_etcdir}/srv.out.$$"
+
+ /usr/bin/mount -o text,posix=0,noacl -f "${_win_etcdir}" "${_my_etcdir}"
+
+ # Depends on the above mount
+ _wservices=`cygpath -w "${_services}"`
+
+ # Remove sshd 22/port from services
+ if [ `/usr/bin/grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -eq 0 ]
+ then
+ /usr/bin/grep -v 'sshd[ \t][ \t]*22' "${_services}" > "${_serv_tmp}"
+ if [ -f "${_serv_tmp}" ]
+ then
+ if /usr/bin/mv "${_serv_tmp}" "${_services}"
+ then
+ csih_inform "Removing sshd from ${_wservices}"
+ else
+ csih_warning "Removing sshd from ${_wservices} failed!"
+ let ++ret
+ fi
+ /usr/bin/rm -f "${_serv_tmp}"
+ else
+ csih_warning "Removing sshd from ${_wservices} failed!"
+ let ++ret
+ fi
+ fi
+
+ # Add ssh 22/tcp and ssh 22/udp to services
+ if [ `/usr/bin/grep -q 'ssh[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ]
+ then
+ if /usr/bin/awk '{ if ( $2 ~ /^23\/tcp/ ) print "ssh 22/tcp'"${_spaces}"'SSH Remote Login Protocol\nssh 22/udp'"${_spaces}"'SSH Remote Login Protocol"; print $0; }' < "${_services}" > "${_serv_tmp}"
+ then
+ if /usr/bin/mv "${_serv_tmp}" "${_services}"
+ then
+ csih_inform "Added ssh to ${_wservices}"
+ else
+ csih_warning "Adding ssh to ${_wservices} failed!"
+ let ++ret
+ fi
+ /usr/bin/rm -f "${_serv_tmp}"
+ else
+ csih_warning "Adding ssh to ${_wservices} failed!"
+ let ++ret
+ fi
+ fi
+ /usr/bin/umount "${_my_etcdir}"
+ return $ret
+} # --- End of update_services_file --- #
+
+# ======================================================================
+# Routine: sshd_privsep
+# MODIFIES: privsep_configured privsep_used
+# ======================================================================
+sshd_privsep() {
+ local sshdconfig_tmp
+ local ret=0
+
+ if [ "${privsep_configured}" != "yes" ]
+ then
+ csih_inform "Privilege separation is set to yes by default since OpenSSH 3.3."
+ csih_inform "However, this requires a non-privileged account called 'sshd'."
+ csih_inform "For more info on privilege separation read /usr/share/doc/openssh/README.privsep."
+ if csih_request "Should privilege separation be used?"
+ then
+ privsep_used=yes
+ if ! csih_create_unprivileged_user sshd
+ then
+ csih_error_recoverable "Couldn't create user 'sshd'!"
+ csih_error_recoverable "Privilege separation set to 'no' again!"
+ csih_error_recoverable "Check your ${SYSCONFDIR}/sshd_config file!"
+ let ++ret
+ privsep_used=no
+ fi
+ else
+ privsep_used=no
+ fi
+ fi
+
+ # Create default sshd_config from skeleton files in /etc/defaults/etc or
+ # modify to add the missing privsep configuration option
+ if /usr/bin/cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1
+ then
+ csih_inform "Updating ${SYSCONFDIR}/sshd_config file"
+ sshdconfig_tmp=${SYSCONFDIR}/sshd_config.$$
+ /usr/bin/sed -e "s/^#UsePrivilegeSeparation yes/UsePrivilegeSeparation ${privsep_used}/
+ s/^#Port 22/Port ${port_number}/
+ s/^#StrictModes yes/StrictModes no/" \
+ < ${SYSCONFDIR}/sshd_config \
+ > "${sshdconfig_tmp}"
+ if ! /usr/bin/mv "${sshdconfig_tmp}" ${SYSCONFDIR}/sshd_config
+ then
+ csih_warning "Setting privilege separation to 'yes' failed!"
+ csih_warning "Check your ${SYSCONFDIR}/sshd_config file!"
+ let ++ret
+ fi
+ elif [ "${privsep_configured}" != "yes" ]
+ then
+ echo >> ${SYSCONFDIR}/sshd_config
+ if ! echo "UsePrivilegeSeparation ${privsep_used}" >> ${SYSCONFDIR}/sshd_config
+ then
+ csih_warning "Setting privilege separation to 'yes' failed!"
+ csih_warning "Check your ${SYSCONFDIR}/sshd_config file!"
+ let ++ret
+ fi
+ fi
+ return $ret
+} # --- End of sshd_privsep --- #
+
+# ======================================================================
+# Routine: update_inetd_conf
+# ======================================================================
+update_inetd_conf() {
+ local _inetcnf="${SYSCONFDIR}/inetd.conf"
+ local _inetcnf_tmp="${SYSCONFDIR}/inetd.conf.$$"
+ local _inetcnf_dir="${SYSCONFDIR}/inetd.d"
+ local _sshd_inetd_conf="${_inetcnf_dir}/sshd-inetd"
+ local _sshd_inetd_conf_tmp="${_inetcnf_dir}/sshd-inetd.$$"
+ local _with_comment=1
+ local ret=0
+
+ if [ -d "${_inetcnf_dir}" ]
+ then
+ # we have inetutils-1.5 inetd.d support
+ if [ -f "${_inetcnf}" ]
+ then
+ /usr/bin/grep -q '^[ \t]*ssh' "${_inetcnf}" && _with_comment=0
+
+ # check for sshd OR ssh in top-level inetd.conf file, and remove
+ # will be replaced by a file in inetd.d/
+ if [ `/usr/bin/grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -eq 0 ]
+ then
+ /usr/bin/grep -v '^[# \t]*ssh' "${_inetcnf}" >> "${_inetcnf_tmp}"
+ if [ -f "${_inetcnf_tmp}" ]
+ then
+ if /usr/bin/mv "${_inetcnf_tmp}" "${_inetcnf}"
+ then
+ csih_inform "Removed ssh[d] from ${_inetcnf}"
+ else
+ csih_warning "Removing ssh[d] from ${_inetcnf} failed!"
+ let ++ret
+ fi
+ /usr/bin/rm -f "${_inetcnf_tmp}"
+ else
+ csih_warning "Removing ssh[d] from ${_inetcnf} failed!"
+ let ++ret
+ fi
+ fi
+ fi
+
+ csih_install_config "${_sshd_inetd_conf}" "${SYSCONFDIR}/defaults"
+ if /usr/bin/cmp "${SYSCONFDIR}/defaults${_sshd_inetd_conf}" "${_sshd_inetd_conf}" >/dev/null 2>&1
+ then
+ if [ "${_with_comment}" -eq 0 ]
+ then
+ /usr/bin/sed -e 's/@COMMENT@[ \t]*//' < "${_sshd_inetd_conf}" > "${_sshd_inetd_conf_tmp}"
+ else
+ /usr/bin/sed -e 's/@COMMENT@[ \t]*/# /' < "${_sshd_inetd_conf}" > "${_sshd_inetd_conf_tmp}"
+ fi
+ if /usr/bin/mv "${_sshd_inetd_conf_tmp}" "${_sshd_inetd_conf}"
+ then
+ csih_inform "Updated ${_sshd_inetd_conf}"
+ else
+ csih_warning "Updating ${_sshd_inetd_conf} failed!"
+ let ++ret
+ fi
+ fi
+
+ elif [ -f "${_inetcnf}" ]
+ then
+ /usr/bin/grep -q '^[ \t]*sshd' "${_inetcnf}" && _with_comment=0
+
+ # check for sshd in top-level inetd.conf file, and remove
+ # will be replaced by a file in inetd.d/
+ if [ `/usr/bin/grep -q '^[# \t]*sshd' "${_inetcnf}"; echo $?` -eq 0 ]
+ then
+ /usr/bin/grep -v '^[# \t]*sshd' "${_inetcnf}" >> "${_inetcnf_tmp}"
+ if [ -f "${_inetcnf_tmp}" ]
+ then
+ if /usr/bin/mv "${_inetcnf_tmp}" "${_inetcnf}"
+ then
+ csih_inform "Removed sshd from ${_inetcnf}"
+ else
+ csih_warning "Removing sshd from ${_inetcnf} failed!"
+ let ++ret
+ fi
+ /usr/bin/rm -f "${_inetcnf_tmp}"
+ else
+ csih_warning "Removing sshd from ${_inetcnf} failed!"
+ let ++ret
+ fi
+ fi
+
+ # Add ssh line to inetd.conf
+ if [ `/usr/bin/grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -ne 0 ]
+ then
+ if [ "${_with_comment}" -eq 0 ]
+ then
+ echo 'ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
+ else
+ echo '# ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
+ fi
+ if [ $? -eq 0 ]
+ then
+ csih_inform "Added ssh to ${_inetcnf}"
+ else
+ csih_warning "Adding ssh to ${_inetcnf} failed!"
+ let ++ret
+ fi
+ fi
+ fi
+ return $ret
+} # --- End of update_inetd_conf --- #
+
+# ======================================================================
+# Routine: check_service_files_ownership
+# Checks that the files in /etc and /var belong to the right owner
+# ======================================================================
+check_service_files_ownership() {
+ local run_service_as=$1
+ local ret=0
+
+ if [ -z "${run_service_as}" ]
+ then
+ accnt_name=$(/usr/bin/cygrunsrv -VQ sshd | /usr/bin/sed -ne 's/^Account *: *//gp')
+ if [ "${accnt_name}" = "LocalSystem" ]
+ then
+ # Convert "LocalSystem" to "SYSTEM" as is the correct account name
+ accnt_name="SYSTEM:"
+ elif [[ "${accnt_name}" =~ ^\.\\ ]]
+ then
+ # Convert "." domain to local machine name
+ accnt_name="U-${COMPUTERNAME}${accnt_name#.},"
+ fi
+ run_service_as=$(/usr/bin/grep -Fi "${accnt_name}" /etc/passwd | /usr/bin/awk -F: '{print $1;}')
+ if [ -z "${run_service_as}" ]
+ then
+ csih_warning "Couldn't determine name of user running sshd service from /etc/passwd!"
+ csih_warning "As a result, this script cannot make sure that the files used"
+ csih_warning "by the sshd service belong to the user running the service."
+ csih_warning "Please re-run the mkpasswd tool to make sure the /etc/passwd"
+ csih_warning "file is in a good shape."
+ return 1
+ fi
+ fi
+ for i in "${SYSCONFDIR}"/ssh_config "${SYSCONFDIR}"/sshd_config "${SYSCONFDIR}"/ssh_host_*key "${SYSCONFDIR}"/ssh_host_*key.pub
+ do
+ if [ -f "$i" ]
+ then
+ if ! chown "${run_service_as}".544 "$i" >/dev/null 2>&1
+ then
+ csih_warning "Couldn't change owner of $i!"
+ let ++ret
+ fi
+ fi
+ done
+ if ! chown "${run_service_as}".544 ${LOCALSTATEDIR}/empty >/dev/null 2>&1
+ then
+ csih_warning "Couldn't change owner of ${LOCALSTATEDIR}/empty!"
+ let ++ret
+ fi
+ if ! chown "${run_service_as}".544 ${LOCALSTATEDIR}/log/lastlog >/dev/null 2>&1
+ then
+ csih_warning "Couldn't change owner of ${LOCALSTATEDIR}/log/lastlog!"
+ let ++ret
+ fi
+ if [ -f ${LOCALSTATEDIR}/log/sshd.log ]
+ then
+ if ! chown "${run_service_as}".544 ${LOCALSTATEDIR}/log/sshd.log >/dev/null 2>&1
+ then
+ csih_warning "Couldn't change owner of ${LOCALSTATEDIR}/log/sshd.log!"
+ let ++ret
+ fi
+ fi
+ if [ $ret -ne 0 ]
+ then
+ csih_warning "Couldn't change owner of important files to ${run_service_as}!"
+ csih_warning "This may cause the sshd service to fail! Please make sure that"
+ csih_warning "you have suufficient permissions to change the ownership of files"
+ csih_warning "and try to run the ssh-host-config script again."
+ fi
+ return $ret
+} # --- End of check_service_files_ownership --- #
+
+# ======================================================================
+# Routine: install_service
+# Install sshd as a service
+# ======================================================================
+install_service() {
+ local run_service_as
+ local password
+ local ret=0
+
+ echo
+ if /usr/bin/cygrunsrv -Q sshd >/dev/null 2>&1
+ then
+ csih_inform "Sshd service is already installed."
+ check_service_files_ownership "" || let ret+=$?
+ else
+ echo -e "${_csih_QUERY_STR} Do you want to install sshd as a service?"
+ if csih_request "(Say \"no\" if it is already installed as a service)"
+ then
+ csih_get_cygenv "${cygwin_value}"
+
+ if ( csih_is_nt2003 || [ "$csih_FORCE_PRIVILEGED_USER" = "yes" ] )
+ then
+ csih_inform "On Windows Server 2003, Windows Vista, and above, the"
+ csih_inform "SYSTEM account cannot setuid to other users -- a capability"
+ csih_inform "sshd requires. You need to have or to create a privileged"
+ csih_inform "account. This script will help you do so."
+ echo
+
+ [ "${opt_force}" = "yes" ] && opt_f=-f
+ [ -n "${user_account}" ] && opt_u="-u ""${user_account}"""
+ csih_select_privileged_username ${opt_f} ${opt_u} sshd
+
+ if ! csih_create_privileged_user "${password_value}"
+ then
+ csih_error_recoverable "There was a serious problem creating a privileged user."
+ csih_request "Do you want to proceed anyway?" || exit 1
+ let ++ret
+ fi
+ fi
+
+ # Never returns empty if NT or above
+ run_service_as=$(csih_service_should_run_as)
+
+ if [ "${run_service_as}" = "${csih_PRIVILEGED_USERNAME}" ]
+ then
+ password="${csih_PRIVILEGED_PASSWORD}"
+ if [ -z "${password}" ]
+ then
+ csih_get_value "Please enter the password for user '${run_service_as}':" "-s"
+ password="${csih_value}"
+ fi
+ fi
+
+ # At this point, we either have $run_service_as = "system" and
+ # $password is empty, or $run_service_as is some privileged user and
+ # (hopefully) $password contains the correct password. So, from here
+ # out, we use '-z "${password}"' to discriminate the two cases.
+
+ csih_check_user "${run_service_as}"
+
+ if [ -n "${csih_cygenv}" ]
+ then
+ cygwin_env=( -e "CYGWIN=${csih_cygenv}" )
+ fi
+ if [ -z "${password}" ]
+ then
+ if /usr/bin/cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd \
+ -a "-D" -y tcpip "${cygwin_env[@]}"
+ then
+ echo
+ csih_inform "The sshd service has been installed under the LocalSystem"
+ csih_inform "account (also known as SYSTEM). To start the service now, call"
+ csih_inform "\`net start sshd' or \`cygrunsrv -S sshd'. Otherwise, it"
+ csih_inform "will start automatically after the next reboot."
+ fi
+ else
+ if /usr/bin/cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd \
+ -a "-D" -y tcpip "${cygwin_env[@]}" \
+ -u "${run_service_as}" -w "${password}"
+ then
+ /usr/bin/editrights -u "${run_service_as}" -a SeServiceLogonRight
+ echo
+ csih_inform "The sshd service has been installed under the '${run_service_as}'"
+ csih_inform "account. To start the service now, call \`net start sshd' or"
+ csih_inform "\`cygrunsrv -S sshd'. Otherwise, it will start automatically"
+ csih_inform "after the next reboot."
+ fi
+ fi
+
+ if /usr/bin/cygrunsrv -Q sshd >/dev/null 2>&1
+ then
+ check_service_files_ownership "${run_service_as}" || let ret+=$?
+ else
+ csih_error_recoverable "Installing sshd as a service failed!"
+ let ++ret
+ fi
+ fi # user allowed us to install as service
+ fi # service not yet installed
+ return $ret
+} # --- End of install_service --- #
+
+# ======================================================================
+# Main Entry Point
+# ======================================================================
+
+# Check how the script has been started. If
+# (1) it has been started by giving the full path and
+# that path is /etc/postinstall, OR
+# (2) Otherwise, if the environment variable
+# SSH_HOST_CONFIG_AUTO_ANSWER_NO is set
+# then set auto_answer to "no". This allows automatic
+# creation of the config files in /etc w/o overwriting
+# them if they already exist. In both cases, color
+# escape sequences are suppressed, so as to prevent
+# cluttering setup's logfiles.
+if [ "$PROGDIR" = "/etc/postinstall" ]
+then
+ csih_auto_answer="no"
+ csih_disable_color
+ opt_force=yes
+fi
+if [ -n "${SSH_HOST_CONFIG_AUTO_ANSWER_NO}" ]
+then
+ csih_auto_answer="no"
+ csih_disable_color
+ opt_force=yes
+fi
+
+# ======================================================================
+# Parse options
+# ======================================================================
+while :
+do
+ case $# in
+ 0)
+ break
+ ;;
+ esac
+
+ option=$1
+ shift
+
+ case "${option}" in
+ -d | --debug )
+ set -x
+ csih_trace_on
+ ;;
+
+ -y | --yes )
+ csih_auto_answer=yes
+ opt_force=yes
+ ;;
+
+ -n | --no )
+ csih_auto_answer=no
+ opt_force=yes
+ ;;
+
+ -c | --cygwin )
+ cygwin_value="$1"
+ shift
+ ;;
+
+ -p | --port )
+ port_number=$1
+ shift
+ ;;
+
+ -u | --user )
+ user_account="$1"
+ shift
+ ;;
+
+ -w | --pwd )
+ password_value="$1"
+ shift
+ ;;
+
+ --privileged )
+ csih_FORCE_PRIVILEGED_USER=yes
+ ;;
+
+ *)
+ echo "usage: ${progname} [OPTION]..."
+ echo
+ echo "This script creates an OpenSSH host configuration."
+ echo
+ echo "Options:"
+ echo " --debug -d Enable shell's debug output."
+ echo " --yes -y Answer all questions with \"yes\" automatically."
+ echo " --no -n Answer all questions with \"no\" automatically."
+ echo " --cygwin -c <options> Use \"options\" as value for CYGWIN environment var."
+ echo " --port -p <n> sshd listens on port n."
+ echo " --user -u <account> privileged user for service, default 'cyg_server'."
+ echo " --pwd -w <passwd> Use \"pwd\" as password for privileged user."
+ echo " --privileged On Windows XP, require privileged user"
+ echo " instead of LocalSystem for sshd service."
+ echo
+ exit 1
+ ;;
+
+ esac
+done
+
+# ======================================================================
+# Action!
+# ======================================================================
+
+# Check for running ssh/sshd processes first. Refuse to do anything while
+# some ssh processes are still running
+if /usr/bin/ps -ef | /usr/bin/grep -q '/sshd\?$'
+then
+ echo
+ csih_error "There are still ssh processes running. Please shut them down first."
+fi
+
+# Make sure the user is running in an administrative context
+admin=$(/usr/bin/id -G | /usr/bin/grep -Eq '\<544\>' && echo yes || echo no)
+if [ "${admin}" != "yes" ]
+then
+ echo
+ csih_warning "Running this script typically requires administrator privileges!"
+ csih_warning "However, it seems your account does not have these privileges."
+ csih_warning "Here's the list of groups in your user token:"
+ echo
+ for i in $(/usr/bin/id -G)
+ do
+ /usr/bin/awk -F: "/[^:]*:[^:]*:$i:/{ print \" \" \$1; }" /etc/group
+ done
+ echo
+ csih_warning "This usually means you're running this script from a non-admin"
+ csih_warning "desktop session, or in a non-elevated shell under UAC control."
+ echo
+ csih_warning "Make sure you have the appropriate privileges right now,"
+ csih_warning "otherwise parts of this script will probably fail!"
+ echo
+ echo -e "${_csih_QUERY_STR} Are you sure you want to continue? (Say \"no\" if you're not sure"
+ if ! csih_request "you have the required privileges)"
+ then
+ echo
+ csih_inform "Ok. Exiting. Make sure to switch to an administrative account"
+ csih_inform "or to start this script from an elevated shell."
+ exit 1
+ fi
+fi
+
+echo
+
+warning_cnt=0
+
+# Check for ${SYSCONFDIR} directory
+csih_make_dir "${SYSCONFDIR}" "Cannot create global configuration files."
+if ! /usr/bin/chmod 775 "${SYSCONFDIR}" >/dev/null 2>&1
+then
+ csih_warning "Can't set permissions on ${SYSCONFDIR}!"
+ let ++warning_cnt
+fi
+if ! /usr/bin/setfacl -m u:system:rwx "${SYSCONFDIR}" >/dev/null 2>&1
+then
+ csih_warning "Can't set extended permissions on ${SYSCONFDIR}!"
+ let ++warning_cnt
+fi
+
+# Check for /var/log directory
+csih_make_dir "${LOCALSTATEDIR}/log" "Cannot create log directory."
+if ! /usr/bin/chmod 775 "${LOCALSTATEDIR}/log" >/dev/null 2>&1
+then
+ csih_warning "Can't set permissions on ${LOCALSTATEDIR}/log!"
+ let ++warning_cnt
+fi
+if ! /usr/bin/setfacl -m u:system:rwx "${LOCALSTATEDIR}/log" >/dev/null 2>&1
+then
+ csih_warning "Can't set extended permissions on ${LOCALSTATEDIR}/log!"
+ let ++warning_cnt
+fi
+
+# Create /var/log/lastlog if not already exists
+if [ -e ${LOCALSTATEDIR}/log/lastlog -a ! -f ${LOCALSTATEDIR}/log/lastlog ]
+then
+ echo
+ csih_error_multi "${LOCALSTATEDIR}/log/lastlog exists, but is not a file." \
+ "Cannot create ssh host configuration."
+fi
+if [ ! -e ${LOCALSTATEDIR}/log/lastlog ]
+then
+ /usr/bin/cat /dev/null > ${LOCALSTATEDIR}/log/lastlog
+ if ! /usr/bin/chmod 644 ${LOCALSTATEDIR}/log/lastlog >/dev/null 2>&1
+ then
+ csih_warning "Can't set permissions on ${LOCALSTATEDIR}/log/lastlog!"
+ let ++warning_cnt
+ fi
+fi
+
+# Create /var/empty file used as chroot jail for privilege separation
+csih_make_dir "${LOCALSTATEDIR}/empty" "Cannot create ${LOCALSTATEDIR}/empty directory."
+if ! /usr/bin/chmod 755 "${LOCALSTATEDIR}/empty" >/dev/null 2>&1
+then
+ csih_warning "Can't set permissions on ${LOCALSTATEDIR}/empty!"
+ let ++warning_cnt
+fi
+if ! /usr/bin/setfacl -m u:system:rwx "${LOCALSTATEDIR}/empty" >/dev/null 2>&1
+then
+ csih_warning "Can't set extended permissions on ${LOCALSTATEDIR}/empty!"
+ let ++warning_cnt
+fi
+
+# host keys
+create_host_keys || let warning_cnt+=$?
+
+# handle ssh_config
+csih_install_config "${SYSCONFDIR}/ssh_config" "${SYSCONFDIR}/defaults" || let ++warning_cnt
+if /usr/bin/cmp "${SYSCONFDIR}/ssh_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/ssh_config" >/dev/null 2>&1
+then
+ if [ "${port_number}" != "22" ]
+ then
+ csih_inform "Updating ${SYSCONFDIR}/ssh_config file with requested port"
+ echo "Host localhost" >> ${SYSCONFDIR}/ssh_config
+ echo " Port ${port_number}" >> ${SYSCONFDIR}/ssh_config
+ fi
+fi
+
+# handle sshd_config (and privsep)
+csih_install_config "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults" || let ++warning_cnt
+if ! /usr/bin/cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1
+then
+ /usr/bin/grep -q UsePrivilegeSeparation ${SYSCONFDIR}/sshd_config && privsep_configured=yes
+fi
+sshd_privsep || let warning_cnt+=$?
+
+update_services_file || let warning_cnt+=$?
+update_inetd_conf || let warning_cnt+=$?
+install_service || let warning_cnt+=$?
+
+echo
+if [ $warning_cnt -eq 0 ]
+then
+ csih_inform "Host configuration finished. Have fun!"
+else
+ csih_warning "Host configuration exited with ${warning_cnt} errors or warnings!"
+ csih_warning "Make sure that all problems reported are fixed,"
+ csih_warning "then re-run ssh-host-config."
+fi
+exit $warning_cnt
Added: vendor-crypto/openssh/dist/contrib/cygwin/ssh-user-config
===================================================================
--- vendor-crypto/openssh/dist/contrib/cygwin/ssh-user-config (rev 0)
+++ vendor-crypto/openssh/dist/contrib/cygwin/ssh-user-config 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,266 @@
+#!/bin/bash
+#
+# ssh-user-config, Copyright 2000-2008 Red Hat Inc.
+#
+# This file is part of the Cygwin port of OpenSSH.
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+# IN NO EVENT SHALL THE ABOVE COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+# DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
+# OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
+# THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+# ======================================================================
+# Initialization
+# ======================================================================
+PROGNAME=$(basename -- $0)
+_tdir=$(dirname -- $0)
+PROGDIR=$(cd $_tdir && pwd)
+
+CSIH_SCRIPT=/usr/share/csih/cygwin-service-installation-helper.sh
+
+# Subdirectory where the new package is being installed
+PREFIX=/usr
+
+# Directory where the config files are stored
+SYSCONFDIR=/etc
+
+source ${CSIH_SCRIPT}
+
+auto_passphrase="no"
+passphrase=""
+pwdhome=
+with_passphrase=
+
+# ======================================================================
+# Routine: create_identity
+# optionally create identity of type argument in ~/.ssh
+# optionally add result to ~/.ssh/authorized_keys
+# ======================================================================
+create_identity() {
+ local file="$1"
+ local type="$2"
+ local name="$3"
+ if [ ! -f "${pwdhome}/.ssh/${file}" ]
+ then
+ if csih_request "Shall I create a ${name} identity file for you?"
+ then
+ csih_inform "Generating ${pwdhome}/.ssh/${file}"
+ if [ "${with_passphrase}" = "yes" ]
+ then
+ ssh-keygen -t "${type}" -N "${passphrase}" -f "${pwdhome}/.ssh/${file}" > /dev/null
+ else
+ ssh-keygen -t "${type}" -f "${pwdhome}/.ssh/${file}" > /dev/null
+ fi
+ if csih_request "Do you want to use this identity to login to this machine?"
+ then
+ csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys"
+ cat "${pwdhome}/.ssh/${file}.pub" >> "${pwdhome}/.ssh/authorized_keys"
+ fi
+ fi
+ fi
+} # === End of create_ssh1_identity() === #
+readonly -f create_identity
+
+# ======================================================================
+# Routine: check_user_homedir
+# Perform various checks on the user's home directory
+# SETS GLOBAL VARIABLE:
+# pwdhome
+# ======================================================================
+check_user_homedir() {
+ local uid=$(id -u)
+ pwdhome=$(awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd)
+ if [ "X${pwdhome}" = "X" ]
+ then
+ csih_error_multi \
+ "There is no home directory set for you in ${SYSCONFDIR}/passwd." \
+ 'Setting $HOME is not sufficient!'
+ fi
+
+ if [ ! -d "${pwdhome}" ]
+ then
+ csih_error_multi \
+ "${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory" \
+ 'but it is not a valid directory. Cannot create user identity files.'
+ fi
+
+ # If home is the root dir, set home to empty string to avoid error messages
+ # in subsequent parts of that script.
+ if [ "X${pwdhome}" = "X/" ]
+ then
+ # But first raise a warning!
+ csih_warning "Your home directory in ${SYSCONFDIR}/passwd is set to root (/). This is not recommended!"
+ if csih_request "Would you like to proceed anyway?"
+ then
+ pwdhome=''
+ else
+ csih_warning "Exiting. Configuration is not complete"
+ exit 1
+ fi
+ fi
+
+ if [ -d "${pwdhome}" -a csih_is_nt -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ]
+ then
+ echo
+ csih_warning 'group and other have been revoked write permission to your home'
+ csih_warning "directory ${pwdhome}."
+ csih_warning 'This is required by OpenSSH to allow public key authentication using'
+ csih_warning 'the key files stored in your .ssh subdirectory.'
+ csih_warning 'Revert this change ONLY if you know what you are doing!'
+ echo
+ fi
+} # === End of check_user_homedir() === #
+readonly -f check_user_homedir
+
+# ======================================================================
+# Routine: check_user_dot_ssh_dir
+# Perform various checks on the ~/.ssh directory
+# PREREQUISITE:
+# pwdhome -- check_user_homedir()
+# ======================================================================
+check_user_dot_ssh_dir() {
+ if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ]
+ then
+ csih_error "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files."
+ fi
+
+ if [ ! -e "${pwdhome}/.ssh" ]
+ then
+ mkdir "${pwdhome}/.ssh"
+ if [ ! -e "${pwdhome}/.ssh" ]
+ then
+ csih_error "Creating users ${pwdhome}/.ssh directory failed"
+ fi
+ fi
+} # === End of check_user_dot_ssh_dir() === #
+readonly -f check_user_dot_ssh_dir
+
+# ======================================================================
+# Routine: fix_authorized_keys_perms
+# Corrects the permissions of ~/.ssh/authorized_keys
+# PREREQUISITE:
+# pwdhome -- check_user_homedir()
+# ======================================================================
+fix_authorized_keys_perms() {
+ if [ csih_is_nt -a -e "${pwdhome}/.ssh/authorized_keys" ]
+ then
+ if ! setfacl -m "u::rw-,g::---,o::---" "${pwdhome}/.ssh/authorized_keys"
+ then
+ csih_warning "Setting correct permissions to ${pwdhome}/.ssh/authorized_keys"
+ csih_warning "failed. Please care for the correct permissions. The minimum requirement"
+ csih_warning "is, the owner needs read permissions."
+ echo
+ fi
+ fi
+} # === End of fix_authorized_keys_perms() === #
+readonly -f fix_authorized_keys_perms
+
+
+# ======================================================================
+# Main Entry Point
+# ======================================================================
+
+# Check how the script has been started. If
+# (1) it has been started by giving the full path and
+# that path is /etc/postinstall, OR
+# (2) Otherwise, if the environment variable
+# SSH_USER_CONFIG_AUTO_ANSWER_NO is set
+# then set auto_answer to "no". This allows automatic
+# creation of the config files in /etc w/o overwriting
+# them if they already exist. In both cases, color
+# escape sequences are suppressed, so as to prevent
+# cluttering setup's logfiles.
+if [ "$PROGDIR" = "/etc/postinstall" ]
+then
+ csih_auto_answer="no"
+ csih_disable_color
+fi
+if [ -n "${SSH_USER_CONFIG_AUTO_ANSWER_NO}" ]
+then
+ csih_auto_answer="no"
+ csih_disable_color
+fi
+
+# ======================================================================
+# Parse options
+# ======================================================================
+while :
+do
+ case $# in
+ 0)
+ break
+ ;;
+ esac
+
+ option=$1
+ shift
+
+ case "$option" in
+ -d | --debug )
+ set -x
+ csih_trace_on
+ ;;
+
+ -y | --yes )
+ csih_auto_answer=yes
+ ;;
+
+ -n | --no )
+ csih_auto_answer=no
+ ;;
+
+ -p | --passphrase )
+ with_passphrase="yes"
+ passphrase=$1
+ shift
+ ;;
+
+ *)
+ echo "usage: ${PROGNAME} [OPTION]..."
+ echo
+ echo "This script creates an OpenSSH user configuration."
+ echo
+ echo "Options:"
+ echo " --debug -d Enable shell's debug output."
+ echo " --yes -y Answer all questions with \"yes\" automatically."
+ echo " --no -n Answer all questions with \"no\" automatically."
+ echo " --passphrase -p word Use \"word\" as passphrase automatically."
+ echo
+ exit 1
+ ;;
+
+ esac
+done
+
+# ======================================================================
+# Action!
+# ======================================================================
+
+# Check passwd file
+if [ ! -f ${SYSCONFDIR}/passwd ]
+then
+ csih_error_multi \
+ "${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file" \
+ 'first using mkpasswd. Check if it contains an entry for you and' \
+ 'please care for the home directory in your entry as well.'
+fi
+
+check_user_homedir
+check_user_dot_ssh_dir
+create_identity id_rsa rsa "SSH2 RSA"
+create_identity id_dsa dsa "SSH2 DSA"
+create_identity id_ecdsa ecdsa "SSH2 ECDSA"
+create_identity identity rsa1 "(deprecated) SSH1 RSA"
+fix_authorized_keys_perms
+
+echo
+csih_inform "Configuration finished. Have fun!"
+
+
Added: vendor-crypto/openssh/dist/contrib/cygwin/sshd-inetd
===================================================================
--- vendor-crypto/openssh/dist/contrib/cygwin/sshd-inetd (rev 0)
+++ vendor-crypto/openssh/dist/contrib/cygwin/sshd-inetd 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,4 @@
+# This file can be used to enable sshd as a slave of the inetd service
+# To do so, the line below should be uncommented.
+ at COMMENT@ ssh stream tcp nowait root /usr/sbin/sshd sshd -i
+
Added: vendor-crypto/openssh/dist/contrib/findssl.sh
===================================================================
--- vendor-crypto/openssh/dist/contrib/findssl.sh (rev 0)
+++ vendor-crypto/openssh/dist/contrib/findssl.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,186 @@
+#!/bin/sh
+#
+# $Id: findssl.sh,v 1.4 2007/02/19 11:44:25 dtucker Exp $
+#
+# findssl.sh
+# Search for all instances of OpenSSL headers and libraries
+# and print their versions.
+# Intended to help diagnose OpenSSH's "OpenSSL headers do not
+# match your library" errors.
+#
+# Written by Darren Tucker (dtucker at zip dot com dot au)
+# This file is placed in the public domain.
+#
+# Release history:
+# 2002-07-27: Initial release.
+# 2002-08-04: Added public domain notice.
+# 2003-06-24: Incorporated readme, set library paths. First cvs version.
+# 2004-12-13: Add traps to cleanup temp files, from Amarendra Godbole.
+#
+# "OpenSSL headers do not match your library" are usually caused by
+# OpenSSH's configure picking up an older version of OpenSSL headers
+# or libraries. You can use the following # procedure to help identify
+# the cause.
+#
+# The output of configure will tell you the versions of the OpenSSL
+# headers and libraries that were picked up, for example:
+#
+# checking OpenSSL header version... 90604f (OpenSSL 0.9.6d 9 May 2002)
+# checking OpenSSL library version... 90602f (OpenSSL 0.9.6b [engine] 9 Jul 2001)
+# checking whether OpenSSL's headers match the library... no
+# configure: error: Your OpenSSL headers do not match your library
+#
+# Now run findssl.sh. This should identify the headers and libraries
+# present and their versions. You should be able to identify the
+# libraries and headers used and adjust your CFLAGS or remove incorrect
+# versions. The output will show OpenSSL's internal version identifier
+# and should look something like:
+
+# $ ./findssl.sh
+# Searching for OpenSSL header files.
+# 0x0090604fL /usr/include/openssl/opensslv.h
+# 0x0090604fL /usr/local/ssl/include/openssl/opensslv.h
+#
+# Searching for OpenSSL shared library files.
+# 0x0090602fL /lib/libcrypto.so.0.9.6b
+# 0x0090602fL /lib/libcrypto.so.2
+# 0x0090581fL /usr/lib/libcrypto.so.0
+# 0x0090602fL /usr/lib/libcrypto.so
+# 0x0090581fL /usr/lib/libcrypto.so.0.9.5a
+# 0x0090600fL /usr/lib/libcrypto.so.0.9.6
+# 0x0090600fL /usr/lib/libcrypto.so.1
+#
+# Searching for OpenSSL static library files.
+# 0x0090602fL /usr/lib/libcrypto.a
+# 0x0090604fL /usr/local/ssl/lib/libcrypto.a
+#
+# In this example, I gave configure no extra flags, so it's picking up
+# the OpenSSL header from /usr/include/openssl (90604f) and the library
+# from /usr/lib/ (90602f).
+
+#
+# Adjust these to suit your compiler.
+# You may also need to set the *LIB*PATH environment variables if
+# DEFAULT_LIBPATH is not correct for your system.
+#
+CC=gcc
+STATIC=-static
+
+#
+# Cleanup on interrupt
+#
+trap 'rm -f conftest.c' INT HUP TERM
+
+#
+# Set up conftest C source
+#
+rm -f findssl.log
+cat >conftest.c <<EOD
+#include <stdio.h>
+int main(){printf("0x%08xL\n", SSLeay());}
+EOD
+
+#
+# Set default library paths if not already set
+#
+DEFAULT_LIBPATH=/usr/lib:/usr/local/lib
+LIBPATH=${LIBPATH:=$DEFAULT_LIBPATH}
+LD_LIBRARY_PATH=${LD_LIBRARY_PATH:=$DEFAULT_LIBPATH}
+LIBRARY_PATH=${LIBRARY_PATH:=$DEFAULT_LIBPATH}
+export LIBPATH LD_LIBRARY_PATH LIBRARY_PATH
+
+# not all platforms have a 'which' command
+if which ls >/dev/null 2>/dev/null; then
+ : which is defined
+else
+ which () {
+ saveIFS="$IFS"
+ IFS=:
+ for p in $PATH; do
+ if test -x "$p/$1" -a -f "$p/$1"; then
+ IFS="$saveIFS"
+ echo "$p/$1"
+ return 0
+ fi
+ done
+ IFS="$saveIFS"
+ return 1
+ }
+fi
+
+#
+# Search for OpenSSL headers and print versions
+#
+echo Searching for OpenSSL header files.
+if [ -x "`which locate`" ]
+then
+ headers=`locate opensslv.h`
+else
+ headers=`find / -name opensslv.h -print 2>/dev/null`
+fi
+
+for header in $headers
+do
+ ver=`awk '/OPENSSL_VERSION_NUMBER/{printf \$3}' $header`
+ echo "$ver $header"
+done
+echo
+
+#
+# Search for shared libraries.
+# Relies on shared libraries looking like "libcrypto.s*"
+#
+echo Searching for OpenSSL shared library files.
+if [ -x "`which locate`" ]
+then
+ libraries=`locate libcrypto.s`
+else
+ libraries=`find / -name 'libcrypto.s*' -print 2>/dev/null`
+fi
+
+for lib in $libraries
+do
+ (echo "Trying libcrypto $lib" >>findssl.log
+ dir=`dirname $lib`
+ LIBPATH="$dir:$LIBPATH"
+ LD_LIBRARY_PATH="$dir:$LIBPATH"
+ LIBRARY_PATH="$dir:$LIBPATH"
+ export LIBPATH LD_LIBRARY_PATH LIBRARY_PATH
+ ${CC} -o conftest conftest.c $lib 2>>findssl.log
+ if [ -x ./conftest ]
+ then
+ ver=`./conftest 2>/dev/null`
+ rm -f ./conftest
+ echo "$ver $lib"
+ fi)
+done
+echo
+
+#
+# Search for static OpenSSL libraries and print versions
+#
+echo Searching for OpenSSL static library files.
+if [ -x "`which locate`" ]
+then
+ libraries=`locate libcrypto.a`
+else
+ libraries=`find / -name libcrypto.a -print 2>/dev/null`
+fi
+
+for lib in $libraries
+do
+ libdir=`dirname $lib`
+ echo "Trying libcrypto $lib" >>findssl.log
+ ${CC} ${STATIC} -o conftest conftest.c -L${libdir} -lcrypto 2>>findssl.log
+ if [ -x ./conftest ]
+ then
+ ver=`./conftest 2>/dev/null`
+ rm -f ./conftest
+ echo "$ver $lib"
+ fi
+done
+
+#
+# Clean up
+#
+rm -f conftest.c
Added: vendor-crypto/openssh/dist/contrib/gnome-ssh-askpass1.c
===================================================================
--- vendor-crypto/openssh/dist/contrib/gnome-ssh-askpass1.c (rev 0)
+++ vendor-crypto/openssh/dist/contrib/gnome-ssh-askpass1.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,171 @@
+/*
+ * Copyright (c) 2000-2002 Damien Miller. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This is a simple GNOME SSH passphrase grabber. To use it, set the
+ * environment variable SSH_ASKPASS to point to the location of
+ * gnome-ssh-askpass before calling "ssh-add < /dev/null".
+ *
+ * There is only two run-time options: if you set the environment variable
+ * "GNOME_SSH_ASKPASS_GRAB_SERVER=true" then gnome-ssh-askpass will grab
+ * the X server. If you set "GNOME_SSH_ASKPASS_GRAB_POINTER=true", then the
+ * pointer will be grabbed too. These may have some benefit to security if
+ * you don't trust your X server. We grab the keyboard always.
+ */
+
+/*
+ * Compile with:
+ *
+ * cc `gnome-config --cflags gnome gnomeui` \
+ * gnome-ssh-askpass1.c -o gnome-ssh-askpass \
+ * `gnome-config --libs gnome gnomeui`
+ *
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <gnome.h>
+#include <X11/Xlib.h>
+#include <gdk/gdkx.h>
+
+void
+report_failed_grab (void)
+{
+ GtkWidget *err;
+
+ err = gnome_message_box_new("Could not grab keyboard or mouse.\n"
+ "A malicious client may be eavesdropping on your session.",
+ GNOME_MESSAGE_BOX_ERROR, "EXIT", NULL);
+ gtk_window_set_position(GTK_WINDOW(err), GTK_WIN_POS_CENTER);
+ gtk_object_set(GTK_OBJECT(err), "type", GTK_WINDOW_POPUP, NULL);
+
+ gnome_dialog_run_and_close(GNOME_DIALOG(err));
+}
+
+int
+passphrase_dialog(char *message)
+{
+ char *passphrase;
+ char **messages;
+ int result, i, grab_server, grab_pointer;
+ GtkWidget *dialog, *entry, *label;
+
+ grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL);
+ grab_pointer = (getenv("GNOME_SSH_ASKPASS_GRAB_POINTER") != NULL);
+
+ dialog = gnome_dialog_new("OpenSSH", GNOME_STOCK_BUTTON_OK,
+ GNOME_STOCK_BUTTON_CANCEL, NULL);
+
+ messages = g_strsplit(message, "\\n", 0);
+ if (messages)
+ for(i = 0; messages[i]; i++) {
+ label = gtk_label_new(messages[i]);
+ gtk_box_pack_start(GTK_BOX(GNOME_DIALOG(dialog)->vbox),
+ label, FALSE, FALSE, 0);
+ }
+
+ entry = gtk_entry_new();
+ gtk_box_pack_start(GTK_BOX(GNOME_DIALOG(dialog)->vbox), entry, FALSE,
+ FALSE, 0);
+ gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE);
+ gtk_widget_grab_focus(entry);
+
+ /* Center window and prepare for grab */
+ gtk_object_set(GTK_OBJECT(dialog), "type", GTK_WINDOW_POPUP, NULL);
+ gnome_dialog_set_default(GNOME_DIALOG(dialog), 0);
+ gtk_window_set_position (GTK_WINDOW(dialog), GTK_WIN_POS_CENTER);
+ gtk_window_set_policy(GTK_WINDOW(dialog), FALSE, FALSE, TRUE);
+ gnome_dialog_close_hides(GNOME_DIALOG(dialog), TRUE);
+ gtk_container_set_border_width(GTK_CONTAINER(GNOME_DIALOG(dialog)->vbox),
+ GNOME_PAD);
+ gtk_widget_show_all(dialog);
+
+ /* Grab focus */
+ if (grab_server)
+ XGrabServer(GDK_DISPLAY());
+ if (grab_pointer && gdk_pointer_grab(dialog->window, TRUE, 0,
+ NULL, NULL, GDK_CURRENT_TIME))
+ goto nograb;
+ if (gdk_keyboard_grab(dialog->window, FALSE, GDK_CURRENT_TIME))
+ goto nograbkb;
+
+ /* Make <enter> close dialog */
+ gnome_dialog_editable_enters(GNOME_DIALOG(dialog), GTK_EDITABLE(entry));
+
+ /* Run dialog */
+ result = gnome_dialog_run(GNOME_DIALOG(dialog));
+
+ /* Ungrab */
+ if (grab_server)
+ XUngrabServer(GDK_DISPLAY());
+ if (grab_pointer)
+ gdk_pointer_ungrab(GDK_CURRENT_TIME);
+ gdk_keyboard_ungrab(GDK_CURRENT_TIME);
+ gdk_flush();
+
+ /* Report passphrase if user selected OK */
+ passphrase = gtk_entry_get_text(GTK_ENTRY(entry));
+ if (result == 0)
+ puts(passphrase);
+
+ /* Zero passphrase in memory */
+ memset(passphrase, '\0', strlen(passphrase));
+ gtk_entry_set_text(GTK_ENTRY(entry), passphrase);
+
+ gnome_dialog_close(GNOME_DIALOG(dialog));
+ return (result == 0 ? 0 : -1);
+
+ /* At least one grab failed - ungrab what we got, and report
+ the failure to the user. Note that XGrabServer() cannot
+ fail. */
+ nograbkb:
+ gdk_pointer_ungrab(GDK_CURRENT_TIME);
+ nograb:
+ if (grab_server)
+ XUngrabServer(GDK_DISPLAY());
+ gnome_dialog_close(GNOME_DIALOG(dialog));
+
+ report_failed_grab();
+ return (-1);
+}
+
+int
+main(int argc, char **argv)
+{
+ char *message;
+ int result;
+
+ gnome_init("GNOME ssh-askpass", "0.1", argc, argv);
+
+ if (argc == 2)
+ message = argv[1];
+ else
+ message = "Enter your OpenSSH passphrase:";
+
+ setvbuf(stdout, 0, _IONBF, 0);
+ result = passphrase_dialog(message);
+
+ return (result);
+}
Added: vendor-crypto/openssh/dist/contrib/gnome-ssh-askpass2.c
===================================================================
--- vendor-crypto/openssh/dist/contrib/gnome-ssh-askpass2.c (rev 0)
+++ vendor-crypto/openssh/dist/contrib/gnome-ssh-askpass2.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,223 @@
+/*
+ * Copyright (c) 2000-2002 Damien Miller. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* GTK2 support by Nalin Dahyabhai <nalin at redhat.com> */
+
+/*
+ * This is a simple GNOME SSH passphrase grabber. To use it, set the
+ * environment variable SSH_ASKPASS to point to the location of
+ * gnome-ssh-askpass before calling "ssh-add < /dev/null".
+ *
+ * There is only two run-time options: if you set the environment variable
+ * "GNOME_SSH_ASKPASS_GRAB_SERVER=true" then gnome-ssh-askpass will grab
+ * the X server. If you set "GNOME_SSH_ASKPASS_GRAB_POINTER=true", then the
+ * pointer will be grabbed too. These may have some benefit to security if
+ * you don't trust your X server. We grab the keyboard always.
+ */
+
+#define GRAB_TRIES 16
+#define GRAB_WAIT 250 /* milliseconds */
+
+/*
+ * Compile with:
+ *
+ * cc -Wall `pkg-config --cflags gtk+-2.0` \
+ * gnome-ssh-askpass2.c -o gnome-ssh-askpass \
+ * `pkg-config --libs gtk+-2.0`
+ *
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <X11/Xlib.h>
+#include <gtk/gtk.h>
+#include <gdk/gdkx.h>
+
+static void
+report_failed_grab (const char *what)
+{
+ GtkWidget *err;
+
+ err = gtk_message_dialog_new(NULL, 0,
+ GTK_MESSAGE_ERROR,
+ GTK_BUTTONS_CLOSE,
+ "Could not grab %s. "
+ "A malicious client may be eavesdropping "
+ "on your session.", what);
+ gtk_window_set_position(GTK_WINDOW(err), GTK_WIN_POS_CENTER);
+ gtk_label_set_line_wrap(GTK_LABEL((GTK_MESSAGE_DIALOG(err))->label),
+ TRUE);
+
+ gtk_dialog_run(GTK_DIALOG(err));
+
+ gtk_widget_destroy(err);
+}
+
+static void
+ok_dialog(GtkWidget *entry, gpointer dialog)
+{
+ g_return_if_fail(GTK_IS_DIALOG(dialog));
+ gtk_dialog_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK);
+}
+
+static int
+passphrase_dialog(char *message)
+{
+ const char *failed;
+ char *passphrase, *local;
+ int result, grab_tries, grab_server, grab_pointer;
+ GtkWidget *dialog, *entry;
+ GdkGrabStatus status;
+
+ grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL);
+ grab_pointer = (getenv("GNOME_SSH_ASKPASS_GRAB_POINTER") != NULL);
+ grab_tries = 0;
+
+ dialog = gtk_message_dialog_new(NULL, 0,
+ GTK_MESSAGE_QUESTION,
+ GTK_BUTTONS_OK_CANCEL,
+ "%s",
+ message);
+
+ entry = gtk_entry_new();
+ gtk_box_pack_start(GTK_BOX(GTK_DIALOG(dialog)->vbox), entry, FALSE,
+ FALSE, 0);
+ gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE);
+ gtk_widget_grab_focus(entry);
+ gtk_widget_show(entry);
+
+ gtk_window_set_title(GTK_WINDOW(dialog), "OpenSSH");
+ gtk_window_set_position (GTK_WINDOW(dialog), GTK_WIN_POS_CENTER);
+ gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE);
+ gtk_label_set_line_wrap(GTK_LABEL((GTK_MESSAGE_DIALOG(dialog))->label),
+ TRUE);
+
+ /* Make <enter> close dialog */
+ gtk_dialog_set_default_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK);
+ g_signal_connect(G_OBJECT(entry), "activate",
+ G_CALLBACK(ok_dialog), dialog);
+
+ gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE);
+
+ /* Grab focus */
+ gtk_widget_show_now(dialog);
+ if (grab_pointer) {
+ for(;;) {
+ status = gdk_pointer_grab(
+ (GTK_WIDGET(dialog))->window, TRUE, 0, NULL,
+ NULL, GDK_CURRENT_TIME);
+ if (status == GDK_GRAB_SUCCESS)
+ break;
+ usleep(GRAB_WAIT * 1000);
+ if (++grab_tries > GRAB_TRIES) {
+ failed = "mouse";
+ goto nograb;
+ }
+ }
+ }
+ for(;;) {
+ status = gdk_keyboard_grab((GTK_WIDGET(dialog))->window,
+ FALSE, GDK_CURRENT_TIME);
+ if (status == GDK_GRAB_SUCCESS)
+ break;
+ usleep(GRAB_WAIT * 1000);
+ if (++grab_tries > GRAB_TRIES) {
+ failed = "keyboard";
+ goto nograbkb;
+ }
+ }
+ if (grab_server) {
+ gdk_x11_grab_server();
+ }
+
+ result = gtk_dialog_run(GTK_DIALOG(dialog));
+
+ /* Ungrab */
+ if (grab_server)
+ XUngrabServer(GDK_DISPLAY());
+ if (grab_pointer)
+ gdk_pointer_ungrab(GDK_CURRENT_TIME);
+ gdk_keyboard_ungrab(GDK_CURRENT_TIME);
+ gdk_flush();
+
+ /* Report passphrase if user selected OK */
+ passphrase = g_strdup(gtk_entry_get_text(GTK_ENTRY(entry)));
+ if (result == GTK_RESPONSE_OK) {
+ local = g_locale_from_utf8(passphrase, strlen(passphrase),
+ NULL, NULL, NULL);
+ if (local != NULL) {
+ puts(local);
+ memset(local, '\0', strlen(local));
+ g_free(local);
+ } else {
+ puts(passphrase);
+ }
+ }
+
+ /* Zero passphrase in memory */
+ memset(passphrase, '\b', strlen(passphrase));
+ gtk_entry_set_text(GTK_ENTRY(entry), passphrase);
+ memset(passphrase, '\0', strlen(passphrase));
+ g_free(passphrase);
+
+ gtk_widget_destroy(dialog);
+ return (result == GTK_RESPONSE_OK ? 0 : -1);
+
+ /* At least one grab failed - ungrab what we got, and report
+ the failure to the user. Note that XGrabServer() cannot
+ fail. */
+ nograbkb:
+ gdk_pointer_ungrab(GDK_CURRENT_TIME);
+ nograb:
+ if (grab_server)
+ XUngrabServer(GDK_DISPLAY());
+ gtk_widget_destroy(dialog);
+
+ report_failed_grab(failed);
+
+ return (-1);
+}
+
+int
+main(int argc, char **argv)
+{
+ char *message;
+ int result;
+
+ gtk_init(&argc, &argv);
+
+ if (argc > 1) {
+ message = g_strjoinv(" ", argv + 1);
+ } else {
+ message = g_strdup("Enter your OpenSSH passphrase:");
+ }
+
+ setvbuf(stdout, 0, _IONBF, 0);
+ result = passphrase_dialog(message);
+ g_free(message);
+
+ return (result);
+}
Added: vendor-crypto/openssh/dist/contrib/hpux/README
===================================================================
--- vendor-crypto/openssh/dist/contrib/hpux/README (rev 0)
+++ vendor-crypto/openssh/dist/contrib/hpux/README 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,45 @@
+README for OpenSSH HP-UX contrib files
+Kevin Steves <stevesk at pobox.com>
+
+sshd: configuration file for sshd.rc
+sshd.rc: SSH startup script
+egd: configuration file for egd.rc
+egd.rc: EGD (entropy gathering daemon) startup script
+
+To install:
+
+sshd.rc:
+
+o Verify paths in sshd.rc match your local installation
+ (WHAT_PATH and WHAT_PID)
+o Customize sshd if needed (SSHD_ARGS)
+o Install:
+
+ # cp sshd /etc/rc.config.d
+ # chmod 444 /etc/rc.config.d/sshd
+ # cp sshd.rc /sbin/init.d
+ # chmod 555 /sbin/init.d/sshd.rc
+ # ln -s /sbin/init.d/sshd.rc /sbin/rc1.d/K100sshd
+ # ln -s /sbin/init.d/sshd.rc /sbin/rc2.d/S900sshd
+
+egd.rc:
+
+o Verify egd.pl path in egd.rc matches your local installation
+ (WHAT_PATH)
+o Customize egd if needed (EGD_ARGS and EGD_LOG)
+o Add pseudo account:
+
+ # groupadd egd
+ # useradd -g egd egd
+ # mkdir -p /etc/opt/egd
+ # chown egd:egd /etc/opt/egd
+ # chmod 711 /etc/opt/egd
+
+o Install:
+
+ # cp egd /etc/rc.config.d
+ # chmod 444 /etc/rc.config.d/egd
+ # cp egd.rc /sbin/init.d
+ # chmod 555 /sbin/init.d/egd.rc
+ # ln -s /sbin/init.d/egd.rc /sbin/rc1.d/K600egd
+ # ln -s /sbin/init.d/egd.rc /sbin/rc2.d/S400egd
Added: vendor-crypto/openssh/dist/contrib/hpux/egd
===================================================================
--- vendor-crypto/openssh/dist/contrib/hpux/egd (rev 0)
+++ vendor-crypto/openssh/dist/contrib/hpux/egd 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,15 @@
+# EGD_START: Set to 1 to start entropy gathering daemon
+# EGD_ARGS: Command line arguments to pass to egd
+# EGD_LOG: EGD stdout and stderr log file (default /etc/opt/egd/egd.log)
+#
+# To configure the egd environment:
+
+# groupadd egd
+# useradd -g egd egd
+# mkdir -p /etc/opt/egd
+# chown egd:egd /etc/opt/egd
+# chmod 711 /etc/opt/egd
+
+EGD_START=1
+EGD_ARGS='/etc/opt/egd/entropy'
+EGD_LOG=
Added: vendor-crypto/openssh/dist/contrib/hpux/egd.rc
===================================================================
--- vendor-crypto/openssh/dist/contrib/hpux/egd.rc (rev 0)
+++ vendor-crypto/openssh/dist/contrib/hpux/egd.rc 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,98 @@
+#!/sbin/sh
+
+#
+# egd.rc: EGD start-up and shutdown script
+#
+
+# Allowed exit values:
+# 0 = success; causes "OK" to show up in checklist.
+# 1 = failure; causes "FAIL" to show up in checklist.
+# 2 = skip; causes "N/A" to show up in the checklist.
+# Use this value if execution of this script is overridden
+# by the use of a control variable, or if this script is not
+# appropriate to execute for some other reason.
+# 3 = reboot; causes the system to be rebooted after execution.
+
+# Input and output:
+# stdin is redirected from /dev/null
+#
+# stdout and stderr are redirected to the /etc/rc.log file
+# during checklist mode, or to the console in raw mode.
+
+umask 022
+
+PATH=/usr/sbin:/usr/bin:/sbin
+export PATH
+
+WHAT='EGD (entropy gathering daemon)'
+WHAT_PATH=/opt/perl/bin/egd.pl
+WHAT_CONFIG=/etc/rc.config.d/egd
+WHAT_LOG=/etc/opt/egd/egd.log
+
+# NOTE: If your script executes in run state 0 or state 1, then /usr might
+# not be available. Do not attempt to access commands or files in
+# /usr unless your script executes in run state 2 or greater. Other
+# file systems typically not mounted until run state 2 include /var
+# and /opt.
+
+rval=0
+
+# Check the exit value of a command run by this script. If non-zero, the
+# exit code is echoed to the log file and the return value of this script
+# is set to indicate failure.
+
+set_return() {
+ x=$?
+ if [ $x -ne 0 ]; then
+ echo "EXIT CODE: $x"
+ rval=1 # script FAILed
+ fi
+}
+
+case $1 in
+'start_msg')
+ echo "Starting $WHAT"
+ ;;
+
+'stop_msg')
+ echo "Stopping $WHAT"
+ ;;
+
+'start')
+ if [ -f $WHAT_CONFIG ] ; then
+ . $WHAT_CONFIG
+ else
+ echo "ERROR: $WHAT_CONFIG defaults file MISSING"
+ fi
+
+
+ if [ "$EGD_START" -eq 1 -a -x $WHAT_PATH ]; then
+ EGD_LOG=${EGD_LOG:-$WHAT_LOG}
+ su egd -c "nohup $WHAT_PATH $EGD_ARGS >$EGD_LOG 2>&1" &&
+ echo $WHAT started
+ set_return
+ else
+ rval=2
+ fi
+ ;;
+
+'stop')
+ pid=`ps -fuegd | awk '$1 == "egd" { print $2 }'`
+ if [ "X$pid" != "X" ]; then
+ if kill "$pid"; then
+ echo "$WHAT stopped"
+ else
+ rval=1
+ echo "Unable to stop $WHAT"
+ fi
+ fi
+ set_return
+ ;;
+
+*)
+ echo "usage: $0 {start|stop|start_msg|stop_msg}"
+ rval=1
+ ;;
+esac
+
+exit $rval
Added: vendor-crypto/openssh/dist/contrib/hpux/sshd
===================================================================
--- vendor-crypto/openssh/dist/contrib/hpux/sshd (rev 0)
+++ vendor-crypto/openssh/dist/contrib/hpux/sshd 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,5 @@
+# SSHD_START: Set to 1 to start SSH daemon
+# SSHD_ARGS: Command line arguments to pass to sshd
+#
+SSHD_START=1
+SSHD_ARGS=
Added: vendor-crypto/openssh/dist/contrib/hpux/sshd.rc
===================================================================
--- vendor-crypto/openssh/dist/contrib/hpux/sshd.rc (rev 0)
+++ vendor-crypto/openssh/dist/contrib/hpux/sshd.rc 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,90 @@
+#!/sbin/sh
+
+#
+# sshd.rc: SSH daemon start-up and shutdown script
+#
+
+# Allowed exit values:
+# 0 = success; causes "OK" to show up in checklist.
+# 1 = failure; causes "FAIL" to show up in checklist.
+# 2 = skip; causes "N/A" to show up in the checklist.
+# Use this value if execution of this script is overridden
+# by the use of a control variable, or if this script is not
+# appropriate to execute for some other reason.
+# 3 = reboot; causes the system to be rebooted after execution.
+
+# Input and output:
+# stdin is redirected from /dev/null
+#
+# stdout and stderr are redirected to the /etc/rc.log file
+# during checklist mode, or to the console in raw mode.
+
+PATH=/usr/sbin:/usr/bin:/sbin
+export PATH
+
+WHAT='OpenSSH'
+WHAT_PATH=/opt/openssh/sbin/sshd
+WHAT_PID=/var/run/sshd.pid
+WHAT_CONFIG=/etc/rc.config.d/sshd
+
+# NOTE: If your script executes in run state 0 or state 1, then /usr might
+# not be available. Do not attempt to access commands or files in
+# /usr unless your script executes in run state 2 or greater. Other
+# file systems typically not mounted until run state 2 include /var
+# and /opt.
+
+rval=0
+
+# Check the exit value of a command run by this script. If non-zero, the
+# exit code is echoed to the log file and the return value of this script
+# is set to indicate failure.
+
+set_return() {
+ x=$?
+ if [ $x -ne 0 ]; then
+ echo "EXIT CODE: $x"
+ rval=1 # script FAILed
+ fi
+}
+
+case $1 in
+'start_msg')
+ echo "Starting $WHAT"
+ ;;
+
+'stop_msg')
+ echo "Stopping $WHAT"
+ ;;
+
+'start')
+ if [ -f $WHAT_CONFIG ] ; then
+ . $WHAT_CONFIG
+ else
+ echo "ERROR: $WHAT_CONFIG defaults file MISSING"
+ fi
+
+ if [ "$SSHD_START" -eq 1 -a -x "$WHAT_PATH" ]; then
+ $WHAT_PATH $SSHD_ARGS && echo "$WHAT started"
+ set_return
+ else
+ rval=2
+ fi
+ ;;
+
+'stop')
+ if kill `cat $WHAT_PID`; then
+ echo "$WHAT stopped"
+ else
+ rval=1
+ echo "Unable to stop $WHAT"
+ fi
+ set_return
+ ;;
+
+*)
+ echo "usage: $0 {start|stop|start_msg|stop_msg}"
+ rval=1
+ ;;
+esac
+
+exit $rval
Added: vendor-crypto/openssh/dist/contrib/redhat/gnome-ssh-askpass.csh
===================================================================
--- vendor-crypto/openssh/dist/contrib/redhat/gnome-ssh-askpass.csh (rev 0)
+++ vendor-crypto/openssh/dist/contrib/redhat/gnome-ssh-askpass.csh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1 @@
+setenv SSH_ASKPASS /usr/libexec/openssh/gnome-ssh-askpass
Added: vendor-crypto/openssh/dist/contrib/redhat/gnome-ssh-askpass.sh
===================================================================
--- vendor-crypto/openssh/dist/contrib/redhat/gnome-ssh-askpass.sh (rev 0)
+++ vendor-crypto/openssh/dist/contrib/redhat/gnome-ssh-askpass.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,2 @@
+SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass
+export SSH_ASKPASS
Added: vendor-crypto/openssh/dist/contrib/redhat/openssh.spec
===================================================================
--- vendor-crypto/openssh/dist/contrib/redhat/openssh.spec (rev 0)
+++ vendor-crypto/openssh/dist/contrib/redhat/openssh.spec 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,812 @@
+%define ver 6.4p1
+%define rel 1
+
+# OpenSSH privilege separation requires a user & group ID
+%define sshd_uid 74
+%define sshd_gid 74
+
+# Version of ssh-askpass
+%define aversion 1.2.4.1
+
+# Do we want to disable building of x11-askpass? (1=yes 0=no)
+%define no_x11_askpass 0
+
+# Do we want to disable building of gnome-askpass? (1=yes 0=no)
+%define no_gnome_askpass 0
+
+# Do we want to link against a static libcrypto? (1=yes 0=no)
+%define static_libcrypto 0
+
+# Do we want smartcard support (1=yes 0=no)
+%define scard 0
+
+# Use GTK2 instead of GNOME in gnome-ssh-askpass
+%define gtk2 1
+
+# Is this build for RHL 6.x?
+%define build6x 0
+
+# Do we want kerberos5 support (1=yes 0=no)
+%define kerberos5 1
+
+# Reserve options to override askpass settings with:
+# rpm -ba|--rebuild --define 'skip_xxx 1'
+%{?skip_x11_askpass:%define no_x11_askpass 1}
+%{?skip_gnome_askpass:%define no_gnome_askpass 1}
+
+# Add option to build without GTK2 for older platforms with only GTK+.
+# RedHat <= 7.2 and Red Hat Advanced Server 2.1 are examples.
+# rpm -ba|--rebuild --define 'no_gtk2 1'
+%{?no_gtk2:%define gtk2 0}
+
+# Is this a build for RHL 6.x or earlier?
+%{?build_6x:%define build6x 1}
+
+# If this is RHL 6.x, the default configuration has sysconfdir in /usr/etc.
+%if %{build6x}
+%define _sysconfdir /etc
+%endif
+
+# Options for static OpenSSL link:
+# rpm -ba|--rebuild --define "static_openssl 1"
+%{?static_openssl:%define static_libcrypto 1}
+
+# Options for Smartcard support: (needs libsectok and openssl-engine)
+# rpm -ba|--rebuild --define "smartcard 1"
+%{?smartcard:%define scard 1}
+
+# Is this a build for the rescue CD (without PAM, with MD5)? (1=yes 0=no)
+%define rescue 0
+%{?build_rescue:%define rescue 1}
+
+# Turn off some stuff for resuce builds
+%if %{rescue}
+%define kerberos5 0
+%endif
+
+Summary: The OpenSSH implementation of SSH protocol versions 1 and 2.
+Name: openssh
+Version: %{ver}
+%if %{rescue}
+Release: %{rel}rescue
+%else
+Release: %{rel}
+%endif
+URL: http://www.openssh.com/portable.html
+Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
+%if ! %{no_x11_askpass}
+Source1: http://www.jmknoble.net/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.gz
+%endif
+License: BSD
+Group: Applications/Internet
+BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
+Obsoletes: ssh
+%if %{build6x}
+PreReq: initscripts >= 5.00
+%else
+Requires: initscripts >= 5.20
+%endif
+BuildRequires: perl, openssl-devel, tcp_wrappers
+BuildRequires: /bin/login
+%if ! %{build6x}
+BuildPreReq: glibc-devel, pam
+%else
+BuildRequires: /usr/include/security/pam_appl.h
+%endif
+%if ! %{no_x11_askpass}
+BuildRequires: /usr/include/X11/Xlib.h
+%endif
+%if ! %{no_gnome_askpass}
+BuildRequires: pkgconfig
+%endif
+%if %{kerberos5}
+BuildRequires: krb5-devel
+BuildRequires: krb5-libs
+%endif
+
+%package clients
+Summary: OpenSSH clients.
+Requires: openssh = %{version}-%{release}
+Group: Applications/Internet
+Obsoletes: ssh-clients
+
+%package server
+Summary: The OpenSSH server daemon.
+Group: System Environment/Daemons
+Obsoletes: ssh-server
+Requires: openssh = %{version}-%{release}, chkconfig >= 0.9
+%if ! %{build6x}
+Requires: /etc/pam.d/system-auth
+%endif
+
+%package askpass
+Summary: A passphrase dialog for OpenSSH and X.
+Group: Applications/Internet
+Requires: openssh = %{version}-%{release}
+Obsoletes: ssh-extras
+
+%package askpass-gnome
+Summary: A passphrase dialog for OpenSSH, X, and GNOME.
+Group: Applications/Internet
+Requires: openssh = %{version}-%{release}
+Obsoletes: ssh-extras
+
+%description
+SSH (Secure SHell) is a program for logging into and executing
+commands on a remote machine. SSH is intended to replace rlogin and
+rsh, and to provide secure encrypted communications between two
+untrusted hosts over an insecure network. X11 connections and
+arbitrary TCP/IP ports can also be forwarded over the secure channel.
+
+OpenSSH is OpenBSD's version of the last free version of SSH, bringing
+it up to date in terms of security and features, as well as removing
+all patented algorithms to separate libraries.
+
+This package includes the core files necessary for both the OpenSSH
+client and server. To make this package useful, you should also
+install openssh-clients, openssh-server, or both.
+
+%description clients
+OpenSSH is a free version of SSH (Secure SHell), a program for logging
+into and executing commands on a remote machine. This package includes
+the clients necessary to make encrypted connections to SSH servers.
+You'll also need to install the openssh package on OpenSSH clients.
+
+%description server
+OpenSSH is a free version of SSH (Secure SHell), a program for logging
+into and executing commands on a remote machine. This package contains
+the secure shell daemon (sshd). The sshd daemon allows SSH clients to
+securely connect to your SSH server. You also need to have the openssh
+package installed.
+
+%description askpass
+OpenSSH is a free version of SSH (Secure SHell), a program for logging
+into and executing commands on a remote machine. This package contains
+an X11 passphrase dialog for OpenSSH.
+
+%description askpass-gnome
+OpenSSH is a free version of SSH (Secure SHell), a program for logging
+into and executing commands on a remote machine. This package contains
+an X11 passphrase dialog for OpenSSH and the GNOME GUI desktop
+environment.
+
+%prep
+
+%if ! %{no_x11_askpass}
+%setup -q -a 1
+%else
+%setup -q
+%endif
+
+%build
+%if %{rescue}
+CFLAGS="$RPM_OPT_FLAGS -Os"; export CFLAGS
+%endif
+
+%if %{kerberos5}
+K5DIR=`rpm -ql krb5-devel | grep include/krb5.h | sed 's,\/include\/krb5.h,,'`
+echo K5DIR=$K5DIR
+%endif
+
+%configure \
+ --sysconfdir=%{_sysconfdir}/ssh \
+ --libexecdir=%{_libexecdir}/openssh \
+ --datadir=%{_datadir}/openssh \
+ --with-tcp-wrappers \
+ --with-rsh=%{_bindir}/rsh \
+ --with-default-path=/usr/local/bin:/bin:/usr/bin \
+ --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
+ --with-privsep-path=%{_var}/empty/sshd \
+ --with-md5-passwords \
+%if %{scard}
+ --with-smartcard \
+%endif
+%if %{rescue}
+ --without-pam \
+%else
+ --with-pam \
+%endif
+%if %{kerberos5}
+ --with-kerberos5=$K5DIR \
+%endif
+
+
+%if %{static_libcrypto}
+perl -pi -e "s|-lcrypto|%{_libdir}/libcrypto.a|g" Makefile
+%endif
+
+make
+
+%if ! %{no_x11_askpass}
+pushd x11-ssh-askpass-%{aversion}
+%configure --libexecdir=%{_libexecdir}/openssh
+xmkmf -a
+make
+popd
+%endif
+
+# Define a variable to toggle gnome1/gtk2 building. This is necessary
+# because RPM doesn't handle nested %if statements.
+%if %{gtk2}
+ gtk2=yes
+%else
+ gtk2=no
+%endif
+
+%if ! %{no_gnome_askpass}
+pushd contrib
+if [ $gtk2 = yes ] ; then
+ make gnome-ssh-askpass2
+ mv gnome-ssh-askpass2 gnome-ssh-askpass
+else
+ make gnome-ssh-askpass1
+ mv gnome-ssh-askpass1 gnome-ssh-askpass
+fi
+popd
+%endif
+
+%install
+rm -rf $RPM_BUILD_ROOT
+mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/ssh
+mkdir -p -m755 $RPM_BUILD_ROOT%{_libexecdir}/openssh
+mkdir -p -m755 $RPM_BUILD_ROOT%{_var}/empty/sshd
+
+make install DESTDIR=$RPM_BUILD_ROOT
+
+install -d $RPM_BUILD_ROOT/etc/pam.d/
+install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
+install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh
+%if %{build6x}
+install -m644 contrib/redhat/sshd.pam.old $RPM_BUILD_ROOT/etc/pam.d/sshd
+%else
+install -m644 contrib/redhat/sshd.pam $RPM_BUILD_ROOT/etc/pam.d/sshd
+%endif
+install -m755 contrib/redhat/sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
+
+%if ! %{no_x11_askpass}
+install -s x11-ssh-askpass-%{aversion}/x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/x11-ssh-askpass
+ln -s x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/ssh-askpass
+%endif
+
+%if ! %{no_gnome_askpass}
+install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass
+%endif
+
+%if ! %{scard}
+ rm -f $RPM_BUILD_ROOT/usr/share/openssh/Ssh.bin
+%endif
+
+%if ! %{no_gnome_askpass}
+install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
+install -m 755 contrib/redhat/gnome-ssh-askpass.csh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
+install -m 755 contrib/redhat/gnome-ssh-askpass.sh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
+%endif
+
+perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/man*/*
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%triggerun server -- ssh-server
+if [ "$1" != 0 -a -r /var/run/sshd.pid ] ; then
+ touch /var/run/sshd.restart
+fi
+
+%triggerun server -- openssh-server < 2.5.0p1
+# Count the number of HostKey and HostDsaKey statements we have.
+gawk 'BEGIN {IGNORECASE=1}
+ /^hostkey/ || /^hostdsakey/ {sawhostkey = sawhostkey + 1}
+ END {exit sawhostkey}' /etc/ssh/sshd_config
+# And if we only found one, we know the client was relying on the old default
+# behavior, which loaded the the SSH2 DSA host key when HostDsaKey wasn't
+# specified. Now that HostKey is used for both SSH1 and SSH2 keys, specifying
+# one nullifies the default, which would have loaded both.
+if [ $? -eq 1 ] ; then
+ echo HostKey /etc/ssh/ssh_host_rsa_key >> /etc/ssh/sshd_config
+ echo HostKey /etc/ssh/ssh_host_dsa_key >> /etc/ssh/sshd_config
+fi
+
+%triggerpostun server -- ssh-server
+if [ "$1" != 0 ] ; then
+ /sbin/chkconfig --add sshd
+ if test -f /var/run/sshd.restart ; then
+ rm -f /var/run/sshd.restart
+ /sbin/service sshd start > /dev/null 2>&1 || :
+ fi
+fi
+
+%pre server
+%{_sbindir}/groupadd -r -g %{sshd_gid} sshd 2>/dev/null || :
+%{_sbindir}/useradd -d /var/empty/sshd -s /bin/false -u %{sshd_uid} \
+ -g sshd -M -r sshd 2>/dev/null || :
+
+%post server
+/sbin/chkconfig --add sshd
+
+%postun server
+/sbin/service sshd condrestart > /dev/null 2>&1 || :
+
+%preun server
+if [ "$1" = 0 ]
+then
+ /sbin/service sshd stop > /dev/null 2>&1 || :
+ /sbin/chkconfig --del sshd
+fi
+
+%files
+%defattr(-,root,root)
+%doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW README* PROTOCOL* TODO
+%attr(0755,root,root) %{_bindir}/scp
+%attr(0644,root,root) %{_mandir}/man1/scp.1*
+%attr(0755,root,root) %dir %{_sysconfdir}/ssh
+%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli
+%if ! %{rescue}
+%attr(0755,root,root) %{_bindir}/ssh-keygen
+%attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1*
+%attr(0755,root,root) %dir %{_libexecdir}/openssh
+%attr(4711,root,root) %{_libexecdir}/openssh/ssh-keysign
+%attr(0755,root,root) %{_libexecdir}/openssh/ssh-pkcs11-helper
+%attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8*
+%attr(0644,root,root) %{_mandir}/man8/ssh-pkcs11-helper.8*
+%endif
+%if %{scard}
+%attr(0755,root,root) %dir %{_datadir}/openssh
+%attr(0644,root,root) %{_datadir}/openssh/Ssh.bin
+%endif
+
+%files clients
+%defattr(-,root,root)
+%attr(0755,root,root) %{_bindir}/ssh
+%attr(0644,root,root) %{_mandir}/man1/ssh.1*
+%attr(0644,root,root) %{_mandir}/man5/ssh_config.5*
+%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
+%attr(-,root,root) %{_bindir}/slogin
+%attr(-,root,root) %{_mandir}/man1/slogin.1*
+%if ! %{rescue}
+%attr(2755,root,nobody) %{_bindir}/ssh-agent
+%attr(0755,root,root) %{_bindir}/ssh-add
+%attr(0755,root,root) %{_bindir}/ssh-keyscan
+%attr(0755,root,root) %{_bindir}/sftp
+%attr(0644,root,root) %{_mandir}/man1/ssh-agent.1*
+%attr(0644,root,root) %{_mandir}/man1/ssh-add.1*
+%attr(0644,root,root) %{_mandir}/man1/ssh-keyscan.1*
+%attr(0644,root,root) %{_mandir}/man1/sftp.1*
+%endif
+
+%if ! %{rescue}
+%files server
+%defattr(-,root,root)
+%dir %attr(0111,root,root) %{_var}/empty/sshd
+%attr(0755,root,root) %{_sbindir}/sshd
+%attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
+%attr(0644,root,root) %{_mandir}/man8/sshd.8*
+%attr(0644,root,root) %{_mandir}/man5/moduli.5*
+%attr(0644,root,root) %{_mandir}/man5/sshd_config.5*
+%attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
+%attr(0755,root,root) %dir %{_sysconfdir}/ssh
+%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
+%attr(0600,root,root) %config(noreplace) /etc/pam.d/sshd
+%attr(0755,root,root) %config /etc/rc.d/init.d/sshd
+%endif
+
+%if ! %{no_x11_askpass}
+%files askpass
+%defattr(-,root,root)
+%doc x11-ssh-askpass-%{aversion}/README
+%doc x11-ssh-askpass-%{aversion}/ChangeLog
+%doc x11-ssh-askpass-%{aversion}/SshAskpass*.ad
+%attr(0755,root,root) %{_libexecdir}/openssh/ssh-askpass
+%attr(0755,root,root) %{_libexecdir}/openssh/x11-ssh-askpass
+%endif
+
+%if ! %{no_gnome_askpass}
+%files askpass-gnome
+%defattr(-,root,root)
+%attr(0755,root,root) %config %{_sysconfdir}/profile.d/gnome-ssh-askpass.*
+%attr(0755,root,root) %{_libexecdir}/openssh/gnome-ssh-askpass
+%endif
+
+%changelog
+* Wed Jul 14 2010 Tim Rice <tim at multitalents.net>
+- test for skip_x11_askpass (line 77) should have been for no_x11_askpass
+
+* Mon Jun 2 2003 Damien Miller <djm at mindrot.org>
+- Remove noip6 option. This may be controlled at run-time in client config
+ file using new AddressFamily directive
+
+* Mon May 12 2003 Damien Miller <djm at mindrot.org>
+- Don't install profile.d scripts when not building with GNOME/GTK askpass
+ (patch from bet at rahul.net)
+
+* Wed Oct 01 2002 Damien Miller <djm at mindrot.org>
+- Install ssh-agent setgid nobody to prevent ptrace() key theft attacks
+
+* Mon Sep 30 2002 Damien Miller <djm at mindrot.org>
+- Use contrib/ Makefile for building askpass programs
+
+* Fri Jun 21 2002 Damien Miller <djm at mindrot.org>
+- Merge in spec changes from seba at iq.pl (Sebastian Pachuta)
+- Add new {ssh,sshd}_config.5 manpages
+- Add new ssh-keysign program and remove setuid from ssh client
+
+* Fri May 10 2002 Damien Miller <djm at mindrot.org>
+- Merge in spec changes from RedHat, reorgansie a little
+- Add Privsep user, group and directory
+
+* Thu Mar 7 2002 Nalin Dahyabhai <nalin at redhat.com> 3.1p1-2
+- bump and grind (through the build system)
+
+* Thu Mar 7 2002 Nalin Dahyabhai <nalin at redhat.com> 3.1p1-1
+- require sharutils for building (mindrot #137)
+- require db1-devel only when building for 6.x (#55105), which probably won't
+ work anyway (3.1 requires OpenSSL 0.9.6 to build), but what the heck
+- require pam-devel by file (not by package name) again
+- add Markus's patch to compile with OpenSSL 0.9.5a (from
+ http://bugzilla.mindrot.org/show_bug.cgi?id=141) and apply it if we're
+ building for 6.x
+
+* Thu Mar 7 2002 Nalin Dahyabhai <nalin at redhat.com> 3.1p1-0
+- update to 3.1p1
+
+* Tue Mar 5 2002 Nalin Dahyabhai <nalin at redhat.com> SNAP-20020305
+- update to SNAP-20020305
+- drop debug patch, fixed upstream
+
+* Wed Feb 20 2002 Nalin Dahyabhai <nalin at redhat.com> SNAP-20020220
+- update to SNAP-20020220 for testing purposes (you've been warned, if there's
+ anything to be warned about, gss patches won't apply, I don't mind)
+
+* Wed Feb 13 2002 Nalin Dahyabhai <nalin at redhat.com> 3.0.2p1-3
+- add patches from Simon Wilkinson and Nicolas Williams for GSSAPI key
+ exchange, authentication, and named key support
+
+* Wed Jan 23 2002 Nalin Dahyabhai <nalin at redhat.com> 3.0.2p1-2
+- remove dependency on db1-devel, which has just been swallowed up whole
+ by gnome-libs-devel
+
+* Sun Dec 29 2001 Nalin Dahyabhai <nalin at redhat.com>
+- adjust build dependencies so that build6x actually works right (fix
+ from Hugo van der Kooij)
+
+* Tue Dec 4 2001 Nalin Dahyabhai <nalin at redhat.com> 3.0.2p1-1
+- update to 3.0.2p1
+
+* Fri Nov 16 2001 Nalin Dahyabhai <nalin at redhat.com> 3.0.1p1-1
+- update to 3.0.1p1
+
+* Tue Nov 13 2001 Nalin Dahyabhai <nalin at redhat.com>
+- update to current CVS (not for use in distribution)
+
+* Thu Nov 8 2001 Nalin Dahyabhai <nalin at redhat.com> 3.0p1-1
+- merge some of Damien Miller <djm at mindrot.org> changes from the upstream
+ 3.0p1 spec file and init script
+
+* Wed Nov 7 2001 Nalin Dahyabhai <nalin at redhat.com>
+- update to 3.0p1
+- update to x11-ssh-askpass 1.2.4.1
+- change build dependency on a file from pam-devel to the pam-devel package
+- replace primes with moduli
+
+* Thu Sep 27 2001 Nalin Dahyabhai <nalin at redhat.com> 2.9p2-9
+- incorporate fix from Markus Friedl's advisory for IP-based authorization bugs
+
+* Thu Sep 13 2001 Bernhard Rosenkraenzer <bero at redhat.com> 2.9p2-8
+- Merge changes to rescue build from current sysadmin survival cd
+
+* Thu Sep 6 2001 Nalin Dahyabhai <nalin at redhat.com> 2.9p2-7
+- fix scp's server's reporting of file sizes, and build with the proper
+ preprocessor define to get large-file capable open(), stat(), etc.
+ (sftp has been doing this correctly all along) (#51827)
+- configure without --with-ipv4-default on RHL 7.x and newer (#45987,#52247)
+- pull cvs patch to fix support for /etc/nologin for non-PAM logins (#47298)
+- mark profile.d scriptlets as config files (#42337)
+- refer to Jason Stone's mail for zsh workaround for exit-hanging quasi-bug
+- change a couple of log() statements to debug() statements (#50751)
+- pull cvs patch to add -t flag to sshd (#28611)
+- clear fd_sets correctly (one bit per FD, not one byte per FD) (#43221)
+
+* Mon Aug 20 2001 Nalin Dahyabhai <nalin at redhat.com> 2.9p2-6
+- add db1-devel as a BuildPrerequisite (noted by Hans Ecke)
+
+* Thu Aug 16 2001 Nalin Dahyabhai <nalin at redhat.com>
+- pull cvs patch to fix remote port forwarding with protocol 2
+
+* Thu Aug 9 2001 Nalin Dahyabhai <nalin at redhat.com>
+- pull cvs patch to add session initialization to no-pty sessions
+- pull cvs patch to not cut off challengeresponse auth needlessly
+- refuse to do X11 forwarding if xauth isn't there, handy if you enable
+ it by default on a system that doesn't have X installed (#49263)
+
+* Wed Aug 8 2001 Nalin Dahyabhai <nalin at redhat.com>
+- don't apply patches to code we don't intend to build (spotted by Matt Galgoci)
+
+* Mon Aug 6 2001 Nalin Dahyabhai <nalin at redhat.com>
+- pass OPTIONS correctly to initlog (#50151)
+
+* Wed Jul 25 2001 Nalin Dahyabhai <nalin at redhat.com>
+- switch to x11-ssh-askpass 1.2.2
+
+* Wed Jul 11 2001 Nalin Dahyabhai <nalin at redhat.com>
+- rebuild in new environment
+
+* Mon Jun 25 2001 Nalin Dahyabhai <nalin at redhat.com>
+- disable the gssapi patch
+
+* Mon Jun 18 2001 Nalin Dahyabhai <nalin at redhat.com>
+- update to 2.9p2
+- refresh to a new version of the gssapi patch
+
+* Thu Jun 7 2001 Nalin Dahyabhai <nalin at redhat.com>
+- change Copyright: BSD to License: BSD
+- add Markus Friedl's unverified patch for the cookie file deletion problem
+ so that we can verify it
+- drop patch to check if xauth is present (was folded into cookie patch)
+- don't apply gssapi patches for the errata candidate
+- clear supplemental groups list at startup
+
+* Fri May 25 2001 Nalin Dahyabhai <nalin at redhat.com>
+- fix an error parsing the new default sshd_config
+- add a fix from Markus Friedl (via openssh-unix-dev) for ssh-keygen not
+ dealing with comments right
+
+* Thu May 24 2001 Nalin Dahyabhai <nalin at redhat.com>
+- add in Simon Wilkinson's GSSAPI patch to give it some testing in-house,
+ to be removed before the next beta cycle because it's a big departure
+ from the upstream version
+
+* Thu May 3 2001 Nalin Dahyabhai <nalin at redhat.com>
+- finish marking strings in the init script for translation
+- modify init script to source /etc/sysconfig/sshd and pass $OPTIONS to sshd
+ at startup (change merged from openssh.com init script, originally by
+ Pekka Savola)
+- refuse to do X11 forwarding if xauth isn't there, handy if you enable
+ it by default on a system that doesn't have X installed
+
+* Wed May 2 2001 Nalin Dahyabhai <nalin at redhat.com>
+- update to 2.9
+- drop various patches that came from or went upstream or to or from CVS
+
+* Wed Apr 18 2001 Nalin Dahyabhai <nalin at redhat.com>
+- only require initscripts 5.00 on 6.2 (reported by Peter Bieringer)
+
+* Sun Apr 8 2001 Preston Brown <pbrown at redhat.com>
+- remove explicit openssl requirement, fixes builddistro issue
+- make initscript stop() function wait until sshd really dead to avoid
+ races in condrestart
+
+* Mon Apr 2 2001 Nalin Dahyabhai <nalin at redhat.com>
+- mention that challengereponse supports PAM, so disabling password doesn't
+ limit users to pubkey and rsa auth (#34378)
+- bypass the daemon() function in the init script and call initlog directly,
+ because daemon() won't start a daemon it detects is already running (like
+ open connections)
+- require the version of openssl we had when we were built
+
+* Fri Mar 23 2001 Nalin Dahyabhai <nalin at redhat.com>
+- make do_pam_setcred() smart enough to know when to establish creds and
+ when to reinitialize them
+- add in a couple of other fixes from Damien for inclusion in the errata
+
+* Thu Mar 22 2001 Nalin Dahyabhai <nalin at redhat.com>
+- update to 2.5.2p2
+- call setcred() again after initgroups, because the "creds" could actually
+ be group memberships
+
+* Tue Mar 20 2001 Nalin Dahyabhai <nalin at redhat.com>
+- update to 2.5.2p1 (includes endianness fixes in the rijndael implementation)
+- don't enable challenge-response by default until we find a way to not
+ have too many userauth requests (we may make up to six pubkey and up to
+ three password attempts as it is)
+- remove build dependency on rsh to match openssh.com's packages more closely
+
+* Sat Mar 3 2001 Nalin Dahyabhai <nalin at redhat.com>
+- remove dependency on openssl -- would need to be too precise
+
+* Fri Mar 2 2001 Nalin Dahyabhai <nalin at redhat.com>
+- rebuild in new environment
+
+* Mon Feb 26 2001 Nalin Dahyabhai <nalin at redhat.com>
+- Revert the patch to move pam_open_session.
+- Init script and spec file changes from Pekka Savola. (#28750)
+- Patch sftp to recognize '-o protocol' arguments. (#29540)
+
+* Thu Feb 22 2001 Nalin Dahyabhai <nalin at redhat.com>
+- Chuck the closing patch.
+- Add a trigger to add host keys for protocol 2 to the config file, now that
+ configuration file syntax requires us to specify it with HostKey if we
+ specify any other HostKey values, which we do.
+
+* Tue Feb 20 2001 Nalin Dahyabhai <nalin at redhat.com>
+- Redo patch to move pam_open_session after the server setuid()s to the user.
+- Rework the nopam patch to use be picked up by autoconf.
+
+* Mon Feb 19 2001 Nalin Dahyabhai <nalin at redhat.com>
+- Update for 2.5.1p1.
+- Add init script mods from Pekka Savola.
+- Tweak the init script to match the CVS contrib script more closely.
+- Redo patch to ssh-add to try to adding both identity and id_dsa to also try
+ adding id_rsa.
+
+* Fri Feb 16 2001 Nalin Dahyabhai <nalin at redhat.com>
+- Update for 2.5.0p1.
+- Use $RPM_OPT_FLAGS instead of -O when building gnome-ssh-askpass
+- Resync with parts of Damien Miller's openssh.spec from CVS, including
+ update of x11 askpass to 1.2.0.
+- Only require openssl (don't prereq) because we generate keys in the init
+ script now.
+
+* Tue Feb 13 2001 Nalin Dahyabhai <nalin at redhat.com>
+- Don't open a PAM session until we've forked and become the user (#25690).
+- Apply Andrew Bartlett's patch for letting pam_authenticate() know which
+ host the user is attempting a login from.
+- Resync with parts of Damien Miller's openssh.spec from CVS.
+- Don't expose KbdInt responses in debug messages (from CVS).
+- Detect and handle errors in rsa_{public,private}_decrypt (from CVS).
+
+* Wed Feb 7 2001 Trond Eivind Glomsrxd <teg at redhat.com>
+- i18n-tweak to initscript.
+
+* Tue Jan 23 2001 Nalin Dahyabhai <nalin at redhat.com>
+- More gettextizing.
+- Close all files after going into daemon mode (needs more testing).
+- Extract patch from CVS to handle auth banners (in the client).
+- Extract patch from CVS to handle compat weirdness.
+
+* Fri Jan 19 2001 Nalin Dahyabhai <nalin at redhat.com>
+- Finish with the gettextizing.
+
+* Thu Jan 18 2001 Nalin Dahyabhai <nalin at redhat.com>
+- Fix a bug in auth2-pam.c (#23877)
+- Gettextize the init script.
+
+* Wed Dec 20 2000 Nalin Dahyabhai <nalin at redhat.com>
+- Incorporate a switch for using PAM configs for 6.x, just in case.
+
+* Tue Dec 5 2000 Nalin Dahyabhai <nalin at redhat.com>
+- Incorporate Bero's changes for a build specifically for rescue CDs.
+
+* Wed Nov 29 2000 Nalin Dahyabhai <nalin at redhat.com>
+- Don't treat pam_setcred() failure as fatal unless pam_authenticate() has
+ succeeded, to allow public-key authentication after a failure with "none"
+ authentication. (#21268)
+
+* Tue Nov 28 2000 Nalin Dahyabhai <nalin at redhat.com>
+- Update to x11-askpass 1.1.1. (#21301)
+- Don't second-guess fixpaths, which causes paths to get fixed twice. (#21290)
+
+* Mon Nov 27 2000 Nalin Dahyabhai <nalin at redhat.com>
+- Merge multiple PAM text messages into subsequent prompts when possible when
+ doing keyboard-interactive authentication.
+
+* Sun Nov 26 2000 Nalin Dahyabhai <nalin at redhat.com>
+- Disable the built-in MD5 password support. We're using PAM.
+- Take a crack at doing keyboard-interactive authentication with PAM, and
+ enable use of it in the default client configuration so that the client
+ will try it when the server disallows password authentication.
+- Build with debugging flags. Build root policies strip all binaries anyway.
+
+* Tue Nov 21 2000 Nalin Dahyabhai <nalin at redhat.com>
+- Use DESTDIR instead of %%makeinstall.
+- Remove /usr/X11R6/bin from the path-fixing patch.
+
+* Mon Nov 20 2000 Nalin Dahyabhai <nalin at redhat.com>
+- Add the primes file from the latest snapshot to the main package (#20884).
+- Add the dev package to the prereq list (#19984).
+- Remove the default path and mimic login's behavior in the server itself.
+
+* Fri Nov 17 2000 Nalin Dahyabhai <nalin at redhat.com>
+- Resync with conditional options in Damien Miller's .spec file for an errata.
+- Change libexecdir from %%{_libexecdir}/ssh to %%{_libexecdir}/openssh.
+
+* Tue Nov 7 2000 Nalin Dahyabhai <nalin at redhat.com>
+- Update to OpenSSH 2.3.0p1.
+- Update to x11-askpass 1.1.0.
+- Enable keyboard-interactive authentication.
+
+* Mon Oct 30 2000 Nalin Dahyabhai <nalin at redhat.com>
+- Update to ssh-askpass-x11 1.0.3.
+- Change authentication related messages to be private (#19966).
+
+* Tue Oct 10 2000 Nalin Dahyabhai <nalin at redhat.com>
+- Patch ssh-keygen to be able to list signatures for DSA public key files
+ it generates.
+
+* Thu Oct 5 2000 Nalin Dahyabhai <nalin at redhat.com>
+- Add BuildRequires on /usr/include/security/pam_appl.h to be sure we always
+ build PAM authentication in.
+- Try setting SSH_ASKPASS if gnome-ssh-askpass is installed.
+- Clean out no-longer-used patches.
+- Patch ssh-add to try to add both identity and id_dsa, and to error only
+ when neither exists.
+
+* Mon Oct 2 2000 Nalin Dahyabhai <nalin at redhat.com>
+- Update x11-askpass to 1.0.2. (#17835)
+- Add BuildRequiress for /bin/login and /usr/bin/rsh so that configure will
+ always find them in the right place. (#17909)
+- Set the default path to be the same as the one supplied by /bin/login, but
+ add /usr/X11R6/bin. (#17909)
+- Try to handle obsoletion of ssh-server more cleanly. Package names
+ are different, but init script name isn't. (#17865)
+
+* Wed Sep 6 2000 Nalin Dahyabhai <nalin at redhat.com>
+- Update to 2.2.0p1. (#17835)
+- Tweak the init script to allow proper restarting. (#18023)
+
+* Wed Aug 23 2000 Nalin Dahyabhai <nalin at redhat.com>
+- Update to 20000823 snapshot.
+- Change subpackage requirements from %%{version} to %%{version}-%%{release}
+- Back out the pipe patch.
+
+* Mon Jul 17 2000 Nalin Dahyabhai <nalin at redhat.com>
+- Update to 2.1.1p4, which includes fixes for config file parsing problems.
+- Move the init script back.
+- Add Damien's quick fix for wackiness.
+
+* Wed Jul 12 2000 Nalin Dahyabhai <nalin at redhat.com>
+- Update to 2.1.1p3, which includes fixes for X11 forwarding and strtok().
+
+* Thu Jul 6 2000 Nalin Dahyabhai <nalin at redhat.com>
+- Move condrestart to server postun.
+- Move key generation to init script.
+- Actually use the right patch for moving the key generation to the init script.
+- Clean up the init script a bit.
+
+* Wed Jul 5 2000 Nalin Dahyabhai <nalin at redhat.com>
+- Fix X11 forwarding, from mail post by Chan Shih-Ping Richard.
+
+* Sun Jul 2 2000 Nalin Dahyabhai <nalin at redhat.com>
+- Update to 2.1.1p2.
+- Use of strtok() considered harmful.
+
+* Sat Jul 1 2000 Nalin Dahyabhai <nalin at redhat.com>
+- Get the build root out of the man pages.
+
+* Thu Jun 29 2000 Nalin Dahyabhai <nalin at redhat.com>
+- Add and use condrestart support in the init script.
+- Add newer initscripts as a prereq.
+
+* Tue Jun 27 2000 Nalin Dahyabhai <nalin at redhat.com>
+- Build in new environment (release 2)
+- Move -clients subpackage to Applications/Internet group
+
+* Fri Jun 9 2000 Nalin Dahyabhai <nalin at redhat.com>
+- Update to 2.2.1p1
+
+* Sat Jun 3 2000 Nalin Dahyabhai <nalin at redhat.com>
+- Patch to build with neither RSA nor RSAref.
+- Miscellaneous FHS-compliance tweaks.
+- Fix for possibly-compressed man pages.
+
+* Wed Mar 15 2000 Damien Miller <djm at ibs.com.au>
+- Updated for new location
+- Updated for new gnome-ssh-askpass build
+
+* Sun Dec 26 1999 Damien Miller <djm at mindrot.org>
+- Added Jim Knoble's <jmknoble at pobox.com> askpass
+
+* Mon Nov 15 1999 Damien Miller <djm at mindrot.org>
+- Split subpackages further based on patch from jim knoble <jmknoble at pobox.com>
+
+* Sat Nov 13 1999 Damien Miller <djm at mindrot.org>
+- Added 'Obsoletes' directives
+
+* Tue Nov 09 1999 Damien Miller <djm at ibs.com.au>
+- Use make install
+- Subpackages
+
+* Mon Nov 08 1999 Damien Miller <djm at ibs.com.au>
+- Added links for slogin
+- Fixed perms on manpages
+
+* Sat Oct 30 1999 Damien Miller <djm at ibs.com.au>
+- Renamed init script
+
+* Fri Oct 29 1999 Damien Miller <djm at ibs.com.au>
+- Back to old binary names
+
+* Thu Oct 28 1999 Damien Miller <djm at ibs.com.au>
+- Use autoconf
+- New binary names
+
+* Wed Oct 27 1999 Damien Miller <djm at ibs.com.au>
+- Initial RPMification, based on Jan "Yenya" Kasprzak's <kas at fi.muni.cz> spec.
Added: vendor-crypto/openssh/dist/contrib/redhat/sshd.init
===================================================================
--- vendor-crypto/openssh/dist/contrib/redhat/sshd.init (rev 0)
+++ vendor-crypto/openssh/dist/contrib/redhat/sshd.init 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,106 @@
+#!/bin/bash
+#
+# Init file for OpenSSH server daemon
+#
+# chkconfig: 2345 55 25
+# description: OpenSSH server daemon
+#
+# processname: sshd
+# config: /etc/ssh/ssh_host_key
+# config: /etc/ssh/ssh_host_key.pub
+# config: /etc/ssh/ssh_random_seed
+# config: /etc/ssh/sshd_config
+# pidfile: /var/run/sshd.pid
+
+# source function library
+. /etc/rc.d/init.d/functions
+
+# pull in sysconfig settings
+[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
+
+RETVAL=0
+prog="sshd"
+
+# Some functions to make the below more readable
+SSHD=/usr/sbin/sshd
+PID_FILE=/var/run/sshd.pid
+
+do_restart_sanity_check()
+{
+ $SSHD -t
+ RETVAL=$?
+ if [ $RETVAL -ne 0 ]; then
+ failure $"Configuration file or keys are invalid"
+ echo
+ fi
+}
+
+start()
+{
+ # Create keys if necessary
+ /usr/bin/ssh-keygen -A
+ if [ -x /sbin/restorecon ]; then
+ /sbin/restorecon /etc/ssh/ssh_host_key.pub
+ /sbin/restorecon /etc/ssh/ssh_host_rsa_key.pub
+ /sbin/restorecon /etc/ssh/ssh_host_dsa_key.pub
+ /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key.pub
+ fi
+
+ echo -n $"Starting $prog:"
+ $SSHD $OPTIONS && success || failure
+ RETVAL=$?
+ [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
+ echo
+}
+
+stop()
+{
+ echo -n $"Stopping $prog:"
+ killproc $SSHD -TERM
+ RETVAL=$?
+ [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/sshd
+ echo
+}
+
+reload()
+{
+ echo -n $"Reloading $prog:"
+ killproc $SSHD -HUP
+ RETVAL=$?
+ echo
+}
+
+case "$1" in
+ start)
+ start
+ ;;
+ stop)
+ stop
+ ;;
+ restart)
+ stop
+ start
+ ;;
+ reload)
+ reload
+ ;;
+ condrestart)
+ if [ -f /var/lock/subsys/sshd ] ; then
+ do_restart_sanity_check
+ if [ $RETVAL -eq 0 ] ; then
+ stop
+ # avoid race
+ sleep 3
+ start
+ fi
+ fi
+ ;;
+ status)
+ status $SSHD
+ RETVAL=$?
+ ;;
+ *)
+ echo $"Usage: $0 {start|stop|restart|reload|condrestart|status}"
+ RETVAL=1
+esac
+exit $RETVAL
Added: vendor-crypto/openssh/dist/contrib/redhat/sshd.init.old
===================================================================
--- vendor-crypto/openssh/dist/contrib/redhat/sshd.init.old (rev 0)
+++ vendor-crypto/openssh/dist/contrib/redhat/sshd.init.old 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,172 @@
+#!/bin/bash
+#
+# Init file for OpenSSH server daemon
+#
+# chkconfig: 2345 55 25
+# description: OpenSSH server daemon
+#
+# processname: sshd
+# config: /etc/ssh/ssh_host_key
+# config: /etc/ssh/ssh_host_key.pub
+# config: /etc/ssh/ssh_random_seed
+# config: /etc/ssh/sshd_config
+# pidfile: /var/run/sshd.pid
+
+# source function library
+. /etc/rc.d/init.d/functions
+
+# pull in sysconfig settings
+[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
+
+RETVAL=0
+prog="sshd"
+
+# Some functions to make the below more readable
+KEYGEN=/usr/bin/ssh-keygen
+SSHD=/usr/sbin/sshd
+RSA1_KEY=/etc/ssh/ssh_host_key
+RSA_KEY=/etc/ssh/ssh_host_rsa_key
+DSA_KEY=/etc/ssh/ssh_host_dsa_key
+PID_FILE=/var/run/sshd.pid
+
+my_success() {
+ local msg
+ if [ $# -gt 1 ]; then
+ msg="$2"
+ else
+ msg="done"
+ fi
+ case "`type -type success`" in
+ function)
+ success "$1"
+ ;;
+ *)
+ echo -n "${msg}"
+ ;;
+ esac
+}
+my_failure() {
+ local msg
+ if [ $# -gt 1 ]; then
+ msg="$2"
+ else
+ msg="FAILED"
+ fi
+ case "`type -type failure`" in
+ function)
+ failure "$1"
+ ;;
+ *)
+ echo -n "${msg}"
+ ;;
+ esac
+}
+do_rsa1_keygen() {
+ if [ ! -s $RSA1_KEY ]; then
+ echo -n "Generating SSH1 RSA host key: "
+ if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
+ chmod 600 $RSA1_KEY
+ chmod 644 $RSA1_KEY.pub
+ my_success "RSA1 key generation"
+ echo
+ else
+ my_failure "RSA1 key generation"
+ echo
+ exit 1
+ fi
+ fi
+}
+do_rsa_keygen() {
+ if [ ! -s $RSA_KEY ]; then
+ echo -n "Generating SSH2 RSA host key: "
+ if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
+ chmod 600 $RSA_KEY
+ chmod 644 $RSA_KEY.pub
+ my_success "RSA key generation"
+ echo
+ else
+ my_failure "RSA key generation"
+ echo
+ exit 1
+ fi
+ fi
+}
+do_dsa_keygen() {
+ if [ ! -s $DSA_KEY ]; then
+ echo -n "Generating SSH2 DSA host key: "
+ if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
+ chmod 600 $DSA_KEY
+ chmod 644 $DSA_KEY.pub
+ my_success "DSA key generation"
+ echo
+ else
+ my_failure "DSA key generation"
+ echo
+ exit 1
+ fi
+ fi
+}
+do_restart_sanity_check() {
+ $SSHD -t
+ RETVAL=$?
+ if [ ! "$RETVAL" = 0 ]; then
+ my_failure "Configuration file or keys"
+ echo
+ fi
+}
+
+
+case "$1" in
+ start)
+ # Create keys if necessary
+ do_rsa1_keygen;
+ do_rsa_keygen;
+ do_dsa_keygen;
+
+ echo -n "Starting sshd: "
+ if [ ! -f $PID_FILE ] ; then
+ sshd $OPTIONS
+ RETVAL=$?
+ if [ "$RETVAL" = "0" ] ; then
+ my_success "sshd startup" "sshd"
+ touch /var/lock/subsys/sshd
+ else
+ my_failure "sshd startup" ""
+ fi
+ fi
+ echo
+ ;;
+ stop)
+ echo -n "Shutting down sshd: "
+ if [ -f $PID_FILE ] ; then
+ killproc sshd
+ RETVAL=$?
+ [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/sshd
+ fi
+ echo
+ ;;
+ restart)
+ do_restart_sanity_check
+ $0 stop
+ $0 start
+ RETVAL=$?
+ ;;
+ condrestart)
+ if [ -f /var/lock/subsys/sshd ] ; then
+ do_restart_sanity_check
+ $0 stop
+ $0 start
+ RETVAL=$?
+ fi
+ ;;
+ status)
+ status sshd
+ RETVAL=$?
+ ;;
+ *)
+ echo "Usage: sshd {start|stop|restart|status|condrestart}"
+ exit 1
+ ;;
+esac
+
+exit $RETVAL
Added: vendor-crypto/openssh/dist/contrib/redhat/sshd.pam
===================================================================
--- vendor-crypto/openssh/dist/contrib/redhat/sshd.pam (rev 0)
+++ vendor-crypto/openssh/dist/contrib/redhat/sshd.pam 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth required pam_stack.so service=system-auth
+account required pam_nologin.so
+account required pam_stack.so service=system-auth
+password required pam_stack.so service=system-auth
+session required pam_stack.so service=system-auth
Added: vendor-crypto/openssh/dist/contrib/redhat/sshd.pam.old
===================================================================
--- vendor-crypto/openssh/dist/contrib/redhat/sshd.pam.old (rev 0)
+++ vendor-crypto/openssh/dist/contrib/redhat/sshd.pam.old 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,8 @@
+#%PAM-1.0
+auth required /lib/security/pam_pwdb.so shadow nodelay
+auth required /lib/security/pam_nologin.so
+account required /lib/security/pam_pwdb.so
+password required /lib/security/pam_cracklib.so
+password required /lib/security/pam_pwdb.so shadow nullok use_authtok
+session required /lib/security/pam_pwdb.so
+session required /lib/security/pam_limits.so
Added: vendor-crypto/openssh/dist/contrib/solaris/README
===================================================================
--- vendor-crypto/openssh/dist/contrib/solaris/README (rev 0)
+++ vendor-crypto/openssh/dist/contrib/solaris/README 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,30 @@
+The following is a new package build script for Solaris. This is being
+introduced into OpenSSH 3.0 and above in hopes of simplifying the build
+process. As of 3.1p2 the script should work on all platforms that have
+SVR4 style package tools.
+
+The build process is called a 'dummy install'.. Which means the software does
+a "make install-nokeys DESTDIR=[fakeroot]". This way all manpages should
+be handled correctly and key are defered until the first time the sshd
+is started.
+
+Directions:
+
+1. make -F Makefile.in distprep (Only if you are getting from the CVS tree)
+2. ./configure --with-pam [..any other options you want..]
+3. look at the top of buildpkg.sh for the configurable options and put
+ any changes you want in openssh-config.local. Additional customizations
+ can be done to the build process by creating one or more of the following
+ scripts that will be sourced by buildpkg.sh.
+ pkg_post_make_install_fixes.sh pkg-post-prototype-edit.sh
+ pkg-preinstall.local pkg-postinstall.local pkg-preremove.local
+ pkg-postremove.local pkg-request.local
+4. Run "make package"
+
+If all goes well you should have a solaris package ready to be installed.
+
+If you have any problems with this script please post them to
+openssh-unix-dev at mindrot.org and I will try to assist you as best as I can.
+
+- Ben Lindstrom
+
Added: vendor-crypto/openssh/dist/contrib/ssh-copy-id
===================================================================
--- vendor-crypto/openssh/dist/contrib/ssh-copy-id (rev 0)
+++ vendor-crypto/openssh/dist/contrib/ssh-copy-id 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,300 @@
+#!/bin/sh
+
+# Copyright (c) 1999-2013 Philip Hands <phil at hands.com>
+# 2013 Martin Kletzander <mkletzan at redhat.com>
+# 2010 Adeodato =?iso-8859-1?Q?Sim=F3?= <asp16 at alu.ua.es>
+# 2010 Eric Moret <eric.moret at gmail.com>
+# 2009 Xr <xr at i-jeuxvideo.com>
+# 2007 Justin Pryzby <justinpryzby at users.sourceforge.net>
+# 2004 Reini Urban <rurban at x-ray.at>
+# 2003 Colin Watson <cjwatson at debian.org>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# Shell script to install your public key(s) on a remote machine
+# See the ssh-copy-id(1) man page for details
+
+# check that we have something mildly sane as our shell, or try to find something better
+if false ^ printf "%s: WARNING: ancient shell, hunting for a more modern one... " "$0"
+then
+ SANE_SH=${SANE_SH:-/usr/bin/ksh}
+ if printf 'true ^ false\n' | "$SANE_SH"
+ then
+ printf "'%s' seems viable.\n" "$SANE_SH"
+ exec "$SANE_SH" "$0" "$@"
+ else
+ cat <<-EOF
+ oh dear.
+
+ If you have a more recent shell available, that supports \$(...) etc.
+ please try setting the environment variable SANE_SH to the path of that
+ shell, and then retry running this script. If that works, please report
+ a bug describing your setup, and the shell you used to make it work.
+
+ EOF
+ printf "%s: ERROR: Less dimwitted shell required.\n" "$0"
+ exit 1
+ fi
+fi
+
+DEFAULT_PUB_ID_FILE=$(ls -t ${HOME}/.ssh/id*.pub 2>/dev/null | grep -v -- '-cert.pub$' | head -n 1)
+
+usage () {
+ printf 'Usage: %s [-h|-?|-n] [-i [identity_file]] [-p port] [[-o <ssh -o options>] ...] [user@]hostname\n' "$0" >&2
+ exit 1
+}
+
+# escape any single quotes in an argument
+quote() {
+ printf "%s\n" "$1" | sed -e "s/'/'\\\\''/g"
+}
+
+use_id_file() {
+ local L_ID_FILE="$1"
+
+ if expr "$L_ID_FILE" : ".*\.pub$" >/dev/null ; then
+ PUB_ID_FILE="$L_ID_FILE"
+ else
+ PUB_ID_FILE="$L_ID_FILE.pub"
+ fi
+
+ PRIV_ID_FILE=$(dirname "$PUB_ID_FILE")/$(basename "$PUB_ID_FILE" .pub)
+
+ # check that the files are readable
+ for f in $PUB_ID_FILE $PRIV_ID_FILE ; do
+ ErrMSG=$( { : < $f ; } 2>&1 ) || {
+ printf "\n%s: ERROR: failed to open ID file '%s': %s\n\n" "$0" "$f" "$(printf "%s\n" "$ErrMSG" | sed -e 's/.*: *//')"
+ exit 1
+ }
+ done
+ GET_ID="cat \"$PUB_ID_FILE\""
+}
+
+if [ -n "$SSH_AUTH_SOCK" ] && ssh-add -L >/dev/null 2>&1 ; then
+ GET_ID="ssh-add -L"
+fi
+
+while test "$#" -gt 0
+do
+ [ "${SEEN_OPT_I}" ] && expr "$1" : "[-]i" >/dev/null && {
+ printf "\n%s: ERROR: -i option must not be specified more than once\n\n" "$0"
+ usage
+ }
+
+ OPT= OPTARG=
+ # implement something like getopt to avoid Solaris pain
+ case "$1" in
+ -i?*|-o?*|-p?*)
+ OPT="$(printf -- "$1"|cut -c1-2)"
+ OPTARG="$(printf -- "$1"|cut -c3-)"
+ shift
+ ;;
+ -o|-p)
+ OPT="$1"
+ OPTARG="$2"
+ shift 2
+ ;;
+ -i)
+ OPT="$1"
+ test "$#" -le 2 || expr "$2" : "[-]" >/dev/null || {
+ OPTARG="$2"
+ shift
+ }
+ shift
+ ;;
+ -n|-h|-\?)
+ OPT="$1"
+ OPTARG=
+ shift
+ ;;
+ --)
+ shift
+ while test "$#" -gt 0
+ do
+ SAVEARGS="${SAVEARGS:+$SAVEARGS }'$(quote "$1")'"
+ shift
+ done
+ break
+ ;;
+ -*)
+ printf "\n%s: ERROR: invalid option (%s)\n\n" "$0" "$1"
+ usage
+ ;;
+ *)
+ SAVEARGS="${SAVEARGS:+$SAVEARGS }'$(quote "$1")'"
+ shift
+ continue
+ ;;
+ esac
+
+ case "$OPT" in
+ -i)
+ SEEN_OPT_I="yes"
+ use_id_file "${OPTARG:-$DEFAULT_PUB_ID_FILE}"
+ ;;
+ -o|-p)
+ SSH_OPTS="${SSH_OPTS:+$SSH_OPTS }$OPT '$(quote "$OPTARG")'"
+ ;;
+ -n)
+ DRY_RUN=1
+ ;;
+ -h|-\?)
+ usage
+ ;;
+ esac
+done
+
+eval set -- "$SAVEARGS"
+
+if [ $# = 0 ] ; then
+ usage
+fi
+if [ $# != 1 ] ; then
+ printf '%s: ERROR: Too many arguments. Expecting a target hostname, got: %s\n\n' "$0" "$SAVEARGS" >&2
+ usage
+fi
+
+# drop trailing colon
+USER_HOST=$(printf "%s\n" "$1" | sed 's/:$//')
+# tack the hostname onto SSH_OPTS
+SSH_OPTS="${SSH_OPTS:+$SSH_OPTS }'$(quote "$USER_HOST")'"
+# and populate "$@" for later use (only way to get proper quoting of options)
+eval set -- "$SSH_OPTS"
+
+if [ -z "$(eval $GET_ID)" ] && [ -r "${PUB_ID_FILE:=$DEFAULT_PUB_ID_FILE}" ] ; then
+ use_id_file "$PUB_ID_FILE"
+fi
+
+if [ -z "$(eval $GET_ID)" ] ; then
+ printf '%s: ERROR: No identities found\n' "$0" >&2
+ exit 1
+fi
+
+# populate_new_ids() uses several global variables ($USER_HOST, $SSH_OPTS ...)
+# and has the side effect of setting $NEW_IDS
+populate_new_ids() {
+ local L_SUCCESS="$1"
+
+ # repopulate "$@" inside this function
+ eval set -- "$SSH_OPTS"
+
+ umask 0177
+ local L_TMP_ID_FILE=$(mktemp ~/.ssh/ssh-copy-id_id.XXXXXXXXXX)
+ if test $? -ne 0 || test "x$L_TMP_ID_FILE" = "x" ; then
+ echo "mktemp failed" 1>&2
+ exit 1
+ fi
+ trap "rm -f $L_TMP_ID_FILE ${L_TMP_ID_FILE}.pub" EXIT TERM INT QUIT
+ printf '%s: INFO: attempting to log in with the new key(s), to filter out any that are already installed\n' "$0" >&2
+ NEW_IDS=$(
+ eval $GET_ID | {
+ while read ID ; do
+ printf '%s\n' "$ID" > $L_TMP_ID_FILE
+
+ # the next line assumes $PRIV_ID_FILE only set if using a single id file - this
+ # assumption will break if we implement the possibility of multiple -i options.
+ # The point being that if file based, ssh needs the private key, which it cannot
+ # find if only given the contents of the .pub file in an unrelated tmpfile
+ ssh -i "${PRIV_ID_FILE:-$L_TMP_ID_FILE}" \
+ -o PreferredAuthentications=publickey \
+ -o IdentitiesOnly=yes "$@" exit 2>$L_TMP_ID_FILE.stderr </dev/null
+ if [ "$?" = "$L_SUCCESS" ] ; then
+ : > $L_TMP_ID_FILE
+ else
+ grep 'Permission denied' $L_TMP_ID_FILE.stderr >/dev/null || {
+ sed -e 's/^/ERROR: /' <$L_TMP_ID_FILE.stderr >$L_TMP_ID_FILE
+ cat >/dev/null #consume the other keys, causing loop to end
+ }
+ fi
+
+ cat $L_TMP_ID_FILE
+ done
+ }
+ )
+ rm -f $L_TMP_ID_FILE* && trap - EXIT TERM INT QUIT
+
+ if expr "$NEW_IDS" : "^ERROR: " >/dev/null ; then
+ printf '\n%s: %s\n\n' "$0" "$NEW_IDS" >&2
+ exit 1
+ fi
+ if [ -z "$NEW_IDS" ] ; then
+ printf '\n%s: WARNING: All keys were skipped because they already exist on the remote system.\n\n' "$0" >&2
+ exit 0
+ fi
+ printf '%s: INFO: %d key(s) remain to be installed -- if you are prompted now it is to install the new keys\n' "$0" "$(printf '%s\n' "$NEW_IDS" | wc -l)" >&2
+}
+
+REMOTE_VERSION=$(ssh -v -o PreferredAuthentications=',' "$@" 2>&1 |
+ sed -ne 's/.*remote software version //p')
+
+case "$REMOTE_VERSION" in
+ NetScreen*)
+ populate_new_ids 1
+ for KEY in $(printf "%s" "$NEW_IDS" | cut -d' ' -f2) ; do
+ KEY_NO=$(($KEY_NO + 1))
+ printf "%s\n" "$KEY" | grep ssh-dss >/dev/null || {
+ printf '%s: WARNING: Non-dsa key (#%d) skipped (NetScreen only supports DSA keys)\n' "$0" "$KEY_NO" >&2
+ continue
+ }
+ [ "$DRY_RUN" ] || printf 'set ssh pka-dsa key %s\nsave\nexit\n' "$KEY" | ssh -T "$@" >/dev/null 2>&1
+ if [ $? = 255 ] ; then
+ printf '%s: ERROR: installation of key #%d failed (please report a bug describing what caused this, so that we can make this message useful)\n' "$0" "$KEY_NO" >&2
+ else
+ ADDED=$(($ADDED + 1))
+ fi
+ done
+ if [ -z "$ADDED" ] ; then
+ exit 1
+ fi
+ ;;
+ *)
+ # Assuming that the remote host treats ~/.ssh/authorized_keys as one might expect
+ populate_new_ids 0
+ [ "$DRY_RUN" ] || printf '%s\n' "$NEW_IDS" | ssh "$@" "
+ umask 077 ;
+ mkdir -p .ssh && cat >> .ssh/authorized_keys || exit 1 ;
+ if type restorecon >/dev/null 2>&1 ; then restorecon -F .ssh .ssh/authorized_keys ; fi" \
+ || exit 1
+ ADDED=$(printf '%s\n' "$NEW_IDS" | wc -l)
+ ;;
+esac
+
+if [ "$DRY_RUN" ] ; then
+ cat <<-EOF
+ =-=-=-=-=-=-=-=
+ Would have added the following key(s):
+
+ $NEW_IDS
+ =-=-=-=-=-=-=-=
+ EOF
+else
+ cat <<-EOF
+
+ Number of key(s) added: $ADDED
+
+ Now try logging into the machine, with: "ssh $SSH_OPTS"
+ and check to make sure that only the key(s) you wanted were added.
+
+ EOF
+fi
+
+# =-=-=-=
Added: vendor-crypto/openssh/dist/contrib/ssh-copy-id.1
===================================================================
--- vendor-crypto/openssh/dist/contrib/ssh-copy-id.1 (rev 0)
+++ vendor-crypto/openssh/dist/contrib/ssh-copy-id.1 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,186 @@
+.ig \" -*- nroff -*-
+Copyright (c) 1999-2013 hands.com Ltd. <http://hands.com/>
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+..
+.Dd $Mdocdate: June 17 2010 $
+.Dt SSH-COPY-ID 1
+.Os
+.Sh NAME
+.Nm ssh-copy-id
+.Nd use locally available keys to authorise logins on a remote machine
+.Sh SYNOPSIS
+.Nm
+.Op Fl n
+.Op Fl i Op Ar identity_file
+.Op Fl p Ar port
+.Op Fl o Ar ssh_option
+.Op Ar user Ns @ Ns
+.Ar hostname
+.Nm
+.Fl h | Fl ?
+.br
+.Sh DESCRIPTION
+.Nm
+is a script that uses
+.Xr ssh 1
+to log into a remote machine (presumably using a login password,
+so password authentication should be enabled, unless you've done some
+clever use of multiple identities). It assembles a list of one or more
+fingerprints (as described below) and tries to log in with each key, to
+see if any of them are already installed (of course, if you are not using
+.Xr ssh-agent 1
+this may result in you being repeatedly prompted for pass-phrases).
+It then assembles a list of those that failed to log in, and using ssh,
+enables logins with those keys on the remote server. By default it adds
+the keys by appending them to the remote user's
+.Pa ~/.ssh/authorized_keys
+(creating the file, and directory, if necessary). It is also capable
+of detecting if the remote system is a NetScreen, and using its
+.Ql set ssh pka-dsa key ...
+command instead.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl i Ar identity_file
+Use only the key(s) contained in
+.Ar identity_file
+(rather than looking for identities via
+.Xr ssh-add 1
+or in the
+.Ic default_ID_file ) .
+If the filename does not end in
+.Pa .pub
+this is added. If the filename is omitted, the
+.Ic default_ID_file
+is used.
+.Pp
+Note that this can be used to ensure that the keys copied have the
+comment one prefers and/or extra options applied, by ensuring that the
+key file has these set as preferred before the copy is attempted.
+.It Fl n
+do a dry-run. Instead of installing keys on the remote system simply
+prints the key(s) that would have been installed.
+.It Fl h , Fl ?
+Print Usage summary
+.It Fl p Ar port , Fl o Ar ssh_option
+These two options are simply passed through untouched, along with their
+argument, to allow one to set the port or other
+.Xr ssh 1
+options, respectively.
+.Pp
+Rather than specifying these as command line options, it is often better to use (per-host) settings in
+.Xr ssh 1 Ns 's
+configuration file:
+.Xr ssh_config 5 .
+.El
+.Pp
+Default behaviour without
+.Fl i ,
+is to check if
+.Ql ssh-add -L
+provides any output, and if so those keys are used. Note that this results in
+the comment on the key being the filename that was given to
+.Xr ssh-add 1
+when the key was loaded into your
+.Xr ssh-agent 1
+rather than the comment contained in that file, which is a bit of a shame.
+Otherwise, if
+.Xr ssh-add 1
+provides no keys contents of the
+.Ic default_ID_file
+will be used.
+.Pp
+The
+.Ic default_ID_file
+is the most recent file that matches:
+.Pa ~/.ssh/id*.pub ,
+(excluding those that match
+.Pa ~/.ssh/*-cert.pub )
+so if you create a key that is not the one you want
+.Nm
+to use, just use
+.Xr touch 1
+on your preferred key's
+.Pa .pub
+file to reinstate it as the most recent.
+.Pp
+.Sh EXAMPLES
+If you have already installed keys from one system on a lot of remote
+hosts, and you then create a new key, on a new client machine, say,
+it can be difficult to keep track of which systems on which you've
+installed the new key. One way of dealing with this is to load both
+the new key and old key(s) into your
+.Xr ssh-agent 1 .
+Load the new key first, without the
+.Fl c
+option, then load one or more old keys into the agent, possibly by
+ssh-ing to the client machine that has that old key, using the
+.Fl A
+option to allow agent forwarding:
+.Pp
+.D1 user at newclient$ ssh-add
+.D1 user at newclient$ ssh -A old.client
+.D1 user at oldl$ ssh-add -c
+.D1 No ... prompt for pass-phrase ...
+.D1 user at old$ logoff
+.D1 user at newclient$ ssh someserver
+.Pp
+now, if the new key is installed on the server, you'll be allowed in
+unprompted, whereas if you only have the old key(s) enabled, you'll be
+asked for confirmation, which is your cue to log back out and run
+.Pp
+.D1 user at newclient$ ssh-copy-id -i someserver
+.Pp
+The reason you might want to specify the -i option in this case is to
+ensure that the comment on the installed key is the one from the
+.Pa .pub
+file, rather than just the filename that was loaded into you agent.
+It also ensures that only the id you intended is installed, rather than
+all the keys that you have in your
+.Xr ssh-agent 1 .
+Of course, you can specify another id, or use the contents of the
+.Xr ssh-agent 1
+as you prefer.
+.Pp
+Having mentioned
+.Xr ssh-add 1 Ns 's
+.Fl c
+option, you might consider using this whenever using agent forwarding
+to avoid your key being hijacked, but it is much better to instead use
+.Xr ssh 1 Ns 's
+.Ar ProxyCommand
+and
+.Fl W
+option,
+to bounce through remote servers while always doing direct end-to-end
+authentication. This way the middle hop(s) don't get access to your
+.Xr ssh-agent 1 .
+A web search for
+.Ql ssh proxycommand nc
+should prove enlightening (N.B. the modern approach is to use the
+.Fl W
+option, rather than
+.Xr nc 1 ) .
+.Sh "SEE ALSO"
+.Xr ssh 1 ,
+.Xr ssh-agent 1 ,
+.Xr sshd 8
Added: vendor-crypto/openssh/dist/contrib/sshd.pam.freebsd
===================================================================
--- vendor-crypto/openssh/dist/contrib/sshd.pam.freebsd (rev 0)
+++ vendor-crypto/openssh/dist/contrib/sshd.pam.freebsd 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,5 @@
+sshd auth required pam_unix.so try_first_pass
+sshd account required pam_unix.so
+sshd password required pam_permit.so
+sshd session required pam_permit.so
+
Added: vendor-crypto/openssh/dist/contrib/sshd.pam.generic
===================================================================
--- vendor-crypto/openssh/dist/contrib/sshd.pam.generic (rev 0)
+++ vendor-crypto/openssh/dist/contrib/sshd.pam.generic 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,8 @@
+#%PAM-1.0
+auth required /lib/security/pam_unix.so shadow nodelay
+account required /lib/security/pam_nologin.so
+account required /lib/security/pam_unix.so
+password required /lib/security/pam_cracklib.so
+password required /lib/security/pam_unix.so shadow nullok use_authtok
+session required /lib/security/pam_unix.so
+session required /lib/security/pam_limits.so
Added: vendor-crypto/openssh/dist/contrib/suse/openssh.spec
===================================================================
--- vendor-crypto/openssh/dist/contrib/suse/openssh.spec (rev 0)
+++ vendor-crypto/openssh/dist/contrib/suse/openssh.spec 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,246 @@
+# Default values for additional components
+%define build_x11_askpass 1
+
+# Define the UID/GID to use for privilege separation
+%define sshd_gid 65
+%define sshd_uid 71
+
+# The version of x11-ssh-askpass to use
+%define xversion 1.2.4.1
+
+# Allow the ability to override defaults with -D skip_xxx=1
+%{?skip_x11_askpass:%define build_x11_askpass 0}
+
+Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
+Name: openssh
+Version: 6.4p1
+URL: http://www.openssh.com/
+Release: 1
+Source0: openssh-%{version}.tar.gz
+Source1: x11-ssh-askpass-%{xversion}.tar.gz
+License: BSD
+Group: Productivity/Networking/SSH
+BuildRoot: %{_tmppath}/openssh-%{version}-buildroot
+PreReq: openssl
+Obsoletes: ssh
+Provides: ssh
+#
+# (Build[ing] Prereq[uisites] only work for RPM 2.95 and newer.)
+# building prerequisites -- stuff for
+# OpenSSL (openssl-devel),
+# TCP Wrappers (tcpd-devel),
+# and Gnome (glibdev, gtkdev, and gnlibsd)
+#
+BuildPrereq: openssl
+BuildPrereq: tcpd-devel
+BuildPrereq: zlib-devel
+#BuildPrereq: glibdev
+#BuildPrereq: gtkdev
+#BuildPrereq: gnlibsd
+
+%package askpass
+Summary: A passphrase dialog for OpenSSH and the X window System.
+Group: Productivity/Networking/SSH
+Requires: openssh = %{version}
+Obsoletes: ssh-extras
+Provides: openssh:${_libdir}/ssh/ssh-askpass
+
+%if %{build_x11_askpass}
+BuildPrereq: XFree86-devel
+%endif
+
+%description
+Ssh (Secure Shell) is a program for logging into a remote machine and for
+executing commands in a remote machine. It is intended to replace
+rlogin and rsh, and provide secure encrypted communications between
+two untrusted hosts over an insecure network. X11 connections and
+arbitrary TCP/IP ports can also be forwarded over the secure channel.
+
+OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
+up to date in terms of security and features, as well as removing all
+patented algorithms to seperate libraries (OpenSSL).
+
+This package includes all files necessary for both the OpenSSH
+client and server.
+
+%description askpass
+Ssh (Secure Shell) is a program for logging into a remote machine and for
+executing commands in a remote machine. It is intended to replace
+rlogin and rsh, and provide secure encrypted communications between
+two untrusted hosts over an insecure network. X11 connections and
+arbitrary TCP/IP ports can also be forwarded over the secure channel.
+
+OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
+up to date in terms of security and features, as well as removing all
+patented algorithms to seperate libraries (OpenSSL).
+
+This package contains an X Window System passphrase dialog for OpenSSH.
+
+%changelog
+* Wed Oct 26 2005 Iain Morgan <imorgan at nas.nasa.gov>
+- Removed accidental inclusion of --without-zlib-version-check
+* Tue Oct 25 2005 Iain Morgan <imorgan at nas.nasa.gov>
+- Overhaul to deal with newer versions of SuSE and OpenSSH
+* Mon Jun 12 2000 Damien Miller <djm at mindrot.org>
+- Glob manpages to catch compressed files
+* Wed Mar 15 2000 Damien Miller <djm at ibs.com.au>
+- Updated for new location
+- Updated for new gnome-ssh-askpass build
+* Sun Dec 26 1999 Chris Saia <csaia at wtower.com>
+- Made symlink to gnome-ssh-askpass called ssh-askpass
+* Wed Nov 24 1999 Chris Saia <csaia at wtower.com>
+- Removed patches that included /etc/pam.d/sshd, /sbin/init.d/rc.sshd, and
+ /var/adm/fillup-templates/rc.config.sshd, since Damien merged these into
+ his released tarfile
+- Changed permissions on ssh_config in the install procedure to 644 from 600
+ even though it was correct in the %files section and thus right in the RPMs
+- Postinstall script for the server now only prints "Generating SSH host
+ key..." if we need to actually do this, in order to eliminate a confusing
+ message if an SSH host key is already in place
+- Marked all manual pages as %doc(umentation)
+* Mon Nov 22 1999 Chris Saia <csaia at wtower.com>
+- Added flag to configure daemon with TCP Wrappers support
+- Added building prerequisites (works in RPM 3.0 and newer)
+* Thu Nov 18 1999 Chris Saia <csaia at wtower.com>
+- Made this package correct for SuSE.
+- Changed instances of pam_pwdb.so to pam_unix.so, since it works more properly
+ with SuSE, and lib_pwdb.so isn't installed by default.
+* Mon Nov 15 1999 Damien Miller <djm at mindrot.org>
+- Split subpackages further based on patch from jim knoble <jmknoble at pobox.com>
+* Sat Nov 13 1999 Damien Miller <djm at mindrot.org>
+- Added 'Obsoletes' directives
+* Tue Nov 09 1999 Damien Miller <djm at ibs.com.au>
+- Use make install
+- Subpackages
+* Mon Nov 08 1999 Damien Miller <djm at ibs.com.au>
+- Added links for slogin
+- Fixed perms on manpages
+* Sat Oct 30 1999 Damien Miller <djm at ibs.com.au>
+- Renamed init script
+* Fri Oct 29 1999 Damien Miller <djm at ibs.com.au>
+- Back to old binary names
+* Thu Oct 28 1999 Damien Miller <djm at ibs.com.au>
+- Use autoconf
+- New binary names
+* Wed Oct 27 1999 Damien Miller <djm at ibs.com.au>
+- Initial RPMification, based on Jan "Yenya" Kasprzak's <kas at fi.muni.cz> spec.
+
+%prep
+
+%if %{build_x11_askpass}
+%setup -q -a 1
+%else
+%setup -q
+%endif
+
+%build
+CFLAGS="$RPM_OPT_FLAGS" \
+%configure --prefix=/usr \
+ --sysconfdir=%{_sysconfdir}/ssh \
+ --mandir=%{_mandir} \
+ --with-privsep-path=/var/lib/empty \
+ --with-pam \
+ --with-tcp-wrappers \
+ --libexecdir=%{_libdir}/ssh
+make
+
+%if %{build_x11_askpass}
+cd x11-ssh-askpass-%{xversion}
+%configure --mandir=/usr/X11R6/man \
+ --libexecdir=%{_libdir}/ssh
+xmkmf -a
+make
+cd ..
+%endif
+
+%install
+rm -rf $RPM_BUILD_ROOT
+make install DESTDIR=$RPM_BUILD_ROOT/
+install -d $RPM_BUILD_ROOT/etc/pam.d/
+install -d $RPM_BUILD_ROOT/etc/init.d/
+install -d $RPM_BUILD_ROOT/var/adm/fillup-templates
+install -m644 contrib/sshd.pam.generic $RPM_BUILD_ROOT/etc/pam.d/sshd
+install -m744 contrib/suse/rc.sshd $RPM_BUILD_ROOT/etc/init.d/sshd
+install -m744 contrib/suse/sysconfig.ssh \
+ $RPM_BUILD_ROOT/var/adm/fillup-templates
+
+%if %{build_x11_askpass}
+cd x11-ssh-askpass-%{xversion}
+make install install.man BINDIR=%{_libdir}/ssh DESTDIR=$RPM_BUILD_ROOT/
+rm -f $RPM_BUILD_ROOT/usr/share/Ssh.bin
+%endif
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%pre
+/usr/sbin/groupadd -g %{sshd_gid} -o -r sshd 2> /dev/null || :
+/usr/sbin/useradd -r -o -g sshd -u %{sshd_uid} -s /bin/false -c "SSH Privilege Separation User" -d /var/lib/sshd sshd 2> /dev/null || :
+
+%post
+/usr/bin/ssh-keygen -A
+%{fillup_and_insserv -n -y ssh sshd}
+%run_permissions
+
+%verifyscript
+%verify_permissions -e /etc/ssh/sshd_config -e /etc/ssh/ssh_config -e /usr/bin/ssh
+
+%preun
+%stop_on_removal sshd
+
+%postun
+%restart_on_update sshd
+%{insserv_cleanup}
+
+%files
+%defattr(-,root,root)
+%doc ChangeLog OVERVIEW README* PROTOCOL*
+%doc TODO CREDITS LICENCE
+%attr(0755,root,root) %dir %{_sysconfdir}/ssh
+%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
+%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
+%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli
+%attr(0644,root,root) %config(noreplace) /etc/pam.d/sshd
+%attr(0755,root,root) %config /etc/init.d/sshd
+%attr(0755,root,root) %{_bindir}/ssh-keygen
+%attr(0755,root,root) %{_bindir}/scp
+%attr(0755,root,root) %{_bindir}/ssh
+%attr(-,root,root) %{_bindir}/slogin
+%attr(0755,root,root) %{_bindir}/ssh-agent
+%attr(0755,root,root) %{_bindir}/ssh-add
+%attr(0755,root,root) %{_bindir}/ssh-keyscan
+%attr(0755,root,root) %{_bindir}/sftp
+%attr(0755,root,root) %{_sbindir}/sshd
+%attr(0755,root,root) %dir %{_libdir}/ssh
+%attr(0755,root,root) %{_libdir}/ssh/sftp-server
+%attr(4711,root,root) %{_libdir}/ssh/ssh-keysign
+%attr(0755,root,root) %{_libdir}/ssh/ssh-pkcs11-helper
+%attr(0644,root,root) %doc %{_mandir}/man1/scp.1*
+%attr(0644,root,root) %doc %{_mandir}/man1/sftp.1*
+%attr(-,root,root) %doc %{_mandir}/man1/slogin.1*
+%attr(0644,root,root) %doc %{_mandir}/man1/ssh.1*
+%attr(0644,root,root) %doc %{_mandir}/man1/ssh-add.1*
+%attr(0644,root,root) %doc %{_mandir}/man1/ssh-agent.1*
+%attr(0644,root,root) %doc %{_mandir}/man1/ssh-keygen.1*
+%attr(0644,root,root) %doc %{_mandir}/man1/ssh-keyscan.1*
+%attr(0644,root,root) %doc %{_mandir}/man5/moduli.5*
+%attr(0644,root,root) %doc %{_mandir}/man5/ssh_config.5*
+%attr(0644,root,root) %doc %{_mandir}/man5/sshd_config.5*
+%attr(0644,root,root) %doc %{_mandir}/man8/sftp-server.8*
+%attr(0644,root,root) %doc %{_mandir}/man8/ssh-keysign.8*
+%attr(0644,root,root) %doc %{_mandir}/man8/ssh-pkcs11-helper.8*
+%attr(0644,root,root) %doc %{_mandir}/man8/sshd.8*
+%attr(0644,root,root) /var/adm/fillup-templates/sysconfig.ssh
+
+%if %{build_x11_askpass}
+%files askpass
+%defattr(-,root,root)
+%doc x11-ssh-askpass-%{xversion}/README
+%doc x11-ssh-askpass-%{xversion}/ChangeLog
+%doc x11-ssh-askpass-%{xversion}/SshAskpass*.ad
+%attr(0755,root,root) %{_libdir}/ssh/ssh-askpass
+%attr(0755,root,root) %{_libdir}/ssh/x11-ssh-askpass
+%attr(0644,root,root) %doc /usr/X11R6/man/man1/ssh-askpass.1x*
+%attr(0644,root,root) %doc /usr/X11R6/man/man1/x11-ssh-askpass.1x*
+%attr(0644,root,root) %config /usr/X11R6/lib/X11/app-defaults/SshAskpass
+%endif
Added: vendor-crypto/openssh/dist/contrib/suse/rc.config.sshd
===================================================================
--- vendor-crypto/openssh/dist/contrib/suse/rc.config.sshd (rev 0)
+++ vendor-crypto/openssh/dist/contrib/suse/rc.config.sshd 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,5 @@
+#
+# Start the Secure Shell (SSH) Daemon?
+#
+START_SSHD="yes"
+
Added: vendor-crypto/openssh/dist/contrib/suse/rc.sshd
===================================================================
--- vendor-crypto/openssh/dist/contrib/suse/rc.sshd (rev 0)
+++ vendor-crypto/openssh/dist/contrib/suse/rc.sshd 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,121 @@
+#! /bin/sh
+# Copyright (c) 1995-2000 SuSE GmbH Nuernberg, Germany.
+#
+# Author: Jiri Smid <feedback at suse.de>
+#
+# /etc/init.d/sshd
+#
+# and symbolic its link
+#
+# /usr/sbin/rcsshd
+#
+### BEGIN INIT INFO
+# Provides: sshd
+# Required-Start: $network $remote_fs
+# Required-Stop: $network $remote_fs
+# Default-Start: 3 5
+# Default-Stop: 0 1 2 6
+# Description: Start the sshd daemon
+### END INIT INFO
+
+SSHD_BIN=/usr/sbin/sshd
+test -x $SSHD_BIN || exit 5
+
+SSHD_SYSCONFIG=/etc/sysconfig/ssh
+test -r $SSHD_SYSCONFIG || exit 6
+. $SSHD_SYSCONFIG
+
+SSHD_PIDFILE=/var/run/sshd.init.pid
+
+. /etc/rc.status
+
+# Shell functions sourced from /etc/rc.status:
+# rc_check check and set local and overall rc status
+# rc_status check and set local and overall rc status
+# rc_status -v ditto but be verbose in local rc status
+# rc_status -v -r ditto and clear the local rc status
+# rc_failed set local and overall rc status to failed
+# rc_reset clear local rc status (overall remains)
+# rc_exit exit appropriate to overall rc status
+
+# First reset status of this service
+rc_reset
+
+case "$1" in
+ start)
+ # Generate any missing host keys
+ ssh-keygen -A
+ echo -n "Starting SSH daemon"
+ ## Start daemon with startproc(8). If this fails
+ ## the echo return value is set appropriate.
+
+ startproc -f -p $SSHD_PIDFILE $SSHD_BIN $SSHD_OPTS -o "PidFile=$SSHD_PIDFILE"
+
+ # Remember status and be verbose
+ rc_status -v
+ ;;
+ stop)
+ echo -n "Shutting down SSH daemon"
+ ## Stop daemon with killproc(8) and if this fails
+ ## set echo the echo return value.
+
+ killproc -p $SSHD_PIDFILE -TERM $SSHD_BIN
+
+ # Remember status and be verbose
+ rc_status -v
+ ;;
+ try-restart)
+ ## Stop the service and if this succeeds (i.e. the
+ ## service was running before), start it again.
+ $0 status >/dev/null && $0 restart
+
+ # Remember status and be quiet
+ rc_status
+ ;;
+ restart)
+ ## Stop the service and regardless of whether it was
+ ## running or not, start it again.
+ $0 stop
+ $0 start
+
+ # Remember status and be quiet
+ rc_status
+ ;;
+ force-reload|reload)
+ ## Signal the daemon to reload its config. Most daemons
+ ## do this on signal 1 (SIGHUP).
+
+ echo -n "Reload service sshd"
+
+ killproc -p $SSHD_PIDFILE -HUP $SSHD_BIN
+
+ rc_status -v
+
+ ;;
+ status)
+ echo -n "Checking for service sshd "
+ ## Check status with checkproc(8), if process is running
+ ## checkproc will return with exit status 0.
+
+ # Status has a slightly different for the status command:
+ # 0 - service running
+ # 1 - service dead, but /var/run/ pid file exists
+ # 2 - service dead, but /var/lock/ lock file exists
+ # 3 - service not running
+
+ checkproc -p $SSHD_PIDFILE $SSHD_BIN
+
+ rc_status -v
+ ;;
+ probe)
+ ## Optional: Probe for the necessity of a reload,
+ ## give out the argument which is required for a reload.
+
+ test /etc/ssh/sshd_config -nt $SSHD_PIDFILE && echo reload
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
+ exit 1
+ ;;
+esac
+rc_exit
Added: vendor-crypto/openssh/dist/contrib/suse/sysconfig.ssh
===================================================================
--- vendor-crypto/openssh/dist/contrib/suse/sysconfig.ssh (rev 0)
+++ vendor-crypto/openssh/dist/contrib/suse/sysconfig.ssh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,9 @@
+## Path: Network/Remote access/SSH
+## Description: SSH server settings
+## Type: string
+## Default: ""
+## ServiceRestart: sshd
+#
+# Options for sshd
+#
+SSHD_OPTS=""
Index: vendor-crypto/openssh/dist/crc32.c
===================================================================
--- vendor-crypto/openssh/dist/crc32.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/crc32.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/crc32.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Index: vendor-crypto/openssh/dist/crc32.h
===================================================================
--- vendor-crypto/openssh/dist/crc32.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/crc32.h 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/crc32.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Index: vendor-crypto/openssh/dist/deattack.c
===================================================================
--- vendor-crypto/openssh/dist/deattack.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/deattack.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/deattack.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Index: vendor-crypto/openssh/dist/deattack.h
===================================================================
--- vendor-crypto/openssh/dist/deattack.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/deattack.h 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/deattack.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/defines.h
===================================================================
--- vendor-crypto/openssh/dist/defines.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/defines.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -25,7 +25,7 @@
#ifndef _DEFINES_H
#define _DEFINES_H
-/* $Id: defines.h,v 1.1.1.7 2011-02-04 14:04:19 laffer1 Exp $ */
+/* $Id: defines.h,v 1.172 2013/06/01 21:18:48 dtucker Exp $ */
/* Constants */
@@ -45,6 +45,8 @@
/*
* Definitions for IP type of service (ip_tos)
*/
+#include <netinet/in_systm.h>
+#include <netinet/ip.h>
#ifndef IPTOS_LOWDELAY
# define IPTOS_LOWDELAY 0x10
# define IPTOS_THROUGHPUT 0x08
@@ -56,8 +58,6 @@
/*
* Definitions for DiffServ Codepoints as per RFC2474
*/
-#include <netinet/in_systm.h>
-#include <netinet/ip.h>
#ifndef IPTOS_DSCP_AF11
# define IPTOS_DSCP_AF11 0x28
# define IPTOS_DSCP_AF12 0x30
@@ -87,6 +87,12 @@
# define IPTOS_DSCP_EF 0xb8
#endif /* IPTOS_DSCP_EF */
+#ifndef PATH_MAX
+# ifdef _POSIX_PATH_MAX
+# define PATH_MAX _POSIX_PATH_MAX
+# endif
+#endif
+
#ifndef MAXPATHLEN
# ifdef PATH_MAX
# define MAXPATHLEN PATH_MAX
@@ -99,12 +105,6 @@
# endif /* PATH_MAX */
#endif /* MAXPATHLEN */
-#ifndef PATH_MAX
-# ifdef _POSIX_PATH_MAX
-# define PATH_MAX _POSIX_PATH_MAX
-# endif
-#endif
-
#if defined(HAVE_DECL_MAXSYMLINKS) && HAVE_DECL_MAXSYMLINKS == 0
# define MAXSYMLINKS 5
#endif
@@ -131,6 +131,10 @@
# define O_NONBLOCK 00004 /* Non Blocking Open */
#endif
+#ifndef S_IFSOCK
+# define S_IFSOCK 0
+#endif /* S_IFSOCK */
+
#ifndef S_ISDIR
# define S_ISDIR(mode) (((mode) & (_S_IFMT)) == (_S_IFDIR))
#endif /* S_ISDIR */
@@ -167,11 +171,6 @@
# define MAP_FAILED ((void *)-1)
#endif
-/* *-*-nto-qnx doesn't define this constant in the system headers */
-#ifdef MISSING_NFDBITS
-# define NFDBITS (8 * sizeof(unsigned long))
-#endif
-
/*
SCO Open Server 3 has INADDR_LOOPBACK defined in rpc/rpc.h but
including rpc/rpc.h breaks Solaris 6
@@ -190,11 +189,7 @@
#endif
#ifndef HAVE_INTXX_T
-# if (SIZEOF_CHAR == 1)
-typedef char int8_t;
-# else
-# error "8 bit int type not found."
-# endif
+typedef signed char int8_t;
# if (SIZEOF_SHORT_INT == 2)
typedef short int int16_t;
# else
@@ -227,11 +222,7 @@
typedef uint32_t u_int32_t;
# define HAVE_U_INTXX_T 1
# else
-# if (SIZEOF_CHAR == 1)
typedef unsigned char u_int8_t;
-# else
-# error "8 bit int type not found."
-# endif
# if (SIZEOF_SHORT_INT == 2)
typedef unsigned short int u_int16_t;
# else
@@ -283,6 +274,10 @@
# define HAVE_U_CHAR
#endif /* HAVE_U_CHAR */
+#ifndef ULLONG_MAX
+# define ULLONG_MAX ((unsigned long long)-1)
+#endif
+
#ifndef SIZE_T_MAX
#define SIZE_T_MAX ULONG_MAX
#endif /* SIZE_T_MAX */
@@ -355,11 +350,19 @@
};
#endif
-/* *-*-nto-qnx does not define this type in the system headers */
-#ifdef MISSING_FD_MASK
+/* bits needed for select that may not be in the system headers */
+#ifndef HAVE_FD_MASK
typedef unsigned long int fd_mask;
#endif
+#if defined(HAVE_DECL_NFDBITS) && HAVE_DECL_NFDBITS == 0
+# define NFDBITS (8 * sizeof(unsigned long))
+#endif
+
+#if defined(HAVE_DECL_HOWMANY) && HAVE_DECL_HOWMANY == 0
+# define howmany(x,y) (((x)+((y)-1))/(y))
+#endif
+
/* Paths */
#ifndef _PATH_BSHELL
@@ -385,18 +388,15 @@
# define _PATH_DEVNULL "/dev/null"
#endif
-#ifndef MAIL_DIRECTORY
-# define MAIL_DIRECTORY "/var/spool/mail"
-#endif
+/* user may have set a different path */
+#if defined(_PATH_MAILDIR) && defined(MAIL_DIRECTORY)
+# undef _PATH_MAILDIR MAILDIR
+#endif /* defined(_PATH_MAILDIR) && defined(MAIL_DIRECTORY) */
-#ifndef MAILDIR
-# define MAILDIR MAIL_DIRECTORY
+#ifdef MAIL_DIRECTORY
+# define _PATH_MAILDIR MAIL_DIRECTORY
#endif
-#if !defined(_PATH_MAILDIR) && defined(MAILDIR)
-# define _PATH_MAILDIR MAILDIR
-#endif /* !defined(_PATH_MAILDIR) && defined(MAILDIR) */
-
#ifndef _PATH_NOLOGIN
# define _PATH_NOLOGIN "/etc/nologin"
#endif
@@ -487,11 +487,6 @@
# define __nonnull__(x)
#endif
-/* *-*-nto-qnx doesn't define this macro in the system headers */
-#ifdef MISSING_HOWMANY
-# define howmany(x,y) (((x)+((y)-1))/(y))
-#endif
-
#ifndef OSSH_ALIGNBYTES
#define OSSH_ALIGNBYTES (sizeof(int) - 1)
#endif
Property changes on: vendor-crypto/openssh/dist/defines.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.7
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/dh.c
===================================================================
--- vendor-crypto/openssh/dist/dh.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/dh.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.c,v 1.48 2009/10/01 11:37:33 grunk Exp $ */
+/* $OpenBSD: dh.c,v 1.51 2013/07/02 12:31:43 markus Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
*
@@ -48,6 +48,7 @@
const char *errstr = NULL;
long long n;
+ dhg->p = dhg->g = NULL;
cp = line;
if ((arg = strdelim(&cp)) == NULL)
return 0;
@@ -59,66 +60,85 @@
/* time */
if (cp == NULL || *arg == '\0')
- goto fail;
+ goto truncated;
arg = strsep(&cp, " "); /* type */
if (cp == NULL || *arg == '\0')
- goto fail;
+ goto truncated;
/* Ensure this is a safe prime */
n = strtonum(arg, 0, 5, &errstr);
- if (errstr != NULL || n != MODULI_TYPE_SAFE)
+ if (errstr != NULL || n != MODULI_TYPE_SAFE) {
+ error("moduli:%d: type is not %d", linenum, MODULI_TYPE_SAFE);
goto fail;
+ }
arg = strsep(&cp, " "); /* tests */
if (cp == NULL || *arg == '\0')
- goto fail;
+ goto truncated;
/* Ensure prime has been tested and is not composite */
n = strtonum(arg, 0, 0x1f, &errstr);
if (errstr != NULL ||
- (n & MODULI_TESTS_COMPOSITE) || !(n & ~MODULI_TESTS_COMPOSITE))
+ (n & MODULI_TESTS_COMPOSITE) || !(n & ~MODULI_TESTS_COMPOSITE)) {
+ error("moduli:%d: invalid moduli tests flag", linenum);
goto fail;
+ }
arg = strsep(&cp, " "); /* tries */
if (cp == NULL || *arg == '\0')
- goto fail;
+ goto truncated;
n = strtonum(arg, 0, 1<<30, &errstr);
- if (errstr != NULL || n == 0)
+ if (errstr != NULL || n == 0) {
+ error("moduli:%d: invalid primality trial count", linenum);
goto fail;
+ }
strsize = strsep(&cp, " "); /* size */
if (cp == NULL || *strsize == '\0' ||
(dhg->size = (int)strtonum(strsize, 0, 64*1024, &errstr)) == 0 ||
- errstr)
+ errstr) {
+ error("moduli:%d: invalid prime length", linenum);
goto fail;
+ }
/* The whole group is one bit larger */
dhg->size++;
gen = strsep(&cp, " "); /* gen */
if (cp == NULL || *gen == '\0')
- goto fail;
+ goto truncated;
prime = strsep(&cp, " "); /* prime */
- if (cp != NULL || *prime == '\0')
+ if (cp != NULL || *prime == '\0') {
+ truncated:
+ error("moduli:%d: truncated", linenum);
goto fail;
+ }
if ((dhg->g = BN_new()) == NULL)
fatal("parse_prime: BN_new failed");
if ((dhg->p = BN_new()) == NULL)
fatal("parse_prime: BN_new failed");
- if (BN_hex2bn(&dhg->g, gen) == 0)
- goto failclean;
+ if (BN_hex2bn(&dhg->g, gen) == 0) {
+ error("moduli:%d: could not parse generator value", linenum);
+ goto fail;
+ }
+ if (BN_hex2bn(&dhg->p, prime) == 0) {
+ error("moduli:%d: could not parse prime value", linenum);
+ goto fail;
+ }
+ if (BN_num_bits(dhg->p) != dhg->size) {
+ error("moduli:%d: prime has wrong size: actual %d listed %d",
+ linenum, BN_num_bits(dhg->p), dhg->size - 1);
+ goto fail;
+ }
+ if (BN_cmp(dhg->g, BN_value_one()) <= 0) {
+ error("moduli:%d: generator is invalid", linenum);
+ goto fail;
+ }
- if (BN_hex2bn(&dhg->p, prime) == 0)
- goto failclean;
+ return 1;
- if (BN_num_bits(dhg->p) != dhg->size)
- goto failclean;
-
- if (BN_is_zero(dhg->g) || BN_is_one(dhg->g))
- goto failclean;
-
- return (1);
-
- failclean:
- BN_clear_free(dhg->g);
- BN_clear_free(dhg->p);
fail:
+ if (dhg->g != NULL)
+ BN_clear_free(dhg->g);
+ if (dhg->p != NULL)
+ BN_clear_free(dhg->p);
+ dhg->g = dhg->p = NULL;
error("Bad prime description in line %d", linenum);
- return (0);
+ return 0;
}
DH *
@@ -236,6 +256,8 @@
{
int i, bits_set, tries = 0;
+ if (need < 0)
+ fatal("dh_gen_key: need < 0");
if (dh->p == NULL)
fatal("dh_gen_key: dh->p == NULL");
if (need > INT_MAX / 2 || 2 * need >= BN_num_bits(dh->p))
Property changes on: vendor-crypto/openssh/dist/dh.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.7
\ No newline at end of property
Index: vendor-crypto/openssh/dist/dh.h
===================================================================
--- vendor-crypto/openssh/dist/dh.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/dh.h 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/dh.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Index: vendor-crypto/openssh/dist/dispatch.c
===================================================================
--- vendor-crypto/openssh/dist/dispatch.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/dispatch.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/dispatch.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Index: vendor-crypto/openssh/dist/dispatch.h
===================================================================
--- vendor-crypto/openssh/dist/dispatch.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/dispatch.h 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/dispatch.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/dns.c
===================================================================
--- vendor-crypto/openssh/dist/dns.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/dns.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: dns.c,v 1.27 2010/08/31 11:54:45 djm Exp $ */
+/* $OpenBSD: dns.c,v 1.29 2013/05/17 00:13:13 djm Exp $ */
/*
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
@@ -78,27 +78,46 @@
u_char **digest, u_int *digest_len, Key *key)
{
int success = 0;
+ enum fp_type fp_type = 0;
switch (key->type) {
case KEY_RSA:
*algorithm = SSHFP_KEY_RSA;
+ if (!*digest_type)
+ *digest_type = SSHFP_HASH_SHA1;
break;
case KEY_DSA:
*algorithm = SSHFP_KEY_DSA;
+ if (!*digest_type)
+ *digest_type = SSHFP_HASH_SHA1;
break;
- /* XXX KEY_ECDSA */
+ case KEY_ECDSA:
+ *algorithm = SSHFP_KEY_ECDSA;
+ if (!*digest_type)
+ *digest_type = SSHFP_HASH_SHA256;
+ break;
default:
*algorithm = SSHFP_KEY_RESERVED; /* 0 */
+ *digest_type = SSHFP_HASH_RESERVED; /* 0 */
}
- if (*algorithm) {
- *digest_type = SSHFP_HASH_SHA1;
- *digest = key_fingerprint_raw(key, SSH_FP_SHA1, digest_len);
+ switch (*digest_type) {
+ case SSHFP_HASH_SHA1:
+ fp_type = SSH_FP_SHA1;
+ break;
+ case SSHFP_HASH_SHA256:
+ fp_type = SSH_FP_SHA256;
+ break;
+ default:
+ *digest_type = SSHFP_HASH_RESERVED; /* 0 */
+ }
+
+ if (*algorithm && *digest_type) {
+ *digest = key_fingerprint_raw(key, fp_type, digest_len);
if (*digest == NULL)
fatal("dns_read_key: null from key_fingerprint_raw()");
success = 1;
} else {
- *digest_type = SSHFP_HASH_RESERVED;
*digest = NULL;
*digest_len = 0;
success = 0;
@@ -180,7 +199,7 @@
struct rrsetinfo *fingerprints = NULL;
u_int8_t hostkey_algorithm;
- u_int8_t hostkey_digest_type;
+ u_int8_t hostkey_digest_type = SSHFP_HASH_RESERVED;
u_char *hostkey_digest;
u_int hostkey_digest_len;
@@ -216,7 +235,7 @@
fingerprints->rri_nrdatas);
}
- /* Initialize host key parameters */
+ /* Initialize default host key parameters */
if (!dns_read_key(&hostkey_algorithm, &hostkey_digest_type,
&hostkey_digest, &hostkey_digest_len, hostkey)) {
error("Error calculating host key fingerprint.");
@@ -240,21 +259,32 @@
continue;
}
+ if (hostkey_digest_type != dnskey_digest_type) {
+ hostkey_digest_type = dnskey_digest_type;
+ free(hostkey_digest);
+
+ /* Initialize host key parameters */
+ if (!dns_read_key(&hostkey_algorithm,
+ &hostkey_digest_type, &hostkey_digest,
+ &hostkey_digest_len, hostkey)) {
+ error("Error calculating key fingerprint.");
+ freerrset(fingerprints);
+ return -1;
+ }
+ }
+
/* Check if the current key is the same as the given key */
if (hostkey_algorithm == dnskey_algorithm &&
hostkey_digest_type == dnskey_digest_type) {
-
if (hostkey_digest_len == dnskey_digest_len &&
- memcmp(hostkey_digest, dnskey_digest,
- hostkey_digest_len) == 0) {
-
+ timingsafe_bcmp(hostkey_digest, dnskey_digest,
+ hostkey_digest_len) == 0)
*flags |= DNS_VERIFY_MATCH;
- }
}
- xfree(dnskey_digest);
+ free(dnskey_digest);
}
- xfree(hostkey_digest); /* from key_fingerprint_raw() */
+ free(hostkey_digest); /* from key_fingerprint_raw() */
freerrset(fingerprints);
if (*flags & DNS_VERIFY_FOUND)
@@ -275,31 +305,36 @@
export_dns_rr(const char *hostname, Key *key, FILE *f, int generic)
{
u_int8_t rdata_pubkey_algorithm = 0;
- u_int8_t rdata_digest_type = SSHFP_HASH_SHA1;
+ u_int8_t rdata_digest_type = SSHFP_HASH_RESERVED;
+ u_int8_t dtype;
u_char *rdata_digest;
- u_int rdata_digest_len;
-
- u_int i;
+ u_int i, rdata_digest_len;
int success = 0;
- if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type,
- &rdata_digest, &rdata_digest_len, key)) {
+ for (dtype = SSHFP_HASH_SHA1; dtype < SSHFP_HASH_MAX; dtype++) {
+ rdata_digest_type = dtype;
+ if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type,
+ &rdata_digest, &rdata_digest_len, key)) {
+ if (generic) {
+ fprintf(f, "%s IN TYPE%d \\# %d %02x %02x ",
+ hostname, DNS_RDATATYPE_SSHFP,
+ 2 + rdata_digest_len,
+ rdata_pubkey_algorithm, rdata_digest_type);
+ } else {
+ fprintf(f, "%s IN SSHFP %d %d ", hostname,
+ rdata_pubkey_algorithm, rdata_digest_type);
+ }
+ for (i = 0; i < rdata_digest_len; i++)
+ fprintf(f, "%02x", rdata_digest[i]);
+ fprintf(f, "\n");
+ free(rdata_digest); /* from key_fingerprint_raw() */
+ success = 1;
+ }
+ }
- if (generic)
- fprintf(f, "%s IN TYPE%d \\# %d %02x %02x ", hostname,
- DNS_RDATATYPE_SSHFP, 2 + rdata_digest_len,
- rdata_pubkey_algorithm, rdata_digest_type);
- else
- fprintf(f, "%s IN SSHFP %d %d ", hostname,
- rdata_pubkey_algorithm, rdata_digest_type);
-
- for (i = 0; i < rdata_digest_len; i++)
- fprintf(f, "%02x", rdata_digest[i]);
- fprintf(f, "\n");
- xfree(rdata_digest); /* from key_fingerprint_raw() */
- success = 1;
- } else {
- error("export_dns_rr: unsupported algorithm");
+ /* No SSHFP record was generated at all */
+ if (success == 0) {
+ error("%s: unsupported algorithm and/or digest_type", __func__);
}
return success;
Property changes on: vendor-crypto/openssh/dist/dns.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.6
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/dns.h
===================================================================
--- vendor-crypto/openssh/dist/dns.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/dns.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: dns.h,v 1.11 2010/02/26 20:29:54 djm Exp $ */
+/* $OpenBSD: dns.h,v 1.12 2012/05/23 03:28:28 djm Exp $ */
/*
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
@@ -29,14 +29,17 @@
#define DNS_H
enum sshfp_types {
- SSHFP_KEY_RESERVED,
- SSHFP_KEY_RSA,
- SSHFP_KEY_DSA
+ SSHFP_KEY_RESERVED = 0,
+ SSHFP_KEY_RSA = 1,
+ SSHFP_KEY_DSA = 2,
+ SSHFP_KEY_ECDSA = 3
};
enum sshfp_hashes {
- SSHFP_HASH_RESERVED,
- SSHFP_HASH_SHA1
+ SSHFP_HASH_RESERVED = 0,
+ SSHFP_HASH_SHA1 = 1,
+ SSHFP_HASH_SHA256 = 2,
+ SSHFP_HASH_MAX = 3
};
#define DNS_RDATACLASS_IN 1
Property changes on: vendor-crypto/openssh/dist/dns.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/entropy.c
===================================================================
--- vendor-crypto/openssh/dist/entropy.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/entropy.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -25,19 +25,19 @@
#include "includes.h"
#include <sys/types.h>
-#include <sys/wait.h>
-
-#ifdef HAVE_SYS_STAT_H
-# include <sys/stat.h>
+#include <sys/socket.h>
+#ifdef HAVE_SYS_UN_H
+# include <sys/un.h>
#endif
-#ifdef HAVE_FCNTL_H
-# include <fcntl.h>
-#endif
-#include <stdarg.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#include <errno.h>
+#include <signal.h>
#include <string.h>
-#include <signal.h>
#include <unistd.h>
+#include <stddef.h> /* for offsetof */
#include <openssl/rand.h>
#include <openssl/crypto.h>
@@ -54,119 +54,128 @@
/*
* Portable OpenSSH PRNG seeding:
* If OpenSSL has not "internally seeded" itself (e.g. pulled data from
- * /dev/random), then we execute a "ssh-rand-helper" program which
- * collects entropy and writes it to stdout. The child program must
- * write at least RANDOM_SEED_SIZE bytes. The child is run with stderr
- * attached, so error/debugging output should be visible.
- *
- * XXX: we should tell the child how many bytes we need.
+ * /dev/random), then collect RANDOM_SEED_SIZE bytes of randomness from
+ * PRNGd.
*/
+#ifndef OPENSSL_PRNG_ONLY
-#ifndef OPENSSL_PRNG_ONLY
#define RANDOM_SEED_SIZE 48
-static uid_t original_uid, original_euid;
-#endif
-void
-seed_rng(void)
+/*
+ * Collect 'len' bytes of entropy into 'buf' from PRNGD/EGD daemon
+ * listening either on 'tcp_port', or via Unix domain socket at *
+ * 'socket_path'.
+ * Either a non-zero tcp_port or a non-null socket_path must be
+ * supplied.
+ * Returns 0 on success, -1 on error
+ */
+int
+get_random_bytes_prngd(unsigned char *buf, int len,
+ unsigned short tcp_port, char *socket_path)
{
-#ifndef OPENSSL_PRNG_ONLY
- int devnull;
- int p[2];
- pid_t pid;
- int ret;
- unsigned char buf[RANDOM_SEED_SIZE];
- mysig_t old_sigchld;
+ int fd, addr_len, rval, errors;
+ u_char msg[2];
+ struct sockaddr_storage addr;
+ struct sockaddr_in *addr_in = (struct sockaddr_in *)&addr;
+ struct sockaddr_un *addr_un = (struct sockaddr_un *)&addr;
+ mysig_t old_sigpipe;
- if (RAND_status() == 1) {
- debug3("RNG is ready, skipping seeding");
- return;
+ /* Sanity checks */
+ if (socket_path == NULL && tcp_port == 0)
+ fatal("You must specify a port or a socket");
+ if (socket_path != NULL &&
+ strlen(socket_path) >= sizeof(addr_un->sun_path))
+ fatal("Random pool path is too long");
+ if (len <= 0 || len > 255)
+ fatal("Too many bytes (%d) to read from PRNGD", len);
+
+ memset(&addr, '\0', sizeof(addr));
+
+ if (tcp_port != 0) {
+ addr_in->sin_family = AF_INET;
+ addr_in->sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+ addr_in->sin_port = htons(tcp_port);
+ addr_len = sizeof(*addr_in);
+ } else {
+ addr_un->sun_family = AF_UNIX;
+ strlcpy(addr_un->sun_path, socket_path,
+ sizeof(addr_un->sun_path));
+ addr_len = offsetof(struct sockaddr_un, sun_path) +
+ strlen(socket_path) + 1;
}
- debug3("Seeding PRNG from %s", SSH_RAND_HELPER);
+ old_sigpipe = mysignal(SIGPIPE, SIG_IGN);
- if ((devnull = open("/dev/null", O_RDWR)) == -1)
- fatal("Couldn't open /dev/null: %s", strerror(errno));
- if (pipe(p) == -1)
- fatal("pipe: %s", strerror(errno));
+ errors = 0;
+ rval = -1;
+reopen:
+ fd = socket(addr.ss_family, SOCK_STREAM, 0);
+ if (fd == -1) {
+ error("Couldn't create socket: %s", strerror(errno));
+ goto done;
+ }
- old_sigchld = signal(SIGCHLD, SIG_DFL);
- if ((pid = fork()) == -1)
- fatal("Couldn't fork: %s", strerror(errno));
- if (pid == 0) {
- dup2(devnull, STDIN_FILENO);
- dup2(p[1], STDOUT_FILENO);
- /* Keep stderr open for errors */
- close(p[0]);
- close(p[1]);
- close(devnull);
- closefrom(STDERR_FILENO + 1);
-
- if (original_uid != original_euid &&
- ( seteuid(getuid()) == -1 ||
- setuid(original_uid) == -1) ) {
- fprintf(stderr, "(rand child) setuid(%li): %s\n",
- (long int)original_uid, strerror(errno));
- _exit(1);
+ if (connect(fd, (struct sockaddr*)&addr, addr_len) == -1) {
+ if (tcp_port != 0) {
+ error("Couldn't connect to PRNGD port %d: %s",
+ tcp_port, strerror(errno));
+ } else {
+ error("Couldn't connect to PRNGD socket \"%s\": %s",
+ addr_un->sun_path, strerror(errno));
}
-
- execl(SSH_RAND_HELPER, "ssh-rand-helper", NULL);
- fprintf(stderr, "(rand child) Couldn't exec '%s': %s\n",
- SSH_RAND_HELPER, strerror(errno));
- _exit(1);
+ goto done;
}
- close(devnull);
- close(p[1]);
+ /* Send blocking read request to PRNGD */
+ msg[0] = 0x02;
+ msg[1] = len;
- memset(buf, '\0', sizeof(buf));
- ret = atomicio(read, p[0], buf, sizeof(buf));
- if (ret == -1)
- fatal("Couldn't read from ssh-rand-helper: %s",
+ if (atomicio(vwrite, fd, msg, sizeof(msg)) != sizeof(msg)) {
+ if (errno == EPIPE && errors < 10) {
+ close(fd);
+ errors++;
+ goto reopen;
+ }
+ error("Couldn't write to PRNGD socket: %s",
strerror(errno));
- if (ret != sizeof(buf))
- fatal("ssh-rand-helper child produced insufficient data");
+ goto done;
+ }
- close(p[0]);
-
- if (waitpid(pid, &ret, 0) == -1)
- fatal("Couldn't wait for ssh-rand-helper completion: %s",
+ if (atomicio(read, fd, buf, len) != (size_t)len) {
+ if (errno == EPIPE && errors < 10) {
+ close(fd);
+ errors++;
+ goto reopen;
+ }
+ error("Couldn't read from PRNGD socket: %s",
strerror(errno));
- signal(SIGCHLD, old_sigchld);
+ goto done;
+ }
- /* We don't mind if the child exits upon a SIGPIPE */
- if (!WIFEXITED(ret) &&
- (!WIFSIGNALED(ret) || WTERMSIG(ret) != SIGPIPE))
- fatal("ssh-rand-helper terminated abnormally");
- if (WEXITSTATUS(ret) != 0)
- fatal("ssh-rand-helper exit with exit status %d", ret);
-
- RAND_add(buf, sizeof(buf), sizeof(buf));
- memset(buf, '\0', sizeof(buf));
-
-#endif /* OPENSSL_PRNG_ONLY */
- if (RAND_status() != 1)
- fatal("PRNG is not seeded");
+ rval = 0;
+done:
+ mysignal(SIGPIPE, old_sigpipe);
+ if (fd != -1)
+ close(fd);
+ return rval;
}
-void
-init_rng(void)
+static int
+seed_from_prngd(unsigned char *buf, size_t bytes)
{
- /*
- * OpenSSL version numbers: MNNFFPPS: major minor fix patch status
- * We match major, minor, fix and status (not patch)
- */
- if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L)
- fatal("OpenSSL version mismatch. Built against %lx, you "
- "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay());
-
-#ifndef OPENSSL_PRNG_ONLY
- original_uid = getuid();
- original_euid = geteuid();
+#ifdef PRNGD_PORT
+ debug("trying egd/prngd port %d", PRNGD_PORT);
+ if (get_random_bytes_prngd(buf, bytes, PRNGD_PORT, NULL) == 0)
+ return 0;
#endif
+#ifdef PRNGD_SOCKET
+ debug("trying egd/prngd socket %s", PRNGD_SOCKET);
+ if (get_random_bytes_prngd(buf, bytes, 0, PRNGD_SOCKET) == 0)
+ return 0;
+#endif
+ return -1;
}
-#ifndef OPENSSL_PRNG_ONLY
void
rexec_send_rng_seed(Buffer *m)
{
@@ -192,4 +201,39 @@
RAND_add(buf, len, len);
}
}
+#endif /* OPENSSL_PRNG_ONLY */
+
+void
+seed_rng(void)
+{
+#ifndef OPENSSL_PRNG_ONLY
+ unsigned char buf[RANDOM_SEED_SIZE];
#endif
+ /*
+ * OpenSSL version numbers: MNNFFPPS: major minor fix patch status
+ * We match major, minor, fix and status (not patch) for <1.0.0.
+ * After that, we acceptable compatible fix versions (so we
+ * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed
+ * within a patch series.
+ */
+ u_long version_mask = SSLeay() >= 0x1000000f ? ~0xffff0L : ~0xff0L;
+ if (((SSLeay() ^ OPENSSL_VERSION_NUMBER) & version_mask) ||
+ (SSLeay() >> 12) < (OPENSSL_VERSION_NUMBER >> 12))
+ fatal("OpenSSL version mismatch. Built against %lx, you "
+ "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay());
+
+#ifndef OPENSSL_PRNG_ONLY
+ if (RAND_status() == 1) {
+ debug3("RNG is ready, skipping seeding");
+ return;
+ }
+
+ if (seed_from_prngd(buf, sizeof(buf)) == -1)
+ fatal("Could not obtain seed from PRNGd");
+ RAND_add(buf, sizeof(buf), sizeof(buf));
+ memset(buf, '\0', sizeof(buf));
+
+#endif /* OPENSSL_PRNG_ONLY */
+ if (RAND_status() != 1)
+ fatal("PRNG is not seeded");
+}
Property changes on: vendor-crypto/openssh/dist/entropy.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.7
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/entropy.h
===================================================================
--- vendor-crypto/openssh/dist/entropy.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/entropy.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -22,7 +22,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-/* $Id: entropy.h,v 1.1.1.3 2006-10-03 02:03:02 raven Exp $ */
+/* $Id: entropy.h,v 1.6 2011/09/09 01:29:41 dtucker Exp $ */
#ifndef _RANDOMS_H
#define _RANDOMS_H
@@ -30,7 +30,6 @@
#include "buffer.h"
void seed_rng(void);
-void init_rng(void);
void rexec_send_rng_seed(Buffer *);
void rexec_recv_rng_seed(Buffer *);
Property changes on: vendor-crypto/openssh/dist/entropy.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Index: vendor-crypto/openssh/dist/fatal.c
===================================================================
--- vendor-crypto/openssh/dist/fatal.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/fatal.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/fatal.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Added: vendor-crypto/openssh/dist/fixalgorithms
===================================================================
--- vendor-crypto/openssh/dist/fixalgorithms (rev 0)
+++ vendor-crypto/openssh/dist/fixalgorithms 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,26 @@
+#!/bin/sh
+#
+# fixciphers - remove unsupported ciphers from man pages.
+# Usage: fixpaths /path/to/sed cipher1 [cipher2] <infile >outfile
+#
+# Author: Darren Tucker (dtucker at zip com.au). Placed in the public domain.
+
+die() {
+ echo $*
+ exit -1
+}
+
+SED=$1
+shift
+
+for c in $*; do
+ subs="$subs -e /.Dq.$c.*$/d"
+ subs="$subs -e s/$c,//g"
+done
+
+# now remove any entirely empty lines
+subs="$subs -e /^$/d"
+
+${SED} $subs
+
+exit 0
Index: vendor-crypto/openssh/dist/fixpaths
===================================================================
--- vendor-crypto/openssh/dist/fixpaths 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/fixpaths 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/fixpaths
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Index: vendor-crypto/openssh/dist/fixprogs
===================================================================
--- vendor-crypto/openssh/dist/fixprogs 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/fixprogs 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/fixprogs
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/groupaccess.c
===================================================================
--- vendor-crypto/openssh/dist/groupaccess.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/groupaccess.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: groupaccess.c,v 1.13 2008/07/04 03:44:59 djm Exp $ */
+/* $OpenBSD: groupaccess.c,v 1.14 2013/05/17 00:13:13 djm Exp $ */
/*
* Copyright (c) 2001 Kevin Steves. All rights reserved.
*
@@ -31,6 +31,7 @@
#include <grp.h>
#include <unistd.h>
#include <stdarg.h>
+#include <stdlib.h>
#include <string.h>
#include "xmalloc.h"
@@ -68,7 +69,7 @@
for (i = 0, j = 0; i < ngroups; i++)
if ((gr = getgrgid(groups_bygid[i])) != NULL)
groups_byname[j++] = xstrdup(gr->gr_name);
- xfree(groups_bygid);
+ free(groups_bygid);
return (ngroups = j);
}
@@ -122,8 +123,8 @@
if (ngroups > 0) {
for (i = 0; i < ngroups; i++)
- xfree(groups_byname[i]);
+ free(groups_byname[i]);
ngroups = 0;
- xfree(groups_byname);
+ free(groups_byname);
}
}
Property changes on: vendor-crypto/openssh/dist/groupaccess.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Index: vendor-crypto/openssh/dist/groupaccess.h
===================================================================
--- vendor-crypto/openssh/dist/groupaccess.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/groupaccess.h 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/groupaccess.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/gss-genr.c
===================================================================
--- vendor-crypto/openssh/dist/gss-genr.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/gss-genr.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: gss-genr.c,v 1.20 2009/06/22 05:39:28 dtucker Exp $ */
+/* $OpenBSD: gss-genr.c,v 1.22 2013/11/08 00:39:15 djm Exp $ */
/*
* Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved.
@@ -59,10 +59,10 @@
ssh_gssapi_set_oid_data(Gssctxt *ctx, void *data, size_t len)
{
if (ctx->oid != GSS_C_NO_OID) {
- xfree(ctx->oid->elements);
- xfree(ctx->oid);
+ free(ctx->oid->elements);
+ free(ctx->oid);
}
- ctx->oid = xmalloc(sizeof(gss_OID_desc));
+ ctx->oid = xcalloc(1, sizeof(gss_OID_desc));
ctx->oid->length = len;
ctx->oid->elements = xmalloc(len);
memcpy(ctx->oid->elements, data, len);
@@ -83,7 +83,7 @@
s = ssh_gssapi_last_error(ctxt, NULL, NULL);
debug("%s", s);
- xfree(s);
+ free(s);
}
char *
@@ -164,8 +164,8 @@
if ((*ctx)->name != GSS_C_NO_NAME)
gss_release_name(&ms, &(*ctx)->name);
if ((*ctx)->oid != GSS_C_NO_OID) {
- xfree((*ctx)->oid->elements);
- xfree((*ctx)->oid);
+ free((*ctx)->oid->elements);
+ free((*ctx)->oid);
(*ctx)->oid = GSS_C_NO_OID;
}
if ((*ctx)->creds != GSS_C_NO_CREDENTIAL)
@@ -175,7 +175,7 @@
if ((*ctx)->client_creds != GSS_C_NO_CREDENTIAL)
gss_release_cred(&ms, &(*ctx)->client_creds);
- xfree(*ctx);
+ free(*ctx);
*ctx = NULL;
}
@@ -222,7 +222,7 @@
&gssbuf, GSS_C_NT_HOSTBASED_SERVICE, &ctx->name)))
ssh_gssapi_error(ctx);
- xfree(gssbuf.value);
+ free(gssbuf.value);
return (ctx->major);
}
Property changes on: vendor-crypto/openssh/dist/gss-genr.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.6
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/gss-serv-krb5.c
===================================================================
--- vendor-crypto/openssh/dist/gss-serv-krb5.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/gss-serv-krb5.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: gss-serv-krb5.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: gss-serv-krb5.c,v 1.8 2013/07/20 01:55:13 djm Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -48,13 +48,12 @@
#ifdef HEIMDAL
# include <krb5.h>
-#else
-# ifdef HAVE_GSSAPI_KRB5_H
-# include <gssapi_krb5.h>
-# elif HAVE_GSSAPI_GSSAPI_KRB5_H
-# include <gssapi/gssapi_krb5.h>
-# endif
#endif
+#ifdef HAVE_GSSAPI_KRB5_H
+# include <gssapi_krb5.h>
+#elif HAVE_GSSAPI_GSSAPI_KRB5_H
+# include <gssapi/gssapi_krb5.h>
+#endif
static krb5_context krb_context = NULL;
@@ -87,6 +86,7 @@
{
krb5_principal princ;
int retval;
+ const char *errmsg;
if (ssh_gssapi_krb5_init() == 0)
return 0;
@@ -93,8 +93,9 @@
if ((retval = krb5_parse_name(krb_context, client->exportedname.value,
&princ))) {
- logit("krb5_parse_name(): %.100s",
- krb5_get_err_text(krb_context, retval));
+ errmsg = krb5_get_error_message(krb_context, retval);
+ logit("krb5_parse_name(): %.100s", errmsg);
+ krb5_free_error_message(krb_context, errmsg);
return 0;
}
if (krb5_kuserok(krb_context, princ, name)) {
@@ -120,6 +121,7 @@
krb5_principal princ;
OM_uint32 maj_status, min_status;
int len;
+ const char *errmsg;
if (client->creds == NULL) {
debug("No credentials stored");
@@ -130,15 +132,18 @@
return;
#ifdef HEIMDAL
- if ((problem = krb5_cc_gen_new(krb_context, &krb5_fcc_ops, &ccache))) {
- logit("krb5_cc_gen_new(): %.100s",
- krb5_get_err_text(krb_context, problem));
+ if ((problem = krb5_cc_new_unique(krb_context, krb5_fcc_ops.prefix,
+ NULL, &ccache)) != 0) {
+ errmsg = krb5_get_error_message(krb_context, problem);
+ logit("krb5_cc_new_unique(): %.100s", errmsg);
+ krb5_free_error_message(krb_context, errmsg);
return;
}
#else
if ((problem = ssh_krb5_cc_gen(krb_context, &ccache))) {
- logit("ssh_krb5_cc_gen(): %.100s",
- krb5_get_err_text(krb_context, problem));
+ errmsg = krb5_get_error_message(krb_context, problem);
+ logit("ssh_krb5_cc_gen(): %.100s", errmsg);
+ krb5_free_error_message(krb_context, errmsg);
return;
}
#endif /* #ifdef HEIMDAL */
@@ -145,15 +150,16 @@
if ((problem = krb5_parse_name(krb_context,
client->exportedname.value, &princ))) {
- logit("krb5_parse_name(): %.100s",
- krb5_get_err_text(krb_context, problem));
- krb5_cc_destroy(krb_context, ccache);
+ errmsg = krb5_get_error_message(krb_context, problem);
+ logit("krb5_parse_name(): %.100s", errmsg);
+ krb5_free_error_message(krb_context, errmsg);
return;
}
if ((problem = krb5_cc_initialize(krb_context, ccache, princ))) {
- logit("krb5_cc_initialize(): %.100s",
- krb5_get_err_text(krb_context, problem));
+ errmsg = krb5_get_error_message(krb_context, problem);
+ logit("krb5_cc_initialize(): %.100s", errmsg);
+ krb5_free_error_message(krb_context, errmsg);
krb5_free_principal(krb_context, princ);
krb5_cc_destroy(krb_context, ccache);
return;
Property changes on: vendor-crypto/openssh/dist/gss-serv-krb5.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/gss-serv.c
===================================================================
--- vendor-crypto/openssh/dist/gss-serv.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/gss-serv.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: gss-serv.c,v 1.22 2008/05/08 12:02:23 djm Exp $ */
+/* $OpenBSD: gss-serv.c,v 1.24 2013/07/20 01:55:13 djm Exp $ */
/*
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -50,7 +50,7 @@
static ssh_gssapi_client gssapi_client =
{ GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER,
- GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL}};
+ GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL, NULL}};
ssh_gssapi_mech gssapi_null_mech =
{ NULL, NULL, {0, NULL}, NULL, NULL, NULL, NULL};
@@ -229,6 +229,8 @@
name->length = get_u32(tok+offset);
offset += 4;
+ if (UINT_MAX - offset < name->length)
+ return GSS_S_FAILURE;
if (ename->length < offset+name->length)
return GSS_S_FAILURE;
Property changes on: vendor-crypto/openssh/dist/gss-serv.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.6
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/hostfile.c
===================================================================
--- vendor-crypto/openssh/dist/hostfile.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/hostfile.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: hostfile.c,v 1.50 2010/12/04 13:31:37 djm Exp $ */
+/* $OpenBSD: hostfile.c,v 1.52 2013/07/12 00:19:58 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -64,7 +64,7 @@
};
static int
-extract_salt(const char *s, u_int l, char *salt, size_t salt_len)
+extract_salt(const char *s, u_int l, u_char *salt, size_t salt_len)
{
char *p, *b64salt;
u_int b64len;
@@ -96,7 +96,7 @@
b64salt[b64len] = '\0';
ret = __b64_pton(b64salt, salt, salt_len);
- xfree(b64salt);
+ free(b64salt);
if (ret == -1) {
debug2("extract_salt: salt decode error");
return (-1);
@@ -115,7 +115,8 @@
{
const EVP_MD *md = EVP_sha1();
HMAC_CTX mac_ctx;
- char salt[256], result[256], uu_salt[512], uu_result[512];
+ u_char salt[256], result[256];
+ char uu_salt[512], uu_result[512];
static char encoded[1024];
u_int i, len;
@@ -133,7 +134,7 @@
}
HMAC_Init(&mac_ctx, salt, len, md);
- HMAC_Update(&mac_ctx, host, strlen(host));
+ HMAC_Update(&mac_ctx, (u_char *)host, strlen(host));
HMAC_Final(&mac_ctx, result, NULL);
HMAC_cleanup(&mac_ctx);
@@ -153,7 +154,7 @@
*/
int
-hostfile_read_key(char **cpp, u_int *bitsp, Key *ret)
+hostfile_read_key(char **cpp, int *bitsp, Key *ret)
{
char *cp;
@@ -170,8 +171,10 @@
/* Return results. */
*cpp = cp;
- if (bitsp != NULL)
- *bitsp = key_size(ret);
+ if (bitsp != NULL) {
+ if ((*bitsp = key_size(ret)) <= 0)
+ return 0;
+ }
return 1;
}
@@ -327,16 +330,14 @@
u_int i;
for (i = 0; i < hostkeys->num_entries; i++) {
- xfree(hostkeys->entries[i].host);
- xfree(hostkeys->entries[i].file);
+ free(hostkeys->entries[i].host);
+ free(hostkeys->entries[i].file);
key_free(hostkeys->entries[i].key);
bzero(hostkeys->entries + i, sizeof(*hostkeys->entries));
}
- if (hostkeys->entries != NULL)
- xfree(hostkeys->entries);
- hostkeys->entries = NULL;
- hostkeys->num_entries = 0;
- xfree(hostkeys);
+ free(hostkeys->entries);
+ bzero(hostkeys, sizeof(*hostkeys));
+ free(hostkeys);
}
static int
Property changes on: vendor-crypto/openssh/dist/hostfile.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/hostfile.h
===================================================================
--- vendor-crypto/openssh/dist/hostfile.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/hostfile.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: hostfile.h,v 1.19 2010/11/29 23:45:51 djm Exp $ */
+/* $OpenBSD: hostfile.h,v 1.20 2013/07/12 00:19:58 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -40,7 +40,7 @@
int lookup_key_in_hostkeys_by_type(struct hostkeys *, int,
const struct hostkey_entry **);
-int hostfile_read_key(char **, u_int *, Key *);
+int hostfile_read_key(char **, int *, Key *);
int add_host_to_hostfile(const char *, const char *, const Key *, int);
#define HASH_MAGIC "|1|"
Property changes on: vendor-crypto/openssh/dist/hostfile.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/includes.h
===================================================================
--- vendor-crypto/openssh/dist/includes.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/includes.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -18,7 +18,9 @@
#include "config.h"
+#ifndef _GNU_SOURCE
#define _GNU_SOURCE /* activate extra prototypes for glibc */
+#endif
#include <sys/types.h>
#include <sys/socket.h> /* For CMSG_* */
@@ -137,8 +139,10 @@
# include <tmpdir.h>
#endif
-#ifdef HAVE_LIBUTIL_H
-# include <libutil.h> /* Openpty on FreeBSD at least */
+#if defined(HAVE_BSD_LIBUTIL_H)
+# include <bsd/libutil.h>
+#elif defined(HAVE_LIBUTIL_H)
+# include <libutil.h>
#endif
#if defined(KRB5) && defined(USE_AFS)
Property changes on: vendor-crypto/openssh/dist/includes.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.8
\ No newline at end of property
Index: vendor-crypto/openssh/dist/install-sh
===================================================================
--- vendor-crypto/openssh/dist/install-sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/install-sh 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/install-sh
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/jpake.c
===================================================================
--- vendor-crypto/openssh/dist/jpake.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/jpake.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: jpake.c,v 1.6 2010/09/20 04:54:07 djm Exp $ */
+/* $OpenBSD: jpake.c,v 1.8 2013/05/17 00:13:13 djm Exp $ */
/*
* Copyright (c) 2008 Damien Miller. All rights reserved.
*
@@ -106,7 +106,7 @@
do { \
if ((v) != NULL) { \
bzero((v), (l)); \
- xfree(v); \
+ free(v); \
(v) = NULL; \
(l) = 0; \
} \
@@ -133,8 +133,8 @@
#undef JPAKE_BN_CLEAR_FREE
#undef JPAKE_BUF_CLEAR_FREE
- bzero(pctx, sizeof(pctx));
- xfree(pctx);
+ bzero(pctx, sizeof(*pctx));
+ free(pctx);
}
/* dump entire jpake_ctx. NB. includes private values! */
@@ -445,7 +445,7 @@
expected_confirm_hash_len) == 0)
success = 1;
bzero(expected_confirm_hash, expected_confirm_hash_len);
- xfree(expected_confirm_hash);
+ free(expected_confirm_hash);
debug3("%s: success = %d", __func__, success);
return success;
}
Property changes on: vendor-crypto/openssh/dist/jpake.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Index: vendor-crypto/openssh/dist/jpake.h
===================================================================
--- vendor-crypto/openssh/dist/jpake.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/jpake.h 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/jpake.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/kex.c
===================================================================
--- vendor-crypto/openssh/dist/kex.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/kex.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.86 2010/09/22 05:01:29 djm Exp $ */
+/* $OpenBSD: kex.c,v 1.91 2013/05/17 00:13:13 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
*
@@ -62,6 +62,57 @@
static void kex_kexinit_finish(Kex *);
static void kex_choose_conf(Kex *);
+struct kexalg {
+ char *name;
+ int type;
+ int ec_nid;
+ const EVP_MD *(*mdfunc)(void);
+};
+static const struct kexalg kexalgs[] = {
+ { KEX_DH1, KEX_DH_GRP1_SHA1, 0, EVP_sha1 },
+ { KEX_DH14, KEX_DH_GRP14_SHA1, 0, EVP_sha1 },
+ { KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, EVP_sha1 },
+#ifdef HAVE_EVP_SHA256
+ { KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, EVP_sha256 },
+#endif
+#ifdef OPENSSL_HAS_ECC
+ { KEX_ECDH_SHA2_NISTP256, KEX_ECDH_SHA2, NID_X9_62_prime256v1, EVP_sha256 },
+ { KEX_ECDH_SHA2_NISTP384, KEX_ECDH_SHA2, NID_secp384r1, EVP_sha384 },
+ { KEX_ECDH_SHA2_NISTP521, KEX_ECDH_SHA2, NID_secp521r1, EVP_sha512 },
+#endif
+ { NULL, -1, -1, NULL},
+};
+
+char *
+kex_alg_list(void)
+{
+ char *ret = NULL;
+ size_t nlen, rlen = 0;
+ const struct kexalg *k;
+
+ for (k = kexalgs; k->name != NULL; k++) {
+ if (ret != NULL)
+ ret[rlen++] = '\n';
+ nlen = strlen(k->name);
+ ret = xrealloc(ret, 1, rlen + nlen + 2);
+ memcpy(ret + rlen, k->name, nlen + 1);
+ rlen += nlen;
+ }
+ return ret;
+}
+
+static const struct kexalg *
+kex_alg_by_name(const char *name)
+{
+ const struct kexalg *k;
+
+ for (k = kexalgs; k->name != NULL; k++) {
+ if (strcmp(k->name, name) == 0)
+ return k;
+ }
+ return NULL;
+}
+
/* Validate KEX method name list */
int
kex_names_valid(const char *names)
@@ -73,20 +124,14 @@
s = cp = xstrdup(names);
for ((p = strsep(&cp, ",")); p && *p != '\0';
(p = strsep(&cp, ","))) {
- if (strcmp(p, KEX_DHGEX_SHA256) != 0 &&
- strcmp(p, KEX_DHGEX_SHA1) != 0 &&
- strcmp(p, KEX_DH14) != 0 &&
- strcmp(p, KEX_DH1) != 0 &&
- (strncmp(p, KEX_ECDH_SHA2_STEM,
- sizeof(KEX_ECDH_SHA2_STEM) - 1) != 0 ||
- kex_ecdh_name_to_nid(p) == -1)) {
+ if (kex_alg_by_name(p) == NULL) {
error("Unsupported KEX algorithm \"%.100s\"", p);
- xfree(s);
+ free(s);
return 0;
}
}
debug3("kex names ok: [%s]", names);
- xfree(s);
+ free(s);
return 1;
}
@@ -146,8 +191,8 @@
u_int i;
for (i = 0; i < PROPOSAL_MAX; i++)
- xfree(proposal[i]);
- xfree(proposal);
+ free(proposal[i]);
+ free(proposal);
}
/* ARGSUSED */
@@ -184,7 +229,7 @@
buffer_clear(&kex->peer);
/* buffer_clear(&kex->my); */
kex->flags &= ~KEX_INIT_SENT;
- xfree(kex->name);
+ free(kex->name);
kex->name = NULL;
}
@@ -241,9 +286,19 @@
for (i = 0; i < KEX_COOKIE_LEN; i++)
packet_get_char();
for (i = 0; i < PROPOSAL_MAX; i++)
- xfree(packet_get_string(NULL));
- (void) packet_get_char();
- (void) packet_get_int();
+ free(packet_get_string(NULL));
+ /*
+ * XXX RFC4253 sec 7: "each side MAY guess" - currently no supported
+ * KEX method has the server move first, but a server might be using
+ * a custom method or one that we otherwise don't support. We should
+ * be prepared to remember first_kex_follows here so we can eat a
+ * packet later.
+ * XXX2 - RFC4253 is kind of ambiguous on what first_kex_follows means
+ * for cases where the server *doesn't* go first. I guess we should
+ * ignore it when it is set for these cases, which is what we do now.
+ */
+ (void) packet_get_char(); /* first_kex_follows */
+ (void) packet_get_int(); /* reserved */
packet_check_eom();
kex_kexinit_finish(kex);
@@ -294,6 +349,7 @@
enc->name = name;
enc->enabled = 0;
enc->iv = NULL;
+ enc->iv_len = cipher_ivlen(enc->cipher);
enc->key = NULL;
enc->key_len = cipher_keylen(enc->cipher);
enc->block_size = cipher_blocksize(enc->cipher);
@@ -337,29 +393,16 @@
static void
choose_kex(Kex *k, char *client, char *server)
{
+ const struct kexalg *kexalg;
+
k->name = match_list(client, server, NULL);
if (k->name == NULL)
fatal("Unable to negotiate a key exchange method");
- if (strcmp(k->name, KEX_DH1) == 0) {
- k->kex_type = KEX_DH_GRP1_SHA1;
- k->evp_md = EVP_sha1();
- } else if (strcmp(k->name, KEX_DH14) == 0) {
- k->kex_type = KEX_DH_GRP14_SHA1;
- k->evp_md = EVP_sha1();
- } else if (strcmp(k->name, KEX_DHGEX_SHA1) == 0) {
- k->kex_type = KEX_DH_GEX_SHA1;
- k->evp_md = EVP_sha1();
-#if OPENSSL_VERSION_NUMBER >= 0x00907000L
- } else if (strcmp(k->name, KEX_DHGEX_SHA256) == 0) {
- k->kex_type = KEX_DH_GEX_SHA256;
- k->evp_md = evp_ssh_sha256();
- } else if (strncmp(k->name, KEX_ECDH_SHA2_STEM,
- sizeof(KEX_ECDH_SHA2_STEM) - 1) == 0) {
- k->kex_type = KEX_ECDH_SHA2;
- k->evp_md = kex_ecdh_name_to_evpmd(k->name);
-#endif
- } else
- fatal("bad kex alg %s", k->name);
+ if ((kexalg = kex_alg_by_name(k->name)) == NULL)
+ fatal("unsupported kex alg %s", k->name);
+ k->kex_type = kexalg->type;
+ k->evp_md = kexalg->mdfunc();
+ k->ec_nid = kexalg->ec_nid;
}
static void
@@ -371,7 +414,7 @@
k->hostkey_type = key_type_from_name(hostkeyalg);
if (k->hostkey_type == KEY_UNSPEC)
fatal("bad hostkey alg '%s'", hostkeyalg);
- xfree(hostkeyalg);
+ free(hostkeyalg);
}
static int
@@ -405,7 +448,7 @@
char **my, **peer;
char **cprop, **sprop;
int nenc, nmac, ncomp;
- u_int mode, ctos, need;
+ u_int mode, ctos, need, authlen;
int first_kex_follows, type;
my = kex_buf2prop(&kex->my, NULL);
@@ -425,7 +468,7 @@
roaming = match_list(KEX_RESUME, peer[PROPOSAL_KEX_ALGS], NULL);
if (roaming) {
kex->roaming = 1;
- xfree(roaming);
+ free(roaming);
}
}
@@ -438,13 +481,16 @@
nenc = ctos ? PROPOSAL_ENC_ALGS_CTOS : PROPOSAL_ENC_ALGS_STOC;
nmac = ctos ? PROPOSAL_MAC_ALGS_CTOS : PROPOSAL_MAC_ALGS_STOC;
ncomp = ctos ? PROPOSAL_COMP_ALGS_CTOS : PROPOSAL_COMP_ALGS_STOC;
- choose_enc (&newkeys->enc, cprop[nenc], sprop[nenc]);
- choose_mac (&newkeys->mac, cprop[nmac], sprop[nmac]);
+ choose_enc(&newkeys->enc, cprop[nenc], sprop[nenc]);
+ /* ignore mac for authenticated encryption */
+ authlen = cipher_authlen(newkeys->enc.cipher);
+ if (authlen == 0)
+ choose_mac(&newkeys->mac, cprop[nmac], sprop[nmac]);
choose_comp(&newkeys->comp, cprop[ncomp], sprop[ncomp]);
debug("kex: %s %s %s %s",
ctos ? "client->server" : "server->client",
newkeys->enc.name,
- newkeys->mac.name,
+ authlen == 0 ? newkeys->mac.name : "<implicit>",
newkeys->comp.name);
}
choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], sprop[PROPOSAL_KEX_ALGS]);
@@ -457,6 +503,8 @@
need = newkeys->enc.key_len;
if (need < newkeys->enc.block_size)
need = newkeys->enc.block_size;
+ if (need < newkeys->enc.iv_len)
+ need = newkeys->enc.iv_len;
if (need < newkeys->mac.key_len)
need = newkeys->mac.key_len;
}
Property changes on: vendor-crypto/openssh/dist/kex.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.8
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/kex.h
===================================================================
--- vendor-crypto/openssh/dist/kex.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/kex.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.h,v 1.52 2010/09/22 05:01:29 djm Exp $ */
+/* $OpenBSD: kex.h,v 1.56 2013/07/19 07:37:48 markus Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -40,8 +40,9 @@
#define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1"
#define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256"
#define KEX_RESUME "resume at appgate.com"
-/* The following represents the family of ECDH methods */
-#define KEX_ECDH_SHA2_STEM "ecdh-sha2-"
+#define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256"
+#define KEX_ECDH_SHA2_NISTP384 "ecdh-sha2-nistp384"
+#define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521"
#define COMP_NONE 0
#define COMP_ZLIB 1
@@ -86,9 +87,10 @@
struct Enc {
char *name;
- Cipher *cipher;
+ const Cipher *cipher;
int enabled;
u_int key_len;
+ u_int iv_len;
u_int block_size;
u_char *key;
u_char *iv;
@@ -100,6 +102,7 @@
u_char *key;
u_int key_len;
int type;
+ int etm; /* Encrypt-then-MAC */
const EVP_MD *evp_md;
HMAC_CTX evp_ctx;
struct umac_ctx *umac_ctx;
@@ -129,6 +132,7 @@
sig_atomic_t done;
int flags;
const EVP_MD *evp_md;
+ int ec_nid;
char *client_version_string;
char *server_version_string;
int (*verify_host_key)(Key *);
@@ -135,10 +139,12 @@
Key *(*load_host_public_key)(int);
Key *(*load_host_private_key)(int);
int (*host_key_index)(Key *);
+ void (*sign)(Key *, Key *, u_char **, u_int *, u_char *, u_int);
void (*kex[KEX_MAX])(Kex *);
};
int kex_names_valid(const char *);
+char *kex_alg_list(void);
Kex *kex_setup(char *[PROPOSAL_MAX]);
void kex_finish(Kex *);
@@ -168,11 +174,6 @@
kex_ecdh_hash(const EVP_MD *, const EC_GROUP *, char *, char *, char *, int,
char *, int, u_char *, int, const EC_POINT *, const EC_POINT *,
const BIGNUM *, u_char **, u_int *);
-int kex_ecdh_name_to_nid(const char *);
-const EVP_MD *kex_ecdh_name_to_evpmd(const char *);
-#else
-# define kex_ecdh_name_to_nid(x) (-1)
-# define kex_ecdh_name_to_evpmd(x) (NULL)
#endif
void
Property changes on: vendor-crypto/openssh/dist/kex.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.6
\ No newline at end of property
Index: vendor-crypto/openssh/dist/kexdh.c
===================================================================
--- vendor-crypto/openssh/dist/kexdh.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/kexdh.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/kexdh.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/kexdhc.c
===================================================================
--- vendor-crypto/openssh/dist/kexdhc.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/kexdhc.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexdhc.c,v 1.12 2010/11/10 01:33:07 djm Exp $ */
+/* $OpenBSD: kexdhc.c,v 1.13 2013/05/17 00:13:13 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@@ -125,7 +125,7 @@
if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
fatal("kexdh_client: BN_bin2bn failed");
memset(kbuf, 0, klen);
- xfree(kbuf);
+ free(kbuf);
/* calc and verify H */
kex_dh_hash(
@@ -139,7 +139,7 @@
shared_secret,
&hash, &hashlen
);
- xfree(server_host_key_blob);
+ free(server_host_key_blob);
BN_clear_free(dh_server_pub);
DH_free(dh);
@@ -146,7 +146,7 @@
if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1)
fatal("key_verify failed for server_host_key");
key_free(server_host_key);
- xfree(signature);
+ free(signature);
/* save session id */
if (kex->session_id == NULL) {
Property changes on: vendor-crypto/openssh/dist/kexdhc.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/kexdhs.c
===================================================================
--- vendor-crypto/openssh/dist/kexdhs.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/kexdhs.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexdhs.c,v 1.12 2010/11/10 01:33:07 djm Exp $ */
+/* $OpenBSD: kexdhs.c,v 1.14 2013/07/19 07:37:48 markus Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@@ -80,9 +80,6 @@
if (server_host_public == NULL)
fatal("Unsupported hostkey type %d", kex->hostkey_type);
server_host_private = kex->load_host_private_key(kex->hostkey_type);
- if (server_host_private == NULL)
- fatal("Missing private key for hostkey type %d",
- kex->hostkey_type);
/* key, cert */
if ((dh_client_pub = BN_new()) == NULL)
@@ -118,7 +115,7 @@
if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
fatal("kexdh_server: BN_bin2bn failed");
memset(kbuf, 0, klen);
- xfree(kbuf);
+ free(kbuf);
key_to_blob(server_host_public, &server_host_key_blob, &sbloblen);
@@ -144,9 +141,8 @@
}
/* sign H */
- if (PRIVSEP(key_sign(server_host_private, &signature, &slen, hash,
- hashlen)) < 0)
- fatal("kexdh_server: key_sign failed");
+ kex->sign(server_host_private, server_host_public, &signature, &slen,
+ hash, hashlen);
/* destroy_sensitive_data(); */
@@ -157,8 +153,8 @@
packet_put_string(signature, slen);
packet_send();
- xfree(signature);
- xfree(server_host_key_blob);
+ free(signature);
+ free(server_host_key_blob);
/* have keys, free DH */
DH_free(dh);
Property changes on: vendor-crypto/openssh/dist/kexdhs.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.6
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/kexecdh.c
===================================================================
--- vendor-crypto/openssh/dist/kexecdh.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/kexecdh.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexecdh.c,v 1.3 2010/09/22 05:01:29 djm Exp $ */
+/* $OpenBSD: kexecdh.c,v 1.4 2013/04/19 01:06:50 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -45,24 +45,6 @@
#include "kex.h"
#include "log.h"
-int
-kex_ecdh_name_to_nid(const char *kexname)
-{
- if (strlen(kexname) < sizeof(KEX_ECDH_SHA2_STEM) - 1)
- fatal("%s: kexname too short \"%s\"", __func__, kexname);
- return key_curve_name_to_nid(kexname + sizeof(KEX_ECDH_SHA2_STEM) - 1);
-}
-
-const EVP_MD *
-kex_ecdh_name_to_evpmd(const char *kexname)
-{
- int nid = kex_ecdh_name_to_nid(kexname);
-
- if (nid == -1)
- fatal("%s: unsupported ECDH curve \"%s\"", __func__, kexname);
- return key_ec_nid_to_evpmd(nid);
-}
-
void
kex_ecdh_hash(
const EVP_MD *evp_md,
Property changes on: vendor-crypto/openssh/dist/kexecdh.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/kexecdhc.c
===================================================================
--- vendor-crypto/openssh/dist/kexecdhc.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/kexecdhc.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexecdhc.c,v 1.2 2010/09/22 05:01:29 djm Exp $ */
+/* $OpenBSD: kexecdhc.c,v 1.4 2013/05/17 00:13:13 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -57,11 +57,8 @@
u_char *server_host_key_blob = NULL, *signature = NULL;
u_char *kbuf, *hash;
u_int klen, slen, sbloblen, hashlen;
- int curve_nid;
- if ((curve_nid = kex_ecdh_name_to_nid(kex->name)) == -1)
- fatal("%s: unsupported ECDH curve \"%s\"", __func__, kex->name);
- if ((client_key = EC_KEY_new_by_curve_name(curve_nid)) == NULL)
+ if ((client_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL)
fatal("%s: EC_KEY_new_by_curve_name failed", __func__);
if (EC_KEY_generate_key(client_key) != 1)
fatal("%s: EC_KEY_generate_key failed", __func__);
@@ -123,7 +120,7 @@
if (BN_bin2bn(kbuf, klen, shared_secret) == NULL)
fatal("%s: BN_bin2bn failed", __func__);
memset(kbuf, 0, klen);
- xfree(kbuf);
+ free(kbuf);
/* calc and verify H */
kex_ecdh_hash(
@@ -139,7 +136,7 @@
shared_secret,
&hash, &hashlen
);
- xfree(server_host_key_blob);
+ free(server_host_key_blob);
EC_POINT_clear_free(server_public);
EC_KEY_free(client_key);
@@ -146,7 +143,7 @@
if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1)
fatal("key_verify failed for server_host_key");
key_free(server_host_key);
- xfree(signature);
+ free(signature);
/* save session id */
if (kex->session_id == NULL) {
Property changes on: vendor-crypto/openssh/dist/kexecdhc.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/kexecdhs.c
===================================================================
--- vendor-crypto/openssh/dist/kexecdhs.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/kexecdhs.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexecdhs.c,v 1.2 2010/09/22 05:01:29 djm Exp $ */
+/* $OpenBSD: kexecdhs.c,v 1.5 2013/07/19 07:37:48 markus Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -59,11 +59,8 @@
u_char *server_host_key_blob = NULL, *signature = NULL;
u_char *kbuf, *hash;
u_int klen, slen, sbloblen, hashlen;
- int curve_nid;
- if ((curve_nid = kex_ecdh_name_to_nid(kex->name)) == -1)
- fatal("%s: unsupported ECDH curve \"%s\"", __func__, kex->name);
- if ((server_key = EC_KEY_new_by_curve_name(curve_nid)) == NULL)
+ if ((server_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL)
fatal("%s: EC_KEY_new_by_curve_name failed", __func__);
if (EC_KEY_generate_key(server_key) != 1)
fatal("%s: EC_KEY_generate_key failed", __func__);
@@ -81,9 +78,6 @@
if (server_host_public == NULL)
fatal("Unsupported hostkey type %d", kex->hostkey_type);
server_host_private = kex->load_host_private_key(kex->hostkey_type);
- if (server_host_private == NULL)
- fatal("Missing private key for hostkey type %d",
- kex->hostkey_type);
debug("expecting SSH2_MSG_KEX_ECDH_INIT");
packet_read_expect(SSH2_MSG_KEX_ECDH_INIT);
@@ -115,7 +109,7 @@
if (BN_bin2bn(kbuf, klen, shared_secret) == NULL)
fatal("%s: BN_bin2bn failed", __func__);
memset(kbuf, 0, klen);
- xfree(kbuf);
+ free(kbuf);
/* calc H */
key_to_blob(server_host_public, &server_host_key_blob, &sbloblen);
@@ -142,9 +136,8 @@
}
/* sign H */
- if (PRIVSEP(key_sign(server_host_private, &signature, &slen,
- hash, hashlen)) < 0)
- fatal("kexdh_server: key_sign failed");
+ kex->sign(server_host_private, server_host_public, &signature, &slen,
+ hash, hashlen);
/* destroy_sensitive_data(); */
@@ -155,8 +148,8 @@
packet_put_string(signature, slen);
packet_send();
- xfree(signature);
- xfree(server_host_key_blob);
+ free(signature);
+ free(server_host_key_blob);
/* have keys, free server key */
EC_KEY_free(server_key);
Property changes on: vendor-crypto/openssh/dist/kexecdhs.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Index: vendor-crypto/openssh/dist/kexgex.c
===================================================================
--- vendor-crypto/openssh/dist/kexgex.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/kexgex.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/kexgex.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/kexgexc.c
===================================================================
--- vendor-crypto/openssh/dist/kexgexc.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/kexgexc.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexgexc.c,v 1.12 2010/11/10 01:33:07 djm Exp $ */
+/* $OpenBSD: kexgexc.c,v 1.13 2013/05/17 00:13:13 djm Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -163,7 +163,7 @@
if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
fatal("kexgex_client: BN_bin2bn failed");
memset(kbuf, 0, klen);
- xfree(kbuf);
+ free(kbuf);
if (datafellows & SSH_OLD_DHGEX)
min = max = -1;
@@ -186,13 +186,13 @@
/* have keys, free DH */
DH_free(dh);
- xfree(server_host_key_blob);
+ free(server_host_key_blob);
BN_clear_free(dh_server_pub);
if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1)
fatal("key_verify failed for server_host_key");
key_free(server_host_key);
- xfree(signature);
+ free(signature);
/* save session id */
if (kex->session_id == NULL) {
Property changes on: vendor-crypto/openssh/dist/kexgexc.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/kexgexs.c
===================================================================
--- vendor-crypto/openssh/dist/kexgexs.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/kexgexs.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexgexs.c,v 1.14 2010/11/10 01:33:07 djm Exp $ */
+/* $OpenBSD: kexgexs.c,v 1.16 2013/07/19 07:37:48 markus Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -68,11 +68,7 @@
if (server_host_public == NULL)
fatal("Unsupported hostkey type %d", kex->hostkey_type);
server_host_private = kex->load_host_private_key(kex->hostkey_type);
- if (server_host_private == NULL)
- fatal("Missing private key for hostkey type %d",
- kex->hostkey_type);
-
type = packet_read();
switch (type) {
case SSH2_MSG_KEX_DH_GEX_REQUEST:
@@ -155,7 +151,7 @@
if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
fatal("kexgex_server: BN_bin2bn failed");
memset(kbuf, 0, klen);
- xfree(kbuf);
+ free(kbuf);
key_to_blob(server_host_public, &server_host_key_blob, &sbloblen);
@@ -187,9 +183,8 @@
}
/* sign H */
- if (PRIVSEP(key_sign(server_host_private, &signature, &slen, hash,
- hashlen)) < 0)
- fatal("kexgex_server: key_sign failed");
+ kex->sign(server_host_private, server_host_public, &signature, &slen,
+ hash, hashlen);
/* destroy_sensitive_data(); */
@@ -201,8 +196,8 @@
packet_put_string(signature, slen);
packet_send();
- xfree(signature);
- xfree(server_host_key_blob);
+ free(signature);
+ free(server_host_key_blob);
/* have keys, free DH */
DH_free(dh);
Property changes on: vendor-crypto/openssh/dist/kexgexs.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.7
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/key.c
===================================================================
--- vendor-crypto/openssh/dist/key.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/key.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.c,v 1.96 2011/02/04 00:44:21 djm Exp $ */
+/* $OpenBSD: key.c,v 1.104 2013/05/19 02:42:42 djm Exp $ */
/*
* read_bignum():
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -55,6 +55,8 @@
#include "misc.h"
#include "ssh2.h"
+static int to_blob(const Key *, u_char **, u_int *, int);
+
static struct KeyCert *
cert_new(void)
{
@@ -185,14 +187,13 @@
buffer_free(&cert->certblob);
buffer_free(&cert->critical);
buffer_free(&cert->extensions);
- if (cert->key_id != NULL)
- xfree(cert->key_id);
+ free(cert->key_id);
for (i = 0; i < cert->nprincipals; i++)
- xfree(cert->principals[i]);
- if (cert->principals != NULL)
- xfree(cert->principals);
+ free(cert->principals[i]);
+ free(cert->principals);
if (cert->signature_key != NULL)
key_free(cert->signature_key);
+ free(cert);
}
void
@@ -236,7 +237,7 @@
k->cert = NULL;
}
- xfree(k);
+ free(k);
}
static int
@@ -324,7 +325,8 @@
}
u_char*
-key_fingerprint_raw(Key *k, enum fp_type dgst_type, u_int *dgst_raw_length)
+key_fingerprint_raw(const Key *k, enum fp_type dgst_type,
+ u_int *dgst_raw_length)
{
const EVP_MD *md = NULL;
EVP_MD_CTX ctx;
@@ -331,7 +333,7 @@
u_char *blob = NULL;
u_char *retval = NULL;
u_int len = 0;
- int nlen, elen, otype;
+ int nlen, elen;
*dgst_raw_length = 0;
@@ -342,6 +344,11 @@
case SSH_FP_SHA1:
md = EVP_sha1();
break;
+#ifdef HAVE_EVP_SHA256
+ case SSH_FP_SHA256:
+ md = EVP_sha256();
+ break;
+#endif
default:
fatal("key_fingerprint_raw: bad digest type %d",
dgst_type);
@@ -366,10 +373,7 @@
case KEY_ECDSA_CERT:
case KEY_RSA_CERT:
/* We want a fingerprint of the _key_ not of the cert */
- otype = k->type;
- k->type = key_type_plain(k->type);
- key_to_blob(k, &blob, &len);
- k->type = otype;
+ to_blob(k, &blob, &len, 1);
break;
case KEY_UNSPEC:
return retval;
@@ -383,7 +387,7 @@
EVP_DigestUpdate(&ctx, blob, len);
EVP_DigestFinal(&ctx, retval, dgst_raw_length);
memset(blob, 0, len);
- xfree(blob);
+ free(blob);
} else {
fatal("key_fingerprint_raw: blob is null");
}
@@ -565,7 +569,7 @@
}
char *
-key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
+key_fingerprint(const Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
{
char *retval = NULL;
u_char *dgst_raw;
@@ -590,7 +594,7 @@
break;
}
memset(dgst_raw, 0, dgst_raw_len);
- xfree(dgst_raw);
+ free(dgst_raw);
return retval;
}
@@ -735,11 +739,11 @@
n = uudecode(cp, blob, len);
if (n < 0) {
error("key_read: uudecode %s failed", cp);
- xfree(blob);
+ free(blob);
return -1;
}
k = key_from_blob(blob, (u_int)n);
- xfree(blob);
+ free(blob);
if (k == NULL) {
error("key_read: key_from_blob %s failed", cp);
return -1;
@@ -880,43 +884,13 @@
fprintf(f, "%s %s", key_ssh_name(key), uu);
success = 1;
}
- xfree(blob);
- xfree(uu);
+ free(blob);
+ free(uu);
return success;
}
const char *
-key_type(const Key *k)
-{
- switch (k->type) {
- case KEY_RSA1:
- return "RSA1";
- case KEY_RSA:
- return "RSA";
- case KEY_DSA:
- return "DSA";
-#ifdef OPENSSL_HAS_ECC
- case KEY_ECDSA:
- return "ECDSA";
-#endif
- case KEY_RSA_CERT_V00:
- return "RSA-CERT-V00";
- case KEY_DSA_CERT_V00:
- return "DSA-CERT-V00";
- case KEY_RSA_CERT:
- return "RSA-CERT";
- case KEY_DSA_CERT:
- return "DSA-CERT";
-#ifdef OPENSSL_HAS_ECC
- case KEY_ECDSA_CERT:
- return "ECDSA-CERT";
-#endif
- }
- return "unknown";
-}
-
-const char *
key_cert_type(const Key *k)
{
switch (k->cert->type) {
@@ -929,48 +903,59 @@
}
}
+struct keytype {
+ char *name;
+ char *shortname;
+ int type;
+ int nid;
+ int cert;
+};
+static const struct keytype keytypes[] = {
+ { NULL, "RSA1", KEY_RSA1, 0, 0 },
+ { "ssh-rsa", "RSA", KEY_RSA, 0, 0 },
+ { "ssh-dss", "DSA", KEY_DSA, 0, 0 },
+#ifdef OPENSSL_HAS_ECC
+ { "ecdsa-sha2-nistp256", "ECDSA", KEY_ECDSA, NID_X9_62_prime256v1, 0 },
+ { "ecdsa-sha2-nistp384", "ECDSA", KEY_ECDSA, NID_secp384r1, 0 },
+ { "ecdsa-sha2-nistp521", "ECDSA", KEY_ECDSA, NID_secp521r1, 0 },
+#endif /* OPENSSL_HAS_ECC */
+ { "ssh-rsa-cert-v01 at openssh.com", "RSA-CERT", KEY_RSA_CERT, 0, 1 },
+ { "ssh-dss-cert-v01 at openssh.com", "DSA-CERT", KEY_DSA_CERT, 0, 1 },
+#ifdef OPENSSL_HAS_ECC
+ { "ecdsa-sha2-nistp256-cert-v01 at openssh.com", "ECDSA-CERT",
+ KEY_ECDSA_CERT, NID_X9_62_prime256v1, 1 },
+ { "ecdsa-sha2-nistp384-cert-v01 at openssh.com", "ECDSA-CERT",
+ KEY_ECDSA_CERT, NID_secp384r1, 1 },
+ { "ecdsa-sha2-nistp521-cert-v01 at openssh.com", "ECDSA-CERT",
+ KEY_ECDSA_CERT, NID_secp521r1, 1 },
+#endif /* OPENSSL_HAS_ECC */
+ { "ssh-rsa-cert-v00 at openssh.com", "RSA-CERT-V00",
+ KEY_RSA_CERT_V00, 0, 1 },
+ { "ssh-dss-cert-v00 at openssh.com", "DSA-CERT-V00",
+ KEY_DSA_CERT_V00, 0, 1 },
+ { NULL, NULL, -1, -1, 0 }
+};
+
+const char *
+key_type(const Key *k)
+{
+ const struct keytype *kt;
+
+ for (kt = keytypes; kt->type != -1; kt++) {
+ if (kt->type == k->type)
+ return kt->shortname;
+ }
+ return "unknown";
+}
+
static const char *
key_ssh_name_from_type_nid(int type, int nid)
{
- switch (type) {
- case KEY_RSA:
- return "ssh-rsa";
- case KEY_DSA:
- return "ssh-dss";
- case KEY_RSA_CERT_V00:
- return "ssh-rsa-cert-v00 at openssh.com";
- case KEY_DSA_CERT_V00:
- return "ssh-dss-cert-v00 at openssh.com";
- case KEY_RSA_CERT:
- return "ssh-rsa-cert-v01 at openssh.com";
- case KEY_DSA_CERT:
- return "ssh-dss-cert-v01 at openssh.com";
-#ifdef OPENSSL_HAS_ECC
- case KEY_ECDSA:
- switch (nid) {
- case NID_X9_62_prime256v1:
- return "ecdsa-sha2-nistp256";
- case NID_secp384r1:
- return "ecdsa-sha2-nistp384";
- case NID_secp521r1:
- return "ecdsa-sha2-nistp521";
- default:
- break;
- }
- break;
- case KEY_ECDSA_CERT:
- switch (nid) {
- case NID_X9_62_prime256v1:
- return "ecdsa-sha2-nistp256-cert-v01 at openssh.com";
- case NID_secp384r1:
- return "ecdsa-sha2-nistp384-cert-v01 at openssh.com";
- case NID_secp521r1:
- return "ecdsa-sha2-nistp521-cert-v01 at openssh.com";
- default:
- break;
- }
- break;
-#endif /* OPENSSL_HAS_ECC */
+ const struct keytype *kt;
+
+ for (kt = keytypes; kt->type != -1; kt++) {
+ if (kt->type == type && (kt->nid == 0 || kt->nid == nid))
+ return kt->name;
}
return "ssh-unknown";
}
@@ -988,6 +973,56 @@
k->ecdsa_nid);
}
+int
+key_type_from_name(char *name)
+{
+ const struct keytype *kt;
+
+ for (kt = keytypes; kt->type != -1; kt++) {
+ /* Only allow shortname matches for plain key types */
+ if ((kt->name != NULL && strcmp(name, kt->name) == 0) ||
+ (!kt->cert && strcasecmp(kt->shortname, name) == 0))
+ return kt->type;
+ }
+ debug2("key_type_from_name: unknown key type '%s'", name);
+ return KEY_UNSPEC;
+}
+
+int
+key_ecdsa_nid_from_name(const char *name)
+{
+ const struct keytype *kt;
+
+ for (kt = keytypes; kt->type != -1; kt++) {
+ if (kt->type != KEY_ECDSA && kt->type != KEY_ECDSA_CERT)
+ continue;
+ if (kt->name != NULL && strcmp(name, kt->name) == 0)
+ return kt->nid;
+ }
+ debug2("%s: unknown/non-ECDSA key type '%s'", __func__, name);
+ return -1;
+}
+
+char *
+key_alg_list(void)
+{
+ char *ret = NULL;
+ size_t nlen, rlen = 0;
+ const struct keytype *kt;
+
+ for (kt = keytypes; kt->type != -1; kt++) {
+ if (kt->name == NULL)
+ continue;
+ if (ret != NULL)
+ ret[rlen++] = '\n';
+ nlen = strlen(kt->name);
+ ret = xrealloc(ret, 1, rlen + nlen + 2);
+ memcpy(ret + rlen, kt->name, nlen + 1);
+ rlen += nlen;
+ }
+ return ret;
+}
+
u_int
key_size(const Key *k)
{
@@ -1243,65 +1278,6 @@
}
int
-key_type_from_name(char *name)
-{
- if (strcmp(name, "rsa1") == 0) {
- return KEY_RSA1;
- } else if (strcmp(name, "rsa") == 0) {
- return KEY_RSA;
- } else if (strcmp(name, "dsa") == 0) {
- return KEY_DSA;
- } else if (strcmp(name, "ssh-rsa") == 0) {
- return KEY_RSA;
- } else if (strcmp(name, "ssh-dss") == 0) {
- return KEY_DSA;
-#ifdef OPENSSL_HAS_ECC
- } else if (strcmp(name, "ecdsa") == 0 ||
- strcmp(name, "ecdsa-sha2-nistp256") == 0 ||
- strcmp(name, "ecdsa-sha2-nistp384") == 0 ||
- strcmp(name, "ecdsa-sha2-nistp521") == 0) {
- return KEY_ECDSA;
-#endif
- } else if (strcmp(name, "ssh-rsa-cert-v00 at openssh.com") == 0) {
- return KEY_RSA_CERT_V00;
- } else if (strcmp(name, "ssh-dss-cert-v00 at openssh.com") == 0) {
- return KEY_DSA_CERT_V00;
- } else if (strcmp(name, "ssh-rsa-cert-v01 at openssh.com") == 0) {
- return KEY_RSA_CERT;
- } else if (strcmp(name, "ssh-dss-cert-v01 at openssh.com") == 0) {
- return KEY_DSA_CERT;
-#ifdef OPENSSL_HAS_ECC
- } else if (strcmp(name, "ecdsa-sha2-nistp256-cert-v01 at openssh.com") == 0 ||
- strcmp(name, "ecdsa-sha2-nistp384-cert-v01 at openssh.com") == 0 ||
- strcmp(name, "ecdsa-sha2-nistp521-cert-v01 at openssh.com") == 0) {
- return KEY_ECDSA_CERT;
-#endif
- }
-
- debug2("key_type_from_name: unknown key type '%s'", name);
- return KEY_UNSPEC;
-}
-
-int
-key_ecdsa_nid_from_name(const char *name)
-{
-#ifdef OPENSSL_HAS_ECC
- if (strcmp(name, "ecdsa-sha2-nistp256") == 0 ||
- strcmp(name, "ecdsa-sha2-nistp256-cert-v01 at openssh.com") == 0)
- return NID_X9_62_prime256v1;
- if (strcmp(name, "ecdsa-sha2-nistp384") == 0 ||
- strcmp(name, "ecdsa-sha2-nistp384-cert-v01 at openssh.com") == 0)
- return NID_secp384r1;
- if (strcmp(name, "ecdsa-sha2-nistp521") == 0 ||
- strcmp(name, "ecdsa-sha2-nistp521-cert-v01 at openssh.com") == 0)
- return NID_secp521r1;
-#endif /* OPENSSL_HAS_ECC */
-
- debug2("%s: unknown/non-ECDSA key type '%s'", __func__, name);
- return -1;
-}
-
-int
key_names_valid2(const char *names)
{
char *s, *cp, *p;
@@ -1314,12 +1290,12 @@
switch (key_type_from_name(p)) {
case KEY_RSA1:
case KEY_UNSPEC:
- xfree(s);
+ free(s);
return 0;
}
}
debug3("key names ok: [%s]", names);
- xfree(s);
+ free(s);
return 1;
}
@@ -1356,11 +1332,6 @@
goto out;
}
- if (kidlen != strlen(key->cert->key_id)) {
- error("%s: key ID contains \\0 character", __func__);
- goto out;
- }
-
/* Signature is left in the buffer so we can calculate this length */
signed_len = buffer_len(&key->cert->certblob) - buffer_len(b);
@@ -1446,16 +1417,11 @@
out:
buffer_free(&tmp);
- if (principals != NULL)
- xfree(principals);
- if (critical != NULL)
- xfree(critical);
- if (exts != NULL)
- xfree(exts);
- if (sig_key != NULL)
- xfree(sig_key);
- if (sig != NULL)
- xfree(sig);
+ free(principals);
+ free(critical);
+ free(exts);
+ free(sig_key);
+ free(sig);
return ret;
}
@@ -1575,10 +1541,8 @@
if (key != NULL && rlen != 0)
error("key_from_blob: remaining bytes in key blob %d", rlen);
out:
- if (ktype != NULL)
- xfree(ktype);
- if (curve != NULL)
- xfree(curve);
+ free(ktype);
+ free(curve);
#ifdef OPENSSL_HAS_ECC
if (q != NULL)
EC_POINT_free(q);
@@ -1587,11 +1551,11 @@
return key;
}
-int
-key_to_blob(const Key *key, u_char **blobp, u_int *lenp)
+static int
+to_blob(const Key *key, u_char **blobp, u_int *lenp, int force_plain)
{
Buffer b;
- int len;
+ int len, type;
if (key == NULL) {
error("key_to_blob: key == NULL");
@@ -1598,7 +1562,8 @@
return 0;
}
buffer_init(&b);
- switch (key->type) {
+ type = force_plain ? key_type_plain(key->type) : key->type;
+ switch (type) {
case KEY_DSA_CERT_V00:
case KEY_RSA_CERT_V00:
case KEY_DSA_CERT:
@@ -1609,7 +1574,8 @@
buffer_len(&key->cert->certblob));
break;
case KEY_DSA:
- buffer_put_cstring(&b, key_ssh_name(key));
+ buffer_put_cstring(&b,
+ key_ssh_name_from_type_nid(type, key->ecdsa_nid));
buffer_put_bignum2(&b, key->dsa->p);
buffer_put_bignum2(&b, key->dsa->q);
buffer_put_bignum2(&b, key->dsa->g);
@@ -1617,7 +1583,8 @@
break;
#ifdef OPENSSL_HAS_ECC
case KEY_ECDSA:
- buffer_put_cstring(&b, key_ssh_name(key));
+ buffer_put_cstring(&b,
+ key_ssh_name_from_type_nid(type, key->ecdsa_nid));
buffer_put_cstring(&b, key_curve_nid_to_name(key->ecdsa_nid));
buffer_put_ecpoint(&b, EC_KEY_get0_group(key->ecdsa),
EC_KEY_get0_public_key(key->ecdsa));
@@ -1624,7 +1591,8 @@
break;
#endif
case KEY_RSA:
- buffer_put_cstring(&b, key_ssh_name(key));
+ buffer_put_cstring(&b,
+ key_ssh_name_from_type_nid(type, key->ecdsa_nid));
buffer_put_bignum2(&b, key->rsa->e);
buffer_put_bignum2(&b, key->rsa->n);
break;
@@ -1646,6 +1614,12 @@
}
int
+key_to_blob(const Key *key, u_char **blobp, u_int *lenp)
+{
+ return to_blob(key, blobp, lenp, 0);
+}
+
+int
key_sign(
const Key *key,
u_char **sigp, u_int *lenp,
@@ -1817,6 +1791,9 @@
k->type = legacy ? KEY_DSA_CERT_V00 : KEY_DSA_CERT;
return 0;
case KEY_ECDSA:
+ if (legacy)
+ fatal("%s: legacy ECDSA certificates are not supported",
+ __func__);
k->cert = cert_new();
k->type = KEY_ECDSA_CERT;
return 0;
@@ -1915,7 +1892,7 @@
default:
error("%s: key has incorrect type %s", __func__, key_type(k));
buffer_clear(&k->cert->certblob);
- xfree(ca_blob);
+ free(ca_blob);
return -1;
}
@@ -1951,7 +1928,7 @@
buffer_put_string(&k->cert->certblob, NULL, 0); /* reserved */
buffer_put_string(&k->cert->certblob, ca_blob, ca_len);
- xfree(ca_blob);
+ free(ca_blob);
/* Sign the whole mess */
if (key_sign(ca, &sig_blob, &sig_len, buffer_ptr(&k->cert->certblob),
@@ -1962,7 +1939,7 @@
}
/* Append signature and we are done */
buffer_put_string(&k->cert->certblob, sig_blob, sig_len);
- xfree(sig_blob);
+ free(sig_blob);
return 0;
}
@@ -2021,7 +1998,7 @@
}
int
-key_cert_is_legacy(Key *k)
+key_cert_is_legacy(const Key *k)
{
switch (k->type) {
case KEY_DSA_CERT_V00:
Property changes on: vendor-crypto/openssh/dist/key.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.8
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/key.h
===================================================================
--- vendor-crypto/openssh/dist/key.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/key.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.h,v 1.33 2010/10/28 11:22:09 djm Exp $ */
+/* $OpenBSD: key.h,v 1.37 2013/05/19 02:42:42 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -48,7 +48,8 @@
};
enum fp_type {
SSH_FP_SHA1,
- SSH_FP_MD5
+ SSH_FP_MD5,
+ SSH_FP_SHA256
};
enum fp_rep {
SSH_FP_HEX,
@@ -94,8 +95,8 @@
Key *key_demote(const Key *);
int key_equal_public(const Key *, const Key *);
int key_equal(const Key *, const Key *);
-char *key_fingerprint(Key *, enum fp_type, enum fp_rep);
-u_char *key_fingerprint_raw(Key *, enum fp_type, u_int *);
+char *key_fingerprint(const Key *, enum fp_type, enum fp_rep);
+u_char *key_fingerprint_raw(const Key *, enum fp_type, u_int *);
const char *key_type(const Key *);
const char *key_cert_type(const Key *);
int key_write(const Key *, FILE *);
@@ -113,19 +114,20 @@
void key_cert_copy(const Key *, struct Key *);
int key_cert_check_authority(const Key *, int, int, const char *,
const char **);
-int key_cert_is_legacy(Key *);
+int key_cert_is_legacy(const Key *);
int key_ecdsa_nid_from_name(const char *);
int key_curve_name_to_nid(const char *);
-const char * key_curve_nid_to_name(int);
+const char *key_curve_nid_to_name(int);
u_int key_curve_nid_to_bits(int);
int key_ecdsa_bits_to_nid(int);
#ifdef OPENSSL_HAS_ECC
int key_ecdsa_key_to_nid(EC_KEY *);
-const EVP_MD * key_ec_nid_to_evpmd(int nid);
+const EVP_MD *key_ec_nid_to_evpmd(int nid);
int key_ec_validate_public(const EC_GROUP *, const EC_POINT *);
int key_ec_validate_private(const EC_KEY *);
#endif
+char *key_alg_list(void);
Key *key_from_blob(const u_char *, u_int);
int key_to_blob(const Key *, u_char **, u_int *);
Property changes on: vendor-crypto/openssh/dist/key.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Added: vendor-crypto/openssh/dist/krl.c
===================================================================
--- vendor-crypto/openssh/dist/krl.c (rev 0)
+++ vendor-crypto/openssh/dist/krl.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,1237 @@
+/*
+ * Copyright (c) 2012 Damien Miller <djm at mindrot.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $OpenBSD: krl.c,v 1.13 2013/07/20 22:20:42 djm Exp $ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <openbsd-compat/sys-tree.h>
+#include <openbsd-compat/sys-queue.h>
+
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <string.h>
+#include <time.h>
+#include <unistd.h>
+
+#include "buffer.h"
+#include "key.h"
+#include "authfile.h"
+#include "misc.h"
+#include "log.h"
+#include "xmalloc.h"
+
+#include "krl.h"
+
+/* #define DEBUG_KRL */
+#ifdef DEBUG_KRL
+# define KRL_DBG(x) debug3 x
+#else
+# define KRL_DBG(x)
+#endif
+
+/*
+ * Trees of revoked serial numbers, key IDs and keys. This allows
+ * quick searching, querying and producing lists in canonical order.
+ */
+
+/* Tree of serial numbers. XXX make smarter: really need a real sparse bitmap */
+struct revoked_serial {
+ u_int64_t lo, hi;
+ RB_ENTRY(revoked_serial) tree_entry;
+};
+static int serial_cmp(struct revoked_serial *a, struct revoked_serial *b);
+RB_HEAD(revoked_serial_tree, revoked_serial);
+RB_GENERATE_STATIC(revoked_serial_tree, revoked_serial, tree_entry, serial_cmp);
+
+/* Tree of key IDs */
+struct revoked_key_id {
+ char *key_id;
+ RB_ENTRY(revoked_key_id) tree_entry;
+};
+static int key_id_cmp(struct revoked_key_id *a, struct revoked_key_id *b);
+RB_HEAD(revoked_key_id_tree, revoked_key_id);
+RB_GENERATE_STATIC(revoked_key_id_tree, revoked_key_id, tree_entry, key_id_cmp);
+
+/* Tree of blobs (used for keys and fingerprints) */
+struct revoked_blob {
+ u_char *blob;
+ u_int len;
+ RB_ENTRY(revoked_blob) tree_entry;
+};
+static int blob_cmp(struct revoked_blob *a, struct revoked_blob *b);
+RB_HEAD(revoked_blob_tree, revoked_blob);
+RB_GENERATE_STATIC(revoked_blob_tree, revoked_blob, tree_entry, blob_cmp);
+
+/* Tracks revoked certs for a single CA */
+struct revoked_certs {
+ Key *ca_key;
+ struct revoked_serial_tree revoked_serials;
+ struct revoked_key_id_tree revoked_key_ids;
+ TAILQ_ENTRY(revoked_certs) entry;
+};
+TAILQ_HEAD(revoked_certs_list, revoked_certs);
+
+struct ssh_krl {
+ u_int64_t krl_version;
+ u_int64_t generated_date;
+ u_int64_t flags;
+ char *comment;
+ struct revoked_blob_tree revoked_keys;
+ struct revoked_blob_tree revoked_sha1s;
+ struct revoked_certs_list revoked_certs;
+};
+
+/* Return equal if a and b overlap */
+static int
+serial_cmp(struct revoked_serial *a, struct revoked_serial *b)
+{
+ if (a->hi >= b->lo && a->lo <= b->hi)
+ return 0;
+ return a->lo < b->lo ? -1 : 1;
+}
+
+static int
+key_id_cmp(struct revoked_key_id *a, struct revoked_key_id *b)
+{
+ return strcmp(a->key_id, b->key_id);
+}
+
+static int
+blob_cmp(struct revoked_blob *a, struct revoked_blob *b)
+{
+ int r;
+
+ if (a->len != b->len) {
+ if ((r = memcmp(a->blob, b->blob, MIN(a->len, b->len))) != 0)
+ return r;
+ return a->len > b->len ? 1 : -1;
+ } else
+ return memcmp(a->blob, b->blob, a->len);
+}
+
+struct ssh_krl *
+ssh_krl_init(void)
+{
+ struct ssh_krl *krl;
+
+ if ((krl = calloc(1, sizeof(*krl))) == NULL)
+ return NULL;
+ RB_INIT(&krl->revoked_keys);
+ RB_INIT(&krl->revoked_sha1s);
+ TAILQ_INIT(&krl->revoked_certs);
+ return krl;
+}
+
+static void
+revoked_certs_free(struct revoked_certs *rc)
+{
+ struct revoked_serial *rs, *trs;
+ struct revoked_key_id *rki, *trki;
+
+ RB_FOREACH_SAFE(rs, revoked_serial_tree, &rc->revoked_serials, trs) {
+ RB_REMOVE(revoked_serial_tree, &rc->revoked_serials, rs);
+ free(rs);
+ }
+ RB_FOREACH_SAFE(rki, revoked_key_id_tree, &rc->revoked_key_ids, trki) {
+ RB_REMOVE(revoked_key_id_tree, &rc->revoked_key_ids, rki);
+ free(rki->key_id);
+ free(rki);
+ }
+ if (rc->ca_key != NULL)
+ key_free(rc->ca_key);
+}
+
+void
+ssh_krl_free(struct ssh_krl *krl)
+{
+ struct revoked_blob *rb, *trb;
+ struct revoked_certs *rc, *trc;
+
+ if (krl == NULL)
+ return;
+
+ free(krl->comment);
+ RB_FOREACH_SAFE(rb, revoked_blob_tree, &krl->revoked_keys, trb) {
+ RB_REMOVE(revoked_blob_tree, &krl->revoked_keys, rb);
+ free(rb->blob);
+ free(rb);
+ }
+ RB_FOREACH_SAFE(rb, revoked_blob_tree, &krl->revoked_sha1s, trb) {
+ RB_REMOVE(revoked_blob_tree, &krl->revoked_sha1s, rb);
+ free(rb->blob);
+ free(rb);
+ }
+ TAILQ_FOREACH_SAFE(rc, &krl->revoked_certs, entry, trc) {
+ TAILQ_REMOVE(&krl->revoked_certs, rc, entry);
+ revoked_certs_free(rc);
+ }
+}
+
+void
+ssh_krl_set_version(struct ssh_krl *krl, u_int64_t version)
+{
+ krl->krl_version = version;
+}
+
+void
+ssh_krl_set_comment(struct ssh_krl *krl, const char *comment)
+{
+ free(krl->comment);
+ if ((krl->comment = strdup(comment)) == NULL)
+ fatal("%s: strdup", __func__);
+}
+
+/*
+ * Find the revoked_certs struct for a CA key. If allow_create is set then
+ * create a new one in the tree if one did not exist already.
+ */
+static int
+revoked_certs_for_ca_key(struct ssh_krl *krl, const Key *ca_key,
+ struct revoked_certs **rcp, int allow_create)
+{
+ struct revoked_certs *rc;
+
+ *rcp = NULL;
+ TAILQ_FOREACH(rc, &krl->revoked_certs, entry) {
+ if (key_equal(rc->ca_key, ca_key)) {
+ *rcp = rc;
+ return 0;
+ }
+ }
+ if (!allow_create)
+ return 0;
+ /* If this CA doesn't exist in the list then add it now */
+ if ((rc = calloc(1, sizeof(*rc))) == NULL)
+ return -1;
+ if ((rc->ca_key = key_from_private(ca_key)) == NULL) {
+ free(rc);
+ return -1;
+ }
+ RB_INIT(&rc->revoked_serials);
+ RB_INIT(&rc->revoked_key_ids);
+ TAILQ_INSERT_TAIL(&krl->revoked_certs, rc, entry);
+ debug3("%s: new CA %s", __func__, key_type(ca_key));
+ *rcp = rc;
+ return 0;
+}
+
+static int
+insert_serial_range(struct revoked_serial_tree *rt, u_int64_t lo, u_int64_t hi)
+{
+ struct revoked_serial rs, *ers, *crs, *irs;
+
+ KRL_DBG(("%s: insert %llu:%llu", __func__, lo, hi));
+ bzero(&rs, sizeof(rs));
+ rs.lo = lo;
+ rs.hi = hi;
+ ers = RB_NFIND(revoked_serial_tree, rt, &rs);
+ if (ers == NULL || serial_cmp(ers, &rs) != 0) {
+ /* No entry matches. Just insert */
+ if ((irs = malloc(sizeof(rs))) == NULL)
+ return -1;
+ memcpy(irs, &rs, sizeof(*irs));
+ ers = RB_INSERT(revoked_serial_tree, rt, irs);
+ if (ers != NULL) {
+ KRL_DBG(("%s: bad: ers != NULL", __func__));
+ /* Shouldn't happen */
+ free(irs);
+ return -1;
+ }
+ ers = irs;
+ } else {
+ KRL_DBG(("%s: overlap found %llu:%llu", __func__,
+ ers->lo, ers->hi));
+ /*
+ * The inserted entry overlaps an existing one. Grow the
+ * existing entry.
+ */
+ if (ers->lo > lo)
+ ers->lo = lo;
+ if (ers->hi < hi)
+ ers->hi = hi;
+ }
+ /*
+ * The inserted or revised range might overlap or abut adjacent ones;
+ * coalesce as necessary.
+ */
+
+ /* Check predecessors */
+ while ((crs = RB_PREV(revoked_serial_tree, rt, ers)) != NULL) {
+ KRL_DBG(("%s: pred %llu:%llu", __func__, crs->lo, crs->hi));
+ if (ers->lo != 0 && crs->hi < ers->lo - 1)
+ break;
+ /* This entry overlaps. */
+ if (crs->lo < ers->lo) {
+ ers->lo = crs->lo;
+ KRL_DBG(("%s: pred extend %llu:%llu", __func__,
+ ers->lo, ers->hi));
+ }
+ RB_REMOVE(revoked_serial_tree, rt, crs);
+ free(crs);
+ }
+ /* Check successors */
+ while ((crs = RB_NEXT(revoked_serial_tree, rt, ers)) != NULL) {
+ KRL_DBG(("%s: succ %llu:%llu", __func__, crs->lo, crs->hi));
+ if (ers->hi != (u_int64_t)-1 && crs->lo > ers->hi + 1)
+ break;
+ /* This entry overlaps. */
+ if (crs->hi > ers->hi) {
+ ers->hi = crs->hi;
+ KRL_DBG(("%s: succ extend %llu:%llu", __func__,
+ ers->lo, ers->hi));
+ }
+ RB_REMOVE(revoked_serial_tree, rt, crs);
+ free(crs);
+ }
+ KRL_DBG(("%s: done, final %llu:%llu", __func__, ers->lo, ers->hi));
+ return 0;
+}
+
+int
+ssh_krl_revoke_cert_by_serial(struct ssh_krl *krl, const Key *ca_key,
+ u_int64_t serial)
+{
+ return ssh_krl_revoke_cert_by_serial_range(krl, ca_key, serial, serial);
+}
+
+int
+ssh_krl_revoke_cert_by_serial_range(struct ssh_krl *krl, const Key *ca_key,
+ u_int64_t lo, u_int64_t hi)
+{
+ struct revoked_certs *rc;
+
+ if (lo > hi || lo == 0)
+ return -1;
+ if (revoked_certs_for_ca_key(krl, ca_key, &rc, 1) != 0)
+ return -1;
+ return insert_serial_range(&rc->revoked_serials, lo, hi);
+}
+
+int
+ssh_krl_revoke_cert_by_key_id(struct ssh_krl *krl, const Key *ca_key,
+ const char *key_id)
+{
+ struct revoked_key_id *rki, *erki;
+ struct revoked_certs *rc;
+
+ if (revoked_certs_for_ca_key(krl, ca_key, &rc, 1) != 0)
+ return -1;
+
+ debug3("%s: revoke %s", __func__, key_id);
+ if ((rki = calloc(1, sizeof(*rki))) == NULL ||
+ (rki->key_id = strdup(key_id)) == NULL) {
+ free(rki);
+ fatal("%s: strdup", __func__);
+ }
+ erki = RB_INSERT(revoked_key_id_tree, &rc->revoked_key_ids, rki);
+ if (erki != NULL) {
+ free(rki->key_id);
+ free(rki);
+ }
+ return 0;
+}
+
+/* Convert "key" to a public key blob without any certificate information */
+static int
+plain_key_blob(const Key *key, u_char **blob, u_int *blen)
+{
+ Key *kcopy;
+ int r;
+
+ if ((kcopy = key_from_private(key)) == NULL)
+ return -1;
+ if (key_is_cert(kcopy)) {
+ if (key_drop_cert(kcopy) != 0) {
+ error("%s: key_drop_cert", __func__);
+ key_free(kcopy);
+ return -1;
+ }
+ }
+ r = key_to_blob(kcopy, blob, blen);
+ free(kcopy);
+ return r == 0 ? -1 : 0;
+}
+
+/* Revoke a key blob. Ownership of blob is transferred to the tree */
+static int
+revoke_blob(struct revoked_blob_tree *rbt, u_char *blob, u_int len)
+{
+ struct revoked_blob *rb, *erb;
+
+ if ((rb = calloc(1, sizeof(*rb))) == NULL)
+ return -1;
+ rb->blob = blob;
+ rb->len = len;
+ erb = RB_INSERT(revoked_blob_tree, rbt, rb);
+ if (erb != NULL) {
+ free(rb->blob);
+ free(rb);
+ }
+ return 0;
+}
+
+int
+ssh_krl_revoke_key_explicit(struct ssh_krl *krl, const Key *key)
+{
+ u_char *blob;
+ u_int len;
+
+ debug3("%s: revoke type %s", __func__, key_type(key));
+ if (plain_key_blob(key, &blob, &len) != 0)
+ return -1;
+ return revoke_blob(&krl->revoked_keys, blob, len);
+}
+
+int
+ssh_krl_revoke_key_sha1(struct ssh_krl *krl, const Key *key)
+{
+ u_char *blob;
+ u_int len;
+
+ debug3("%s: revoke type %s by sha1", __func__, key_type(key));
+ if ((blob = key_fingerprint_raw(key, SSH_FP_SHA1, &len)) == NULL)
+ return -1;
+ return revoke_blob(&krl->revoked_sha1s, blob, len);
+}
+
+int
+ssh_krl_revoke_key(struct ssh_krl *krl, const Key *key)
+{
+ if (!key_is_cert(key))
+ return ssh_krl_revoke_key_sha1(krl, key);
+
+ if (key_cert_is_legacy(key) || key->cert->serial == 0) {
+ return ssh_krl_revoke_cert_by_key_id(krl,
+ key->cert->signature_key,
+ key->cert->key_id);
+ } else {
+ return ssh_krl_revoke_cert_by_serial(krl,
+ key->cert->signature_key,
+ key->cert->serial);
+ }
+}
+
+/*
+ * Select a copact next section type to emit in a KRL based on the
+ * current section type, the run length of contiguous revoked serial
+ * numbers and the gaps from the last and to the next revoked serial.
+ * Applies a mostly-accurate bit cost model to select the section type
+ * that will minimise the size of the resultant KRL.
+ */
+static int
+choose_next_state(int current_state, u_int64_t contig, int final,
+ u_int64_t last_gap, u_int64_t next_gap, int *force_new_section)
+{
+ int new_state;
+ u_int64_t cost, cost_list, cost_range, cost_bitmap, cost_bitmap_restart;
+
+ /*
+ * Avoid unsigned overflows.
+ * The limits are high enough to avoid confusing the calculations.
+ */
+ contig = MIN(contig, 1ULL<<31);
+ last_gap = MIN(last_gap, 1ULL<<31);
+ next_gap = MIN(next_gap, 1ULL<<31);
+
+ /*
+ * Calculate the cost to switch from the current state to candidates.
+ * NB. range sections only ever contain a single range, so their
+ * switching cost is independent of the current_state.
+ */
+ cost_list = cost_bitmap = cost_bitmap_restart = 0;
+ cost_range = 8;
+ switch (current_state) {
+ case KRL_SECTION_CERT_SERIAL_LIST:
+ cost_bitmap_restart = cost_bitmap = 8 + 64;
+ break;
+ case KRL_SECTION_CERT_SERIAL_BITMAP:
+ cost_list = 8;
+ cost_bitmap_restart = 8 + 64;
+ break;
+ case KRL_SECTION_CERT_SERIAL_RANGE:
+ case 0:
+ cost_bitmap_restart = cost_bitmap = 8 + 64;
+ cost_list = 8;
+ }
+
+ /* Estimate base cost in bits of each section type */
+ cost_list += 64 * contig + (final ? 0 : 8+64);
+ cost_range += (2 * 64) + (final ? 0 : 8+64);
+ cost_bitmap += last_gap + contig + (final ? 0 : MIN(next_gap, 8+64));
+ cost_bitmap_restart += contig + (final ? 0 : MIN(next_gap, 8+64));
+
+ /* Convert to byte costs for actual comparison */
+ cost_list = (cost_list + 7) / 8;
+ cost_bitmap = (cost_bitmap + 7) / 8;
+ cost_bitmap_restart = (cost_bitmap_restart + 7) / 8;
+ cost_range = (cost_range + 7) / 8;
+
+ /* Now pick the best choice */
+ *force_new_section = 0;
+ new_state = KRL_SECTION_CERT_SERIAL_BITMAP;
+ cost = cost_bitmap;
+ if (cost_range < cost) {
+ new_state = KRL_SECTION_CERT_SERIAL_RANGE;
+ cost = cost_range;
+ }
+ if (cost_list < cost) {
+ new_state = KRL_SECTION_CERT_SERIAL_LIST;
+ cost = cost_list;
+ }
+ if (cost_bitmap_restart < cost) {
+ new_state = KRL_SECTION_CERT_SERIAL_BITMAP;
+ *force_new_section = 1;
+ cost = cost_bitmap_restart;
+ }
+ debug3("%s: contig %llu last_gap %llu next_gap %llu final %d, costs:"
+ "list %llu range %llu bitmap %llu new bitmap %llu, "
+ "selected 0x%02x%s", __func__, (long long unsigned)contig,
+ (long long unsigned)last_gap, (long long unsigned)next_gap, final,
+ (long long unsigned)cost_list, (long long unsigned)cost_range,
+ (long long unsigned)cost_bitmap,
+ (long long unsigned)cost_bitmap_restart, new_state,
+ *force_new_section ? " restart" : "");
+ return new_state;
+}
+
+/* Generate a KRL_SECTION_CERTIFICATES KRL section */
+static int
+revoked_certs_generate(struct revoked_certs *rc, Buffer *buf)
+{
+ int final, force_new_sect, r = -1;
+ u_int64_t i, contig, gap, last = 0, bitmap_start = 0;
+ struct revoked_serial *rs, *nrs;
+ struct revoked_key_id *rki;
+ int next_state, state = 0;
+ Buffer sect;
+ u_char *kblob = NULL;
+ u_int klen;
+ BIGNUM *bitmap = NULL;
+
+ /* Prepare CA scope key blob if we have one supplied */
+ if (key_to_blob(rc->ca_key, &kblob, &klen) == 0)
+ return -1;
+
+ buffer_init(§);
+
+ /* Store the header */
+ buffer_put_string(buf, kblob, klen);
+ buffer_put_string(buf, NULL, 0); /* Reserved */
+
+ free(kblob);
+
+ /* Store the revoked serials. */
+ for (rs = RB_MIN(revoked_serial_tree, &rc->revoked_serials);
+ rs != NULL;
+ rs = RB_NEXT(revoked_serial_tree, &rc->revoked_serials, rs)) {
+ debug3("%s: serial %llu:%llu state 0x%02x", __func__,
+ (long long unsigned)rs->lo, (long long unsigned)rs->hi,
+ state);
+
+ /* Check contiguous length and gap to next section (if any) */
+ nrs = RB_NEXT(revoked_serial_tree, &rc->revoked_serials, rs);
+ final = nrs == NULL;
+ gap = nrs == NULL ? 0 : nrs->lo - rs->hi;
+ contig = 1 + (rs->hi - rs->lo);
+
+ /* Choose next state based on these */
+ next_state = choose_next_state(state, contig, final,
+ state == 0 ? 0 : rs->lo - last, gap, &force_new_sect);
+
+ /*
+ * If the current section is a range section or has a different
+ * type to the next section, then finish it off now.
+ */
+ if (state != 0 && (force_new_sect || next_state != state ||
+ state == KRL_SECTION_CERT_SERIAL_RANGE)) {
+ debug3("%s: finish state 0x%02x", __func__, state);
+ switch (state) {
+ case KRL_SECTION_CERT_SERIAL_LIST:
+ case KRL_SECTION_CERT_SERIAL_RANGE:
+ break;
+ case KRL_SECTION_CERT_SERIAL_BITMAP:
+ buffer_put_bignum2(§, bitmap);
+ BN_free(bitmap);
+ bitmap = NULL;
+ break;
+ }
+ buffer_put_char(buf, state);
+ buffer_put_string(buf,
+ buffer_ptr(§), buffer_len(§));
+ }
+
+ /* If we are starting a new section then prepare it now */
+ if (next_state != state || force_new_sect) {
+ debug3("%s: start state 0x%02x", __func__, next_state);
+ state = next_state;
+ buffer_clear(§);
+ switch (state) {
+ case KRL_SECTION_CERT_SERIAL_LIST:
+ case KRL_SECTION_CERT_SERIAL_RANGE:
+ break;
+ case KRL_SECTION_CERT_SERIAL_BITMAP:
+ if ((bitmap = BN_new()) == NULL)
+ goto out;
+ bitmap_start = rs->lo;
+ buffer_put_int64(§, bitmap_start);
+ break;
+ }
+ }
+
+ /* Perform section-specific processing */
+ switch (state) {
+ case KRL_SECTION_CERT_SERIAL_LIST:
+ for (i = 0; i < contig; i++)
+ buffer_put_int64(§, rs->lo + i);
+ break;
+ case KRL_SECTION_CERT_SERIAL_RANGE:
+ buffer_put_int64(§, rs->lo);
+ buffer_put_int64(§, rs->hi);
+ break;
+ case KRL_SECTION_CERT_SERIAL_BITMAP:
+ if (rs->lo - bitmap_start > INT_MAX) {
+ error("%s: insane bitmap gap", __func__);
+ goto out;
+ }
+ for (i = 0; i < contig; i++) {
+ if (BN_set_bit(bitmap,
+ rs->lo + i - bitmap_start) != 1)
+ goto out;
+ }
+ break;
+ }
+ last = rs->hi;
+ }
+ /* Flush the remaining section, if any */
+ if (state != 0) {
+ debug3("%s: serial final flush for state 0x%02x",
+ __func__, state);
+ switch (state) {
+ case KRL_SECTION_CERT_SERIAL_LIST:
+ case KRL_SECTION_CERT_SERIAL_RANGE:
+ break;
+ case KRL_SECTION_CERT_SERIAL_BITMAP:
+ buffer_put_bignum2(§, bitmap);
+ BN_free(bitmap);
+ bitmap = NULL;
+ break;
+ }
+ buffer_put_char(buf, state);
+ buffer_put_string(buf,
+ buffer_ptr(§), buffer_len(§));
+ }
+ debug3("%s: serial done ", __func__);
+
+ /* Now output a section for any revocations by key ID */
+ buffer_clear(§);
+ RB_FOREACH(rki, revoked_key_id_tree, &rc->revoked_key_ids) {
+ debug3("%s: key ID %s", __func__, rki->key_id);
+ buffer_put_cstring(§, rki->key_id);
+ }
+ if (buffer_len(§) != 0) {
+ buffer_put_char(buf, KRL_SECTION_CERT_KEY_ID);
+ buffer_put_string(buf, buffer_ptr(§),
+ buffer_len(§));
+ }
+ r = 0;
+ out:
+ if (bitmap != NULL)
+ BN_free(bitmap);
+ buffer_free(§);
+ return r;
+}
+
+int
+ssh_krl_to_blob(struct ssh_krl *krl, Buffer *buf, const Key **sign_keys,
+ u_int nsign_keys)
+{
+ int r = -1;
+ struct revoked_certs *rc;
+ struct revoked_blob *rb;
+ Buffer sect;
+ u_char *kblob = NULL, *sblob = NULL;
+ u_int klen, slen, i;
+
+ if (krl->generated_date == 0)
+ krl->generated_date = time(NULL);
+
+ buffer_init(§);
+
+ /* Store the header */
+ buffer_append(buf, KRL_MAGIC, sizeof(KRL_MAGIC) - 1);
+ buffer_put_int(buf, KRL_FORMAT_VERSION);
+ buffer_put_int64(buf, krl->krl_version);
+ buffer_put_int64(buf, krl->generated_date);
+ buffer_put_int64(buf, krl->flags);
+ buffer_put_string(buf, NULL, 0);
+ buffer_put_cstring(buf, krl->comment ? krl->comment : "");
+
+ /* Store sections for revoked certificates */
+ TAILQ_FOREACH(rc, &krl->revoked_certs, entry) {
+ if (revoked_certs_generate(rc, §) != 0)
+ goto out;
+ buffer_put_char(buf, KRL_SECTION_CERTIFICATES);
+ buffer_put_string(buf, buffer_ptr(§),
+ buffer_len(§));
+ }
+
+ /* Finally, output sections for revocations by public key/hash */
+ buffer_clear(§);
+ RB_FOREACH(rb, revoked_blob_tree, &krl->revoked_keys) {
+ debug3("%s: key len %u ", __func__, rb->len);
+ buffer_put_string(§, rb->blob, rb->len);
+ }
+ if (buffer_len(§) != 0) {
+ buffer_put_char(buf, KRL_SECTION_EXPLICIT_KEY);
+ buffer_put_string(buf, buffer_ptr(§),
+ buffer_len(§));
+ }
+ buffer_clear(§);
+ RB_FOREACH(rb, revoked_blob_tree, &krl->revoked_sha1s) {
+ debug3("%s: hash len %u ", __func__, rb->len);
+ buffer_put_string(§, rb->blob, rb->len);
+ }
+ if (buffer_len(§) != 0) {
+ buffer_put_char(buf, KRL_SECTION_FINGERPRINT_SHA1);
+ buffer_put_string(buf, buffer_ptr(§),
+ buffer_len(§));
+ }
+
+ for (i = 0; i < nsign_keys; i++) {
+ if (key_to_blob(sign_keys[i], &kblob, &klen) == 0)
+ goto out;
+
+ debug3("%s: signature key len %u", __func__, klen);
+ buffer_put_char(buf, KRL_SECTION_SIGNATURE);
+ buffer_put_string(buf, kblob, klen);
+
+ if (key_sign(sign_keys[i], &sblob, &slen,
+ buffer_ptr(buf), buffer_len(buf)) == -1)
+ goto out;
+ debug3("%s: signature sig len %u", __func__, slen);
+ buffer_put_string(buf, sblob, slen);
+ }
+
+ r = 0;
+ out:
+ free(kblob);
+ free(sblob);
+ buffer_free(§);
+ return r;
+}
+
+static void
+format_timestamp(u_int64_t timestamp, char *ts, size_t nts)
+{
+ time_t t;
+ struct tm *tm;
+
+ t = timestamp;
+ tm = localtime(&t);
+ *ts = '\0';
+ strftime(ts, nts, "%Y%m%dT%H%M%S", tm);
+}
+
+static int
+parse_revoked_certs(Buffer *buf, struct ssh_krl *krl)
+{
+ int ret = -1, nbits;
+ u_char type, *blob;
+ u_int blen;
+ Buffer subsect;
+ u_int64_t serial, serial_lo, serial_hi;
+ BIGNUM *bitmap = NULL;
+ char *key_id = NULL;
+ Key *ca_key = NULL;
+
+ buffer_init(&subsect);
+
+ if ((blob = buffer_get_string_ptr_ret(buf, &blen)) == NULL ||
+ buffer_get_string_ptr_ret(buf, NULL) == NULL) { /* reserved */
+ error("%s: buffer error", __func__);
+ goto out;
+ }
+ if ((ca_key = key_from_blob(blob, blen)) == NULL)
+ goto out;
+
+ while (buffer_len(buf) > 0) {
+ if (buffer_get_char_ret(&type, buf) != 0 ||
+ (blob = buffer_get_string_ptr_ret(buf, &blen)) == NULL) {
+ error("%s: buffer error", __func__);
+ goto out;
+ }
+ buffer_clear(&subsect);
+ buffer_append(&subsect, blob, blen);
+ debug3("%s: subsection type 0x%02x", __func__, type);
+ /* buffer_dump(&subsect); */
+
+ switch (type) {
+ case KRL_SECTION_CERT_SERIAL_LIST:
+ while (buffer_len(&subsect) > 0) {
+ if (buffer_get_int64_ret(&serial,
+ &subsect) != 0) {
+ error("%s: buffer error", __func__);
+ goto out;
+ }
+ if (ssh_krl_revoke_cert_by_serial(krl, ca_key,
+ serial) != 0) {
+ error("%s: update failed", __func__);
+ goto out;
+ }
+ }
+ break;
+ case KRL_SECTION_CERT_SERIAL_RANGE:
+ if (buffer_get_int64_ret(&serial_lo, &subsect) != 0 ||
+ buffer_get_int64_ret(&serial_hi, &subsect) != 0) {
+ error("%s: buffer error", __func__);
+ goto out;
+ }
+ if (ssh_krl_revoke_cert_by_serial_range(krl, ca_key,
+ serial_lo, serial_hi) != 0) {
+ error("%s: update failed", __func__);
+ goto out;
+ }
+ break;
+ case KRL_SECTION_CERT_SERIAL_BITMAP:
+ if ((bitmap = BN_new()) == NULL) {
+ error("%s: BN_new", __func__);
+ goto out;
+ }
+ if (buffer_get_int64_ret(&serial_lo, &subsect) != 0 ||
+ buffer_get_bignum2_ret(&subsect, bitmap) != 0) {
+ error("%s: buffer error", __func__);
+ goto out;
+ }
+ if ((nbits = BN_num_bits(bitmap)) < 0) {
+ error("%s: bitmap bits < 0", __func__);
+ goto out;
+ }
+ for (serial = 0; serial < (u_int)nbits; serial++) {
+ if (serial > 0 && serial_lo + serial == 0) {
+ error("%s: bitmap wraps u64", __func__);
+ goto out;
+ }
+ if (!BN_is_bit_set(bitmap, serial))
+ continue;
+ if (ssh_krl_revoke_cert_by_serial(krl, ca_key,
+ serial_lo + serial) != 0) {
+ error("%s: update failed", __func__);
+ goto out;
+ }
+ }
+ BN_free(bitmap);
+ bitmap = NULL;
+ break;
+ case KRL_SECTION_CERT_KEY_ID:
+ while (buffer_len(&subsect) > 0) {
+ if ((key_id = buffer_get_cstring_ret(&subsect,
+ NULL)) == NULL) {
+ error("%s: buffer error", __func__);
+ goto out;
+ }
+ if (ssh_krl_revoke_cert_by_key_id(krl, ca_key,
+ key_id) != 0) {
+ error("%s: update failed", __func__);
+ goto out;
+ }
+ free(key_id);
+ key_id = NULL;
+ }
+ break;
+ default:
+ error("Unsupported KRL certificate section %u", type);
+ goto out;
+ }
+ if (buffer_len(&subsect) > 0) {
+ error("KRL certificate section contains unparsed data");
+ goto out;
+ }
+ }
+
+ ret = 0;
+ out:
+ if (ca_key != NULL)
+ key_free(ca_key);
+ if (bitmap != NULL)
+ BN_free(bitmap);
+ free(key_id);
+ buffer_free(&subsect);
+ return ret;
+}
+
+
+/* Attempt to parse a KRL, checking its signature (if any) with sign_ca_keys. */
+int
+ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp,
+ const Key **sign_ca_keys, u_int nsign_ca_keys)
+{
+ Buffer copy, sect;
+ struct ssh_krl *krl;
+ char timestamp[64];
+ int ret = -1, r, sig_seen;
+ Key *key = NULL, **ca_used = NULL;
+ u_char type, *blob, *rdata = NULL;
+ u_int i, j, sig_off, sects_off, rlen, blen, format_version, nca_used;
+
+ nca_used = 0;
+ *krlp = NULL;
+ if (buffer_len(buf) < sizeof(KRL_MAGIC) - 1 ||
+ memcmp(buffer_ptr(buf), KRL_MAGIC, sizeof(KRL_MAGIC) - 1) != 0) {
+ debug3("%s: not a KRL", __func__);
+ /*
+ * Return success but a NULL *krlp here to signal that the
+ * file might be a simple list of keys.
+ */
+ return 0;
+ }
+
+ /* Take a copy of the KRL buffer so we can verify its signature later */
+ buffer_init(©);
+ buffer_append(©, buffer_ptr(buf), buffer_len(buf));
+
+ buffer_init(§);
+ buffer_consume(©, sizeof(KRL_MAGIC) - 1);
+
+ if ((krl = ssh_krl_init()) == NULL) {
+ error("%s: alloc failed", __func__);
+ goto out;
+ }
+
+ if (buffer_get_int_ret(&format_version, ©) != 0) {
+ error("%s: KRL truncated", __func__);
+ goto out;
+ }
+ if (format_version != KRL_FORMAT_VERSION) {
+ error("%s: KRL unsupported format version %u",
+ __func__, format_version);
+ goto out;
+ }
+ if (buffer_get_int64_ret(&krl->krl_version, ©) != 0 ||
+ buffer_get_int64_ret(&krl->generated_date, ©) != 0 ||
+ buffer_get_int64_ret(&krl->flags, ©) != 0 ||
+ buffer_get_string_ptr_ret(©, NULL) == NULL || /* reserved */
+ (krl->comment = buffer_get_cstring_ret(©, NULL)) == NULL) {
+ error("%s: buffer error", __func__);
+ goto out;
+ }
+
+ format_timestamp(krl->generated_date, timestamp, sizeof(timestamp));
+ debug("KRL version %llu generated at %s%s%s",
+ (long long unsigned)krl->krl_version, timestamp,
+ *krl->comment ? ": " : "", krl->comment);
+
+ /*
+ * 1st pass: verify signatures, if any. This is done to avoid
+ * detailed parsing of data whose provenance is unverified.
+ */
+ sig_seen = 0;
+ sects_off = buffer_len(buf) - buffer_len(©);
+ while (buffer_len(©) > 0) {
+ if (buffer_get_char_ret(&type, ©) != 0 ||
+ (blob = buffer_get_string_ptr_ret(©, &blen)) == NULL) {
+ error("%s: buffer error", __func__);
+ goto out;
+ }
+ debug3("%s: first pass, section 0x%02x", __func__, type);
+ if (type != KRL_SECTION_SIGNATURE) {
+ if (sig_seen) {
+ error("KRL contains non-signature section "
+ "after signature");
+ goto out;
+ }
+ /* Not interested for now. */
+ continue;
+ }
+ sig_seen = 1;
+ /* First string component is the signing key */
+ if ((key = key_from_blob(blob, blen)) == NULL) {
+ error("%s: invalid signature key", __func__);
+ goto out;
+ }
+ sig_off = buffer_len(buf) - buffer_len(©);
+ /* Second string component is the signature itself */
+ if ((blob = buffer_get_string_ptr_ret(©, &blen)) == NULL) {
+ error("%s: buffer error", __func__);
+ goto out;
+ }
+ /* Check signature over entire KRL up to this point */
+ if (key_verify(key, blob, blen,
+ buffer_ptr(buf), buffer_len(buf) - sig_off) != 1) {
+ error("bad signaure on KRL");
+ goto out;
+ }
+ /* Check if this key has already signed this KRL */
+ for (i = 0; i < nca_used; i++) {
+ if (key_equal(ca_used[i], key)) {
+ error("KRL signed more than once with "
+ "the same key");
+ goto out;
+ }
+ }
+ /* Record keys used to sign the KRL */
+ ca_used = xrealloc(ca_used, nca_used + 1, sizeof(*ca_used));
+ ca_used[nca_used++] = key;
+ key = NULL;
+ break;
+ }
+
+ /*
+ * 2nd pass: parse and load the KRL, skipping the header to the point
+ * where the section start.
+ */
+ buffer_append(©, (u_char*)buffer_ptr(buf) + sects_off,
+ buffer_len(buf) - sects_off);
+ while (buffer_len(©) > 0) {
+ if (buffer_get_char_ret(&type, ©) != 0 ||
+ (blob = buffer_get_string_ptr_ret(©, &blen)) == NULL) {
+ error("%s: buffer error", __func__);
+ goto out;
+ }
+ debug3("%s: second pass, section 0x%02x", __func__, type);
+ buffer_clear(§);
+ buffer_append(§, blob, blen);
+
+ switch (type) {
+ case KRL_SECTION_CERTIFICATES:
+ if ((r = parse_revoked_certs(§, krl)) != 0)
+ goto out;
+ break;
+ case KRL_SECTION_EXPLICIT_KEY:
+ case KRL_SECTION_FINGERPRINT_SHA1:
+ while (buffer_len(§) > 0) {
+ if ((rdata = buffer_get_string_ret(§,
+ &rlen)) == NULL) {
+ error("%s: buffer error", __func__);
+ goto out;
+ }
+ if (type == KRL_SECTION_FINGERPRINT_SHA1 &&
+ rlen != 20) {
+ error("%s: bad SHA1 length", __func__);
+ goto out;
+ }
+ if (revoke_blob(
+ type == KRL_SECTION_EXPLICIT_KEY ?
+ &krl->revoked_keys : &krl->revoked_sha1s,
+ rdata, rlen) != 0)
+ goto out;
+ rdata = NULL; /* revoke_blob frees blob */
+ }
+ break;
+ case KRL_SECTION_SIGNATURE:
+ /* Handled above, but still need to stay in synch */
+ buffer_clear(§);
+ if ((blob = buffer_get_string_ptr_ret(©,
+ &blen)) == NULL) {
+ error("%s: buffer error", __func__);
+ goto out;
+ }
+ break;
+ default:
+ error("Unsupported KRL section %u", type);
+ goto out;
+ }
+ if (buffer_len(§) > 0) {
+ error("KRL section contains unparsed data");
+ goto out;
+ }
+ }
+
+ /* Check that the key(s) used to sign the KRL weren't revoked */
+ sig_seen = 0;
+ for (i = 0; i < nca_used; i++) {
+ if (ssh_krl_check_key(krl, ca_used[i]) == 0)
+ sig_seen = 1;
+ else {
+ key_free(ca_used[i]);
+ ca_used[i] = NULL;
+ }
+ }
+ if (nca_used && !sig_seen) {
+ error("All keys used to sign KRL were revoked");
+ goto out;
+ }
+
+ /* If we have CA keys, then verify that one was used to sign the KRL */
+ if (sig_seen && nsign_ca_keys != 0) {
+ sig_seen = 0;
+ for (i = 0; !sig_seen && i < nsign_ca_keys; i++) {
+ for (j = 0; j < nca_used; j++) {
+ if (ca_used[j] == NULL)
+ continue;
+ if (key_equal(ca_used[j], sign_ca_keys[i])) {
+ sig_seen = 1;
+ break;
+ }
+ }
+ }
+ if (!sig_seen) {
+ error("KRL not signed with any trusted key");
+ goto out;
+ }
+ }
+
+ *krlp = krl;
+ ret = 0;
+ out:
+ if (ret != 0)
+ ssh_krl_free(krl);
+ for (i = 0; i < nca_used; i++) {
+ if (ca_used[i] != NULL)
+ key_free(ca_used[i]);
+ }
+ free(ca_used);
+ free(rdata);
+ if (key != NULL)
+ key_free(key);
+ buffer_free(©);
+ buffer_free(§);
+ return ret;
+}
+
+/* Checks whether a given key/cert is revoked. Does not check its CA */
+static int
+is_key_revoked(struct ssh_krl *krl, const Key *key)
+{
+ struct revoked_blob rb, *erb;
+ struct revoked_serial rs, *ers;
+ struct revoked_key_id rki, *erki;
+ struct revoked_certs *rc;
+
+ /* Check explicitly revoked hashes first */
+ bzero(&rb, sizeof(rb));
+ if ((rb.blob = key_fingerprint_raw(key, SSH_FP_SHA1, &rb.len)) == NULL)
+ return -1;
+ erb = RB_FIND(revoked_blob_tree, &krl->revoked_sha1s, &rb);
+ free(rb.blob);
+ if (erb != NULL) {
+ debug("%s: revoked by key SHA1", __func__);
+ return -1;
+ }
+
+ /* Next, explicit keys */
+ bzero(&rb, sizeof(rb));
+ if (plain_key_blob(key, &rb.blob, &rb.len) != 0)
+ return -1;
+ erb = RB_FIND(revoked_blob_tree, &krl->revoked_keys, &rb);
+ free(rb.blob);
+ if (erb != NULL) {
+ debug("%s: revoked by explicit key", __func__);
+ return -1;
+ }
+
+ if (!key_is_cert(key))
+ return 0;
+
+ /* Check cert revocation */
+ if (revoked_certs_for_ca_key(krl, key->cert->signature_key,
+ &rc, 0) != 0)
+ return -1;
+ if (rc == NULL)
+ return 0; /* No entry for this CA */
+
+ /* Check revocation by cert key ID */
+ bzero(&rki, sizeof(rki));
+ rki.key_id = key->cert->key_id;
+ erki = RB_FIND(revoked_key_id_tree, &rc->revoked_key_ids, &rki);
+ if (erki != NULL) {
+ debug("%s: revoked by key ID", __func__);
+ return -1;
+ }
+
+ /*
+ * Legacy cert formats lack serial numbers. Zero serials numbers
+ * are ignored (it's the default when the CA doesn't specify one).
+ */
+ if (key_cert_is_legacy(key) || key->cert->serial == 0)
+ return 0;
+
+ bzero(&rs, sizeof(rs));
+ rs.lo = rs.hi = key->cert->serial;
+ ers = RB_FIND(revoked_serial_tree, &rc->revoked_serials, &rs);
+ if (ers != NULL) {
+ KRL_DBG(("%s: %llu matched %llu:%llu", __func__,
+ key->cert->serial, ers->lo, ers->hi));
+ debug("%s: revoked by serial", __func__);
+ return -1;
+ }
+ KRL_DBG(("%s: %llu no match", __func__, key->cert->serial));
+
+ return 0;
+}
+
+int
+ssh_krl_check_key(struct ssh_krl *krl, const Key *key)
+{
+ int r;
+
+ debug2("%s: checking key", __func__);
+ if ((r = is_key_revoked(krl, key)) != 0)
+ return r;
+ if (key_is_cert(key)) {
+ debug2("%s: checking CA key", __func__);
+ if ((r = is_key_revoked(krl, key->cert->signature_key)) != 0)
+ return r;
+ }
+ debug3("%s: key okay", __func__);
+ return 0;
+}
+
+/* Returns 0 on success, -1 on error or key revoked, -2 if path is not a KRL */
+int
+ssh_krl_file_contains_key(const char *path, const Key *key)
+{
+ Buffer krlbuf;
+ struct ssh_krl *krl;
+ int revoked, fd;
+
+ if (path == NULL)
+ return 0;
+
+ if ((fd = open(path, O_RDONLY)) == -1) {
+ error("open %s: %s", path, strerror(errno));
+ error("Revoked keys file not accessible - refusing public key "
+ "authentication");
+ return -1;
+ }
+ buffer_init(&krlbuf);
+ if (!key_load_file(fd, path, &krlbuf)) {
+ close(fd);
+ buffer_free(&krlbuf);
+ error("Revoked keys file not readable - refusing public key "
+ "authentication");
+ return -1;
+ }
+ close(fd);
+ if (ssh_krl_from_blob(&krlbuf, &krl, NULL, 0) != 0) {
+ buffer_free(&krlbuf);
+ error("Invalid KRL, refusing public key "
+ "authentication");
+ return -1;
+ }
+ buffer_free(&krlbuf);
+ if (krl == NULL) {
+ debug3("%s: %s is not a KRL file", __func__, path);
+ return -2;
+ }
+ debug2("%s: checking KRL %s", __func__, path);
+ revoked = ssh_krl_check_key(krl, key) != 0;
+ ssh_krl_free(krl);
+ return revoked ? -1 : 0;
+}
Added: vendor-crypto/openssh/dist/krl.h
===================================================================
--- vendor-crypto/openssh/dist/krl.h (rev 0)
+++ vendor-crypto/openssh/dist/krl.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,63 @@
+/*
+ * Copyright (c) 2012 Damien Miller <djm at mindrot.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $OpenBSD: krl.h,v 1.2 2013/01/18 00:24:58 djm Exp $ */
+
+#ifndef _KRL_H
+#define _KRL_H
+
+/* Functions to manage key revocation lists */
+
+#define KRL_MAGIC "SSHKRL\n\0"
+#define KRL_FORMAT_VERSION 1
+
+/* KRL section types */
+#define KRL_SECTION_CERTIFICATES 1
+#define KRL_SECTION_EXPLICIT_KEY 2
+#define KRL_SECTION_FINGERPRINT_SHA1 3
+#define KRL_SECTION_SIGNATURE 4
+
+/* KRL_SECTION_CERTIFICATES subsection types */
+#define KRL_SECTION_CERT_SERIAL_LIST 0x20
+#define KRL_SECTION_CERT_SERIAL_RANGE 0x21
+#define KRL_SECTION_CERT_SERIAL_BITMAP 0x22
+#define KRL_SECTION_CERT_KEY_ID 0x23
+
+struct ssh_krl;
+
+struct ssh_krl *ssh_krl_init(void);
+void ssh_krl_free(struct ssh_krl *krl);
+void ssh_krl_set_version(struct ssh_krl *krl, u_int64_t version);
+void ssh_krl_set_sign_key(struct ssh_krl *krl, const Key *sign_key);
+void ssh_krl_set_comment(struct ssh_krl *krl, const char *comment);
+int ssh_krl_revoke_cert_by_serial(struct ssh_krl *krl, const Key *ca_key,
+ u_int64_t serial);
+int ssh_krl_revoke_cert_by_serial_range(struct ssh_krl *krl, const Key *ca_key,
+ u_int64_t lo, u_int64_t hi);
+int ssh_krl_revoke_cert_by_key_id(struct ssh_krl *krl, const Key *ca_key,
+ const char *key_id);
+int ssh_krl_revoke_key_explicit(struct ssh_krl *krl, const Key *key);
+int ssh_krl_revoke_key_sha1(struct ssh_krl *krl, const Key *key);
+int ssh_krl_revoke_key(struct ssh_krl *krl, const Key *key);
+int ssh_krl_to_blob(struct ssh_krl *krl, Buffer *buf, const Key **sign_keys,
+ u_int nsign_keys);
+int ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp,
+ const Key **sign_ca_keys, u_int nsign_ca_keys);
+int ssh_krl_check_key(struct ssh_krl *krl, const Key *key);
+int ssh_krl_file_contains_key(const char *path, const Key *key);
+
+#endif /* _KRL_H */
+
Modified: vendor-crypto/openssh/dist/log.c
===================================================================
--- vendor-crypto/openssh/dist/log.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/log.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: log.c,v 1.41 2008/06/10 04:50:25 dtucker Exp $ */
+/* $OpenBSD: log.c,v 1.45 2013/05/16 09:08:41 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -38,6 +38,7 @@
#include <sys/types.h>
+#include <fcntl.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
@@ -45,7 +46,7 @@
#include <syslog.h>
#include <unistd.h>
#include <errno.h>
-#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H)
+#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H) && !defined(BROKEN_STRNVIS)
# include <vis.h>
#endif
@@ -54,8 +55,11 @@
static LogLevel log_level = SYSLOG_LEVEL_INFO;
static int log_on_stderr = 1;
+static int log_stderr_fd = STDERR_FILENO;
static int log_facility = LOG_AUTH;
static char *argv0;
+static log_handler_fn *log_handler;
+static void *log_handler_ctx;
extern char *__progname;
@@ -260,6 +264,9 @@
exit(1);
}
+ log_handler = NULL;
+ log_handler_ctx = NULL;
+
log_on_stderr = on_stderr;
if (on_stderr)
return;
@@ -324,9 +331,55 @@
#endif
}
+void
+log_change_level(LogLevel new_log_level)
+{
+ /* no-op if log_init has not been called */
+ if (argv0 == NULL)
+ return;
+ log_init(argv0, new_log_level, log_facility, log_on_stderr);
+}
+
+int
+log_is_on_stderr(void)
+{
+ return log_on_stderr;
+}
+
+/* redirect what would usually get written to stderr to specified file */
+void
+log_redirect_stderr_to(const char *logfile)
+{
+ int fd;
+
+ if ((fd = open(logfile, O_WRONLY|O_CREAT|O_APPEND, 0600)) == -1) {
+ fprintf(stderr, "Couldn't open logfile %s: %s\n", logfile,
+ strerror(errno));
+ exit(1);
+ }
+ log_stderr_fd = fd;
+}
+
#define MSGBUFSIZ 1024
void
+set_log_handler(log_handler_fn *handler, void *ctx)
+{
+ log_handler = handler;
+ log_handler_ctx = ctx;
+}
+
+void
+do_log2(LogLevel level, const char *fmt,...)
+{
+ va_list args;
+
+ va_start(args, fmt);
+ do_log(level, fmt, args);
+ va_end(args);
+}
+
+void
do_log(LogLevel level, const char *fmt, va_list args)
{
#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT)
@@ -337,6 +390,7 @@
char *txt = NULL;
int pri = LOG_INFO;
int saved_errno = errno;
+ log_handler_fn *tmp_handler;
if (level > log_level)
return;
@@ -375,7 +429,7 @@
pri = LOG_ERR;
break;
}
- if (txt != NULL) {
+ if (txt != NULL && log_handler == NULL) {
snprintf(fmtbuf, sizeof(fmtbuf), "%s: %s", txt, fmt);
vsnprintf(msgbuf, sizeof(msgbuf), fmtbuf, args);
} else {
@@ -383,9 +437,15 @@
}
strnvis(fmtbuf, msgbuf, sizeof(fmtbuf),
log_on_stderr ? LOG_STDERR_VIS : LOG_SYSLOG_VIS);
- if (log_on_stderr) {
+ if (log_handler != NULL) {
+ /* Avoid recursion */
+ tmp_handler = log_handler;
+ log_handler = NULL;
+ tmp_handler(level, fmtbuf, log_handler_ctx);
+ log_handler = tmp_handler;
+ } else if (log_on_stderr) {
snprintf(msgbuf, sizeof msgbuf, "%s\r\n", fmtbuf);
- write(STDERR_FILENO, msgbuf, strlen(msgbuf));
+ (void)write(log_stderr_fd, msgbuf, strlen(msgbuf));
} else {
#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT)
openlog_r(argv0 ? argv0 : __progname, LOG_PID, log_facility, &sdata);
Property changes on: vendor-crypto/openssh/dist/log.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.6
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/log.h
===================================================================
--- vendor-crypto/openssh/dist/log.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/log.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: log.h,v 1.17 2008/06/13 00:12:02 dtucker Exp $ */
+/* $OpenBSD: log.h,v 1.20 2013/04/07 02:10:33 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -46,7 +46,12 @@
SYSLOG_LEVEL_NOT_SET = -1
} LogLevel;
+typedef void (log_handler_fn)(LogLevel, const char *, void *);
+
void log_init(char *, LogLevel, SyslogFacility, int);
+void log_change_level(LogLevel);
+int log_is_on_stderr(void);
+void log_redirect_stderr_to(const char *);
SyslogFacility log_facility_number(char *);
const char * log_facility_name(SyslogFacility);
@@ -64,6 +69,10 @@
void debug2(const char *, ...) __attribute__((format(printf, 1, 2)));
void debug3(const char *, ...) __attribute__((format(printf, 1, 2)));
+
+void set_log_handler(log_handler_fn *, void *);
+void do_log2(LogLevel, const char *, ...)
+ __attribute__((format(printf, 2, 3)));
void do_log(LogLevel, const char *, va_list);
void cleanup_exit(int) __attribute__((noreturn));
#endif
Property changes on: vendor-crypto/openssh/dist/log.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.7
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/loginrec.c
===================================================================
--- vendor-crypto/openssh/dist/loginrec.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/loginrec.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -180,10 +180,6 @@
# include <util.h>
#endif
-#ifdef HAVE_LIBUTIL_H
-# include <libutil.h>
-#endif
-
/**
** prototypes for helper functions in this file
**/
@@ -351,7 +347,7 @@
void
login_free_entry(struct logininfo *li)
{
- xfree(li);
+ free(li);
}
Property changes on: vendor-crypto/openssh/dist/loginrec.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.8
\ No newline at end of property
Index: vendor-crypto/openssh/dist/loginrec.h
===================================================================
--- vendor-crypto/openssh/dist/loginrec.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/loginrec.h 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/loginrec.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Index: vendor-crypto/openssh/dist/logintest.c
===================================================================
--- vendor-crypto/openssh/dist/logintest.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/logintest.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/logintest.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/mac.c
===================================================================
--- vendor-crypto/openssh/dist/mac.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/mac.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: mac.c,v 1.15 2008/06/13 00:51:47 dtucker Exp $ */
+/* $OpenBSD: mac.c,v 1.24 2013/06/03 00:03:18 dtucker Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@@ -44,10 +44,13 @@
#include "umac.h"
+#include "openbsd-compat/openssl-compat.h"
+
#define SSH_EVP 1 /* OpenSSL EVP-based MAC */
#define SSH_UMAC 2 /* UMAC (not integrated with OpenSSL) */
+#define SSH_UMAC128 3
-struct {
+struct macalg {
char *name;
int type;
const EVP_MD * (*mdfunc)(void);
@@ -54,48 +57,92 @@
int truncatebits; /* truncate digest if != 0 */
int key_len; /* just for UMAC */
int len; /* just for UMAC */
-} macs[] = {
- { "hmac-sha1", SSH_EVP, EVP_sha1, 0, -1, -1 },
- { "hmac-sha1-96", SSH_EVP, EVP_sha1, 96, -1, -1 },
- { "hmac-md5", SSH_EVP, EVP_md5, 0, -1, -1 },
- { "hmac-md5-96", SSH_EVP, EVP_md5, 96, -1, -1 },
- { "hmac-ripemd160", SSH_EVP, EVP_ripemd160, 0, -1, -1 },
- { "hmac-ripemd160 at openssh.com", SSH_EVP, EVP_ripemd160, 0, -1, -1 },
- { "umac-64 at openssh.com", SSH_UMAC, NULL, 0, 128, 64 },
- { NULL, 0, NULL, 0, -1, -1 }
+ int etm; /* Encrypt-then-MAC */
};
+static const struct macalg macs[] = {
+ /* Encrypt-and-MAC (encrypt-and-authenticate) variants */
+ { "hmac-sha1", SSH_EVP, EVP_sha1, 0, 0, 0, 0 },
+ { "hmac-sha1-96", SSH_EVP, EVP_sha1, 96, 0, 0, 0 },
+#ifdef HAVE_EVP_SHA256
+ { "hmac-sha2-256", SSH_EVP, EVP_sha256, 0, 0, 0, 0 },
+ { "hmac-sha2-512", SSH_EVP, EVP_sha512, 0, 0, 0, 0 },
+#endif
+ { "hmac-md5", SSH_EVP, EVP_md5, 0, 0, 0, 0 },
+ { "hmac-md5-96", SSH_EVP, EVP_md5, 96, 0, 0, 0 },
+ { "hmac-ripemd160", SSH_EVP, EVP_ripemd160, 0, 0, 0, 0 },
+ { "hmac-ripemd160 at openssh.com", SSH_EVP, EVP_ripemd160, 0, 0, 0, 0 },
+ { "umac-64 at openssh.com", SSH_UMAC, NULL, 0, 128, 64, 0 },
+ { "umac-128 at openssh.com", SSH_UMAC128, NULL, 0, 128, 128, 0 },
+
+ /* Encrypt-then-MAC variants */
+ { "hmac-sha1-etm at openssh.com", SSH_EVP, EVP_sha1, 0, 0, 0, 1 },
+ { "hmac-sha1-96-etm at openssh.com", SSH_EVP, EVP_sha1, 96, 0, 0, 1 },
+#ifdef HAVE_EVP_SHA256
+ { "hmac-sha2-256-etm at openssh.com", SSH_EVP, EVP_sha256, 0, 0, 0, 1 },
+ { "hmac-sha2-512-etm at openssh.com", SSH_EVP, EVP_sha512, 0, 0, 0, 1 },
+#endif
+ { "hmac-md5-etm at openssh.com", SSH_EVP, EVP_md5, 0, 0, 0, 1 },
+ { "hmac-md5-96-etm at openssh.com", SSH_EVP, EVP_md5, 96, 0, 0, 1 },
+ { "hmac-ripemd160-etm at openssh.com", SSH_EVP, EVP_ripemd160, 0, 0, 0, 1 },
+ { "umac-64-etm at openssh.com", SSH_UMAC, NULL, 0, 128, 64, 1 },
+ { "umac-128-etm at openssh.com", SSH_UMAC128, NULL, 0, 128, 128, 1 },
+
+ { NULL, 0, NULL, 0, 0, 0, 0 }
+};
+
+/* Returns a comma-separated list of supported MACs. */
+char *
+mac_alg_list(void)
+{
+ char *ret = NULL;
+ size_t nlen, rlen = 0;
+ const struct macalg *m;
+
+ for (m = macs; m->name != NULL; m++) {
+ if (ret != NULL)
+ ret[rlen++] = '\n';
+ nlen = strlen(m->name);
+ ret = xrealloc(ret, 1, rlen + nlen + 2);
+ memcpy(ret + rlen, m->name, nlen + 1);
+ rlen += nlen;
+ }
+ return ret;
+}
+
static void
-mac_setup_by_id(Mac *mac, int which)
+mac_setup_by_alg(Mac *mac, const struct macalg *macalg)
{
int evp_len;
- mac->type = macs[which].type;
+
+ mac->type = macalg->type;
if (mac->type == SSH_EVP) {
- mac->evp_md = (*macs[which].mdfunc)();
+ mac->evp_md = macalg->mdfunc();
if ((evp_len = EVP_MD_size(mac->evp_md)) <= 0)
fatal("mac %s len %d", mac->name, evp_len);
mac->key_len = mac->mac_len = (u_int)evp_len;
} else {
- mac->mac_len = macs[which].len / 8;
- mac->key_len = macs[which].key_len / 8;
+ mac->mac_len = macalg->len / 8;
+ mac->key_len = macalg->key_len / 8;
mac->umac_ctx = NULL;
}
- if (macs[which].truncatebits != 0)
- mac->mac_len = macs[which].truncatebits / 8;
+ if (macalg->truncatebits != 0)
+ mac->mac_len = macalg->truncatebits / 8;
+ mac->etm = macalg->etm;
}
int
mac_setup(Mac *mac, char *name)
{
- int i;
+ const struct macalg *m;
- for (i = 0; macs[i].name; i++) {
- if (strcmp(name, macs[i].name) == 0) {
- if (mac != NULL)
- mac_setup_by_id(mac, i);
- debug2("mac_setup: found %s", name);
- return (0);
- }
+ for (m = macs; m->name != NULL; m++) {
+ if (strcmp(name, m->name) != 0)
+ continue;
+ if (mac != NULL)
+ mac_setup_by_alg(mac, m);
+ debug2("mac_setup: found %s", name);
+ return (0);
}
debug2("mac_setup: unknown %s", name);
return (-1);
@@ -110,11 +157,15 @@
case SSH_EVP:
if (mac->evp_md == NULL)
return -1;
+ HMAC_CTX_init(&mac->evp_ctx);
HMAC_Init(&mac->evp_ctx, mac->key, mac->key_len, mac->evp_md);
return 0;
case SSH_UMAC:
mac->umac_ctx = umac_new(mac->key);
return 0;
+ case SSH_UMAC128:
+ mac->umac_ctx = umac128_new(mac->key);
+ return 0;
default:
return -1;
}
@@ -123,12 +174,15 @@
u_char *
mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
{
- static u_char m[EVP_MAX_MD_SIZE];
+ static union {
+ u_char m[EVP_MAX_MD_SIZE];
+ u_int64_t for_align;
+ } u;
u_char b[4], nonce[8];
- if (mac->mac_len > sizeof(m))
+ if (mac->mac_len > sizeof(u))
fatal("mac_compute: mac too long %u %lu",
- mac->mac_len, (u_long)sizeof(m));
+ mac->mac_len, (u_long)sizeof(u));
switch (mac->type) {
case SSH_EVP:
@@ -137,17 +191,22 @@
HMAC_Init(&mac->evp_ctx, NULL, 0, NULL);
HMAC_Update(&mac->evp_ctx, b, sizeof(b));
HMAC_Update(&mac->evp_ctx, data, datalen);
- HMAC_Final(&mac->evp_ctx, m, NULL);
+ HMAC_Final(&mac->evp_ctx, u.m, NULL);
break;
case SSH_UMAC:
put_u64(nonce, seqno);
umac_update(mac->umac_ctx, data, datalen);
- umac_final(mac->umac_ctx, m, nonce);
+ umac_final(mac->umac_ctx, u.m, nonce);
break;
+ case SSH_UMAC128:
+ put_u64(nonce, seqno);
+ umac128_update(mac->umac_ctx, data, datalen);
+ umac128_final(mac->umac_ctx, u.m, nonce);
+ break;
default:
fatal("mac_compute: unknown MAC type");
}
- return (m);
+ return (u.m);
}
void
@@ -156,6 +215,9 @@
if (mac->type == SSH_UMAC) {
if (mac->umac_ctx != NULL)
umac_delete(mac->umac_ctx);
+ } else if (mac->type == SSH_UMAC128) {
+ if (mac->umac_ctx != NULL)
+ umac128_delete(mac->umac_ctx);
} else if (mac->evp_md != NULL)
HMAC_cleanup(&mac->evp_ctx);
mac->evp_md = NULL;
@@ -176,7 +238,7 @@
(p = strsep(&cp, MAC_SEP))) {
if (mac_setup(NULL, p) < 0) {
debug("bad mac %s [%s]", p, names);
- xfree(maclist);
+ free(maclist);
return (0);
} else {
debug3("mac ok: %s [%s]", p, names);
@@ -183,6 +245,6 @@
}
}
debug3("macs ok: [%s]", names);
- xfree(maclist);
+ free(maclist);
return (1);
}
Property changes on: vendor-crypto/openssh/dist/mac.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.6
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/mac.h
===================================================================
--- vendor-crypto/openssh/dist/mac.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/mac.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: mac.h,v 1.6 2007/06/07 19:37:34 pvalchev Exp $ */
+/* $OpenBSD: mac.h,v 1.7 2013/04/19 01:06:50 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@@ -24,6 +24,7 @@
*/
int mac_valid(const char *);
+char *mac_alg_list(void);
int mac_setup(Mac *, char *);
int mac_init(Mac *);
u_char *mac_compute(Mac *, u_int32_t, u_char *, int);
Property changes on: vendor-crypto/openssh/dist/mac.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/match.c
===================================================================
--- vendor-crypto/openssh/dist/match.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/match.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: match.c,v 1.27 2008/06/10 23:06:19 djm Exp $ */
+/* $OpenBSD: match.c,v 1.28 2013/05/17 00:13:13 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -40,6 +40,7 @@
#include <sys/types.h>
#include <ctype.h>
+#include <stdlib.h>
#include <string.h>
#include "xmalloc.h"
@@ -226,7 +227,7 @@
if ((ret = match_pattern(user, pat)) == 1)
ret = match_host_and_ip(host, ipaddr, p);
- xfree(pat);
+ free(pat);
return ret;
}
@@ -233,7 +234,7 @@
/*
* Returns first item from client-list that is also supported by server-list,
- * caller must xfree() returned string.
+ * caller must free the returned string.
*/
#define MAX_PROP 40
#define SEP ","
@@ -264,8 +265,8 @@
if (next != NULL)
*next = (cp == NULL) ?
strlen(c) : (u_int)(cp - c);
- xfree(c);
- xfree(s);
+ free(c);
+ free(s);
return ret;
}
}
@@ -272,7 +273,7 @@
}
if (next != NULL)
*next = strlen(c);
- xfree(c);
- xfree(s);
+ free(c);
+ free(s);
return NULL;
}
Property changes on: vendor-crypto/openssh/dist/match.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Index: vendor-crypto/openssh/dist/match.h
===================================================================
--- vendor-crypto/openssh/dist/match.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/match.h 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/match.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Index: vendor-crypto/openssh/dist/md-sha256.c
===================================================================
--- vendor-crypto/openssh/dist/md-sha256.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/md-sha256.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/md-sha256.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Index: vendor-crypto/openssh/dist/md5crypt.c
===================================================================
--- vendor-crypto/openssh/dist/md5crypt.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/md5crypt.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/md5crypt.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/md5crypt.h
===================================================================
--- vendor-crypto/openssh/dist/md5crypt.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/md5crypt.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -7,7 +7,7 @@
* ----------------------------------------------------------------------------
*/
-/* $Id: md5crypt.h,v 1.1.1.2 2006-02-25 02:34:24 laffer1 Exp $ */
+/* $Id: md5crypt.h,v 1.4 2003/05/18 14:46:46 djm Exp $ */
#ifndef _MD5CRYPT_H
#define _MD5CRYPT_H
Property changes on: vendor-crypto/openssh/dist/md5crypt.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/mdoc2man.awk
===================================================================
--- vendor-crypto/openssh/dist/mdoc2man.awk 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/mdoc2man.awk 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,6 +1,6 @@
#!/usr/bin/awk
#
-# $Id: mdoc2man.awk,v 1.1.1.3 2011-02-04 14:04:19 laffer1 Exp $
+# $Id: mdoc2man.awk,v 1.9 2009/10/24 00:52:42 dtucker Exp $
#
# Version history:
# v4+ Adapted for OpenSSH Portable (see cvs Id and history)
Property changes on: vendor-crypto/openssh/dist/mdoc2man.awk
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/misc.c
===================================================================
--- vendor-crypto/openssh/dist/misc.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/misc.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.c,v 1.84 2010/11/21 01:01:13 djm Exp $ */
+/* $OpenBSD: misc.c,v 1.91 2013/07/12 00:43:50 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2005,2006 Damien Miller. All rights reserved.
@@ -127,7 +127,7 @@
const char *
ssh_gai_strerror(int gaierr)
{
- if (gaierr == EAI_SYSTEM)
+ if (gaierr == EAI_SYSTEM && errno != 0)
return strerror(errno);
return gai_strerror(gaierr);
}
@@ -206,16 +206,18 @@
copy->pw_name = xstrdup(pw->pw_name);
copy->pw_passwd = xstrdup(pw->pw_passwd);
+#ifdef HAVE_STRUCT_PASSWD_PW_GECOS
copy->pw_gecos = xstrdup(pw->pw_gecos);
+#endif
copy->pw_uid = pw->pw_uid;
copy->pw_gid = pw->pw_gid;
-#ifdef HAVE_PW_EXPIRE_IN_PASSWD
+#ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE
copy->pw_expire = pw->pw_expire;
#endif
-#ifdef HAVE_PW_CHANGE_IN_PASSWD
+#ifdef HAVE_STRUCT_PASSWD_PW_CHANGE
copy->pw_change = pw->pw_change;
#endif
-#ifdef HAVE_PW_CLASS_IN_PASSWD
+#ifdef HAVE_STRUCT_PASSWD_PW_CLASS
copy->pw_class = xstrdup(pw->pw_class);
#endif
copy->pw_dir = xstrdup(pw->pw_dir);
@@ -251,13 +253,13 @@
*remote = SSH_TUNID_ANY;
sp = xstrdup(s);
if ((ep = strchr(sp, ':')) == NULL) {
- xfree(sp);
+ free(sp);
return (a2tun(s, NULL));
}
ep[0] = '\0'; ep++;
*remote = a2tun(ep, NULL);
tun = a2tun(sp, NULL);
- xfree(sp);
+ free(sp);
return (*remote == SSH_TUNID_ERR ? *remote : tun);
}
@@ -490,7 +492,7 @@
if (which >= args->num)
fatal("replacearg: tried to replace invalid arg %d >= %d",
which, args->num);
- xfree(args->list[which]);
+ free(args->list[which]);
args->list[which] = cp;
}
@@ -501,8 +503,8 @@
if (args->list != NULL) {
for (i = 0; i < args->num; i++)
- xfree(args->list[i]);
- xfree(args->list);
+ free(args->list[i]);
+ free(args->list);
args->nalloc = args->num = 0;
args->list = NULL;
}
@@ -515,8 +517,8 @@
char *
tilde_expand_filename(const char *filename, uid_t uid)
{
- const char *path;
- char user[128], ret[MAXPATHLEN];
+ const char *path, *sep;
+ char user[128], *ret;
struct passwd *pw;
u_int len, slash;
@@ -536,22 +538,21 @@
} else if ((pw = getpwuid(uid)) == NULL) /* ~/path */
fatal("tilde_expand_filename: No such uid %ld", (long)uid);
- if (strlcpy(ret, pw->pw_dir, sizeof(ret)) >= sizeof(ret))
- fatal("tilde_expand_filename: Path too long");
-
/* Make sure directory has a trailing '/' */
len = strlen(pw->pw_dir);
- if ((len == 0 || pw->pw_dir[len - 1] != '/') &&
- strlcat(ret, "/", sizeof(ret)) >= sizeof(ret))
- fatal("tilde_expand_filename: Path too long");
+ if (len == 0 || pw->pw_dir[len - 1] != '/')
+ sep = "/";
+ else
+ sep = "";
/* Skip leading '/' from specified path */
if (path != NULL)
filename = path + 1;
- if (strlcat(ret, filename, sizeof(ret)) >= sizeof(ret))
+
+ if (xasprintf(&ret, "%s%s%s", pw->pw_dir, sep, filename) >= MAXPATHLEN)
fatal("tilde_expand_filename: Path too long");
- return (xstrdup(ret));
+ return (ret);
}
/*
@@ -853,6 +854,24 @@
tv->tv_usec = (ms % 1000) * 1000;
}
+time_t
+monotime(void)
+{
+#if defined(HAVE_CLOCK_GETTIME) && defined(CLOCK_MONOTONIC)
+ struct timespec ts;
+ static int gettime_failed = 0;
+
+ if (!gettime_failed) {
+ if (clock_gettime(CLOCK_MONOTONIC, &ts) == 0)
+ return (ts.tv_sec);
+ debug3("clock_gettime: %s", strerror(errno));
+ gettime_failed = 1;
+ }
+#endif
+
+ return time(NULL);
+}
+
void
bandwidth_limit_init(struct bwlimit *bw, u_int64_t kbps, size_t buflen)
{
@@ -941,7 +960,7 @@
{ "af11", IPTOS_DSCP_AF11 },
{ "af12", IPTOS_DSCP_AF12 },
{ "af13", IPTOS_DSCP_AF13 },
- { "af14", IPTOS_DSCP_AF21 },
+ { "af21", IPTOS_DSCP_AF21 },
{ "af22", IPTOS_DSCP_AF22 },
{ "af23", IPTOS_DSCP_AF23 },
{ "af31", IPTOS_DSCP_AF31 },
@@ -985,6 +1004,19 @@
return val;
}
+const char *
+iptos2str(int iptos)
+{
+ int i;
+ static char iptos_str[sizeof "0xff"];
+
+ for (i = 0; ipqos[i].name != NULL; i++) {
+ if (ipqos[i].value == iptos)
+ return ipqos[i].name;
+ }
+ snprintf(iptos_str, sizeof iptos_str, "0x%02x", iptos);
+ return iptos_str;
+}
void
sock_set_v6only(int s)
{
Property changes on: vendor-crypto/openssh/dist/misc.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.7
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/misc.h
===================================================================
--- vendor-crypto/openssh/dist/misc.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/misc.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.h,v 1.47 2010/11/21 01:01:13 djm Exp $ */
+/* $OpenBSD: misc.h,v 1.49 2013/06/01 13:15:52 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -35,6 +35,7 @@
void sanitise_stdfd(void);
void ms_subtract_diff(struct timeval *, int *);
void ms_to_timeval(struct timeval *, int);
+time_t monotime(void);
void sock_set_v6only(int);
struct passwd *pwcopy(struct passwd *);
@@ -89,6 +90,7 @@
void bandwidth_limit(struct bwlimit *, size_t);
int parse_ipqos(const char *);
+const char *iptos2str(int);
void mktemp_proto(char *, size_t);
/* readpass.c */
Property changes on: vendor-crypto/openssh/dist/misc.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.6
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/mkinstalldirs
===================================================================
--- vendor-crypto/openssh/dist/mkinstalldirs 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/mkinstalldirs 2013-12-05 12:55:03 UTC (rev 6462)
@@ -4,7 +4,7 @@
# Created: 1993-05-16
# Public domain
-# $Id: mkinstalldirs,v 1.1.1.2 2006-02-25 02:34:24 laffer1 Exp $
+# $Id: mkinstalldirs,v 1.2 2003/11/21 12:48:55 djm Exp $
errstatus=0
Property changes on: vendor-crypto/openssh/dist/mkinstalldirs
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/moduli
===================================================================
--- vendor-crypto/openssh/dist/moduli 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/moduli 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,188 +1,262 @@
-# $OpenBSD: moduli,v 1.4 2008/01/01 08:51:20 dtucker Exp $
+# $OpenBSD: moduli,v 1.8 2012/08/29 05:06:54 dtucker Exp $
# Time Type Tests Tries Size Generator Modulus
-20060827013849 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE261778F3
-20060827013906 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE261CC47B
-20060827013924 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE2621AFA3
-20060827014045 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26551B8B
-20060827014056 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26556A27
-20060827014115 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE265B7273
-20060827014137 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26644D77
-20060827014203 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26717773
-20060827014214 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26722EBB
-20060827014312 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26961C8B
-20060827014407 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26BA7BBF
-20060827014418 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26BAC107
-20060827014436 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26C05207
-20060827014515 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26D48C73
-20060827014527 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26D65CD7
-20060827014538 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26D7096F
-20060827014607 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26E3760B
-20060827014626 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26EAF29F
-20060827014637 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26EBCF4F
-20060827014653 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE26F0D6BB
-20060827014732 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27088963
-20060827014835 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27320A73
-20060827014915 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27486FA3
-20060827014926 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE2748FD9F
-20060827014940 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE274BB323
-20060827014956 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE274F8F7F
-20060827015028 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE275C008F
-20060827015112 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE2776D9EF
-20060827015134 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27809AA3
-20060827015146 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27826DFB
-20060827015200 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE2785363F
-20060827015231 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27951F4F
-20060827015246 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27991903
-20060827015300 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE279C7B37
-20060827015329 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27AB4843
-20060827015347 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27B0F9D7
-20060827015359 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27B24D5B
-20060827015430 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27C2CE27
-20060827015449 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27CA3BA3
-20060827015546 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27E90A07
-20060827015607 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27F116BF
-20060827015630 2 6 100 1023 5 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE27FBB66F
-20060827015649 2 6 100 1023 2 DE49FC9069994C379D2B6563EFD37EFAE6785EEB1DD0A12B090AAC272B22DF8C64A4A2AB7B99CE0B77A9A52E0833D52D53B258CEDFFD175DC8A3766A9B9807362646DC9215628C3F4AF0E08D00AB60A3B9E55BAE47E82651DA0C15A27355DDB06365CAE1DDDE4C0C97DC9942FD65E9867FA50E72E1C785411EDD28DE2803E313
-20060827024302 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AD6C361B
-20060827024350 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AD6F7E93
-20060827024537 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AD7DE4BB
-20060827025000 2 6 100 1535 5 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6ADB6D4D7
-20060827025429 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6ADEF2D8B
-20060827025612 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6ADFCCB13
-20060827030138 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AE41E89B
-20060827030223 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AE44A263
-20060827030555 2 6 100 1535 5 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AE6FD2A7
-20060827031244 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AECC68C3
-20060827031437 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AEDFB4EB
-20060827031602 2 6 100 1535 5 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AEEB07E7
-20060827032434 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AF5B1533
-20060827032933 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AF99D5D3
-20060827033028 2 6 100 1535 5 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AF9CF037
-20060827033120 2 6 100 1535 5 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AFA14BBF
-20060827033331 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AFB9FD2B
-20060827033555 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AFD32F8B
-20060827033806 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6AFEBB7DB
-20060827034045 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B009C8D3
-20060827034214 2 6 100 1535 5 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B0177447
-20060827034316 2 6 100 1535 5 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B01EFC27
-20060827034514 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B0313F9B
-20060827035109 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B07D542B
-20060827035412 2 6 100 1535 5 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B0A3485F
-20060827035525 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B0AAF3BB
-20060827035829 2 6 100 1535 5 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B0CFE04F
-20060827040101 2 6 100 1535 5 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B0E988E7
-20060827040504 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B11D001B
-20060827040746 2 6 100 1535 5 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B13A45DF
-20060827041350 2 6 100 1535 5 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B188B89F
-20060827041513 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B193B2EB
-20060827041621 2 6 100 1535 5 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B19B9807
-20060827041657 2 6 100 1535 5 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B19C0107
-20060827041817 2 6 100 1535 2 DF09936D6567325CD4EDE975CB3B9BFFB26C5EC31A71ABA0931BE89AEEB81A531708540B7EA03875E5DF4935ED021F3955D5C941BB682DBDA5425F4EF84DD1F42C6DCC5E313D64DE5B658682A51785102358771DDB6C2B86079C3D0A4EB0DA149E7B2CAC0AC254FFBCD82DF11D74A4E0BBE3FA0AD0675B8A3C6E794E943B7F3799BA8C0F80D602F85D3032D206A96EB16DAFD2C036F8D4F3DA1CCDB2178F08BD851D7BB1C2E964F48F91B2546916E76A80D8E16F700E1FC194308DD6B1A6BE4B
-20060827052122 2 6 100 2047 2 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532C77E8ED3
-20060827055248 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532C8549C07
-20060827055453 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532C85B17DF
-20060827060456 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532C899BBE7
-20060827061203 2 6 100 2047 2 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532C8C362B3
-20060827061433 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532C8CC69F7
-20060827061904 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532C8E44BC7
-20060827062255 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532C8F6B23F
-20060827063052 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532C926C817
-20060827063354 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532C9351ABF
-20060827063925 2 6 100 2047 2 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532C9541A43
-20060827064904 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532C98CFAE7
-20060827070314 2 6 100 2047 2 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532C9E30823
-20060827070806 2 6 100 2047 2 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532C9F90C33
-20060827071119 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CA04D477
-20060827072534 2 6 100 2047 2 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CA5A1ADB
-20060827073212 2 6 100 2047 2 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CA7E88A3
-20060827073641 2 6 100 2047 2 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CA93A193
-20060827073850 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CA999B57
-20060827080040 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CB21505F
-20060827080817 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CB4C2F97
-20060827083711 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CC0FAA7F
-20060827084308 2 6 100 2047 2 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CC30FD83
-20060827084830 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CC4EFB67
-20060827085653 2 6 100 2047 2 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CC8152FB
-20060827090522 2 6 100 2047 2 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CCB5AE6B
-20060827092253 2 6 100 2047 2 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CD252FCB
-20060827095916 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CE117E2F
-20060827100246 2 6 100 2047 2 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CE2087CB
-20060827102041 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CE925537
-20060827102556 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CEAF2A27
-20060827103749 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CEF9826F
-20060827103917 2 6 100 2047 5 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CEFBC467
-20060827104611 2 6 100 2047 2 C038282DE061BE1AD34F31325EFE9B1D8520DB14276CEB61FE3A2CB8D77FFE3B9A067505205BBA8353847FD2EA1E2471E4294862A5D4C4F9A2B80F9DA0619327CDBF2EB608B0B5549294A955972AA3512821B24782DD8AB97B53AAB04B48180394ABFBC4DCF9B819FC0CB5AC1275AC5F16EC378163501E4B27D49C67F660333888F1D503B96FA9C6C880543D8B5F04D70FE508FFCA161798AD32015145B8E9AD43AAB48ADA81FD1E5A8EA7711A8FF57EC7C4C081B47FAB0C2E9FA468E70DD6700F3412224890D5E99527A596CE635195F3A6D35E563BF4892DF2C79C809704411018D919102D12CB112CE1E66EBF5DB9F409F6C82A6A6E1E21E23532CF24A6E3
-20060827130320 2 6 100 3071 5 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084EFA80B3F
-20060827132001 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084EFC2F2A3
-20060827132659 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084EFC83DE3
-20060827133231 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084EFCAE263
-20060827134212 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084EFD5D943
-20060827135606 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084EFEAD4AB
-20060827142452 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084F01CBFBB
-20060827185212 2 6 100 3071 5 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084F24CFF67
-20060827190158 2 6 100 3071 5 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084F2599507
-20060827202730 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084F305315B
-20060827213252 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084F38A5B63
-20060827214322 2 6 100 3071 5 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084F3987FC7
-20060827214825 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084F39A3CDB
-20060827232520 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084F46375AB
-20060828030405 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084F62B17EB
-20060828043230 2 6 100 3071 5 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084F6E0BB4F
-20060828081338 2 6 100 3071 5 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084F8A9B0EF
-20060828083613 2 6 100 3071 5 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084F8D164EF
-20060828090529 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084F906488B
-20060828100621 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084F97FF4CB
-20060828121421 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084FA80824B
-20060828141024 2 6 100 3071 5 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084FB659087
-20060828142059 2 6 100 3071 5 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084FB739E8F
-20060828170552 2 6 100 3071 5 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084FCC5CE57
-20060828171327 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084FCCCF9D3
-20060828185943 2 6 100 3071 5 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084FDA67727
-20060828190537 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084FDAAC673
-20060828191202 2 6 100 3071 5 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084FDAFC737
-20060828192613 2 6 100 3071 2 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084FDC50FBB
-20060828193738 2 6 100 3071 5 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084FDD6023F
-20060828204936 2 6 100 3071 5 D3230D237572ECE9F92358715EBAC3A4D89F2D6B4DC39F056450263BEF1665FBD7B93916ABC867B7064802159D273C7EB01C5F9281A3D6DCCB7CF997D385998EC0E1FA3319AFE771A90ADBACEB414A020630D7C7F161FAFEC6C9FC06D3205C712AAE8848A1B2C21DFF301C7FFC0B75D13F060A313C32AFEEAF1493F641760EBEF38829B3371699D2A3264D0ECEB4E5C19581ED8C57699F559B9828BBFE147952E289F0E171C9C60335DD2F492CB409A4DB97BDF86E2DBA605064DB040A3DF5678E24F66718CA115C95C892FF7AEDFAABC2E6414716298CEC1A604270FEADF191B7C8A59C238C395A65442C0B963BF83025BED3951A271B7440EC7687C31DE63355DA7FEAC15DC962C7BF7614EB59B077B9889AD8703DFE98AC99615B722A0ABE89956D1058E025C7733420CB51D7E1608EFF2C0A30C9A5EB77CCA02C6B00CE781B172001C6C458630890062E27CE307D513A7686A69D1D548DE8334B13136D9E842A5E17FD67522C93823E03F08AEE8024AF5D88B2EE01D4D9980084FE68405F
-20060829063416 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE57DE9222B
-20060829082327 2 6 100 4095 5 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE57E5385E7
-20060829092010 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE57E8501A3
-20060830004204 2 6 100 4095 5 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE5825F180F
-20060830013522 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE5828DFA2B
-20060830124707 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE58555C9EB
-20060830180312 2 6 100 4095 5 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE586989437
-20060831041205 2 6 100 4095 5 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE5891334BF
-20060831102341 2 6 100 4095 5 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE58A8F8B27
-20060831234001 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE58DD7278B
-20060901032352 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE58EBE93EB
-20060901061345 2 6 100 4095 5 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE58F693A3F
-20060901123055 2 6 100 4095 5 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE590F80AE7
-20060901191922 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE592994C63
-20060901203957 2 6 100 4095 5 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE592E5D92F
-20060901210250 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE592F4A5F3
-20060901225047 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE5935D124B
-20060902020657 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE5942520CB
-20060902070624 2 6 100 4095 5 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE59553E03F
-20060902095300 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE595F6EC6B
-20060902113306 2 6 100 4095 5 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE596599BEF
-20060902142302 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE59703582B
-20060902210839 2 6 100 4095 5 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE598A695F7
-20060903073325 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE59B315E9B
-20060903095626 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE59BBD7153
-20060903162601 2 6 100 4095 2 DA110847314B537539F2A20681212A0B2ED264BF1F2595B817CC516D5AA4211585948B248F77277B11AB206738C71B5FB2FCC4041927B40B985282795A89EF66BDB111E1D07D790AC487DA5841B66FC407ED5DD8612703136422C442139C12040CE776FEB6C8B59B95408F31FB50073AD54B03F97113E61BE577E76D13AA971BA82CEE621C31C4770A7E076245A16689A9FE3E9190FB617FB330AA70AAC623B447D1858C24993D486C2B9A3C63FFCB3F230E7185F163C1EED434C24EE11EAC5B2369FEAF790523BD8BF7E8F9C87467ED6C89E5596974DCA6960E537259EA3AA587BF5198B26CE37638BC57012851903BB4CC0E2A28EC741EECB6220556EC5C118AE0142E5374AE2A3D1CEF165C09C0988A37877BCA6BBCAE28D52DA6701BF077307195C3618D4CAC58DDF64B6A8C2BF8E2FDCC0840973A8ED1F8413689BE05EA54AB6CD30464F94DD926D8CEC6B56704F534C6D8329A27ECAD9836721BC0C283E63CDA54FCEA851C0203E747BB02B75C92036928EFC201FFCBB747A2E093CCED157C3C3F74258D5607B6B8AA330DECCF42A73A6F81D300BAFCA921BAFF635DFC90824938F7454B258C1967FF90C1D828E028F9FA86AA7B287A87EC750EDCECEEEC223EAEA78511CB3C0130043950478737FDF6D56EA2B705D5E4C57701E955A9C862DBCAF36D0624D2F2C20616AA3E0478A4A722BBA577BC02578EE59D48AEE3
-20040305011518 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080E4CE974B
-20040305043124 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080E5050933
-20040305084728 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080E54C7783
-20040306205350 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080E809C413
-20040309221333 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080ED7F9CFB
-20040311222059 2 6 100 6143 5 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080F103209F
-20040312160304 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080F247861B
-20040312210904 2 6 100 6143 5 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080F29D939F
-20040316074005 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080F8B1F7DB
-20040317113309 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080FAAE1F73
-20040317195246 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080FB3F2B93
-20040319025848 2 6 100 6143 2 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C7080FD81741B
-20040323194658 2 6 100 6143 5 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C708105AF04AF
-20040324041535 2 6 100 6143 5 E95A4131F86234D27EE1E51791599559EEDB618912E4FE36B81B80CDA4D497959DBFAEE929317A66BE64A328BAB6183EA5A5CBB3581490B4B613B225ADD00EFD38540356E0F4716229CDDB260283AF044FDAF1EF9248BB0CE9031C117CF15D3259B3E7B0301CA1AAC91AFA7A57CCDEED2DA4EFC2DBC7A9FC53BB4D3CB2D57D209D5DDEF25DE14F8226404296BD504EC14F6340F0AA2A1A943B9552C4B91D3EB48C08A13671C36EE5042857625DD2CB58965C0975EB775057FF82BC2B8B69D0BF26E2F80115B3E1A984D1D73D9D02AD69C3A1AF90EC915DE6FC9F574BD755B2EF6BBE62F3717E128DC797A06FE35C1C28CED57A0F64F61A4439ACFE7A7B95A1A948417A5B8B69916A32989B00E2C3FB7C74139A4DA9E533C439E59FC7C4F90780D2BBCDF012C499C15A1E0B5C318F84FB17DF97AB3EC356FD0072CFA3884EFBED319009DE6DBF2A5C7C87A93DEB04CCD9147EF8C9BEC2FD713793E4F0BF8C4EFCEBFBF95D555E523AB5D742808C4E425979A1C216C8CB2B42C7715B8CA5907E84E6FBC35DA7BFBFC892870B659C882C6E3697E0DCC6C24771F26D51A890786DA516DBC2D161680B134F1715B32F734E667650398EC2241AF78877BB3D61D83D0158DDE894862EE6E1BEE278724EA7B34C74F0A5D6B7F79F1322E20AD5757E11D9AC31BFE27C56ABB23A275130533433DC41DDBA1081E3A018E0D0B55DF33ECAE104909DC74F1CA2256CFD423A859B0AC2112A0AE684396C0029AD07D0D30AC84FFD2C2E80B74DE29310FCAFE7D0CB8864729B6FD1F86052D7DD9A9CB085A186259A67C175B3F81C5DA19AFED1BF9C5C07F40A29ED47ED4F1C7DE878B8411E3239ED15AC0E4CCC1D7F8842E9FD9C989F301E2689F800C3D14A38810906A36EEA34207014E99C843C599D56FCFBC14278A2A009C13B6E4AC7460B54D2C7EF38D72AC450540097D2AF609D3FFF874D14582FA8FF21027DEC92844BD22A9A7EC14C66BCC8DB1E058B95AF87ACB60A5725767A76C9185744E483BCCD9278ED9FF15A04061D0F6E32D98B6853A39AA498673C7DD012982B1913B3C3CE2C70810643E737
-20061002171426 2 6 100 8191 2 D2D64D8CC6FDFA9897C8AE805EA7CB972D7A10F5A268EB5B33B0CCE2C75E480365A49070185D8B316872BAF0F3AAF94498A8E0007A13D574C905441F19D4B0D55A83E2A70C09F7B3E353DEA76F5FEB4191E31F4A52D0BC643B9FD1959BDF8B99C13F245B5D9E8589D6C18A844814486F25A8E189B964A9E72675DDE4D759C901C09F7C24CB3E939B54D2009AE9331446C1EDE5FA9D0A33B36F6A6C9B55E956A94169FBE9C1A24EC9A3E497371F4131F2B1E4FB25A1BB27B23A6661155F37C6EC913E5CB207AD894C2319852C556CA040C6B72DE6E913BCF419E5914507119F771206FAB25B1D6BAD57AFEAF74D807CC576549CD979B0AAC13F5D2B637CCF4A54D2D903A4B29C16B9E8BEE8AD6200D24E4E3E97EB25B2DD13C31AE2A4F27D6EFBFA113F9334F92204FCFFCAA5EBDCCBA986C5B6E665FE71D6654ACA3C8051424133597FD65A18BB2AA24FFDD8B09A8758D984E09BE1F55B16A37B36B058295B1E9942A89D386D4B4DB58C516429248052D97DE42BFC32AB14F13D7F963E86867B8B7245062061C9F315EA94C38FCC0E118373BEFC41D1004CF0FA6D951E20BAC5D2C15F5796163469B88A75FE5F5D2C69C949DA47DAC75D22869F37FAB2490791FA5A5854360EAA13701CEE40EC371797272A12746ABA9CB303224B82F8CCE3F62C0D3EA0D62BF3B2C387E015B1A96A4C4A2A73ADA521B0536B81A536A5119EC559D524BA7F2B25A094A164A4EEBB8ADA886DCBA9647FC4D2D4A91BA0DB32805EDA75B61E09F44BC49862D70B8F28C8E630CD6F0DF245535D79DCD75ECBDE51B29AA6DD3F59736E5028E3AB1E75CFCDA1FF9E6F8D52027A4BC218FC9A9E660BF7EB14D300F4199C04B24725405AFA6535DF0837FEF33C0F8B57B9BDFFB1D956E7B40E822FF40603FB5417523B115FE5864094001CEF2526395C19532F153C4630B95E9835FAC985E1C9DF62188DBA12D5B8BEEB414FFD90AFEDF8F986DF33EF5BC7F7C16ACDC4D40A00822CE17A9724066EED89127195BB9D037CB7FB74AA7178A1A4CBECC5D9F67747AA74156C70E54BABA8641A55B93637385A0D1D56E5220867B5A11ED44CFC405AC238DC39690A966A2DE238FFA1E3B3C859D988DE14916C32AB2A2CB35C57F3609C34F1E8E4B5FAC2F446E0EB78CFD64DD7A3570677D373E8FEC6FF47D5471577D92F22B115D03F302C8CD1A43FCDCEBBA823EE942D7733FF7F78672BEAACCEA279744CC14D60E3912E81A14421989CF5B2C10FD1CDB6CA95E2CA8C574AA6C4F3856602A0D32A9978697752878C0DCB50EF5463EE61C83F776AB9D8098755AF00D2972D3E5E502C39A9CE52C8588472C1D3242CA658290F472D48CB0876752643C2F63CFEB66DF6E93C8BE2404DFA10AB3D8EEF214C371DC0EC29755C086574B1AA92A8!
92B517F6E01056DD5EFEB2437E23100E487E3D4B
-20061005090403 2 6 100 8191 5 D2D64D8CC6FDFA9897C8AE805EA7CB972D7A10F5A268EB5B33B0CCE2C75E480365A49070185D8B316872BAF0F3AAF94498A8E0007A13D574C905441F19D4B0D55A83E2A70C09F7B3E353DEA76F5FEB4191E31F4A52D0BC643B9FD1959BDF8B99C13F245B5D9E8589D6C18A844814486F25A8E189B964A9E72675DDE4D759C901C09F7C24CB3E939B54D2009AE9331446C1EDE5FA9D0A33B36F6A6C9B55E956A94169FBE9C1A24EC9A3E497371F4131F2B1E4FB25A1BB27B23A6661155F37C6EC913E5CB207AD894C2319852C556CA040C6B72DE6E913BCF419E5914507119F771206FAB25B1D6BAD57AFEAF74D807CC576549CD979B0AAC13F5D2B637CCF4A54D2D903A4B29C16B9E8BEE8AD6200D24E4E3E97EB25B2DD13C31AE2A4F27D6EFBFA113F9334F92204FCFFCAA5EBDCCBA986C5B6E665FE71D6654ACA3C8051424133597FD65A18BB2AA24FFDD8B09A8758D984E09BE1F55B16A37B36B058295B1E9942A89D386D4B4DB58C516429248052D97DE42BFC32AB14F13D7F963E86867B8B7245062061C9F315EA94C38FCC0E118373BEFC41D1004CF0FA6D951E20BAC5D2C15F5796163469B88A75FE5F5D2C69C949DA47DAC75D22869F37FAB2490791FA5A5854360EAA13701CEE40EC371797272A12746ABA9CB303224B82F8CCE3F62C0D3EA0D62BF3B2C387E015B1A96A4C4A2A73ADA521B0536B81A536A5119EC559D524BA7F2B25A094A164A4EEBB8ADA886DCBA9647FC4D2D4A91BA0DB32805EDA75B61E09F44BC49862D70B8F28C8E630CD6F0DF245535D79DCD75ECBDE51B29AA6DD3F59736E5028E3AB1E75CFCDA1FF9E6F8D52027A4BC218FC9A9E660BF7EB14D300F4199C04B24725405AFA6535DF0837FEF33C0F8B57B9BDFFB1D956E7B40E822FF40603FB5417523B115FE5864094001CEF2526395C19532F153C4630B95E9835FAC985E1C9DF62188DBA12D5B8BEEB414FFD90AFEDF8F986DF33EF5BC7F7C16ACDC4D40A00822CE17A9724066EED89127195BB9D037CB7FB74AA7178A1A4CBECC5D9F67747AA74156C70E54BABA8641A55B93637385A0D1D56E5220867B5A11ED44CFC405AC238DC39690A966A2DE238FFA1E3B3C859D988DE14916C32AB2A2CB35C57F3609C34F1E8E4B5FAC2F446E0EB78CFD64DD7A3570677D373E8FEC6FF47D5471577D92F22B115D03F302C8CD1A43FCDCEBBA823EE942D7733FF7F78672BEAACCEA279744CC14D60E3912E81A14421989CF5B2C10FD1CDB6CA95E2CA8C574AA6C4F3856602A0D32A9978697752878C0DCB50EF5463EE61C83F776AB9D8098755AF00D2972D3E5E502C39A9CE52C8588472C1D3242CA658290F472D48CB0876752643C2F63CFEB66DF6E93C8BE2404DFA10AB3D8EEF214C371DC0EC29755C086574B1AA92A8!
92B517F6E01056DD5EFEB2437E23100E4A242A2F
-20061005152228 2 6 100 8191 2 D2D64D8CC6FDFA9897C8AE805EA7CB972D7A10F5A268EB5B33B0CCE2C75E480365A49070185D8B316872BAF0F3AAF94498A8E0007A13D574C905441F19D4B0D55A83E2A70C09F7B3E353DEA76F5FEB4191E31F4A52D0BC643B9FD1959BDF8B99C13F245B5D9E8589D6C18A844814486F25A8E189B964A9E72675DDE4D759C901C09F7C24CB3E939B54D2009AE9331446C1EDE5FA9D0A33B36F6A6C9B55E956A94169FBE9C1A24EC9A3E497371F4131F2B1E4FB25A1BB27B23A6661155F37C6EC913E5CB207AD894C2319852C556CA040C6B72DE6E913BCF419E5914507119F771206FAB25B1D6BAD57AFEAF74D807CC576549CD979B0AAC13F5D2B637CCF4A54D2D903A4B29C16B9E8BEE8AD6200D24E4E3E97EB25B2DD13C31AE2A4F27D6EFBFA113F9334F92204FCFFCAA5EBDCCBA986C5B6E665FE71D6654ACA3C8051424133597FD65A18BB2AA24FFDD8B09A8758D984E09BE1F55B16A37B36B058295B1E9942A89D386D4B4DB58C516429248052D97DE42BFC32AB14F13D7F963E86867B8B7245062061C9F315EA94C38FCC0E118373BEFC41D1004CF0FA6D951E20BAC5D2C15F5796163469B88A75FE5F5D2C69C949DA47DAC75D22869F37FAB2490791FA5A5854360EAA13701CEE40EC371797272A12746ABA9CB303224B82F8CCE3F62C0D3EA0D62BF3B2C387E015B1A96A4C4A2A73ADA521B0536B81A536A5119EC559D524BA7F2B25A094A164A4EEBB8ADA886DCBA9647FC4D2D4A91BA0DB32805EDA75B61E09F44BC49862D70B8F28C8E630CD6F0DF245535D79DCD75ECBDE51B29AA6DD3F59736E5028E3AB1E75CFCDA1FF9E6F8D52027A4BC218FC9A9E660BF7EB14D300F4199C04B24725405AFA6535DF0837FEF33C0F8B57B9BDFFB1D956E7B40E822FF40603FB5417523B115FE5864094001CEF2526395C19532F153C4630B95E9835FAC985E1C9DF62188DBA12D5B8BEEB414FFD90AFEDF8F986DF33EF5BC7F7C16ACDC4D40A00822CE17A9724066EED89127195BB9D037CB7FB74AA7178A1A4CBECC5D9F67747AA74156C70E54BABA8641A55B93637385A0D1D56E5220867B5A11ED44CFC405AC238DC39690A966A2DE238FFA1E3B3C859D988DE14916C32AB2A2CB35C57F3609C34F1E8E4B5FAC2F446E0EB78CFD64DD7A3570677D373E8FEC6FF47D5471577D92F22B115D03F302C8CD1A43FCDCEBBA823EE942D7733FF7F78672BEAACCEA279744CC14D60E3912E81A14421989CF5B2C10FD1CDB6CA95E2CA8C574AA6C4F3856602A0D32A9978697752878C0DCB50EF5463EE61C83F776AB9D8098755AF00D2972D3E5E502C39A9CE52C8588472C1D3242CA658290F472D48CB0876752643C2F63CFEB66DF6E93C8BE2404DFA10AB3D8EEF214C371DC0EC29755C086574B1AA92A8!
92B517F6E01056DD5EFEB2437E23100E4A4C3B0B
+20120821044040 2 6 100 1023 5 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A770E2EC9F
+20120821044046 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A7711F2C6B
+20120821044047 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A771225323
+20120821044048 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A7712507AB
+20120821044050 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A7712A2DB3
+20120821044051 2 6 100 1023 5 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A7712CACEF
+20120821044053 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A7713959C3
+20120821044057 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A7715BBA13
+20120821044103 2 6 100 1023 5 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A77191592F
+20120821044104 2 6 100 1023 5 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A771938E1F
+20120821044106 2 6 100 1023 5 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A771A1E127
+20120821044108 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A771B3CDFB
+20120821044109 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A771B71913
+20120821044111 2 6 100 1023 5 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A771C2759F
+20120821044113 2 6 100 1023 5 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A771CF8ABF
+20120821044114 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A771D2B49B
+20120821044116 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A771DF6193
+20120821044117 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A771E67E33
+20120821044120 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A771FA581B
+20120821044121 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A772027DDB
+20120821044123 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A772093F8B
+20120821044124 2 6 100 1023 5 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A7720EEF6F
+20120821044125 2 6 100 1023 5 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A77216CAD7
+20120821044126 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A77219A90B
+20120821044129 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A7722A0103
+20120821044130 2 6 100 1023 5 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A772343DBF
+20120821044133 2 6 100 1023 5 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A772460C3F
+20120821044137 2 6 100 1023 5 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A7726A4E0F
+20120821044138 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A772716D8B
+20120821044141 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A7728D719B
+20120821044143 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A77297AA8B
+20120821044145 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A772A8794B
+20120821044147 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A772B4D6AB
+20120821044149 2 6 100 1023 5 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A772BD325F
+20120821044150 2 6 100 1023 5 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A772BDAE07
+20120821044151 2 6 100 1023 2 D9277DAA27DB131C03B108D41A76B4DA8ACEECCCAE73D2E48CEDAAA70B09EF9F04FB020DCF36C51B8E485B26FABE0337E24232BE4F4E693548310244937433FB1A5758195DC73B84ADEF8237472C46747D79DC0A2CF8A57CE8DBD8F466A20F8551E7B1B824B2E4987A8816D9BC0741C2798F3EBAD3ADEBCC78FCE6A772C95CE3
+20120821044502 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F96361507
+20120821044515 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F965885BF
+20120821044519 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F966006C7
+20120821044528 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F9674A0EB
+20120821044539 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F969457F3
+20120821044544 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F969BE79B
+20120821044606 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F96E1E827
+20120821044623 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F9714284B
+20120821044630 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F97231CB7
+20120821044636 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F972E01DF
+20120821044647 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F974BCED3
+20120821044650 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F974C3A43
+20120821044653 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F974E8F73
+20120821044701 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F9763403B
+20120821044705 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F9767666B
+20120821044708 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F9768D81F
+20120821044726 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F979FD437
+20120821044729 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F97A29BC7
+20120821044732 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F97A56447
+20120821044737 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F97AEDBDB
+20120821044740 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F97B187F3
+20120821044746 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F97BC6EE3
+20120821044757 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F97DCCDEB
+20120821044817 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F981975F7
+20120821044831 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F983EC267
+20120821044841 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F985A032F
+20120821044846 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F9863B0AB
+20120821044852 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F986E5C7F
+20120821044911 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F98A8FF6B
+20120821044917 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F98B40E4B
+20120821044924 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F98C5840F
+20120821044940 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F98F22CEB
+20120821044947 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F99040FFF
+20120821044954 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F99139AE3
+20120821045010 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F9940BEFB
+20120821045017 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F9954379F
+20120821045020 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F99548C23
+20120821045023 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F99562FC3
+20120821045028 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F9960CDCF
+20120821045038 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F997AC0B3
+20120821045045 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F998D9B6B
+20120821045050 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F9994BB77
+20120821045059 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F99AC001B
+20120821045101 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F99AC5547
+20120821045107 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F99B86567
+20120821045110 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F99BA2677
+20120821045128 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F99EF4523
+20120821045154 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F9A419DAB
+20120821045214 2 6 100 1535 5 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F9A7D1E67
+20120821045218 2 6 100 1535 2 D1391174233D315398FE2830AC6B2B66BCCD01B0A634899F339B7879F1DB85712E9DC4E4B1C6C8355570C1D2DCB53493DF18175A9C53D1128B592B4C72D97136F5542FEB981CBFE8012FDD30361F288A42BD5EBB08BAB0A5640E1AC48763B2ABD1945FEE36B2D55E1D50A1C86CED9DD141C4E7BE2D32D9B562A0F8E2E927020E91F58B57EB9ACDDA106A59302D7E92AD5F6E851A45FA1CFE86029A0F727F65A8F475F33572E2FDAB6073F0C21B8B54C3823DB2EF068927E5D747498F9A826443
+20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
+20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
+20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
+20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
+20120821050118 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293682361D5F
+20120821050218 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936828ADA17
+20120821050243 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293682A8A7CB
+20120821050427 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368341AC87
+20120821050515 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936837F8657
+20120821050545 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293683A3DFD3
+20120821050554 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293683A9635F
+20120821050636 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293683DF582B
+20120821050648 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293683E86803
+20120821050758 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293684495A13
+20120821050807 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936844FAB5B
+20120821050849 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368486D99B
+20120821050916 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293684A776A7
+20120821050942 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293684C4FF73
+20120821051003 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293684DB980F
+20120821051010 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293684DD4FBF
+20120821051158 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293685721537
+20120821051206 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293685768253
+20120821051231 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293685930F13
+20120821051240 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293685987B0B
+20120821051324 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293685D5E36B
+20120821051349 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293685F3AB7F
+20120821051424 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293686206187
+20120821051516 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368668EB4B
+20120821051540 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368686EB87
+20120821051622 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293686BCCF13
+20120821051703 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293686F13B9F
+20120821051715 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293686FB2D4F
+20120821051837 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936876ED7DF
+20120821051843 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936876F05DB
+20120821051930 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293687AEDE8F
+20120821052131 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293688637CFF
+20120821053137 2 6 100 3071 5 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF942284EA9F
+20120821053209 2 6 100 3071 5 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF94228B7F67
+20120821053317 2 6 100 3071 5 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF9422A2B3C7
+20120821053841 2 6 100 3071 5 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF94232DEF87
+20120821054039 2 6 100 3071 2 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF942359AB7B
+20120821054334 2 6 100 3071 5 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF9423A371A7
+20120821054455 2 6 100 3071 5 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF9423C1CEEF
+20120821054844 2 6 100 3071 5 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF9424273F1F
+20120821055307 2 6 100 3071 5 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF9424987667
+20120821055436 2 6 100 3071 2 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF9424B90BAB
+20120821055700 2 6 100 3071 5 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF9424F6C7CF
+20120821060224 2 6 100 3071 5 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF94258ADCEF
+20120821060334 2 6 100 3071 2 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF9425A1FCEB
+20120821060420 2 6 100 3071 2 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF9425AEBF43
+20120821060927 2 6 100 3071 5 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF942634C34F
+20120821061829 2 6 100 3071 5 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF94272F0D4F
+20120821062020 2 6 100 3071 5 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF94275B00B7
+20120821062241 2 6 100 3071 5 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF9427941F5F
+20120821063416 2 6 100 3071 5 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF9428D5E367
+20120821063648 2 6 100 3071 5 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF942917E127
+20120821064052 2 6 100 3071 2 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF9429825A2B
+20120821064951 2 6 100 3071 2 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF942A74C4EB
+20120821065736 2 6 100 3071 2 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF942B4640D3
+20120821071146 2 6 100 3071 2 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF942CCD6D1B
+20120821071337 2 6 100 3071 2 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF942CF9321B
+20120821072545 2 6 100 3071 5 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF942E48654F
+20120821075022 2 6 100 3071 2 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF9430F1B6A3
+20120821080229 2 6 100 3071 2 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF9432356F63
+20120821081230 2 6 100 3071 2 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF94333D9363
+20120821081746 2 6 100 3071 5 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF9433C6A7A7
+20120821081811 2 6 100 3071 2 DFAA35D35531E0F524F0099877A482D2AC8D589F374394A262A8E81A8A4FB2F65FADBAB395E05D147B29D486DFAA41F41597A256DA82A8B6F76401AED53D0253F956CEC610D417E42E3B287F7938FC24D8821B40BFA218A956EB7401BED6C96C68C7FD64F8170A8A76B953DD2F05420118F6B144D8FE48060A2BCB85056B478EDEF96DBC70427053ECD2958C074169E9550DD877779A3CF17C5AC850598C7586BEEA9DCFE9DD2A5FB62DF5F33EA7BC00CDA31B9D2DD721F979EA85B6E63F0C4E30BDDCD3A335522F9004C4ED50B15DC537F55324DD4FA119FB3F101467C6D7E1699DE4B3E3C478A8679B8EB3FA5C9B826B44530FD3BE9AD3063B240B0C853EBDDBD68DD940332D98F148D5D9E1DC977D60A0D23D0CA1198637FEAE4E7FAAC173AF2B84313A666CFB4EE6972811921D0AD867CE57F3BBC8D6CB057E3B66757BB46C9F72662624D44E14528327E3A7100E81A12C43C4E236118318CD90C8AA185BBB0C764826DAEAEE8DD245C5B451B4944E6122CC522D1C335C2EEF9433C94C93
+20120821084945 2 6 100 4095 5 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA45B27D047
+20120821091240 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA45C370A33
+20120821092428 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA45CBB9FBB
+20120821093047 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA45D001E73
+20120821095420 2 6 100 4095 5 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA45E104D6F
+20120821095624 2 6 100 4095 5 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA45E21E2BF
+20120821102749 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA45F9B1B7B
+20120821105854 2 6 100 4095 5 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA4610E205F
+20120821110658 2 6 100 4095 5 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA461631FBF
+20120821110744 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA461635E3B
+20120821115206 2 6 100 4095 5 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA4636E0DF7
+20120821121256 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA4645F38B3
+20120821121421 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA46467609B
+20120821122649 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA464F87D6B
+20120821122854 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA46508F94B
+20120821125200 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA4661CBC5B
+20120821130613 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA466BC6B33
+20120821131115 2 6 100 4095 5 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA466ED9CC7
+20120821132817 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA467B278B3
+20120821135349 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA468D8351B
+20120821141206 2 6 100 4095 5 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA469A817A7
+20120821144909 2 6 100 4095 5 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA46B488EF7
+20120821150021 2 6 100 4095 5 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA46BC5D5E7
+20120821153843 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA46D774723
+20120821162006 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA46F5488DB
+20120821170404 2 6 100 4095 5 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA47157A067
+20120821173305 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA472A1E94B
+20120821173936 2 6 100 4095 5 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA472E0E57F
+20120821174533 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA4731F7433
+20120821180053 2 6 100 4095 5 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA473C7CE3F
+20120821180952 2 6 100 4095 5 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA4742A8237
+20120821181124 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA474343C5B
+20120821183540 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA4754D89DB
+20120821183852 2 6 100 4095 5 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA47569B47F
+20120821184512 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA475AC57DB
+20120821184603 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA475AD78CB
+20120821184701 2 6 100 4095 5 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA475B0038F
+20120821185939 2 6 100 4095 5 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA4763BD72F
+20120821190630 2 6 100 4095 5 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA476853BB7
+20120821190945 2 6 100 4095 2 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA476A47843
+20120821195501 2 6 100 4095 5 EF07B0F39662DC8600224E46AB8BE8CB72E552D52E88013D20EC039A0697ED9AAD018B16F0B910D4AD54437B8585AAA4EAE0CE216E31F50EDF0CD05DAF5E02A73D399C91B38220EC3B62C42D1CF6BF06378533A70C1F8F4F4416DD542213D3432412125FDBFF7B9473CE6F8812D860E66282C9F34C1774D1EA57D54DADDF7E37A12C4A6AD5B4A30128C29D27D03B6535C0F7A8AF857E18ECAB992984E6D546918AAACB971A2AC2C2E7AF79A9547979E6342DB7443985E5F7EDF6F9F22B600EEB42CB84A5F1ACD76E213C52E3052DAE1A9119801CFA28E6EFD4F6BC35FA06C8724D78A96AF054826C0BF865D0EC5F6F4D31C1D3F7CF2FE6F16AF267A7BA04753AEF420D4D8C36BCE8D9694814B9E9C3DF468064EB5636405C71CA9D8D50D36570B42639C9C2C02FB3A3D0C6B28DD200B0AF164C621D60B12E35E4D00129C8900F6EFDBB49FF34DD64CB13CD4087A7F84FEFD77D4E8099C2B804BA643EAFCA66D1F02BD09AE44AC83A5149F60711B7B108C01D53FF15FA59B36BE62A870F163F5063CEE103B377808343AFBD32271199E26D93734011BED2305EDE2E841EAD512E23B8C9B8CD4D398C7B4C8B76B355CC150B66B8EB7779E2CA519E10E45D0FB138676850C56F23DB135F546D364B92BC1C9423E089D30D4D57D27D7885EE14AE135A488C0542C3719FBEF46F4BB5FB53A28DA26DDF84C8BC55348A8AA478A96AEF
+20120705232031 2 6 100 6143 2 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B241215BB
+20120705233800 2 6 100 6143 2 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B246EC93B
+20120706002709 2 6 100 6143 5 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B2582B477
+20120706013826 2 6 100 6143 2 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B271419A3
+20120706014732 2 6 100 6143 2 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B273FB1BB
+20120706021008 2 6 100 6143 5 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B27B7E59F
+20120705225552 2 6 100 6143 2 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B29C4E81B
+20120705233754 2 6 100 6143 5 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B2AB07037
+20120705234834 2 6 100 6143 2 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B2AE25CBB
+20120706024556 2 6 100 6143 5 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B2EDFAA6F
+20120705233556 2 6 100 6143 2 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B30EE83EB
+20120706002117 2 6 100 6143 5 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B31E6F727
+20120705233808 2 6 100 6143 5 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B37267537
+20120706001148 2 6 100 6143 5 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B3DF98C1F
+20120706013155 2 6 100 6143 2 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B3FBB98EB
+20120706025705 2 6 100 6143 5 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B418898A7
+20120706022948 2 6 100 6143 2 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B4707179B
+20120705233534 2 6 100 6143 5 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B4F3D25C7
+20120706014542 2 6 100 6143 2 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B520205CB
+20120706030026 2 6 100 6143 2 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B539518DB
+20120706003519 2 6 100 6143 2 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B566E0243
+20120706032218 2 6 100 6143 5 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B59E508EF
+20120706033523 2 6 100 6143 5 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B5A254F5F
+20120705235242 2 6 100 6143 5 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B5B60C48F
+20120706022615 2 6 100 6143 2 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B646A1B3B
+20120706032540 2 6 100 6143 5 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B6594B14F
+20120706001843 2 6 100 6143 2 EEBCAD36F686DDEB790C1EBDF6C6355A4EEB95435785FAC26C1DDBBD0D3C284AB5B4A1D5BA22131604AAE087D8B9431038CDA76DAA9E1C8D10793F53374FDF26489D38FF13188B6961B86E44A065D2FADEFC6C9496350AFA4129C9FD1B6B321E6053A6C645978C151D623C1106FE6669C220690B637F6259522F88250CC2B1B7F170706E9CE741F6E26BB4E86FB6822B13D8A7CE99FEF5CD66EF08310ECE5CC86648BD90E1DC59332505579116D3F3C8314065DC1319BEA133ED809903CA4949905C3D21619217816465E964768FFE76BC962AACBC8FF13477990A81C8759BBE95DFFA22E299F7C0F79A0EA7C44B28E8AB96149CC213E7C886E3D0A2230D7A4176749D6EDD6FCA2F5F3E2BD10392BC818CFB25C696C1EC14CE6F23CDB6C3DA2ED77E098A874799EB65F82A4EAF85CA0C9E68278381AF964AA5816B2CDA8E1ABB2954C02F641E1F374563B0F9DBF2F1B6D8168558BB971C8F48668A8034F82908D45D4D9A9072375D00AE0D5D442C6E6B6B2E7280C104C7675FDB0795DD0D3273E74BDC7B243B7604447502EB1572A273ABA0032CDB754345B1ACDF17B5AEDA45B661DBEFDA084B1427F94C8EA62BAB6A1E05DED8F2F706445879F15FB096996765238B6B546FDE5F219B5B85B31E804A989C4959600998A03572FB59DC150714BDB0C71A236497AE79871FBEFCAFFF34D2DF0142F2AF3C9C5D92F5FC7A61A27FF9AA1EADDF3552A2BED2CC4D19FB0F67DCC02744947A42FE10B338A3A8E634B413AE46C4E644DD5934D5820C9714656171A02BBCA25AED1CCD9EB9BEF9C63E7E966B0E2E47146191ECA452588FA2AFF50AF25FABAF83E143D47A651BD9B9C37CF5D6319FDCBC2F5D4B76D07B52D857FDE48FD983F06B531F7D316E2961E17D358FE6556C82C2E78C1D9CCF68760EFD8CC692E8912914781651D834C0C766B3D71C07C91AB93619E0C06385CFAC6FA18E1DEC7F3C5EE92C906CC49A4786D24CDB4F5656DE60F1F4412367B16BDA68DA368218C16E30C48366A8C0FDFA6E708E3353B8471402A42E594903774A65EA7AB5A83D08AD10D34DB38201B44B677C3593
+20120705054703 2 6 100 8191 5 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F2!
82CD256BC3B365896D80DC170BE234453518A0F7
+20120705060217 2 6 100 8191 5 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F2!
82CD256BC3B365896D80DC170BE23445353B291F
+20120705100916 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F2!
82CD256BC3B365896D80DC170BE2344537DF8F1B
+20120705112627 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F2!
82CD256BC3B365896D80DC170BE2344538AF7C7B
+20120705121419 2 6 100 8191 5 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F2!
82CD256BC3B365896D80DC170BE23445392BB61F
+20120705162623 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F2!
82CD256BC3B365896D80DC170BE234453BD5FE03
+20120705171958 2 6 100 8191 5 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F2!
82CD256BC3B365896D80DC170BE234453C6257EF
+20120705222541 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F2!
82CD256BC3B365896D80DC170BE234453FBF1073
+20120705120012 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F2!
82CD256BC3B365896D80DC170BE2344544BA2363
+20120705143238 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F2!
82CD256BC3B365896D80DC170BE23445464ED33B
+20120705175610 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F2!
82CD256BC3B365896D80DC170BE23445486B9E93
+20120705143839 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F2!
82CD256BC3B365896D80DC170BE2344551AEBB1B
+20120705164833 2 6 100 8191 5 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F2!
82CD256BC3B365896D80DC170BE2344553053057
+20120705195911 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F2!
82CD256BC3B365896D80DC170BE2344560200E33
+20120705051445 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F2!
82CD256BC3B365896D80DC170BE23445620DCB9B
+20120705090103 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F2!
82CD256BC3B365896D80DC170BE234456453E2C3
+20120705102457 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F2!
82CD256BC3B365896D80DC170BE234456520F7B3
+20120705045958 2 6 100 8191 5 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F2!
82CD256BC3B365896D80DC170BE234456CC34FE7
+20120705064048 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F2!
82CD256BC3B365896D80DC170BE234456DBB1643
+20120705100057 2 6 100 8191 5 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F2!
82CD256BC3B365896D80DC170BE234456FACFC3F
+20120705130216 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F2!
82CD256BC3B365896D80DC170BE23445716EEFD3
+20120705184211 2 6 100 8191 5 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F2!
82CD256BC3B365896D80DC170BE2344574BD3B0F
+20120705075506 2 6 100 8191 5 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F2!
82CD256BC3B365896D80DC170BE234457918ED6F
+20120705111016 2 6 100 8191 5 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F2!
82CD256BC3B365896D80DC170BE23445857E1707
+20120705051124 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F2!
82CD256BC3B365896D80DC170BE234458C6078E3
+20120705054255 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F2!
82CD256BC3B365896D80DC170BE234458CA4E313
+20120705155949 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F2!
82CD256BC3B365896D80DC170BE234459281E7B3
+20120705065517 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F2!
82CD256BC3B365896D80DC170BE2344597A57CB3
+20120705082307 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F2!
82CD256BC3B365896D80DC170BE23445987253DB
+20120705182442 2 6 100 8191 5 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F2!
82CD256BC3B365896D80DC170BE234459E124B2F
+20120705184956 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F2!
82CD256BC3B365896D80DC170BE234459E442F5B
+20120705071209 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F2!
82CD256BC3B365896D80DC170BE23445A1E0FD83
+20120705155527 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F2!
82CD256BC3B365896D80DC170BE23445A6BDA473
+20120705103912 2 6 100 8191 5 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F2!
82CD256BC3B365896D80DC170BE23445ADCE429F
+20120705115451 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F2!
82CD256BC3B365896D80DC170BE23445AE75FB83
+20120705133531 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F2!
82CD256BC3B365896D80DC170BE23445AF5813A3
+20120705144902 2 6 100 8191 5 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F2!
82CD256BC3B365896D80DC170BE23445AFF92FDF
+20120705160631 2 6 100 8191 5 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F2!
82CD256BC3B365896D80DC170BE23445B0A9AF9F
+20120705194100 2 6 100 8191 2 DA2167F01CB32874E032B38C40FEC5F2557C9C4411B3A4B3D38C889A8BEED4EB7EF08A9A1E1EAAEEC22C2A46891D3CA84517FDFCDFA2BACBCDE2FC8EA87182542F5C8D3897B6C8A6DB951256F3DDBA7C5D6E7060925AD1F3046F49D00B433770B412DAA2A74E539EB81E3266DDDA82781BB21B19695FB925FA8BB6D249B5C33401C5D9E5C6B1719A36F1EB36E7CCD28AD98AA74DFD453D343BD189C968EB8F459809E87F77C6BA985B82B960A46660C7A277970E016EBD183CE7D6232F56EB06ECC0931024B9333879EF063F976C3603649AB9DCBE9714753E0A865020C3EF22BABF2F473F771CFC70A7C43FE320640D6E2816E88B6CA501A85A34F88EFF26AD8FFA0D11B0A21CB1A4FC7F90DB97B11BD5367302CBB45A390D2CB28CE83D50156A161D0080FD5F3961872ABC56FBCB973C517F6D7205E6CCF44E22E5DF8793D5037A9E779A52628D258CEA6B45CA4AC604CD69875D51145EE4C3D8856E24F9DBCA0134D54A734320A46A0AF52E20DD604AD465508172D4185C0D5C720B325ABC1760B1680B7BDFBAA1AE845A84AC3C7BBC53CD01C000B2186DC3915A1879224DD703E817C58F5FFCFBDF0189BB4B5033769F49852F3C48A88B88FB659B4AC96EE9DFC1D7E1760194EE4E1B6A8052BA17C827BE8A74C9F3FA7EA3236171F3DF9ACF19C40636825F1C49EFAAB12CEAD24F4585FE7C466FDE7ACF7E1FC91C8D473A8AB12C652AF568227E7CE3421256F83084D8E82DC977309E5B8C73EB8D92B71B9DAF6A53D13539D55C1A67BAC646358352529958AA3599DF0D882B8640ABFF17031C3F246A3E07F86AEB29CEACACF3B3EB931C40D292D09F4B99E08E4C68D811F9425DA30AC456107454AAC470DBD627C3EE2132E7C6FCEB61C2BA1CBE4FE6F07A2A4E398FDFBECC0283E9CF440F9F8F6893D019A98EFE992BA7433951DF341A3B3A8E879B090FB0E11907382853FBD6FA79B5B3FFF4EBE286F92A99D24C548949209867B1116BDBE1F104230EE26CCA0A12602A328B9B7A86D18415881AEFC9527AD4BB563CC330F29DF51199E1E9F0317EE6F3768C0849351FC1F95D47A1DE90484BE923ADC004D8287A90168C1D1491AD9A9B3266A826F966AA964E814F171FF9F3BA755DF83961182D95317844D6064D8BDED2DDB9AB4D74C325C1748036103690D88D85B532B692B74ED199253CB77E3BA57A2369BD9DD3B4FE68A66A1EFE507BA1F1A0164B6EDF397DF550EAC7FA155F7DED564A34DA73BC1F72E2D56CBABADAF3ED6B03C56FE00CA51548604403757ACAE67C71C564D4F688BA44465C7D3FFC84DB2BA142E06A967181CA0806E732134D795AD6E936BB25C00A14FE0DA5A83A7095D0271B380E802CD9E6E601C582EAC20CB6AC0C670108376302BA364FFD30E78D0CAB72BADB15F2!
82CD256BC3B365896D80DC170BE23445B296E223
Property changes on: vendor-crypto/openssh/dist/moduli
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Added: vendor-crypto/openssh/dist/moduli.0
===================================================================
--- vendor-crypto/openssh/dist/moduli.0 (rev 0)
+++ vendor-crypto/openssh/dist/moduli.0 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,74 @@
+MODULI(5) OpenBSD Programmer's Manual MODULI(5)
+
+NAME
+ moduli - Diffie-Hellman moduli
+
+DESCRIPTION
+ The /etc/moduli file contains prime numbers and generators for use by
+ sshd(8) in the Diffie-Hellman Group Exchange key exchange method.
+
+ New moduli may be generated with ssh-keygen(1) using a two-step process.
+ An initial candidate generation pass, using ssh-keygen -G, calculates
+ numbers that are likely to be useful. A second primality testing pass,
+ using ssh-keygen -T, provides a high degree of assurance that the numbers
+ are prime and are safe for use in Diffie-Hellman operations by sshd(8).
+ This moduli format is used as the output from each pass.
+
+ The file consists of newline-separated records, one per modulus,
+ containing seven space-separated fields. These fields are as follows:
+
+ timestamp The time that the modulus was last processed as
+ YYYYMMDDHHMMSS.
+
+ type Decimal number specifying the internal structure of
+ the prime modulus. Supported types are:
+
+ 0 Unknown, not tested.
+ 2 "Safe" prime; (p-1)/2 is also prime.
+ 4 Sophie Germain; 2p+1 is also prime.
+
+ Moduli candidates initially produced by ssh-keygen(1)
+ are Sophie Germain primes (type 4). Further primality
+ testing with ssh-keygen(1) produces safe prime moduli
+ (type 2) that are ready for use in sshd(8). Other
+ types are not used by OpenSSH.
+
+ tests Decimal number indicating the type of primality tests
+ that the number has been subjected to represented as a
+ bitmask of the following values:
+
+ 0x00 Not tested.
+ 0x01 Composite number - not prime.
+ 0x02 Sieve of Eratosthenes.
+ 0x04 Probabilistic Miller-Rabin primality tests.
+
+ The ssh-keygen(1) moduli candidate generation uses the
+ Sieve of Eratosthenes (flag 0x02). Subsequent
+ ssh-keygen(1) primality tests are Miller-Rabin tests
+ (flag 0x04).
+
+ trials Decimal number indicating the number of primality
+ trials that have been performed on the modulus.
+
+ size Decimal number indicating the size of the prime in
+ bits.
+
+ generator The recommended generator for use with this modulus
+ (hexadecimal).
+
+ modulus The modulus itself in hexadecimal.
+
+ When performing Diffie-Hellman Group Exchange, sshd(8) first estimates
+ the size of the modulus required to produce enough Diffie-Hellman output
+ to sufficiently key the selected symmetric cipher. sshd(8) then randomly
+ selects a modulus from /etc/moduli that best meets the size requirement.
+
+SEE ALSO
+ ssh-keygen(1), sshd(8)
+
+STANDARDS
+ M. Friedl, N. Provos, and W. Simpson, Diffie-Hellman Group Exchange for
+ the Secure Shell (SSH) Transport Layer Protocol, RFC 4419, March 2006,
+ 2006.
+
+OpenBSD 5.4 September 26, 2012 OpenBSD 5.4
Modified: vendor-crypto/openssh/dist/moduli.5
===================================================================
--- vendor-crypto/openssh/dist/moduli.5 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/moduli.5 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-.\" $OpenBSD: moduli.5,v 1.12 2008/06/26 05:57:54 djm Exp $
+.\" $OpenBSD: moduli.5,v 1.17 2012/09/26 17:34:38 jmc Exp $
.\"
.\" Copyright (c) 2008 Damien Miller <djm at mindrot.org>
.\"
@@ -13,16 +13,16 @@
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.Dd $Mdocdate: June 26 2008 $
+.Dd $Mdocdate: September 26 2012 $
.Dt MODULI 5
.Os
.Sh NAME
.Nm moduli
-.Nd Diffie Hellman moduli
+.Nd Diffie-Hellman moduli
.Sh DESCRIPTION
The
.Pa /etc/moduli
-file contains prime numbers and generators for use by
+file contains prime numbers and generators for use by
.Xr sshd 8
in the Diffie-Hellman Group Exchange key exchange method.
.Pp
@@ -31,15 +31,15 @@
using a two-step process.
An initial
.Em candidate generation
-pass, using
+pass, using
.Ic ssh-keygen -G ,
calculates numbers that are likely to be useful.
A second
.Em primality testing
pass, using
-.Ic ssh-keygen -T
+.Ic ssh-keygen -T ,
provides a high degree of assurance that the numbers are prime and are
-safe for use in Diffie Hellman operations by
+safe for use in Diffie-Hellman operations by
.Xr sshd 8 .
This
.Nm
@@ -46,9 +46,8 @@
format is used as the output from each pass.
.Pp
The file consists of newline-separated records, one per modulus,
-containing seven space separated fields.
+containing seven space-separated fields.
These fields are as follows:
-.Pp
.Bl -tag -width Description -offset indent
.It timestamp
The time that the modulus was last processed as YYYYMMDDHHMMSS.
@@ -58,17 +57,17 @@
.Pp
.Bl -tag -width 0x00 -compact
.It 0
-Unknown, not tested
+Unknown, not tested.
.It 2
"Safe" prime; (p-1)/2 is also prime.
.It 4
-Sophie Germain; (p+1)*2 is also prime.
+Sophie Germain; 2p+1 is also prime.
.El
.Pp
Moduli candidates initially produced by
.Xr ssh-keygen 1
are Sophie Germain primes (type 4).
-Futher primality testing with
+Further primality testing with
.Xr ssh-keygen 1
produces safe prime moduli (type 2) that are ready for use in
.Xr sshd 8 .
@@ -79,13 +78,13 @@
.Pp
.Bl -tag -width 0x00 -compact
.It 0x00
-Not tested
+Not tested.
.It 0x01
-Composite number - not prime.
+Composite number \(en not prime.
.It 0x02
-Sieve of Eratosthenes
+Sieve of Eratosthenes.
.It 0x04
-Probabalistic Miller-Rabin primality tests.
+Probabilistic Miller-Rabin primality tests.
.El
.Pp
The
@@ -95,8 +94,8 @@
.Xr ssh-keygen 1
primality tests are Miller-Rabin tests (flag 0x04).
.It trials
-Decimal number indicating of primaility trials that have been performed
-on the modulus.
+Decimal number indicating the number of primality trials
+that have been performed on the modulus.
.It size
Decimal number indicating the size of the prime in bits.
.It generator
@@ -105,20 +104,24 @@
The modulus itself in hexadecimal.
.El
.Pp
-When performing Diffie Hellman Group Exchange,
+When performing Diffie-Hellman Group Exchange,
.Xr sshd 8
first estimates the size of the modulus required to produce enough
-Diffie Hellman output to sufficiently key the selected symmetric cipher.
+Diffie-Hellman output to sufficiently key the selected symmetric cipher.
.Xr sshd 8
then randomly selects a modulus from
.Fa /etc/moduli
that best meets the size requirement.
-.Pp
.Sh SEE ALSO
.Xr ssh-keygen 1 ,
-.Xr sshd 8 ,
+.Xr sshd 8
+.Sh STANDARDS
.Rs
+.%A M. Friedl
+.%A N. Provos
+.%A W. Simpson
+.%D March 2006
.%R RFC 4419
-.%T "Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol"
+.%T Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol
.%D 2006
.Re
Property changes on: vendor-crypto/openssh/dist/moduli.5
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/moduli.c
===================================================================
--- vendor-crypto/openssh/dist/moduli.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/moduli.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: moduli.c,v 1.22 2010/11/10 01:33:07 djm Exp $ */
+/* $OpenBSD: moduli.c,v 1.27 2013/05/17 00:13:13 djm Exp $ */
/*
* Copyright 1994 Phil Karn <karn at qualcomm.com>
* Copyright 1996-1998, 2003 William Allen Simpson <wsimpson at greendragon.com>
@@ -39,16 +39,19 @@
#include "includes.h"
+#include <sys/param.h>
#include <sys/types.h>
#include <openssl/bn.h>
#include <openssl/dh.h>
+#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdarg.h>
#include <time.h>
+#include <unistd.h>
#include "xmalloc.h"
#include "dh.h"
@@ -137,7 +140,8 @@
static BIGNUM *largebase;
int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);
-int prime_test(FILE *, FILE *, u_int32_t, u_int32_t);
+int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long,
+ unsigned long);
/*
* print moduli out in consistent form,
@@ -429,9 +433,9 @@
time(&time_stop);
- xfree(LargeSieve);
- xfree(SmallSieve);
- xfree(TinySieve);
+ free(LargeSieve);
+ free(SmallSieve);
+ free(TinySieve);
logit("%.24s Found %u candidates", ctime(&time_stop), r);
@@ -438,6 +442,52 @@
return (ret);
}
+static void
+write_checkpoint(char *cpfile, u_int32_t lineno)
+{
+ FILE *fp;
+ char tmp[MAXPATHLEN];
+ int r;
+
+ r = snprintf(tmp, sizeof(tmp), "%s.XXXXXXXXXX", cpfile);
+ if (r == -1 || r >= MAXPATHLEN) {
+ logit("write_checkpoint: temp pathname too long");
+ return;
+ }
+ if ((r = mkstemp(tmp)) == -1) {
+ logit("mkstemp(%s): %s", tmp, strerror(errno));
+ return;
+ }
+ if ((fp = fdopen(r, "w")) == NULL) {
+ logit("write_checkpoint: fdopen: %s", strerror(errno));
+ close(r);
+ return;
+ }
+ if (fprintf(fp, "%lu\n", (unsigned long)lineno) > 0 && fclose(fp) == 0
+ && rename(tmp, cpfile) == 0)
+ debug3("wrote checkpoint line %lu to '%s'",
+ (unsigned long)lineno, cpfile);
+ else
+ logit("failed to write to checkpoint file '%s': %s", cpfile,
+ strerror(errno));
+}
+
+static unsigned long
+read_checkpoint(char *cpfile)
+{
+ FILE *fp;
+ unsigned long lineno = 0;
+
+ if ((fp = fopen(cpfile, "r")) == NULL)
+ return 0;
+ if (fscanf(fp, "%lu\n", &lineno) < 1)
+ logit("Failed to load checkpoint from '%s'", cpfile);
+ else
+ logit("Loaded checkpoint from '%s' line %lu", cpfile, lineno);
+ fclose(fp);
+ return lineno;
+}
+
/*
* perform a Miller-Rabin primality test
* on the list of candidates
@@ -445,7 +495,8 @@
* The result is a list of so-call "safe" primes
*/
int
-prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted)
+prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted,
+ char *checkpoint_file, unsigned long start_lineno, unsigned long num_lines)
{
BIGNUM *q, *p, *a;
BN_CTX *ctx;
@@ -452,6 +503,7 @@
char *cp, *lp;
u_int32_t count_in = 0, count_out = 0, count_possible = 0;
u_int32_t generator_known, in_tests, in_tries, in_type, in_size;
+ unsigned long last_processed = 0, end_lineno;
time_t time_start, time_stop;
int res;
@@ -472,10 +524,28 @@
debug2("%.24s Final %u Miller-Rabin trials (%x generator)",
ctime(&time_start), trials, generator_wanted);
+ if (checkpoint_file != NULL)
+ last_processed = read_checkpoint(checkpoint_file);
+ if (start_lineno > last_processed)
+ last_processed = start_lineno;
+ if (num_lines == 0)
+ end_lineno = ULONG_MAX;
+ else
+ end_lineno = last_processed + num_lines;
+ debug2("process line %lu to line %lu", last_processed, end_lineno);
+
res = 0;
lp = xmalloc(QLINESIZE + 1);
- while (fgets(lp, QLINESIZE + 1, in) != NULL) {
+ while (fgets(lp, QLINESIZE + 1, in) != NULL && count_in < end_lineno) {
count_in++;
+ if (checkpoint_file != NULL) {
+ if (count_in <= last_processed) {
+ debug3("skipping line %u, before checkpoint",
+ count_in);
+ continue;
+ }
+ write_checkpoint(checkpoint_file, count_in);
+ }
if (strlen(lp) < 14 || *lp == '!' || *lp == '#') {
debug2("%10u: comment or short line", count_in);
continue;
@@ -639,11 +709,14 @@
}
time(&time_stop);
- xfree(lp);
+ free(lp);
BN_free(p);
BN_free(q);
BN_CTX_free(ctx);
+ if (checkpoint_file != NULL)
+ unlink(checkpoint_file);
+
logit("%.24s Found %u safe primes of %u candidates in %ld seconds",
ctime(&time_stop), count_out, count_possible,
(long) (time_stop - time_start));
Property changes on: vendor-crypto/openssh/dist/moduli.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.6
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/monitor.c
===================================================================
--- vendor-crypto/openssh/dist/monitor.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/monitor.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.110 2010/09/09 10:45:45 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.127 2013/07/19 07:37:48 markus Exp $ */
/*
* Copyright 2002 Niels Provos <provos at citi.umich.edu>
* Copyright 2002 Markus Friedl <markus at openbsd.org>
@@ -44,6 +44,13 @@
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
+#ifdef HAVE_POLL_H
+#include <poll.h>
+#else
+# ifdef HAVE_SYS_POLL_H
+# include <sys/poll.h>
+# endif
+#endif
#ifdef SKEY
#include <skey.h>
@@ -52,6 +59,7 @@
#include <openssl/dh.h>
#include "openbsd-compat/sys-queue.h"
+#include "atomicio.h"
#include "xmalloc.h"
#include "ssh.h"
#include "key.h"
@@ -89,6 +97,7 @@
#include "ssh2.h"
#include "jpake.h"
#include "roaming.h"
+#include "authfd.h"
#ifdef GSSAPI
static Gssctxt *gsscontext = NULL;
@@ -179,6 +188,8 @@
int mm_answer_audit_command(int, Buffer *);
#endif
+static int monitor_read_log(struct monitor *);
+
static Authctxt *authctxt;
static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */
@@ -189,6 +200,7 @@
static char *hostbased_cuser = NULL;
static char *hostbased_chost = NULL;
static char *auth_method = "unknown";
+static char *auth_submethod = NULL;
static u_int session_id2_len = 0;
static u_char *session_id2 = NULL;
static pid_t monitor_child_pid;
@@ -342,10 +354,14 @@
monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
{
struct mon_table *ent;
- int authenticated = 0;
+ int authenticated = 0, partial = 0;
debug3("preauth child monitor started");
+ close(pmonitor->m_recvfd);
+ close(pmonitor->m_log_sendfd);
+ pmonitor->m_log_sendfd = pmonitor->m_recvfd = -1;
+
authctxt = _authctxt;
memset(authctxt, 0, sizeof(*authctxt));
@@ -365,8 +381,26 @@
/* The first few requests do not require asynchronous access */
while (!authenticated) {
+ partial = 0;
auth_method = "unknown";
+ auth_submethod = NULL;
authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1);
+
+ /* Special handling for multiple required authentications */
+ if (options.num_auth_methods != 0) {
+ if (!compat20)
+ fatal("AuthenticationMethods is not supported"
+ "with SSH protocol 1");
+ if (authenticated &&
+ !auth2_update_methods_lists(authctxt,
+ auth_method, auth_submethod)) {
+ debug3("%s: method %s: partial", __func__,
+ auth_method);
+ authenticated = 0;
+ partial = 1;
+ }
+ }
+
if (authenticated) {
if (!(ent->flags & MON_AUTHDECIDE))
fatal("%s: unexpected authentication from %d",
@@ -387,10 +421,9 @@
}
#endif
}
-
if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) {
- auth_log(authctxt, authenticated, auth_method,
- compat20 ? " ssh2" : "");
+ auth_log(authctxt, authenticated, partial,
+ auth_method, auth_submethod);
if (!authenticated)
authctxt->failures++;
}
@@ -414,6 +447,14 @@
__func__, authctxt->user);
mm_get_keystate(pmonitor);
+
+ /* Drain any buffered messages from the child */
+ while (pmonitor->m_log_recvfd != -1 && monitor_read_log(pmonitor) == 0)
+ ;
+
+ close(pmonitor->m_sendfd);
+ close(pmonitor->m_log_recvfd);
+ pmonitor->m_sendfd = pmonitor->m_log_recvfd = -1;
}
static void
@@ -431,6 +472,9 @@
void
monitor_child_postauth(struct monitor *pmonitor)
{
+ close(pmonitor->m_recvfd);
+ pmonitor->m_recvfd = -1;
+
monitor_set_child_handler(pmonitor->m_pid);
signal(SIGHUP, &monitor_child_handler);
signal(SIGTERM, &monitor_child_handler);
@@ -465,6 +509,53 @@
}
}
+static int
+monitor_read_log(struct monitor *pmonitor)
+{
+ Buffer logmsg;
+ u_int len, level;
+ char *msg;
+
+ buffer_init(&logmsg);
+
+ /* Read length */
+ buffer_append_space(&logmsg, 4);
+ if (atomicio(read, pmonitor->m_log_recvfd,
+ buffer_ptr(&logmsg), buffer_len(&logmsg)) != buffer_len(&logmsg)) {
+ if (errno == EPIPE) {
+ buffer_free(&logmsg);
+ debug("%s: child log fd closed", __func__);
+ close(pmonitor->m_log_recvfd);
+ pmonitor->m_log_recvfd = -1;
+ return -1;
+ }
+ fatal("%s: log fd read: %s", __func__, strerror(errno));
+ }
+ len = buffer_get_int(&logmsg);
+ if (len <= 4 || len > 8192)
+ fatal("%s: invalid log message length %u", __func__, len);
+
+ /* Read severity, message */
+ buffer_clear(&logmsg);
+ buffer_append_space(&logmsg, len);
+ if (atomicio(read, pmonitor->m_log_recvfd,
+ buffer_ptr(&logmsg), buffer_len(&logmsg)) != buffer_len(&logmsg))
+ fatal("%s: log fd read: %s", __func__, strerror(errno));
+
+ /* Log it */
+ level = buffer_get_int(&logmsg);
+ msg = buffer_get_string(&logmsg, NULL);
+ if (log_level_name(level) == NULL)
+ fatal("%s: invalid log level %u (corrupted message?)",
+ __func__, level);
+ do_log2(level, "%s [preauth]", msg);
+
+ buffer_free(&logmsg);
+ free(msg);
+
+ return 0;
+}
+
int
monitor_read(struct monitor *pmonitor, struct mon_table *ent,
struct mon_table **pent)
@@ -472,7 +563,31 @@
Buffer m;
int ret;
u_char type;
+ struct pollfd pfd[2];
+ for (;;) {
+ bzero(&pfd, sizeof(pfd));
+ pfd[0].fd = pmonitor->m_sendfd;
+ pfd[0].events = POLLIN;
+ pfd[1].fd = pmonitor->m_log_recvfd;
+ pfd[1].events = pfd[1].fd == -1 ? 0 : POLLIN;
+ if (poll(pfd, pfd[1].fd == -1 ? 1 : 2, -1) == -1) {
+ if (errno == EINTR || errno == EAGAIN)
+ continue;
+ fatal("%s: poll: %s", __func__, strerror(errno));
+ }
+ if (pfd[1].revents) {
+ /*
+ * Drain all log messages before processing next
+ * monitor request.
+ */
+ monitor_read_log(pmonitor);
+ continue;
+ }
+ if (pfd[0].revents)
+ break; /* Continues below */
+ }
+
buffer_init(&m);
mm_request_receive(pmonitor->m_sendfd, &m);
@@ -527,12 +642,9 @@
monitor_reset_key_state(void)
{
/* reset state */
- if (key_blob != NULL)
- xfree(key_blob);
- if (hostbased_cuser != NULL)
- xfree(hostbased_cuser);
- if (hostbased_chost != NULL)
- xfree(hostbased_chost);
+ free(key_blob);
+ free(hostbased_cuser);
+ free(hostbased_chost);
key_blob = NULL;
key_bloblen = 0;
key_blobtype = MM_NOKEY;
@@ -575,6 +687,8 @@
return (0);
}
+extern AuthenticationConnection *auth_conn;
+
int
mm_answer_sign(int sock, Buffer *m)
{
@@ -603,10 +717,16 @@
memcpy(session_id2, p, session_id2_len);
}
- if ((key = get_hostkey_by_index(keyid)) == NULL)
+ if ((key = get_hostkey_by_index(keyid)) != NULL) {
+ if (key_sign(key, &signature, &siglen, p, datlen) < 0)
+ fatal("%s: key_sign failed", __func__);
+ } else if ((key = get_hostkey_public_by_index(keyid)) != NULL &&
+ auth_conn != NULL) {
+ if (ssh_agent_sign(auth_conn, key, &signature, &siglen, p,
+ datlen) < 0)
+ fatal("%s: ssh_agent_sign failed", __func__);
+ } else
fatal("%s: no hostkey from index %d", __func__, keyid);
- if (key_sign(key, &signature, &siglen, p, datlen) < 0)
- fatal("%s: key_sign failed", __func__);
debug3("%s: signature %p(%u)", __func__, signature, siglen);
@@ -613,8 +733,8 @@
buffer_clear(m);
buffer_put_string(m, signature, siglen);
- xfree(p);
- xfree(signature);
+ free(p);
+ free(signature);
mm_request_send(sock, MONITOR_ANS_SIGN, m);
@@ -632,6 +752,7 @@
char *username;
struct passwd *pwent;
int allowed = 0;
+ u_int i;
debug3("%s", __func__);
@@ -644,7 +765,7 @@
authctxt->user = xstrdup(username);
setproctitle("%s [priv]", pwent ? username : "unknown");
- xfree(username);
+ free(username);
buffer_clear(m);
@@ -662,8 +783,10 @@
buffer_put_string(m, pwent, sizeof(struct passwd));
buffer_put_cstring(m, pwent->pw_name);
buffer_put_cstring(m, "*");
+#ifdef HAVE_STRUCT_PASSWD_PW_GECOS
buffer_put_cstring(m, pwent->pw_gecos);
-#ifdef HAVE_PW_CLASS_IN_PASSWD
+#endif
+#ifdef HAVE_STRUCT_PASSWD_PW_CLASS
buffer_put_cstring(m, pwent->pw_class);
#endif
buffer_put_cstring(m, pwent->pw_dir);
@@ -671,8 +794,30 @@
out:
buffer_put_string(m, &options, sizeof(options));
- if (options.banner != NULL)
- buffer_put_cstring(m, options.banner);
+
+#define M_CP_STROPT(x) do { \
+ if (options.x != NULL) \
+ buffer_put_cstring(m, options.x); \
+ } while (0)
+#define M_CP_STRARRAYOPT(x, nx) do { \
+ for (i = 0; i < options.nx; i++) \
+ buffer_put_cstring(m, options.x[i]); \
+ } while (0)
+ /* See comment in servconf.h */
+ COPY_MATCH_STRING_OPTS();
+#undef M_CP_STROPT
+#undef M_CP_STRARRAYOPT
+
+ /* Create valid auth method lists */
+ if (compat20 && auth2_setup_methods_lists(authctxt) != 0) {
+ /*
+ * The monitor will continue long enough to let the child
+ * run to it's packet_disconnect(), but it must not allow any
+ * authentication to succeed.
+ */
+ debug("%s: no valid authentication method lists", __func__);
+ }
+
debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed);
mm_request_send(sock, MONITOR_ANS_PWNAM, m);
@@ -684,7 +829,6 @@
monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
}
-
#ifdef USE_PAM
if (options.use_pam)
monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1);
@@ -701,10 +845,8 @@
banner = auth2_read_banner();
buffer_put_cstring(m, banner != NULL ? banner : "");
mm_request_send(sock, MONITOR_ANS_AUTH2_READ_BANNER, m);
+ free(banner);
- if (banner != NULL)
- xfree(banner);
-
return (0);
}
@@ -719,7 +861,7 @@
__func__, authctxt->service, authctxt->style);
if (strlen(authctxt->style) == 0) {
- xfree(authctxt->style);
+ free(authctxt->style);
authctxt->style = NULL;
}
@@ -739,7 +881,7 @@
authenticated = options.password_authentication &&
auth_password(authctxt, passwd);
memset(passwd, 0, strlen(passwd));
- xfree(passwd);
+ free(passwd);
buffer_clear(m);
buffer_put_int(m, authenticated);
@@ -779,10 +921,10 @@
mm_request_send(sock, MONITOR_ANS_BSDAUTHQUERY, m);
if (success) {
- xfree(name);
- xfree(infotxt);
- xfree(prompts);
- xfree(echo_on);
+ free(name);
+ free(infotxt);
+ free(prompts);
+ free(echo_on);
}
return (0);
@@ -802,7 +944,7 @@
auth_userresponse(authctxt->as, response, 0);
authctxt->as = NULL;
debug3("%s: <%s> = <%d>", __func__, response, authok);
- xfree(response);
+ free(response);
buffer_clear(m);
buffer_put_int(m, authok);
@@ -810,7 +952,11 @@
debug3("%s: sending authenticated: %d", __func__, authok);
mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m);
- auth_method = "bsdauth";
+ if (compat20) {
+ auth_method = "keyboard-interactive";
+ auth_submethod = "bsdauth";
+ } else
+ auth_method = "bsdauth";
return (authok != 0);
}
@@ -851,7 +997,7 @@
skey_haskey(authctxt->pw->pw_name) == 0 &&
skey_passcheck(authctxt->pw->pw_name, response) != -1);
- xfree(response);
+ free(response);
buffer_clear(m);
buffer_put_int(m, authok);
@@ -936,20 +1082,19 @@
buffer_clear(m);
buffer_put_int(m, ret);
buffer_put_cstring(m, name);
- xfree(name);
+ free(name);
buffer_put_cstring(m, info);
- xfree(info);
+ free(info);
buffer_put_int(m, num);
for (i = 0; i < num; ++i) {
buffer_put_cstring(m, prompts[i]);
- xfree(prompts[i]);
+ free(prompts[i]);
buffer_put_int(m, echo_on[i]);
}
- if (prompts != NULL)
- xfree(prompts);
- if (echo_on != NULL)
- xfree(echo_on);
- auth_method = "keyboard-interactive/pam";
+ free(prompts);
+ free(echo_on);
+ auth_method = "keyboard-interactive";
+ auth_submethod = "pam";
mm_request_send(sock, MONITOR_ANS_PAM_QUERY, m);
return (0);
}
@@ -970,8 +1115,8 @@
resp[i] = buffer_get_string(m, NULL);
ret = (sshpam_device.respond)(sshpam_ctxt, num, resp);
for (i = 0; i < num; ++i)
- xfree(resp[i]);
- xfree(resp);
+ free(resp[i]);
+ free(resp);
} else {
ret = (sshpam_device.respond)(sshpam_ctxt, num, NULL);
}
@@ -978,7 +1123,8 @@
buffer_clear(m);
buffer_put_int(m, ret);
mm_request_send(sock, MONITOR_ANS_PAM_RESPOND, m);
- auth_method = "keyboard-interactive/pam";
+ auth_method = "keyboard-interactive";
+ auth_submethod = "pam";
if (ret == 0)
sshpam_authok = sshpam_ctxt;
return (0);
@@ -992,7 +1138,8 @@
(sshpam_device.free_ctx)(sshpam_ctxt);
buffer_clear(m);
mm_request_send(sock, MONITOR_ANS_PAM_FREE_CTX, m);
- auth_method = "keyboard-interactive/pam";
+ auth_method = "keyboard-interactive";
+ auth_submethod = "pam";
return (sshpam_authok == sshpam_ctxt);
}
#endif
@@ -1027,6 +1174,7 @@
case MM_USERKEY:
allowed = options.pubkey_authentication &&
user_key_allowed(authctxt->pw, key);
+ pubkey_auth_info(authctxt, key, NULL);
auth_method = "publickey";
if (options.pubkey_authentication && allowed != 1)
auth_clear_options();
@@ -1035,6 +1183,9 @@
allowed = options.hostbased_authentication &&
hostbased_key_allowed(authctxt->pw,
cuser, chost, key);
+ pubkey_auth_info(authctxt, key,
+ "client user \"%.100s\", client host \"%.100s\"",
+ cuser, chost);
auth_method = "hostbased";
break;
case MM_RSAHOSTKEY:
@@ -1066,10 +1217,10 @@
hostbased_chost = chost;
} else {
/* Log failed attempt */
- auth_log(authctxt, 0, auth_method, compat20 ? " ssh2" : "");
- xfree(blob);
- xfree(cuser);
- xfree(chost);
+ auth_log(authctxt, 0, 0, auth_method, NULL);
+ free(blob);
+ free(cuser);
+ free(chost);
}
debug3("%s: key %p is %s",
@@ -1091,7 +1242,7 @@
monitor_valid_userblob(u_char *data, u_int datalen)
{
Buffer b;
- char *p;
+ char *p, *userstyle;
u_int len;
int fail = 0;
@@ -1112,26 +1263,30 @@
(len != session_id2_len) ||
(timingsafe_bcmp(p, session_id2, session_id2_len) != 0))
fail++;
- xfree(p);
+ free(p);
}
if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
fail++;
- p = buffer_get_string(&b, NULL);
- if (strcmp(authctxt->user, p) != 0) {
+ p = buffer_get_cstring(&b, NULL);
+ xasprintf(&userstyle, "%s%s%s", authctxt->user,
+ authctxt->style ? ":" : "",
+ authctxt->style ? authctxt->style : "");
+ if (strcmp(userstyle, p) != 0) {
logit("wrong user name passed to monitor: expected %s != %.100s",
- authctxt->user, p);
+ userstyle, p);
fail++;
}
- xfree(p);
+ free(userstyle);
+ free(p);
buffer_skip_string(&b);
if (datafellows & SSH_BUG_PKAUTH) {
if (!buffer_get_char(&b))
fail++;
} else {
- p = buffer_get_string(&b, NULL);
+ p = buffer_get_cstring(&b, NULL);
if (strcmp("publickey", p) != 0)
fail++;
- xfree(p);
+ free(p);
if (!buffer_get_char(&b))
fail++;
buffer_skip_string(&b);
@@ -1148,7 +1303,7 @@
char *chost)
{
Buffer b;
- char *p;
+ char *p, *userstyle;
u_int len;
int fail = 0;
@@ -1160,22 +1315,26 @@
(len != session_id2_len) ||
(timingsafe_bcmp(p, session_id2, session_id2_len) != 0))
fail++;
- xfree(p);
+ free(p);
if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
fail++;
- p = buffer_get_string(&b, NULL);
- if (strcmp(authctxt->user, p) != 0) {
+ p = buffer_get_cstring(&b, NULL);
+ xasprintf(&userstyle, "%s%s%s", authctxt->user,
+ authctxt->style ? ":" : "",
+ authctxt->style ? authctxt->style : "");
+ if (strcmp(userstyle, p) != 0) {
logit("wrong user name passed to monitor: expected %s != %.100s",
- authctxt->user, p);
+ userstyle, p);
fail++;
}
- xfree(p);
+ free(userstyle);
+ free(p);
buffer_skip_string(&b); /* service */
- p = buffer_get_string(&b, NULL);
+ p = buffer_get_cstring(&b, NULL);
if (strcmp(p, "hostbased") != 0)
fail++;
- xfree(p);
+ free(p);
buffer_skip_string(&b); /* pkalg */
buffer_skip_string(&b); /* pkblob */
@@ -1185,13 +1344,13 @@
p[len - 1] = '\0';
if (strcmp(p, chost) != 0)
fail++;
- xfree(p);
+ free(p);
/* verify client user */
p = buffer_get_string(&b, NULL);
if (strcmp(p, cuser) != 0)
fail++;
- xfree(p);
+ free(p);
if (buffer_len(&b) != 0)
fail++;
@@ -1240,9 +1399,9 @@
__func__, key, (verified == 1) ? "verified" : "unverified");
key_free(key);
- xfree(blob);
- xfree(signature);
- xfree(data);
+ free(blob);
+ free(signature);
+ free(data);
auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased";
@@ -1370,7 +1529,7 @@
if ((s = session_by_tty(tty)) != NULL)
mm_session_close(s);
buffer_clear(m);
- xfree(tty);
+ free(tty);
return (0);
}
@@ -1502,7 +1661,7 @@
monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 1);
- xfree(blob);
+ free(blob);
key_free(key);
return (0);
}
@@ -1534,9 +1693,9 @@
fatal("%s: received bad response to challenge", __func__);
success = auth_rsa_verify_response(key, ssh1_challenge, response);
- xfree(blob);
+ free(blob);
key_free(key);
- xfree(response);
+ free(response);
auth_method = key_blobtype == MM_RSAUSERKEY ? "rsa" : "rhosts-rsa";
@@ -1615,7 +1774,7 @@
cmd = buffer_get_string(m, &len);
/* sanity check command, if so how? */
audit_run_command(cmd);
- xfree(cmd);
+ free(cmd);
return (0);
}
#endif /* SSH_AUDIT_EVENTS */
@@ -1630,20 +1789,20 @@
packet_set_protocol_flags(child_state.ssh1protoflags);
packet_set_encryption_key(child_state.ssh1key,
child_state.ssh1keylen, child_state.ssh1cipher);
- xfree(child_state.ssh1key);
+ free(child_state.ssh1key);
}
/* for rc4 and other stateful ciphers */
packet_set_keycontext(MODE_OUT, child_state.keyout);
- xfree(child_state.keyout);
+ free(child_state.keyout);
packet_set_keycontext(MODE_IN, child_state.keyin);
- xfree(child_state.keyin);
+ free(child_state.keyin);
if (!compat20) {
packet_set_iv(MODE_OUT, child_state.ivout);
- xfree(child_state.ivout);
+ free(child_state.ivout);
packet_set_iv(MODE_IN, child_state.ivin);
- xfree(child_state.ivin);
+ free(child_state.ivin);
}
memcpy(&incoming_stream, &child_state.incoming,
@@ -1655,18 +1814,22 @@
if (options.compression)
mm_init_compression(pmonitor->m_zlib);
+ if (options.rekey_limit || options.rekey_interval)
+ packet_set_rekey_limits((u_int32_t)options.rekey_limit,
+ (time_t)options.rekey_interval);
+
/* Network I/O buffers */
/* XXX inefficient for large buffers, need: buffer_init_from_string */
buffer_clear(packet_get_input());
buffer_append(packet_get_input(), child_state.input, child_state.ilen);
memset(child_state.input, 0, child_state.ilen);
- xfree(child_state.input);
+ free(child_state.input);
buffer_clear(packet_get_output());
buffer_append(packet_get_output(), child_state.output,
child_state.olen);
memset(child_state.output, 0, child_state.olen);
- xfree(child_state.output);
+ free(child_state.output);
/* Roaming */
if (compat20)
@@ -1698,11 +1861,11 @@
blob = buffer_get_string(m, &bloblen);
buffer_init(&kex->my);
buffer_append(&kex->my, blob, bloblen);
- xfree(blob);
+ free(blob);
blob = buffer_get_string(m, &bloblen);
buffer_init(&kex->peer);
buffer_append(&kex->peer, blob, bloblen);
- xfree(blob);
+ free(blob);
kex->done = 1;
kex->flags = buffer_get_int(m);
kex->client_version_string = buffer_get_string(m, NULL);
@@ -1710,6 +1873,7 @@
kex->load_host_public_key=&get_hostkey_public_by_type;
kex->load_host_private_key=&get_hostkey_private_by_type;
kex->host_key_index=&get_hostkey_index;
+ kex->sign = sshd_hostkey_sign;
return (kex);
}
@@ -1745,12 +1909,12 @@
blob = buffer_get_string(&m, &bloblen);
current_keys[MODE_OUT] = mm_newkeys_from_blob(blob, bloblen);
- xfree(blob);
+ free(blob);
debug3("%s: Waiting for second key", __func__);
blob = buffer_get_string(&m, &bloblen);
current_keys[MODE_IN] = mm_newkeys_from_blob(blob, bloblen);
- xfree(blob);
+ free(blob);
/* Now get sequence numbers for the packets */
seqnr = buffer_get_int(&m);
@@ -1775,13 +1939,13 @@
if (plen != sizeof(child_state.outgoing))
fatal("%s: bad request size", __func__);
memcpy(&child_state.outgoing, p, sizeof(child_state.outgoing));
- xfree(p);
+ free(p);
p = buffer_get_string(&m, &plen);
if (plen != sizeof(child_state.incoming))
fatal("%s: bad request size", __func__);
memcpy(&child_state.incoming, p, sizeof(child_state.incoming));
- xfree(p);
+ free(p);
/* Network I/O buffers */
debug3("%s: Getting Network I/O buffers", __func__);
@@ -1834,22 +1998,31 @@
/* XXX */
#define FD_CLOSEONEXEC(x) do { \
- if (fcntl(x, F_SETFD, 1) == -1) \
+ if (fcntl(x, F_SETFD, FD_CLOEXEC) == -1) \
fatal("fcntl(%d, F_SETFD)", x); \
} while (0)
static void
-monitor_socketpair(int *pair)
+monitor_openfds(struct monitor *mon, int do_logfds)
{
-#ifdef HAVE_SOCKETPAIR
+ int pair[2];
+
if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1)
- fatal("%s: socketpair", __func__);
-#else
- fatal("%s: UsePrivilegeSeparation=yes not supported",
- __func__);
-#endif
+ fatal("%s: socketpair: %s", __func__, strerror(errno));
FD_CLOSEONEXEC(pair[0]);
FD_CLOSEONEXEC(pair[1]);
+ mon->m_recvfd = pair[0];
+ mon->m_sendfd = pair[1];
+
+ if (do_logfds) {
+ if (pipe(pair) == -1)
+ fatal("%s: pipe: %s", __func__, strerror(errno));
+ FD_CLOSEONEXEC(pair[0]);
+ FD_CLOSEONEXEC(pair[1]);
+ mon->m_log_recvfd = pair[0];
+ mon->m_log_sendfd = pair[1];
+ } else
+ mon->m_log_recvfd = mon->m_log_sendfd = -1;
}
#define MM_MEMSIZE 65536
@@ -1858,15 +2031,11 @@
monitor_init(void)
{
struct monitor *mon;
- int pair[2];
mon = xcalloc(1, sizeof(*mon));
- monitor_socketpair(pair);
+ monitor_openfds(mon, 1);
- mon->m_recvfd = pair[0];
- mon->m_sendfd = pair[1];
-
/* Used to share zlib space across processes */
if (options.compression) {
mon->m_zback = mm_create(NULL, MM_MEMSIZE);
@@ -1882,12 +2051,7 @@
void
monitor_reinit(struct monitor *mon)
{
- int pair[2];
-
- monitor_socketpair(pair);
-
- mon->m_recvfd = pair[0];
- mon->m_sendfd = pair[1];
+ monitor_openfds(mon, 0);
}
#ifdef GSSAPI
@@ -1903,7 +2067,7 @@
major = ssh_gssapi_server_ctx(&gsscontext, &goid);
- xfree(goid.elements);
+ free(goid.elements);
buffer_clear(m);
buffer_put_int(m, major);
@@ -1928,7 +2092,7 @@
in.value = buffer_get_string(m, &len);
in.length = len;
major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags);
- xfree(in.value);
+ free(in.value);
buffer_clear(m);
buffer_put_int(m, major);
@@ -1960,8 +2124,8 @@
ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic);
- xfree(gssbuf.value);
- xfree(mic.value);
+ free(gssbuf.value);
+ free(mic.value);
buffer_clear(m);
buffer_put_int(m, ret);
@@ -2031,8 +2195,8 @@
bzero(x3_proof, x3_proof_len);
bzero(x4_proof, x4_proof_len);
- xfree(x3_proof);
- xfree(x4_proof);
+ free(x3_proof);
+ free(x4_proof);
monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_GET_PWDATA, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 0);
@@ -2061,8 +2225,8 @@
bzero(hash_scheme, strlen(hash_scheme));
bzero(salt, strlen(salt));
- xfree(hash_scheme);
- xfree(salt);
+ free(hash_scheme);
+ free(salt);
monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP2, 1);
@@ -2101,8 +2265,8 @@
bzero(x1_proof, x1_proof_len);
bzero(x2_proof, x2_proof_len);
- xfree(x1_proof);
- xfree(x2_proof);
+ free(x1_proof);
+ free(x2_proof);
buffer_clear(m);
@@ -2113,7 +2277,7 @@
mm_request_send(sock, MONITOR_ANS_JPAKE_STEP2, m);
bzero(x4_s_proof, x4_s_proof_len);
- xfree(x4_s_proof);
+ free(x4_s_proof);
monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_KEY_CONFIRM, 1);
@@ -2181,7 +2345,7 @@
JPAKE_DEBUG_CTX((pctx, "check_confirm done in %s", __func__));
bzero(peer_confirm_hash, peer_confirm_hash_len);
- xfree(peer_confirm_hash);
+ free(peer_confirm_hash);
buffer_clear(m);
buffer_put_int(m, authenticated);
Property changes on: vendor-crypto/openssh/dist/monitor.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.9
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/monitor.h
===================================================================
--- vendor-crypto/openssh/dist/monitor.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/monitor.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.h,v 1.15 2008/11/04 08:22:13 djm Exp $ */
+/* $OpenBSD: monitor.h,v 1.17 2012/12/02 20:34:10 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos at citi.umich.edu>
@@ -28,44 +28,48 @@
#ifndef _MONITOR_H_
#define _MONITOR_H_
+/* Please keep *_REQ_* values on even numbers and *_ANS_* on odd numbers */
enum monitor_reqtype {
- MONITOR_REQ_MODULI, MONITOR_ANS_MODULI,
- MONITOR_REQ_FREE, MONITOR_REQ_AUTHSERV,
- MONITOR_REQ_SIGN, MONITOR_ANS_SIGN,
- MONITOR_REQ_PWNAM, MONITOR_ANS_PWNAM,
- MONITOR_REQ_AUTH2_READ_BANNER, MONITOR_ANS_AUTH2_READ_BANNER,
- MONITOR_REQ_AUTHPASSWORD, MONITOR_ANS_AUTHPASSWORD,
- MONITOR_REQ_BSDAUTHQUERY, MONITOR_ANS_BSDAUTHQUERY,
- MONITOR_REQ_BSDAUTHRESPOND, MONITOR_ANS_BSDAUTHRESPOND,
- MONITOR_REQ_SKEYQUERY, MONITOR_ANS_SKEYQUERY,
- MONITOR_REQ_SKEYRESPOND, MONITOR_ANS_SKEYRESPOND,
- MONITOR_REQ_KEYALLOWED, MONITOR_ANS_KEYALLOWED,
- MONITOR_REQ_KEYVERIFY, MONITOR_ANS_KEYVERIFY,
- MONITOR_REQ_KEYEXPORT,
- MONITOR_REQ_PTY, MONITOR_ANS_PTY,
- MONITOR_REQ_PTYCLEANUP,
- MONITOR_REQ_SESSKEY, MONITOR_ANS_SESSKEY,
- MONITOR_REQ_SESSID,
- MONITOR_REQ_RSAKEYALLOWED, MONITOR_ANS_RSAKEYALLOWED,
- MONITOR_REQ_RSACHALLENGE, MONITOR_ANS_RSACHALLENGE,
- MONITOR_REQ_RSARESPONSE, MONITOR_ANS_RSARESPONSE,
- MONITOR_REQ_GSSSETUP, MONITOR_ANS_GSSSETUP,
- MONITOR_REQ_GSSSTEP, MONITOR_ANS_GSSSTEP,
- MONITOR_REQ_GSSUSEROK, MONITOR_ANS_GSSUSEROK,
- MONITOR_REQ_GSSCHECKMIC, MONITOR_ANS_GSSCHECKMIC,
- MONITOR_REQ_PAM_START,
- MONITOR_REQ_PAM_ACCOUNT, MONITOR_ANS_PAM_ACCOUNT,
- MONITOR_REQ_PAM_INIT_CTX, MONITOR_ANS_PAM_INIT_CTX,
- MONITOR_REQ_PAM_QUERY, MONITOR_ANS_PAM_QUERY,
- MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND,
- MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX,
- MONITOR_REQ_AUDIT_EVENT, MONITOR_REQ_AUDIT_COMMAND,
- MONITOR_REQ_TERM,
- MONITOR_REQ_JPAKE_STEP1, MONITOR_ANS_JPAKE_STEP1,
- MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA,
- MONITOR_REQ_JPAKE_STEP2, MONITOR_ANS_JPAKE_STEP2,
- MONITOR_REQ_JPAKE_KEY_CONFIRM, MONITOR_ANS_JPAKE_KEY_CONFIRM,
- MONITOR_REQ_JPAKE_CHECK_CONFIRM, MONITOR_ANS_JPAKE_CHECK_CONFIRM,
+ MONITOR_REQ_MODULI = 0, MONITOR_ANS_MODULI = 1,
+ MONITOR_REQ_FREE = 2,
+ MONITOR_REQ_AUTHSERV = 4,
+ MONITOR_REQ_SIGN = 6, MONITOR_ANS_SIGN = 7,
+ MONITOR_REQ_PWNAM = 8, MONITOR_ANS_PWNAM = 9,
+ MONITOR_REQ_AUTH2_READ_BANNER = 10, MONITOR_ANS_AUTH2_READ_BANNER = 11,
+ MONITOR_REQ_AUTHPASSWORD = 12, MONITOR_ANS_AUTHPASSWORD = 13,
+ MONITOR_REQ_BSDAUTHQUERY = 14, MONITOR_ANS_BSDAUTHQUERY = 15,
+ MONITOR_REQ_BSDAUTHRESPOND = 16, MONITOR_ANS_BSDAUTHRESPOND = 17,
+ MONITOR_REQ_SKEYQUERY = 18, MONITOR_ANS_SKEYQUERY = 19,
+ MONITOR_REQ_SKEYRESPOND = 20, MONITOR_ANS_SKEYRESPOND = 21,
+ MONITOR_REQ_KEYALLOWED = 22, MONITOR_ANS_KEYALLOWED = 23,
+ MONITOR_REQ_KEYVERIFY = 24, MONITOR_ANS_KEYVERIFY = 25,
+ MONITOR_REQ_KEYEXPORT = 26,
+ MONITOR_REQ_PTY = 28, MONITOR_ANS_PTY = 29,
+ MONITOR_REQ_PTYCLEANUP = 30,
+ MONITOR_REQ_SESSKEY = 32, MONITOR_ANS_SESSKEY = 33,
+ MONITOR_REQ_SESSID = 34,
+ MONITOR_REQ_RSAKEYALLOWED = 36, MONITOR_ANS_RSAKEYALLOWED = 37,
+ MONITOR_REQ_RSACHALLENGE = 38, MONITOR_ANS_RSACHALLENGE = 39,
+ MONITOR_REQ_RSARESPONSE = 40, MONITOR_ANS_RSARESPONSE = 41,
+ MONITOR_REQ_GSSSETUP = 42, MONITOR_ANS_GSSSETUP = 43,
+ MONITOR_REQ_GSSSTEP = 44, MONITOR_ANS_GSSSTEP = 45,
+ MONITOR_REQ_GSSUSEROK = 46, MONITOR_ANS_GSSUSEROK = 47,
+ MONITOR_REQ_GSSCHECKMIC = 48, MONITOR_ANS_GSSCHECKMIC = 49,
+ MONITOR_REQ_TERM = 50,
+ MONITOR_REQ_JPAKE_STEP1 = 52, MONITOR_ANS_JPAKE_STEP1 = 53,
+ MONITOR_REQ_JPAKE_GET_PWDATA = 54, MONITOR_ANS_JPAKE_GET_PWDATA = 55,
+ MONITOR_REQ_JPAKE_STEP2 = 56, MONITOR_ANS_JPAKE_STEP2 = 57,
+ MONITOR_REQ_JPAKE_KEY_CONFIRM = 58, MONITOR_ANS_JPAKE_KEY_CONFIRM = 59,
+ MONITOR_REQ_JPAKE_CHECK_CONFIRM = 60, MONITOR_ANS_JPAKE_CHECK_CONFIRM = 61,
+
+ MONITOR_REQ_PAM_START = 100,
+ MONITOR_REQ_PAM_ACCOUNT = 102, MONITOR_ANS_PAM_ACCOUNT = 103,
+ MONITOR_REQ_PAM_INIT_CTX = 104, MONITOR_ANS_PAM_INIT_CTX = 105,
+ MONITOR_REQ_PAM_QUERY = 106, MONITOR_ANS_PAM_QUERY = 107,
+ MONITOR_REQ_PAM_RESPOND = 108, MONITOR_ANS_PAM_RESPOND = 109,
+ MONITOR_REQ_PAM_FREE_CTX = 110, MONITOR_ANS_PAM_FREE_CTX = 111,
+ MONITOR_REQ_AUDIT_EVENT = 112, MONITOR_REQ_AUDIT_COMMAND = 113,
+
};
struct mm_master;
@@ -72,6 +76,8 @@
struct monitor {
int m_recvfd;
int m_sendfd;
+ int m_log_recvfd;
+ int m_log_sendfd;
struct mm_master *m_zback;
struct mm_master *m_zlib;
struct Kex **m_pkex;
Property changes on: vendor-crypto/openssh/dist/monitor.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.7
\ No newline at end of property
Index: vendor-crypto/openssh/dist/monitor_fdpass.c
===================================================================
--- vendor-crypto/openssh/dist/monitor_fdpass.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/monitor_fdpass.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/monitor_fdpass.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.7
\ No newline at end of property
Index: vendor-crypto/openssh/dist/monitor_fdpass.h
===================================================================
--- vendor-crypto/openssh/dist/monitor_fdpass.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/monitor_fdpass.h 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/monitor_fdpass.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/monitor_mm.c
===================================================================
--- vendor-crypto/openssh/dist/monitor_mm.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/monitor_mm.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_mm.c,v 1.16 2009/06/22 05:39:28 dtucker Exp $ */
+/* $OpenBSD: monitor_mm.c,v 1.18 2013/11/08 00:39:15 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos at citi.umich.edu>
* All rights reserved.
@@ -35,6 +35,7 @@
#include <errno.h>
#include <stdarg.h>
+#include <stdlib.h>
#include <string.h>
#include "xmalloc.h"
@@ -64,7 +65,7 @@
struct mm_share *tmp, *tmp2;
if (mm->mmalloc == NULL)
- tmp = xmalloc(sizeof(struct mm_share));
+ tmp = xcalloc(1, sizeof(struct mm_share));
else
tmp = mm_xmalloc(mm->mmalloc, sizeof(struct mm_share));
tmp->address = address;
@@ -87,7 +88,7 @@
struct mm_master *mm;
if (mmalloc == NULL)
- mm = xmalloc(sizeof(struct mm_master));
+ mm = xcalloc(1, sizeof(struct mm_master));
else
mm = mm_xmalloc(mmalloc, sizeof(struct mm_master));
@@ -124,7 +125,7 @@
next = RB_NEXT(mmtree, head, mms);
RB_REMOVE(mmtree, head, mms);
if (mmalloc == NULL)
- xfree(mms);
+ free(mms);
else
mm_free(mmalloc, mms);
}
@@ -147,7 +148,7 @@
__func__);
#endif
if (mm->mmalloc == NULL)
- xfree(mm);
+ free(mm);
else
mm_free(mm->mmalloc, mm);
}
@@ -160,6 +161,7 @@
address = mm_malloc(mm, size);
if (address == NULL)
fatal("%s: mm_malloc(%lu)", __func__, (u_long)size);
+ memset(address, 0, size);
return (address);
}
@@ -198,7 +200,7 @@
if (mms->size == 0) {
RB_REMOVE(mmtree, &mm->rb_free, mms);
if (mm->mmalloc == NULL)
- xfree(mms);
+ free(mms);
else
mm_free(mm->mmalloc, mms);
}
@@ -254,7 +256,7 @@
prev->size += mms->size;
RB_REMOVE(mmtree, &mm->rb_free, mms);
if (mm->mmalloc == NULL)
- xfree(mms);
+ free(mms);
else
mm_free(mm->mmalloc, mms);
} else
@@ -278,7 +280,7 @@
RB_REMOVE(mmtree, &mm->rb_free, mms);
if (mm->mmalloc == NULL)
- xfree(mms);
+ free(mms);
else
mm_free(mm->mmalloc, mms);
}
Property changes on: vendor-crypto/openssh/dist/monitor_mm.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Index: vendor-crypto/openssh/dist/monitor_mm.h
===================================================================
--- vendor-crypto/openssh/dist/monitor_mm.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/monitor_mm.h 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/monitor_mm.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/monitor_wrap.c
===================================================================
--- vendor-crypto/openssh/dist/monitor_wrap.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/monitor_wrap.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_wrap.c,v 1.70 2010/08/31 11:54:45 djm Exp $ */
+/* $OpenBSD: monitor_wrap.c,v 1.77 2013/11/06 16:52:11 markus Exp $ */
/*
* Copyright 2002 Niels Provos <provos at citi.umich.edu>
* Copyright 2002 Markus Friedl <markus at openbsd.org>
@@ -88,6 +88,32 @@
extern Buffer loginmsg;
extern ServerOptions options;
+void
+mm_log_handler(LogLevel level, const char *msg, void *ctx)
+{
+ Buffer log_msg;
+ struct monitor *mon = (struct monitor *)ctx;
+
+ if (mon->m_log_sendfd == -1)
+ fatal("%s: no log channel", __func__);
+
+ buffer_init(&log_msg);
+ /*
+ * Placeholder for packet length. Will be filled in with the actual
+ * packet length once the packet has been constucted. This saves
+ * fragile math.
+ */
+ buffer_put_int(&log_msg, 0);
+
+ buffer_put_int(&log_msg, level);
+ buffer_put_cstring(&log_msg, msg);
+ put_u32(buffer_ptr(&log_msg), buffer_len(&log_msg) - 4);
+ if (atomicio(vwrite, mon->m_log_sendfd, buffer_ptr(&log_msg),
+ buffer_len(&log_msg)) != buffer_len(&log_msg))
+ fatal("%s: write: %s", __func__, strerror(errno));
+ buffer_free(&log_msg);
+}
+
int
mm_is_monitor(void)
{
@@ -211,7 +237,7 @@
{
Buffer m;
struct passwd *pw;
- u_int len;
+ u_int len, i;
ServerOptions *newopts;
debug3("%s entering", __func__);
@@ -233,8 +259,10 @@
fatal("%s: struct passwd size mismatch", __func__);
pw->pw_name = buffer_get_string(&m, NULL);
pw->pw_passwd = buffer_get_string(&m, NULL);
+#ifdef HAVE_STRUCT_PASSWD_PW_GECOS
pw->pw_gecos = buffer_get_string(&m, NULL);
-#ifdef HAVE_PW_CLASS_IN_PASSWD
+#endif
+#ifdef HAVE_STRUCT_PASSWD_PW_CLASS
pw->pw_class = buffer_get_string(&m, NULL);
#endif
pw->pw_dir = buffer_get_string(&m, NULL);
@@ -245,10 +273,22 @@
newopts = buffer_get_string(&m, &len);
if (len != sizeof(*newopts))
fatal("%s: option block size mismatch", __func__);
- if (newopts->banner != NULL)
- newopts->banner = buffer_get_string(&m, NULL);
+
+#define M_CP_STROPT(x) do { \
+ if (newopts->x != NULL) \
+ newopts->x = buffer_get_string(&m, NULL); \
+ } while (0)
+#define M_CP_STRARRAYOPT(x, nx) do { \
+ for (i = 0; i < newopts->nx; i++) \
+ newopts->x[i] = buffer_get_string(&m, NULL); \
+ } while (0)
+ /* See comment in servconf.h */
+ COPY_MATCH_STRING_OPTS();
+#undef M_CP_STROPT
+#undef M_CP_STRARRAYOPT
+
copy_set_server_options(&options, newopts, 1);
- xfree(newopts);
+ free(newopts);
buffer_free(&m);
@@ -274,7 +314,7 @@
/* treat empty banner as missing banner */
if (strlen(banner) == 0) {
- xfree(banner);
+ free(banner);
banner = NULL;
}
return (banner);
@@ -367,7 +407,7 @@
buffer_put_cstring(&m, user ? user : "");
buffer_put_cstring(&m, host ? host : "");
buffer_put_string(&m, blob, len);
- xfree(blob);
+ free(blob);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m);
@@ -410,7 +450,7 @@
buffer_put_string(&m, blob, len);
buffer_put_string(&m, sig, siglen);
buffer_put_string(&m, data, datalen);
- xfree(blob);
+ free(blob);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, &m);
@@ -442,7 +482,7 @@
buffer_init(&b);
buffer_append(&b, blob, blen);
- newkey = xmalloc(sizeof(*newkey));
+ newkey = xcalloc(1, sizeof(*newkey));
enc = &newkey->enc;
mac = &newkey->mac;
comp = &newkey->comp;
@@ -453,10 +493,7 @@
enc->enabled = buffer_get_int(&b);
enc->block_size = buffer_get_int(&b);
enc->key = buffer_get_string(&b, &enc->key_len);
- enc->iv = buffer_get_string(&b, &len);
- if (len != enc->block_size)
- fatal("%s: bad ivlen: expected %u != %u", __func__,
- enc->block_size, len);
+ enc->iv = buffer_get_string(&b, &enc->iv_len);
if (enc->name == NULL || cipher_by_name(enc->name) != enc->cipher)
fatal("%s: bad cipher name %s or pointer %p", __func__,
@@ -463,15 +500,17 @@
enc->name, enc->cipher);
/* Mac structure */
- mac->name = buffer_get_string(&b, NULL);
- if (mac->name == NULL || mac_setup(mac, mac->name) == -1)
- fatal("%s: can not setup mac %s", __func__, mac->name);
- mac->enabled = buffer_get_int(&b);
- mac->key = buffer_get_string(&b, &len);
- if (len > mac->key_len)
- fatal("%s: bad mac key length: %u > %d", __func__, len,
- mac->key_len);
- mac->key_len = len;
+ if (cipher_authlen(enc->cipher) == 0) {
+ mac->name = buffer_get_string(&b, NULL);
+ if (mac->name == NULL || mac_setup(mac, mac->name) == -1)
+ fatal("%s: can not setup mac %s", __func__, mac->name);
+ mac->enabled = buffer_get_int(&b);
+ mac->key = buffer_get_string(&b, &len);
+ if (len > mac->key_len)
+ fatal("%s: bad mac key length: %u > %d", __func__, len,
+ mac->key_len);
+ mac->key_len = len;
+ }
/* Comp structure */
comp->type = buffer_get_int(&b);
@@ -513,13 +552,15 @@
buffer_put_int(&b, enc->enabled);
buffer_put_int(&b, enc->block_size);
buffer_put_string(&b, enc->key, enc->key_len);
- packet_get_keyiv(mode, enc->iv, enc->block_size);
- buffer_put_string(&b, enc->iv, enc->block_size);
+ packet_get_keyiv(mode, enc->iv, enc->iv_len);
+ buffer_put_string(&b, enc->iv, enc->iv_len);
/* Mac structure */
- buffer_put_cstring(&b, mac->name);
- buffer_put_int(&b, mac->enabled);
- buffer_put_string(&b, mac->key, mac->key_len);
+ if (cipher_authlen(enc->cipher) == 0) {
+ buffer_put_cstring(&b, mac->name);
+ buffer_put_int(&b, mac->enabled);
+ buffer_put_string(&b, mac->key, mac->key_len);
+ }
/* Comp structure */
buffer_put_int(&b, comp->type);
@@ -578,12 +619,12 @@
keylen = packet_get_encryption_key(key);
buffer_put_string(&m, key, keylen);
memset(key, 0, keylen);
- xfree(key);
+ free(key);
ivlen = packet_get_keyiv_len(MODE_OUT);
packet_get_keyiv(MODE_OUT, iv, ivlen);
buffer_put_string(&m, iv, ivlen);
- ivlen = packet_get_keyiv_len(MODE_OUT);
+ ivlen = packet_get_keyiv_len(MODE_IN);
packet_get_keyiv(MODE_IN, iv, ivlen);
buffer_put_string(&m, iv, ivlen);
goto skip;
@@ -601,13 +642,13 @@
fatal("%s: conversion of newkeys failed", __func__);
buffer_put_string(&m, blob, bloblen);
- xfree(blob);
+ free(blob);
if (!mm_newkeys_to_blob(MODE_IN, &blob, &bloblen))
fatal("%s: conversion of newkeys failed", __func__);
buffer_put_string(&m, blob, bloblen);
- xfree(blob);
+ free(blob);
packet_get_state(MODE_OUT, &seqnr, &blocks, &packets, &bytes);
buffer_put_int(&m, seqnr);
@@ -627,13 +668,13 @@
p = xmalloc(plen+1);
packet_get_keycontext(MODE_OUT, p);
buffer_put_string(&m, p, plen);
- xfree(p);
+ free(p);
plen = packet_get_keycontext(MODE_IN, NULL);
p = xmalloc(plen+1);
packet_get_keycontext(MODE_IN, p);
buffer_put_string(&m, p, plen);
- xfree(p);
+ free(p);
/* Compression state */
debug3("%s: Sending compression state", __func__);
@@ -695,10 +736,10 @@
buffer_free(&m);
strlcpy(namebuf, p, namebuflen); /* Possible truncation */
- xfree(p);
+ free(p);
buffer_append(&loginmsg, msg, strlen(msg));
- xfree(msg);
+ free(msg);
if ((*ptyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1 ||
(*ttyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1)
@@ -764,7 +805,7 @@
ret = buffer_get_int(&m);
msg = buffer_get_string(&m, NULL);
buffer_append(&loginmsg, msg, strlen(msg));
- xfree(msg);
+ free(msg);
buffer_free(&m);
@@ -994,7 +1035,7 @@
mm_chall_setup(name, infotxt, numprompts, prompts, echo_on);
xasprintf(*prompts, "%s%s", challenge, SKEY_PROMPT);
- xfree(challenge);
+ free(challenge);
return (0);
}
@@ -1068,7 +1109,7 @@
if ((key = key_from_blob(blob, blen)) == NULL)
fatal("%s: key_from_blob failed", __func__);
*rkey = key;
- xfree(blob);
+ free(blob);
}
buffer_free(&m);
@@ -1095,7 +1136,7 @@
buffer_init(&m);
buffer_put_string(&m, blob, blen);
- xfree(blob);
+ free(blob);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSACHALLENGE, &m);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSACHALLENGE, &m);
@@ -1124,7 +1165,7 @@
buffer_init(&m);
buffer_put_string(&m, blob, blen);
buffer_put_string(&m, response, 16);
- xfree(blob);
+ free(blob);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSARESPONSE, &m);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSARESPONSE, &m);
Property changes on: vendor-crypto/openssh/dist/monitor_wrap.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.9
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/monitor_wrap.h
===================================================================
--- vendor-crypto/openssh/dist/monitor_wrap.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/monitor_wrap.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_wrap.h,v 1.22 2009/03/05 07:18:19 djm Exp $ */
+/* $OpenBSD: monitor_wrap.h,v 1.23 2011/06/17 21:44:31 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos at citi.umich.edu>
@@ -37,6 +37,7 @@
struct mm_master;
struct Authctxt;
+void mm_log_handler(LogLevel, const char *, void *);
int mm_is_monitor(void);
DH *mm_choose_dh(int, int, int);
int mm_key_sign(Key *, u_char **, u_int *, u_char *, u_int);
Property changes on: vendor-crypto/openssh/dist/monitor_wrap.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.8
\ No newline at end of property
Index: vendor-crypto/openssh/dist/msg.c
===================================================================
--- vendor-crypto/openssh/dist/msg.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/msg.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/msg.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Index: vendor-crypto/openssh/dist/msg.h
===================================================================
--- vendor-crypto/openssh/dist/msg.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/msg.h 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/msg.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/mux.c
===================================================================
--- vendor-crypto/openssh/dist/mux.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/mux.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: mux.c,v 1.24 2011/01/13 21:54:53 djm Exp $ */
+/* $OpenBSD: mux.c,v 1.44 2013/07/12 00:19:58 djm Exp $ */
/*
* Copyright (c) 2002-2008 Damien Miller <djm at openbsd.org>
*
@@ -63,10 +63,6 @@
# include <util.h>
#endif
-#ifdef HAVE_LIBUTIL_H
-# include <libutil.h>
-#endif
-
#include "openbsd-compat/sys-queue.h"
#include "xmalloc.h"
#include "log.h"
@@ -87,7 +83,6 @@
/* from ssh.c */
extern int tty_flag;
-extern int force_tty_flag;
extern Options options;
extern int stdin_null_flag;
extern char *host;
@@ -146,6 +141,7 @@
#define MUX_C_OPEN_FWD 0x10000006
#define MUX_C_CLOSE_FWD 0x10000007
#define MUX_C_NEW_STDIO_FWD 0x10000008
+#define MUX_C_STOP_LISTENING 0x10000009
#define MUX_S_OK 0x80000001
#define MUX_S_PERMISSION_DENIED 0x80000002
#define MUX_S_FAILURE 0x80000003
@@ -153,6 +149,7 @@
#define MUX_S_ALIVE 0x80000005
#define MUX_S_SESSION_OPENED 0x80000006
#define MUX_S_REMOTE_PORT 0x80000007
+#define MUX_S_TTY_ALLOC_FAIL 0x80000008
/* type codes for MUX_C_OPEN_FWD and MUX_C_CLOSE_FWD */
#define MUX_FWD_LOCAL 1
@@ -168,6 +165,7 @@
static int process_mux_open_fwd(u_int, Channel *, Buffer *, Buffer *);
static int process_mux_close_fwd(u_int, Channel *, Buffer *, Buffer *);
static int process_mux_stdio_fwd(u_int, Channel *, Buffer *, Buffer *);
+static int process_mux_stop_listening(u_int, Channel *, Buffer *, Buffer *);
static const struct {
u_int type;
@@ -180,6 +178,7 @@
{ MUX_C_OPEN_FWD, process_mux_open_fwd },
{ MUX_C_CLOSE_FWD, process_mux_close_fwd },
{ MUX_C_NEW_STDIO_FWD, process_mux_stdio_fwd },
+ { MUX_C_STOP_LISTENING, process_mux_stop_listening },
{ 0, NULL }
};
@@ -220,7 +219,8 @@
__func__, c->self, c->remote_id);
c->remote_id = -1;
sc->ctl_chan = -1;
- if (sc->type != SSH_CHANNEL_OPEN) {
+ if (sc->type != SSH_CHANNEL_OPEN &&
+ sc->type != SSH_CHANNEL_OPENING) {
debug2("%s: channel %d: not open", __func__, sc->self);
chan_mark_dead(sc);
} else {
@@ -287,13 +287,13 @@
char *value = buffer_get_string_ret(m, NULL);
if (name == NULL || value == NULL) {
- if (name != NULL)
- xfree(name);
+ free(name);
+ free(value);
goto malf;
}
debug2("Unrecognised slave extension \"%s\"", name);
- xfree(name);
- xfree(value);
+ free(name);
+ free(value);
}
state->hello_rcvd = 1;
return 0;
@@ -313,6 +313,8 @@
cctx->term = NULL;
cctx->rid = rid;
cmd = reserved = NULL;
+ cctx->env = NULL;
+ env_len = 0;
if ((reserved = buffer_get_string_ret(m, NULL)) == NULL ||
buffer_get_int_ret(&cctx->want_tty, m) != 0 ||
buffer_get_int_ret(&cctx->want_x_fwd, m) != 0 ||
@@ -322,28 +324,25 @@
(cctx->term = buffer_get_string_ret(m, &len)) == NULL ||
(cmd = buffer_get_string_ret(m, &len)) == NULL) {
malf:
- if (cmd != NULL)
- xfree(cmd);
- if (reserved != NULL)
- xfree(reserved);
- if (cctx->term != NULL)
- xfree(cctx->term);
+ free(cmd);
+ free(reserved);
+ for (j = 0; j < env_len; j++)
+ free(cctx->env[j]);
+ free(cctx->env);
+ free(cctx->term);
+ free(cctx);
error("%s: malformed message", __func__);
return -1;
}
- xfree(reserved);
+ free(reserved);
reserved = NULL;
- cctx->env = NULL;
- env_len = 0;
while (buffer_len(m) > 0) {
#define MUX_MAX_ENV_VARS 4096
- if ((cp = buffer_get_string_ret(m, &len)) == NULL) {
- xfree(cmd);
+ if ((cp = buffer_get_string_ret(m, &len)) == NULL)
goto malf;
- }
if (!env_permitted(cp)) {
- xfree(cp);
+ free(cp);
continue;
}
cctx->env = xrealloc(cctx->env, env_len + 2,
@@ -364,7 +363,7 @@
buffer_init(&cctx->cmd);
buffer_append(&cctx->cmd, cmd, strlen(cmd));
- xfree(cmd);
+ free(cmd);
cmd = NULL;
/* Gather fds from client */
@@ -375,12 +374,11 @@
for (j = 0; j < i; j++)
close(new_fd[j]);
for (j = 0; j < env_len; j++)
- xfree(cctx->env[j]);
- if (env_len > 0)
- xfree(cctx->env);
- xfree(cctx->term);
+ free(cctx->env[j]);
+ free(cctx->env);
+ free(cctx->term);
buffer_free(&cctx->cmd);
- xfree(cctx);
+ free(cctx);
/* prepare reply */
buffer_put_int(r, MUX_S_FAILURE);
@@ -405,13 +403,14 @@
close(new_fd[0]);
close(new_fd[1]);
close(new_fd[2]);
- xfree(cctx->term);
+ free(cctx->term);
if (env_len != 0) {
for (i = 0; i < env_len; i++)
- xfree(cctx->env[i]);
- xfree(cctx->env);
+ free(cctx->env[i]);
+ free(cctx->env);
}
buffer_free(&cctx->cmd);
+ free(cctx);
return 0;
}
@@ -598,6 +597,8 @@
buffer_put_int(&out, MUX_S_REMOTE_PORT);
buffer_put_int(&out, fctx->rid);
buffer_put_int(&out, rfwd->allocated_port);
+ channel_update_permitted_opens(rfwd->handle,
+ rfwd->allocated_port);
} else {
buffer_put_int(&out, MUX_S_OK);
buffer_put_int(&out, fctx->rid);
@@ -604,6 +605,8 @@
}
goto out;
} else {
+ if (rfwd->listen_port == 0)
+ channel_update_permitted_opens(rfwd->handle, -1);
xasprintf(&failmsg, "remote port forwarding failed for "
"listen port %d", rfwd->listen_port);
}
@@ -612,7 +615,7 @@
buffer_put_int(&out, MUX_S_FAILURE);
buffer_put_int(&out, fctx->rid);
buffer_put_cstring(&out, failmsg);
- xfree(failmsg);
+ free(failmsg);
out:
buffer_put_string(&c->output, buffer_ptr(&out), buffer_len(&out));
buffer_free(&out);
@@ -627,25 +630,28 @@
Forward fwd;
char *fwd_desc = NULL;
u_int ftype;
+ u_int lport, cport;
int i, ret = 0, freefwd = 1;
fwd.listen_host = fwd.connect_host = NULL;
if (buffer_get_int_ret(&ftype, m) != 0 ||
(fwd.listen_host = buffer_get_string_ret(m, NULL)) == NULL ||
- buffer_get_int_ret(&fwd.listen_port, m) != 0 ||
+ buffer_get_int_ret(&lport, m) != 0 ||
(fwd.connect_host = buffer_get_string_ret(m, NULL)) == NULL ||
- buffer_get_int_ret(&fwd.connect_port, m) != 0) {
+ buffer_get_int_ret(&cport, m) != 0 ||
+ lport > 65535 || cport > 65535) {
error("%s: malformed message", __func__);
ret = -1;
goto out;
}
-
+ fwd.listen_port = lport;
+ fwd.connect_port = cport;
if (*fwd.listen_host == '\0') {
- xfree(fwd.listen_host);
+ free(fwd.listen_host);
fwd.listen_host = NULL;
}
if (*fwd.connect_host == '\0') {
- xfree(fwd.connect_host);
+ free(fwd.connect_host);
fwd.connect_host = NULL;
}
@@ -656,10 +662,8 @@
ftype != MUX_FWD_DYNAMIC) {
logit("%s: invalid forwarding type %u", __func__, ftype);
invalid:
- if (fwd.listen_host)
- xfree(fwd.listen_host);
- if (fwd.connect_host)
- xfree(fwd.connect_host);
+ free(fwd.listen_host);
+ free(fwd.connect_host);
buffer_put_int(r, MUX_S_FAILURE);
buffer_put_int(r, rid);
buffer_put_cstring(r, "Invalid forwarding request");
@@ -727,9 +731,9 @@
}
if (ftype == MUX_FWD_LOCAL || ftype == MUX_FWD_DYNAMIC) {
- if (channel_setup_local_fwd_listener(fwd.listen_host,
+ if (!channel_setup_local_fwd_listener(fwd.listen_host,
fwd.listen_port, fwd.connect_host, fwd.connect_port,
- options.gateway_ports) < 0) {
+ options.gateway_ports)) {
fail:
logit("slave-requested %s failed", fwd_desc);
buffer_put_int(r, MUX_S_FAILURE);
@@ -742,8 +746,9 @@
} else {
struct mux_channel_confirm_ctx *fctx;
- if (channel_request_remote_forwarding(fwd.listen_host,
- fwd.listen_port, fwd.connect_host, fwd.connect_port) < 0)
+ fwd.handle = channel_request_remote_forwarding(fwd.listen_host,
+ fwd.listen_port, fwd.connect_host, fwd.connect_port);
+ if (fwd.handle < 0)
goto fail;
add_remote_forward(&options, &fwd);
fctx = xcalloc(1, sizeof(*fctx));
@@ -760,13 +765,10 @@
buffer_put_int(r, MUX_S_OK);
buffer_put_int(r, rid);
out:
- if (fwd_desc != NULL)
- xfree(fwd_desc);
+ free(fwd_desc);
if (freefwd) {
- if (fwd.listen_host != NULL)
- xfree(fwd.listen_host);
- if (fwd.connect_host != NULL)
- xfree(fwd.connect_host);
+ free(fwd.listen_host);
+ free(fwd.connect_host);
}
return ret;
}
@@ -774,46 +776,102 @@
static int
process_mux_close_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
{
- Forward fwd;
+ Forward fwd, *found_fwd;
char *fwd_desc = NULL;
+ const char *error_reason = NULL;
u_int ftype;
- int ret = 0;
+ int i, listen_port, ret = 0;
+ u_int lport, cport;
fwd.listen_host = fwd.connect_host = NULL;
if (buffer_get_int_ret(&ftype, m) != 0 ||
(fwd.listen_host = buffer_get_string_ret(m, NULL)) == NULL ||
- buffer_get_int_ret(&fwd.listen_port, m) != 0 ||
+ buffer_get_int_ret(&lport, m) != 0 ||
(fwd.connect_host = buffer_get_string_ret(m, NULL)) == NULL ||
- buffer_get_int_ret(&fwd.connect_port, m) != 0) {
+ buffer_get_int_ret(&cport, m) != 0 ||
+ lport > 65535 || cport > 65535) {
error("%s: malformed message", __func__);
ret = -1;
goto out;
}
+ fwd.listen_port = lport;
+ fwd.connect_port = cport;
if (*fwd.listen_host == '\0') {
- xfree(fwd.listen_host);
+ free(fwd.listen_host);
fwd.listen_host = NULL;
}
if (*fwd.connect_host == '\0') {
- xfree(fwd.connect_host);
+ free(fwd.connect_host);
fwd.connect_host = NULL;
}
- debug2("%s: channel %d: request %s", __func__, c->self,
+ debug2("%s: channel %d: request cancel %s", __func__, c->self,
(fwd_desc = format_forward(ftype, &fwd)));
- /* XXX implement this */
- buffer_put_int(r, MUX_S_FAILURE);
- buffer_put_int(r, rid);
- buffer_put_cstring(r, "unimplemented");
+ /* make sure this has been requested */
+ found_fwd = NULL;
+ switch (ftype) {
+ case MUX_FWD_LOCAL:
+ case MUX_FWD_DYNAMIC:
+ for (i = 0; i < options.num_local_forwards; i++) {
+ if (compare_forward(&fwd,
+ options.local_forwards + i)) {
+ found_fwd = options.local_forwards + i;
+ break;
+ }
+ }
+ break;
+ case MUX_FWD_REMOTE:
+ for (i = 0; i < options.num_remote_forwards; i++) {
+ if (compare_forward(&fwd,
+ options.remote_forwards + i)) {
+ found_fwd = options.remote_forwards + i;
+ break;
+ }
+ }
+ break;
+ }
+ if (found_fwd == NULL)
+ error_reason = "port not forwarded";
+ else if (ftype == MUX_FWD_REMOTE) {
+ /*
+ * This shouldn't fail unless we confused the host/port
+ * between options.remote_forwards and permitted_opens.
+ * However, for dynamic allocated listen ports we need
+ * to lookup the actual listen port.
+ */
+ listen_port = (fwd.listen_port == 0) ?
+ found_fwd->allocated_port : fwd.listen_port;
+ if (channel_request_rforward_cancel(fwd.listen_host,
+ listen_port) == -1)
+ error_reason = "port not in permitted opens";
+ } else { /* local and dynamic forwards */
+ /* Ditto */
+ if (channel_cancel_lport_listener(fwd.listen_host,
+ fwd.listen_port, fwd.connect_port,
+ options.gateway_ports) == -1)
+ error_reason = "port not found";
+ }
+
+ if (error_reason == NULL) {
+ buffer_put_int(r, MUX_S_OK);
+ buffer_put_int(r, rid);
+
+ free(found_fwd->listen_host);
+ free(found_fwd->connect_host);
+ found_fwd->listen_host = found_fwd->connect_host = NULL;
+ found_fwd->listen_port = found_fwd->connect_port = 0;
+ } else {
+ buffer_put_int(r, MUX_S_FAILURE);
+ buffer_put_int(r, rid);
+ buffer_put_cstring(r, error_reason);
+ }
out:
- if (fwd_desc != NULL)
- xfree(fwd_desc);
- if (fwd.listen_host != NULL)
- xfree(fwd.listen_host);
- if (fwd.connect_host != NULL)
- xfree(fwd.connect_host);
+ free(fwd_desc);
+ free(fwd.listen_host);
+ free(fwd.connect_host);
return ret;
}
@@ -830,14 +888,12 @@
if ((reserved = buffer_get_string_ret(m, NULL)) == NULL ||
(chost = buffer_get_string_ret(m, NULL)) == NULL ||
buffer_get_int_ret(&cport, m) != 0) {
- if (reserved != NULL)
- xfree(reserved);
- if (chost != NULL)
- xfree(chost);
+ free(reserved);
+ free(chost);
error("%s: malformed message", __func__);
return -1;
}
- xfree(reserved);
+ free(reserved);
debug2("%s: channel %d: request stdio fwd to %s:%u",
__func__, c->self, chost, cport);
@@ -849,7 +905,7 @@
__func__, i);
for (j = 0; j < i; j++)
close(new_fd[j]);
- xfree(chost);
+ free(chost);
/* prepare reply */
buffer_put_int(r, MUX_S_FAILURE);
@@ -873,7 +929,7 @@
cleanup:
close(new_fd[0]);
close(new_fd[1]);
- xfree(chost);
+ free(chost);
return 0;
}
@@ -915,6 +971,39 @@
return 0;
}
+static int
+process_mux_stop_listening(u_int rid, Channel *c, Buffer *m, Buffer *r)
+{
+ debug("%s: channel %d: stop listening", __func__, c->self);
+
+ if (options.control_master == SSHCTL_MASTER_ASK ||
+ options.control_master == SSHCTL_MASTER_AUTO_ASK) {
+ if (!ask_permission("Disable further multiplexing on shared "
+ "connection to %s? ", host)) {
+ debug2("%s: stop listen refused by user", __func__);
+ buffer_put_int(r, MUX_S_PERMISSION_DENIED);
+ buffer_put_int(r, rid);
+ buffer_put_cstring(r, "Permission denied");
+ return 0;
+ }
+ }
+
+ if (mux_listener_channel != NULL) {
+ channel_free(mux_listener_channel);
+ client_stop_mux();
+ free(options.control_path);
+ options.control_path = NULL;
+ mux_listener_channel = NULL;
+ muxserver_sock = -1;
+ }
+
+ /* prepare reply */
+ buffer_put_int(r, MUX_S_OK);
+ buffer_put_int(r, rid);
+
+ return 0;
+}
+
/* Channel callbacks fired on read/write from mux slave fd */
static int
mux_master_read_cb(Channel *c)
@@ -1002,7 +1091,7 @@
Buffer m;
Channel *mux_chan;
- debug3("%s: channel %d: exit message, evitval %d", __func__, c->self,
+ debug3("%s: channel %d: exit message, exitval %d", __func__, c->self,
exitval);
if ((mux_chan = channel_by_id(c->ctl_chan)) == NULL)
@@ -1019,6 +1108,27 @@
buffer_free(&m);
}
+void
+mux_tty_alloc_failed(Channel *c)
+{
+ Buffer m;
+ Channel *mux_chan;
+
+ debug3("%s: channel %d: TTY alloc failed", __func__, c->self);
+
+ if ((mux_chan = channel_by_id(c->ctl_chan)) == NULL)
+ fatal("%s: channel %d missing mux channel %d",
+ __func__, c->self, c->ctl_chan);
+
+ /* Append exit message packet to control socket output queue */
+ buffer_init(&m);
+ buffer_put_int(&m, MUX_S_TTY_ALLOC_FAIL);
+ buffer_put_int(&m, c->self);
+
+ buffer_put_string(&mux_chan->output, buffer_ptr(&m), buffer_len(&m));
+ buffer_free(&m);
+}
+
/* Prepare a mux master to listen on a Unix domain socket. */
void
muxserver_listen(void)
@@ -1059,8 +1169,11 @@
strlen(options.control_path) + 1;
if (strlcpy(addr.sun_path, options.control_path,
- sizeof(addr.sun_path)) >= sizeof(addr.sun_path))
- fatal("ControlPath too long");
+ sizeof(addr.sun_path)) >= sizeof(addr.sun_path)) {
+ error("ControlPath \"%s\" too long for Unix domain socket",
+ options.control_path);
+ goto disable_mux_master;
+ }
if ((muxserver_sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
fatal("%s socket(): %s", __func__, strerror(errno));
@@ -1067,14 +1180,16 @@
old_umask = umask(0177);
if (bind(muxserver_sock, (struct sockaddr *)&addr, sun_len) == -1) {
- muxserver_sock = -1;
if (errno == EINVAL || errno == EADDRINUSE) {
error("ControlSocket %s already exists, "
"disabling multiplexing", options.control_path);
disable_mux_master:
- close(muxserver_sock);
- muxserver_sock = -1;
- xfree(options.control_path);
+ if (muxserver_sock != -1) {
+ close(muxserver_sock);
+ muxserver_sock = -1;
+ }
+ free(orig_control_path);
+ free(options.control_path);
options.control_path = NULL;
options.control_master = SSHCTL_MASTER_NO;
return;
@@ -1095,12 +1210,11 @@
}
error("ControlSocket %s already exists, disabling multiplexing",
orig_control_path);
- xfree(orig_control_path);
unlink(options.control_path);
goto disable_mux_master;
}
unlink(options.control_path);
- xfree(options.control_path);
+ free(options.control_path);
options.control_path = orig_control_path;
set_nonblock(muxserver_sock);
@@ -1153,8 +1267,10 @@
/* Request forwarding with authentication spoofing. */
debug("Requesting X11 forwarding with authentication "
"spoofing.");
- x11_request_forwarding_with_spoofing(id, display, proto, data);
- /* XXX wait for reply */
+ x11_request_forwarding_with_spoofing(id, display, proto,
+ data, 1);
+ client_expect_confirm(id, "X11 forwarding", CONFIRM_WARN);
+ /* XXX exit_on_forward_failure */
}
if (cctx->want_agent_fwd && options.forward_agent) {
@@ -1183,13 +1299,13 @@
cc->mux_pause = 0; /* start processing messages again */
c->open_confirm_ctx = NULL;
buffer_free(&cctx->cmd);
- xfree(cctx->term);
+ free(cctx->term);
if (cctx->env != NULL) {
for (i = 0; cctx->env[i] != NULL; i++)
- xfree(cctx->env[i]);
- xfree(cctx->env);
+ free(cctx->env[i]);
+ free(cctx->env);
}
- xfree(cctx);
+ free(cctx);
}
/* ** Multiplexing client support */
@@ -1319,7 +1435,9 @@
buffer_init(&queue);
if (mux_client_read(fd, &queue, 4) != 0) {
if ((oerrno = errno) == EPIPE)
- debug3("%s: read header failed: %s", __func__, strerror(errno));
+ debug3("%s: read header failed: %s", __func__,
+ strerror(errno));
+ buffer_free(&queue);
errno = oerrno;
return -1;
}
@@ -1327,6 +1445,7 @@
if (mux_client_read(fd, &queue, need) != 0) {
oerrno = errno;
debug3("%s: read body failed: %s", __func__, strerror(errno));
+ buffer_free(&queue);
errno = oerrno;
return -1;
}
@@ -1373,8 +1492,8 @@
char *value = buffer_get_string(&m, NULL);
debug2("Unrecognised master extension \"%s\"", name);
- xfree(name);
- xfree(value);
+ free(name);
+ free(value);
}
buffer_free(&m);
return 0;
@@ -1474,7 +1593,7 @@
}
static int
-mux_client_request_forward(int fd, u_int ftype, Forward *fwd)
+mux_client_forward(int fd, int cancel_flag, u_int ftype, Forward *fwd)
{
Buffer m;
char *e, *fwd_desc;
@@ -1481,11 +1600,12 @@
u_int type, rid;
fwd_desc = format_forward(ftype, fwd);
- debug("Requesting %s", fwd_desc);
- xfree(fwd_desc);
+ debug("Requesting %s %s",
+ cancel_flag ? "cancellation of" : "forwarding of", fwd_desc);
+ free(fwd_desc);
buffer_init(&m);
- buffer_put_int(&m, MUX_C_OPEN_FWD);
+ buffer_put_int(&m, cancel_flag ? MUX_C_CLOSE_FWD : MUX_C_OPEN_FWD);
buffer_put_int(&m, muxclient_request_id);
buffer_put_int(&m, ftype);
buffer_put_cstring(&m,
@@ -1514,6 +1634,8 @@
case MUX_S_OK:
break;
case MUX_S_REMOTE_PORT:
+ if (cancel_flag)
+ fatal("%s: got MUX_S_REMOTE_PORT for cancel", __func__);
fwd->allocated_port = buffer_get_int(&m);
logit("Allocated port %u for remote forward to %s:%d",
fwd->allocated_port,
@@ -1543,27 +1665,28 @@
}
static int
-mux_client_request_forwards(int fd)
+mux_client_forwards(int fd, int cancel_flag)
{
- int i;
+ int i, ret = 0;
- debug3("%s: requesting forwardings: %d local, %d remote", __func__,
+ debug3("%s: %s forwardings: %d local, %d remote", __func__,
+ cancel_flag ? "cancel" : "request",
options.num_local_forwards, options.num_remote_forwards);
/* XXX ExitOnForwardingFailure */
for (i = 0; i < options.num_local_forwards; i++) {
- if (mux_client_request_forward(fd,
+ if (mux_client_forward(fd, cancel_flag,
options.local_forwards[i].connect_port == 0 ?
MUX_FWD_DYNAMIC : MUX_FWD_LOCAL,
options.local_forwards + i) != 0)
- return -1;
+ ret = -1;
}
for (i = 0; i < options.num_remote_forwards; i++) {
- if (mux_client_request_forward(fd, MUX_FWD_REMOTE,
+ if (mux_client_forward(fd, cancel_flag, MUX_FWD_REMOTE,
options.remote_forwards + i) != 0)
- return -1;
+ ret = -1;
}
- return 0;
+ return ret;
}
static int
@@ -1573,7 +1696,7 @@
char *e, *term;
u_int i, rid, sid, esid, exitval, type, exitval_seen;
extern char **environ;
- int devnull;
+ int devnull, rawmode;
debug3("%s: entering", __func__);
@@ -1669,8 +1792,9 @@
signal(SIGTERM, control_client_sighandler);
signal(SIGWINCH, control_client_sigrelay);
+ rawmode = tty_flag;
if (tty_flag)
- enter_raw_mode(force_tty_flag);
+ enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
/*
* Stick around until the controlee closes the client_fd.
@@ -1684,22 +1808,35 @@
if (mux_client_read_packet(fd, &m) != 0)
break;
type = buffer_get_int(&m);
- if (type != MUX_S_EXIT_MESSAGE) {
+ switch (type) {
+ case MUX_S_TTY_ALLOC_FAIL:
+ if ((esid = buffer_get_int(&m)) != sid)
+ fatal("%s: tty alloc fail on unknown session: "
+ "my id %u theirs %u",
+ __func__, sid, esid);
+ leave_raw_mode(options.request_tty ==
+ REQUEST_TTY_FORCE);
+ rawmode = 0;
+ continue;
+ case MUX_S_EXIT_MESSAGE:
+ if ((esid = buffer_get_int(&m)) != sid)
+ fatal("%s: exit on unknown session: "
+ "my id %u theirs %u",
+ __func__, sid, esid);
+ if (exitval_seen)
+ fatal("%s: exitval sent twice", __func__);
+ exitval = buffer_get_int(&m);
+ exitval_seen = 1;
+ continue;
+ default:
e = buffer_get_string(&m, NULL);
fatal("%s: master returned error: %s", __func__, e);
}
- if ((esid = buffer_get_int(&m)) != sid)
- fatal("%s: exit on unknown session: my id %u theirs %u",
- __func__, sid, esid);
- debug("%s: master session id: %u", __func__, sid);
- if (exitval_seen)
- fatal("%s: exitval sent twice", __func__);
- exitval = buffer_get_int(&m);
- exitval_seen = 1;
}
close(fd);
- leave_raw_mode(force_tty_flag);
+ if (rawmode)
+ leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
if (muxclient_terminate) {
debug2("Exiting on signal %d", muxclient_terminate);
@@ -1813,6 +1950,50 @@
fatal("%s: master returned unexpected message %u", __func__, type);
}
+static void
+mux_client_request_stop_listening(int fd)
+{
+ Buffer m;
+ char *e;
+ u_int type, rid;
+
+ debug3("%s: entering", __func__);
+
+ buffer_init(&m);
+ buffer_put_int(&m, MUX_C_STOP_LISTENING);
+ buffer_put_int(&m, muxclient_request_id);
+
+ if (mux_client_write_packet(fd, &m) != 0)
+ fatal("%s: write packet: %s", __func__, strerror(errno));
+
+ buffer_clear(&m);
+
+ /* Read their reply */
+ if (mux_client_read_packet(fd, &m) != 0)
+ fatal("%s: read from master failed: %s",
+ __func__, strerror(errno));
+
+ type = buffer_get_int(&m);
+ if ((rid = buffer_get_int(&m)) != muxclient_request_id)
+ fatal("%s: out of sequence reply: my id %u theirs %u",
+ __func__, muxclient_request_id, rid);
+ switch (type) {
+ case MUX_S_OK:
+ break;
+ case MUX_S_PERMISSION_DENIED:
+ e = buffer_get_string(&m, NULL);
+ fatal("Master refused stop listening request: %s", e);
+ case MUX_S_FAILURE:
+ e = buffer_get_string(&m, NULL);
+ fatal("%s: stop listening request failed: %s", __func__, e);
+ default:
+ fatal("%s: unexpected response from master 0x%08x",
+ __func__, type);
+ }
+ buffer_free(&m);
+ muxclient_request_id++;
+}
+
/* Multiplex client main loop. */
void
muxclient(const char *path)
@@ -1893,11 +2074,11 @@
fprintf(stderr, "Exit request sent.\r\n");
exit(0);
case SSHMUX_COMMAND_FORWARD:
- if (mux_client_request_forwards(sock) != 0)
+ if (mux_client_forwards(sock, 0) != 0)
fatal("%s: master forward request failed", __func__);
exit(0);
case SSHMUX_COMMAND_OPEN:
- if (mux_client_request_forwards(sock) != 0) {
+ if (mux_client_forwards(sock, 0) != 0) {
error("%s: master forward request failed", __func__);
return;
}
@@ -1906,6 +2087,15 @@
case SSHMUX_COMMAND_STDIO_FWD:
mux_client_request_stdio_fwd(sock);
exit(0);
+ case SSHMUX_COMMAND_STOP:
+ mux_client_request_stop_listening(sock);
+ fprintf(stderr, "Stop listening request sent.\r\n");
+ exit(0);
+ case SSHMUX_COMMAND_CANCEL_FWD:
+ if (mux_client_forwards(sock, 1) != 0)
+ error("%s: master cancel forward request failed",
+ __func__);
+ exit(0);
default:
fatal("unrecognised muxclient_command %d", muxclient_command);
}
Property changes on: vendor-crypto/openssh/dist/mux.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/myproposal.h
===================================================================
--- vendor-crypto/openssh/dist/myproposal.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/myproposal.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: myproposal.h,v 1.27 2010/09/01 22:42:13 djm Exp $ */
+/* $OpenBSD: myproposal.h,v 1.32 2013/01/08 18:49:04 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -26,6 +26,8 @@
#include <openssl/opensslv.h>
+/* conditional algorithm support */
+
#ifdef OPENSSL_HAS_ECC
# define KEX_ECDH_METHODS \
"ecdh-sha2-nistp256," \
@@ -45,12 +47,22 @@
# define HOSTKEY_ECDSA_METHODS
#endif
-/* Old OpenSSL doesn't support what we need for DHGEX-sha256 */
-#if OPENSSL_VERSION_NUMBER >= 0x00907000L
+#ifdef OPENSSL_HAVE_EVPGCM
+# define AESGCM_CIPHER_MODES \
+ "aes128-gcm at openssh.com,aes256-gcm at openssh.com,"
+#else
+# define AESGCM_CIPHER_MODES
+#endif
+
+#ifdef HAVE_EVP_SHA256
# define KEX_SHA256_METHODS \
"diffie-hellman-group-exchange-sha256,"
+#define SHA2_HMAC_MODES \
+ "hmac-sha2-256," \
+ "hmac-sha2-512,"
#else
# define KEX_SHA256_METHODS
+# define SHA2_HMAC_MODES
#endif
# define KEX_DEFAULT_KEX \
@@ -70,15 +82,35 @@
"ssh-rsa," \
"ssh-dss"
+/* the actual algorithms */
+
#define KEX_DEFAULT_ENCRYPT \
"aes128-ctr,aes192-ctr,aes256-ctr," \
"arcfour256,arcfour128," \
+ AESGCM_CIPHER_MODES \
"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
"aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.se"
+
#define KEX_DEFAULT_MAC \
- "hmac-md5,hmac-sha1,umac-64 at openssh.com,hmac-ripemd160," \
+ "hmac-md5-etm at openssh.com," \
+ "hmac-sha1-etm at openssh.com," \
+ "umac-64-etm at openssh.com," \
+ "umac-128-etm at openssh.com," \
+ "hmac-sha2-256-etm at openssh.com," \
+ "hmac-sha2-512-etm at openssh.com," \
+ "hmac-ripemd160-etm at openssh.com," \
+ "hmac-sha1-96-etm at openssh.com," \
+ "hmac-md5-96-etm at openssh.com," \
+ "hmac-md5," \
+ "hmac-sha1," \
+ "umac-64 at openssh.com," \
+ "umac-128 at openssh.com," \
+ SHA2_HMAC_MODES \
+ "hmac-ripemd160," \
"hmac-ripemd160 at openssh.com," \
- "hmac-sha1-96,hmac-md5-96"
+ "hmac-sha1-96," \
+ "hmac-md5-96"
+
#define KEX_DEFAULT_COMP "none,zlib at openssh.com,zlib"
#define KEX_DEFAULT_LANG ""
Property changes on: vendor-crypto/openssh/dist/myproposal.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.8
\ No newline at end of property
Index: vendor-crypto/openssh/dist/nchan.c
===================================================================
--- vendor-crypto/openssh/dist/nchan.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/nchan.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/nchan.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Index: vendor-crypto/openssh/dist/nchan.ms
===================================================================
--- vendor-crypto/openssh/dist/nchan.ms 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/nchan.ms 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/nchan.ms
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Index: vendor-crypto/openssh/dist/nchan2.ms
===================================================================
--- vendor-crypto/openssh/dist/nchan2.ms 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/nchan2.ms 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/nchan2.ms
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/openbsd-compat/Makefile.in
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/Makefile.in 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/Makefile.in 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.1.1.6 2011-02-04 14:04:19 laffer1 Exp $
+# $Id: Makefile.in,v 1.51 2013/05/10 06:28:56 dtucker Exp $
sysconfdir=@sysconfdir@
piddir=@piddir@
@@ -16,9 +16,9 @@
INSTALL=@INSTALL@
LDFLAGS=-L. @LDFLAGS@
-OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o timingsafe_bcmp.o vis.o
+OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o
-COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
+COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/Makefile.in
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.6
\ No newline at end of property
Index: vendor-crypto/openssh/dist/openbsd-compat/base64.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/base64.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/base64.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/base64.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/openbsd-compat/base64.h
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/base64.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/base64.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $Id: base64.h,v 1.1.1.2 2006-02-25 02:34:25 laffer1 Exp $ */
+/* $Id: base64.h,v 1.6 2003/08/29 16:59:52 mouring Exp $ */
/*
* Copyright (c) 1996 by Internet Software Consortium.
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/base64.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Index: vendor-crypto/openssh/dist/openbsd-compat/basename.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/basename.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/basename.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/basename.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Index: vendor-crypto/openssh/dist/openbsd-compat/bindresvport.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/bindresvport.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/bindresvport.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/bindresvport.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Index: vendor-crypto/openssh/dist/openbsd-compat/bsd-arc4random.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/bsd-arc4random.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/bsd-arc4random.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/bsd-arc4random.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Index: vendor-crypto/openssh/dist/openbsd-compat/bsd-asprintf.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/bsd-asprintf.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/bsd-asprintf.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/bsd-asprintf.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Index: vendor-crypto/openssh/dist/openbsd-compat/bsd-closefrom.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/bsd-closefrom.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/bsd-closefrom.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/bsd-closefrom.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/openbsd-compat/bsd-cray.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/bsd-cray.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/bsd-cray.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,5 +1,5 @@
/*
- * $Id: bsd-cray.c,v 1.1.1.4 2008-04-06 04:40:38 laffer1 Exp $
+ * $Id: bsd-cray.c,v 1.17 2007/08/15 09:17:43 dtucker Exp $
*
* bsd-cray.c
*
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/bsd-cray.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/openbsd-compat/bsd-cray.h
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/bsd-cray.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/bsd-cray.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $Id: bsd-cray.h,v 1.1.1.2 2006-02-25 02:34:25 laffer1 Exp $ */
+/* $Id: bsd-cray.h,v 1.12 2005/02/02 06:10:11 dtucker Exp $ */
/*
* Copyright (c) 2002, Cray Inc. (Wendy Palm <wendyp at cray.com>)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/bsd-cray.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/openbsd-compat/bsd-cygwin_util.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/bsd-cygwin_util.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/bsd-cygwin_util.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2001, Corinna Vinschen <vinschen at cygnus.com>
+ * Copyright (c) 2000, 2001, 2011, 2013 Corinna Vinschen <vinschen at redhat.com>
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -27,23 +27,15 @@
* binary mode on Windows systems.
*/
+#define NO_BINARY_OPEN /* Avoid redefining open to binary_open for this file */
#include "includes.h"
#ifdef HAVE_CYGWIN
-#if defined(open) && open == binary_open
-# undef open
-#endif
-#if defined(pipe) && open == binary_pipe
-# undef pipe
-#endif
-
#include <sys/types.h>
-
#include <fcntl.h>
-#include <stdlib.h>
+#include <string.h>
#include <unistd.h>
-#include <windows.h>
#include "xmalloc.h"
@@ -59,18 +51,6 @@
return (open(filename, flags | O_BINARY, mode));
}
-int
-binary_pipe(int fd[2])
-{
- int ret = pipe(fd);
-
- if (!ret) {
- setmode(fd[0], O_BINARY);
- setmode(fd[1], O_BINARY);
- }
- return (ret);
-}
-
int
check_ntsec(const char *filename)
{
@@ -91,6 +71,7 @@
{ NL("OS=") },
{ NL("PATH=") },
{ NL("PATHEXT=") },
+ { NL("PROGRAMFILES=") },
{ NL("SYSTEMDRIVE=") },
{ NL("SYSTEMROOT=") },
{ NL("WINDIR=") }
@@ -116,7 +97,7 @@
void
free_windows_environment(char **p)
{
- xfree(p);
+ free(p);
}
#endif /* HAVE_CYGWIN */
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/bsd-cygwin_util.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.6
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/openbsd-compat/bsd-cygwin_util.h
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/bsd-cygwin_util.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/bsd-cygwin_util.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,7 +1,7 @@
-/* $Id: bsd-cygwin_util.h,v 1.1.1.3 2009-11-26 16:04:47 laffer1 Exp $ */
+/* $Id: bsd-cygwin_util.h,v 1.16 2013/04/01 01:40:49 dtucker Exp $ */
/*
- * Copyright (c) 2000, 2001, Corinna Vinschen <vinschen at cygnus.com>
+ * Copyright (c) 2000, 2001, 2011, 2013 Corinna Vinschen <vinschen at redhat.com>
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -36,18 +36,21 @@
#undef ERROR
-#include <windows.h>
+/* Avoid including windows headers. */
+typedef void *HANDLE;
+#define INVALID_HANDLE_VALUE ((HANDLE) -1)
+
#include <sys/cygwin.h>
#include <io.h>
int binary_open(const char *, int , ...);
-int binary_pipe(int fd[2]);
int check_ntsec(const char *);
char **fetch_windows_environment(void);
void free_windows_environment(char **);
+#ifndef NO_BINARY_OPEN
#define open binary_open
-#define pipe binary_pipe
+#endif
#endif /* HAVE_CYGWIN */
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/bsd-cygwin_util.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Index: vendor-crypto/openssh/dist/openbsd-compat/bsd-getpeereid.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/bsd-getpeereid.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/bsd-getpeereid.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/bsd-getpeereid.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/openbsd-compat/bsd-misc.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/bsd-misc.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/bsd-misc.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -165,6 +165,17 @@
}
#endif
+#if !defined(HAVE_USLEEP)
+int usleep(unsigned int useconds)
+{
+ struct timespec ts;
+
+ ts.tv_sec = useconds / 1000000;
+ ts.tv_nsec = (useconds % 1000000) * 1000;
+ return nanosleep(&ts, NULL);
+}
+#endif
+
#ifndef HAVE_TCGETPGRP
pid_t
tcgetpgrp(int fd)
@@ -242,8 +253,25 @@
#endif
#ifndef HAVE_ISBLANK
-int isblank(int c)
+int
+isblank(int c)
{
return (c == ' ' || c == '\t');
}
#endif
+
+#ifndef HAVE_GETPGID
+pid_t
+getpgid(pid_t pid)
+{
+#if defined(HAVE_GETPGRP) && !defined(GETPGRP_VOID)
+ return getpgrp(pid);
+#elif defined(HAVE_GETPGRP)
+ if (pid == 0)
+ return getpgrp();
+#endif
+
+ errno = ESRCH;
+ return -1;
+}
+#endif
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/bsd-misc.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/openbsd-compat/bsd-misc.h
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/bsd-misc.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/bsd-misc.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $Id: bsd-misc.h,v 1.1.1.3 2011-02-04 14:04:19 laffer1 Exp $ */
+/* $Id: bsd-misc.h,v 1.25 2013/08/04 11:48:41 dtucker Exp $ */
/*
* Copyright (c) 1999-2004 Damien Miller <djm at mindrot.org>
@@ -51,6 +51,9 @@
const char *strerror(int);
#endif
+#if !defined(HAVE_SETLINEBUF)
+#define setlinebuf(a) (setvbuf((a), NULL, _IOLBF, 0))
+#endif
#ifndef HAVE_UTIMES
#ifndef HAVE_STRUCT_TIMEVAL
@@ -77,6 +80,10 @@
int nanosleep(const struct timespec *, struct timespec *);
#endif
+#ifndef HAVE_USLEEP
+int usleep(unsigned int useconds);
+#endif
+
#ifndef HAVE_TCGETPGRP
pid_t tcgetpgrp(int);
#endif
@@ -86,7 +93,7 @@
#endif
#ifndef HAVE_UNSETENV
-void unsetenv(const char *);
+int unsetenv(const char *);
#endif
/* wrapper for signal interface */
@@ -99,4 +106,20 @@
int isblank(int);
#endif
+#ifndef HAVE_GETPGID
+pid_t getpgid(pid_t);
+#endif
+
+#ifndef HAVE_ENDGRENT
+# define endgrent() {}
+#endif
+
+#ifndef HAVE_KRB5_GET_ERROR_MESSAGE
+# define krb5_get_error_message krb5_get_err_text
+#endif
+
+#ifndef HAVE_KRB5_FREE_ERROR_MESSAGE
+# define krb5_free_error_message(a,b) while(0)
+#endif
+
#endif /* _BSD_MISC_H */
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/bsd-misc.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Index: vendor-crypto/openssh/dist/openbsd-compat/bsd-nextstep.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/bsd-nextstep.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/bsd-nextstep.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/bsd-nextstep.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/openbsd-compat/bsd-nextstep.h
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/bsd-nextstep.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/bsd-nextstep.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $Id: bsd-nextstep.h,v 1.1.1.2 2006-02-25 02:34:25 laffer1 Exp $ */
+/* $Id: bsd-nextstep.h,v 1.9 2003/08/29 16:59:52 mouring Exp $ */
/*
* Copyright (c) 2000,2001 Ben Lindstrom. All rights reserved.
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/bsd-nextstep.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Index: vendor-crypto/openssh/dist/openbsd-compat/bsd-openpty.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/bsd-openpty.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/bsd-openpty.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/bsd-openpty.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/openbsd-compat/bsd-poll.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/bsd-poll.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/bsd-poll.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $Id: bsd-poll.c,v 1.1.1.2 2009-05-02 16:45:51 laffer1 Exp $ */
+/* $Id: bsd-poll.c,v 1.4 2008/08/29 21:32:38 dtucker Exp $ */
/*
* Copyright (c) 2004, 2005, 2007 Darren Tucker (dtucker at zip com au).
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/bsd-poll.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Index: vendor-crypto/openssh/dist/openbsd-compat/bsd-poll.h
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/bsd-poll.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/bsd-poll.h 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/bsd-poll.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Added: vendor-crypto/openssh/dist/openbsd-compat/bsd-setres_id.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/bsd-setres_id.c (rev 0)
+++ vendor-crypto/openssh/dist/openbsd-compat/bsd-setres_id.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,99 @@
+/* $Id: bsd-setres_id.c,v 1.1 2012/11/05 06:04:37 dtucker Exp $ */
+
+/*
+ * Copyright (c) 2012 Darren Tucker (dtucker at zip com au).
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+
+#include <stdarg.h>
+#include <unistd.h>
+
+#include "log.h"
+
+#if !defined(HAVE_SETRESGID) || defined(BROKEN_SETRESGID)
+int
+setresgid(gid_t rgid, gid_t egid, gid_t sgid)
+{
+ int ret = 0, saved_errno;
+
+ if (rgid != sgid) {
+ errno = ENOSYS;
+ return -1;
+ }
+#if defined(HAVE_SETREGID) && !defined(BROKEN_SETREGID)
+ if (setregid(rgid, egid) < 0) {
+ saved_errno = errno;
+ error("setregid %u: %.100s", rgid, strerror(errno));
+ errno = saved_errno;
+ ret = -1;
+ }
+#else
+ if (setegid(egid) < 0) {
+ saved_errno = errno;
+ error("setegid %u: %.100s", (u_int)egid, strerror(errno));
+ errno = saved_errno;
+ ret = -1;
+ }
+ if (setgid(rgid) < 0) {
+ saved_errno = errno;
+ error("setgid %u: %.100s", rgid, strerror(errno));
+ errno = saved_errno;
+ ret = -1;
+ }
+#endif
+ return ret;
+}
+#endif
+
+#if !defined(HAVE_SETRESUID) || defined(BROKEN_SETRESUID)
+int
+setresuid(uid_t ruid, uid_t euid, uid_t suid)
+{
+ int ret = 0, saved_errno;
+
+ if (ruid != suid) {
+ errno = ENOSYS;
+ return -1;
+ }
+#if defined(HAVE_SETREUID) && !defined(BROKEN_SETREUID)
+ if (setreuid(ruid, euid) < 0) {
+ saved_errno = errno;
+ error("setreuid %u: %.100s", ruid, strerror(errno));
+ errno = saved_errno;
+ ret = -1;
+ }
+#else
+
+# ifndef SETEUID_BREAKS_SETUID
+ if (seteuid(euid) < 0) {
+ saved_errno = errno;
+ error("seteuid %u: %.100s", euid, strerror(errno));
+ errno = saved_errno;
+ ret = -1;
+ }
+# endif
+ if (setuid(ruid) < 0) {
+ saved_errno = errno;
+ error("setuid %u: %.100s", ruid, strerror(errno));
+ errno = saved_errno;
+ ret = -1;
+ }
+#endif
+ return ret;
+}
+#endif
Added: vendor-crypto/openssh/dist/openbsd-compat/bsd-setres_id.h
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/bsd-setres_id.h (rev 0)
+++ vendor-crypto/openssh/dist/openbsd-compat/bsd-setres_id.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,24 @@
+/* $Id: bsd-setres_id.h,v 1.1 2012/11/05 06:04:37 dtucker Exp $ */
+
+/*
+ * Copyright (c) 2012 Darren Tucker (dtucker at zip com au).
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef HAVE_SETRESGID
+int setresgid(gid_t, gid_t, gid_t);
+#endif
+#ifndef HAVE_SETRESUID
+int setresuid(uid_t, uid_t, uid_t);
+#endif
Index: vendor-crypto/openssh/dist/openbsd-compat/bsd-snprintf.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/bsd-snprintf.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/bsd-snprintf.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/bsd-snprintf.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/openbsd-compat/bsd-statvfs.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/bsd-statvfs.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/bsd-statvfs.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $Id: bsd-statvfs.c,v 1.1.1.1 2009-05-02 16:45:51 laffer1 Exp $ */
+/* $Id: bsd-statvfs.c,v 1.1 2008/06/08 17:32:29 dtucker Exp $ */
/*
* Copyright (c) 2008 Darren Tucker <dtucker at zip.com.au>
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/bsd-statvfs.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/openbsd-compat/bsd-statvfs.h
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/bsd-statvfs.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/bsd-statvfs.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $Id: bsd-statvfs.h,v 1.1.1.1 2009-05-02 16:45:51 laffer1 Exp $ */
+/* $Id: bsd-statvfs.h,v 1.1 2008/06/08 17:32:29 dtucker Exp $ */
/*
* Copyright (c) 2008 Darren Tucker <dtucker at zip.com.au>
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/bsd-statvfs.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Index: vendor-crypto/openssh/dist/openbsd-compat/bsd-waitpid.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/bsd-waitpid.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/bsd-waitpid.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/bsd-waitpid.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/openbsd-compat/bsd-waitpid.h
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/bsd-waitpid.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/bsd-waitpid.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $Id: bsd-waitpid.h,v 1.1.1.2 2006-02-25 02:34:25 laffer1 Exp $ */
+/* $Id: bsd-waitpid.h,v 1.5 2003/08/29 16:59:52 mouring Exp $ */
/*
* Copyright (c) 2000 Ben Lindstrom. All rights reserved.
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/bsd-waitpid.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Index: vendor-crypto/openssh/dist/openbsd-compat/charclass.h
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/charclass.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/charclass.h 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/charclass.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Index: vendor-crypto/openssh/dist/openbsd-compat/daemon.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/daemon.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/daemon.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/daemon.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Index: vendor-crypto/openssh/dist/openbsd-compat/dirname.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/dirname.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/dirname.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/dirname.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Deleted: vendor-crypto/openssh/dist/openbsd-compat/fake-queue.h
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/fake-queue.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/fake-queue.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,584 +0,0 @@
-/* $OpenBSD: queue.h,v 1.22 2001/06/23 04:39:35 angelos Exp $ */
-/* $NetBSD: queue.h,v 1.11 1996/05/16 05:17:14 mycroft Exp $ */
-
-/*
- * Copyright (c) 1991, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the University of
- * California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * @(#)queue.h 8.5 (Berkeley) 8/20/94
- */
-
-#ifndef _FAKE_QUEUE_H_
-#define _FAKE_QUEUE_H_
-
-/*
- * Ignore all <sys/queue.h> since older platforms have broken/incomplete
- * <sys/queue.h> that are too hard to work around.
- */
-#undef SLIST_HEAD
-#undef SLIST_HEAD_INITIALIZER
-#undef SLIST_ENTRY
-#undef SLIST_FIRST
-#undef SLIST_END
-#undef SLIST_EMPTY
-#undef SLIST_NEXT
-#undef SLIST_FOREACH
-#undef SLIST_INIT
-#undef SLIST_INSERT_AFTER
-#undef SLIST_INSERT_HEAD
-#undef SLIST_REMOVE_HEAD
-#undef SLIST_REMOVE
-#undef LIST_HEAD
-#undef LIST_HEAD_INITIALIZER
-#undef LIST_ENTRY
-#undef LIST_FIRST
-#undef LIST_END
-#undef LIST_EMPTY
-#undef LIST_NEXT
-#undef LIST_FOREACH
-#undef LIST_INIT
-#undef LIST_INSERT_AFTER
-#undef LIST_INSERT_BEFORE
-#undef LIST_INSERT_HEAD
-#undef LIST_REMOVE
-#undef LIST_REPLACE
-#undef SIMPLEQ_HEAD
-#undef SIMPLEQ_HEAD_INITIALIZER
-#undef SIMPLEQ_ENTRY
-#undef SIMPLEQ_FIRST
-#undef SIMPLEQ_END
-#undef SIMPLEQ_EMPTY
-#undef SIMPLEQ_NEXT
-#undef SIMPLEQ_FOREACH
-#undef SIMPLEQ_INIT
-#undef SIMPLEQ_INSERT_HEAD
-#undef SIMPLEQ_INSERT_TAIL
-#undef SIMPLEQ_INSERT_AFTER
-#undef SIMPLEQ_REMOVE_HEAD
-#undef TAILQ_HEAD
-#undef TAILQ_HEAD_INITIALIZER
-#undef TAILQ_ENTRY
-#undef TAILQ_FIRST
-#undef TAILQ_END
-#undef TAILQ_NEXT
-#undef TAILQ_LAST
-#undef TAILQ_PREV
-#undef TAILQ_EMPTY
-#undef TAILQ_FOREACH
-#undef TAILQ_FOREACH_REVERSE
-#undef TAILQ_INIT
-#undef TAILQ_INSERT_HEAD
-#undef TAILQ_INSERT_TAIL
-#undef TAILQ_INSERT_AFTER
-#undef TAILQ_INSERT_BEFORE
-#undef TAILQ_REMOVE
-#undef TAILQ_REPLACE
-#undef CIRCLEQ_HEAD
-#undef CIRCLEQ_HEAD_INITIALIZER
-#undef CIRCLEQ_ENTRY
-#undef CIRCLEQ_FIRST
-#undef CIRCLEQ_LAST
-#undef CIRCLEQ_END
-#undef CIRCLEQ_NEXT
-#undef CIRCLEQ_PREV
-#undef CIRCLEQ_EMPTY
-#undef CIRCLEQ_FOREACH
-#undef CIRCLEQ_FOREACH_REVERSE
-#undef CIRCLEQ_INIT
-#undef CIRCLEQ_INSERT_AFTER
-#undef CIRCLEQ_INSERT_BEFORE
-#undef CIRCLEQ_INSERT_HEAD
-#undef CIRCLEQ_INSERT_TAIL
-#undef CIRCLEQ_REMOVE
-#undef CIRCLEQ_REPLACE
-
-/*
- * This file defines five types of data structures: singly-linked lists,
- * lists, simple queues, tail queues, and circular queues.
- *
- *
- * A singly-linked list is headed by a single forward pointer. The elements
- * are singly linked for minimum space and pointer manipulation overhead at
- * the expense of O(n) removal for arbitrary elements. New elements can be
- * added to the list after an existing element or at the head of the list.
- * Elements being removed from the head of the list should use the explicit
- * macro for this purpose for optimum efficiency. A singly-linked list may
- * only be traversed in the forward direction. Singly-linked lists are ideal
- * for applications with large datasets and few or no removals or for
- * implementing a LIFO queue.
- *
- * A list is headed by a single forward pointer (or an array of forward
- * pointers for a hash table header). The elements are doubly linked
- * so that an arbitrary element can be removed without a need to
- * traverse the list. New elements can be added to the list before
- * or after an existing element or at the head of the list. A list
- * may only be traversed in the forward direction.
- *
- * A simple queue is headed by a pair of pointers, one the head of the
- * list and the other to the tail of the list. The elements are singly
- * linked to save space, so elements can only be removed from the
- * head of the list. New elements can be added to the list before or after
- * an existing element, at the head of the list, or at the end of the
- * list. A simple queue may only be traversed in the forward direction.
- *
- * A tail queue is headed by a pair of pointers, one to the head of the
- * list and the other to the tail of the list. The elements are doubly
- * linked so that an arbitrary element can be removed without a need to
- * traverse the list. New elements can be added to the list before or
- * after an existing element, at the head of the list, or at the end of
- * the list. A tail queue may be traversed in either direction.
- *
- * A circle queue is headed by a pair of pointers, one to the head of the
- * list and the other to the tail of the list. The elements are doubly
- * linked so that an arbitrary element can be removed without a need to
- * traverse the list. New elements can be added to the list before or after
- * an existing element, at the head of the list, or at the end of the list.
- * A circle queue may be traversed in either direction, but has a more
- * complex end of list detection.
- *
- * For details on the use of these macros, see the queue(3) manual page.
- */
-
-/*
- * Singly-linked List definitions.
- */
-#define SLIST_HEAD(name, type) \
-struct name { \
- struct type *slh_first; /* first element */ \
-}
-
-#define SLIST_HEAD_INITIALIZER(head) \
- { NULL }
-
-#define SLIST_ENTRY(type) \
-struct { \
- struct type *sle_next; /* next element */ \
-}
-
-/*
- * Singly-linked List access methods.
- */
-#define SLIST_FIRST(head) ((head)->slh_first)
-#define SLIST_END(head) NULL
-#define SLIST_EMPTY(head) (SLIST_FIRST(head) == SLIST_END(head))
-#define SLIST_NEXT(elm, field) ((elm)->field.sle_next)
-
-#define SLIST_FOREACH(var, head, field) \
- for((var) = SLIST_FIRST(head); \
- (var) != SLIST_END(head); \
- (var) = SLIST_NEXT(var, field))
-
-/*
- * Singly-linked List functions.
- */
-#define SLIST_INIT(head) { \
- SLIST_FIRST(head) = SLIST_END(head); \
-}
-
-#define SLIST_INSERT_AFTER(slistelm, elm, field) do { \
- (elm)->field.sle_next = (slistelm)->field.sle_next; \
- (slistelm)->field.sle_next = (elm); \
-} while (0)
-
-#define SLIST_INSERT_HEAD(head, elm, field) do { \
- (elm)->field.sle_next = (head)->slh_first; \
- (head)->slh_first = (elm); \
-} while (0)
-
-#define SLIST_REMOVE_HEAD(head, field) do { \
- (head)->slh_first = (head)->slh_first->field.sle_next; \
-} while (0)
-
-#define SLIST_REMOVE(head, elm, type, field) do { \
- if ((head)->slh_first == (elm)) { \
- SLIST_REMOVE_HEAD((head), field); \
- } \
- else { \
- struct type *curelm = (head)->slh_first; \
- while( curelm->field.sle_next != (elm) ) \
- curelm = curelm->field.sle_next; \
- curelm->field.sle_next = \
- curelm->field.sle_next->field.sle_next; \
- } \
-} while (0)
-
-/*
- * List definitions.
- */
-#define LIST_HEAD(name, type) \
-struct name { \
- struct type *lh_first; /* first element */ \
-}
-
-#define LIST_HEAD_INITIALIZER(head) \
- { NULL }
-
-#define LIST_ENTRY(type) \
-struct { \
- struct type *le_next; /* next element */ \
- struct type **le_prev; /* address of previous next element */ \
-}
-
-/*
- * List access methods
- */
-#define LIST_FIRST(head) ((head)->lh_first)
-#define LIST_END(head) NULL
-#define LIST_EMPTY(head) (LIST_FIRST(head) == LIST_END(head))
-#define LIST_NEXT(elm, field) ((elm)->field.le_next)
-
-#define LIST_FOREACH(var, head, field) \
- for((var) = LIST_FIRST(head); \
- (var)!= LIST_END(head); \
- (var) = LIST_NEXT(var, field))
-
-/*
- * List functions.
- */
-#define LIST_INIT(head) do { \
- LIST_FIRST(head) = LIST_END(head); \
-} while (0)
-
-#define LIST_INSERT_AFTER(listelm, elm, field) do { \
- if (((elm)->field.le_next = (listelm)->field.le_next) != NULL) \
- (listelm)->field.le_next->field.le_prev = \
- &(elm)->field.le_next; \
- (listelm)->field.le_next = (elm); \
- (elm)->field.le_prev = &(listelm)->field.le_next; \
-} while (0)
-
-#define LIST_INSERT_BEFORE(listelm, elm, field) do { \
- (elm)->field.le_prev = (listelm)->field.le_prev; \
- (elm)->field.le_next = (listelm); \
- *(listelm)->field.le_prev = (elm); \
- (listelm)->field.le_prev = &(elm)->field.le_next; \
-} while (0)
-
-#define LIST_INSERT_HEAD(head, elm, field) do { \
- if (((elm)->field.le_next = (head)->lh_first) != NULL) \
- (head)->lh_first->field.le_prev = &(elm)->field.le_next;\
- (head)->lh_first = (elm); \
- (elm)->field.le_prev = &(head)->lh_first; \
-} while (0)
-
-#define LIST_REMOVE(elm, field) do { \
- if ((elm)->field.le_next != NULL) \
- (elm)->field.le_next->field.le_prev = \
- (elm)->field.le_prev; \
- *(elm)->field.le_prev = (elm)->field.le_next; \
-} while (0)
-
-#define LIST_REPLACE(elm, elm2, field) do { \
- if (((elm2)->field.le_next = (elm)->field.le_next) != NULL) \
- (elm2)->field.le_next->field.le_prev = \
- &(elm2)->field.le_next; \
- (elm2)->field.le_prev = (elm)->field.le_prev; \
- *(elm2)->field.le_prev = (elm2); \
-} while (0)
-
-/*
- * Simple queue definitions.
- */
-#define SIMPLEQ_HEAD(name, type) \
-struct name { \
- struct type *sqh_first; /* first element */ \
- struct type **sqh_last; /* addr of last next element */ \
-}
-
-#define SIMPLEQ_HEAD_INITIALIZER(head) \
- { NULL, &(head).sqh_first }
-
-#define SIMPLEQ_ENTRY(type) \
-struct { \
- struct type *sqe_next; /* next element */ \
-}
-
-/*
- * Simple queue access methods.
- */
-#define SIMPLEQ_FIRST(head) ((head)->sqh_first)
-#define SIMPLEQ_END(head) NULL
-#define SIMPLEQ_EMPTY(head) (SIMPLEQ_FIRST(head) == SIMPLEQ_END(head))
-#define SIMPLEQ_NEXT(elm, field) ((elm)->field.sqe_next)
-
-#define SIMPLEQ_FOREACH(var, head, field) \
- for((var) = SIMPLEQ_FIRST(head); \
- (var) != SIMPLEQ_END(head); \
- (var) = SIMPLEQ_NEXT(var, field))
-
-/*
- * Simple queue functions.
- */
-#define SIMPLEQ_INIT(head) do { \
- (head)->sqh_first = NULL; \
- (head)->sqh_last = &(head)->sqh_first; \
-} while (0)
-
-#define SIMPLEQ_INSERT_HEAD(head, elm, field) do { \
- if (((elm)->field.sqe_next = (head)->sqh_first) == NULL) \
- (head)->sqh_last = &(elm)->field.sqe_next; \
- (head)->sqh_first = (elm); \
-} while (0)
-
-#define SIMPLEQ_INSERT_TAIL(head, elm, field) do { \
- (elm)->field.sqe_next = NULL; \
- *(head)->sqh_last = (elm); \
- (head)->sqh_last = &(elm)->field.sqe_next; \
-} while (0)
-
-#define SIMPLEQ_INSERT_AFTER(head, listelm, elm, field) do { \
- if (((elm)->field.sqe_next = (listelm)->field.sqe_next) == NULL)\
- (head)->sqh_last = &(elm)->field.sqe_next; \
- (listelm)->field.sqe_next = (elm); \
-} while (0)
-
-#define SIMPLEQ_REMOVE_HEAD(head, elm, field) do { \
- if (((head)->sqh_first = (elm)->field.sqe_next) == NULL) \
- (head)->sqh_last = &(head)->sqh_first; \
-} while (0)
-
-/*
- * Tail queue definitions.
- */
-#define TAILQ_HEAD(name, type) \
-struct name { \
- struct type *tqh_first; /* first element */ \
- struct type **tqh_last; /* addr of last next element */ \
-}
-
-#define TAILQ_HEAD_INITIALIZER(head) \
- { NULL, &(head).tqh_first }
-
-#define TAILQ_ENTRY(type) \
-struct { \
- struct type *tqe_next; /* next element */ \
- struct type **tqe_prev; /* address of previous next element */ \
-}
-
-/*
- * tail queue access methods
- */
-#define TAILQ_FIRST(head) ((head)->tqh_first)
-#define TAILQ_END(head) NULL
-#define TAILQ_NEXT(elm, field) ((elm)->field.tqe_next)
-#define TAILQ_LAST(head, headname) \
- (*(((struct headname *)((head)->tqh_last))->tqh_last))
-/* XXX */
-#define TAILQ_PREV(elm, headname, field) \
- (*(((struct headname *)((elm)->field.tqe_prev))->tqh_last))
-#define TAILQ_EMPTY(head) \
- (TAILQ_FIRST(head) == TAILQ_END(head))
-
-#define TAILQ_FOREACH(var, head, field) \
- for((var) = TAILQ_FIRST(head); \
- (var) != TAILQ_END(head); \
- (var) = TAILQ_NEXT(var, field))
-
-#define TAILQ_FOREACH_REVERSE(var, head, field, headname) \
- for((var) = TAILQ_LAST(head, headname); \
- (var) != TAILQ_END(head); \
- (var) = TAILQ_PREV(var, headname, field))
-
-/*
- * Tail queue functions.
- */
-#define TAILQ_INIT(head) do { \
- (head)->tqh_first = NULL; \
- (head)->tqh_last = &(head)->tqh_first; \
-} while (0)
-
-#define TAILQ_INSERT_HEAD(head, elm, field) do { \
- if (((elm)->field.tqe_next = (head)->tqh_first) != NULL) \
- (head)->tqh_first->field.tqe_prev = \
- &(elm)->field.tqe_next; \
- else \
- (head)->tqh_last = &(elm)->field.tqe_next; \
- (head)->tqh_first = (elm); \
- (elm)->field.tqe_prev = &(head)->tqh_first; \
-} while (0)
-
-#define TAILQ_INSERT_TAIL(head, elm, field) do { \
- (elm)->field.tqe_next = NULL; \
- (elm)->field.tqe_prev = (head)->tqh_last; \
- *(head)->tqh_last = (elm); \
- (head)->tqh_last = &(elm)->field.tqe_next; \
-} while (0)
-
-#define TAILQ_INSERT_AFTER(head, listelm, elm, field) do { \
- if (((elm)->field.tqe_next = (listelm)->field.tqe_next) != NULL)\
- (elm)->field.tqe_next->field.tqe_prev = \
- &(elm)->field.tqe_next; \
- else \
- (head)->tqh_last = &(elm)->field.tqe_next; \
- (listelm)->field.tqe_next = (elm); \
- (elm)->field.tqe_prev = &(listelm)->field.tqe_next; \
-} while (0)
-
-#define TAILQ_INSERT_BEFORE(listelm, elm, field) do { \
- (elm)->field.tqe_prev = (listelm)->field.tqe_prev; \
- (elm)->field.tqe_next = (listelm); \
- *(listelm)->field.tqe_prev = (elm); \
- (listelm)->field.tqe_prev = &(elm)->field.tqe_next; \
-} while (0)
-
-#define TAILQ_REMOVE(head, elm, field) do { \
- if (((elm)->field.tqe_next) != NULL) \
- (elm)->field.tqe_next->field.tqe_prev = \
- (elm)->field.tqe_prev; \
- else \
- (head)->tqh_last = (elm)->field.tqe_prev; \
- *(elm)->field.tqe_prev = (elm)->field.tqe_next; \
-} while (0)
-
-#define TAILQ_REPLACE(head, elm, elm2, field) do { \
- if (((elm2)->field.tqe_next = (elm)->field.tqe_next) != NULL) \
- (elm2)->field.tqe_next->field.tqe_prev = \
- &(elm2)->field.tqe_next; \
- else \
- (head)->tqh_last = &(elm2)->field.tqe_next; \
- (elm2)->field.tqe_prev = (elm)->field.tqe_prev; \
- *(elm2)->field.tqe_prev = (elm2); \
-} while (0)
-
-/*
- * Circular queue definitions.
- */
-#define CIRCLEQ_HEAD(name, type) \
-struct name { \
- struct type *cqh_first; /* first element */ \
- struct type *cqh_last; /* last element */ \
-}
-
-#define CIRCLEQ_HEAD_INITIALIZER(head) \
- { CIRCLEQ_END(&head), CIRCLEQ_END(&head) }
-
-#define CIRCLEQ_ENTRY(type) \
-struct { \
- struct type *cqe_next; /* next element */ \
- struct type *cqe_prev; /* previous element */ \
-}
-
-/*
- * Circular queue access methods
- */
-#define CIRCLEQ_FIRST(head) ((head)->cqh_first)
-#define CIRCLEQ_LAST(head) ((head)->cqh_last)
-#define CIRCLEQ_END(head) ((void *)(head))
-#define CIRCLEQ_NEXT(elm, field) ((elm)->field.cqe_next)
-#define CIRCLEQ_PREV(elm, field) ((elm)->field.cqe_prev)
-#define CIRCLEQ_EMPTY(head) \
- (CIRCLEQ_FIRST(head) == CIRCLEQ_END(head))
-
-#define CIRCLEQ_FOREACH(var, head, field) \
- for((var) = CIRCLEQ_FIRST(head); \
- (var) != CIRCLEQ_END(head); \
- (var) = CIRCLEQ_NEXT(var, field))
-
-#define CIRCLEQ_FOREACH_REVERSE(var, head, field) \
- for((var) = CIRCLEQ_LAST(head); \
- (var) != CIRCLEQ_END(head); \
- (var) = CIRCLEQ_PREV(var, field))
-
-/*
- * Circular queue functions.
- */
-#define CIRCLEQ_INIT(head) do { \
- (head)->cqh_first = CIRCLEQ_END(head); \
- (head)->cqh_last = CIRCLEQ_END(head); \
-} while (0)
-
-#define CIRCLEQ_INSERT_AFTER(head, listelm, elm, field) do { \
- (elm)->field.cqe_next = (listelm)->field.cqe_next; \
- (elm)->field.cqe_prev = (listelm); \
- if ((listelm)->field.cqe_next == CIRCLEQ_END(head)) \
- (head)->cqh_last = (elm); \
- else \
- (listelm)->field.cqe_next->field.cqe_prev = (elm); \
- (listelm)->field.cqe_next = (elm); \
-} while (0)
-
-#define CIRCLEQ_INSERT_BEFORE(head, listelm, elm, field) do { \
- (elm)->field.cqe_next = (listelm); \
- (elm)->field.cqe_prev = (listelm)->field.cqe_prev; \
- if ((listelm)->field.cqe_prev == CIRCLEQ_END(head)) \
- (head)->cqh_first = (elm); \
- else \
- (listelm)->field.cqe_prev->field.cqe_next = (elm); \
- (listelm)->field.cqe_prev = (elm); \
-} while (0)
-
-#define CIRCLEQ_INSERT_HEAD(head, elm, field) do { \
- (elm)->field.cqe_next = (head)->cqh_first; \
- (elm)->field.cqe_prev = CIRCLEQ_END(head); \
- if ((head)->cqh_last == CIRCLEQ_END(head)) \
- (head)->cqh_last = (elm); \
- else \
- (head)->cqh_first->field.cqe_prev = (elm); \
- (head)->cqh_first = (elm); \
-} while (0)
-
-#define CIRCLEQ_INSERT_TAIL(head, elm, field) do { \
- (elm)->field.cqe_next = CIRCLEQ_END(head); \
- (elm)->field.cqe_prev = (head)->cqh_last; \
- if ((head)->cqh_first == CIRCLEQ_END(head)) \
- (head)->cqh_first = (elm); \
- else \
- (head)->cqh_last->field.cqe_next = (elm); \
- (head)->cqh_last = (elm); \
-} while (0)
-
-#define CIRCLEQ_REMOVE(head, elm, field) do { \
- if ((elm)->field.cqe_next == CIRCLEQ_END(head)) \
- (head)->cqh_last = (elm)->field.cqe_prev; \
- else \
- (elm)->field.cqe_next->field.cqe_prev = \
- (elm)->field.cqe_prev; \
- if ((elm)->field.cqe_prev == CIRCLEQ_END(head)) \
- (head)->cqh_first = (elm)->field.cqe_next; \
- else \
- (elm)->field.cqe_prev->field.cqe_next = \
- (elm)->field.cqe_next; \
-} while (0)
-
-#define CIRCLEQ_REPLACE(head, elm, elm2, field) do { \
- if (((elm2)->field.cqe_next = (elm)->field.cqe_next) == \
- CIRCLEQ_END(head)) \
- (head).cqh_last = (elm2); \
- else \
- (elm2)->field.cqe_next->field.cqe_prev = (elm2); \
- if (((elm2)->field.cqe_prev = (elm)->field.cqe_prev) == \
- CIRCLEQ_END(head)) \
- (head).cqh_first = (elm2); \
- else \
- (elm2)->field.cqe_prev->field.cqe_next = (elm2); \
-} while (0)
-
-#endif /* !_FAKE_QUEUE_H_ */
Index: vendor-crypto/openssh/dist/openbsd-compat/fake-rfc2553.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/fake-rfc2553.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/fake-rfc2553.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/fake-rfc2553.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/openbsd-compat/fake-rfc2553.h
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/fake-rfc2553.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/fake-rfc2553.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $Id: fake-rfc2553.h,v 1.1.1.7 2009-05-02 16:45:51 laffer1 Exp $ */
+/* $Id: fake-rfc2553.h,v 1.16 2008/07/14 11:37:37 djm Exp $ */
/*
* Copyright (C) 2000-2003 Damien Miller. All rights reserved.
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/fake-rfc2553.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.7
\ No newline at end of property
Index: vendor-crypto/openssh/dist/openbsd-compat/fmt_scaled.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/fmt_scaled.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/fmt_scaled.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/fmt_scaled.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/openbsd-compat/getcwd.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/getcwd.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/getcwd.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: getcwd.c,v 1.14 2005/08/08 08:05:34 espie Exp $ */
+/* from OpenBSD: getcwd.c,v 1.14 2005/08/08 08:05:34 espie Exp */
/*
* Copyright (c) 1989, 1991, 1993
* The Regents of the University of California. All rights reserved.
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/getcwd.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/openbsd-compat/getgrouplist.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/getgrouplist.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/getgrouplist.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: getgrouplist.c,v 1.12 2005/08/08 08:05:34 espie Exp $ */
+/* from OpenBSD: getgrouplist.c,v 1.12 2005/08/08 08:05:34 espie Exp */
/*
* Copyright (c) 1991, 1993
* The Regents of the University of California. All rights reserved.
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/getgrouplist.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Deleted: vendor-crypto/openssh/dist/openbsd-compat/getopt.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/getopt.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/getopt.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,123 +0,0 @@
-/*
- * Copyright (c) 1987, 1993, 1994
- * The Regents of the University of California. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* OPENBSD ORIGINAL: lib/libc/stdlib/getopt.c */
-
-#include "includes.h"
-#if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET)
-
-#if defined(LIBC_SCCS) && !defined(lint)
-static char *rcsid = "$OpenBSD: getopt.c,v 1.5 2003/06/02 20:18:37 millert Exp $";
-#endif /* LIBC_SCCS and not lint */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-int BSDopterr = 1, /* if error message should be printed */
- BSDoptind = 1, /* index into parent argv vector */
- BSDoptopt, /* character checked for validity */
- BSDoptreset; /* reset getopt */
-char *BSDoptarg; /* argument associated with option */
-
-#define BADCH (int)'?'
-#define BADARG (int)':'
-#define EMSG ""
-
-/*
- * getopt --
- * Parse argc/argv argument vector.
- */
-int
-BSDgetopt(nargc, nargv, ostr)
- int nargc;
- char * const *nargv;
- const char *ostr;
-{
- extern char *__progname;
- static char *place = EMSG; /* option letter processing */
- char *oli; /* option letter list index */
-
- if (ostr == NULL)
- return (-1);
-
- if (BSDoptreset || !*place) { /* update scanning pointer */
- BSDoptreset = 0;
- if (BSDoptind >= nargc || *(place = nargv[BSDoptind]) != '-') {
- place = EMSG;
- return (-1);
- }
- if (place[1] && *++place == '-') { /* found "--" */
- ++BSDoptind;
- place = EMSG;
- return (-1);
- }
- } /* option letter okay? */
- if ((BSDoptopt = (int)*place++) == (int)':' ||
- !(oli = strchr(ostr, BSDoptopt))) {
- /*
- * if the user didn't specify '-' as an option,
- * assume it means -1.
- */
- if (BSDoptopt == (int)'-')
- return (-1);
- if (!*place)
- ++BSDoptind;
- if (BSDopterr && *ostr != ':')
- (void)fprintf(stderr,
- "%s: illegal option -- %c\n", __progname, BSDoptopt);
- return (BADCH);
- }
- if (*++oli != ':') { /* don't need argument */
- BSDoptarg = NULL;
- if (!*place)
- ++BSDoptind;
- }
- else { /* need an argument */
- if (*place) /* no white space */
- BSDoptarg = place;
- else if (nargc <= ++BSDoptind) { /* no arg */
- place = EMSG;
- if (*ostr == ':')
- return (BADARG);
- if (BSDopterr)
- (void)fprintf(stderr,
- "%s: option requires an argument -- %c\n",
- __progname, BSDoptopt);
- return (BADCH);
- }
- else /* white space */
- BSDoptarg = nargv[BSDoptind];
- place = EMSG;
- ++BSDoptind;
- }
- return (BSDoptopt); /* dump back option letter */
-}
-
-#endif /* !defined(HAVE_GETOPT) || !defined(HAVE_OPTRESET) */
Added: vendor-crypto/openssh/dist/openbsd-compat/getopt.h
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/getopt.h (rev 0)
+++ vendor-crypto/openssh/dist/openbsd-compat/getopt.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,74 @@
+/* $OpenBSD: getopt.h,v 1.2 2008/06/26 05:42:04 ray Exp $ */
+/* $NetBSD: getopt.h,v 1.4 2000/07/07 10:43:54 ad Exp $ */
+
+/*-
+ * Copyright (c) 2000 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Dieter Baron and Thomas Klausner.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _GETOPT_H_
+#define _GETOPT_H_
+
+/*
+ * GNU-like getopt_long() and 4.4BSD getsubopt()/optreset extensions
+ */
+#define no_argument 0
+#define required_argument 1
+#define optional_argument 2
+
+struct option {
+ /* name of long option */
+ const char *name;
+ /*
+ * one of no_argument, required_argument, and optional_argument:
+ * whether option takes an argument
+ */
+ int has_arg;
+ /* if not NULL, set *flag to val when option found */
+ int *flag;
+ /* if flag not NULL, value to set *flag to; else return value */
+ int val;
+};
+
+int getopt_long(int, char * const *, const char *,
+ const struct option *, int *);
+int getopt_long_only(int, char * const *, const char *,
+ const struct option *, int *);
+#ifndef _GETOPT_DEFINED_
+#define _GETOPT_DEFINED_
+int getopt(int, char * const *, const char *);
+int getsubopt(char **, char * const *, char **);
+
+extern char *optarg; /* getopt(3) external variables */
+extern int opterr;
+extern int optind;
+extern int optopt;
+extern int optreset;
+extern char *suboptarg; /* getsubopt(3) external variable */
+#endif
+
+#endif /* !_GETOPT_H_ */
Added: vendor-crypto/openssh/dist/openbsd-compat/getopt_long.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/getopt_long.c (rev 0)
+++ vendor-crypto/openssh/dist/openbsd-compat/getopt_long.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,532 @@
+/* $OpenBSD: getopt_long.c,v 1.25 2011/03/05 22:10:11 guenther Exp $ */
+/* $NetBSD: getopt_long.c,v 1.15 2002/01/31 22:43:40 tv Exp $ */
+
+/*
+ * Copyright (c) 2002 Todd C. Miller <Todd.Miller at courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+/*-
+ * Copyright (c) 2000 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Dieter Baron and Thomas Klausner.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* OPENBSD ORIGINAL: lib/libc/stdlib/getopt_long.c */
+#include "includes.h"
+
+#if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET)
+
+/*
+ * Some defines to make it easier to keep the code in sync with upstream.
+ * getopt opterr optind optopt optreset optarg are all in defines.h which is
+ * pulled in by includes.h.
+ */
+#define warnx logit
+
+#if 0
+#include <err.h>
+#include <getopt.h>
+#endif
+#include <errno.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+
+#include "log.h"
+
+int opterr = 1; /* if error message should be printed */
+int optind = 1; /* index into parent argv vector */
+int optopt = '?'; /* character checked for validity */
+int optreset; /* reset getopt */
+char *optarg; /* argument associated with option */
+
+#define PRINT_ERROR ((opterr) && (*options != ':'))
+
+#define FLAG_PERMUTE 0x01 /* permute non-options to the end of argv */
+#define FLAG_ALLARGS 0x02 /* treat non-options as args to option "-1" */
+#define FLAG_LONGONLY 0x04 /* operate as getopt_long_only */
+
+/* return values */
+#define BADCH (int)'?'
+#define BADARG ((*options == ':') ? (int)':' : (int)'?')
+#define INORDER (int)1
+
+#define EMSG ""
+
+static int getopt_internal(int, char * const *, const char *,
+ const struct option *, int *, int);
+static int parse_long_options(char * const *, const char *,
+ const struct option *, int *, int);
+static int gcd(int, int);
+static void permute_args(int, int, int, char * const *);
+
+static char *place = EMSG; /* option letter processing */
+
+/* XXX: set optreset to 1 rather than these two */
+static int nonopt_start = -1; /* first non option argument (for permute) */
+static int nonopt_end = -1; /* first option after non options (for permute) */
+
+/* Error messages */
+static const char recargchar[] = "option requires an argument -- %c";
+static const char recargstring[] = "option requires an argument -- %s";
+static const char ambig[] = "ambiguous option -- %.*s";
+static const char noarg[] = "option doesn't take an argument -- %.*s";
+static const char illoptchar[] = "unknown option -- %c";
+static const char illoptstring[] = "unknown option -- %s";
+
+/*
+ * Compute the greatest common divisor of a and b.
+ */
+static int
+gcd(int a, int b)
+{
+ int c;
+
+ c = a % b;
+ while (c != 0) {
+ a = b;
+ b = c;
+ c = a % b;
+ }
+
+ return (b);
+}
+
+/*
+ * Exchange the block from nonopt_start to nonopt_end with the block
+ * from nonopt_end to opt_end (keeping the same order of arguments
+ * in each block).
+ */
+static void
+permute_args(int panonopt_start, int panonopt_end, int opt_end,
+ char * const *nargv)
+{
+ int cstart, cyclelen, i, j, ncycle, nnonopts, nopts, pos;
+ char *swap;
+
+ /*
+ * compute lengths of blocks and number and size of cycles
+ */
+ nnonopts = panonopt_end - panonopt_start;
+ nopts = opt_end - panonopt_end;
+ ncycle = gcd(nnonopts, nopts);
+ cyclelen = (opt_end - panonopt_start) / ncycle;
+
+ for (i = 0; i < ncycle; i++) {
+ cstart = panonopt_end+i;
+ pos = cstart;
+ for (j = 0; j < cyclelen; j++) {
+ if (pos >= panonopt_end)
+ pos -= nnonopts;
+ else
+ pos += nopts;
+ swap = nargv[pos];
+ /* LINTED const cast */
+ ((char **) nargv)[pos] = nargv[cstart];
+ /* LINTED const cast */
+ ((char **)nargv)[cstart] = swap;
+ }
+ }
+}
+
+/*
+ * parse_long_options --
+ * Parse long options in argc/argv argument vector.
+ * Returns -1 if short_too is set and the option does not match long_options.
+ */
+static int
+parse_long_options(char * const *nargv, const char *options,
+ const struct option *long_options, int *idx, int short_too)
+{
+ char *current_argv, *has_equal;
+ size_t current_argv_len;
+ int i, match;
+
+ current_argv = place;
+ match = -1;
+
+ optind++;
+
+ if ((has_equal = strchr(current_argv, '=')) != NULL) {
+ /* argument found (--option=arg) */
+ current_argv_len = has_equal - current_argv;
+ has_equal++;
+ } else
+ current_argv_len = strlen(current_argv);
+
+ for (i = 0; long_options[i].name; i++) {
+ /* find matching long option */
+ if (strncmp(current_argv, long_options[i].name,
+ current_argv_len))
+ continue;
+
+ if (strlen(long_options[i].name) == current_argv_len) {
+ /* exact match */
+ match = i;
+ break;
+ }
+ /*
+ * If this is a known short option, don't allow
+ * a partial match of a single character.
+ */
+ if (short_too && current_argv_len == 1)
+ continue;
+
+ if (match == -1) /* partial match */
+ match = i;
+ else {
+ /* ambiguous abbreviation */
+ if (PRINT_ERROR)
+ warnx(ambig, (int)current_argv_len,
+ current_argv);
+ optopt = 0;
+ return (BADCH);
+ }
+ }
+ if (match != -1) { /* option found */
+ if (long_options[match].has_arg == no_argument
+ && has_equal) {
+ if (PRINT_ERROR)
+ warnx(noarg, (int)current_argv_len,
+ current_argv);
+ /*
+ * XXX: GNU sets optopt to val regardless of flag
+ */
+ if (long_options[match].flag == NULL)
+ optopt = long_options[match].val;
+ else
+ optopt = 0;
+ return (BADARG);
+ }
+ if (long_options[match].has_arg == required_argument ||
+ long_options[match].has_arg == optional_argument) {
+ if (has_equal)
+ optarg = has_equal;
+ else if (long_options[match].has_arg ==
+ required_argument) {
+ /*
+ * optional argument doesn't use next nargv
+ */
+ optarg = nargv[optind++];
+ }
+ }
+ if ((long_options[match].has_arg == required_argument)
+ && (optarg == NULL)) {
+ /*
+ * Missing argument; leading ':' indicates no error
+ * should be generated.
+ */
+ if (PRINT_ERROR)
+ warnx(recargstring,
+ current_argv);
+ /*
+ * XXX: GNU sets optopt to val regardless of flag
+ */
+ if (long_options[match].flag == NULL)
+ optopt = long_options[match].val;
+ else
+ optopt = 0;
+ --optind;
+ return (BADARG);
+ }
+ } else { /* unknown option */
+ if (short_too) {
+ --optind;
+ return (-1);
+ }
+ if (PRINT_ERROR)
+ warnx(illoptstring, current_argv);
+ optopt = 0;
+ return (BADCH);
+ }
+ if (idx)
+ *idx = match;
+ if (long_options[match].flag) {
+ *long_options[match].flag = long_options[match].val;
+ return (0);
+ } else
+ return (long_options[match].val);
+}
+
+/*
+ * getopt_internal --
+ * Parse argc/argv argument vector. Called by user level routines.
+ */
+static int
+getopt_internal(int nargc, char * const *nargv, const char *options,
+ const struct option *long_options, int *idx, int flags)
+{
+ char *oli; /* option letter list index */
+ int optchar, short_too;
+ static int posixly_correct = -1;
+
+ if (options == NULL)
+ return (-1);
+
+ /*
+ * XXX Some GNU programs (like cvs) set optind to 0 instead of
+ * XXX using optreset. Work around this braindamage.
+ */
+ if (optind == 0)
+ optind = optreset = 1;
+
+ /*
+ * Disable GNU extensions if POSIXLY_CORRECT is set or options
+ * string begins with a '+'.
+ */
+ if (posixly_correct == -1 || optreset)
+ posixly_correct = (getenv("POSIXLY_CORRECT") != NULL);
+ if (*options == '-')
+ flags |= FLAG_ALLARGS;
+ else if (posixly_correct || *options == '+')
+ flags &= ~FLAG_PERMUTE;
+ if (*options == '+' || *options == '-')
+ options++;
+
+ optarg = NULL;
+ if (optreset)
+ nonopt_start = nonopt_end = -1;
+start:
+ if (optreset || !*place) { /* update scanning pointer */
+ optreset = 0;
+ if (optind >= nargc) { /* end of argument vector */
+ place = EMSG;
+ if (nonopt_end != -1) {
+ /* do permutation, if we have to */
+ permute_args(nonopt_start, nonopt_end,
+ optind, nargv);
+ optind -= nonopt_end - nonopt_start;
+ }
+ else if (nonopt_start != -1) {
+ /*
+ * If we skipped non-options, set optind
+ * to the first of them.
+ */
+ optind = nonopt_start;
+ }
+ nonopt_start = nonopt_end = -1;
+ return (-1);
+ }
+ if (*(place = nargv[optind]) != '-' ||
+ (place[1] == '\0' && strchr(options, '-') == NULL)) {
+ place = EMSG; /* found non-option */
+ if (flags & FLAG_ALLARGS) {
+ /*
+ * GNU extension:
+ * return non-option as argument to option 1
+ */
+ optarg = nargv[optind++];
+ return (INORDER);
+ }
+ if (!(flags & FLAG_PERMUTE)) {
+ /*
+ * If no permutation wanted, stop parsing
+ * at first non-option.
+ */
+ return (-1);
+ }
+ /* do permutation */
+ if (nonopt_start == -1)
+ nonopt_start = optind;
+ else if (nonopt_end != -1) {
+ permute_args(nonopt_start, nonopt_end,
+ optind, nargv);
+ nonopt_start = optind -
+ (nonopt_end - nonopt_start);
+ nonopt_end = -1;
+ }
+ optind++;
+ /* process next argument */
+ goto start;
+ }
+ if (nonopt_start != -1 && nonopt_end == -1)
+ nonopt_end = optind;
+
+ /*
+ * If we have "-" do nothing, if "--" we are done.
+ */
+ if (place[1] != '\0' && *++place == '-' && place[1] == '\0') {
+ optind++;
+ place = EMSG;
+ /*
+ * We found an option (--), so if we skipped
+ * non-options, we have to permute.
+ */
+ if (nonopt_end != -1) {
+ permute_args(nonopt_start, nonopt_end,
+ optind, nargv);
+ optind -= nonopt_end - nonopt_start;
+ }
+ nonopt_start = nonopt_end = -1;
+ return (-1);
+ }
+ }
+
+ /*
+ * Check long options if:
+ * 1) we were passed some
+ * 2) the arg is not just "-"
+ * 3) either the arg starts with -- we are getopt_long_only()
+ */
+ if (long_options != NULL && place != nargv[optind] &&
+ (*place == '-' || (flags & FLAG_LONGONLY))) {
+ short_too = 0;
+ if (*place == '-')
+ place++; /* --foo long option */
+ else if (*place != ':' && strchr(options, *place) != NULL)
+ short_too = 1; /* could be short option too */
+
+ optchar = parse_long_options(nargv, options, long_options,
+ idx, short_too);
+ if (optchar != -1) {
+ place = EMSG;
+ return (optchar);
+ }
+ }
+
+ if ((optchar = (int)*place++) == (int)':' ||
+ (optchar == (int)'-' && *place != '\0') ||
+ (oli = strchr(options, optchar)) == NULL) {
+ /*
+ * If the user specified "-" and '-' isn't listed in
+ * options, return -1 (non-option) as per POSIX.
+ * Otherwise, it is an unknown option character (or ':').
+ */
+ if (optchar == (int)'-' && *place == '\0')
+ return (-1);
+ if (!*place)
+ ++optind;
+ if (PRINT_ERROR)
+ warnx(illoptchar, optchar);
+ optopt = optchar;
+ return (BADCH);
+ }
+ if (long_options != NULL && optchar == 'W' && oli[1] == ';') {
+ /* -W long-option */
+ if (*place) /* no space */
+ /* NOTHING */;
+ else if (++optind >= nargc) { /* no arg */
+ place = EMSG;
+ if (PRINT_ERROR)
+ warnx(recargchar, optchar);
+ optopt = optchar;
+ return (BADARG);
+ } else /* white space */
+ place = nargv[optind];
+ optchar = parse_long_options(nargv, options, long_options,
+ idx, 0);
+ place = EMSG;
+ return (optchar);
+ }
+ if (*++oli != ':') { /* doesn't take argument */
+ if (!*place)
+ ++optind;
+ } else { /* takes (optional) argument */
+ optarg = NULL;
+ if (*place) /* no white space */
+ optarg = place;
+ else if (oli[1] != ':') { /* arg not optional */
+ if (++optind >= nargc) { /* no arg */
+ place = EMSG;
+ if (PRINT_ERROR)
+ warnx(recargchar, optchar);
+ optopt = optchar;
+ return (BADARG);
+ } else
+ optarg = nargv[optind];
+ }
+ place = EMSG;
+ ++optind;
+ }
+ /* dump back option letter */
+ return (optchar);
+}
+
+/*
+ * getopt --
+ * Parse argc/argv argument vector.
+ *
+ * [eventually this will replace the BSD getopt]
+ */
+int
+getopt(int nargc, char * const *nargv, const char *options)
+{
+
+ /*
+ * We don't pass FLAG_PERMUTE to getopt_internal() since
+ * the BSD getopt(3) (unlike GNU) has never done this.
+ *
+ * Furthermore, since many privileged programs call getopt()
+ * before dropping privileges it makes sense to keep things
+ * as simple (and bug-free) as possible.
+ */
+ return (getopt_internal(nargc, nargv, options, NULL, NULL, 0));
+}
+
+#if 0
+/*
+ * getopt_long --
+ * Parse argc/argv argument vector.
+ */
+int
+getopt_long(int nargc, char * const *nargv, const char *options,
+ const struct option *long_options, int *idx)
+{
+
+ return (getopt_internal(nargc, nargv, options, long_options, idx,
+ FLAG_PERMUTE));
+}
+
+/*
+ * getopt_long_only --
+ * Parse argc/argv argument vector.
+ */
+int
+getopt_long_only(int nargc, char * const *nargv, const char *options,
+ const struct option *long_options, int *idx)
+{
+
+ return (getopt_internal(nargc, nargv, options, long_options, idx,
+ FLAG_PERMUTE|FLAG_LONGONLY));
+}
+#endif
+
+#endif /* !defined(HAVE_GETOPT) || !defined(HAVE_OPTRESET) */
Added: vendor-crypto/openssh/dist/openbsd-compat/getrrsetbyname-ldns.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/getrrsetbyname-ldns.c (rev 0)
+++ vendor-crypto/openssh/dist/openbsd-compat/getrrsetbyname-ldns.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,284 @@
+/* $OpenBSD: getrrsetbyname.c,v 1.10 2005/03/30 02:58:28 tedu Exp $ */
+
+/*
+ * Copyright (c) 2007 Simon Vallet / Genoscope <svallet at genoscope.cns.fr>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Portions Copyright (c) 1999-2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
+ * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
+ * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
+ * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+ * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "includes.h"
+
+#if !defined (HAVE_GETRRSETBYNAME) && defined (HAVE_LDNS)
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <ldns/ldns.h>
+
+#include "getrrsetbyname.h"
+#include "log.h"
+#include "xmalloc.h"
+
+#define malloc(x) (xmalloc(x))
+#define calloc(x, y) (xcalloc((x),(y)))
+
+int
+getrrsetbyname(const char *hostname, unsigned int rdclass,
+ unsigned int rdtype, unsigned int flags,
+ struct rrsetinfo **res)
+{
+ int result;
+ unsigned int i, j, index_ans, index_sig;
+ struct rrsetinfo *rrset = NULL;
+ struct rdatainfo *rdata;
+ size_t len;
+ ldns_resolver *ldns_res;
+ ldns_rdf *domain = NULL;
+ ldns_pkt *pkt = NULL;
+ ldns_rr_list *rrsigs = NULL, *rrdata = NULL;
+ ldns_status err;
+ ldns_rr *rr;
+
+ /* check for invalid class and type */
+ if (rdclass > 0xffff || rdtype > 0xffff) {
+ result = ERRSET_INVAL;
+ goto fail;
+ }
+
+ /* don't allow queries of class or type ANY */
+ if (rdclass == 0xff || rdtype == 0xff) {
+ result = ERRSET_INVAL;
+ goto fail;
+ }
+
+ /* don't allow flags yet, unimplemented */
+ if (flags) {
+ result = ERRSET_INVAL;
+ goto fail;
+ }
+
+ /* Initialize resolver from resolv.conf */
+ domain = ldns_dname_new_frm_str(hostname);
+ if ((err = ldns_resolver_new_frm_file(&ldns_res, NULL)) != \
+ LDNS_STATUS_OK) {
+ result = ERRSET_FAIL;
+ goto fail;
+ }
+
+#ifdef LDNS_DEBUG
+ ldns_resolver_set_debug(ldns_res, true);
+#endif /* LDNS_DEBUG */
+
+ ldns_resolver_set_dnssec(ldns_res, true); /* Use DNSSEC */
+
+ /* make query */
+ pkt = ldns_resolver_query(ldns_res, domain, rdtype, rdclass, LDNS_RD);
+
+ /*** TODO: finer errcodes -- see original **/
+ if (!pkt || ldns_pkt_ancount(pkt) < 1) {
+ result = ERRSET_FAIL;
+ goto fail;
+ }
+
+ /* initialize rrset */
+ rrset = calloc(1, sizeof(struct rrsetinfo));
+ if (rrset == NULL) {
+ result = ERRSET_NOMEMORY;
+ goto fail;
+ }
+
+ rrdata = ldns_pkt_rr_list_by_type(pkt, rdtype, LDNS_SECTION_ANSWER);
+ rrset->rri_nrdatas = ldns_rr_list_rr_count(rrdata);
+ if (!rrset->rri_nrdatas) {
+ result = ERRSET_NODATA;
+ goto fail;
+ }
+
+ /* copy name from answer section */
+ len = ldns_rdf_size(ldns_rr_owner(ldns_rr_list_rr(rrdata, 0)));
+ if ((rrset->rri_name = malloc(len)) == NULL) {
+ result = ERRSET_NOMEMORY;
+ goto fail;
+ }
+ memcpy(rrset->rri_name,
+ ldns_rdf_data(ldns_rr_owner(ldns_rr_list_rr(rrdata, 0))), len);
+
+ rrset->rri_rdclass = ldns_rr_get_class(ldns_rr_list_rr(rrdata, 0));
+ rrset->rri_rdtype = ldns_rr_get_type(ldns_rr_list_rr(rrdata, 0));
+ rrset->rri_ttl = ldns_rr_ttl(ldns_rr_list_rr(rrdata, 0));
+
+ debug2("ldns: got %u answers from DNS", rrset->rri_nrdatas);
+
+ /* Check for authenticated data */
+ if (ldns_pkt_ad(pkt)) {
+ rrset->rri_flags |= RRSET_VALIDATED;
+ } else { /* AD is not set, try autonomous validation */
+ ldns_rr_list * trusted_keys = ldns_rr_list_new();
+
+ debug2("ldns: trying to validate RRset");
+ /* Get eventual sigs */
+ rrsigs = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_RRSIG,
+ LDNS_SECTION_ANSWER);
+
+ rrset->rri_nsigs = ldns_rr_list_rr_count(rrsigs);
+ debug2("ldns: got %u signature(s) (RRTYPE %u) from DNS",
+ rrset->rri_nsigs, LDNS_RR_TYPE_RRSIG);
+
+ if ((err = ldns_verify_trusted(ldns_res, rrdata, rrsigs,
+ trusted_keys)) == LDNS_STATUS_OK) {
+ rrset->rri_flags |= RRSET_VALIDATED;
+ debug2("ldns: RRset is signed with a valid key");
+ } else {
+ debug2("ldns: RRset validation failed: %s",
+ ldns_get_errorstr_by_id(err));
+ }
+
+ ldns_rr_list_deep_free(trusted_keys);
+ }
+
+ /* allocate memory for answers */
+ rrset->rri_rdatas = calloc(rrset->rri_nrdatas,
+ sizeof(struct rdatainfo));
+
+ if (rrset->rri_rdatas == NULL) {
+ result = ERRSET_NOMEMORY;
+ goto fail;
+ }
+
+ /* allocate memory for signatures */
+ if (rrset->rri_nsigs > 0) {
+ rrset->rri_sigs = calloc(rrset->rri_nsigs,
+ sizeof(struct rdatainfo));
+
+ if (rrset->rri_sigs == NULL) {
+ result = ERRSET_NOMEMORY;
+ goto fail;
+ }
+ }
+
+ /* copy answers & signatures */
+ for (i=0, index_ans=0, index_sig=0; i< pkt->_header->_ancount; i++) {
+ rdata = NULL;
+ rr = ldns_rr_list_rr(ldns_pkt_answer(pkt), i);
+
+ if (ldns_rr_get_class(rr) == rrset->rri_rdclass &&
+ ldns_rr_get_type(rr) == rrset->rri_rdtype) {
+ rdata = &rrset->rri_rdatas[index_ans++];
+ }
+
+ if (rr->_rr_class == rrset->rri_rdclass &&
+ rr->_rr_type == LDNS_RR_TYPE_RRSIG &&
+ rrset->rri_sigs) {
+ rdata = &rrset->rri_sigs[index_sig++];
+ }
+
+ if (rdata) {
+ size_t rdata_offset = 0;
+
+ rdata->rdi_length = 0;
+ for (j=0; j< rr->_rd_count; j++) {
+ rdata->rdi_length +=
+ ldns_rdf_size(ldns_rr_rdf(rr, j));
+ }
+
+ rdata->rdi_data = malloc(rdata->rdi_length);
+ if (rdata->rdi_data == NULL) {
+ result = ERRSET_NOMEMORY;
+ goto fail;
+ }
+
+ /* Re-create the raw DNS RDATA */
+ for (j=0; j< rr->_rd_count; j++) {
+ len = ldns_rdf_size(ldns_rr_rdf(rr, j));
+ memcpy(rdata->rdi_data + rdata_offset,
+ ldns_rdf_data(ldns_rr_rdf(rr, j)), len);
+ rdata_offset += len;
+ }
+ }
+ }
+
+ *res = rrset;
+ result = ERRSET_SUCCESS;
+
+fail:
+ /* freerrset(rrset); */
+ ldns_rdf_deep_free(domain);
+ ldns_pkt_free(pkt);
+ ldns_rr_list_deep_free(rrsigs);
+ ldns_rr_list_deep_free(rrdata);
+ ldns_resolver_deep_free(ldns_res);
+
+ return result;
+}
+
+
+void
+freerrset(struct rrsetinfo *rrset)
+{
+ u_int16_t i;
+
+ if (rrset == NULL)
+ return;
+
+ if (rrset->rri_rdatas) {
+ for (i = 0; i < rrset->rri_nrdatas; i++) {
+ if (rrset->rri_rdatas[i].rdi_data == NULL)
+ break;
+ free(rrset->rri_rdatas[i].rdi_data);
+ }
+ free(rrset->rri_rdatas);
+ }
+
+ if (rrset->rri_sigs) {
+ for (i = 0; i < rrset->rri_nsigs; i++) {
+ if (rrset->rri_sigs[i].rdi_data == NULL)
+ break;
+ free(rrset->rri_sigs[i].rdi_data);
+ }
+ free(rrset->rri_sigs);
+ }
+
+ if (rrset->rri_name)
+ free(rrset->rri_name);
+ free(rrset);
+}
+
+
+#endif /* !defined (HAVE_GETRRSETBYNAME) && defined (HAVE_LDNS) */
Modified: vendor-crypto/openssh/dist/openbsd-compat/getrrsetbyname.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/getrrsetbyname.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/getrrsetbyname.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -47,7 +47,7 @@
#include "includes.h"
-#ifndef HAVE_GETRRSETBYNAME
+#if !defined (HAVE_GETRRSETBYNAME) && !defined (HAVE_LDNS)
#include <stdlib.h>
#include <string.h>
@@ -607,4 +607,4 @@
return (n);
}
-#endif /* !defined(HAVE_GETRRSETBYNAME) */
+#endif /* !defined (HAVE_GETRRSETBYNAME) && !defined (HAVE_LDNS) */
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/getrrsetbyname.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Index: vendor-crypto/openssh/dist/openbsd-compat/getrrsetbyname.h
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/getrrsetbyname.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/getrrsetbyname.h 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/getrrsetbyname.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/openbsd-compat/glob.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/glob.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/glob.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: glob.c,v 1.35 2011/01/12 01:53:14 djm Exp $ */
+/* $OpenBSD: glob.c,v 1.38 2011/09/22 06:27:29 djm Exp $ */
/*
* Copyright (c) 1989, 1993
* The Regents of the University of California. All rights reserved.
@@ -66,6 +66,7 @@
#include <dirent.h>
#include <ctype.h>
#include <errno.h>
+#include <limits.h>
#include <pwd.h>
#include <stdlib.h>
#include <string.h>
@@ -132,6 +133,9 @@
#define GLOB_LIMIT_STAT 128
#define GLOB_LIMIT_READDIR 16384
+/* Limit of recursion during matching attempts. */
+#define GLOB_LIMIT_RECUR 64
+
struct glob_lim {
size_t glim_malloc;
size_t glim_stat;
@@ -138,7 +142,13 @@
size_t glim_readdir;
};
+struct glob_path_stat {
+ char *gps_path;
+ struct stat *gps_stat;
+};
+
static int compare(const void *, const void *);
+static int compare_gps(const void *, const void *);
static int g_Ctoc(const Char *, char *, u_int);
static int g_lstat(Char *, struct stat *, glob_t *);
static DIR *g_opendir(Char *, glob_t *);
@@ -158,7 +168,7 @@
static int globexp1(const Char *, glob_t *, struct glob_lim *);
static int globexp2(const Char *, const Char *, glob_t *,
struct glob_lim *);
-static int match(Char *, Char *, Char *);
+static int match(Char *, Char *, Char *, int);
#ifdef DEBUG
static void qprintf(const char *, Char *);
#endif
@@ -172,6 +182,9 @@
Char *bufnext, *bufend, patbuf[MAXPATHLEN];
struct glob_lim limit = { 0, 0, 0 };
+ if (strnlen(pattern, PATH_MAX) == PATH_MAX)
+ return(GLOB_NOMATCH);
+
patnext = (u_char *) pattern;
if (!(flags & GLOB_APPEND)) {
pglob->gl_pathc = 0;
@@ -548,9 +561,32 @@
else
return(GLOB_NOMATCH);
}
- if (!(pglob->gl_flags & GLOB_NOSORT))
- qsort(pglob->gl_pathv + pglob->gl_offs + oldpathc,
- pglob->gl_pathc - oldpathc, sizeof(char *), compare);
+ if (!(pglob->gl_flags & GLOB_NOSORT)) {
+ if ((pglob->gl_flags & GLOB_KEEPSTAT)) {
+ /* Keep the paths and stat info synced during sort */
+ struct glob_path_stat *path_stat;
+ int i;
+ int n = pglob->gl_pathc - oldpathc;
+ int o = pglob->gl_offs + oldpathc;
+
+ if ((path_stat = calloc(n, sizeof(*path_stat))) == NULL)
+ return GLOB_NOSPACE;
+ for (i = 0; i < n; i++) {
+ path_stat[i].gps_path = pglob->gl_pathv[o + i];
+ path_stat[i].gps_stat = pglob->gl_statv[o + i];
+ }
+ qsort(path_stat, n, sizeof(*path_stat), compare_gps);
+ for (i = 0; i < n; i++) {
+ pglob->gl_pathv[o + i] = path_stat[i].gps_path;
+ pglob->gl_statv[o + i] = path_stat[i].gps_stat;
+ }
+ free(path_stat);
+ } else {
+ qsort(pglob->gl_pathv + pglob->gl_offs + oldpathc,
+ pglob->gl_pathc - oldpathc, sizeof(char *),
+ compare);
+ }
+ }
return(0);
}
@@ -561,6 +597,15 @@
}
static int
+compare_gps(const void *_p, const void *_q)
+{
+ const struct glob_path_stat *p = (const struct glob_path_stat *)_p;
+ const struct glob_path_stat *q = (const struct glob_path_stat *)_q;
+
+ return(strcmp(p->gps_path, q->gps_path));
+}
+
+static int
glob1(Char *pattern, Char *pattern_last, glob_t *pglob, struct glob_lim *limitp)
{
Char pathbuf[MAXPATHLEN];
@@ -697,7 +742,8 @@
errno = 0;
*pathend++ = SEP;
*pathend = EOS;
- return(GLOB_NOSPACE);
+ err = GLOB_NOSPACE;
+ break;
}
/* Initial DOT must be matched literally. */
@@ -713,7 +759,7 @@
break;
}
- if (!match(pathend, pattern, restpattern)) {
+ if (!match(pathend, pattern, restpattern, GLOB_LIMIT_RECUR)) {
*pathend = EOS;
continue;
}
@@ -850,19 +896,24 @@
* pattern causes a recursion level.
*/
static int
-match(Char *name, Char *pat, Char *patend)
+match(Char *name, Char *pat, Char *patend, int recur)
{
int ok, negate_range;
Char c, k;
+ if (recur-- == 0)
+ return(GLOB_NOSPACE);
+
while (pat < patend) {
c = *pat++;
switch (c & M_MASK) {
case M_ALL:
+ while (pat < patend && (*pat & M_MASK) == M_ALL)
+ pat++; /* eat consecutive '*' */
if (pat == patend)
return(1);
do {
- if (match(name, pat, patend))
+ if (match(name, pat, patend, recur))
return(1);
} while (*name++ != EOS);
return(0);
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/glob.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Index: vendor-crypto/openssh/dist/openbsd-compat/glob.h
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/glob.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/glob.h 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/glob.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Index: vendor-crypto/openssh/dist/openbsd-compat/inet_aton.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/inet_aton.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/inet_aton.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/inet_aton.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Index: vendor-crypto/openssh/dist/openbsd-compat/inet_ntoa.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/inet_ntoa.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/inet_ntoa.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/inet_ntoa.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/openbsd-compat/inet_ntop.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/inet_ntop.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/inet_ntop.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: inet_ntop.c,v 1.7 2005/08/06 20:30:03 espie Exp $ */
+/* $OpenBSD: inet_ntop.c,v 1.8 2008/12/09 19:38:38 otto Exp $ */
/* Copyright (c) 1996 by Internet Software Consortium.
*
@@ -57,13 +57,13 @@
* Paul Vixie, 1996.
*/
const char *
-inet_ntop(int af, const void *src, char *dst, size_t size)
+inet_ntop(int af, const void *src, char *dst, socklen_t size)
{
switch (af) {
case AF_INET:
- return (inet_ntop4(src, dst, size));
+ return (inet_ntop4(src, dst, (size_t)size));
case AF_INET6:
- return (inet_ntop6(src, dst, size));
+ return (inet_ntop6(src, dst, (size_t)size));
default:
errno = EAFNOSUPPORT;
return (NULL);
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/inet_ntop.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/openbsd-compat/mktemp.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/mktemp.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/mktemp.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,34 +1,22 @@
/* THIS FILE HAS BEEN MODIFIED FROM THE ORIGINAL OPENBSD SOURCE */
/* Changes: Removed mktemp */
-/* $OpenBSD: mktemp.c,v 1.19 2005/08/08 08:05:36 espie Exp $ */
+/* $OpenBSD: mktemp.c,v 1.30 2010/03/21 23:09:30 schwarze Exp $ */
/*
- * Copyright (c) 1987, 1993
- * The Regents of the University of California. All rights reserved.
+ * Copyright (c) 1996-1998, 2008 Theo de Raadt
+ * Copyright (c) 1997, 2008-2009 Todd C. Miller
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
*
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* OPENBSD ORIGINAL: lib/libc/stdio/mktemp.c */
@@ -37,142 +25,117 @@
#include <sys/types.h>
#include <sys/stat.h>
-
+#include <errno.h>
#include <fcntl.h>
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
#include <ctype.h>
-#include <errno.h>
#include <unistd.h>
#if !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP)
-static int _gettemp(char *, int *, int, int);
+#define MKTEMP_NAME 0
+#define MKTEMP_FILE 1
+#define MKTEMP_DIR 2
-int
-mkstemps(char *path, int slen)
+#define TEMPCHARS "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
+#define NUM_CHARS (sizeof(TEMPCHARS) - 1)
+
+static int
+mktemp_internal(char *path, int slen, int mode)
{
+ char *start, *cp, *ep;
+ const char *tempchars = TEMPCHARS;
+ unsigned int r, tries;
+ struct stat sb;
+ size_t len;
int fd;
- return (_gettemp(path, &fd, 0, slen) ? fd : -1);
+ len = strlen(path);
+ if (len == 0 || slen < 0 || (size_t)slen >= len) {
+ errno = EINVAL;
+ return(-1);
+ }
+ ep = path + len - slen;
+
+ tries = 1;
+ for (start = ep; start > path && start[-1] == 'X'; start--) {
+ if (tries < INT_MAX / NUM_CHARS)
+ tries *= NUM_CHARS;
+ }
+ tries *= 2;
+
+ do {
+ for (cp = start; cp != ep; cp++) {
+ r = arc4random_uniform(NUM_CHARS);
+ *cp = tempchars[r];
+ }
+
+ switch (mode) {
+ case MKTEMP_NAME:
+ if (lstat(path, &sb) != 0)
+ return(errno == ENOENT ? 0 : -1);
+ break;
+ case MKTEMP_FILE:
+ fd = open(path, O_CREAT|O_EXCL|O_RDWR, S_IRUSR|S_IWUSR);
+ if (fd != -1 || errno != EEXIST)
+ return(fd);
+ break;
+ case MKTEMP_DIR:
+ if (mkdir(path, S_IRUSR|S_IWUSR|S_IXUSR) == 0)
+ return(0);
+ if (errno != EEXIST)
+ return(-1);
+ break;
+ }
+ } while (--tries);
+
+ errno = EEXIST;
+ return(-1);
}
-int
-mkstemp(char *path)
+#if 0
+char *_mktemp(char *);
+
+char *
+_mktemp(char *path)
{
- int fd;
-
- return (_gettemp(path, &fd, 0, 0) ? fd : -1);
+ if (mktemp_internal(path, 0, MKTEMP_NAME) == -1)
+ return(NULL);
+ return(path);
}
+__warn_references(mktemp,
+ "warning: mktemp() possibly used unsafely; consider using mkstemp()");
+
char *
-mkdtemp(char *path)
+mktemp(char *path)
{
- return(_gettemp(path, (int *)NULL, 1, 0) ? path : (char *)NULL);
+ return(_mktemp(path));
}
+#endif
-static int
-_gettemp(path, doopen, domkdir, slen)
- char *path;
- register int *doopen;
- int domkdir;
- int slen;
+int
+mkstemp(char *path)
{
- register char *start, *trv, *suffp;
- struct stat sbuf;
- int rval;
- pid_t pid;
+ return(mktemp_internal(path, 0, MKTEMP_FILE));
+}
- if (doopen && domkdir) {
- errno = EINVAL;
- return(0);
- }
+int
+mkstemps(char *path, int slen)
+{
+ return(mktemp_internal(path, slen, MKTEMP_FILE));
+}
- for (trv = path; *trv; ++trv)
- ;
- trv -= slen;
- suffp = trv;
- --trv;
- if (trv < path) {
- errno = EINVAL;
- return (0);
- }
- pid = getpid();
- while (trv >= path && *trv == 'X' && pid != 0) {
- *trv-- = (pid % 10) + '0';
- pid /= 10;
- }
- while (trv >= path && *trv == 'X') {
- char c;
+char *
+mkdtemp(char *path)
+{
+ int error;
- pid = (arc4random() & 0xffff) % (26+26);
- if (pid < 26)
- c = pid + 'A';
- else
- c = (pid - 26) + 'a';
- *trv-- = c;
- }
- start = trv + 1;
-
- /*
- * check the target directory; if you have six X's and it
- * doesn't exist this runs for a *very* long time.
- */
- if (doopen || domkdir) {
- for (;; --trv) {
- if (trv <= path)
- break;
- if (*trv == '/') {
- *trv = '\0';
- rval = stat(path, &sbuf);
- *trv = '/';
- if (rval != 0)
- return(0);
- if (!S_ISDIR(sbuf.st_mode)) {
- errno = ENOTDIR;
- return(0);
- }
- break;
- }
- }
- }
-
- for (;;) {
- if (doopen) {
- if ((*doopen =
- open(path, O_CREAT|O_EXCL|O_RDWR, 0600)) >= 0)
- return(1);
- if (errno != EEXIST)
- return(0);
- } else if (domkdir) {
- if (mkdir(path, 0700) == 0)
- return(1);
- if (errno != EEXIST)
- return(0);
- } else if (lstat(path, &sbuf))
- return(errno == ENOENT ? 1 : 0);
-
- /* tricky little algorithm for backward compatibility */
- for (trv = start;;) {
- if (!*trv)
- return (0);
- if (*trv == 'Z') {
- if (trv == suffp)
- return (0);
- *trv++ = 'a';
- } else {
- if (isdigit(*trv))
- *trv = 'a';
- else if (*trv == 'z') /* inc from z to A */
- *trv = 'A';
- else {
- if (trv == suffp)
- return (0);
- ++*trv;
- }
- break;
- }
- }
- }
- /*NOTREACHED*/
+ error = mktemp_internal(path, 0, MKTEMP_DIR);
+ return(error ? NULL : path);
}
#endif /* !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP) */
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/mktemp.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/openbsd-compat/openbsd-compat.h
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/openbsd-compat.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/openbsd-compat.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $Id: openbsd-compat.h,v 1.1.1.6 2011-02-04 14:04:19 laffer1 Exp $ */
+/* $Id: openbsd-compat.h,v 1.58 2013/06/05 22:30:21 dtucker Exp $ */
/*
* Copyright (c) 1999-2003 Damien Miller. All rights reserved.
@@ -111,12 +111,16 @@
int fmt_scaled(long long number, char *result);
#endif
+#ifndef HAVE_SCAN_SCALED
+int scan_scaled(char *, long long *);
+#endif
+
#if defined(BROKEN_INET_NTOA) || !defined(HAVE_INET_NTOA)
char *inet_ntoa(struct in_addr in);
#endif
#ifndef HAVE_INET_NTOP
-const char *inet_ntop(int af, const void *src, char *dst, size_t size);
+const char *inet_ntop(int af, const void *src, char *dst, socklen_t size);
#endif
#ifndef HAVE_INET_ATON
@@ -139,6 +143,7 @@
#if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET)
int BSDgetopt(int argc, char * const *argv, const char *opts);
+#include "openbsd-compat/getopt.h"
#endif
#if defined(HAVE_DECL_WRITEV) && HAVE_DECL_WRITEV == 0
@@ -149,6 +154,7 @@
/* Home grown routines */
#include "bsd-misc.h"
+#include "bsd-setres_id.h"
#include "bsd-statvfs.h"
#include "bsd-waitpid.h"
#include "bsd-poll.h"
@@ -189,10 +195,23 @@
long long strtoll(const char *, char **, int);
#endif
+#ifndef HAVE_STRTOUL
+unsigned long strtoul(const char *, char **, int);
+#endif
+
+#ifndef HAVE_STRTOULL
+unsigned long long strtoull(const char *, char **, int);
+#endif
+
#ifndef HAVE_STRTONUM
long long strtonum(const char *, long long, long long, const char **);
#endif
+/* multibyte character support */
+#ifndef HAVE_MBLEN
+# define mblen(x, y) 1
+#endif
+
#if !defined(HAVE_VASPRINTF) || !defined(HAVE_VSNPRINTF)
# include <stdarg.h>
#endif
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/openbsd-compat.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.6
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/openbsd-compat/openssl-compat.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/openssl-compat.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/openssl-compat.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $Id: openssl-compat.c,v 1.1.1.6 2011-02-04 14:04:19 laffer1 Exp $ */
+/* $Id: openssl-compat.c,v 1.14 2011/05/10 01:13:38 dtucker Exp $ */
/*
* Copyright (c) 2005 Darren Tucker <dtucker at zip.com.au>
@@ -134,9 +134,9 @@
#ifdef USE_OPENSSL_ENGINE
void
-ssh_SSLeay_add_all_algorithms(void)
+ssh_OpenSSL_add_all_algorithms(void)
{
- SSLeay_add_all_algorithms();
+ OpenSSL_add_all_algorithms();
/* Enable use of crypto hardware */
ENGINE_load_builtin_engines();
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/openssl-compat.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.6
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/openbsd-compat/openssl-compat.h
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/openssl-compat.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/openssl-compat.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $Id: openssl-compat.h,v 1.1.1.7 2011-02-04 14:04:19 laffer1 Exp $ */
+/* $Id: openssl-compat.h,v 1.24 2013/02/12 00:00:40 djm Exp $ */
/*
* Copyright (c) 2005 Darren Tucker <dtucker at zip.com.au>
@@ -40,7 +40,7 @@
# define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data)
#endif
-#if OPENSSL_VERSION_NUMBER < 0x1000000fL
+#if OPENSSL_VERSION_NUMBER < 0x10000001L
# define LIBCRYPTO_EVP_INL_TYPE unsigned int
#else
# define LIBCRYPTO_EVP_INL_TYPE size_t
@@ -59,20 +59,43 @@
# define EVP_aes_128_cbc evp_rijndael
# define EVP_aes_192_cbc evp_rijndael
# define EVP_aes_256_cbc evp_rijndael
-extern const EVP_CIPHER *evp_rijndael(void);
-extern void ssh_rijndael_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
+const EVP_CIPHER *evp_rijndael(void);
+void ssh_rijndael_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
#endif
-#if !defined(EVP_CTRL_SET_ACSS_MODE)
-# if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
-# define USE_CIPHER_ACSS 1
-extern const EVP_CIPHER *evp_acss(void);
-# define EVP_acss evp_acss
+#ifndef OPENSSL_HAVE_EVPCTR
+#define EVP_aes_128_ctr evp_aes_128_ctr
+#define EVP_aes_192_ctr evp_aes_128_ctr
+#define EVP_aes_256_ctr evp_aes_128_ctr
+const EVP_CIPHER *evp_aes_128_ctr(void);
+void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, size_t);
+#endif
+
+/* Avoid some #ifdef. Code that uses these is unreachable without GCM */
+#if !defined(OPENSSL_HAVE_EVPGCM) && !defined(EVP_CTRL_GCM_SET_IV_FIXED)
+# define EVP_CTRL_GCM_SET_IV_FIXED -1
+# define EVP_CTRL_GCM_IV_GEN -1
+# define EVP_CTRL_GCM_SET_TAG -1
+# define EVP_CTRL_GCM_GET_TAG -1
+#endif
+
+/* Replace missing EVP_CIPHER_CTX_ctrl() with something that returns failure */
+#ifndef HAVE_EVP_CIPHER_CTX_CTRL
+# ifdef OPENSSL_HAVE_EVPGCM
+# error AES-GCM enabled without EVP_CIPHER_CTX_ctrl /* shouldn't happen */
# else
-# define EVP_acss NULL
+# define EVP_CIPHER_CTX_ctrl(a,b,c,d) (0)
# endif
#endif
+#if OPENSSL_VERSION_NUMBER < 0x00907000L
+#define EVP_X_STATE(evp) &(evp).c
+#define EVP_X_STATE_LEN(evp) sizeof((evp).c)
+#else
+#define EVP_X_STATE(evp) (evp).cipher_data
+#define EVP_X_STATE_LEN(evp) (evp).cipher->ctx_size
+#endif
+
/* OpenSSL 0.9.8e returns cipher key len not context key len */
#if (OPENSSL_VERSION_NUMBER == 0x0090805fL)
# define EVP_CIPHER_CTX_key_length(c) ((c)->key_len)
@@ -106,10 +129,10 @@
# endif
# ifdef USE_OPENSSL_ENGINE
-# ifdef SSLeay_add_all_algorithms
-# undef SSLeay_add_all_algorithms
+# ifdef OpenSSL_add_all_algorithms
+# undef OpenSSL_add_all_algorithms
# endif
-# define SSLeay_add_all_algorithms() ssh_SSLeay_add_all_algorithms()
+# define OpenSSL_add_all_algorithms() ssh_OpenSSL_add_all_algorithms()
# endif
# ifndef HAVE_BN_IS_PRIME_EX
@@ -129,6 +152,11 @@
unsigned char *, int);
int ssh_EVP_Cipher(EVP_CIPHER_CTX *, char *, char *, int);
int ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *);
-void ssh_SSLeay_add_all_algorithms(void);
+void ssh_OpenSSL_add_all_algorithms(void);
+
+# ifndef HAVE_HMAC_CTX_INIT
+# define HMAC_CTX_init(a)
+# endif
+
#endif /* SSH_DONT_OVERLOAD_OPENSSL_FUNCS */
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/openssl-compat.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.7
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/openbsd-compat/port-aix.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/port-aix.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/port-aix.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -86,7 +86,7 @@
fatal("Couldn't set usrinfo: %s", strerror(errno));
debug3("AIX/UsrInfo: set len %d", i);
- xfree(cp);
+ free(cp);
}
# ifdef WITH_AIXAUTHENTICATE
@@ -215,8 +215,7 @@
default: /* user can't change(2) or other error (-1) */
logit("Password can't be changed for user %s: %.100s",
name, msg);
- if (msg)
- xfree(msg);
+ free(msg);
authsuccess = 0;
}
@@ -223,8 +222,7 @@
aix_restoreauthdb();
}
- if (authmsg != NULL)
- xfree(authmsg);
+ free(authmsg);
return authsuccess;
}
@@ -269,7 +267,7 @@
if (!permitted)
logit("Login restricted for %s: %.100s", pw->pw_name, msg);
- xfree(msg);
+ free(msg);
return permitted;
}
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/port-aix.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/openbsd-compat/port-aix.h
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/port-aix.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/port-aix.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $Id: port-aix.h,v 1.1.1.6 2011-02-04 14:04:19 laffer1 Exp $ */
+/* $Id: port-aix.h,v 1.32 2009/12/20 23:49:22 dtucker Exp $ */
/*
*
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/port-aix.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.6
\ No newline at end of property
Index: vendor-crypto/openssh/dist/openbsd-compat/port-irix.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/port-irix.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/port-irix.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/port-irix.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/openbsd-compat/port-irix.h
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/port-irix.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/port-irix.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $Id: port-irix.h,v 1.1.1.2 2006-02-25 02:34:25 laffer1 Exp $ */
+/* $Id: port-irix.h,v 1.4 2003/08/29 16:59:52 mouring Exp $ */
/*
* Copyright (c) 2000 Denis Parker. All rights reserved.
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/port-irix.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/openbsd-compat/port-linux.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/port-linux.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/port-linux.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $Id: port-linux.c,v 1.1.1.4 2013-01-22 13:42:07 laffer1 Exp $ */
+/* $Id: port-linux.c,v 1.18 2013/06/01 22:07:32 dtucker Exp $ */
/*
* Copyright (c) 2005 Daniel Walsh <dwalsh at redhat.com>
@@ -38,6 +38,10 @@
#include <selinux/flask.h>
#include <selinux/get_context_list.h>
+#ifndef SSH_SELINUX_UNCONFINED_TYPE
+# define SSH_SELINUX_UNCONFINED_TYPE ":unconfined_t:"
+#endif
+
/* Wrapper around is_selinux_enabled() to log its return value once only */
int
ssh_selinux_enabled(void)
@@ -56,7 +60,7 @@
static security_context_t
ssh_selinux_getctxbyname(char *pwname)
{
- security_context_t sc;
+ security_context_t sc = NULL;
char *sename = NULL, *lvl = NULL;
int r;
@@ -82,6 +86,7 @@
case 0:
error("%s: Failed to get default SELinux security "
"context for %s", __func__, pwname);
+ sc = NULL;
break;
default:
fatal("%s: Failed to get default SELinux security "
@@ -91,13 +96,11 @@
}
#ifdef HAVE_GETSEUSERBYNAME
- if (sename != NULL)
- xfree(sename);
- if (lvl != NULL)
- xfree(lvl);
+ free(sename);
+ free(lvl);
#endif
- return (sc);
+ return sc;
}
/* Set the execution context to the default for the specified user */
@@ -177,12 +180,13 @@
{
int len, newlen;
char *oldctx, *newctx, *cx;
+ void (*switchlog) (const char *fmt,...) = logit;
if (!ssh_selinux_enabled())
return;
if (getcon((security_context_t *)&oldctx) < 0) {
- logit("%s: getcon failed with %s", __func__, strerror (errno));
+ logit("%s: getcon failed with %s", __func__, strerror(errno));
return;
}
if ((cx = index(oldctx, ':')) == NULL || (cx = index(cx + 1, ':')) ==
@@ -191,6 +195,14 @@
return;
}
+ /*
+ * Check whether we are attempting to switch away from an unconfined
+ * security context.
+ */
+ if (strncmp(cx, SSH_SELINUX_UNCONFINED_TYPE,
+ sizeof(SSH_SELINUX_UNCONFINED_TYPE) - 1) == 0)
+ switchlog = debug3;
+
newlen = strlen(oldctx) + strlen(newname) + 1;
newctx = xmalloc(newlen);
len = cx - oldctx + 1;
@@ -198,12 +210,13 @@
strlcpy(newctx + len, newname, newlen - len);
if ((cx = index(cx + 1, ':')))
strlcat(newctx, cx, newlen);
- debug3("%s: setting context from '%s' to '%s'", __func__, oldctx,
- newctx);
+ debug3("%s: setting context from '%s' to '%s'", __func__,
+ oldctx, newctx);
if (setcon(newctx) < 0)
- logit("%s: setcon failed with %s", __func__, strerror (errno));
- xfree(oldctx);
- xfree(newctx);
+ switchlog("%s: setcon %s from %s failed with %s", __func__,
+ newctx, oldctx, strerror(errno));
+ free(oldctx);
+ free(newctx);
}
void
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/port-linux.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/openbsd-compat/port-linux.h
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/port-linux.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/port-linux.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $Id: port-linux.h,v 1.1.1.4 2013-01-22 13:42:07 laffer1 Exp $ */
+/* $Id: port-linux.h,v 1.5 2011/01/25 01:16:18 djm Exp $ */
/*
* Copyright (c) 2006 Damien Miller <djm at openbsd.org>
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/port-linux.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/openbsd-compat/port-solaris.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/port-solaris.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/port-solaris.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $Id: port-solaris.c,v 1.1.1.3 2011-02-04 14:04:19 laffer1 Exp $ */
+/* $Id: port-solaris.c,v 1.4 2010/11/05 01:03:05 dtucker Exp $ */
/*
* Copyright (c) 2006 Chad Mynhier.
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/port-solaris.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/openbsd-compat/port-solaris.h
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/port-solaris.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/port-solaris.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $Id: port-solaris.h,v 1.1.1.2 2011-02-04 14:04:19 laffer1 Exp $ */
+/* $Id: port-solaris.h,v 1.2 2010/11/05 01:03:05 dtucker Exp $ */
/*
* Copyright (c) 2006 Chad Mynhier.
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/port-solaris.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Index: vendor-crypto/openssh/dist/openbsd-compat/port-tun.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/port-tun.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/port-tun.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/port-tun.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Index: vendor-crypto/openssh/dist/openbsd-compat/port-tun.h
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/port-tun.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/port-tun.h 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/port-tun.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Index: vendor-crypto/openssh/dist/openbsd-compat/port-uw.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/port-uw.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/port-uw.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/port-uw.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Index: vendor-crypto/openssh/dist/openbsd-compat/port-uw.h
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/port-uw.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/port-uw.h 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/port-uw.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Index: vendor-crypto/openssh/dist/openbsd-compat/pwcache.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/pwcache.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/pwcache.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/pwcache.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Index: vendor-crypto/openssh/dist/openbsd-compat/readpassphrase.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/readpassphrase.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/readpassphrase.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/readpassphrase.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Index: vendor-crypto/openssh/dist/openbsd-compat/readpassphrase.h
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/readpassphrase.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/readpassphrase.h 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/readpassphrase.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Index: vendor-crypto/openssh/dist/openbsd-compat/realpath.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/realpath.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/realpath.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/realpath.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/openbsd-compat/regress/Makefile.in
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/regress/Makefile.in 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/regress/Makefile.in 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.1.1.1 2006-10-03 02:03:03 raven Exp $
+# $Id: Makefile.in,v 1.4 2006/08/19 09:12:14 dtucker Exp $
sysconfdir=@sysconfdir@
piddir=@piddir@
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/regress/Makefile.in
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/openbsd-compat/regress/closefromtest.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/regress/closefromtest.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/regress/closefromtest.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -24,6 +24,8 @@
#define NUM_OPENS 10
+int closefrom(int);
+
void
fail(char *msg)
{
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/regress/closefromtest.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Index: vendor-crypto/openssh/dist/openbsd-compat/regress/snprintftest.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/regress/snprintftest.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/regress/snprintftest.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/regress/snprintftest.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Index: vendor-crypto/openssh/dist/openbsd-compat/regress/strduptest.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/regress/strduptest.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/regress/strduptest.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/regress/strduptest.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Index: vendor-crypto/openssh/dist/openbsd-compat/regress/strtonumtest.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/regress/strtonumtest.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/regress/strtonumtest.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/regress/strtonumtest.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Index: vendor-crypto/openssh/dist/openbsd-compat/rresvport.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/rresvport.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/rresvport.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/rresvport.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/openbsd-compat/setenv.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/setenv.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/setenv.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: setenv.c,v 1.9 2005/08/08 08:05:37 espie Exp $ */
+/* $OpenBSD: setenv.c,v 1.13 2010/08/23 22:31:50 millert Exp $ */
/*
* Copyright (c) 1987 Regents of the University of California.
* All rights reserved.
@@ -31,35 +31,38 @@
/* OPENBSD ORIGINAL: lib/libc/stdlib/setenv.c */
#include "includes.h"
+
#if !defined(HAVE_SETENV) || !defined(HAVE_UNSETENV)
+#include <errno.h>
#include <stdlib.h>
#include <string.h>
extern char **environ;
+static char **lastenv; /* last value of environ */
/* OpenSSH Portable: __findenv is from getenv.c rev 1.8, made static */
/*
* __findenv --
* Returns pointer to value associated with name, if any, else NULL.
+ * Starts searching within the environmental array at offset.
* Sets offset to be the offset of the name/value combination in the
- * environmental array, for use by setenv(3) and unsetenv(3).
+ * environmental array, for use by putenv(3), setenv(3) and unsetenv(3).
* Explicitly removes '=' in argument name.
+ *
+ * This routine *should* be a static; don't use it.
*/
static char *
-__findenv(const char *name, size_t *offset)
+__findenv(const char *name, int len, int *offset)
{
extern char **environ;
- int len, i;
+ int i;
const char *np;
char **p, *cp;
if (name == NULL || environ == NULL)
return (NULL);
- for (np = name; *np && *np != '='; ++np)
- ;
- len = np - name;
- for (p = environ; (cp = *p) != NULL; ++p) {
+ for (p = environ + *offset; (cp = *p) != NULL; ++p) {
for (np = name, i = len; i && *cp; i--)
if (*cp++ != *np++)
break;
@@ -71,6 +74,54 @@
return (NULL);
}
+#if 0 /* nothing uses putenv */
+/*
+ * putenv --
+ * Add a name=value string directly to the environmental, replacing
+ * any current value.
+ */
+int
+putenv(char *str)
+{
+ char **P, *cp;
+ size_t cnt;
+ int offset = 0;
+
+ for (cp = str; *cp && *cp != '='; ++cp)
+ ;
+ if (*cp != '=') {
+ errno = EINVAL;
+ return (-1); /* missing `=' in string */
+ }
+
+ if (__findenv(str, (int)(cp - str), &offset) != NULL) {
+ environ[offset++] = str;
+ /* could be set multiple times */
+ while (__findenv(str, (int)(cp - str), &offset)) {
+ for (P = &environ[offset];; ++P)
+ if (!(*P = *(P + 1)))
+ break;
+ }
+ return (0);
+ }
+
+ /* create new slot for string */
+ for (P = environ; *P != NULL; P++)
+ ;
+ cnt = P - environ;
+ P = (char **)realloc(lastenv, sizeof(char *) * (cnt + 2));
+ if (!P)
+ return (-1);
+ if (lastenv != environ)
+ memcpy(P, environ, cnt * sizeof(char *));
+ lastenv = environ = P;
+ environ[cnt] = str;
+ environ[cnt + 1] = NULL;
+ return (0);
+}
+
+#endif
+
#ifndef HAVE_SETENV
/*
* setenv --
@@ -80,24 +131,39 @@
int
setenv(const char *name, const char *value, int rewrite)
{
- static char **lastenv; /* last value of environ */
- char *C;
- size_t l_value, offset;
+ char *C, **P;
+ const char *np;
+ int l_value, offset = 0;
- if (*value == '=') /* no `=' in value */
- ++value;
+ for (np = name; *np && *np != '='; ++np)
+ ;
+#ifdef notyet
+ if (*np) {
+ errno = EINVAL;
+ return (-1); /* has `=' in name */
+ }
+#endif
+
l_value = strlen(value);
- if ((C = __findenv(name, &offset))) { /* find if already exists */
+ if ((C = __findenv(name, (int)(np - name), &offset)) != NULL) {
+ int tmpoff = offset + 1;
if (!rewrite)
return (0);
+#if 0 /* XXX - existing entry may not be writable */
if (strlen(C) >= l_value) { /* old larger; copy over */
while ((*C++ = *value++))
;
return (0);
}
+#endif
+ /* could be set multiple times */
+ while (__findenv(name, (int)(np - name), &tmpoff)) {
+ for (P = &environ[tmpoff];; ++P)
+ if (!(*P = *(P + 1)))
+ break;
+ }
} else { /* create new slot */
size_t cnt;
- char **P;
for (P = environ; *P != NULL; P++)
;
@@ -111,10 +177,8 @@
offset = cnt;
environ[cnt + 1] = NULL;
}
- for (C = (char *)name; *C && *C != '='; ++C)
- ; /* no `=' in name */
if (!(environ[offset] = /* name + `=' + value */
- malloc((size_t)((int)(C - name) + l_value + 2))))
+ malloc((size_t)((int)(np - name) + l_value + 2))))
return (-1);
for (C = environ[offset]; (*C = *name++) && *C != '='; ++C)
;
@@ -122,6 +186,7 @@
;
return (0);
}
+
#endif /* HAVE_SETENV */
#ifndef HAVE_UNSETENV
@@ -129,17 +194,33 @@
* unsetenv(name) --
* Delete environmental variable "name".
*/
-void
+int
unsetenv(const char *name)
{
char **P;
- size_t offset;
+ const char *np;
+ int offset = 0;
- while (__findenv(name, &offset)) /* if set multiple times */
+ if (!name || !*name) {
+ errno = EINVAL;
+ return (-1);
+ }
+ for (np = name; *np && *np != '='; ++np)
+ ;
+ if (*np) {
+ errno = EINVAL;
+ return (-1); /* has `=' in name */
+ }
+
+ /* could be set multiple times */
+ while (__findenv(name, (int)(np - name), &offset)) {
for (P = &environ[offset];; ++P)
if (!(*P = *(P + 1)))
break;
+ }
+ return (0);
}
#endif /* HAVE_UNSETENV */
#endif /* !defined(HAVE_SETENV) || !defined(HAVE_UNSETENV) */
+
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/setenv.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Index: vendor-crypto/openssh/dist/openbsd-compat/setproctitle.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/setproctitle.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/setproctitle.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/setproctitle.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/openbsd-compat/sha2.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/sha2.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/sha2.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sha2.c,v 1.11 2005/08/08 08:05:35 espie Exp $ */
+/* from OpenBSD: sha2.c,v 1.11 2005/08/08 08:05:35 espie Exp */
/*
* FILE: sha2.c
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/sha2.c
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/openbsd-compat/sha2.h
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/sha2.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/sha2.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sha2.h,v 1.6 2004/06/22 01:57:30 jfb Exp $ */
+/* OpenBSD: sha2.h,v 1.6 2004/06/22 01:57:30 jfb Exp */
/*
* FILE: sha2.h
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/sha2.h
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Index: vendor-crypto/openssh/dist/openbsd-compat/sigact.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/sigact.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/sigact.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/sigact.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Index: vendor-crypto/openssh/dist/openbsd-compat/sigact.h
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/sigact.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/sigact.h 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/sigact.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Index: vendor-crypto/openssh/dist/openbsd-compat/strlcat.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/strlcat.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/strlcat.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/strlcat.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/openbsd-compat/strlcpy.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/strlcpy.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/strlcpy.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: strlcpy.c,v 1.10 2005/08/08 08:05:37 espie Exp $ */
+/* $OpenBSD: strlcpy.c,v 1.11 2006/05/05 15:27:38 millert Exp $ */
/*
* Copyright (c) 1998 Todd C. Miller <Todd.Miller at courtesan.com>
@@ -37,11 +37,11 @@
size_t n = siz;
/* Copy as many bytes as will fit */
- if (n != 0 && --n != 0) {
- do {
- if ((*d++ = *s++) == 0)
+ if (n != 0) {
+ while (--n != 0) {
+ if ((*d++ = *s++) == '\0')
break;
- } while (--n != 0);
+ }
}
/* Not enough room in dst, add NUL and traverse rest of src */
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/strlcpy.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Index: vendor-crypto/openssh/dist/openbsd-compat/strmode.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/strmode.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/strmode.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/strmode.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Added: vendor-crypto/openssh/dist/openbsd-compat/strnlen.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/strnlen.c (rev 0)
+++ vendor-crypto/openssh/dist/openbsd-compat/strnlen.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,37 @@
+/* $OpenBSD: strnlen.c,v 1.3 2010/06/02 12:58:12 millert Exp $ */
+
+/*
+ * Copyright (c) 2010 Todd C. Miller <Todd.Miller at courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* OPENBSD ORIGINAL: lib/libc/string/strnlen.c */
+
+#include "config.h"
+#ifndef HAVE_STRNLEN
+#include <sys/types.h>
+
+#include <string.h>
+
+size_t
+strnlen(const char *str, size_t maxlen)
+{
+ const char *cp;
+
+ for (cp = str; maxlen != 0 && *cp != '\0'; cp++, maxlen--)
+ ;
+
+ return (size_t)(cp - str);
+}
+#endif
Index: vendor-crypto/openssh/dist/openbsd-compat/strptime.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/strptime.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/strptime.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/strptime.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Index: vendor-crypto/openssh/dist/openbsd-compat/strsep.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/strsep.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/strsep.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/strsep.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Index: vendor-crypto/openssh/dist/openbsd-compat/strtoll.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/strtoll.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/strtoll.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/strtoll.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Index: vendor-crypto/openssh/dist/openbsd-compat/strtonum.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/strtonum.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/strtonum.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/strtonum.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Index: vendor-crypto/openssh/dist/openbsd-compat/strtoul.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/strtoul.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/strtoul.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/strtoul.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Added: vendor-crypto/openssh/dist/openbsd-compat/strtoull.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/strtoull.c (rev 0)
+++ vendor-crypto/openssh/dist/openbsd-compat/strtoull.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,110 @@
+/* $OpenBSD: strtoull.c,v 1.5 2005/08/08 08:05:37 espie Exp $ */
+/*-
+ * Copyright (c) 1992 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* OPENBSD ORIGINAL: lib/libc/stdlib/strtoull.c */
+
+#include "includes.h"
+#ifndef HAVE_STRTOULL
+
+#include <sys/types.h>
+
+#include <ctype.h>
+#include <errno.h>
+#include <limits.h>
+#include <stdlib.h>
+
+/*
+ * Convert a string to an unsigned long long.
+ *
+ * Ignores `locale' stuff. Assumes that the upper and lower case
+ * alphabets and digits are each contiguous.
+ */
+unsigned long long
+strtoull(const char *nptr, char **endptr, int base)
+{
+ const char *s;
+ unsigned long long acc, cutoff;
+ int c;
+ int neg, any, cutlim;
+
+ /*
+ * See strtoq for comments as to the logic used.
+ */
+ s = nptr;
+ do {
+ c = (unsigned char) *s++;
+ } while (isspace(c));
+ if (c == '-') {
+ neg = 1;
+ c = *s++;
+ } else {
+ neg = 0;
+ if (c == '+')
+ c = *s++;
+ }
+ if ((base == 0 || base == 16) &&
+ c == '0' && (*s == 'x' || *s == 'X')) {
+ c = s[1];
+ s += 2;
+ base = 16;
+ }
+ if (base == 0)
+ base = c == '0' ? 8 : 10;
+
+ cutoff = ULLONG_MAX / (unsigned long long)base;
+ cutlim = ULLONG_MAX % (unsigned long long)base;
+ for (acc = 0, any = 0;; c = (unsigned char) *s++) {
+ if (isdigit(c))
+ c -= '0';
+ else if (isalpha(c))
+ c -= isupper(c) ? 'A' - 10 : 'a' - 10;
+ else
+ break;
+ if (c >= base)
+ break;
+ if (any < 0)
+ continue;
+ if (acc > cutoff || (acc == cutoff && c > cutlim)) {
+ any = -1;
+ acc = ULLONG_MAX;
+ errno = ERANGE;
+ } else {
+ any = 1;
+ acc *= (unsigned long long)base;
+ acc += c;
+ }
+ }
+ if (neg && any > 0)
+ acc = -acc;
+ if (endptr != 0)
+ *endptr = (char *) (any ? s - 1 : nptr);
+ return (acc);
+}
+#endif /* !HAVE_STRTOULL */
Modified: vendor-crypto/openssh/dist/openbsd-compat/sys-queue.h
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/sys-queue.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/sys-queue.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: queue.h,v 1.32 2007/04/30 18:42:34 pedro Exp $ */
+/* $OpenBSD: queue.h,v 1.36 2012/04/11 13:29:14 naddy Exp $ */
/* $NetBSD: queue.h,v 1.11 1996/05/16 05:17:14 mycroft Exp $ */
/*
@@ -202,10 +202,10 @@
(var) != SLIST_END(head); \
(var) = SLIST_NEXT(var, field))
-#define SLIST_FOREACH_PREVPTR(var, varp, head, field) \
- for ((varp) = &SLIST_FIRST((head)); \
- ((var) = *(varp)) != SLIST_END(head); \
- (varp) = &SLIST_NEXT((var), field))
+#define SLIST_FOREACH_SAFE(var, head, field, tvar) \
+ for ((var) = SLIST_FIRST(head); \
+ (var) && ((tvar) = SLIST_NEXT(var, field), 1); \
+ (var) = (tvar))
/*
* Singly-linked List functions.
@@ -224,7 +224,7 @@
(head)->slh_first = (elm); \
} while (0)
-#define SLIST_REMOVE_NEXT(head, elm, field) do { \
+#define SLIST_REMOVE_AFTER(elm, field) do { \
(elm)->field.sle_next = (elm)->field.sle_next->field.sle_next; \
} while (0)
@@ -276,6 +276,11 @@
(var)!= LIST_END(head); \
(var) = LIST_NEXT(var, field))
+#define LIST_FOREACH_SAFE(var, head, field, tvar) \
+ for ((var) = LIST_FIRST(head); \
+ (var) && ((tvar) = LIST_NEXT(var, field), 1); \
+ (var) = (tvar))
+
/*
* List functions.
*/
@@ -354,6 +359,11 @@
(var) != SIMPLEQ_END(head); \
(var) = SIMPLEQ_NEXT(var, field))
+#define SIMPLEQ_FOREACH_SAFE(var, head, field, tvar) \
+ for ((var) = SIMPLEQ_FIRST(head); \
+ (var) && ((tvar) = SIMPLEQ_NEXT(var, field), 1); \
+ (var) = (tvar))
+
/*
* Simple queue functions.
*/
@@ -385,6 +395,12 @@
(head)->sqh_last = &(head)->sqh_first; \
} while (0)
+#define SIMPLEQ_REMOVE_AFTER(head, elm, field) do { \
+ if (((elm)->field.sqe_next = (elm)->field.sqe_next->field.sqe_next) \
+ == NULL) \
+ (head)->sqh_last = &(elm)->field.sqe_next; \
+} while (0)
+
/*
* Tail queue definitions.
*/
@@ -422,11 +438,24 @@
(var) != TAILQ_END(head); \
(var) = TAILQ_NEXT(var, field))
+#define TAILQ_FOREACH_SAFE(var, head, field, tvar) \
+ for ((var) = TAILQ_FIRST(head); \
+ (var) != TAILQ_END(head) && \
+ ((tvar) = TAILQ_NEXT(var, field), 1); \
+ (var) = (tvar))
+
+
#define TAILQ_FOREACH_REVERSE(var, head, headname, field) \
for((var) = TAILQ_LAST(head, headname); \
(var) != TAILQ_END(head); \
(var) = TAILQ_PREV(var, headname, field))
+#define TAILQ_FOREACH_REVERSE_SAFE(var, head, headname, field, tvar) \
+ for ((var) = TAILQ_LAST(head, headname); \
+ (var) != TAILQ_END(head) && \
+ ((tvar) = TAILQ_PREV(var, headname, field), 1); \
+ (var) = (tvar))
+
/*
* Tail queue functions.
*/
@@ -526,11 +555,23 @@
(var) != CIRCLEQ_END(head); \
(var) = CIRCLEQ_NEXT(var, field))
+#define CIRCLEQ_FOREACH_SAFE(var, head, field, tvar) \
+ for ((var) = CIRCLEQ_FIRST(head); \
+ (var) != CIRCLEQ_END(head) && \
+ ((tvar) = CIRCLEQ_NEXT(var, field), 1); \
+ (var) = (tvar))
+
#define CIRCLEQ_FOREACH_REVERSE(var, head, field) \
for((var) = CIRCLEQ_LAST(head); \
(var) != CIRCLEQ_END(head); \
(var) = CIRCLEQ_PREV(var, field))
+#define CIRCLEQ_FOREACH_REVERSE_SAFE(var, head, headname, field, tvar) \
+ for ((var) = CIRCLEQ_LAST(head, headname); \
+ (var) != CIRCLEQ_END(head) && \
+ ((tvar) = CIRCLEQ_PREV(var, headname, field), 1); \
+ (var) = (tvar))
+
/*
* Circular queue functions.
*/
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/sys-queue.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/openbsd-compat/sys-tree.h
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/sys-tree.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/sys-tree.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: tree.h,v 1.10 2007/10/29 23:49:41 djm Exp $ */
+/* $OpenBSD: tree.h,v 1.13 2011/07/09 00:19:45 pirofti Exp $ */
/*
* Copyright 2002 Niels Provos <provos at citi.umich.edu>
* All rights reserved.
@@ -26,6 +26,11 @@
/* OPENBSD ORIGINAL: sys/sys/tree.h */
+#include "config.h"
+#ifdef NO_ATTRIBUTE_ON_RETURN_TYPE
+# define __attribute__(x)
+#endif
+
#ifndef _SYS_TREE_H_
#define _SYS_TREE_H_
@@ -331,7 +336,7 @@
} while (0)
#ifndef RB_AUGMENT
-#define RB_AUGMENT(x)
+#define RB_AUGMENT(x) do {} while (0)
#endif
#define RB_ROTATE_LEFT(head, elm, tmp, field) do { \
@@ -375,21 +380,31 @@
} while (0)
/* Generates prototypes and inline functions */
-#define RB_PROTOTYPE(name, type, field, cmp) \
-void name##_RB_INSERT_COLOR(struct name *, struct type *); \
-void name##_RB_REMOVE_COLOR(struct name *, struct type *, struct type *);\
-struct type *name##_RB_REMOVE(struct name *, struct type *); \
-struct type *name##_RB_INSERT(struct name *, struct type *); \
-struct type *name##_RB_FIND(struct name *, struct type *); \
-struct type *name##_RB_NEXT(struct type *); \
-struct type *name##_RB_MINMAX(struct name *, int);
+#define RB_PROTOTYPE(name, type, field, cmp) \
+ RB_PROTOTYPE_INTERNAL(name, type, field, cmp,)
+#define RB_PROTOTYPE_STATIC(name, type, field, cmp) \
+ RB_PROTOTYPE_INTERNAL(name, type, field, cmp, __attribute__((__unused__)) static)
+#define RB_PROTOTYPE_INTERNAL(name, type, field, cmp, attr) \
+attr void name##_RB_INSERT_COLOR(struct name *, struct type *); \
+attr void name##_RB_REMOVE_COLOR(struct name *, struct type *, struct type *);\
+attr struct type *name##_RB_REMOVE(struct name *, struct type *); \
+attr struct type *name##_RB_INSERT(struct name *, struct type *); \
+attr struct type *name##_RB_FIND(struct name *, struct type *); \
+attr struct type *name##_RB_NFIND(struct name *, struct type *); \
+attr struct type *name##_RB_NEXT(struct type *); \
+attr struct type *name##_RB_PREV(struct type *); \
+attr struct type *name##_RB_MINMAX(struct name *, int); \
+ \
-
/* Main rb operation.
* Moves node close to the key of elm to top
*/
-#define RB_GENERATE(name, type, field, cmp) \
-void \
+#define RB_GENERATE(name, type, field, cmp) \
+ RB_GENERATE_INTERNAL(name, type, field, cmp,)
+#define RB_GENERATE_STATIC(name, type, field, cmp) \
+ RB_GENERATE_INTERNAL(name, type, field, cmp, __attribute__((__unused__)) static)
+#define RB_GENERATE_INTERNAL(name, type, field, cmp, attr) \
+attr void \
name##_RB_INSERT_COLOR(struct name *head, struct type *elm) \
{ \
struct type *parent, *gparent, *tmp; \
@@ -433,7 +448,7 @@
RB_COLOR(head->rbh_root, field) = RB_BLACK; \
} \
\
-void \
+attr void \
name##_RB_REMOVE_COLOR(struct name *head, struct type *parent, struct type *elm) \
{ \
struct type *tmp; \
@@ -509,7 +524,7 @@
RB_COLOR(elm, field) = RB_BLACK; \
} \
\
-struct type * \
+attr struct type * \
name##_RB_REMOVE(struct name *head, struct type *elm) \
{ \
struct type *child, *parent, *old = elm; \
@@ -577,7 +592,7 @@
} \
\
/* Inserts a node into the RB tree */ \
-struct type * \
+attr struct type * \
name##_RB_INSERT(struct name *head, struct type *elm) \
{ \
struct type *tmp; \
@@ -608,7 +623,7 @@
} \
\
/* Finds the node with the same key as elm */ \
-struct type * \
+attr struct type * \
name##_RB_FIND(struct name *head, struct type *elm) \
{ \
struct type *tmp = RB_ROOT(head); \
@@ -625,7 +640,29 @@
return (NULL); \
} \
\
-struct type * \
+/* Finds the first node greater than or equal to the search key */ \
+attr struct type * \
+name##_RB_NFIND(struct name *head, struct type *elm) \
+{ \
+ struct type *tmp = RB_ROOT(head); \
+ struct type *res = NULL; \
+ int comp; \
+ while (tmp) { \
+ comp = cmp(elm, tmp); \
+ if (comp < 0) { \
+ res = tmp; \
+ tmp = RB_LEFT(tmp, field); \
+ } \
+ else if (comp > 0) \
+ tmp = RB_RIGHT(tmp, field); \
+ else \
+ return (tmp); \
+ } \
+ return (res); \
+} \
+ \
+/* ARGSUSED */ \
+attr struct type * \
name##_RB_NEXT(struct type *elm) \
{ \
if (RB_RIGHT(elm, field)) { \
@@ -646,7 +683,29 @@
return (elm); \
} \
\
-struct type * \
+/* ARGSUSED */ \
+attr struct type * \
+name##_RB_PREV(struct type *elm) \
+{ \
+ if (RB_LEFT(elm, field)) { \
+ elm = RB_LEFT(elm, field); \
+ while (RB_RIGHT(elm, field)) \
+ elm = RB_RIGHT(elm, field); \
+ } else { \
+ if (RB_PARENT(elm, field) && \
+ (elm == RB_RIGHT(RB_PARENT(elm, field), field))) \
+ elm = RB_PARENT(elm, field); \
+ else { \
+ while (RB_PARENT(elm, field) && \
+ (elm == RB_LEFT(RB_PARENT(elm, field), field)))\
+ elm = RB_PARENT(elm, field); \
+ elm = RB_PARENT(elm, field); \
+ } \
+ } \
+ return (elm); \
+} \
+ \
+attr struct type * \
name##_RB_MINMAX(struct name *head, int val) \
{ \
struct type *tmp = RB_ROOT(head); \
@@ -667,7 +726,9 @@
#define RB_INSERT(name, x, y) name##_RB_INSERT(x, y)
#define RB_REMOVE(name, x, y) name##_RB_REMOVE(x, y)
#define RB_FIND(name, x, y) name##_RB_FIND(x, y)
+#define RB_NFIND(name, x, y) name##_RB_NFIND(x, y)
#define RB_NEXT(name, x, y) name##_RB_NEXT(y)
+#define RB_PREV(name, x, y) name##_RB_PREV(y)
#define RB_MIN(name, x) name##_RB_MINMAX(x, RB_NEGINF)
#define RB_MAX(name, x) name##_RB_MINMAX(x, RB_INF)
@@ -676,4 +737,19 @@
(x) != NULL; \
(x) = name##_RB_NEXT(x))
+#define RB_FOREACH_SAFE(x, name, head, y) \
+ for ((x) = RB_MIN(name, head); \
+ ((x) != NULL) && ((y) = name##_RB_NEXT(x), 1); \
+ (x) = (y))
+
+#define RB_FOREACH_REVERSE(x, name, head) \
+ for ((x) = RB_MAX(name, head); \
+ (x) != NULL; \
+ (x) = name##_RB_PREV(x))
+
+#define RB_FOREACH_REVERSE_SAFE(x, name, head, y) \
+ for ((x) = RB_MAX(name, head); \
+ ((x) != NULL) && ((y) = name##_RB_PREV(x), 1); \
+ (x) = (y))
+
#endif /* _SYS_TREE_H_ */
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/sys-tree.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Index: vendor-crypto/openssh/dist/openbsd-compat/timingsafe_bcmp.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/timingsafe_bcmp.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/timingsafe_bcmp.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/timingsafe_bcmp.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Deleted: vendor-crypto/openssh/dist/openbsd-compat/tree.h
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/tree.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/tree.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,667 +0,0 @@
-/*
- * Copyright 2002 Niels Provos <provos at citi.umich.edu>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifndef _SYS_TREE_H_
-#define _SYS_TREE_H_
-
-/*
- * This file defines data structures for different types of trees:
- * splay trees and red-black trees.
- *
- * A splay tree is a self-organizing data structure. Every operation
- * on the tree causes a splay to happen. The splay moves the requested
- * node to the root of the tree and partly rebalances it.
- *
- * This has the benefit that request locality causes faster lookups as
- * the requested nodes move to the top of the tree. On the other hand,
- * every lookup causes memory writes.
- *
- * The Balance Theorem bounds the total access time for m operations
- * and n inserts on an initially empty tree as O((m + n)lg n). The
- * amortized cost for a sequence of m accesses to a splay tree is O(lg n);
- *
- * A red-black tree is a binary search tree with the node color as an
- * extra attribute. It fulfills a set of conditions:
- * - every search path from the root to a leaf consists of the
- * same number of black nodes,
- * - each red node (except for the root) has a black parent,
- * - each leaf node is black.
- *
- * Every operation on a red-black tree is bounded as O(lg n).
- * The maximum height of a red-black tree is 2lg (n+1).
- */
-
-#define SPLAY_HEAD(name, type) \
-struct name { \
- struct type *sph_root; /* root of the tree */ \
-}
-
-#define SPLAY_INITIALIZER(root) \
- { NULL }
-
-#define SPLAY_INIT(root) do { \
- (root)->sph_root = NULL; \
-} while (0)
-
-#define SPLAY_ENTRY(type) \
-struct { \
- struct type *spe_left; /* left element */ \
- struct type *spe_right; /* right element */ \
-}
-
-#define SPLAY_LEFT(elm, field) (elm)->field.spe_left
-#define SPLAY_RIGHT(elm, field) (elm)->field.spe_right
-#define SPLAY_ROOT(head) (head)->sph_root
-#define SPLAY_EMPTY(head) (SPLAY_ROOT(head) == NULL)
-
-/* SPLAY_ROTATE_{LEFT,RIGHT} expect that tmp hold SPLAY_{RIGHT,LEFT} */
-#define SPLAY_ROTATE_RIGHT(head, tmp, field) do { \
- SPLAY_LEFT((head)->sph_root, field) = SPLAY_RIGHT(tmp, field); \
- SPLAY_RIGHT(tmp, field) = (head)->sph_root; \
- (head)->sph_root = tmp; \
-} while (0)
-
-#define SPLAY_ROTATE_LEFT(head, tmp, field) do { \
- SPLAY_RIGHT((head)->sph_root, field) = SPLAY_LEFT(tmp, field); \
- SPLAY_LEFT(tmp, field) = (head)->sph_root; \
- (head)->sph_root = tmp; \
-} while (0)
-
-#define SPLAY_LINKLEFT(head, tmp, field) do { \
- SPLAY_LEFT(tmp, field) = (head)->sph_root; \
- tmp = (head)->sph_root; \
- (head)->sph_root = SPLAY_LEFT((head)->sph_root, field); \
-} while (0)
-
-#define SPLAY_LINKRIGHT(head, tmp, field) do { \
- SPLAY_RIGHT(tmp, field) = (head)->sph_root; \
- tmp = (head)->sph_root; \
- (head)->sph_root = SPLAY_RIGHT((head)->sph_root, field); \
-} while (0)
-
-#define SPLAY_ASSEMBLE(head, node, left, right, field) do { \
- SPLAY_RIGHT(left, field) = SPLAY_LEFT((head)->sph_root, field); \
- SPLAY_LEFT(right, field) = SPLAY_RIGHT((head)->sph_root, field);\
- SPLAY_LEFT((head)->sph_root, field) = SPLAY_RIGHT(node, field); \
- SPLAY_RIGHT((head)->sph_root, field) = SPLAY_LEFT(node, field); \
-} while (0)
-
-/* Generates prototypes and inline functions */
-
-#define SPLAY_PROTOTYPE(name, type, field, cmp) \
-void name##_SPLAY(struct name *, struct type *); \
-void name##_SPLAY_MINMAX(struct name *, int); \
- \
-static __inline void \
-name##_SPLAY_INSERT(struct name *head, struct type *elm) \
-{ \
- if (SPLAY_EMPTY(head)) { \
- SPLAY_LEFT(elm, field) = SPLAY_RIGHT(elm, field) = NULL; \
- } else { \
- int __comp; \
- name##_SPLAY(head, elm); \
- __comp = (cmp)(elm, (head)->sph_root); \
- if(__comp < 0) { \
- SPLAY_LEFT(elm, field) = SPLAY_LEFT((head)->sph_root, field);\
- SPLAY_RIGHT(elm, field) = (head)->sph_root; \
- SPLAY_LEFT((head)->sph_root, field) = NULL; \
- } else if (__comp > 0) { \
- SPLAY_RIGHT(elm, field) = SPLAY_RIGHT((head)->sph_root, field);\
- SPLAY_LEFT(elm, field) = (head)->sph_root; \
- SPLAY_RIGHT((head)->sph_root, field) = NULL; \
- } else \
- return; \
- } \
- (head)->sph_root = (elm); \
-} \
- \
-static __inline void \
-name##_SPLAY_REMOVE(struct name *head, struct type *elm) \
-{ \
- struct type *__tmp; \
- if (SPLAY_EMPTY(head)) \
- return; \
- name##_SPLAY(head, elm); \
- if ((cmp)(elm, (head)->sph_root) == 0) { \
- if (SPLAY_LEFT((head)->sph_root, field) == NULL) { \
- (head)->sph_root = SPLAY_RIGHT((head)->sph_root, field);\
- } else { \
- __tmp = SPLAY_RIGHT((head)->sph_root, field); \
- (head)->sph_root = SPLAY_LEFT((head)->sph_root, field);\
- name##_SPLAY(head, elm); \
- SPLAY_RIGHT((head)->sph_root, field) = __tmp; \
- } \
- } \
-} \
- \
-/* Finds the node with the same key as elm */ \
-static __inline struct type * \
-name##_SPLAY_FIND(struct name *head, struct type *elm) \
-{ \
- if (SPLAY_EMPTY(head)) \
- return(NULL); \
- name##_SPLAY(head, elm); \
- if ((cmp)(elm, (head)->sph_root) == 0) \
- return (head->sph_root); \
- return (NULL); \
-} \
- \
-static __inline struct type * \
-name##_SPLAY_NEXT(struct name *head, struct type *elm) \
-{ \
- name##_SPLAY(head, elm); \
- if (SPLAY_RIGHT(elm, field) != NULL) { \
- elm = SPLAY_RIGHT(elm, field); \
- while (SPLAY_LEFT(elm, field) != NULL) { \
- elm = SPLAY_LEFT(elm, field); \
- } \
- } else \
- elm = NULL; \
- return (elm); \
-} \
- \
-static __inline struct type * \
-name##_SPLAY_MIN_MAX(struct name *head, int val) \
-{ \
- name##_SPLAY_MINMAX(head, val); \
- return (SPLAY_ROOT(head)); \
-}
-
-/* Main splay operation.
- * Moves node close to the key of elm to top
- */
-#define SPLAY_GENERATE(name, type, field, cmp) \
-void name##_SPLAY(struct name *head, struct type *elm) \
-{ \
- struct type __node, *__left, *__right, *__tmp; \
- int __comp; \
-\
- SPLAY_LEFT(&__node, field) = SPLAY_RIGHT(&__node, field) = NULL;\
- __left = __right = &__node; \
-\
- while ((__comp = (cmp)(elm, (head)->sph_root))) { \
- if (__comp < 0) { \
- __tmp = SPLAY_LEFT((head)->sph_root, field); \
- if (__tmp == NULL) \
- break; \
- if ((cmp)(elm, __tmp) < 0){ \
- SPLAY_ROTATE_RIGHT(head, __tmp, field); \
- if (SPLAY_LEFT((head)->sph_root, field) == NULL)\
- break; \
- } \
- SPLAY_LINKLEFT(head, __right, field); \
- } else if (__comp > 0) { \
- __tmp = SPLAY_RIGHT((head)->sph_root, field); \
- if (__tmp == NULL) \
- break; \
- if ((cmp)(elm, __tmp) > 0){ \
- SPLAY_ROTATE_LEFT(head, __tmp, field); \
- if (SPLAY_RIGHT((head)->sph_root, field) == NULL)\
- break; \
- } \
- SPLAY_LINKRIGHT(head, __left, field); \
- } \
- } \
- SPLAY_ASSEMBLE(head, &__node, __left, __right, field); \
-} \
- \
-/* Splay with either the minimum or the maximum element \
- * Used to find minimum or maximum element in tree. \
- */ \
-void name##_SPLAY_MINMAX(struct name *head, int __comp) \
-{ \
- struct type __node, *__left, *__right, *__tmp; \
-\
- SPLAY_LEFT(&__node, field) = SPLAY_RIGHT(&__node, field) = NULL;\
- __left = __right = &__node; \
-\
- while (1) { \
- if (__comp < 0) { \
- __tmp = SPLAY_LEFT((head)->sph_root, field); \
- if (__tmp == NULL) \
- break; \
- if (__comp < 0){ \
- SPLAY_ROTATE_RIGHT(head, __tmp, field); \
- if (SPLAY_LEFT((head)->sph_root, field) == NULL)\
- break; \
- } \
- SPLAY_LINKLEFT(head, __right, field); \
- } else if (__comp > 0) { \
- __tmp = SPLAY_RIGHT((head)->sph_root, field); \
- if (__tmp == NULL) \
- break; \
- if (__comp > 0) { \
- SPLAY_ROTATE_LEFT(head, __tmp, field); \
- if (SPLAY_RIGHT((head)->sph_root, field) == NULL)\
- break; \
- } \
- SPLAY_LINKRIGHT(head, __left, field); \
- } \
- } \
- SPLAY_ASSEMBLE(head, &__node, __left, __right, field); \
-}
-
-#define SPLAY_NEGINF -1
-#define SPLAY_INF 1
-
-#define SPLAY_INSERT(name, x, y) name##_SPLAY_INSERT(x, y)
-#define SPLAY_REMOVE(name, x, y) name##_SPLAY_REMOVE(x, y)
-#define SPLAY_FIND(name, x, y) name##_SPLAY_FIND(x, y)
-#define SPLAY_NEXT(name, x, y) name##_SPLAY_NEXT(x, y)
-#define SPLAY_MIN(name, x) (SPLAY_EMPTY(x) ? NULL \
- : name##_SPLAY_MIN_MAX(x, SPLAY_NEGINF))
-#define SPLAY_MAX(name, x) (SPLAY_EMPTY(x) ? NULL \
- : name##_SPLAY_MIN_MAX(x, SPLAY_INF))
-
-#define SPLAY_FOREACH(x, name, head) \
- for ((x) = SPLAY_MIN(name, head); \
- (x) != NULL; \
- (x) = SPLAY_NEXT(name, head, x))
-
-/* Macros that define a red-back tree */
-#define RB_HEAD(name, type) \
-struct name { \
- struct type *rbh_root; /* root of the tree */ \
-}
-
-#define RB_INITIALIZER(root) \
- { NULL }
-
-#define RB_INIT(root) do { \
- (root)->rbh_root = NULL; \
-} while (0)
-
-#define RB_BLACK 0
-#define RB_RED 1
-#define RB_ENTRY(type) \
-struct { \
- struct type *rbe_left; /* left element */ \
- struct type *rbe_right; /* right element */ \
- struct type *rbe_parent; /* parent element */ \
- int rbe_color; /* node color */ \
-}
-
-#define RB_LEFT(elm, field) (elm)->field.rbe_left
-#define RB_RIGHT(elm, field) (elm)->field.rbe_right
-#define RB_PARENT(elm, field) (elm)->field.rbe_parent
-#define RB_COLOR(elm, field) (elm)->field.rbe_color
-#define RB_ROOT(head) (head)->rbh_root
-#define RB_EMPTY(head) (RB_ROOT(head) == NULL)
-
-#define RB_SET(elm, parent, field) do { \
- RB_PARENT(elm, field) = parent; \
- RB_LEFT(elm, field) = RB_RIGHT(elm, field) = NULL; \
- RB_COLOR(elm, field) = RB_RED; \
-} while (0)
-
-#define RB_SET_BLACKRED(black, red, field) do { \
- RB_COLOR(black, field) = RB_BLACK; \
- RB_COLOR(red, field) = RB_RED; \
-} while (0)
-
-#ifndef RB_AUGMENT
-#define RB_AUGMENT(x)
-#endif
-
-#define RB_ROTATE_LEFT(head, elm, tmp, field) do { \
- (tmp) = RB_RIGHT(elm, field); \
- if ((RB_RIGHT(elm, field) = RB_LEFT(tmp, field))) { \
- RB_PARENT(RB_LEFT(tmp, field), field) = (elm); \
- } \
- RB_AUGMENT(elm); \
- if ((RB_PARENT(tmp, field) = RB_PARENT(elm, field))) { \
- if ((elm) == RB_LEFT(RB_PARENT(elm, field), field)) \
- RB_LEFT(RB_PARENT(elm, field), field) = (tmp); \
- else \
- RB_RIGHT(RB_PARENT(elm, field), field) = (tmp); \
- RB_AUGMENT(RB_PARENT(elm, field)); \
- } else \
- (head)->rbh_root = (tmp); \
- RB_LEFT(tmp, field) = (elm); \
- RB_PARENT(elm, field) = (tmp); \
- RB_AUGMENT(tmp); \
-} while (0)
-
-#define RB_ROTATE_RIGHT(head, elm, tmp, field) do { \
- (tmp) = RB_LEFT(elm, field); \
- if ((RB_LEFT(elm, field) = RB_RIGHT(tmp, field))) { \
- RB_PARENT(RB_RIGHT(tmp, field), field) = (elm); \
- } \
- RB_AUGMENT(elm); \
- if ((RB_PARENT(tmp, field) = RB_PARENT(elm, field))) { \
- if ((elm) == RB_LEFT(RB_PARENT(elm, field), field)) \
- RB_LEFT(RB_PARENT(elm, field), field) = (tmp); \
- else \
- RB_RIGHT(RB_PARENT(elm, field), field) = (tmp); \
- RB_AUGMENT(RB_PARENT(elm, field)); \
- } else \
- (head)->rbh_root = (tmp); \
- RB_RIGHT(tmp, field) = (elm); \
- RB_PARENT(elm, field) = (tmp); \
- RB_AUGMENT(tmp); \
-} while (0)
-
-/* Generates prototypes and inline functions */
-#define RB_PROTOTYPE(name, type, field, cmp) \
-void name##_RB_INSERT_COLOR(struct name *, struct type *); \
-void name##_RB_REMOVE_COLOR(struct name *, struct type *, struct type *);\
-void name##_RB_REMOVE(struct name *, struct type *); \
-struct type *name##_RB_INSERT(struct name *, struct type *); \
-struct type *name##_RB_FIND(struct name *, struct type *); \
-struct type *name##_RB_NEXT(struct name *, struct type *); \
-struct type *name##_RB_MINMAX(struct name *, int); \
- \
-
-/* Main rb operation.
- * Moves node close to the key of elm to top
- */
-#define RB_GENERATE(name, type, field, cmp) \
-void \
-name##_RB_INSERT_COLOR(struct name *head, struct type *elm) \
-{ \
- struct type *parent, *gparent, *tmp; \
- while ((parent = RB_PARENT(elm, field)) && \
- RB_COLOR(parent, field) == RB_RED) { \
- gparent = RB_PARENT(parent, field); \
- if (parent == RB_LEFT(gparent, field)) { \
- tmp = RB_RIGHT(gparent, field); \
- if (tmp && RB_COLOR(tmp, field) == RB_RED) { \
- RB_COLOR(tmp, field) = RB_BLACK; \
- RB_SET_BLACKRED(parent, gparent, field);\
- elm = gparent; \
- continue; \
- } \
- if (RB_RIGHT(parent, field) == elm) { \
- RB_ROTATE_LEFT(head, parent, tmp, field);\
- tmp = parent; \
- parent = elm; \
- elm = tmp; \
- } \
- RB_SET_BLACKRED(parent, gparent, field); \
- RB_ROTATE_RIGHT(head, gparent, tmp, field); \
- } else { \
- tmp = RB_LEFT(gparent, field); \
- if (tmp && RB_COLOR(tmp, field) == RB_RED) { \
- RB_COLOR(tmp, field) = RB_BLACK; \
- RB_SET_BLACKRED(parent, gparent, field);\
- elm = gparent; \
- continue; \
- } \
- if (RB_LEFT(parent, field) == elm) { \
- RB_ROTATE_RIGHT(head, parent, tmp, field);\
- tmp = parent; \
- parent = elm; \
- elm = tmp; \
- } \
- RB_SET_BLACKRED(parent, gparent, field); \
- RB_ROTATE_LEFT(head, gparent, tmp, field); \
- } \
- } \
- RB_COLOR(head->rbh_root, field) = RB_BLACK; \
-} \
- \
-void \
-name##_RB_REMOVE_COLOR(struct name *head, struct type *parent, struct type *elm) \
-{ \
- struct type *tmp; \
- while ((elm == NULL || RB_COLOR(elm, field) == RB_BLACK) && \
- elm != RB_ROOT(head)) { \
- if (RB_LEFT(parent, field) == elm) { \
- tmp = RB_RIGHT(parent, field); \
- if (RB_COLOR(tmp, field) == RB_RED) { \
- RB_SET_BLACKRED(tmp, parent, field); \
- RB_ROTATE_LEFT(head, parent, tmp, field);\
- tmp = RB_RIGHT(parent, field); \
- } \
- if ((RB_LEFT(tmp, field) == NULL || \
- RB_COLOR(RB_LEFT(tmp, field), field) == RB_BLACK) &&\
- (RB_RIGHT(tmp, field) == NULL || \
- RB_COLOR(RB_RIGHT(tmp, field), field) == RB_BLACK)) {\
- RB_COLOR(tmp, field) = RB_RED; \
- elm = parent; \
- parent = RB_PARENT(elm, field); \
- } else { \
- if (RB_RIGHT(tmp, field) == NULL || \
- RB_COLOR(RB_RIGHT(tmp, field), field) == RB_BLACK) {\
- struct type *oleft; \
- if ((oleft = RB_LEFT(tmp, field)))\
- RB_COLOR(oleft, field) = RB_BLACK;\
- RB_COLOR(tmp, field) = RB_RED; \
- RB_ROTATE_RIGHT(head, tmp, oleft, field);\
- tmp = RB_RIGHT(parent, field); \
- } \
- RB_COLOR(tmp, field) = RB_COLOR(parent, field);\
- RB_COLOR(parent, field) = RB_BLACK; \
- if (RB_RIGHT(tmp, field)) \
- RB_COLOR(RB_RIGHT(tmp, field), field) = RB_BLACK;\
- RB_ROTATE_LEFT(head, parent, tmp, field);\
- elm = RB_ROOT(head); \
- break; \
- } \
- } else { \
- tmp = RB_LEFT(parent, field); \
- if (RB_COLOR(tmp, field) == RB_RED) { \
- RB_SET_BLACKRED(tmp, parent, field); \
- RB_ROTATE_RIGHT(head, parent, tmp, field);\
- tmp = RB_LEFT(parent, field); \
- } \
- if ((RB_LEFT(tmp, field) == NULL || \
- RB_COLOR(RB_LEFT(tmp, field), field) == RB_BLACK) &&\
- (RB_RIGHT(tmp, field) == NULL || \
- RB_COLOR(RB_RIGHT(tmp, field), field) == RB_BLACK)) {\
- RB_COLOR(tmp, field) = RB_RED; \
- elm = parent; \
- parent = RB_PARENT(elm, field); \
- } else { \
- if (RB_LEFT(tmp, field) == NULL || \
- RB_COLOR(RB_LEFT(tmp, field), field) == RB_BLACK) {\
- struct type *oright; \
- if ((oright = RB_RIGHT(tmp, field)))\
- RB_COLOR(oright, field) = RB_BLACK;\
- RB_COLOR(tmp, field) = RB_RED; \
- RB_ROTATE_LEFT(head, tmp, oright, field);\
- tmp = RB_LEFT(parent, field); \
- } \
- RB_COLOR(tmp, field) = RB_COLOR(parent, field);\
- RB_COLOR(parent, field) = RB_BLACK; \
- if (RB_LEFT(tmp, field)) \
- RB_COLOR(RB_LEFT(tmp, field), field) = RB_BLACK;\
- RB_ROTATE_RIGHT(head, parent, tmp, field);\
- elm = RB_ROOT(head); \
- break; \
- } \
- } \
- } \
- if (elm) \
- RB_COLOR(elm, field) = RB_BLACK; \
-} \
- \
-void \
-name##_RB_REMOVE(struct name *head, struct type *elm) \
-{ \
- struct type *child, *parent; \
- int color; \
- if (RB_LEFT(elm, field) == NULL) \
- child = RB_RIGHT(elm, field); \
- else if (RB_RIGHT(elm, field) == NULL) \
- child = RB_LEFT(elm, field); \
- else { \
- struct type *old = elm, *left; \
- elm = RB_RIGHT(elm, field); \
- while ((left = RB_LEFT(elm, field))) \
- elm = left; \
- child = RB_RIGHT(elm, field); \
- parent = RB_PARENT(elm, field); \
- color = RB_COLOR(elm, field); \
- if (child) \
- RB_PARENT(child, field) = parent; \
- if (parent) { \
- if (RB_LEFT(parent, field) == elm) \
- RB_LEFT(parent, field) = child; \
- else \
- RB_RIGHT(parent, field) = child; \
- RB_AUGMENT(parent); \
- } else \
- RB_ROOT(head) = child; \
- if (RB_PARENT(elm, field) == old) \
- parent = elm; \
- (elm)->field = (old)->field; \
- if (RB_PARENT(old, field)) { \
- if (RB_LEFT(RB_PARENT(old, field), field) == old)\
- RB_LEFT(RB_PARENT(old, field), field) = elm;\
- else \
- RB_RIGHT(RB_PARENT(old, field), field) = elm;\
- RB_AUGMENT(RB_PARENT(old, field)); \
- } else \
- RB_ROOT(head) = elm; \
- RB_PARENT(RB_LEFT(old, field), field) = elm; \
- if (RB_RIGHT(old, field)) \
- RB_PARENT(RB_RIGHT(old, field), field) = elm; \
- if (parent) { \
- left = parent; \
- do { \
- RB_AUGMENT(left); \
- } while ((left = RB_PARENT(left, field))); \
- } \
- goto color; \
- } \
- parent = RB_PARENT(elm, field); \
- color = RB_COLOR(elm, field); \
- if (child) \
- RB_PARENT(child, field) = parent; \
- if (parent) { \
- if (RB_LEFT(parent, field) == elm) \
- RB_LEFT(parent, field) = child; \
- else \
- RB_RIGHT(parent, field) = child; \
- RB_AUGMENT(parent); \
- } else \
- RB_ROOT(head) = child; \
-color: \
- if (color == RB_BLACK) \
- name##_RB_REMOVE_COLOR(head, parent, child); \
-} \
- \
-/* Inserts a node into the RB tree */ \
-struct type * \
-name##_RB_INSERT(struct name *head, struct type *elm) \
-{ \
- struct type *tmp; \
- struct type *parent = NULL; \
- int comp = 0; \
- tmp = RB_ROOT(head); \
- while (tmp) { \
- parent = tmp; \
- comp = (cmp)(elm, parent); \
- if (comp < 0) \
- tmp = RB_LEFT(tmp, field); \
- else if (comp > 0) \
- tmp = RB_RIGHT(tmp, field); \
- else \
- return (tmp); \
- } \
- RB_SET(elm, parent, field); \
- if (parent != NULL) { \
- if (comp < 0) \
- RB_LEFT(parent, field) = elm; \
- else \
- RB_RIGHT(parent, field) = elm; \
- RB_AUGMENT(parent); \
- } else \
- RB_ROOT(head) = elm; \
- name##_RB_INSERT_COLOR(head, elm); \
- return (NULL); \
-} \
- \
-/* Finds the node with the same key as elm */ \
-struct type * \
-name##_RB_FIND(struct name *head, struct type *elm) \
-{ \
- struct type *tmp = RB_ROOT(head); \
- int comp; \
- while (tmp) { \
- comp = cmp(elm, tmp); \
- if (comp < 0) \
- tmp = RB_LEFT(tmp, field); \
- else if (comp > 0) \
- tmp = RB_RIGHT(tmp, field); \
- else \
- return (tmp); \
- } \
- return (NULL); \
-} \
- \
-struct type * \
-name##_RB_NEXT(struct name *head, struct type *elm) \
-{ \
- if (RB_RIGHT(elm, field)) { \
- elm = RB_RIGHT(elm, field); \
- while (RB_LEFT(elm, field)) \
- elm = RB_LEFT(elm, field); \
- } else { \
- if (RB_PARENT(elm, field) && \
- (elm == RB_LEFT(RB_PARENT(elm, field), field))) \
- elm = RB_PARENT(elm, field); \
- else { \
- while (RB_PARENT(elm, field) && \
- (elm == RB_RIGHT(RB_PARENT(elm, field), field)))\
- elm = RB_PARENT(elm, field); \
- elm = RB_PARENT(elm, field); \
- } \
- } \
- return (elm); \
-} \
- \
-struct type * \
-name##_RB_MINMAX(struct name *head, int val) \
-{ \
- struct type *tmp = RB_ROOT(head); \
- struct type *parent = NULL; \
- while (tmp) { \
- parent = tmp; \
- if (val < 0) \
- tmp = RB_LEFT(tmp, field); \
- else \
- tmp = RB_RIGHT(tmp, field); \
- } \
- return (parent); \
-}
-
-#define RB_NEGINF -1
-#define RB_INF 1
-
-#define RB_INSERT(name, x, y) name##_RB_INSERT(x, y)
-#define RB_REMOVE(name, x, y) name##_RB_REMOVE(x, y)
-#define RB_FIND(name, x, y) name##_RB_FIND(x, y)
-#define RB_NEXT(name, x, y) name##_RB_NEXT(x, y)
-#define RB_MIN(name, x) name##_RB_MINMAX(x, RB_NEGINF)
-#define RB_MAX(name, x) name##_RB_MINMAX(x, RB_INF)
-
-#define RB_FOREACH(x, name, head) \
- for ((x) = RB_MIN(name, head); \
- (x) != NULL; \
- (x) = name##_RB_NEXT(head, x))
-
-#endif /* _SYS_TREE_H_ */
Modified: vendor-crypto/openssh/dist/openbsd-compat/vis.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/vis.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/vis.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -31,7 +31,7 @@
/* OPENBSD ORIGINAL: lib/libc/gen/vis.c */
#include "includes.h"
-#if !defined(HAVE_STRNVIS)
+#if !defined(HAVE_STRNVIS) || defined(BROKEN_STRNVIS)
#include <ctype.h>
#include <string.h>
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/vis.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/openbsd-compat/vis.h
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/vis.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/vis.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -35,7 +35,7 @@
/* OPENBSD ORIGINAL: include/vis.h */
#include "includes.h"
-#if !defined(HAVE_STRNVIS)
+#if !defined(HAVE_STRNVIS) || defined(BROKEN_STRNVIS)
#ifndef _VIS_H_
#define _VIS_H_
@@ -92,4 +92,4 @@
#endif /* !_VIS_H_ */
-#endif /* !HAVE_STRNVIS */
+#endif /* !HAVE_STRNVIS || BROKEN_STRNVIS */
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/vis.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/openbsd-compat/xcrypt.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/xcrypt.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/xcrypt.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -55,8 +55,13 @@
# if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
# include "md5crypt.h"
-# endif
+# endif
+# if !defined(HAVE_CRYPT) && defined(HAVE_DES_CRYPT)
+# include <openssl/des.h>
+# define crypt DES_crypt
+# endif
+
char *
xcrypt(const char *password, const char *salt)
{
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/xcrypt.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/openbsd-compat/xmmap.c
===================================================================
--- vendor-crypto/openssh/dist/openbsd-compat/xmmap.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openbsd-compat/xmmap.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -23,7 +23,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-/* $Id: xmmap.c,v 1.1.1.5 2009-05-02 16:45:51 laffer1 Exp $ */
+/* $Id: xmmap.c,v 1.15 2009/02/16 04:21:40 djm Exp $ */
#include "includes.h"
Property changes on: vendor-crypto/openssh/dist/openbsd-compat/xmmap.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Index: vendor-crypto/openssh/dist/openssh.xml.in
===================================================================
--- vendor-crypto/openssh/dist/openssh.xml.in 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/openssh.xml.in 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/openssh.xml.in
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Index: vendor-crypto/openssh/dist/opensshd.init.in
===================================================================
--- vendor-crypto/openssh/dist/opensshd.init.in 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/opensshd.init.in 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/opensshd.init.in
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/packet.c
===================================================================
--- vendor-crypto/openssh/dist/packet.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/packet.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.172 2010/11/13 23:27:50 djm Exp $ */
+/* $OpenBSD: packet.c,v 1.189 2013/11/08 00:39:15 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -58,6 +58,7 @@
#include <string.h>
#include <unistd.h>
#include <signal.h>
+#include <time.h>
#include "xmalloc.h"
#include "buffer.h"
@@ -165,9 +166,14 @@
Newkeys *newkeys[MODE_MAX];
struct packet_state p_read, p_send;
+ /* Volume-based rekeying */
u_int64_t max_blocks_in, max_blocks_out;
u_int32_t rekey_limit;
+ /* Time-based rekeying */
+ time_t rekey_interval; /* how often in seconds */
+ time_t rekey_time; /* time of last rekeying */
+
/* Session key for protocol v1 */
u_char ssh1_key[SSH_SESSION_KEY_LENGTH];
u_int ssh1_keylen;
@@ -215,7 +221,7 @@
void
packet_set_connection(int fd_in, int fd_out)
{
- Cipher *none = cipher_by_name("none");
+ const Cipher *none = cipher_by_name("none");
if (none == NULL)
fatal("packet_set_connection: cannot load cipher 'none'");
@@ -242,7 +248,7 @@
void
packet_set_timeout(int timeout, int count)
{
- if (timeout == 0 || count == 0) {
+ if (timeout <= 0 || count <= 0) {
active_state->packet_timeout_ms = -1;
return;
}
@@ -275,7 +281,7 @@
static void
packet_start_discard(Enc *enc, Mac *mac, u_int packet_length, u_int discard)
{
- if (enc == NULL || !cipher_is_cbc(enc->cipher))
+ if (enc == NULL || !cipher_is_cbc(enc->cipher) || (mac && mac->etm))
packet_disconnect("Packet corrupt");
if (packet_length != PACKET_MAX_SIZE && mac && mac->enabled)
active_state->packet_discard_mac = mac;
@@ -422,10 +428,8 @@
state->bytes = bytes;
}
-/* returns 1 if connection is via ipv4 */
-
-int
-packet_connection_is_ipv4(void)
+static int
+packet_connection_af(void)
{
struct sockaddr_storage to;
socklen_t tolen = sizeof(to);
@@ -434,14 +438,12 @@
if (getsockname(active_state->connection_out, (struct sockaddr *)&to,
&tolen) < 0)
return 0;
- if (to.ss_family == AF_INET)
- return 1;
#ifdef IPV4_IN_IPV6
if (to.ss_family == AF_INET6 &&
IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)&to)->sin6_addr))
- return 1;
+ return AF_INET;
#endif
- return 0;
+ return to.ss_family;
}
/* Sets the connection into non-blocking mode. */
@@ -549,7 +551,7 @@
void
packet_set_encryption_key(const u_char *key, u_int keylen, int number)
{
- Cipher *cipher = cipher_by_number(number);
+ const Cipher *cipher = cipher_by_number(number);
if (cipher == NULL)
fatal("packet_set_encryption_key: unknown cipher number %d", number);
@@ -713,7 +715,7 @@
buffer_len(&active_state->outgoing_packet));
cipher_crypt(&active_state->send_context, cp,
buffer_ptr(&active_state->outgoing_packet),
- buffer_len(&active_state->outgoing_packet));
+ buffer_len(&active_state->outgoing_packet), 0, 0);
#ifdef PACKET_DEBUG
fprintf(stderr, "encrypted: ");
@@ -761,13 +763,16 @@
mac = &active_state->newkeys[mode]->mac;
comp = &active_state->newkeys[mode]->comp;
mac_clear(mac);
- xfree(enc->name);
- xfree(enc->iv);
- xfree(enc->key);
- xfree(mac->name);
- xfree(mac->key);
- xfree(comp->name);
- xfree(active_state->newkeys[mode]);
+ memset(enc->iv, 0, enc->iv_len);
+ memset(enc->key, 0, enc->key_len);
+ memset(mac->key, 0, mac->key_len);
+ free(enc->name);
+ free(enc->iv);
+ free(enc->key);
+ free(mac->name);
+ free(mac->key);
+ free(comp->name);
+ free(active_state->newkeys[mode]);
}
active_state->newkeys[mode] = kex_get_newkeys(mode);
if (active_state->newkeys[mode] == NULL)
@@ -775,11 +780,11 @@
enc = &active_state->newkeys[mode]->enc;
mac = &active_state->newkeys[mode]->mac;
comp = &active_state->newkeys[mode]->comp;
- if (mac_init(mac) == 0)
+ if (cipher_authlen(enc->cipher) == 0 && mac_init(mac) == 0)
mac->enabled = 1;
DBG(debug("cipher_init_context: %d", mode));
cipher_init(cc, enc->cipher, enc->key, enc->key_len,
- enc->iv, enc->block_size, crypt_type);
+ enc->iv, enc->iv_len, crypt_type);
/* Deleting the keys does not gain extra security */
/* memset(enc->iv, 0, enc->block_size);
memset(enc->key, 0, enc->key_len);
@@ -846,9 +851,8 @@
packet_send2_wrapped(void)
{
u_char type, *cp, *macbuf = NULL;
- u_char padlen, pad;
- u_int packet_length = 0;
- u_int i, len;
+ u_char padlen, pad = 0;
+ u_int i, len, authlen = 0, aadlen = 0;
u_int32_t rnd = 0;
Enc *enc = NULL;
Mac *mac = NULL;
@@ -859,8 +863,12 @@
enc = &active_state->newkeys[MODE_OUT]->enc;
mac = &active_state->newkeys[MODE_OUT]->mac;
comp = &active_state->newkeys[MODE_OUT]->comp;
+ /* disable mac for authenticated encryption */
+ if ((authlen = cipher_authlen(enc->cipher)) != 0)
+ mac = NULL;
}
block_size = enc ? enc->block_size : 8;
+ aadlen = (mac && mac->enabled && mac->etm) || authlen ? 4 : 0;
cp = buffer_ptr(&active_state->outgoing_packet);
type = cp[5];
@@ -893,6 +901,7 @@
* calc size of padding, alloc space, get random data,
* minimum padding is 4 bytes
*/
+ len -= aadlen; /* packet length is not encrypted for EtM modes */
padlen = block_size - (len % block_size);
if (padlen < 4)
padlen += block_size;
@@ -920,29 +929,37 @@
/* clear padding */
memset(cp, 0, padlen);
}
+ /* sizeof (packet_len + pad_len + payload + padding) */
+ len = buffer_len(&active_state->outgoing_packet);
+ cp = buffer_ptr(&active_state->outgoing_packet);
/* packet_length includes payload, padding and padding length field */
- packet_length = buffer_len(&active_state->outgoing_packet) - 4;
- cp = buffer_ptr(&active_state->outgoing_packet);
- put_u32(cp, packet_length);
+ put_u32(cp, len - 4);
cp[4] = padlen;
- DBG(debug("send: len %d (includes padlen %d)", packet_length+4, padlen));
+ DBG(debug("send: len %d (includes padlen %d, aadlen %d)",
+ len, padlen, aadlen));
/* compute MAC over seqnr and packet(length fields, payload, padding) */
- if (mac && mac->enabled) {
+ if (mac && mac->enabled && !mac->etm) {
macbuf = mac_compute(mac, active_state->p_send.seqnr,
- buffer_ptr(&active_state->outgoing_packet),
- buffer_len(&active_state->outgoing_packet));
+ buffer_ptr(&active_state->outgoing_packet), len);
DBG(debug("done calc MAC out #%d", active_state->p_send.seqnr));
}
/* encrypt packet and append to output buffer. */
- cp = buffer_append_space(&active_state->output,
- buffer_len(&active_state->outgoing_packet));
+ cp = buffer_append_space(&active_state->output, len + authlen);
cipher_crypt(&active_state->send_context, cp,
buffer_ptr(&active_state->outgoing_packet),
- buffer_len(&active_state->outgoing_packet));
+ len - aadlen, aadlen, authlen);
/* append unencrypted MAC */
- if (mac && mac->enabled)
+ if (mac && mac->enabled) {
+ if (mac->etm) {
+ /* EtM: compute mac over aadlen + cipher text */
+ macbuf = mac_compute(mac,
+ active_state->p_send.seqnr, cp, len);
+ DBG(debug("done calc MAC(EtM) out #%d",
+ active_state->p_send.seqnr));
+ }
buffer_append(&active_state->output, macbuf, mac->mac_len);
+ }
#ifdef PACKET_DEBUG
fprintf(stderr, "encrypted: ");
buffer_dump(&active_state->output);
@@ -953,8 +970,8 @@
if (++active_state->p_send.packets == 0)
if (!(datafellows & SSH_BUG_NOREKEY))
fatal("XXX too many packets with same key");
- active_state->p_send.blocks += (packet_length + 4) / block_size;
- active_state->p_send.bytes += packet_length + 4;
+ active_state->p_send.blocks += len / block_size;
+ active_state->p_send.bytes += len;
buffer_clear(&active_state->outgoing_packet);
if (type == SSH2_MSG_NEWKEYS)
@@ -974,10 +991,12 @@
/* during rekeying we can only send key exchange messages */
if (active_state->rekeying) {
- if (!((type >= SSH2_MSG_TRANSPORT_MIN) &&
- (type <= SSH2_MSG_TRANSPORT_MAX))) {
+ if ((type < SSH2_MSG_TRANSPORT_MIN) ||
+ (type > SSH2_MSG_TRANSPORT_MAX) ||
+ (type == SSH2_MSG_SERVICE_REQUEST) ||
+ (type == SSH2_MSG_SERVICE_ACCEPT)) {
debug("enqueue packet: %u", type);
- p = xmalloc(sizeof(*p));
+ p = xcalloc(1, sizeof(*p));
p->type = type;
memcpy(&p->payload, &active_state->outgoing_packet,
sizeof(Buffer));
@@ -996,6 +1015,7 @@
/* after a NEWKEYS message we can send the complete queue */
if (type == SSH2_MSG_NEWKEYS) {
active_state->rekeying = 0;
+ active_state->rekey_time = monotime();
while ((p = TAILQ_FIRST(&active_state->outgoing))) {
type = p->type;
debug("dequeue packet: %u", type);
@@ -1003,7 +1023,7 @@
memcpy(&active_state->outgoing_packet, &p->payload,
sizeof(Buffer));
TAILQ_REMOVE(&active_state->outgoing, p, next);
- xfree(p);
+ free(p);
packet_send2_wrapped();
}
}
@@ -1028,7 +1048,7 @@
int
packet_read_seqnr(u_int32_t *seqnr_p)
{
- int type, len, ret, ms_remain, cont;
+ int type, len, ret, cont, ms_remain = 0;
fd_set *setp;
char buf[8192];
struct timeval timeout, start, *timeoutp = NULL;
@@ -1053,7 +1073,7 @@
packet_check_eom();
/* If we got a packet, return it. */
if (type != SSH_MSG_NONE) {
- xfree(setp);
+ free(setp);
return type;
}
/*
@@ -1189,7 +1209,7 @@
buffer_clear(&active_state->incoming_packet);
cp = buffer_append_space(&active_state->incoming_packet, padded_len);
cipher_crypt(&active_state->receive_context, cp,
- buffer_ptr(&active_state->input), padded_len);
+ buffer_ptr(&active_state->input), padded_len, 0, 0);
buffer_consume(&active_state->input, padded_len);
@@ -1237,8 +1257,8 @@
packet_read_poll2(u_int32_t *seqnr_p)
{
u_int padlen, need;
- u_char *macbuf, *cp, type;
- u_int maclen, block_size;
+ u_char *macbuf = NULL, *cp, type;
+ u_int maclen, authlen = 0, aadlen = 0, block_size;
Enc *enc = NULL;
Mac *mac = NULL;
Comp *comp = NULL;
@@ -1250,11 +1270,29 @@
enc = &active_state->newkeys[MODE_IN]->enc;
mac = &active_state->newkeys[MODE_IN]->mac;
comp = &active_state->newkeys[MODE_IN]->comp;
+ /* disable mac for authenticated encryption */
+ if ((authlen = cipher_authlen(enc->cipher)) != 0)
+ mac = NULL;
}
maclen = mac && mac->enabled ? mac->mac_len : 0;
block_size = enc ? enc->block_size : 8;
+ aadlen = (mac && mac->enabled && mac->etm) || authlen ? 4 : 0;
- if (active_state->packlen == 0) {
+ if (aadlen && active_state->packlen == 0) {
+ if (buffer_len(&active_state->input) < 4)
+ return SSH_MSG_NONE;
+ cp = buffer_ptr(&active_state->input);
+ active_state->packlen = get_u32(cp);
+ if (active_state->packlen < 1 + 4 ||
+ active_state->packlen > PACKET_MAX_SIZE) {
+#ifdef PACKET_DEBUG
+ buffer_dump(&active_state->input);
+#endif
+ logit("Bad packet length %u.", active_state->packlen);
+ packet_disconnect("Packet corrupt");
+ }
+ buffer_clear(&active_state->incoming_packet);
+ } else if (active_state->packlen == 0) {
/*
* check if input size is less than the cipher block size,
* decrypt first block and extract length of incoming packet
@@ -1265,7 +1303,7 @@
cp = buffer_append_space(&active_state->incoming_packet,
block_size);
cipher_crypt(&active_state->receive_context, cp,
- buffer_ptr(&active_state->input), block_size);
+ buffer_ptr(&active_state->input), block_size, 0, 0);
cp = buffer_ptr(&active_state->incoming_packet);
active_state->packlen = get_u32(cp);
if (active_state->packlen < 1 + 4 ||
@@ -1278,13 +1316,21 @@
PACKET_MAX_SIZE);
return SSH_MSG_NONE;
}
- DBG(debug("input: packet len %u", active_state->packlen+4));
buffer_consume(&active_state->input, block_size);
}
- /* we have a partial packet of block_size bytes */
- need = 4 + active_state->packlen - block_size;
- DBG(debug("partial packet %d, need %d, maclen %d", block_size,
- need, maclen));
+ DBG(debug("input: packet len %u", active_state->packlen+4));
+ if (aadlen) {
+ /* only the payload is encrypted */
+ need = active_state->packlen;
+ } else {
+ /*
+ * the payload size and the payload are encrypted, but we
+ * have a partial packet of block_size bytes
+ */
+ need = 4 + active_state->packlen - block_size;
+ }
+ DBG(debug("partial packet: block %d, need %d, maclen %d, authlen %d,"
+ " aadlen %d", block_size, need, maclen, authlen, aadlen));
if (need % block_size != 0) {
logit("padding error: need %d block %d mod %d",
need, block_size, need % block_size);
@@ -1294,26 +1340,35 @@
}
/*
* check if the entire packet has been received and
- * decrypt into incoming_packet
+ * decrypt into incoming_packet:
+ * 'aadlen' bytes are unencrypted, but authenticated.
+ * 'need' bytes are encrypted, followed by either
+ * 'authlen' bytes of authentication tag or
+ * 'maclen' bytes of message authentication code.
*/
- if (buffer_len(&active_state->input) < need + maclen)
+ if (buffer_len(&active_state->input) < aadlen + need + authlen + maclen)
return SSH_MSG_NONE;
#ifdef PACKET_DEBUG
fprintf(stderr, "read_poll enc/full: ");
buffer_dump(&active_state->input);
#endif
- cp = buffer_append_space(&active_state->incoming_packet, need);
+ /* EtM: compute mac over encrypted input */
+ if (mac && mac->enabled && mac->etm)
+ macbuf = mac_compute(mac, active_state->p_read.seqnr,
+ buffer_ptr(&active_state->input), aadlen + need);
+ cp = buffer_append_space(&active_state->incoming_packet, aadlen + need);
cipher_crypt(&active_state->receive_context, cp,
- buffer_ptr(&active_state->input), need);
- buffer_consume(&active_state->input, need);
+ buffer_ptr(&active_state->input), need, aadlen, authlen);
+ buffer_consume(&active_state->input, aadlen + need + authlen);
/*
* compute MAC over seqnr and packet,
* increment sequence number for incoming packet
*/
if (mac && mac->enabled) {
- macbuf = mac_compute(mac, active_state->p_read.seqnr,
- buffer_ptr(&active_state->incoming_packet),
- buffer_len(&active_state->incoming_packet));
+ if (!mac->etm)
+ macbuf = mac_compute(mac, active_state->p_read.seqnr,
+ buffer_ptr(&active_state->incoming_packet),
+ buffer_len(&active_state->incoming_packet));
if (timingsafe_bcmp(macbuf, buffer_ptr(&active_state->input),
mac->mac_len) != 0) {
logit("Corrupted MAC on input.");
@@ -1405,16 +1460,20 @@
packet_get_char();
msg = packet_get_string(NULL);
debug("Remote: %.900s", msg);
- xfree(msg);
+ free(msg);
msg = packet_get_string(NULL);
- xfree(msg);
+ free(msg);
break;
case SSH2_MSG_DISCONNECT:
reason = packet_get_int();
msg = packet_get_string(NULL);
- logit("Received disconnect from %s: %u: %.400s",
+ /* Ignore normal client exit notifications */
+ do_log2(active_state->server_side &&
+ reason == SSH2_DISCONNECT_BY_APPLICATION ?
+ SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR,
+ "Received disconnect from %s: %u: %.400s",
get_remote_ipaddr(), reason, msg);
- xfree(msg);
+ free(msg);
cleanup_exit(255);
break;
case SSH2_MSG_UNIMPLEMENTED:
@@ -1428,22 +1487,23 @@
} else {
type = packet_read_poll1();
switch (type) {
+ case SSH_MSG_NONE:
+ return SSH_MSG_NONE;
case SSH_MSG_IGNORE:
break;
case SSH_MSG_DEBUG:
msg = packet_get_string(NULL);
debug("Remote: %.900s", msg);
- xfree(msg);
+ free(msg);
break;
case SSH_MSG_DISCONNECT:
msg = packet_get_string(NULL);
- logit("Received disconnect from %s: %.400s",
+ error("Received disconnect from %s: %.400s",
get_remote_ipaddr(), msg);
cleanup_exit(255);
break;
default:
- if (type)
- DBG(debug("received packet type %d", type));
+ DBG(debug("received packet type %d", type));
return type;
}
}
@@ -1450,12 +1510,6 @@
}
}
-int
-packet_read_poll(void)
-{
- return packet_read_poll_seqnr(NULL);
-}
-
/*
* Buffers the given amount of input characters. This is intended to be used
* together with packet_read_poll.
@@ -1686,7 +1740,7 @@
packet_write_wait(void)
{
fd_set *setp;
- int ret, ms_remain;
+ int ret, ms_remain = 0;
struct timeval start, timeout, *timeoutp = NULL;
setp = (fd_set *)xcalloc(howmany(active_state->connection_out + 1,
@@ -1727,7 +1781,7 @@
}
packet_write_poll();
}
- xfree(setp);
+ free(setp);
}
/* Returns true if there is buffered data to write to the connection. */
@@ -1752,16 +1806,30 @@
static void
packet_set_tos(int tos)
{
-#if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN)
- if (!packet_connection_is_on_socket() ||
- !packet_connection_is_ipv4())
+#ifndef IP_TOS_IS_BROKEN
+ if (!packet_connection_is_on_socket())
return;
- debug3("%s: set IP_TOS 0x%02x", __func__, tos);
- if (setsockopt(active_state->connection_in, IPPROTO_IP, IP_TOS, &tos,
- sizeof(tos)) < 0)
- error("setsockopt IP_TOS %d: %.100s:",
- tos, strerror(errno));
-#endif
+ switch (packet_connection_af()) {
+# ifdef IP_TOS
+ case AF_INET:
+ debug3("%s: set IP_TOS 0x%02x", __func__, tos);
+ if (setsockopt(active_state->connection_in,
+ IPPROTO_IP, IP_TOS, &tos, sizeof(tos)) < 0)
+ error("setsockopt IP_TOS %d: %.100s:",
+ tos, strerror(errno));
+ break;
+# endif /* IP_TOS */
+# ifdef IPV6_TCLASS
+ case AF_INET6:
+ debug3("%s: set IPV6_TCLASS 0x%02x", __func__, tos);
+ if (setsockopt(active_state->connection_in,
+ IPPROTO_IPV6, IPV6_TCLASS, &tos, sizeof(tos)) < 0)
+ error("setsockopt IPV6_TCLASS %d: %.100s:",
+ tos, strerror(errno));
+ break;
+# endif /* IPV6_TCLASS */
+ }
+#endif /* IP_TOS_IS_BROKEN */
}
/* Informs that the current session is interactive. Sets IP flags for that. */
@@ -1873,15 +1941,35 @@
(active_state->max_blocks_out &&
(active_state->p_send.blocks > active_state->max_blocks_out)) ||
(active_state->max_blocks_in &&
- (active_state->p_read.blocks > active_state->max_blocks_in));
+ (active_state->p_read.blocks > active_state->max_blocks_in)) ||
+ (active_state->rekey_interval != 0 && active_state->rekey_time +
+ active_state->rekey_interval <= monotime());
}
void
-packet_set_rekey_limit(u_int32_t bytes)
+packet_set_rekey_limits(u_int32_t bytes, time_t seconds)
{
+ debug3("rekey after %lld bytes, %d seconds", (long long)bytes,
+ (int)seconds);
active_state->rekey_limit = bytes;
+ active_state->rekey_interval = seconds;
+ /*
+ * We set the time here so that in post-auth privsep slave we count
+ * from the completion of the authentication.
+ */
+ active_state->rekey_time = monotime();
}
+time_t
+packet_get_rekey_timeout(void)
+{
+ time_t seconds;
+
+ seconds = active_state->rekey_time + active_state->rekey_interval -
+ monotime();
+ return (seconds <= 0 ? 1 : seconds);
+}
+
void
packet_set_server(void)
{
Property changes on: vendor-crypto/openssh/dist/packet.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.8
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/packet.h
===================================================================
--- vendor-crypto/openssh/dist/packet.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/packet.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.h,v 1.55 2010/11/13 23:27:50 djm Exp $ */
+/* $OpenBSD: packet.h,v 1.59 2013/07/12 00:19:59 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -55,7 +55,6 @@
int packet_read(void);
void packet_read_expect(int type);
-int packet_read_poll(void);
void packet_process_incoming(const char *buf, u_int len);
int packet_read_seqnr(u_int32_t *seqnr_p);
int packet_read_poll_seqnr(u_int32_t *seqnr_p);
@@ -72,7 +71,7 @@
void *packet_get_string(u_int *length_ptr);
char *packet_get_cstring(u_int *length_ptr);
void *packet_get_string_ptr(u_int *length_ptr);
-void packet_disconnect(const char *fmt,...) __attribute__((format(printf, 1, 2)));
+void packet_disconnect(const char *fmt,...) __attribute__((noreturn)) __attribute__((format(printf, 1, 2)));
void packet_send_debug(const char *fmt,...) __attribute__((format(printf, 1, 2)));
void set_newkeys(int mode);
@@ -92,7 +91,6 @@
int packet_not_very_much_data_to_write(void);
int packet_connection_is_on_socket(void);
-int packet_connection_is_ipv4(void);
int packet_remaining(void);
void packet_send_ignore(int);
void packet_add_padding(u_char);
@@ -117,7 +115,8 @@
} while (0)
int packet_need_rekeying(void);
-void packet_set_rekey_limit(u_int32_t);
+void packet_set_rekey_limits(u_int32_t, time_t);
+time_t packet_get_rekey_timeout(void);
void packet_backup_state(void);
void packet_restore_state(void);
Property changes on: vendor-crypto/openssh/dist/packet.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.7
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/pathnames.h
===================================================================
--- vendor-crypto/openssh/dist/pathnames.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/pathnames.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: pathnames.h,v 1.20 2010/08/31 11:54:45 djm Exp $ */
+/* $OpenBSD: pathnames.h,v 1.23 2013/04/05 00:31:49 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -65,18 +65,18 @@
* readable by anyone except the user him/herself, though this does not
* contain anything particularly secret.
*/
-#define _PATH_SSH_USER_HOSTFILE "~/.ssh/known_hosts"
+#define _PATH_SSH_USER_HOSTFILE "~/" _PATH_SSH_USER_DIR "/known_hosts"
/* backward compat for protocol 2 */
-#define _PATH_SSH_USER_HOSTFILE2 "~/.ssh/known_hosts2"
+#define _PATH_SSH_USER_HOSTFILE2 "~/" _PATH_SSH_USER_DIR "/known_hosts2"
/*
* Name of the default file containing client-side authentication key. This
* file should only be readable by the user him/herself.
*/
-#define _PATH_SSH_CLIENT_IDENTITY ".ssh/identity"
-#define _PATH_SSH_CLIENT_ID_DSA ".ssh/id_dsa"
-#define _PATH_SSH_CLIENT_ID_ECDSA ".ssh/id_ecdsa"
-#define _PATH_SSH_CLIENT_ID_RSA ".ssh/id_rsa"
+#define _PATH_SSH_CLIENT_IDENTITY _PATH_SSH_USER_DIR "/identity"
+#define _PATH_SSH_CLIENT_ID_DSA _PATH_SSH_USER_DIR "/id_dsa"
+#define _PATH_SSH_CLIENT_ID_ECDSA _PATH_SSH_USER_DIR "/id_ecdsa"
+#define _PATH_SSH_CLIENT_ID_RSA _PATH_SSH_USER_DIR "/id_rsa"
/*
* Configuration file in user's home directory. This file need not be
@@ -84,7 +84,7 @@
* particularly secret. If the user's home directory resides on an NFS
* volume where root is mapped to nobody, this may need to be world-readable.
*/
-#define _PATH_SSH_USER_CONFFILE ".ssh/config"
+#define _PATH_SSH_USER_CONFFILE _PATH_SSH_USER_DIR "/config"
/*
* File containing a list of those rsa keys that permit logging in as this
@@ -94,10 +94,10 @@
* may need to be world-readable. (This file is read by the daemon which is
* running as root.)
*/
-#define _PATH_SSH_USER_PERMITTED_KEYS ".ssh/authorized_keys"
+#define _PATH_SSH_USER_PERMITTED_KEYS _PATH_SSH_USER_DIR "/authorized_keys"
/* backward compat for protocol v2 */
-#define _PATH_SSH_USER_PERMITTED_KEYS2 ".ssh/authorized_keys2"
+#define _PATH_SSH_USER_PERMITTED_KEYS2 _PATH_SSH_USER_DIR "/authorized_keys2"
/*
* Per-user and system-wide ssh "rc" files. These files are executed with
@@ -105,7 +105,7 @@
* passed "proto cookie" as arguments if X11 forwarding with spoofing is in
* use. xauth will be run if neither of these exists.
*/
-#define _PATH_SSH_USER_RC ".ssh/rc"
+#define _PATH_SSH_USER_RC _PATH_SSH_USER_DIR "/rc"
#define _PATH_SSH_SYSTEM_RC SSHDIR "/sshrc"
/*
Property changes on: vendor-crypto/openssh/dist/pathnames.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Index: vendor-crypto/openssh/dist/pkcs11.h
===================================================================
--- vendor-crypto/openssh/dist/pkcs11.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/pkcs11.h 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/pkcs11.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/platform.c
===================================================================
--- vendor-crypto/openssh/dist/platform.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/platform.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $Id: platform.c,v 1.1.1.2 2011-02-04 14:04:19 laffer1 Exp $ */
+/* $Id: platform.c,v 1.19 2013/03/12 00:31:05 dtucker Exp $ */
/*
* Copyright (c) 2006 Darren Tucker. All rights reserved.
@@ -194,3 +194,19 @@
return NULL;
#endif
}
+
+/*
+ * return 1 if the specified uid is a uid that may own a system directory
+ * otherwise 0.
+ */
+int
+platform_sys_dir_uid(uid_t uid)
+{
+ if (uid == 0)
+ return 1;
+#ifdef PLATFORM_SYS_DIR_UID
+ if (uid == PLATFORM_SYS_DIR_UID)
+ return 1;
+#endif
+ return 0;
+}
Property changes on: vendor-crypto/openssh/dist/platform.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/platform.h
===================================================================
--- vendor-crypto/openssh/dist/platform.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/platform.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $Id: platform.h,v 1.1.1.2 2011-02-04 14:04:19 laffer1 Exp $ */
+/* $Id: platform.h,v 1.8 2013/03/12 00:31:05 dtucker Exp $ */
/*
* Copyright (c) 2006 Darren Tucker. All rights reserved.
@@ -29,5 +29,4 @@
void platform_setusercontext_post_groups(struct passwd *);
char *platform_get_krb5_client(const char *);
char *platform_krb5_get_principal_name(const char *);
-
-
+int platform_sys_dir_uid(uid_t);
Property changes on: vendor-crypto/openssh/dist/platform.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/progressmeter.c
===================================================================
--- vendor-crypto/openssh/dist/progressmeter.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/progressmeter.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: progressmeter.c,v 1.37 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: progressmeter.c,v 1.39 2013/06/02 13:33:05 dtucker Exp $ */
/*
* Copyright (c) 2003 Nils Nordman. All rights reserved.
*
@@ -131,7 +131,7 @@
transferred = *counter - cur_pos;
cur_pos = *counter;
- now = time(NULL);
+ now = monotime();
bytes_left = end_pos - cur_pos;
if (bytes_left > 0)
@@ -249,7 +249,7 @@
void
start_progress_meter(char *f, off_t filesize, off_t *ctr)
{
- start = last_update = time(NULL);
+ start = last_update = monotime();
file = f;
end_pos = filesize;
cur_pos = 0;
Property changes on: vendor-crypto/openssh/dist/progressmeter.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Index: vendor-crypto/openssh/dist/progressmeter.h
===================================================================
--- vendor-crypto/openssh/dist/progressmeter.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/progressmeter.h 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/progressmeter.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/readconf.c
===================================================================
--- vendor-crypto/openssh/dist/readconf.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/readconf.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.190 2010/11/13 23:27:50 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.204 2013/06/10 19:19:44 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -30,6 +30,9 @@
#include <stdio.h>
#include <string.h>
#include <unistd.h>
+#ifdef HAVE_UTIL_H
+#include <util.h>
+#endif
#include "xmalloc.h"
#include "ssh.h"
@@ -134,8 +137,8 @@
oHashKnownHosts,
oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
- oKexAlgorithms, oIPQoS,
- oDeprecated, oUnsupported
+ oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown,
+ oIgnoredUnknownOption, oDeprecated, oUnsupported
} OpCodes;
/* Textual representations of the tokens. */
@@ -193,9 +196,9 @@
{ "host", oHost },
{ "escapechar", oEscapeChar },
{ "globalknownhostsfile", oGlobalKnownHostsFile },
- { "globalknownhostsfile2", oGlobalKnownHostsFile2 }, /* obsolete */
+ { "globalknownhostsfile2", oDeprecated },
{ "userknownhostsfile", oUserKnownHostsFile },
- { "userknownhostsfile2", oUserKnownHostsFile2 }, /* obsolete */
+ { "userknownhostsfile2", oDeprecated },
{ "connectionattempts", oConnectionAttempts },
{ "batchmode", oBatchMode },
{ "checkhostip", oCheckHostIP },
@@ -245,6 +248,8 @@
#endif
{ "kexalgorithms", oKexAlgorithms },
{ "ipqos", oIPQoS },
+ { "requesttty", oRequestTTY },
+ { "ignoreunknown", oIgnoreUnknown },
{ NULL, oBadOption }
};
@@ -293,6 +298,7 @@
fwd->listen_port = newfwd->listen_port;
fwd->connect_host = newfwd->connect_host;
fwd->connect_port = newfwd->connect_port;
+ fwd->handle = newfwd->handle;
fwd->allocated_port = 0;
}
@@ -302,22 +308,20 @@
int i;
for (i = 0; i < options->num_local_forwards; i++) {
- if (options->local_forwards[i].listen_host != NULL)
- xfree(options->local_forwards[i].listen_host);
- xfree(options->local_forwards[i].connect_host);
+ free(options->local_forwards[i].listen_host);
+ free(options->local_forwards[i].connect_host);
}
if (options->num_local_forwards > 0) {
- xfree(options->local_forwards);
+ free(options->local_forwards);
options->local_forwards = NULL;
}
options->num_local_forwards = 0;
for (i = 0; i < options->num_remote_forwards; i++) {
- if (options->remote_forwards[i].listen_host != NULL)
- xfree(options->remote_forwards[i].listen_host);
- xfree(options->remote_forwards[i].connect_host);
+ free(options->remote_forwards[i].listen_host);
+ free(options->remote_forwards[i].connect_host);
}
if (options->num_remote_forwards > 0) {
- xfree(options->remote_forwards);
+ free(options->remote_forwards);
options->remote_forwards = NULL;
}
options->num_remote_forwards = 0;
@@ -324,19 +328,42 @@
options->tun_open = SSH_TUNMODE_NO;
}
+void
+add_identity_file(Options *options, const char *dir, const char *filename,
+ int userprovided)
+{
+ char *path;
+
+ if (options->num_identity_files >= SSH_MAX_IDENTITY_FILES)
+ fatal("Too many identity files specified (max %d)",
+ SSH_MAX_IDENTITY_FILES);
+
+ if (dir == NULL) /* no dir, filename is absolute */
+ path = xstrdup(filename);
+ else
+ (void)xasprintf(&path, "%.100s%.100s", dir, filename);
+
+ options->identity_file_userprovided[options->num_identity_files] =
+ userprovided;
+ options->identity_files[options->num_identity_files++] = path;
+}
+
/*
* Returns the number of the token pointed to by cp or oBadOption.
*/
static OpCodes
-parse_token(const char *cp, const char *filename, int linenum)
+parse_token(const char *cp, const char *filename, int linenum,
+ const char *ignored_unknown)
{
- u_int i;
+ int i;
for (i = 0; keywords[i].name; i++)
- if (strcasecmp(cp, keywords[i].name) == 0)
+ if (strcmp(cp, keywords[i].name) == 0)
return keywords[i].opcode;
-
+ if (ignored_unknown != NULL && match_pattern_list(cp, ignored_unknown,
+ strlen(ignored_unknown), 1) == 1)
+ return oIgnoredUnknownOption;
error("%s: line %d: Bad configuration option: %s",
filename, linenum, cp);
return oBadOption;
@@ -351,12 +378,14 @@
int
process_config_line(Options *options, const char *host,
char *line, const char *filename, int linenum,
- int *activep)
+ int *activep, int userconfig)
{
- char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256];
- int opcode, *intptr, value, value2, scale;
+ char *s, **charptr, *endofnumber, *keyword, *arg, *arg2;
+ char **cpptr, fwdarg[256];
+ u_int i, *uintptr, max_entries = 0;
+ int negated, opcode, *intptr, value, value2;
LogLevel *log_level_ptr;
- long long orig, val64;
+ long long val64;
size_t len;
Forward fwd;
@@ -376,8 +405,12 @@
keyword = strdelim(&s);
if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
return 0;
+ /* Match lowercase keyword */
+ for (i = 0; i < strlen(keyword); i++)
+ keyword[i] = tolower(keyword[i]);
- opcode = parse_token(keyword, filename, linenum);
+ opcode = parse_token(keyword, filename, linenum,
+ options->ignored_unknown);
switch (opcode) {
case oBadOption:
@@ -384,6 +417,10 @@
/* don't panic, but count bad options */
return -1;
/* NOTREACHED */
+ case oIgnoredUnknownOption:
+ debug("%s line %d: Ignored unknown option \"%s\"",
+ filename, linenum, keyword);
+ return 0;
case oConnectTimeout:
intptr = &options->connection_timeout;
parse_time:
@@ -538,39 +575,32 @@
case oRekeyLimit:
arg = strdelim(&s);
if (!arg || *arg == '\0')
- fatal("%.200s line %d: Missing argument.", filename, linenum);
- if (arg[0] < '0' || arg[0] > '9')
- fatal("%.200s line %d: Bad number.", filename, linenum);
- orig = val64 = strtoll(arg, &endofnumber, 10);
- if (arg == endofnumber)
- fatal("%.200s line %d: Bad number.", filename, linenum);
- switch (toupper(*endofnumber)) {
- case '\0':
- scale = 1;
- break;
- case 'K':
- scale = 1<<10;
- break;
- case 'M':
- scale = 1<<20;
- break;
- case 'G':
- scale = 1<<30;
- break;
- default:
- fatal("%.200s line %d: Invalid RekeyLimit suffix",
- filename, linenum);
+ fatal("%.200s line %d: Missing argument.", filename,
+ linenum);
+ if (strcmp(arg, "default") == 0) {
+ val64 = 0;
+ } else {
+ if (scan_scaled(arg, &val64) == -1)
+ fatal("%.200s line %d: Bad number '%s': %s",
+ filename, linenum, arg, strerror(errno));
+ /* check for too-large or too-small limits */
+ if (val64 > UINT_MAX)
+ fatal("%.200s line %d: RekeyLimit too large",
+ filename, linenum);
+ if (val64 != 0 && val64 < 16)
+ fatal("%.200s line %d: RekeyLimit too small",
+ filename, linenum);
}
- val64 *= scale;
- /* detect integer wrap and too-large limits */
- if ((val64 / scale) != orig || val64 > UINT_MAX)
- fatal("%.200s line %d: RekeyLimit too large",
- filename, linenum);
- if (val64 < 16)
- fatal("%.200s line %d: RekeyLimit too small",
- filename, linenum);
if (*activep && options->rekey_limit == -1)
options->rekey_limit = (u_int32_t)val64;
+ if (s != NULL) { /* optional rekey interval present */
+ if (strcmp(s, "none") == 0) {
+ (void)strdelim(&s); /* discard */
+ break;
+ }
+ intptr = &options->rekey_interval;
+ goto parse_time;
+ }
break;
case oIdentityFile:
@@ -582,9 +612,7 @@
if (*intptr >= SSH_MAX_IDENTITY_FILES)
fatal("%.200s line %d: Too many identity files specified (max %d).",
filename, linenum, SSH_MAX_IDENTITY_FILES);
- charptr = &options->identity_files[*intptr];
- *charptr = xstrdup(arg);
- *intptr = *intptr + 1;
+ add_identity_file(options, NULL, arg, userconfig);
}
break;
@@ -597,27 +625,34 @@
parse_string:
arg = strdelim(&s);
if (!arg || *arg == '\0')
- fatal("%.200s line %d: Missing argument.", filename, linenum);
+ fatal("%.200s line %d: Missing argument.",
+ filename, linenum);
if (*activep && *charptr == NULL)
*charptr = xstrdup(arg);
break;
case oGlobalKnownHostsFile:
- charptr = &options->system_hostfile;
- goto parse_string;
+ cpptr = (char **)&options->system_hostfiles;
+ uintptr = &options->num_system_hostfiles;
+ max_entries = SSH_MAX_HOSTS_FILES;
+parse_char_array:
+ if (*activep && *uintptr == 0) {
+ while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
+ if ((*uintptr) >= max_entries)
+ fatal("%s line %d: "
+ "too many authorized keys files.",
+ filename, linenum);
+ cpptr[(*uintptr)++] = xstrdup(arg);
+ }
+ }
+ return 0;
case oUserKnownHostsFile:
- charptr = &options->user_hostfile;
- goto parse_string;
+ cpptr = (char **)&options->user_hostfiles;
+ uintptr = &options->num_user_hostfiles;
+ max_entries = SSH_MAX_HOSTS_FILES;
+ goto parse_char_array;
- case oGlobalKnownHostsFile2:
- charptr = &options->system_hostfile2;
- goto parse_string;
-
- case oUserKnownHostsFile2:
- charptr = &options->user_hostfile2;
- goto parse_string;
-
case oHostName:
charptr = &options->hostname;
goto parse_string;
@@ -793,12 +828,28 @@
case oHost:
*activep = 0;
- while ((arg = strdelim(&s)) != NULL && *arg != '\0')
+ arg2 = NULL;
+ while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
+ negated = *arg == '!';
+ if (negated)
+ arg++;
if (match_pattern(host, arg)) {
- debug("Applying options for %.100s", arg);
+ if (negated) {
+ debug("%.200s line %d: Skipping Host "
+ "block because of negated match "
+ "for %.100s", filename, linenum,
+ arg);
+ *activep = 0;
+ break;
+ }
+ if (!*activep)
+ arg2 = arg; /* logged below */
*activep = 1;
- break;
}
+ }
+ if (*activep)
+ debug("%.200s line %d: Applying options for %.100s",
+ filename, linenum, arg2);
/* Avoid garbage check below, as strdelim is done. */
return 0;
@@ -997,6 +1048,30 @@
intptr = &options->use_roaming;
goto parse_flag;
+ case oRequestTTY:
+ arg = strdelim(&s);
+ if (!arg || *arg == '\0')
+ fatal("%s line %d: missing argument.",
+ filename, linenum);
+ intptr = &options->request_tty;
+ if (strcasecmp(arg, "yes") == 0)
+ value = REQUEST_TTY_YES;
+ else if (strcasecmp(arg, "no") == 0)
+ value = REQUEST_TTY_NO;
+ else if (strcasecmp(arg, "force") == 0)
+ value = REQUEST_TTY_FORCE;
+ else if (strcasecmp(arg, "auto") == 0)
+ value = REQUEST_TTY_AUTO;
+ else
+ fatal("Unsupported RequestTTY \"%s\"", arg);
+ if (*activep && *intptr == -1)
+ *intptr = value;
+ break;
+
+ case oIgnoreUnknown:
+ charptr = &options->ignored_unknown;
+ goto parse_string;
+
case oDeprecated:
debug("%s line %d: Deprecated option \"%s\"",
filename, linenum, keyword);
@@ -1028,7 +1103,7 @@
int
read_config_file(const char *filename, const char *host, Options *options,
- int checkperm)
+ int flags)
{
FILE *f;
char line[1024];
@@ -1038,7 +1113,7 @@
if ((f = fopen(filename, "r")) == NULL)
return 0;
- if (checkperm) {
+ if (flags & SSHCONF_CHECKPERM) {
struct stat sb;
if (fstat(fileno(f), &sb) == -1)
@@ -1059,7 +1134,8 @@
while (fgets(line, sizeof(line), f)) {
/* Update line number counter. */
linenum++;
- if (process_config_line(options, host, line, filename, linenum, &active) != 0)
+ if (process_config_line(options, host, line, filename, linenum,
+ &active, flags & SSHCONF_USERCONF) != 0)
bad_options++;
}
fclose(f);
@@ -1121,10 +1197,8 @@
options->proxy_command = NULL;
options->user = NULL;
options->escape_char = -1;
- options->system_hostfile = NULL;
- options->user_hostfile = NULL;
- options->system_hostfile2 = NULL;
- options->user_hostfile2 = NULL;
+ options->num_system_hostfiles = 0;
+ options->num_user_hostfiles = 0;
options->local_forwards = NULL;
options->num_local_forwards = 0;
options->remote_forwards = NULL;
@@ -1138,6 +1212,7 @@
options->no_host_authentication_for_localhost = - 1;
options->identities_only = - 1;
options->rekey_limit = - 1;
+ options->rekey_interval = -1;
options->verify_host_key_dns = -1;
options->server_alive_interval = -1;
options->server_alive_count_max = -1;
@@ -1157,6 +1232,8 @@
options->zero_knowledge_password_authentication = -1;
options->ip_qos_interactive = -1;
options->ip_qos_bulk = -1;
+ options->request_tty = -1;
+ options->ignored_unknown = NULL;
}
/*
@@ -1167,8 +1244,6 @@
void
fill_default_options(Options * options)
{
- int len;
-
if (options->forward_agent == -1)
options->forward_agent = 0;
if (options->forward_x11 == -1)
@@ -1234,43 +1309,34 @@
options->protocol = SSH_PROTO_2;
if (options->num_identity_files == 0) {
if (options->protocol & SSH_PROTO_1) {
- len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
- options->identity_files[options->num_identity_files] =
- xmalloc(len);
- snprintf(options->identity_files[options->num_identity_files++],
- len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
+ add_identity_file(options, "~/",
+ _PATH_SSH_CLIENT_IDENTITY, 0);
}
if (options->protocol & SSH_PROTO_2) {
- len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1;
- options->identity_files[options->num_identity_files] =
- xmalloc(len);
- snprintf(options->identity_files[options->num_identity_files++],
- len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);
-
- len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;
- options->identity_files[options->num_identity_files] =
- xmalloc(len);
- snprintf(options->identity_files[options->num_identity_files++],
- len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
+ add_identity_file(options, "~/",
+ _PATH_SSH_CLIENT_ID_RSA, 0);
+ add_identity_file(options, "~/",
+ _PATH_SSH_CLIENT_ID_DSA, 0);
#ifdef OPENSSL_HAS_ECC
- len = 2 + strlen(_PATH_SSH_CLIENT_ID_ECDSA) + 1;
- options->identity_files[options->num_identity_files] =
- xmalloc(len);
- snprintf(options->identity_files[options->num_identity_files++],
- len, "~/%.100s", _PATH_SSH_CLIENT_ID_ECDSA);
+ add_identity_file(options, "~/",
+ _PATH_SSH_CLIENT_ID_ECDSA, 0);
#endif
}
}
if (options->escape_char == -1)
options->escape_char = '~';
- if (options->system_hostfile == NULL)
- options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE;
- if (options->user_hostfile == NULL)
- options->user_hostfile = _PATH_SSH_USER_HOSTFILE;
- if (options->system_hostfile2 == NULL)
- options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2;
- if (options->user_hostfile2 == NULL)
- options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2;
+ if (options->num_system_hostfiles == 0) {
+ options->system_hostfiles[options->num_system_hostfiles++] =
+ xstrdup(_PATH_SSH_SYSTEM_HOSTFILE);
+ options->system_hostfiles[options->num_system_hostfiles++] =
+ xstrdup(_PATH_SSH_SYSTEM_HOSTFILE2);
+ }
+ if (options->num_user_hostfiles == 0) {
+ options->user_hostfiles[options->num_user_hostfiles++] =
+ xstrdup(_PATH_SSH_USER_HOSTFILE);
+ options->user_hostfiles[options->num_user_hostfiles++] =
+ xstrdup(_PATH_SSH_USER_HOSTFILE2);
+ }
if (options->log_level == SYSLOG_LEVEL_NOT_SET)
options->log_level = SYSLOG_LEVEL_INFO;
if (options->clear_forwardings == 1)
@@ -1283,6 +1349,8 @@
options->enable_ssh_keysign = 0;
if (options->rekey_limit == -1)
options->rekey_limit = 0;
+ if (options->rekey_interval == -1)
+ options->rekey_interval = 0;
if (options->verify_host_key_dns == -1)
options->verify_host_key_dns = 0;
if (options->server_alive_interval == -1)
@@ -1315,6 +1383,8 @@
options->ip_qos_interactive = IPTOS_LOWDELAY;
if (options->ip_qos_bulk == -1)
options->ip_qos_bulk = IPTOS_THROUGHPUT;
+ if (options->request_tty == -1)
+ options->request_tty = REQUEST_TTY_AUTO;
/* options->local_command should not be set by default */
/* options->proxy_command should not be set by default */
/* options->user will be set in the main program if appropriate */
@@ -1384,7 +1454,7 @@
i = 0; /* failure */
}
- xfree(p);
+ free(p);
if (dynamicfwd) {
if (!(i == 1 || i == 2))
@@ -1410,13 +1480,9 @@
return (i);
fail_free:
- if (fwd->connect_host != NULL) {
- xfree(fwd->connect_host);
- fwd->connect_host = NULL;
- }
- if (fwd->listen_host != NULL) {
- xfree(fwd->listen_host);
- fwd->listen_host = NULL;
- }
+ free(fwd->connect_host);
+ fwd->connect_host = NULL;
+ free(fwd->listen_host);
+ fwd->listen_host = NULL;
return (0);
}
Property changes on: vendor-crypto/openssh/dist/readconf.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.9
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/readconf.h
===================================================================
--- vendor-crypto/openssh/dist/readconf.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/readconf.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.h,v 1.88 2010/11/13 23:27:50 djm Exp $ */
+/* $OpenBSD: readconf.h,v 1.95 2013/05/16 04:27:50 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -24,10 +24,12 @@
char *connect_host; /* Host to connect. */
int connect_port; /* Port to connect on connect_host. */
int allocated_port; /* Dynamically allocated listen port */
+ int handle; /* Handle for dynamic listen ports */
} Forward;
/* Data structure for representing option data. */
-#define MAX_SEND_ENV 256
+#define MAX_SEND_ENV 256
+#define SSH_MAX_HOSTS_FILES 256
typedef struct {
int forward_agent; /* Forward authentication agent. */
@@ -83,10 +85,10 @@
char *user; /* User to log in as. */
int escape_char; /* Escape character; -2 = none */
- char *system_hostfile;/* Path for /etc/ssh/ssh_known_hosts. */
- char *user_hostfile; /* Path for $HOME/.ssh/known_hosts. */
- char *system_hostfile2;
- char *user_hostfile2;
+ u_int num_system_hostfiles; /* Paths for /etc/ssh/ssh_known_hosts */
+ char *system_hostfiles[SSH_MAX_HOSTS_FILES];
+ u_int num_user_hostfiles; /* Path for $HOME/.ssh/known_hosts */
+ char *user_hostfiles[SSH_MAX_HOSTS_FILES];
char *preferred_authentications;
char *bind_address; /* local socket address for connection to sshd */
char *pkcs11_provider; /* PKCS#11 provider */
@@ -94,6 +96,7 @@
int num_identity_files; /* Number of files for RSA/DSA identities. */
char *identity_files[SSH_MAX_IDENTITY_FILES];
+ int identity_file_userprovided[SSH_MAX_IDENTITY_FILES];
Key *identity_keys[SSH_MAX_IDENTITY_FILES];
/* Local TCP/IP forward requests. */
@@ -107,6 +110,7 @@
int enable_ssh_keysign;
int64_t rekey_limit;
+ int rekey_interval;
int no_host_authentication_for_localhost;
int identities_only;
int server_alive_interval;
@@ -132,6 +136,9 @@
int use_roaming;
+ int request_tty;
+
+ char *ignored_unknown; /* Pattern list of unknown tokens to ignore */
} Options;
#define SSHCTL_MASTER_NO 0
@@ -140,6 +147,14 @@
#define SSHCTL_MASTER_ASK 3
#define SSHCTL_MASTER_AUTO_ASK 4
+#define REQUEST_TTY_AUTO 0
+#define REQUEST_TTY_NO 1
+#define REQUEST_TTY_YES 2
+#define REQUEST_TTY_FORCE 3
+
+#define SSHCONF_CHECKPERM 1 /* check permissions on config file */
+#define SSHCONF_USERCONF 2 /* user provided config file not system */
+
void initialize_options(Options *);
void fill_default_options(Options *);
int read_config_file(const char *, const char *, Options *, int);
@@ -146,9 +161,11 @@
int parse_forward(Forward *, const char *, int, int);
int
-process_config_line(Options *, const char *, char *, const char *, int, int *);
+process_config_line(Options *, const char *, char *, const char *, int, int *,
+ int);
void add_local_forward(Options *, const Forward *);
void add_remote_forward(Options *, const Forward *);
+void add_identity_file(Options *, const char *, const char *, int);
#endif /* READCONF_H */
Property changes on: vendor-crypto/openssh/dist/readconf.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.6
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/readpass.c
===================================================================
--- vendor-crypto/openssh/dist/readpass.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/readpass.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: readpass.c,v 1.48 2010/12/15 00:49:27 djm Exp $ */
+/* $OpenBSD: readpass.c,v 1.49 2013/05/17 00:13:14 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@@ -186,7 +186,7 @@
if (*p == '\0' || *p == '\n' ||
strcasecmp(p, "yes") == 0)
allowed = 1;
- xfree(p);
+ free(p);
}
return (allowed);
Property changes on: vendor-crypto/openssh/dist/readpass.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/regress/Makefile
===================================================================
--- vendor-crypto/openssh/dist/regress/Makefile 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/Makefile 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.58 2011/01/06 22:46:21 djm Exp $
+# $OpenBSD: Makefile,v 1.65 2013/04/18 02:46:12 djm Exp $
REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t-exec
tests: $(REGRESS_TARGETS)
@@ -8,6 +8,7 @@
clean:
for F in $(CLEANFILES); do rm -f $(OBJ)$$F; done
+ test -z "${SUDO}" || ${SUDO} rm -f ${SUDO_CLEAN}
rm -rf $(OBJ).putty
distclean: clean
@@ -38,6 +39,7 @@
key-options \
scp \
sftp \
+ sftp-chroot \
sftp-cmds \
sftp-badcmds \
sftp-batch \
@@ -57,7 +59,11 @@
kextype \
cert-hostkey \
cert-userkey \
- host-expand
+ host-expand \
+ keys-command \
+ forward-control \
+ integrity \
+ krl
INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers
#INTEROP_TESTS+=ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp
@@ -67,7 +73,7 @@
USER!= id -un
CLEANFILES= t2.out t3.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \
t8.out t8.out.pub t9.out t9.out.pub \
- authorized_keys_${USER} known_hosts pidfile \
+ authorized_keys_${USER} known_hosts pidfile testdata \
ssh_config sshd_config.orig ssh_proxy sshd_config sshd_proxy \
rsa.pub rsa rsa1.pub rsa1 host.rsa host.rsa1 \
rsa-agent rsa-agent.pub rsa1-agent rsa1-agent.pub \
@@ -74,16 +80,23 @@
ls.copy banner.in banner.out empty.in \
scp-ssh-wrapper.scp ssh_proxy_envpass remote_pid \
sshd_proxy_bak rsa_ssh2_cr.prv rsa_ssh2_crnl.prv \
- known_hosts-cert host_ca_key* cert_host_key* \
+ known_hosts-cert host_ca_key* cert_host_key* cert_user_key* \
putty.rsa2 sshd_proxy_orig ssh_proxy_bak \
key.rsa-* key.dsa-* key.ecdsa-* \
- authorized_principals_${USER} expect actual
+ authorized_principals_${USER} expect actual ready \
+ sshd_proxy.* authorized_keys_${USER}.* modpipe revoked-* krl-* \
+ ssh.log failed-ssh.log sshd.log failed-sshd.log \
+ regress.log failed-regress.log ssh-log-wrapper.sh
+SUDO_CLEAN+= /var/run/testdata_${USER} /var/run/keycommand_${USER}
+
# Enable all malloc(3) randomisations and checks
TEST_ENV= "MALLOC_OPTIONS=AFGJPRX"
TEST_SSH_SSHKEYGEN?=ssh-keygen
+CPPFLAGS=-I..
+
t1:
${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/rsa_ssh2.prv | diff - ${.CURDIR}/rsa_openssh.prv
tr '\n' '\r' <${.CURDIR}/rsa_ssh2.prv > ${.OBJDIR}/rsa_ssh2_cr.prv
@@ -142,7 +155,7 @@
@if [ "x$?" = "x" ]; then exit 0; fi; \
for TEST in ""$?; do \
echo "run test $${TEST}" ... 1>&2; \
- (env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \
+ (env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} ${TEST_SHELL} ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \
done
t-exec-interop: ${INTEROP_TESTS:=.sh}
@@ -149,7 +162,7 @@
@if [ "x$?" = "x" ]; then exit 0; fi; \
for TEST in ""$?; do \
echo "run test $${TEST}" ... 1>&2; \
- (env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \
+ (env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} ${TEST_SHELL} ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \
done
# Not run by default
Property changes on: vendor-crypto/openssh/dist/regress/Makefile
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/regress/README.regress
===================================================================
--- vendor-crypto/openssh/dist/regress/README.regress 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/README.regress 2013-12-05 12:55:03 UTC (rev 6462)
@@ -93,10 +93,6 @@
Known Issues.
-- If your build requires ssh-rand-helper regress tests will fail
- unless ssh-rand-helper is in pre-installed (the path to
- ssh-rand-helper is hard coded).
-
- Similarly, if you do not have "scp" in your system's $PATH then the
multiplex scp tests will fail (since the system's shell startup scripts
will determine where the shell started by sshd will look for scp).
@@ -105,4 +101,4 @@
test to fail. The old behaviour can be restored by setting (and
exporting) _POSIX2_VERSION=199209 before running the tests.
-$Id: README.regress,v 1.1.1.4 2011-02-04 14:04:19 laffer1 Exp $
+$Id: README.regress,v 1.12 2011/05/05 03:48:42 djm Exp $
Property changes on: vendor-crypto/openssh/dist/regress/README.regress
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/regress/addrmatch.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/addrmatch.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/addrmatch.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-# $OpenBSD: addrmatch.sh,v 1.3 2010/02/09 04:57:36 djm Exp $
+# $OpenBSD: addrmatch.sh,v 1.4 2012/05/13 01:42:32 dtucker Exp $
# Placed in the Public Domain.
tid="address match"
@@ -7,39 +7,50 @@
run_trial()
{
- user="$1"; addr="$2"; host="$3"; expected="$4"; descr="$5"
+ user="$1"; addr="$2"; host="$3"; laddr="$4"; lport="$5"
+ expected="$6"; descr="$7"
verbose "test $descr for $user $addr $host"
result=`${SSHD} -f $OBJ/sshd_proxy -T \
- -C user=${user},addr=${addr},host=${host} | \
- awk '/^passwordauthentication/ {print $2}'`
+ -C user=${user},addr=${addr},host=${host},laddr=${laddr},lport=${lport} | \
+ awk '/^forcecommand/ {print $2}'`
if [ "$result" != "$expected" ]; then
- fail "failed for $user $addr $host: expected $expected, got $result"
+ fail "failed '$descr' expected $expected got $result"
fi
}
cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
cat >>$OBJ/sshd_proxy <<EOD
-PasswordAuthentication no
+ForceCommand nomatch
Match Address 192.168.0.0/16,!192.168.30.0/24,10.0.0.0/8,host.example.com
- PasswordAuthentication yes
+ ForceCommand match1
Match Address 1.1.1.1,::1,!::3,2000::/16
- PasswordAuthentication yes
+ ForceCommand match2
+Match LocalAddress 127.0.0.1,::1
+ ForceCommand match3
+Match LocalPort 5678
+ ForceCommand match4
EOD
-run_trial user 192.168.0.1 somehost yes "permit, first entry"
-run_trial user 192.168.30.1 somehost no "deny, negative match"
-run_trial user 19.0.0.1 somehost no "deny, no match"
-run_trial user 10.255.255.254 somehost yes "permit, list middle"
-run_trial user 192.168.30.1 192.168.0.1 no "deny, faked IP in hostname"
-run_trial user 1.1.1.1 somehost.example.com yes "permit, bare IP4 address"
-test "$TEST_SSH_IPV6" = "no" && exit
-run_trial user ::1 somehost.example.com yes "permit, bare IP6 address"
-run_trial user ::2 somehost.exaple.com no "deny IPv6"
-run_trial user ::3 somehost no "deny IP6 negated"
-run_trial user ::4 somehost no "deny, IP6 no match"
-run_trial user 2000::1 somehost yes "permit, IP6 network"
-run_trial user 2001::1 somehost no "deny, IP6 network"
+run_trial user 192.168.0.1 somehost 1.2.3.4 1234 match1 "first entry"
+run_trial user 192.168.30.1 somehost 1.2.3.4 1234 nomatch "negative match"
+run_trial user 19.0.0.1 somehost 1.2.3.4 1234 nomatch "no match"
+run_trial user 10.255.255.254 somehost 1.2.3.4 1234 match1 "list middle"
+run_trial user 192.168.30.1 192.168.0.1 1.2.3.4 1234 nomatch "faked IP in hostname"
+run_trial user 1.1.1.1 somehost.example.com 1.2.3.4 1234 match2 "bare IP4 address"
+run_trial user 19.0.0.1 somehost 127.0.0.1 1234 match3 "localaddress"
+run_trial user 19.0.0.1 somehost 1.2.3.4 5678 match4 "localport"
+if test "$TEST_SSH_IPV6" != "no"; then
+run_trial user ::1 somehost.example.com ::2 1234 match2 "bare IP6 address"
+run_trial user ::2 somehost.exaple.com ::2 1234 nomatch "deny IPv6"
+run_trial user ::3 somehost ::2 1234 nomatch "IP6 negated"
+run_trial user ::4 somehost ::2 1234 nomatch "IP6 no match"
+run_trial user 2000::1 somehost ::2 1234 match2 "IP6 network"
+run_trial user 2001::1 somehost ::2 1234 nomatch "IP6 network"
+run_trial user ::5 somehost ::1 1234 match3 "IP6 localaddress"
+run_trial user ::5 somehost ::2 5678 match4 "IP6 localport"
+fi
+
cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
rm $OBJ/sshd_proxy_bak
Property changes on: vendor-crypto/openssh/dist/regress/addrmatch.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/regress/agent-getpeereid.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/agent-getpeereid.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/agent-getpeereid.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-# $OpenBSD: agent-getpeereid.sh,v 1.4 2007/11/25 15:35:09 jmc Exp $
+# $OpenBSD: agent-getpeereid.sh,v 1.5 2013/05/17 10:33:09 dtucker Exp $
# Placed in the Public Domain.
tid="disallow agent attach from other uid"
@@ -18,7 +18,6 @@
exit 0
fi
-
trace "start agent"
eval `${SSHAGENT} -s -a ${ASOCK}` > /dev/null
r=$?
Property changes on: vendor-crypto/openssh/dist/regress/agent-getpeereid.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Index: vendor-crypto/openssh/dist/regress/agent-pkcs11.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/agent-pkcs11.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/agent-pkcs11.sh 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/regress/agent-pkcs11.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Index: vendor-crypto/openssh/dist/regress/agent-ptrace.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/agent-ptrace.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/agent-ptrace.sh 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/regress/agent-ptrace.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/regress/agent-timeout.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/agent-timeout.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/agent-timeout.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-# $OpenBSD: agent-timeout.sh,v 1.1 2002/06/06 00:38:40 markus Exp $
+# $OpenBSD: agent-timeout.sh,v 1.2 2013/05/17 01:16:09 dtucker Exp $
# Placed in the Public Domain.
tid="agent timeout test"
Property changes on: vendor-crypto/openssh/dist/regress/agent-timeout.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/regress/agent.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/agent.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/agent.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-# $OpenBSD: agent.sh,v 1.7 2007/11/25 15:35:09 jmc Exp $
+# $OpenBSD: agent.sh,v 1.8 2013/05/17 00:37:40 dtucker Exp $
# Placed in the Public Domain.
tid="simple agent test"
@@ -19,7 +19,7 @@
fail "ssh-add -l did not fail with exit code 1"
fi
trace "overwrite authorized keys"
- echon > $OBJ/authorized_keys_$USER
+ printf '' > $OBJ/authorized_keys_$USER
for t in rsa rsa1; do
# generate user key for agent
rm -f $OBJ/$t-agent
Property changes on: vendor-crypto/openssh/dist/regress/agent.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Index: vendor-crypto/openssh/dist/regress/banner.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/banner.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/banner.sh 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/regress/banner.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Index: vendor-crypto/openssh/dist/regress/broken-pipe.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/broken-pipe.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/broken-pipe.sh 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/regress/broken-pipe.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Index: vendor-crypto/openssh/dist/regress/brokenkeys.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/brokenkeys.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/brokenkeys.sh 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/regress/brokenkeys.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Deleted: vendor-crypto/openssh/dist/regress/bsd.regress.mk
===================================================================
--- vendor-crypto/openssh/dist/regress/bsd.regress.mk 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/bsd.regress.mk 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,79 +0,0 @@
-# $OpenBSD: bsd.regress.mk,v 1.9 2002/02/17 01:10:15 marc Exp $
-# No man pages for regression tests.
-NOMAN=
-
-# No installation.
-install:
-
-# If REGRESSTARGETS is defined and PROG is not defined, set NOPROG
-.if defined(REGRESSTARGETS) && !defined(PROG)
-NOPROG=
-.endif
-
-.include <bsd.prog.mk>
-
-.MAIN: all
-all: regress
-
-# XXX - Need full path to REGRESSLOG, otherwise there will be much pain.
-
-REGRESSLOG?=/dev/null
-REGRESSNAME=${.CURDIR:S/${BSDSRCDIR}\/regress\///}
-
-.if defined(PROG) && !empty(PROG)
-run-regress-${PROG}: ${PROG}
- ./${PROG}
-.endif
-
-.if !defined(REGRESSTARGETS)
-REGRESSTARGETS=run-regress-${PROG}
-. if defined(REGRESSSKIP)
-REGRESSSKIPTARGETS=run-regress-${PROG}
-. endif
-.endif
-
-REGRESSSKIPSLOW?=no
-
-#.if (${REGRESSSKIPSLOW:L} == "yes") && defined(REGRESSSLOWTARGETS)
-
-.if (${REGRESSSKIPSLOW} == "yes") && defined(REGRESSSLOWTARGETS)
-REGRESSSKIPTARGETS+=${REGRESSSLOWTARGETS}
-.endif
-
-.if defined(REGRESSROOTTARGETS)
-ROOTUSER!=id -g
-SUDO?=
-. if (${ROOTUSER} != 0) && empty(SUDO)
-REGRESSSKIPTARGETS+=${REGRESSROOTTARGETS}
-. endif
-.endif
-
-REGRESSSKIPTARGETS?=
-
-regress:
-.for RT in ${REGRESSTARGETS}
-. if ${REGRESSSKIPTARGETS:M${RT}}
- @echo -n "SKIP " >> ${REGRESSLOG}
-. else
-# XXX - we need a better method to see if a test fails due to timeout or just
-# normal failure.
-. if !defined(REGRESSMAXTIME)
- @if cd ${.CURDIR} && ${MAKE} ${RT}; then \
- echo -n "SUCCESS " >> ${REGRESSLOG} ; \
- else \
- echo -n "FAIL " >> ${REGRESSLOG} ; \
- echo FAILED ; \
- fi
-. else
- @if cd ${.CURDIR} && (ulimit -t ${REGRESSMAXTIME} ; ${MAKE} ${RT}); then \
- echo -n "SUCCESS " >> ${REGRESSLOG} ; \
- else \
- echo -n "FAIL (possible timeout) " >> ${REGRESSLOG} ; \
- echo FAILED ; \
- fi
-. endif
-. endif
- @echo ${REGRESSNAME}/${RT:S/^run-regress-//} >> ${REGRESSLOG}
-.endfor
-
-.PHONY: regress
Modified: vendor-crypto/openssh/dist/regress/cert-hostkey.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/cert-hostkey.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/cert-hostkey.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-# $OpenBSD: cert-hostkey.sh,v 1.5 2010/08/31 12:24:09 djm Exp $
+# $OpenBSD: cert-hostkey.sh,v 1.7 2013/05/17 00:37:40 dtucker Exp $
# Placed in the Public Domain.
tid="certified host keys"
@@ -18,8 +18,8 @@
${SSHKEYGEN} -q -N '' -t rsa -f $OBJ/host_ca_key ||\
fail "ssh-keygen of host_ca_key failed"
(
- echon '@cert-authority '
- echon "$HOSTS "
+ printf '@cert-authority '
+ printf "$HOSTS "
cat $OBJ/host_ca_key.pub
) > $OBJ/known_hosts-cert
@@ -66,25 +66,25 @@
# Revoked certificates with key present
(
- echon '@cert-authority '
- echon "$HOSTS "
+ printf '@cert-authority '
+ printf "$HOSTS "
cat $OBJ/host_ca_key.pub
- echon '@revoked '
- echon "* "
+ printf '@revoked '
+ printf "* "
cat $OBJ/cert_host_key_rsa.pub
if test "x$TEST_SSH_ECC" = "xyes"; then
- echon '@revoked '
- echon "* "
+ printf '@revoked '
+ printf "* "
cat $OBJ/cert_host_key_ecdsa.pub
fi
- echon '@revoked '
- echon "* "
+ printf '@revoked '
+ printf "* "
cat $OBJ/cert_host_key_dsa.pub
- echon '@revoked '
- echon "* "
+ printf '@revoked '
+ printf "* "
cat $OBJ/cert_host_key_rsa_v00.pub
- echon '@revoked '
- echon "* "
+ printf '@revoked '
+ printf "* "
cat $OBJ/cert_host_key_dsa_v00.pub
) > $OBJ/known_hosts-cert
for privsep in yes no ; do
@@ -108,11 +108,11 @@
# Revoked CA
(
- echon '@cert-authority '
- echon "$HOSTS "
+ printf '@cert-authority '
+ printf "$HOSTS "
cat $OBJ/host_ca_key.pub
- echon '@revoked '
- echon "* "
+ printf '@revoked '
+ printf "* "
cat $OBJ/host_ca_key.pub
) > $OBJ/known_hosts-cert
for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00 ; do
@@ -132,8 +132,8 @@
# Create a CA key and add it to known hosts
(
- echon '@cert-authority '
- echon "$HOSTS "
+ printf '@cert-authority '
+ printf "$HOSTS "
cat $OBJ/host_ca_key.pub
) > $OBJ/known_hosts-cert
@@ -200,7 +200,7 @@
-n $HOSTS $OBJ/cert_host_key_${ktype} ||
fail "couldn't sign cert_host_key_${ktype}"
(
- echon "$HOSTS "
+ printf "$HOSTS "
cat $OBJ/cert_host_key_${ktype}.pub
) > $OBJ/known_hosts-cert
(
@@ -220,8 +220,8 @@
# Wrong certificate
(
- echon '@cert-authority '
- echon "$HOSTS "
+ printf '@cert-authority '
+ printf "$HOSTS "
cat $OBJ/host_ca_key.pub
) > $OBJ/known_hosts-cert
for v in v01 v00 ; do
Property changes on: vendor-crypto/openssh/dist/regress/cert-hostkey.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/regress/cert-userkey.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/cert-userkey.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/cert-userkey.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-# $OpenBSD: cert-userkey.sh,v 1.7 2010/08/31 12:24:09 djm Exp $
+# $OpenBSD: cert-userkey.sh,v 1.11 2013/05/17 00:37:40 dtucker Exp $
# Placed in the Public Domain.
tid="certified user keys"
@@ -22,12 +22,11 @@
${SSHKEYGEN} -q -N '' -t ${ktype} \
-f $OBJ/cert_user_key_${ktype} || \
fail "ssh-keygen of cert_user_key_${ktype} failed"
- ${SSHKEYGEN} -q -s $OBJ/user_ca_key -I \
- "regress user key for $USER" \
- -n ${USER},mekmitasdigoat $OBJ/cert_user_key_${ktype} ||
+ ${SSHKEYGEN} -q -s $OBJ/user_ca_key -I "regress user key for $USER" \
+ -z $$ -n ${USER},mekmitasdigoat $OBJ/cert_user_key_${ktype} ||
fail "couldn't sign cert_user_key_${ktype}"
# v00 ecdsa certs do not exist
- test "{ktype}" = "ecdsa" && continue
+ test "${ktype}" = "ecdsa" && continue
cp $OBJ/cert_user_key_${ktype} $OBJ/cert_user_key_${ktype}_v00
cp $OBJ/cert_user_key_${ktype}.pub $OBJ/cert_user_key_${ktype}_v00.pub
${SSHKEYGEN} -q -t v00 -s $OBJ/user_ca_key -I \
@@ -127,7 +126,7 @@
# Wrong principals list
verbose "$tid: ${_prefix} wrong principals key option"
(
- echon 'cert-authority,principals="gregorsamsa" '
+ printf 'cert-authority,principals="gregorsamsa" '
cat $OBJ/user_ca_key.pub
) > $OBJ/authorized_keys_$USER
${SSH} -2i $OBJ/cert_user_key_${ktype} \
@@ -139,7 +138,7 @@
# Correct principals list
verbose "$tid: ${_prefix} correct principals key option"
(
- echon 'cert-authority,principals="mekmitasdigoat" '
+ printf 'cert-authority,principals="mekmitasdigoat" '
cat $OBJ/user_ca_key.pub
) > $OBJ/authorized_keys_$USER
${SSH} -2i $OBJ/cert_user_key_${ktype} \
@@ -155,7 +154,7 @@
if test "x$auth" = "xauthorized_keys" ; then
# Add CA to authorized_keys
(
- echon 'cert-authority '
+ printf 'cert-authority '
cat $OBJ/user_ca_key.pub
) > $OBJ/authorized_keys_$USER
else
@@ -185,14 +184,32 @@
(
cat $OBJ/sshd_proxy_bak
echo "UsePrivilegeSeparation $privsep"
- echo "RevokedKeys $OBJ/cert_user_key_${ktype}.pub"
+ echo "RevokedKeys $OBJ/cert_user_key_revoked"
echo "$extra_sshd"
) > $OBJ/sshd_proxy
+ cp $OBJ/cert_user_key_${ktype}.pub \
+ $OBJ/cert_user_key_revoked
${SSH} -2i $OBJ/cert_user_key_${ktype} \
-F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
if [ $? -eq 0 ]; then
fail "ssh cert connect succeeded unexpecedly"
fi
+ verbose "$tid: ${_prefix} revoked via KRL"
+ rm $OBJ/cert_user_key_revoked
+ ${SSHKEYGEN} -kqf $OBJ/cert_user_key_revoked \
+ $OBJ/cert_user_key_${ktype}.pub
+ ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+ -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
+ if [ $? -eq 0 ]; then
+ fail "ssh cert connect succeeded unexpecedly"
+ fi
+ verbose "$tid: ${_prefix} empty KRL"
+ ${SSHKEYGEN} -kqf $OBJ/cert_user_key_revoked
+ ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+ -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
+ if [ $? -ne 0 ]; then
+ fail "ssh cert connect failed"
+ fi
done
# Revoked CA
@@ -247,7 +264,7 @@
if test "x$auth" = "xauthorized_keys" ; then
# Add CA to authorized_keys
(
- echon "cert-authority${auth_opt} "
+ printf "cert-authority${auth_opt} "
cat $OBJ/user_ca_key.pub
) > $OBJ/authorized_keys_$USER
else
Property changes on: vendor-crypto/openssh/dist/regress/cert-userkey.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/regress/cfgmatch.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/cfgmatch.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/cfgmatch.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-# $OpenBSD: cfgmatch.sh,v 1.4 2006/12/13 08:36:36 dtucker Exp $
+# $OpenBSD: cfgmatch.sh,v 1.8 2013/05/17 00:37:40 dtucker Exp $
# Placed in the Public Domain.
tid="sshd_config match"
@@ -7,22 +7,47 @@
fwdport=3301
fwd="-L $fwdport:127.0.0.1:$PORT"
+echo "ExitOnForwardFailure=yes" >> $OBJ/ssh_config
+echo "ExitOnForwardFailure=yes" >> $OBJ/ssh_proxy
+
+start_client()
+{
+ rm -f $pidfile
+ ${SSH} -q -$p $fwd "$@" somehost \
+ exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' \
+ >>$TEST_REGRESS_LOGFILE 2>&1 &
+ client_pid=$!
+ # Wait for remote end
+ n=0
+ while test ! -f $pidfile ; do
+ sleep 1
+ n=`expr $n + 1`
+ if test $n -gt 60; then
+ kill $client_pid
+ fatal "timeout waiting for background ssh"
+ fi
+ done
+}
+
stop_client()
{
pid=`cat $pidfile`
if [ ! -z "$pid" ]; then
kill $pid
- sleep 1
fi
+ wait
}
cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
-
echo "PermitOpen 127.0.0.1:1" >>$OBJ/sshd_config
echo "Match Address 127.0.0.1" >>$OBJ/sshd_config
echo "PermitOpen 127.0.0.1:$PORT" >>$OBJ/sshd_config
+grep -v AuthorizedKeysFile $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy
+echo "AuthorizedKeysFile /dev/null" >>$OBJ/sshd_proxy
echo "PermitOpen 127.0.0.1:1" >>$OBJ/sshd_proxy
+echo "Match user $USER" >>$OBJ/sshd_proxy
+echo "AuthorizedKeysFile /dev/null $OBJ/authorized_keys_%u" >>$OBJ/sshd_proxy
echo "Match Address 127.0.0.1" >>$OBJ/sshd_proxy
echo "PermitOpen 127.0.0.1:$PORT" >>$OBJ/sshd_proxy
@@ -32,12 +57,8 @@
# Test Match + PermitOpen in sshd_config. This should be permitted
for p in 1 2; do
- rm -f $pidfile
trace "match permitopen localhost proto $p"
- ${SSH} -$p $fwd -F $OBJ/ssh_config -f somehost \
- exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' >>$TEST_SSH_LOGFILE 2>&1 ||\
- fail "match permitopen proto $p sshd failed"
- sleep 1;
+ start_client -F $OBJ/ssh_config
${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true || \
fail "match permitopen permit proto $p"
stop_client
@@ -45,12 +66,8 @@
# Same but from different source. This should not be permitted
for p in 1 2; do
- rm -f $pidfile
trace "match permitopen proxy proto $p"
- ${SSH} -q -$p $fwd -F $OBJ/ssh_proxy -f somehost \
- exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' >>$TEST_SSH_LOGFILE 2>&1 ||\
- fail "match permitopen proxy proto $p sshd failed"
- sleep 1;
+ start_client -F $OBJ/ssh_proxy
${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true && \
fail "match permitopen deny proto $p"
stop_client
@@ -57,17 +74,13 @@
done
# Retry previous with key option, should also be denied.
-echon 'permitopen="127.0.0.1:'$PORT'" ' >$OBJ/authorized_keys_$USER
+printf 'permitopen="127.0.0.1:'$PORT'" ' >$OBJ/authorized_keys_$USER
cat $OBJ/rsa.pub >> $OBJ/authorized_keys_$USER
-echon 'permitopen="127.0.0.1:'$PORT'" ' >>$OBJ/authorized_keys_$USER
+printf 'permitopen="127.0.0.1:'$PORT'" ' >>$OBJ/authorized_keys_$USER
cat $OBJ/rsa1.pub >> $OBJ/authorized_keys_$USER
for p in 1 2; do
- rm -f $pidfile
trace "match permitopen proxy w/key opts proto $p"
- ${SSH} -q -$p $fwd -F $OBJ/ssh_proxy -f somehost \
- exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' >>$TEST_SSH_LOGFILE 2>&1 ||\
- fail "match permitopen w/key opt proto $p sshd failed"
- sleep 1;
+ start_client -F $OBJ/ssh_proxy
${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true && \
fail "match permitopen deny w/key opt proto $p"
stop_client
@@ -76,12 +89,8 @@
# Test both sshd_config and key options permitting the same dst/port pair.
# Should be permitted.
for p in 1 2; do
- rm -f $pidfile
trace "match permitopen localhost proto $p"
- ${SSH} -$p $fwd -F $OBJ/ssh_config -f somehost \
- exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' >>$TEST_SSH_LOGFILE 2>&1 ||\
- fail "match permitopen proto $p sshd failed"
- sleep 1;
+ start_client -F $OBJ/ssh_config
${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true || \
fail "match permitopen permit proto $p"
stop_client
@@ -94,12 +103,8 @@
# Test that a Match overrides a PermitOpen in the global section
for p in 1 2; do
- rm -f $pidfile
trace "match permitopen proxy w/key opts proto $p"
- ${SSH} -q -$p $fwd -F $OBJ/ssh_proxy -f somehost \
- exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' >>$TEST_SSH_LOGFILE 2>&1 ||\
- fail "match override permitopen proto $p sshd failed"
- sleep 1;
+ start_client -F $OBJ/ssh_proxy
${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true && \
fail "match override permitopen proto $p"
stop_client
@@ -113,12 +118,8 @@
# Test that a rule that doesn't match doesn't override, plus test a
# PermitOpen entry that's not at the start of the list
for p in 1 2; do
- rm -f $pidfile
trace "nomatch permitopen proxy w/key opts proto $p"
- ${SSH} -q -$p $fwd -F $OBJ/ssh_proxy -f somehost \
- exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' >>$TEST_SSH_LOGFILE 2>&1 ||\
- fail "nomatch override permitopen proto $p sshd failed"
- sleep 1;
+ start_client -F $OBJ/ssh_proxy
${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true || \
fail "nomatch override permitopen proto $p"
stop_client
Property changes on: vendor-crypto/openssh/dist/regress/cfgmatch.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/regress/cipher-speed.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/cipher-speed.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/cipher-speed.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-# $OpenBSD: cipher-speed.sh,v 1.3 2007/06/07 19:41:46 pvalchev Exp $
+# $OpenBSD: cipher-speed.sh,v 1.9 2013/05/17 04:29:14 dtucker Exp $
# Placed in the Public Domain.
tid="cipher speed"
@@ -5,21 +5,27 @@
getbytes ()
{
- sed -n '/transferred/s/.*secs (\(.* bytes.sec\).*/\1/p'
+ sed -n -e '/transferred/s/.*secs (\(.* bytes.sec\).*/\1/p' \
+ -e '/copied/s/.*s, \(.* MB.s\).*/\1/p'
}
tries="1 2"
-DATA=/bin/ls
-DATA=/bsd
-macs="hmac-sha1 hmac-md5 umac-64 at openssh.com hmac-sha1-96 hmac-md5-96"
ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc
- arcfour128 arcfour256 arcfour aes192-cbc aes256-cbc aes128-ctr"
+ arcfour128 arcfour256 arcfour
+ aes192-cbc aes256-cbc rijndael-cbc at lysator.liu.se
+ aes128-ctr aes192-ctr aes256-ctr"
+config_defined OPENSSL_HAVE_EVPGCM && \
+ ciphers="$ciphers aes128-gcm at openssh.com aes256-gcm at openssh.com"
+macs="hmac-sha1 hmac-md5 umac-64 at openssh.com umac-128 at openssh.com
+ hmac-sha1-96 hmac-md5-96"
+config_defined HAVE_EVP_SHA256 && \
+ macs="$macs hmac-sha2-256 hmac-sha2-512"
-for c in $ciphers; do for m in $macs; do
+for c in $ciphers; do n=0; for m in $macs; do
trace "proto 2 cipher $c mac $m"
for x in $tries; do
- echon "$c/$m:\t"
+ printf "%-60s" "$c/$m:"
( ${SSH} -o 'compression no' \
-F $OBJ/ssh_proxy -2 -m $m -c $c somehost \
exec sh -c \'"dd of=/dev/null obs=32k"\' \
@@ -29,6 +35,11 @@
fail "ssh -2 failed with mac $m cipher $c"
fi
done
+ # No point trying all MACs for GCM since they are ignored.
+ case $c in
+ aes*-gcm at openssh.com) test $n -gt 0 && break;;
+ esac
+ n=`expr $n + 1`
done; done
ciphers="3des blowfish"
@@ -35,7 +46,7 @@
for c in $ciphers; do
trace "proto 1 cipher $c"
for x in $tries; do
- echon "$c:\t"
+ printf "%-60s" "$c:"
( ${SSH} -o 'compression no' \
-F $OBJ/ssh_proxy -1 -c $c somehost \
exec sh -c \'"dd of=/dev/null obs=32k"\' \
Property changes on: vendor-crypto/openssh/dist/regress/cipher-speed.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/regress/conch-ciphers.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/conch-ciphers.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/conch-ciphers.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,11 +1,8 @@
-# $OpenBSD: conch-ciphers.sh,v 1.2 2008/06/30 10:43:03 djm Exp $
+# $OpenBSD: conch-ciphers.sh,v 1.3 2013/05/17 04:29:14 dtucker Exp $
# Placed in the Public Domain.
tid="conch ciphers"
-DATA=/bin/ls
-COPY=${OBJ}/copy
-
if test "x$REGRESS_INTEROP_CONCH" != "xyes" ; then
echo "conch interop tests not enabled"
exit 0
Property changes on: vendor-crypto/openssh/dist/regress/conch-ciphers.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/regress/connect-privsep.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/connect-privsep.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/connect-privsep.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,8 +1,9 @@
-# $OpenBSD: connect-privsep.sh,v 1.1 2002/03/21 21:45:07 markus Exp $
+# $OpenBSD: connect-privsep.sh,v 1.4 2012/07/02 14:37:06 dtucker Exp $
# Placed in the Public Domain.
tid="proxy connect with privsep"
+cp $OBJ/sshd_proxy $OBJ/sshd_proxy.orig
echo 'UsePrivilegeSeparation yes' >> $OBJ/sshd_proxy
for p in 1 2; do
@@ -11,3 +12,25 @@
fail "ssh privsep+proxyconnect protocol $p failed"
fi
done
+
+cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy
+echo 'UsePrivilegeSeparation sandbox' >> $OBJ/sshd_proxy
+
+for p in 1 2; do
+ ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true
+ if [ $? -ne 0 ]; then
+ # XXX replace this with fail once sandbox has stabilised
+ warn "ssh privsep/sandbox+proxyconnect protocol $p failed"
+ fi
+done
+
+# Because sandbox is sensitive to changes in libc, especially malloc, retest
+# with every malloc.conf option (and none).
+for m in '' A F G H J P R S X Z '<' '>'; do
+ for p in 1 2; do
+ env MALLOC_OPTIONS="$m" ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true
+ if [ $? -ne 0 ]; then
+ fail "ssh privsep/sandbox+proxyconnect protocol $p mopt '$m' failed"
+ fi
+ done
+done
Property changes on: vendor-crypto/openssh/dist/regress/connect-privsep.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Index: vendor-crypto/openssh/dist/regress/connect.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/connect.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/connect.sh 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/regress/connect.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Deleted: vendor-crypto/openssh/dist/regress/copy.1
===================================================================
--- vendor-crypto/openssh/dist/regress/copy.1 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/copy.1 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,286 +0,0 @@
-ELF��� � � � \x90\x95��4 \x94\xAF 4 � ( � � � 4 4\x80��4\x80��\xC0 \xC0 � � � \xF4 \xF4\x80��\xF4\x80��� � � � � \x80�� \x80��\xC0\xAB \xC0\xAB � � � \xC0\xAB \xC0;��\xC0;��\xE8� \xE4� � � � Э \xD0=��\xD0=��\xD8 \xD8 � � � �� �\x81���\x81�� � � /lib/ld-linux.so.2 � � � GNU � � � C [ � @ U Z C � � B G V :
( / J A ' " X = D & , F T W Y 9 � M S ; - I � + R P < 2 7 ? K H 3 L % � � � � � � � ! �
$ # � �
0 * � 1 � � 6 � 4
- 8 ) > 5 � E
- . � O N � � Q
\xE5 \xE4\x90��@ � \xEC� \xF4\x90��B� � \xA1 �\x91��* � \xE1� �\x91��c � \x8B $\x91��\xB8 � 1� 4\x91��\xC1� � \xD0=�� � \xF1\xFFG� D\x91��\x81 " {� T\x91��\xA7 � 7� d\x91��. � c� t\x91��& � \xA8� \x84\x91��- � \xBF \x94\x91��
� � \xE8� \xA4\x91��\xD0 � \xB0� \xB4\x91��3 � U� đ��\x86 � \x95� ԑ��\xDC
� j� \xE4\x91��@ � j� \xF4\x91��B� � \xC7� �\x92��� � \xAC �\x92��B� � D� \xF0\xF9��\xA4� �
- Z� \xE0\xF8��
� �
- \xEE $\x92��\x9A� � ) \xBC\x90�� �
-� 4\x92��p� � \xB7� D\x92��\xD2! � \xBA� T\x92��\xAC " \x84 \xC0>��� � � \x9F� \xC4>��� � � d� d\x92���� � \xD9� t\x92���� � \xDD� \x84\x92��� � H� \x94\x92��D � 8� \xA4\x92��I� � *� \xB4\x92��\xBB � \xC6 Ē��\xD1� � \xD8 Ԓ��M� � �� \xE4\x92���� �
-� \xF4\x92��\x93� � \xF7� �\x93��\xC5 � � �\x93��\x97� � ~� \xA8>�� � \xF1\xFF�� $\x93��\xCA � / 4\x93��f� � �� D\x93��7� � l T\x93��
� � } d\x93��2 � 7 �\xFD�� � � \xDE t\x93��q � \x8E� \x84\x93��\x98� � s� \x94\x93��\xB9� � �� \xA4\x93��V � \x95 \xB4\x93��7 � >� ē��~ � *� ԓ��> � \xF3 \xE4\x93��\x9D " \xEF� \xF4\x93��\xAE
� M� �\x94��\xD0� � \xAC� �\x94��\x97� � \x91� $\x94��
� s� 4\x94��B� � \xD8� D\x94���� � \x8A� T\x94��\xC0� � j� d\x94��i � w� \xA8>�� � \xF1\xFF\xF5� t\x94��\xF5 � = \x94<�� � \xF1\xFF]� \x84\x94��\xF4 � \x8A� \xA4A�� � \xF1\xFFw \x94\x94��@ � �� \xA4\x94��|� � �� \xB4\x94��2 � A� Ĕ��h � \xB5 \xC8>��� � � N� Ԕ��q � \x84� \xE4\x94��o � b� \xF4\x94��� � \xFF� �\x95��\x9C � �� �\x95��s � 1� $\x95��\xA1� � �� \xCC>��� � � \xFE� D\xFD��� � � |� 4\x95��- � \xC0� D\x95��d� � \xA6� T\x95��\xE9 � S d\x95�� � � \xD2� \xD0>��� � � � e t\x95��\x8B � __gmon_start__ libtermcap.so.2 _DYNAMIC _init tgetent _fini _GLOBAL_OFFSET_TABLE_ tgetstr libc.so.6 strcpy textdomain ioctl printf stdout readdir64 getopt_long __fpending getgrgid __ctype_b getenv __strtol_internal qsort memcpy readlink puts __cxa_finalize mbrtowc malloc isatty optarg _obstack_newchunk __strtoul_internal __umoddi3 strncasecmp __udivdi3 abort iswprint strrchr _obstack_begin calloc __ctype_get_mb_cur_max fprintf dcgettext __deregister_frame_info optind fnmatch ferror signal strcoll strncmp strncpy wcwidth realloc __strdup __xstat64 gettimeofday localtime memset time opendir __ass!
ert_fail strcmp getpwuid getpwnam sprintf __mempcpy fclose setlocale stderr error __lxstat64 strftime fwrite __errno_location exit bindtextdomain getgrnam _IO_putc _IO_stdin_used strverscmp __libc_start_main strlen strchr fputs closedir __register_frame_info free mbsinit __cxa_atexit _edata __bss_start _end GLIBC_2.1 GLIBC_2.2.3 GLIBC_2.1.3 GLIBC_2.2 GLIBC_2.0 � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � [ � �ii
- � \x8F� � s�i � \x99� � s�i � \xA5� � �ii
- � \xB1� � �ii
- � \xBB� \xCC=���Y \xC0>���
\xC4>���
\xC8>���K \xCC>���R \xD0>���X \xA0<���� \xA4<���� \xA8<���� \xAC<���� \xB0<���� \xB4<���� \xB8<���� \xBC<��� \xC0<���
- \xC4<���
\xC8<���
\xCC<���
- \xD0<���� \xD4<���� \xD8<���� \xDC<���� \xE0<���� \xE4<���� \xE8<���� \xEC<���� \xF0<���� \xF4<���� \xF8<���� \xFC<���
=���� �=��� �=���!
=���" �=���# �=���$ �=���%
=���& =���' $=���( (=���) ,=���* 0=���, 4=���- 8=���. <=���/ @=���0 D=���2 H=���3 L=���4 P=���5 T=���6 X=���7 \=���8 `=���9 d=���: h=���; l=���< p=���= t=���> x=���? |=���@ \x80=���A \x84=���C \x88=���E \x8C=���G \x90=���H \x94=���I \x98=���J \x9C=���L \xA0=���M \xA4=���N \xA8=���O \xAC=���P \xB0=���Q \xB4=���T \xB8=���U \xBC=���V \xC0=���W \xC4=���Z U\x89\xE5\x83\xEC�\xE8\xED� \x90\xE8\x83� \xE8\xFEk \xC9\xC3\xFF5\x98<��\xFF%\x9C<�� \xFF%\xA0<��h \xE9\xE0\xFF\xFF\xFF\xFF%\xA4<��h� \xE9\xD0\xFF\xFF\xFF\xFF%\xA8<��h� \xE9\xC0\xFF\xFF\xFF\xFF%\xAC<��h� \xE9\xB0\xFF\xFF\xFF\xFF%\xB0<��h \xE9\xA0\xFF\xFF\xFF\xFF%\xB4<��h( \xE9\x90\xFF\xFF\xFF\xFF%\xB8<��h0 \xE9\x80\xFF\xFF\xFF\xFF%\xBC<��h8 \xE9p\xFF\xFF\xFF\xFF%\xC0<��h@ \xE9`\xFF\xFF\xFF\xFF%\xC4<��hH \xE9P\xFF\xFF\xFF\xFF%\xC8<��hP \xE9@\xFF\xFF\xFF\xFF%\xCC<��hX \xE90\xFF\xFF\xFF\xFF%\xD0<��h` \xE9 \xFF\xFF\xFF\xFF%\xD4<��hh \xE9�\xFF\xFF\xFF\xFF%\xD8<��hp \xE9 \xFF\xFF\xFF\xFF%\xDC<��hx \xE9\xF0\xFE\xFF\xFF\xFF%\xE0<��h\x80 \xE9\xE0\xFE\xFF\xFF\xFF%\xE4<��h\x88 \xE9\xD0\xFE\xFF\xFF\xFF%\xE8<��h\x90 \xE9\xC0\xFE\xFF\xFF\xFF%\xEC<��h\x98 \xE9\xB0\xFE\xFF\xFF\xFF%\xF0<��h\xA0 \xE9\xA0\xFE\xFF\xFF\xFF%\xF4<��h\xA8 \xE9\x90\xFE\xFF\xFF\xFF%\xF8<��h\xB0 \xE9\x80\xFE\xFF\xFF\xFF%\xFC<��h\xB8 \xE9p\xFE\xFF\xFF\xFF% =��h\xC0 \xE9`\xFE\xFF\xFF\xFF%�=��h\xC8 \xE9P\xFE\xFF\xFF\xFF%�=��h\xD0 \xE9@\xFE\xFF\xFF\xFF%
=��h\xD8 \xE90\xFE\xFF\xFF\xFF%�=��h\xE0 \xE9 \xFE\xFF\xFF\xFF%�=��h\xE8 \xE9�\xFE\xFF\xFF\xFF%�=��h\xF0 \xE9 \xFE\xFF\xFF\xFF%
=��h\xF8 \xE9\xF0\xFD\xFF\xFF\xFF% =��h � \xE9\xE0\xFD\xFF\xFF\xFF%$=��h�� \xE9\xD0\xFD\xFF\xFF\xFF%(=��h�� \xE9\xC0\xFD\xFF\xFF\xFF%,=��h�� \xE9\xB0\xFD\xFF\xFF\xFF%0=��h � \xE9\xA0\xFD\xF!
F\xFF\xFF%4=��h(� \xE9\x90\xFD\xFF\xFF\xFF%8=��h0� \xE9\x80\xFD\xFF\xFF\xFF%<=��h8� \xE9p\xFD\xFF\xFF\xFF%@=��h@� \xE9`\xFD\xFF\xFF\xFF%D=��hH� \xE9P\xFD\xFF\xFF\xFF%H=��hP� \xE9@\xFD\xFF\xFF\xFF%L=��hX� \xE90\xFD\xFF\xFF\xFF%P=��h`� \xE9 \xFD\xFF\xFF\xFF%T=��hh� \xE9�\xFD\xFF\xFF\xFF%X=��hp� \xE9 \xFD\xFF\xFF\xFF%\=��hx� \xE9\xF0\xFC\xFF\xFF\xFF%`=��h\x80� \xE9\xE0\xFC\xFF\xFF\xFF%d=��h\x88� \xE9\xD0\xFC\xFF\xFF\xFF%h=��h\x90� \xE9\xC0\xFC\xFF\xFF\xFF%l=��h\x98� \xE9\xB0\xFC\xFF\xFF\xFF%p=��h\xA0� \xE9\xA0\xFC\xFF\xFF\xFF%t=��h\xA8� \xE9\x90\xFC\xFF\xFF\xFF%x=��h\xB0� \xE9\x80\xFC\xFF\xFF\xFF%|=��h\xB8� \xE9p\xFC\xFF\xFF\xFF%\x80=��h\xC0� \xE9`\xFC\xFF\xFF\xFF%\x84=��h\xC8� \xE9P\xFC\xFF\xFF\xFF%\x88=��h\xD0� \xE9@\xFC\xFF\xFF\xFF%\x8C=��h\xD8� \xE90\xFC\xFF\xFF\xFF%\x90=��h\xE0� \xE9 \xFC\xFF\xFF\xFF%\x94=��h\xE8� \xE9�\xFC\xFF\xFF\xFF%\x98=��h\xF0� \xE9 \xFC\xFF\xFF\xFF%\x9C=��h\xF8� \xE9\xF0\xFB\xFF\xFF\xFF%\xA0=��h � \xE9\xE0\xFB\xFF\xFF\xFF%\xA4=��h�� \xE9\xD0\xFB\xFF\xFF\xFF%\xA8=��h�� \xE9\xC0\xFB\xFF\xFF\xFF%\xAC=��h�� \xE9\xB0\xFB\xFF\xFF\xFF%\xB0=��h � \xE9\xA0\xFB\xFF\xFF\xFF%\xB4=��h(� \xE9\x90\xFB\xFF\xFF\xFF%\xB8=��h0� \xE9\x80\xFB\xFF\xFF\xFF%\xBC=��h8� \xE9p\xFB\xFF\xFF\xFF%\xC0=��h@� \xE9`\xFB\xFF\xFF\xFF%\xC4=��hH� \xE9P\xFB\xFF\xFF 1\xED^\x89\xE1\x83\xE4\xF0PTRh�\xFD��h\xBC\x90��QVh\xB0\x97��\xE8s\xFD\xFF\xFF\xF4\x89\xF6U\x89\xE5SP\xE8 [\x81\xC3֦ \x8B\x838� \x85\xC0t�\xFFЋ]\xFC\xC9É\x{190410}\x90\x90\x90\x90\x90U\x89\xE5\x83\xEC�\x8B�\xCC;��\x85\xD2uI\x8B�\xC8;��\x8B�\x85\xC0t�\x8Dt& \x8DB�\xA3\xC8;��\xFF�\x8B�\xC8;��\x8B
-\x85\xC9u\xEA\xB8T\x92��\x85\xC0t�\x83\xEC
h\x80<��\xE8(\xFC\xFF\xFF\x83\xC4�\xB8� \xA3\xCC;��\x89\xEC]Ív U\x89\xE5\x83\xEC�\x89\xEC]Í\xB6 U\xB8D\x91��\x89\xE5\x83\xEC�\x85\xC0t�\x83\xEC�h\xD4>��h\x80<��\xE8\xD3\xFA\xFF\xFF\x83\xC4�\x89\xEC]Ð\x8D\xB4& U\x89\xE5\x83\xEC�\x89\xEC]Í\xB6 U\x89\xE5S\x83\xEC�\xA1D?��\x8B]�\x85\xC0t
\x83\xEC
h\xD8;��\xE8 4 \xC7�$\xE0;��\xE8�4 \x83\xC4�\x83\xFB�u
-\x83\xEC
h\x8F \xE8s\xFD\xFF\xFF\x83\xFB u
-\x83\xEC
h\x89 \xE8a\xFD\xFF\xFF\x83\xEC�h\x90\x96��S\xE8\xB3\xFA\xFF\xFF\x8B]\xFC\x89\xEC]Ð\x8D\xB4& U\x89\xE5WVS\x83\xEC
\x8BE�\x8B]
\x89E\xF0\x8BS
\x8BC�\x89\xD6)\xC6\xC1\xEE�\x89E\xEC\x85\xF6�\x8E} 9\xC2u�\x80K(�\x89‹C�\x8B{�\x8BK��\xC2\xF7\xD0!‰\xF8)ȉS
)\xCA9\xC2~�\x89{
\x8BC
\x83\xEC�\x89C�\x8B
\xC0>��S1ۋM\xF0Q\xE86\xFB\xFF\xFF\xEB�\x8BE\xEC\x83\xEC�\x8B�\x98CRh\xE0���\xE8\xDF\xFB\xFF\xFF\x83\xC4�9\xF3|\xE4\xA1\xC0>��\xC7E�Y+��\x89E
\x8De\xF4[^_]\xE9\xFD\xFA\xFF\xFF\x8De\xF4[^_]ÐU\x89\xE5WVS\x83\xEC�\x8B}
\x8Bu�\x8B�\xA3\xA0A��h\xE4���j�\xE8�\xFA\xFF\xFF[Xh\xE5���h\xF7���\xE8\xA1\xFA\xFF\xFF\xC7�$\xF7���\xE8e\xFB\xFF\xFFZYh\x90\x96��j�\xE8\xA7\xF9\xFF\xFF[\xBB� Xh\x90\x96��j \xE8\x94\xF9\xFF\xFFZYh\x90\x96��j�\xE8\x86\xF9\xFF\xFF\xC7�$p\xD9��\xE8fd 1\xC0\x89
|?��\xB9� 1҉
-\x80?��\xA3\x98?��\x89��?��[XWV\xE8
� \x8B
-D?��\x83\xC4�\x89Å\xC9t2\xE8\x89� \xE8T/ \x8B�<<��\x85\xD2u�\xA14<��\x85\xC0t�\x8B
-�?��\x85\xC9u
\xBA� \x89�L?��\xA1$?��1҃\xE8�\x83\xF8�v/\xA1�?��\x85\xC0t&\x8B
-T?��\x85\xC9u
\xA1X?��\x85\xC0u�\x8B
-4?��\x85\xC9u \xA1P?��\x85\xC0t�\xBA� \x89�\x88?��1\xC0\x85\xD2u�\x8B
-D?��\x85\xC9u
-\x8B�@?��\x85\xD2t�\xB8� \xA3\x8C?��\x8B
-<?��\x85\xC9tC\x8B��?��\x85\xD2u9\x83\xEC
h\x84\x94��h4\x92��j j h\xC0?��\xE8$\xF8\xFF\xFF\x83\xC4�h\x84\x94��h4\x92��j j h @��\xE8 \xF8\xFF\xFF\x83\xC4 \x83\xEC
\xB8d \xA3�?��hP- \xE8{Y 1ɣ ?��\x89
-�?��\xE8 � \x89\xF0\x83\xC4�)؉E\xF0t#1҉�|?��\xEB�\x8Dv h\xE4���j�j \x8B�\x9FCP\xE8]� \x83\xC4�9\xF3|\xE6\x8B
-|?��\x85\xC9t1\x8B�\?��\x85\xD2t�h\xE4���j�j�h����\xE8/� \xEB�\x83\xEC�j h����\xE8\xFE� \x83\xC4�\xA1�?��\x85\xC0t,\xE8\x9D
\xA1\?��\x85\xC0u�\x83\xEC�j h\xE4���\xE8%
\xA1�?��\x83\xC4�\xEB�\xA1�?��\x85\xC0t2\xE8\xCD" \x8B
�?��\x85\xDB�\x84\xA3 \x8B=\xC0>��\x83\xEC�Wj
-\xE82\xFA\xFF\xFF\xFF�\xA4?��\x83\xC4�\xEB$\x8Dv \x83}\xF0�w�\x8B
�?��\x85\xDBtt\x8Bs�\x85\xF6um1ɉ
-\x80?��\xEBc\x8B
�?��\xEB[\x8D\xB4& \x8BC�\x83\xEC�\x8BS�\xA3�?��R\x8B�P\xE8\xA9� \x8B3_V\xE8\xE4\xF9\xFF\xFF\x8BC�\x83\xC4�\x85\xC0t
\x83\xEC
P\xE8\xD1\xF9\xFF\xFF\x83\xC4�\x83\xEC
S\xBB� \xE8\xC0\xF9\xFF\xFF\x89
\x80?��\xA1�?��\x83\xC4�\x89Å\xDBu\xA8\x8B
-<?��\x85\xC9tT\x8B��?��\x85\xD2uJ\x83\xEC�h\xC0?��h����\xE8�\xFC\xFF\xFF_Xh @��h
-���\xE8\xF1\xFB\xFF\xFFj�h\x80���h`���hp?��\xE8{< \x83\xC4�Ph\x80���\xE81\xF8\xFF\xFF\x83\xC4�\x8B5D?��\x85\xF6t
\x83\xEC
h\xD8;��\xE8\x83/ \xC7�$\xE0;��\xE8w/ \x83\xC4�\xA1\x98?��\x89E�\x8De\xF4[^_]\xE9\xD4\xF8\xFF\xFFU\x89\xE51\xC0WVS\x83\xEC
\xC7E\xDC \x8B}�\xA3l?��\xA1X<��\x8Bu
\x83\xF8�t�\x83\xF8��HtA\xEB\x83\xF8�t�\xEBx\x83\xEC�\xBB� j�j \x89
�?��\xEB�\x8Dt& \x83\xEC�1\xC9j�j \x89
-�?��\xE8\xDCL \x83\xC4�\xEBL\x8D\xB4& \x83\xEC
j�\xE8\xCA\xF8\xFF\xFF\x83\xC4�\x85\xC0t�\xBA� \xB8� \x89��?��\xA3l?��\xEB
\xBB� 1ɉ
�?��\x89
-l?��\xEB�\x8Dv \xE8?\xF6\xFF\xFF1\xD21\xC01ɉ�
?��1һ� \xA3 ?��1\xC0\x83\xEC
\x89
$?��1ۉ
-(?��1ɉ�0?��1ң4?��1\xC0\x89
@?��1ۉ
-P?��1ɉ�T?��1ңX?��1\xC0\x89
\?��h����\x89
-`?��\x89�d?��\xA3h?��\xE8\xF3\xF4\xFF\xFF\x89Ã\xC4�\x85\xDBt.j�h\x80���h`���S\xE8\xC48 \x83\xC4�\x85\xC0x�\x8B
\x85\x80���\x83\xEC�Sj \xE8\xDBK \x83\xC4�\x83\xEC�h8?��j h(���\xE8\xA8\xF4\xFF\xFF\x89�$\xE8\xECD \xB9P \xC7�$6���\x89
-\x84?��\xE8\x89\xF4\xFF\xFF\x89Ã\xC4�\x85\xDBtX\x80; tS\x83\xEC
\x8DE\xECj Pj j S\xE8\xE4V \x83\xC4 \x85\xC0u�\x8BE\xEC\x85\xC0~�\xA3\x84?��\xEB+\x83\xEC
S\xE8\xA6S \x83\xC4�Pj�h\xC0���j \xE8X\xF4\xFF\xFF\x83\xC4
Pj j \xE8\xEB\xF7\xFF\xFF\x83\xC4�\x83\xEC�\x8DE\xE0Ph�T j�\xE8�\xF7\xFF\xFF\x83\xC4�@t�f\x83}\xE2 t �\xB7E⣄?��\x83\xEC
\xBA� h>���\x89�x?��\xE8\xE7\xF3\xFF\xFF\x83\xC4�\x85\xC0�\x85\xFB� \x83\xEC
hN���\xE8\xCF\xF3\xFF\xFF\x89Ã\xC4�\x85\xDB�\x84\xE1� \x83\xEC
\x8DE\xECj Pj j S\xE8+V \x83\xC4 \x85\xC0u�\x8BE\xEC\x85\xC0x
-\xA3x?��\xE9\xB6� \x8Dv \x83\xEC
S\xE8\xE7R \x83\xC4�Pj�h ���j \xE8\x99\xF!
3\xFF\xFF\x83\xC4
Pj j \xE8,\xF7\xFF\xFF\xE9\x83� \x8Dv �\x83 =
� �\x87f� \xFF$\x85\xD0 ��\xB8� \xBB� \xA3`?��\x89
d?��\xE9R� \x83\xEC�j�j \xE8CJ \xE9>� \xB9� \x89
-
?��\xE91� \xBA� \x89�\?��\xE9!� \xC7E\xDC� \x8B��?��1ɉ
-$?��\xB8� \xBB� \xA3`?��\x85҉
d?��u�\x83\xEC
j�\xE8\xEA\xF5\xFF\xFF\x83\xC4�1҅\xC0�\x95\xC2B\x89��?��1\xC01ۣ4?��\x89
D?��\xE9\xC4� \x90\xB9 \xFC\xFF\xFF\x89
-8?��\xE9\xB3� \x83\xEC�j�h\x80���j \xE8\xA3\xF2\xFF\xFF\x83\xC4
Pj j \xE86\xF6\xFF\xFF\x83\xC4�\xBA�\xFC\xFF\xFF\x89�8?��\xE9\x82� \xB8� \xA3P?��\xE9s� \xBB � \x89
8?��\xE9c� 1ɉ
-�?��\xE9V� \x8Dv \xBA� \x89��?��\xE9C� \xB8� \xA30?��\xE94� \x901۹� \x89
�?��\x89
-,?��\xE9�� \xBA� \x89�@?��\xE9
� \xB8� \xA3l?��\xE9\xFC� \xBB� \x89
(?��\xE9\xEC� \xB9� \x89
-4?��\xE9\xDC� \xC7E\xDC� \xBA� \x89�$?��\xE9\xC5� \x89\xF6\xB8� \xA3
?��\xE9\xB4� \x90\xC7E\xDC� \xBB� \x89
$?��\xE9\x9C� \x83\xEC
\x8DE\xEC\x8B
-\xCC>��j Pj j Q\xE8\xE0S \x83\xC4 \x85\xC0u�\x8BE\xEC\x85\xC04\x8B�\xCC>��\x83\xEC
R\xE8\xA3P \x83\xC4�Pj�hV���j \xE8U\xF1\xFF\xFF\x83\xC4
Pj j�\xE8\xE8\xF4\xFF\xFF\x8BE\xEC\x83\xC4�\xA3\x84?��\xE97� \x8Dt& \xB8� \xA3�?��\xE9$� \x901۹� \x89
d?��\x89
-`?��\xE9
� \x83\xEC
hn���\xE8�� \xC7�$m���\xE8�� \xE9\xEA� \xBA� \x89��?��\xE9\xDD� \xB8� \xA3<?��\xE9\xCE� \xBB� \x89
@?��\xE9\xBE� \xB9� \x89
-,?��\xE9\xAE� \x8B�\xCC>��\x83\xEC
R\xE8\xBC
- \xE9\x97� \x8D\xB4& \xB8� \xA3T?��\xE9\x84� \x90\x83\xEC�j j \xE8tG \xE9o� \x83\xEC�j�j \xE8cG \xE9^� \xBB� \x89
X?��\xE9Q� \xC7E\xDC� \xB9� \x89
-$?��\xE9:� \x8D\xB4& \x83\xEC
\x8DE\xEC\x8B�\xCC>��j Pj j R\xE8wR \x83\xC4 \x85\xC0u
\x8BE\xEC\x85\xC0�\x89H\xFC\xFF\xFF\xA1\xCC>��\x83\xEC
P\xE87O \x83\xC4�Pj�hq���j \xE8\xE9\xEF\xFF\xFF\x83\xC4
Pj j�\xE8|\xF3\xFF\xFF\x8BE\xEC\x83\xC4�\xE9�\xFC\xFF\xFF\xC7E\xDC� 1ۉ
$?��\xE9\xBC� \xC7E\xDC� \xB9� \x89
-$?��\xE9\xA5� \x89\xF6\x8B��?��\x85\xD2�\x84\x95� \xB8� \xA3�?��\xE9\x86� \x8Dv \x8B
\<��\x83\xEC�\x8B
-\xCC>��Sj�j�h@ ��h( ��Qh\x86��!
�\xE8\xE74 \xC7E\xDC� \x8B�\x85@ ��\x83\xC4 \xA3$?��\xE9?� \x8B�\<��\x83\xEC�\xA1\xCC>��Rj�j�hl ��hT ��Ph\x8D���\xE8\xA44 \x8B�\x85l ��\x83\xC4 \xA3
?��\xE9�� \x8B
\<��\x83\xEC�\x8B
-\xCC>��Sj�j�h
��h\xEC\xFF��Qh\x94���\xE8g4 \x8B�\x85
��\x83\xC4 \xA3�?��\xE9\xC6� \x8Dv 1Ҹ� \x89��?��\xA3 ?��\xE9\xAC� \xA1\xCC>��\x85\xC0t0\x8B
\<��\x83\xEC�Sj�j�h\xA8 ��h\x80 ��Ph\x9D���\xE8
-4 \x8B�\x85\xA8 ��\x83\xC4 \xEB�\x90\xB8� 1ۃ\xF8�tJ\x83\xF8�uJ\x83\xEC
j�\xE8Y\xF1\xFF\xFF\x83\xC4�\x85\xC0t9\x83\xEC
h\xA5���\xE8%\xEE\xFF\xFFZYPj \xE8\xBB\xEF\xFF\xFF\x83\xC4�\x85\xC0~�\x83\xEC�j h\xAA���\xE8\xD5\xF1\xFF\xFF\x83\xC4�\x85\xC0t�\xBB� \x89
D?��\x85\xDB�\x84
-� 1\xC0\xE9C\xFA\xFF\xFF\x8B
\<��\x83\xEC�\x8B
-\xCC>��Sj�j�h`\xFD��hP\xFD��Qh\xAD���\xE8g3 \x8B�\x85`\xFD��\x83\xC4 \xA3@?��\xE9\xC6 \x8Dv \x8B�\<��\x83\xEC�\xA1\xCC>��Rj�j�h\x80���h`���Ph\xBF���\xE8(3 \x8B
\x85\x80���\x83\xC4(Sj \xE8\x86D \xE9\x81 \x901ɉ
-l?��\xEBy\x8D\xB6 \x83\xEC�\x8B�\xCC>��h8?��j�R\xE8\x8A= \xEBX\x83\xEC
j \xEBL\x90\xA1X<��\x83\xEC
\xBA\xFE���h ���\x83\xF8�h\xCF���h\xF7���t�\x83\xF8�\xBA\xD4���t�\xBA\xD3���R\xA1\xC0>��P\xE84M \x83\xC4�j \xE8\x9E\xEF\xFF\xFF\x83\xEC
j�\xE8\x90. \x83\xC4�\x83\xEC
j h\xAC\xFD��h@���VW\xE8\xEB\xEE\xFF\xFF\x83\xC4 \x83\xF8\xFF�\x85[\xF9\xFF\xFF\x83\xEC
j \xE8\x81C \x89�$\xA3p?��\xE8\xA4C \x83\xC4�\x83\xF8�u�\x83\xEC�\x8B=p?��j�j W\xE8\xC9C \x83\xC4�\xA1@?��\x85\xC0t+\x8D\x98\xD7���\x80; t \x89\xF6\x83\xEC�\x8B5p?��j��\xBE�CPV\xE8\x9AC \x83\xC4�\x80; u\xE2\x83\xEC
j \xE8�C \xA3t?��\x83\xC4
j�j:P\xE8vC \xA1
?��\x83\xC4�H\x83\xF8�w
\x8B]܅\xDBu�\xA1�?��\x85\xC0t�\xB9� \x89
-$?��\xEB�\xA1�?��\x85\xC0uY\x8B� ?��\x85\xD2t \x83\xEC�j�h\xDD���j \xE8
\xEC\xFF\xFF\xA3\x94?��\x83\xC4�\xA3\x90?��\xEB/\x83\xEC�j�h\xF2���j \xE8\xEB\xEB\xFF\xFF\xA3\x90?��\x83\xC4
j�h\xFC���j \xE8\xD5\xEB\xFF\xFF\xA3\x94?��\x83\xC4�\xA1\xD0>��\x8De\xF4[^_]Í\xB6 \x8D\xBF U\x89\xE5W1\xFFV1\xF6S\x83\xEC
\x8BE
\x8B�\x8BE�\x8B�\xC7E\xF0 \x89\xF6\x83\xFF��\x87\x8E� \xFF$\xBD�����\xB6�<=t0<=
-\x84\xC0t/<:t+\xEB3<\t�<^t�\xEB)\x90\xBF� A\xE9e� \x90\x8Dt& \xBF� \xEB\xEE\x8BU�\x85\xD2t
-\xBF� \xE9H� \x88�A\xE9(� �\xBE�\x83\xF8xw\xFF$\x850���\x90\xBF� \x8Dp\xD0\xEBo\x8D\xB6 \xBF� 1\xF6\xEB`\x8D\xB4& \xBE� \xEBR\xBE� \xEBK\x89\xF6\xBE� \xEBB\xBE
\xEB;\x89\xF6\xBE
- \xEB2\xBE
- \xEB+\x89\xF6\xBE \xEB"\xBE
\xEB�\x89\xF6\xBE \xEB�\xBE \xEB
\x89\xF6\xBF� \xEB�\x89ƃ\xFF��\x85C\xFF\xFF\xFF\x89\xF01\xFF\x88�C\xFFE\xF0\xE94\xFF\xFF\xFF�\xB6�,0<�v�\x89\xF01\xFF\x88�\xEBv�\xBE�A\x8Dt\xF0\xD0\xE9\x81 \x90�\xBE�\x8DBЃ\xF86w5\xFF$\x85 ���\x89\xF0\xC1\xE0�\x8Dt�\xD0\xE9\xF5\xFE\xFF\xFF\x89\xF0\xC1\xE0�\x8Dt�\xA9\xE9\xE7\xFE\xFF\xFF\x89\xF6\x89\xF0\xC1\xE0�\x8Dt�\xC9\xE9\xD7\xFE\xFF\xFF\x89\xF6\x89\xF01\xFF\x88�\xEB �\xB6�1\xFF\x88\xD0,@<>w
\x80\xE2�A\x88�\xEB
\x8Dv \x80\xFA?u
\xC6�C\xFFE\xF0\xEB�\x89\xF6\xBF� \xEB \xE8\xA8\xEA\xFF\xFF\x8Dt& \x83\xFF��\x86W\xFE\xFF\xFF\x8BE�\x89�\x8BE
\x89�1\xC0\x83\xFF��\x95\xC0H E\xF0\x8BE\xF0\x83\xC4
[^_]Í\xB6 U\x89\xE5WVS\x83\xEC8h����\xE8\x91\xE9\xFF\xFF\x89Eԃ\xC4�\x85\xC0�\x84\xC1� \x808 �\x84\xB8� \xC7E\xCC \x83\xEC
\xBB� Pf\xC7E\xD8??\xC6E\xDA \xE87K \xA3H?��\x83\xC4�\x89EЍ\xB6 \x8D\xBF \x83\xFB��\x84\xBB \x83\xFB�
-\x83\xFB�t
\xE9\xDD� \x83\xFB��\x84\xFF \x83\xFB��\x84\x87� \xE9\xC6� \x90\x8BE\xD4�\xB6�\x80\xFA*t%\x80\xFA*�1ۄ\xD2�\x84\xAB� \xEBe\x8Dt& \x80\xFA:u\@\x89E\xD4\xE9\x97� \x89\xF6\x83\xEC
j�\xE8&J \x89E̡P<��\x8BU\xCC\xFFEԃ\xC4
\x89B�\x8BEЉ�P<��\x89B�\x8DE\xD4j�P\x8DE\xD0P\xE8�\xFD\xFF\xFF\x8BỦ\xC3\xF7Ӊ�\xC1\xEB�\x83\xC4�\x8D\\x9B\xFF\xE9D� �\xB6 \xBB� \xFFEԈE\xD8\xE91� \x8BE\xD4�\xB6�\x84\xD2�\x84
� \x88U\xD9@\xBB� \x89E\xD4\xE9�� \x8BEЃ\xEC�\x8D
\xFD j \x89\x83\xDC;��\x8DE\xD4P\x8DE\xD0P\xE8\xAB\xFC\xFF\xFF\x89\x83\xD8;��\x89\xC3\xF7\xD3\xC1\xEB�\x83\xC4�\x8D\�\xFF\xEBa\x90\x8Dt& \x8BUԻ\xFF\xFF\xFF\xFF\x8DB�\x89EԀ:=�\x85\xBE \x8B�l\xFD��1\xFF\x85\xD2t9\x8DE\xD81\xF6\x89EȐ\x8Dt& \x8B\x86l\xFD��\x83\xEC�\x8BM\xC8PQ\xE8\xC1\xE7\xFF\xFF\x83\xC4�\x85\xC0�\x84u\xFF\xFF\xFF\x83\xC6�\x8B\x96l\xFD��G\x85\xD2uԃ\xFB\xFFut\x83\xEC
\x8DE\xD8P\xE8�G \x83\xC4�Pj�h����j \xE8\xC5\xE7\xFF\xFF\x83\xC4
Pj j \xE8X\xEB\xFF\xFF\x83\xC4�\xEBD\x8BUԍB�\x89EԀ:=u1\x8BEЃ\xEC�\x8BỦB
\x8DE\xD4j P\x8DE\xD0P\xE8\xD6\xFB\xFF\xFF\x8BỦ\xC3\xF7ӉB�\xC1\xEB�\x83\xC4�\x8D\�\xFF\xEB�\xBB\xFF\xFF\xFF\xFF\x85\xDB�\x8F�\xFE\xFF\xFF\x85\xDByP\x83\xEC�j�h@���j \xE8R\xE7\xFF\xFF\x83\xC4
Pj j \xE8\xE5\xEA\xFF\xFF\x8B=H?��XW\xE8�\xEA\xFF\xFF\x8B
P<��\xEB�\x89؋[�\x83\xEC
P\xE8\xF2\xE9\xFF\xFF\x83\xC4�\x85\xDBu\xEB1\xF6\x895D?��\x83=�<���u(\x83\xEC�\x8B
<��j�h-���S\xE8D\xE8\xFF\xFF\x83\xC4�\x85\xC0u
\xB9� \x89
-
?��\x8De\xF4[^_]Í\xB6 U\x89\xE5WVS\x83\xEC�\x8B]�j
\x8B}
\xE8\xEAG \x89ơ�?��\x89F�\x89
$\x895�?��\xE8bH \x89�\x83\xC4�\x85\xFFt�\x83\xEC
W\xE8PH \x89F�\x83\xC4�\xEB�\xC7F� \x8De\xF4[^_]É\xF6\x8D\xBC' U\x89\xE5WVS\x83\xECL\xC7E\xB0 \x8B}�\xC7E\xB4 \xE8\xA5\xE6\xFF\xFF\x89Ã\xEC
\xC7� W\xE8\x94\xE8\xFF\xFF\x89ƃ\xC4�\x85\xF6u,\x83\xEC
W\xE8.F \x83\xC4�\xBF� Ph*���\x8B�Pj \xE8\xBA\xE9\xFF\xFF\x89=\x98?��\xE9�� \xE8\xD6� \xEBH\x8Dt& \x83\xEC
S\xE8G� \x83\xC4�\x85\xC0t4�\xB6C�1\xD2<�t�<�t
<�t�<
t�\xFE\xC8u��\xB6S�W\x8DC�j RP\xE8�� �E\xB0�U\xB4\x83\xC4�\x83\xEC
V\xE8'\xE5\x!
FF\xFF\x89Ã\xC4�\x85\xDBu\xAA\x83\xEC
V\xE8\xB5\xE7\xFF\xFF\x83\xC4�\x85\xC0t4\x83\xEC
W\xE8\x91E \x83\xC4�Ph*���\x83\xEC�\xE8\xD4\xE5\xFF\xFF[\x8B�^Qj \xE8�\xE9\xFF\xFF\xBA� \x83\xC4�\x89�\x98?��\xE8A
\xA1X?��\x85\xC0t�\x83\xEC�j�W\xE8\xCD \xA1X?��\x83\xC4�\x85\xC0u
-\xA1\x80?��\x85\xC0�\x84,� \xA1<?��\x85\xC0t-\x8B5�?��\x85\xF6u#\x8B
\xC0>��\x83\xEC�Sh4���\xE8�\xE6\xFF\xFF\xA1<?��\x83\xC4�\x83�\xA4?���\x85\xC0tT\x8B
-�?��\x85\xC9uJ\x8B�
@��\x8DB�;��@��v�\x83\xEC�j�h @��\xE8\xC4\xE7\xFF\xFF\x8B�
@��\x83\xC4�\x8D\xB4& \x83\xEC�j�h\xA4?��R\xE8t\xE6\xFF\xFF\x83�
@���\x83\xC4�\x8BE
\x83\xEC�\x8B�t?��\x85\xC0Ru�\x89\xF8P\xA1\xC0>��P\xE8\xE7� ��\xA4?��\x83\xC4�\x8B=<?��\x85\xFFtN\x8B5�?��\x85\xF6uD\x8B�
@��\x8DB�;��@��v�\x83\xEC�j�h @��\xE8>\xE7\xFF\xFF\x8B�
@��\x83\xC4�\x90\x83\xEC�j�h\xA4?��R\xE8\xF4\xE5\xFF\xFF\x83�
@���\x83\xC4�\x8B
\xC0>��\x83\xEC�Sh7���\xE8�\xE5\xFF\xFF\x83�\xA4?���\x83\xC4�\xA1�?��\x85\xC0t�\x8B
-4?��\x85\xC9�\x84\xCE \x8B�<?��\x85\xD2t"\x85\xC0u
\x8B=\xC0>��\x83\xEC�Wh4���\xE8\xC3\xE4\xFF\xFF\x83�\xA4?���\x83\xC4�\x83\xEC�j�h:���j \xE8\xB8\xE3\xFF\xFFY\x89\xC3^\x8B�\xC0>��RS\xE8\x97\xE4\xFF\xFF\x83\xEC
S\xE8\x9E\xE4\xFF\xFF��\xA4?��\x83\xC4�\xA1\xC0>��Pj \xE8H\xE6\xFF\xFF^\xFF�\xA4?��_j�\x8B
8?��\x8BM\xB4\x8DE\xB8\x8BU\xB0Sh � PQR\xE8\xED- \x89Ã\xC4�\xA1\xC0>��PS\xE8@\xE4\xFF\xFF\x83\xEC
S\xE8G\xE4\xFF\xFF��\xA4?��\x83\xC4�\x8B=\xC0>��Wj
-\xE8\xF0\xE5\xFF\xFF\xFF�\xA4?��\x83\xC4�\x8B5�?��\x85\xF6t�\xE8T� \x8B
�?��\x85\xDBt�\x8B
-\xC0>��\x83\xEC�Qj
-\xE8\xBD\xE5\xFF\xFF\xFF�\xA4?��\x83\xC4�\x8De\xF4[^_]Ð\x8D\xB4& U\x89\xE5S\x83\xEC�\x8B]�j�\xE8\xFFC \x8B�h?��\x89�\x89P�\x8B]\xFC\xA3h?��\x89\xEC]Ð\x8D\xB4& U\x89\xE5WVS\x83\xEC
\x8B
h?��\x8B}�\x85\xDBt&\x8Dw�\x8D\xB4& \x83\xEC�j�V\x8B�P\xE8F\xE3\xFF\xFF\x83\xC4�\x85\xC0t;\x8B[�\x85\xDBu\xE4\x8B
-d?��\x85\xC9u \x80�.u�\x8B�`?��\x85\xD2t�\x80� t��\xB7G�f\x83\xF8.t
-\xB8� \xEB�\x8Dv 1\xC0\x8De\xF4[^_]Í\xB6 U\x89\xE5V1\xF6;5�?��S}J1\xDB\xEB
-\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\xA1 ?��\x83\xEC
\x8B��P\xE8\xD3\xE4\xFF\xFF\xA1 ?��\x83\xC4�\x8BD�d\x85\xC0t
\x83\xEC
P\xE8\xBA\xE4\xFF\xFF\x83\xC4�F\x83\xC3t;5�?��|\xC71ɺ� \x89
-�?��\x89��?��\x8De\xF8[^]Í\xB6 \x8D\xBC' U\x89\xE5WVS\x81\xEC\xAC \x8B
-�?��\x8B]
\x8B}�;
-�?��u1\x8D� \x8B5 ?��\xC1\xE1�\xA3�?��)\xC1\x8D�\x88\x83\xEC�\xC1\xE0�PV\xE8\xCDB \x8B
-�?��\x83\xC4�\xA3 ?��\x8D�\xCD \x8B� ?��)ȍ�\x81\xC1\xE0�1ɉL�d1\xF61ɉt�h\x89L�l\x8BE�\x85\xC0u \x8B5\x88?��\x85\xF6u�\x8B
-\x8C?��\x85\xC9�\x84\xBE� \x85\xDB�\x85\xB6� \x8BE�\x808/t�\x80? u�\x8Bu�\xEB5\x8BU�\x83\xEC
R\xE8\xF7\xE1\xFF\xFF\x89<$\x89\xC3\xE8\xED\xE1\xFF\xFF\x8DD��\x83\xE0\xF0\x83\xC4�)ċE�\x89\xE6\x83\xEC�PWV\xE8
-! \x83\xC4�\x8B=T?��\x85\xFFt(\xA1�?��\x83\xEC�\x8D�\xC5 )�\x90\xA1 ?��\x8DT\x90�RVj�\xE8\xFE\xE1\xFF\xFF\xEB&\xA1�?��\x83\xEC�\x8D�\xC5 )�\x90\xA1 ?��\x8DT\x90�RVj�\xE8\xD6\xE2\xFF\xFF\x83\xC4�\x85\xC0y;\x83\xEC
V\xE8b@ \x83\xC4�Ph*���\x83\xEC�\xE8\xA5\xE0\xFF\xFF[\x8B�^Qj \xE8\xE9\xE3\xFF\xFF\xBA� 1\xC0\x89�\x98?��1\xD2\xE91� \x90\x8B
-�?��\x8B� ?��\x8D�\xCD )ȉˍ�\x81\x8BD\x82�\x89\xD7% \xF0 = \xA0 �\x85\xAC� \x8BE�\x85\xC0u�\xA1�?��\x85\xC0t
-\xA1L?��\x85\xC0�\x84\x8F� \x8D�\xDD )؍�\x83\x83\xEC�\x8D�\x87PV\xE8\xDA� \x8B
- ?��XZ\x8B��?��\x8D�\xD5 )Ѝ�\x82\x8B|\x81dWV\xE85� \x89\x85T\xFF\xFF\xFF\x83\xC4�\x85\xC0�\x84�� \x8B]�\x85\xDBt
-\x8B
-�?��\x85\xC9u�\x8B�@?��\x85\xD2u
-\xA1L?��\x85\xC0�\x84\xE6 \x8B\xBDT\xFF\xFF\xFF\x83\xEC�\x8Du\x88VWj�\xE8\xBB\xE0\xFF\xFF\x83\xC4�\x85\xC0�\x85\xC6 \x8B��?��\xBB� \x8B
- ?��\x8D�\xD5 )Ѝ�\x82\x8D�\x85 \x8BE�\x89\�l\x85\xC0tm\x8B=�?��\x85\xFFtc\x8B]\x98\x89\xD8% \xF0 = @ uU\x8B
\?��\x85\xDBu�\x8B\x9DT\xFF\xFF\xFF\x8B}�\x8BD�d\x89]�\x89\x85T\xFF\xFF\xFF\x89|�d\xFC\xA1�?��\xB9� \x8D<\xC5 )Ǎ<\xB8\xA1 ?��\xC1\xE7��ǃ\xC7�\xF3\xA5\xEB0\x8D\xB6 \x8B]\x98\xA1�?��\x8B
- ?��\x8D�\xC5 )�\x90\xC1\xE2�\x89\�h\xBB� \x89\�l\x8B\x95T\xFF\xFF\xFF\x85\xD2t
\x8B\x85T\xFF\xFF\xFF\x83\xEC
P\xE8A\xE1\xFF\xFF\x8B
-�?��\x83\xC4�\xEB�\x89\xF6\x8B
-�?��\x8B� ?��\x8D�\xCD )ȍ�\x81\xC1\xE0�\x8B\��\x81\xE3 \xF0 \x81\xFB \xA0 u
\xBF
- \x89|�p\xEBH\x81\xFB @ u7\x8Bu�\x85\xF6t�\x8B
\?��\x85\xDBu�\xBF
\x89|�p\xEB$\x8Dt& \x8D�\xCD )ȍ�\x81\xBE� \x89t\x82p\xEB \xBB� \x89\�p\x8B��?��\x8B
- ?��\x8D�\xD5 )Ѝ�\x82\xC1\xE0�\x8BT��\x81\xE2 \xF0 \x81\xFA \x80 t
1\xF61\xFF\x81\xFA @ u�\x8Bt�<\x8B|�@\x8B
-8?��\x83\xEC�\x8D\x85X\xFF\xFF\xFFj�Qh � PWV\xE8�( \x83\xC4�P\xE8{\xDE\xFF\xFF\x83\xC4�9��?��}:\x83\xF8�~�\xB8� \xA3�?��\xEB)\xA1�?��1\xF61\xFF\x8B
- ?��\x8D�\xC5 )�\x90\xC1\xE2�\x89\�p\xC1\xE3
\x89\��\x8BU�\x83\xEC
R\xE8\xE6> \x8B
-�?��\x8B
?��\x8D�\xCD )ʍ�\x91A\x89�\x93\x89\xF0\x89\xFA\x89
-�?��\x8De\xF4[^_]Ð\x8D\xB4& U\x89\xE5V\x8Bu�S\x81\xEC�� \x89\xE3\x83\xEC�h � SV\xE8�\xDC\xFF\xFF\x83\xC4�\x85\xC0y:\x83\xEC
V\xE8\xC1< \x83\xC4�Ph*���\x83\xEC�\xE8�\xDD\xFF\xFFY\x8B�[Rj \xE8H\xE0\xFF\xFF\xB8� \x83\xC4�\xA3\x98?��\xEB�\x90\x8Dt& \xC6�� \x83\xEC
S\xE8C> \x8BU
\x83\xC4�\x89Bd\x8De\xF8[^]Ív U\x89\xE5WVS\x83\xEC
\x8B}
\x8BE�\x85\xFF\x89E\xF0u
-1\xC0\xE9\x81 \x8Dv \x80?/u�\x89}�\x8De\xF4[^_]\xE9\xFC= \x83\xEC�j/\x8Bu\xF0V\xE8�\xDE\xFF\xFF\x89ƃ\xC4�\x85\xF6u�\x89}�\x8De\xF4[^_]\xE9\xD6= \x8D\xB6 \x8B]\xF0\x83\xEC
W)ލ^�\xE8�\xDD\xFF\xFF\x8DD��\x89�$\xE8#= \x83\xC4
\x89\xC6S\x8D
3\x8BM\xF0QV\xE84\xDF\xFF\xFFXZWS\xE8\x9B\xDF\xFF\xFF\x89\xF0\x83\xC4�\x8De\xF4[^_]Ív \x8D\xBC' U\x89\xE5\x83\xEC�\x8BE�P\xE8!" \x83\xC4�1ɀ8.u��\xB6P�\x84\xD2t
\x80\xFA.u
\x80x� u�\xB9� \x89ȉ\xEC]É\xF6\x8D\xBC' U\x89\xE5WVS\x83\xEC
\x8B��?��\x8B}�\x89\xD0H\x89E\xF0�\x88\xD5 \x8B]\xF0\xC1\xE0�\x8BU\xF0)؍�\x82\x8D4\x85 \x8D\xB6 \x8D\xBC' \x8B� ?��\x8BD2p\x83\xF8�t \x83\xF8
�\x85\x89 \x8BM
\x85\xC9t�\x8B�2\x83\xEC
R\xE8U\xFF\xFF\xFF\x83\xC4�\x85\xC0uo\x8B� ?��\x8B�2\x808/t�\x80? u�\x8BD2d\x83\xEC�P\x8B
2S\xE8�\xF4\xFF\xFF\xEB+\x83\xEC�j \x8B
2QW\xE8y0 \x89\xC3X\xA1 ?��\x8BL0dZQS\xE8\xF5\xF3\xFF\xFF\x89
$\xE8\x91\xDD\xFF\xFF\x83\xC4�\xA1 ?��\x83|0p
u�\x8B�0\x83\xEC
R\xE8v\xDD\xFF\xFF\x83\xC4�\x83\xEEt\xFFM\xF0�\x89S\xFF\xFF\xFF\x8B��?��\xC7E\xEC 9U\xEC\xC7E\xF0 }>\xC7E\xE8 1ې\xA1 ?��\x83|�p
t
\xFC\x8B}\xE8\xB9
\x8D4��\xC7\xF3\xA5\x83E\xE8t\x8B��?��\xFFE\xEC\xFFE\xF0\x83\xC3t9U\xF0|̋E\xEC\xA3�?��\x8De\xF4[^_]Í\xB6 \x8D\xBF U\x89\xE5\x83\xEC�\xA1$?��\x83\xF8��\x87\xE2 \xFF$\x85 ���\x90\x8Dt& \xA1
?��\x83\xF8�t�\x83\xF8�r1\x83\xF8�tL\xE8\x9B\xDA\xFF\xFF\x8D\xB4& \x8B
-(?��\xB8 \xB9��\x85\xC9�\x85\xAD \xB8\xB0\xB8��\xE9\xA3 \x8Dv \x8B�(?��\xB8\xA0\xB9��\x85\xD2�\x85\x8D \xB8P\xB9��\xE9\x83 \x8Dv \x8B
-(?��\xB8@\xBA��\x85\xC9uq\xB8\xF0\xB9��\xEBj\x8B�(?��\xB8\xB0\xBB��\x85\xD2u[\xB8\x90\xBB��\xEBT\x8Dt& \x8B
-(?��\xB8`\xBC��\x85\xC9uA\xB8�\xEB:\x8B�(?��\xB8\xF0\xBA��\x85\xD2u+\xB8\x90\xBA��\xEB$\x8Dt& \x8B
-(?��\xB8p\xBB��\x85\xC9u�\xB8P\xBB��\xEB
-\xE8\xD9\xD9\xFF\xFF\x90\x8Dt& P\x8B��?��jt\xA1 ?��RP\xE8/\xDA\xFF\xFF\x89\xEC]Í\xB4& U\x89\xE5V\x8Bu�S\x8B]
\x8BVT\x8BKT9\xD1|
\xB8 �\x9F\xC0\xEB�\x90\xB8\xFF\xFF\xFF\xFF\x85\xC0u�\x8B�\x83\xEC�P\x8B
S\xE8
-\xDB\xFF\xFF\x83\xC4�\x8De\xF8[^]\xC3\xEB
-\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90U\x89\xE5V\x8Bu
S\x8B]�\x8BVT\x8BKT9\xD1|
\xB8 �\x9F\xC0\xEB�\x90\xB8\xFF\xFF\xFF\xFF\x85\xC0u�\x8B
\x83\xEC�Q\x8B�R\xE8\xBD\xDA\xFF\xFF\x83\xC4�\x8De\xF8[^]\xC3\xEB
-\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90U\x89\xE5V\x8Bu�S\x8B]
\x8BVL\x8BKL9\xD1|
\xB8 �\x9F\xC0\xEB�\x90\xB8\xFF\xFF\xFF\xFF\x85\xC0u�\x8B�\x83\xEC�P\x8B
S\xE8m\xDA\xFF\xFF\x83\xC4�\x8De\xF8[^]\xC3\xEB
-\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90U\x89\xE5V\x8Bu
S\x8B]�\x8BVL\x8BKL9\xD1|
\xB8 �\x9F\xC0\xEB�\x90\xB8\xFF\xFF\xFF\xFF\x85\xC0u�\x8B
\x83\xEC�Q\x8B�R\xE8
\xDA\xFF\xFF\x83\xC4�\x8De\xF8[^]\xC3\xEB
-\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90U\x89\xE5V\x8Bu�S\x8B]
\x8BVD\x8BKD9\xD1|
\xB8 �\x9F\xC0\xEB�\x90\xB8\xFF\xFF\xFF\xFF\x85\xC0u�\x8B�\x83\xEC�P\x8B
S\xE8\xCD\xD9\xFF\xFF\x83\xC4�\x8De\xF8[^]\xC3\xEB
-\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90U\x89\xE5V\x8Bu
S\x8B]�\x8BVD\x8BKD9\xD1|
\xB8 �\x9F\xC0\xEB�\x90\xB8\xFF\xFF\xFF\xFF\x85\xC0u�\x8B
\x83\xEC�Q\x8B�R\xE8}\xD9\xFF\xFF\x83\xC4�\x8De\xF8[^]\xC3\xEB
-\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90U\x89\xE5WVS\x83\xEC
\x8B}
\x8BE�\x8Bw4\x8BH4\x8B_0\x8BP09\xCE|��9\xD3r�9θ� �|�9\xD3w 1\xC0\xEB�\xB8\xFF\xFF\xFF\xFF\x85\xC0u�\x8B7\x83\xEC�\x8BE�V\x8B�S\xE8�\xD9\xFF\xFF\x83\xC4�\x8De\xF4[^_]Ív U\x89\xE5WVS\x83\xEC
\x8B}�\x8BE
\x8Bw4\x8BH4\x8B_0\x8BP09\xCE|��9\xD3r�9θ� �|�9\xD3w 1\xC0\xEB�\xB8\xFF\xFF\xFF\xFF\x85\xC0u�\x8B�\x83\xEC�P\x8BE
\x8B8W\xE8\xB2\xD8\xFF\xFF\x83\xC4�\x8De\xF4[^_]Ív U\x89\xE5\x83\xEC�\x8BE
\x8BU�\x8B \x89E
\x8B�\x89E�\x89\xEC]\xE9\x86\xD7\xFF\xFF\x89\xF6U\x89\xE5\x83\xEC�\x8BE�\x8BU
\x8B \x89E
\x8B�\x89E�\x89\xEC]\xE9f\xD7\xFF\xFF\x89\xF6U\x89\xE5\x83\xEC�\x8BE
\x8BU�\x8B \x89E
\x8B�\!
x89E�\x89\xEC]\xE9F\xD8\xFF\xFF\x89\xF6U\x89\xE5\x83\xEC�\x8BE�\x8BU
\x8B \x89E
\x8B�\x89E�\x89\xEC]\xE9&\xD8\xFF\xFF\x89\xF6U\x89\xE5WVS\x83\xEC�\x8B}�\x8Bu
j.\x8B�P\xE8\xAB\xD7\xFF\xFFY[\x89\xC3j.\x8B�R\xE8\x9D\xD7\xFF\xFF\x83\xC4�\x85\xDBu�\x85\xC0u�\x8B�\x89E
\x8B�\x89E�\x8De\xF4[^_]\xE9\xDC\xD7\xFF\xFF\x85\xDBu�\xB8\xFF\xFF\xFF\xFF\xEB4\x85\xC0u \xB8� \xEB)\x89\xF6\x83\xEC�PS\xE8\xBA\xD7\xFF\xFF\x83\xC4�\x85\xC0u�\x8B�\x89E
\x8B�\x89E�\x8De\xF4[^_]\xE9\x9D\xD7\xFF\xFF\x8De\xF4[^_]ÐU\x89\xE5WVS\x83\xEC�\x8B}
\x8Bu�j.\x8B�P\xE8�\xD7\xFF\xFFY[\x89\xC3j.\x8B�R\xE8
-\xD7\xFF\xFF\x83\xC4�\x85\xDBu�\x85\xC0u�\x8B�\x89E
\x8B�\x89E�\x8De\xF4[^_]\xE9L\xD7\xFF\xFF\x85\xDBu�\xB8\xFF\xFF\xFF\xFF\xEB4\x85\xC0u \xB8� \xEB)\x89\xF6\x83\xEC�PS\xE8*\xD7\xFF\xFF\x83\xC4�\x85\xC0u�\x8B�\x89E
\x8B�\x89E�\x8De\xF4[^_]\xE9
-\xD7\xFF\xFF\x8De\xF4[^_]ÐU\x89\xE5VS\xA1�?��\x83\xF8��\x87\xC5 \xFF$\x85 ���\x8D\xB6 1\xDB;
�?���\x8D\xAA 1\xF6\x8B
- ?��\x89\xF0\x83\xC6t\x83\xEC
C�\xC8P\xE8\xD9
- \x8B
-\xC0>��XZQj
-\xE8-\xD7\xFF\xFF\x83\xC4�;
�?��|\xCE\xEBt\xE8\xF7� \x8De\xF8[^]\xE9\� \xE8\xE7� \x8De\xF8[^]\xE9\xCC� \x8De\xF8[^]\xE9�� \x901\xDB;
�?��}>1\xF6\x8Dt& \x8B� ?��\x89\xF0\x83\xEC
�\xD0P\xE8=� YX\x8B�\xC0>��Rj
-\xE8\xC1\xD6\xFF\xFF\xFF�\xA4?��\x83\xC4�\x83\xC6tC;
�?��|ȍe\xF8[^]ÐU\x89\xE5WVS\x81\xEC\x8C \xA1T<��\x85\xC0�\x89\x83 \x83\xEC
1ҍ\x85t\xFF\xFF\xFFP\x8D\x9Dx\xFF\xFF\xFF\xBEd \x89\x95t\xFF\xFF\xFF\xE8Y\xD3\xFF\xFF\x8B=\x90?��\x83\xC4�\x89\x85p\xFF\xFF\xFF\xEB�\x8Dt& �\xF6\x8DF�\x83\xE0\xF0)ĉ\xE3\xC6��\x8B\x85p\xFF\xFF\xFFPWVS\xE8�\xD4\xFF\xFF\x83\xC4�\x85\xC0u�\x80; uփ\xEC�j PS\xE8\x9A' \xA3T<��\x83\xC4�\x85\xC0y
-1\xDB1\xC0\x89
T<��\x8De\xF4[^_]Í\xB6 \x8D\xBF U\x89\xE5\x83\xEC�j \x8DE\xF8P\xE8C\xD5\xFF\xFF\x83\xC4�\x85\xC0u(\x8BU\xFC\x8BE\xF8\xA3\xD0;��\x89\xD0\xC1\xE0�)Ѝ�\x82\x8D�\xC5\xE7� \xA3\xD4;��\xEB�\x90\x8Dt& \x83\xEC
j \xE8\xCA\xD3\xFF\xFF\xA3\xD0;��\xB9\xFFɚ;\x89
-\xD4;��\x89\xEC]É\xF6U\x89\xE5W\x8D\x85\xB8\xFE\xFF\xFFVS\xBB�� \x81\xEC$� \x89\x85\xF0\xFD\xFF\xFF\x8DE؋}�P\x89\x9D\xEC\xFD\xFF\xFF\x8BO�Q\xE8M� \xA1
?��\x83\xC4�\xC6E\xE2 \x83\xF8�\xC6E\xE3 t
\x83\xF8�r�\x83\xF8�t�\xEB�\x8BGT\xEB�\x8D\xB4& \x8BGL\xEB�\x8BGD\x89\x85\xF4\xFD\xFF\xFF\x8B�P?��\x8B\xB5\xF0\xFD\xFF\xFF\x85\xD2tL\x83\xEC
\x8D\x85\x88\xFE\xFF\xFFj�j�P\x8BG`P\x8Bw\V\xE8\x97
\x8B\x9D\xF0\xFD\xFF\xFF\x83\xC4 Pj�h@���S\xE8\xA4\xD5\xFF\xFF\x8B\x8D\xF0\xFD\xFF\xFF\x83\xEC
Q\xE8�\xD3\xFF\xFF\x8B\xB5\xF0\xFD\xFF\xFF\x83\xC4 �Ƌ�4?��\x85\xD2tb\xA18?��\x83\xEC�j�P\x8D\x85X\xFE\xFF\xFFh � P\x8BG�% \xF0 = \x80 t
1\xD21\xC9= @ u�\x8BW<\x8BO at QR\xE8N
\x8B
�?��\x83\xC4 PSh@���V\xE8,\xD5\xFF\xFF\x83\xEC
V\xE8\xA3\xD2\xFF\xFF\x83\xC4 �ƋO�\x8DE\xD8QPhE���V\xE8
\xD5\xFF\xFF\x83\xEC
V\xE8\x82\xD2\xFF\xFF\x8B�0?��\x83\xC4 �ƅ\xD2u�\x8BG
\x83\xEC
P\xE8s" \x83\xC4�\xEB�1\xC0\x85\xC0t
\x83\xEC�PhM���\xEB
\x8B_
\x83\xEC�ShU���V\xE8\xBF\xD4\xFF\xFF\x83\xC4�\x83\xEC
V\xE83\xD2\xFF\xFF\x8B
-,?��\x83\xC4��ƅ\xC9uT\x8B�0?��\x85\xD2u�\x8BG \x83\xEC
P\xE8\x9A# \x83\xC4�\xEB�\x90\x8Dt& 1\xC0\x85\xC0t
\x83\xEC�PhM���\xEB
\x8B_ \x83\xEC�ShU���V\xE8a\xD4\xFF\xFF\x83\xC4�\x83\xEC
V\xE8\xD5\xD1\xFF\xFF\x83\xC4��ƋG�% \xF0 = t�= ` u
�\xB6G$P\x8BG$\x8BW(�\xAC\xD0�%\xFF Ph[���\xEB1\xA18?��\x83\xEC
\x85\xC0x�\xB8� P\x8D\x85(\xFE\xFF\xFFj�P\x8BO4Q\x8BW0R\xE8\xD2� \x83\xC4
Phe���V\xE8\xE7\xD3\xFF\xFF\x83\xC4�\x83\xEC
V\xE8[\xD1\xFF\xFF�ƍ\x85\xF4\xFD\xFF\xFF\x89�$\xE8\xFB\xCF\xFF\xFF\x89\x85\xE8\xFD\xFF\xFF\x83\xC4�\x85\xC0�\x84\xE6 \x8B
-\xD0;��\x8B\x95\xF4\xFD\xFF\xFF9\xD1|
-9\xD1u�\x83=\xD4;�� }�\xE8\xE4\xFC\xFF\xFF\x8B
-\xD0;��\x8B\x95\xF4\xFD\xFF\xFF\x8D\x81T=�\xFF1\xDB9\xD0�9\xCA|
9\xCAu
-;
\xD4;���\xBB� \xB8\x90?��\x8B�\x98\!
x89\x85\xE4\xFD\xFF\xFF\xEBB\x8D\xB4& ѥ\xEC\xFD\xFF\xFF\x8B\x8D\xF0\xFD\xFF\xFF\x8B\x85\xEC\xFD\xFF\xFF\x83\xC0�\x83\xE0\xF0)ċ\x85\xF0\xFD\xFF\xFF\x89\xE3\x83\xEC�)\xC6V\x8D4
QS\xE8b\xD1\xFF\xFF\x89\x9D\xF0\xFD\xFF\xFF\x83\xC4�\xC6��\x8B\x95\xE8\xFD\xFF\xFF\x8B\x85\xE4\xFD\xFF\xFF\x8B\x9D\xEC\xFD\xFF\xFFRP\x8B\x85\xF0\xFD\xFF\xFF�\xD8)\xF0HPV\xE8 \xD0\xFF\xFF\x83\xC4�\x85\xC0u�\x80> u\x90�\xC6\xC6� F\xC6� \xE9\xA9 \x89\xF6\xE8k\xFB\xFF\xFF\x8B\x95\xF4\xFD\xFF\xFF\x89\x85\xE0\xFD\xFF\xFF\x85\xD2yS\x83\xEC
\x8D\x85\xF8\xFD\xFF\xFFj�j�P\x89Й\xF7\xD2 \xF7\xDARP\xE8|� \x83\xC4�\x89\xC3S\xE8�\xD0\xFF\xFF\x8B\x95\xE0\xFD\xFF\xFF\x89
$hj���)‰\xD0\xC1\xE8�H!\xC2Rhl���V\xE8q\xD2\xFF\xFF\x83\xC4 \xEB1\x83\xEC
\x8D\x85\xF8\xFD\xFF\xFFj�j�P\x89ЙRP\xE80� \x8B\x8D\xE0\xFD\xFF\xFF\x83\xC4 PQh@���V\xE8>\xD2\xFF\xFF\x83\xC4�\x83\xEC
V\xE8\xB2\xCF\xFF\xFF\x83\xC4��Ƌ�<?��\x85\xD2t'\xA1�?��\x85\xC0u
\x8B
\xC0>��\x83\xEC�Sh4���\xE8v\xCF\xFF\xFF\x83�\xA4?���\x83\xC4�\x8B
-\xC0>��\x83\xEC�\x8B\x95\xF0\xFD\xFF\xFFQR\xE8V\xCF\xFF\xFF\x8B\x85\xF0\xFD\xFF\xFF\x83\xC4�)\xC6�5\xA4?��h\xC0?��\x8B
-
?��\x8B_l\x85\xC9St�\x8BWl\x85\xD2t�\x8BGh\xEB�\x89\xF6\x8BG�P\x8B�P\xE8$� \x83\xC4�\x83p
-uN\x8Bwd\x85\xF6t`\x8B
\xC0>��\x83\xEC�Shs���\xE8\xF4\xCE\xFF\xFF\x83�\xA4?���\x83\xC4�j \x8BGlHP\x8BOhQ\x8BWdR\xE8\xE2� \xA1@?��\x83\xC4�\x85\xC0t"\x8Bh\x83\xEC
W\xEB�\x8B5@?��\x85\xF6t�\x8B_�\x83\xEC
S\xE8�� \x83\xC4�\x8De\xF4[^_]Í\xB6 \x8D\xBF U\x89\xE5WVS\x8D\x9D\xE8\xDF\xFF\xFF\x81\xECH \x8Bu�\x8B}
Vj\xFFWh S\xE89+ \x89\x85\xD8\xDF\xFF\xFF\x83\xC4 =\xFF� \x89\x9D\xD4\xDF\xFF\xFFv2\x8B\x85\xD8\xDF\xFF\xFF\x8B\x95\xD8\xDF\xFF\xFF\x83\xC0�\x83\xE0\xF0)\xC4B\x89\xA5\xD4\xDF\xFF\xFF\x83\xEC
\x8B\x85\xD4\xDF\xFF\xFFVj\xFFWRP\xE8\xF4* \x83\xC4 \x8B=l?��\x85\xFF�\x84\xB3� \xE8\x92\xCF\xFF\xFF\x83\xF8��\x86l� \x8B\xBD\xD4\xDF\xFF\xFF1ۋ\xB5\xD8\xDF\xFF\xFF\x89\x9D\xD0\xDF\xFF\xFF\x89\xF8�\xF0\x89\xFE9Ɖ\x85\xCC\xDF\xFF\xFF�\x831� \x8D\xB6 \x8D\xBC' �\xB6�<_�<A}
< |A<#~�<?9<%\xEB
\x90\x8Dt& <~,<a|(\x88�G\xEB�\x8Dv \xC6�?G\xEB \x8B\xBD\xCC\xDF\xFF\xFF\xC6�?F\xFF\x85\xD0\xDF\xFF\xFF\xE9\xCD \x90\x8Dt& \x8D\x85\xE0\xDF\xFF\xFF1\xC91҉\x85\xC8\xDF\xFF\xFF\x8D\x85\xDC\xDF\xFF\xFF\x89\x8D\xE0\xDF\xFF\xFF\x89\x95\xE4\xDF\xFF\xFF\x89\x85\xC4\xDF\xFF\xFF\x90\x8D\xB4& \x8B\x85\xC8\xDF\xFF\xFF\x8B\x9D\xC4\xDF\xFF\xFFP\x8B\x85\xCC\xDF\xFF\xFF)\xF8PWS\xE8w\xCD\xFF\xFF\x89Ã\xC4�\x83\xFB\xFFt\x89\x83\xFB\xFEt\x8A\x85\xDBu�\xBB� \x8B\x8D\xDC\xDF\xFF\xFF\x83\xEC
Q\xE8\x80\xCF\xFF\xFF\x89ƒ\xC4�\x85\xD2x%\x85\xDBt�\xEB
-\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90�\xB6�G\x88�FKu\xF6�\x95\xD0\xDF\xFF\xFF\xEB
\xC6�?�\xDFF\xFF\x85\xD0\xDF\xFF\xFF\x8B\x95\xC8\xDF\xFF\xFF\x83\xEC
R\xE8�\xCF\xFF\xFF\x83\xC4�\x85\xC0�\x84h\xFF\xFF\xFF;\xBD\xCC\xDF\xFF\xFF�\x82\xDC\xFE\xFF\xFF\x8B\x85\xD4\xDF\xFF\xFF)Ɖ\xB5\xD8\xDF\xFF\xFF\xE9u \x8B\x8D\xD4\xDF\xFF\xFF\x8B\xBD\xD8\xDF\xFF\xFF\x89\xCE�\xFE9\xF1sU\x90\x8Dt& �\xB6�\xA1\xC8>��\xF6DP�@u�\xC6�?A9\xF1r\xE9\xEB7\x8D\xB4& \xE8\xDF\xCD\xFF\xFF\x83\xF8�v&\x8B\x9D\xD8\xDF\xFF\xFF\x83\xEC�\x8B\x8D\xD4\xDF\xFF\xFFj�SQ\xE8\x8E� \x89\x85\xD0\xDF\xFF\xFF\x83\xC4�\xEB�\x8Dv \x8B\x85\xD8\xDF\xFF\xFF\x89\x85\xD0\xDF\xFF\xFF\x8BU�\x85\xD2t
\x8BE�\x8B\xB!
D\xD8\xDF\xFF\xFF\x8B\xB5\xD4\xDF\xFF\xFFPWj�V\xE8\xA8\xCE\xFF\xFF\x83\xC4�\x8B\x85\xD0\xDF\xFF\xFF\x8De\xF4[^_]Ív U\x89\xE5VS\x8B
-D?��\x8Bu�\x8BU
\x85ɋE�\x8B]�t�\x83\xEC�PRV\xE8\xBA� \x83\xC4�\x85\xDBtJ\x8B�<?��\x85\xD2t@\xA1�?��\x85\xC0u7\x8BS
\x8DB�;C�v�\x83\xEC�j�S\xE8\x9E\xCD\xFF\xFF\x8BS
\x83\xC4�\x8Dt& \x83\xEC�j�h\xA4?��R\xE8T\xCC\xFF\xFF\x83C
�\x83\xC4�\x8B
-p?��\x83\xEC�QV\x8B�\xC0>��R\xE8\xD2\xFC\xFF\xFF��\xA4?��\x83\xC4�\x85\xDBtO\xA1<?��\x85\xC0tF\x8B5�?��\x85\xF6u<\x8BC
\x83\xC0�;C�v�\x83\xEC�j�S\xE80\xCD\xFF\xFF\x83\xC4�\x89\xF6\x8D\xBC' \x83\xEC�j�h\xA4?��\x8BK
Q\xE8\xE1\xCB\xFF\xFF\x83C
�\x83\xC4�\x8B�D?��\x85\xD2t
\x8De\xF8[^]\xEB�\x8Dt& \x8De\xF8[^]É\xF6\x8D\xBC' U\x89\xE5\x83\xEC�\xA1\xEC;��\x85\xC0t�\x83\xEC
h\xE8;��\xEB'\x8D\xB4& \x83\xEC
h\xD8;��\xE8\xE3� \xC7�$\xF0;��\xE8\xD7� \xC7�$\xE0;��\xE8\xCB� \x83\xC4�\x89\xEC]Ít& U\x89\xE5S\x83\xEC4\xA1P?��\x8B]�\x85\xC0t+\x83\xEC
\x8DE\xC8j�j�P\x8BK`Q\x8BS\R\xE8\xD5� \x83\xC4
Pj�h@���\xE8�\xCB\xFF\xFF\x83\xC4�\xA14?��\x85\xC0tT\x8B
-8?��\x83\xEC�\x8DE\xC8j�Qh � P\x8BC�% \xF0 = \x80 t
1\xD21\xC9= @ u�\x8BS<\x8BK at QR\xE8\xAD� \x8B��?��\x83\xC4
PRh@���\xE8\xBC\xCA\xFF\xFF\x83\xC4�j \x8B
-
?��\x8BCl\x85\xC9Pt
\x8BSl\x85\xD2t�\x8BCh\xEB�\x8BC�P\x8B�P\xE8\xDD\xFD\xFF\xFF\x8B
-@?��\x83\xC4�\x85\xC9t�\x8BS�\x83\xEC
R\xE8� \x83\xC4�\x8B]\xFC\x89\xEC]Ív \x8D\xBC' U\x89\xE5\x83\xEC�\x8BM�\x89ʁ\xE2 \xF0 \x81\xFA \x80 u�\x83=@?���u
-\x83\xE1I\xB8* u=1\xC0\xEB9\x81\xFA @ \xB8/ t,\x81\xFA \xA0 \xB8@ t�\x81\xFA � \xB8| t�1\xC0\x81\xFA \xC0 �\x94\xC0H\x83\xE0Ã\xC0=\x85\xC0t�\x8B�\xC0>��\x83\xEC�RP\xE8\xF7\xCA\xFF\xFF\xFF�\xA4?��\x83\xC4�\x89\xEC]Í\xB6 U\x89\xE5W\xBF� VS\x83\xEC
\x8BU�\x8BE�\x8BM
\x83\xFA\xFF\x89E\xF0u�\x8B54<��\x85\xF6t
1ۿ
\xE9\xD2 \x89\xC8% \xF0 = @ u
-\xBF� \xEBb\x8D\xB6 = \xA0 u�\x85\xD2u�\x8B
<<��\xBF
\x85\xDBuB\xBF� \xEB;= � u�\xBF� \xEB-\x90= \xC0 u \xBF� \xEB
\x89\xF6= ` u \xBF \xEB�\x89\xF6= u�\xBF
- \x83\xFF�u
-\x83\xE1It�\xBF
- 1ۃ\xFF�uE\x8BM\xF0\x83\xEC
Q\xE8V\xC8\xFF\xFF\x89ƃ\xC4��u\xF0\x8B
P<��\x85\xDBt'\x8B�9\xF2w�\x8BE\xF0\x83\xEC�R)ЋS�RP\xE8{\xC8\xFF\xFF\x83\xC4�\x85\xC0t�\x8B[�\x85\xDBuك\xEC
h\xD8;��\xE8, \x8D�\xFD\xD8;��\x85\xDBYt�\x8DC�P\xE8� \xC7E�\xE0;��\x83\xC4�\x8De\xF4[^_]\xEB�\x8Dt& U\x89\xE5V\x8BE�S\x8B�\x8Bp�\x85\xDB~+\xEB
-\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90�\xBE�F\x8B�\xC0>��\x83\xEC�KRP\xE8o\xC9\xFF\xFF\x83\xC4�\x85\xDB\xE4\x8De\xF8[^]Í\xB6 \x8D\xBC' U\x8B�P?��1\xC0\x8B
-4?��\x89\xE5V\x85ҋu��\x95\xC0Sk\xC0�\x85ɉ\xC3t
\x8B��?���ЍX�\xA1p?��\x83\xEC�P\x8B�Qj \xE8\xAE\xF8\xFF\xFF\x8B
-@?���Ã\xC4�\x85\xC9t<\x8BV�\x89\xD0% \xF0 = \x80 u�Iu(\x83\xE2It#\xEB \x8Dt& = @ t�= \xA0 t�= � t�= \xC0 u�C\x8De\xF8\x89\xD8[^]Ív \x8D\xBC' U\x89\xE5WVS\x83\xEC<\xA1\xA0?��\x89Eܡ�?��9E܉E\xCC~�\x89E\xDC\xC7E\xEC \x8BU\xCC9U\xEC�\x8D\xF7 \xC7E\xC0 \x90\x8Dt& \x8B
- ?��\x83\xEC
\x8BE\xC0�\xC8P\xE8
\xFF\xFF\xFF\x8BM܃\xC4�\xC7E\xD8 9M؉E\xE4�\x8D\xA3 \xC7E\xC4 \xA1�?��\x8B=\x9C?��\x89E̍\xB4& \x8D\xBC' \x8BUċ��\x85\xD2t_\x8BE؋M̋]\xD8�\xC1\x89\xC8C\x99\x8BM\xE4\xF7\xFB\x89ËE\xEC\x99\xF7\xFB\x89\xC6;u\xD8t�\x83\xC1�\x8BUċ\��\x8B�\xB39\xD1~+\x89\xC8)ЋU\xC4�D��1\xC0\x89
\xB3\x8B�\x84?��\x8BM\xC49T���\x9C\xC0\x89��\xA1�?��\x89E\xCC\xFFE؋U܃E\xC4
9U\xD8|\x88\xEB�\x8D\xB6 \xA1�?��\x89E\xCC\xFFE\xEC\x8BŨE\xC0t9U\xEC�\x8C�\xFF\xFF\xFF\x8BU܃\xFA�~.\x8B
-\x9C?��\x8D�R\x8D�\x81\x8Bp\xF4\x85\xF6u!\x83\xE8
\x8D\xB4& J\x83\xE8
\x83\xFA�~�\x8B�\x85\xDBt\xF1\xEB�\x8B
-\x9C?��\xC7E\xE8 \x8D�R\x8DL\x81\xF4\x89M\xF0\x8BẺә\xF7\xFB\x89\xC11\xC0\x85\xD2�\x95\xC0�\xC19M\xE8\x89M\xE0�\x8D\xD2 \xC7E\xBC \x8BE\xE0\xC1\xE1�)\xC1\x89Mȍ\xB4& \xC7E\xD0 \x8BU\xE81\xFF\x8Bu\xBC\x89U썴& \x8D\xBC' \x8BM\xEC\x83\xEC
\x8B� ?��\x8D
\xB1\xC1\xE3�\x89\xD8�\xD0P\xE8d\xFA\xFF\xFF\x8B
- ?���ˉ
$\xE8d\xFD\xFF\xFF\x8B]\xF0\x8BUЉE\xE4\x8BM\xE0\x8BC�\x83\xC4�\x8B�\x90B�M\xEC\x89UЋUȋ]\xEC�\xD6;
�?��}�\x8BU\xE4\x83\xEC�\x8D
8S\x8D�:\x89\xDFP\xE8s� !
\x83\xC4�뎋
\xC0>��\x83\xEC�Sj
-\xE8a\xC6\xFF\xFF\x8BM\xE0\x83\xC4�\xFFE\xE8\x83E\xBC�9M\xE8�\x8CG\xFF\xFF\xFF\x8De\xF4[^_]\xC3\xEB
-\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90U\x89\xE5WVS\x83\xEC,\xA1\xA0?��\x89E\xE0\xA1�?��9E\xE0~�\x89E\xE0\xC7E\xEC 9E\xEC�\x8D\xC9 \xC7E\xD0 \x8Dt& \x8D\xBC' \x8B� ?��\x83\xEC
\x8BE\xD0�\xD0P\xE8\x8C\xFC\xFF\xFF\x8BU\xE0\x83\xC4�\xC7E\xDC 9U܉E\xE8}x\xC7E\xD4 \x8B5\x9C?��\x8Dv \x8D\xBC' \x8BMԋ<�\x85\xFFtH\x8BE\xEC\x8BMܙA\xF7\xF9\x8BM\xE8\x89\xD7;}\xDCt�\x83\xC1�\x8BEԋ\��\x8B�\xBB9\xD1~#\x89\xC8)ЋU\xD4�D��1\xC0\x89
\xBB\x8B�\x84?��\x8BM\xD49T���\x9C\xC0\x89��\xFFE܋E\xE0\x83E\xD4
9E\xDC|\x9F\xFFE\xEC\x83E\xD0t\x8BU\xEC;��?���\x8CI\xFF\xFF\xFF\x8Bu\xE0\x83\xFE�~2\x8B�\x9C?��\x8D�v\x8D�\x82\x8BX\xF4\x85\xDBu%\x83\xE8
\x8Dt& \x8D\xBC' N\x83\xE8
\x83\xFE�~�\x8B�\x85\xC9t\xF1\xEB�\x8B�\x9C?��\xC7E\xE4 \x8D
v\x8D
\x9A\x8B� ?��\x8DK\xF4\x83\xEC
\x89M\xF0R\xE8w\xF8\xFF\xFF\x8B= ?��XW\xE8z\xFB\xFF\xFF\x89E\xE8\x8BC\xFC\x83\xC4�\x8B�\xC7E\xEC� \xB8� ;��?���\x8D\x96 \xC7E\xD8t \x8BE\xEC\x99\xF7\xFE\x89ׅ\xFFu�\x8B
-\xC0>��\x83\xEC�Qj
-\xE8\x87\xC4\xFF\xFF\xC7E\xE4 \xEB�\x8B]\xE4\x83\xEC�\x8BE\xE4\x8BU\xE8�\xCBS�\xD0P\xE8c� \x89]\xE4\x83\xC4�\x8B
- ?��\x83\xEC
\x8BE\xD8�\xC8P\xE8\xE9\xF7\xFF\xFF\x8BE؋� ?���Љ�$\xE8\xE6\xFA\xFF\xFF\x8BM\xF0\x83\xC4�\x89E\xE8\x8BA�\x8B
\xB8\xFFE\xEC\x83E\xD8t\x8BE\xEC;��?���\x8Cq\xFF\xFF\xFF\x8B
\xC0>��\x83\xEC�Sj
-\xE8�\xC4\xFF\xFF\x83\xC4�\x8De\xF4[^_]Ð\x8Dt& U\x89\xE5WV1\xF6S1ۃ\xEC
;
�?���\x8D\xB7 \x8D\xB4& \x8B� ?��\x8D�\xDD \x83\xEC
)؍�\x83\x8D�\x82P\x89\xF7\xE8`\xFA\xFF\xFF�ƍC�\x83\xC4�;��?��}�\x83\xC6�\x85\xFFt
;5\x84?��|�\xA1\xC0>��\x83\xEC�)\xFEPj
-\xE8\x83\xC3\xFF\xFF\x83\xC4�\x8D�\xDD \x8B� ?��)؍�\x83\x83\xEC
\x8D�\x82PC\xE8\xFD\xF6\xFF\xFF\xA1�?��\x83\xC4�9\xC3})\x8B
-\xC0>��\x83\xEC�Qj,\xE8D\xC3\xFF\xFF\x8B=\xC0>��XZWj \xE84\xC3\xFF\xFF\xA1�?��\x83\xC4�9\xC3�\x8CP\xFF\xFF\xFF\x8B
-\xC0>��\x83\xEC�Qj
-\xE8�\xC3\xFF\xFF\x83\xC4�\x8De\xF4[^_]Ít& U\x89\xE5WVS\x83\xEC
\x8Bu�\x8B}
9\xFE}d\x8B
x?��\x85\xDB~C\x89\xF8\x99\xF7\xFB\x89\xC1\x8DF�\x99\xF7\xFB9\xC1~2\x8B
-\xC0>��\x83\xEC�Qj \xE8\xC5\xC2\xFF\xFF\x8B
-x?��\x89\xF0\x99\xF7\xF9\x83\xC4�)\xD1�\xCE뼍\xB6 \x8D\xBC' \x8B�\xC0>��\x83\xEC�FRj \xE8\x92\xC2\xFF\xFF\x83\xC4�똍e\xF4[^_]ÐU\x89\xE5V\x8Bu
S\x8BU�\x8B]�\x89\xF1�\xB6�<.u�\x80y� t'\xEB�\x90\x88�AB�\xB6�\x84\xC0u\xF59\xF1v�\x80y\xFF/t�\xC6�/\xEB \x8D\xB6 \x88�CB�\xB6�\x84\xC0u\xF5\xC6� [^]Í\xB4& \x8D\xBC' U\x89\xE5\xBAVUUUWVS\x83\xEC
\xC7E\xF0 \x8B
-\x84?��\x89\xC8\xF7\xEA\x89\xC8\xC1\xF8�)
҉�\xA0?��u
\xBB� \x89
\xA0?��\x8B
-\x9C?��\x85\xC9u#\xA1\xA0?��\x83\xEC
\x8D�@\xC1\xE0�P\xE87 \xA3\x9C?��\x83\xC4�\xC7E\xF0� 1\xF6;5\xA0?��}m\xC7E\xEC� \xBF� 1ۡ\x9C?��\xC7��� \x89|��\x8BU\xF0\x85\xD2t�\x8BE\xEC\x83\xEC
P\xE8\xED� \x8B�\x9C?��\x83\xC4�\x89D��1\xD29\xF2�\xA1\x9C?��\x8BD��\x90\xC7�\x90� B9\xF2~\xF4\x83E\xEC�F\x83\xC7�\x83\xC3
;5\xA0?��|\xA1\x8De\xF4[^_]É\xF6\x8D\xBC' U\x89\xE5S\x83\xEC�\x8B]�\x85\xDBt2\x8B
-\xA0A��\x83\xEC�Q\x83\xEC
j�h\x80���j \xE8K\xBE\xFF\xFF\x83\xC4�P\x8B�\xC4>��R\xE8
\xBE\xFF\xFF\xE9\x8D \x89\xF6\xA1\xA0A��\x83\xEC�P\x83\xEC�j�h\xC0���j \xE8�\xBE\xFF\xFF\x83\xC4�P\xE8\xC1\xBF\xFF\xFF\x83\xEC�j�h ���j \xE8 \xBE\xFF\xFF\x83\xC4�P觿\xFF\xFF\x83\xEC�j�h\xA0���j \xE8\xE6\xBD\xFF\xFF\x83\xC4�P荿\xFF\xFF\x83\xEC�j�h "��j \xE8̽\xFF\xFF\x83\xC4�P\xE8s\xBF\xFF\xFF\x83\xEC�j�h\x80(��j 貽\xFF\xFF\x83\xC4�P\xE8�\xBE\xFF\xFF\x83\xC4�\x89]�\x8B]\xFC\x89\xEC]\xE9(\xC0\xFF\xFF\x8Dt& U\x89\xE5\x83\xEC�j�\xE8�\xFF\xFF\xFF\x89\xEC]\xC3\xEB
-\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90U\x89\xE5WVS1ۃ\xEC(\xC7E\xF0\xFF\xFF\xFF\xFF\x8B}�\xC7E\xEC W\xE8R\xBE\xFF\xFF\x89E\xE8\x8BE
\x83\xC4�\x8B0\x85\xF6�\x84\xB6 \xC7E\xE4 \x8Dt& \x8BM�\x85\xC9t�\x8BU\xE8\x83\xEC�\x8BE�RP\x8BE
\x8B<\x98W\xE8f\xBE\xFF\xFF\xEB�\x8Bu\xE8\x83\xEC�\x8BM�\x8BE
VQ\x8B�\x98R\xE8
\xC0\xFF\xFF\x83\xC4�\x85\xC0uX\x8BE
\x83\xEC
\x8B�\x98P\xE8\xE7\xBD\xFF\xFF\x83\xC4!
�;E\xE8tk\x83}\xF0\xFFu�\x89]\xF0\xEB6\x8B}�\x85\xFFt(\xFC\x8Bu\xF0\x8BE�\x8BM\xE4\x8B}��\xAFƋu��ϋM��\xC69\xC9\xF3\xA6�\x97\xC2�\x92\xC08\xC2t�\xC7E\xEC� \x8BE�C�E\xE4\x8BE
\x8B�\x98\x85\xD2�\x85U\xFF\xFF\xFF\x8BE\xEC\x85\xC0t�\xB8\xFE\xFF\xFF\xFF\xEB�\x8D\xB4& \x89\xD8\xEB�\x8BE\xF0\x8De\xF4[^_]ÐU\x89\xE5\x83\xEC�j�\x8BE�\x8BM�\x8BU
P\x8BE�QRP\xE8\xD3\xFE\xFF\xFF\x89\xEC]\xC3\xEB
-\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90U\x89\xE5\x83\xEC�j \x8BU�\x8BE�\x8BM
R\x8BU�PQR\xE8\xA3\xFE\xFF\xFF\x89\xEC]\xC3\xEB
-\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90U\x89\xE5S\x83\xEC�\x83}�\xFFu�\x83\xEC�j�h\xA9(��j \xE8\xE6\xBB\xFF\xFF\x83\xC4�\x89\xC3\xEB�\x83\xEC�j�h )��j \xE8λ\xFF\xFF\x83\xC4�\x89ËE�\x83\xEC
\x8BM
P\x83\xEC�Qj�\xE8P� \x83\xC4�PSj j \xE8F\xBF\xFF\xFF\x8B]\xFC\x89\xEC]Ít& \x8D\xBC' U\x89\xE5WVS\x83\xEC0\xC7E\xE4 \x8BE�\x8B]�\x89E\xF0\x8BE
\x89E\xECj�h\xC6(��j \xE8g\xBB\xFF\xFF\x83\xC4�P\x8B=\xC4>��W\xE8'\xBB\xFF\xFF\xC7E\xE8 \x8BU\xF0\x83\xC4�\x8B2\x85\xF6�\x84\xA7 \xC7E\xDC \x8BE\xEC\x89E\xE0\xEB
-\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x8BM\xE8\x85\xC9t
\xFC\x8BU܉ً}\xEC\x8Bu\xE4�\xD79\xDB\xF3\xA6�\x97\xC2�\x92\xC08\xC2t-\x8BU\xE8\x83\xEC�\x8BE\xF0\x8B�\x90Ph\xDB(��\x8B=\xC4>��W賺\xFF\xFF\x8BU\xE0\x83\xC4�\x89U\xE4\xEB%\x8Dt& \x8BE\xE8\x83\xEC�\x8BU\xF0\x8B4\x82Vh\xE5(��\x8B
-\xC4>��Q膺\xFF\xFF\x83\xC4�\xFFE\xE8\x8BU\xF0�]\xE0\x8BE\xE8�]܋�\x82\x85\xD2�\x85u\xFF\xFF\xFF\xA1\xC4>��\xC7E�
- \x89E
\x8De\xF4[^_]\xE9>\xBD\xFF\xFF\x8Dv \x8D\xBC' U\x89\xE5WVS\x83\xEC�\x8BE
\x8Bu�\x8B}�\x8BM�P\x8B]
VWQS\xE8\xDE\xFC\xFF\xFF\x83\xC4 \x85\xC0y$\x83\xEC�\x8BU�PSR\xE89\xFE\xFF\xFF\x8BE�\x83\xC4
VWP\xE8\x9B\xFE\xFF\xFF\xFFU \xB8\xFF\xFF\xFF\xFF\x8De\xF4[^_]Ít& \x8D\xBC' U\x89\xE5WVS\x83\xEC�\xC7E\xF0 \x8BE
\x8B]�\x8B0\x85\xF6tN\xC7E\xEC \x8D\xB6 \x8D\xBC' \xFC\x8BM\xEC\x8B}�\x8Bu��ω\xD99\xDB\xF3\xA6�\x97\xC2�\x92\xC08\xC2u
\x8BU\xF0\x8BM
\x8B�\x91\xEB�\xFFE\xF0\x8BU
�]\xEC\x8BE\xF0\x8B�\x82\x85\xD2u\xC61\xC0\x83\xC4�[^_]Í\xB6 \x8D\xBF U\x89\xE5V\x8BM�S\xBB� \x89\xCE�\xB6�\x89ʄ\xC0t%\x90\x8D\xB4& </u
\x8DJ�\xEB \x8D\xB4& 1\xDBB�\xB6�\x84\xC0u\xE6�\xB6�\x84\xC0u
-\x80>/u�\x85\xDBt�I\x85\xDBu!\x80z\xFF/u�h�)��jDh))��h@)��\xE89\xB9\xFF\xFF\x90\x8Dt& \x8De\xF8\x89\xC8[^]Í\xB4& U\x89\xE5\x8BE�]\xA3`<��Ív U\x89\xE5\x8BE�]\xA3@@��Ív U\x89\xE5V\x8Bu�S\x8B
\xC0>��\x83\xEC
S\xE8=\xB8\xFF\xFFY1҅\xC0�\x95Z\xFF\x8B�\xC0>��R\xE8�\xB8\xFF\xFF\x83\xC4�\x85\xC0tp\xA1\xC0>��\x83\xEC
P聺\xFF\xFF\x83\xC4�\x85\xC0t�\xE8\xF5\xB8\xFF\xFF\x8B�\x85\xDBxP\x83\xEC�j�hd)��j 莸\xFF\xFF\x8B�@@��\x83\xC4�\x85\xD2t"\x83\xEC
P\x83\xEC
R\xE8p� \x83\xC4�Php)��SV\xE8�\xBC\xFF\xFF\x83\xC4 \xEB�Ph*���SV\xE8\xF2\xBB\xFF\xFF\x83\xC4�\x8De\xF8[^]Ít& U\x89\xE5\x83\xEC�\xA1`<��P\xE8?\xFF\xFF\xFF\x89\xEC]Ít& \x8D\xBC' U\x89\xE5\x8BU�\x8BE
\xF7\xC2 � t�\x80x�xt \xC6@�S\xEB�\x8Dv \xC6@�s\xF7\xC2 � t�\x80x�xt�\xC6@�S\xEB�\xC6@�s\x81\xE2 � t�\x80x xt�\xC6@ T\xEB�\xC6@ t]Ív \x8D\xBC' U\x89\xE5\x8BU�\xB8b \x81\xE2 \xF0 \x81\xFA ` tS\x81\xFA \xB8c tF\x81\xFA @ \xB8d t9\x81\xFA \x80 \xB8- t,\x81\xFA � \xB8p t�\x81\xFA \xA0 \xB8l t�1\xC0\x81\xFA \xC0 �\x94\xC0H\x83\xE0̃\xC0s]É\xF6U\x89\xE5VS\x8Bu�\x83\xEC
\x8B]
V\xE8|\xFF\xFF\xFF\x88�\x83\xC4�\xF7\xC6 � t�\xC6C�r\xEB�\xC6C�-\x89\xF0\x84\xC0y�\xC6C�w\xEB�\xC6C�-\xF7\xC6@ t
-\xC6C�x\xEB
\x8D\xB4& \xC6C�-\xF7\xC6 t�\xC6C�r\xEB�\xC6C�-\xF7\xC6� t�\xC6C�w\xEB�\xC6C�-\xF7\xC6� t�\xC6C�x\xEB�\xC6C�-\xF7\xC6� t�\xC6C�r\xEB�\xC6C�-\xF7\xC6� t
\xC6C�w\xEB
-\x8D\xB6 \xC6C�-\xF7\xC6� t�\xC6C x\xEB�\xC6C -\x89]
\x89u�\x8De\xF8[^]\xE9Y\xFE\xFF\xFF\x89\xF6\x8D\xBC' U\x89\xE5\x83\xEC�\x8BE�\x8B@�\x89E�\x89\xEC]\xE9 \xFF\xFF\xFF\x89\xF6\x8D\xBC' U\x89\xE5VS\x83\xEC0\x8Bu�\xDDE
\x85\xF6�\x84\x8B \xDD�x)��\xD9\xC9\xDD\xE1\xDF\xE0\xDDـ\xE4E\x80\xFC�uu\xD9\xC0\xDB}\xEC�1\xDB\xDD
$\xE8� 1Ƀ\xC4�N\x89EЉU\xD4\xDBm\xD8u-\xDFmЋEԅ\xC0y�\xDB-\x90)��\xDE\xC1\xDD]\xF0\xDDE\xF0\xDA\xE9\xDF\xE0\x80\xE4E\x80\xFC at t
\xB9� 1\xDB\xEB�\xDD؋EЋU\xD4�\xC8�\xDARP\xDF,$XZ\x85\xD2y�\xDB-\x90)��\xDE\xC1\xDD]\xF0\xDDE\xF0\x8De\xF8[^]Ð\x8D\xB4& U\x89\xE5\x83\xEC�j \x8BM�\x8BU�\x8BE�Q\x8BM
R\x8BU�PQR\xE8� \x89\xEC]Ít& \x8D\xBC' U\x89\xE5WVS\x83\xEC\\xC7E\xD4 \x8BU
\xC7E\xC8 \x8BE�\x8B]�\x89U\xE4\x8BU�\x89E\xE0\x85\xD2y�\xC7E\xD8� \xF7ډU\xDC\xEB�\x90\x8Dt& \xC7E\xDC \x89U؋U�\x8BE�\x83\xC2 \x89U\xCC\xC6@ 9]\xD8d\x89ؙ\xF7}҉\xC1�\x85\xE7 \x89M\xA0\x8BE\xE0\x89ʋM\xE0\xC1\xFA�\x89U\xA4\xF7e\xA0\x89ƋE\xA4\x89U\xA0�\xAFȋE\xA4P�ϋM\xE4�\xAF\xCA�ϋM\xA0QWV\xE8\xF7� \x8BM\xE4\x83\xC4�1ыU\xE01\xD0 \xC1�\x85\x98 \xE9\xBD� \x85\xDB�\x84\x8B \x8BEؙ\xF7\xFB\x85҉E\xC0u~\x99\x89U\xE4W\x89ƋE\xE0VRP\xE8\xC4
\x89\xC1\xC1\xE1�\x83\xC4��\xC1\x8D
\x89\xD8W\x99\x8BM\xE0\xF7}\xC0V\x8Bu\xE4VQ�҉ÉU\xC4\xE8\x8B� \x89]ԉU\xC0\x83\xC4�\x89\xC69U\xC4}�\x8BU\xC41\xC0\x85\xD2�\x9F\xC0\x89E\xC8\xE9G� \x8D\xB4& \x8BU\xC41\xC09U\xC0�\x9C\xC0\x83\xC0�\x89E\xC8\xE9*� \xDFm\xE0\x8Bu\xE4\x85\xF6y�\xDB-\x90)��\xDE\xC1S\x8BM\xDC\xDD]\xB8\xDB�$\x85\xC9\xDBE\xD8[\xDE\xF9\xDCM\xB8\xDDU\xB8u.\x8BU
\x83\xEC
\xDD
$R\xE8\x8F\xFD\xFF\xFF\x8Bu�_X\xDD
$h\xA0)��V\xE8P\xB7\xFF\xFF\x83\xC4�\xE9\xC9 \x8Dt& \xDD\xD8\xDBE\xDC\xC7E\xD0 \xD9\xE8\x89\xF6\xDDE\xB8\xD9\xC9\xD8\xCA\xFFE\xD0\xD9\xC0\xD8\xCB\xDD\xEA\xDF\xE0\xDDـ\xE4E\xFÈ\xFC at s�\x83}\xD0�v\xDC\xDD\xD9\xDC}\xB8\x83\xEC
\x8BUЋ]
�\xBE\x82@���P\x83\xEC
\xDD�$\xDD]\xB8S\xE8�\xFD\xFF\xFF\x8BE�ZY\xDD
$h\xA5)��P\xE8ض\xFF\xFF\x8B}�\x83\xC4�W\xE8L\xB4\xFF\xFF\x83\xC4�\x83\xF8�vE\xDD�\x80)��\x83\xEC
\x8BUЋu
\!
xDCM\xB8�\xBE\x82@���P\x83\xEC
\xDD�$\xDD]\xB8V\xE8\xC7\xFC\xFF\xFF\x8BU�\xDC5\x80)��Y[\xDD
$h\xAC)��R肶\xFF\xFF\x83\xC4 \x8BE�\xE9D� \x8Dv \x8BE܅\xC0�\x84t� \x8BEܙ\x89\xD39\xFB\x89\xC1�\x87d� r�9\xF1�\x87Z� \xC7E\xD0 \x89M\xB0\x89]\xB4\xEB"\x8D\xB6 \x8D\xBF 9\xFBr�9\xF1�\x87\x9D \x83}\xD0��\x87\x93 \x8B]\xB4\x8BM\xB0SQWV\xE8\xCB� \x8B]ԉ\xC1\xC1\xE1�\x83\xC4��\xC1�\xC9�ˉؙ\xF7}܉ËE\xC8\xD1\xF8\x8D�P\x8BE\xB0\x89U\xAC\x8BU\xB4RPWV\xE8\x88� \x89]ԉU܃\xC4�\x89\xC69U\xAC}�\x8B]\xC81\xC0\x8BU\xAC�څ\xD2�\x9F\xC0\xEB�\x90\x8Dt& \x8BM\xC81\xC0\x8BU\xAC�\xCA9U\xDC�\x9C\xC0\x83\xC0�\x89E\xC8\xFFEЋEܙ\x89\xD39\xFB\x89\xC1�\x86W\xFF\xFF\xFF\xFFM̋UЃ\xFF �\xB6\x82@���\x8BÜ��\x87{ \x83\xFE wv\x8BU
\xB8� \x8B]
)Ѕۍ� u�\x8BEԋMȃ\xE0��\xC89\xC2| \xEB$\x89\xF6;U\xC8}
\xFFE\xD4\xC7E\xC8 \x83}\xD4
-u
-\xC7E\xD4 \x83\xC6�\x83\xD7 \x83\xFF w(\x83\xFE w#\xFFM\xCC�\xB6EԋU\xCC�0\x88�J\x89U\xCC\xC6�.\xC7E\xC8 \xC7E\xD4 \x83}
�u�\x8BEԋU\xC8�Ѕ\xC07\xEB}\x8B]
\x85\xDBuv\x8BEș\x89\xC1\x89\xF0\x83\xE0�\x89\xD31\xD2�\xC1�Ӄ\xFB w�\x83\xF9�v
\x8BE\xD4@\x83\xF8��\xEBN\x83}\xD4�~H\x8BE܃\xC6�\x83\xD7 \x99\x89E\xA0\x8BE\xA0\x89U\xA4\x8BM\xA41\xF01\xF9 \xC1u*\x83}\xD0�w$\x8BUо� 1\xFF�\xB6\x82A���\x8BÜ�J\xC6�0J\x89U\xCC\xC6�.\x8Dv j j
-W\xFFM\xCCV\xE8�� \x8BŨ\xC4��0\x88�j j
-WV\xE8\xED� \x89Ɖ׃\xC4� \xF8uҋE̍e\xF4[^_]Í\xB4& U\x89\xE5\x83\xEC�h>���\xE8t\xB0\xFF\xFF\x89ƒ\xC4�1\xC0\x85\xD2�\x94\xC0\x89\xEC]H% \xFE\xFF\xFF� � Ð\x8Dt& U\x89\xE5VS\x83\xEC�\x8B]�\x8Bu
\x85\xDBu
\x83\xEC
h+���\xE85\xB0\xFF\xFF\x89Ã\xC4�\x85\xDBu�\xE8\xA3\xFF\xFF\xFF\xEBa\x90j�hX���hL���S\xE8\xCE\xF3\xFF\xFF\x83\xC4�\x85\xC0x \x8B�\x85X���\xEB>\x83\xEC
\x8DE\xF4h\xB3)��P\x8DE\xF0j PS\xE8\xE6� \x83\xC4 \x85\xC0u#\x8BE\xF0\x808 t�\xB8� \xEB�\x8BE\xF4\x85\xC0y \xB8� \xEB�\x89\xF6\x89�1\xC0\x8De\xF8[^]Ð\x8Dt& U\x89\xE5V\x8Bu�S\x8B]�\x83\xEC�SV\xE8K\xFF\xFF\xFF\x8B
\x83\xC4�\x85\xC9u
\xE8
-\xFF\xFF\xFF\x89�\xB8� \x85\xC0�\x84\x9D \x8BU
\x85\xD2�\x84\x92 \x83\xF8�t#\x83\xF8�r�\x83\xF8�t9\x83\xF8�tT\xEB|\x8D\xB6 \x8D\xBC' \xE8�\xB0\xFF\xFF\x83\xEC
V\x83\xEC�j�h\xC5)��j \xE8Z\xAF\xFF\xFF\x83\xC4�Ph\xD0)��\xEB>\x83\xEC
V\x83\xEC�j�h\xC5)��j \xE8:\xAF\xFF\xFF\x83\xC4�Ph *��\xEB
\x83\xEC
V\x83\xEC�j�h\xC5)��j \xE8�\xAF\xFF\xFF\x83\xC4�Ph\xE0)��j j�訲\xFF\xFF\x83\xC4 \x8De\xF8[^]Ív \x8D\xBC' U\x89\xE5WVS\x83\xEC
\x8B
D@��\x8Bu�\x85\xDBt�\x8Dv \x8D\xBC' 93t<\x8B[�\x85\xDBu\xF5\x83\xEC
V\xE8 \xAF\xFF\xFF\xC7�$
\x89\xC7\xE8\xDE� \x89Ã\xC4�\x85\xFF\x893t�\x8B�\x83\xEC
P\xE8X� \x83\xC4�\x89\xC2\xEB�\x90\x8BC�\xEB�1҉S�\xA1D@��\x89C�\x89Љ
D@��\x8De\xF4[^_]Í\xB4& \x8D\xBC' U\x89\xE5WVS\x83\xEC
\x8B
D@��\x8Bu�\x85\xDBt1�\xB6�\x88E\xF3\x8Dt& �\xB6U\xF3\x8BC�8�u�\x83\xEC�VP\xE8\xEF\xAD\xFF\xFF\x83\xC4�\x85\xC0�\x84\x85 \x8B[�\x85\xDBuً
H@��\x85\xDBt2�\xB6�\x88E\xF3\x89\xF6\x8D\xBC' �\xB6U\xF3\x8BC�8�u�\x83\xEC�VP语\xFF\xFF\x83\xC4�\x85\xC0tT\x8B[�\x85\xDBu݃\xEC
V\xE8X\xB0\xFF\xFF\xC7�$
\x89\xC7\xE8\xF6� \x894$\x89\xC3\xE8|� \x89C�\x83\xC4�\x85\xFFt&\x8BG�\x89�\xA1D@��\x89C�\x89؉
D@��\xEB�\x89\xD8\xEB�\x8D\xB4& 1\xC0\xEB�\xA1H@��\x89C�1\xC0\x89
H@��\x8De\xF4[^_]Ít& U\x89\xE5WVS\x83\xEC
\x8B
L@��\x8Bu�\x85\xDBt�\x8Dv \x8D\xBC' 93t<\x8B[�\x85\xDBu\xF5\x83\xEC
V蠭\xFF\xFF\xC7�$
\x89\xC7\xE8^� \x89Ã\xC4�\x85\xFF\x893t�\x8B�\x83\xEC
R\xE8\xD8� \x83\!
xC4�\x89\xC2\xEB�\x90\x8BC�\xEB�1҉S�\xA1L@��\x89C�\x89Љ
L@��\x8De\xF4[^_]Í\xB4& \x8D\xBC' U\x89\xE5WVS\x83\xEC
\x8B
L@��\x8Bu�\x85\xDBt1�\xB6�\x88E\xF3\x8Dt& �\xB6U\xF3\x8BC�8�u�\x83\xEC�VP\xE8o\xAC\xFF\xFF\x83\xC4�\x85\xC0�\x84\x85 \x8B[�\x85\xDBuً
P@��\x85\xDBt2�\xB6�\x88E\xF3\x89\xF6\x8D\xBC' �\xB6U\xF3\x8BC�8�u�\x83\xEC�VP\xE8/\xAC\xFF\xFF\x83\xC4�\x85\xC0tT\x8B[�\x85\xDBu݃\xEC
V蘫\xFF\xFF\xC7�$
\x89\xC7\xE8v
- \x894$\x89\xC3\xE8\xFC
- \x89C�\x83\xC4�\x85\xFFt&\x8BG�\x89�\xA1L@��\x89C�\x89؉
L@��\xEB�\x89\xD8\xEB�\x8D\xB4& 1\xC0\xEB�\xA1P@��\x89C�1\xC0\x89
P@��\x8De\xF4[^_]Ít& U\x89\xE5S\x83\xEC�\x8BE
\x8B]�P\x83\xEC�S\xE8ݬ\xFF\xFFZYPS\xE8� \x8B]\xFC\x89\xEC]É\xF6\x8D\xBC' U\x89\xE5W1\xFFVS\x83\xEC
\x8Bu�\x8BE
\x89u\xE0�E\xE0\xE8�\xAE\xFF\xFF\x83\xF8��\x86\xF0 ;u\xE0�\x83
� �\xB6�<_�<A}�< |)<#~�<?!<%\xEB
-\x8D\xB4& <~�<a|�FG\xEBɍt& \x8Bu\xE0G\xEB\xBF\xC7E\xE8 \x8DE\xE8\x89E܍E\xE4\xC7E\xEC \x89E؋E܋]\xD8P\x8BE\xE0)\xF0PVS\xE8`\xAC\xFF\xFF\x89Ã\xC4�\x83\xFB\xFFu�\xF7E�� u\xB1\xE9\xA2 \x8Dt& \x83\xFB\xFEu�\xF7E�� u\xA2\xB8\xFF\xFF\xFF\xFF\xE9\x86 \x85\xDBu�\xBB� \x8BM\xE4\x83\xEC
Q\xE8G\xAE\xFF\xFF\x83\xC4�\x85\xC0x��\xC7\xEB�\xF7E�� \xB8\xFF\xFF\xFF\xFFtXG\x8BU܃\xEC
�\xDER\xE8\xFF\xAD\xFF\xFF\x83\xC4�\x85\xC0�\x84p\xFF\xFF\xFF\xE9�\xFF\xFF\xFF;u\xE0s2\x8BM�\x8B�\xC8>��\x83\xE1�\x8Dv \x8D\xBC' �\xB6�F\x85\xC9u��\xB6\xC0\xF6DB�@�\x84x\xFF\xFF\xFFG;u\xE0r\xE4\x89\xF8\x8De\xF4[^_]Ív \x8D\xBC' U\x89\xE5WVS\x83\xEC
\x8B}�\x85\xFFu&\x8BE
\x83\xEC
P\xE88\xAC\xFF\xFF\x8B}�\x83\xC4�\x89ƅ\xFF�\x84\xA2 \x8BE�\x890\xE9\x98 \x8B]
\x83\xEC
S\xE8"\xAB\xFF\xFF\x89<$\x89E\xF0\xE8�\xAB\xFF\xFF\x8BU\xF0\x89ÍD��\x89�$膪\xFF\xFF\x89ƃ\xC4�\x85\xF6u 1\xC0\xEBe\x90\x8Dt& \x83\xEC�SWV\xE8�\xAD\xFF\xFF\x83\xC4�\x85ۉ\xC2t,�\xB6B\xFF\x8DJ\xFF</u�\x8B]
\x80;/u \x89\xCA\xEB�\x90\x8Dt& </t
\x8BE
\x808/t�\xC6�/B\x8BM�\x85\xC9t�\x8B]�\x89�\x8BE\xF0\x83\xEC�@P\x8BE
PR\xE8V\xAB\xFF\xFF\x89\xF0\x8De\xF4[^_]Ð\x8D\xB4& U\x89\xE5\x83\xEC
\x8BE�P\x8BM
Q\x8BU�R\xE8 \x!
FF\xFF\xFF\x83\xC4�\x85\xC0u�\x89\xEC]\xE9:
- \x89\xEC]Í\xB6 U\x89\xE5WV\x8Bu�\x83\xEC
j$\xE8n
- \x83\xC4�\x85\xF6u�\xBE`A��\xFC\xB9 \x89\xC7\xF3\xA5\x8De\xF8^_]ÐU\x89\xE5\x8BE�\x85\xC0u�\xB8`A��]\x8B Í\xB6 \x8D\xBC' U\x89\xE5\x8BU�\x85\xD2u�\xBA`A��\x8BE
\x89�]Ív \x8D\xBC' U\x89\xE5V\x8BE��\xB6M
S\x8B]�\x88\xCA\xC0\xEA��\xB6\xD2\xC1\xE2�\x85\xC0\x8Dt��u�\x8D\xB2dA��\x8B�\x83\xE1�\x83\xE3�\x89\xD0\xD3\xF8\x83\xE0�1\xC3\xD3\xE31ډ�[^]Í\xB6 \x8D\xBC' U\x89\xE5S\x83\xEC�\x8B]�j�Sj 耨\xFF\xFF\x83\xC4�9\xD8u
\x83}
�u�\xB8?*��\x8B]\xFC\x89\xEC]Ív U\x89\xE5WVS\x83\xEC\\xC7E\xD4 \xC7E\xD0 \xC7E\xCC \xC7E\xC8 說\xFF\xFF\xC7E\xC4 H\x8BE��\x94Eă\xE8�\x83\xF8��\x87\xEC \xFF$\x85\xA0���\x8Dt& \x8BE
9E\xD4s�\x8BU�\xC6�"\x89\xF6\xFFE\xD4\xC7E\xC8� \xC7E\xD0?*��\xE9\xB4 \xC7E\xC8� \xE9\xAF \x8B]�\x83\xEC�ShA*��\xE8=\xFF\xFF\xFFZ\x89ËE�YPh\xC4(��\xE8+\xFF\xFF\xFF\x89]Љƒ\xC4��\xB6�\x84\xC0t<\x8D\xB6 \x8D\xBF \x8BM
9M\xD4s�\x8B]�\x8BuԈ�
\xEB
-\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\xFFE\xD4\xFFEЋM\xD0�\xB6�\x84\xC0u\xD0\xC7E\xC8� \x83\xEC
R\x89U\xD0\xE8a\xA8\xFF\xFF\x89Ẽ\xC4�\xEB&\x90\x8Dt& \x8B]
9]\xD4s�\x8Bu�\xC6�'\x89\xF6\xFFE\xD4\xC7E\xD0\xC4(��\xC7E\xCC� \xC7E\xD8 \xE9I� \x8Dv \x8B}ȅ\xFFtL\x8Bu̅\xF6tE\x8BE؋]\xCC�\xD8;E�w8\xFC\x8BM؋u�\x8B}\xD0�M\xCC9\xC9\xF3\xA6�\x97\xC2�\x92\xC08\xC2u�\x8BE
9E\xD4s�\x8BU�\x8BM\xD4\xC6��\\x8D\xB6 \xFFEԋ]�\x8Bu\xD8�\xB6
�\xB6Ã\xE8�\x88]\xA8\x83\xF8w�\x87\x99� \xFF$\x85\xC0���\x83}���\x847� \x83}���\x85[� \x8BE\xC0�;E��\x83L� \x8BE�\x8BU|��?�\x85;� �\xBED��\x83\xE8!\x83\xF8
�\x87*� \xFF$\x85\xA0
-��\x83E\xD8�\x8BM�\x8B]\xD8�\xB6L
�\x88M\xA8\x8Bu
9u\xD4s�\x8BE�\x8BU\xD4\xC6��?\x8Dv \x8D\xBC' \xFFEԋM
9M\xD4s�\x8B]�\x8Bu\xD4\xC6�
\\x8Dt& \x8D\xBC' \xFFEԋE
9E\xD4�\x83\xE1 \x8BU�\x8BM\xD4\xC6��?\xE9\xD2 \x89\xF6\xB0a\xEB.\xB0b\xEB*\xB0f\xEB&\x8Dt& \xB0n\xEB�\xB0r\xEB�\xB0t\xEB
\x8Dt& \xB0v\xEB��\xB6E\xA8\x83}���\x84U� \x8BUȅ\xD2�\x84x� \x88E\xA8\xE9\x98� \x8B}\xFF�\x85e� \x83}���\x85[� \xE9(� \x90\x83}���\x84
� \x83}���\x85A� \x8B]
9]\xD4s�\x8Bu�\x8BE\xD4\xC6�0'\x8Dv \x8D\xBC' \xFFEԋU
9U\xD4s�\x8BM�\x8B]\xD4\xC6�
\\x8Dt& \x8D\xBC' \xFFEԋu
9u\xD4s�\x8BE�\x8BU\xD4\xC6��'\x8Dt& \x8D\xBC' \xFFE\xD4\xE9\xDD� \x8Buą\xF6t1�\xB6U\xA8\xC7E\xA4� \xA1\xC8>���\xB7�P\xC1\xE8�\x83\xE0�\x89E\xA0\xE9\xE2 \xC7E\xA0 \xE9\xD6 \x8Dv \x83}�\xFF\x8DM\xE0\x89M\x9C\xC7E\xE0 \xC7E\xE4 \xC7E\xA4 \xC7E\xA0� u�\x8B]�\x83\xEC
S谥\xFF\xFF\x89E�\x83\xC4�\x8D]܉]\x98\x8B}؋U\xA4\x8BM\x9C\x8BE��u�Q)\xF8�\xFEP\x8BE\x98VP賥\xFF\xFF\x89Ã\xC4�\x85\xDBti\x83\xFB\xFFt\x82\x83\xFB\xFEu0;}�\xC7E\xA0 sS\x80> tN\x89\xF8\x89\xF6\x8D\xBC' \xFFE\xA4@;E�s:\x8Bu�\x80<� u\xEE\xEB/\x8Bu܃\xEC
V\xE8\xE4\xA6\xFF\xFFY1҅\xC0�\x94\xC2�]\xA4J!U\xA0\x8BU\x9CR\xE8\\xA7\xFF\xFF\x83\xC4�\x85\xC0�\x84m\xFF\xFF\xFF\x83}\xA4�w�\x8BEȅ\xC0�\x84\xC1 \x8B}\xA0\x85\xFF�\x85\xB6 \x8BU؋u\xA4�\xF2\x89\xF6\x8D\xBC' \x8B]ȅ\xDBtd\x8BM\xA0\x85\xC9u]\x8BE
9E\xD4s
-\x8BM�\x8B]\xD4\xC6�
\\xFFEԋu
9u\xD4s��\xB6E\xA8\x8BM�\x8B]\xD4\xC0\xE8��0\x88�
\x8Dv \xFFEԋu
9u\xD4s��\xB6E\xA8\x8BM�\x8B]\xD4\xC0\xE8�$��0\x88�
\x90\xFFEԀe\xA8�\x80E\xA80\x8BE\xD8 at 9\xC2vp\x8Bu
9u\xD4s��\xB6M\xA8\x8B]�\x8BuԈ
\x90\x8D\xB4& \xFFEԉE؋M��\xB6��\x88E\xA8\xE9[\xFF\xFF\xFF\x8BEȅ\xC0t7�\xB6E\xA8�\xB6M\xA8\xC0\xE8��\xB6ЋE
\x83\xE1�\x83\xC0�\x8B�\x90\xD3\xF8\x83\xE0�t�\x8B]
9]\xD4s
\x8Bu�\x8BE\xD4\xC6�0\\x90\xFFEԋU
9U\xD4s��\xB6M\xA8\x8B]�\x8BuԈ
\x90\x8D\xB4& \xFFE\xD4\xFFE}�\xFFu
\x8BE�\x8BU<� \xEB�\x8BM�9M\xD8�\x85\x9C\xFB\xFF\xFF\x8B}Ѕ\xFFt5\xEB)\x8Dv \x8Bu
9u\xD4s�\x8BU�\x8BMԈ��\xEB
-\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\xFFE\xD4\xFFEЋ]\xD0�\xB6�\x84\xC0uЋu
9u\xD4s
-\x8BE�\x8BU\xD4\xC6�� \x8BE\xD4\xEB
\x8Bu
\x83\xEC�\x8B]�\x8BM�\x8BU
V\x8BE�j�SQRP\xE8\xEB\xF9\xFF\xFF\x8De\xF4[^_]Ív U\x89\xE5\x83\xEC�\x8BE�\x85\xC0u�\xB8`A��\x83\xEC�\x8BM�P\x8B�\x8BE�R\x8BU
P\x8BE�QRP\xE8\xB2\xF9\xFF\xFF\x89\xEC]Í\xB4& \x8D\xBC' U\x89\xE5WVS\x83\xEC
\x8B}�9=d<���\x87\x87 \x8D_�\x85ۍ4\xDD ~ \x89\xF0\xC1\xE8�9\xC3t�耢\xFF\xFF\x81=p<��h<��u#\x83\xEC
j�\xE8\xE6� \x8B�h<��\x8B
-l<��\x83\xC4�\xA3p<��\x89�\x89H�\x83\xEC�V\x8B5p<��V\xE8\xED� \x8B�d<��\x83\xC4
\xA3p<��)Ӎ
Ѝ�\xDD Pj Q\xE8~\xA4\xFF\xFF\x89=d<��\x83\xC4�\xA1p<��\x83\xEC
\x8BM�\x8BU
\x8B4\xF8\x8B\\xF8�Qj\xFFRVS\xE8�\xFF\xFF\xFF\x89ƒ\xC4 9\xD6wD\xA1p<��\x8Dr�\x83\xEC�\x894\xF81\xC0\x81\xFB`@���\x94\xC0VH!\xD8P\xE8u� \x8B�p<��\x89ËM
\x89\\xFA�\x8B}�XWj\xFFQVS\xE8\xB7\xFE\xFF\xFF\x83\xC4 \x8De\xF4\x89\xD8[^_]Ív \x8D\xBC' U\x89\xE5\x83\xEC
h`A��\x8BU
\x8BE�RP\xE8\xC8\xFE\xFF\xFF\x89\xEC]Ít& U\x89\xE5\x83\xEC�\x8BM�Qj \xE8\xCF\xFF\xFF\xFF\x89\xEC]Ít& \x8D\xBC' U\xB9� \x89\xE5W\x8D}\xBC\x8DU\xB8VS\x83\xEC@\x8BE
\xFC\x8B]�\x8Bu�\x89E\xB81\xC0\xF3\xABRSV\xE8s\xFE\xFF\xFF\x8De\xF4[^_]Ít& \x8D\xBC' U\x89\xE5\x83\xEC
\x8BU
\x8BE�RPj \xE8\xAB\xFF\xFF\xFF\x89\xEC]Í\xB4& U\xB9 \x89\xE5W\x8D}\xB8V\xBE`A��S\x83\xEC@\x8D]\xB8�\xBEE
j�\xFC\xF3\xA5PS\xE87\xF7\xFF\xFF\x8BM�\x83\xC4
SQj \xE8�\xFE\xFF\xFF\x8De\xF4[^_]\xC3U\x89\xE5\x83\xEC�j:\x8BE�P\xE8\xAF\xFF\xFF\xFF\x89\xEC]Ít& \x8D\xBC' U\x89\xE5VS\x8BU
\x8B]�\x8BM�\x85ҋE�\x8Bu�t�\x83\xEC
PQRh8+��S苟\xFF\xFF\x83\xC4 \xEB�\x89\xF6PQhD+��S\xE8w\x9F\xFF\xFF\x83\xC4�\x83\xEC�V\x83\xEC
j�hK+��j 菟\xFF\xFF\x83\xC4�PS\xE8U\x9F\xFF\xFFZYSj
-\xE8;\xA2\xFF\xFF^XS\x83\xEC�j�\x8B
-t<��Qj \xE8e\x9F\xFF\xFF\x83\xC4�P\xE8L\xA0\xFF\xFFXZSj
-\xE8�\xA2\xFF\xFF\x89]
\x83\xC4
j�h\xA0*��j \xE8>\x9F\xFF\xFF\x89E�\x83\xC4�\x8De\xF8[^]\xE9
\xA0\xFF\xFF\x89\xF6\x8D\xBC' U\x89\xE5\x83\xEC�\xA1|<��\x85\xC0t�\xFFЃ\xEC�j�h
��j \xE8�\x9F\xFF\xFF\x83\xC4�P\xA1x<��h*���j P茢\xFF\xFF\xC7�$� \xE8p\xA1\xFF\xFF\x8D\xB6 \x8D\xBF U\x89\xE5\x83\xEC�\x8BU�R\xE8E\x9F\xFF\xFF\x83\xC4�\x85\xC0u
-\xE8\x95\xFF\xFF\xFF\x90\x8Dt& \x89\xEC]Í\xB6 \x8D\xBF U\x89\xE5\x83\xEC�\x8BE
\x8BM�PQ\xE8!\xA0\xFF\xFF\x83\xC4�\x85\xC0u�\xE8a\xFF\xFF\xFF\x90\x89\xEC]Í\xB6 \x8D\xBF U\x89\xE5\x83\xEC�\x8BM
\x8BU�QR\xE8�\xA1\xFF\xFF\x83\xC4�\x85\xC0u�\xE81\xFF\xFF\xFF\x90\x89\xEC]Í\xB6 \x8D\xBF U\x89\xE5\x83\xEC�\x8BE�PP\xE84\x9F\xFF\xFF@\x89�$\xE8W\xFF\xFF\xFF\x89�$\xE8\xE3\xA1\xFF\xFF\x89\xEC]Ít& \x8D\xBC' U\x89\xE5V\x8Bu
S\x8B]�\x8B
�\xAFΉș\xF7\xFE\x89Ƹ� 93u�\x89
1\xC0[^]Ð\x8D\xB4& U\x89\xE5WVS\x83\xEC
\x8B]�\x8B}�\x8Bu
\xEB
\x83\xEC�VW\xE8\xB2\xFF\xFF\xFF\x83\xC4�\x85\xC0t
\xB8� \xEB
\x8Dt& K\x83\xFB\xFFu\xDE1\xC0\x8De\xF4[^_]\xC3U\x89\xE5WVS\x83\xEC
\x8Bu�\x8B}�\x83\xFE$v
h[+��j{hc+��h\x80+��芝\xFF\xFF\x8D\xB6 \x8BE
\x85\xC0\x89E\xE8u�\x8DU\xF0\x89U\xE8话\xFF\xFF\x89\xC3\xC7� j V\x8Bu\xE8VW\xE8Z\x9E\xFF\xFF\x8B�\x89ƃ\xC4�\x89u\xEC\x85\xDB�\x85{� \x8BE\xE8\x8B�\xB8� 9\xFB�\x84\x84� \x8BM�\x85\xC9u
\x8BU�1\xC0\x892\xE9q� \x80; �\x84^� \xC7E\xE4� \x8BU�\x83\xEC��\xBE�\xBF � PR\xE8n\x9C\xFF\xFF\x83\xC4�\x85\xC0u�\x8BE�\x890\xB8� \xE96� \x8Dt& \x8BE�\x83\xEC�j0P\xE8F\x9C\xFF\xFF\x83\xC4�\x85\xC0t'�\xB6C�<Bt�<Dt�\xEB�\xC7E\xE4� \xEB�\x8Dt& \xC7E\xE4� \xBF\xE8� �\xBE�\x83\xE8B\x83\xF85�\x87\xB9 \xFF$\x85@
��\x83\xEC�\x8DE\xECh � \xEBy\x90\x83\xEC�\x8DE\xECh � \xEBk\x8Dv 1\xC0\xE9\x9C \x83\xEC�\x8DE\xECj�\xEBw\x83\xEC�\x8DE\xECj�\xEBm\x90\x8Dt& \x83\xEC�\x8DE\xECj�\xEB^\x8D\xB6 \x83\xEC�\x8DE\xECj�\xEBN\x8D\xB6 \x83\xEC�\x8DE\xECj�\xEB>\x8D\xB6 \x83\xEC�\x8DE\xECj�\xEB.\x8D\xB6 \x83\xEC�\x8DE\xECj�P\xE8\xE2\xFD\xFF\xFF\x83\xC4�\xEB0\x83\xEC�\x8DE\xECj�\xEB
\x8Dv \x83\xEC�\x8DE\xECj�WP\xE8\xF1\xFD\xFF\xFF\x83\xC4�\xEB�\x8BE\xEC\x8BU�\x89�\xB8� \xEB�\x85\xC0t \xB8� \xEB�\x89\xF6\x8BU\xE4\x8BE\xE8��\x8BE\xEC\x8BU�\x89�1\xC0\x8De\xF4[^_]Í\xB6 U\x89\xE51\xD2V\x8Bu
S\x8B]�\x8B
�\xAFΉ\xC8\xF7\xF6\x89Ƹ� 93u�\x89
1\xC0[^]Í\xB4& U\x89\xE5WVS\x83\xEC
\x8B]�\x8B}�\x8Bu
\xEB
\x83\xEC�VW\xE8\xB2\xFF\xFF\xFF\x83\xC4�\x85\xC0t
\xB8� \xEB
\x!
8Dt& K\x83\xFB\xFFu\xDE1\xC0\x8De\xF4[^_]\xC3U\x89\xE5WVS\x83\xEC
\x8Bu�\x8B}�\x83\xFE$v
h\xA6+��j{hc+��h\x80+��\xE8
-\x9B\xFF\xFF\x8D\xB6 \x8BE
\x85\xC0\x89E\xE8u�\x8DU\xF0\x89U\xE8�\xB6�\x89\xFA\x8B
-\xC8>��\xF6DA� t�\x8D\xB4& \x8D\xBC' B�\xB6�\xF6DA� u\xF5\x80:-\xB8� �\x84\xC9� \xE8\xF6\x9A\xFF\xFF\x89\xC3\xC7� j V\x8Bu\xE8VW\xE8�\x9E\xFF\xFF\x8B�\x89ƃ\xC4�\x89u\xEC\x85\xDB�\x85\x82� \x8BE\xE8\x8B�\xB8� 9\xFB�\x84\x8B� \x8BM�\x85\xC9u�\x8BU�1\xC0\x892\xE9x� \x8D\xB6 \x80; �\x84_� \xC7E\xE4� \x8BU�\x83\xEC��\xBE�\xBF � PR诙\xFF\xFF\x83\xC4�\x85\xC0u�\x8BE�\x890\xB8� \xE97� \x90\x8Dt& \x8BE�\x83\xEC�j0P膙\xFF\xFF\x83\xC4�\x85\xC0t'�\xB6C�<Bt�<Dt�\xEB�\xC7E\xE4� \xEB�\x8Dt& \xC7E\xE4� \xBF\xE8� �\xBE�\x83\xE8B\x83\xF85�\x87\xB9 \xFF$\x85
��\x83\xEC�\x8DE\xECh � \xEBy\x90\x83\xEC�\x8DE\xECh � \xEBk\x8Dv 1\xC0\xE9\x9C \x83\xEC�\x8DE\xECj�\xEBw\x83\xEC�\x8DE\xECj�\xEBm\x90\x8Dt& \x83\xEC�\x8DE\xECj�\xEB^\x8D\xB6 \x83\xEC�\x8DE\xECj�\xEBN\x8D\xB6 \x83\xEC�\x8DE\xECj�\xEB>\x8D\xB6 \x83\xEC�\x8DE\xECj�\xEB.\x8D\xB6 \x83\xEC�\x8DE\xECj�P\xE8\xA2\xFD\xFF\xFF\x83\xC4�\xEB0\x83\xEC�\x8DE\xECj�\xEB
\x8Dv \x83\xEC�\x8DE\xECj�WP\xE8\xB1\xFD\xFF\xFF\x83\xC4�\xEB�\x8BE\xEC\x8BU�\x89�\xB8� \xEB�\x85\xC0t \xB8� \xEB�\x89\xF6\x8BU\xE4\x8BE\xE8��\x8BE\xEC\x8BU�\x89�1\xC0\x8De\xF4[^_]Í\xB6 U\x89\xE51\xC9WV\x83\xEC(\x8BE�\x8BU
\x89E\xF0\x8BE�\x89U\xF4\x8BU�\x8B}\xF4\x89ƋE\xF0\x85҉E\xE4u89\xFEv�\x89\xFA\xF7\xF6\x89\xC7\xE9\xBF \x8D\xB6 \x85\xF6u
\xB8� 1\xD2\xF7\xF1\x89Ɖ\xF8\x89\xCA\xF7\xF6\x89\xC1\x8BE\xE4\xF7\xF6\x89\xC7\xE9\x96 9\xFAv 1\xFF\xE9\x89 \x89\xF6�\xBDƒ\xF0�\x89E\xDCu�9\xD7w�1\xFF9u\xE4rq\xBF� \xEBj\x8Dv \xC7E\xE0 \x8BM܉\xF0\x89}\xD4\xD3\xE2)M\xE0�\xB6M\xE0\xD3\xE8�\xB6M\xDC ‹E\xE4\x89U\xD8\xD3\xE6�\xB6M\xE0\xD3m\xD4�\xB6M܋U\xD4\xD3\xE7�\xB6M\xE0\x89}\xD0\xD3\xE8�\xB6M\xDC EЋE\xD0\xF7u\xD8\xD3e\xE4\x89lj\xD1\xF7\xE69ʉ\xC6w 9\xCAu�;u\xE4v�O1ɉ}\xE8\x8BE\xE8\x89M\xEC\x8BU\xEC\x83\xC4(^_]Ít& U\x89\xE5W\x8DM\xF0V\x83\xEC8\x89M\xE4\x8BE�\x8BU
\x89E\xE8\x8BE�\x89U\xEC\x8BU�\x8Bu\xEC\x89EċE\xE8\x89ׅ\xFF\x89E\xD4u^9u\xC4v \x89\xF2\xF7u\xC4\xEB#\!
x89\xF6\x8BUą\xD2u
-\xB8� 1\xD2\xF7uĉEĉ\xF0\x89\xFA\xF7uċE\xD4\xF7uĉUԋE\xE4\x85\xC0�\x84(� \xC7E\xDC \x8BEԋM܉E؋E\xE4\x8BU؉H�\x89�\xE9�� \x909\xF7v
\x89u܋U\xE8\x89U؋U܋E؉U\xF4\x89E\xF0\xE9\xE9 \x89\xF6�\xBDǃ\xF0�\x89E\xCCu69\xFEw�\x8BU\xC49U\xD4r
\x8BE\xD4+E\xC4�\xFE\x89Eԋ}\xE4\x85\xFF�\x84\xBA \x89u܋UԋM\xE4\x89U؋U\xDC\xE9\x9E \xC7E\xD0 \x8BẺ\xF2)EЈ\xC1\x8BE\xC4\xD3\xE7�\xB6M\xD0\xD3\xE8�\xB6M\xCC NjE\xD4\xD3e\xC4�\xB6M\xD0\xD3\xEA�\xB6M\xCC\xD3\xE6�\xB6M\xD0\xD3\xE8�\xB6M\xCC Ɖ\xF0\xF7\xF7\x89\xD6\xF7e\xC4\xD3e\xD49\xF2\x89E\xC0w
9\xF2u�\x8BE\xD49E\xC0v
\x8BM\xC0+M\xC4�\xFA\x89M\xC0\x8BM\xE4\x85\xC9t5�\xB6MЋE\xD4+E\xC0�։Eԉ\xF0\xD3\xE0�\xB6M\xCC\xD3\xEE\xD3mԋM\xE4\x89u܋U\xD4 ЋU܉E؋E؉Q�\x89�\x8BE\xF0\x8BU\xF4\x83\xC48^_]Í\xB6 \x8D\xBF \x8B
$\xC3U\x89\xE5WVS\x83\xEC
\xE8\xEE\xFF\xFF\xFF\x81\xC3\xE2@ \xDDE�݃
\xEF\xFF\xFF\xD9\xC9\xDD\xE1\xDF\xE0\xDDـ\xE4E\x80\xFC�u�\xDD\xD81\xC01\xD2\xE9\xA7 \x8Dt& \xD9\xC0܋$\xEF\xFF\xFF\xD9}\xEC\x8BM\xEC\xC6E\xED
\xD9m\xEC\x89M\xEC\xDF}\xE0\xD9m\xEC\x8BE\xE0\x89Ɖ\xF71\xF6WV\xDF,$^_\x85\xFFy�۫\xFC\xEC\xFF\xFF\xDE\xC1\xDD]\xD8\xDDE\xD8\xDE\xE9݃
\xEF\xFF\xFF\xD9\xC9\xDD\xE1\xDF\xE0\xDDـ\xE4E\x80\xFC�u(\xD9\xE01\xD2\xD9}\xEC\x8BM\xEC\xC6E\xED
\xD9m\xEC\x89M\xEC\xDF}\xE0\xD9m\xEC\x8BE\xE0)\xC6�\xD7\xEB$\x90\x8Dt& \xD9}\xEC\x8BM\xEC\xC6E\xED
\xD9m\xEC\x89M\xEC\xDF}\xE0\xD9m\xEC\x8BE\xE01\xD2�\xC6�\xF0\x89\xFA\x83\xC4
[^_]Ð\x8Dt& U\x89\xE5SR\xE8 [\x81\xC3\xFA? P\x8B\x834� 1҅\xC0t�\x8B�Rj \xFFu�\xE8)\x95\xFF\xFF\x83\xC4�\x8B]\xFC\xC9Ð\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90U\x89\xE5S\x83\xEC�\xA1\x84<��\xBB\x84<��\x83\xF8\xFFt�\x8Dv \x8D\xBC' \x83\xEB�\xFFЋ�\x83\xF8\xFFu\xF4X[]\xC3U\x89\xE5\x83\xEC�\x89\xEC]Í\xB6 U\x89\xE5SR\xE8 [\x81\xC3z? \x8Dv 跘\xFF\xFF\x8B]\xFC\xC9\xC3 � � � ����
-��� ��� � � ?���<���9���6���3���0���-���*���'���$���!���
���m)���������� \xE1��� a X��� b N��� d H��� D >��� \x83 /��� h )��� i ���� k ���� n ���� G \xF3��� q \xEB��� r \xCB)�� s \xE5���� w \xDA��� A \xCB��� B
-��� F ��� p \xC8��� \x87 \xC1���� I \xAF���� \x84 \xB5��� L \xAD��� N \xA2��� Q \xC1���� \x85 \x98��� R \x96���� \x82 \x85��� \x86 \x88���� \x88 }���� T C���� \x89 \x9F���� \x81 r���� \x80 m��� ~\xFF\xFF\xFFe��� }\xFF\xFF\xFF \x94���\x8F���\x88���}���v���m���_��� � � � � � ����C���\xCB)��\x9C���e��� � � � � \xBE���\xB7���\xB3���\xAD���\xA6��� � � � � � 2*��\xDC���\xD6���\xD0���6�������\xCB���\xC7���\xC4��� � � � � � � `\xA4��X\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xB3\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4!
��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4���\xA2��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\x90\xA0��\xA8\xA0��Ơ��֠��\xA6\xA4��\xE5\xA0��\xF5\xA0�� \x9F���\xA1��\xA6\xA4��\xA6\xA4�� \xA1��\xA6\xA4��0\xA1��\xA6\xA4��\xA6\xA4��A\xA1��R\xA1��b\xA1��\x80\xA1��\xE3\xA1��\xA6\xA4��\xA6\xA4��\xF7\xA1��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��G\x9E��a\x9E��r\x9E��\x82\x9E��\xA6\xA4��\x92\x9E��\xB3\xA4��\xF0\x9E��1\x9F��\xA6\xA4��@\x9F��P\x9F��`\x9F��p\x9F��\x80\x9F��\x98\x9F��\xA8\x9F��\xB7\x9F��ǟ��ן��\xF0\x9F�� \xA0���\xA0��\x80\xA0��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��@\xA4���\xA3��\xB0\xA2��\xF0\xA2��\xB0\xA3��\xF0\xA3��0\xA4��!\x9F��0\xA2��t\xA2�� 0\xA6��\x80\xA6��!\xA7��@\xA7��\x88\xA7�� \xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7��\x90\xA6��\x90\xA6��\x90\xA6��\x90\xA6��\x90\xA6��\x90\xA6��\x90\xA6��\x90\xA6���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7��\xF0\xA6���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7��\xA0\xA6���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7��\xF7\xA6���\xA7��\xB0\xA6��\xB7\xA6���\xA7���\xA7��\xC0\xA6��!
Ǧ���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7��Ц���\xA7���\xA7���\xA7��צ���\xA7��\xE0\xA6���\xA7��\xE7\xA6���\xA7��\xA0\xA6�� R\xA7��R\xA7��R\xA7��R\xA7��R\xA7��R\xA7��R\xA7��R\xA7��R\xA7��R\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��p\xA7��p\xA7��p\xA7��p\xA7��p\xA7��p\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��`\xA7��`\xA7��`\xA7��`\xA7��`\xA7��`\xA7�� \xA5\xB8��&\xB8��@\xB8��\xB0\xB7��V\xB8��p\xB8�� \x80\xBD���\xBD��T\xBD��d\xBD��t\xBD�� kMGTPEZY /���\xC8��� \xFC\xFF\xFF�\xFC\xFF\xFF\xAD���9*��,*��2)��X���\xF0���$*�� � � � � � � `\xEA��\xA0\xE9��\xC6\xE9��\xD2\xE9��\xD2\xE9�� \xC0\xEB��\xC4\xEB��\xD8\xEB��\xD0\xEB��\xE0\xEB��\xC8\xEB��\xD4\xEB��\x98\xEC��\x98\xEC��\x98\xEC��\x98\xEC��\x98\xEC��\x98\xEC��\x98\xEC��\x98\xEC��\x98\xEC��\x98\xEC��\x98\xEC��\x98\xEC��\x98\xEC��\x98\xEC��\x98\xEC��\x98\xEC��\x98\xEC��\x98\xEC���\xEC���\xEC���\xEC���\xEC���\xEC��u\xEE���\xEC�� \xEC���\xEC���\xEC���\xEC��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE���\xEC���\xEC��u\xEE���\xEC���\xEB��\x98\xEC��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE���\xEC��\xE4\xEB��u\xEE���\xEC��u\xEE���\xEC��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE���\xEC��u\xEE���\xEC��R\xEB��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��R\xEB��R\xEB��R\xEB��u\xEE��u\xEE��u\xEE��R\xEB��u\xEE��R\xEB��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��R\xEB��R\xEB��R\!
xEB�� memory exhausted @\xF5��\xE4\xF5��\xE4\xF5��W\xF5��\xE4\xF5��a\xF5��\xE4\xF5��\xE4\xF5��\xE4\xF5��\xE4\xF5��\xE4\xF5��\x80\xF5��\xE4\xF5��\xE4\xF5��\x90\xF5��\xE4\xF5��\xE4\xF5��\xE4\xF5��\xA0\xF5��\xE4\xF5��\xE4\xF5��\xE4\xF5��\xE4\xF5��\xC3\xF5��\xD0\xF5��\xE4\xF5��\xE4\xF5��\xE4\xF5��\xE4\xF5��\xE4\xF5��\xE4\xF5��\xE4\xF5��2\xF5��P\xF5��\xE4\xF5��\xE4\xF5��\xE4\xF5��a\xF5��\xE4\xF5��\xE4\xF5��\xE4\xF5��p\xF5��\xE4\xF5��\x80\xF5��\xE4\xF5��\xE4\xF5��\xE4\xF5��\xE4\xF5��\xE4\xF5��\xE4\xF5��\xA0\xF5��\xE4\xF5��\xE4\xF5��\xB0\xF5�� \xF8��\xA4\xF8��\xA4\xF8���\xF8��\xA4\xF8��!\xF8��\xA4\xF8��\xA4\xF8��\xA4\xF8��\xA4\xF8��\xA4\xF8��@\xF8��\xA4\xF8��\xA4\xF8��P\xF8��\xA4\xF8��\xA4\xF8��\xA4\xF8��`\xF8��\xA4\xF8��\xA4\xF8��\xA4\xF8��\xA4\xF8��\x83\xF8��\x90\xF8��\xA4\xF8��\xA4\xF8��\xA4\xF8��\xA4\xF8��\xA4\xF8��\xA4\xF8��\xA4\xF8��\xF2\xF7���\xF8��\xA4\xF8��\xA4\xF8��\xA4\xF8��!\xF8��\xA4\xF8��\xA4\xF8��\xA4\xF8��0\xF8��\xA4\xF8��@\xF8��\xA4\xF8��\xA4\xF8��\xA4\xF8��\xA4\xF8��\xA4\xF8��\xA4\xF8��`\xF8��\xA4\xF8��\xA4\xF8��p\xF8�� ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������file-type classify none do ex mi cd bd so pi ln di fi no ec rc lc 01;32 01;33 01;35 01;36 01;34 m �[ version help block-size tabsize show-control-chars recursive quote-name literal dereference ignore si ignore-backups almost-all width reverse hide-control-chars no-group numeric-uid-gid kilobytes inode human-readable full-time dired directory escape single-column vertical across horizontal commas long verbose extension status ctime use access atime!
if-tty auto never force yes %d /usr/share/locale fileutils . //DIRED// //SUBDIRED// QUOTING_STYLE LS_BLOCK_SIZE COLUMNS POSIXLY_CORRECT TABSIZE invalid line width: %s .*~ invalid tab size: %s --sort --time --format --color TERM md --indicator-style --quoting-style 4.1 vdir *=@| %a %b %d %H:%M:%S %Y %b %e %Y %b %e %H:%M LS_COLORS ?? unrecognized prefix: %s target :
- total %*s %s %3u %-8.8s %-8u %3u, %3u %8s - %*s%s -> //DIRED-OPTIONS// --quoting-style=%s
- ignoring invalid width in environment variable COLUMNS: %s ignoring invalid tab size in environment variable TABSIZE: %s abcdfghiklmnopqrstuvw:xABCDFGHI:LNQRST:UX1 Warning: the meaning of `-H' will change in the future to conform to POSIX.
-Use `--si' for the old meaning. Richard Stallman and David MacKenzie unparsable value for LS_COLORS environment variable Try `%s --help' for more information.
- Usage: %s [OPTION]... [FILE]...
- List information about the FILEs (the current directory by default).
-Sort entries alphabetically if none of -cftuSUX nor --sort.
-
- -a, --all do not hide entries starting with .
- -A, --almost-all do not list implied . and ..
- -b, --escape print octal escapes for nongraphic characters
- --block-size=SIZE use SIZE-byte blocks
- -B, --ignore-backups do not list implied entries ending with ~
- -c with -lt: sort by, and show, ctime (time of last
- modification of file status information)
- with -l: show ctime and sort by name
- otherwise: sort by ctime
- -C list entries by columns
- --color[=WHEN] control whether color is used to distinguish file
- types. WHEN may be `never', `always', or `auto'
- -d, --directory list directory entries instead of contents
- -D, --dired generate output designed for Emacs' dired mode
- -f do not sort, enable -aU, disable -lst
- -F, --classify append indicator (one of */=@|) to entries
- --format=WORD across -x, commas -m, horizontal -x, long -l,
- single-column -1, verbose -l, vertical -C
- --full-time list both full date and full time
- -g (ignored)
- -G, --no-group inhibit display of group information
- -h, --human-readable print sizes in human readable format (e.g., 1K 234M 2G)
- --si likewise, but use powers of 1000 not 1024
- -H same as `--si' for now; soon to change
- to conform to POSIX
- --indicator-style=WORD append indicator with style WORD to entry names:
- none (default), classify (-F), file-type (-p)
- -i, --inode print index number of each file
- -I, --ignore=PATTERN do not list implied entries matching shell PATTERN
- -k, --kilobytes like --block-size=1024
- -l use a long listing format
- -L, --dereference list entries pointed to by symbolic links
- -m fill width with a comma separated list of entries
- -n, --numeric-uid-gid list numeric UIDs and GIDs instead of names
- -N, --literal print raw entry names (don't treat e.g. control
- characters specially)
- -o use long listing format without group info
- -p, --file-type append indicator (one of /=@|) to entries
- -q, --hide-control-chars print ? instead of non graphic characters
- --show-control-chars show non graphic characters as-is (default
- unless program is `ls' and output is a terminal)
- -Q, --quote-name enclose entry names in double quotes
- --quoting-style=WORD use quoting style WORD for entry names:
- literal, locale, shell, shell-always, c, escape
- -r, --reverse reverse order while sorting
- -R, --recursive list subdirectories recursively
- -s, --size print size of each file, in blocks
- -S sort by file size
- --sort=WORD extension -X, none -U, size -S, time -t,
- version -v
- status -c, time -t, atime -u, access -u, use -u
- --time=WORD show time as WORD instead of modification time:
- atime, access, use, ctime or status; use
- specified time as sort key if --sort=time
- -t sort by modification time
- -T, --tabsize=COLS assume tab stops at each COLS instead of 8
- -u with -lt: sort by, and show, access time
- with -l: show access time and sort by name
- otherwise: sort by access time
- -U do not sort; list entries in directory order
- -v sort by version
- -w, --width=COLS assume screen width instead of current value
- -x list entries by lines instead of by columns
- -X sort alphabetically by entry extension
- -1 list one file per line
- --help display this help and exit
- --version output version information and exit
-
-By default, color is not used to distinguish types of files. That is
-equivalent to using --color=none. Using the --color option without the
-optional WHEN argument is equivalent to using --color=always. With
---color=auto, color codes are output only if standard output is connected
-to a terminal (tty).
-
-Report bugs to <bug-fileutils at gnu.org>. invalid argument %s for `%s' Valid arguments are:
- - `%s' , `%s' ambiguous argument %s for `%s' base_name basename.c all_slashes || !((*(p - 1)) == '/') write error %s: %s \xF0C $@ \x80?@ %.0f %.1f%c %.0f%c eEgGkKmMpPtTyYzZ0 block size invalid %s `%s' %s `%s' too large invalid character following %s `%s' clocale shell-always shell " ` Copyright (C) 2001 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO
-warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
- %s (%s) %s
- %s %s
- Written by %s.
- xstrtol xstrtol.c 0 <= strtol_base && strtol_base <= 36 xstrtoul \xF0= \x90<�� \x80\xFF\xFF\xFF\xFF� b���� `��� � \xC3)��� \xC3)��� Z���� T���� K���� N���� H���� H��� � B���� N��� \xFF\xFF\xFF\xFF� \xD4��� � � `@��h<��`*��� \xFF\xFF\xFF\xFF \xFF\xFF\xFF\xFF \xD0=�� \xEA\x90��\xFA\x90��
-\x91���\x91��*\x91��:\x91��J\x91��Z\x91��j\x91��z\x91��\x8A\x91��\x9A\x91��\xAA\x91��\xBA\x91��ʑ��ڑ��\xEA\x91��\xFA\x91��
-\x92���\x92��*\x92��:\x92��J\x92��Z\x92��j\x92��z\x92��\x8A\x92��\x9A\x92��\xAA\x92��\xBA\x92��ʒ��ڒ��\xEA\x92��\xFA\x92��
-\x93���\x93��*\x93��:\x93��J\x93��Z\x93��j\x93��z\x93��\x8A\x93��\x9A\x93��\xAA\x93��\xBA\x93��ʓ��ړ��\xEA\x93��\xFA\x93��
-\x94���\x94��*\x94��:\x94��J\x94��Z\x94��j\x94��z\x94��\x8A\x94��\x9A\x94��\xAA\x94��\xBA\x94��ʔ��ڔ��\xEA\x94��\xFA\x94��
-\x95���\x95��*\x95��:\x95��J\x95��Z\x95��j\x95��z\x95�� � � � [
\xBC\x90��
- �\xFD��� (\x81��� X\x89��� \xA8\x83��
- \x8F�
� � � \x94<��� P� � � � l\x8E��� 4\x8E��� 8 � � \xFE\xFF\xFFoԍ��\xFF\xFF\xFFo� \xF0\xFF\xFFo
\x8D�� .symtab .strtab .shstrtab .interp .note.ABI-tag .hash .dynsym .dynstr .gnu.version .gnu.version_r .rel.got .rel.bss .rel.plt .init .plt .text .fini .rodata .data .eh_frame .ctors .dtors .got .dynamic .sbss .bss � � � \xF4\x80��\xF4 � � # � � �\x81���� � 1 � � (\x81��(� \x80� � � � 7
� \xA8\x83��\xA8� \xB0� � � � � ? � � X\x89��X \xC5� � G \xFF\xFF\xFFo�
\x8D��
- \xB6 � � � T \xFE\xFF\xFFo� ԍ��\xD4
- ` � � � c � 4\x8E��4� � � � � � l � D\x8E��D� ( � � � � u � l\x8E��l� P� �
� � ~ � � \xBC\x90��\xBC� � � \x84 � � Ԑ��\xD4� \xB0� � � \x89 � � \x90\x95��\x90� \x80g � \x8F � � �\xFD���}
� \x95 � � @\xFD��@} \x80. \x9D � � \xC0;��\xC0\xAB \xC0 � \xA3 � � \x80<��\x80\xAC � � \xAD � � \x84<��\x84\xAC � � \xB4 � � \x8C<��\x8C\xAC � � \xBB � � \x94<��\x94\xAC <� � � \xC0 � � \xD0=��Э \xD8 � � � \xC9 � � \xA8>��\xC0\xAE � \xCF � � \xC0>��\xC0\xAE \xE4� � � \xC0\xAE \xD4 �
\ No newline at end of file
Deleted: vendor-crypto/openssh/dist/regress/copy.2
===================================================================
--- vendor-crypto/openssh/dist/regress/copy.2 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/copy.2 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,286 +0,0 @@
-ELF��� � � � \x90\x95��4 \x94\xAF 4 � ( � � � 4 4\x80��4\x80��\xC0 \xC0 � � � \xF4 \xF4\x80��\xF4\x80��� � � � � \x80�� \x80��\xC0\xAB \xC0\xAB � � � \xC0\xAB \xC0;��\xC0;��\xE8� \xE4� � � � Э \xD0=��\xD0=��\xD8 \xD8 � � � �� �\x81���\x81�� � � /lib/ld-linux.so.2 � � � GNU � � � C [ � @ U Z C � � B G V :
( / J A ' " X = D & , F T W Y 9 � M S ; - I � + R P < 2 7 ? K H 3 L % � � � � � � � ! �
$ # � �
0 * � 1 � � 6 � 4
- 8 ) > 5 � E
- . � O N � � Q
\xE5 \xE4\x90��@ � \xEC� \xF4\x90��B� � \xA1 �\x91��* � \xE1� �\x91��c � \x8B $\x91��\xB8 � 1� 4\x91��\xC1� � \xD0=�� � \xF1\xFFG� D\x91��\x81 " {� T\x91��\xA7 � 7� d\x91��. � c� t\x91��& � \xA8� \x84\x91��- � \xBF \x94\x91��
� � \xE8� \xA4\x91��\xD0 � \xB0� \xB4\x91��3 � U� đ��\x86 � \x95� ԑ��\xDC
� j� \xE4\x91��@ � j� \xF4\x91��B� � \xC7� �\x92��� � \xAC �\x92��B� � D� \xF0\xF9��\xA4� �
- Z� \xE0\xF8��
� �
- \xEE $\x92��\x9A� � ) \xBC\x90�� �
-� 4\x92��p� � \xB7� D\x92��\xD2! � \xBA� T\x92��\xAC " \x84 \xC0>��� � � \x9F� \xC4>��� � � d� d\x92���� � \xD9� t\x92���� � \xDD� \x84\x92��� � H� \x94\x92��D � 8� \xA4\x92��I� � *� \xB4\x92��\xBB � \xC6 Ē��\xD1� � \xD8 Ԓ��M� � �� \xE4\x92���� �
-� \xF4\x92��\x93� � \xF7� �\x93��\xC5 � � �\x93��\x97� � ~� \xA8>�� � \xF1\xFF�� $\x93��\xCA � / 4\x93��f� � �� D\x93��7� � l T\x93��
� � } d\x93��2 � 7 �\xFD�� � � \xDE t\x93��q � \x8E� \x84\x93��\x98� � s� \x94\x93��\xB9� � �� \xA4\x93��V � \x95 \xB4\x93��7 � >� ē��~ � *� ԓ��> � \xF3 \xE4\x93��\x9D " \xEF� \xF4\x93��\xAE
� M� �\x94��\xD0� � \xAC� �\x94��\x97� � \x91� $\x94��
� s� 4\x94��B� � \xD8� D\x94���� � \x8A� T\x94��\xC0� � j� d\x94��i � w� \xA8>�� � \xF1\xFF\xF5� t\x94��\xF5 � = \x94<�� � \xF1\xFF]� \x84\x94��\xF4 � \x8A� \xA4A�� � \xF1\xFFw \x94\x94��@ � �� \xA4\x94��|� � �� \xB4\x94��2 � A� Ĕ��h � \xB5 \xC8>��� � � N� Ԕ��q � \x84� \xE4\x94��o � b� \xF4\x94��� � \xFF� �\x95��\x9C � �� �\x95��s � 1� $\x95��\xA1� � �� \xCC>��� � � \xFE� D\xFD��� � � |� 4\x95��- � \xC0� D\x95��d� � \xA6� T\x95��\xE9 � S d\x95�� � � \xD2� \xD0>��� � � � e t\x95��\x8B � __gmon_start__ libtermcap.so.2 _DYNAMIC _init tgetent _fini _GLOBAL_OFFSET_TABLE_ tgetstr libc.so.6 strcpy textdomain ioctl printf stdout readdir64 getopt_long __fpending getgrgid __ctype_b getenv __strtol_internal qsort memcpy readlink puts __cxa_finalize mbrtowc malloc isatty optarg _obstack_newchunk __strtoul_internal __umoddi3 strncasecmp __udivdi3 abort iswprint strrchr _obstack_begin calloc __ctype_get_mb_cur_max fprintf dcgettext __deregister_frame_info optind fnmatch ferror signal strcoll strncmp strncpy wcwidth realloc __strdup __xstat64 gettimeofday localtime memset time opendir __ass!
ert_fail strcmp getpwuid getpwnam sprintf __mempcpy fclose setlocale stderr error __lxstat64 strftime fwrite __errno_location exit bindtextdomain getgrnam _IO_putc _IO_stdin_used strverscmp __libc_start_main strlen strchr fputs closedir __register_frame_info free mbsinit __cxa_atexit _edata __bss_start _end GLIBC_2.1 GLIBC_2.2.3 GLIBC_2.1.3 GLIBC_2.2 GLIBC_2.0 � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � [ � �ii
- � \x8F� � s�i � \x99� � s�i � \xA5� � �ii
- � \xB1� � �ii
- � \xBB� \xCC=���Y \xC0>���
\xC4>���
\xC8>���K \xCC>���R \xD0>���X \xA0<���� \xA4<���� \xA8<���� \xAC<���� \xB0<���� \xB4<���� \xB8<���� \xBC<��� \xC0<���
- \xC4<���
\xC8<���
\xCC<���
- \xD0<���� \xD4<���� \xD8<���� \xDC<���� \xE0<���� \xE4<���� \xE8<���� \xEC<���� \xF0<���� \xF4<���� \xF8<���� \xFC<���
=���� �=��� �=���!
=���" �=���# �=���$ �=���%
=���& =���' $=���( (=���) ,=���* 0=���, 4=���- 8=���. <=���/ @=���0 D=���2 H=���3 L=���4 P=���5 T=���6 X=���7 \=���8 `=���9 d=���: h=���; l=���< p=���= t=���> x=���? |=���@ \x80=���A \x84=���C \x88=���E \x8C=���G \x90=���H \x94=���I \x98=���J \x9C=���L \xA0=���M \xA4=���N \xA8=���O \xAC=���P \xB0=���Q \xB4=���T \xB8=���U \xBC=���V \xC0=���W \xC4=���Z U\x89\xE5\x83\xEC�\xE8\xED� \x90\xE8\x83� \xE8\xFEk \xC9\xC3\xFF5\x98<��\xFF%\x9C<�� \xFF%\xA0<��h \xE9\xE0\xFF\xFF\xFF\xFF%\xA4<��h� \xE9\xD0\xFF\xFF\xFF\xFF%\xA8<��h� \xE9\xC0\xFF\xFF\xFF\xFF%\xAC<��h� \xE9\xB0\xFF\xFF\xFF\xFF%\xB0<��h \xE9\xA0\xFF\xFF\xFF\xFF%\xB4<��h( \xE9\x90\xFF\xFF\xFF\xFF%\xB8<��h0 \xE9\x80\xFF\xFF\xFF\xFF%\xBC<��h8 \xE9p\xFF\xFF\xFF\xFF%\xC0<��h@ \xE9`\xFF\xFF\xFF\xFF%\xC4<��hH \xE9P\xFF\xFF\xFF\xFF%\xC8<��hP \xE9@\xFF\xFF\xFF\xFF%\xCC<��hX \xE90\xFF\xFF\xFF\xFF%\xD0<��h` \xE9 \xFF\xFF\xFF\xFF%\xD4<��hh \xE9�\xFF\xFF\xFF\xFF%\xD8<��hp \xE9 \xFF\xFF\xFF\xFF%\xDC<��hx \xE9\xF0\xFE\xFF\xFF\xFF%\xE0<��h\x80 \xE9\xE0\xFE\xFF\xFF\xFF%\xE4<��h\x88 \xE9\xD0\xFE\xFF\xFF\xFF%\xE8<��h\x90 \xE9\xC0\xFE\xFF\xFF\xFF%\xEC<��h\x98 \xE9\xB0\xFE\xFF\xFF\xFF%\xF0<��h\xA0 \xE9\xA0\xFE\xFF\xFF\xFF%\xF4<��h\xA8 \xE9\x90\xFE\xFF\xFF\xFF%\xF8<��h\xB0 \xE9\x80\xFE\xFF\xFF\xFF%\xFC<��h\xB8 \xE9p\xFE\xFF\xFF\xFF% =��h\xC0 \xE9`\xFE\xFF\xFF\xFF%�=��h\xC8 \xE9P\xFE\xFF\xFF\xFF%�=��h\xD0 \xE9@\xFE\xFF\xFF\xFF%
=��h\xD8 \xE90\xFE\xFF\xFF\xFF%�=��h\xE0 \xE9 \xFE\xFF\xFF\xFF%�=��h\xE8 \xE9�\xFE\xFF\xFF\xFF%�=��h\xF0 \xE9 \xFE\xFF\xFF\xFF%
=��h\xF8 \xE9\xF0\xFD\xFF\xFF\xFF% =��h � \xE9\xE0\xFD\xFF\xFF\xFF%$=��h�� \xE9\xD0\xFD\xFF\xFF\xFF%(=��h�� \xE9\xC0\xFD\xFF\xFF\xFF%,=��h�� \xE9\xB0\xFD\xFF\xFF\xFF%0=��h � \xE9\xA0\xFD\xF!
F\xFF\xFF%4=��h(� \xE9\x90\xFD\xFF\xFF\xFF%8=��h0� \xE9\x80\xFD\xFF\xFF\xFF%<=��h8� \xE9p\xFD\xFF\xFF\xFF%@=��h@� \xE9`\xFD\xFF\xFF\xFF%D=��hH� \xE9P\xFD\xFF\xFF\xFF%H=��hP� \xE9@\xFD\xFF\xFF\xFF%L=��hX� \xE90\xFD\xFF\xFF\xFF%P=��h`� \xE9 \xFD\xFF\xFF\xFF%T=��hh� \xE9�\xFD\xFF\xFF\xFF%X=��hp� \xE9 \xFD\xFF\xFF\xFF%\=��hx� \xE9\xF0\xFC\xFF\xFF\xFF%`=��h\x80� \xE9\xE0\xFC\xFF\xFF\xFF%d=��h\x88� \xE9\xD0\xFC\xFF\xFF\xFF%h=��h\x90� \xE9\xC0\xFC\xFF\xFF\xFF%l=��h\x98� \xE9\xB0\xFC\xFF\xFF\xFF%p=��h\xA0� \xE9\xA0\xFC\xFF\xFF\xFF%t=��h\xA8� \xE9\x90\xFC\xFF\xFF\xFF%x=��h\xB0� \xE9\x80\xFC\xFF\xFF\xFF%|=��h\xB8� \xE9p\xFC\xFF\xFF\xFF%\x80=��h\xC0� \xE9`\xFC\xFF\xFF\xFF%\x84=��h\xC8� \xE9P\xFC\xFF\xFF\xFF%\x88=��h\xD0� \xE9@\xFC\xFF\xFF\xFF%\x8C=��h\xD8� \xE90\xFC\xFF\xFF\xFF%\x90=��h\xE0� \xE9 \xFC\xFF\xFF\xFF%\x94=��h\xE8� \xE9�\xFC\xFF\xFF\xFF%\x98=��h\xF0� \xE9 \xFC\xFF\xFF\xFF%\x9C=��h\xF8� \xE9\xF0\xFB\xFF\xFF\xFF%\xA0=��h � \xE9\xE0\xFB\xFF\xFF\xFF%\xA4=��h�� \xE9\xD0\xFB\xFF\xFF\xFF%\xA8=��h�� \xE9\xC0\xFB\xFF\xFF\xFF%\xAC=��h�� \xE9\xB0\xFB\xFF\xFF\xFF%\xB0=��h � \xE9\xA0\xFB\xFF\xFF\xFF%\xB4=��h(� \xE9\x90\xFB\xFF\xFF\xFF%\xB8=��h0� \xE9\x80\xFB\xFF\xFF\xFF%\xBC=��h8� \xE9p\xFB\xFF\xFF\xFF%\xC0=��h@� \xE9`\xFB\xFF\xFF\xFF%\xC4=��hH� \xE9P\xFB\xFF\xFF 1\xED^\x89\xE1\x83\xE4\xF0PTRh�\xFD��h\xBC\x90��QVh\xB0\x97��\xE8s\xFD\xFF\xFF\xF4\x89\xF6U\x89\xE5SP\xE8 [\x81\xC3֦ \x8B\x838� \x85\xC0t�\xFFЋ]\xFC\xC9É\x{190410}\x90\x90\x90\x90\x90U\x89\xE5\x83\xEC�\x8B�\xCC;��\x85\xD2uI\x8B�\xC8;��\x8B�\x85\xC0t�\x8Dt& \x8DB�\xA3\xC8;��\xFF�\x8B�\xC8;��\x8B
-\x85\xC9u\xEA\xB8T\x92��\x85\xC0t�\x83\xEC
h\x80<��\xE8(\xFC\xFF\xFF\x83\xC4�\xB8� \xA3\xCC;��\x89\xEC]Ív U\x89\xE5\x83\xEC�\x89\xEC]Í\xB6 U\xB8D\x91��\x89\xE5\x83\xEC�\x85\xC0t�\x83\xEC�h\xD4>��h\x80<��\xE8\xD3\xFA\xFF\xFF\x83\xC4�\x89\xEC]Ð\x8D\xB4& U\x89\xE5\x83\xEC�\x89\xEC]Í\xB6 U\x89\xE5S\x83\xEC�\xA1D?��\x8B]�\x85\xC0t
\x83\xEC
h\xD8;��\xE8 4 \xC7�$\xE0;��\xE8�4 \x83\xC4�\x83\xFB�u
-\x83\xEC
h\x8F \xE8s\xFD\xFF\xFF\x83\xFB u
-\x83\xEC
h\x89 \xE8a\xFD\xFF\xFF\x83\xEC�h\x90\x96��S\xE8\xB3\xFA\xFF\xFF\x8B]\xFC\x89\xEC]Ð\x8D\xB4& U\x89\xE5WVS\x83\xEC
\x8BE�\x8B]
\x89E\xF0\x8BS
\x8BC�\x89\xD6)\xC6\xC1\xEE�\x89E\xEC\x85\xF6�\x8E} 9\xC2u�\x80K(�\x89‹C�\x8B{�\x8BK��\xC2\xF7\xD0!‰\xF8)ȉS
)\xCA9\xC2~�\x89{
\x8BC
\x83\xEC�\x89C�\x8B
\xC0>��S1ۋM\xF0Q\xE86\xFB\xFF\xFF\xEB�\x8BE\xEC\x83\xEC�\x8B�\x98CRh\xE0���\xE8\xDF\xFB\xFF\xFF\x83\xC4�9\xF3|\xE4\xA1\xC0>��\xC7E�Y+��\x89E
\x8De\xF4[^_]\xE9\xFD\xFA\xFF\xFF\x8De\xF4[^_]ÐU\x89\xE5WVS\x83\xEC�\x8B}
\x8Bu�\x8B�\xA3\xA0A��h\xE4���j�\xE8�\xFA\xFF\xFF[Xh\xE5���h\xF7���\xE8\xA1\xFA\xFF\xFF\xC7�$\xF7���\xE8e\xFB\xFF\xFFZYh\x90\x96��j�\xE8\xA7\xF9\xFF\xFF[\xBB� Xh\x90\x96��j \xE8\x94\xF9\xFF\xFFZYh\x90\x96��j�\xE8\x86\xF9\xFF\xFF\xC7�$p\xD9��\xE8fd 1\xC0\x89
|?��\xB9� 1҉
-\x80?��\xA3\x98?��\x89��?��[XWV\xE8
� \x8B
-D?��\x83\xC4�\x89Å\xC9t2\xE8\x89� \xE8T/ \x8B�<<��\x85\xD2u�\xA14<��\x85\xC0t�\x8B
-�?��\x85\xC9u
\xBA� \x89�L?��\xA1$?��1҃\xE8�\x83\xF8�v/\xA1�?��\x85\xC0t&\x8B
-T?��\x85\xC9u
\xA1X?��\x85\xC0u�\x8B
-4?��\x85\xC9u \xA1P?��\x85\xC0t�\xBA� \x89�\x88?��1\xC0\x85\xD2u�\x8B
-D?��\x85\xC9u
-\x8B�@?��\x85\xD2t�\xB8� \xA3\x8C?��\x8B
-<?��\x85\xC9tC\x8B��?��\x85\xD2u9\x83\xEC
h\x84\x94��h4\x92��j j h\xC0?��\xE8$\xF8\xFF\xFF\x83\xC4�h\x84\x94��h4\x92��j j h @��\xE8 \xF8\xFF\xFF\x83\xC4 \x83\xEC
\xB8d \xA3�?��hP- \xE8{Y 1ɣ ?��\x89
-�?��\xE8 � \x89\xF0\x83\xC4�)؉E\xF0t#1҉�|?��\xEB�\x8Dv h\xE4���j�j \x8B�\x9FCP\xE8]� \x83\xC4�9\xF3|\xE6\x8B
-|?��\x85\xC9t1\x8B�\?��\x85\xD2t�h\xE4���j�j�h����\xE8/� \xEB�\x83\xEC�j h����\xE8\xFE� \x83\xC4�\xA1�?��\x85\xC0t,\xE8\x9D
\xA1\?��\x85\xC0u�\x83\xEC�j h\xE4���\xE8%
\xA1�?��\x83\xC4�\xEB�\xA1�?��\x85\xC0t2\xE8\xCD" \x8B
�?��\x85\xDB�\x84\xA3 \x8B=\xC0>��\x83\xEC�Wj
-\xE82\xFA\xFF\xFF\xFF�\xA4?��\x83\xC4�\xEB$\x8Dv \x83}\xF0�w�\x8B
�?��\x85\xDBtt\x8Bs�\x85\xF6um1ɉ
-\x80?��\xEBc\x8B
�?��\xEB[\x8D\xB4& \x8BC�\x83\xEC�\x8BS�\xA3�?��R\x8B�P\xE8\xA9� \x8B3_V\xE8\xE4\xF9\xFF\xFF\x8BC�\x83\xC4�\x85\xC0t
\x83\xEC
P\xE8\xD1\xF9\xFF\xFF\x83\xC4�\x83\xEC
S\xBB� \xE8\xC0\xF9\xFF\xFF\x89
\x80?��\xA1�?��\x83\xC4�\x89Å\xDBu\xA8\x8B
-<?��\x85\xC9tT\x8B��?��\x85\xD2uJ\x83\xEC�h\xC0?��h����\xE8�\xFC\xFF\xFF_Xh @��h
-���\xE8\xF1\xFB\xFF\xFFj�h\x80���h`���hp?��\xE8{< \x83\xC4�Ph\x80���\xE81\xF8\xFF\xFF\x83\xC4�\x8B5D?��\x85\xF6t
\x83\xEC
h\xD8;��\xE8\x83/ \xC7�$\xE0;��\xE8w/ \x83\xC4�\xA1\x98?��\x89E�\x8De\xF4[^_]\xE9\xD4\xF8\xFF\xFFU\x89\xE51\xC0WVS\x83\xEC
\xC7E\xDC \x8B}�\xA3l?��\xA1X<��\x8Bu
\x83\xF8�t�\x83\xF8��HtA\xEB\x83\xF8�t�\xEBx\x83\xEC�\xBB� j�j \x89
�?��\xEB�\x8Dt& \x83\xEC�1\xC9j�j \x89
-�?��\xE8\xDCL \x83\xC4�\xEBL\x8D\xB4& \x83\xEC
j�\xE8\xCA\xF8\xFF\xFF\x83\xC4�\x85\xC0t�\xBA� \xB8� \x89��?��\xA3l?��\xEB
\xBB� 1ɉ
�?��\x89
-l?��\xEB�\x8Dv \xE8?\xF6\xFF\xFF1\xD21\xC01ɉ�
?��1һ� \xA3 ?��1\xC0\x83\xEC
\x89
$?��1ۉ
-(?��1ɉ�0?��1ң4?��1\xC0\x89
@?��1ۉ
-P?��1ɉ�T?��1ңX?��1\xC0\x89
\?��h����\x89
-`?��\x89�d?��\xA3h?��\xE8\xF3\xF4\xFF\xFF\x89Ã\xC4�\x85\xDBt.j�h\x80���h`���S\xE8\xC48 \x83\xC4�\x85\xC0x�\x8B
\x85\x80���\x83\xEC�Sj \xE8\xDBK \x83\xC4�\x83\xEC�h8?��j h(���\xE8\xA8\xF4\xFF\xFF\x89�$\xE8\xECD \xB9P \xC7�$6���\x89
-\x84?��\xE8\x89\xF4\xFF\xFF\x89Ã\xC4�\x85\xDBtX\x80; tS\x83\xEC
\x8DE\xECj Pj j S\xE8\xE4V \x83\xC4 \x85\xC0u�\x8BE\xEC\x85\xC0~�\xA3\x84?��\xEB+\x83\xEC
S\xE8\xA6S \x83\xC4�Pj�h\xC0���j \xE8X\xF4\xFF\xFF\x83\xC4
Pj j \xE8\xEB\xF7\xFF\xFF\x83\xC4�\x83\xEC�\x8DE\xE0Ph�T j�\xE8�\xF7\xFF\xFF\x83\xC4�@t�f\x83}\xE2 t �\xB7E⣄?��\x83\xEC
\xBA� h>���\x89�x?��\xE8\xE7\xF3\xFF\xFF\x83\xC4�\x85\xC0�\x85\xFB� \x83\xEC
hN���\xE8\xCF\xF3\xFF\xFF\x89Ã\xC4�\x85\xDB�\x84\xE1� \x83\xEC
\x8DE\xECj Pj j S\xE8+V \x83\xC4 \x85\xC0u�\x8BE\xEC\x85\xC0x
-\xA3x?��\xE9\xB6� \x8Dv \x83\xEC
S\xE8\xE7R \x83\xC4�Pj�h ���j \xE8\x99\xF!
3\xFF\xFF\x83\xC4
Pj j \xE8,\xF7\xFF\xFF\xE9\x83� \x8Dv �\x83 =
� �\x87f� \xFF$\x85\xD0 ��\xB8� \xBB� \xA3`?��\x89
d?��\xE9R� \x83\xEC�j�j \xE8CJ \xE9>� \xB9� \x89
-
?��\xE91� \xBA� \x89�\?��\xE9!� \xC7E\xDC� \x8B��?��1ɉ
-$?��\xB8� \xBB� \xA3`?��\x85҉
d?��u�\x83\xEC
j�\xE8\xEA\xF5\xFF\xFF\x83\xC4�1҅\xC0�\x95\xC2B\x89��?��1\xC01ۣ4?��\x89
D?��\xE9\xC4� \x90\xB9 \xFC\xFF\xFF\x89
-8?��\xE9\xB3� \x83\xEC�j�h\x80���j \xE8\xA3\xF2\xFF\xFF\x83\xC4
Pj j \xE86\xF6\xFF\xFF\x83\xC4�\xBA�\xFC\xFF\xFF\x89�8?��\xE9\x82� \xB8� \xA3P?��\xE9s� \xBB � \x89
8?��\xE9c� 1ɉ
-�?��\xE9V� \x8Dv \xBA� \x89��?��\xE9C� \xB8� \xA30?��\xE94� \x901۹� \x89
�?��\x89
-,?��\xE9�� \xBA� \x89�@?��\xE9
� \xB8� \xA3l?��\xE9\xFC� \xBB� \x89
(?��\xE9\xEC� \xB9� \x89
-4?��\xE9\xDC� \xC7E\xDC� \xBA� \x89�$?��\xE9\xC5� \x89\xF6\xB8� \xA3
?��\xE9\xB4� \x90\xC7E\xDC� \xBB� \x89
$?��\xE9\x9C� \x83\xEC
\x8DE\xEC\x8B
-\xCC>��j Pj j Q\xE8\xE0S \x83\xC4 \x85\xC0u�\x8BE\xEC\x85\xC04\x8B�\xCC>��\x83\xEC
R\xE8\xA3P \x83\xC4�Pj�hV���j \xE8U\xF1\xFF\xFF\x83\xC4
Pj j�\xE8\xE8\xF4\xFF\xFF\x8BE\xEC\x83\xC4�\xA3\x84?��\xE97� \x8Dt& \xB8� \xA3�?��\xE9$� \x901۹� \x89
d?��\x89
-`?��\xE9
� \x83\xEC
hn���\xE8�� \xC7�$m���\xE8�� \xE9\xEA� \xBA� \x89��?��\xE9\xDD� \xB8� \xA3<?��\xE9\xCE� \xBB� \x89
@?��\xE9\xBE� \xB9� \x89
-,?��\xE9\xAE� \x8B�\xCC>��\x83\xEC
R\xE8\xBC
- \xE9\x97� \x8D\xB4& \xB8� \xA3T?��\xE9\x84� \x90\x83\xEC�j j \xE8tG \xE9o� \x83\xEC�j�j \xE8cG \xE9^� \xBB� \x89
X?��\xE9Q� \xC7E\xDC� \xB9� \x89
-$?��\xE9:� \x8D\xB4& \x83\xEC
\x8DE\xEC\x8B�\xCC>��j Pj j R\xE8wR \x83\xC4 \x85\xC0u
\x8BE\xEC\x85\xC0�\x89H\xFC\xFF\xFF\xA1\xCC>��\x83\xEC
P\xE87O \x83\xC4�Pj�hq���j \xE8\xE9\xEF\xFF\xFF\x83\xC4
Pj j�\xE8|\xF3\xFF\xFF\x8BE\xEC\x83\xC4�\xE9�\xFC\xFF\xFF\xC7E\xDC� 1ۉ
$?��\xE9\xBC� \xC7E\xDC� \xB9� \x89
-$?��\xE9\xA5� \x89\xF6\x8B��?��\x85\xD2�\x84\x95� \xB8� \xA3�?��\xE9\x86� \x8Dv \x8B
\<��\x83\xEC�\x8B
-\xCC>��Sj�j�h@ ��h( ��Qh\x86��!
�\xE8\xE74 \xC7E\xDC� \x8B�\x85@ ��\x83\xC4 \xA3$?��\xE9?� \x8B�\<��\x83\xEC�\xA1\xCC>��Rj�j�hl ��hT ��Ph\x8D���\xE8\xA44 \x8B�\x85l ��\x83\xC4 \xA3
?��\xE9�� \x8B
\<��\x83\xEC�\x8B
-\xCC>��Sj�j�h
��h\xEC\xFF��Qh\x94���\xE8g4 \x8B�\x85
��\x83\xC4 \xA3�?��\xE9\xC6� \x8Dv 1Ҹ� \x89��?��\xA3 ?��\xE9\xAC� \xA1\xCC>��\x85\xC0t0\x8B
\<��\x83\xEC�Sj�j�h\xA8 ��h\x80 ��Ph\x9D���\xE8
-4 \x8B�\x85\xA8 ��\x83\xC4 \xEB�\x90\xB8� 1ۃ\xF8�tJ\x83\xF8�uJ\x83\xEC
j�\xE8Y\xF1\xFF\xFF\x83\xC4�\x85\xC0t9\x83\xEC
h\xA5���\xE8%\xEE\xFF\xFFZYPj \xE8\xBB\xEF\xFF\xFF\x83\xC4�\x85\xC0~�\x83\xEC�j h\xAA���\xE8\xD5\xF1\xFF\xFF\x83\xC4�\x85\xC0t�\xBB� \x89
D?��\x85\xDB�\x84
-� 1\xC0\xE9C\xFA\xFF\xFF\x8B
\<��\x83\xEC�\x8B
-\xCC>��Sj�j�h`\xFD��hP\xFD��Qh\xAD���\xE8g3 \x8B�\x85`\xFD��\x83\xC4 \xA3@?��\xE9\xC6 \x8Dv \x8B�\<��\x83\xEC�\xA1\xCC>��Rj�j�h\x80���h`���Ph\xBF���\xE8(3 \x8B
\x85\x80���\x83\xC4(Sj \xE8\x86D \xE9\x81 \x901ɉ
-l?��\xEBy\x8D\xB6 \x83\xEC�\x8B�\xCC>��h8?��j�R\xE8\x8A= \xEBX\x83\xEC
j \xEBL\x90\xA1X<��\x83\xEC
\xBA\xFE���h ���\x83\xF8�h\xCF���h\xF7���t�\x83\xF8�\xBA\xD4���t�\xBA\xD3���R\xA1\xC0>��P\xE84M \x83\xC4�j \xE8\x9E\xEF\xFF\xFF\x83\xEC
j�\xE8\x90. \x83\xC4�\x83\xEC
j h\xAC\xFD��h@���VW\xE8\xEB\xEE\xFF\xFF\x83\xC4 \x83\xF8\xFF�\x85[\xF9\xFF\xFF\x83\xEC
j \xE8\x81C \x89�$\xA3p?��\xE8\xA4C \x83\xC4�\x83\xF8�u�\x83\xEC�\x8B=p?��j�j W\xE8\xC9C \x83\xC4�\xA1@?��\x85\xC0t+\x8D\x98\xD7���\x80; t \x89\xF6\x83\xEC�\x8B5p?��j��\xBE�CPV\xE8\x9AC \x83\xC4�\x80; u\xE2\x83\xEC
j \xE8�C \xA3t?��\x83\xC4
j�j:P\xE8vC \xA1
?��\x83\xC4�H\x83\xF8�w
\x8B]܅\xDBu�\xA1�?��\x85\xC0t�\xB9� \x89
-$?��\xEB�\xA1�?��\x85\xC0uY\x8B� ?��\x85\xD2t \x83\xEC�j�h\xDD���j \xE8
\xEC\xFF\xFF\xA3\x94?��\x83\xC4�\xA3\x90?��\xEB/\x83\xEC�j�h\xF2���j \xE8\xEB\xEB\xFF\xFF\xA3\x90?��\x83\xC4
j�h\xFC���j \xE8\xD5\xEB\xFF\xFF\xA3\x94?��\x83\xC4�\xA1\xD0>��\x8De\xF4[^_]Í\xB6 \x8D\xBF U\x89\xE5W1\xFFV1\xF6S\x83\xEC
\x8BE
\x8B�\x8BE�\x8B�\xC7E\xF0 \x89\xF6\x83\xFF��\x87\x8E� \xFF$\xBD�����\xB6�<=t0<=
-\x84\xC0t/<:t+\xEB3<\t�<^t�\xEB)\x90\xBF� A\xE9e� \x90\x8Dt& \xBF� \xEB\xEE\x8BU�\x85\xD2t
-\xBF� \xE9H� \x88�A\xE9(� �\xBE�\x83\xF8xw\xFF$\x850���\x90\xBF� \x8Dp\xD0\xEBo\x8D\xB6 \xBF� 1\xF6\xEB`\x8D\xB4& \xBE� \xEBR\xBE� \xEBK\x89\xF6\xBE� \xEBB\xBE
\xEB;\x89\xF6\xBE
- \xEB2\xBE
- \xEB+\x89\xF6\xBE \xEB"\xBE
\xEB�\x89\xF6\xBE \xEB�\xBE \xEB
\x89\xF6\xBF� \xEB�\x89ƃ\xFF��\x85C\xFF\xFF\xFF\x89\xF01\xFF\x88�C\xFFE\xF0\xE94\xFF\xFF\xFF�\xB6�,0<�v�\x89\xF01\xFF\x88�\xEBv�\xBE�A\x8Dt\xF0\xD0\xE9\x81 \x90�\xBE�\x8DBЃ\xF86w5\xFF$\x85 ���\x89\xF0\xC1\xE0�\x8Dt�\xD0\xE9\xF5\xFE\xFF\xFF\x89\xF0\xC1\xE0�\x8Dt�\xA9\xE9\xE7\xFE\xFF\xFF\x89\xF6\x89\xF0\xC1\xE0�\x8Dt�\xC9\xE9\xD7\xFE\xFF\xFF\x89\xF6\x89\xF01\xFF\x88�\xEB �\xB6�1\xFF\x88\xD0,@<>w
\x80\xE2�A\x88�\xEB
\x8Dv \x80\xFA?u
\xC6�C\xFFE\xF0\xEB�\x89\xF6\xBF� \xEB \xE8\xA8\xEA\xFF\xFF\x8Dt& \x83\xFF��\x86W\xFE\xFF\xFF\x8BE�\x89�\x8BE
\x89�1\xC0\x83\xFF��\x95\xC0H E\xF0\x8BE\xF0\x83\xC4
[^_]Í\xB6 U\x89\xE5WVS\x83\xEC8h����\xE8\x91\xE9\xFF\xFF\x89Eԃ\xC4�\x85\xC0�\x84\xC1� \x808 �\x84\xB8� \xC7E\xCC \x83\xEC
\xBB� Pf\xC7E\xD8??\xC6E\xDA \xE87K \xA3H?��\x83\xC4�\x89EЍ\xB6 \x8D\xBF \x83\xFB��\x84\xBB \x83\xFB�
-\x83\xFB�t
\xE9\xDD� \x83\xFB��\x84\xFF \x83\xFB��\x84\x87� \xE9\xC6� \x90\x8BE\xD4�\xB6�\x80\xFA*t%\x80\xFA*�1ۄ\xD2�\x84\xAB� \xEBe\x8Dt& \x80\xFA:u\@\x89E\xD4\xE9\x97� \x89\xF6\x83\xEC
j�\xE8&J \x89E̡P<��\x8BU\xCC\xFFEԃ\xC4
\x89B�\x8BEЉ�P<��\x89B�\x8DE\xD4j�P\x8DE\xD0P\xE8�\xFD\xFF\xFF\x8BỦ\xC3\xF7Ӊ�\xC1\xEB�\x83\xC4�\x8D\\x9B\xFF\xE9D� �\xB6 \xBB� \xFFEԈE\xD8\xE91� \x8BE\xD4�\xB6�\x84\xD2�\x84
� \x88U\xD9@\xBB� \x89E\xD4\xE9�� \x8BEЃ\xEC�\x8D
\xFD j \x89\x83\xDC;��\x8DE\xD4P\x8DE\xD0P\xE8\xAB\xFC\xFF\xFF\x89\x83\xD8;��\x89\xC3\xF7\xD3\xC1\xEB�\x83\xC4�\x8D\�\xFF\xEBa\x90\x8Dt& \x8BUԻ\xFF\xFF\xFF\xFF\x8DB�\x89EԀ:=�\x85\xBE \x8B�l\xFD��1\xFF\x85\xD2t9\x8DE\xD81\xF6\x89EȐ\x8Dt& \x8B\x86l\xFD��\x83\xEC�\x8BM\xC8PQ\xE8\xC1\xE7\xFF\xFF\x83\xC4�\x85\xC0�\x84u\xFF\xFF\xFF\x83\xC6�\x8B\x96l\xFD��G\x85\xD2uԃ\xFB\xFFut\x83\xEC
\x8DE\xD8P\xE8�G \x83\xC4�Pj�h����j \xE8\xC5\xE7\xFF\xFF\x83\xC4
Pj j \xE8X\xEB\xFF\xFF\x83\xC4�\xEBD\x8BUԍB�\x89EԀ:=u1\x8BEЃ\xEC�\x8BỦB
\x8DE\xD4j P\x8DE\xD0P\xE8\xD6\xFB\xFF\xFF\x8BỦ\xC3\xF7ӉB�\xC1\xEB�\x83\xC4�\x8D\�\xFF\xEB�\xBB\xFF\xFF\xFF\xFF\x85\xDB�\x8F�\xFE\xFF\xFF\x85\xDByP\x83\xEC�j�h@���j \xE8R\xE7\xFF\xFF\x83\xC4
Pj j \xE8\xE5\xEA\xFF\xFF\x8B=H?��XW\xE8�\xEA\xFF\xFF\x8B
P<��\xEB�\x89؋[�\x83\xEC
P\xE8\xF2\xE9\xFF\xFF\x83\xC4�\x85\xDBu\xEB1\xF6\x895D?��\x83=�<���u(\x83\xEC�\x8B
<��j�h-���S\xE8D\xE8\xFF\xFF\x83\xC4�\x85\xC0u
\xB9� \x89
-
?��\x8De\xF4[^_]Í\xB6 U\x89\xE5WVS\x83\xEC�\x8B]�j
\x8B}
\xE8\xEAG \x89ơ�?��\x89F�\x89
$\x895�?��\xE8bH \x89�\x83\xC4�\x85\xFFt�\x83\xEC
W\xE8PH \x89F�\x83\xC4�\xEB�\xC7F� \x8De\xF4[^_]É\xF6\x8D\xBC' U\x89\xE5WVS\x83\xECL\xC7E\xB0 \x8B}�\xC7E\xB4 \xE8\xA5\xE6\xFF\xFF\x89Ã\xEC
\xC7� W\xE8\x94\xE8\xFF\xFF\x89ƃ\xC4�\x85\xF6u,\x83\xEC
W\xE8.F \x83\xC4�\xBF� Ph*���\x8B�Pj \xE8\xBA\xE9\xFF\xFF\x89=\x98?��\xE9�� \xE8\xD6� \xEBH\x8Dt& \x83\xEC
S\xE8G� \x83\xC4�\x85\xC0t4�\xB6C�1\xD2<�t�<�t
<�t�<
t�\xFE\xC8u��\xB6S�W\x8DC�j RP\xE8�� �E\xB0�U\xB4\x83\xC4�\x83\xEC
V\xE8'\xE5\x!
FF\xFF\x89Ã\xC4�\x85\xDBu\xAA\x83\xEC
V\xE8\xB5\xE7\xFF\xFF\x83\xC4�\x85\xC0t4\x83\xEC
W\xE8\x91E \x83\xC4�Ph*���\x83\xEC�\xE8\xD4\xE5\xFF\xFF[\x8B�^Qj \xE8�\xE9\xFF\xFF\xBA� \x83\xC4�\x89�\x98?��\xE8A
\xA1X?��\x85\xC0t�\x83\xEC�j�W\xE8\xCD \xA1X?��\x83\xC4�\x85\xC0u
-\xA1\x80?��\x85\xC0�\x84,� \xA1<?��\x85\xC0t-\x8B5�?��\x85\xF6u#\x8B
\xC0>��\x83\xEC�Sh4���\xE8�\xE6\xFF\xFF\xA1<?��\x83\xC4�\x83�\xA4?���\x85\xC0tT\x8B
-�?��\x85\xC9uJ\x8B�
@��\x8DB�;��@��v�\x83\xEC�j�h @��\xE8\xC4\xE7\xFF\xFF\x8B�
@��\x83\xC4�\x8D\xB4& \x83\xEC�j�h\xA4?��R\xE8t\xE6\xFF\xFF\x83�
@���\x83\xC4�\x8BE
\x83\xEC�\x8B�t?��\x85\xC0Ru�\x89\xF8P\xA1\xC0>��P\xE8\xE7� ��\xA4?��\x83\xC4�\x8B=<?��\x85\xFFtN\x8B5�?��\x85\xF6uD\x8B�
@��\x8DB�;��@��v�\x83\xEC�j�h @��\xE8>\xE7\xFF\xFF\x8B�
@��\x83\xC4�\x90\x83\xEC�j�h\xA4?��R\xE8\xF4\xE5\xFF\xFF\x83�
@���\x83\xC4�\x8B
\xC0>��\x83\xEC�Sh7���\xE8�\xE5\xFF\xFF\x83�\xA4?���\x83\xC4�\xA1�?��\x85\xC0t�\x8B
-4?��\x85\xC9�\x84\xCE \x8B�<?��\x85\xD2t"\x85\xC0u
\x8B=\xC0>��\x83\xEC�Wh4���\xE8\xC3\xE4\xFF\xFF\x83�\xA4?���\x83\xC4�\x83\xEC�j�h:���j \xE8\xB8\xE3\xFF\xFFY\x89\xC3^\x8B�\xC0>��RS\xE8\x97\xE4\xFF\xFF\x83\xEC
S\xE8\x9E\xE4\xFF\xFF��\xA4?��\x83\xC4�\xA1\xC0>��Pj \xE8H\xE6\xFF\xFF^\xFF�\xA4?��_j�\x8B
8?��\x8BM\xB4\x8DE\xB8\x8BU\xB0Sh � PQR\xE8\xED- \x89Ã\xC4�\xA1\xC0>��PS\xE8@\xE4\xFF\xFF\x83\xEC
S\xE8G\xE4\xFF\xFF��\xA4?��\x83\xC4�\x8B=\xC0>��Wj
-\xE8\xF0\xE5\xFF\xFF\xFF�\xA4?��\x83\xC4�\x8B5�?��\x85\xF6t�\xE8T� \x8B
�?��\x85\xDBt�\x8B
-\xC0>��\x83\xEC�Qj
-\xE8\xBD\xE5\xFF\xFF\xFF�\xA4?��\x83\xC4�\x8De\xF4[^_]Ð\x8D\xB4& U\x89\xE5S\x83\xEC�\x8B]�j�\xE8\xFFC \x8B�h?��\x89�\x89P�\x8B]\xFC\xA3h?��\x89\xEC]Ð\x8D\xB4& U\x89\xE5WVS\x83\xEC
\x8B
h?��\x8B}�\x85\xDBt&\x8Dw�\x8D\xB4& \x83\xEC�j�V\x8B�P\xE8F\xE3\xFF\xFF\x83\xC4�\x85\xC0t;\x8B[�\x85\xDBu\xE4\x8B
-d?��\x85\xC9u \x80�.u�\x8B�`?��\x85\xD2t�\x80� t��\xB7G�f\x83\xF8.t
-\xB8� \xEB�\x8Dv 1\xC0\x8De\xF4[^_]Í\xB6 U\x89\xE5V1\xF6;5�?��S}J1\xDB\xEB
-\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\xA1 ?��\x83\xEC
\x8B��P\xE8\xD3\xE4\xFF\xFF\xA1 ?��\x83\xC4�\x8BD�d\x85\xC0t
\x83\xEC
P\xE8\xBA\xE4\xFF\xFF\x83\xC4�F\x83\xC3t;5�?��|\xC71ɺ� \x89
-�?��\x89��?��\x8De\xF8[^]Í\xB6 \x8D\xBC' U\x89\xE5WVS\x81\xEC\xAC \x8B
-�?��\x8B]
\x8B}�;
-�?��u1\x8D� \x8B5 ?��\xC1\xE1�\xA3�?��)\xC1\x8D�\x88\x83\xEC�\xC1\xE0�PV\xE8\xCDB \x8B
-�?��\x83\xC4�\xA3 ?��\x8D�\xCD \x8B� ?��)ȍ�\x81\xC1\xE0�1ɉL�d1\xF61ɉt�h\x89L�l\x8BE�\x85\xC0u \x8B5\x88?��\x85\xF6u�\x8B
-\x8C?��\x85\xC9�\x84\xBE� \x85\xDB�\x85\xB6� \x8BE�\x808/t�\x80? u�\x8Bu�\xEB5\x8BU�\x83\xEC
R\xE8\xF7\xE1\xFF\xFF\x89<$\x89\xC3\xE8\xED\xE1\xFF\xFF\x8DD��\x83\xE0\xF0\x83\xC4�)ċE�\x89\xE6\x83\xEC�PWV\xE8
-! \x83\xC4�\x8B=T?��\x85\xFFt(\xA1�?��\x83\xEC�\x8D�\xC5 )�\x90\xA1 ?��\x8DT\x90�RVj�\xE8\xFE\xE1\xFF\xFF\xEB&\xA1�?��\x83\xEC�\x8D�\xC5 )�\x90\xA1 ?��\x8DT\x90�RVj�\xE8\xD6\xE2\xFF\xFF\x83\xC4�\x85\xC0y;\x83\xEC
V\xE8b@ \x83\xC4�Ph*���\x83\xEC�\xE8\xA5\xE0\xFF\xFF[\x8B�^Qj \xE8\xE9\xE3\xFF\xFF\xBA� 1\xC0\x89�\x98?��1\xD2\xE91� \x90\x8B
-�?��\x8B� ?��\x8D�\xCD )ȉˍ�\x81\x8BD\x82�\x89\xD7% \xF0 = \xA0 �\x85\xAC� \x8BE�\x85\xC0u�\xA1�?��\x85\xC0t
-\xA1L?��\x85\xC0�\x84\x8F� \x8D�\xDD )؍�\x83\x83\xEC�\x8D�\x87PV\xE8\xDA� \x8B
- ?��XZ\x8B��?��\x8D�\xD5 )Ѝ�\x82\x8B|\x81dWV\xE85� \x89\x85T\xFF\xFF\xFF\x83\xC4�\x85\xC0�\x84�� \x8B]�\x85\xDBt
-\x8B
-�?��\x85\xC9u�\x8B�@?��\x85\xD2u
-\xA1L?��\x85\xC0�\x84\xE6 \x8B\xBDT\xFF\xFF\xFF\x83\xEC�\x8Du\x88VWj�\xE8\xBB\xE0\xFF\xFF\x83\xC4�\x85\xC0�\x85\xC6 \x8B��?��\xBB� \x8B
- ?��\x8D�\xD5 )Ѝ�\x82\x8D�\x85 \x8BE�\x89\�l\x85\xC0tm\x8B=�?��\x85\xFFtc\x8B]\x98\x89\xD8% \xF0 = @ uU\x8B
\?��\x85\xDBu�\x8B\x9DT\xFF\xFF\xFF\x8B}�\x8BD�d\x89]�\x89\x85T\xFF\xFF\xFF\x89|�d\xFC\xA1�?��\xB9� \x8D<\xC5 )Ǎ<\xB8\xA1 ?��\xC1\xE7��ǃ\xC7�\xF3\xA5\xEB0\x8D\xB6 \x8B]\x98\xA1�?��\x8B
- ?��\x8D�\xC5 )�\x90\xC1\xE2�\x89\�h\xBB� \x89\�l\x8B\x95T\xFF\xFF\xFF\x85\xD2t
\x8B\x85T\xFF\xFF\xFF\x83\xEC
P\xE8A\xE1\xFF\xFF\x8B
-�?��\x83\xC4�\xEB�\x89\xF6\x8B
-�?��\x8B� ?��\x8D�\xCD )ȍ�\x81\xC1\xE0�\x8B\��\x81\xE3 \xF0 \x81\xFB \xA0 u
\xBF
- \x89|�p\xEBH\x81\xFB @ u7\x8Bu�\x85\xF6t�\x8B
\?��\x85\xDBu�\xBF
\x89|�p\xEB$\x8Dt& \x8D�\xCD )ȍ�\x81\xBE� \x89t\x82p\xEB \xBB� \x89\�p\x8B��?��\x8B
- ?��\x8D�\xD5 )Ѝ�\x82\xC1\xE0�\x8BT��\x81\xE2 \xF0 \x81\xFA \x80 t
1\xF61\xFF\x81\xFA @ u�\x8Bt�<\x8B|�@\x8B
-8?��\x83\xEC�\x8D\x85X\xFF\xFF\xFFj�Qh � PWV\xE8�( \x83\xC4�P\xE8{\xDE\xFF\xFF\x83\xC4�9��?��}:\x83\xF8�~�\xB8� \xA3�?��\xEB)\xA1�?��1\xF61\xFF\x8B
- ?��\x8D�\xC5 )�\x90\xC1\xE2�\x89\�p\xC1\xE3
\x89\��\x8BU�\x83\xEC
R\xE8\xE6> \x8B
-�?��\x8B
?��\x8D�\xCD )ʍ�\x91A\x89�\x93\x89\xF0\x89\xFA\x89
-�?��\x8De\xF4[^_]Ð\x8D\xB4& U\x89\xE5V\x8Bu�S\x81\xEC�� \x89\xE3\x83\xEC�h � SV\xE8�\xDC\xFF\xFF\x83\xC4�\x85\xC0y:\x83\xEC
V\xE8\xC1< \x83\xC4�Ph*���\x83\xEC�\xE8�\xDD\xFF\xFFY\x8B�[Rj \xE8H\xE0\xFF\xFF\xB8� \x83\xC4�\xA3\x98?��\xEB�\x90\x8Dt& \xC6�� \x83\xEC
S\xE8C> \x8BU
\x83\xC4�\x89Bd\x8De\xF8[^]Ív U\x89\xE5WVS\x83\xEC
\x8B}
\x8BE�\x85\xFF\x89E\xF0u
-1\xC0\xE9\x81 \x8Dv \x80?/u�\x89}�\x8De\xF4[^_]\xE9\xFC= \x83\xEC�j/\x8Bu\xF0V\xE8�\xDE\xFF\xFF\x89ƃ\xC4�\x85\xF6u�\x89}�\x8De\xF4[^_]\xE9\xD6= \x8D\xB6 \x8B]\xF0\x83\xEC
W)ލ^�\xE8�\xDD\xFF\xFF\x8DD��\x89�$\xE8#= \x83\xC4
\x89\xC6S\x8D
3\x8BM\xF0QV\xE84\xDF\xFF\xFFXZWS\xE8\x9B\xDF\xFF\xFF\x89\xF0\x83\xC4�\x8De\xF4[^_]Ív \x8D\xBC' U\x89\xE5\x83\xEC�\x8BE�P\xE8!" \x83\xC4�1ɀ8.u��\xB6P�\x84\xD2t
\x80\xFA.u
\x80x� u�\xB9� \x89ȉ\xEC]É\xF6\x8D\xBC' U\x89\xE5WVS\x83\xEC
\x8B��?��\x8B}�\x89\xD0H\x89E\xF0�\x88\xD5 \x8B]\xF0\xC1\xE0�\x8BU\xF0)؍�\x82\x8D4\x85 \x8D\xB6 \x8D\xBC' \x8B� ?��\x8BD2p\x83\xF8�t \x83\xF8
�\x85\x89 \x8BM
\x85\xC9t�\x8B�2\x83\xEC
R\xE8U\xFF\xFF\xFF\x83\xC4�\x85\xC0uo\x8B� ?��\x8B�2\x808/t�\x80? u�\x8BD2d\x83\xEC�P\x8B
2S\xE8�\xF4\xFF\xFF\xEB+\x83\xEC�j \x8B
2QW\xE8y0 \x89\xC3X\xA1 ?��\x8BL0dZQS\xE8\xF5\xF3\xFF\xFF\x89
$\xE8\x91\xDD\xFF\xFF\x83\xC4�\xA1 ?��\x83|0p
u�\x8B�0\x83\xEC
R\xE8v\xDD\xFF\xFF\x83\xC4�\x83\xEEt\xFFM\xF0�\x89S\xFF\xFF\xFF\x8B��?��\xC7E\xEC 9U\xEC\xC7E\xF0 }>\xC7E\xE8 1ې\xA1 ?��\x83|�p
t
\xFC\x8B}\xE8\xB9
\x8D4��\xC7\xF3\xA5\x83E\xE8t\x8B��?��\xFFE\xEC\xFFE\xF0\x83\xC3t9U\xF0|̋E\xEC\xA3�?��\x8De\xF4[^_]Í\xB6 \x8D\xBF U\x89\xE5\x83\xEC�\xA1$?��\x83\xF8��\x87\xE2 \xFF$\x85 ���\x90\x8Dt& \xA1
?��\x83\xF8�t�\x83\xF8�r1\x83\xF8�tL\xE8\x9B\xDA\xFF\xFF\x8D\xB4& \x8B
-(?��\xB8 \xB9��\x85\xC9�\x85\xAD \xB8\xB0\xB8��\xE9\xA3 \x8Dv \x8B�(?��\xB8\xA0\xB9��\x85\xD2�\x85\x8D \xB8P\xB9��\xE9\x83 \x8Dv \x8B
-(?��\xB8@\xBA��\x85\xC9uq\xB8\xF0\xB9��\xEBj\x8B�(?��\xB8\xB0\xBB��\x85\xD2u[\xB8\x90\xBB��\xEBT\x8Dt& \x8B
-(?��\xB8`\xBC��\x85\xC9uA\xB8�\xEB:\x8B�(?��\xB8\xF0\xBA��\x85\xD2u+\xB8\x90\xBA��\xEB$\x8Dt& \x8B
-(?��\xB8p\xBB��\x85\xC9u�\xB8P\xBB��\xEB
-\xE8\xD9\xD9\xFF\xFF\x90\x8Dt& P\x8B��?��jt\xA1 ?��RP\xE8/\xDA\xFF\xFF\x89\xEC]Í\xB4& U\x89\xE5V\x8Bu�S\x8B]
\x8BVT\x8BKT9\xD1|
\xB8 �\x9F\xC0\xEB�\x90\xB8\xFF\xFF\xFF\xFF\x85\xC0u�\x8B�\x83\xEC�P\x8B
S\xE8
-\xDB\xFF\xFF\x83\xC4�\x8De\xF8[^]\xC3\xEB
-\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90U\x89\xE5V\x8Bu
S\x8B]�\x8BVT\x8BKT9\xD1|
\xB8 �\x9F\xC0\xEB�\x90\xB8\xFF\xFF\xFF\xFF\x85\xC0u�\x8B
\x83\xEC�Q\x8B�R\xE8\xBD\xDA\xFF\xFF\x83\xC4�\x8De\xF8[^]\xC3\xEB
-\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90U\x89\xE5V\x8Bu�S\x8B]
\x8BVL\x8BKL9\xD1|
\xB8 �\x9F\xC0\xEB�\x90\xB8\xFF\xFF\xFF\xFF\x85\xC0u�\x8B�\x83\xEC�P\x8B
S\xE8m\xDA\xFF\xFF\x83\xC4�\x8De\xF8[^]\xC3\xEB
-\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90U\x89\xE5V\x8Bu
S\x8B]�\x8BVL\x8BKL9\xD1|
\xB8 �\x9F\xC0\xEB�\x90\xB8\xFF\xFF\xFF\xFF\x85\xC0u�\x8B
\x83\xEC�Q\x8B�R\xE8
\xDA\xFF\xFF\x83\xC4�\x8De\xF8[^]\xC3\xEB
-\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90U\x89\xE5V\x8Bu�S\x8B]
\x8BVD\x8BKD9\xD1|
\xB8 �\x9F\xC0\xEB�\x90\xB8\xFF\xFF\xFF\xFF\x85\xC0u�\x8B�\x83\xEC�P\x8B
S\xE8\xCD\xD9\xFF\xFF\x83\xC4�\x8De\xF8[^]\xC3\xEB
-\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90U\x89\xE5V\x8Bu
S\x8B]�\x8BVD\x8BKD9\xD1|
\xB8 �\x9F\xC0\xEB�\x90\xB8\xFF\xFF\xFF\xFF\x85\xC0u�\x8B
\x83\xEC�Q\x8B�R\xE8}\xD9\xFF\xFF\x83\xC4�\x8De\xF8[^]\xC3\xEB
-\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90U\x89\xE5WVS\x83\xEC
\x8B}
\x8BE�\x8Bw4\x8BH4\x8B_0\x8BP09\xCE|��9\xD3r�9θ� �|�9\xD3w 1\xC0\xEB�\xB8\xFF\xFF\xFF\xFF\x85\xC0u�\x8B7\x83\xEC�\x8BE�V\x8B�S\xE8�\xD9\xFF\xFF\x83\xC4�\x8De\xF4[^_]Ív U\x89\xE5WVS\x83\xEC
\x8B}�\x8BE
\x8Bw4\x8BH4\x8B_0\x8BP09\xCE|��9\xD3r�9θ� �|�9\xD3w 1\xC0\xEB�\xB8\xFF\xFF\xFF\xFF\x85\xC0u�\x8B�\x83\xEC�P\x8BE
\x8B8W\xE8\xB2\xD8\xFF\xFF\x83\xC4�\x8De\xF4[^_]Ív U\x89\xE5\x83\xEC�\x8BE
\x8BU�\x8B \x89E
\x8B�\x89E�\x89\xEC]\xE9\x86\xD7\xFF\xFF\x89\xF6U\x89\xE5\x83\xEC�\x8BE�\x8BU
\x8B \x89E
\x8B�\x89E�\x89\xEC]\xE9f\xD7\xFF\xFF\x89\xF6U\x89\xE5\x83\xEC�\x8BE
\x8BU�\x8B \x89E
\x8B�\!
x89E�\x89\xEC]\xE9F\xD8\xFF\xFF\x89\xF6U\x89\xE5\x83\xEC�\x8BE�\x8BU
\x8B \x89E
\x8B�\x89E�\x89\xEC]\xE9&\xD8\xFF\xFF\x89\xF6U\x89\xE5WVS\x83\xEC�\x8B}�\x8Bu
j.\x8B�P\xE8\xAB\xD7\xFF\xFFY[\x89\xC3j.\x8B�R\xE8\x9D\xD7\xFF\xFF\x83\xC4�\x85\xDBu�\x85\xC0u�\x8B�\x89E
\x8B�\x89E�\x8De\xF4[^_]\xE9\xDC\xD7\xFF\xFF\x85\xDBu�\xB8\xFF\xFF\xFF\xFF\xEB4\x85\xC0u \xB8� \xEB)\x89\xF6\x83\xEC�PS\xE8\xBA\xD7\xFF\xFF\x83\xC4�\x85\xC0u�\x8B�\x89E
\x8B�\x89E�\x8De\xF4[^_]\xE9\x9D\xD7\xFF\xFF\x8De\xF4[^_]ÐU\x89\xE5WVS\x83\xEC�\x8B}
\x8Bu�j.\x8B�P\xE8�\xD7\xFF\xFFY[\x89\xC3j.\x8B�R\xE8
-\xD7\xFF\xFF\x83\xC4�\x85\xDBu�\x85\xC0u�\x8B�\x89E
\x8B�\x89E�\x8De\xF4[^_]\xE9L\xD7\xFF\xFF\x85\xDBu�\xB8\xFF\xFF\xFF\xFF\xEB4\x85\xC0u \xB8� \xEB)\x89\xF6\x83\xEC�PS\xE8*\xD7\xFF\xFF\x83\xC4�\x85\xC0u�\x8B�\x89E
\x8B�\x89E�\x8De\xF4[^_]\xE9
-\xD7\xFF\xFF\x8De\xF4[^_]ÐU\x89\xE5VS\xA1�?��\x83\xF8��\x87\xC5 \xFF$\x85 ���\x8D\xB6 1\xDB;
�?���\x8D\xAA 1\xF6\x8B
- ?��\x89\xF0\x83\xC6t\x83\xEC
C�\xC8P\xE8\xD9
- \x8B
-\xC0>��XZQj
-\xE8-\xD7\xFF\xFF\x83\xC4�;
�?��|\xCE\xEBt\xE8\xF7� \x8De\xF8[^]\xE9\� \xE8\xE7� \x8De\xF8[^]\xE9\xCC� \x8De\xF8[^]\xE9�� \x901\xDB;
�?��}>1\xF6\x8Dt& \x8B� ?��\x89\xF0\x83\xEC
�\xD0P\xE8=� YX\x8B�\xC0>��Rj
-\xE8\xC1\xD6\xFF\xFF\xFF�\xA4?��\x83\xC4�\x83\xC6tC;
�?��|ȍe\xF8[^]ÐU\x89\xE5WVS\x81\xEC\x8C \xA1T<��\x85\xC0�\x89\x83 \x83\xEC
1ҍ\x85t\xFF\xFF\xFFP\x8D\x9Dx\xFF\xFF\xFF\xBEd \x89\x95t\xFF\xFF\xFF\xE8Y\xD3\xFF\xFF\x8B=\x90?��\x83\xC4�\x89\x85p\xFF\xFF\xFF\xEB�\x8Dt& �\xF6\x8DF�\x83\xE0\xF0)ĉ\xE3\xC6��\x8B\x85p\xFF\xFF\xFFPWVS\xE8�\xD4\xFF\xFF\x83\xC4�\x85\xC0u�\x80; uփ\xEC�j PS\xE8\x9A' \xA3T<��\x83\xC4�\x85\xC0y
-1\xDB1\xC0\x89
T<��\x8De\xF4[^_]Í\xB6 \x8D\xBF U\x89\xE5\x83\xEC�j \x8DE\xF8P\xE8C\xD5\xFF\xFF\x83\xC4�\x85\xC0u(\x8BU\xFC\x8BE\xF8\xA3\xD0;��\x89\xD0\xC1\xE0�)Ѝ�\x82\x8D�\xC5\xE7� \xA3\xD4;��\xEB�\x90\x8Dt& \x83\xEC
j \xE8\xCA\xD3\xFF\xFF\xA3\xD0;��\xB9\xFFɚ;\x89
-\xD4;��\x89\xEC]É\xF6U\x89\xE5W\x8D\x85\xB8\xFE\xFF\xFFVS\xBB�� \x81\xEC$� \x89\x85\xF0\xFD\xFF\xFF\x8DE؋}�P\x89\x9D\xEC\xFD\xFF\xFF\x8BO�Q\xE8M� \xA1
?��\x83\xC4�\xC6E\xE2 \x83\xF8�\xC6E\xE3 t
\x83\xF8�r�\x83\xF8�t�\xEB�\x8BGT\xEB�\x8D\xB4& \x8BGL\xEB�\x8BGD\x89\x85\xF4\xFD\xFF\xFF\x8B�P?��\x8B\xB5\xF0\xFD\xFF\xFF\x85\xD2tL\x83\xEC
\x8D\x85\x88\xFE\xFF\xFFj�j�P\x8BG`P\x8Bw\V\xE8\x97
\x8B\x9D\xF0\xFD\xFF\xFF\x83\xC4 Pj�h@���S\xE8\xA4\xD5\xFF\xFF\x8B\x8D\xF0\xFD\xFF\xFF\x83\xEC
Q\xE8�\xD3\xFF\xFF\x8B\xB5\xF0\xFD\xFF\xFF\x83\xC4 �Ƌ�4?��\x85\xD2tb\xA18?��\x83\xEC�j�P\x8D\x85X\xFE\xFF\xFFh � P\x8BG�% \xF0 = \x80 t
1\xD21\xC9= @ u�\x8BW<\x8BO at QR\xE8N
\x8B
�?��\x83\xC4 PSh@���V\xE8,\xD5\xFF\xFF\x83\xEC
V\xE8\xA3\xD2\xFF\xFF\x83\xC4 �ƋO�\x8DE\xD8QPhE���V\xE8
\xD5\xFF\xFF\x83\xEC
V\xE8\x82\xD2\xFF\xFF\x8B�0?��\x83\xC4 �ƅ\xD2u�\x8BG
\x83\xEC
P\xE8s" \x83\xC4�\xEB�1\xC0\x85\xC0t
\x83\xEC�PhM���\xEB
\x8B_
\x83\xEC�ShU���V\xE8\xBF\xD4\xFF\xFF\x83\xC4�\x83\xEC
V\xE83\xD2\xFF\xFF\x8B
-,?��\x83\xC4��ƅ\xC9uT\x8B�0?��\x85\xD2u�\x8BG \x83\xEC
P\xE8\x9A# \x83\xC4�\xEB�\x90\x8Dt& 1\xC0\x85\xC0t
\x83\xEC�PhM���\xEB
\x8B_ \x83\xEC�ShU���V\xE8a\xD4\xFF\xFF\x83\xC4�\x83\xEC
V\xE8\xD5\xD1\xFF\xFF\x83\xC4��ƋG�% \xF0 = t�= ` u
�\xB6G$P\x8BG$\x8BW(�\xAC\xD0�%\xFF Ph[���\xEB1\xA18?��\x83\xEC
\x85\xC0x�\xB8� P\x8D\x85(\xFE\xFF\xFFj�P\x8BO4Q\x8BW0R\xE8\xD2� \x83\xC4
Phe���V\xE8\xE7\xD3\xFF\xFF\x83\xC4�\x83\xEC
V\xE8[\xD1\xFF\xFF�ƍ\x85\xF4\xFD\xFF\xFF\x89�$\xE8\xFB\xCF\xFF\xFF\x89\x85\xE8\xFD\xFF\xFF\x83\xC4�\x85\xC0�\x84\xE6 \x8B
-\xD0;��\x8B\x95\xF4\xFD\xFF\xFF9\xD1|
-9\xD1u�\x83=\xD4;�� }�\xE8\xE4\xFC\xFF\xFF\x8B
-\xD0;��\x8B\x95\xF4\xFD\xFF\xFF\x8D\x81T=�\xFF1\xDB9\xD0�9\xCA|
9\xCAu
-;
\xD4;���\xBB� \xB8\x90?��\x8B�\x98\!
x89\x85\xE4\xFD\xFF\xFF\xEBB\x8D\xB4& ѥ\xEC\xFD\xFF\xFF\x8B\x8D\xF0\xFD\xFF\xFF\x8B\x85\xEC\xFD\xFF\xFF\x83\xC0�\x83\xE0\xF0)ċ\x85\xF0\xFD\xFF\xFF\x89\xE3\x83\xEC�)\xC6V\x8D4
QS\xE8b\xD1\xFF\xFF\x89\x9D\xF0\xFD\xFF\xFF\x83\xC4�\xC6��\x8B\x95\xE8\xFD\xFF\xFF\x8B\x85\xE4\xFD\xFF\xFF\x8B\x9D\xEC\xFD\xFF\xFFRP\x8B\x85\xF0\xFD\xFF\xFF�\xD8)\xF0HPV\xE8 \xD0\xFF\xFF\x83\xC4�\x85\xC0u�\x80> u\x90�\xC6\xC6� F\xC6� \xE9\xA9 \x89\xF6\xE8k\xFB\xFF\xFF\x8B\x95\xF4\xFD\xFF\xFF\x89\x85\xE0\xFD\xFF\xFF\x85\xD2yS\x83\xEC
\x8D\x85\xF8\xFD\xFF\xFFj�j�P\x89Й\xF7\xD2 \xF7\xDARP\xE8|� \x83\xC4�\x89\xC3S\xE8�\xD0\xFF\xFF\x8B\x95\xE0\xFD\xFF\xFF\x89
$hj���)‰\xD0\xC1\xE8�H!\xC2Rhl���V\xE8q\xD2\xFF\xFF\x83\xC4 \xEB1\x83\xEC
\x8D\x85\xF8\xFD\xFF\xFFj�j�P\x89ЙRP\xE80� \x8B\x8D\xE0\xFD\xFF\xFF\x83\xC4 PQh@���V\xE8>\xD2\xFF\xFF\x83\xC4�\x83\xEC
V\xE8\xB2\xCF\xFF\xFF\x83\xC4��Ƌ�<?��\x85\xD2t'\xA1�?��\x85\xC0u
\x8B
\xC0>��\x83\xEC�Sh4���\xE8v\xCF\xFF\xFF\x83�\xA4?���\x83\xC4�\x8B
-\xC0>��\x83\xEC�\x8B\x95\xF0\xFD\xFF\xFFQR\xE8V\xCF\xFF\xFF\x8B\x85\xF0\xFD\xFF\xFF\x83\xC4�)\xC6�5\xA4?��h\xC0?��\x8B
-
?��\x8B_l\x85\xC9St�\x8BWl\x85\xD2t�\x8BGh\xEB�\x89\xF6\x8BG�P\x8B�P\xE8$� \x83\xC4�\x83p
-uN\x8Bwd\x85\xF6t`\x8B
\xC0>��\x83\xEC�Shs���\xE8\xF4\xCE\xFF\xFF\x83�\xA4?���\x83\xC4�j \x8BGlHP\x8BOhQ\x8BWdR\xE8\xE2� \xA1@?��\x83\xC4�\x85\xC0t"\x8Bh\x83\xEC
W\xEB�\x8B5@?��\x85\xF6t�\x8B_�\x83\xEC
S\xE8�� \x83\xC4�\x8De\xF4[^_]Í\xB6 \x8D\xBF U\x89\xE5WVS\x8D\x9D\xE8\xDF\xFF\xFF\x81\xECH \x8Bu�\x8B}
Vj\xFFWh S\xE89+ \x89\x85\xD8\xDF\xFF\xFF\x83\xC4 =\xFF� \x89\x9D\xD4\xDF\xFF\xFFv2\x8B\x85\xD8\xDF\xFF\xFF\x8B\x95\xD8\xDF\xFF\xFF\x83\xC0�\x83\xE0\xF0)\xC4B\x89\xA5\xD4\xDF\xFF\xFF\x83\xEC
\x8B\x85\xD4\xDF\xFF\xFFVj\xFFWRP\xE8\xF4* \x83\xC4 \x8B=l?��\x85\xFF�\x84\xB3� \xE8\x92\xCF\xFF\xFF\x83\xF8��\x86l� \x8B\xBD\xD4\xDF\xFF\xFF1ۋ\xB5\xD8\xDF\xFF\xFF\x89\x9D\xD0\xDF\xFF\xFF\x89\xF8�\xF0\x89\xFE9Ɖ\x85\xCC\xDF\xFF\xFF�\x831� \x8D\xB6 \x8D\xBC' �\xB6�<_�<A}
< |A<#~�<?9<%\xEB
\x90\x8Dt& <~,<a|(\x88�G\xEB�\x8Dv \xC6�?G\xEB \x8B\xBD\xCC\xDF\xFF\xFF\xC6�?F\xFF\x85\xD0\xDF\xFF\xFF\xE9\xCD \x90\x8Dt& \x8D\x85\xE0\xDF\xFF\xFF1\xC91҉\x85\xC8\xDF\xFF\xFF\x8D\x85\xDC\xDF\xFF\xFF\x89\x8D\xE0\xDF\xFF\xFF\x89\x95\xE4\xDF\xFF\xFF\x89\x85\xC4\xDF\xFF\xFF\x90\x8D\xB4& \x8B\x85\xC8\xDF\xFF\xFF\x8B\x9D\xC4\xDF\xFF\xFFP\x8B\x85\xCC\xDF\xFF\xFF)\xF8PWS\xE8w\xCD\xFF\xFF\x89Ã\xC4�\x83\xFB\xFFt\x89\x83\xFB\xFEt\x8A\x85\xDBu�\xBB� \x8B\x8D\xDC\xDF\xFF\xFF\x83\xEC
Q\xE8\x80\xCF\xFF\xFF\x89ƒ\xC4�\x85\xD2x%\x85\xDBt�\xEB
-\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90�\xB6�G\x88�FKu\xF6�\x95\xD0\xDF\xFF\xFF\xEB
\xC6�?�\xDFF\xFF\x85\xD0\xDF\xFF\xFF\x8B\x95\xC8\xDF\xFF\xFF\x83\xEC
R\xE8�\xCF\xFF\xFF\x83\xC4�\x85\xC0�\x84h\xFF\xFF\xFF;\xBD\xCC\xDF\xFF\xFF�\x82\xDC\xFE\xFF\xFF\x8B\x85\xD4\xDF\xFF\xFF)Ɖ\xB5\xD8\xDF\xFF\xFF\xE9u \x8B\x8D\xD4\xDF\xFF\xFF\x8B\xBD\xD8\xDF\xFF\xFF\x89\xCE�\xFE9\xF1sU\x90\x8Dt& �\xB6�\xA1\xC8>��\xF6DP�@u�\xC6�?A9\xF1r\xE9\xEB7\x8D\xB4& \xE8\xDF\xCD\xFF\xFF\x83\xF8�v&\x8B\x9D\xD8\xDF\xFF\xFF\x83\xEC�\x8B\x8D\xD4\xDF\xFF\xFFj�SQ\xE8\x8E� \x89\x85\xD0\xDF\xFF\xFF\x83\xC4�\xEB�\x8Dv \x8B\x85\xD8\xDF\xFF\xFF\x89\x85\xD0\xDF\xFF\xFF\x8BU�\x85\xD2t
\x8BE�\x8B\xB!
D\xD8\xDF\xFF\xFF\x8B\xB5\xD4\xDF\xFF\xFFPWj�V\xE8\xA8\xCE\xFF\xFF\x83\xC4�\x8B\x85\xD0\xDF\xFF\xFF\x8De\xF4[^_]Ív U\x89\xE5VS\x8B
-D?��\x8Bu�\x8BU
\x85ɋE�\x8B]�t�\x83\xEC�PRV\xE8\xBA� \x83\xC4�\x85\xDBtJ\x8B�<?��\x85\xD2t@\xA1�?��\x85\xC0u7\x8BS
\x8DB�;C�v�\x83\xEC�j�S\xE8\x9E\xCD\xFF\xFF\x8BS
\x83\xC4�\x8Dt& \x83\xEC�j�h\xA4?��R\xE8T\xCC\xFF\xFF\x83C
�\x83\xC4�\x8B
-p?��\x83\xEC�QV\x8B�\xC0>��R\xE8\xD2\xFC\xFF\xFF��\xA4?��\x83\xC4�\x85\xDBtO\xA1<?��\x85\xC0tF\x8B5�?��\x85\xF6u<\x8BC
\x83\xC0�;C�v�\x83\xEC�j�S\xE80\xCD\xFF\xFF\x83\xC4�\x89\xF6\x8D\xBC' \x83\xEC�j�h\xA4?��\x8BK
Q\xE8\xE1\xCB\xFF\xFF\x83C
�\x83\xC4�\x8B�D?��\x85\xD2t
\x8De\xF8[^]\xEB�\x8Dt& \x8De\xF8[^]É\xF6\x8D\xBC' U\x89\xE5\x83\xEC�\xA1\xEC;��\x85\xC0t�\x83\xEC
h\xE8;��\xEB'\x8D\xB4& \x83\xEC
h\xD8;��\xE8\xE3� \xC7�$\xF0;��\xE8\xD7� \xC7�$\xE0;��\xE8\xCB� \x83\xC4�\x89\xEC]Ít& U\x89\xE5S\x83\xEC4\xA1P?��\x8B]�\x85\xC0t+\x83\xEC
\x8DE\xC8j�j�P\x8BK`Q\x8BS\R\xE8\xD5� \x83\xC4
Pj�h@���\xE8�\xCB\xFF\xFF\x83\xC4�\xA14?��\x85\xC0tT\x8B
-8?��\x83\xEC�\x8DE\xC8j�Qh � P\x8BC�% \xF0 = \x80 t
1\xD21\xC9= @ u�\x8BS<\x8BK at QR\xE8\xAD� \x8B��?��\x83\xC4
PRh@���\xE8\xBC\xCA\xFF\xFF\x83\xC4�j \x8B
-
?��\x8BCl\x85\xC9Pt
\x8BSl\x85\xD2t�\x8BCh\xEB�\x8BC�P\x8B�P\xE8\xDD\xFD\xFF\xFF\x8B
-@?��\x83\xC4�\x85\xC9t�\x8BS�\x83\xEC
R\xE8� \x83\xC4�\x8B]\xFC\x89\xEC]Ív \x8D\xBC' U\x89\xE5\x83\xEC�\x8BM�\x89ʁ\xE2 \xF0 \x81\xFA \x80 u�\x83=@?���u
-\x83\xE1I\xB8* u=1\xC0\xEB9\x81\xFA @ \xB8/ t,\x81\xFA \xA0 \xB8@ t�\x81\xFA � \xB8| t�1\xC0\x81\xFA \xC0 �\x94\xC0H\x83\xE0Ã\xC0=\x85\xC0t�\x8B�\xC0>��\x83\xEC�RP\xE8\xF7\xCA\xFF\xFF\xFF�\xA4?��\x83\xC4�\x89\xEC]Í\xB6 U\x89\xE5W\xBF� VS\x83\xEC
\x8BU�\x8BE�\x8BM
\x83\xFA\xFF\x89E\xF0u�\x8B54<��\x85\xF6t
1ۿ
\xE9\xD2 \x89\xC8% \xF0 = @ u
-\xBF� \xEBb\x8D\xB6 = \xA0 u�\x85\xD2u�\x8B
<<��\xBF
\x85\xDBuB\xBF� \xEB;= � u�\xBF� \xEB-\x90= \xC0 u \xBF� \xEB
\x89\xF6= ` u \xBF \xEB�\x89\xF6= u�\xBF
- \x83\xFF�u
-\x83\xE1It�\xBF
- 1ۃ\xFF�uE\x8BM\xF0\x83\xEC
Q\xE8V\xC8\xFF\xFF\x89ƃ\xC4��u\xF0\x8B
P<��\x85\xDBt'\x8B�9\xF2w�\x8BE\xF0\x83\xEC�R)ЋS�RP\xE8{\xC8\xFF\xFF\x83\xC4�\x85\xC0t�\x8B[�\x85\xDBuك\xEC
h\xD8;��\xE8, \x8D�\xFD\xD8;��\x85\xDBYt�\x8DC�P\xE8� \xC7E�\xE0;��\x83\xC4�\x8De\xF4[^_]\xEB�\x8Dt& U\x89\xE5V\x8BE�S\x8B�\x8Bp�\x85\xDB~+\xEB
-\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90�\xBE�F\x8B�\xC0>��\x83\xEC�KRP\xE8o\xC9\xFF\xFF\x83\xC4�\x85\xDB\xE4\x8De\xF8[^]Í\xB6 \x8D\xBC' U\x8B�P?��1\xC0\x8B
-4?��\x89\xE5V\x85ҋu��\x95\xC0Sk\xC0�\x85ɉ\xC3t
\x8B��?���ЍX�\xA1p?��\x83\xEC�P\x8B�Qj \xE8\xAE\xF8\xFF\xFF\x8B
-@?���Ã\xC4�\x85\xC9t<\x8BV�\x89\xD0% \xF0 = \x80 u�Iu(\x83\xE2It#\xEB \x8Dt& = @ t�= \xA0 t�= � t�= \xC0 u�C\x8De\xF8\x89\xD8[^]Ív \x8D\xBC' U\x89\xE5WVS\x83\xEC<\xA1\xA0?��\x89Eܡ�?��9E܉E\xCC~�\x89E\xDC\xC7E\xEC \x8BU\xCC9U\xEC�\x8D\xF7 \xC7E\xC0 \x90\x8Dt& \x8B
- ?��\x83\xEC
\x8BE\xC0�\xC8P\xE8
\xFF\xFF\xFF\x8BM܃\xC4�\xC7E\xD8 9M؉E\xE4�\x8D\xA3 \xC7E\xC4 \xA1�?��\x8B=\x9C?��\x89E̍\xB4& \x8D\xBC' \x8BUċ��\x85\xD2t_\x8BE؋M̋]\xD8�\xC1\x89\xC8C\x99\x8BM\xE4\xF7\xFB\x89ËE\xEC\x99\xF7\xFB\x89\xC6;u\xD8t�\x83\xC1�\x8BUċ\��\x8B�\xB39\xD1~+\x89\xC8)ЋU\xC4�D��1\xC0\x89
\xB3\x8B�\x84?��\x8BM\xC49T���\x9C\xC0\x89��\xA1�?��\x89E\xCC\xFFE؋U܃E\xC4
9U\xD8|\x88\xEB�\x8D\xB6 \xA1�?��\x89E\xCC\xFFE\xEC\x8BŨE\xC0t9U\xEC�\x8C�\xFF\xFF\xFF\x8BU܃\xFA�~.\x8B
-\x9C?��\x8D�R\x8D�\x81\x8Bp\xF4\x85\xF6u!\x83\xE8
\x8D\xB4& J\x83\xE8
\x83\xFA�~�\x8B�\x85\xDBt\xF1\xEB�\x8B
-\x9C?��\xC7E\xE8 \x8D�R\x8DL\x81\xF4\x89M\xF0\x8BẺә\xF7\xFB\x89\xC11\xC0\x85\xD2�\x95\xC0�\xC19M\xE8\x89M\xE0�\x8D\xD2 \xC7E\xBC \x8BE\xE0\xC1\xE1�)\xC1\x89Mȍ\xB4& \xC7E\xD0 \x8BU\xE81\xFF\x8Bu\xBC\x89U썴& \x8D\xBC' \x8BM\xEC\x83\xEC
\x8B� ?��\x8D
\xB1\xC1\xE3�\x89\xD8�\xD0P\xE8d\xFA\xFF\xFF\x8B
- ?���ˉ
$\xE8d\xFD\xFF\xFF\x8B]\xF0\x8BUЉE\xE4\x8BM\xE0\x8BC�\x83\xC4�\x8B�\x90B�M\xEC\x89UЋUȋ]\xEC�\xD6;
�?��}�\x8BU\xE4\x83\xEC�\x8D
8S\x8D�:\x89\xDFP\xE8s� !
\x83\xC4�뎋
\xC0>��\x83\xEC�Sj
-\xE8a\xC6\xFF\xFF\x8BM\xE0\x83\xC4�\xFFE\xE8\x83E\xBC�9M\xE8�\x8CG\xFF\xFF\xFF\x8De\xF4[^_]\xC3\xEB
-\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90U\x89\xE5WVS\x83\xEC,\xA1\xA0?��\x89E\xE0\xA1�?��9E\xE0~�\x89E\xE0\xC7E\xEC 9E\xEC�\x8D\xC9 \xC7E\xD0 \x8Dt& \x8D\xBC' \x8B� ?��\x83\xEC
\x8BE\xD0�\xD0P\xE8\x8C\xFC\xFF\xFF\x8BU\xE0\x83\xC4�\xC7E\xDC 9U܉E\xE8}x\xC7E\xD4 \x8B5\x9C?��\x8Dv \x8D\xBC' \x8BMԋ<�\x85\xFFtH\x8BE\xEC\x8BMܙA\xF7\xF9\x8BM\xE8\x89\xD7;}\xDCt�\x83\xC1�\x8BEԋ\��\x8B�\xBB9\xD1~#\x89\xC8)ЋU\xD4�D��1\xC0\x89
\xBB\x8B�\x84?��\x8BM\xD49T���\x9C\xC0\x89��\xFFE܋E\xE0\x83E\xD4
9E\xDC|\x9F\xFFE\xEC\x83E\xD0t\x8BU\xEC;��?���\x8CI\xFF\xFF\xFF\x8Bu\xE0\x83\xFE�~2\x8B�\x9C?��\x8D�v\x8D�\x82\x8BX\xF4\x85\xDBu%\x83\xE8
\x8Dt& \x8D\xBC' N\x83\xE8
\x83\xFE�~�\x8B�\x85\xC9t\xF1\xEB�\x8B�\x9C?��\xC7E\xE4 \x8D
v\x8D
\x9A\x8B� ?��\x8DK\xF4\x83\xEC
\x89M\xF0R\xE8w\xF8\xFF\xFF\x8B= ?��XW\xE8z\xFB\xFF\xFF\x89E\xE8\x8BC\xFC\x83\xC4�\x8B�\xC7E\xEC� \xB8� ;��?���\x8D\x96 \xC7E\xD8t \x8BE\xEC\x99\xF7\xFE\x89ׅ\xFFu�\x8B
-\xC0>��\x83\xEC�Qj
-\xE8\x87\xC4\xFF\xFF\xC7E\xE4 \xEB�\x8B]\xE4\x83\xEC�\x8BE\xE4\x8BU\xE8�\xCBS�\xD0P\xE8c� \x89]\xE4\x83\xC4�\x8B
- ?��\x83\xEC
\x8BE\xD8�\xC8P\xE8\xE9\xF7\xFF\xFF\x8BE؋� ?���Љ�$\xE8\xE6\xFA\xFF\xFF\x8BM\xF0\x83\xC4�\x89E\xE8\x8BA�\x8B
\xB8\xFFE\xEC\x83E\xD8t\x8BE\xEC;��?���\x8Cq\xFF\xFF\xFF\x8B
\xC0>��\x83\xEC�Sj
-\xE8�\xC4\xFF\xFF\x83\xC4�\x8De\xF4[^_]Ð\x8Dt& U\x89\xE5WV1\xF6S1ۃ\xEC
;
�?���\x8D\xB7 \x8D\xB4& \x8B� ?��\x8D�\xDD \x83\xEC
)؍�\x83\x8D�\x82P\x89\xF7\xE8`\xFA\xFF\xFF�ƍC�\x83\xC4�;��?��}�\x83\xC6�\x85\xFFt
;5\x84?��|�\xA1\xC0>��\x83\xEC�)\xFEPj
-\xE8\x83\xC3\xFF\xFF\x83\xC4�\x8D�\xDD \x8B� ?��)؍�\x83\x83\xEC
\x8D�\x82PC\xE8\xFD\xF6\xFF\xFF\xA1�?��\x83\xC4�9\xC3})\x8B
-\xC0>��\x83\xEC�Qj,\xE8D\xC3\xFF\xFF\x8B=\xC0>��XZWj \xE84\xC3\xFF\xFF\xA1�?��\x83\xC4�9\xC3�\x8CP\xFF\xFF\xFF\x8B
-\xC0>��\x83\xEC�Qj
-\xE8�\xC3\xFF\xFF\x83\xC4�\x8De\xF4[^_]Ít& U\x89\xE5WVS\x83\xEC
\x8Bu�\x8B}
9\xFE}d\x8B
x?��\x85\xDB~C\x89\xF8\x99\xF7\xFB\x89\xC1\x8DF�\x99\xF7\xFB9\xC1~2\x8B
-\xC0>��\x83\xEC�Qj \xE8\xC5\xC2\xFF\xFF\x8B
-x?��\x89\xF0\x99\xF7\xF9\x83\xC4�)\xD1�\xCE뼍\xB6 \x8D\xBC' \x8B�\xC0>��\x83\xEC�FRj \xE8\x92\xC2\xFF\xFF\x83\xC4�똍e\xF4[^_]ÐU\x89\xE5V\x8Bu
S\x8BU�\x8B]�\x89\xF1�\xB6�<.u�\x80y� t'\xEB�\x90\x88�AB�\xB6�\x84\xC0u\xF59\xF1v�\x80y\xFF/t�\xC6�/\xEB \x8D\xB6 \x88�CB�\xB6�\x84\xC0u\xF5\xC6� [^]Í\xB4& \x8D\xBC' U\x89\xE5\xBAVUUUWVS\x83\xEC
\xC7E\xF0 \x8B
-\x84?��\x89\xC8\xF7\xEA\x89\xC8\xC1\xF8�)
҉�\xA0?��u
\xBB� \x89
\xA0?��\x8B
-\x9C?��\x85\xC9u#\xA1\xA0?��\x83\xEC
\x8D�@\xC1\xE0�P\xE87 \xA3\x9C?��\x83\xC4�\xC7E\xF0� 1\xF6;5\xA0?��}m\xC7E\xEC� \xBF� 1ۡ\x9C?��\xC7��� \x89|��\x8BU\xF0\x85\xD2t�\x8BE\xEC\x83\xEC
P\xE8\xED� \x8B�\x9C?��\x83\xC4�\x89D��1\xD29\xF2�\xA1\x9C?��\x8BD��\x90\xC7�\x90� B9\xF2~\xF4\x83E\xEC�F\x83\xC7�\x83\xC3
;5\xA0?��|\xA1\x8De\xF4[^_]É\xF6\x8D\xBC' U\x89\xE5S\x83\xEC�\x8B]�\x85\xDBt2\x8B
-\xA0A��\x83\xEC�Q\x83\xEC
j�h\x80���j \xE8K\xBE\xFF\xFF\x83\xC4�P\x8B�\xC4>��R\xE8
\xBE\xFF\xFF\xE9\x8D \x89\xF6\xA1\xA0A��\x83\xEC�P\x83\xEC�j�h\xC0���j \xE8�\xBE\xFF\xFF\x83\xC4�P\xE8\xC1\xBF\xFF\xFF\x83\xEC�j�h ���j \xE8 \xBE\xFF\xFF\x83\xC4�P觿\xFF\xFF\x83\xEC�j�h\xA0���j \xE8\xE6\xBD\xFF\xFF\x83\xC4�P荿\xFF\xFF\x83\xEC�j�h "��j \xE8̽\xFF\xFF\x83\xC4�P\xE8s\xBF\xFF\xFF\x83\xEC�j�h\x80(��j 貽\xFF\xFF\x83\xC4�P\xE8�\xBE\xFF\xFF\x83\xC4�\x89]�\x8B]\xFC\x89\xEC]\xE9(\xC0\xFF\xFF\x8Dt& U\x89\xE5\x83\xEC�j�\xE8�\xFF\xFF\xFF\x89\xEC]\xC3\xEB
-\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90U\x89\xE5WVS1ۃ\xEC(\xC7E\xF0\xFF\xFF\xFF\xFF\x8B}�\xC7E\xEC W\xE8R\xBE\xFF\xFF\x89E\xE8\x8BE
\x83\xC4�\x8B0\x85\xF6�\x84\xB6 \xC7E\xE4 \x8Dt& \x8BM�\x85\xC9t�\x8BU\xE8\x83\xEC�\x8BE�RP\x8BE
\x8B<\x98W\xE8f\xBE\xFF\xFF\xEB�\x8Bu\xE8\x83\xEC�\x8BM�\x8BE
VQ\x8B�\x98R\xE8
\xC0\xFF\xFF\x83\xC4�\x85\xC0uX\x8BE
\x83\xEC
\x8B�\x98P\xE8\xE7\xBD\xFF\xFF\x83\xC4!
�;E\xE8tk\x83}\xF0\xFFu�\x89]\xF0\xEB6\x8B}�\x85\xFFt(\xFC\x8Bu\xF0\x8BE�\x8BM\xE4\x8B}��\xAFƋu��ϋM��\xC69\xC9\xF3\xA6�\x97\xC2�\x92\xC08\xC2t�\xC7E\xEC� \x8BE�C�E\xE4\x8BE
\x8B�\x98\x85\xD2�\x85U\xFF\xFF\xFF\x8BE\xEC\x85\xC0t�\xB8\xFE\xFF\xFF\xFF\xEB�\x8D\xB4& \x89\xD8\xEB�\x8BE\xF0\x8De\xF4[^_]ÐU\x89\xE5\x83\xEC�j�\x8BE�\x8BM�\x8BU
P\x8BE�QRP\xE8\xD3\xFE\xFF\xFF\x89\xEC]\xC3\xEB
-\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90U\x89\xE5\x83\xEC�j \x8BU�\x8BE�\x8BM
R\x8BU�PQR\xE8\xA3\xFE\xFF\xFF\x89\xEC]\xC3\xEB
-\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90U\x89\xE5S\x83\xEC�\x83}�\xFFu�\x83\xEC�j�h\xA9(��j \xE8\xE6\xBB\xFF\xFF\x83\xC4�\x89\xC3\xEB�\x83\xEC�j�h )��j \xE8λ\xFF\xFF\x83\xC4�\x89ËE�\x83\xEC
\x8BM
P\x83\xEC�Qj�\xE8P� \x83\xC4�PSj j \xE8F\xBF\xFF\xFF\x8B]\xFC\x89\xEC]Ít& \x8D\xBC' U\x89\xE5WVS\x83\xEC0\xC7E\xE4 \x8BE�\x8B]�\x89E\xF0\x8BE
\x89E\xECj�h\xC6(��j \xE8g\xBB\xFF\xFF\x83\xC4�P\x8B=\xC4>��W\xE8'\xBB\xFF\xFF\xC7E\xE8 \x8BU\xF0\x83\xC4�\x8B2\x85\xF6�\x84\xA7 \xC7E\xDC \x8BE\xEC\x89E\xE0\xEB
-\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x8BM\xE8\x85\xC9t
\xFC\x8BU܉ً}\xEC\x8Bu\xE4�\xD79\xDB\xF3\xA6�\x97\xC2�\x92\xC08\xC2t-\x8BU\xE8\x83\xEC�\x8BE\xF0\x8B�\x90Ph\xDB(��\x8B=\xC4>��W賺\xFF\xFF\x8BU\xE0\x83\xC4�\x89U\xE4\xEB%\x8Dt& \x8BE\xE8\x83\xEC�\x8BU\xF0\x8B4\x82Vh\xE5(��\x8B
-\xC4>��Q膺\xFF\xFF\x83\xC4�\xFFE\xE8\x8BU\xF0�]\xE0\x8BE\xE8�]܋�\x82\x85\xD2�\x85u\xFF\xFF\xFF\xA1\xC4>��\xC7E�
- \x89E
\x8De\xF4[^_]\xE9>\xBD\xFF\xFF\x8Dv \x8D\xBC' U\x89\xE5WVS\x83\xEC�\x8BE
\x8Bu�\x8B}�\x8BM�P\x8B]
VWQS\xE8\xDE\xFC\xFF\xFF\x83\xC4 \x85\xC0y$\x83\xEC�\x8BU�PSR\xE89\xFE\xFF\xFF\x8BE�\x83\xC4
VWP\xE8\x9B\xFE\xFF\xFF\xFFU \xB8\xFF\xFF\xFF\xFF\x8De\xF4[^_]Ít& \x8D\xBC' U\x89\xE5WVS\x83\xEC�\xC7E\xF0 \x8BE
\x8B]�\x8B0\x85\xF6tN\xC7E\xEC \x8D\xB6 \x8D\xBC' \xFC\x8BM\xEC\x8B}�\x8Bu��ω\xD99\xDB\xF3\xA6�\x97\xC2�\x92\xC08\xC2u
\x8BU\xF0\x8BM
\x8B�\x91\xEB�\xFFE\xF0\x8BU
�]\xEC\x8BE\xF0\x8B�\x82\x85\xD2u\xC61\xC0\x83\xC4�[^_]Í\xB6 \x8D\xBF U\x89\xE5V\x8BM�S\xBB� \x89\xCE�\xB6�\x89ʄ\xC0t%\x90\x8D\xB4& </u
\x8DJ�\xEB \x8D\xB4& 1\xDBB�\xB6�\x84\xC0u\xE6�\xB6�\x84\xC0u
-\x80>/u�\x85\xDBt�I\x85\xDBu!\x80z\xFF/u�h�)��jDh))��h@)��\xE89\xB9\xFF\xFF\x90\x8Dt& \x8De\xF8\x89\xC8[^]Í\xB4& U\x89\xE5\x8BE�]\xA3`<��Ív U\x89\xE5\x8BE�]\xA3@@��Ív U\x89\xE5V\x8Bu�S\x8B
\xC0>��\x83\xEC
S\xE8=\xB8\xFF\xFFY1҅\xC0�\x95Z\xFF\x8B�\xC0>��R\xE8�\xB8\xFF\xFF\x83\xC4�\x85\xC0tp\xA1\xC0>��\x83\xEC
P聺\xFF\xFF\x83\xC4�\x85\xC0t�\xE8\xF5\xB8\xFF\xFF\x8B�\x85\xDBxP\x83\xEC�j�hd)��j 莸\xFF\xFF\x8B�@@��\x83\xC4�\x85\xD2t"\x83\xEC
P\x83\xEC
R\xE8p� \x83\xC4�Php)��SV\xE8�\xBC\xFF\xFF\x83\xC4 \xEB�Ph*���SV\xE8\xF2\xBB\xFF\xFF\x83\xC4�\x8De\xF8[^]Ít& U\x89\xE5\x83\xEC�\xA1`<��P\xE8?\xFF\xFF\xFF\x89\xEC]Ít& \x8D\xBC' U\x89\xE5\x8BU�\x8BE
\xF7\xC2 � t�\x80x�xt \xC6@�S\xEB�\x8Dv \xC6@�s\xF7\xC2 � t�\x80x�xt�\xC6@�S\xEB�\xC6@�s\x81\xE2 � t�\x80x xt�\xC6@ T\xEB�\xC6@ t]Ív \x8D\xBC' U\x89\xE5\x8BU�\xB8b \x81\xE2 \xF0 \x81\xFA ` tS\x81\xFA \xB8c tF\x81\xFA @ \xB8d t9\x81\xFA \x80 \xB8- t,\x81\xFA � \xB8p t�\x81\xFA \xA0 \xB8l t�1\xC0\x81\xFA \xC0 �\x94\xC0H\x83\xE0̃\xC0s]É\xF6U\x89\xE5VS\x8Bu�\x83\xEC
\x8B]
V\xE8|\xFF\xFF\xFF\x88�\x83\xC4�\xF7\xC6 � t�\xC6C�r\xEB�\xC6C�-\x89\xF0\x84\xC0y�\xC6C�w\xEB�\xC6C�-\xF7\xC6@ t
-\xC6C�x\xEB
\x8D\xB4& \xC6C�-\xF7\xC6 t�\xC6C�r\xEB�\xC6C�-\xF7\xC6� t�\xC6C�w\xEB�\xC6C�-\xF7\xC6� t�\xC6C�x\xEB�\xC6C�-\xF7\xC6� t�\xC6C�r\xEB�\xC6C�-\xF7\xC6� t
\xC6C�w\xEB
-\x8D\xB6 \xC6C�-\xF7\xC6� t�\xC6C x\xEB�\xC6C -\x89]
\x89u�\x8De\xF8[^]\xE9Y\xFE\xFF\xFF\x89\xF6\x8D\xBC' U\x89\xE5\x83\xEC�\x8BE�\x8B@�\x89E�\x89\xEC]\xE9 \xFF\xFF\xFF\x89\xF6\x8D\xBC' U\x89\xE5VS\x83\xEC0\x8Bu�\xDDE
\x85\xF6�\x84\x8B \xDD�x)��\xD9\xC9\xDD\xE1\xDF\xE0\xDDـ\xE4E\x80\xFC�uu\xD9\xC0\xDB}\xEC�1\xDB\xDD
$\xE8� 1Ƀ\xC4�N\x89EЉU\xD4\xDBm\xD8u-\xDFmЋEԅ\xC0y�\xDB-\x90)��\xDE\xC1\xDD]\xF0\xDDE\xF0\xDA\xE9\xDF\xE0\x80\xE4E\x80\xFC at t
\xB9� 1\xDB\xEB�\xDD؋EЋU\xD4�\xC8�\xDARP\xDF,$XZ\x85\xD2y�\xDB-\x90)��\xDE\xC1\xDD]\xF0\xDDE\xF0\x8De\xF8[^]Ð\x8D\xB4& U\x89\xE5\x83\xEC�j \x8BM�\x8BU�\x8BE�Q\x8BM
R\x8BU�PQR\xE8� \x89\xEC]Ít& \x8D\xBC' U\x89\xE5WVS\x83\xEC\\xC7E\xD4 \x8BU
\xC7E\xC8 \x8BE�\x8B]�\x89U\xE4\x8BU�\x89E\xE0\x85\xD2y�\xC7E\xD8� \xF7ډU\xDC\xEB�\x90\x8Dt& \xC7E\xDC \x89U؋U�\x8BE�\x83\xC2 \x89U\xCC\xC6@ 9]\xD8d\x89ؙ\xF7}҉\xC1�\x85\xE7 \x89M\xA0\x8BE\xE0\x89ʋM\xE0\xC1\xFA�\x89U\xA4\xF7e\xA0\x89ƋE\xA4\x89U\xA0�\xAFȋE\xA4P�ϋM\xE4�\xAF\xCA�ϋM\xA0QWV\xE8\xF7� \x8BM\xE4\x83\xC4�1ыU\xE01\xD0 \xC1�\x85\x98 \xE9\xBD� \x85\xDB�\x84\x8B \x8BEؙ\xF7\xFB\x85҉E\xC0u~\x99\x89U\xE4W\x89ƋE\xE0VRP\xE8\xC4
\x89\xC1\xC1\xE1�\x83\xC4��\xC1\x8D
\x89\xD8W\x99\x8BM\xE0\xF7}\xC0V\x8Bu\xE4VQ�҉ÉU\xC4\xE8\x8B� \x89]ԉU\xC0\x83\xC4�\x89\xC69U\xC4}�\x8BU\xC41\xC0\x85\xD2�\x9F\xC0\x89E\xC8\xE9G� \x8D\xB4& \x8BU\xC41\xC09U\xC0�\x9C\xC0\x83\xC0�\x89E\xC8\xE9*� \xDFm\xE0\x8Bu\xE4\x85\xF6y�\xDB-\x90)��\xDE\xC1S\x8BM\xDC\xDD]\xB8\xDB�$\x85\xC9\xDBE\xD8[\xDE\xF9\xDCM\xB8\xDDU\xB8u.\x8BU
\x83\xEC
\xDD
$R\xE8\x8F\xFD\xFF\xFF\x8Bu�_X\xDD
$h\xA0)��V\xE8P\xB7\xFF\xFF\x83\xC4�\xE9\xC9 \x8Dt& \xDD\xD8\xDBE\xDC\xC7E\xD0 \xD9\xE8\x89\xF6\xDDE\xB8\xD9\xC9\xD8\xCA\xFFE\xD0\xD9\xC0\xD8\xCB\xDD\xEA\xDF\xE0\xDDـ\xE4E\xFÈ\xFC at s�\x83}\xD0�v\xDC\xDD\xD9\xDC}\xB8\x83\xEC
\x8BUЋ]
�\xBE\x82@���P\x83\xEC
\xDD�$\xDD]\xB8S\xE8�\xFD\xFF\xFF\x8BE�ZY\xDD
$h\xA5)��P\xE8ض\xFF\xFF\x8B}�\x83\xC4�W\xE8L\xB4\xFF\xFF\x83\xC4�\x83\xF8�vE\xDD�\x80)��\x83\xEC
\x8BUЋu
\!
xDCM\xB8�\xBE\x82@���P\x83\xEC
\xDD�$\xDD]\xB8V\xE8\xC7\xFC\xFF\xFF\x8BU�\xDC5\x80)��Y[\xDD
$h\xAC)��R肶\xFF\xFF\x83\xC4 \x8BE�\xE9D� \x8Dv \x8BE܅\xC0�\x84t� \x8BEܙ\x89\xD39\xFB\x89\xC1�\x87d� r�9\xF1�\x87Z� \xC7E\xD0 \x89M\xB0\x89]\xB4\xEB"\x8D\xB6 \x8D\xBF 9\xFBr�9\xF1�\x87\x9D \x83}\xD0��\x87\x93 \x8B]\xB4\x8BM\xB0SQWV\xE8\xCB� \x8B]ԉ\xC1\xC1\xE1�\x83\xC4��\xC1�\xC9�ˉؙ\xF7}܉ËE\xC8\xD1\xF8\x8D�P\x8BE\xB0\x89U\xAC\x8BU\xB4RPWV\xE8\x88� \x89]ԉU܃\xC4�\x89\xC69U\xAC}�\x8B]\xC81\xC0\x8BU\xAC�څ\xD2�\x9F\xC0\xEB�\x90\x8Dt& \x8BM\xC81\xC0\x8BU\xAC�\xCA9U\xDC�\x9C\xC0\x83\xC0�\x89E\xC8\xFFEЋEܙ\x89\xD39\xFB\x89\xC1�\x86W\xFF\xFF\xFF\xFFM̋UЃ\xFF �\xB6\x82@���\x8BÜ��\x87{ \x83\xFE wv\x8BU
\xB8� \x8B]
)Ѕۍ� u�\x8BEԋMȃ\xE0��\xC89\xC2| \xEB$\x89\xF6;U\xC8}
\xFFE\xD4\xC7E\xC8 \x83}\xD4
-u
-\xC7E\xD4 \x83\xC6�\x83\xD7 \x83\xFF w(\x83\xFE w#\xFFM\xCC�\xB6EԋU\xCC�0\x88�J\x89U\xCC\xC6�.\xC7E\xC8 \xC7E\xD4 \x83}
�u�\x8BEԋU\xC8�Ѕ\xC07\xEB}\x8B]
\x85\xDBuv\x8BEș\x89\xC1\x89\xF0\x83\xE0�\x89\xD31\xD2�\xC1�Ӄ\xFB w�\x83\xF9�v
\x8BE\xD4@\x83\xF8��\xEBN\x83}\xD4�~H\x8BE܃\xC6�\x83\xD7 \x99\x89E\xA0\x8BE\xA0\x89U\xA4\x8BM\xA41\xF01\xF9 \xC1u*\x83}\xD0�w$\x8BUо� 1\xFF�\xB6\x82A���\x8BÜ�J\xC6�0J\x89U\xCC\xC6�.\x8Dv j j
-W\xFFM\xCCV\xE8�� \x8BŨ\xC4��0\x88�j j
-WV\xE8\xED� \x89Ɖ׃\xC4� \xF8uҋE̍e\xF4[^_]Í\xB4& U\x89\xE5\x83\xEC�h>���\xE8t\xB0\xFF\xFF\x89ƒ\xC4�1\xC0\x85\xD2�\x94\xC0\x89\xEC]H% \xFE\xFF\xFF� � Ð\x8Dt& U\x89\xE5VS\x83\xEC�\x8B]�\x8Bu
\x85\xDBu
\x83\xEC
h+���\xE85\xB0\xFF\xFF\x89Ã\xC4�\x85\xDBu�\xE8\xA3\xFF\xFF\xFF\xEBa\x90j�hX���hL���S\xE8\xCE\xF3\xFF\xFF\x83\xC4�\x85\xC0x \x8B�\x85X���\xEB>\x83\xEC
\x8DE\xF4h\xB3)��P\x8DE\xF0j PS\xE8\xE6� \x83\xC4 \x85\xC0u#\x8BE\xF0\x808 t�\xB8� \xEB�\x8BE\xF4\x85\xC0y \xB8� \xEB�\x89\xF6\x89�1\xC0\x8De\xF8[^]Ð\x8Dt& U\x89\xE5V\x8Bu�S\x8B]�\x83\xEC�SV\xE8K\xFF\xFF\xFF\x8B
\x83\xC4�\x85\xC9u
\xE8
-\xFF\xFF\xFF\x89�\xB8� \x85\xC0�\x84\x9D \x8BU
\x85\xD2�\x84\x92 \x83\xF8�t#\x83\xF8�r�\x83\xF8�t9\x83\xF8�tT\xEB|\x8D\xB6 \x8D\xBC' \xE8�\xB0\xFF\xFF\x83\xEC
V\x83\xEC�j�h\xC5)��j \xE8Z\xAF\xFF\xFF\x83\xC4�Ph\xD0)��\xEB>\x83\xEC
V\x83\xEC�j�h\xC5)��j \xE8:\xAF\xFF\xFF\x83\xC4�Ph *��\xEB
\x83\xEC
V\x83\xEC�j�h\xC5)��j \xE8�\xAF\xFF\xFF\x83\xC4�Ph\xE0)��j j�訲\xFF\xFF\x83\xC4 \x8De\xF8[^]Ív \x8D\xBC' U\x89\xE5WVS\x83\xEC
\x8B
D@��\x8Bu�\x85\xDBt�\x8Dv \x8D\xBC' 93t<\x8B[�\x85\xDBu\xF5\x83\xEC
V\xE8 \xAF\xFF\xFF\xC7�$
\x89\xC7\xE8\xDE� \x89Ã\xC4�\x85\xFF\x893t�\x8B�\x83\xEC
P\xE8X� \x83\xC4�\x89\xC2\xEB�\x90\x8BC�\xEB�1҉S�\xA1D@��\x89C�\x89Љ
D@��\x8De\xF4[^_]Í\xB4& \x8D\xBC' U\x89\xE5WVS\x83\xEC
\x8B
D@��\x8Bu�\x85\xDBt1�\xB6�\x88E\xF3\x8Dt& �\xB6U\xF3\x8BC�8�u�\x83\xEC�VP\xE8\xEF\xAD\xFF\xFF\x83\xC4�\x85\xC0�\x84\x85 \x8B[�\x85\xDBuً
H@��\x85\xDBt2�\xB6�\x88E\xF3\x89\xF6\x8D\xBC' �\xB6U\xF3\x8BC�8�u�\x83\xEC�VP语\xFF\xFF\x83\xC4�\x85\xC0tT\x8B[�\x85\xDBu݃\xEC
V\xE8X\xB0\xFF\xFF\xC7�$
\x89\xC7\xE8\xF6� \x894$\x89\xC3\xE8|� \x89C�\x83\xC4�\x85\xFFt&\x8BG�\x89�\xA1D@��\x89C�\x89؉
D@��\xEB�\x89\xD8\xEB�\x8D\xB4& 1\xC0\xEB�\xA1H@��\x89C�1\xC0\x89
H@��\x8De\xF4[^_]Ít& U\x89\xE5WVS\x83\xEC
\x8B
L@��\x8Bu�\x85\xDBt�\x8Dv \x8D\xBC' 93t<\x8B[�\x85\xDBu\xF5\x83\xEC
V蠭\xFF\xFF\xC7�$
\x89\xC7\xE8^� \x89Ã\xC4�\x85\xFF\x893t�\x8B�\x83\xEC
R\xE8\xD8� \x83\!
xC4�\x89\xC2\xEB�\x90\x8BC�\xEB�1҉S�\xA1L@��\x89C�\x89Љ
L@��\x8De\xF4[^_]Í\xB4& \x8D\xBC' U\x89\xE5WVS\x83\xEC
\x8B
L@��\x8Bu�\x85\xDBt1�\xB6�\x88E\xF3\x8Dt& �\xB6U\xF3\x8BC�8�u�\x83\xEC�VP\xE8o\xAC\xFF\xFF\x83\xC4�\x85\xC0�\x84\x85 \x8B[�\x85\xDBuً
P@��\x85\xDBt2�\xB6�\x88E\xF3\x89\xF6\x8D\xBC' �\xB6U\xF3\x8BC�8�u�\x83\xEC�VP\xE8/\xAC\xFF\xFF\x83\xC4�\x85\xC0tT\x8B[�\x85\xDBu݃\xEC
V蘫\xFF\xFF\xC7�$
\x89\xC7\xE8v
- \x894$\x89\xC3\xE8\xFC
- \x89C�\x83\xC4�\x85\xFFt&\x8BG�\x89�\xA1L@��\x89C�\x89؉
L@��\xEB�\x89\xD8\xEB�\x8D\xB4& 1\xC0\xEB�\xA1P@��\x89C�1\xC0\x89
P@��\x8De\xF4[^_]Ít& U\x89\xE5S\x83\xEC�\x8BE
\x8B]�P\x83\xEC�S\xE8ݬ\xFF\xFFZYPS\xE8� \x8B]\xFC\x89\xEC]É\xF6\x8D\xBC' U\x89\xE5W1\xFFVS\x83\xEC
\x8Bu�\x8BE
\x89u\xE0�E\xE0\xE8�\xAE\xFF\xFF\x83\xF8��\x86\xF0 ;u\xE0�\x83
� �\xB6�<_�<A}�< |)<#~�<?!<%\xEB
-\x8D\xB4& <~�<a|�FG\xEBɍt& \x8Bu\xE0G\xEB\xBF\xC7E\xE8 \x8DE\xE8\x89E܍E\xE4\xC7E\xEC \x89E؋E܋]\xD8P\x8BE\xE0)\xF0PVS\xE8`\xAC\xFF\xFF\x89Ã\xC4�\x83\xFB\xFFu�\xF7E�� u\xB1\xE9\xA2 \x8Dt& \x83\xFB\xFEu�\xF7E�� u\xA2\xB8\xFF\xFF\xFF\xFF\xE9\x86 \x85\xDBu�\xBB� \x8BM\xE4\x83\xEC
Q\xE8G\xAE\xFF\xFF\x83\xC4�\x85\xC0x��\xC7\xEB�\xF7E�� \xB8\xFF\xFF\xFF\xFFtXG\x8BU܃\xEC
�\xDER\xE8\xFF\xAD\xFF\xFF\x83\xC4�\x85\xC0�\x84p\xFF\xFF\xFF\xE9�\xFF\xFF\xFF;u\xE0s2\x8BM�\x8B�\xC8>��\x83\xE1�\x8Dv \x8D\xBC' �\xB6�F\x85\xC9u��\xB6\xC0\xF6DB�@�\x84x\xFF\xFF\xFFG;u\xE0r\xE4\x89\xF8\x8De\xF4[^_]Ív \x8D\xBC' U\x89\xE5WVS\x83\xEC
\x8B}�\x85\xFFu&\x8BE
\x83\xEC
P\xE88\xAC\xFF\xFF\x8B}�\x83\xC4�\x89ƅ\xFF�\x84\xA2 \x8BE�\x890\xE9\x98 \x8B]
\x83\xEC
S\xE8"\xAB\xFF\xFF\x89<$\x89E\xF0\xE8�\xAB\xFF\xFF\x8BU\xF0\x89ÍD��\x89�$膪\xFF\xFF\x89ƃ\xC4�\x85\xF6u 1\xC0\xEBe\x90\x8Dt& \x83\xEC�SWV\xE8�\xAD\xFF\xFF\x83\xC4�\x85ۉ\xC2t,�\xB6B\xFF\x8DJ\xFF</u�\x8B]
\x80;/u \x89\xCA\xEB�\x90\x8Dt& </t
\x8BE
\x808/t�\xC6�/B\x8BM�\x85\xC9t�\x8B]�\x89�\x8BE\xF0\x83\xEC�@P\x8BE
PR\xE8V\xAB\xFF\xFF\x89\xF0\x8De\xF4[^_]Ð\x8D\xB4& U\x89\xE5\x83\xEC
\x8BE�P\x8BM
Q\x8BU�R\xE8 \x!
FF\xFF\xFF\x83\xC4�\x85\xC0u�\x89\xEC]\xE9:
- \x89\xEC]Í\xB6 U\x89\xE5WV\x8Bu�\x83\xEC
j$\xE8n
- \x83\xC4�\x85\xF6u�\xBE`A��\xFC\xB9 \x89\xC7\xF3\xA5\x8De\xF8^_]ÐU\x89\xE5\x8BE�\x85\xC0u�\xB8`A��]\x8B Í\xB6 \x8D\xBC' U\x89\xE5\x8BU�\x85\xD2u�\xBA`A��\x8BE
\x89�]Ív \x8D\xBC' U\x89\xE5V\x8BE��\xB6M
S\x8B]�\x88\xCA\xC0\xEA��\xB6\xD2\xC1\xE2�\x85\xC0\x8Dt��u�\x8D\xB2dA��\x8B�\x83\xE1�\x83\xE3�\x89\xD0\xD3\xF8\x83\xE0�1\xC3\xD3\xE31ډ�[^]Í\xB6 \x8D\xBC' U\x89\xE5S\x83\xEC�\x8B]�j�Sj 耨\xFF\xFF\x83\xC4�9\xD8u
\x83}
�u�\xB8?*��\x8B]\xFC\x89\xEC]Ív U\x89\xE5WVS\x83\xEC\\xC7E\xD4 \xC7E\xD0 \xC7E\xCC \xC7E\xC8 說\xFF\xFF\xC7E\xC4 H\x8BE��\x94Eă\xE8�\x83\xF8��\x87\xEC \xFF$\x85\xA0���\x8Dt& \x8BE
9E\xD4s�\x8BU�\xC6�"\x89\xF6\xFFE\xD4\xC7E\xC8� \xC7E\xD0?*��\xE9\xB4 \xC7E\xC8� \xE9\xAF \x8B]�\x83\xEC�ShA*��\xE8=\xFF\xFF\xFFZ\x89ËE�YPh\xC4(��\xE8+\xFF\xFF\xFF\x89]Љƒ\xC4��\xB6�\x84\xC0t<\x8D\xB6 \x8D\xBF \x8BM
9M\xD4s�\x8B]�\x8BuԈ�
\xEB
-\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\xFFE\xD4\xFFEЋM\xD0�\xB6�\x84\xC0u\xD0\xC7E\xC8� \x83\xEC
R\x89U\xD0\xE8a\xA8\xFF\xFF\x89Ẽ\xC4�\xEB&\x90\x8Dt& \x8B]
9]\xD4s�\x8Bu�\xC6�'\x89\xF6\xFFE\xD4\xC7E\xD0\xC4(��\xC7E\xCC� \xC7E\xD8 \xE9I� \x8Dv \x8B}ȅ\xFFtL\x8Bu̅\xF6tE\x8BE؋]\xCC�\xD8;E�w8\xFC\x8BM؋u�\x8B}\xD0�M\xCC9\xC9\xF3\xA6�\x97\xC2�\x92\xC08\xC2u�\x8BE
9E\xD4s�\x8BU�\x8BM\xD4\xC6��\\x8D\xB6 \xFFEԋ]�\x8Bu\xD8�\xB6
�\xB6Ã\xE8�\x88]\xA8\x83\xF8w�\x87\x99� \xFF$\x85\xC0���\x83}���\x847� \x83}���\x85[� \x8BE\xC0�;E��\x83L� \x8BE�\x8BU|��?�\x85;� �\xBED��\x83\xE8!\x83\xF8
�\x87*� \xFF$\x85\xA0
-��\x83E\xD8�\x8BM�\x8B]\xD8�\xB6L
�\x88M\xA8\x8Bu
9u\xD4s�\x8BE�\x8BU\xD4\xC6��?\x8Dv \x8D\xBC' \xFFEԋM
9M\xD4s�\x8B]�\x8Bu\xD4\xC6�
\\x8Dt& \x8D\xBC' \xFFEԋE
9E\xD4�\x83\xE1 \x8BU�\x8BM\xD4\xC6��?\xE9\xD2 \x89\xF6\xB0a\xEB.\xB0b\xEB*\xB0f\xEB&\x8Dt& \xB0n\xEB�\xB0r\xEB�\xB0t\xEB
\x8Dt& \xB0v\xEB��\xB6E\xA8\x83}���\x84U� \x8BUȅ\xD2�\x84x� \x88E\xA8\xE9\x98� \x8B}\xFF�\x85e� \x83}���\x85[� \xE9(� \x90\x83}���\x84
� \x83}���\x85A� \x8B]
9]\xD4s�\x8Bu�\x8BE\xD4\xC6�0'\x8Dv \x8D\xBC' \xFFEԋU
9U\xD4s�\x8BM�\x8B]\xD4\xC6�
\\x8Dt& \x8D\xBC' \xFFEԋu
9u\xD4s�\x8BE�\x8BU\xD4\xC6��'\x8Dt& \x8D\xBC' \xFFE\xD4\xE9\xDD� \x8Buą\xF6t1�\xB6U\xA8\xC7E\xA4� \xA1\xC8>���\xB7�P\xC1\xE8�\x83\xE0�\x89E\xA0\xE9\xE2 \xC7E\xA0 \xE9\xD6 \x8Dv \x83}�\xFF\x8DM\xE0\x89M\x9C\xC7E\xE0 \xC7E\xE4 \xC7E\xA4 \xC7E\xA0� u�\x8B]�\x83\xEC
S谥\xFF\xFF\x89E�\x83\xC4�\x8D]܉]\x98\x8B}؋U\xA4\x8BM\x9C\x8BE��u�Q)\xF8�\xFEP\x8BE\x98VP賥\xFF\xFF\x89Ã\xC4�\x85\xDBti\x83\xFB\xFFt\x82\x83\xFB\xFEu0;}�\xC7E\xA0 sS\x80> tN\x89\xF8\x89\xF6\x8D\xBC' \xFFE\xA4@;E�s:\x8Bu�\x80<� u\xEE\xEB/\x8Bu܃\xEC
V\xE8\xE4\xA6\xFF\xFFY1҅\xC0�\x94\xC2�]\xA4J!U\xA0\x8BU\x9CR\xE8\\xA7\xFF\xFF\x83\xC4�\x85\xC0�\x84m\xFF\xFF\xFF\x83}\xA4�w�\x8BEȅ\xC0�\x84\xC1 \x8B}\xA0\x85\xFF�\x85\xB6 \x8BU؋u\xA4�\xF2\x89\xF6\x8D\xBC' \x8B]ȅ\xDBtd\x8BM\xA0\x85\xC9u]\x8BE
9E\xD4s
-\x8BM�\x8B]\xD4\xC6�
\\xFFEԋu
9u\xD4s��\xB6E\xA8\x8BM�\x8B]\xD4\xC0\xE8��0\x88�
\x8Dv \xFFEԋu
9u\xD4s��\xB6E\xA8\x8BM�\x8B]\xD4\xC0\xE8�$��0\x88�
\x90\xFFEԀe\xA8�\x80E\xA80\x8BE\xD8 at 9\xC2vp\x8Bu
9u\xD4s��\xB6M\xA8\x8B]�\x8BuԈ
\x90\x8D\xB4& \xFFEԉE؋M��\xB6��\x88E\xA8\xE9[\xFF\xFF\xFF\x8BEȅ\xC0t7�\xB6E\xA8�\xB6M\xA8\xC0\xE8��\xB6ЋE
\x83\xE1�\x83\xC0�\x8B�\x90\xD3\xF8\x83\xE0�t�\x8B]
9]\xD4s
\x8Bu�\x8BE\xD4\xC6�0\\x90\xFFEԋU
9U\xD4s��\xB6M\xA8\x8B]�\x8BuԈ
\x90\x8D\xB4& \xFFE\xD4\xFFE}�\xFFu
\x8BE�\x8BU<� \xEB�\x8BM�9M\xD8�\x85\x9C\xFB\xFF\xFF\x8B}Ѕ\xFFt5\xEB)\x8Dv \x8Bu
9u\xD4s�\x8BU�\x8BMԈ��\xEB
-\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\xFFE\xD4\xFFEЋ]\xD0�\xB6�\x84\xC0uЋu
9u\xD4s
-\x8BE�\x8BU\xD4\xC6�� \x8BE\xD4\xEB
\x8Bu
\x83\xEC�\x8B]�\x8BM�\x8BU
V\x8BE�j�SQRP\xE8\xEB\xF9\xFF\xFF\x8De\xF4[^_]Ív U\x89\xE5\x83\xEC�\x8BE�\x85\xC0u�\xB8`A��\x83\xEC�\x8BM�P\x8B�\x8BE�R\x8BU
P\x8BE�QRP\xE8\xB2\xF9\xFF\xFF\x89\xEC]Í\xB4& \x8D\xBC' U\x89\xE5WVS\x83\xEC
\x8B}�9=d<���\x87\x87 \x8D_�\x85ۍ4\xDD ~ \x89\xF0\xC1\xE8�9\xC3t�耢\xFF\xFF\x81=p<��h<��u#\x83\xEC
j�\xE8\xE6� \x8B�h<��\x8B
-l<��\x83\xC4�\xA3p<��\x89�\x89H�\x83\xEC�V\x8B5p<��V\xE8\xED� \x8B�d<��\x83\xC4
\xA3p<��)Ӎ
Ѝ�\xDD Pj Q\xE8~\xA4\xFF\xFF\x89=d<��\x83\xC4�\xA1p<��\x83\xEC
\x8BM�\x8BU
\x8B4\xF8\x8B\\xF8�Qj\xFFRVS\xE8�\xFF\xFF\xFF\x89ƒ\xC4 9\xD6wD\xA1p<��\x8Dr�\x83\xEC�\x894\xF81\xC0\x81\xFB`@���\x94\xC0VH!\xD8P\xE8u� \x8B�p<��\x89ËM
\x89\\xFA�\x8B}�XWj\xFFQVS\xE8\xB7\xFE\xFF\xFF\x83\xC4 \x8De\xF4\x89\xD8[^_]Ív \x8D\xBC' U\x89\xE5\x83\xEC
h`A��\x8BU
\x8BE�RP\xE8\xC8\xFE\xFF\xFF\x89\xEC]Ít& U\x89\xE5\x83\xEC�\x8BM�Qj \xE8\xCF\xFF\xFF\xFF\x89\xEC]Ít& \x8D\xBC' U\xB9� \x89\xE5W\x8D}\xBC\x8DU\xB8VS\x83\xEC@\x8BE
\xFC\x8B]�\x8Bu�\x89E\xB81\xC0\xF3\xABRSV\xE8s\xFE\xFF\xFF\x8De\xF4[^_]Ít& \x8D\xBC' U\x89\xE5\x83\xEC
\x8BU
\x8BE�RPj \xE8\xAB\xFF\xFF\xFF\x89\xEC]Í\xB4& U\xB9 \x89\xE5W\x8D}\xB8V\xBE`A��S\x83\xEC@\x8D]\xB8�\xBEE
j�\xFC\xF3\xA5PS\xE87\xF7\xFF\xFF\x8BM�\x83\xC4
SQj \xE8�\xFE\xFF\xFF\x8De\xF4[^_]\xC3U\x89\xE5\x83\xEC�j:\x8BE�P\xE8\xAF\xFF\xFF\xFF\x89\xEC]Ít& \x8D\xBC' U\x89\xE5VS\x8BU
\x8B]�\x8BM�\x85ҋE�\x8Bu�t�\x83\xEC
PQRh8+��S苟\xFF\xFF\x83\xC4 \xEB�\x89\xF6PQhD+��S\xE8w\x9F\xFF\xFF\x83\xC4�\x83\xEC�V\x83\xEC
j�hK+��j 菟\xFF\xFF\x83\xC4�PS\xE8U\x9F\xFF\xFFZYSj
-\xE8;\xA2\xFF\xFF^XS\x83\xEC�j�\x8B
-t<��Qj \xE8e\x9F\xFF\xFF\x83\xC4�P\xE8L\xA0\xFF\xFFXZSj
-\xE8�\xA2\xFF\xFF\x89]
\x83\xC4
j�h\xA0*��j \xE8>\x9F\xFF\xFF\x89E�\x83\xC4�\x8De\xF8[^]\xE9
\xA0\xFF\xFF\x89\xF6\x8D\xBC' U\x89\xE5\x83\xEC�\xA1|<��\x85\xC0t�\xFFЃ\xEC�j�h
��j \xE8�\x9F\xFF\xFF\x83\xC4�P\xA1x<��h*���j P茢\xFF\xFF\xC7�$� \xE8p\xA1\xFF\xFF\x8D\xB6 \x8D\xBF U\x89\xE5\x83\xEC�\x8BU�R\xE8E\x9F\xFF\xFF\x83\xC4�\x85\xC0u
-\xE8\x95\xFF\xFF\xFF\x90\x8Dt& \x89\xEC]Í\xB6 \x8D\xBF U\x89\xE5\x83\xEC�\x8BE
\x8BM�PQ\xE8!\xA0\xFF\xFF\x83\xC4�\x85\xC0u�\xE8a\xFF\xFF\xFF\x90\x89\xEC]Í\xB6 \x8D\xBF U\x89\xE5\x83\xEC�\x8BM
\x8BU�QR\xE8�\xA1\xFF\xFF\x83\xC4�\x85\xC0u�\xE81\xFF\xFF\xFF\x90\x89\xEC]Í\xB6 \x8D\xBF U\x89\xE5\x83\xEC�\x8BE�PP\xE84\x9F\xFF\xFF@\x89�$\xE8W\xFF\xFF\xFF\x89�$\xE8\xE3\xA1\xFF\xFF\x89\xEC]Ít& \x8D\xBC' U\x89\xE5V\x8Bu
S\x8B]�\x8B
�\xAFΉș\xF7\xFE\x89Ƹ� 93u�\x89
1\xC0[^]Ð\x8D\xB4& U\x89\xE5WVS\x83\xEC
\x8B]�\x8B}�\x8Bu
\xEB
\x83\xEC�VW\xE8\xB2\xFF\xFF\xFF\x83\xC4�\x85\xC0t
\xB8� \xEB
\x8Dt& K\x83\xFB\xFFu\xDE1\xC0\x8De\xF4[^_]\xC3U\x89\xE5WVS\x83\xEC
\x8Bu�\x8B}�\x83\xFE$v
h[+��j{hc+��h\x80+��芝\xFF\xFF\x8D\xB6 \x8BE
\x85\xC0\x89E\xE8u�\x8DU\xF0\x89U\xE8话\xFF\xFF\x89\xC3\xC7� j V\x8Bu\xE8VW\xE8Z\x9E\xFF\xFF\x8B�\x89ƃ\xC4�\x89u\xEC\x85\xDB�\x85{� \x8BE\xE8\x8B�\xB8� 9\xFB�\x84\x84� \x8BM�\x85\xC9u
\x8BU�1\xC0\x892\xE9q� \x80; �\x84^� \xC7E\xE4� \x8BU�\x83\xEC��\xBE�\xBF � PR\xE8n\x9C\xFF\xFF\x83\xC4�\x85\xC0u�\x8BE�\x890\xB8� \xE96� \x8Dt& \x8BE�\x83\xEC�j0P\xE8F\x9C\xFF\xFF\x83\xC4�\x85\xC0t'�\xB6C�<Bt�<Dt�\xEB�\xC7E\xE4� \xEB�\x8Dt& \xC7E\xE4� \xBF\xE8� �\xBE�\x83\xE8B\x83\xF85�\x87\xB9 \xFF$\x85@
��\x83\xEC�\x8DE\xECh � \xEBy\x90\x83\xEC�\x8DE\xECh � \xEBk\x8Dv 1\xC0\xE9\x9C \x83\xEC�\x8DE\xECj�\xEBw\x83\xEC�\x8DE\xECj�\xEBm\x90\x8Dt& \x83\xEC�\x8DE\xECj�\xEB^\x8D\xB6 \x83\xEC�\x8DE\xECj�\xEBN\x8D\xB6 \x83\xEC�\x8DE\xECj�\xEB>\x8D\xB6 \x83\xEC�\x8DE\xECj�\xEB.\x8D\xB6 \x83\xEC�\x8DE\xECj�P\xE8\xE2\xFD\xFF\xFF\x83\xC4�\xEB0\x83\xEC�\x8DE\xECj�\xEB
\x8Dv \x83\xEC�\x8DE\xECj�WP\xE8\xF1\xFD\xFF\xFF\x83\xC4�\xEB�\x8BE\xEC\x8BU�\x89�\xB8� \xEB�\x85\xC0t \xB8� \xEB�\x89\xF6\x8BU\xE4\x8BE\xE8��\x8BE\xEC\x8BU�\x89�1\xC0\x8De\xF4[^_]Í\xB6 U\x89\xE51\xD2V\x8Bu
S\x8B]�\x8B
�\xAFΉ\xC8\xF7\xF6\x89Ƹ� 93u�\x89
1\xC0[^]Í\xB4& U\x89\xE5WVS\x83\xEC
\x8B]�\x8B}�\x8Bu
\xEB
\x83\xEC�VW\xE8\xB2\xFF\xFF\xFF\x83\xC4�\x85\xC0t
\xB8� \xEB
\x!
8Dt& K\x83\xFB\xFFu\xDE1\xC0\x8De\xF4[^_]\xC3U\x89\xE5WVS\x83\xEC
\x8Bu�\x8B}�\x83\xFE$v
h\xA6+��j{hc+��h\x80+��\xE8
-\x9B\xFF\xFF\x8D\xB6 \x8BE
\x85\xC0\x89E\xE8u�\x8DU\xF0\x89U\xE8�\xB6�\x89\xFA\x8B
-\xC8>��\xF6DA� t�\x8D\xB4& \x8D\xBC' B�\xB6�\xF6DA� u\xF5\x80:-\xB8� �\x84\xC9� \xE8\xF6\x9A\xFF\xFF\x89\xC3\xC7� j V\x8Bu\xE8VW\xE8�\x9E\xFF\xFF\x8B�\x89ƃ\xC4�\x89u\xEC\x85\xDB�\x85\x82� \x8BE\xE8\x8B�\xB8� 9\xFB�\x84\x8B� \x8BM�\x85\xC9u�\x8BU�1\xC0\x892\xE9x� \x8D\xB6 \x80; �\x84_� \xC7E\xE4� \x8BU�\x83\xEC��\xBE�\xBF � PR诙\xFF\xFF\x83\xC4�\x85\xC0u�\x8BE�\x890\xB8� \xE97� \x90\x8Dt& \x8BE�\x83\xEC�j0P膙\xFF\xFF\x83\xC4�\x85\xC0t'�\xB6C�<Bt�<Dt�\xEB�\xC7E\xE4� \xEB�\x8Dt& \xC7E\xE4� \xBF\xE8� �\xBE�\x83\xE8B\x83\xF85�\x87\xB9 \xFF$\x85
��\x83\xEC�\x8DE\xECh � \xEBy\x90\x83\xEC�\x8DE\xECh � \xEBk\x8Dv 1\xC0\xE9\x9C \x83\xEC�\x8DE\xECj�\xEBw\x83\xEC�\x8DE\xECj�\xEBm\x90\x8Dt& \x83\xEC�\x8DE\xECj�\xEB^\x8D\xB6 \x83\xEC�\x8DE\xECj�\xEBN\x8D\xB6 \x83\xEC�\x8DE\xECj�\xEB>\x8D\xB6 \x83\xEC�\x8DE\xECj�\xEB.\x8D\xB6 \x83\xEC�\x8DE\xECj�P\xE8\xA2\xFD\xFF\xFF\x83\xC4�\xEB0\x83\xEC�\x8DE\xECj�\xEB
\x8Dv \x83\xEC�\x8DE\xECj�WP\xE8\xB1\xFD\xFF\xFF\x83\xC4�\xEB�\x8BE\xEC\x8BU�\x89�\xB8� \xEB�\x85\xC0t \xB8� \xEB�\x89\xF6\x8BU\xE4\x8BE\xE8��\x8BE\xEC\x8BU�\x89�1\xC0\x8De\xF4[^_]Í\xB6 U\x89\xE51\xC9WV\x83\xEC(\x8BE�\x8BU
\x89E\xF0\x8BE�\x89U\xF4\x8BU�\x8B}\xF4\x89ƋE\xF0\x85҉E\xE4u89\xFEv�\x89\xFA\xF7\xF6\x89\xC7\xE9\xBF \x8D\xB6 \x85\xF6u
\xB8� 1\xD2\xF7\xF1\x89Ɖ\xF8\x89\xCA\xF7\xF6\x89\xC1\x8BE\xE4\xF7\xF6\x89\xC7\xE9\x96 9\xFAv 1\xFF\xE9\x89 \x89\xF6�\xBDƒ\xF0�\x89E\xDCu�9\xD7w�1\xFF9u\xE4rq\xBF� \xEBj\x8Dv \xC7E\xE0 \x8BM܉\xF0\x89}\xD4\xD3\xE2)M\xE0�\xB6M\xE0\xD3\xE8�\xB6M\xDC ‹E\xE4\x89U\xD8\xD3\xE6�\xB6M\xE0\xD3m\xD4�\xB6M܋U\xD4\xD3\xE7�\xB6M\xE0\x89}\xD0\xD3\xE8�\xB6M\xDC EЋE\xD0\xF7u\xD8\xD3e\xE4\x89lj\xD1\xF7\xE69ʉ\xC6w 9\xCAu�;u\xE4v�O1ɉ}\xE8\x8BE\xE8\x89M\xEC\x8BU\xEC\x83\xC4(^_]Ít& U\x89\xE5W\x8DM\xF0V\x83\xEC8\x89M\xE4\x8BE�\x8BU
\x89E\xE8\x8BE�\x89U\xEC\x8BU�\x8Bu\xEC\x89EċE\xE8\x89ׅ\xFF\x89E\xD4u^9u\xC4v \x89\xF2\xF7u\xC4\xEB#\!
x89\xF6\x8BUą\xD2u
-\xB8� 1\xD2\xF7uĉEĉ\xF0\x89\xFA\xF7uċE\xD4\xF7uĉUԋE\xE4\x85\xC0�\x84(� \xC7E\xDC \x8BEԋM܉E؋E\xE4\x8BU؉H�\x89�\xE9�� \x909\xF7v
\x89u܋U\xE8\x89U؋U܋E؉U\xF4\x89E\xF0\xE9\xE9 \x89\xF6�\xBDǃ\xF0�\x89E\xCCu69\xFEw�\x8BU\xC49U\xD4r
\x8BE\xD4+E\xC4�\xFE\x89Eԋ}\xE4\x85\xFF�\x84\xBA \x89u܋UԋM\xE4\x89U؋U\xDC\xE9\x9E \xC7E\xD0 \x8BẺ\xF2)EЈ\xC1\x8BE\xC4\xD3\xE7�\xB6M\xD0\xD3\xE8�\xB6M\xCC NjE\xD4\xD3e\xC4�\xB6M\xD0\xD3\xEA�\xB6M\xCC\xD3\xE6�\xB6M\xD0\xD3\xE8�\xB6M\xCC Ɖ\xF0\xF7\xF7\x89\xD6\xF7e\xC4\xD3e\xD49\xF2\x89E\xC0w
9\xF2u�\x8BE\xD49E\xC0v
\x8BM\xC0+M\xC4�\xFA\x89M\xC0\x8BM\xE4\x85\xC9t5�\xB6MЋE\xD4+E\xC0�։Eԉ\xF0\xD3\xE0�\xB6M\xCC\xD3\xEE\xD3mԋM\xE4\x89u܋U\xD4 ЋU܉E؋E؉Q�\x89�\x8BE\xF0\x8BU\xF4\x83\xC48^_]Í\xB6 \x8D\xBF \x8B
$\xC3U\x89\xE5WVS\x83\xEC
\xE8\xEE\xFF\xFF\xFF\x81\xC3\xE2@ \xDDE�݃
\xEF\xFF\xFF\xD9\xC9\xDD\xE1\xDF\xE0\xDDـ\xE4E\x80\xFC�u�\xDD\xD81\xC01\xD2\xE9\xA7 \x8Dt& \xD9\xC0܋$\xEF\xFF\xFF\xD9}\xEC\x8BM\xEC\xC6E\xED
\xD9m\xEC\x89M\xEC\xDF}\xE0\xD9m\xEC\x8BE\xE0\x89Ɖ\xF71\xF6WV\xDF,$^_\x85\xFFy�۫\xFC\xEC\xFF\xFF\xDE\xC1\xDD]\xD8\xDDE\xD8\xDE\xE9݃
\xEF\xFF\xFF\xD9\xC9\xDD\xE1\xDF\xE0\xDDـ\xE4E\x80\xFC�u(\xD9\xE01\xD2\xD9}\xEC\x8BM\xEC\xC6E\xED
\xD9m\xEC\x89M\xEC\xDF}\xE0\xD9m\xEC\x8BE\xE0)\xC6�\xD7\xEB$\x90\x8Dt& \xD9}\xEC\x8BM\xEC\xC6E\xED
\xD9m\xEC\x89M\xEC\xDF}\xE0\xD9m\xEC\x8BE\xE01\xD2�\xC6�\xF0\x89\xFA\x83\xC4
[^_]Ð\x8Dt& U\x89\xE5SR\xE8 [\x81\xC3\xFA? P\x8B\x834� 1҅\xC0t�\x8B�Rj \xFFu�\xE8)\x95\xFF\xFF\x83\xC4�\x8B]\xFC\xC9Ð\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90U\x89\xE5S\x83\xEC�\xA1\x84<��\xBB\x84<��\x83\xF8\xFFt�\x8Dv \x8D\xBC' \x83\xEB�\xFFЋ�\x83\xF8\xFFu\xF4X[]\xC3U\x89\xE5\x83\xEC�\x89\xEC]Í\xB6 U\x89\xE5SR\xE8 [\x81\xC3z? \x8Dv 跘\xFF\xFF\x8B]\xFC\xC9\xC3 � � � ����
-��� ��� � � ?���<���9���6���3���0���-���*���'���$���!���
���m)���������� \xE1��� a X��� b N��� d H��� D >��� \x83 /��� h )��� i ���� k ���� n ���� G \xF3��� q \xEB��� r \xCB)�� s \xE5���� w \xDA��� A \xCB��� B
-��� F ��� p \xC8��� \x87 \xC1���� I \xAF���� \x84 \xB5��� L \xAD��� N \xA2��� Q \xC1���� \x85 \x98��� R \x96���� \x82 \x85��� \x86 \x88���� \x88 }���� T C���� \x89 \x9F���� \x81 r���� \x80 m��� ~\xFF\xFF\xFFe��� }\xFF\xFF\xFF \x94���\x8F���\x88���}���v���m���_��� � � � � � ����C���\xCB)��\x9C���e��� � � � � \xBE���\xB7���\xB3���\xAD���\xA6��� � � � � � 2*��\xDC���\xD6���\xD0���6�������\xCB���\xC7���\xC4��� � � � � � � `\xA4��X\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xB3\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4!
��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4���\xA2��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\x90\xA0��\xA8\xA0��Ơ��֠��\xA6\xA4��\xE5\xA0��\xF5\xA0�� \x9F���\xA1��\xA6\xA4��\xA6\xA4�� \xA1��\xA6\xA4��0\xA1��\xA6\xA4��\xA6\xA4��A\xA1��R\xA1��b\xA1��\x80\xA1��\xE3\xA1��\xA6\xA4��\xA6\xA4��\xF7\xA1��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��G\x9E��a\x9E��r\x9E��\x82\x9E��\xA6\xA4��\x92\x9E��\xB3\xA4��\xF0\x9E��1\x9F��\xA6\xA4��@\x9F��P\x9F��`\x9F��p\x9F��\x80\x9F��\x98\x9F��\xA8\x9F��\xB7\x9F��ǟ��ן��\xF0\x9F�� \xA0���\xA0��\x80\xA0��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��\xA6\xA4��@\xA4���\xA3��\xB0\xA2��\xF0\xA2��\xB0\xA3��\xF0\xA3��0\xA4��!\x9F��0\xA2��t\xA2�� 0\xA6��\x80\xA6��!\xA7��@\xA7��\x88\xA7�� \xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7��\x90\xA6��\x90\xA6��\x90\xA6��\x90\xA6��\x90\xA6��\x90\xA6��\x90\xA6��\x90\xA6���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7��\xF0\xA6���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7��\xA0\xA6���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7��\xF7\xA6���\xA7��\xB0\xA6��\xB7\xA6���\xA7���\xA7��\xC0\xA6��!
Ǧ���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7���\xA7��Ц���\xA7���\xA7���\xA7��צ���\xA7��\xE0\xA6���\xA7��\xE7\xA6���\xA7��\xA0\xA6�� R\xA7��R\xA7��R\xA7��R\xA7��R\xA7��R\xA7��R\xA7��R\xA7��R\xA7��R\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��p\xA7��p\xA7��p\xA7��p\xA7��p\xA7��p\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��\x80\xA7��`\xA7��`\xA7��`\xA7��`\xA7��`\xA7��`\xA7�� \xA5\xB8��&\xB8��@\xB8��\xB0\xB7��V\xB8��p\xB8�� \x80\xBD���\xBD��T\xBD��d\xBD��t\xBD�� kMGTPEZY /���\xC8��� \xFC\xFF\xFF�\xFC\xFF\xFF\xAD���9*��,*��2)��X���\xF0���$*�� � � � � � � `\xEA��\xA0\xE9��\xC6\xE9��\xD2\xE9��\xD2\xE9�� \xC0\xEB��\xC4\xEB��\xD8\xEB��\xD0\xEB��\xE0\xEB��\xC8\xEB��\xD4\xEB��\x98\xEC��\x98\xEC��\x98\xEC��\x98\xEC��\x98\xEC��\x98\xEC��\x98\xEC��\x98\xEC��\x98\xEC��\x98\xEC��\x98\xEC��\x98\xEC��\x98\xEC��\x98\xEC��\x98\xEC��\x98\xEC��\x98\xEC��\x98\xEC���\xEC���\xEC���\xEC���\xEC���\xEC��u\xEE���\xEC�� \xEC���\xEC���\xEC���\xEC��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE���\xEC���\xEC��u\xEE���\xEC���\xEB��\x98\xEC��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE���\xEC��\xE4\xEB��u\xEE���\xEC��u\xEE���\xEC��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE���\xEC��u\xEE���\xEC��R\xEB��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��R\xEB��R\xEB��R\xEB��u\xEE��u\xEE��u\xEE��R\xEB��u\xEE��R\xEB��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��u\xEE��R\xEB��R\xEB��R\!
xEB�� memory exhausted @\xF5��\xE4\xF5��\xE4\xF5��W\xF5��\xE4\xF5��a\xF5��\xE4\xF5��\xE4\xF5��\xE4\xF5��\xE4\xF5��\xE4\xF5��\x80\xF5��\xE4\xF5��\xE4\xF5��\x90\xF5��\xE4\xF5��\xE4\xF5��\xE4\xF5��\xA0\xF5��\xE4\xF5��\xE4\xF5��\xE4\xF5��\xE4\xF5��\xC3\xF5��\xD0\xF5��\xE4\xF5��\xE4\xF5��\xE4\xF5��\xE4\xF5��\xE4\xF5��\xE4\xF5��\xE4\xF5��2\xF5��P\xF5��\xE4\xF5��\xE4\xF5��\xE4\xF5��a\xF5��\xE4\xF5��\xE4\xF5��\xE4\xF5��p\xF5��\xE4\xF5��\x80\xF5��\xE4\xF5��\xE4\xF5��\xE4\xF5��\xE4\xF5��\xE4\xF5��\xE4\xF5��\xA0\xF5��\xE4\xF5��\xE4\xF5��\xB0\xF5�� \xF8��\xA4\xF8��\xA4\xF8���\xF8��\xA4\xF8��!\xF8��\xA4\xF8��\xA4\xF8��\xA4\xF8��\xA4\xF8��\xA4\xF8��@\xF8��\xA4\xF8��\xA4\xF8��P\xF8��\xA4\xF8��\xA4\xF8��\xA4\xF8��`\xF8��\xA4\xF8��\xA4\xF8��\xA4\xF8��\xA4\xF8��\x83\xF8��\x90\xF8��\xA4\xF8��\xA4\xF8��\xA4\xF8��\xA4\xF8��\xA4\xF8��\xA4\xF8��\xA4\xF8��\xF2\xF7���\xF8��\xA4\xF8��\xA4\xF8��\xA4\xF8��!\xF8��\xA4\xF8��\xA4\xF8��\xA4\xF8��0\xF8��\xA4\xF8��@\xF8��\xA4\xF8��\xA4\xF8��\xA4\xF8��\xA4\xF8��\xA4\xF8��\xA4\xF8��`\xF8��\xA4\xF8��\xA4\xF8��p\xF8�� ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������file-type classify none do ex mi cd bd so pi ln di fi no ec rc lc 01;32 01;33 01;35 01;36 01;34 m �[ version help block-size tabsize show-control-chars recursive quote-name literal dereference ignore si ignore-backups almost-all width reverse hide-control-chars no-group numeric-uid-gid kilobytes inode human-readable full-time dired directory escape single-column vertical across horizontal commas long verbose extension status ctime use access atime!
if-tty auto never force yes %d /usr/share/locale fileutils . //DIRED// //SUBDIRED// QUOTING_STYLE LS_BLOCK_SIZE COLUMNS POSIXLY_CORRECT TABSIZE invalid line width: %s .*~ invalid tab size: %s --sort --time --format --color TERM md --indicator-style --quoting-style 4.1 vdir *=@| %a %b %d %H:%M:%S %Y %b %e %Y %b %e %H:%M LS_COLORS ?? unrecognized prefix: %s target :
- total %*s %s %3u %-8.8s %-8u %3u, %3u %8s - %*s%s -> //DIRED-OPTIONS// --quoting-style=%s
- ignoring invalid width in environment variable COLUMNS: %s ignoring invalid tab size in environment variable TABSIZE: %s abcdfghiklmnopqrstuvw:xABCDFGHI:LNQRST:UX1 Warning: the meaning of `-H' will change in the future to conform to POSIX.
-Use `--si' for the old meaning. Richard Stallman and David MacKenzie unparsable value for LS_COLORS environment variable Try `%s --help' for more information.
- Usage: %s [OPTION]... [FILE]...
- List information about the FILEs (the current directory by default).
-Sort entries alphabetically if none of -cftuSUX nor --sort.
-
- -a, --all do not hide entries starting with .
- -A, --almost-all do not list implied . and ..
- -b, --escape print octal escapes for nongraphic characters
- --block-size=SIZE use SIZE-byte blocks
- -B, --ignore-backups do not list implied entries ending with ~
- -c with -lt: sort by, and show, ctime (time of last
- modification of file status information)
- with -l: show ctime and sort by name
- otherwise: sort by ctime
- -C list entries by columns
- --color[=WHEN] control whether color is used to distinguish file
- types. WHEN may be `never', `always', or `auto'
- -d, --directory list directory entries instead of contents
- -D, --dired generate output designed for Emacs' dired mode
- -f do not sort, enable -aU, disable -lst
- -F, --classify append indicator (one of */=@|) to entries
- --format=WORD across -x, commas -m, horizontal -x, long -l,
- single-column -1, verbose -l, vertical -C
- --full-time list both full date and full time
- -g (ignored)
- -G, --no-group inhibit display of group information
- -h, --human-readable print sizes in human readable format (e.g., 1K 234M 2G)
- --si likewise, but use powers of 1000 not 1024
- -H same as `--si' for now; soon to change
- to conform to POSIX
- --indicator-style=WORD append indicator with style WORD to entry names:
- none (default), classify (-F), file-type (-p)
- -i, --inode print index number of each file
- -I, --ignore=PATTERN do not list implied entries matching shell PATTERN
- -k, --kilobytes like --block-size=1024
- -l use a long listing format
- -L, --dereference list entries pointed to by symbolic links
- -m fill width with a comma separated list of entries
- -n, --numeric-uid-gid list numeric UIDs and GIDs instead of names
- -N, --literal print raw entry names (don't treat e.g. control
- characters specially)
- -o use long listing format without group info
- -p, --file-type append indicator (one of /=@|) to entries
- -q, --hide-control-chars print ? instead of non graphic characters
- --show-control-chars show non graphic characters as-is (default
- unless program is `ls' and output is a terminal)
- -Q, --quote-name enclose entry names in double quotes
- --quoting-style=WORD use quoting style WORD for entry names:
- literal, locale, shell, shell-always, c, escape
- -r, --reverse reverse order while sorting
- -R, --recursive list subdirectories recursively
- -s, --size print size of each file, in blocks
- -S sort by file size
- --sort=WORD extension -X, none -U, size -S, time -t,
- version -v
- status -c, time -t, atime -u, access -u, use -u
- --time=WORD show time as WORD instead of modification time:
- atime, access, use, ctime or status; use
- specified time as sort key if --sort=time
- -t sort by modification time
- -T, --tabsize=COLS assume tab stops at each COLS instead of 8
- -u with -lt: sort by, and show, access time
- with -l: show access time and sort by name
- otherwise: sort by access time
- -U do not sort; list entries in directory order
- -v sort by version
- -w, --width=COLS assume screen width instead of current value
- -x list entries by lines instead of by columns
- -X sort alphabetically by entry extension
- -1 list one file per line
- --help display this help and exit
- --version output version information and exit
-
-By default, color is not used to distinguish types of files. That is
-equivalent to using --color=none. Using the --color option without the
-optional WHEN argument is equivalent to using --color=always. With
---color=auto, color codes are output only if standard output is connected
-to a terminal (tty).
-
-Report bugs to <bug-fileutils at gnu.org>. invalid argument %s for `%s' Valid arguments are:
- - `%s' , `%s' ambiguous argument %s for `%s' base_name basename.c all_slashes || !((*(p - 1)) == '/') write error %s: %s \xF0C $@ \x80?@ %.0f %.1f%c %.0f%c eEgGkKmMpPtTyYzZ0 block size invalid %s `%s' %s `%s' too large invalid character following %s `%s' clocale shell-always shell " ` Copyright (C) 2001 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO
-warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
- %s (%s) %s
- %s %s
- Written by %s.
- xstrtol xstrtol.c 0 <= strtol_base && strtol_base <= 36 xstrtoul \xF0= \x90<�� \x80\xFF\xFF\xFF\xFF� b���� `��� � \xC3)��� \xC3)��� Z���� T���� K���� N���� H���� H��� � B���� N��� \xFF\xFF\xFF\xFF� \xD4��� � � `@��h<��`*��� \xFF\xFF\xFF\xFF \xFF\xFF\xFF\xFF \xD0=�� \xEA\x90��\xFA\x90��
-\x91���\x91��*\x91��:\x91��J\x91��Z\x91��j\x91��z\x91��\x8A\x91��\x9A\x91��\xAA\x91��\xBA\x91��ʑ��ڑ��\xEA\x91��\xFA\x91��
-\x92���\x92��*\x92��:\x92��J\x92��Z\x92��j\x92��z\x92��\x8A\x92��\x9A\x92��\xAA\x92��\xBA\x92��ʒ��ڒ��\xEA\x92��\xFA\x92��
-\x93���\x93��*\x93��:\x93��J\x93��Z\x93��j\x93��z\x93��\x8A\x93��\x9A\x93��\xAA\x93��\xBA\x93��ʓ��ړ��\xEA\x93��\xFA\x93��
-\x94���\x94��*\x94��:\x94��J\x94��Z\x94��j\x94��z\x94��\x8A\x94��\x9A\x94��\xAA\x94��\xBA\x94��ʔ��ڔ��\xEA\x94��\xFA\x94��
-\x95���\x95��*\x95��:\x95��J\x95��Z\x95��j\x95��z\x95�� � � � [
\xBC\x90��
- �\xFD��� (\x81��� X\x89��� \xA8\x83��
- \x8F�
� � � \x94<��� P� � � � l\x8E��� 4\x8E��� 8 � � \xFE\xFF\xFFoԍ��\xFF\xFF\xFFo� \xF0\xFF\xFFo
\x8D�� .symtab .strtab .shstrtab .interp .note.ABI-tag .hash .dynsym .dynstr .gnu.version .gnu.version_r .rel.got .rel.bss .rel.plt .init .plt .text .fini .rodata .data .eh_frame .ctors .dtors .got .dynamic .sbss .bss � � � \xF4\x80��\xF4 � � # � � �\x81���� � 1 � � (\x81��(� \x80� � � � 7
� \xA8\x83��\xA8� \xB0� � � � � ? � � X\x89��X \xC5� � G \xFF\xFF\xFFo�
\x8D��
- \xB6 � � � T \xFE\xFF\xFFo� ԍ��\xD4
- ` � � � c � 4\x8E��4� � � � � � l � D\x8E��D� ( � � � � u � l\x8E��l� P� �
� � ~ � � \xBC\x90��\xBC� � � \x84 � � Ԑ��\xD4� \xB0� � � \x89 � � \x90\x95��\x90� \x80g � \x8F � � �\xFD���}
� \x95 � � @\xFD��@} \x80. \x9D � � \xC0;��\xC0\xAB \xC0 � \xA3 � � \x80<��\x80\xAC � � \xAD � � \x84<��\x84\xAC � � \xB4 � � \x8C<��\x8C\xAC � � \xBB � � \x94<��\x94\xAC <� � � \xC0 � � \xD0=��Э \xD8 � � � \xC9 � � \xA8>��\xC0\xAE � \xCF � � \xC0>��\xC0\xAE \xE4� � � \xC0\xAE \xD4 �
\ No newline at end of file
Index: vendor-crypto/openssh/dist/regress/dsa_ssh2.prv
===================================================================
--- vendor-crypto/openssh/dist/regress/dsa_ssh2.prv 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/dsa_ssh2.prv 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/regress/dsa_ssh2.prv
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Index: vendor-crypto/openssh/dist/regress/dsa_ssh2.pub
===================================================================
--- vendor-crypto/openssh/dist/regress/dsa_ssh2.pub 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/dsa_ssh2.pub 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/regress/dsa_ssh2.pub
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/regress/dynamic-forward.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/dynamic-forward.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/dynamic-forward.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-# $OpenBSD: dynamic-forward.sh,v 1.4 2004/06/22 22:55:56 dtucker Exp $
+# $OpenBSD: dynamic-forward.sh,v 1.10 2013/05/17 04:29:14 dtucker Exp $
# Placed in the Public Domain.
tid="dynamic forwarding"
@@ -5,8 +5,6 @@
FWDPORT=`expr $PORT + 1`
-DATA=/bin/ls${EXEEXT}
-
if have_prog nc && nc -h 2>&1 | grep "proxy address" >/dev/null; then
proxycmd="nc -x 127.0.0.1:$FWDPORT -X"
elif have_prog connect; then
@@ -20,9 +18,23 @@
start_sshd
for p in 1 2; do
+ n=0
+ error="1"
trace "start dynamic forwarding, fork to background"
- ${SSH} -$p -F $OBJ/ssh_config -f -D $FWDPORT -q somehost \
- exec sh -c \'"echo \$\$ > $OBJ/remote_pid; exec sleep 444"\'
+ while [ "$error" -ne 0 -a "$n" -lt 3 ]; do
+ n=`expr $n + 1`
+ ${SSH} -$p -F $OBJ/ssh_config -f -D $FWDPORT -q \
+ -oExitOnForwardFailure=yes somehost exec sh -c \
+ \'"echo \$\$ > $OBJ/remote_pid; exec sleep 444"\'
+ error=$?
+ if [ "$error" -ne 0 ]; then
+ trace "forward failed proto $p attempt $n err $error"
+ sleep $n
+ fi
+ done
+ if [ "$error" -ne 0 ]; then
+ fatal "failed to start dynamic forwarding proto $p"
+ fi
for s in 4 5; do
for h in 127.0.0.1 localhost; do
@@ -44,7 +56,4 @@
else
fail "no pid file: $OBJ/remote_pid"
fi
-
- # Must allow time for connection tear-down
- sleep 2
done
Property changes on: vendor-crypto/openssh/dist/regress/dynamic-forward.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Index: vendor-crypto/openssh/dist/regress/envpass.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/envpass.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/envpass.sh 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/regress/envpass.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Index: vendor-crypto/openssh/dist/regress/exit-status.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/exit-status.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/exit-status.sh 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/regress/exit-status.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/regress/forcecommand.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/forcecommand.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/forcecommand.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-# $OpenBSD: forcecommand.sh,v 1.1 2006/07/19 13:09:28 dtucker Exp $
+# $OpenBSD: forcecommand.sh,v 1.2 2013/05/17 00:37:40 dtucker Exp $
# Placed in the Public Domain.
tid="forced command"
@@ -5,9 +5,9 @@
cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
-echon 'command="true" ' >$OBJ/authorized_keys_$USER
+printf 'command="true" ' >$OBJ/authorized_keys_$USER
cat $OBJ/rsa.pub >> $OBJ/authorized_keys_$USER
-echon 'command="true" ' >>$OBJ/authorized_keys_$USER
+printf 'command="true" ' >>$OBJ/authorized_keys_$USER
cat $OBJ/rsa1.pub >> $OBJ/authorized_keys_$USER
for p in 1 2; do
@@ -16,9 +16,9 @@
fail "forced command in key proto $p"
done
-echon 'command="false" ' >$OBJ/authorized_keys_$USER
+printf 'command="false" ' >$OBJ/authorized_keys_$USER
cat $OBJ/rsa.pub >> $OBJ/authorized_keys_$USER
-echon 'command="false" ' >>$OBJ/authorized_keys_$USER
+printf 'command="false" ' >>$OBJ/authorized_keys_$USER
cat $OBJ/rsa1.pub >> $OBJ/authorized_keys_$USER
cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
Property changes on: vendor-crypto/openssh/dist/regress/forcecommand.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Added: vendor-crypto/openssh/dist/regress/forward-control.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/forward-control.sh (rev 0)
+++ vendor-crypto/openssh/dist/regress/forward-control.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,168 @@
+# $OpenBSD: forward-control.sh,v 1.1 2012/12/02 20:47:48 djm Exp $
+# Placed in the Public Domain.
+
+tid="sshd control of local and remote forwarding"
+
+LFWD_PORT=3320
+RFWD_PORT=3321
+CTL=$OBJ/ctl-sock
+READY=$OBJ/ready
+
+wait_for_file_to_appear() {
+ _path=$1
+ _n=0
+ while test ! -f $_path ; do
+ test $_n -eq 1 && trace "waiting for $_path to appear"
+ _n=`expr $_n + 1`
+ test $_n -ge 20 && return 1
+ sleep 1
+ done
+ return 0
+}
+
+wait_for_process_to_exit() {
+ _pid=$1
+ _n=0
+ while kill -0 $_pid 2>/dev/null ; do
+ test $_n -eq 1 && trace "waiting for $_pid to exit"
+ _n=`expr $_n + 1`
+ test $_n -ge 20 && return 1
+ sleep 1
+ done
+ return 0
+}
+
+# usage: check_lfwd protocol Y|N message
+check_lfwd() {
+ _proto=$1
+ _expected=$2
+ _message=$3
+ rm -f $READY
+ ${SSH} -oProtocol=$_proto -F $OBJ/ssh_proxy \
+ -L$LFWD_PORT:127.0.0.1:$PORT \
+ -o ExitOnForwardFailure=yes \
+ -n host exec sh -c \'"sleep 60 & echo \$! > $READY ; wait "\' \
+ >/dev/null 2>&1 &
+ _sshpid=$!
+ wait_for_file_to_appear $READY || \
+ fatal "check_lfwd ssh fail: $_message"
+ ${SSH} -F $OBJ/ssh_config -p $LFWD_PORT \
+ -oConnectionAttempts=4 host true >/dev/null 2>&1
+ _result=$?
+ kill $_sshpid `cat $READY` 2>/dev/null
+ wait_for_process_to_exit $_sshpid
+ if test "x$_expected" = "xY" -a $_result -ne 0 ; then
+ fail "check_lfwd failed (expecting success): $_message"
+ elif test "x$_expected" = "xN" -a $_result -eq 0 ; then
+ fail "check_lfwd succeeded (expecting failure): $_message"
+ elif test "x$_expected" != "xY" -a "x$_expected" != "xN" ; then
+ fatal "check_lfwd invalid argument \"$_expected\""
+ else
+ verbose "check_lfwd done (expecting $_expected): $_message"
+ fi
+}
+
+# usage: check_rfwd protocol Y|N message
+check_rfwd() {
+ _proto=$1
+ _expected=$2
+ _message=$3
+ rm -f $READY
+ ${SSH} -oProtocol=$_proto -F $OBJ/ssh_proxy \
+ -R$RFWD_PORT:127.0.0.1:$PORT \
+ -o ExitOnForwardFailure=yes \
+ -n host exec sh -c \'"sleep 60 & echo \$! > $READY ; wait "\' \
+ >/dev/null 2>&1 &
+ _sshpid=$!
+ wait_for_file_to_appear $READY
+ _result=$?
+ if test $_result -eq 0 ; then
+ ${SSH} -F $OBJ/ssh_config -p $RFWD_PORT \
+ -oConnectionAttempts=4 host true >/dev/null 2>&1
+ _result=$?
+ kill $_sshpid `cat $READY` 2>/dev/null
+ wait_for_process_to_exit $_sshpid
+ fi
+ if test "x$_expected" = "xY" -a $_result -ne 0 ; then
+ fail "check_rfwd failed (expecting success): $_message"
+ elif test "x$_expected" = "xN" -a $_result -eq 0 ; then
+ fail "check_rfwd succeeded (expecting failure): $_message"
+ elif test "x$_expected" != "xY" -a "x$_expected" != "xN" ; then
+ fatal "check_rfwd invalid argument \"$_expected\""
+ else
+ verbose "check_rfwd done (expecting $_expected): $_message"
+ fi
+}
+
+start_sshd
+cp ${OBJ}/sshd_proxy ${OBJ}/sshd_proxy.bak
+cp ${OBJ}/authorized_keys_${USER} ${OBJ}/authorized_keys_${USER}.bak
+
+# Sanity check: ensure the default config allows forwarding
+for p in 1 2 ; do
+ check_lfwd $p Y "proto $p, default configuration"
+ check_rfwd $p Y "proto $p, default configuration"
+done
+
+# Usage: all_tests yes|local|remote|no Y|N Y|N Y|N Y|N Y|N Y|N
+all_tests() {
+ _tcpfwd=$1
+ _plain_lfwd=$2
+ _plain_rfwd=$3
+ _nopermit_lfwd=$4
+ _nopermit_rfwd=$5
+ _permit_lfwd=$6
+ _permit_rfwd=$7
+ _badfwd=127.0.0.1:22
+ _goodfwd=127.0.0.1:${PORT}
+ for _proto in 1 2 ; do
+ cp ${OBJ}/authorized_keys_${USER}.bak \
+ ${OBJ}/authorized_keys_${USER}
+ _prefix="proto $_proto, AllowTcpForwarding=$_tcpfwd"
+ # No PermitOpen
+ ( cat ${OBJ}/sshd_proxy.bak ;
+ echo "AllowTcpForwarding $_tcpfwd" ) \
+ > ${OBJ}/sshd_proxy
+ check_lfwd $_proto $_plain_lfwd "$_prefix"
+ check_rfwd $_proto $_plain_rfwd "$_prefix"
+ # PermitOpen via sshd_config that doesn't match
+ ( cat ${OBJ}/sshd_proxy.bak ;
+ echo "AllowTcpForwarding $_tcpfwd" ;
+ echo "PermitOpen $_badfwd" ) \
+ > ${OBJ}/sshd_proxy
+ check_lfwd $_proto $_nopermit_lfwd "$_prefix, !PermitOpen"
+ check_rfwd $_proto $_nopermit_rfwd "$_prefix, !PermitOpen"
+ # PermitOpen via sshd_config that does match
+ ( cat ${OBJ}/sshd_proxy.bak ;
+ echo "AllowTcpForwarding $_tcpfwd" ;
+ echo "PermitOpen $_badfwd $_goodfwd" ) \
+ > ${OBJ}/sshd_proxy
+ # NB. permitopen via authorized_keys should have same
+ # success/fail as via sshd_config
+ # permitopen via authorized_keys that doesn't match
+ sed "s/^/permitopen=\"$_badfwd\" /" \
+ < ${OBJ}/authorized_keys_${USER}.bak \
+ > ${OBJ}/authorized_keys_${USER} || fatal "sed 1 fail"
+ ( cat ${OBJ}/sshd_proxy.bak ;
+ echo "AllowTcpForwarding $_tcpfwd" ) \
+ > ${OBJ}/sshd_proxy
+ check_lfwd $_proto $_nopermit_lfwd "$_prefix, !permitopen"
+ check_rfwd $_proto $_nopermit_rfwd "$_prefix, !permitopen"
+ # permitopen via authorized_keys that does match
+ sed "s/^/permitopen=\"$_badfwd\",permitopen=\"$_goodfwd\" /" \
+ < ${OBJ}/authorized_keys_${USER}.bak \
+ > ${OBJ}/authorized_keys_${USER} || fatal "sed 2 fail"
+ ( cat ${OBJ}/sshd_proxy.bak ;
+ echo "AllowTcpForwarding $_tcpfwd" ) \
+ > ${OBJ}/sshd_proxy
+ check_lfwd $_proto $_permit_lfwd "$_prefix, permitopen"
+ check_rfwd $_proto $_permit_rfwd "$_prefix, permitopen"
+ done
+}
+
+# no-permitopen mismatch-permitopen match-permitopen
+# AllowTcpForwarding local remote local remote local remote
+all_tests yes Y Y N Y Y Y
+all_tests local Y N N N Y N
+all_tests remote N Y N Y N Y
+all_tests no N N N N N N
Modified: vendor-crypto/openssh/dist/regress/forwarding.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/forwarding.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/forwarding.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,7 +1,8 @@
-# $OpenBSD: forwarding.sh,v 1.7 2010/01/11 02:53:44 dtucker Exp $
+# $OpenBSD: forwarding.sh,v 1.11 2013/06/10 21:56:43 dtucker Exp $
# Placed in the Public Domain.
tid="local and remote forwarding"
+
DATA=/bin/ls${EXEEXT}
start_sshd
@@ -26,9 +27,9 @@
trace "transfer over forwarded channels and check result"
${SSH} -$q -F $OBJ/ssh_config -p$last -o 'ConnectionAttempts=4' \
- somehost cat $DATA > $OBJ/ls.copy
- test -f $OBJ/ls.copy || fail "failed copy $DATA"
- cmp $DATA $OBJ/ls.copy || fail "corrupted copy of $DATA"
+ somehost cat ${DATA} > ${COPY}
+ test -f ${COPY} || fail "failed copy of ${DATA}"
+ cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}"
sleep 10
done
@@ -75,7 +76,7 @@
else
# this one should fail
${SSH} -$p -F $OBJ/ssh_config -p ${base}01 true \
- 2>${TEST_SSH_LOGFILE} && \
+ >>$TEST_REGRESS_LOGFILE 2>&1 && \
fail "local forwarding not cleared"
fi
sleep 10
@@ -88,7 +89,7 @@
else
# this one should fail
${SSH} -$p -F $OBJ/ssh_config -p ${base}01 true \
- 2>${TEST_SSH_LOGFILE} && \
+ >>$TEST_REGRESS_LOGFILE 2>&1 && \
fail "remote forwarding not cleared"
fi
sleep 10
@@ -103,3 +104,18 @@
fail "stdio forwarding proto $p"
fi
done
+
+echo "LocalForward ${base}01 127.0.0.1:$PORT" >> $OBJ/ssh_config
+echo "RemoteForward ${base}02 127.0.0.1:${base}01" >> $OBJ/ssh_config
+for p in 1 2; do
+ trace "config file: start forwarding, fork to background"
+ ${SSH} -$p -F $OBJ/ssh_config -f somehost sleep 10
+
+ trace "config file: transfer over forwarded channels and check result"
+ ${SSH} -F $OBJ/ssh_config -p${base}02 -o 'ConnectionAttempts=4' \
+ somehost cat ${DATA} > ${COPY}
+ test -f ${COPY} || fail "failed copy of ${DATA}"
+ cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}"
+
+ wait
+done
Property changes on: vendor-crypto/openssh/dist/regress/forwarding.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Index: vendor-crypto/openssh/dist/regress/host-expand.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/host-expand.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/host-expand.sh 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/regress/host-expand.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Added: vendor-crypto/openssh/dist/regress/integrity.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/integrity.sh (rev 0)
+++ vendor-crypto/openssh/dist/regress/integrity.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,76 @@
+# $OpenBSD: integrity.sh,v 1.10 2013/05/17 01:32:11 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="integrity"
+
+# start at byte 2900 (i.e. after kex) and corrupt at different offsets
+# XXX the test hangs if we modify the low bytes of the packet length
+# XXX and ssh tries to read...
+tries=10
+startoffset=2900
+macs="hmac-sha1 hmac-md5 umac-64 at openssh.com umac-128 at openssh.com
+ hmac-sha1-96 hmac-md5-96
+ hmac-sha1-etm at openssh.com hmac-md5-etm at openssh.com
+ umac-64-etm at openssh.com umac-128-etm at openssh.com
+ hmac-sha1-96-etm at openssh.com hmac-md5-96-etm at openssh.com"
+config_defined HAVE_EVP_SHA256 &&
+ macs="$macs hmac-sha2-256 hmac-sha2-512
+ hmac-sha2-256-etm at openssh.com hmac-sha2-512-etm at openssh.com"
+# The following are not MACs, but ciphers with integrated integrity. They are
+# handled specially below.
+config_defined OPENSSL_HAVE_EVPGCM && \
+ macs="$macs aes128-gcm at openssh.com aes256-gcm at openssh.com"
+
+# avoid DH group exchange as the extra traffic makes it harder to get the
+# offset into the stream right.
+echo "KexAlgorithms diffie-hellman-group14-sha1,diffie-hellman-group1-sha1" \
+ >> $OBJ/ssh_proxy
+
+# sshd-command for proxy (see test-exec.sh)
+cmd="$SUDO sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSHD_LOGFILE} -i -f $OBJ/sshd_proxy"
+
+for m in $macs; do
+ trace "test $tid: mac $m"
+ elen=0
+ epad=0
+ emac=0
+ ecnt=0
+ skip=0
+ for off in `jot $tries $startoffset`; do
+ skip=`expr $skip - 1`
+ if [ $skip -gt 0 ]; then
+ # avoid modifying the high bytes of the length
+ continue
+ fi
+ # modify output from sshd at offset $off
+ pxy="proxycommand=$cmd | $OBJ/modpipe -wm xor:$off:1"
+ case $m in
+ aes*gcm*) macopt="-c $m";;
+ *) macopt="-m $m";;
+ esac
+ verbose "test $tid: $m @$off"
+ ${SSH} $macopt -2F $OBJ/ssh_proxy -o "$pxy" \
+ 999.999.999.999 'printf "%4096s" " "' >/dev/null
+ if [ $? -eq 0 ]; then
+ fail "ssh -m $m succeeds with bit-flip at $off"
+ fi
+ ecnt=`expr $ecnt + 1`
+ output=$(tail -2 $TEST_SSH_LOGFILE | egrep -v "^debug" | \
+ tr -s '\r\n' '.')
+ case "$output" in
+ Bad?packet*) elen=`expr $elen + 1`; skip=3;;
+ Corrupted?MAC* | Decryption?integrity?check?failed*)
+ emac=`expr $emac + 1`; skip=0;;
+ padding*) epad=`expr $epad + 1`; skip=0;;
+ *) fail "unexpected error mac $m at $off";;
+ esac
+ done
+ verbose "test $tid: $ecnt errors: mac $emac padding $epad length $elen"
+ if [ $emac -eq 0 ]; then
+ fail "$m: no mac errors"
+ fi
+ expect=`expr $ecnt - $epad - $elen`
+ if [ $emac -ne $expect ]; then
+ fail "$m: expected $expect mac errors, got $emac"
+ fi
+done
Index: vendor-crypto/openssh/dist/regress/kextype.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/kextype.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/kextype.sh 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/regress/kextype.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Index: vendor-crypto/openssh/dist/regress/key-options.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/key-options.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/key-options.sh 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/regress/key-options.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Index: vendor-crypto/openssh/dist/regress/keygen-change.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/keygen-change.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/keygen-change.sh 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/regress/keygen-change.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Index: vendor-crypto/openssh/dist/regress/keygen-convert.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/keygen-convert.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/keygen-convert.sh 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/regress/keygen-convert.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Added: vendor-crypto/openssh/dist/regress/keys-command.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/keys-command.sh (rev 0)
+++ vendor-crypto/openssh/dist/regress/keys-command.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,39 @@
+# $OpenBSD: keys-command.sh,v 1.2 2012/12/06 06:06:54 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="authorized keys from command"
+
+if test -z "$SUDO" ; then
+ echo "skipped (SUDO not set)"
+ echo "need SUDO to create file in /var/run, test won't work without"
+ exit 0
+fi
+
+# Establish a AuthorizedKeysCommand in /var/run where it will have
+# acceptable directory permissions.
+KEY_COMMAND="/var/run/keycommand_${LOGNAME}"
+cat << _EOF | $SUDO sh -c "cat > '$KEY_COMMAND'"
+#!/bin/sh
+test "x\$1" != "x${LOGNAME}" && exit 1
+exec cat "$OBJ/authorized_keys_${LOGNAME}"
+_EOF
+$SUDO chmod 0755 "$KEY_COMMAND"
+
+cp $OBJ/sshd_proxy $OBJ/sshd_proxy.bak
+(
+ grep -vi AuthorizedKeysFile $OBJ/sshd_proxy.bak
+ echo AuthorizedKeysFile none
+ echo AuthorizedKeysCommand $KEY_COMMAND
+ echo AuthorizedKeysCommandUser ${LOGNAME}
+) > $OBJ/sshd_proxy
+
+if [ -x $KEY_COMMAND ]; then
+ ${SSH} -F $OBJ/ssh_proxy somehost true
+ if [ $? -ne 0 ]; then
+ fail "connect failed"
+ fi
+else
+ echo "SKIPPED: $KEY_COMMAND not executable (/var/run mounted noexec?)"
+fi
+
+$SUDO rm -f $KEY_COMMAND
Index: vendor-crypto/openssh/dist/regress/keyscan.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/keyscan.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/keyscan.sh 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/regress/keyscan.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/regress/keytype.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/keytype.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/keytype.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,9 +1,9 @@
-# $OpenBSD: keytype.sh,v 1.1 2010/09/02 16:12:55 markus Exp $
+# $OpenBSD: keytype.sh,v 1.2 2013/05/17 00:37:40 dtucker Exp $
# Placed in the Public Domain.
tid="login with different key types"
-TIME=`which time` 2>/dev/null
+TIME=`which time 2>/dev/null`
if test ! -x "$TIME"; then
TIME=""
fi
@@ -40,7 +40,7 @@
echo IdentityFile $OBJ/key.$ut
) > $OBJ/ssh_proxy
(
- echon 'localhost-with-alias,127.0.0.1,::1 '
+ printf 'localhost-with-alias,127.0.0.1,::1 '
cat $OBJ/key.$ht.pub
) > $OBJ/known_hosts
cat $OBJ/key.$ut.pub > $OBJ/authorized_keys_$USER
Property changes on: vendor-crypto/openssh/dist/regress/keytype.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Added: vendor-crypto/openssh/dist/regress/krl.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/krl.sh (rev 0)
+++ vendor-crypto/openssh/dist/regress/krl.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,157 @@
+# $OpenBSD: krl.sh,v 1.1 2013/01/18 00:45:29 djm Exp $
+# Placed in the Public Domain.
+
+tid="key revocation lists"
+
+# If we don't support ecdsa keys then this tell will be much slower.
+ECDSA=ecdsa
+if test "x$TEST_SSH_ECC" != "xyes"; then
+ ECDSA=rsa
+fi
+
+# Do most testing with ssh-keygen; it uses the same verification code as sshd.
+
+# Old keys will interfere with ssh-keygen.
+rm -f $OBJ/revoked-* $OBJ/krl-*
+
+# Generate a CA key
+$SSHKEYGEN -t $ECDSA -f $OBJ/revoked-ca -C "" -N "" > /dev/null ||
+ fatal "$SSHKEYGEN CA failed"
+
+# A specification that revokes some certificates by serial numbers
+# The serial pattern is chosen to ensure the KRL includes list, range and
+# bitmap sections.
+cat << EOF >> $OBJ/revoked-serials
+serial: 1-4
+serial: 10
+serial: 15
+serial: 30
+serial: 50
+serial: 999
+# The following sum to 500-799
+serial: 500
+serial: 501
+serial: 502
+serial: 503-600
+serial: 700-797
+serial: 798
+serial: 799
+serial: 599-701
+EOF
+
+# A specification that revokes some certificated by key ID.
+touch $OBJ/revoked-keyid
+for n in 1 2 3 4 10 15 30 50 `jot 500 300` 999 1000 1001 1002; do
+ # Fill in by-ID revocation spec.
+ echo "id: revoked $n" >> $OBJ/revoked-keyid
+done
+
+keygen() {
+ N=$1
+ f=$OBJ/revoked-`printf "%04d" $N`
+ # Vary the keytype. We use mostly ECDSA since this is fastest by far.
+ keytype=$ECDSA
+ case $N in
+ 2 | 10 | 510 | 1001) keytype=rsa;;
+ 4 | 30 | 520 | 1002) keytype=dsa;;
+ esac
+ $SSHKEYGEN -t $keytype -f $f -C "" -N "" > /dev/null \
+ || fatal "$SSHKEYGEN failed"
+ # Sign cert
+ $SSHKEYGEN -s $OBJ/revoked-ca -z $n -I "revoked $N" $f >/dev/null 2>&1 \
+ || fatal "$SSHKEYGEN sign failed"
+ echo $f
+}
+
+# Generate some keys.
+verbose "$tid: generating test keys"
+REVOKED_SERIALS="1 4 10 50 500 510 520 799 999"
+for n in $REVOKED_SERIALS ; do
+ f=`keygen $n`
+ REVOKED_KEYS="$REVOKED_KEYS ${f}.pub"
+ REVOKED_CERTS="$REVOKED_CERTS ${f}-cert.pub"
+done
+NOTREVOKED_SERIALS="5 9 14 16 29 30 49 51 499 800 1000 1001"
+NOTREVOKED=""
+for n in $NOTREVOKED_SERIALS ; do
+ NOTREVOKED_KEYS="$NOTREVOKED_KEYS ${f}.pub"
+ NOTREVOKED_CERTS="$NOTREVOKED_CERTS ${f}-cert.pub"
+done
+
+genkrls() {
+ OPTS=$1
+$SSHKEYGEN $OPTS -kf $OBJ/krl-empty - </dev/null \
+ >/dev/null || fatal "$SSHKEYGEN KRL failed"
+$SSHKEYGEN $OPTS -kf $OBJ/krl-keys $REVOKED_KEYS \
+ >/dev/null || fatal "$SSHKEYGEN KRL failed"
+$SSHKEYGEN $OPTS -kf $OBJ/krl-cert $REVOKED_CERTS \
+ >/dev/null || fatal "$SSHKEYGEN KRL failed"
+$SSHKEYGEN $OPTS -kf $OBJ/krl-all $REVOKED_KEYS $REVOKED_CERTS \
+ >/dev/null || fatal "$SSHKEYGEN KRL failed"
+$SSHKEYGEN $OPTS -kf $OBJ/krl-ca $OBJ/revoked-ca.pub \
+ >/dev/null || fatal "$SSHKEYGEN KRL failed"
+# KRLs from serial/key-id spec need the CA specified.
+$SSHKEYGEN $OPTS -kf $OBJ/krl-serial $OBJ/revoked-serials \
+ >/dev/null 2>&1 && fatal "$SSHKEYGEN KRL succeeded unexpectedly"
+$SSHKEYGEN $OPTS -kf $OBJ/krl-keyid $OBJ/revoked-keyid \
+ >/dev/null 2>&1 && fatal "$SSHKEYGEN KRL succeeded unexpectedly"
+$SSHKEYGEN $OPTS -kf $OBJ/krl-serial -s $OBJ/revoked-ca $OBJ/revoked-serials \
+ >/dev/null || fatal "$SSHKEYGEN KRL failed"
+$SSHKEYGEN $OPTS -kf $OBJ/krl-keyid -s $OBJ/revoked-ca.pub $OBJ/revoked-keyid \
+ >/dev/null || fatal "$SSHKEYGEN KRL failed"
+}
+
+verbose "$tid: generating KRLs"
+genkrls
+
+check_krl() {
+ KEY=$1
+ KRL=$2
+ EXPECT_REVOKED=$3
+ TAG=$4
+ $SSHKEYGEN -Qf $KRL $KEY >/dev/null
+ result=$?
+ if test "x$EXPECT_REVOKED" = "xyes" -a $result -eq 0 ; then
+ fatal "key $KEY not revoked by KRL $KRL: $TAG"
+ elif test "x$EXPECT_REVOKED" = "xno" -a $result -ne 0 ; then
+ fatal "key $KEY unexpectedly revoked by KRL $KRL: $TAG"
+ fi
+}
+test_all() {
+ FILES=$1
+ TAG=$2
+ KEYS_RESULT=$3
+ ALL_RESULT=$4
+ SERIAL_RESULT=$5
+ KEYID_RESULT=$6
+ CERTS_RESULT=$7
+ CA_RESULT=$8
+ verbose "$tid: checking revocations for $TAG"
+ for f in $FILES ; do
+ check_krl $f $OBJ/krl-empty no "$TAG"
+ check_krl $f $OBJ/krl-keys $KEYS_RESULT "$TAG"
+ check_krl $f $OBJ/krl-all $ALL_RESULT "$TAG"
+ check_krl $f $OBJ/krl-serial $SERIAL_RESULT "$TAG"
+ check_krl $f $OBJ/krl-keyid $KEYID_RESULT "$TAG"
+ check_krl $f $OBJ/krl-cert $CERTS_RESULT "$TAG"
+ check_krl $f $OBJ/krl-ca $CA_RESULT "$TAG"
+ done
+}
+# keys all serial keyid certs CA
+test_all "$REVOKED_KEYS" "revoked keys" yes yes no no no no
+test_all "$UNREVOKED_KEYS" "unrevoked keys" no no no no no no
+test_all "$REVOKED_CERTS" "revoked certs" yes yes yes yes yes yes
+test_all "$UNREVOKED_CERTS" "unrevoked certs" no no no no no yes
+
+# Check update. Results should be identical.
+verbose "$tid: testing KRL update"
+for f in $OBJ/krl-keys $OBJ/krl-cert $OBJ/krl-all \
+ $OBJ/krl-ca $OBJ/krl-serial $OBJ/krl-keyid ; do
+ cp -f $OBJ/krl-empty $f
+ genkrls -u
+done
+# keys all serial keyid certs CA
+test_all "$REVOKED_KEYS" "revoked keys" yes yes no no no no
+test_all "$UNREVOKED_KEYS" "unrevoked keys" no no no no no no
+test_all "$REVOKED_CERTS" "revoked certs" yes yes yes yes yes yes
+test_all "$UNREVOKED_CERTS" "unrevoked certs" no no no no no yes
Modified: vendor-crypto/openssh/dist/regress/localcommand.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/localcommand.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/localcommand.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-# $OpenBSD: localcommand.sh,v 1.1 2007/10/29 06:57:13 dtucker Exp $
+# $OpenBSD: localcommand.sh,v 1.2 2013/05/17 10:24:48 dtucker Exp $
# Placed in the Public Domain.
tid="localcommand"
Property changes on: vendor-crypto/openssh/dist/regress/localcommand.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/regress/login-timeout.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/login-timeout.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/login-timeout.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-# $OpenBSD: login-timeout.sh,v 1.4 2005/02/27 23:13:36 djm Exp $
+# $OpenBSD: login-timeout.sh,v 1.5 2013/05/17 10:23:52 dtucker Exp $
# Placed in the Public Domain.
tid="connect after login grace timeout"
Property changes on: vendor-crypto/openssh/dist/regress/login-timeout.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Added: vendor-crypto/openssh/dist/regress/modpipe.c
===================================================================
--- vendor-crypto/openssh/dist/regress/modpipe.c (rev 0)
+++ vendor-crypto/openssh/dist/regress/modpipe.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,175 @@
+/*
+ * Copyright (c) 2012 Damien Miller <djm at mindrot.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $OpenBSD: modpipe.c,v 1.5 2013/05/10 03:46:14 djm Exp $ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <errno.h>
+#include "openbsd-compat/getopt_long.c"
+
+static void err(int, const char *, ...) __attribute__((format(printf, 2, 3)));
+static void errx(int, const char *, ...) __attribute__((format(printf, 2, 3)));
+
+static void
+err(int r, const char *fmt, ...)
+{
+ va_list args;
+
+ va_start(args, fmt);
+ fprintf(stderr, "%s: ", strerror(errno));
+ vfprintf(stderr, fmt, args);
+ fputc('\n', stderr);
+ va_end(args);
+ exit(r);
+}
+
+static void
+errx(int r, const char *fmt, ...)
+{
+ va_list args;
+
+ va_start(args, fmt);
+ vfprintf(stderr, fmt, args);
+ fputc('\n', stderr);
+ va_end(args);
+ exit(r);
+}
+
+static void
+usage(void)
+{
+ fprintf(stderr, "Usage: modpipe -w [-m modspec ...] < in > out\n");
+ fprintf(stderr, "modspec is one of:\n");
+ fprintf(stderr, " xor:offset:value - XOR \"value\" at \"offset\"\n");
+ fprintf(stderr, " andor:offset:val1:val2 - AND \"val1\" then OR \"val2\" at \"offset\"\n");
+ exit(1);
+}
+
+#define MAX_MODIFICATIONS 256
+struct modification {
+ enum { MOD_XOR, MOD_AND_OR } what;
+ u_int64_t offset;
+ u_int8_t m1, m2;
+};
+
+static void
+parse_modification(const char *s, struct modification *m)
+{
+ char what[16+1];
+ int n, m1, m2;
+
+ bzero(m, sizeof(*m));
+ if ((n = sscanf(s, "%16[^:]%*[:]%lli%*[:]%i%*[:]%i",
+ what, &m->offset, &m1, &m2)) < 3)
+ errx(1, "Invalid modification spec \"%s\"", s);
+ if (strcasecmp(what, "xor") == 0) {
+ if (n > 3)
+ errx(1, "Invalid modification spec \"%s\"", s);
+ if (m1 < 0 || m1 > 0xff)
+ errx(1, "Invalid XOR modification value");
+ m->what = MOD_XOR;
+ m->m1 = m1;
+ } else if (strcasecmp(what, "andor") == 0) {
+ if (n != 4)
+ errx(1, "Invalid modification spec \"%s\"", s);
+ if (m1 < 0 || m1 > 0xff)
+ errx(1, "Invalid AND modification value");
+ if (m2 < 0 || m2 > 0xff)
+ errx(1, "Invalid OR modification value");
+ m->what = MOD_AND_OR;
+ m->m1 = m1;
+ m->m2 = m2;
+ } else
+ errx(1, "Invalid modification type \"%s\"", what);
+}
+
+int
+main(int argc, char **argv)
+{
+ int ch;
+ u_char buf[8192];
+ size_t total;
+ ssize_t r, s, o;
+ struct modification mods[MAX_MODIFICATIONS];
+ u_int i, wflag = 0, num_mods = 0;
+
+ while ((ch = getopt(argc, argv, "wm:")) != -1) {
+ switch (ch) {
+ case 'm':
+ if (num_mods >= MAX_MODIFICATIONS)
+ errx(1, "Too many modifications");
+ parse_modification(optarg, &(mods[num_mods++]));
+ break;
+ case 'w':
+ wflag = 1;
+ break;
+ default:
+ usage();
+ /* NOTREACHED */
+ }
+ }
+ for (total = 0;;) {
+ r = s = read(STDIN_FILENO, buf, sizeof(buf));
+ if (r == 0)
+ break;
+ if (r < 0) {
+ if (errno == EAGAIN || errno == EINTR)
+ continue;
+ err(1, "read");
+ }
+ for (i = 0; i < num_mods; i++) {
+ if (mods[i].offset < total ||
+ mods[i].offset >= total + s)
+ continue;
+ switch (mods[i].what) {
+ case MOD_XOR:
+ buf[mods[i].offset - total] ^= mods[i].m1;
+ break;
+ case MOD_AND_OR:
+ buf[mods[i].offset - total] &= mods[i].m1;
+ buf[mods[i].offset - total] |= mods[i].m2;
+ break;
+ }
+ }
+ for (o = 0; o < s; o += r) {
+ r = write(STDOUT_FILENO, buf, s - o);
+ if (r == 0)
+ break;
+ if (r < 0) {
+ if (errno == EAGAIN || errno == EINTR)
+ continue;
+ err(1, "write");
+ }
+ }
+ total += s;
+ }
+ /* Warn if modifications not reached in input stream */
+ r = 0;
+ for (i = 0; wflag && i < num_mods; i++) {
+ if (mods[i].offset < total)
+ continue;
+ r = 1;
+ fprintf(stderr, "modpipe: warning - mod %u not reached\n", i);
+ }
+ return r;
+}
Modified: vendor-crypto/openssh/dist/regress/multiplex.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/multiplex.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/multiplex.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-# $OpenBSD: multiplex.sh,v 1.12 2009/05/05 07:51:36 dtucker Exp $
+# $OpenBSD: multiplex.sh,v 1.21 2013/05/17 04:29:14 dtucker Exp $
# Placed in the Public Domain.
CTL=/tmp/openssh.regress.ctl-sock.$$
@@ -10,18 +10,30 @@
exit 0
fi
-DATA=/bin/ls${EXEEXT}
-COPY=$OBJ/ls.copy
-LOG=$TEST_SSH_LOGFILE
+P=3301 # test port
+wait_for_mux_master_ready()
+{
+ for i in 1 2 3 4 5; do
+ ${SSH} -F $OBJ/ssh_config -S $CTL -Ocheck otherhost \
+ >/dev/null 2>&1 && return 0
+ sleep $i
+ done
+ fatal "mux master never becomes ready"
+}
+
start_sshd
-trace "start master, fork to background"
-${SSH} -Nn2 -MS$CTL -F $OBJ/ssh_config -oSendEnv="_XXX_TEST" somehost &
-MASTER_PID=$!
+start_mux_master()
+{
+ trace "start master, fork to background"
+ ${SSH} -Nn2 -MS$CTL -F $OBJ/ssh_config -oSendEnv="_XXX_TEST" somehost \
+ -E $TEST_REGRESS_LOGFILE 2>&1 &
+ MASTER_PID=$!
+ wait_for_mux_master_ready
+}
-# Wait for master to start and authenticate
-sleep 5
+start_mux_master
verbose "test $tid: envpass"
trace "env passing over multiplexed connection"
@@ -48,13 +60,13 @@
rm -f ${COPY}
trace "sftp transfer over multiplexed connection and check result"
echo "get ${DATA} ${COPY}" | \
- ${SFTP} -S ${SSH} -F $OBJ/ssh_config -oControlPath=$CTL otherhost >$LOG 2>&1
+ ${SFTP} -S ${SSH} -F $OBJ/ssh_config -oControlPath=$CTL otherhost >>$TEST_REGRESS_LOGFILE 2>&1
test -f ${COPY} || fail "sftp: failed copy ${DATA}"
cmp ${DATA} ${COPY} || fail "sftp: corrupted copy of ${DATA}"
rm -f ${COPY}
trace "scp transfer over multiplexed connection and check result"
-${SCP} -S ${SSH} -F $OBJ/ssh_config -oControlPath=$CTL otherhost:${DATA} ${COPY} >$LOG 2>&1
+${SCP} -S ${SSH} -F $OBJ/ssh_config -oControlPath=$CTL otherhost:${DATA} ${COPY} >>$TEST_REGRESS_LOGFILE 2>&1
test -f ${COPY} || fail "scp: failed copy ${DATA}"
cmp ${DATA} ${COPY} || fail "scp: corrupted copy of ${DATA}"
@@ -79,13 +91,53 @@
fi
done
-trace "test check command"
-${SSH} -F $OBJ/ssh_config -S $CTL -Ocheck otherhost || fail "check command failed"
+verbose "test $tid: cmd check"
+${SSH} -F $OBJ/ssh_config -S $CTL -Ocheck otherhost >>$TEST_REGRESS_LOGFILE 2>&1 \
+ || fail "check command failed"
-trace "test exit command"
-${SSH} -F $OBJ/ssh_config -S $CTL -Oexit otherhost || fail "send exit command failed"
+verbose "test $tid: cmd forward local"
+${SSH} -F $OBJ/ssh_config -S $CTL -Oforward -L $P:localhost:$PORT otherhost \
+ || fail "request local forward failed"
+${SSH} -F $OBJ/ssh_config -p$P otherhost true \
+ || fail "connect to local forward port failed"
+${SSH} -F $OBJ/ssh_config -S $CTL -Ocancel -L $P:localhost:$PORT otherhost \
+ || fail "cancel local forward failed"
+${SSH} -F $OBJ/ssh_config -p$P otherhost true \
+ && fail "local forward port still listening"
+verbose "test $tid: cmd forward remote"
+${SSH} -F $OBJ/ssh_config -S $CTL -Oforward -R $P:localhost:$PORT otherhost \
+ || fail "request remote forward failed"
+${SSH} -F $OBJ/ssh_config -p$P otherhost true \
+ || fail "connect to remote forwarded port failed"
+${SSH} -F $OBJ/ssh_config -S $CTL -Ocancel -R $P:localhost:$PORT otherhost \
+ || fail "cancel remote forward failed"
+${SSH} -F $OBJ/ssh_config -p$P otherhost true \
+ && fail "remote forward port still listening"
+
+verbose "test $tid: cmd exit"
+${SSH} -F $OBJ/ssh_config -S $CTL -Oexit otherhost >>$TEST_REGRESS_LOGFILE 2>&1 \
+ || fail "send exit command failed"
+
# Wait for master to exit
-sleep 2
+wait $MASTER_PID
+kill -0 $MASTER_PID >/dev/null 2>&1 && fail "exit command failed"
-kill -0 $MASTER_PID >/dev/null 2>&1 && fail "exit command failed"
+# Restart master and test -O stop command with master using -N
+verbose "test $tid: cmd stop"
+trace "restart master, fork to background"
+start_mux_master
+
+# start a long-running command then immediately request a stop
+${SSH} -F $OBJ/ssh_config -S $CTL otherhost "sleep 10; exit 0" \
+ >>$TEST_REGRESS_LOGFILE 2>&1 &
+SLEEP_PID=$!
+${SSH} -F $OBJ/ssh_config -S $CTL -Ostop otherhost >>$TEST_REGRESS_LOGFILE 2>&1 \
+ || fail "send stop command failed"
+
+# wait until both long-running command and master have exited.
+wait $SLEEP_PID
+[ $! != 0 ] || fail "waiting for concurrent command"
+wait $MASTER_PID
+[ $! != 0 ] || fail "waiting for master stop"
+kill -0 $MASTER_PID >/dev/null 2>&1 && fail "stop command failed"
Property changes on: vendor-crypto/openssh/dist/regress/multiplex.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/regress/portnum.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/portnum.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/portnum.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-# $OpenBSD: portnum.sh,v 1.1 2009/08/13 00:57:17 djm Exp $
+# $OpenBSD: portnum.sh,v 1.2 2013/05/17 10:34:30 dtucker Exp $
# Placed in the Public Domain.
tid="port number parsing"
Property changes on: vendor-crypto/openssh/dist/regress/portnum.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Index: vendor-crypto/openssh/dist/regress/proto-mismatch.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/proto-mismatch.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/proto-mismatch.sh 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/regress/proto-mismatch.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/regress/proto-version.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/proto-version.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/proto-version.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-# $OpenBSD: proto-version.sh,v 1.3 2002/03/15 13:08:56 markus Exp $
+# $OpenBSD: proto-version.sh,v 1.4 2013/05/17 00:37:40 dtucker Exp $
# Placed in the Public Domain.
tid="sshd version with different protocol combinations"
@@ -8,7 +8,7 @@
{
version=$1
expect=$2
- banner=`echon | ${SSHD} -o "Protocol=${version}" -i -f ${OBJ}/sshd_proxy`
+ banner=`printf '' | ${SSHD} -o "Protocol=${version}" -i -f ${OBJ}/sshd_proxy`
case ${banner} in
SSH-1.99-*)
proto=199
Property changes on: vendor-crypto/openssh/dist/regress/proto-version.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/regress/proxy-connect.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/proxy-connect.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/proxy-connect.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,8 +1,9 @@
-# $OpenBSD: proxy-connect.sh,v 1.5 2002/12/09 15:28:46 markus Exp $
+# $OpenBSD: proxy-connect.sh,v 1.6 2013/03/07 00:20:34 djm Exp $
# Placed in the Public Domain.
tid="proxy connect"
+verbose "plain username"
for p in 1 2; do
${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true
if [ $? -ne 0 ]; then
@@ -16,3 +17,10 @@
fail "bad SSH_CONNECTION"
fi
done
+
+verbose "username with style"
+for p in 1 2; do
+ ${SSH} -$p -F $OBJ/ssh_proxy ${USER}:style at 999.999.999.999 true || \
+ fail "ssh proxyconnect protocol $p failed"
+done
+
Property changes on: vendor-crypto/openssh/dist/regress/proxy-connect.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/regress/putty-ciphers.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/putty-ciphers.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/putty-ciphers.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,11 +1,8 @@
-# $OpenBSD: putty-ciphers.sh,v 1.3 2008/11/10 02:06:35 djm Exp $
+# $OpenBSD: putty-ciphers.sh,v 1.4 2013/05/17 04:29:14 dtucker Exp $
# Placed in the Public Domain.
tid="putty ciphers"
-DATA=/bin/ls
-COPY=${OBJ}/copy
-
if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then
echo "putty interop tests not enabled"
exit 0
Property changes on: vendor-crypto/openssh/dist/regress/putty-ciphers.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/regress/putty-kex.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/putty-kex.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/putty-kex.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,11 +1,8 @@
-# $OpenBSD: putty-kex.sh,v 1.2 2008/06/30 10:31:11 djm Exp $
+# $OpenBSD: putty-kex.sh,v 1.3 2013/05/17 04:29:14 dtucker Exp $
# Placed in the Public Domain.
tid="putty KEX"
-DATA=/bin/ls
-COPY=${OBJ}/copy
-
if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then
echo "putty interop tests not enabled"
exit 0
Property changes on: vendor-crypto/openssh/dist/regress/putty-kex.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/regress/putty-transfer.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/putty-transfer.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/putty-transfer.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,11 +1,8 @@
-# $OpenBSD: putty-transfer.sh,v 1.2 2008/06/30 10:31:11 djm Exp $
+# $OpenBSD: putty-transfer.sh,v 1.3 2013/05/17 04:29:14 dtucker Exp $
# Placed in the Public Domain.
tid="putty transfer data"
-DATA=/bin/ls
-COPY=${OBJ}/copy
-
if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then
echo "putty interop tests not enabled"
exit 0
Property changes on: vendor-crypto/openssh/dist/regress/putty-transfer.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Index: vendor-crypto/openssh/dist/regress/reconfigure.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/reconfigure.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/reconfigure.sh 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/regress/reconfigure.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/regress/reexec.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/reexec.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/reexec.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,12 +1,10 @@
-# $OpenBSD: reexec.sh,v 1.5 2004/10/08 02:01:50 djm Exp $
+# $OpenBSD: reexec.sh,v 1.7 2013/05/17 10:23:52 dtucker Exp $
# Placed in the Public Domain.
tid="reexec tests"
-DATA=/bin/ls${EXEEXT}
-COPY=${OBJ}/copy
-SSHD_ORIG=$SSHD${EXEEXT}
-SSHD_COPY=$OBJ/sshd${EXEEXT}
+SSHD_ORIG=$SSHD
+SSHD_COPY=$OBJ/sshd
# Start a sshd and then delete it
start_sshd_copy ()
@@ -46,6 +44,9 @@
cp $OBJ/sshd_config.orig $OBJ/sshd_config
+# cygwin can't fork a deleted binary
+if [ "$os" != "cygwin" ]; then
+
verbose "test reexec fallback"
start_sshd_copy
@@ -69,4 +70,4 @@
$SUDO kill `$SUDO cat $PIDFILE`
rm -f $PIDFILE
-
+fi
Property changes on: vendor-crypto/openssh/dist/regress/reexec.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/regress/rekey.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/rekey.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/rekey.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,23 +1,18 @@
-# $OpenBSD: rekey.sh,v 1.1 2003/03/28 13:58:28 markus Exp $
+# $OpenBSD: rekey.sh,v 1.8 2013/05/17 04:29:14 dtucker Exp $
# Placed in the Public Domain.
-tid="rekey during transfer data"
+tid="rekey"
-DATA=${OBJ}/data
-COPY=${OBJ}/copy
-LOG=${OBJ}/log
+LOG=${TEST_SSH_LOGFILE}
-rm -f ${COPY} ${LOG} ${DATA}
-touch ${DATA}
-dd if=/bin/ls${EXEEXT} of=${DATA} bs=1k seek=511 count=1 > /dev/null 2>&1
+rm -f ${LOG}
for s in 16 1k 128k 256k; do
- trace "rekeylimit ${s}"
- rm -f ${COPY}
+ verbose "client rekeylimit ${s}"
+ rm -f ${COPY} ${LOG}
cat $DATA | \
${SSH} -oCompression=no -oRekeyLimit=$s \
- -v -F $OBJ/ssh_proxy somehost "cat > ${COPY}" \
- 2> ${LOG}
+ -v -F $OBJ/ssh_proxy somehost "cat > ${COPY}"
if [ $? -ne 0 ]; then
fail "ssh failed"
fi
@@ -29,4 +24,86 @@
fail "no rekeying occured"
fi
done
-rm -f ${COPY} ${LOG} ${DATA}
+
+for s in 5 10; do
+ verbose "client rekeylimit default ${s}"
+ rm -f ${COPY} ${LOG}
+ cat $DATA | \
+ ${SSH} -oCompression=no -oRekeyLimit="default $s" -F \
+ $OBJ/ssh_proxy somehost "cat >${COPY};sleep $s;sleep 3"
+ if [ $? -ne 0 ]; then
+ fail "ssh failed"
+ fi
+ cmp $DATA ${COPY} || fail "corrupted copy"
+ n=`grep 'NEWKEYS sent' ${LOG} | wc -l`
+ n=`expr $n - 1`
+ trace "$n rekeying(s)"
+ if [ $n -lt 1 ]; then
+ fail "no rekeying occured"
+ fi
+done
+
+for s in 5 10; do
+ verbose "client rekeylimit default ${s} no data"
+ rm -f ${COPY} ${LOG}
+ ${SSH} -oCompression=no -oRekeyLimit="default $s" -F \
+ $OBJ/ssh_proxy somehost "sleep $s;sleep 3"
+ if [ $? -ne 0 ]; then
+ fail "ssh failed"
+ fi
+ n=`grep 'NEWKEYS sent' ${LOG} | wc -l`
+ n=`expr $n - 1`
+ trace "$n rekeying(s)"
+ if [ $n -lt 1 ]; then
+ fail "no rekeying occured"
+ fi
+done
+
+echo "rekeylimit default 5" >>$OBJ/sshd_proxy
+for s in 5 10; do
+ verbose "server rekeylimit default ${s} no data"
+ rm -f ${COPY} ${LOG}
+ ${SSH} -oCompression=no -F $OBJ/ssh_proxy somehost "sleep $s;sleep 3"
+ if [ $? -ne 0 ]; then
+ fail "ssh failed"
+ fi
+ n=`grep 'NEWKEYS sent' ${LOG} | wc -l`
+ n=`expr $n - 1`
+ trace "$n rekeying(s)"
+ if [ $n -lt 1 ]; then
+ fail "no rekeying occured"
+ fi
+done
+
+verbose "rekeylimit parsing"
+for size in 16 1k 1K 1m 1M 1g 1G; do
+ for time in 1 1m 1M 1h 1H 1d 1D 1w 1W; do
+ case $size in
+ 16) bytes=16 ;;
+ 1k|1K) bytes=1024 ;;
+ 1m|1M) bytes=1048576 ;;
+ 1g|1G) bytes=1073741824 ;;
+ esac
+ case $time in
+ 1) seconds=1 ;;
+ 1m|1M) seconds=60 ;;
+ 1h|1H) seconds=3600 ;;
+ 1d|1D) seconds=86400 ;;
+ 1w|1W) seconds=604800 ;;
+ esac
+
+ b=`$SUDO ${SSHD} -T -o "rekeylimit $size $time" -f $OBJ/sshd_proxy | \
+ awk '/rekeylimit/{print $2}'`
+ s=`$SUDO ${SSHD} -T -o "rekeylimit $size $time" -f $OBJ/sshd_proxy | \
+ awk '/rekeylimit/{print $3}'`
+
+ if [ "$bytes" != "$b" ]; then
+ fatal "rekeylimit size: expected $bytes got $b"
+ fi
+ if [ "$seconds" != "$s" ]; then
+ fatal "rekeylimit time: expected $time got $s"
+ fi
+ done
+done
+
+rm -f ${COPY} ${DATA}
Property changes on: vendor-crypto/openssh/dist/regress/rekey.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Index: vendor-crypto/openssh/dist/regress/rsa_openssh.prv
===================================================================
--- vendor-crypto/openssh/dist/regress/rsa_openssh.prv 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/rsa_openssh.prv 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/regress/rsa_openssh.prv
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Index: vendor-crypto/openssh/dist/regress/rsa_openssh.pub
===================================================================
--- vendor-crypto/openssh/dist/regress/rsa_openssh.pub 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/rsa_openssh.pub 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/regress/rsa_openssh.pub
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Index: vendor-crypto/openssh/dist/regress/rsa_ssh2.prv
===================================================================
--- vendor-crypto/openssh/dist/regress/rsa_ssh2.prv 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/rsa_ssh2.prv 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/regress/rsa_ssh2.prv
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Deleted: vendor-crypto/openssh/dist/regress/runtests.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/runtests.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/runtests.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,13 +0,0 @@
-#!/bin/sh
-
-TEST_SSH_SSH=../ssh
-TEST_SSH_SSHD=../sshd
-TEST_SSH_SSHAGENT=../ssh-agent
-TEST_SSH_SSHADD=../ssh-add
-TEST_SSH_SSHKEYGEN=../ssh-keygen
-TEST_SSH_SSHKEYSCAN=../ssh-keyscan
-TEST_SSH_SFTP=../sftp
-TEST_SSH_SFTPSERVER=../sftp-server
-
-pmake
-
Index: vendor-crypto/openssh/dist/regress/scp-ssh-wrapper.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/scp-ssh-wrapper.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/scp-ssh-wrapper.sh 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/regress/scp-ssh-wrapper.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/regress/scp.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/scp.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/scp.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-# $OpenBSD: scp.sh,v 1.7 2006/01/31 10:36:33 djm Exp $
+# $OpenBSD: scp.sh,v 1.9 2013/05/17 10:35:43 dtucker Exp $
# Placed in the Public Domain.
tid="scp"
@@ -12,8 +12,6 @@
DIFFOPT="-r"
fi
-DATA=/bin/ls${EXEEXT}
-COPY=${OBJ}/copy
COPY2=${OBJ}/copy2
DIR=${COPY}.dd
DIR2=${COPY}.dd2
Property changes on: vendor-crypto/openssh/dist/regress/scp.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/regress/sftp-badcmds.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/sftp-badcmds.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/sftp-badcmds.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,12 +1,10 @@
-# $OpenBSD: sftp-badcmds.sh,v 1.4 2009/08/13 01:11:55 djm Exp $
+# $OpenBSD: sftp-badcmds.sh,v 1.6 2013/05/17 10:26:26 dtucker Exp $
# Placed in the Public Domain.
tid="sftp invalid commands"
-DATA=/bin/ls${EXEEXT}
DATA2=/bin/sh${EXEEXT}
NONEXIST=/NONEXIST.$$
-COPY=${OBJ}/copy
GLOBFILES=`(cd /bin;echo l*)`
rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd
Property changes on: vendor-crypto/openssh/dist/regress/sftp-badcmds.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/regress/sftp-batch.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/sftp-batch.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/sftp-batch.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,10 +1,8 @@
-# $OpenBSD: sftp-batch.sh,v 1.4 2009/08/13 01:11:55 djm Exp $
+# $OpenBSD: sftp-batch.sh,v 1.5 2013/05/17 04:29:14 dtucker Exp $
# Placed in the Public Domain.
tid="sftp batchfile"
-DATA=/bin/ls${EXEEXT}
-COPY=${OBJ}/copy
BATCH=${OBJ}/sftp.bb
rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${BATCH}.*
Property changes on: vendor-crypto/openssh/dist/regress/sftp-batch.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Added: vendor-crypto/openssh/dist/regress/sftp-chroot.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/sftp-chroot.sh (rev 0)
+++ vendor-crypto/openssh/dist/regress/sftp-chroot.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,25 @@
+# $OpenBSD: sftp-chroot.sh,v 1.2 2013/05/17 04:29:14 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="sftp in chroot"
+
+CHROOT=/var/run
+FILENAME=testdata_${USER}
+PRIVDATA=${CHROOT}/${FILENAME}
+
+if [ -z "$SUDO" ]; then
+ echo "skipped: need SUDO to create file in /var/run, test won't work without"
+ exit 0
+fi
+
+$SUDO sh -c "echo mekmitastdigoat > $PRIVDATA" || \
+ fatal "create $PRIVDATA failed"
+
+start_sshd -oChrootDirectory=$CHROOT -oForceCommand="internal-sftp -d /"
+
+verbose "test $tid: get"
+${SFTP} -qS "$SSH" -F $OBJ/ssh_config host:/${FILENAME} $COPY || \
+ fatal "Fetch ${FILENAME} failed"
+cmp $PRIVDATA $COPY || fail "$PRIVDATA $COPY differ"
+
+$SUDO rm $PRIVDATA
Modified: vendor-crypto/openssh/dist/regress/sftp-cmds.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/sftp-cmds.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/sftp-cmds.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-# $OpenBSD: sftp-cmds.sh,v 1.11 2010/12/04 00:21:19 djm Exp $
+# $OpenBSD: sftp-cmds.sh,v 1.14 2013/06/21 02:26:26 djm Exp $
# Placed in the Public Domain.
# XXX - TODO:
@@ -7,8 +7,6 @@
tid="sftp commands"
-DATA=/bin/ls${EXEEXT}
-COPY=${OBJ}/copy
# test that these files are readable!
for i in `(cd /bin;echo l*)`
do
@@ -17,20 +15,6 @@
fi
done
-if have_prog uname
-then
- case `uname` in
- CYGWIN*)
- os=cygwin
- ;;
- *)
- os=`uname`
- ;;
- esac
-else
- os="unknown"
-fi
-
# Path with embedded quote
QUOTECOPY=${COPY}".\"blah\""
QUOTECOPY_ARG=${COPY}'.\"blah\"'
@@ -40,7 +24,7 @@
# File with glob metacharacters
GLOBMETACOPY="${COPY} [metachar].txt"
-rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${COPY}.dd2 ${BATCH}.*
+rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${COPY}.dd2
mkdir ${COPY}.dd
verbose "$tid: lls"
@@ -122,7 +106,7 @@
verbose "$tid: get to directory"
echo "get $DATA ${COPY}.dd" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \
|| fail "get failed"
-cmp $DATA ${COPY}.dd/`basename $DATA` || fail "corrupted copy after get"
+cmp $DATA ${COPY}.dd/$DATANAME || fail "corrupted copy after get"
rm -f ${COPY}.dd/*
verbose "$tid: glob get to directory"
@@ -136,7 +120,7 @@
verbose "$tid: get to local dir"
(echo "lcd ${COPY}.dd"; echo "get $DATA" ) | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \
|| fail "get failed"
-cmp $DATA ${COPY}.dd/`basename $DATA` || fail "corrupted copy after get"
+cmp $DATA ${COPY}.dd/$DATANAME || fail "corrupted copy after get"
rm -f ${COPY}.dd/*
verbose "$tid: glob get to local dir"
@@ -170,7 +154,7 @@
verbose "$tid: put to directory"
echo "put $DATA ${COPY}.dd" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \
|| fail "put failed"
-cmp $DATA ${COPY}.dd/`basename $DATA` || fail "corrupted copy after put"
+cmp $DATA ${COPY}.dd/$DATANAME || fail "corrupted copy after put"
rm -f ${COPY}.dd/*
verbose "$tid: glob put to directory"
@@ -184,7 +168,7 @@
verbose "$tid: put to local dir"
(echo "cd ${COPY}.dd"; echo "put $DATA") | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \
|| fail "put failed"
-cmp $DATA ${COPY}.dd/`basename $DATA` || fail "corrupted copy after put"
+cmp $DATA ${COPY}.dd/$DATANAME || fail "corrupted copy after put"
rm -f ${COPY}.dd/*
verbose "$tid: glob put to local dir"
@@ -242,7 +226,7 @@
echo "lchdir ${COPY}.dd" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \
|| fail "lchdir failed"
-rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${COPY}.dd2 ${BATCH}.*
+rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${COPY}.dd2
rm -rf ${QUOTECOPY} "$SPACECOPY" "$GLOBMETACOPY"
Property changes on: vendor-crypto/openssh/dist/regress/sftp-cmds.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Index: vendor-crypto/openssh/dist/regress/sftp-glob.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/sftp-glob.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/sftp-glob.sh 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/regress/sftp-glob.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/regress/sftp.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/sftp.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/sftp.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,11 +1,8 @@
-# $OpenBSD: sftp.sh,v 1.3 2009/08/13 01:11:55 djm Exp $
+# $OpenBSD: sftp.sh,v 1.5 2013/05/17 10:28:11 dtucker Exp $
# Placed in the Public Domain.
tid="basic sftp put/get"
-DATA=/bin/ls${EXEEXT}
-COPY=${OBJ}/copy
-
SFTPCMDFILE=${OBJ}/batch
cat >$SFTPCMDFILE <<EOF
version
Property changes on: vendor-crypto/openssh/dist/regress/sftp.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/regress/ssh-com-client.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/ssh-com-client.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/ssh-com-client.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-# $OpenBSD: ssh-com-client.sh,v 1.6 2004/02/24 17:06:52 markus Exp $
+# $OpenBSD: ssh-com-client.sh,v 1.7 2013/05/17 04:29:14 dtucker Exp $
# Placed in the Public Domain.
tid="connect with ssh.com client"
@@ -67,10 +67,6 @@
# we need a real server (no ProxyConnect option)
start_sshd
-DATA=/bin/ls${EXEEXT}
-COPY=${OBJ}/copy
-rm -f ${COPY}
-
# go for it
for v in ${VERSIONS}; do
ssh2=${TEST_COMBASE}/${v}/ssh2
Property changes on: vendor-crypto/openssh/dist/regress/ssh-com-client.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Index: vendor-crypto/openssh/dist/regress/ssh-com-keygen.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/ssh-com-keygen.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/ssh-com-keygen.sh 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/regress/ssh-com-keygen.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/regress/ssh-com-sftp.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/ssh-com-sftp.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/ssh-com-sftp.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,10 +1,8 @@
-# $OpenBSD: ssh-com-sftp.sh,v 1.6 2009/08/20 18:43:07 djm Exp $
+# $OpenBSD: ssh-com-sftp.sh,v 1.7 2013/05/17 04:29:14 dtucker Exp $
# Placed in the Public Domain.
tid="basic sftp put/get with ssh.com server"
-DATA=/bin/ls${EXEEXT}
-COPY=${OBJ}/copy
SFTPCMDFILE=${OBJ}/batch
cat >$SFTPCMDFILE <<EOF
Property changes on: vendor-crypto/openssh/dist/regress/ssh-com-sftp.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/regress/ssh-com.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/ssh-com.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/ssh-com.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-# $OpenBSD: ssh-com.sh,v 1.7 2004/02/24 17:06:52 markus Exp $
+# $OpenBSD: ssh-com.sh,v 1.8 2013/05/17 00:37:40 dtucker Exp $
# Placed in the Public Domain.
tid="connect to ssh.com server"
@@ -70,7 +70,7 @@
# convert and append DSA hostkey
(
- echon 'ssh2-localhost-with-alias,127.0.0.1,::1 '
+ printf 'ssh2-localhost-with-alias,127.0.0.1,::1 '
${SSHKEYGEN} -if ${SRC}/dsa_ssh2.pub
) >> $OBJ/known_hosts
Property changes on: vendor-crypto/openssh/dist/regress/ssh-com.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Index: vendor-crypto/openssh/dist/regress/ssh2putty.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/ssh2putty.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/ssh2putty.sh 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/regress/ssh2putty.sh
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/regress/sshd-log-wrapper.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/sshd-log-wrapper.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/sshd-log-wrapper.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,5 +1,5 @@
#!/bin/sh
-# $OpenBSD: sshd-log-wrapper.sh,v 1.2 2005/02/27 11:40:30 dtucker Exp $
+# $OpenBSD: sshd-log-wrapper.sh,v 1.3 2013/04/07 02:16:03 dtucker Exp $
# Placed in the Public Domain.
#
# simple wrapper for sshd proxy mode to catch stderr output
@@ -10,4 +10,4 @@
shift
shift
-exec $sshd $@ -e 2>>$log
+exec $sshd -E$log $@
Property changes on: vendor-crypto/openssh/dist/regress/sshd-log-wrapper.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/regress/stderr-after-eof.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/stderr-after-eof.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/stderr-after-eof.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,29 +1,13 @@
-# $OpenBSD: stderr-after-eof.sh,v 1.1 2002/03/23 16:38:09 markus Exp $
+# $OpenBSD: stderr-after-eof.sh,v 1.2 2013/05/17 04:29:14 dtucker Exp $
# Placed in the Public Domain.
tid="stderr data after eof"
-DATA=/etc/motd
-DATA=${OBJ}/data
-COPY=${OBJ}/copy
-
-if have_prog md5sum; then
- CHECKSUM=md5sum
-elif have_prog openssl; then
- CHECKSUM="openssl md5"
-elif have_prog cksum; then
- CHECKSUM=cksum
-elif have_prog sum; then
- CHECKSUM=sum
-else
- fatal "No checksum program available, aborting $tid test"
-fi
-
# setup data
rm -f ${DATA} ${COPY}
cp /dev/null ${DATA}
for i in 1 2 3 4 5 6; do
- (date;echo $i) | $CHECKSUM >> ${DATA}
+ (date;echo $i) | md5 >> ${DATA}
done
${SSH} -2 -F $OBJ/ssh_proxy otherhost \
Property changes on: vendor-crypto/openssh/dist/regress/stderr-after-eof.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/regress/stderr-data.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/stderr-data.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/stderr-data.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,12 +1,8 @@
-# $OpenBSD: stderr-data.sh,v 1.2 2002/03/27 22:39:52 markus Exp $
+# $OpenBSD: stderr-data.sh,v 1.3 2013/05/17 04:29:14 dtucker Exp $
# Placed in the Public Domain.
tid="stderr data transfer"
-DATA=/bin/ls${EXEEXT}
-COPY=${OBJ}/copy
-rm -f ${COPY}
-
for n in '' -n; do
for p in 1 2; do
verbose "test $tid: proto $p ($n)"
Property changes on: vendor-crypto/openssh/dist/regress/stderr-data.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Index: vendor-crypto/openssh/dist/regress/t4.ok
===================================================================
--- vendor-crypto/openssh/dist/regress/t4.ok 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/t4.ok 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/regress/t4.ok
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Index: vendor-crypto/openssh/dist/regress/t5.ok
===================================================================
--- vendor-crypto/openssh/dist/regress/t5.ok 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/t5.ok 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/regress/t5.ok
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/regress/test-exec.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/test-exec.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/test-exec.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-# $OpenBSD: test-exec.sh,v 1.37 2010/02/24 06:21:56 djm Exp $
+# $OpenBSD: test-exec.sh,v 1.46 2013/06/21 02:26:26 djm Exp $
# Placed in the Public Domain.
#SUDO=sudo
@@ -12,6 +12,13 @@
BIN_SH=xpg4
export BIN_SH
;;
+CYGWIN_NT-5.0)
+ os=cygwin
+ TEST_SSH_IPV6=no
+ ;;
+CYGWIN*)
+ os=cygwin
+ ;;
esac
if [ ! -z "$TEST_SSH_PORT" ]; then
@@ -129,26 +136,49 @@
*) SSHD=`which sshd` ;;
esac
+# Logfiles.
+# SSH_LOGFILE should be the debug output of ssh(1) only
+# SSHD_LOGFILE should be the debug output of sshd(8) only
+# REGRESS_LOGFILE is the output of the test itself stdout and stderr
if [ "x$TEST_SSH_LOGFILE" = "x" ]; then
- TEST_SSH_LOGFILE=/dev/null
+ TEST_SSH_LOGFILE=$OBJ/ssh.log
fi
+if [ "x$TEST_SSHD_LOGFILE" = "x" ]; then
+ TEST_SSHD_LOGFILE=$OBJ/sshd.log
+fi
+if [ "x$TEST_REGRESS_LOGFILE" = "x" ]; then
+ TEST_REGRESS_LOGFILE=$OBJ/regress.log
+fi
+# truncate logfiles
+>$TEST_SSH_LOGFILE
+>$TEST_SSHD_LOGFILE
+>$TEST_REGRESS_LOGFILE
+
+# Create wrapper ssh with logging. We can't just specify "SSH=ssh -E..."
+# because sftp and scp don't handle spaces in arguments.
+SSHLOGWRAP=$OBJ/ssh-log-wrapper.sh
+echo "#!/bin/sh" > $SSHLOGWRAP
+echo "exec ${SSH} -E${TEST_SSH_LOGFILE} "'"$@"' >>$SSHLOGWRAP
+
+chmod a+rx $OBJ/ssh-log-wrapper.sh
+SSH="$SSHLOGWRAP"
+
+# Some test data. We make a copy because some tests will overwrite it.
+# The tests may assume that $DATA exists and is writable and $COPY does
+# not exist.
+DATANAME=data
+DATA=$OBJ/${DATANAME}
+cat $SSHD $SSHD $SSHD $SSHD >${DATA}
+chmod u+w ${DATA}
+COPY=$OBJ/copy
+rm -f ${COPY}
+
# these should be used in tests
export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP
#echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP
-# helper
-echon()
-{
- if [ "x`echo -n`" = "x" ]; then
- echo -n "$@"
- elif [ "x`echo '\c'`" = "x" ]; then
- echo "$@\c"
- else
- fatal "Don't know how to echo without newline."
- fi
-}
-
+# Portable specific functions
have_prog()
{
saved_IFS="$IFS"
@@ -164,6 +194,37 @@
return 1
}
+jot() {
+ awk "BEGIN { for (i = $2; i < $2 + $1; i++) { printf \"%d\n\", i } exit }"
+}
+
+# Check whether preprocessor symbols are defined in config.h.
+config_defined ()
+{
+ str=$1
+ while test "x$2" != "x" ; do
+ str="$str|$2"
+ shift
+ done
+ egrep "^#define.*($str)" ${BUILDDIR}/config.h >/dev/null 2>&1
+}
+
+md5 () {
+ if have_prog md5sum; then
+ md5sum
+ elif have_prog openssl; then
+ openssl md5
+ elif have_prog cksum; then
+ cksum
+ elif have_prog sum; then
+ sum
+ else
+ wc -c
+ fi
+}
+# End of portable specific functions
+
+# helper
cleanup ()
{
if [ -f $PIDFILE ]; then
@@ -188,9 +249,26 @@
fi
}
+start_debug_log ()
+{
+ echo "trace: $@" >$TEST_REGRESS_LOGFILE
+ echo "trace: $@" >$TEST_SSH_LOGFILE
+ echo "trace: $@" >$TEST_SSHD_LOGFILE
+}
+
+save_debug_log ()
+{
+ echo $@ >>$TEST_REGRESS_LOGFILE
+ echo $@ >>$TEST_SSH_LOGFILE
+ echo $@ >>$TEST_SSHD_LOGFILE
+ (cat $TEST_REGRESS_LOGFILE; echo) >>$OBJ/failed-regress.log
+ (cat $TEST_SSH_LOGFILE; echo) >>$OBJ/failed-ssh.log
+ (cat $TEST_SSHD_LOGFILE; echo) >>$OBJ/failed-sshd.log
+}
+
trace ()
{
- echo "trace: $@" >>$TEST_SSH_LOGFILE
+ start_debug_log $@
if [ "X$TEST_SSH_TRACE" = "Xyes" ]; then
echo "$@"
fi
@@ -198,40 +276,35 @@
verbose ()
{
- echo "verbose: $@" >>$TEST_SSH_LOGFILE
+ start_debug_log $@
if [ "X$TEST_SSH_QUIET" != "Xyes" ]; then
echo "$@"
fi
}
+warn ()
+{
+ echo "WARNING: $@" >>$TEST_SSH_LOGFILE
+ echo "WARNING: $@"
+}
fail ()
{
- echo "FAIL: $@" >>$TEST_SSH_LOGFILE
+ save_debug_log "FAIL: $@"
RESULT=1
echo "$@"
+
}
fatal ()
{
- echo "FATAL: $@" >>$TEST_SSH_LOGFILE
- echon "FATAL: "
+ save_debug_log "FATAL: $@"
+ printf "FATAL: "
fail "$@"
cleanup
exit $RESULT
}
-# Check whether preprocessor symbols are defined in config.h.
-config_defined ()
-{
- str=$1
- while test "x$2" != "x" ; do
- str="$str|$2"
- shift
- done
- egrep "^#define.*($str)" ${BUILDDIR}/config.h >/dev/null 2>&1
-}
-
RESULT=0
PIDFILE=$OBJ/pidfile
@@ -247,7 +320,7 @@
#ListenAddress ::1
PidFile $PIDFILE
AuthorizedKeysFile $OBJ/authorized_keys_%u
- LogLevel VERBOSE
+ LogLevel DEBUG3
AcceptEnv _XXX_TEST_*
AcceptEnv _XXX_TEST
Subsystem sftp $SFTPSERVER
@@ -279,8 +352,10 @@
ChallengeResponseAuthentication no
HostbasedAuthentication no
PasswordAuthentication no
+ RhostsRSAAuthentication no
BatchMode yes
StrictHostKeyChecking yes
+ LogLevel DEBUG3
EOF
if [ ! -z "$TEST_SSH_SSH_CONFOPTS" ]; then
@@ -293,13 +368,15 @@
trace "generate keys"
for t in rsa rsa1; do
# generate user key
- rm -f $OBJ/$t
- ${SSHKEYGEN} -b 1024 -q -N '' -t $t -f $OBJ/$t ||\
- fail "ssh-keygen for $t failed"
+ if [ ! -f $OBJ/$t ] || [ ${SSHKEYGEN} -nt $OBJ/$t ]; then
+ rm -f $OBJ/$t
+ ${SSHKEYGEN} -q -N '' -t $t -f $OBJ/$t ||\
+ fail "ssh-keygen for $t failed"
+ fi
# known hosts file for client
(
- echon 'localhost-with-alias,127.0.0.1,::1 '
+ printf 'localhost-with-alias,127.0.0.1,::1 '
cat $OBJ/$t.pub
) >> $OBJ/known_hosts
@@ -354,7 +431,7 @@
echo "Hostname=127.0.0.1" >> ${OBJ}/.putty/sessions/localhost_proxy
echo "PortNumber=$PORT" >> ${OBJ}/.putty/sessions/localhost_proxy
echo "ProxyMethod=5" >> ${OBJ}/.putty/sessions/localhost_proxy
- echo "ProxyTelnetCommand=sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSH_LOGFILE} -i -f $OBJ/sshd_proxy" >> ${OBJ}/.putty/sessions/localhost_proxy
+ echo "ProxyTelnetCommand=sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSHD_LOGFILE} -i -f $OBJ/sshd_proxy" >> ${OBJ}/.putty/sessions/localhost_proxy
REGRESS_INTEROP_PUTTY=yes
fi
@@ -362,7 +439,7 @@
# create a proxy version of the client config
(
cat $OBJ/ssh_config
- echo proxycommand ${SUDO} sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSH_LOGFILE} -i -f $OBJ/sshd_proxy
+ echo proxycommand ${SUDO} sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSHD_LOGFILE} -i -f $OBJ/sshd_proxy
) > $OBJ/ssh_proxy
# check proxy config
@@ -372,7 +449,7 @@
{
# start sshd
$SUDO ${SSHD} -f $OBJ/sshd_config "$@" -t || fatal "sshd_config broken"
- $SUDO ${SSHD} -f $OBJ/sshd_config -e "$@" >>$TEST_SSH_LOGFILE 2>&1
+ $SUDO ${SSHD} -f $OBJ/sshd_config "$@" -E$TEST_SSHD_LOGFILE
trace "wait for sshd"
i=0;
Property changes on: vendor-crypto/openssh/dist/regress/test-exec.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/regress/transfer.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/transfer.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/transfer.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,11 +1,8 @@
-# $OpenBSD: transfer.sh,v 1.1 2002/03/27 00:03:37 markus Exp $
+# $OpenBSD: transfer.sh,v 1.2 2013/05/17 04:29:14 dtucker Exp $
# Placed in the Public Domain.
tid="transfer data"
-DATA=/bin/ls${EXEEXT}
-COPY=${OBJ}/copy
-
for p in 1 2; do
verbose "$tid: proto $p"
rm -f ${COPY}
Property changes on: vendor-crypto/openssh/dist/regress/transfer.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/regress/try-ciphers.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/try-ciphers.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/try-ciphers.sh 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-# $OpenBSD: try-ciphers.sh,v 1.11 2007/06/07 19:41:46 pvalchev Exp $
+# $OpenBSD: try-ciphers.sh,v 1.20 2013/05/17 10:16:26 dtucker Exp $
# Placed in the Public Domain.
tid="try ciphers"
@@ -7,9 +7,20 @@
arcfour128 arcfour256 arcfour
aes192-cbc aes256-cbc rijndael-cbc at lysator.liu.se
aes128-ctr aes192-ctr aes256-ctr"
-macs="hmac-sha1 hmac-md5 umac-64 at openssh.com hmac-sha1-96 hmac-md5-96"
+config_defined OPENSSL_HAVE_EVPGCM && \
+ ciphers="$ciphers aes128-gcm at openssh.com aes256-gcm at openssh.com"
+macs="hmac-sha1 hmac-md5 umac-64 at openssh.com umac-128 at openssh.com
+ hmac-sha1-96 hmac-md5-96
+ hmac-sha1-etm at openssh.com hmac-md5-etm at openssh.com
+ umac-64-etm at openssh.com umac-128-etm at openssh.com
+ hmac-sha1-96-etm at openssh.com hmac-md5-96-etm at openssh.com
+ hmac-ripemd160-etm at openssh.com"
+config_defined HAVE_EVP_SHA256 &&
+ macs="$macs hmac-sha2-256 hmac-sha2-512
+ hmac-sha2-256-etm at openssh.com hmac-sha2-512-etm at openssh.com"
for c in $ciphers; do
+ n=0
for m in $macs; do
trace "proto 2 cipher $c mac $m"
verbose "test $tid: proto 2 cipher $c mac $m"
@@ -17,6 +28,11 @@
if [ $? -ne 0 ]; then
fail "ssh -2 failed with mac $m cipher $c"
fi
+ # No point trying all MACs for GCM since they are ignored.
+ case $c in
+ aes*-gcm at openssh.com) test $n -gt 0 && break;;
+ esac
+ n=`expr $n + 1`
done
done
@@ -30,20 +46,3 @@
fi
done
-if ${SSH} -oCiphers=acss at openssh.org 2>&1 | grep "Bad SSH2 cipher" >/dev/null
-then
- :
-else
-
-echo "Ciphers acss at openssh.org" >> $OBJ/sshd_proxy
-c=acss at openssh.org
-for m in $macs; do
- trace "proto 2 $c mac $m"
- verbose "test $tid: proto 2 cipher $c mac $m"
- ${SSH} -F $OBJ/ssh_proxy -2 -m $m -c $c somehost true
- if [ $? -ne 0 ]; then
- fail "ssh -2 failed with mac $m cipher $c"
- fi
-done
-
-fi
Property changes on: vendor-crypto/openssh/dist/regress/try-ciphers.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Index: vendor-crypto/openssh/dist/regress/yes-head.sh
===================================================================
--- vendor-crypto/openssh/dist/regress/yes-head.sh 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/regress/yes-head.sh 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/regress/yes-head.sh
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Index: vendor-crypto/openssh/dist/rijndael.c
===================================================================
--- vendor-crypto/openssh/dist/rijndael.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/rijndael.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/rijndael.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Index: vendor-crypto/openssh/dist/rijndael.h
===================================================================
--- vendor-crypto/openssh/dist/rijndael.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/rijndael.h 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/rijndael.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/roaming.h
===================================================================
--- vendor-crypto/openssh/dist/roaming.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/roaming.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: roaming.h,v 1.5 2009/10/24 11:11:58 andreas Exp $ */
+/* $OpenBSD: roaming.h,v 1.6 2011/12/07 05:44:38 djm Exp $ */
/*
* Copyright (c) 2004-2009 AppGate Network Security AB
*
@@ -18,8 +18,9 @@
#ifndef ROAMING_H
#define ROAMING_H
-#define DEFAULT_ROAMBUF 65536
-#define ROAMING_REQUEST "roaming at appgate.com"
+#define DEFAULT_ROAMBUF 65536
+#define MAX_ROAMBUF (2*1024*1024) /* XXX arbitrary */
+#define ROAMING_REQUEST "roaming at appgate.com"
extern int roaming_enabled;
extern int resume_in_progress;
Property changes on: vendor-crypto/openssh/dist/roaming.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/roaming_client.c
===================================================================
--- vendor-crypto/openssh/dist/roaming_client.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/roaming_client.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: roaming_client.c,v 1.3 2010/01/18 01:50:27 dtucker Exp $ */
+/* $OpenBSD: roaming_client.c,v 1.5 2013/05/17 00:13:14 djm Exp $ */
/*
* Copyright (c) 2004-2009 AppGate Network Security AB
*
@@ -72,7 +72,7 @@
cookie = packet_get_int64();
key1 = oldkey1 = packet_get_int64();
key2 = oldkey2 = packet_get_int64();
- set_out_buffer_size(packet_get_int() + get_snd_buf_size());
+ set_out_buffer_size(packet_get_int() + get_snd_buf_size());
roaming_enabled = 1;
}
@@ -187,10 +187,10 @@
debug("server doesn't allow resume");
goto fail;
}
- xfree(str);
+ free(str);
for (i = 1; i < PROPOSAL_MAX; i++) {
/* kex algorithm taken care of so start with i=1 and not 0 */
- xfree(packet_get_string(&len));
+ free(packet_get_string(&len));
}
i = packet_get_char(); /* first_kex_packet_follows */
if (i && (c = strchr(kexlist, ',')))
@@ -226,8 +226,7 @@
return 0;
fail:
- if (kexlist)
- xfree(kexlist);
+ free(kexlist);
if (packet_get_connection_in() == packet_get_connection_out())
close(packet_get_connection_in());
else {
Property changes on: vendor-crypto/openssh/dist/roaming_client.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/roaming_common.c
===================================================================
--- vendor-crypto/openssh/dist/roaming_common.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/roaming_common.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: roaming_common.c,v 1.8 2010/01/12 00:59:29 djm Exp $ */
+/* $OpenBSD: roaming_common.c,v 1.10 2013/07/12 00:19:59 djm Exp $ */
/*
* Copyright (c) 2004-2009 AppGate Network Security AB
*
@@ -75,6 +75,8 @@
void
set_out_buffer_size(size_t size)
{
+ if (size == 0 || size > MAX_ROAMBUF)
+ fatal("%s: bad buffer size %lu", __func__, (u_long)size);
/*
* The buffer size can only be set once and the buffer will live
* as long as the session lives.
@@ -225,7 +227,7 @@
{
const EVP_MD *md = EVP_sha1();
EVP_MD_CTX ctx;
- char hash[EVP_MAX_MD_SIZE];
+ u_char hash[EVP_MAX_MD_SIZE];
Buffer b;
buffer_init(&b);
Property changes on: vendor-crypto/openssh/dist/roaming_common.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Index: vendor-crypto/openssh/dist/roaming_dummy.c
===================================================================
--- vendor-crypto/openssh/dist/roaming_dummy.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/roaming_dummy.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/roaming_dummy.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Index: vendor-crypto/openssh/dist/roaming_serv.c
===================================================================
--- vendor-crypto/openssh/dist/roaming_serv.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/roaming_serv.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/roaming_serv.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/rsa.c
===================================================================
--- vendor-crypto/openssh/dist/rsa.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/rsa.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa.c,v 1.29 2006/11/06 21:25:28 markus Exp $ */
+/* $OpenBSD: rsa.c,v 1.30 2013/05/17 00:13:14 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -96,8 +96,8 @@
memset(outbuf, 0, olen);
memset(inbuf, 0, ilen);
- xfree(outbuf);
- xfree(inbuf);
+ free(outbuf);
+ free(inbuf);
}
int
@@ -122,8 +122,8 @@
}
memset(outbuf, 0, olen);
memset(inbuf, 0, ilen);
- xfree(outbuf);
- xfree(inbuf);
+ free(outbuf);
+ free(inbuf);
return len;
}
Property changes on: vendor-crypto/openssh/dist/rsa.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Index: vendor-crypto/openssh/dist/rsa.h
===================================================================
--- vendor-crypto/openssh/dist/rsa.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/rsa.h 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/rsa.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Added: vendor-crypto/openssh/dist/sandbox-darwin.c
===================================================================
--- vendor-crypto/openssh/dist/sandbox-darwin.c (rev 0)
+++ vendor-crypto/openssh/dist/sandbox-darwin.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,98 @@
+/*
+ * Copyright (c) 2011 Damien Miller <djm at mindrot.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "includes.h"
+
+#ifdef SANDBOX_DARWIN
+
+#include <sys/types.h>
+
+#include <sandbox.h>
+
+#include <errno.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "log.h"
+#include "sandbox.h"
+#include "xmalloc.h"
+
+/* Darwin/OS X sandbox */
+
+struct ssh_sandbox {
+ pid_t child_pid;
+};
+
+struct ssh_sandbox *
+ssh_sandbox_init(void)
+{
+ struct ssh_sandbox *box;
+
+ /*
+ * Strictly, we don't need to maintain any state here but we need
+ * to return non-NULL to satisfy the API.
+ */
+ debug3("%s: preparing Darwin sandbox", __func__);
+ box = xcalloc(1, sizeof(*box));
+ box->child_pid = 0;
+
+ return box;
+}
+
+void
+ssh_sandbox_child(struct ssh_sandbox *box)
+{
+ char *errmsg;
+ struct rlimit rl_zero;
+
+ debug3("%s: starting Darwin sandbox", __func__);
+ if (sandbox_init(kSBXProfilePureComputation, SANDBOX_NAMED,
+ &errmsg) == -1)
+ fatal("%s: sandbox_init: %s", __func__, errmsg);
+
+ /*
+ * The kSBXProfilePureComputation still allows sockets, so
+ * we must disable these using rlimit.
+ */
+ rl_zero.rlim_cur = rl_zero.rlim_max = 0;
+ if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1)
+ fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s",
+ __func__, strerror(errno));
+ if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1)
+ fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s",
+ __func__, strerror(errno));
+ if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1)
+ fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s",
+ __func__, strerror(errno));
+}
+
+void
+ssh_sandbox_parent_finish(struct ssh_sandbox *box)
+{
+ free(box);
+ debug3("%s: finished", __func__);
+}
+
+void
+ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid)
+{
+ box->child_pid = child_pid;
+}
+
+#endif /* SANDBOX_DARWIN */
Added: vendor-crypto/openssh/dist/sandbox-null.c
===================================================================
--- vendor-crypto/openssh/dist/sandbox-null.c (rev 0)
+++ vendor-crypto/openssh/dist/sandbox-null.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,72 @@
+/* $OpenBSD$ */
+/*
+ * Copyright (c) 2011 Damien Miller <djm at mindrot.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "includes.h"
+
+#ifdef SANDBOX_NULL
+
+#include <sys/types.h>
+
+#include <errno.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "log.h"
+#include "ssh-sandbox.h"
+#include "xmalloc.h"
+
+/* dummy sandbox */
+
+struct ssh_sandbox {
+ int junk;
+};
+
+struct ssh_sandbox *
+ssh_sandbox_init(void)
+{
+ struct ssh_sandbox *box;
+
+ /*
+ * Strictly, we don't need to maintain any state here but we need
+ * to return non-NULL to satisfy the API.
+ */
+ box = xcalloc(1, sizeof(*box));
+ return box;
+}
+
+void
+ssh_sandbox_child(struct ssh_sandbox *box)
+{
+ /* Nothing to do here */
+}
+
+void
+ssh_sandbox_parent_finish(struct ssh_sandbox *box)
+{
+ free(box);
+}
+
+void
+ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid)
+{
+ /* Nothing to do here */
+}
+
+#endif /* SANDBOX_NULL */
Added: vendor-crypto/openssh/dist/sandbox-rlimit.c
===================================================================
--- vendor-crypto/openssh/dist/sandbox-rlimit.c (rev 0)
+++ vendor-crypto/openssh/dist/sandbox-rlimit.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,95 @@
+/* $OpenBSD: sandbox-rlimit.c,v 1.3 2011/06/23 09:34:13 djm Exp $ */
+/*
+ * Copyright (c) 2011 Damien Miller <djm at mindrot.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "includes.h"
+
+#ifdef SANDBOX_RLIMIT
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+
+#include <errno.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "log.h"
+#include "ssh-sandbox.h"
+#include "xmalloc.h"
+
+/* Minimal sandbox that sets zero nfiles, nprocs and filesize rlimits */
+
+struct ssh_sandbox {
+ pid_t child_pid;
+};
+
+struct ssh_sandbox *
+ssh_sandbox_init(void)
+{
+ struct ssh_sandbox *box;
+
+ /*
+ * Strictly, we don't need to maintain any state here but we need
+ * to return non-NULL to satisfy the API.
+ */
+ debug3("%s: preparing rlimit sandbox", __func__);
+ box = xcalloc(1, sizeof(*box));
+ box->child_pid = 0;
+
+ return box;
+}
+
+void
+ssh_sandbox_child(struct ssh_sandbox *box)
+{
+ struct rlimit rl_zero;
+
+ rl_zero.rlim_cur = rl_zero.rlim_max = 0;
+
+#ifndef SANDBOX_SKIP_RLIMIT_FSIZE
+ if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1)
+ fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s",
+ __func__, strerror(errno));
+#endif
+ if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1)
+ fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s",
+ __func__, strerror(errno));
+#ifdef HAVE_RLIMIT_NPROC
+ if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1)
+ fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s",
+ __func__, strerror(errno));
+#endif
+}
+
+void
+ssh_sandbox_parent_finish(struct ssh_sandbox *box)
+{
+ free(box);
+ debug3("%s: finished", __func__);
+}
+
+void
+ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid)
+{
+ box->child_pid = child_pid;
+}
+
+#endif /* SANDBOX_RLIMIT */
Added: vendor-crypto/openssh/dist/sandbox-seccomp-filter.c
===================================================================
--- vendor-crypto/openssh/dist/sandbox-seccomp-filter.c (rev 0)
+++ vendor-crypto/openssh/dist/sandbox-seccomp-filter.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,237 @@
+/*
+ * Copyright (c) 2012 Will Drewry <wad at dataspill.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * Uncomment the SANDBOX_SECCOMP_FILTER_DEBUG macro below to help diagnose
+ * filter breakage during development. *Do not* use this in production,
+ * as it relies on making library calls that are unsafe in signal context.
+ *
+ * Instead, live systems the auditctl(8) may be used to monitor failures.
+ * E.g.
+ * auditctl -a task,always -F uid=<privsep uid>
+ */
+/* #define SANDBOX_SECCOMP_FILTER_DEBUG 1 */
+
+#ifdef SANDBOX_SECCOMP_FILTER_DEBUG
+/* Use the kernel headers in case of an older toolchain. */
+# include <asm/siginfo.h>
+# define __have_siginfo_t 1
+# define __have_sigval_t 1
+# define __have_sigevent_t 1
+#endif /* SANDBOX_SECCOMP_FILTER_DEBUG */
+
+#include "includes.h"
+
+#ifdef SANDBOX_SECCOMP_FILTER
+
+#include <sys/types.h>
+#include <sys/resource.h>
+#include <sys/prctl.h>
+
+#include <linux/audit.h>
+#include <linux/filter.h>
+#include <linux/seccomp.h>
+#include <elf.h>
+
+#include <asm/unistd.h>
+
+#include <errno.h>
+#include <signal.h>
+#include <stdarg.h>
+#include <stddef.h> /* for offsetof */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "log.h"
+#include "ssh-sandbox.h"
+#include "xmalloc.h"
+
+/* Linux seccomp_filter sandbox */
+#define SECCOMP_FILTER_FAIL SECCOMP_RET_KILL
+
+/* Use a signal handler to emit violations when debugging */
+#ifdef SANDBOX_SECCOMP_FILTER_DEBUG
+# undef SECCOMP_FILTER_FAIL
+# define SECCOMP_FILTER_FAIL SECCOMP_RET_TRAP
+#endif /* SANDBOX_SECCOMP_FILTER_DEBUG */
+
+/* Simple helpers to avoid manual errors (but larger BPF programs). */
+#define SC_DENY(_nr, _errno) \
+ BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 1), \
+ BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ERRNO|(_errno))
+#define SC_ALLOW(_nr) \
+ BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_ ## _nr, 0, 1), \
+ BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
+
+/* Syscall filtering set for preauth. */
+static const struct sock_filter preauth_insns[] = {
+ /* Ensure the syscall arch convention is as expected. */
+ BPF_STMT(BPF_LD+BPF_W+BPF_ABS,
+ offsetof(struct seccomp_data, arch)),
+ BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SECCOMP_AUDIT_ARCH, 1, 0),
+ BPF_STMT(BPF_RET+BPF_K, SECCOMP_FILTER_FAIL),
+ /* Load the syscall number for checking. */
+ BPF_STMT(BPF_LD+BPF_W+BPF_ABS,
+ offsetof(struct seccomp_data, nr)),
+ SC_DENY(open, EACCES),
+ SC_ALLOW(getpid),
+ SC_ALLOW(gettimeofday),
+ SC_ALLOW(clock_gettime),
+#ifdef __NR_time /* not defined on EABI ARM */
+ SC_ALLOW(time),
+#endif
+ SC_ALLOW(read),
+ SC_ALLOW(write),
+ SC_ALLOW(close),
+ SC_ALLOW(brk),
+ SC_ALLOW(poll),
+#ifdef __NR__newselect
+ SC_ALLOW(_newselect),
+#else
+ SC_ALLOW(select),
+#endif
+ SC_ALLOW(madvise),
+#ifdef __NR_mmap2 /* EABI ARM only has mmap2() */
+ SC_ALLOW(mmap2),
+#endif
+#ifdef __NR_mmap
+ SC_ALLOW(mmap),
+#endif
+ SC_ALLOW(munmap),
+ SC_ALLOW(exit_group),
+#ifdef __NR_rt_sigprocmask
+ SC_ALLOW(rt_sigprocmask),
+#else
+ SC_ALLOW(sigprocmask),
+#endif
+ BPF_STMT(BPF_RET+BPF_K, SECCOMP_FILTER_FAIL),
+};
+
+static const struct sock_fprog preauth_program = {
+ .len = (unsigned short)(sizeof(preauth_insns)/sizeof(preauth_insns[0])),
+ .filter = (struct sock_filter *)preauth_insns,
+};
+
+struct ssh_sandbox {
+ pid_t child_pid;
+};
+
+struct ssh_sandbox *
+ssh_sandbox_init(void)
+{
+ struct ssh_sandbox *box;
+
+ /*
+ * Strictly, we don't need to maintain any state here but we need
+ * to return non-NULL to satisfy the API.
+ */
+ debug3("%s: preparing seccomp filter sandbox", __func__);
+ box = xcalloc(1, sizeof(*box));
+ box->child_pid = 0;
+
+ return box;
+}
+
+#ifdef SANDBOX_SECCOMP_FILTER_DEBUG
+extern struct monitor *pmonitor;
+void mm_log_handler(LogLevel level, const char *msg, void *ctx);
+
+static void
+ssh_sandbox_violation(int signum, siginfo_t *info, void *void_context)
+{
+ char msg[256];
+
+ snprintf(msg, sizeof(msg),
+ "%s: unexpected system call (arch:0x%x,syscall:%d @ %p)",
+ __func__, info->si_arch, info->si_syscall, info->si_call_addr);
+ mm_log_handler(SYSLOG_LEVEL_FATAL, msg, pmonitor);
+ _exit(1);
+}
+
+static void
+ssh_sandbox_child_debugging(void)
+{
+ struct sigaction act;
+ sigset_t mask;
+
+ debug3("%s: installing SIGSYS handler", __func__);
+ memset(&act, 0, sizeof(act));
+ sigemptyset(&mask);
+ sigaddset(&mask, SIGSYS);
+
+ act.sa_sigaction = &ssh_sandbox_violation;
+ act.sa_flags = SA_SIGINFO;
+ if (sigaction(SIGSYS, &act, NULL) == -1)
+ fatal("%s: sigaction(SIGSYS): %s", __func__, strerror(errno));
+ if (sigprocmask(SIG_UNBLOCK, &mask, NULL) == -1)
+ fatal("%s: sigprocmask(SIGSYS): %s",
+ __func__, strerror(errno));
+}
+#endif /* SANDBOX_SECCOMP_FILTER_DEBUG */
+
+void
+ssh_sandbox_child(struct ssh_sandbox *box)
+{
+ struct rlimit rl_zero;
+ int nnp_failed = 0;
+
+ /* Set rlimits for completeness if possible. */
+ rl_zero.rlim_cur = rl_zero.rlim_max = 0;
+ if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1)
+ fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s",
+ __func__, strerror(errno));
+ if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1)
+ fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s",
+ __func__, strerror(errno));
+ if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1)
+ fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s",
+ __func__, strerror(errno));
+
+#ifdef SANDBOX_SECCOMP_FILTER_DEBUG
+ ssh_sandbox_child_debugging();
+#endif /* SANDBOX_SECCOMP_FILTER_DEBUG */
+
+ debug3("%s: setting PR_SET_NO_NEW_PRIVS", __func__);
+ if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) == -1) {
+ debug("%s: prctl(PR_SET_NO_NEW_PRIVS): %s",
+ __func__, strerror(errno));
+ nnp_failed = 1;
+ }
+ debug3("%s: attaching seccomp filter program", __func__);
+ if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &preauth_program) == -1)
+ debug("%s: prctl(PR_SET_SECCOMP): %s",
+ __func__, strerror(errno));
+ else if (nnp_failed)
+ fatal("%s: SECCOMP_MODE_FILTER activated but "
+ "PR_SET_NO_NEW_PRIVS failed", __func__);
+}
+
+void
+ssh_sandbox_parent_finish(struct ssh_sandbox *box)
+{
+ free(box);
+ debug3("%s: finished", __func__);
+}
+
+void
+ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid)
+{
+ box->child_pid = child_pid;
+}
+
+#endif /* SANDBOX_SECCOMP_FILTER */
Added: vendor-crypto/openssh/dist/sandbox-systrace.c
===================================================================
--- vendor-crypto/openssh/dist/sandbox-systrace.c (rev 0)
+++ vendor-crypto/openssh/dist/sandbox-systrace.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,199 @@
+/* $OpenBSD: sandbox-systrace.c,v 1.7 2013/06/01 13:15:52 dtucker Exp $ */
+/*
+ * Copyright (c) 2011 Damien Miller <djm at mindrot.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "includes.h"
+
+#ifdef SANDBOX_SYSTRACE
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/ioctl.h>
+#include <sys/syscall.h>
+#include <sys/socket.h>
+#include <sys/wait.h>
+
+#include <dev/systrace.h>
+
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <signal.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "atomicio.h"
+#include "log.h"
+#include "ssh-sandbox.h"
+#include "xmalloc.h"
+
+struct sandbox_policy {
+ int syscall;
+ int action;
+};
+
+/* Permitted syscalls in preauth. Unlisted syscalls get SYSTR_POLICY_KILL */
+static const struct sandbox_policy preauth_policy[] = {
+ { SYS_open, SYSTR_POLICY_NEVER },
+
+ { SYS___sysctl, SYSTR_POLICY_PERMIT },
+ { SYS_close, SYSTR_POLICY_PERMIT },
+ { SYS_exit, SYSTR_POLICY_PERMIT },
+ { SYS_getpid, SYSTR_POLICY_PERMIT },
+ { SYS_gettimeofday, SYSTR_POLICY_PERMIT },
+ { SYS_clock_gettime, SYSTR_POLICY_PERMIT },
+ { SYS_madvise, SYSTR_POLICY_PERMIT },
+ { SYS_mmap, SYSTR_POLICY_PERMIT },
+ { SYS_mprotect, SYSTR_POLICY_PERMIT },
+ { SYS_mquery, SYSTR_POLICY_PERMIT },
+ { SYS_poll, SYSTR_POLICY_PERMIT },
+ { SYS_munmap, SYSTR_POLICY_PERMIT },
+ { SYS_read, SYSTR_POLICY_PERMIT },
+ { SYS_select, SYSTR_POLICY_PERMIT },
+ { SYS_sigprocmask, SYSTR_POLICY_PERMIT },
+ { SYS_write, SYSTR_POLICY_PERMIT },
+ { -1, -1 }
+};
+
+struct ssh_sandbox {
+ int systrace_fd;
+ pid_t child_pid;
+ void (*osigchld)(int);
+};
+
+struct ssh_sandbox *
+ssh_sandbox_init(void)
+{
+ struct ssh_sandbox *box;
+
+ debug3("%s: preparing systrace sandbox", __func__);
+ box = xcalloc(1, sizeof(*box));
+ box->systrace_fd = -1;
+ box->child_pid = 0;
+ box->osigchld = signal(SIGCHLD, SIG_IGN);
+
+ return box;
+}
+
+void
+ssh_sandbox_child(struct ssh_sandbox *box)
+{
+ debug3("%s: ready", __func__);
+ signal(SIGCHLD, box->osigchld);
+ if (kill(getpid(), SIGSTOP) != 0)
+ fatal("%s: kill(%d, SIGSTOP)", __func__, getpid());
+ debug3("%s: started", __func__);
+}
+
+static void
+ssh_sandbox_parent(struct ssh_sandbox *box, pid_t child_pid,
+ const struct sandbox_policy *allowed_syscalls)
+{
+ int dev_systrace, i, j, found, status;
+ pid_t pid;
+ struct systrace_policy policy;
+
+ /* Wait for the child to send itself a SIGSTOP */
+ debug3("%s: wait for child %ld", __func__, (long)child_pid);
+ do {
+ pid = waitpid(child_pid, &status, WUNTRACED);
+ } while (pid == -1 && errno == EINTR);
+ signal(SIGCHLD, box->osigchld);
+ if (!WIFSTOPPED(status)) {
+ if (WIFSIGNALED(status))
+ fatal("%s: child terminated with signal %d",
+ __func__, WTERMSIG(status));
+ if (WIFEXITED(status))
+ fatal("%s: child exited with status %d",
+ __func__, WEXITSTATUS(status));
+ fatal("%s: child not stopped", __func__);
+ }
+ debug3("%s: child %ld stopped", __func__, (long)child_pid);
+ box->child_pid = child_pid;
+
+ /* Set up systracing of child */
+ if ((dev_systrace = open("/dev/systrace", O_RDONLY)) == -1)
+ fatal("%s: open(\"/dev/systrace\"): %s", __func__,
+ strerror(errno));
+ if (ioctl(dev_systrace, STRIOCCLONE, &box->systrace_fd) == -1)
+ fatal("%s: ioctl(STRIOCCLONE, %d): %s", __func__,
+ dev_systrace, strerror(errno));
+ close(dev_systrace);
+ debug3("%s: systrace attach, fd=%d", __func__, box->systrace_fd);
+ if (ioctl(box->systrace_fd, STRIOCATTACH, &child_pid) == -1)
+ fatal("%s: ioctl(%d, STRIOCATTACH, %d): %s", __func__,
+ box->systrace_fd, child_pid, strerror(errno));
+
+ /* Allocate and assign policy */
+ bzero(&policy, sizeof(policy));
+ policy.strp_op = SYSTR_POLICY_NEW;
+ policy.strp_maxents = SYS_MAXSYSCALL;
+ if (ioctl(box->systrace_fd, STRIOCPOLICY, &policy) == -1)
+ fatal("%s: ioctl(%d, STRIOCPOLICY (new)): %s", __func__,
+ box->systrace_fd, strerror(errno));
+
+ policy.strp_op = SYSTR_POLICY_ASSIGN;
+ policy.strp_pid = box->child_pid;
+ if (ioctl(box->systrace_fd, STRIOCPOLICY, &policy) == -1)
+ fatal("%s: ioctl(%d, STRIOCPOLICY (assign)): %s",
+ __func__, box->systrace_fd, strerror(errno));
+
+ /* Set per-syscall policy */
+ for (i = 0; i < SYS_MAXSYSCALL; i++) {
+ found = 0;
+ for (j = 0; allowed_syscalls[j].syscall != -1; j++) {
+ if (allowed_syscalls[j].syscall == i) {
+ found = 1;
+ break;
+ }
+ }
+ policy.strp_op = SYSTR_POLICY_MODIFY;
+ policy.strp_code = i;
+ policy.strp_policy = found ?
+ allowed_syscalls[j].action : SYSTR_POLICY_KILL;
+ if (found)
+ debug3("%s: policy: enable syscall %d", __func__, i);
+ if (ioctl(box->systrace_fd, STRIOCPOLICY, &policy) == -1)
+ fatal("%s: ioctl(%d, STRIOCPOLICY (modify)): %s",
+ __func__, box->systrace_fd, strerror(errno));
+ }
+
+ /* Signal the child to start running */
+ debug3("%s: start child %ld", __func__, (long)child_pid);
+ if (kill(box->child_pid, SIGCONT) != 0)
+ fatal("%s: kill(%d, SIGCONT)", __func__, box->child_pid);
+}
+
+void
+ssh_sandbox_parent_finish(struct ssh_sandbox *box)
+{
+ /* Closing this before the child exits will terminate it */
+ close(box->systrace_fd);
+
+ free(box);
+ debug3("%s: finished", __func__);
+}
+
+void
+ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid)
+{
+ ssh_sandbox_parent(box, child_pid, preauth_policy);
+}
+
+#endif /* SANDBOX_SYSTRACE */
Deleted: vendor-crypto/openssh/dist/scard/Makefile.in
===================================================================
--- vendor-crypto/openssh/dist/scard/Makefile.in 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/scard/Makefile.in 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,29 +0,0 @@
-# $Id: Makefile.in,v 1.1.1.3 2007-03-13 21:36:54 laffer1 Exp $
-
-prefix=@prefix@
-datadir=@datadir@
-datarootdir=@datarootdir@
-srcdir=@srcdir@
-top_srcdir=@top_srcdir@
-
-INSTALL=@INSTALL@
-
-VPATH=@srcdir@
-
-all:
-
-#Ssh.bin: Ssh.bin.uu
-# uudecode Ssh.bin.uu
-
-clean:
-# rm -rf Ssh.bin
-
-distprep:
- uudecode Ssh.bin.uu
-
-distclean: clean
- rm -f Makefile *~
-
-install: $(srcdir)/Ssh.bin
- $(top_srcdir)/mkinstalldirs $(DESTDIR)$(datadir)
- $(INSTALL) -m 0644 $(srcdir)/Ssh.bin $(DESTDIR)$(datadir)/Ssh.bin
Deleted: vendor-crypto/openssh/dist/scard/Ssh.bin
===================================================================
--- vendor-crypto/openssh/dist/scard/Ssh.bin 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/scard/Ssh.bin 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,24 +0,0 @@
-��A� �A
x ��X� \xFE`\xF0� \xFE\xA1\xF0� A�A
�\xFE\xA0\xF0� A�A
�\xFEx\xF3��A�A
�\xFEp\xF3��\xFEC\xD3��\xFE`\xF0� \xFEs\xF3
\xFEs\xD5 �A�\xB0� \xFEa\xD3 \xFEa\xD3� \xFE\xA1\xD0��\xFE\xA0\xD0'�\xFE\xA3\xD3
-�\xFE\xA3\xD3 \xFEs\xD5
�\xFEa\xD3��\xFE\xA1\xD0
- \xFE\xA0\xD0��\xFEh\xD3 �A�� � \xFE`�\xCC A
\xF2� A
\xF2! A
\xF2� \xF0�\xFF\xF2�����
- ` A$��� \xA4K
-\x90 ` (���V \xEC �\xFF\xFF\xFF\xC0 \xE9 � 3 \xC7 0 \x8D 2 \xD8����J
-n ` (���
- \xFF=!` F�J
-g ` (
-? ` K+ �` K+�` P
�
-��J �
-�` U` Z` (�\
�����^ _��` dR h
-? ` K+
-sh` K+` i �5!����` n
�
-��K
��` dR �
-�` U` Z` (R .��
-� ` s+��` dR
��
-��` s+��` dR
R
-m ` (Y \xF0�\xFF\xF2��� �
-\x90 ` (Y \xF0�\xFF\xF2���
bA�-_ <+Y \xF0�\xFF\xF6���� � �\
^ 2E ��\
- \xC8 �^ 7�W\xB0�\xFF\xF2���� < �_ �b\xFE\xA1-_ �]
-�b\xFE\xA0-_ �] ��b\xFEx-
-� _ �]
-� ` #E
-g ` (�^ -Y
\ No newline at end of file
Deleted: vendor-crypto/openssh/dist/scard/Ssh.bin.uu
===================================================================
--- vendor-crypto/openssh/dist/scard/Ssh.bin.uu 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/scard/Ssh.bin.uu 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,17 +0,0 @@
-begin 644 Ssh.bin
-M`P)!&P`801X`>``!`E@"`/Y@\`4`_J'P!0!!&T$=`?Z@\`4`01M!'`'^>/,!
-M`4$;01X!_G#S%P'^0],1`?Y@\!0`_G/S'0#^<]4``D$;L`4`_F'3``#^8=,%
-M`/ZAT`$!_J#0)P'^H],*`?ZCTPD`_G/5"P7^8=,'`OZAT`H`_J#0$@3^:-,@
-M`T$;`P`%`/Y@`<P``$$<\@\``$$=\B$``$$>\A```/`0__(%`@8!`0H``&``
-M0205!!D)I$L`"0J0`&``*!4$&58``````.P````%____P````.D````0````
-M,P```"````#'````,````(T````R````V!4#&0A*``D*;@!@`"@5!QD*`/\]
-M(6``1A)*``D*9P!@`"@*/P!@`$LK"1)@`$LK!6``4!P$#00#2@`.#01@`%5@
-M`%I@`"@37``>%0 at 2%0A>`%\($F``9%(`:`H_`&``2RL*<VA@`$LK8`!I"1`U
-M(14#`Q)@`&X<!`T$`TL`"P,28`!D4@`.#01@`%5@`%I@`"A2`"X5`PH$`&``
-M<RL#!6``9%(`'14#"@$"8`!S*P,%8`!D4@`,4@`)"FT`8``H60``\`+_\@$!
-M`0D`"```"I``8``H60#P$__R`0$""0`,``!B01LM7P`\*UD```#P$O_V`0$#
-M`0`8```37``>7@`R10`/$UP`'@H`R`D07@`W!%>P!?_R`0$$`@`\```37P``
-M$V+^H2U?``5=``H38OZ at +5\`#UT`%!-B_G at M"@0`7P`970`>"@0`8``C10`)
-/"F<`8``H$UX`+5D`````
-`
-end
Deleted: vendor-crypto/openssh/dist/scard/Ssh.java
===================================================================
--- vendor-crypto/openssh/dist/scard/Ssh.java 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/scard/Ssh.java 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,164 +0,0 @@
-// $Id: Ssh.java,v 1.1.1.2 2006-02-25 02:34:26 laffer1 Exp $
-//
-// Ssh.java
-// SSH / smartcard integration project, smartcard side
-//
-// Tomoko Fukuzawa, created, Feb., 2000
-//
-// Naomaru Itoi, modified, Apr., 2000
-//
-
-// copyright 2000
-// the regents of the university of michigan
-// all rights reserved
-//
-// permission is granted to use, copy, create derivative works
-// and redistribute this software and such derivative works
-// for any purpose, so long as the name of the university of
-// michigan is not used in any advertising or publicity
-// pertaining to the use or distribution of this software
-// without specific, written prior authorization. if the
-// above copyright notice or any other identification of the
-// university of michigan is included in any copy of any
-// portion of this software, then the disclaimer below must
-// also be included.
-//
-// this software is provided as is, without representation
-// from the university of michigan as to its fitness for any
-// purpose, and without warranty by the university of
-// michigan of any kind, either express or implied, including
-// without limitation the implied warranties of
-// merchantability and fitness for a particular purpose. the
-// regents of the university of michigan shall not be liable
-// for any damages, including special, indirect, incidental, or
-// consequential damages, with respect to any claim arising
-// out of or in connection with the use of the software, even
-// if it has been or is hereafter advised of the possibility of
-// such damages.
-
-import javacard.framework.*;
-import javacardx.framework.*;
-import javacardx.crypto.*;
-
-public class Ssh extends javacard.framework.Applet
-{
- // Change this when the applet changes; hi byte is major, low byte is minor
- static final short applet_version = (short)0x0102;
-
- /* constants declaration */
- // code of CLA byte in the command APDU header
- static final byte Ssh_CLA =(byte)0x05;
-
- // codes of INS byte in the command APDU header
- static final byte DECRYPT = (byte) 0x10;
- static final byte GET_KEYLENGTH = (byte) 0x20;
- static final byte GET_PUBKEY = (byte) 0x30;
- static final byte GET_VERSION = (byte) 0x32;
- static final byte GET_RESPONSE = (byte) 0xc0;
-
- static final short keysize = 1024;
- static final short root_fid = (short)0x3f00;
- static final short privkey_fid = (short)0x0012;
- static final short pubkey_fid = (short)(('s'<<8)|'h');
-
- /* instance variables declaration */
- AsymKey rsakey;
- CyberflexFile file;
- CyberflexOS os;
-
- private Ssh()
- {
- file = new CyberflexFile();
- os = new CyberflexOS();
-
- rsakey = new RSA_CRT_PrivateKey (keysize);
-
- if ( ! rsakey.isSupportedLength (keysize) )
- ISOException.throwIt (ISO.SW_WRONG_LENGTH);
-
- register();
- } // end of the constructor
-
- public boolean select() {
- if (!rsakey.isInitialized())
- rsakey.setKeyInstance ((short)0xc8, (short)0x10);
-
- return true;
- }
-
- public static void install(APDU apdu)
- {
- new Ssh(); // create a Ssh applet instance (card)
- } // end of install method
-
- public static void main(String args[]) {
- ISOException.throwIt((short) 0x9000);
- }
-
- public void process(APDU apdu)
- {
- // APDU object carries a byte array (buffer) to
- // transfer incoming and outgoing APDU header
- // and data bytes between card and CAD
- byte buffer[] = apdu.getBuffer();
- short size, st;
-
- // verify that if the applet can accept this
- // APDU message
- // NI: change suggested by Wayne Dyksen, Purdue
- if (buffer[ISO.OFFSET_INS] == ISO.INS_SELECT)
- ISOException.throwIt(ISO.SW_NO_ERROR);
-
- switch (buffer[ISO.OFFSET_INS]) {
- case DECRYPT:
- if (buffer[ISO.OFFSET_CLA] != Ssh_CLA)
- ISOException.throwIt(ISO.SW_CLA_NOT_SUPPORTED);
- //decrypt (apdu);
- size = (short) (buffer[ISO.OFFSET_LC] & 0x00FF);
-
- if (apdu.setIncomingAndReceive() != size)
- ISOException.throwIt (ISO.SW_WRONG_LENGTH);
-
- // check access; depends on bit 2 (x/a)
- file.selectFile(root_fid);
- file.selectFile(privkey_fid);
- st = os.checkAccess(ACL.EXECUTE);
- if (st != ST.ACCESS_CLEARED) {
- CyberflexAPDU.prepareSW1SW2(st);
- ISOException.throwIt(CyberflexAPDU.getSW1SW2());
- }
-
- rsakey.cryptoUpdate (buffer, (short) ISO.OFFSET_CDATA, size,
- buffer, (short) ISO.OFFSET_CDATA);
-
- apdu.setOutgoingAndSend ((short) ISO.OFFSET_CDATA, size);
- break;
- case GET_PUBKEY:
- file.selectFile(root_fid); // select root
- file.selectFile(pubkey_fid); // select public key file
- size = (short)(file.getFileSize() - 16);
- st = os.readBinaryFile(buffer, (short)0, (short)0, size);
- if (st == ST.SUCCESS)
- apdu.setOutgoingAndSend((short)0, size);
- else {
- CyberflexAPDU.prepareSW1SW2(st);
- ISOException.throwIt(CyberflexAPDU.getSW1SW2());
- }
- break;
- case GET_KEYLENGTH:
- Util.setShort(buffer, (short)0, keysize);
- apdu.setOutgoingAndSend ((short)0, (short)2);
- break;
- case GET_VERSION:
- Util.setShort(buffer, (short)0, applet_version);
- apdu.setOutgoingAndSend ((short)0, (short)2);
- break;
- case GET_RESPONSE:
- break;
- default:
- ISOException.throwIt (ISO.SW_INS_NOT_SUPPORTED);
- }
-
- } // end of process method
-
-} // end of class Ssh
Deleted: vendor-crypto/openssh/dist/scard-opensc.c
===================================================================
--- vendor-crypto/openssh/dist/scard-opensc.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/scard-opensc.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,532 +0,0 @@
-/*
- * Copyright (c) 2002 Juha Yrj\xF6l\xE4. All rights reserved.
- * Copyright (c) 2001 Markus Friedl.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "includes.h"
-#if defined(SMARTCARD) && defined(USE_OPENSC)
-
-#include <sys/types.h>
-
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-
-#include <stdarg.h>
-#include <string.h>
-
-#include <opensc/opensc.h>
-#include <opensc/pkcs15.h>
-
-#include "key.h"
-#include "log.h"
-#include "xmalloc.h"
-#include "misc.h"
-#include "scard.h"
-
-#if OPENSSL_VERSION_NUMBER < 0x00907000L && defined(CRYPTO_LOCK_ENGINE)
-#define USE_ENGINE
-#define RSA_get_default_method RSA_get_default_openssl_method
-#else
-#endif
-
-#ifdef USE_ENGINE
-#include <openssl/engine.h>
-#define sc_get_rsa sc_get_engine
-#else
-#define sc_get_rsa sc_get_rsa_method
-#endif
-
-static int sc_reader_id;
-static sc_context_t *ctx = NULL;
-static sc_card_t *card = NULL;
-static sc_pkcs15_card_t *p15card = NULL;
-
-static char *sc_pin = NULL;
-
-struct sc_priv_data
-{
- struct sc_pkcs15_id cert_id;
- int ref_count;
-};
-
-void
-sc_close(void)
-{
- if (p15card) {
- sc_pkcs15_unbind(p15card);
- p15card = NULL;
- }
- if (card) {
- sc_disconnect_card(card, 0);
- card = NULL;
- }
- if (ctx) {
- sc_release_context(ctx);
- ctx = NULL;
- }
-}
-
-static int
-sc_init(void)
-{
- int r;
-
- r = sc_establish_context(&ctx, "openssh");
- if (r)
- goto err;
- if (sc_reader_id >= ctx->reader_count) {
- r = SC_ERROR_NO_READERS_FOUND;
- error("Illegal reader number %d (max %d)", sc_reader_id,
- ctx->reader_count -1);
- goto err;
- }
- r = sc_connect_card(ctx->reader[sc_reader_id], 0, &card);
- if (r)
- goto err;
- r = sc_pkcs15_bind(card, &p15card);
- if (r)
- goto err;
- return 0;
-err:
- sc_close();
- return r;
-}
-
-/* private key operations */
-
-static int
-sc_prkey_op_init(RSA *rsa, struct sc_pkcs15_object **key_obj_out,
- unsigned int usage)
-{
- int r;
- struct sc_priv_data *priv;
- struct sc_pkcs15_object *key_obj;
- struct sc_pkcs15_prkey_info *key;
- struct sc_pkcs15_object *pin_obj;
- struct sc_pkcs15_pin_info *pin;
-
- priv = (struct sc_priv_data *) RSA_get_app_data(rsa);
- if (priv == NULL)
- return -1;
- if (p15card == NULL) {
- sc_close();
- r = sc_init();
- if (r) {
- error("SmartCard init failed: %s", sc_strerror(r));
- goto err;
- }
- }
- r = sc_pkcs15_find_prkey_by_id_usage(p15card, &priv->cert_id,
- usage, &key_obj);
- if (r) {
- error("Unable to find private key from SmartCard: %s",
- sc_strerror(r));
- goto err;
- }
- key = key_obj->data;
- r = sc_pkcs15_find_pin_by_auth_id(p15card, &key_obj->auth_id,
- &pin_obj);
- if (r == SC_ERROR_OBJECT_NOT_FOUND) {
- /* no pin required */
- r = sc_lock(card);
- if (r) {
- error("Unable to lock smartcard: %s", sc_strerror(r));
- goto err;
- }
- *key_obj_out = key_obj;
- return 0;
- } else if (r) {
- error("Unable to find PIN object from SmartCard: %s",
- sc_strerror(r));
- goto err;
- }
- pin = pin_obj->data;
- r = sc_lock(card);
- if (r) {
- error("Unable to lock smartcard: %s", sc_strerror(r));
- goto err;
- }
- if (sc_pin != NULL) {
- r = sc_pkcs15_verify_pin(p15card, pin, sc_pin,
- strlen(sc_pin));
- if (r) {
- sc_unlock(card);
- error("PIN code verification failed: %s",
- sc_strerror(r));
- goto err;
- }
- }
- *key_obj_out = key_obj;
- return 0;
-err:
- sc_close();
- return -1;
-}
-
-#define SC_USAGE_DECRYPT SC_PKCS15_PRKEY_USAGE_DECRYPT | \
- SC_PKCS15_PRKEY_USAGE_UNWRAP
-
-static int
-sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa,
- int padding)
-{
- struct sc_pkcs15_object *key_obj;
- int r;
-
- if (padding != RSA_PKCS1_PADDING)
- return -1;
- r = sc_prkey_op_init(rsa, &key_obj, SC_USAGE_DECRYPT);
- if (r)
- return -1;
- r = sc_pkcs15_decipher(p15card, key_obj, SC_ALGORITHM_RSA_PAD_PKCS1,
- from, flen, to, flen);
- sc_unlock(card);
- if (r < 0) {
- error("sc_pkcs15_decipher() failed: %s", sc_strerror(r));
- goto err;
- }
- return r;
-err:
- sc_close();
- return -1;
-}
-
-#define SC_USAGE_SIGN SC_PKCS15_PRKEY_USAGE_SIGN | \
- SC_PKCS15_PRKEY_USAGE_SIGNRECOVER
-
-static int
-sc_sign(int type, u_char *m, unsigned int m_len,
- unsigned char *sigret, unsigned int *siglen, RSA *rsa)
-{
- struct sc_pkcs15_object *key_obj;
- int r;
- unsigned long flags = 0;
-
- /* XXX: sc_prkey_op_init will search for a pkcs15 private
- * key object with the sign or signrecover usage flag set.
- * If the signing key has only the non-repudiation flag set
- * the key will be rejected as using a non-repudiation key
- * for authentication is not recommended. Note: This does not
- * prevent the use of a non-repudiation key for authentication
- * if the sign or signrecover flag is set as well.
- */
- r = sc_prkey_op_init(rsa, &key_obj, SC_USAGE_SIGN);
- if (r)
- return -1;
- /* FIXME: length of sigret correct? */
- /* FIXME: check 'type' and modify flags accordingly */
- flags = SC_ALGORITHM_RSA_PAD_PKCS1 | SC_ALGORITHM_RSA_HASH_SHA1;
- r = sc_pkcs15_compute_signature(p15card, key_obj, flags,
- m, m_len, sigret, RSA_size(rsa));
- sc_unlock(card);
- if (r < 0) {
- error("sc_pkcs15_compute_signature() failed: %s",
- sc_strerror(r));
- goto err;
- }
- *siglen = r;
- return 1;
-err:
- sc_close();
- return 0;
-}
-
-static int
-sc_private_encrypt(int flen, u_char *from, u_char *to, RSA *rsa,
- int padding)
-{
- error("Private key encryption not supported");
- return -1;
-}
-
-/* called on free */
-
-static int (*orig_finish)(RSA *rsa) = NULL;
-
-static int
-sc_finish(RSA *rsa)
-{
- struct sc_priv_data *priv;
-
- priv = RSA_get_app_data(rsa);
- priv->ref_count--;
- if (priv->ref_count == 0) {
- free(priv);
- sc_close();
- }
- if (orig_finish)
- orig_finish(rsa);
- return 1;
-}
-
-/* engine for overloading private key operations */
-
-static RSA_METHOD *
-sc_get_rsa_method(void)
-{
- static RSA_METHOD smart_rsa;
- const RSA_METHOD *def = RSA_get_default_method();
-
- /* use the OpenSSL version */
- memcpy(&smart_rsa, def, sizeof(smart_rsa));
-
- smart_rsa.name = "opensc";
-
- /* overload */
- smart_rsa.rsa_priv_enc = sc_private_encrypt;
- smart_rsa.rsa_priv_dec = sc_private_decrypt;
- smart_rsa.rsa_sign = sc_sign;
-
- /* save original */
- orig_finish = def->finish;
- smart_rsa.finish = sc_finish;
-
- return &smart_rsa;
-}
-
-#ifdef USE_ENGINE
-static ENGINE *
-sc_get_engine(void)
-{
- static ENGINE *smart_engine = NULL;
-
- if ((smart_engine = ENGINE_new()) == NULL)
- fatal("ENGINE_new failed");
-
- ENGINE_set_id(smart_engine, "opensc");
- ENGINE_set_name(smart_engine, "OpenSC");
-
- ENGINE_set_RSA(smart_engine, sc_get_rsa_method());
- ENGINE_set_DSA(smart_engine, DSA_get_default_openssl_method());
- ENGINE_set_DH(smart_engine, DH_get_default_openssl_method());
- ENGINE_set_RAND(smart_engine, RAND_SSLeay());
- ENGINE_set_BN_mod_exp(smart_engine, BN_mod_exp);
-
- return smart_engine;
-}
-#endif
-
-static void
-convert_rsa_to_rsa1(Key * in, Key * out)
-{
- struct sc_priv_data *priv;
-
- out->rsa->flags = in->rsa->flags;
- out->flags = in->flags;
- RSA_set_method(out->rsa, RSA_get_method(in->rsa));
- BN_copy(out->rsa->n, in->rsa->n);
- BN_copy(out->rsa->e, in->rsa->e);
- priv = RSA_get_app_data(in->rsa);
- priv->ref_count++;
- RSA_set_app_data(out->rsa, priv);
- return;
-}
-
-static int
-sc_read_pubkey(Key * k, const struct sc_pkcs15_object *cert_obj)
-{
- int r;
- sc_pkcs15_cert_t *cert = NULL;
- struct sc_priv_data *priv = NULL;
- sc_pkcs15_cert_info_t *cinfo = cert_obj->data;
-
- X509 *x509 = NULL;
- EVP_PKEY *pubkey = NULL;
- u8 *p;
- char *tmp;
-
- debug("sc_read_pubkey() with cert id %02X", cinfo->id.value[0]);
- r = sc_pkcs15_read_certificate(p15card, cinfo, &cert);
- if (r) {
- logit("Certificate read failed: %s", sc_strerror(r));
- goto err;
- }
- x509 = X509_new();
- if (x509 == NULL) {
- r = -1;
- goto err;
- }
- p = cert->data;
- if (!d2i_X509(&x509, &p, cert->data_len)) {
- logit("Unable to parse X.509 certificate");
- r = -1;
- goto err;
- }
- sc_pkcs15_free_certificate(cert);
- cert = NULL;
- pubkey = X509_get_pubkey(x509);
- X509_free(x509);
- x509 = NULL;
- if (pubkey->type != EVP_PKEY_RSA) {
- logit("Public key is of unknown type");
- r = -1;
- goto err;
- }
- k->rsa = EVP_PKEY_get1_RSA(pubkey);
- EVP_PKEY_free(pubkey);
-
- k->rsa->flags |= RSA_FLAG_SIGN_VER;
- RSA_set_method(k->rsa, sc_get_rsa_method());
- priv = xmalloc(sizeof(struct sc_priv_data));
- priv->cert_id = cinfo->id;
- priv->ref_count = 1;
- RSA_set_app_data(k->rsa, priv);
-
- k->flags = KEY_FLAG_EXT;
- tmp = key_fingerprint(k, SSH_FP_MD5, SSH_FP_HEX);
- debug("fingerprint %d %s", key_size(k), tmp);
- xfree(tmp);
-
- return 0;
-err:
- if (cert)
- sc_pkcs15_free_certificate(cert);
- if (pubkey)
- EVP_PKEY_free(pubkey);
- if (x509)
- X509_free(x509);
- return r;
-}
-
-Key **
-sc_get_keys(const char *id, const char *pin)
-{
- Key *k, **keys;
- int i, r, real_count = 0, key_count;
- sc_pkcs15_id_t cert_id;
- sc_pkcs15_object_t *certs[32];
- char *buf = xstrdup(id), *p;
-
- debug("sc_get_keys called: id = %s", id);
-
- if (sc_pin != NULL)
- xfree(sc_pin);
- sc_pin = (pin == NULL) ? NULL : xstrdup(pin);
-
- cert_id.len = 0;
- if ((p = strchr(buf, ':')) != NULL) {
- *p = 0;
- p++;
- sc_pkcs15_hex_string_to_id(p, &cert_id);
- }
- r = sscanf(buf, "%d", &sc_reader_id);
- xfree(buf);
- if (r != 1)
- goto err;
- if (p15card == NULL) {
- sc_close();
- r = sc_init();
- if (r) {
- error("Smartcard init failed: %s", sc_strerror(r));
- goto err;
- }
- }
- if (cert_id.len) {
- r = sc_pkcs15_find_cert_by_id(p15card, &cert_id, &certs[0]);
- if (r < 0)
- goto err;
- key_count = 1;
- } else {
- r = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_CERT_X509,
- certs, 32);
- if (r == 0) {
- logit("No certificates found on smartcard");
- r = -1;
- goto err;
- } else if (r < 0) {
- error("Certificate enumeration failed: %s",
- sc_strerror(r));
- goto err;
- }
- key_count = r;
- }
- if (key_count > 1024)
- fatal("Too many keys (%u), expected <= 1024", key_count);
- keys = xcalloc(key_count * 2 + 1, sizeof(Key *));
- for (i = 0; i < key_count; i++) {
- sc_pkcs15_object_t *tmp_obj = NULL;
- cert_id = ((sc_pkcs15_cert_info_t *)(certs[i]->data))->id;
- if (sc_pkcs15_find_prkey_by_id(p15card, &cert_id, &tmp_obj))
- /* skip the public key (certificate) if no
- * corresponding private key is present */
- continue;
- k = key_new(KEY_RSA);
- if (k == NULL)
- break;
- r = sc_read_pubkey(k, certs[i]);
- if (r) {
- error("sc_read_pubkey failed: %s", sc_strerror(r));
- key_free(k);
- continue;
- }
- keys[real_count] = k;
- real_count++;
- k = key_new(KEY_RSA1);
- if (k == NULL)
- break;
- convert_rsa_to_rsa1(keys[real_count-1], k);
- keys[real_count] = k;
- real_count++;
- }
- keys[real_count] = NULL;
-
- return keys;
-err:
- sc_close();
- return NULL;
-}
-
-int
-sc_put_key(Key *prv, const char *id)
-{
- error("key uploading not yet supported");
- return -1;
-}
-
-char *
-sc_get_key_label(Key *key)
-{
- int r;
- const struct sc_priv_data *priv;
- struct sc_pkcs15_object *key_obj;
-
- priv = (const struct sc_priv_data *) RSA_get_app_data(key->rsa);
- if (priv == NULL || p15card == NULL) {
- logit("SmartCard key not loaded");
- /* internal error => return default label */
- return xstrdup("smartcard key");
- }
- r = sc_pkcs15_find_prkey_by_id(p15card, &priv->cert_id, &key_obj);
- if (r) {
- logit("Unable to find private key from SmartCard: %s",
- sc_strerror(r));
- return xstrdup("smartcard key");
- }
- if (key_obj == NULL || key_obj->label == NULL)
- /* the optional PKCS#15 label does not exists
- * => return the default label */
- return xstrdup("smartcard key");
- return xstrdup(key_obj->label);
-}
-
-#endif /* SMARTCARD */
Deleted: vendor-crypto/openssh/dist/scard.c
===================================================================
--- vendor-crypto/openssh/dist/scard.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/scard.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,571 +0,0 @@
-/* $OpenBSD: scard.c,v 1.36 2006/11/06 21:25:28 markus Exp $ */
-/*
- * Copyright (c) 2001 Markus Friedl. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "includes.h"
-#if defined(SMARTCARD) && defined(USE_SECTOK)
-
-#include <sys/types.h>
-
-#include <sectok.h>
-#include <stdarg.h>
-#include <string.h>
-
-#include <openssl/evp.h>
-
-#include "xmalloc.h"
-#include "key.h"
-#include "log.h"
-#include "misc.h"
-#include "scard.h"
-
-#if OPENSSL_VERSION_NUMBER < 0x00907000L
-#define USE_ENGINE
-#define RSA_get_default_method RSA_get_default_openssl_method
-#else
-#endif
-
-#ifdef USE_ENGINE
-#include <openssl/engine.h>
-#define sc_get_rsa sc_get_engine
-#else
-#define sc_get_rsa sc_get_rsa_method
-#endif
-
-#define CLA_SSH 0x05
-#define INS_DECRYPT 0x10
-#define INS_GET_KEYLENGTH 0x20
-#define INS_GET_PUBKEY 0x30
-#define INS_GET_RESPONSE 0xc0
-
-#define MAX_BUF_SIZE 256
-
-u_char DEFAUT0[] = {0xad, 0x9f, 0x61, 0xfe, 0xfa, 0x20, 0xce, 0x63};
-
-static int sc_fd = -1;
-static char *sc_reader_id = NULL;
-static char *sc_pin = NULL;
-static int cla = 0x00; /* class */
-
-static void sc_mk_digest(const char *pin, u_char *digest);
-static int get_AUT0(u_char *aut0);
-static int try_AUT0(void);
-
-/* interface to libsectok */
-
-static int
-sc_open(void)
-{
- int sw;
-
- if (sc_fd >= 0)
- return sc_fd;
-
- sc_fd = sectok_friendly_open(sc_reader_id, STONOWAIT, &sw);
- if (sc_fd < 0) {
- error("sectok_open failed: %s", sectok_get_sw(sw));
- return SCARD_ERROR_FAIL;
- }
- if (! sectok_cardpresent(sc_fd)) {
- debug("smartcard in reader %s not present, skipping",
- sc_reader_id);
- sc_close();
- return SCARD_ERROR_NOCARD;
- }
- if (sectok_reset(sc_fd, 0, NULL, &sw) <= 0) {
- error("sectok_reset failed: %s", sectok_get_sw(sw));
- sc_fd = -1;
- return SCARD_ERROR_FAIL;
- }
- if ((cla = cyberflex_inq_class(sc_fd)) < 0)
- cla = 0;
-
- debug("sc_open ok %d", sc_fd);
- return sc_fd;
-}
-
-static int
-sc_enable_applet(void)
-{
- static u_char aid[] = {0xfc, 0x53, 0x73, 0x68, 0x2e, 0x62, 0x69, 0x6e};
- int sw = 0;
-
- /* select applet id */
- sectok_apdu(sc_fd, cla, 0xa4, 0x04, 0, sizeof aid, aid, 0, NULL, &sw);
- if (!sectok_swOK(sw)) {
- error("sectok_apdu failed: %s", sectok_get_sw(sw));
- sc_close();
- return -1;
- }
- return 0;
-}
-
-static int
-sc_init(void)
-{
- int status;
-
- status = sc_open();
- if (status == SCARD_ERROR_NOCARD) {
- return SCARD_ERROR_NOCARD;
- }
- if (status < 0) {
- error("sc_open failed");
- return status;
- }
- if (sc_enable_applet() < 0) {
- error("sc_enable_applet failed");
- return SCARD_ERROR_APPLET;
- }
- return 0;
-}
-
-static int
-sc_read_pubkey(Key * k)
-{
- u_char buf[2], *n;
- char *p;
- int len, sw, status = -1;
-
- len = sw = 0;
- n = NULL;
-
- if (sc_fd < 0) {
- if (sc_init() < 0)
- goto err;
- }
-
- /* get key size */
- sectok_apdu(sc_fd, CLA_SSH, INS_GET_KEYLENGTH, 0, 0, 0, NULL,
- sizeof(buf), buf, &sw);
- if (!sectok_swOK(sw)) {
- error("could not obtain key length: %s", sectok_get_sw(sw));
- goto err;
- }
- len = (buf[0] << 8) | buf[1];
- len /= 8;
- debug("INS_GET_KEYLENGTH: len %d sw %s", len, sectok_get_sw(sw));
-
- n = xmalloc(len);
- /* get n */
- sectok_apdu(sc_fd, CLA_SSH, INS_GET_PUBKEY, 0, 0, 0, NULL, len, n, &sw);
-
- if (sw == 0x6982) {
- if (try_AUT0() < 0)
- goto err;
- sectok_apdu(sc_fd, CLA_SSH, INS_GET_PUBKEY, 0, 0, 0, NULL, len, n, &sw);
- }
- if (!sectok_swOK(sw)) {
- error("could not obtain public key: %s", sectok_get_sw(sw));
- goto err;
- }
-
- debug("INS_GET_KEYLENGTH: sw %s", sectok_get_sw(sw));
-
- if (BN_bin2bn(n, len, k->rsa->n) == NULL) {
- error("c_read_pubkey: BN_bin2bn failed");
- goto err;
- }
-
- /* currently the java applet just stores 'n' */
- if (!BN_set_word(k->rsa->e, 35)) {
- error("c_read_pubkey: BN_set_word(e, 35) failed");
- goto err;
- }
-
- status = 0;
- p = key_fingerprint(k, SSH_FP_MD5, SSH_FP_HEX);
- debug("fingerprint %u %s", key_size(k), p);
- xfree(p);
-
-err:
- if (n != NULL)
- xfree(n);
- sc_close();
- return status;
-}
-
-/* private key operations */
-
-static int
-sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa,
- int padding)
-{
- u_char *padded = NULL;
- int sw, len, olen, status = -1;
-
- debug("sc_private_decrypt called");
-
- olen = len = sw = 0;
- if (sc_fd < 0) {
- status = sc_init();
- if (status < 0)
- goto err;
- }
- if (padding != RSA_PKCS1_PADDING)
- goto err;
-
- len = BN_num_bytes(rsa->n);
- padded = xmalloc(len);
-
- sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, from, len, padded, &sw);
-
- if (sw == 0x6982) {
- if (try_AUT0() < 0)
- goto err;
- sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, from, len, padded, &sw);
- }
- if (!sectok_swOK(sw)) {
- error("sc_private_decrypt: INS_DECRYPT failed: %s",
- sectok_get_sw(sw));
- goto err;
- }
- olen = RSA_padding_check_PKCS1_type_2(to, len, padded + 1, len - 1,
- len);
-err:
- if (padded)
- xfree(padded);
- sc_close();
- return (olen >= 0 ? olen : status);
-}
-
-static int
-sc_private_encrypt(int flen, u_char *from, u_char *to, RSA *rsa,
- int padding)
-{
- u_char *padded = NULL;
- int sw, len, status = -1;
-
- len = sw = 0;
- if (sc_fd < 0) {
- status = sc_init();
- if (status < 0)
- goto err;
- }
- if (padding != RSA_PKCS1_PADDING)
- goto err;
-
- debug("sc_private_encrypt called");
- len = BN_num_bytes(rsa->n);
- padded = xmalloc(len);
-
- if (RSA_padding_add_PKCS1_type_1(padded, len, (u_char *)from, flen) <= 0) {
- error("RSA_padding_add_PKCS1_type_1 failed");
- goto err;
- }
- sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, padded, len, to, &sw);
- if (sw == 0x6982) {
- if (try_AUT0() < 0)
- goto err;
- sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, padded, len, to, &sw);
- }
- if (!sectok_swOK(sw)) {
- error("sc_private_encrypt: INS_DECRYPT failed: %s",
- sectok_get_sw(sw));
- goto err;
- }
-err:
- if (padded)
- xfree(padded);
- sc_close();
- return (len >= 0 ? len : status);
-}
-
-/* called on free */
-
-static int (*orig_finish)(RSA *rsa) = NULL;
-
-static int
-sc_finish(RSA *rsa)
-{
- if (orig_finish)
- orig_finish(rsa);
- sc_close();
- return 1;
-}
-
-/* engine for overloading private key operations */
-
-static RSA_METHOD *
-sc_get_rsa_method(void)
-{
- static RSA_METHOD smart_rsa;
- const RSA_METHOD *def = RSA_get_default_method();
-
- /* use the OpenSSL version */
- memcpy(&smart_rsa, def, sizeof(smart_rsa));
-
- smart_rsa.name = "sectok";
-
- /* overload */
- smart_rsa.rsa_priv_enc = sc_private_encrypt;
- smart_rsa.rsa_priv_dec = sc_private_decrypt;
-
- /* save original */
- orig_finish = def->finish;
- smart_rsa.finish = sc_finish;
-
- return &smart_rsa;
-}
-
-#ifdef USE_ENGINE
-static ENGINE *
-sc_get_engine(void)
-{
- static ENGINE *smart_engine = NULL;
-
- if ((smart_engine = ENGINE_new()) == NULL)
- fatal("ENGINE_new failed");
-
- ENGINE_set_id(smart_engine, "sectok");
- ENGINE_set_name(smart_engine, "libsectok");
-
- ENGINE_set_RSA(smart_engine, sc_get_rsa_method());
- ENGINE_set_DSA(smart_engine, DSA_get_default_openssl_method());
- ENGINE_set_DH(smart_engine, DH_get_default_openssl_method());
- ENGINE_set_RAND(smart_engine, RAND_SSLeay());
- ENGINE_set_BN_mod_exp(smart_engine, BN_mod_exp);
-
- return smart_engine;
-}
-#endif
-
-void
-sc_close(void)
-{
- if (sc_fd >= 0) {
- sectok_close(sc_fd);
- sc_fd = -1;
- }
-}
-
-Key **
-sc_get_keys(const char *id, const char *pin)
-{
- Key *k, *n, **keys;
- int status, nkeys = 2;
-
- if (sc_reader_id != NULL)
- xfree(sc_reader_id);
- sc_reader_id = xstrdup(id);
-
- if (sc_pin != NULL)
- xfree(sc_pin);
- sc_pin = (pin == NULL) ? NULL : xstrdup(pin);
-
- k = key_new(KEY_RSA);
- if (k == NULL) {
- return NULL;
- }
- status = sc_read_pubkey(k);
- if (status == SCARD_ERROR_NOCARD) {
- key_free(k);
- return NULL;
- }
- if (status < 0) {
- error("sc_read_pubkey failed");
- key_free(k);
- return NULL;
- }
- keys = xcalloc((nkeys+1), sizeof(Key *));
-
- n = key_new(KEY_RSA1);
- if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) ||
- (BN_copy(n->rsa->e, k->rsa->e) == NULL))
- fatal("sc_get_keys: BN_copy failed");
- RSA_set_method(n->rsa, sc_get_rsa());
- n->flags |= KEY_FLAG_EXT;
- keys[0] = n;
-
- n = key_new(KEY_RSA);
- if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) ||
- (BN_copy(n->rsa->e, k->rsa->e) == NULL))
- fatal("sc_get_keys: BN_copy failed");
- RSA_set_method(n->rsa, sc_get_rsa());
- n->flags |= KEY_FLAG_EXT;
- keys[1] = n;
-
- keys[2] = NULL;
-
- key_free(k);
- return keys;
-}
-
-#define NUM_RSA_KEY_ELEMENTS 5+1
-#define COPY_RSA_KEY(x, i) \
- do { \
- len = BN_num_bytes(prv->rsa->x); \
- elements[i] = xmalloc(len); \
- debug("#bytes %d", len); \
- if (BN_bn2bin(prv->rsa->x, elements[i]) < 0) \
- goto done; \
- } while (0)
-
-static void
-sc_mk_digest(const char *pin, u_char *digest)
-{
- const EVP_MD *evp_md = EVP_sha1();
- EVP_MD_CTX md;
-
- EVP_DigestInit(&md, evp_md);
- EVP_DigestUpdate(&md, pin, strlen(pin));
- EVP_DigestFinal(&md, digest, NULL);
-}
-
-static int
-get_AUT0(u_char *aut0)
-{
- char *pass;
-
- pass = read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN);
- if (pass == NULL)
- return -1;
- if (!strcmp(pass, "-")) {
- memcpy(aut0, DEFAUT0, sizeof DEFAUT0);
- return 0;
- }
- sc_mk_digest(pass, aut0);
- memset(pass, 0, strlen(pass));
- xfree(pass);
- return 0;
-}
-
-static int
-try_AUT0(void)
-{
- u_char aut0[EVP_MAX_MD_SIZE];
-
- /* permission denied; try PIN if provided */
- if (sc_pin && strlen(sc_pin) > 0) {
- sc_mk_digest(sc_pin, aut0);
- if (cyberflex_verify_AUT0(sc_fd, cla, aut0, 8) < 0) {
- error("smartcard passphrase incorrect");
- return (-1);
- }
- } else {
- /* try default AUT0 key */
- if (cyberflex_verify_AUT0(sc_fd, cla, DEFAUT0, 8) < 0) {
- /* default AUT0 key failed; prompt for passphrase */
- if (get_AUT0(aut0) < 0 ||
- cyberflex_verify_AUT0(sc_fd, cla, aut0, 8) < 0) {
- error("smartcard passphrase incorrect");
- return (-1);
- }
- }
- }
- return (0);
-}
-
-int
-sc_put_key(Key *prv, const char *id)
-{
- u_char *elements[NUM_RSA_KEY_ELEMENTS];
- u_char key_fid[2];
- u_char AUT0[EVP_MAX_MD_SIZE];
- int len, status = -1, i, fd = -1, ret;
- int sw = 0, cla = 0x00;
-
- for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++)
- elements[i] = NULL;
-
- COPY_RSA_KEY(q, 0);
- COPY_RSA_KEY(p, 1);
- COPY_RSA_KEY(iqmp, 2);
- COPY_RSA_KEY(dmq1, 3);
- COPY_RSA_KEY(dmp1, 4);
- COPY_RSA_KEY(n, 5);
- len = BN_num_bytes(prv->rsa->n);
- fd = sectok_friendly_open(id, STONOWAIT, &sw);
- if (fd < 0) {
- error("sectok_open failed: %s", sectok_get_sw(sw));
- goto done;
- }
- if (! sectok_cardpresent(fd)) {
- error("smartcard in reader %s not present", id);
- goto done;
- }
- ret = sectok_reset(fd, 0, NULL, &sw);
- if (ret <= 0) {
- error("sectok_reset failed: %s", sectok_get_sw(sw));
- goto done;
- }
- if ((cla = cyberflex_inq_class(fd)) < 0) {
- error("cyberflex_inq_class failed");
- goto done;
- }
- memcpy(AUT0, DEFAUT0, sizeof(DEFAUT0));
- if (cyberflex_verify_AUT0(fd, cla, AUT0, sizeof(DEFAUT0)) < 0) {
- if (get_AUT0(AUT0) < 0 ||
- cyberflex_verify_AUT0(fd, cla, AUT0, sizeof(DEFAUT0)) < 0) {
- memset(AUT0, 0, sizeof(DEFAUT0));
- error("smartcard passphrase incorrect");
- goto done;
- }
- }
- memset(AUT0, 0, sizeof(DEFAUT0));
- key_fid[0] = 0x00;
- key_fid[1] = 0x12;
- if (cyberflex_load_rsa_priv(fd, cla, key_fid, 5, 8*len, elements,
- &sw) < 0) {
- error("cyberflex_load_rsa_priv failed: %s", sectok_get_sw(sw));
- goto done;
- }
- if (!sectok_swOK(sw))
- goto done;
- logit("cyberflex_load_rsa_priv done");
- key_fid[0] = 0x73;
- key_fid[1] = 0x68;
- if (cyberflex_load_rsa_pub(fd, cla, key_fid, len, elements[5],
- &sw) < 0) {
- error("cyberflex_load_rsa_pub failed: %s", sectok_get_sw(sw));
- goto done;
- }
- if (!sectok_swOK(sw))
- goto done;
- logit("cyberflex_load_rsa_pub done");
- status = 0;
-
-done:
- memset(elements[0], '\0', BN_num_bytes(prv->rsa->q));
- memset(elements[1], '\0', BN_num_bytes(prv->rsa->p));
- memset(elements[2], '\0', BN_num_bytes(prv->rsa->iqmp));
- memset(elements[3], '\0', BN_num_bytes(prv->rsa->dmq1));
- memset(elements[4], '\0', BN_num_bytes(prv->rsa->dmp1));
- memset(elements[5], '\0', BN_num_bytes(prv->rsa->n));
-
- for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++)
- if (elements[i])
- xfree(elements[i]);
- if (fd != -1)
- sectok_close(fd);
- return (status);
-}
-
-char *
-sc_get_key_label(Key *key)
-{
- return xstrdup("smartcard key");
-}
-
-#endif /* SMARTCARD && USE_SECTOK */
Deleted: vendor-crypto/openssh/dist/scard.h
===================================================================
--- vendor-crypto/openssh/dist/scard.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/scard.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,39 +0,0 @@
-/* $OpenBSD: scard.h,v 1.14 2006/08/03 03:34:42 deraadt Exp $ */
-
-/*
- * Copyright (c) 2001 Markus Friedl. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifndef SCARD_H
-#define SCARD_H
-
-#define SCARD_ERROR_FAIL -1
-#define SCARD_ERROR_NOCARD -2
-#define SCARD_ERROR_APPLET -3
-
-Key **sc_get_keys(const char *, const char *);
-void sc_close(void);
-int sc_put_key(Key *, const char *);
-char *sc_get_key_label(Key *);
-
-#endif
Modified: vendor-crypto/openssh/dist/schnorr.c
===================================================================
--- vendor-crypto/openssh/dist/schnorr.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/schnorr.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: schnorr.c,v 1.5 2010/12/03 23:49:26 djm Exp $ */
+/* $OpenBSD: schnorr.c,v 1.8 2013/11/08 00:39:15 djm Exp $ */
/*
* Copyright (c) 2008 Damien Miller. All rights reserved.
*
@@ -102,7 +102,7 @@
out:
buffer_free(&b);
bzero(digest, digest_len);
- xfree(digest);
+ free(digest);
digest_len = 0;
if (success == 0)
return h;
@@ -488,12 +488,13 @@
{
char *out, *h;
va_list args;
+ int ret;
out = NULL;
va_start(args, fmt);
- vasprintf(&out, fmt, args);
+ ret = vasprintf(&out, fmt, args);
va_end(args);
- if (out == NULL)
+ if (ret == -1 || out == NULL)
fatal("%s: vasprintf failed", __func__);
if (n == NULL)
@@ -513,12 +514,13 @@
char *out, h[65];
u_int i, j;
va_list args;
+ int ret;
out = NULL;
va_start(args, fmt);
- vasprintf(&out, fmt, args);
+ ret = vasprintf(&out, fmt, args);
va_end(args);
- if (out == NULL)
+ if (ret == -1 || out == NULL)
fatal("%s: vasprintf failed", __func__);
debug3("%s length %u%s", out, len, buf == NULL ? " (null)" : "");
@@ -547,7 +549,7 @@
{
struct modp_group *ret;
- ret = xmalloc(sizeof(*ret));
+ ret = xcalloc(1, sizeof(*ret));
ret->p = ret->q = ret->g = NULL;
if (BN_hex2bn(&ret->p, grp_p) == 0 ||
BN_hex2bn(&ret->g, grp_g) == 0)
@@ -571,7 +573,7 @@
if (grp->q != NULL)
BN_clear_free(grp->q);
bzero(grp, sizeof(*grp));
- xfree(grp);
+ free(grp);
}
/* main() function for self-test */
@@ -606,7 +608,7 @@
if (schnorr_verify_buf(grp_p, grp_q, grp_g, g_x, "junk", 4,
sig, siglen) != 0)
fatal("%s: verify should have failed (bit error)", __func__);
- xfree(sig);
+ free(sig);
BN_free(g_x);
BN_CTX_free(bn_ctx);
}
Property changes on: vendor-crypto/openssh/dist/schnorr.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Index: vendor-crypto/openssh/dist/schnorr.h
===================================================================
--- vendor-crypto/openssh/dist/schnorr.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/schnorr.h 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/schnorr.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Added: vendor-crypto/openssh/dist/scp.0
===================================================================
--- vendor-crypto/openssh/dist/scp.0 (rev 0)
+++ vendor-crypto/openssh/dist/scp.0 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,158 @@
+SCP(1) OpenBSD Reference Manual SCP(1)
+
+NAME
+ scp - secure copy (remote file copy program)
+
+SYNOPSIS
+ scp [-12346BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file]
+ [-l limit] [-o ssh_option] [-P port] [-S program]
+ [[user@]host1:]file1 ... [[user@]host2:]file2
+
+DESCRIPTION
+ scp copies files between hosts on a network. It uses ssh(1) for data
+ transfer, and uses the same authentication and provides the same security
+ as ssh(1). Unlike rcp(1), scp will ask for passwords or passphrases if
+ they are needed for authentication.
+
+ File names may contain a user and host specification to indicate that the
+ file is to be copied to/from that host. Local file names can be made
+ explicit using absolute or relative pathnames to avoid scp treating file
+ names containing `:' as host specifiers. Copies between two remote hosts
+ are also permitted.
+
+ The options are as follows:
+
+ -1 Forces scp to use protocol 1.
+
+ -2 Forces scp to use protocol 2.
+
+ -3 Copies between two remote hosts are transferred through the local
+ host. Without this option the data is copied directly between
+ the two remote hosts. Note that this option disables the
+ progress meter.
+
+ -4 Forces scp to use IPv4 addresses only.
+
+ -6 Forces scp to use IPv6 addresses only.
+
+ -B Selects batch mode (prevents asking for passwords or
+ passphrases).
+
+ -C Compression enable. Passes the -C flag to ssh(1) to enable
+ compression.
+
+ -c cipher
+ Selects the cipher to use for encrypting the data transfer. This
+ option is directly passed to ssh(1).
+
+ -F ssh_config
+ Specifies an alternative per-user configuration file for ssh.
+ This option is directly passed to ssh(1).
+
+ -i identity_file
+ Selects the file from which the identity (private key) for public
+ key authentication is read. This option is directly passed to
+ ssh(1).
+
+ -l limit
+ Limits the used bandwidth, specified in Kbit/s.
+
+ -o ssh_option
+ Can be used to pass options to ssh in the format used in
+ ssh_config(5). This is useful for specifying options for which
+ there is no separate scp command-line flag. For full details of
+ the options listed below, and their possible values, see
+ ssh_config(5).
+
+ AddressFamily
+ BatchMode
+ BindAddress
+ ChallengeResponseAuthentication
+ CheckHostIP
+ Cipher
+ Ciphers
+ Compression
+ CompressionLevel
+ ConnectionAttempts
+ ConnectTimeout
+ ControlMaster
+ ControlPath
+ ControlPersist
+ GlobalKnownHostsFile
+ GSSAPIAuthentication
+ GSSAPIDelegateCredentials
+ HashKnownHosts
+ Host
+ HostbasedAuthentication
+ HostKeyAlgorithms
+ HostKeyAlias
+ HostName
+ IdentityFile
+ IdentitiesOnly
+ IPQoS
+ KbdInteractiveAuthentication
+ KbdInteractiveDevices
+ KexAlgorithms
+ LogLevel
+ MACs
+ NoHostAuthenticationForLocalhost
+ NumberOfPasswordPrompts
+ PasswordAuthentication
+ PKCS11Provider
+ Port
+ PreferredAuthentications
+ Protocol
+ ProxyCommand
+ PubkeyAuthentication
+ RekeyLimit
+ RhostsRSAAuthentication
+ RSAAuthentication
+ SendEnv
+ ServerAliveInterval
+ ServerAliveCountMax
+ StrictHostKeyChecking
+ TCPKeepAlive
+ UsePrivilegedPort
+ User
+ UserKnownHostsFile
+ VerifyHostKeyDNS
+
+ -P port
+ Specifies the port to connect to on the remote host. Note that
+ this option is written with a capital `P', because -p is already
+ reserved for preserving the times and modes of the file in
+ rcp(1).
+
+ -p Preserves modification times, access times, and modes from the
+ original file.
+
+ -q Quiet mode: disables the progress meter as well as warning and
+ diagnostic messages from ssh(1).
+
+ -r Recursively copy entire directories. Note that scp follows
+ symbolic links encountered in the tree traversal.
+
+ -S program
+ Name of program to use for the encrypted connection. The program
+ must understand ssh(1) options.
+
+ -v Verbose mode. Causes scp and ssh(1) to print debugging messages
+ about their progress. This is helpful in debugging connection,
+ authentication, and configuration problems.
+
+EXIT STATUS
+ The scp utility exits 0 on success, and >0 if an error occurs.
+
+SEE ALSO
+ rcp(1), sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1),
+ ssh_config(5), sshd(8)
+
+HISTORY
+ scp is based on the rcp(1) program in BSD source code from the Regents of
+ the University of California.
+
+AUTHORS
+ Timo Rinne <tri at iki.fi>
+ Tatu Ylonen <ylo at cs.hut.fi>
+
+OpenBSD 5.4 July 16, 2013 OpenBSD 5.4
Modified: vendor-crypto/openssh/dist/scp.1
===================================================================
--- vendor-crypto/openssh/dist/scp.1 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/scp.1 2013-12-05 12:55:03 UTC (rev 6462)
@@ -8,9 +8,9 @@
.\"
.\" Created: Sun May 7 00:14:37 1995 ylo
.\"
-.\" $OpenBSD: scp.1,v 1.56 2010/12/09 14:13:32 jmc Exp $
+.\" $OpenBSD: scp.1,v 1.59 2013/07/16 00:07:52 schwarze Exp $
.\"
-.Dd $Mdocdate: December 9 2010 $
+.Dd $Mdocdate: July 16 2013 $
.Dt SCP 1
.Os
.Sh NAME
@@ -31,7 +31,7 @@
.Oo
.Op Ar user No @
.Ar host1 No :
-.Oc Ns Ar file1
+.Oc Ar file1
.Sm on
.Ar ...
.Sm off
@@ -140,6 +140,7 @@
.It ConnectTimeout
.It ControlMaster
.It ControlPath
+.It ControlPersist
.It GlobalKnownHostsFile
.It GSSAPIAuthentication
.It GSSAPIDelegateCredentials
@@ -152,6 +153,7 @@
.It IdentityFile
.It IdentitiesOnly
.It IPQoS
+.It KbdInteractiveAuthentication
.It KbdInteractiveDevices
.It KexAlgorithms
.It LogLevel
@@ -233,5 +235,5 @@
program in BSD source code from the Regents of the University of
California.
.Sh AUTHORS
-.An Timo Rinne Aq tri at iki.fi
-.An Tatu Ylonen Aq ylo at cs.hut.fi
+.An Timo Rinne Aq Mt tri at iki.fi
+.An Tatu Ylonen Aq Mt ylo at cs.hut.fi
Property changes on: vendor-crypto/openssh/dist/scp.1
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/scp.c
===================================================================
--- vendor-crypto/openssh/dist/scp.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/scp.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: scp.c,v 1.170 2010/12/09 14:13:33 jmc Exp $ */
+/* $OpenBSD: scp.c,v 1.178 2013/06/22 06:31:57 djm Exp $ */
/*
* scp - secure remote copy. This is basically patched BSD rcp which
* uses ssh to do the data transfer (instead of using rcmd).
@@ -103,7 +103,7 @@
#include <string.h>
#include <time.h>
#include <unistd.h>
-#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H)
+#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H) && !defined(BROKEN_STRNVIS)
#include <vis.h>
#endif
@@ -550,6 +550,24 @@
return 0;
}
+static int
+do_times(int fd, int verb, const struct stat *sb)
+{
+ /* strlen(2^64) == 20; strlen(10^6) == 7 */
+ char buf[(20 + 7 + 2) * 2 + 2];
+
+ (void)snprintf(buf, sizeof(buf), "T%llu 0 %llu 0\n",
+ (unsigned long long) (sb->st_mtime < 0 ? 0 : sb->st_mtime),
+ (unsigned long long) (sb->st_atime < 0 ? 0 : sb->st_atime));
+ if (verb) {
+ fprintf(stderr, "File mtime %lld atime %lld\n",
+ (long long)sb->st_mtime, (long long)sb->st_atime);
+ fprintf(stderr, "Sending file timestamps: %s", buf);
+ }
+ (void) atomicio(vwrite, fd, buf, strlen(buf));
+ return (response());
+}
+
void
toremote(char *targ, int argc, char **argv)
{
@@ -578,7 +596,7 @@
}
if (tuser != NULL && !okname(tuser)) {
- xfree(arg);
+ free(arg);
return;
}
@@ -601,15 +619,17 @@
host = cleanhostname(argv[i]);
suser = NULL;
}
- xasprintf(&bp, "%s -f -- %s", cmd, src);
+ xasprintf(&bp, "%s -f %s%s", cmd,
+ *src == '-' ? "-- " : "", src);
if (do_cmd(host, suser, bp, &remin, &remout) < 0)
exit(1);
- (void) xfree(bp);
+ free(bp);
host = cleanhostname(thost);
- xasprintf(&bp, "%s -t -- %s", cmd, targ);
+ xasprintf(&bp, "%s -t %s%s", cmd,
+ *targ == '-' ? "-- " : "", targ);
if (do_cmd2(host, tuser, bp, remin, remout) < 0)
exit(1);
- (void) xfree(bp);
+ free(bp);
(void) close(remin);
(void) close(remout);
remin = remout = -1;
@@ -652,7 +672,8 @@
errs = 1;
} else { /* local to remote */
if (remin == -1) {
- xasprintf(&bp, "%s -t -- %s", cmd, targ);
+ xasprintf(&bp, "%s -t %s%s", cmd,
+ *targ == '-' ? "-- " : "", targ);
host = cleanhostname(thost);
if (do_cmd(host, tuser, bp, &remin,
&remout) < 0)
@@ -659,12 +680,12 @@
exit(1);
if (response() < 0)
exit(1);
- (void) xfree(bp);
+ free(bp);
}
source(1, argv + i);
}
}
- xfree(arg);
+ free(arg);
}
void
@@ -705,13 +726,14 @@
suser = pwd->pw_name;
}
host = cleanhostname(host);
- xasprintf(&bp, "%s -f -- %s", cmd, src);
+ xasprintf(&bp, "%s -f %s%s",
+ cmd, *src == '-' ? "-- " : "", src);
if (do_cmd(host, suser, bp, &remin, &remout) < 0) {
- (void) xfree(bp);
+ free(bp);
++errs;
continue;
}
- xfree(bp);
+ free(bp);
sink(1, argv + argc - 1);
(void) close(remin);
remin = remout = -1;
@@ -770,21 +792,7 @@
++last;
curfile = last;
if (pflag) {
- /*
- * Make it compatible with possible future
- * versions expecting microseconds.
- */
- (void) snprintf(buf, sizeof buf, "T%lu 0 %lu 0\n",
- (u_long) (stb.st_mtime < 0 ? 0 : stb.st_mtime),
- (u_long) (stb.st_atime < 0 ? 0 : stb.st_atime));
- if (verbose_mode) {
- fprintf(stderr, "File mtime %ld atime %ld\n",
- (long)stb.st_mtime, (long)stb.st_atime);
- fprintf(stderr, "Sending file timestamps: %s",
- buf);
- }
- (void) atomicio(vwrite, remout, buf, strlen(buf));
- if (response() < 0)
+ if (do_times(remout, verbose_mode, &stb) < 0)
goto next;
}
#define FILEMODEMASK (S_ISUID|S_ISGID|S_IRWXU|S_IRWXG|S_IRWXO)
@@ -846,7 +854,7 @@
{
DIR *dirp;
struct dirent *dp;
- char *last, *vect[1], path[1100];
+ char *last, *vect[1], path[MAXPATHLEN];
if (!(dirp = opendir(name))) {
run_err("%s: %s", name, strerror(errno));
@@ -858,11 +866,7 @@
else
last++;
if (pflag) {
- (void) snprintf(path, sizeof(path), "T%lu 0 %lu 0\n",
- (u_long) statp->st_mtime,
- (u_long) statp->st_atime);
- (void) atomicio(vwrite, remout, path, strlen(path));
- if (response() < 0) {
+ if (do_times(remout, verbose_mode, statp) < 0) {
closedir(dirp);
return;
}
@@ -908,6 +912,7 @@
int amt, exists, first, ofd;
mode_t mode, omode, mask;
off_t size, statbytes;
+ unsigned long long ull;
int setimes, targisdir, wrerrno = 0;
char ch, *cp, *np, *targ, *why, *vect[1], buf[2048];
struct timeval tv[2];
@@ -966,17 +971,31 @@
if (*cp == 'T') {
setimes++;
cp++;
- mtime.tv_sec = strtol(cp, &cp, 10);
+ if (!isdigit((unsigned char)*cp))
+ SCREWUP("mtime.sec not present");
+ ull = strtoull(cp, &cp, 10);
if (!cp || *cp++ != ' ')
SCREWUP("mtime.sec not delimited");
+ if ((time_t)ull < 0 ||
+ (unsigned long long)(time_t)ull != ull)
+ setimes = 0; /* out of range */
+ mtime.tv_sec = ull;
mtime.tv_usec = strtol(cp, &cp, 10);
- if (!cp || *cp++ != ' ')
+ if (!cp || *cp++ != ' ' || mtime.tv_usec < 0 ||
+ mtime.tv_usec > 999999)
SCREWUP("mtime.usec not delimited");
- atime.tv_sec = strtol(cp, &cp, 10);
+ if (!isdigit((unsigned char)*cp))
+ SCREWUP("atime.sec not present");
+ ull = strtoull(cp, &cp, 10);
if (!cp || *cp++ != ' ')
SCREWUP("atime.sec not delimited");
+ if ((time_t)ull < 0 ||
+ (unsigned long long)(time_t)ull != ull)
+ setimes = 0; /* out of range */
+ atime.tv_sec = ull;
atime.tv_usec = strtol(cp, &cp, 10);
- if (!cp || *cp++ != '\0')
+ if (!cp || *cp++ != '\0' || atime.tv_usec < 0 ||
+ atime.tv_usec > 999999)
SCREWUP("atime.usec not delimited");
(void) atomicio(vwrite, remout, "", 1);
continue;
@@ -1019,8 +1038,7 @@
need = strlen(targ) + strlen(cp) + 250;
if (need > cursize) {
- if (namebuf)
- xfree(namebuf);
+ free(namebuf);
namebuf = xmalloc(need);
cursize = need;
}
@@ -1059,12 +1077,11 @@
}
if (mod_flag)
(void) chmod(vect[0], mode);
- if (vect[0])
- xfree(vect[0]);
+ free(vect[0]);
continue;
}
omode = mode;
- mode |= S_IWRITE;
+ mode |= S_IWUSR;
if ((ofd = open(np, O_WRONLY|O_CREAT, mode)) < 0) {
bad: run_err("%s: %s", np, strerror(errno));
continue;
@@ -1321,7 +1338,7 @@
lostconn(int signo)
{
if (!iamremote)
- write(STDERR_FILENO, "lost connection\n", 16);
+ (void)write(STDERR_FILENO, "lost connection\n", 16);
if (signo)
_exit(1);
else
Property changes on: vendor-crypto/openssh/dist/scp.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.7
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/servconf.c
===================================================================
--- vendor-crypto/openssh/dist/servconf.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/servconf.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,5 @@
-/* $OpenBSD: servconf.c,v 1.213 2010/11/13 23:27:50 djm Exp $ */
+
+/* $OpenBSD: servconf.c,v 1.240 2013/07/19 07:37:48 markus Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -19,6 +20,7 @@
#include <netinet/in_systm.h>
#include <netinet/ip.h>
+#include <ctype.h>
#include <netdb.h>
#include <pwd.h>
#include <stdio.h>
@@ -28,6 +30,9 @@
#include <unistd.h>
#include <stdarg.h>
#include <errno.h>
+#ifdef HAVE_UTIL_H
+#include <util.h>
+#endif
#include "openbsd-compat/sys-queue.h"
#include "xmalloc.h"
@@ -45,6 +50,10 @@
#include "match.h"
#include "channels.h"
#include "groupaccess.h"
+#include "canohost.h"
+#include "packet.h"
+#include "hostfile.h"
+#include "auth.h"
static void add_listen_addr(ServerOptions *, char *, int);
static void add_one_listen_addr(ServerOptions *, char *, int);
@@ -70,6 +79,7 @@
options->address_family = -1;
options->num_host_key_files = 0;
options->num_host_cert_files = 0;
+ options->host_key_agent = NULL;
options->pid_file = NULL;
options->server_key_bits = -1;
options->login_grace_time = -1;
@@ -105,6 +115,8 @@
options->permit_user_env = -1;
options->use_login = -1;
options->compression = -1;
+ options->rekey_limit = -1;
+ options->rekey_interval = -1;
options->allow_tcp_forwarding = -1;
options->allow_agent_forwarding = -1;
options->num_allow_users = 0;
@@ -126,13 +138,14 @@
options->use_dns = -1;
options->client_alive_interval = -1;
options->client_alive_count_max = -1;
- options->authorized_keys_file = NULL;
- options->authorized_keys_file2 = NULL;
+ options->num_authkeys_files = 0;
options->num_accept_env = 0;
options->permit_tun = -1;
options->num_permitted_opens = -1;
options->adm_forced_command = NULL;
options->chroot_directory = NULL;
+ options->authorized_keys_command = NULL;
+ options->authorized_keys_command_user = NULL;
options->zero_knowledge_password_authentication = -1;
options->revoked_keys_file = NULL;
options->trusted_user_ca_keys = NULL;
@@ -139,6 +152,7 @@
options->authorized_principals_file = NULL;
options->ip_qos_interactive = -1;
options->ip_qos_bulk = -1;
+ options->version_addendum = NULL;
}
void
@@ -242,18 +256,22 @@
options->use_login = 0;
if (options->compression == -1)
options->compression = COMP_DELAYED;
+ if (options->rekey_limit == -1)
+ options->rekey_limit = 0;
+ if (options->rekey_interval == -1)
+ options->rekey_interval = 0;
if (options->allow_tcp_forwarding == -1)
- options->allow_tcp_forwarding = 1;
+ options->allow_tcp_forwarding = FORWARD_ALLOW;
if (options->allow_agent_forwarding == -1)
options->allow_agent_forwarding = 1;
if (options->gateway_ports == -1)
options->gateway_ports = 0;
if (options->max_startups == -1)
- options->max_startups = 10;
+ options->max_startups = 100;
if (options->max_startups_rate == -1)
- options->max_startups_rate = 100; /* 100% */
+ options->max_startups_rate = 30; /* 30% */
if (options->max_startups_begin == -1)
- options->max_startups_begin = options->max_startups;
+ options->max_startups_begin = 10;
if (options->max_authtries == -1)
options->max_authtries = DEFAULT_AUTH_FAIL_MAX;
if (options->max_sessions == -1)
@@ -264,15 +282,12 @@
options->client_alive_interval = 0;
if (options->client_alive_count_max == -1)
options->client_alive_count_max = 3;
- if (options->authorized_keys_file2 == NULL) {
- /* authorized_keys_file2 falls back to authorized_keys_file */
- if (options->authorized_keys_file != NULL)
- options->authorized_keys_file2 = xstrdup(options->authorized_keys_file);
- else
- options->authorized_keys_file2 = xstrdup(_PATH_SSH_USER_PERMITTED_KEYS2);
+ if (options->num_authkeys_files == 0) {
+ options->authorized_keys_files[options->num_authkeys_files++] =
+ xstrdup(_PATH_SSH_USER_PERMITTED_KEYS);
+ options->authorized_keys_files[options->num_authkeys_files++] =
+ xstrdup(_PATH_SSH_USER_PERMITTED_KEYS2);
}
- if (options->authorized_keys_file == NULL)
- options->authorized_keys_file = xstrdup(_PATH_SSH_USER_PERMITTED_KEYS);
if (options->permit_tun == -1)
options->permit_tun = SSH_TUNMODE_NO;
if (options->zero_knowledge_password_authentication == -1)
@@ -281,10 +296,11 @@
options->ip_qos_interactive = IPTOS_LOWDELAY;
if (options->ip_qos_bulk == -1)
options->ip_qos_bulk = IPTOS_THROUGHPUT;
-
+ if (options->version_addendum == NULL)
+ options->version_addendum = xstrdup("");
/* Turn privilege separation on by default */
if (use_privsep == -1)
- use_privsep = 1;
+ use_privsep = PRIVSEP_NOSANDBOX;
#ifndef HAVE_MMAP
if (use_privsep && options->compression == 1) {
@@ -315,19 +331,21 @@
sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
sStrictModes, sEmptyPasswd, sTCPKeepAlive,
sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
- sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
+ sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem,
sMaxStartups, sMaxAuthTries, sMaxSessions,
sBanner, sUseDNS, sHostbasedAuthentication,
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
- sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
+ sClientAliveCountMax, sAuthorizedKeysFile,
sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
sUsePrivilegeSeparation, sAllowAgentForwarding,
sZeroKnowledgePasswordAuthentication, sHostCertificate,
sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
- sKexAlgorithms, sIPQoS,
+ sKexAlgorithms, sIPQoS, sVersionAddendum,
+ sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
+ sAuthenticationMethods, sHostKeyAgent,
sDeprecated, sUnsupported
} ServerOpCodes;
@@ -352,6 +370,7 @@
{ "port", sPort, SSHCFG_GLOBAL },
{ "hostkey", sHostKeyFile, SSHCFG_GLOBAL },
{ "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */
+ { "hostkeyagent", sHostKeyAgent, SSHCFG_GLOBAL },
{ "pidfile", sPidFile, SSHCFG_GLOBAL },
{ "serverkeybits", sServerKeyBits, SSHCFG_GLOBAL },
{ "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL },
@@ -415,14 +434,15 @@
{ "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL },
{ "uselogin", sUseLogin, SSHCFG_GLOBAL },
{ "compression", sCompression, SSHCFG_GLOBAL },
+ { "rekeylimit", sRekeyLimit, SSHCFG_ALL },
{ "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL },
{ "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */
{ "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL },
{ "allowagentforwarding", sAllowAgentForwarding, SSHCFG_ALL },
- { "allowusers", sAllowUsers, SSHCFG_GLOBAL },
- { "denyusers", sDenyUsers, SSHCFG_GLOBAL },
- { "allowgroups", sAllowGroups, SSHCFG_GLOBAL },
- { "denygroups", sDenyGroups, SSHCFG_GLOBAL },
+ { "allowusers", sAllowUsers, SSHCFG_ALL },
+ { "denyusers", sDenyUsers, SSHCFG_ALL },
+ { "allowgroups", sAllowGroups, SSHCFG_ALL },
+ { "denygroups", sDenyGroups, SSHCFG_ALL },
{ "ciphers", sCiphers, SSHCFG_GLOBAL },
{ "macs", sMacs, SSHCFG_GLOBAL },
{ "protocol", sProtocol, SSHCFG_GLOBAL },
@@ -438,9 +458,9 @@
{ "clientaliveinterval", sClientAliveInterval, SSHCFG_GLOBAL },
{ "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL },
{ "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL },
- { "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG_ALL },
+ { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL },
{ "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL},
- { "acceptenv", sAcceptEnv, SSHCFG_GLOBAL },
+ { "acceptenv", sAcceptEnv, SSHCFG_ALL },
{ "permittunnel", sPermitTunnel, SSHCFG_ALL },
{ "match", sMatch, SSHCFG_ALL },
{ "permitopen", sPermitOpen, SSHCFG_ALL },
@@ -452,6 +472,10 @@
{ "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
{ "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
{ "ipqos", sIPQoS, SSHCFG_ALL },
+ { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL },
+ { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL },
+ { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL },
+ { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL },
{ NULL, sBadOption, 0 }
};
@@ -498,7 +522,7 @@
if (getcwd(cwd, sizeof(cwd)) == NULL)
fatal("%s: getcwd: %s", __func__, strerror(errno));
xasprintf(&ret, "%s/%s", cwd, expanded);
- xfree(expanded);
+ free(expanded);
return ret;
}
@@ -540,6 +564,20 @@
options->listen_addrs = aitop;
}
+struct connection_info *
+get_connection_info(int populate, int use_dns)
+{
+ static struct connection_info ci;
+
+ if (!populate)
+ return &ci;
+ ci.host = get_canonical_hostname(use_dns);
+ ci.address = get_remote_ipaddr();
+ ci.laddress = get_local_ipaddr(packet_get_connection_in());
+ ci.lport = get_local_port();
+ return &ci;
+}
+
/*
* The strategy for the Match blocks is that the config file is parsed twice.
*
@@ -601,20 +639,26 @@
return result;
}
+/*
+ * All of the attributes on a single Match line are ANDed together, so we need
+ * to check every * attribute and set the result to zero if any attribute does
+ * not match.
+ */
static int
-match_cfg_line(char **condition, int line, const char *user, const char *host,
- const char *address)
+match_cfg_line(char **condition, int line, struct connection_info *ci)
{
- int result = 1;
+ int result = 1, port;
char *arg, *attrib, *cp = *condition;
size_t len;
- if (user == NULL)
+ if (ci == NULL)
debug3("checking syntax for 'Match %s'", cp);
else
- debug3("checking match for '%s' user %s host %s addr %s", cp,
- user ? user : "(null)", host ? host : "(null)",
- address ? address : "(null)");
+ debug3("checking match for '%s' user %s host %s addr %s "
+ "laddr %s lport %d", cp, ci->user ? ci->user : "(null)",
+ ci->host ? ci->host : "(null)",
+ ci->address ? ci->address : "(null)",
+ ci->laddress ? ci->laddress : "(null)", ci->lport);
while ((attrib = strdelim(&cp)) && *attrib != '\0') {
if ((arg = strdelim(&cp)) == NULL || *arg == '\0') {
@@ -623,17 +667,21 @@
}
len = strlen(arg);
if (strcasecmp(attrib, "user") == 0) {
- if (!user) {
+ if (ci == NULL || ci->user == NULL) {
result = 0;
continue;
}
- if (match_pattern_list(user, arg, len, 0) != 1)
+ if (match_pattern_list(ci->user, arg, len, 0) != 1)
result = 0;
else
debug("user %.100s matched 'User %.100s' at "
- "line %d", user, arg, line);
+ "line %d", ci->user, arg, line);
} else if (strcasecmp(attrib, "group") == 0) {
- switch (match_cfg_line_group(arg, line, user)) {
+ if (ci == NULL || ci->user == NULL) {
+ result = 0;
+ continue;
+ }
+ switch (match_cfg_line_group(arg, line, ci->user)) {
case -1:
return -1;
case 0:
@@ -640,20 +688,24 @@
result = 0;
}
} else if (strcasecmp(attrib, "host") == 0) {
- if (!host) {
+ if (ci == NULL || ci->host == NULL) {
result = 0;
continue;
}
- if (match_hostname(host, arg, len) != 1)
+ if (match_hostname(ci->host, arg, len) != 1)
result = 0;
else
debug("connection from %.100s matched 'Host "
- "%.100s' at line %d", host, arg, line);
+ "%.100s' at line %d", ci->host, arg, line);
} else if (strcasecmp(attrib, "address") == 0) {
- switch (addr_match_list(address, arg)) {
+ if (ci == NULL || ci->address == NULL) {
+ result = 0;
+ continue;
+ }
+ switch (addr_match_list(ci->address, arg)) {
case 1:
debug("connection from %.100s matched 'Address "
- "%.100s' at line %d", address, arg, line);
+ "%.100s' at line %d", ci->address, arg, line);
break;
case 0:
case -1:
@@ -662,12 +714,47 @@
case -2:
return -1;
}
+ } else if (strcasecmp(attrib, "localaddress") == 0){
+ if (ci == NULL || ci->laddress == NULL) {
+ result = 0;
+ continue;
+ }
+ switch (addr_match_list(ci->laddress, arg)) {
+ case 1:
+ debug("connection from %.100s matched "
+ "'LocalAddress %.100s' at line %d",
+ ci->laddress, arg, line);
+ break;
+ case 0:
+ case -1:
+ result = 0;
+ break;
+ case -2:
+ return -1;
+ }
+ } else if (strcasecmp(attrib, "localport") == 0) {
+ if ((port = a2port(arg)) == -1) {
+ error("Invalid LocalPort '%s' on Match line",
+ arg);
+ return -1;
+ }
+ if (ci == NULL || ci->lport == 0) {
+ result = 0;
+ continue;
+ }
+ /* TODO support port lists */
+ if (port == ci->lport)
+ debug("connection from %.100s matched "
+ "'LocalPort %d' at line %d",
+ ci->laddress, port, line);
+ else
+ result = 0;
} else {
error("Unsupported Match attribute %s", attrib);
return -1;
}
}
- if (user != NULL)
+ if (ci != NULL)
debug3("match %sfound", result ? "" : "not ");
*condition = cp;
return result;
@@ -675,19 +762,66 @@
#define WHITESPACE " \t\r\n"
+/* Multistate option parsing */
+struct multistate {
+ char *key;
+ int value;
+};
+static const struct multistate multistate_addressfamily[] = {
+ { "inet", AF_INET },
+ { "inet6", AF_INET6 },
+ { "any", AF_UNSPEC },
+ { NULL, -1 }
+};
+static const struct multistate multistate_permitrootlogin[] = {
+ { "without-password", PERMIT_NO_PASSWD },
+ { "forced-commands-only", PERMIT_FORCED_ONLY },
+ { "yes", PERMIT_YES },
+ { "no", PERMIT_NO },
+ { NULL, -1 }
+};
+static const struct multistate multistate_compression[] = {
+ { "delayed", COMP_DELAYED },
+ { "yes", COMP_ZLIB },
+ { "no", COMP_NONE },
+ { NULL, -1 }
+};
+static const struct multistate multistate_gatewayports[] = {
+ { "clientspecified", 2 },
+ { "yes", 1 },
+ { "no", 0 },
+ { NULL, -1 }
+};
+static const struct multistate multistate_privsep[] = {
+ { "yes", PRIVSEP_NOSANDBOX },
+ { "sandbox", PRIVSEP_ON },
+ { "nosandbox", PRIVSEP_NOSANDBOX },
+ { "no", PRIVSEP_OFF },
+ { NULL, -1 }
+};
+static const struct multistate multistate_tcpfwd[] = {
+ { "yes", FORWARD_ALLOW },
+ { "all", FORWARD_ALLOW },
+ { "no", FORWARD_DENY },
+ { "remote", FORWARD_REMOTE },
+ { "local", FORWARD_LOCAL },
+ { NULL, -1 }
+};
+
int
process_server_config_line(ServerOptions *options, char *line,
- const char *filename, int linenum, int *activep, const char *user,
- const char *host, const char *address)
+ const char *filename, int linenum, int *activep,
+ struct connection_info *connectinfo)
{
char *cp, **charptr, *arg, *p;
- int cmdline = 0, *intptr, value, value2, n;
+ int cmdline = 0, *intptr, value, value2, n, port;
SyslogFacility *log_facility_ptr;
LogLevel *log_level_ptr;
ServerOpCodes opcode;
- int port;
u_int i, flags = 0;
size_t len;
+ long long val64;
+ const struct multistate *multistate_ptr;
cp = line;
if ((arg = strdelim(&cp)) == NULL)
@@ -708,7 +842,7 @@
if (*activep && opcode != sMatch)
debug3("%s:%d setting %s %s", filename, linenum, arg, cp);
if (*activep == 0 && !(flags & SSHCFG_MATCH)) {
- if (user == NULL) {
+ if (connectinfo == NULL) {
fatal("%s line %d: Directive '%s' is not allowed "
"within a Match block", filename, linenum, arg);
} else { /* this is a directive we have already processed */
@@ -803,24 +937,27 @@
break;
case sAddressFamily:
+ intptr = &options->address_family;
+ multistate_ptr = multistate_addressfamily;
+ if (options->listen_addrs != NULL)
+ fatal("%s line %d: address family must be specified "
+ "before ListenAddress.", filename, linenum);
+ parse_multistate:
arg = strdelim(&cp);
if (!arg || *arg == '\0')
- fatal("%s line %d: missing address family.",
+ fatal("%s line %d: missing argument.",
filename, linenum);
- intptr = &options->address_family;
- if (options->listen_addrs != NULL)
- fatal("%s line %d: address family must be specified before "
- "ListenAddress.", filename, linenum);
- if (strcasecmp(arg, "inet") == 0)
- value = AF_INET;
- else if (strcasecmp(arg, "inet6") == 0)
- value = AF_INET6;
- else if (strcasecmp(arg, "any") == 0)
- value = AF_UNSPEC;
- else
- fatal("%s line %d: unsupported address family \"%s\".",
+ value = -1;
+ for (i = 0; multistate_ptr[i].key != NULL; i++) {
+ if (strcasecmp(arg, multistate_ptr[i].key) == 0) {
+ value = multistate_ptr[i].value;
+ break;
+ }
+ }
+ if (value == -1)
+ fatal("%s line %d: unsupported option \"%s\".",
filename, linenum, arg);
- if (*intptr == -1)
+ if (*activep && *intptr == -1)
*intptr = value;
break;
@@ -843,6 +980,17 @@
}
break;
+ case sHostKeyAgent:
+ charptr = &options->host_key_agent;
+ arg = strdelim(&cp);
+ if (!arg || *arg == '\0')
+ fatal("%s line %d: missing socket name.",
+ filename, linenum);
+ if (*activep && *charptr == NULL)
+ *charptr = !strcmp(arg, SSH_AUTHSOCKET_ENV_NAME) ?
+ xstrdup(arg) : derelativise_path(arg);
+ break;
+
case sHostCertificate:
intptr = &options->num_host_cert_files;
if (*intptr >= MAX_HOSTKEYS)
@@ -859,27 +1007,8 @@
case sPermitRootLogin:
intptr = &options->permit_root_login;
- arg = strdelim(&cp);
- if (!arg || *arg == '\0')
- fatal("%s line %d: missing yes/"
- "without-password/forced-commands-only/no "
- "argument.", filename, linenum);
- value = 0; /* silence compiler */
- if (strcmp(arg, "without-password") == 0)
- value = PERMIT_NO_PASSWD;
- else if (strcmp(arg, "forced-commands-only") == 0)
- value = PERMIT_FORCED_ONLY;
- else if (strcmp(arg, "yes") == 0)
- value = PERMIT_YES;
- else if (strcmp(arg, "no") == 0)
- value = PERMIT_NO;
- else
- fatal("%s line %d: Bad yes/"
- "without-password/forced-commands-only/no "
- "argument: %s", filename, linenum, arg);
- if (*activep && *intptr == -1)
- *intptr = value;
- break;
+ multistate_ptr = multistate_permitrootlogin;
+ goto parse_multistate;
case sIgnoreRhosts:
intptr = &options->ignore_rhosts;
@@ -1010,43 +1139,44 @@
case sCompression:
intptr = &options->compression;
+ multistate_ptr = multistate_compression;
+ goto parse_multistate;
+
+ case sRekeyLimit:
arg = strdelim(&cp);
if (!arg || *arg == '\0')
- fatal("%s line %d: missing yes/no/delayed "
- "argument.", filename, linenum);
- value = 0; /* silence compiler */
- if (strcmp(arg, "delayed") == 0)
- value = COMP_DELAYED;
- else if (strcmp(arg, "yes") == 0)
- value = COMP_ZLIB;
- else if (strcmp(arg, "no") == 0)
- value = COMP_NONE;
- else
- fatal("%s line %d: Bad yes/no/delayed "
- "argument: %s", filename, linenum, arg);
- if (*intptr == -1)
- *intptr = value;
+ fatal("%.200s line %d: Missing argument.", filename,
+ linenum);
+ if (strcmp(arg, "default") == 0) {
+ val64 = 0;
+ } else {
+ if (scan_scaled(arg, &val64) == -1)
+ fatal("%.200s line %d: Bad number '%s': %s",
+ filename, linenum, arg, strerror(errno));
+ /* check for too-large or too-small limits */
+ if (val64 > UINT_MAX)
+ fatal("%.200s line %d: RekeyLimit too large",
+ filename, linenum);
+ if (val64 != 0 && val64 < 16)
+ fatal("%.200s line %d: RekeyLimit too small",
+ filename, linenum);
+ }
+ if (*activep && options->rekey_limit == -1)
+ options->rekey_limit = (u_int32_t)val64;
+ if (cp != NULL) { /* optional rekey interval present */
+ if (strcmp(cp, "none") == 0) {
+ (void)strdelim(&cp); /* discard */
+ break;
+ }
+ intptr = &options->rekey_interval;
+ goto parse_time;
+ }
break;
case sGatewayPorts:
intptr = &options->gateway_ports;
- arg = strdelim(&cp);
- if (!arg || *arg == '\0')
- fatal("%s line %d: missing yes/no/clientspecified "
- "argument.", filename, linenum);
- value = 0; /* silence compiler */
- if (strcmp(arg, "clientspecified") == 0)
- value = 2;
- else if (strcmp(arg, "yes") == 0)
- value = 1;
- else if (strcmp(arg, "no") == 0)
- value = 0;
- else
- fatal("%s line %d: Bad yes/no/clientspecified "
- "argument: %s", filename, linenum, arg);
- if (*activep && *intptr == -1)
- *intptr = value;
- break;
+ multistate_ptr = multistate_gatewayports;
+ goto parse_multistate;
case sUseDNS:
intptr = &options->use_dns;
@@ -1076,7 +1206,8 @@
case sAllowTcpForwarding:
intptr = &options->allow_tcp_forwarding;
- goto parse_flag;
+ multistate_ptr = multistate_tcpfwd;
+ goto parse_multistate;
case sAllowAgentForwarding:
intptr = &options->allow_agent_forwarding;
@@ -1084,7 +1215,8 @@
case sUsePrivilegeSeparation:
intptr = &use_privsep;
- goto parse_flag;
+ multistate_ptr = multistate_privsep;
+ goto parse_multistate;
case sAllowUsers:
while ((arg = strdelim(&cp)) && *arg != '\0') {
@@ -1091,6 +1223,8 @@
if (options->num_allow_users >= MAX_ALLOW_USERS)
fatal("%s line %d: too many allow users.",
filename, linenum);
+ if (!*activep)
+ continue;
options->allow_users[options->num_allow_users++] =
xstrdup(arg);
}
@@ -1101,6 +1235,8 @@
if (options->num_deny_users >= MAX_DENY_USERS)
fatal("%s line %d: too many deny users.",
filename, linenum);
+ if (!*activep)
+ continue;
options->deny_users[options->num_deny_users++] =
xstrdup(arg);
}
@@ -1111,6 +1247,8 @@
if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
fatal("%s line %d: too many allow groups.",
filename, linenum);
+ if (!*activep)
+ continue;
options->allow_groups[options->num_allow_groups++] =
xstrdup(arg);
}
@@ -1121,7 +1259,10 @@
if (options->num_deny_groups >= MAX_DENY_GROUPS)
fatal("%s line %d: too many deny groups.",
filename, linenum);
- options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
+ if (!*activep)
+ continue;
+ options->deny_groups[options->num_deny_groups++] =
+ xstrdup(arg);
}
break;
@@ -1250,14 +1391,22 @@
* AuthorizedKeysFile /etc/ssh_keys/%u
*/
case sAuthorizedKeysFile:
- charptr = &options->authorized_keys_file;
- goto parse_tilde_filename;
- case sAuthorizedKeysFile2:
- charptr = &options->authorized_keys_file2;
- goto parse_tilde_filename;
+ if (*activep && options->num_authkeys_files == 0) {
+ while ((arg = strdelim(&cp)) && *arg != '\0') {
+ if (options->num_authkeys_files >=
+ MAX_AUTHKEYS_FILES)
+ fatal("%s line %d: "
+ "too many authorized keys files.",
+ filename, linenum);
+ options->authorized_keys_files[
+ options->num_authkeys_files++] =
+ tilde_expand_filename(arg, getuid());
+ }
+ }
+ return 0;
+
case sAuthorizedPrincipalsFile:
charptr = &options->authorized_principals_file;
- parse_tilde_filename:
arg = strdelim(&cp);
if (!arg || *arg == '\0')
fatal("%s line %d: missing file name.",
@@ -1287,7 +1436,7 @@
fatal("%s line %d: too many allow env.",
filename, linenum);
if (!*activep)
- break;
+ continue;
options->accept_env[options->num_accept_env++] =
xstrdup(arg);
}
@@ -1316,7 +1465,7 @@
if (cmdline)
fatal("Match directive not supported as a command-line "
"option");
- value = match_cfg_line(&cp, linenum, user, host, address);
+ value = match_cfg_line(&cp, linenum, connectinfo);
if (value < 0)
fatal("%s line %d: Bad Match condition", filename,
linenum);
@@ -1336,6 +1485,13 @@
}
break;
}
+ if (strcmp(arg, "none") == 0) {
+ if (*activep && n == -1) {
+ options->num_permitted_opens = 1;
+ channel_disable_adm_local_opens();
+ }
+ break;
+ }
if (*activep && n == -1)
channel_clear_adm_permitted_opens();
for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) {
@@ -1344,7 +1500,7 @@
fatal("%s line %d: missing host in PermitOpen",
filename, linenum);
p = cleanhostname(p);
- if (arg == NULL || (port = a2port(arg)) <= 0)
+ if (arg == NULL || ((port = permitopen_port(arg)) < 0))
fatal("%s line %d: bad port number in "
"PermitOpen", filename, linenum);
if (*activep && n == -1)
@@ -1398,6 +1554,59 @@
}
break;
+ case sVersionAddendum:
+ if (cp == NULL)
+ fatal("%.200s line %d: Missing argument.", filename,
+ linenum);
+ len = strspn(cp, WHITESPACE);
+ if (*activep && options->version_addendum == NULL) {
+ if (strcasecmp(cp + len, "none") == 0)
+ options->version_addendum = xstrdup("");
+ else if (strchr(cp + len, '\r') != NULL)
+ fatal("%.200s line %d: Invalid argument",
+ filename, linenum);
+ else
+ options->version_addendum = xstrdup(cp + len);
+ }
+ return 0;
+
+ case sAuthorizedKeysCommand:
+ len = strspn(cp, WHITESPACE);
+ if (*activep && options->authorized_keys_command == NULL) {
+ if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0)
+ fatal("%.200s line %d: AuthorizedKeysCommand "
+ "must be an absolute path",
+ filename, linenum);
+ options->authorized_keys_command = xstrdup(cp + len);
+ }
+ return 0;
+
+ case sAuthorizedKeysCommandUser:
+ charptr = &options->authorized_keys_command_user;
+
+ arg = strdelim(&cp);
+ if (*activep && *charptr == NULL)
+ *charptr = xstrdup(arg);
+ break;
+
+ case sAuthenticationMethods:
+ if (*activep && options->num_auth_methods == 0) {
+ while ((arg = strdelim(&cp)) && *arg != '\0') {
+ if (options->num_auth_methods >=
+ MAX_AUTH_METHODS)
+ fatal("%s line %d: "
+ "too many authentication methods.",
+ filename, linenum);
+ if (auth2_methods_valid(arg, 0) != 0)
+ fatal("%s line %d: invalid "
+ "authentication method list.",
+ filename, linenum);
+ options->auth_methods[
+ options->num_auth_methods++] = xstrdup(arg);
+ }
+ }
+ return 0;
+
case sDeprecated:
logit("%s line %d: Deprecated option %s",
filename, linenum, arg);
@@ -1427,8 +1636,9 @@
void
load_server_config(const char *filename, Buffer *conf)
{
- char line[1024], *cp;
+ char line[4096], *cp;
FILE *f;
+ int lineno = 0;
debug2("%s: filename %s", __func__, filename);
if ((f = fopen(filename, "r")) == NULL) {
@@ -1437,6 +1647,9 @@
}
buffer_clear(conf);
while (fgets(line, sizeof(line), f)) {
+ lineno++;
+ if (strlen(line) == sizeof(line) - 1)
+ fatal("%s line %d too long", filename, lineno);
/*
* Trim out comments and strip whitespace
* NB - preserve newlines, they are needed to reproduce
@@ -1454,16 +1667,58 @@
}
void
-parse_server_match_config(ServerOptions *options, const char *user,
- const char *host, const char *address)
+parse_server_match_config(ServerOptions *options,
+ struct connection_info *connectinfo)
{
ServerOptions mo;
initialize_server_options(&mo);
- parse_server_config(&mo, "reprocess config", &cfg, user, host, address);
+ parse_server_config(&mo, "reprocess config", &cfg, connectinfo);
copy_set_server_options(options, &mo, 0);
}
+int parse_server_match_testspec(struct connection_info *ci, char *spec)
+{
+ char *p;
+
+ while ((p = strsep(&spec, ",")) && *p != '\0') {
+ if (strncmp(p, "addr=", 5) == 0) {
+ ci->address = xstrdup(p + 5);
+ } else if (strncmp(p, "host=", 5) == 0) {
+ ci->host = xstrdup(p + 5);
+ } else if (strncmp(p, "user=", 5) == 0) {
+ ci->user = xstrdup(p + 5);
+ } else if (strncmp(p, "laddr=", 6) == 0) {
+ ci->laddress = xstrdup(p + 6);
+ } else if (strncmp(p, "lport=", 6) == 0) {
+ ci->lport = a2port(p + 6);
+ if (ci->lport == -1) {
+ fprintf(stderr, "Invalid port '%s' in test mode"
+ " specification %s\n", p+6, p);
+ return -1;
+ }
+ } else {
+ fprintf(stderr, "Invalid test mode specification %s\n",
+ p);
+ return -1;
+ }
+ }
+ return 0;
+}
+
+/*
+ * returns 1 for a complete spec, 0 for partial spec and -1 for an
+ * empty spec.
+ */
+int server_match_spec_complete(struct connection_info *ci)
+{
+ if (ci->user && ci->host && ci->address)
+ return 1; /* complete */
+ if (!ci->user && !ci->host && !ci->address)
+ return -1; /* empty */
+ return 0; /* partial */
+}
+
/* Helper macros */
#define M_CP_INTOPT(n) do {\
if (src->n != -1) \
@@ -1471,11 +1726,16 @@
} while (0)
#define M_CP_STROPT(n) do {\
if (src->n != NULL) { \
- if (dst->n != NULL) \
- xfree(dst->n); \
+ free(dst->n); \
dst->n = src->n; \
} \
} while(0)
+#define M_CP_STRARRAYOPT(n, num_n) do {\
+ if (src->num_n != 0) { \
+ for (dst->num_n = 0; dst->num_n < src->num_n; dst->num_n++) \
+ dst->n[dst->num_n] = xstrdup(src->n[dst->num_n]); \
+ } \
+} while(0)
/*
* Copy any supported values that are set.
@@ -1496,6 +1756,8 @@
M_CP_INTOPT(hostbased_uses_name_from_packet_only);
M_CP_INTOPT(kbd_interactive_authentication);
M_CP_INTOPT(zero_knowledge_password_authentication);
+ M_CP_STROPT(authorized_keys_command);
+ M_CP_STROPT(authorized_keys_command_user);
M_CP_INTOPT(permit_root_login);
M_CP_INTOPT(permit_empty_passwd);
@@ -1510,25 +1772,30 @@
M_CP_INTOPT(max_authtries);
M_CP_INTOPT(ip_qos_interactive);
M_CP_INTOPT(ip_qos_bulk);
+ M_CP_INTOPT(rekey_limit);
+ M_CP_INTOPT(rekey_interval);
- M_CP_STROPT(banner);
+ /* See comment in servconf.h */
+ COPY_MATCH_STRING_OPTS();
+
+ /*
+ * The only things that should be below this point are string options
+ * which are only used after authentication.
+ */
if (preauth)
return;
+
M_CP_STROPT(adm_forced_command);
M_CP_STROPT(chroot_directory);
- M_CP_STROPT(trusted_user_ca_keys);
- M_CP_STROPT(revoked_keys_file);
- M_CP_STROPT(authorized_keys_file);
- M_CP_STROPT(authorized_keys_file2);
- M_CP_STROPT(authorized_principals_file);
}
#undef M_CP_INTOPT
#undef M_CP_STROPT
+#undef M_CP_STRARRAYOPT
void
parse_server_config(ServerOptions *options, const char *filename, Buffer *conf,
- const char *user, const char *host, const char *address)
+ struct connection_info *connectinfo)
{
int active, linenum, bad_options = 0;
char *cp, *obuf, *cbuf;
@@ -1536,14 +1803,14 @@
debug2("%s: config %s len %d", __func__, filename, buffer_len(conf));
obuf = cbuf = xstrdup(buffer_ptr(conf));
- active = user ? 0 : 1;
+ active = connectinfo ? 0 : 1;
linenum = 1;
while ((cp = strsep(&cbuf, "\n")) != NULL) {
if (process_server_config_line(options, cp, filename,
- linenum++, &active, user, host, address) != 0)
+ linenum++, &active, connectinfo) != 0)
bad_options++;
}
- xfree(obuf);
+ free(obuf);
if (bad_options > 0)
fatal("%s: terminating, %d bad configuration options",
filename, bad_options);
@@ -1550,32 +1817,37 @@
}
static const char *
+fmt_multistate_int(int val, const struct multistate *m)
+{
+ u_int i;
+
+ for (i = 0; m[i].key != NULL; i++) {
+ if (m[i].value == val)
+ return m[i].key;
+ }
+ return "UNKNOWN";
+}
+
+static const char *
fmt_intarg(ServerOpCodes code, int val)
{
- if (code == sAddressFamily) {
+ if (val == -1)
+ return "unset";
+ switch (code) {
+ case sAddressFamily:
+ return fmt_multistate_int(val, multistate_addressfamily);
+ case sPermitRootLogin:
+ return fmt_multistate_int(val, multistate_permitrootlogin);
+ case sGatewayPorts:
+ return fmt_multistate_int(val, multistate_gatewayports);
+ case sCompression:
+ return fmt_multistate_int(val, multistate_compression);
+ case sUsePrivilegeSeparation:
+ return fmt_multistate_int(val, multistate_privsep);
+ case sAllowTcpForwarding:
+ return fmt_multistate_int(val, multistate_tcpfwd);
+ case sProtocol:
switch (val) {
- case AF_INET:
- return "inet";
- case AF_INET6:
- return "inet6";
- case AF_UNSPEC:
- return "any";
- default:
- return "UNKNOWN";
- }
- }
- if (code == sPermitRootLogin) {
- switch (val) {
- case PERMIT_NO_PASSWD:
- return "without-password";
- case PERMIT_FORCED_ONLY:
- return "forced-commands-only";
- case PERMIT_YES:
- return "yes";
- }
- }
- if (code == sProtocol) {
- switch (val) {
case SSH_PROTO_1:
return "1";
case SSH_PROTO_2:
@@ -1585,20 +1857,16 @@
default:
return "UNKNOWN";
}
+ default:
+ switch (val) {
+ case 0:
+ return "no";
+ case 1:
+ return "yes";
+ default:
+ return "UNKNOWN";
+ }
}
- if (code == sGatewayPorts && val == 2)
- return "clientspecified";
- if (code == sCompression && val == COMP_DELAYED)
- return "delayed";
- switch (val) {
- case -1:
- return "unset";
- case 0:
- return "no";
- case 1:
- return "yes";
- }
- return "UNKNOWN";
}
static const char *
@@ -1638,9 +1906,20 @@
u_int i;
for (i = 0; i < count; i++)
- printf("%s %s\n", lookup_opcode_name(code), vals[i]);
+ printf("%s %s\n", lookup_opcode_name(code), vals[i]);
}
+static void
+dump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals)
+{
+ u_int i;
+
+ printf("%s", lookup_opcode_name(code));
+ for (i = 0; i < count; i++)
+ printf(" %s", vals[i]);
+ printf("\n");
+}
+
void
dump_config(ServerOptions *o)
{
@@ -1736,8 +2015,6 @@
dump_cfg_string(sCiphers, o->ciphers);
dump_cfg_string(sMacs, o->macs);
dump_cfg_string(sBanner, o->banner);
- dump_cfg_string(sAuthorizedKeysFile, o->authorized_keys_file);
- dump_cfg_string(sAuthorizedKeysFile2, o->authorized_keys_file2);
dump_cfg_string(sForceCommand, o->adm_forced_command);
dump_cfg_string(sChrootDirectory, o->chroot_directory);
dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys);
@@ -1744,6 +2021,10 @@
dump_cfg_string(sRevokedKeys, o->revoked_keys_file);
dump_cfg_string(sAuthorizedPrincipalsFile,
o->authorized_principals_file);
+ dump_cfg_string(sVersionAddendum, o->version_addendum);
+ dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command);
+ dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user);
+ dump_cfg_string(sHostKeyAgent, o->host_key_agent);
/* string arguments requiring a lookup */
dump_cfg_string(sLogLevel, log_level_name(o->log_level));
@@ -1750,6 +2031,8 @@
dump_cfg_string(sLogFacility, log_facility_name(o->log_facility));
/* string array arguments */
+ dump_cfg_strarray_oneline(sAuthorizedKeysFile, o->num_authkeys_files,
+ o->authorized_keys_files);
dump_cfg_strarray(sHostKeyFile, o->num_host_key_files,
o->host_key_files);
dump_cfg_strarray(sHostKeyFile, o->num_host_cert_files,
@@ -1759,6 +2042,8 @@
dump_cfg_strarray(sAllowGroups, o->num_allow_groups, o->allow_groups);
dump_cfg_strarray(sDenyGroups, o->num_deny_groups, o->deny_groups);
dump_cfg_strarray(sAcceptEnv, o->num_accept_env, o->accept_env);
+ dump_cfg_strarray_oneline(sAuthenticationMethods,
+ o->num_auth_methods, o->auth_methods);
/* other arguments */
for (i = 0; i < o->num_subsystems; i++)
@@ -1775,7 +2060,10 @@
}
dump_cfg_string(sPermitTunnel, s);
- printf("ipqos 0x%02x 0x%02x\n", o->ip_qos_interactive, o->ip_qos_bulk);
+ printf("ipqos %s ", iptos2str(o->ip_qos_interactive));
+ printf("%s\n", iptos2str(o->ip_qos_bulk));
+ printf("rekeylimit %lld %d\n", o->rekey_limit, o->rekey_interval);
+
channel_print_adm_permitted_opens();
}
Property changes on: vendor-crypto/openssh/dist/servconf.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.9
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/servconf.h
===================================================================
--- vendor-crypto/openssh/dist/servconf.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/servconf.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.95 2010/11/13 23:27:50 djm Exp $ */
+/* $OpenBSD: servconf.h,v 1.109 2013/07/19 07:37:48 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -27,6 +27,8 @@
#define MAX_HOSTCERTS 256 /* Max # host certificates. */
#define MAX_ACCEPT_ENV 256 /* Max # of env vars. */
#define MAX_MATCH_GROUPS 256 /* Max # of groups for Match. */
+#define MAX_AUTHKEYS_FILES 256 /* Max # of authorized_keys files. */
+#define MAX_AUTH_METHODS 256 /* Max # of AuthenticationMethods. */
/* permit_root_login */
#define PERMIT_NOT_SET -1
@@ -35,6 +37,17 @@
#define PERMIT_NO_PASSWD 2
#define PERMIT_YES 3
+/* use_privsep */
+#define PRIVSEP_OFF 0
+#define PRIVSEP_ON 1
+#define PRIVSEP_NOSANDBOX 2
+
+/* AllowTCPForwarding */
+#define FORWARD_DENY 0
+#define FORWARD_REMOTE (1)
+#define FORWARD_LOCAL (1<<1)
+#define FORWARD_ALLOW (FORWARD_REMOTE|FORWARD_LOCAL)
+
#define DEFAULT_AUTH_FAIL_MAX 6 /* Default for MaxAuthTries */
#define DEFAULT_SESSIONS_MAX 10 /* Default for MaxSessions */
@@ -52,6 +65,7 @@
int num_host_key_files; /* Number of files for host keys. */
char *host_cert_files[MAX_HOSTCERTS]; /* Files containing host certs. */
int num_host_cert_files; /* Number of files for host certs. */
+ char *host_key_agent; /* ssh-agent socket for host keys. */
char *pid_file; /* Where to put our pid */
int server_key_bits;/* Size of the server key. */
int login_grace_time; /* Disconnect if no auth in this time
@@ -109,7 +123,7 @@
int permit_user_env; /* If true, read ~/.ssh/environment */
int use_login; /* If true, login(1) is used */
int compression; /* If true, compression is allowed */
- int allow_tcp_forwarding;
+ int allow_tcp_forwarding; /* One of FORWARD_* */
int allow_agent_forwarding;
u_int num_allow_users;
char *allow_users[MAX_ALLOW_USERS];
@@ -145,8 +159,8 @@
* disconnect the session
*/
- char *authorized_keys_file; /* File containing public keys */
- char *authorized_keys_file2;
+ u_int num_authkeys_files; /* Files containing public keys */
+ char *authorized_keys_files[MAX_AUTHKEYS_FILES];
char *adm_forced_command;
@@ -160,17 +174,61 @@
char *revoked_keys_file;
char *trusted_user_ca_keys;
char *authorized_principals_file;
+ char *authorized_keys_command;
+ char *authorized_keys_command_user;
+
+ int64_t rekey_limit;
+ int rekey_interval;
+
+ char *version_addendum; /* Appended to SSH banner */
+
+ u_int num_auth_methods;
+ char *auth_methods[MAX_AUTH_METHODS];
} ServerOptions;
+/* Information about the incoming connection as used by Match */
+struct connection_info {
+ const char *user;
+ const char *host; /* possibly resolved hostname */
+ const char *address; /* remote address */
+ const char *laddress; /* local address */
+ int lport; /* local port */
+};
+
+
+/*
+ * These are string config options that must be copied between the
+ * Match sub-config and the main config, and must be sent from the
+ * privsep slave to the privsep master. We use a macro to ensure all
+ * the options are copied and the copies are done in the correct order.
+ */
+#define COPY_MATCH_STRING_OPTS() do { \
+ M_CP_STROPT(banner); \
+ M_CP_STROPT(trusted_user_ca_keys); \
+ M_CP_STROPT(revoked_keys_file); \
+ M_CP_STROPT(authorized_principals_file); \
+ M_CP_STROPT(authorized_keys_command); \
+ M_CP_STROPT(authorized_keys_command_user); \
+ M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \
+ M_CP_STRARRAYOPT(allow_users, num_allow_users); \
+ M_CP_STRARRAYOPT(deny_users, num_deny_users); \
+ M_CP_STRARRAYOPT(allow_groups, num_allow_groups); \
+ M_CP_STRARRAYOPT(deny_groups, num_deny_groups); \
+ M_CP_STRARRAYOPT(accept_env, num_accept_env); \
+ M_CP_STRARRAYOPT(auth_methods, num_auth_methods); \
+ } while (0)
+
+struct connection_info *get_connection_info(int, int);
void initialize_server_options(ServerOptions *);
void fill_default_server_options(ServerOptions *);
int process_server_config_line(ServerOptions *, char *, const char *, int,
- int *, const char *, const char *, const char *);
+ int *, struct connection_info *);
void load_server_config(const char *, Buffer *);
void parse_server_config(ServerOptions *, const char *, Buffer *,
- const char *, const char *, const char *);
-void parse_server_match_config(ServerOptions *, const char *, const char *,
- const char *);
+ struct connection_info *);
+void parse_server_match_config(ServerOptions *, struct connection_info *);
+int parse_server_match_testspec(struct connection_info *, char *);
+int server_match_spec_complete(struct connection_info *);
void copy_set_server_options(ServerOptions *, ServerOptions *, int);
void dump_config(ServerOptions *);
char *derelativise_path(const char *);
Property changes on: vendor-crypto/openssh/dist/servconf.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.8
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/serverloop.c
===================================================================
--- vendor-crypto/openssh/dist/serverloop.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/serverloop.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: serverloop.c,v 1.159 2009/05/28 16:50:16 andreas Exp $ */
+/* $OpenBSD: serverloop.c,v 1.168 2013/07/12 00:19:59 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -131,8 +131,8 @@
{
if (pipe(notify_pipe) < 0) {
error("pipe(notify_pipe) failed %s", strerror(errno));
- } else if ((fcntl(notify_pipe[0], F_SETFD, 1) == -1) ||
- (fcntl(notify_pipe[1], F_SETFD, 1) == -1)) {
+ } else if ((fcntl(notify_pipe[0], F_SETFD, FD_CLOEXEC) == -1) ||
+ (fcntl(notify_pipe[1], F_SETFD, FD_CLOEXEC) == -1)) {
error("fcntl(notify_pipe, F_SETFD) failed %s", strerror(errno));
close(notify_pipe[0]);
close(notify_pipe[1]);
@@ -148,7 +148,7 @@
notify_parent(void)
{
if (notify_pipe[1] != -1)
- write(notify_pipe[1], "", 1);
+ (void)write(notify_pipe[1], "", 1);
}
static void
notify_prepare(fd_set *readset)
@@ -277,13 +277,22 @@
*/
static void
wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp,
- u_int *nallocp, u_int max_time_milliseconds)
+ u_int *nallocp, u_int64_t max_time_milliseconds)
{
struct timeval tv, *tvp;
int ret;
+ time_t minwait_secs = 0;
int client_alive_scheduled = 0;
int program_alive_scheduled = 0;
+ /* Allocate and update select() masks for channel descriptors. */
+ channel_prepare_select(readsetp, writesetp, maxfdp, nallocp,
+ &minwait_secs, 0);
+
+ if (minwait_secs != 0)
+ max_time_milliseconds = MIN(max_time_milliseconds,
+ (u_int)minwait_secs * 1000);
+
/*
* if using client_alive, set the max timeout accordingly,
* and indicate that this particular timeout was for client
@@ -298,9 +307,6 @@
max_time_milliseconds = options.client_alive_interval * 1000;
}
- /* Allocate and update select() masks for channel descriptors. */
- channel_prepare_select(readsetp, writesetp, maxfdp, nallocp, 0);
-
if (compat20) {
#if 0
/* wrong: bad condition XXX */
@@ -557,7 +563,7 @@
int wait_status; /* Status returned by wait(). */
pid_t wait_pid; /* pid returned by wait(). */
int waiting_termination = 0; /* Have displayed waiting close message. */
- u_int max_time_milliseconds;
+ u_int64_t max_time_milliseconds;
u_int previous_stdout_buffer_bytes;
u_int stdout_buffer_bytes;
int type;
@@ -688,7 +694,7 @@
/* Display list of open channels. */
cp = channel_open_message();
buffer_append(&stderr_buffer, cp, strlen(cp));
- xfree(cp);
+ free(cp);
}
}
max_fd = MAX(connection_in, connection_out);
@@ -702,7 +708,7 @@
&nalloc, max_time_milliseconds);
if (received_sigterm) {
- logit("Exiting on signal %d", received_sigterm);
+ logit("Exiting on signal %d", (int)received_sigterm);
/* Clean up sessions, utmp, etc. */
cleanup_exit(255);
}
@@ -716,10 +722,8 @@
/* Process output to the client and to program stdin. */
process_output(writeset);
}
- if (readset)
- xfree(readset);
- if (writeset)
- xfree(writeset);
+ free(readset);
+ free(writeset);
/* Cleanup and termination code. */
@@ -819,7 +823,9 @@
server_loop2(Authctxt *authctxt)
{
fd_set *readset = NULL, *writeset = NULL;
- int rekeying = 0, max_fd, nalloc = 0;
+ int rekeying = 0, max_fd;
+ u_int nalloc = 0;
+ u_int64_t rekey_timeout_ms = 0;
debug("Entering interactive session for SSH2.");
@@ -848,11 +854,16 @@
if (!rekeying && packet_not_very_much_data_to_write())
channel_output_poll();
+ if (options.rekey_interval > 0 && compat20 && !rekeying)
+ rekey_timeout_ms = packet_get_rekey_timeout() * 1000;
+ else
+ rekey_timeout_ms = 0;
+
wait_until_can_do_something(&readset, &writeset, &max_fd,
- &nalloc, 0);
+ &nalloc, rekey_timeout_ms);
if (received_sigterm) {
- logit("Exiting on signal %d", received_sigterm);
+ logit("Exiting on signal %d", (int)received_sigterm);
/* Clean up sessions, utmp, etc. */
cleanup_exit(255);
}
@@ -873,10 +884,8 @@
}
collect_children();
- if (readset)
- xfree(readset);
- if (writeset)
- xfree(writeset);
+ free(readset);
+ free(writeset);
/* free all channels, no more reads and writes */
channel_free_all();
@@ -911,7 +920,7 @@
packet_check_eom();
buffer_append(&stdin_buffer, data, data_len);
memset(data, 0, data_len);
- xfree(data);
+ free(data);
}
static void
@@ -944,7 +953,7 @@
static Channel *
server_request_direct_tcpip(void)
{
- Channel *c;
+ Channel *c = NULL;
char *target, *originator;
u_short target_port, originator_port;
@@ -957,12 +966,19 @@
debug("server_request_direct_tcpip: originator %s port %d, target %s "
"port %d", originator, originator_port, target, target_port);
- /* XXX check permission */
- c = channel_connect_to(target, target_port,
- "direct-tcpip", "direct-tcpip");
+ /* XXX fine grained permissions */
+ if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0 &&
+ !no_port_forwarding_flag) {
+ c = channel_connect_to(target, target_port,
+ "direct-tcpip", "direct-tcpip");
+ } else {
+ logit("refused local port forward: "
+ "originator %s port %d, target %s port %d",
+ originator, originator_port, target, target_port);
+ }
- xfree(originator);
- xfree(target);
+ free(originator);
+ free(target);
return c;
}
@@ -1091,7 +1107,7 @@
}
packet_send();
}
- xfree(ctype);
+ free(ctype);
}
static void
@@ -1120,7 +1136,7 @@
listen_address, listen_port);
/* check permissions */
- if (!options.allow_tcp_forwarding ||
+ if ((options.allow_tcp_forwarding & FORWARD_REMOTE) == 0 ||
no_port_forwarding_flag ||
(!want_reply && listen_port == 0)
#ifndef NO_IPPORT_RESERVED_CONCEPT
@@ -1136,7 +1152,7 @@
listen_address, listen_port,
&allocated_listen_port, options.gateway_ports);
}
- xfree(listen_address);
+ free(listen_address);
} else if (strcmp(rtype, "cancel-tcpip-forward") == 0) {
char *cancel_address;
u_short cancel_port;
@@ -1148,7 +1164,7 @@
success = channel_cancel_rport_listener(cancel_address,
cancel_port);
- xfree(cancel_address);
+ free(cancel_address);
} else if (strcmp(rtype, "no-more-sessions at openssh.com") == 0) {
no_more_sessions = 1;
success = 1;
@@ -1161,7 +1177,7 @@
packet_send();
packet_write_wait();
}
- xfree(rtype);
+ free(rtype);
}
static void
@@ -1193,7 +1209,7 @@
packet_put_int(c->remote_id);
packet_send();
}
- xfree(rtype);
+ free(rtype);
}
static void
Property changes on: vendor-crypto/openssh/dist/serverloop.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.8
\ No newline at end of property
Index: vendor-crypto/openssh/dist/serverloop.h
===================================================================
--- vendor-crypto/openssh/dist/serverloop.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/serverloop.h 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/serverloop.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/session.c
===================================================================
--- vendor-crypto/openssh/dist/session.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/session.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.258 2010/11/25 04:10:09 djm Exp $ */
+/* $OpenBSD: session.c,v 1.266 2013/07/19 07:37:48 markus Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -80,6 +80,7 @@
#include "hostfile.h"
#include "auth.h"
#include "auth-options.h"
+#include "authfd.h"
#include "pathnames.h"
#include "log.h"
#include "servconf.h"
@@ -96,6 +97,10 @@
#include <kafs.h>
#endif
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#endif
+
#define IS_INTERNAL_SFTP(c) \
(!strncmp(c, INTERNAL_SFTP_NAME, sizeof(INTERNAL_SFTP_NAME) - 1) && \
(c[sizeof(INTERNAL_SFTP_NAME) - 1] == '\0' || \
@@ -195,7 +200,7 @@
packet_send_debug("Agent forwarding disabled: "
"mkdtemp() failed: %.100s", strerror(errno));
restore_uid();
- xfree(auth_sock_dir);
+ free(auth_sock_dir);
auth_sock_dir = NULL;
goto authsock_err;
}
@@ -240,11 +245,10 @@
return 1;
authsock_err:
- if (auth_sock_name != NULL)
- xfree(auth_sock_name);
+ free(auth_sock_name);
if (auth_sock_dir != NULL) {
rmdir(auth_sock_dir);
- xfree(auth_sock_dir);
+ free(auth_sock_dir);
}
if (sock != -1)
close(sock);
@@ -269,7 +273,10 @@
setproctitle("%s", authctxt->pw->pw_name);
/* setup the channel layer */
- if (!no_port_forwarding_flag && options.allow_tcp_forwarding)
+ if (no_port_forwarding_flag ||
+ (options.allow_tcp_forwarding & FORWARD_LOCAL) == 0)
+ channel_disable_adm_local_opens();
+ else
channel_permit_all_opens();
auth_debug_send();
@@ -357,8 +364,8 @@
packet_check_eom();
success = session_setup_x11fwd(s);
if (!success) {
- xfree(s->auth_proto);
- xfree(s->auth_data);
+ free(s->auth_proto);
+ free(s->auth_data);
s->auth_proto = NULL;
s->auth_data = NULL;
}
@@ -379,7 +386,7 @@
debug("Port forwarding not permitted for this authentication.");
break;
}
- if (!options.allow_tcp_forwarding) {
+ if (!(options.allow_tcp_forwarding & FORWARD_REMOTE)) {
debug("Port forwarding not permitted.");
break;
}
@@ -405,7 +412,7 @@
if (do_exec(s, command) != 0)
packet_disconnect(
"command execution failed");
- xfree(command);
+ free(command);
} else {
if (do_exec(s, NULL) != 0)
packet_disconnect(
@@ -970,7 +977,7 @@
break;
if (env[i]) {
/* Reuse the slot. */
- xfree(env[i]);
+ free(env[i]);
} else {
/* New variable. Expand if necessary. */
envsize = *envsizep;
@@ -1086,8 +1093,8 @@
umask((mode_t)mask);
for (i = 0; tmpenv[i] != NULL; i++)
- xfree(tmpenv[i]);
- xfree(tmpenv);
+ free(tmpenv[i]);
+ free(tmpenv);
}
#endif /* HAVE_ETC_DEFAULT_LOGIN */
@@ -1103,7 +1110,7 @@
for(i = 0; source[i] != NULL; i++) {
var_name = xstrdup(source[i]);
if ((var_val = strstr(var_name, "=")) == NULL) {
- xfree(var_name);
+ free(var_name);
continue;
}
*var_val++ = '\0';
@@ -1111,7 +1118,7 @@
debug3("Copy environment: %s=%s", var_name, var_val);
child_set_env(env, envsize, var_name, var_val);
- xfree(var_name);
+ free(var_name);
}
}
@@ -1212,8 +1219,8 @@
child_set_env(&env, &envsize, str, str + i + 1);
}
custom_environment = ce->next;
- xfree(ce->s);
- xfree(ce);
+ free(ce->s);
+ free(ce);
}
}
@@ -1225,7 +1232,7 @@
laddr = get_local_ipaddr(packet_get_connection_in());
snprintf(buf, sizeof buf, "%.50s %d %.50s %d",
get_remote_ipaddr(), get_remote_port(), laddr, get_local_port());
- xfree(laddr);
+ free(laddr);
child_set_env(&env, &envsize, "SSH_CONNECTION", buf);
if (s->ttyfd != -1)
@@ -1386,7 +1393,7 @@
struct stat sb;
#ifdef HAVE_LOGIN_CAP
- if (login_getcapbool(lc, "ignorenologin", 0) && pw->pw_uid)
+ if (login_getcapbool(lc, "ignorenologin", 0) || pw->pw_uid == 0)
return;
nl = login_getcapstr(lc, "nologin", def_nl, def_nl);
#else
@@ -1396,7 +1403,7 @@
#endif
if (stat(nl, &sb) == -1) {
if (nl != def_nl)
- xfree(nl);
+ free(nl);
return;
}
@@ -1506,6 +1513,9 @@
safely_chroot(chroot_path, pw->pw_uid);
free(tmp);
free(chroot_path);
+ /* Make sure we don't attempt to chroot again */
+ free(options.chroot_directory);
+ options.chroot_directory = NULL;
}
#ifdef HAVE_LOGIN_CAP
@@ -1513,10 +1523,18 @@
perror("unable to set user context (setuser)");
exit(1);
}
+ /*
+ * FreeBSD's setusercontext() will not apply the user's
+ * own umask setting unless running with the user's UID.
+ */
+ (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK);
#else
/* Permanently switch to the desired uid. */
permanently_set_uid(pw);
#endif
+ } else if (options.chroot_directory != NULL &&
+ strcasecmp(options.chroot_directory, "none") != 0) {
+ fatal("server lacks privileges to chroot to ChrootDirectory");
}
if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
@@ -1531,6 +1549,9 @@
if (s->ttyfd != -1) {
fprintf(stderr,
"You must change your password now and login again!\n");
+#ifdef WITH_SELINUX
+ setexeccon(NULL);
+#endif
#ifdef PASSWD_NEEDS_USERNAME
execl(_PATH_PASSWD_PROG, "passwd", s->pw->pw_name,
(char *)NULL);
@@ -1569,6 +1590,13 @@
static void
child_close_fds(void)
{
+ extern AuthenticationConnection *auth_conn;
+
+ if (auth_conn) {
+ ssh_close_authentication_connection(auth_conn);
+ auth_conn = NULL;
+ }
+
if (packet_get_connection_in() == packet_get_connection_out())
close(packet_get_connection_in());
else {
@@ -2033,7 +2061,7 @@
s->ypixel = packet_get_int();
if (strcmp(s->term, "") == 0) {
- xfree(s->term);
+ free(s->term);
s->term = NULL;
}
@@ -2041,8 +2069,7 @@
debug("Allocating pty.");
if (!PRIVSEP(pty_allocate(&s->ptyfd, &s->ttyfd, s->tty,
sizeof(s->tty)))) {
- if (s->term)
- xfree(s->term);
+ free(s->term);
s->term = NULL;
s->ptyfd = -1;
s->ttyfd = -1;
@@ -2103,7 +2130,7 @@
logit("subsystem request for %.100s failed, subsystem not found",
subsys);
- xfree(subsys);
+ free(subsys);
return success;
}
@@ -2125,8 +2152,8 @@
success = session_setup_x11fwd(s);
if (!success) {
- xfree(s->auth_proto);
- xfree(s->auth_data);
+ free(s->auth_proto);
+ free(s->auth_data);
s->auth_proto = NULL;
s->auth_data = NULL;
}
@@ -2148,7 +2175,7 @@
char *command = packet_get_string(&len);
packet_check_eom();
success = do_exec(s, command) == 0;
- xfree(command);
+ free(command);
return success;
}
@@ -2159,7 +2186,7 @@
packet_get_int(); /* ignored */
packet_check_eom();
- if (s->ttyfd == -1 || tcsendbreak(s->ttyfd, 0) < 0)
+ if (s->ptymaster == -1 || tcsendbreak(s->ptymaster, 0) < 0)
return 0;
return 1;
}
@@ -2194,8 +2221,8 @@
debug2("Ignoring env request %s: disallowed name", name);
fail:
- xfree(name);
- xfree(val);
+ free(name);
+ free(val);
return (0);
}
@@ -2377,24 +2404,16 @@
if (s->x11_chanids[i] != id)
session_close_x11(s->x11_chanids[i]);
}
- xfree(s->x11_chanids);
+ free(s->x11_chanids);
s->x11_chanids = NULL;
- if (s->display) {
- xfree(s->display);
- s->display = NULL;
- }
- if (s->auth_proto) {
- xfree(s->auth_proto);
- s->auth_proto = NULL;
- }
- if (s->auth_data) {
- xfree(s->auth_data);
- s->auth_data = NULL;
- }
- if (s->auth_display) {
- xfree(s->auth_display);
- s->auth_display = NULL;
- }
+ free(s->display);
+ s->display = NULL;
+ free(s->auth_proto);
+ s->auth_proto = NULL;
+ free(s->auth_data);
+ s->auth_data = NULL;
+ free(s->auth_display);
+ s->auth_display = NULL;
}
static void
@@ -2456,24 +2475,18 @@
debug("session_close: session %d pid %ld", s->self, (long)s->pid);
if (s->ttyfd != -1)
session_pty_cleanup(s);
- if (s->term)
- xfree(s->term);
- if (s->display)
- xfree(s->display);
- if (s->x11_chanids)
- xfree(s->x11_chanids);
- if (s->auth_display)
- xfree(s->auth_display);
- if (s->auth_data)
- xfree(s->auth_data);
- if (s->auth_proto)
- xfree(s->auth_proto);
+ free(s->term);
+ free(s->display);
+ free(s->x11_chanids);
+ free(s->auth_display);
+ free(s->auth_data);
+ free(s->auth_proto);
if (s->env != NULL) {
for (i = 0; i < s->num_env; i++) {
- xfree(s->env[i].name);
- xfree(s->env[i].val);
+ free(s->env[i].name);
+ free(s->env[i].val);
}
- xfree(s->env);
+ free(s->env);
}
session_proctitle(s);
session_unused(s->self);
Property changes on: vendor-crypto/openssh/dist/session.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.9
\ No newline at end of property
Index: vendor-crypto/openssh/dist/session.h
===================================================================
--- vendor-crypto/openssh/dist/session.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/session.h 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/session.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/sftp-client.c
===================================================================
--- vendor-crypto/openssh/dist/sftp-client.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/sftp-client.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-client.c,v 1.94 2010/12/04 00:18:01 djm Exp $ */
+/* $OpenBSD: sftp-client.c,v 1.108 2013/11/08 00:39:15 djm Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <djm at openbsd.org>
*
@@ -112,7 +112,7 @@
iov[1].iov_len = buffer_len(m);
if (atomiciov6(writev, conn->fd_out, iov, 2,
- conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_out) !=
+ conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_out) !=
buffer_len(m) + sizeof(mlen))
fatal("Couldn't send packet: %s", strerror(errno));
@@ -394,8 +394,8 @@
} else {
debug2("Unrecognised server extension \"%s\"", name);
}
- xfree(name);
- xfree(value);
+ free(name);
+ free(value);
}
buffer_free(&msg);
@@ -462,16 +462,16 @@
buffer_put_cstring(&msg, path);
send_msg(conn, &msg);
- buffer_clear(&msg);
-
handle = get_handle(conn, id, &handle_len,
"remote readdir(\"%s\")", path);
- if (handle == NULL)
+ if (handle == NULL) {
+ buffer_free(&msg);
return -1;
+ }
if (dir) {
ents = 0;
- *dir = xmalloc(sizeof(**dir));
+ *dir = xcalloc(1, sizeof(**dir));
(*dir)[0] = NULL;
}
@@ -509,7 +509,8 @@
error("Couldn't read directory: %s",
fx2txt(status));
do_close(conn, handle, handle_len);
- xfree(handle);
+ free(handle);
+ buffer_free(&msg);
return(status);
}
} else if (type != SSH2_FXP_NAME)
@@ -544,7 +545,7 @@
if (dir) {
*dir = xrealloc(*dir, ents + 2, sizeof(**dir));
- (*dir)[ents] = xmalloc(sizeof(***dir));
+ (*dir)[ents] = xcalloc(1, sizeof(***dir));
(*dir)[ents]->filename = xstrdup(filename);
(*dir)[ents]->longname = xstrdup(longname);
memcpy(&(*dir)[ents]->a, a, sizeof(*a));
@@ -551,19 +552,19 @@
(*dir)[++ents] = NULL;
}
next:
- xfree(filename);
- xfree(longname);
+ free(filename);
+ free(longname);
}
}
buffer_free(&msg);
do_close(conn, handle, handle_len);
- xfree(handle);
+ free(handle);
/* Don't return partial matches on interrupt */
if (interrupted && dir != NULL && *dir != NULL) {
free_sftp_dirents(*dir);
- *dir = xmalloc(sizeof(**dir));
+ *dir = xcalloc(1, sizeof(**dir));
**dir = NULL;
}
@@ -581,11 +582,11 @@
int i;
for (i = 0; s[i]; i++) {
- xfree(s[i]->filename);
- xfree(s[i]->longname);
- xfree(s[i]);
+ free(s[i]->filename);
+ free(s[i]->longname);
+ free(s[i]);
}
- xfree(s);
+ free(s);
}
int
@@ -756,9 +757,10 @@
longname = buffer_get_string(&msg, NULL);
a = decode_attrib(&msg);
- debug3("SSH_FXP_REALPATH %s -> %s", path, filename);
+ debug3("SSH_FXP_REALPATH %s -> %s size %lu", path, filename,
+ (unsigned long)a->size);
- xfree(longname);
+ free(longname);
buffer_free(&msg);
@@ -805,15 +807,15 @@
Buffer msg;
u_int status, id;
- buffer_init(&msg);
-
- /* Send link request */
- id = conn->msg_id++;
if ((conn->exts & SFTP_EXT_HARDLINK) == 0) {
error("Server does not support hardlink at openssh.com extension");
return -1;
}
+ buffer_init(&msg);
+
+ /* Send link request */
+ id = conn->msg_id++;
buffer_put_char(&msg, SSH2_FXP_EXTENDED);
buffer_put_int(&msg, id);
buffer_put_cstring(&msg, "hardlink at openssh.com");
@@ -889,6 +891,7 @@
u_int status = buffer_get_int(&msg);
error("Couldn't readlink: %s", fx2txt(status));
+ buffer_free(&msg);
return(NULL);
} else if (type != SSH2_FXP_NAME)
fatal("Expected SSH2_FXP_NAME(%u) packet, got %u",
@@ -904,7 +907,7 @@
debug3("SSH_FXP_READLINK %s -> %s", path, filename);
- xfree(longname);
+ free(longname);
buffer_free(&msg);
@@ -985,16 +988,17 @@
int
do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
- Attrib *a, int pflag)
+ Attrib *a, int pflag, int resume)
{
Attrib junk;
Buffer msg;
char *handle;
- int local_fd, status = 0, write_error;
- int read_error, write_errno;
- u_int64_t offset, size;
+ int local_fd = -1, status = 0, write_error;
+ int read_error, write_errno, reordered = 0;
+ u_int64_t offset = 0, size, highwater;
u_int handle_len, mode, type, id, buflen, num_req, max_req;
off_t progress_counter;
+ struct stat st;
struct request {
u_int id;
u_int len;
@@ -1047,21 +1051,36 @@
return(-1);
}
- local_fd = open(local_path, O_WRONLY | O_CREAT | O_TRUNC,
- mode | S_IWRITE);
+ local_fd = open(local_path, O_WRONLY | O_CREAT | (resume ? 0 : O_TRUNC),
+ mode | S_IWUSR);
if (local_fd == -1) {
error("Couldn't open local file \"%s\" for writing: %s",
local_path, strerror(errno));
- do_close(conn, handle, handle_len);
- buffer_free(&msg);
- xfree(handle);
- return(-1);
+ goto fail;
}
+ offset = highwater = 0;
+ if (resume) {
+ if (fstat(local_fd, &st) == -1) {
+ error("Unable to stat local file \"%s\": %s",
+ local_path, strerror(errno));
+ goto fail;
+ }
+ if ((size_t)st.st_size > size) {
+ error("Unable to resume download of \"%s\": "
+ "local file is larger than remote", local_path);
+ fail:
+ do_close(conn, handle, handle_len);
+ buffer_free(&msg);
+ free(handle);
+ return -1;
+ }
+ offset = highwater = st.st_size;
+ }
/* Read from remote and write to local */
- write_error = read_error = write_errno = num_req = offset = 0;
+ write_error = read_error = write_errno = num_req = 0;
max_req = 1;
- progress_counter = 0;
+ progress_counter = offset;
if (showprogress && size != 0)
start_progress_meter(remote_path, size, &progress_counter);
@@ -1086,7 +1105,7 @@
(unsigned long long)offset,
(unsigned long long)offset + buflen - 1,
num_req, max_req);
- req = xmalloc(sizeof(*req));
+ req = xcalloc(1, sizeof(*req));
req->id = conn->msg_id++;
req->len = buflen;
req->offset = offset;
@@ -1118,7 +1137,7 @@
read_error = 1;
max_req = 0;
TAILQ_REMOVE(&requests, req, tq);
- xfree(req);
+ free(req);
num_req--;
break;
case SSH2_FXP_DATA:
@@ -1136,12 +1155,16 @@
write_error = 1;
max_req = 0;
}
+ else if (!reordered && req->offset <= highwater)
+ highwater = req->offset + len;
+ else if (!reordered && req->offset > highwater)
+ reordered = 1;
progress_counter += len;
- xfree(data);
+ free(data);
if (len == req->len) {
TAILQ_REMOVE(&requests, req, tq);
- xfree(req);
+ free(req);
num_req--;
} else {
/* Resend the request for the missing data */
@@ -1184,7 +1207,15 @@
/* Sanity check */
if (TAILQ_FIRST(&requests) != NULL)
fatal("Transfer complete, but requests still in queue");
-
+ /* Truncate at highest contiguous point to avoid holes on interrupt */
+ if (read_error || write_error || interrupted) {
+ if (reordered && resume) {
+ error("Unable to resume download of \"%s\": "
+ "server reordered requests", local_path);
+ }
+ debug("truncating at %llu", (unsigned long long)highwater);
+ ftruncate(local_fd, highwater);
+ }
if (read_error) {
error("Couldn't read from remote file \"%s\" : %s",
remote_path, fx2txt(status));
@@ -1196,7 +1227,8 @@
do_close(conn, handle, handle_len);
} else {
status = do_close(conn, handle, handle_len);
-
+ if (interrupted)
+ status = -1;
/* Override umask and utimes if asked */
#ifdef HAVE_FCHMOD
if (pflag && fchmod(local_fd, mode) == -1)
@@ -1217,7 +1249,7 @@
}
close(local_fd);
buffer_free(&msg);
- xfree(handle);
+ free(handle);
return(status);
}
@@ -1224,7 +1256,7 @@
static int
download_dir_internal(struct sftp_conn *conn, char *src, char *dst,
- Attrib *dirattrib, int pflag, int printflag, int depth)
+ Attrib *dirattrib, int pflag, int printflag, int depth, int resume)
{
int i, ret = 0;
SFTP_DIRENT **dir_entries;
@@ -1277,11 +1309,11 @@
continue;
if (download_dir_internal(conn, new_src, new_dst,
&(dir_entries[i]->a), pflag, printflag,
- depth + 1) == -1)
+ depth + 1, resume) == -1)
ret = -1;
} else if (S_ISREG(dir_entries[i]->a.perm) ) {
if (do_download(conn, new_src, new_dst,
- &(dir_entries[i]->a), pflag) == -1) {
+ &(dir_entries[i]->a), pflag, resume) == -1) {
error("Download of file %s to %s failed",
new_src, new_dst);
ret = -1;
@@ -1289,8 +1321,8 @@
} else
logit("%s: not a regular file\n", new_src);
- xfree(new_dst);
- xfree(new_src);
+ free(new_dst);
+ free(new_src);
}
if (pflag) {
@@ -1314,7 +1346,7 @@
int
download_dir(struct sftp_conn *conn, char *src, char *dst,
- Attrib *dirattrib, int pflag, int printflag)
+ Attrib *dirattrib, int pflag, int printflag, int resume)
{
char *src_canon;
int ret;
@@ -1325,8 +1357,8 @@
}
ret = download_dir_internal(conn, src_canon, dst,
- dirattrib, pflag, printflag, 0);
- xfree(src_canon);
+ dirattrib, pflag, printflag, 0, resume);
+ free(src_canon);
return ret;
}
@@ -1337,7 +1369,7 @@
int local_fd;
int status = SSH2_FX_OK;
u_int handle_len, id, type;
- off_t offset;
+ off_t offset, progress_counter;
char *handle, *data;
Buffer msg;
struct stat sb;
@@ -1405,9 +1437,10 @@
data = xmalloc(conn->transfer_buflen);
/* Read from local and write to remote */
- offset = 0;
+ offset = progress_counter = 0;
if (showprogress)
- start_progress_meter(local_path, sb.st_size, &offset);
+ start_progress_meter(local_path, sb.st_size,
+ &progress_counter);
for (;;) {
int len;
@@ -1430,7 +1463,7 @@
strerror(errno));
if (len != 0) {
- ack = xmalloc(sizeof(*ack));
+ ack = xcalloc(1, sizeof(*ack));
ack->id = ++id;
ack->offset = offset;
ack->len = len;
@@ -1478,7 +1511,8 @@
debug3("In write loop, ack for %u %u bytes at %lld",
ack->id, ack->len, (long long)ack->offset);
++ackid;
- xfree(ack);
+ progress_counter += ack->len;
+ free(ack);
}
offset += len;
if (offset < 0)
@@ -1488,7 +1522,7 @@
if (showprogress)
stop_progress_meter();
- xfree(data);
+ free(data);
if (status != SSH2_FX_OK) {
error("Couldn't write to remote file \"%s\": %s",
@@ -1508,7 +1542,7 @@
if (do_close(conn, handle, handle_len) != SSH2_FX_OK)
status = -1;
- xfree(handle);
+ free(handle);
return status;
}
@@ -1548,7 +1582,7 @@
a.perm &= 01777;
if (!pflag)
a.flags &= ~SSH2_FILEXFER_ATTR_ACMODTIME;
-
+
status = do_mkdir(conn, dst, &a, 0);
/*
* we lack a portable status for errno EEXIST,
@@ -1558,7 +1592,7 @@
if (status != SSH2_FX_OK) {
if (status != SSH2_FX_FAILURE)
return -1;
- if (do_stat(conn, dst, 0) == NULL)
+ if (do_stat(conn, dst, 0) == NULL)
return -1;
}
@@ -1566,7 +1600,7 @@
error("Failed to open dir \"%s\": %s", src, strerror(errno));
return -1;
}
-
+
while (((dp = readdir(dirp)) != NULL) && !interrupted) {
if (dp->d_ino == 0)
continue;
@@ -1594,8 +1628,8 @@
}
} else
logit("%s: not a regular file\n", filename);
- xfree(new_dst);
- xfree(new_src);
+ free(new_dst);
+ free(new_src);
}
do_setstat(conn, dst, &a);
@@ -1617,7 +1651,7 @@
}
ret = upload_dir_internal(conn, src, dst_canon, pflag, printflag, 0);
- xfree(dst_canon);
+ free(dst_canon);
return ret;
}
Property changes on: vendor-crypto/openssh/dist/sftp-client.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.8
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/sftp-client.h
===================================================================
--- vendor-crypto/openssh/dist/sftp-client.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/sftp-client.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-client.h,v 1.20 2010/12/04 00:18:01 djm Exp $ */
+/* $OpenBSD: sftp-client.h,v 1.21 2013/07/25 00:56:51 djm Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <djm at openbsd.org>
@@ -106,13 +106,13 @@
* Download 'remote_path' to 'local_path'. Preserve permissions and times
* if 'pflag' is set
*/
-int do_download(struct sftp_conn *, char *, char *, Attrib *, int);
+int do_download(struct sftp_conn *, char *, char *, Attrib *, int, int);
/*
* Recursively download 'remote_directory' to 'local_directory'. Preserve
* times if 'pflag' is set
*/
-int download_dir(struct sftp_conn *, char *, char *, Attrib *, int, int);
+int download_dir(struct sftp_conn *, char *, char *, Attrib *, int, int, int);
/*
* Upload 'local_path' to 'remote_path'. Preserve permissions and times
Property changes on: vendor-crypto/openssh/dist/sftp-client.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/sftp-common.c
===================================================================
--- vendor-crypto/openssh/dist/sftp-common.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/sftp-common.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-common.c,v 1.23 2010/01/15 09:24:23 markus Exp $ */
+/* $OpenBSD: sftp-common.c,v 1.24 2013/05/17 00:13:14 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2001 Damien Miller. All rights reserved.
@@ -128,8 +128,8 @@
type = buffer_get_string(b, NULL);
data = buffer_get_string(b, NULL);
debug3("Got file attribute \"%s\"", type);
- xfree(type);
- xfree(data);
+ free(type);
+ free(data);
}
}
return &a;
Property changes on: vendor-crypto/openssh/dist/sftp-common.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Index: vendor-crypto/openssh/dist/sftp-common.h
===================================================================
--- vendor-crypto/openssh/dist/sftp-common.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/sftp-common.h 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/sftp-common.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/sftp-glob.c
===================================================================
--- vendor-crypto/openssh/dist/sftp-glob.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/sftp-glob.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-glob.c,v 1.22 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: sftp-glob.c,v 1.25 2013/11/08 00:39:15 djm Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <djm at openbsd.org>
*
@@ -48,10 +48,10 @@
{
struct SFTP_OPENDIR *r;
- r = xmalloc(sizeof(*r));
+ r = xcalloc(1, sizeof(*r));
if (do_readdir(cur.conn, (char *)path, &r->dir)) {
- xfree(r);
+ free(r);
return(NULL);
}
@@ -103,7 +103,7 @@
fudge_closedir(struct SFTP_OPENDIR *od)
{
free_sftp_dirents(od->dir);
- xfree(od);
+ free(od);
}
static int
@@ -111,7 +111,7 @@
{
Attrib *a;
- if (!(a = do_lstat(cur.conn, (char *)path, 0)))
+ if (!(a = do_lstat(cur.conn, (char *)path, 1)))
return(-1);
attrib_to_stat(a, st);
@@ -124,7 +124,7 @@
{
Attrib *a;
- if (!(a = do_stat(cur.conn, (char *)path, 0)))
+ if (!(a = do_stat(cur.conn, (char *)path, 1)))
return(-1);
attrib_to_stat(a, st);
Property changes on: vendor-crypto/openssh/dist/sftp-glob.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Index: vendor-crypto/openssh/dist/sftp-server-main.c
===================================================================
--- vendor-crypto/openssh/dist/sftp-server-main.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/sftp-server-main.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/sftp-server-main.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Added: vendor-crypto/openssh/dist/sftp-server.0
===================================================================
--- vendor-crypto/openssh/dist/sftp-server.0 (rev 0)
+++ vendor-crypto/openssh/dist/sftp-server.0 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,73 @@
+SFTP-SERVER(8) OpenBSD System Manager's Manual SFTP-SERVER(8)
+
+NAME
+ sftp-server - SFTP server subsystem
+
+SYNOPSIS
+ sftp-server [-ehR] [-d start_directory] [-f log_facility] [-l log_level]
+ [-u umask]
+
+DESCRIPTION
+ sftp-server is a program that speaks the server side of SFTP protocol to
+ stdout and expects client requests from stdin. sftp-server is not
+ intended to be called directly, but from sshd(8) using the Subsystem
+ option.
+
+ Command-line flags to sftp-server should be specified in the Subsystem
+ declaration. See sshd_config(5) for more information.
+
+ Valid options are:
+
+ -d start_directory
+ specifies an alternate starting directory for users. The
+ pathname may contain the following tokens that are expanded at
+ runtime: %% is replaced by a literal '%', %h is replaced by the
+ home directory of the user being authenticated, and %u is
+ replaced by the username of that user. The default is to use the
+ user's home directory. This option is useful in conjunction with
+ the sshd_config(5) ChrootDirectory option.
+
+ -e Causes sftp-server to print logging information to stderr instead
+ of syslog for debugging.
+
+ -f log_facility
+ Specifies the facility code that is used when logging messages
+ from sftp-server. The possible values are: DAEMON, USER, AUTH,
+ LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
+ The default is AUTH.
+
+ -h Displays sftp-server usage information.
+
+ -l log_level
+ Specifies which messages will be logged by sftp-server. The
+ possible values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG,
+ DEBUG1, DEBUG2, and DEBUG3. INFO and VERBOSE log transactions
+ that sftp-server performs on behalf of the client. DEBUG and
+ DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify higher
+ levels of debugging output. The default is ERROR.
+
+ -R Places this instance of sftp-server into a read-only mode.
+ Attempts to open files for writing, as well as other operations
+ that change the state of the filesystem, will be denied.
+
+ -u umask
+ Sets an explicit umask(2) to be applied to newly-created files
+ and directories, instead of the user's default mask.
+
+ For logging to work, sftp-server must be able to access /dev/log. Use of
+ sftp-server in a chroot configuration therefore requires that syslogd(8)
+ establish a logging socket inside the chroot directory.
+
+SEE ALSO
+ sftp(1), ssh(1), sshd_config(5), sshd(8)
+
+ T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh-
+ filexfer-02.txt, October 2001, work in progress material.
+
+HISTORY
+ sftp-server first appeared in OpenBSD 2.8.
+
+AUTHORS
+ Markus Friedl <markus at openbsd.org>
+
+OpenBSD 5.4 July 16, 2013 OpenBSD 5.4
Modified: vendor-crypto/openssh/dist/sftp-server.8
===================================================================
--- vendor-crypto/openssh/dist/sftp-server.8 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/sftp-server.8 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-.\" $OpenBSD: sftp-server.8,v 1.19 2010/01/09 03:36:00 jmc Exp $
+.\" $OpenBSD: sftp-server.8,v 1.23 2013/07/16 00:07:52 schwarze Exp $
.\"
.\" Copyright (c) 2000 Markus Friedl. All rights reserved.
.\"
@@ -22,7 +22,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: January 9 2010 $
+.Dd $Mdocdate: July 16 2013 $
.Dt SFTP-SERVER 8
.Os
.Sh NAME
@@ -31,6 +31,7 @@
.Sh SYNOPSIS
.Nm sftp-server
.Op Fl ehR
+.Op Fl d Ar start_directory
.Op Fl f Ar log_facility
.Op Fl l Ar log_level
.Op Fl u Ar umask
@@ -56,6 +57,17 @@
.Pp
Valid options are:
.Bl -tag -width Ds
+.It Fl d Ar start_directory
+specifies an alternate starting directory for users.
+The pathname may contain the following tokens that are expanded at runtime:
+%% is replaced by a literal '%',
+%h is replaced by the home directory of the user being authenticated,
+and %u is replaced by the username of that user.
+The default is to use the user's home directory.
+This option is useful in conjunction with the
+.Xr sshd_config 5
+.Cm ChrootDirectory
+option.
.It Fl e
Causes
.Nm
@@ -112,8 +124,8 @@
.%A T. Ylonen
.%A S. Lehtinen
.%T "SSH File Transfer Protocol"
-.%N draft-ietf-secsh-filexfer-00.txt
-.%D January 2001
+.%N draft-ietf-secsh-filexfer-02.txt
+.%D October 2001
.%O work in progress material
.Re
.Sh HISTORY
@@ -121,4 +133,4 @@
first appeared in
.Ox 2.8 .
.Sh AUTHORS
-.An Markus Friedl Aq markus at openbsd.org
+.An Markus Friedl Aq Mt markus at openbsd.org
Property changes on: vendor-crypto/openssh/dist/sftp-server.8
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.6
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/sftp-server.c
===================================================================
--- vendor-crypto/openssh/dist/sftp-server.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/sftp-server.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-server.c,v 1.93 2010/12/04 00:18:01 djm Exp $ */
+/* $OpenBSD: sftp-server.c,v 1.97 2013/05/17 00:13:14 djm Exp $ */
/*
* Copyright (c) 2000-2004 Markus Friedl. All rights reserved.
*
@@ -68,7 +68,7 @@
Buffer oqueue;
/* Version of client */
-int version;
+u_int version;
/* Disable writes */
int readonly;
@@ -319,11 +319,11 @@
if (handle_is_ok(handle, HANDLE_FILE)) {
ret = close(handles[handle].fd);
- xfree(handles[handle].name);
+ free(handles[handle].name);
handle_unused(handle);
} else if (handle_is_ok(handle, HANDLE_DIR)) {
ret = closedir(handles[handle].dirp);
- xfree(handles[handle].name);
+ free(handles[handle].name);
handle_unused(handle);
} else {
errno = ENOENT;
@@ -367,7 +367,7 @@
handle = get_string(&hlen);
if (hlen < 256)
val = handle_from_string(handle, hlen);
- xfree(handle);
+ free(handle);
return val;
}
@@ -450,7 +450,7 @@
handle_to_string(handle, &string, &hlen);
debug("request %u: sent handle handle %d", id, handle);
send_data_or_handle(SSH2_FXP_HANDLE, id, string, hlen);
- xfree(string);
+ free(string);
}
static void
@@ -522,7 +522,7 @@
Buffer msg;
version = get_int();
- verbose("received client version %d", version);
+ verbose("received client version %u", version);
buffer_init(&msg);
buffer_put_char(&msg, SSH2_FXP_VERSION);
buffer_put_int(&msg, SSH2_FILEXFER_VERSION);
@@ -578,7 +578,7 @@
}
if (status != SSH2_FX_OK)
send_status(id, status);
- xfree(name);
+ free(name);
}
static void
@@ -679,7 +679,7 @@
}
}
send_status(id, status);
- xfree(data);
+ free(data);
}
static void
@@ -705,7 +705,7 @@
}
if (status != SSH2_FX_OK)
send_status(id, status);
- xfree(name);
+ free(name);
}
static void
@@ -807,7 +807,7 @@
status = errno_to_portable(errno);
}
send_status(id, status);
- xfree(name);
+ free(name);
}
static void
@@ -904,7 +904,7 @@
}
if (status != SSH2_FX_OK)
send_status(id, status);
- xfree(path);
+ free(path);
}
static void
@@ -953,13 +953,13 @@
if (count > 0) {
send_names(id, count, stats);
for (i = 0; i < count; i++) {
- xfree(stats[i].name);
- xfree(stats[i].long_name);
+ free(stats[i].name);
+ free(stats[i].long_name);
}
} else {
send_status(id, SSH2_FX_EOF);
}
- xfree(stats);
+ free(stats);
}
}
@@ -982,7 +982,7 @@
status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
}
send_status(id, status);
- xfree(name);
+ free(name);
}
static void
@@ -1007,7 +1007,7 @@
status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
}
send_status(id, status);
- xfree(name);
+ free(name);
}
static void
@@ -1028,7 +1028,7 @@
status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
}
send_status(id, status);
- xfree(name);
+ free(name);
}
static void
@@ -1041,7 +1041,7 @@
id = get_int();
path = get_string(NULL);
if (path[0] == '\0') {
- xfree(path);
+ free(path);
path = xstrdup(".");
}
debug3("request %u: realpath", id);
@@ -1054,7 +1054,7 @@
s.name = s.long_name = resolvedname;
send_names(id, 1, &s);
}
- xfree(path);
+ free(path);
}
static void
@@ -1115,8 +1115,8 @@
status = SSH2_FX_OK;
}
send_status(id, status);
- xfree(oldpath);
- xfree(newpath);
+ free(oldpath);
+ free(newpath);
}
static void
@@ -1141,7 +1141,7 @@
s.name = s.long_name = buf;
send_names(id, 1, &s);
}
- xfree(path);
+ free(path);
}
static void
@@ -1164,8 +1164,8 @@
status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
}
send_status(id, status);
- xfree(oldpath);
- xfree(newpath);
+ free(oldpath);
+ free(newpath);
}
static void
@@ -1185,8 +1185,8 @@
status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
}
send_status(id, status);
- xfree(oldpath);
- xfree(newpath);
+ free(oldpath);
+ free(newpath);
}
static void
@@ -1203,7 +1203,7 @@
send_status(id, errno_to_portable(errno));
else
send_statvfs(id, &st);
- xfree(path);
+ free(path);
}
static void
@@ -1242,8 +1242,8 @@
status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
}
send_status(id, status);
- xfree(oldpath);
- xfree(newpath);
+ free(oldpath);
+ free(newpath);
}
static void
@@ -1264,7 +1264,7 @@
process_extended_hardlink(id);
else
send_status(id, SSH2_FX_OP_UNSUPPORTED); /* MUST */
- xfree(request);
+ free(request);
}
/* stolen from ssh-agent */
@@ -1390,7 +1390,8 @@
extern char *__progname;
fprintf(stderr,
- "usage: %s [-ehR] [-f log_facility] [-l log_level] [-u umask]\n",
+ "usage: %s [-ehR] [-d start_directory] [-f log_facility] "
+ "[-l log_level]\n\t[-u umask]\n",
__progname);
exit(1);
}
@@ -1402,7 +1403,7 @@
int in, out, max, ch, skipargs = 0, log_stderr = 0;
ssize_t len, olen, set_size;
SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;
- char *cp, buf[4*4096];
+ char *cp, *homedir = NULL, buf[4*4096];
long mask;
extern char *optarg;
@@ -1411,7 +1412,9 @@
__progname = ssh_get_progname(argv[0]);
log_init(__progname, log_level, log_facility, log_stderr);
- while (!skipargs && (ch = getopt(argc, argv, "f:l:u:cehR")) != -1) {
+ pw = pwcopy(user_pw);
+
+ while (!skipargs && (ch = getopt(argc, argv, "d:f:l:u:cehR")) != -1) {
switch (ch) {
case 'R':
readonly = 1;
@@ -1436,6 +1439,12 @@
if (log_facility == SYSLOG_FACILITY_NOT_SET)
error("Invalid log facility \"%s\"", optarg);
break;
+ case 'd':
+ cp = tilde_expand_filename(optarg, user_pw->pw_uid);
+ homedir = percent_expand(cp, "d", user_pw->pw_dir,
+ "u", user_pw->pw_name, (char *)NULL);
+ free(cp);
+ break;
case 'u':
errno = 0;
mask = strtol(optarg, &cp, 8);
@@ -1463,8 +1472,6 @@
} else
client_addr = xstrdup("UNKNOWN");
- pw = pwcopy(user_pw);
-
logit("session opened for local user %s from [%s]",
pw->pw_name, client_addr);
@@ -1489,6 +1496,13 @@
rset = (fd_set *)xmalloc(set_size);
wset = (fd_set *)xmalloc(set_size);
+ if (homedir != NULL) {
+ if (chdir(homedir) != 0) {
+ error("chdir to \"%s\" failed: %s", homedir,
+ strerror(errno));
+ }
+ }
+
for (;;) {
memset(rset, 0, set_size);
memset(wset, 0, set_size);
Property changes on: vendor-crypto/openssh/dist/sftp-server.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.8
\ No newline at end of property
Added: vendor-crypto/openssh/dist/sftp.0
===================================================================
--- vendor-crypto/openssh/dist/sftp.0 (rev 0)
+++ vendor-crypto/openssh/dist/sftp.0 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,348 @@
+SFTP(1) OpenBSD Reference Manual SFTP(1)
+
+NAME
+ sftp - secure file transfer program
+
+SYNOPSIS
+ sftp [-1246Cpqrv] [-B buffer_size] [-b batchfile] [-c cipher]
+ [-D sftp_server_path] [-F ssh_config] [-i identity_file] [-l limit]
+ [-o ssh_option] [-P port] [-R num_requests] [-S program]
+ [-s subsystem | sftp_server] host
+ sftp [user@]host[:file ...]
+ sftp [user@]host[:dir[/]]
+ sftp -b batchfile [user@]host
+
+DESCRIPTION
+ sftp is an interactive file transfer program, similar to ftp(1), which
+ performs all operations over an encrypted ssh(1) transport. It may also
+ use many features of ssh, such as public key authentication and
+ compression. sftp connects and logs into the specified host, then enters
+ an interactive command mode.
+
+ The second usage format will retrieve files automatically if a non-
+ interactive authentication method is used; otherwise it will do so after
+ successful interactive authentication.
+
+ The third usage format allows sftp to start in a remote directory.
+
+ The final usage format allows for automated sessions using the -b option.
+ In such cases, it is necessary to configure non-interactive
+ authentication to obviate the need to enter a password at connection time
+ (see sshd(8) and ssh-keygen(1) for details).
+
+ Since some usage formats use colon characters to delimit host names from
+ path names, IPv6 addresses must be enclosed in square brackets to avoid
+ ambiguity.
+
+ The options are as follows:
+
+ -1 Specify the use of protocol version 1.
+
+ -2 Specify the use of protocol version 2.
+
+ -4 Forces sftp to use IPv4 addresses only.
+
+ -6 Forces sftp to use IPv6 addresses only.
+
+ -B buffer_size
+ Specify the size of the buffer that sftp uses when transferring
+ files. Larger buffers require fewer round trips at the cost of
+ higher memory consumption. The default is 32768 bytes.
+
+ -b batchfile
+ Batch mode reads a series of commands from an input batchfile
+ instead of stdin. Since it lacks user interaction it should be
+ used in conjunction with non-interactive authentication. A
+ batchfile of `-' may be used to indicate standard input. sftp
+ will abort if any of the following commands fail: get, put,
+ reget, rename, ln, rm, mkdir, chdir, ls, lchdir, chmod, chown,
+ chgrp, lpwd, df, symlink, and lmkdir. Termination on error can
+ be suppressed on a command by command basis by prefixing the
+ command with a `-' character (for example, -rm /tmp/blah*).
+
+ -C Enables compression (via ssh's -C flag).
+
+ -c cipher
+ Selects the cipher to use for encrypting the data transfers.
+ This option is directly passed to ssh(1).
+
+ -D sftp_server_path
+ Connect directly to a local sftp server (rather than via ssh(1)).
+ This option may be useful in debugging the client and server.
+
+ -F ssh_config
+ Specifies an alternative per-user configuration file for ssh(1).
+ This option is directly passed to ssh(1).
+
+ -i identity_file
+ Selects the file from which the identity (private key) for public
+ key authentication is read. This option is directly passed to
+ ssh(1).
+
+ -l limit
+ Limits the used bandwidth, specified in Kbit/s.
+
+ -o ssh_option
+ Can be used to pass options to ssh in the format used in
+ ssh_config(5). This is useful for specifying options for which
+ there is no separate sftp command-line flag. For example, to
+ specify an alternate port use: sftp -oPort=24. For full details
+ of the options listed below, and their possible values, see
+ ssh_config(5).
+
+ AddressFamily
+ BatchMode
+ BindAddress
+ ChallengeResponseAuthentication
+ CheckHostIP
+ Cipher
+ Ciphers
+ Compression
+ CompressionLevel
+ ConnectionAttempts
+ ConnectTimeout
+ ControlMaster
+ ControlPath
+ ControlPersist
+ GlobalKnownHostsFile
+ GSSAPIAuthentication
+ GSSAPIDelegateCredentials
+ HashKnownHosts
+ Host
+ HostbasedAuthentication
+ HostKeyAlgorithms
+ HostKeyAlias
+ HostName
+ IdentityFile
+ IdentitiesOnly
+ IPQoS
+ KbdInteractiveAuthentication
+ KbdInteractiveDevices
+ KexAlgorithms
+ LogLevel
+ MACs
+ NoHostAuthenticationForLocalhost
+ NumberOfPasswordPrompts
+ PasswordAuthentication
+ PKCS11Provider
+ Port
+ PreferredAuthentications
+ Protocol
+ ProxyCommand
+ PubkeyAuthentication
+ RekeyLimit
+ RhostsRSAAuthentication
+ RSAAuthentication
+ SendEnv
+ ServerAliveInterval
+ ServerAliveCountMax
+ StrictHostKeyChecking
+ TCPKeepAlive
+ UsePrivilegedPort
+ User
+ UserKnownHostsFile
+ VerifyHostKeyDNS
+
+ -P port
+ Specifies the port to connect to on the remote host.
+
+ -p Preserves modification times, access times, and modes from the
+ original files transferred.
+
+ -q Quiet mode: disables the progress meter as well as warning and
+ diagnostic messages from ssh(1).
+
+ -R num_requests
+ Specify how many requests may be outstanding at any one time.
+ Increasing this may slightly improve file transfer speed but will
+ increase memory usage. The default is 64 outstanding requests.
+
+ -r Recursively copy entire directories when uploading and
+ downloading. Note that sftp does not follow symbolic links
+ encountered in the tree traversal.
+
+ -S program
+ Name of the program to use for the encrypted connection. The
+ program must understand ssh(1) options.
+
+ -s subsystem | sftp_server
+ Specifies the SSH2 subsystem or the path for an sftp server on
+ the remote host. A path is useful for using sftp over protocol
+ version 1, or when the remote sshd(8) does not have an sftp
+ subsystem configured.
+
+ -v Raise logging level. This option is also passed to ssh.
+
+INTERACTIVE COMMANDS
+ Once in interactive mode, sftp understands a set of commands similar to
+ those of ftp(1). Commands are case insensitive. Pathnames that contain
+ spaces must be enclosed in quotes. Any special characters contained
+ within pathnames that are recognized by glob(3) must be escaped with
+ backslashes (`\').
+
+ bye Quit sftp.
+
+ cd path
+ Change remote directory to path.
+
+ chgrp grp path
+ Change group of file path to grp. path may contain glob(3)
+ characters and may match multiple files. grp must be a numeric
+ GID.
+
+ chmod mode path
+ Change permissions of file path to mode. path may contain
+ glob(3) characters and may match multiple files.
+
+ chown own path
+ Change owner of file path to own. path may contain glob(3)
+ characters and may match multiple files. own must be a numeric
+ UID.
+
+ df [-hi] [path]
+ Display usage information for the filesystem holding the current
+ directory (or path if specified). If the -h flag is specified,
+ the capacity information will be displayed using "human-readable"
+ suffixes. The -i flag requests display of inode information in
+ addition to capacity information. This command is only supported
+ on servers that implement the ``statvfs at openssh.com'' extension.
+
+ exit Quit sftp.
+
+ get [-aPpr] remote-path [local-path]
+ Retrieve the remote-path and store it on the local machine. If
+ the local path name is not specified, it is given the same name
+ it has on the remote machine. remote-path may contain glob(3)
+ characters and may match multiple files. If it does and
+ local-path is specified, then local-path must specify a
+ directory.
+
+ If the -a flag is specified, then attempt to resume partial
+ transfers of existing files. Note that resumption assumes that
+ any partial copy of the local file matches the remote copy. If
+ the remote file differs from the partial local copy then the
+ resultant file is likely to be corrupt.
+
+ If either the -P or -p flag is specified, then full file
+ permissions and access times are copied too.
+
+ If the -r flag is specified then directories will be copied
+ recursively. Note that sftp does not follow symbolic links when
+ performing recursive transfers.
+
+ help Display help text.
+
+ lcd path
+ Change local directory to path.
+
+ lls [ls-options [path]]
+ Display local directory listing of either path or current
+ directory if path is not specified. ls-options may contain any
+ flags supported by the local system's ls(1) command. path may
+ contain glob(3) characters and may match multiple files.
+
+ lmkdir path
+ Create local directory specified by path.
+
+ ln [-s] oldpath newpath
+ Create a link from oldpath to newpath. If the -s flag is
+ specified the created link is a symbolic link, otherwise it is a
+ hard link.
+
+ lpwd Print local working directory.
+
+ ls [-1afhlnrSt] [path]
+ Display a remote directory listing of either path or the current
+ directory if path is not specified. path may contain glob(3)
+ characters and may match multiple files.
+
+ The following flags are recognized and alter the behaviour of ls
+ accordingly:
+
+ -1 Produce single columnar output.
+
+ -a List files beginning with a dot (`.').
+
+ -f Do not sort the listing. The default sort order is
+ lexicographical.
+
+ -h When used with a long format option, use unit suffixes:
+ Byte, Kilobyte, Megabyte, Gigabyte, Terabyte, Petabyte,
+ and Exabyte in order to reduce the number of digits to
+ four or fewer using powers of 2 for sizes (K=1024,
+ M=1048576, etc.).
+
+ -l Display additional details including permissions and
+ ownership information.
+
+ -n Produce a long listing with user and group information
+ presented numerically.
+
+ -r Reverse the sort order of the listing.
+
+ -S Sort the listing by file size.
+
+ -t Sort the listing by last modification time.
+
+ lumask umask
+ Set local umask to umask.
+
+ mkdir path
+ Create remote directory specified by path.
+
+ progress
+ Toggle display of progress meter.
+
+ put [-Ppr] local-path [remote-path]
+ Upload local-path and store it on the remote machine. If the
+ remote path name is not specified, it is given the same name it
+ has on the local machine. local-path may contain glob(3)
+ characters and may match multiple files. If it does and
+ remote-path is specified, then remote-path must specify a
+ directory.
+
+ If either the -P or -p flag is specified, then full file
+ permissions and access times are copied too.
+
+ If the -r flag is specified then directories will be copied
+ recursively. Note that sftp does not follow symbolic links when
+ performing recursive transfers.
+
+ pwd Display remote working directory.
+
+ quit Quit sftp.
+
+ reget [-Ppr] remote-path [local-path]
+ Resume download of remote-path. Equivalent to get with the -a
+ flag set.
+
+ rename oldpath newpath
+ Rename remote file from oldpath to newpath.
+
+ rm path
+ Delete remote file specified by path.
+
+ rmdir path
+ Remove remote directory specified by path.
+
+ symlink oldpath newpath
+ Create a symbolic link from oldpath to newpath.
+
+ version
+ Display the sftp protocol version.
+
+ !command
+ Execute command in local shell.
+
+ ! Escape to local shell.
+
+ ? Synonym for help.
+
+SEE ALSO
+ ftp(1), ls(1), scp(1), ssh(1), ssh-add(1), ssh-keygen(1), glob(3),
+ ssh_config(5), sftp-server(8), sshd(8)
+
+ T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh-
+ filexfer-00.txt, January 2001, work in progress material.
+
+OpenBSD 5.4 July 25, 2013 OpenBSD 5.4
Modified: vendor-crypto/openssh/dist/sftp.1
===================================================================
--- vendor-crypto/openssh/dist/sftp.1 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/sftp.1 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-.\" $OpenBSD: sftp.1,v 1.88 2010/12/04 00:18:01 djm Exp $
+.\" $OpenBSD: sftp.1,v 1.92 2013/07/25 00:56:51 djm Exp $
.\"
.\" Copyright (c) 2001 Damien Miller. All rights reserved.
.\"
@@ -22,7 +22,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: December 4 2010 $
+.Dd $Mdocdate: July 25 2013 $
.Dt SFTP 1
.Os
.Sh NAME
@@ -89,6 +89,10 @@
and
.Xr ssh-keygen 1
for details).
+.Pp
+Since some usage formats use colon characters to delimit host names from path
+names, IPv6 addresses must be enclosed in square brackets to avoid ambiguity.
+.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl 1
@@ -125,7 +129,7 @@
.Nm
will abort if any of the following
commands fail:
-.Ic get , put , rename , ln ,
+.Ic get , put , reget , rename , ln ,
.Ic rm , mkdir , chdir , ls ,
.Ic lchdir , chmod , chown ,
.Ic chgrp , lpwd , df , symlink ,
@@ -190,6 +194,7 @@
.It ConnectTimeout
.It ControlMaster
.It ControlPath
+.It ControlPersist
.It GlobalKnownHostsFile
.It GSSAPIAuthentication
.It GSSAPIDelegateCredentials
@@ -202,6 +207,7 @@
.It IdentityFile
.It IdentitiesOnly
.It IPQoS
+.It KbdInteractiveAuthentication
.It KbdInteractiveDevices
.It KexAlgorithms
.It LogLevel
@@ -337,7 +343,7 @@
Quit
.Nm sftp .
.It Xo Ic get
-.Op Fl Ppr
+.Op Fl aPpr
.Ar remote-path
.Op Ar local-path
.Xc
@@ -357,6 +363,14 @@
.Ar local-path
must specify a directory.
.Pp
+If the
+.Fl a
+flag is specified, then attempt to resume partial transfers of existing files.
+Note that resumption assumes that any partial copy of the local file matches
+the remote copy.
+If the remote file differs from the partial local copy then the resultant file
+is likely to be corrupt.
+.Pp
If either the
.Fl P
or
@@ -479,7 +493,7 @@
.Ar remote-path
must specify a directory.
.Pp
-If ether the
+If either the
.Fl P
or
.Fl p
@@ -497,6 +511,18 @@
.It Ic quit
Quit
.Nm sftp .
+.It Xo Ic reget
+.Op Fl Ppr
+.Ar remote-path
+.Op Ar local-path
+.Xc
+Resume download of
+.Ar remote-path .
+Equivalent to
+.Ic get
+with the
+.Fl a
+flag set.
.It Ic rename Ar oldpath Ar newpath
Rename remote file from
.Ar oldpath
Property changes on: vendor-crypto/openssh/dist/sftp.1
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/sftp.c
===================================================================
--- vendor-crypto/openssh/dist/sftp.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/sftp.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp.c,v 1.132 2010/12/04 00:18:01 djm Exp $ */
+/* $OpenBSD: sftp.c,v 1.148 2013/07/25 00:56:52 djm Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <djm at openbsd.org>
*
@@ -38,6 +38,9 @@
#ifdef HAVE_LIBGEN_H
#include <libgen.h>
#endif
+#ifdef HAVE_LOCALE_H
+# include <locale.h>
+#endif
#ifdef USE_LIBEDIT
#include <histedit.h>
#else
@@ -54,10 +57,6 @@
# include <util.h>
#endif
-#ifdef HAVE_LIBUTIL_H
-# include <libutil.h>
-#endif
-
#include "xmalloc.h"
#include "log.h"
#include "pathnames.h"
@@ -80,6 +79,9 @@
/* PID of ssh transport process */
static pid_t sshpid = -1;
+/* Suppress diagnositic messages */
+int quiet = 0;
+
/* This is set to 0 if the progressmeter is not desired. */
int showprogress = 1;
@@ -86,6 +88,9 @@
/* When this option is set, we always recursively download/upload directories */
int global_rflag = 0;
+/* When this option is set, we resume download if possible */
+int global_aflag = 0;
+
/* When this option is set, the file transfers will always preserve times */
int global_pflag = 0;
@@ -149,6 +154,7 @@
#define I_SYMLINK 21
#define I_VERSION 22
#define I_PROGRESS 23
+#define I_REGET 26
struct CMD {
const char *c;
@@ -188,6 +194,7 @@
{ "put", I_PUT, LOCAL },
{ "pwd", I_PWD, REMOTE },
{ "quit", I_QUIT, NOARGS },
+ { "reget", I_REGET, REMOTE },
{ "rename", I_RENAME, REMOTE },
{ "rm", I_RM, REMOTE },
{ "rmdir", I_RMDIR, REMOTE },
@@ -219,7 +226,7 @@
const char msg[] = "\rInterrupt \n";
int olderrno = errno;
- write(STDERR_FILENO, msg, sizeof(msg) - 1);
+ (void)write(STDERR_FILENO, msg, sizeof(msg) - 1);
interrupted = 1;
errno = olderrno;
}
@@ -237,6 +244,7 @@
" filesystem containing 'path'\n"
"exit Quit sftp\n"
"get [-Ppr] remote [local] Download file\n"
+ "reget remote [local] Resume download file\n"
"help Display this help text\n"
"lcd path Change local directory to 'path'\n"
"lls [ls-options [path]] Display local directory listing\n"
@@ -310,7 +318,7 @@
/* XXX: quoting - rip quoting code from ftp? */
snprintf(buf, len, _PATH_LS " %s", args);
local_do_shell(buf);
- xfree(buf);
+ free(buf);
}
}
@@ -341,7 +349,7 @@
/* Derelativise */
if (p && p[0] != '/') {
abs_str = path_append(pwd, p);
- xfree(p);
+ free(p);
return(abs_str);
} else
return(p);
@@ -348,8 +356,8 @@
}
static int
-parse_getput_flags(const char *cmd, char **argv, int argc, int *pflag,
- int *rflag)
+parse_getput_flags(const char *cmd, char **argv, int argc,
+ int *aflag, int *pflag, int *rflag)
{
extern int opterr, optind, optopt, optreset;
int ch;
@@ -357,9 +365,12 @@
optind = optreset = 1;
opterr = 0;
- *rflag = *pflag = 0;
- while ((ch = getopt(argc, argv, "PpRr")) != -1) {
+ *aflag = *rflag = *pflag = 0;
+ while ((ch = getopt(argc, argv, "aPpRr")) != -1) {
switch (ch) {
+ case 'a':
+ *aflag = 1;
+ break;
case 'p':
case 'P':
*pflag = 1;
@@ -517,7 +528,7 @@
static int
process_get(struct sftp_conn *conn, char *src, char *dst, char *pwd,
- int pflag, int rflag)
+ int pflag, int rflag, int resume)
{
char *abs_src = NULL;
char *abs_dst = NULL;
@@ -551,7 +562,7 @@
tmp = xstrdup(g.gl_pathv[i]);
if ((filename = basename(tmp)) == NULL) {
error("basename %s: %s", tmp, strerror(errno));
- xfree(tmp);
+ free(tmp);
err = -1;
goto out;
}
@@ -567,24 +578,28 @@
} else {
abs_dst = xstrdup(filename);
}
- xfree(tmp);
+ free(tmp);
- printf("Fetching %s to %s\n", g.gl_pathv[i], abs_dst);
+ resume |= global_aflag;
+ if (!quiet && resume)
+ printf("Resuming %s to %s\n", g.gl_pathv[i], abs_dst);
+ else if (!quiet && !resume)
+ printf("Fetching %s to %s\n", g.gl_pathv[i], abs_dst);
if (pathname_is_dir(g.gl_pathv[i]) && (rflag || global_rflag)) {
- if (download_dir(conn, g.gl_pathv[i], abs_dst, NULL,
- pflag || global_pflag, 1) == -1)
+ if (download_dir(conn, g.gl_pathv[i], abs_dst, NULL,
+ pflag || global_pflag, 1, resume) == -1)
err = -1;
} else {
if (do_download(conn, g.gl_pathv[i], abs_dst, NULL,
- pflag || global_pflag) == -1)
+ pflag || global_pflag, resume) == -1)
err = -1;
}
- xfree(abs_dst);
+ free(abs_dst);
abs_dst = NULL;
}
out:
- xfree(abs_src);
+ free(abs_src);
globfree(&g);
return(err);
}
@@ -636,7 +651,7 @@
tmp = xstrdup(g.gl_pathv[i]);
if ((filename = basename(tmp)) == NULL) {
error("basename %s: %s", tmp, strerror(errno));
- xfree(tmp);
+ free(tmp);
err = -1;
goto out;
}
@@ -652,9 +667,10 @@
} else {
abs_dst = make_absolute(xstrdup(filename), pwd);
}
- xfree(tmp);
+ free(tmp);
- printf("Uploading %s to %s\n", g.gl_pathv[i], abs_dst);
+ if (!quiet)
+ printf("Uploading %s to %s\n", g.gl_pathv[i], abs_dst);
if (pathname_is_dir(g.gl_pathv[i]) && (rflag || global_rflag)) {
if (upload_dir(conn, g.gl_pathv[i], abs_dst,
pflag || global_pflag, 1) == -1)
@@ -667,10 +683,8 @@
}
out:
- if (abs_dst)
- xfree(abs_dst);
- if (tmp_dst)
- xfree(tmp_dst);
+ free(abs_dst);
+ free(tmp_dst);
globfree(&g);
return(err);
}
@@ -718,7 +732,7 @@
/* Add any subpath that also needs to be counted */
tmp = path_strip(path, strip_path);
m += strlen(tmp);
- xfree(tmp);
+ free(tmp);
if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) != -1)
width = ws.ws_col;
@@ -744,7 +758,7 @@
tmp = path_append(path, d[n]->filename);
fname = path_strip(tmp, strip_path);
- xfree(tmp);
+ free(tmp);
if (lflag & LS_LONG_VIEW) {
if (lflag & (LS_NUMERIC_VIEW|LS_SI_UNITS)) {
@@ -756,7 +770,7 @@
lname = ls_file(fname, &sb, 1,
(lflag & LS_SI_UNITS));
printf("%s\n", lname);
- xfree(lname);
+ free(lname);
} else
printf("%s\n", d[n]->longname);
} else {
@@ -768,7 +782,7 @@
c++;
}
- xfree(fname);
+ free(fname);
}
if (!(lflag & LS_LONG_VIEW) && (c != 1))
@@ -783,7 +797,6 @@
do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
int lflag)
{
- Attrib *a = NULL;
char *fname, *lname;
glob_t g;
int err;
@@ -793,7 +806,8 @@
memset(&g, 0, sizeof(g));
if (remote_glob(conn, path,
- GLOB_MARK|GLOB_NOCHECK|GLOB_BRACE|GLOB_KEEPSTAT, NULL, &g) ||
+ GLOB_MARK|GLOB_NOCHECK|GLOB_BRACE|GLOB_KEEPSTAT|GLOB_NOSORT,
+ NULL, &g) ||
(g.gl_pathc && !g.gl_matchc)) {
if (g.gl_pathc)
globfree(&g);
@@ -828,7 +842,7 @@
colspace = width / columns;
}
- for (i = 0; g.gl_pathv[i] && !interrupted; i++, a = NULL) {
+ for (i = 0; g.gl_pathv[i] && !interrupted; i++) {
fname = path_strip(g.gl_pathv[i], strip_path);
if (lflag & LS_LONG_VIEW) {
if (g.gl_statv[i] == NULL) {
@@ -838,7 +852,7 @@
lname = ls_file(fname, g.gl_statv[i], 1,
(lflag & LS_SI_UNITS));
printf("%s\n", lname);
- xfree(lname);
+ free(lname);
} else {
printf("%-*s", colspace, fname);
if (c >= columns) {
@@ -847,7 +861,7 @@
} else
c++;
}
- xfree(fname);
+ free(fname);
}
if (!(lflag & LS_LONG_VIEW) && (c != 1))
@@ -991,6 +1005,10 @@
state = MA_START;
i = j = 0;
for (;;) {
+ if ((size_t)argc >= sizeof(argv) / sizeof(*argv)){
+ error("Too many arguments.");
+ return NULL;
+ }
if (isspace(arg[i])) {
if (state == MA_UNQUOTED) {
/* Terminate current argument */
@@ -1112,8 +1130,9 @@
}
static int
-parse_args(const char **cpp, int *pflag, int *rflag, int *lflag, int *iflag,
- int *hflag, int *sflag, unsigned long *n_arg, char **path1, char **path2)
+parse_args(const char **cpp, int *aflag, int *hflag, int *iflag, int *lflag,
+ int *pflag, int *rflag, int *sflag, unsigned long *n_arg,
+ char **path1, char **path2)
{
const char *cmd, *cp = *cpp;
char *cp2, **argv;
@@ -1141,7 +1160,7 @@
/* Figure out which command we have */
for (i = 0; cmds[i].c != NULL; i++) {
- if (strcasecmp(cmds[i].c, argv[0]) == 0)
+ if (argv[0] != NULL && strcasecmp(cmds[i].c, argv[0]) == 0)
break;
}
cmdnum = cmds[i].n;
@@ -1157,14 +1176,15 @@
}
/* Get arguments and parse flags */
- *lflag = *pflag = *rflag = *hflag = *n_arg = 0;
+ *aflag = *lflag = *pflag = *rflag = *hflag = *n_arg = 0;
*path1 = *path2 = NULL;
optidx = 1;
switch (cmdnum) {
case I_GET:
+ case I_REGET:
case I_PUT:
if ((optidx = parse_getput_flags(cmd, argv, argc,
- pflag, rflag)) == -1)
+ aflag, pflag, rflag)) == -1)
return -1;
/* Get first pathname (mandatory) */
if (argc - optidx < 1) {
@@ -1179,6 +1199,11 @@
/* Destination is not globbed */
undo_glob_escape(*path2);
}
+ if (*aflag && cmdnum == I_PUT) {
+ /* XXX implement resume for uploads */
+ error("Resume is not supported for uploads");
+ return -1;
+ }
break;
case I_LINK:
if ((optidx = parse_link_flags(cmd, argv, argc, sflag)) == -1)
@@ -1287,7 +1312,8 @@
int err_abort)
{
char *path1, *path2, *tmp;
- int pflag = 0, rflag = 0, lflag = 0, iflag = 0, hflag = 0, sflag = 0;
+ int aflag = 0, hflag = 0, iflag = 0, lflag = 0, pflag = 0;
+ int rflag = 0, sflag = 0;
int cmdnum, i;
unsigned long n_arg = 0;
Attrib a, *aa;
@@ -1296,9 +1322,8 @@
glob_t g;
path1 = path2 = NULL;
- cmdnum = parse_args(&cmd, &pflag, &rflag, &lflag, &iflag, &hflag,
- &sflag, &n_arg, &path1, &path2);
-
+ cmdnum = parse_args(&cmd, &aflag, &hflag, &iflag, &lflag, &pflag,
+ &rflag, &sflag, &n_arg, &path1, &path2);
if (iflag != 0)
err_abort = 0;
@@ -1313,8 +1338,12 @@
/* Unrecognized command */
err = -1;
break;
+ case I_REGET:
+ aflag = 1;
+ /* FALLTHROUGH */
case I_GET:
- err = process_get(conn, path1, path2, *pwd, pflag, rflag);
+ err = process_get(conn, path1, path2, *pwd, pflag,
+ rflag, aflag);
break;
case I_PUT:
err = process_put(conn, path1, path2, *pwd, pflag, rflag);
@@ -1335,7 +1364,8 @@
path1 = make_absolute(path1, *pwd);
remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g);
for (i = 0; g.gl_pathv[i] && !interrupted; i++) {
- printf("Removing %s\n", g.gl_pathv[i]);
+ if (!quiet)
+ printf("Removing %s\n", g.gl_pathv[i]);
err = do_rm(conn, g.gl_pathv[i]);
if (err != 0 && err_abort)
break;
@@ -1359,13 +1389,13 @@
break;
}
if ((aa = do_stat(conn, tmp, 0)) == NULL) {
- xfree(tmp);
+ free(tmp);
err = 1;
break;
}
if (!(aa->flags & SSH2_FILEXFER_ATTR_PERMISSIONS)) {
error("Can't change directory: Can't check target");
- xfree(tmp);
+ free(tmp);
err = 1;
break;
}
@@ -1372,11 +1402,11 @@
if (!S_ISDIR(aa->perm)) {
error("Can't change directory: \"%s\" is not "
"a directory", tmp);
- xfree(tmp);
+ free(tmp);
err = 1;
break;
}
- xfree(*pwd);
+ free(*pwd);
*pwd = tmp;
break;
case I_LS:
@@ -1431,7 +1461,8 @@
a.perm = n_arg;
remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g);
for (i = 0; g.gl_pathv[i] && !interrupted; i++) {
- printf("Changing mode on %s\n", g.gl_pathv[i]);
+ if (!quiet)
+ printf("Changing mode on %s\n", g.gl_pathv[i]);
err = do_setstat(conn, g.gl_pathv[i], &a);
if (err != 0 && err_abort)
break;
@@ -1460,10 +1491,14 @@
}
aa->flags &= SSH2_FILEXFER_ATTR_UIDGID;
if (cmdnum == I_CHOWN) {
- printf("Changing owner on %s\n", g.gl_pathv[i]);
+ if (!quiet)
+ printf("Changing owner on %s\n",
+ g.gl_pathv[i]);
aa->uid = n_arg;
} else {
- printf("Changing group on %s\n", g.gl_pathv[i]);
+ if (!quiet)
+ printf("Changing group on %s\n",
+ g.gl_pathv[i]);
aa->gid = n_arg;
}
err = do_setstat(conn, g.gl_pathv[i], aa);
@@ -1504,10 +1539,8 @@
if (g.gl_pathc)
globfree(&g);
- if (path1)
- xfree(path1);
- if (path2)
- xfree(path2);
+ free(path1);
+ free(path2);
/* If an unignored error occurs in batch mode we should abort. */
if (err_abort && err != 0)
@@ -1617,8 +1650,8 @@
complete_display(list, 0);
for (y = 0; list[y] != NULL; y++)
- xfree(list[y]);
- xfree(list);
+ free(list[y]);
+ free(list);
return count;
}
@@ -1630,8 +1663,10 @@
}
list[count] = NULL;
- if (count == 0)
+ if (count == 0) {
+ free(list);
return 0;
+ }
/* Complete ambigious command */
tmp = complete_ambiguous(cmd, list, count);
@@ -1639,8 +1674,8 @@
complete_display(list, 0);
for (y = 0; list[y]; y++)
- xfree(list[y]);
- xfree(list);
+ free(list[y]);
+ free(list);
if (tmp != NULL) {
tmplen = strlen(tmp);
@@ -1661,7 +1696,7 @@
if (y > 0 && el_insertstr(el, argterm) == -1)
fatal("el_insertstr failed.");
}
- xfree(tmp);
+ free(tmp);
}
return count;
@@ -1692,8 +1727,9 @@
char *file, int remote, int lastarg, char quote, int terminated)
{
glob_t g;
- char *tmp, *tmp2, ins[3];
- u_int i, hadglob, pwdlen, len, tmplen, filelen;
+ char *tmp, *tmp2, ins[8];
+ u_int i, hadglob, pwdlen, len, tmplen, filelen, cesc, isesc, isabs;
+ int clen;
const LineInfo *lf;
/* Glob from "file" location */
@@ -1702,6 +1738,9 @@
else
xasprintf(&tmp, "%s*", file);
+ /* Check if the path is absolute. */
+ isabs = tmp[0] == '/';
+
memset(&g, 0, sizeof(g));
if (remote != LOCAL) {
tmp = make_absolute(tmp, remote_path);
@@ -1722,7 +1761,7 @@
if (tmp[tmplen] == '/')
pwdlen = tmplen + 1; /* track last seen '/' */
}
- xfree(tmp);
+ free(tmp);
if (g.gl_matchc == 0)
goto out;
@@ -1736,8 +1775,8 @@
goto out;
tmp2 = complete_ambiguous(file, g.gl_pathv, g.gl_matchc);
- tmp = path_strip(tmp2, remote_path);
- xfree(tmp2);
+ tmp = path_strip(tmp2, isabs ? NULL : remote_path);
+ free(tmp2);
if (tmp == NULL)
goto out;
@@ -1745,14 +1784,27 @@
tmplen = strlen(tmp);
filelen = strlen(file);
- if (tmplen > filelen) {
- tmp2 = tmp + filelen;
+ /* Count the number of escaped characters in the input string. */
+ cesc = isesc = 0;
+ for (i = 0; i < filelen; i++) {
+ if (!isesc && file[i] == '\\' && i + 1 < filelen){
+ isesc = 1;
+ cesc++;
+ } else
+ isesc = 0;
+ }
+
+ if (tmplen > (filelen - cesc)) {
+ tmp2 = tmp + filelen - cesc;
len = strlen(tmp2);
/* quote argument on way out */
- for (i = 0; i < len; i++) {
+ for (i = 0; i < len; i += clen) {
+ if ((clen = mblen(tmp2 + i, len - i)) < 0 ||
+ (size_t)clen > sizeof(ins) - 2)
+ fatal("invalid multibyte character");
ins[0] = '\\';
- ins[1] = tmp2[i];
- ins[2] = '\0';
+ memcpy(ins + 1, tmp2 + i, clen);
+ ins[clen + 1] = '\0';
switch (tmp2[i]) {
case '\'':
case '"':
@@ -1760,6 +1812,8 @@
case '\t':
case '[':
case ' ':
+ case '#':
+ case '*':
if (quote == '\0' || tmp2[i] == quote) {
if (el_insertstr(el, ins) == -1)
fatal("el_insertstr "
@@ -1787,7 +1841,7 @@
if (i > 0 && el_insertstr(el, ins) == -1)
fatal("el_insertstr failed.");
}
- xfree(tmp);
+ free(tmp);
out:
globfree(&g);
@@ -1799,7 +1853,8 @@
complete(EditLine *el, int ch)
{
char **argv, *line, quote;
- u_int argc, carg, cursor, len, terminated, ret = CC_ERROR;
+ int argc, carg;
+ u_int cursor, len, terminated, ret = CC_ERROR;
const LineInfo *lf;
struct complete_ctx *complete_ctx;
@@ -1813,7 +1868,7 @@
memcpy(line, lf->buffer, cursor);
line[cursor] = '\0';
argv = makeargv(line, &carg, 1, "e, &terminated);
- xfree(line);
+ free(line);
/* Get all the arguments on the line */
len = lf->lastchar - lf->buffer;
@@ -1825,7 +1880,7 @@
/* Ensure cursor is at EOL or a argument boundary */
if (line[cursor] != ' ' && line[cursor] != '\0' &&
line[cursor] != '\n') {
- xfree(line);
+ free(line);
return ret;
}
@@ -1853,7 +1908,7 @@
ret = CC_REDISPLAY;
}
- xfree(line);
+ free(line);
return ret;
}
#endif /* USE_LIBEDIT */
@@ -1905,39 +1960,34 @@
dir = make_absolute(dir, remote_path);
if (remote_is_dir(conn, dir) && file2 == NULL) {
- printf("Changing to: %s\n", dir);
+ if (!quiet)
+ printf("Changing to: %s\n", dir);
snprintf(cmd, sizeof cmd, "cd \"%s\"", dir);
if (parse_dispatch_command(conn, cmd,
&remote_path, 1) != 0) {
- xfree(dir);
- xfree(remote_path);
- xfree(conn);
+ free(dir);
+ free(remote_path);
+ free(conn);
return (-1);
}
} else {
- if (file2 == NULL)
- snprintf(cmd, sizeof cmd, "get %s", dir);
- else
- snprintf(cmd, sizeof cmd, "get %s %s", dir,
- file2);
-
+ /* XXX this is wrong wrt quoting */
+ snprintf(cmd, sizeof cmd, "get%s %s%s%s",
+ global_aflag ? " -a" : "", dir,
+ file2 == NULL ? "" : " ",
+ file2 == NULL ? "" : file2);
err = parse_dispatch_command(conn, cmd,
&remote_path, 1);
- xfree(dir);
- xfree(remote_path);
- xfree(conn);
+ free(dir);
+ free(remote_path);
+ free(conn);
return (err);
}
- xfree(dir);
+ free(dir);
}
-#if defined(HAVE_SETVBUF) && !defined(BROKEN_SETVBUF)
- setvbuf(stdout, NULL, _IOLBF, 0);
- setvbuf(infile, NULL, _IOLBF, 0);
-#else
setlinebuf(stdout);
setlinebuf(infile);
-#endif
interactive = !batchmode && isatty(STDIN_FILENO);
err = 0;
@@ -1991,8 +2041,8 @@
if (err != 0)
break;
}
- xfree(remote_path);
- xfree(conn);
+ free(remote_path);
+ free(conn);
#ifdef USE_LIBEDIT
if (el != NULL)
@@ -2099,6 +2149,7 @@
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
sanitise_stdfd();
+ setlocale(LC_CTYPE, "");
__progname = ssh_get_progname(argv[0]);
memset(&args, '\0', sizeof(args));
@@ -2113,7 +2164,7 @@
infile = stdin;
while ((ch = getopt(argc, argv,
- "1246hpqrvCc:D:i:l:o:s:S:b:B:F:P:R:")) != -1) {
+ "1246ahpqrvCc:D:i:l:o:s:S:b:B:F:P:R:")) != -1) {
switch (ch) {
/* Passed through to ssh(1) */
case '4':
@@ -2130,6 +2181,8 @@
addargs(&args, "%s", optarg);
break;
case 'q':
+ ll = SYSLOG_LEVEL_ERROR;
+ quiet = 1;
showprogress = 0;
addargs(&args, "-%c", ch);
break;
@@ -2151,6 +2204,9 @@
case '2':
sshver = 2;
break;
+ case 'a':
+ global_aflag = 1;
+ break;
case 'B':
copy_buffer_len = strtol(optarg, &cp, 10);
if (copy_buffer_len == 0 || *cp != '\0')
@@ -2165,7 +2221,7 @@
(infile = fopen(optarg, "r")) == NULL)
fatal("%s (%s).", strerror(errno), optarg);
showprogress = 0;
- batchmode = 1;
+ quiet = batchmode = 1;
addargs(&args, "-obatchmode yes");
break;
case 'p':
@@ -2262,7 +2318,7 @@
if (conn == NULL)
fatal("Couldn't initialise connection to server");
- if (!batchmode) {
+ if (!quiet) {
if (sftp_direct == NULL)
fprintf(stderr, "Connected to %s.\n", host);
else
Property changes on: vendor-crypto/openssh/dist/sftp.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.7
\ No newline at end of property
Index: vendor-crypto/openssh/dist/sftp.h
===================================================================
--- vendor-crypto/openssh/dist/sftp.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/sftp.h 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/sftp.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Added: vendor-crypto/openssh/dist/ssh-add.0
===================================================================
--- vendor-crypto/openssh/dist/ssh-add.0 (rev 0)
+++ vendor-crypto/openssh/dist/ssh-add.0 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,119 @@
+SSH-ADD(1) OpenBSD Reference Manual SSH-ADD(1)
+
+NAME
+ ssh-add - adds private key identities to the authentication agent
+
+SYNOPSIS
+ ssh-add [-cDdkLlXx] [-t life] [file ...]
+ ssh-add -s pkcs11
+ ssh-add -e pkcs11
+
+DESCRIPTION
+ ssh-add adds private key identities to the authentication agent,
+ ssh-agent(1). When run without arguments, it adds the files
+ ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and ~/.ssh/identity. After
+ loading a private key, ssh-add will try to load corresponding certificate
+ information from the filename obtained by appending -cert.pub to the name
+ of the private key file. Alternative file names can be given on the
+ command line.
+
+ If any file requires a passphrase, ssh-add asks for the passphrase from
+ the user. The passphrase is read from the user's tty. ssh-add retries
+ the last passphrase if multiple identity files are given.
+
+ The authentication agent must be running and the SSH_AUTH_SOCK
+ environment variable must contain the name of its socket for ssh-add to
+ work.
+
+ The options are as follows:
+
+ -c Indicates that added identities should be subject to confirmation
+ before being used for authentication. Confirmation is performed
+ by the SSH_ASKPASS program mentioned below. Successful
+ confirmation is signaled by a zero exit status from the
+ SSH_ASKPASS program, rather than text entered into the requester.
+
+ -D Deletes all identities from the agent.
+
+ -d Instead of adding identities, removes identities from the agent.
+ If ssh-add has been run without arguments, the keys for the
+ default identities and their corresponding certificates will be
+ removed. Otherwise, the argument list will be interpreted as a
+ list of paths to public key files to specify keys and
+ certificates to be removed from the agent. If no public key is
+ found at a given path, ssh-add will append .pub and retry.
+
+ -e pkcs11
+ Remove keys provided by the PKCS#11 shared library pkcs11.
+
+ -k When loading keys into or deleting keys from the agent, process
+ plain private keys only and skip certificates.
+
+ -L Lists public key parameters of all identities currently
+ represented by the agent.
+
+ -l Lists fingerprints of all identities currently represented by the
+ agent.
+
+ -s pkcs11
+ Add keys provided by the PKCS#11 shared library pkcs11.
+
+ -t life
+ Set a maximum lifetime when adding identities to an agent. The
+ lifetime may be specified in seconds or in a time format
+ specified in sshd_config(5).
+
+ -X Unlock the agent.
+
+ -x Lock the agent with a password.
+
+ENVIRONMENT
+ DISPLAY and SSH_ASKPASS
+ If ssh-add needs a passphrase, it will read the passphrase from
+ the current terminal if it was run from a terminal. If ssh-add
+ does not have a terminal associated with it but DISPLAY and
+ SSH_ASKPASS are set, it will execute the program specified by
+ SSH_ASKPASS and open an X11 window to read the passphrase. This
+ is particularly useful when calling ssh-add from a .xsession or
+ related script. (Note that on some machines it may be necessary
+ to redirect the input from /dev/null to make this work.)
+
+ SSH_AUTH_SOCK
+ Identifies the path of a UNIX-domain socket used to communicate
+ with the agent.
+
+FILES
+ ~/.ssh/identity
+ Contains the protocol version 1 RSA authentication identity of
+ the user.
+
+ ~/.ssh/id_dsa
+ Contains the protocol version 2 DSA authentication identity of
+ the user.
+
+ ~/.ssh/id_ecdsa
+ Contains the protocol version 2 ECDSA authentication identity of
+ the user.
+
+ ~/.ssh/id_rsa
+ Contains the protocol version 2 RSA authentication identity of
+ the user.
+
+ Identity files should not be readable by anyone but the user. Note that
+ ssh-add ignores identity files if they are accessible by others.
+
+EXIT STATUS
+ Exit status is 0 on success, 1 if the specified command fails, and 2 if
+ ssh-add is unable to contact the authentication agent.
+
+SEE ALSO
+ ssh(1), ssh-agent(1), ssh-keygen(1), sshd(8)
+
+AUTHORS
+ OpenSSH is a derivative of the original and free ssh 1.2.12 release by
+ Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
+ de Raadt and Dug Song removed many bugs, re-added newer features and
+ created OpenSSH. Markus Friedl contributed the support for SSH protocol
+ versions 1.5 and 2.0.
+
+OpenBSD 5.4 December 3, 2012 OpenBSD 5.4
Modified: vendor-crypto/openssh/dist/ssh-add.1
===================================================================
--- vendor-crypto/openssh/dist/ssh-add.1 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/ssh-add.1 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-add.1,v 1.55 2010/10/28 18:33:28 jmc Exp $
+.\" $OpenBSD: ssh-add.1,v 1.58 2012/12/03 08:33:02 jmc Exp $
.\"
.\" Author: Tatu Ylonen <ylo at cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: October 28 2010 $
+.Dd $Mdocdate: December 3 2012 $
.Dt SSH-ADD 1
.Os
.Sh NAME
@@ -43,7 +43,7 @@
.Nd adds private key identities to the authentication agent
.Sh SYNOPSIS
.Nm ssh-add
-.Op Fl cDdLlXx
+.Op Fl cDdkLlXx
.Op Fl t Ar life
.Op Ar
.Nm ssh-add
@@ -98,10 +98,10 @@
Instead of adding identities, removes identities from the agent.
If
.Nm
-has been run without arguments, the keys for the default identities will
-be removed.
+has been run without arguments, the keys for the default identities and
+their corresponding certificates will be removed.
Otherwise, the argument list will be interpreted as a list of paths to
-public key files and matching keys will be removed from the agent.
+public key files to specify keys and certificates to be removed from the agent.
If no public key is found at a given path,
.Nm
will append
@@ -110,6 +110,9 @@
.It Fl e Ar pkcs11
Remove keys provided by the PKCS#11 shared library
.Ar pkcs11 .
+.It Fl k
+When loading keys into or deleting keys from the agent, process plain private
+keys only and skip certificates.
.It Fl L
Lists public key parameters of all identities currently represented
by the agent.
Property changes on: vendor-crypto/openssh/dist/ssh-add.1
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/ssh-add.c
===================================================================
--- vendor-crypto/openssh/dist/ssh-add.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/ssh-add.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-add.c,v 1.100 2010/08/31 12:33:38 djm Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.106 2013/05/17 00:13:14 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -90,16 +90,16 @@
{
if (pass) {
memset(pass, 0, strlen(pass));
- xfree(pass);
+ free(pass);
pass = NULL;
}
}
static int
-delete_file(AuthenticationConnection *ac, const char *filename)
+delete_file(AuthenticationConnection *ac, const char *filename, int key_only)
{
- Key *public;
- char *comment = NULL;
+ Key *public = NULL, *cert = NULL;
+ char *certpath = NULL, *comment = NULL;
int ret = -1;
public = key_load_public(filename, &comment);
@@ -113,9 +113,34 @@
} else
fprintf(stderr, "Could not remove identity: %s\n", filename);
- key_free(public);
- xfree(comment);
+ if (key_only)
+ goto out;
+ /* Now try to delete the corresponding certificate too */
+ free(comment);
+ comment = NULL;
+ xasprintf(&certpath, "%s-cert.pub", filename);
+ if ((cert = key_load_public(certpath, &comment)) == NULL)
+ goto out;
+ if (!key_equal_public(cert, public))
+ fatal("Certificate %s does not match private key %s",
+ certpath, filename);
+
+ if (ssh_remove_identity(ac, cert)) {
+ fprintf(stderr, "Identity removed: %s (%s)\n", certpath,
+ comment);
+ ret = 0;
+ } else
+ fprintf(stderr, "Could not remove identity: %s\n", certpath);
+
+ out:
+ if (cert != NULL)
+ key_free(cert);
+ if (public != NULL)
+ key_free(public);
+ free(certpath);
+ free(comment);
+
return ret;
}
@@ -139,14 +164,18 @@
}
static int
-add_file(AuthenticationConnection *ac, const char *filename)
+add_file(AuthenticationConnection *ac, const char *filename, int key_only)
{
Key *private, *cert;
char *comment = NULL;
- char msg[1024], *certpath;
+ char msg[1024], *certpath = NULL;
int fd, perms_ok, ret = -1;
+ Buffer keyblob;
- if ((fd = open(filename, O_RDONLY)) < 0) {
+ if (strcmp(filename, "-") == 0) {
+ fd = STDIN_FILENO;
+ filename = "(stdin)";
+ } else if ((fd = open(filename, O_RDONLY)) < 0) {
perror(filename);
return -1;
}
@@ -155,18 +184,28 @@
* Since we'll try to load a keyfile multiple times, permission errors
* will occur multiple times, so check perms first and bail if wrong.
*/
- perms_ok = key_perm_ok(fd, filename);
+ if (fd != STDIN_FILENO) {
+ perms_ok = key_perm_ok(fd, filename);
+ if (!perms_ok) {
+ close(fd);
+ return -1;
+ }
+ }
+ buffer_init(&keyblob);
+ if (!key_load_file(fd, filename, &keyblob)) {
+ buffer_free(&keyblob);
+ close(fd);
+ return -1;
+ }
close(fd);
- if (!perms_ok)
- return -1;
/* At first, try empty passphrase */
- private = key_load_private(filename, "", &comment);
+ private = key_parse_private(&keyblob, filename, "", &comment);
if (comment == NULL)
comment = xstrdup(filename);
/* try last */
if (private == NULL && pass != NULL)
- private = key_load_private(filename, pass, NULL);
+ private = key_parse_private(&keyblob, filename, pass, NULL);
if (private == NULL) {
/* clear passphrase since it did not work */
clear_pass();
@@ -176,10 +215,12 @@
pass = read_passphrase(msg, RP_ALLOW_STDIN);
if (strcmp(pass, "") == 0) {
clear_pass();
- xfree(comment);
+ free(comment);
+ buffer_free(&keyblob);
return -1;
}
- private = key_load_private(filename, pass, &comment);
+ private = key_parse_private(&keyblob, filename, pass,
+ &comment);
if (private != NULL)
break;
clear_pass();
@@ -187,6 +228,7 @@
"Bad passphrase, try again for %.200s: ", comment);
}
}
+ buffer_free(&keyblob);
if (ssh_add_identity_constrained(ac, private, comment, lifetime,
confirm)) {
@@ -202,6 +244,9 @@
fprintf(stderr, "Could not add identity: %s\n", filename);
}
+ /* Skip trying to load the cert if requested */
+ if (key_only)
+ goto out;
/* Now try to add the certificate flavour too */
xasprintf(&certpath, "%s-cert.pub", filename);
@@ -236,8 +281,9 @@
if (confirm != 0)
fprintf(stderr, "The user must confirm each use of the key\n");
out:
- xfree(certpath);
- xfree(comment);
+ if (certpath != NULL)
+ free(certpath);
+ free(comment);
key_free(private);
return ret;
@@ -262,7 +308,7 @@
add ? "add" : "remove", id);
ret = -1;
}
- xfree(pin);
+ free(pin);
return ret;
}
@@ -284,7 +330,7 @@
SSH_FP_HEX);
printf("%d %s %s (%s)\n",
key_size(key), fp, comment, key_type(key));
- xfree(fp);
+ free(fp);
} else {
if (!key_write(key, stdout))
fprintf(stderr, "key_write failed");
@@ -291,7 +337,7 @@
fprintf(stdout, " %s\n", comment);
}
key_free(key);
- xfree(comment);
+ free(comment);
}
}
if (!had_identities) {
@@ -317,7 +363,7 @@
passok = 0;
}
memset(p2, 0, strlen(p2));
- xfree(p2);
+ free(p2);
}
if (passok && ssh_lock_agent(ac, lock, p1)) {
fprintf(stderr, "Agent %slocked.\n", lock ? "" : "un");
@@ -325,18 +371,18 @@
} else
fprintf(stderr, "Failed to %slock agent.\n", lock ? "" : "un");
memset(p1, 0, strlen(p1));
- xfree(p1);
+ free(p1);
return (ret);
}
static int
-do_file(AuthenticationConnection *ac, int deleting, char *file)
+do_file(AuthenticationConnection *ac, int deleting, int key_only, char *file)
{
if (deleting) {
- if (delete_file(ac, file) == -1)
+ if (delete_file(ac, file, key_only) == -1)
return -1;
} else {
- if (add_file(ac, file) == -1)
+ if (add_file(ac, file, key_only) == -1)
return -1;
}
return 0;
@@ -349,12 +395,13 @@
fprintf(stderr, "Options:\n");
fprintf(stderr, " -l List fingerprints of all identities.\n");
fprintf(stderr, " -L List public key parameters of all identities.\n");
+ fprintf(stderr, " -k Load only keys and not certificates.\n");
+ fprintf(stderr, " -c Require confirmation to sign using identities\n");
+ fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n");
fprintf(stderr, " -d Delete identity.\n");
fprintf(stderr, " -D Delete all identities.\n");
fprintf(stderr, " -x Lock agent.\n");
fprintf(stderr, " -X Unlock agent.\n");
- fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n");
- fprintf(stderr, " -c Require confirmation to sign using identities\n");
fprintf(stderr, " -s pkcs11 Add keys from PKCS#11 provider.\n");
fprintf(stderr, " -e pkcs11 Remove keys provided by PKCS#11 provider.\n");
}
@@ -366,13 +413,12 @@
extern int optind;
AuthenticationConnection *ac = NULL;
char *pkcs11provider = NULL;
- int i, ch, deleting = 0, ret = 0;
+ int i, ch, deleting = 0, ret = 0, key_only = 0;
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
sanitise_stdfd();
__progname = ssh_get_progname(argv[0]);
- init_rng();
seed_rng();
OpenSSL_add_all_algorithms();
@@ -384,8 +430,11 @@
"Could not open a connection to your authentication agent.\n");
exit(2);
}
- while ((ch = getopt(argc, argv, "lLcdDxXe:s:t:")) != -1) {
+ while ((ch = getopt(argc, argv, "klLcdDxXe:s:t:")) != -1) {
switch (ch) {
+ case 'k':
+ key_only = 1;
+ break;
case 'l':
case 'L':
if (list_identities(ac, ch == 'l' ? 1 : 0) == -1)
@@ -451,7 +500,7 @@
default_files[i]);
if (stat(buf, &st) < 0)
continue;
- if (do_file(ac, deleting, buf) == -1)
+ if (do_file(ac, deleting, key_only, buf) == -1)
ret = 1;
else
count++;
@@ -460,7 +509,7 @@
ret = 1;
} else {
for (i = 0; i < argc; i++) {
- if (do_file(ac, deleting, argv[i]) == -1)
+ if (do_file(ac, deleting, key_only, argv[i]) == -1)
ret = 1;
}
}
Property changes on: vendor-crypto/openssh/dist/ssh-add.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Added: vendor-crypto/openssh/dist/ssh-agent.0
===================================================================
--- vendor-crypto/openssh/dist/ssh-agent.0 (rev 0)
+++ vendor-crypto/openssh/dist/ssh-agent.0 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,123 @@
+SSH-AGENT(1) OpenBSD Reference Manual SSH-AGENT(1)
+
+NAME
+ ssh-agent - authentication agent
+
+SYNOPSIS
+ ssh-agent [-c | -s] [-d] [-a bind_address] [-t life] [command [arg ...]]
+ ssh-agent [-c | -s] -k
+
+DESCRIPTION
+ ssh-agent is a program to hold private keys used for public key
+ authentication (RSA, DSA, ECDSA). The idea is that ssh-agent is started
+ in the beginning of an X-session or a login session, and all other
+ windows or programs are started as clients to the ssh-agent program.
+ Through use of environment variables the agent can be located and
+ automatically used for authentication when logging in to other machines
+ using ssh(1).
+
+ The options are as follows:
+
+ -a bind_address
+ Bind the agent to the UNIX-domain socket bind_address. The
+ default is $TMPDIR/ssh-XXXXXXXXXX/agent.<ppid>.
+
+ -c Generate C-shell commands on stdout. This is the default if
+ SHELL looks like it's a csh style of shell.
+
+ -d Debug mode. When this option is specified ssh-agent will not
+ fork.
+
+ -k Kill the current agent (given by the SSH_AGENT_PID environment
+ variable).
+
+ -s Generate Bourne shell commands on stdout. This is the default if
+ SHELL does not look like it's a csh style of shell.
+
+ -t life
+ Set a default value for the maximum lifetime of identities added
+ to the agent. The lifetime may be specified in seconds or in a
+ time format specified in sshd_config(5). A lifetime specified
+ for an identity with ssh-add(1) overrides this value. Without
+ this option the default maximum lifetime is forever.
+
+ If a commandline is given, this is executed as a subprocess of the agent.
+ When the command dies, so does the agent.
+
+ The agent initially does not have any private keys. Keys are added using
+ ssh-add(1). When executed without arguments, ssh-add(1) adds the files
+ ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and ~/.ssh/identity. If
+ the identity has a passphrase, ssh-add(1) asks for the passphrase on the
+ terminal if it has one or from a small X11 program if running under X11.
+ If neither of these is the case then the authentication will fail. It
+ then sends the identity to the agent. Several identities can be stored
+ in the agent; the agent can automatically use any of these identities.
+ ssh-add -l displays the identities currently held by the agent.
+
+ The idea is that the agent is run in the user's local PC, laptop, or
+ terminal. Authentication data need not be stored on any other machine,
+ and authentication passphrases never go over the network. However, the
+ connection to the agent is forwarded over SSH remote logins, and the user
+ can thus use the privileges given by the identities anywhere in the
+ network in a secure way.
+
+ There are two main ways to get an agent set up: The first is that the
+ agent starts a new subcommand into which some environment variables are
+ exported, eg ssh-agent xterm &. The second is that the agent prints the
+ needed shell commands (either sh(1) or csh(1) syntax can be generated)
+ which can be evaluated in the calling shell, eg eval `ssh-agent -s` for
+ Bourne-type shells such as sh(1) or ksh(1) and eval `ssh-agent -c` for
+ csh(1) and derivatives.
+
+ Later ssh(1) looks at these variables and uses them to establish a
+ connection to the agent.
+
+ The agent will never send a private key over its request channel.
+ Instead, operations that require a private key will be performed by the
+ agent, and the result will be returned to the requester. This way,
+ private keys are not exposed to clients using the agent.
+
+ A UNIX-domain socket is created and the name of this socket is stored in
+ the SSH_AUTH_SOCK environment variable. The socket is made accessible
+ only to the current user. This method is easily abused by root or
+ another instance of the same user.
+
+ The SSH_AGENT_PID environment variable holds the agent's process ID.
+
+ The agent exits automatically when the command given on the command line
+ terminates.
+
+FILES
+ ~/.ssh/identity
+ Contains the protocol version 1 RSA authentication identity of
+ the user.
+
+ ~/.ssh/id_dsa
+ Contains the protocol version 2 DSA authentication identity of
+ the user.
+
+ ~/.ssh/id_ecdsa
+ Contains the protocol version 2 ECDSA authentication identity of
+ the user.
+
+ ~/.ssh/id_rsa
+ Contains the protocol version 2 RSA authentication identity of
+ the user.
+
+ $TMPDIR/ssh-XXXXXXXXXX/agent.<ppid>
+ UNIX-domain sockets used to contain the connection to the
+ authentication agent. These sockets should only be readable by
+ the owner. The sockets should get automatically removed when the
+ agent exits.
+
+SEE ALSO
+ ssh(1), ssh-add(1), ssh-keygen(1), sshd(8)
+
+AUTHORS
+ OpenSSH is a derivative of the original and free ssh 1.2.12 release by
+ Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
+ de Raadt and Dug Song removed many bugs, re-added newer features and
+ created OpenSSH. Markus Friedl contributed the support for SSH protocol
+ versions 1.5 and 2.0.
+
+OpenBSD 5.4 November 21, 2010 OpenBSD 5.4
Index: vendor-crypto/openssh/dist/ssh-agent.1
===================================================================
--- vendor-crypto/openssh/dist/ssh-agent.1 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/ssh-agent.1 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/ssh-agent.1
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.6
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/ssh-agent.c
===================================================================
--- vendor-crypto/openssh/dist/ssh-agent.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/ssh-agent.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.171 2010/11/21 01:01:13 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.177 2013/07/20 01:50:20 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -106,7 +106,7 @@
Key *key;
char *comment;
char *provider;
- u_int death;
+ time_t death;
u_int confirm;
} Identity;
@@ -122,7 +122,7 @@
/* pid of shell == parent of agent */
pid_t parent_pid = -1;
-u_int parent_alive_interval = 0;
+time_t parent_alive_interval = 0;
/* pathname and directory for AUTH_SOCKET */
char socket_name[MAXPATHLEN];
@@ -134,8 +134,8 @@
extern char *__progname;
-/* Default lifetime (0 == forever) */
-static int lifetime = 0;
+/* Default lifetime in seconds (0 == forever) */
+static long lifetime = 0;
static void
close_socket(SocketEntry *e)
@@ -172,10 +172,9 @@
free_identity(Identity *id)
{
key_free(id->key);
- if (id->provider != NULL)
- xfree(id->provider);
- xfree(id->comment);
- xfree(id);
+ free(id->provider);
+ free(id->comment);
+ free(id);
}
/* return matching private key for given public key */
@@ -203,7 +202,7 @@
if (ask_permission("Allow use of key %s?\nKey fingerprint %s.",
id->comment, p))
ret = 0;
- xfree(p);
+ free(p);
return (ret);
}
@@ -230,7 +229,7 @@
u_int blen;
key_to_blob(id->key, &blob, &blen);
buffer_put_string(&msg, blob, blen);
- xfree(blob);
+ free(blob);
}
buffer_put_cstring(&msg, id->comment);
}
@@ -348,10 +347,9 @@
buffer_append(&e->output, buffer_ptr(&msg),
buffer_len(&msg));
buffer_free(&msg);
- xfree(data);
- xfree(blob);
- if (signature != NULL)
- xfree(signature);
+ free(data);
+ free(blob);
+ free(signature);
datafellows = odatafellows;
}
@@ -378,7 +376,7 @@
case 2:
blob = buffer_get_string(&e->request, &blen);
key = key_from_blob(blob, blen);
- xfree(blob);
+ free(blob);
break;
}
if (key != NULL) {
@@ -430,10 +428,10 @@
}
/* removes expired keys and returns number of seconds until the next expiry */
-static u_int
+static time_t
reaper(void)
{
- u_int deadline = 0, now = time(NULL);
+ time_t deadline = 0, now = monotime();
Identity *id, *nxt;
int version;
Idtab *tab;
@@ -465,8 +463,9 @@
{
Idtab *tab = idtab_lookup(version);
Identity *id;
- int type, success = 0, death = 0, confirm = 0;
+ int type, success = 0, confirm = 0;
char *type_name, *comment;
+ time_t death = 0;
Key *k = NULL;
#ifdef OPENSSL_HAS_ECC
BIGNUM *exponent;
@@ -509,7 +508,7 @@
cert = buffer_get_string(&e->request, &len);
if ((k = key_from_blob(cert, len)) == NULL)
fatal("Certificate parse failed");
- xfree(cert);
+ free(cert);
key_add_private(k);
buffer_get_bignum2(&e->request, k->dsa->priv_key);
break;
@@ -520,7 +519,7 @@
curve = buffer_get_string(&e->request, NULL);
if (k->ecdsa_nid != key_curve_name_to_nid(curve))
fatal("%s: curve names mismatch", __func__);
- xfree(curve);
+ free(curve);
k->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid);
if (k->ecdsa == NULL)
fatal("%s: EC_KEY_new_by_curve_name failed",
@@ -551,7 +550,7 @@
cert = buffer_get_string(&e->request, &len);
if ((k = key_from_blob(cert, len)) == NULL)
fatal("Certificate parse failed");
- xfree(cert);
+ free(cert);
key_add_private(k);
if ((exponent = BN_new()) == NULL)
fatal("%s: BN_new failed", __func__);
@@ -583,7 +582,7 @@
cert = buffer_get_string(&e->request, &len);
if ((k = key_from_blob(cert, len)) == NULL)
fatal("Certificate parse failed");
- xfree(cert);
+ free(cert);
key_add_private(k);
buffer_get_bignum2(&e->request, k->rsa->d);
buffer_get_bignum2(&e->request, k->rsa->iqmp);
@@ -591,11 +590,11 @@
buffer_get_bignum2(&e->request, k->rsa->q);
break;
default:
- xfree(type_name);
+ free(type_name);
buffer_clear(&e->request);
goto send;
}
- xfree(type_name);
+ free(type_name);
break;
}
/* enable blinding */
@@ -613,13 +612,13 @@
}
comment = buffer_get_string(&e->request, NULL);
if (k == NULL) {
- xfree(comment);
+ free(comment);
goto send;
}
while (buffer_len(&e->request)) {
switch ((type = buffer_get_char(&e->request))) {
case SSH_AGENT_CONSTRAIN_LIFETIME:
- death = time(NULL) + buffer_get_int(&e->request);
+ death = monotime() + buffer_get_int(&e->request);
break;
case SSH_AGENT_CONSTRAIN_CONFIRM:
confirm = 1;
@@ -627,7 +626,7 @@
default:
error("process_add_identity: "
"Unknown constraint type %d", type);
- xfree(comment);
+ free(comment);
key_free(k);
goto send;
}
@@ -634,7 +633,7 @@
}
success = 1;
if (lifetime && !death)
- death = time(NULL) + lifetime;
+ death = monotime() + lifetime;
if ((id = lookup_identity(k, version)) == NULL) {
id = xcalloc(1, sizeof(Identity));
id->key = k;
@@ -643,7 +642,7 @@
tab->nentries++;
} else {
key_free(k);
- xfree(id->comment);
+ free(id->comment);
}
id->comment = comment;
id->death = death;
@@ -665,7 +664,7 @@
if (locked && !lock && strcmp(passwd, lock_passwd) == 0) {
locked = 0;
memset(lock_passwd, 0, strlen(lock_passwd));
- xfree(lock_passwd);
+ free(lock_passwd);
lock_passwd = NULL;
success = 1;
} else if (!locked && lock) {
@@ -674,7 +673,7 @@
success = 1;
}
memset(passwd, 0, strlen(passwd));
- xfree(passwd);
+ free(passwd);
buffer_put_int(&e->output, 1);
buffer_put_char(&e->output,
@@ -701,7 +700,8 @@
process_add_smartcard_key(SocketEntry *e)
{
char *provider = NULL, *pin;
- int i, type, version, count = 0, success = 0, death = 0, confirm = 0;
+ int i, type, version, count = 0, success = 0, confirm = 0;
+ time_t death = 0;
Key **keys = NULL, *k;
Identity *id;
Idtab *tab;
@@ -712,7 +712,7 @@
while (buffer_len(&e->request)) {
switch ((type = buffer_get_char(&e->request))) {
case SSH_AGENT_CONSTRAIN_LIFETIME:
- death = time(NULL) + buffer_get_int(&e->request);
+ death = monotime() + buffer_get_int(&e->request);
break;
case SSH_AGENT_CONSTRAIN_CONFIRM:
confirm = 1;
@@ -724,7 +724,7 @@
}
}
if (lifetime && !death)
- death = time(NULL) + lifetime;
+ death = monotime() + lifetime;
count = pkcs11_add_provider(provider, pin, &keys);
for (i = 0; i < count; i++) {
@@ -747,12 +747,9 @@
keys[i] = NULL;
}
send:
- if (pin)
- xfree(pin);
- if (provider)
- xfree(provider);
- if (keys)
- xfree(keys);
+ free(pin);
+ free(provider);
+ free(keys);
buffer_put_int(&e->output, 1);
buffer_put_char(&e->output,
success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE);
@@ -768,7 +765,7 @@
provider = buffer_get_string(&e->request, NULL);
pin = buffer_get_string(&e->request, NULL);
- xfree(pin);
+ free(pin);
for (version = 1; version < 3; version++) {
tab = idtab_lookup(version);
@@ -786,7 +783,7 @@
else
error("process_remove_smartcard_key:"
" pkcs11_del_provider failed");
- xfree(provider);
+ free(provider);
buffer_put_int(&e->output, 1);
buffer_put_char(&e->output,
success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE);
@@ -931,9 +928,10 @@
prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl, u_int *nallocp,
struct timeval **tvpp)
{
- u_int i, sz, deadline;
+ u_int i, sz;
int n = 0;
static struct timeval tv;
+ time_t deadline;
for (i = 0; i < sockets_alloc; i++) {
switch (sockets[i].type) {
@@ -951,10 +949,8 @@
sz = howmany(n+1, NFDBITS) * sizeof(fd_mask);
if (*fdrp == NULL || sz > *nallocp) {
- if (*fdrp)
- xfree(*fdrp);
- if (*fdwp)
- xfree(*fdwp);
+ free(*fdrp);
+ free(*fdwp);
*fdrp = xmalloc(sz);
*fdwp = xmalloc(sz);
*nallocp = sz;
@@ -1097,7 +1093,11 @@
static void
check_parent_exists(void)
{
- if (parent_pid != -1 && kill(parent_pid, 0) < 0) {
+ /*
+ * If our parent has exited then getppid() will return (pid_t)1,
+ * so testing for that should be safe.
+ */
+ if (parent_pid != -1 && getppid() != parent_pid) {
/* printf("Parent has died - Authentication agent exiting.\n"); */
cleanup_socket();
_exit(2);
@@ -1154,7 +1154,6 @@
OpenSSL_add_all_algorithms();
__progname = ssh_get_progname(av[0]);
- init_rng();
seed_rng();
while ((ch = getopt(ac, av, "cdksa:t:")) != -1) {
@@ -1345,9 +1344,8 @@
if (ac > 0)
parent_alive_interval = 10;
idtab_init();
- if (!d_flag)
- signal(SIGINT, SIG_IGN);
signal(SIGPIPE, SIG_IGN);
+ signal(SIGINT, d_flag ? cleanup_handler : SIG_IGN);
signal(SIGHUP, cleanup_handler);
signal(SIGTERM, cleanup_handler);
nalloc = 0;
Property changes on: vendor-crypto/openssh/dist/ssh-agent.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.9
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/ssh-dss.c
===================================================================
--- vendor-crypto/openssh/dist/ssh-dss.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/ssh-dss.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-dss.c,v 1.27 2010/08/31 09:58:37 djm Exp $ */
+/* $OpenBSD: ssh-dss.c,v 1.28 2013/05/17 00:13:14 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -137,10 +137,10 @@
if (strcmp("ssh-dss", ktype) != 0) {
error("ssh_dss_verify: cannot handle type %s", ktype);
buffer_free(&b);
- xfree(ktype);
+ free(ktype);
return -1;
}
- xfree(ktype);
+ free(ktype);
sigblob = buffer_get_string(&b, &len);
rlen = buffer_len(&b);
buffer_free(&b);
@@ -147,7 +147,7 @@
if (rlen != 0) {
error("ssh_dss_verify: "
"remaining bytes in signature %d", rlen);
- xfree(sigblob);
+ free(sigblob);
return -1;
}
}
@@ -169,7 +169,7 @@
/* clean up */
memset(sigblob, 0, len);
- xfree(sigblob);
+ free(sigblob);
/* sha1 the data */
EVP_DigestInit(&md, evp_md);
Property changes on: vendor-crypto/openssh/dist/ssh-dss.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/ssh-ecdsa.c
===================================================================
--- vendor-crypto/openssh/dist/ssh-ecdsa.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/ssh-ecdsa.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-ecdsa.c,v 1.4 2010/09/10 01:04:10 djm Exp $ */
+/* $OpenBSD: ssh-ecdsa.c,v 1.6 2013/05/17 00:13:14 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -119,16 +119,16 @@
if (strcmp(key_ssh_name_plain(key), ktype) != 0) {
error("%s: cannot handle type %s", __func__, ktype);
buffer_free(&b);
- xfree(ktype);
+ free(ktype);
return -1;
}
- xfree(ktype);
+ free(ktype);
sigblob = buffer_get_string(&b, &len);
rlen = buffer_len(&b);
buffer_free(&b);
if (rlen != 0) {
error("%s: remaining bytes in signature %d", __func__, rlen);
- xfree(sigblob);
+ free(sigblob);
return -1;
}
@@ -145,10 +145,11 @@
buffer_get_bignum2(&bb, sig->s);
if (buffer_len(&bb) != 0)
fatal("%s: remaining bytes in inner sigblob", __func__);
+ buffer_free(&bb);
/* clean up */
memset(sigblob, 0, len);
- xfree(sigblob);
+ free(sigblob);
/* hash the data */
EVP_DigestInit(&md, evp_md);
Property changes on: vendor-crypto/openssh/dist/ssh-ecdsa.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/ssh-gss.h
===================================================================
--- vendor-crypto/openssh/dist/ssh-gss.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/ssh-gss.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -42,12 +42,13 @@
# include <gssapi/gssapi_generic.h>
# endif
-/* MIT Kerberos doesn't seem to define GSS_NT_HOSTBASED_SERVICE */
+/* Old MIT Kerberos doesn't seem to define GSS_NT_HOSTBASED_SERVICE */
-#ifndef GSS_C_NT_HOSTBASED_SERVICE
-#define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name
-#endif /* GSS_C_NT_... */
-#endif /* !HEIMDAL */
+# if !HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE
+# define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name
+# endif /* !HAVE_DECL_GSS_C_NT_... */
+
+# endif /* !HEIMDAL */
#endif /* KRB5 */
/* draft-ietf-secsh-gsskeyex-06 */
Property changes on: vendor-crypto/openssh/dist/ssh-gss.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Added: vendor-crypto/openssh/dist/ssh-keygen.0
===================================================================
--- vendor-crypto/openssh/dist/ssh-keygen.0 (rev 0)
+++ vendor-crypto/openssh/dist/ssh-keygen.0 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,546 @@
+SSH-KEYGEN(1) OpenBSD Reference Manual SSH-KEYGEN(1)
+
+NAME
+ ssh-keygen - authentication key generation, management and conversion
+
+SYNOPSIS
+ ssh-keygen [-q] [-b bits] -t type [-N new_passphrase] [-C comment]
+ [-f output_keyfile]
+ ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]
+ ssh-keygen -i [-m key_format] [-f input_keyfile]
+ ssh-keygen -e [-m key_format] [-f input_keyfile]
+ ssh-keygen -y [-f input_keyfile]
+ ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]
+ ssh-keygen -l [-f input_keyfile]
+ ssh-keygen -B [-f input_keyfile]
+ ssh-keygen -D pkcs11
+ ssh-keygen -F hostname [-f known_hosts_file] [-l]
+ ssh-keygen -H [-f known_hosts_file]
+ ssh-keygen -R hostname [-f known_hosts_file]
+ ssh-keygen -r hostname [-f input_keyfile] [-g]
+ ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]
+ ssh-keygen -T output_file -f input_file [-v] [-a num_trials]
+ [-J num_lines] [-j start_line] [-K checkpt] [-W generator]
+ ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals]
+ [-O option] [-V validity_interval] [-z serial_number] file ...
+ ssh-keygen -L [-f input_keyfile]
+ ssh-keygen -A
+ ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number]
+ file ...
+ ssh-keygen -Q -f krl_file file ...
+
+DESCRIPTION
+ ssh-keygen generates, manages and converts authentication keys for
+ ssh(1). ssh-keygen can create RSA keys for use by SSH protocol version 1
+ and DSA, ECDSA or RSA keys for use by SSH protocol version 2. The type
+ of key to be generated is specified with the -t option. If invoked
+ without any arguments, ssh-keygen will generate an RSA key for use in SSH
+ protocol 2 connections.
+
+ ssh-keygen is also used to generate groups for use in Diffie-Hellman
+ group exchange (DH-GEX). See the MODULI GENERATION section for details.
+
+ Finally, ssh-keygen can be used to generate and update Key Revocation
+ Lists, and to test whether given keys have been revoked by one. See the
+ KEY REVOCATION LISTS section for details.
+
+ Normally each user wishing to use SSH with public key authentication runs
+ this once to create the authentication key in ~/.ssh/identity,
+ ~/.ssh/id_ecdsa, ~/.ssh/id_dsa or ~/.ssh/id_rsa. Additionally, the
+ system administrator may use this to generate host keys, as seen in
+ /etc/rc.
+
+ Normally this program generates the key and asks for a file in which to
+ store the private key. The public key is stored in a file with the same
+ name but ``.pub'' appended. The program also asks for a passphrase. The
+ passphrase may be empty to indicate no passphrase (host keys must have an
+ empty passphrase), or it may be a string of arbitrary length. A
+ passphrase is similar to a password, except it can be a phrase with a
+ series of words, punctuation, numbers, whitespace, or any string of
+ characters you want. Good passphrases are 10-30 characters long, are not
+ simple sentences or otherwise easily guessable (English prose has only
+ 1-2 bits of entropy per character, and provides very bad passphrases),
+ and contain a mix of upper and lowercase letters, numbers, and non-
+ alphanumeric characters. The passphrase can be changed later by using
+ the -p option.
+
+ There is no way to recover a lost passphrase. If the passphrase is lost
+ or forgotten, a new key must be generated and the corresponding public
+ key copied to other machines.
+
+ For RSA1 keys, there is also a comment field in the key file that is only
+ for convenience to the user to help identify the key. The comment can
+ tell what the key is for, or whatever is useful. The comment is
+ initialized to ``user at host'' when the key is created, but can be changed
+ using the -c option.
+
+ After a key is generated, instructions below detail where the keys should
+ be placed to be activated.
+
+ The options are as follows:
+
+ -A For each of the key types (rsa1, rsa, dsa and ecdsa) for which
+ host keys do not exist, generate the host keys with the default
+ key file path, an empty passphrase, default bits for the key
+ type, and default comment. This is used by /etc/rc to generate
+ new host keys.
+
+ -a trials
+ Specifies the number of primality tests to perform when screening
+ DH-GEX candidates using the -T command.
+
+ -B Show the bubblebabble digest of specified private or public key
+ file.
+
+ -b bits
+ Specifies the number of bits in the key to create. For RSA keys,
+ the minimum size is 768 bits and the default is 2048 bits.
+ Generally, 2048 bits is considered sufficient. DSA keys must be
+ exactly 1024 bits as specified by FIPS 186-2. For ECDSA keys,
+ the -b flag determines the key length by selecting from one of
+ three elliptic curve sizes: 256, 384 or 521 bits. Attempting to
+ use bit lengths other than these three values for ECDSA keys will
+ fail.
+
+ -C comment
+ Provides a new comment.
+
+ -c Requests changing the comment in the private and public key
+ files. This operation is only supported for RSA1 keys. The
+ program will prompt for the file containing the private keys, for
+ the passphrase if the key has one, and for the new comment.
+
+ -D pkcs11
+ Download the RSA public keys provided by the PKCS#11 shared
+ library pkcs11. When used in combination with -s, this option
+ indicates that a CA key resides in a PKCS#11 token (see the
+ CERTIFICATES section for details).
+
+ -e This option will read a private or public OpenSSH key file and
+ print to stdout the key in one of the formats specified by the -m
+ option. The default export format is ``RFC4716''. This option
+ allows exporting OpenSSH keys for use by other programs,
+ including several commercial SSH implementations.
+
+ -F hostname
+ Search for the specified hostname in a known_hosts file, listing
+ any occurrences found. This option is useful to find hashed host
+ names or addresses and may also be used in conjunction with the
+ -H option to print found keys in a hashed format.
+
+ -f filename
+ Specifies the filename of the key file.
+
+ -G output_file
+ Generate candidate primes for DH-GEX. These primes must be
+ screened for safety (using the -T option) before use.
+
+ -g Use generic DNS format when printing fingerprint resource records
+ using the -r command.
+
+ -H Hash a known_hosts file. This replaces all hostnames and
+ addresses with hashed representations within the specified file;
+ the original content is moved to a file with a .old suffix.
+ These hashes may be used normally by ssh and sshd, but they do
+ not reveal identifying information should the file's contents be
+ disclosed. This option will not modify existing hashed hostnames
+ and is therefore safe to use on files that mix hashed and non-
+ hashed names.
+
+ -h When signing a key, create a host certificate instead of a user
+ certificate. Please see the CERTIFICATES section for details.
+
+ -I certificate_identity
+ Specify the key identity when signing a public key. Please see
+ the CERTIFICATES section for details.
+
+ -i This option will read an unencrypted private (or public) key file
+ in the format specified by the -m option and print an OpenSSH
+ compatible private (or public) key to stdout.
+
+ -J num_lines
+ Exit after screening the specified number of lines while
+ performing DH candidate screening using the -T option.
+
+ -j start_line
+ Start screening at the specified line number while performing DH
+ candidate screening using the -T option.
+
+ -K checkpt
+ Write the last line processed to the file checkpt while
+ performing DH candidate screening using the -T option. This will
+ be used to skip lines in the input file that have already been
+ processed if the job is restarted. This option allows importing
+ keys from other software, including several commercial SSH
+ implementations. The default import format is ``RFC4716''.
+
+ -k Generate a KRL file. In this mode, ssh-keygen will generate a
+ KRL file at the location specified via the -f flag that revokes
+ every key or certificate presented on the command line.
+ Keys/certificates to be revoked may be specified by public key
+ file or using the format described in the KEY REVOCATION LISTS
+ section.
+
+ -L Prints the contents of a certificate.
+
+ -l Show fingerprint of specified public key file. Private RSA1 keys
+ are also supported. For RSA and DSA keys ssh-keygen tries to
+ find the matching public key file and prints its fingerprint. If
+ combined with -v, an ASCII art representation of the key is
+ supplied with the fingerprint.
+
+ -M memory
+ Specify the amount of memory to use (in megabytes) when
+ generating candidate moduli for DH-GEX.
+
+ -m key_format
+ Specify a key format for the -i (import) or -e (export)
+ conversion options. The supported key formats are: ``RFC4716''
+ (RFC 4716/SSH2 public or private key), ``PKCS8'' (PEM PKCS8
+ public key) or ``PEM'' (PEM public key). The default conversion
+ format is ``RFC4716''.
+
+ -N new_passphrase
+ Provides the new passphrase.
+
+ -n principals
+ Specify one or more principals (user or host names) to be
+ included in a certificate when signing a key. Multiple
+ principals may be specified, separated by commas. Please see the
+ CERTIFICATES section for details.
+
+ -O option
+ Specify a certificate option when signing a key. This option may
+ be specified multiple times. Please see the CERTIFICATES section
+ for details. The options that are valid for user certificates
+ are:
+
+ clear Clear all enabled permissions. This is useful for
+ clearing the default set of permissions so permissions
+ may be added individually.
+
+ force-command=command
+ Forces the execution of command instead of any shell or
+ command specified by the user when the certificate is
+ used for authentication.
+
+ no-agent-forwarding
+ Disable ssh-agent(1) forwarding (permitted by default).
+
+ no-port-forwarding
+ Disable port forwarding (permitted by default).
+
+ no-pty Disable PTY allocation (permitted by default).
+
+ no-user-rc
+ Disable execution of ~/.ssh/rc by sshd(8) (permitted by
+ default).
+
+ no-x11-forwarding
+ Disable X11 forwarding (permitted by default).
+
+ permit-agent-forwarding
+ Allows ssh-agent(1) forwarding.
+
+ permit-port-forwarding
+ Allows port forwarding.
+
+ permit-pty
+ Allows PTY allocation.
+
+ permit-user-rc
+ Allows execution of ~/.ssh/rc by sshd(8).
+
+ permit-x11-forwarding
+ Allows X11 forwarding.
+
+ source-address=address_list
+ Restrict the source addresses from which the certificate
+ is considered valid. The address_list is a comma-
+ separated list of one or more address/netmask pairs in
+ CIDR format.
+
+ At present, no options are valid for host keys.
+
+ -P passphrase
+ Provides the (old) passphrase.
+
+ -p Requests changing the passphrase of a private key file instead of
+ creating a new private key. The program will prompt for the file
+ containing the private key, for the old passphrase, and twice for
+ the new passphrase.
+
+ -Q Test whether keys have been revoked in a KRL.
+
+ -q Silence ssh-keygen.
+
+ -R hostname
+ Removes all keys belonging to hostname from a known_hosts file.
+ This option is useful to delete hashed hosts (see the -H option
+ above).
+
+ -r hostname
+ Print the SSHFP fingerprint resource record named hostname for
+ the specified public key file.
+
+ -S start
+ Specify start point (in hex) when generating candidate moduli for
+ DH-GEX.
+
+ -s ca_key
+ Certify (sign) a public key using the specified CA key. Please
+ see the CERTIFICATES section for details.
+
+ When generating a KRL, -s specifies a path to a CA public key
+ file used to revoke certificates directly by key ID or serial
+ number. See the KEY REVOCATION LISTS section for details.
+
+ -T output_file
+ Test DH group exchange candidate primes (generated using the -G
+ option) for safety.
+
+ -t type
+ Specifies the type of key to create. The possible values are
+ ``rsa1'' for protocol version 1 and ``dsa'', ``ecdsa'' or ``rsa''
+ for protocol version 2.
+
+ -u Update a KRL. When specified with -k, keys listed via the
+ command line are added to the existing KRL rather than a new KRL
+ being created.
+
+ -V validity_interval
+ Specify a validity interval when signing a certificate. A
+ validity interval may consist of a single time, indicating that
+ the certificate is valid beginning now and expiring at that time,
+ or may consist of two times separated by a colon to indicate an
+ explicit time interval. The start time may be specified as a
+ date in YYYYMMDD format, a time in YYYYMMDDHHMMSS format or a
+ relative time (to the current time) consisting of a minus sign
+ followed by a relative time in the format described in the TIME
+ FORMATS section of sshd_config(5). The end time may be specified
+ as a YYYYMMDD date, a YYYYMMDDHHMMSS time or a relative time
+ starting with a plus character.
+
+ For example: ``+52w1d'' (valid from now to 52 weeks and one day
+ from now), ``-4w:+4w'' (valid from four weeks ago to four weeks
+ from now), ``20100101123000:20110101123000'' (valid from 12:30
+ PM, January 1st, 2010 to 12:30 PM, January 1st, 2011),
+ ``-1d:20110101'' (valid from yesterday to midnight, January 1st,
+ 2011).
+
+ -v Verbose mode. Causes ssh-keygen to print debugging messages
+ about its progress. This is helpful for debugging moduli
+ generation. Multiple -v options increase the verbosity. The
+ maximum is 3.
+
+ -W generator
+ Specify desired generator when testing candidate moduli for DH-
+ GEX.
+
+ -y This option will read a private OpenSSH format file and print an
+ OpenSSH public key to stdout.
+
+ -z serial_number
+ Specifies a serial number to be embedded in the certificate to
+ distinguish this certificate from others from the same CA. The
+ default serial number is zero.
+
+ When generating a KRL, the -z flag is used to specify a KRL
+ version number.
+
+MODULI GENERATION
+ ssh-keygen may be used to generate groups for the Diffie-Hellman Group
+ Exchange (DH-GEX) protocol. Generating these groups is a two-step
+ process: first, candidate primes are generated using a fast, but memory
+ intensive process. These candidate primes are then tested for
+ suitability (a CPU-intensive process).
+
+ Generation of primes is performed using the -G option. The desired
+ length of the primes may be specified by the -b option. For example:
+
+ # ssh-keygen -G moduli-2048.candidates -b 2048
+
+ By default, the search for primes begins at a random point in the desired
+ length range. This may be overridden using the -S option, which
+ specifies a different start point (in hex).
+
+ Once a set of candidates have been generated, they must be screened for
+ suitability. This may be performed using the -T option. In this mode
+ ssh-keygen will read candidates from standard input (or a file specified
+ using the -f option). For example:
+
+ # ssh-keygen -T moduli-2048 -f moduli-2048.candidates
+
+ By default, each candidate will be subjected to 100 primality tests.
+ This may be overridden using the -a option. The DH generator value will
+ be chosen automatically for the prime under consideration. If a specific
+ generator is desired, it may be requested using the -W option. Valid
+ generator values are 2, 3, and 5.
+
+ Screened DH groups may be installed in /etc/moduli. It is important that
+ this file contains moduli of a range of bit lengths and that both ends of
+ a connection share common moduli.
+
+CERTIFICATES
+ ssh-keygen supports signing of keys to produce certificates that may be
+ used for user or host authentication. Certificates consist of a public
+ key, some identity information, zero or more principal (user or host)
+ names and a set of options that are signed by a Certification Authority
+ (CA) key. Clients or servers may then trust only the CA key and verify
+ its signature on a certificate rather than trusting many user/host keys.
+ Note that OpenSSH certificates are a different, and much simpler, format
+ to the X.509 certificates used in ssl(8).
+
+ ssh-keygen supports two types of certificates: user and host. User
+ certificates authenticate users to servers, whereas host certificates
+ authenticate server hosts to users. To generate a user certificate:
+
+ $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub
+
+ The resultant certificate will be placed in /path/to/user_key-cert.pub.
+ A host certificate requires the -h option:
+
+ $ ssh-keygen -s /path/to/ca_key -I key_id -h /path/to/host_key.pub
+
+ The host certificate will be output to /path/to/host_key-cert.pub.
+
+ It is possible to sign using a CA key stored in a PKCS#11 token by
+ providing the token library using -D and identifying the CA key by
+ providing its public half as an argument to -s:
+
+ $ ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id host_key.pub
+
+ In all cases, key_id is a "key identifier" that is logged by the server
+ when the certificate is used for authentication.
+
+ Certificates may be limited to be valid for a set of principal
+ (user/host) names. By default, generated certificates are valid for all
+ users or hosts. To generate a certificate for a specified set of
+ principals:
+
+ $ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub
+ $ ssh-keygen -s ca_key -I key_id -h -n host.domain user_key.pub
+
+ Additional limitations on the validity and use of user certificates may
+ be specified through certificate options. A certificate option may
+ disable features of the SSH session, may be valid only when presented
+ from particular source addresses or may force the use of a specific
+ command. For a list of valid certificate options, see the documentation
+ for the -O option above.
+
+ Finally, certificates may be defined with a validity lifetime. The -V
+ option allows specification of certificate start and end times. A
+ certificate that is presented at a time outside this range will not be
+ considered valid. By default, certificates are valid from UNIX Epoch to
+ the distant future.
+
+ For certificates to be used for user or host authentication, the CA
+ public key must be trusted by sshd(8) or ssh(1). Please refer to those
+ manual pages for details.
+
+KEY REVOCATION LISTS
+ ssh-keygen is able to manage OpenSSH format Key Revocation Lists (KRLs).
+ These binary files specify keys or certificates to be revoked using a
+ compact format, taking as little a one bit per certificate if they are
+ being revoked by serial number.
+
+ KRLs may be generated using the -k flag. This option reads one or more
+ files from the command line and generates a new KRL. The files may
+ either contain a KRL specification (see below) or public keys, listed one
+ per line. Plain public keys are revoked by listing their hash or
+ contents in the KRL and certificates revoked by serial number or key ID
+ (if the serial is zero or not available).
+
+ Revoking keys using a KRL specification offers explicit control over the
+ types of record used to revoke keys and may be used to directly revoke
+ certificates by serial number or key ID without having the complete
+ original certificate on hand. A KRL specification consists of lines
+ containing one of the following directives followed by a colon and some
+ directive-specific information.
+
+ serial: serial_number[-serial_number]
+ Revokes a certificate with the specified serial number. Serial
+ numbers are 64-bit values, not including zero and may be
+ expressed in decimal, hex or octal. If two serial numbers are
+ specified separated by a hyphen, then the range of serial numbers
+ including and between each is revoked. The CA key must have been
+ specified on the ssh-keygen command line using the -s option.
+
+ id: key_id
+ Revokes a certificate with the specified key ID string. The CA
+ key must have been specified on the ssh-keygen command line using
+ the -s option.
+
+ key: public_key
+ Revokes the specified key. If a certificate is listed, then it
+ is revoked as a plain public key.
+
+ sha1: public_key
+ Revokes the specified key by its SHA1 hash.
+
+ KRLs may be updated using the -u flag in addition to -k. When this
+ option is specified, keys listed via the command line are merged into the
+ KRL, adding to those already there.
+
+ It is also possible, given a KRL, to test whether it revokes a particular
+ key (or keys). The -Q flag will query an existing KRL, testing each key
+ specified on the commandline. If any key listed on the command line has
+ been revoked (or an error encountered) then ssh-keygen will exit with a
+ non-zero exit status. A zero exit status will only be returned if no key
+ was revoked.
+
+FILES
+ ~/.ssh/identity
+ Contains the protocol version 1 RSA authentication identity of
+ the user. This file should not be readable by anyone but the
+ user. It is possible to specify a passphrase when generating the
+ key; that passphrase will be used to encrypt the private part of
+ this file using 3DES. This file is not automatically accessed by
+ ssh-keygen but it is offered as the default file for the private
+ key. ssh(1) will read this file when a login attempt is made.
+
+ ~/.ssh/identity.pub
+ Contains the protocol version 1 RSA public key for
+ authentication. The contents of this file should be added to
+ ~/.ssh/authorized_keys on all machines where the user wishes to
+ log in using RSA authentication. There is no need to keep the
+ contents of this file secret.
+
+ ~/.ssh/id_dsa
+ ~/.ssh/id_ecdsa
+ ~/.ssh/id_rsa
+ Contains the protocol version 2 DSA, ECDSA or RSA authentication
+ identity of the user. This file should not be readable by anyone
+ but the user. It is possible to specify a passphrase when
+ generating the key; that passphrase will be used to encrypt the
+ private part of this file using 128-bit AES. This file is not
+ automatically accessed by ssh-keygen but it is offered as the
+ default file for the private key. ssh(1) will read this file
+ when a login attempt is made.
+
+ ~/.ssh/id_dsa.pub
+ ~/.ssh/id_ecdsa.pub
+ ~/.ssh/id_rsa.pub
+ Contains the protocol version 2 DSA, ECDSA or RSA public key for
+ authentication. The contents of this file should be added to
+ ~/.ssh/authorized_keys on all machines where the user wishes to
+ log in using public key authentication. There is no need to keep
+ the contents of this file secret.
+
+ /etc/moduli
+ Contains Diffie-Hellman groups used for DH-GEX. The file format
+ is described in moduli(5).
+
+SEE ALSO
+ ssh(1), ssh-add(1), ssh-agent(1), moduli(5), sshd(8)
+
+ The Secure Shell (SSH) Public Key File Format, RFC 4716, 2006.
+
+AUTHORS
+ OpenSSH is a derivative of the original and free ssh 1.2.12 release by
+ Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
+ de Raadt and Dug Song removed many bugs, re-added newer features and
+ created OpenSSH. Markus Friedl contributed the support for SSH protocol
+ versions 1.5 and 2.0.
+
+OpenBSD 5.4 June 27, 2013 OpenBSD 5.4
Modified: vendor-crypto/openssh/dist/ssh-keygen.1
===================================================================
--- vendor-crypto/openssh/dist/ssh-keygen.1 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/ssh-keygen.1 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-keygen.1,v 1.101 2010/10/28 18:33:28 jmc Exp $
+.\" $OpenBSD: ssh-keygen.1,v 1.116 2013/06/27 14:05:37 jmc Exp $
.\"
.\" Author: Tatu Ylonen <ylo at cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: October 28 2010 $
+.Dd $Mdocdate: June 27 2013 $
.Dt SSH-KEYGEN 1
.Os
.Sh NAME
@@ -104,6 +104,9 @@
.Fl f Ar input_file
.Op Fl v
.Op Fl a Ar num_trials
+.Op Fl J Ar num_lines
+.Op Fl j Ar start_line
+.Op Fl K Ar checkpt
.Op Fl W Ar generator
.Nm ssh-keygen
.Fl s Ar ca_key
@@ -117,6 +120,19 @@
.Nm ssh-keygen
.Fl L
.Op Fl f Ar input_keyfile
+.Nm ssh-keygen
+.Fl A
+.Nm ssh-keygen
+.Fl k
+.Fl f Ar krl_file
+.Op Fl u
+.Op Fl s Ar ca_public
+.Op Fl z Ar version_number
+.Ar
+.Nm ssh-keygen
+.Fl Q
+.Fl f Ar krl_file
+.Ar
.Ek
.Sh DESCRIPTION
.Nm
@@ -139,6 +155,14 @@
.Sx MODULI GENERATION
section for details.
.Pp
+Finally,
+.Nm
+can be used to generate and update Key Revocation Lists, and to test whether
+given keys have been revoked by one.
+See the
+.Sx KEY REVOCATION LISTS
+section for details.
+.Pp
Normally each user wishing to use SSH
with public key authentication runs this once to create the authentication
key in
@@ -173,9 +197,8 @@
option.
.Pp
There is no way to recover a lost passphrase.
-If the passphrase is
-lost or forgotten, a new key must be generated and copied to the
-corresponding public key to other machines.
+If the passphrase is lost or forgotten, a new key must be generated
+and the corresponding public key copied to other machines.
.Pp
For RSA1 keys,
there is also a comment field in the key file that is only for
@@ -192,6 +215,13 @@
.Pp
The options are as follows:
.Bl -tag -width Ds
+.It Fl A
+For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys
+do not exist, generate the host keys with the default key file path,
+an empty passphrase, default bits for the key type, and default comment.
+This is used by
+.Pa /etc/rc
+to generate new host keys.
.It Fl a Ar trials
Specifies the number of primality tests to perform when screening DH-GEX
candidates using the
@@ -204,6 +234,12 @@
For RSA keys, the minimum size is 768 bits and the default is 2048 bits.
Generally, 2048 bits is considered sufficient.
DSA keys must be exactly 1024 bits as specified by FIPS 186-2.
+For ECDSA keys, the
+.Fl b
+flag determines the key length by selecting from one of three elliptic
+curve sizes: 256, 384 or 521 bits.
+Attempting to use bit lengths other than these three values for ECDSA keys
+will fail.
.It Fl C Ar comment
Provides a new comment.
.It Fl c
@@ -282,10 +318,39 @@
.Fl m
option and print an OpenSSH compatible private
(or public) key to stdout.
+.It Fl J Ar num_lines
+Exit after screening the specified number of lines
+while performing DH candidate screening using the
+.Fl T
+option.
+.It Fl j Ar start_line
+Start screening at the specified line number
+while performing DH candidate screening using the
+.Fl T
+option.
+.It Fl K Ar checkpt
+Write the last line processed to the file
+.Ar checkpt
+while performing DH candidate screening using the
+.Fl T
+option.
+This will be used to skip lines in the input file that have already been
+processed if the job is restarted.
This option allows importing keys from other software, including several
commercial SSH implementations.
The default import format is
.Dq RFC4716 .
+.It Fl k
+Generate a KRL file.
+In this mode,
+.Nm
+will generate a KRL file at the location specified via the
+.Fl f
+flag that revokes every key or certificate presented on the command line.
+Keys/certificates to be revoked may be specified by public key file or
+using the format described in the
+.Sx KEY REVOCATION LISTS
+section.
.It Fl L
Prints the contents of a certificate.
.It Fl l
@@ -390,12 +455,11 @@
The program will prompt for the file
containing the private key, for the old passphrase, and twice for the
new passphrase.
+.It Fl Q
+Test whether keys have been revoked in a KRL.
.It Fl q
Silence
.Nm ssh-keygen .
-Used by
-.Pa /etc/rc
-when creating a new key.
.It Fl R Ar hostname
Removes all keys belonging to
.Ar hostname
@@ -416,6 +480,14 @@
Please see the
.Sx CERTIFICATES
section for details.
+.Pp
+When generating a KRL,
+.Fl s
+specifies a path to a CA public key file used to revoke certificates directly
+by key ID or serial number.
+See the
+.Sx KEY REVOCATION LISTS
+section for details.
.It Fl T Ar output_file
Test DH group exchange candidate primes (generated using the
.Fl G
@@ -430,6 +502,12 @@
or
.Dq rsa
for protocol version 2.
+.It Fl u
+Update a KRL.
+When specified with
+.Fl k ,
+keys listed via the command line are added to the existing KRL rather than
+a new KRL being created.
.It Fl V Ar validity_interval
Specify a validity interval when signing a certificate.
A validity interval may consist of a single time, indicating that the
@@ -438,8 +516,7 @@
The start time may be specified as a date in YYYYMMDD format, a time
in YYYYMMDDHHMMSS format or a relative time (to the current time) consisting
of a minus sign followed by a relative time in the format described in the
-.Sx TIME FORMATS
-section of
+TIME FORMATS section of
.Xr sshd_config 5 .
The end time may be specified as a YYYYMMDD date, a YYYYMMDDHHMMSS time or
a relative time starting with a plus character.
@@ -472,6 +549,10 @@
Specifies a serial number to be embedded in the certificate to distinguish
this certificate from others from the same CA.
The default serial number is zero.
+.Pp
+When generating a KRL, the
+.Fl z
+flag is used to specify a KRL version number.
.El
.Sh MODULI GENERATION
.Nm
@@ -498,7 +579,7 @@
.Fl S
option, which specifies a different start point (in hex).
.Pp
-Once a set of candidates have been generated, they must be tested for
+Once a set of candidates have been generated, they must be screened for
suitability.
This may be performed using the
.Fl T
@@ -596,7 +677,9 @@
option allows specification of certificate start and end times.
A certificate that is presented at a time outside this range will not be
considered valid.
-By default, certificates have a maximum validity interval.
+By default, certificates are valid from
+.Ux
+Epoch to the distant future.
.Pp
For certificates to be used for user or host authentication, the CA
public key must be trusted by
@@ -604,6 +687,73 @@
or
.Xr ssh 1 .
Please refer to those manual pages for details.
+.Sh KEY REVOCATION LISTS
+.Nm
+is able to manage OpenSSH format Key Revocation Lists (KRLs).
+These binary files specify keys or certificates to be revoked using a
+compact format, taking as little a one bit per certificate if they are being
+revoked by serial number.
+.Pp
+KRLs may be generated using the
+.Fl k
+flag.
+This option reads one or more files from the command line and generates a new
+KRL.
+The files may either contain a KRL specification (see below) or public keys,
+listed one per line.
+Plain public keys are revoked by listing their hash or contents in the KRL and
+certificates revoked by serial number or key ID (if the serial is zero or
+not available).
+.Pp
+Revoking keys using a KRL specification offers explicit control over the
+types of record used to revoke keys and may be used to directly revoke
+certificates by serial number or key ID without having the complete original
+certificate on hand.
+A KRL specification consists of lines containing one of the following directives
+followed by a colon and some directive-specific information.
+.Bl -tag -width Ds
+.It Cm serial : Ar serial_number Ns Op - Ns Ar serial_number
+Revokes a certificate with the specified serial number.
+Serial numbers are 64-bit values, not including zero and may be expressed
+in decimal, hex or octal.
+If two serial numbers are specified separated by a hyphen, then the range
+of serial numbers including and between each is revoked.
+The CA key must have been specified on the
+.Nm
+command line using the
+.Fl s
+option.
+.It Cm id : Ar key_id
+Revokes a certificate with the specified key ID string.
+The CA key must have been specified on the
+.Nm
+command line using the
+.Fl s
+option.
+.It Cm key : Ar public_key
+Revokes the specified key.
+If a certificate is listed, then it is revoked as a plain public key.
+.It Cm sha1 : Ar public_key
+Revokes the specified key by its SHA1 hash.
+.El
+.Pp
+KRLs may be updated using the
+.Fl u
+flag in addition to
+.Fl k .
+When this option is specified, keys listed via the command line are merged into
+the KRL, adding to those already there.
+.Pp
+It is also possible, given a KRL, to test whether it revokes a particular key
+(or keys).
+The
+.Fl Q
+flag will query an existing KRL, testing each key specified on the commandline.
+If any key listed on the command line has been revoked (or an error encountered)
+then
+.Nm
+will exit with a non-zero exit status.
+A zero exit status will only be returned if no key was revoked.
.Sh FILES
.Bl -tag -width Ds -compact
.It Pa ~/.ssh/identity
Property changes on: vendor-crypto/openssh/dist/ssh-keygen.1
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.6
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/ssh-keygen.c
===================================================================
--- vendor-crypto/openssh/dist/ssh-keygen.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/ssh-keygen.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.205 2011/01/11 06:13:10 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.230 2013/07/20 01:44:37 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -48,11 +48,11 @@
#include "match.h"
#include "hostfile.h"
#include "dns.h"
+#include "ssh.h"
#include "ssh2.h"
-
-#ifdef ENABLE_PKCS11
#include "ssh-pkcs11.h"
-#endif
+#include "atomicio.h"
+#include "krl.h"
/* Number of bits in the RSA/DSA key. This value can be set on the command line. */
#define DEFAULT_BITS 2048
@@ -107,7 +107,7 @@
char *ca_key_path = NULL;
/* Certificate serial number */
-long long cert_serial = 0;
+unsigned long long cert_serial = 0;
/* Key type when certifying */
u_int cert_key_type = SSH2_CERT_TYPE_USER;
@@ -157,9 +157,42 @@
/* moduli.c */
int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);
-int prime_test(FILE *, FILE *, u_int32_t, u_int32_t);
+int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long,
+ unsigned long);
static void
+type_bits_valid(int type, u_int32_t *bitsp)
+{
+ u_int maxbits;
+
+ if (type == KEY_UNSPEC) {
+ fprintf(stderr, "unknown key type %s\n", key_type_name);
+ exit(1);
+ }
+ if (*bitsp == 0) {
+ if (type == KEY_DSA)
+ *bitsp = DEFAULT_BITS_DSA;
+ else if (type == KEY_ECDSA)
+ *bitsp = DEFAULT_BITS_ECDSA;
+ else
+ *bitsp = DEFAULT_BITS;
+ }
+ maxbits = (type == KEY_DSA) ?
+ OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS;
+ if (*bitsp > maxbits) {
+ fprintf(stderr, "key bits exceeds maximum %d\n", maxbits);
+ exit(1);
+ }
+ if (type == KEY_DSA && *bitsp != 1024)
+ fatal("DSA keys must be 1024 bits");
+ else if (type != KEY_ECDSA && *bitsp < 768)
+ fatal("Key must at least be 768 bits");
+ else if (type == KEY_ECDSA && key_ecdsa_bits_to_nid(*bitsp) == -1)
+ fatal("Invalid ECDSA key length - valid lengths are "
+ "256, 384 or 521 bits");
+}
+
+static void
ask_filename(struct passwd *pw, const char *prompt)
{
char buf[1024];
@@ -219,7 +252,7 @@
RP_ALLOW_STDIN);
prv = key_load_private(filename, pass, NULL);
memset(pass, 0, strlen(pass));
- xfree(pass);
+ free(pass);
}
return prv;
}
@@ -236,6 +269,10 @@
u_char *blob;
char comment[61];
+ if (k->type == KEY_RSA1) {
+ fprintf(stderr, "version 1 keys are not supported\n");
+ exit(1);
+ }
if (key_to_blob(k, &blob, &len) <= 0) {
fprintf(stderr, "key_to_blob failed\n");
exit(1);
@@ -251,7 +288,7 @@
dump_base64(stdout, blob, len);
fprintf(stdout, "%s\n", SSH_COM_PUBLIC_END);
key_free(k);
- xfree(blob);
+ free(blob);
exit(0);
}
@@ -259,6 +296,7 @@
do_convert_to_pkcs8(Key *k)
{
switch (key_type_plain(k->type)) {
+ case KEY_RSA1:
case KEY_RSA:
if (!PEM_write_RSA_PUBKEY(stdout, k->rsa))
fatal("PEM_write_RSA_PUBKEY failed");
@@ -283,6 +321,7 @@
do_convert_to_pem(Key *k)
{
switch (key_type_plain(k->type)) {
+ case KEY_RSA1:
case KEY_RSA:
if (!PEM_write_RSAPublicKey(stdout, k->rsa))
fatal("PEM_write_RSAPublicKey failed");
@@ -316,10 +355,6 @@
exit(1);
}
}
- if (k->type == KEY_RSA1) {
- fprintf(stderr, "version 1 keys are not supported\n");
- exit(1);
- }
switch (convert_format) {
case FMT_RFC4716:
@@ -380,12 +415,12 @@
debug("ignore (%d %d %d %d)", i1, i2, i3, i4);
if (strcmp(cipher, "none") != 0) {
error("unsupported cipher %s", cipher);
- xfree(cipher);
+ free(cipher);
buffer_free(&b);
- xfree(type);
+ free(type);
return NULL;
}
- xfree(cipher);
+ free(cipher);
if (strstr(type, "dsa")) {
ktype = KEY_DSA;
@@ -393,11 +428,11 @@
ktype = KEY_RSA;
} else {
buffer_free(&b);
- xfree(type);
+ free(type);
return NULL;
}
key = key_new_private(ktype);
- xfree(type);
+ free(type);
switch (key->type) {
case KEY_DSA:
@@ -440,7 +475,7 @@
/* try the key */
key_sign(key, &sig, &slen, data, sizeof(data));
key_verify(key, sig, slen, data, sizeof(data));
- xfree(sig);
+ free(sig);
return key;
}
@@ -489,7 +524,7 @@
fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
encoded[0] = '\0';
while ((blen = get_line(fp, line, sizeof(line))) != -1) {
- if (line[blen - 1] == '\\')
+ if (blen > 0 && line[blen - 1] == '\\')
escaped++;
if (strncmp(line, "----", 4) == 0 ||
strstr(line, ": ") != NULL) {
@@ -691,17 +726,35 @@
#ifdef ENABLE_PKCS11
Key **keys = NULL;
int i, nkeys;
+ enum fp_rep rep;
+ enum fp_type fptype;
+ char *fp, *ra;
+ fptype = print_bubblebabble ? SSH_FP_SHA1 : SSH_FP_MD5;
+ rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_HEX;
+
pkcs11_init(0);
nkeys = pkcs11_add_provider(pkcs11provider, NULL, &keys);
if (nkeys <= 0)
fatal("cannot read public key from pkcs11");
for (i = 0; i < nkeys; i++) {
- key_write(keys[i], stdout);
+ if (print_fingerprint) {
+ fp = key_fingerprint(keys[i], fptype, rep);
+ ra = key_fingerprint(keys[i], SSH_FP_MD5,
+ SSH_FP_RANDOMART);
+ printf("%u %s %s (PKCS11 key)\n", key_size(keys[i]),
+ fp, key_type(keys[i]));
+ if (log_level >= SYSLOG_LEVEL_VERBOSE)
+ printf("%s\n", ra);
+ free(ra);
+ free(fp);
+ } else {
+ key_write(keys[i], stdout);
+ fprintf(stdout, "\n");
+ }
key_free(keys[i]);
- fprintf(stdout, "\n");
}
- xfree(keys);
+ free(keys);
pkcs11_terminate();
exit(0);
#else
@@ -738,13 +791,13 @@
if (log_level >= SYSLOG_LEVEL_VERBOSE)
printf("%s\n", ra);
key_free(public);
- xfree(comment);
- xfree(ra);
- xfree(fp);
+ free(comment);
+ free(ra);
+ free(fp);
exit(0);
}
if (comment) {
- xfree(comment);
+ free(comment);
comment = NULL;
}
@@ -803,8 +856,8 @@
comment ? comment : "no comment", key_type(public));
if (log_level >= SYSLOG_LEVEL_VERBOSE)
printf("%s\n", ra);
- xfree(ra);
- xfree(fp);
+ free(ra);
+ free(fp);
key_free(public);
invalid = 0;
}
@@ -818,6 +871,100 @@
}
static void
+do_gen_all_hostkeys(struct passwd *pw)
+{
+ struct {
+ char *key_type;
+ char *key_type_display;
+ char *path;
+ } key_types[] = {
+ { "rsa1", "RSA1", _PATH_HOST_KEY_FILE },
+ { "rsa", "RSA" ,_PATH_HOST_RSA_KEY_FILE },
+ { "dsa", "DSA", _PATH_HOST_DSA_KEY_FILE },
+#ifdef OPENSSL_HAS_ECC
+ { "ecdsa", "ECDSA",_PATH_HOST_ECDSA_KEY_FILE },
+#endif
+ { NULL, NULL, NULL }
+ };
+
+ int first = 0;
+ struct stat st;
+ Key *private, *public;
+ char comment[1024];
+ int i, type, fd;
+ FILE *f;
+
+ for (i = 0; key_types[i].key_type; i++) {
+ if (stat(key_types[i].path, &st) == 0)
+ continue;
+ if (errno != ENOENT) {
+ printf("Could not stat %s: %s", key_types[i].path,
+ strerror(errno));
+ first = 0;
+ continue;
+ }
+
+ if (first == 0) {
+ first = 1;
+ printf("%s: generating new host keys: ", __progname);
+ }
+ printf("%s ", key_types[i].key_type_display);
+ fflush(stdout);
+ arc4random_stir();
+ type = key_type_from_name(key_types[i].key_type);
+ strlcpy(identity_file, key_types[i].path, sizeof(identity_file));
+ bits = 0;
+ type_bits_valid(type, &bits);
+ private = key_generate(type, bits);
+ if (private == NULL) {
+ fprintf(stderr, "key_generate failed\n");
+ first = 0;
+ continue;
+ }
+ public = key_from_private(private);
+ snprintf(comment, sizeof comment, "%s@%s", pw->pw_name,
+ hostname);
+ if (!key_save_private(private, identity_file, "", comment)) {
+ printf("Saving the key failed: %s.\n", identity_file);
+ key_free(private);
+ key_free(public);
+ first = 0;
+ continue;
+ }
+ key_free(private);
+ arc4random_stir();
+ strlcat(identity_file, ".pub", sizeof(identity_file));
+ fd = open(identity_file, O_WRONLY | O_CREAT | O_TRUNC, 0644);
+ if (fd == -1) {
+ printf("Could not save your public key in %s\n",
+ identity_file);
+ key_free(public);
+ first = 0;
+ continue;
+ }
+ f = fdopen(fd, "w");
+ if (f == NULL) {
+ printf("fdopen %s failed\n", identity_file);
+ key_free(public);
+ first = 0;
+ continue;
+ }
+ if (!key_write(public, f)) {
+ fprintf(stderr, "write key failed\n");
+ key_free(public);
+ first = 0;
+ continue;
+ }
+ fprintf(f, " %s\n", comment);
+ fclose(f);
+ key_free(public);
+
+ }
+ if (first != 0)
+ printf("\n");
+}
+
+static void
printhost(FILE *f, const char *name, Key *public, int ca, int hash)
{
if (print_fingerprint) {
@@ -833,8 +980,8 @@
key_type(public));
if (log_level >= SYSLOG_LEVEL_VERBOSE)
printf("%s\n", ra);
- xfree(ra);
- xfree(fp);
+ free(ra);
+ free(fp);
} else {
if (hash && (name = host_hash(name, NULL, 0)) == NULL)
fatal("hash_host failed");
@@ -860,7 +1007,7 @@
if (strlcpy(identity_file, cp, sizeof(identity_file)) >=
sizeof(identity_file))
fatal("Specified known hosts path too long");
- xfree(cp);
+ free(cp);
have_identity = 1;
}
if ((in = fopen(identity_file, "r")) == NULL)
@@ -962,8 +1109,14 @@
ca ? " (CA key)" : "");
printhost(out, cp, pub, ca, 0);
}
- if (delete_host && !c && !ca)
- printhost(out, cp, pub, ca, 0);
+ if (delete_host) {
+ if (!c && !ca)
+ printhost(out, cp, pub, ca, 0);
+ else
+ printf("# Host %s found: "
+ "line %d type %s\n", name,
+ num, key_type(pub));
+ }
} else if (hash_hosts)
printhost(out, cp, pub, ca, 0);
} else {
@@ -978,8 +1131,14 @@
printhost(out, name, pub,
ca, hash_hosts && !ca);
}
- if (delete_host && !c && !ca)
- printhost(out, cp, pub, ca, 0);
+ if (delete_host) {
+ if (!c && !ca)
+ printhost(out, cp, pub, ca, 0);
+ else
+ printf("# Host %s found: "
+ "line %d type %s\n", name,
+ num, key_type(pub));
+ }
} else if (hash_hosts) {
for (cp2 = strsep(&cp, ",");
cp2 != NULL && *cp2 != '\0';
@@ -1079,7 +1238,7 @@
private = key_load_private(identity_file, old_passphrase,
&comment);
memset(old_passphrase, 0, strlen(old_passphrase));
- xfree(old_passphrase);
+ free(old_passphrase);
if (private == NULL) {
printf("Bad passphrase.\n");
exit(1);
@@ -1102,14 +1261,14 @@
if (strcmp(passphrase1, passphrase2) != 0) {
memset(passphrase1, 0, strlen(passphrase1));
memset(passphrase2, 0, strlen(passphrase2));
- xfree(passphrase1);
- xfree(passphrase2);
+ free(passphrase1);
+ free(passphrase2);
printf("Pass phrases do not match. Try again.\n");
exit(1);
}
/* Destroy the other copy. */
memset(passphrase2, 0, strlen(passphrase2));
- xfree(passphrase2);
+ free(passphrase2);
}
/* Save the file using the new passphrase. */
@@ -1116,16 +1275,16 @@
if (!key_save_private(private, identity_file, passphrase1, comment)) {
printf("Saving the key failed: %s.\n", identity_file);
memset(passphrase1, 0, strlen(passphrase1));
- xfree(passphrase1);
+ free(passphrase1);
key_free(private);
- xfree(comment);
+ free(comment);
exit(1);
}
/* Destroy the passphrase and the copy of the key in memory. */
memset(passphrase1, 0, strlen(passphrase1));
- xfree(passphrase1);
+ free(passphrase1);
key_free(private); /* Destroys contents */
- xfree(comment);
+ free(comment);
printf("Your identification has been saved with the new passphrase.\n");
exit(0);
@@ -1142,7 +1301,7 @@
struct stat st;
if (fname == NULL)
- ask_filename(pw, "Enter file in which the key is");
+ fatal("%s: no filename", __func__);
if (stat(fname, &st) < 0) {
if (errno == ENOENT)
return 0;
@@ -1153,11 +1312,11 @@
if (public != NULL) {
export_dns_rr(hname, public, stdout, print_generic);
key_free(public);
- xfree(comment);
+ free(comment);
return 1;
}
if (comment)
- xfree(comment);
+ free(comment);
printf("failed to read v2 public key from %s.\n", fname);
exit(1);
@@ -1195,7 +1354,7 @@
private = key_load_private(identity_file, passphrase, &comment);
if (private == NULL) {
memset(passphrase, 0, strlen(passphrase));
- xfree(passphrase);
+ free(passphrase);
printf("Bad passphrase.\n");
exit(1);
}
@@ -1226,13 +1385,13 @@
if (!key_save_private(private, identity_file, passphrase, new_comment)) {
printf("Saving the key failed: %s.\n", identity_file);
memset(passphrase, 0, strlen(passphrase));
- xfree(passphrase);
+ free(passphrase);
key_free(private);
- xfree(comment);
+ free(comment);
exit(1);
}
memset(passphrase, 0, strlen(passphrase));
- xfree(passphrase);
+ free(passphrase);
public = key_from_private(private);
key_free(private);
@@ -1253,7 +1412,7 @@
fprintf(f, " %s\n", new_comment);
fclose(f);
- xfree(comment);
+ free(comment);
printf("The comment in your key file has been changed.\n");
exit(0);
@@ -1330,6 +1489,9 @@
certflags_command != NULL)
add_string_option(c, "force-command", certflags_command);
if ((which & OPTIONS_EXTENSIONS) != 0 &&
+ (certflags_flags & CERTOPT_X_FWD) != 0)
+ add_flag_option(c, "permit-X11-forwarding");
+ if ((which & OPTIONS_EXTENSIONS) != 0 &&
(certflags_flags & CERTOPT_AGENT_FWD) != 0)
add_flag_option(c, "permit-agent-forwarding");
if ((which & OPTIONS_EXTENSIONS) != 0 &&
@@ -1341,9 +1503,6 @@
if ((which & OPTIONS_EXTENSIONS) != 0 &&
(certflags_flags & CERTOPT_USER_RC) != 0)
add_flag_option(c, "permit-user-rc");
- if ((which & OPTIONS_EXTENSIONS) != 0 &&
- (certflags_flags & CERTOPT_X_FWD) != 0)
- add_flag_option(c, "permit-X11-forwarding");
if ((which & OPTIONS_CRITICAL) != 0 &&
certflags_src_addr != NULL)
add_string_option(c, "source-address", certflags_src_addr);
@@ -1370,7 +1529,7 @@
}
key_free(keys[i]);
}
- xfree(keys);
+ free(keys);
key_free(public);
return private;
#else
@@ -1414,7 +1573,7 @@
fatal("No PKCS#11 key matching %s found", ca_key_path);
} else if ((ca = load_identity(tmp)) == NULL)
fatal("Couldn't load CA key \"%s\"", tmp);
- xfree(tmp);
+ free(tmp);
for (i = 0; i < argc; i++) {
/* Split list of principals */
@@ -1427,7 +1586,7 @@
if (*(plist[n] = xstrdup(cp)) == '\0')
fatal("Empty principal name");
}
- xfree(otmp);
+ free(otmp);
}
tmp = tilde_expand_filename(argv[i], pw->pw_uid);
@@ -1465,7 +1624,7 @@
if ((cp = strrchr(tmp, '.')) != NULL && strcmp(cp, ".pub") == 0)
*cp = '\0';
xasprintf(&out, "%s-cert.pub", tmp);
- xfree(tmp);
+ free(tmp);
if ((fd = open(out, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1)
fatal("Could not open \"%s\" for writing: %s", out,
@@ -1488,7 +1647,7 @@
}
key_free(public);
- xfree(out);
+ free(out);
}
pkcs11_terminate();
exit(0);
@@ -1585,7 +1744,7 @@
if (cert_valid_to <= cert_valid_from)
fatal("Empty certificate validity interval");
- xfree(from);
+ free(from);
}
static void
@@ -1593,7 +1752,7 @@
{
char *val;
- if (strcmp(opt, "clear") == 0)
+ if (strcasecmp(opt, "clear") == 0)
certflags_flags = 0;
else if (strcasecmp(opt, "no-x11-forwarding") == 0)
certflags_flags &= ~CERTOPT_X_FWD;
@@ -1638,7 +1797,8 @@
static void
show_options(const Buffer *optbuf, int v00, int in_critical)
{
- u_char *name, *data;
+ char *name;
+ u_char *data;
u_int dlen;
Buffer options, option;
@@ -1663,13 +1823,13 @@
strcmp(name, "source-address") == 0)) {
data = buffer_get_string(&option, NULL);
printf(" %s\n", data);
- xfree(data);
+ free(data);
} else {
printf(" UNKNOWN OPTION (len %u)\n",
buffer_len(&option));
buffer_clear(&option);
}
- xfree(name);
+ free(name);
if (buffer_len(&option) != 0)
fatal("Option corrupt: extra data at end");
}
@@ -1741,10 +1901,234 @@
}
static void
+load_krl(const char *path, struct ssh_krl **krlp)
+{
+ Buffer krlbuf;
+ int fd;
+
+ buffer_init(&krlbuf);
+ if ((fd = open(path, O_RDONLY)) == -1)
+ fatal("open %s: %s", path, strerror(errno));
+ if (!key_load_file(fd, path, &krlbuf))
+ fatal("Unable to load KRL");
+ close(fd);
+ /* XXX check sigs */
+ if (ssh_krl_from_blob(&krlbuf, krlp, NULL, 0) != 0 ||
+ *krlp == NULL)
+ fatal("Invalid KRL file");
+ buffer_free(&krlbuf);
+}
+
+static void
+update_krl_from_file(struct passwd *pw, const char *file, const Key *ca,
+ struct ssh_krl *krl)
+{
+ Key *key = NULL;
+ u_long lnum = 0;
+ char *path, *cp, *ep, line[SSH_MAX_PUBKEY_BYTES];
+ unsigned long long serial, serial2;
+ int i, was_explicit_key, was_sha1, r;
+ FILE *krl_spec;
+
+ path = tilde_expand_filename(file, pw->pw_uid);
+ if (strcmp(path, "-") == 0) {
+ krl_spec = stdin;
+ free(path);
+ path = xstrdup("(standard input)");
+ } else if ((krl_spec = fopen(path, "r")) == NULL)
+ fatal("fopen %s: %s", path, strerror(errno));
+
+ if (!quiet)
+ printf("Revoking from %s\n", path);
+ while (read_keyfile_line(krl_spec, path, line, sizeof(line),
+ &lnum) == 0) {
+ was_explicit_key = was_sha1 = 0;
+ cp = line + strspn(line, " \t");
+ /* Trim trailing space, comments and strip \n */
+ for (i = 0, r = -1; cp[i] != '\0'; i++) {
+ if (cp[i] == '#' || cp[i] == '\n') {
+ cp[i] = '\0';
+ break;
+ }
+ if (cp[i] == ' ' || cp[i] == '\t') {
+ /* Remember the start of a span of whitespace */
+ if (r == -1)
+ r = i;
+ } else
+ r = -1;
+ }
+ if (r != -1)
+ cp[r] = '\0';
+ if (*cp == '\0')
+ continue;
+ if (strncasecmp(cp, "serial:", 7) == 0) {
+ if (ca == NULL) {
+ fatal("revoking certificated by serial number "
+ "requires specification of a CA key");
+ }
+ cp += 7;
+ cp = cp + strspn(cp, " \t");
+ errno = 0;
+ serial = strtoull(cp, &ep, 0);
+ if (*cp == '\0' || (*ep != '\0' && *ep != '-'))
+ fatal("%s:%lu: invalid serial \"%s\"",
+ path, lnum, cp);
+ if (errno == ERANGE && serial == ULLONG_MAX)
+ fatal("%s:%lu: serial out of range",
+ path, lnum);
+ serial2 = serial;
+ if (*ep == '-') {
+ cp = ep + 1;
+ errno = 0;
+ serial2 = strtoull(cp, &ep, 0);
+ if (*cp == '\0' || *ep != '\0')
+ fatal("%s:%lu: invalid serial \"%s\"",
+ path, lnum, cp);
+ if (errno == ERANGE && serial2 == ULLONG_MAX)
+ fatal("%s:%lu: serial out of range",
+ path, lnum);
+ if (serial2 <= serial)
+ fatal("%s:%lu: invalid serial range "
+ "%llu:%llu", path, lnum,
+ (unsigned long long)serial,
+ (unsigned long long)serial2);
+ }
+ if (ssh_krl_revoke_cert_by_serial_range(krl,
+ ca, serial, serial2) != 0) {
+ fatal("%s: revoke serial failed",
+ __func__);
+ }
+ } else if (strncasecmp(cp, "id:", 3) == 0) {
+ if (ca == NULL) {
+ fatal("revoking certificated by key ID "
+ "requires specification of a CA key");
+ }
+ cp += 3;
+ cp = cp + strspn(cp, " \t");
+ if (ssh_krl_revoke_cert_by_key_id(krl, ca, cp) != 0)
+ fatal("%s: revoke key ID failed", __func__);
+ } else {
+ if (strncasecmp(cp, "key:", 4) == 0) {
+ cp += 4;
+ cp = cp + strspn(cp, " \t");
+ was_explicit_key = 1;
+ } else if (strncasecmp(cp, "sha1:", 5) == 0) {
+ cp += 5;
+ cp = cp + strspn(cp, " \t");
+ was_sha1 = 1;
+ } else {
+ /*
+ * Just try to process the line as a key.
+ * Parsing will fail if it isn't.
+ */
+ }
+ if ((key = key_new(KEY_UNSPEC)) == NULL)
+ fatal("key_new");
+ if (key_read(key, &cp) != 1)
+ fatal("%s:%lu: invalid key", path, lnum);
+ if (was_explicit_key)
+ r = ssh_krl_revoke_key_explicit(krl, key);
+ else if (was_sha1)
+ r = ssh_krl_revoke_key_sha1(krl, key);
+ else
+ r = ssh_krl_revoke_key(krl, key);
+ if (r != 0)
+ fatal("%s: revoke key failed", __func__);
+ key_free(key);
+ }
+ }
+ if (strcmp(path, "-") != 0)
+ fclose(krl_spec);
+ free(path);
+}
+
+static void
+do_gen_krl(struct passwd *pw, int updating, int argc, char **argv)
+{
+ struct ssh_krl *krl;
+ struct stat sb;
+ Key *ca = NULL;
+ int fd, i;
+ char *tmp;
+ Buffer kbuf;
+
+ if (*identity_file == '\0')
+ fatal("KRL generation requires an output file");
+ if (stat(identity_file, &sb) == -1) {
+ if (errno != ENOENT)
+ fatal("Cannot access KRL \"%s\": %s",
+ identity_file, strerror(errno));
+ if (updating)
+ fatal("KRL \"%s\" does not exist", identity_file);
+ }
+ if (ca_key_path != NULL) {
+ tmp = tilde_expand_filename(ca_key_path, pw->pw_uid);
+ if ((ca = key_load_public(tmp, NULL)) == NULL)
+ fatal("Cannot load CA public key %s", tmp);
+ free(tmp);
+ }
+
+ if (updating)
+ load_krl(identity_file, &krl);
+ else if ((krl = ssh_krl_init()) == NULL)
+ fatal("couldn't create KRL");
+
+ if (cert_serial != 0)
+ ssh_krl_set_version(krl, cert_serial);
+ if (identity_comment != NULL)
+ ssh_krl_set_comment(krl, identity_comment);
+
+ for (i = 0; i < argc; i++)
+ update_krl_from_file(pw, argv[i], ca, krl);
+
+ buffer_init(&kbuf);
+ if (ssh_krl_to_blob(krl, &kbuf, NULL, 0) != 0)
+ fatal("Couldn't generate KRL");
+ if ((fd = open(identity_file, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1)
+ fatal("open %s: %s", identity_file, strerror(errno));
+ if (atomicio(vwrite, fd, buffer_ptr(&kbuf), buffer_len(&kbuf)) !=
+ buffer_len(&kbuf))
+ fatal("write %s: %s", identity_file, strerror(errno));
+ close(fd);
+ buffer_free(&kbuf);
+ ssh_krl_free(krl);
+ if (ca != NULL)
+ key_free(ca);
+}
+
+static void
+do_check_krl(struct passwd *pw, int argc, char **argv)
+{
+ int i, r, ret = 0;
+ char *comment;
+ struct ssh_krl *krl;
+ Key *k;
+
+ if (*identity_file == '\0')
+ fatal("KRL checking requires an input file");
+ load_krl(identity_file, &krl);
+ for (i = 0; i < argc; i++) {
+ if ((k = key_load_public(argv[i], &comment)) == NULL)
+ fatal("Cannot load public key %s", argv[i]);
+ r = ssh_krl_check_key(krl, k);
+ printf("%s%s%s%s: %s\n", argv[i],
+ *comment ? " (" : "", comment, *comment ? ")" : "",
+ r == 0 ? "ok" : "REVOKED");
+ if (r != 0)
+ ret = 1;
+ key_free(k);
+ free(comment);
+ }
+ ssh_krl_free(krl);
+ exit(ret);
+}
+
+static void
usage(void)
{
fprintf(stderr, "usage: %s [options]\n", __progname);
fprintf(stderr, "Options:\n");
+ fprintf(stderr, " -A Generate non-existent host keys for all key types.\n");
fprintf(stderr, " -a trials Number of trials for screening DH-GEX moduli.\n");
fprintf(stderr, " -B Show bubblebabble digest of key file.\n");
fprintf(stderr, " -b bits Number of bits in the key to create.\n");
@@ -1762,6 +2146,10 @@
fprintf(stderr, " -h Generate host certificate instead of a user certificate.\n");
fprintf(stderr, " -I key_id Key identifier to include in certificate.\n");
fprintf(stderr, " -i Import foreign format to OpenSSH key file.\n");
+ fprintf(stderr, " -J number Screen this number of moduli lines.\n");
+ fprintf(stderr, " -j number Start screening moduli at specified line.\n");
+ fprintf(stderr, " -K checkpt Write checkpoints to this file.\n");
+ fprintf(stderr, " -k Generate a KRL file.\n");
fprintf(stderr, " -L Print the contents of a certificate.\n");
fprintf(stderr, " -l Show fingerprint of key file.\n");
fprintf(stderr, " -M memory Amount of memory (MB) to use for generating DH-GEX moduli.\n");
@@ -1771,6 +2159,7 @@
fprintf(stderr, " -O option Specify a certificate option.\n");
fprintf(stderr, " -P phrase Provide old passphrase.\n");
fprintf(stderr, " -p Change passphrase of private key file.\n");
+ fprintf(stderr, " -Q Test whether key(s) are revoked in KRL.\n");
fprintf(stderr, " -q Quiet.\n");
fprintf(stderr, " -R hostname Remove host from known_hosts file.\n");
fprintf(stderr, " -r hostname Print DNS resource record.\n");
@@ -1778,6 +2167,7 @@
fprintf(stderr, " -s ca_key Certify keys with CA key.\n");
fprintf(stderr, " -T file Screen candidates for DH-GEX moduli.\n");
fprintf(stderr, " -t type Specify type of key to create.\n");
+ fprintf(stderr, " -u Update KRL rather than creating a new one.\n");
fprintf(stderr, " -V from:to Specify certificate validity interval.\n");
fprintf(stderr, " -v Verbose.\n");
fprintf(stderr, " -W gen Generator to use for generating DH-GEX moduli.\n");
@@ -1794,14 +2184,16 @@
main(int argc, char **argv)
{
char dotsshdir[MAXPATHLEN], comment[1024], *passphrase1, *passphrase2;
- char out_file[MAXPATHLEN], *rr_hostname = NULL;
+ char *checkpoint = NULL;
+ char out_file[MAXPATHLEN], *ep, *rr_hostname = NULL;
Key *private, *public;
struct passwd *pw;
struct stat st;
int opt, type, fd;
- u_int maxbits;
u_int32_t memory = 0, generator_wanted = 0, trials = 100;
int do_gen_candidates = 0, do_screen_candidates = 0;
+ int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0;
+ unsigned long start_lineno = 0, lines_to_process = 0;
BIGNUM *start = NULL;
FILE *f;
const char *errstr;
@@ -1817,13 +2209,12 @@
OpenSSL_add_all_algorithms();
log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
- init_rng();
seed_rng();
/* we need this for the home * directory. */
pw = getpwuid(getuid());
if (!pw) {
- printf("You don't exist, go away!\n");
+ printf("No user exists for uid %lu\n", (u_long)getuid());
exit(1);
}
if (gethostname(hostname, sizeof(hostname)) < 0) {
@@ -1831,9 +2222,12 @@
exit(1);
}
- while ((opt = getopt(argc, argv, "degiqpclBHLhvxXyF:b:f:t:D:I:P:m:N:n:"
- "O:C:r:g:R:T:G:M:S:s:a:V:W:z:")) != -1) {
+ while ((opt = getopt(argc, argv, "ABHLQXceghiklpquvxy"
+ "C:D:F:G:I:J:K:M:N:O:P:R:S:T:V:W:a:b:f:g:j:m:n:r:s:t:z:")) != -1) {
switch (opt) {
+ case 'A':
+ gen_all_hostkeys = 1;
+ break;
case 'b':
bits = (u_int32_t)strtonum(optarg, 256, 32768, &errstr);
if (errstr)
@@ -1850,6 +2244,12 @@
case 'I':
cert_key_id = optarg;
break;
+ case 'J':
+ lines_to_process = strtoul(optarg, NULL, 10);
+ break;
+ case 'j':
+ start_lineno = strtoul(optarg, NULL, 10);
+ break;
case 'R':
delete_host = 1;
rr_hostname = optarg;
@@ -1902,6 +2302,9 @@
case 'N':
identity_new_passphrase = optarg;
break;
+ case 'Q':
+ check_krl = 1;
+ break;
case 'O':
add_cert_option(optarg);
break;
@@ -1920,6 +2323,9 @@
cert_key_type = SSH2_CERT_TYPE_HOST;
certflags_flags = 0;
break;
+ case 'k':
+ gen_krl = 1;
+ break;
case 'i':
case 'X':
/* import key */
@@ -1928,9 +2334,6 @@
case 'y':
print_public = 1;
break;
- case 'd':
- key_type_name = "dsa";
- break;
case 's':
ca_key_path = optarg;
break;
@@ -1940,6 +2343,9 @@
case 'D':
pkcs11provider = optarg;
break;
+ case 'u':
+ update_krl = 1;
+ break;
case 'v':
if (log_level == SYSLOG_LEVEL_INFO)
log_level = SYSLOG_LEVEL_DEBUG1;
@@ -1982,6 +2388,11 @@
sizeof(out_file))
fatal("Output filename too long");
break;
+ case 'K':
+ if (strlen(optarg) >= MAXPATHLEN)
+ fatal("Checkpoint filename too long");
+ checkpoint = xstrdup(optarg);
+ break;
case 'S':
/* XXX - also compare length against bits */
if (BN_hex2bn(&start, optarg) == 0)
@@ -1991,9 +2402,11 @@
parse_cert_times(optarg);
break;
case 'z':
- cert_serial = strtonum(optarg, 0, LLONG_MAX, &errstr);
- if (errstr)
- fatal("Invalid serial number: %s", errstr);
+ errno = 0;
+ cert_serial = strtoull(optarg, &ep, 10);
+ if (*optarg < '0' || *optarg > '9' || *ep != '\0' ||
+ (errno == ERANGE && cert_serial == ULLONG_MAX))
+ fatal("Invalid serial number \"%s\"", optarg);
break;
case '?':
default:
@@ -2008,11 +2421,11 @@
argc -= optind;
if (ca_key_path != NULL) {
- if (argc < 1) {
+ if (argc < 1 && !gen_krl) {
printf("Too few arguments.\n");
usage();
}
- } else if (argc > 0) {
+ } else if (argc > 0 && !gen_krl && !check_krl) {
printf("Too many arguments.\n");
usage();
}
@@ -2021,9 +2434,17 @@
usage();
}
if (print_fingerprint && (delete_host || hash_hosts)) {
- printf("Cannot use -l with -D or -R.\n");
+ printf("Cannot use -l with -H or -R.\n");
usage();
}
+ if (gen_krl) {
+ do_gen_krl(pw, update_krl, argc, argv);
+ return (0);
+ }
+ if (check_krl) {
+ do_check_krl(pw, argc, argv);
+ return (0);
+ }
if (ca_key_path != NULL) {
if (cert_key_id == NULL)
fatal("Must specify key id (-I) when certifying");
@@ -2033,6 +2454,8 @@
do_show_cert(pw);
if (delete_host || hash_hosts || find_host)
do_known_hosts(pw, rr_hostname);
+ if (pkcs11provider != NULL)
+ do_download(pw);
if (print_fingerprint || print_bubblebabble)
do_fingerprint(pw);
if (change_passphrase)
@@ -2062,6 +2485,8 @@
_PATH_HOST_RSA_KEY_FILE, rr_hostname);
n += do_print_resource_record(pw,
_PATH_HOST_DSA_KEY_FILE, rr_hostname);
+ n += do_print_resource_record(pw,
+ _PATH_HOST_ECDSA_KEY_FILE, rr_hostname);
if (n == 0)
fatal("no keys found.");
@@ -2068,8 +2493,6 @@
exit(0);
}
}
- if (pkcs11provider != NULL)
- do_download(pw);
if (do_gen_candidates) {
FILE *out = fopen(out_file, "w");
@@ -2089,7 +2512,7 @@
if (do_screen_candidates) {
FILE *in;
- FILE *out = fopen(out_file, "w");
+ FILE *out = fopen(out_file, "a");
if (have_identity && strcmp(identity_file, "-") != 0) {
if ((in = fopen(identity_file, "r")) == NULL) {
@@ -2104,11 +2527,17 @@
fatal("Couldn't open moduli file \"%s\": %s",
out_file, strerror(errno));
}
- if (prime_test(in, out, trials, generator_wanted) != 0)
+ if (prime_test(in, out, trials, generator_wanted, checkpoint,
+ start_lineno, lines_to_process) != 0)
fatal("modulus screening failed");
return (0);
}
+ if (gen_all_hostkeys) {
+ do_gen_all_hostkeys(pw);
+ return (0);
+ }
+
arc4random_stir();
if (key_type_name == NULL)
@@ -2115,31 +2544,8 @@
key_type_name = "rsa";
type = key_type_from_name(key_type_name);
- if (type == KEY_UNSPEC) {
- fprintf(stderr, "unknown key type %s\n", key_type_name);
- exit(1);
- }
- if (bits == 0) {
- if (type == KEY_DSA)
- bits = DEFAULT_BITS_DSA;
- else if (type == KEY_ECDSA)
- bits = DEFAULT_BITS_ECDSA;
- else
- bits = DEFAULT_BITS;
- }
- maxbits = (type == KEY_DSA) ?
- OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS;
- if (bits > maxbits) {
- fprintf(stderr, "key bits exceeds maximum %d\n", maxbits);
- exit(1);
- }
- if (type == KEY_DSA && bits != 1024)
- fatal("DSA keys must be 1024 bits");
- else if (type != KEY_ECDSA && bits < 768)
- fatal("Key must at least be 768 bits");
- else if (type == KEY_ECDSA && key_ecdsa_bits_to_nid(bits) == -1)
- fatal("Invalid ECDSA key length - valid lengths are "
- "256, 384 or 521 bits");
+ type_bits_valid(type, &bits);
+
if (!quiet)
printf("Generating public/private %s key pair.\n", key_type_name);
private = key_generate(type, bits);
@@ -2197,14 +2603,14 @@
*/
memset(passphrase1, 0, strlen(passphrase1));
memset(passphrase2, 0, strlen(passphrase2));
- xfree(passphrase1);
- xfree(passphrase2);
+ free(passphrase1);
+ free(passphrase2);
printf("Passphrases do not match. Try again.\n");
goto passphrase_again;
}
/* Clear the other copy of the passphrase. */
memset(passphrase2, 0, strlen(passphrase2));
- xfree(passphrase2);
+ free(passphrase2);
}
if (identity_comment) {
@@ -2218,12 +2624,12 @@
if (!key_save_private(private, identity_file, passphrase1, comment)) {
printf("Saving the key failed: %s.\n", identity_file);
memset(passphrase1, 0, strlen(passphrase1));
- xfree(passphrase1);
+ free(passphrase1);
exit(1);
}
/* Clear the passphrase. */
memset(passphrase1, 0, strlen(passphrase1));
- xfree(passphrase1);
+ free(passphrase1);
/* Clear the private key and the random number generator. */
key_free(private);
@@ -2258,8 +2664,8 @@
printf("%s %s\n", fp, comment);
printf("The key's randomart image is:\n");
printf("%s\n", ra);
- xfree(ra);
- xfree(fp);
+ free(ra);
+ free(fp);
}
key_free(public);
Property changes on: vendor-crypto/openssh/dist/ssh-keygen.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.8
\ No newline at end of property
Added: vendor-crypto/openssh/dist/ssh-keyscan.0
===================================================================
--- vendor-crypto/openssh/dist/ssh-keyscan.0 (rev 0)
+++ vendor-crypto/openssh/dist/ssh-keyscan.0 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,109 @@
+SSH-KEYSCAN(1) OpenBSD Reference Manual SSH-KEYSCAN(1)
+
+NAME
+ ssh-keyscan - gather ssh public keys
+
+SYNOPSIS
+ ssh-keyscan [-46Hv] [-f file] [-p port] [-T timeout] [-t type]
+ [host | addrlist namelist] ...
+
+DESCRIPTION
+ ssh-keyscan is a utility for gathering the public ssh host keys of a
+ number of hosts. It was designed to aid in building and verifying
+ ssh_known_hosts files. ssh-keyscan provides a minimal interface suitable
+ for use by shell and perl scripts.
+
+ ssh-keyscan uses non-blocking socket I/O to contact as many hosts as
+ possible in parallel, so it is very efficient. The keys from a domain of
+ 1,000 hosts can be collected in tens of seconds, even when some of those
+ hosts are down or do not run ssh. For scanning, one does not need login
+ access to the machines that are being scanned, nor does the scanning
+ process involve any encryption.
+
+ The options are as follows:
+
+ -4 Forces ssh-keyscan to use IPv4 addresses only.
+
+ -6 Forces ssh-keyscan to use IPv6 addresses only.
+
+ -f file
+ Read hosts or addrlist namelist pairs from this file, one per
+ line. If - is supplied instead of a filename, ssh-keyscan will
+ read hosts or addrlist namelist pairs from the standard input.
+
+ -H Hash all hostnames and addresses in the output. Hashed names may
+ be used normally by ssh and sshd, but they do not reveal
+ identifying information should the file's contents be disclosed.
+
+ -p port
+ Port to connect to on the remote host.
+
+ -T timeout
+ Set the timeout for connection attempts. If timeout seconds have
+ elapsed since a connection was initiated to a host or since the
+ last time anything was read from that host, then the connection
+ is closed and the host in question considered unavailable.
+ Default is 5 seconds.
+
+ -t type
+ Specifies the type of the key to fetch from the scanned hosts.
+ The possible values are ``rsa1'' for protocol version 1 and
+ ``dsa'', ``ecdsa'' or ``rsa'' for protocol version 2. Multiple
+ values may be specified by separating them with commas. The
+ default is to fetch ``rsa'' and ``ecdsa'' keys.
+
+ -v Verbose mode. Causes ssh-keyscan to print debugging messages
+ about its progress.
+
+SECURITY
+ If an ssh_known_hosts file is constructed using ssh-keyscan without
+ verifying the keys, users will be vulnerable to man in the middle
+ attacks. On the other hand, if the security model allows such a risk,
+ ssh-keyscan can help in the detection of tampered keyfiles or man in the
+ middle attacks which have begun after the ssh_known_hosts file was
+ created.
+
+FILES
+ Input format:
+
+ 1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4
+
+ Output format for rsa1 keys:
+
+ host-or-namelist bits exponent modulus
+
+ Output format for rsa, dsa and ecdsa keys:
+
+ host-or-namelist keytype base64-encoded-key
+
+ Where keytype is either ``ecdsa-sha2-nistp256'', ``ecdsa-sha2-nistp384'',
+ ``ecdsa-sha2-nistp521'', ``ssh-dss'' or ``ssh-rsa''.
+
+ /etc/ssh/ssh_known_hosts
+
+EXAMPLES
+ Print the rsa host key for machine hostname:
+
+ $ ssh-keyscan hostname
+
+ Find all hosts from the file ssh_hosts which have new or different keys
+ from those in the sorted file ssh_known_hosts:
+
+ $ ssh-keyscan -t rsa,dsa,ecdsa -f ssh_hosts | \
+ sort -u - ssh_known_hosts | diff ssh_known_hosts -
+
+SEE ALSO
+ ssh(1), sshd(8)
+
+AUTHORS
+ David Mazieres <dm at lcs.mit.edu> wrote the initial version, and Wayne
+ Davison <wayned at users.sourceforge.net> added support for protocol version
+ 2.
+
+BUGS
+ It generates "Connection closed by remote host" messages on the consoles
+ of all the machines it scans if the server is older than version 2.9.
+ This is because it opens a connection to the ssh port, reads the public
+ key, and drops the connection as soon as it gets the key.
+
+OpenBSD 5.4 July 16, 2013 OpenBSD 5.4
Modified: vendor-crypto/openssh/dist/ssh-keyscan.1
===================================================================
--- vendor-crypto/openssh/dist/ssh-keyscan.1 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/ssh-keyscan.1 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-keyscan.1,v 1.29 2010/08/31 11:54:45 djm Exp $
+.\" $OpenBSD: ssh-keyscan.1,v 1.31 2013/07/16 00:07:52 schwarze Exp $
.\"
.\" Copyright 1995, 1996 by David Mazieres <dm at lcs.mit.edu>.
.\"
@@ -6,7 +6,7 @@
.\" permitted provided that due credit is given to the author and the
.\" OpenBSD project by leaving this copyright notice intact.
.\"
-.Dd $Mdocdate: August 31 2010 $
+.Dd $Mdocdate: July 16 2013 $
.Dt SSH-KEYSCAN 1
.Os
.Sh NAME
@@ -94,8 +94,11 @@
.Dq rsa
for protocol version 2.
Multiple values may be specified by separating them with commas.
-The default is
-.Dq rsa .
+The default is to fetch
+.Dq rsa
+and
+.Dq ecdsa
+keys.
.It Fl v
Verbose mode.
Causes
@@ -161,9 +164,9 @@
.Xr sshd 8
.Sh AUTHORS
.An -nosplit
-.An David Mazieres Aq dm at lcs.mit.edu
+.An David Mazieres Aq Mt dm at lcs.mit.edu
wrote the initial version, and
-.An Wayne Davison Aq wayned at users.sourceforge.net
+.An Wayne Davison Aq Mt wayned at users.sourceforge.net
added support for protocol version 2.
.Sh BUGS
It generates "Connection closed by remote host" messages on the consoles
Property changes on: vendor-crypto/openssh/dist/ssh-keyscan.1
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.6
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/ssh-keyscan.c
===================================================================
--- vendor-crypto/openssh/dist/ssh-keyscan.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/ssh-keyscan.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keyscan.c,v 1.84 2011/01/04 20:44:13 otto Exp $ */
+/* $OpenBSD: ssh-keyscan.c,v 1.87 2013/05/17 00:13:14 djm Exp $ */
/*
* Copyright 1995, 1996 by David Mazieres <dm at lcs.mit.edu>.
*
@@ -57,7 +57,7 @@
#define KT_RSA 4
#define KT_ECDSA 8
-int get_keytypes = KT_RSA; /* Get only RSA keys by default */
+int get_keytypes = KT_RSA|KT_ECDSA;/* Get RSA and ECDSA keys by default */
int hash_hosts = 0; /* Hash hostname on output */
@@ -263,7 +263,7 @@
exit(1);
}
nonfatal_fatal = 0;
- xfree(c->c_kex);
+ free(c->c_kex);
c->c_kex = NULL;
packet_close();
@@ -329,7 +329,7 @@
do {
name = xstrsep(&namelist, ",");
if (!name) {
- xfree(namebase);
+ free(namebase);
return (-1);
}
} while ((s = tcpconnect(name)) < 0);
@@ -363,10 +363,10 @@
if (s >= maxfd || fdcon[s].c_status == CS_UNUSED)
fatal("confree: attempt to free bad fdno %d", s);
close(s);
- xfree(fdcon[s].c_namebase);
- xfree(fdcon[s].c_output_name);
+ free(fdcon[s].c_namebase);
+ free(fdcon[s].c_output_name);
if (fdcon[s].c_status == CS_KEYS)
- xfree(fdcon[s].c_data);
+ free(fdcon[s].c_data);
fdcon[s].c_status = CS_UNUSED;
fdcon[s].c_keytype = 0;
TAILQ_REMOVE(&tq, &fdcon[s], c_link);
@@ -535,7 +535,7 @@
seltime.tv_sec--;
}
} else
- seltime.tv_sec = seltime.tv_usec = 0;
+ timerclear(&seltime);
r = xcalloc(read_wait_nfdset, sizeof(fd_mask));
e = xcalloc(read_wait_nfdset, sizeof(fd_mask));
@@ -553,8 +553,8 @@
} else if (FD_ISSET(i, r))
conread(i);
}
- xfree(r);
- xfree(e);
+ free(r);
+ free(e);
c = TAILQ_FIRST(&tq);
while (c && (c->c_tv.tv_sec < now.tv_sec ||
@@ -620,7 +620,6 @@
extern char *optarg;
__progname = ssh_get_progname(argv[0]);
- init_rng();
seed_rng();
TAILQ_INIT(&tq);
Property changes on: vendor-crypto/openssh/dist/ssh-keyscan.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.7
\ No newline at end of property
Added: vendor-crypto/openssh/dist/ssh-keysign.0
===================================================================
--- vendor-crypto/openssh/dist/ssh-keysign.0 (rev 0)
+++ vendor-crypto/openssh/dist/ssh-keysign.0 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,51 @@
+SSH-KEYSIGN(8) OpenBSD System Manager's Manual SSH-KEYSIGN(8)
+
+NAME
+ ssh-keysign - ssh helper program for host-based authentication
+
+SYNOPSIS
+ ssh-keysign
+
+DESCRIPTION
+ ssh-keysign is used by ssh(1) to access the local host keys and generate
+ the digital signature required during host-based authentication with SSH
+ protocol version 2.
+
+ ssh-keysign is disabled by default and can only be enabled in the global
+ client configuration file /etc/ssh/ssh_config by setting EnableSSHKeysign
+ to ``yes''.
+
+ ssh-keysign is not intended to be invoked by the user, but from ssh(1).
+ See ssh(1) and sshd(8) for more information about host-based
+ authentication.
+
+FILES
+ /etc/ssh/ssh_config
+ Controls whether ssh-keysign is enabled.
+
+ /etc/ssh/ssh_host_dsa_key
+ /etc/ssh/ssh_host_ecdsa_key
+ /etc/ssh/ssh_host_rsa_key
+ These files contain the private parts of the host keys used to
+ generate the digital signature. They should be owned by root,
+ readable only by root, and not accessible to others. Since they
+ are readable only by root, ssh-keysign must be set-uid root if
+ host-based authentication is used.
+
+ /etc/ssh/ssh_host_dsa_key-cert.pub
+ /etc/ssh/ssh_host_ecdsa_key-cert.pub
+ /etc/ssh/ssh_host_rsa_key-cert.pub
+ If these files exist they are assumed to contain public
+ certificate information corresponding with the private keys
+ above.
+
+SEE ALSO
+ ssh(1), ssh-keygen(1), ssh_config(5), sshd(8)
+
+HISTORY
+ ssh-keysign first appeared in OpenBSD 3.2.
+
+AUTHORS
+ Markus Friedl <markus at openbsd.org>
+
+OpenBSD 5.4 July 16, 2013 OpenBSD 5.4
Modified: vendor-crypto/openssh/dist/ssh-keysign.8
===================================================================
--- vendor-crypto/openssh/dist/ssh-keysign.8 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/ssh-keysign.8 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-keysign.8,v 1.12 2010/08/31 11:54:45 djm Exp $
+.\" $OpenBSD: ssh-keysign.8,v 1.13 2013/07/16 00:07:52 schwarze Exp $
.\"
.\" Copyright (c) 2002 Markus Friedl. All rights reserved.
.\"
@@ -22,7 +22,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: August 31 2010 $
+.Dd $Mdocdate: July 16 2013 $
.Dt SSH-KEYSIGN 8
.Os
.Sh NAME
@@ -88,4 +88,4 @@
first appeared in
.Ox 3.2 .
.Sh AUTHORS
-.An Markus Friedl Aq markus at openbsd.org
+.An Markus Friedl Aq Mt markus at openbsd.org
Property changes on: vendor-crypto/openssh/dist/ssh-keysign.8
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/ssh-keysign.c
===================================================================
--- vendor-crypto/openssh/dist/ssh-keysign.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/ssh-keysign.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keysign.c,v 1.35 2010/08/31 12:33:38 djm Exp $ */
+/* $OpenBSD: ssh-keysign.c,v 1.37 2013/05/17 00:13:14 djm Exp $ */
/*
* Copyright (c) 2002 Markus Friedl. All rights reserved.
*
@@ -78,7 +78,7 @@
p = buffer_get_string(&b, &len);
if (len != 20 && len != 32)
fail++;
- xfree(p);
+ free(p);
if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
fail++;
@@ -90,13 +90,13 @@
p = buffer_get_string(&b, NULL);
if (strcmp("ssh-connection", p) != 0)
fail++;
- xfree(p);
+ free(p);
/* method */
p = buffer_get_string(&b, NULL);
if (strcmp("hostbased", p) != 0)
fail++;
- xfree(p);
+ free(p);
/* pubkey */
pkalg = buffer_get_string(&b, NULL);
@@ -109,8 +109,8 @@
fail++;
else if (key->type != pktype)
fail++;
- xfree(pkalg);
- xfree(pkblob);
+ free(pkalg);
+ free(pkblob);
/* client host name, handle trailing dot */
p = buffer_get_string(&b, &len);
@@ -121,7 +121,7 @@
fail++;
else if (strncasecmp(host, p, len - 1) != 0)
fail++;
- xfree(p);
+ free(p);
/* local user */
p = buffer_get_string(&b, NULL);
@@ -128,7 +128,7 @@
if (strcmp(pw->pw_name, p) != 0)
fail++;
- xfree(p);
+ free(p);
/* end of message */
if (buffer_len(&b) != 0)
@@ -150,9 +150,10 @@
{
Buffer b;
Options options;
- Key *keys[2], *key = NULL;
+#define NUM_KEYTYPES 3
+ Key *keys[NUM_KEYTYPES], *key = NULL;
struct passwd *pw;
- int key_fd[2], i, found, version = 2, fd;
+ int key_fd[NUM_KEYTYPES], i, found, version = 2, fd;
u_char *signature, *data;
char *host;
u_int slen, dlen;
@@ -165,8 +166,10 @@
if (fd > 2)
close(fd);
- key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
- key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
+ i = 0;
+ key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
+ key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY);
+ key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
original_real_uid = getuid(); /* XXX readconf.c needs this */
if ((pw = getpwuid(original_real_uid)) == NULL)
@@ -175,7 +178,6 @@
permanently_set_uid(pw);
- init_rng();
seed_rng();
arc4random_stir();
@@ -191,7 +193,11 @@
fatal("ssh-keysign not enabled in %s",
_PATH_HOST_CONFIG_FILE);
- if (key_fd[0] == -1 && key_fd[1] == -1)
+ for (i = found = 0; i < NUM_KEYTYPES; i++) {
+ if (key_fd[i] != -1)
+ found = 1;
+ }
+ if (found == 0)
fatal("could not open any host key");
OpenSSL_add_all_algorithms();
@@ -200,7 +206,7 @@
RAND_seed(rnd, sizeof(rnd));
found = 0;
- for (i = 0; i < 2; i++) {
+ for (i = 0; i < NUM_KEYTYPES; i++) {
keys[i] = NULL;
if (key_fd[i] == -1)
continue;
@@ -227,10 +233,10 @@
data = buffer_get_string(&b, &dlen);
if (valid_request(pw, host, &key, data, dlen) < 0)
fatal("not a valid request");
- xfree(host);
+ free(host);
found = 0;
- for (i = 0; i < 2; i++) {
+ for (i = 0; i < NUM_KEYTYPES; i++) {
if (keys[i] != NULL &&
key_equal_public(key, keys[i])) {
found = 1;
@@ -242,7 +248,7 @@
if (key_sign(keys[i], &signature, &slen, data, dlen) != 0)
fatal("key_sign failed");
- xfree(data);
+ free(data);
/* send reply */
buffer_clear(&b);
Property changes on: vendor-crypto/openssh/dist/ssh-keysign.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/ssh-pkcs11-client.c
===================================================================
--- vendor-crypto/openssh/dist/ssh-pkcs11-client.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/ssh-pkcs11-client.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-pkcs11-client.c,v 1.2 2010/02/24 06:12:53 djm Exp $ */
+/* $OpenBSD: ssh-pkcs11-client.c,v 1.4 2013/05/17 00:13:14 djm Exp $ */
/*
* Copyright (c) 2010 Markus Friedl. All rights reserved.
*
@@ -121,8 +121,9 @@
buffer_put_string(&msg, blob, blen);
buffer_put_string(&msg, from, flen);
buffer_put_int(&msg, 0);
- xfree(blob);
+ free(blob);
send_msg(&msg);
+ buffer_clear(&msg);
if (recv_msg(&msg) == SSH2_AGENT_SIGN_RESPONSE) {
signature = buffer_get_string(&msg, &slen);
@@ -130,8 +131,9 @@
memcpy(to, signature, slen);
ret = slen;
}
- xfree(signature);
+ free(signature);
}
+ buffer_free(&msg);
return (ret);
}
@@ -203,11 +205,11 @@
*keysp = xcalloc(nkeys, sizeof(Key *));
for (i = 0; i < nkeys; i++) {
blob = buffer_get_string(&msg, &blen);
- xfree(buffer_get_string(&msg, NULL));
+ free(buffer_get_string(&msg, NULL));
k = key_from_blob(blob, blen);
wrap_key(k->rsa);
(*keysp)[i] = k;
- xfree(blob);
+ free(blob);
}
} else {
nkeys = -1;
Property changes on: vendor-crypto/openssh/dist/ssh-pkcs11-client.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Added: vendor-crypto/openssh/dist/ssh-pkcs11-helper.0
===================================================================
--- vendor-crypto/openssh/dist/ssh-pkcs11-helper.0 (rev 0)
+++ vendor-crypto/openssh/dist/ssh-pkcs11-helper.0 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,25 @@
+SSH-PKCS11-HELPER(8) OpenBSD System Manager's Manual SSH-PKCS11-HELPER(8)
+
+NAME
+ ssh-pkcs11-helper - ssh-agent helper program for PKCS#11 support
+
+SYNOPSIS
+ ssh-pkcs11-helper
+
+DESCRIPTION
+ ssh-pkcs11-helper is used by ssh-agent(1) to access keys provided by a
+ PKCS#11 token.
+
+ ssh-pkcs11-helper is not intended to be invoked by the user, but from
+ ssh-agent(1).
+
+SEE ALSO
+ ssh(1), ssh-add(1), ssh-agent(1)
+
+HISTORY
+ ssh-pkcs11-helper first appeared in OpenBSD 4.7.
+
+AUTHORS
+ Markus Friedl <markus at openbsd.org>
+
+OpenBSD 5.4 July 16, 2013 OpenBSD 5.4
Modified: vendor-crypto/openssh/dist/ssh-pkcs11-helper.8
===================================================================
--- vendor-crypto/openssh/dist/ssh-pkcs11-helper.8 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/ssh-pkcs11-helper.8 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-pkcs11-helper.8,v 1.3 2010/02/10 23:20:38 markus Exp $
+.\" $OpenBSD: ssh-pkcs11-helper.8,v 1.4 2013/07/16 00:07:52 schwarze Exp $
.\"
.\" Copyright (c) 2010 Markus Friedl. All rights reserved.
.\"
@@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: February 10 2010 $
+.Dd $Mdocdate: July 16 2013 $
.Dt SSH-PKCS11-HELPER 8
.Os
.Sh NAME
@@ -40,4 +40,4 @@
first appeared in
.Ox 4.7 .
.Sh AUTHORS
-.An Markus Friedl Aq markus at openbsd.org
+.An Markus Friedl Aq Mt markus at openbsd.org
Property changes on: vendor-crypto/openssh/dist/ssh-pkcs11-helper.8
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/ssh-pkcs11-helper.c
===================================================================
--- vendor-crypto/openssh/dist/ssh-pkcs11-helper.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/ssh-pkcs11-helper.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-pkcs11-helper.c,v 1.3 2010/02/24 06:12:53 djm Exp $ */
+/* $OpenBSD: ssh-pkcs11-helper.c,v 1.6 2013/05/17 00:13:14 djm Exp $ */
/*
* Copyright (c) 2010 Markus Friedl. All rights reserved.
*
@@ -79,7 +79,7 @@
nxt = TAILQ_NEXT(ki, next);
if (!strcmp(ki->providername, name)) {
TAILQ_REMOVE(&pkcs11_keylist, ki, next);
- xfree(ki->providername);
+ free(ki->providername);
key_free(ki->key);
free(ki);
}
@@ -130,15 +130,15 @@
key_to_blob(keys[i], &blob, &blen);
buffer_put_string(&msg, blob, blen);
buffer_put_cstring(&msg, name);
- xfree(blob);
+ free(blob);
add_key(keys[i], name);
}
- xfree(keys);
+ free(keys);
} else {
buffer_put_char(&msg, SSH_AGENT_FAILURE);
}
- xfree(pin);
- xfree(name);
+ free(pin);
+ free(name);
send_msg(&msg);
buffer_free(&msg);
}
@@ -157,8 +157,8 @@
buffer_put_char(&msg, SSH_AGENT_SUCCESS);
else
buffer_put_char(&msg, SSH_AGENT_FAILURE);
- xfree(pin);
- xfree(name);
+ free(pin);
+ free(name);
send_msg(&msg);
buffer_free(&msg);
}
@@ -168,13 +168,13 @@
{
u_char *blob, *data, *signature = NULL;
u_int blen, dlen, slen = 0;
- int ok = -1, flags, ret;
+ int ok = -1, ret;
Key *key, *found;
Buffer msg;
blob = get_string(&blen);
data = get_string(&dlen);
- flags = get_int(); /* XXX ignore */
+ (void)get_int(); /* XXX ignore flags */
if ((key = key_from_blob(blob, blen)) != NULL) {
if ((found = lookup_key(key)) != NULL) {
@@ -195,10 +195,9 @@
} else {
buffer_put_char(&msg, SSH_AGENT_FAILURE);
}
- xfree(data);
- xfree(blob);
- if (signature != NULL)
- xfree(signature);
+ free(data);
+ free(blob);
+ free(signature);
send_msg(&msg);
buffer_free(&msg);
}
@@ -274,13 +273,11 @@
LogLevel log_level = SYSLOG_LEVEL_ERROR;
char buf[4*4096];
- extern char *optarg;
extern char *__progname;
TAILQ_INIT(&pkcs11_keylist);
pkcs11_init(0);
- init_rng();
seed_rng();
__progname = ssh_get_progname(argv[0]);
Property changes on: vendor-crypto/openssh/dist/ssh-pkcs11-helper.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/ssh-pkcs11.c
===================================================================
--- vendor-crypto/openssh/dist/ssh-pkcs11.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/ssh-pkcs11.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-pkcs11.c,v 1.6 2010/06/08 21:32:19 markus Exp $ */
+/* $OpenBSD: ssh-pkcs11.c,v 1.8 2013/07/12 00:20:00 djm Exp $ */
/*
* Copyright (c) 2010 Markus Friedl. All rights reserved.
*
@@ -120,9 +120,9 @@
if (--p->refcount <= 0) {
if (p->valid)
error("pkcs11_provider_unref: %p still valid", p);
- xfree(p->slotlist);
- xfree(p->slotinfo);
- xfree(p);
+ free(p->slotlist);
+ free(p->slotinfo);
+ free(p);
}
}
@@ -180,9 +180,8 @@
rv = k11->orig_finish(rsa);
if (k11->provider)
pkcs11_provider_unref(k11->provider);
- if (k11->keyid)
- xfree(k11->keyid);
- xfree(k11);
+ free(k11->keyid);
+ free(k11);
}
return (rv);
}
@@ -264,13 +263,13 @@
pin = read_passphrase(prompt, RP_ALLOW_EOF);
if (pin == NULL)
return (-1); /* bail out */
- if ((rv = f->C_Login(si->session, CKU_USER, pin, strlen(pin)))
- != CKR_OK) {
- xfree(pin);
+ if ((rv = f->C_Login(si->session, CKU_USER,
+ (u_char *)pin, strlen(pin))) != CKR_OK) {
+ free(pin);
error("C_Login failed: %lu", rv);
return (-1);
}
- xfree(pin);
+ free(pin);
si->logged_in = 1;
}
key_filter[1].pValue = k11->keyid;
@@ -329,7 +328,7 @@
/* remove trailing spaces */
static void
-rmspace(char *buf, size_t len)
+rmspace(u_char *buf, size_t len)
{
size_t i;
@@ -367,8 +366,8 @@
return (-1);
}
if (login_required && pin) {
- if ((rv = f->C_Login(session, CKU_USER, pin, strlen(pin)))
- != CKR_OK) {
+ if ((rv = f->C_Login(session, CKU_USER,
+ (u_char *)pin, strlen(pin))) != CKR_OK) {
error("C_Login failed: %lu", rv);
if ((rv = f->C_CloseSession(session)) != CKR_OK)
error("C_CloseSession failed: %lu", rv);
@@ -470,7 +469,7 @@
}
}
for (i = 0; i < 3; i++)
- xfree(attribs[i].pValue);
+ free(attribs[i].pValue);
}
if ((rv = f->C_FindObjectsFinal(session)) != CKR_OK)
error("C_FindObjectsFinal failed: %lu", rv);
@@ -579,11 +578,9 @@
if (need_finalize && (rv = f->C_Finalize(NULL)) != CKR_OK)
error("C_Finalize failed: %lu", rv);
if (p) {
- if (p->slotlist)
- xfree(p->slotlist);
- if (p->slotinfo)
- xfree(p->slotinfo);
- xfree(p);
+ free(p->slotlist);
+ free(p->slotinfo);
+ free(p);
}
if (handle)
dlclose(handle);
@@ -590,4 +587,18 @@
return (-1);
}
+#else
+
+int
+pkcs11_init(int interactive)
+{
+ return (0);
+}
+
+void
+pkcs11_terminate(void)
+{
+ return;
+}
+
#endif /* ENABLE_PKCS11 */
Property changes on: vendor-crypto/openssh/dist/ssh-pkcs11.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Index: vendor-crypto/openssh/dist/ssh-pkcs11.h
===================================================================
--- vendor-crypto/openssh/dist/ssh-pkcs11.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/ssh-pkcs11.h 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/ssh-pkcs11.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Deleted: vendor-crypto/openssh/dist/ssh-rand-helper.8
===================================================================
--- vendor-crypto/openssh/dist/ssh-rand-helper.8 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/ssh-rand-helper.8 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,94 +0,0 @@
-.\" $Id: ssh-rand-helper.8,v 1.1.1.3 2007-03-13 21:36:54 laffer1 Exp $
-.\"
-.\" Copyright (c) 2002 Damien Miller. All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
-.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
-.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd April 14, 2002
-.Dt SSH-RAND-HELPER 8
-.Os
-.Sh NAME
-.Nm ssh-rand-helper
-.Nd random number gatherer for OpenSSH
-.Sh SYNOPSIS
-.Nm ssh-rand-hlper
-.Op Fl vxXh
-.Op Fl b Ar bytes
-.Sh DESCRIPTION
-.Nm
-is a small helper program used by
-.Xr ssh 1 ,
-.Xr ssh-add 1 ,
-.Xr ssh-agent 1 ,
-.Xr ssh-keygen 1 ,
-.Xr ssh-keyscan 1
-and
-.Xr sshd 8
-to gather random numbers of cryptographic quality if the
-.Xr openssl 4
-library has not been configured to provide them itself.
-.Pp
-Normally
-.Nm
-will generate a strong random seed and provide it to the calling
-program via standard output. If standard output is a tty,
-.Nm
-will instead print the seed in hexidecimal format unless told otherwise.
-.Pp
-.Nm
-will by default gather random numbers from the system commands listed
-in
-.Pa /etc/ssh/ssh_prng_cmds .
-The output of each of the commands listed will be hashed and used to
-generate a random seed for the calling program.
-.Nm
-will also store seed files in
-.Pa ~/.ssh/prng_seed
-between executions.
-.Pp
-Alternately,
-.Nm
-may be configured at build time to collect random numbers from a
-EGD/PRNGd server via a unix domain or localhost tcp socket.
-.Pp
-This program is not intended to be run by the end-user, so the few
-commandline options are for debugging purposes only.
-.Bl -tag -width Ds
-.It Fl b Ar bytes
-Specify the number of random bytes to include in the output.
-.It Fl x
-Output a hexidecimal instead of a binary seed.
-.It Fl X
-Force output of a binary seed, even if standard output is a tty
-.It Fl v
-Turn on debugging message. Multiple
-.Fl v
-options will increase the debugging level.
-.It Fl h
-Display a summary of options.
-.El
-.Sh AUTHORS
-Damien Miller <djm at mindrot.org>
-.Sh SEE ALSO
-.Xr ssh 1 ,
-.Xr ssh-add 1 ,
-.Xr ssh-keygen 1 ,
-.Xr sshd 8
Deleted: vendor-crypto/openssh/dist/ssh-rand-helper.c
===================================================================
--- vendor-crypto/openssh/dist/ssh-rand-helper.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/ssh-rand-helper.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,932 +0,0 @@
-/*
- * Copyright (c) 2001-2002 Damien Miller. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "includes.h"
-
-#include <sys/types.h>
-#include <sys/resource.h>
-#include <sys/stat.h>
-#include <sys/wait.h>
-#include <sys/socket.h>
-
-#include <stdarg.h>
-#include <stddef.h>
-#include <string.h>
-
-#include <netinet/in.h>
-#include <arpa/inet.h>
-
-#ifdef HAVE_SYS_UN_H
-# include <sys/un.h>
-#endif
-
-#include <errno.h>
-#include <fcntl.h>
-#include <pwd.h>
-#include <signal.h>
-#include <time.h>
-#include <unistd.h>
-
-#include <openssl/rand.h>
-#include <openssl/sha.h>
-#include <openssl/crypto.h>
-
-/* SunOS 4.4.4 needs this */
-#ifdef HAVE_FLOATINGPOINT_H
-# include <floatingpoint.h>
-#endif /* HAVE_FLOATINGPOINT_H */
-
-#include "misc.h"
-#include "xmalloc.h"
-#include "atomicio.h"
-#include "pathnames.h"
-#include "log.h"
-
-/* Number of bytes we write out */
-#define OUTPUT_SEED_SIZE 48
-
-/* Length of on-disk seedfiles */
-#define SEED_FILE_SIZE 1024
-
-/* Maximum number of command-line arguments to read from file */
-#define NUM_ARGS 10
-
-/* Minimum number of usable commands to be considered sufficient */
-#define MIN_ENTROPY_SOURCES 16
-
-/* Path to on-disk seed file (relative to user's home directory */
-#ifndef SSH_PRNG_SEED_FILE
-# define SSH_PRNG_SEED_FILE _PATH_SSH_USER_DIR"/prng_seed"
-#endif
-
-/* Path to PRNG commands list */
-#ifndef SSH_PRNG_COMMAND_FILE
-# define SSH_PRNG_COMMAND_FILE SSHDIR "/ssh_prng_cmds"
-#endif
-
-extern char *__progname;
-
-#define WHITESPACE " \t\n"
-
-#ifndef RUSAGE_SELF
-# define RUSAGE_SELF 0
-#endif
-#ifndef RUSAGE_CHILDREN
-# define RUSAGE_CHILDREN 0
-#endif
-
-#if !defined(PRNGD_SOCKET) && !defined(PRNGD_PORT)
-# define USE_SEED_FILES
-#endif
-
-typedef struct {
- /* Proportion of data that is entropy */
- double rate;
- /* Counter goes positive if this command times out */
- unsigned int badness;
- /* Increases by factor of two each timeout */
- unsigned int sticky_badness;
- /* Path to executable */
- char *path;
- /* argv to pass to executable */
- char *args[NUM_ARGS]; /* XXX: arbitrary limit */
- /* full command string (debug) */
- char *cmdstring;
-} entropy_cmd_t;
-
-/* slow command timeouts (all in milliseconds) */
-/* static int entropy_timeout_default = ENTROPY_TIMEOUT_MSEC; */
-static int entropy_timeout_current = ENTROPY_TIMEOUT_MSEC;
-
-/* this is initialised from a file, by prng_read_commands() */
-static entropy_cmd_t *entropy_cmds = NULL;
-
-/* Prototypes */
-double stir_from_system(void);
-double stir_from_programs(void);
-double stir_gettimeofday(double entropy_estimate);
-double stir_clock(double entropy_estimate);
-double stir_rusage(int who, double entropy_estimate);
-double hash_command_output(entropy_cmd_t *src, unsigned char *hash);
-int get_random_bytes_prngd(unsigned char *buf, int len,
- unsigned short tcp_port, char *socket_path);
-
-/*
- * Collect 'len' bytes of entropy into 'buf' from PRNGD/EGD daemon
- * listening either on 'tcp_port', or via Unix domain socket at *
- * 'socket_path'.
- * Either a non-zero tcp_port or a non-null socket_path must be
- * supplied.
- * Returns 0 on success, -1 on error
- */
-int
-get_random_bytes_prngd(unsigned char *buf, int len,
- unsigned short tcp_port, char *socket_path)
-{
- int fd, addr_len, rval, errors;
- u_char msg[2];
- struct sockaddr_storage addr;
- struct sockaddr_in *addr_in = (struct sockaddr_in *)&addr;
- struct sockaddr_un *addr_un = (struct sockaddr_un *)&addr;
- mysig_t old_sigpipe;
-
- /* Sanity checks */
- if (socket_path == NULL && tcp_port == 0)
- fatal("You must specify a port or a socket");
- if (socket_path != NULL &&
- strlen(socket_path) >= sizeof(addr_un->sun_path))
- fatal("Random pool path is too long");
- if (len <= 0 || len > 255)
- fatal("Too many bytes (%d) to read from PRNGD", len);
-
- memset(&addr, '\0', sizeof(addr));
-
- if (tcp_port != 0) {
- addr_in->sin_family = AF_INET;
- addr_in->sin_addr.s_addr = htonl(INADDR_LOOPBACK);
- addr_in->sin_port = htons(tcp_port);
- addr_len = sizeof(*addr_in);
- } else {
- addr_un->sun_family = AF_UNIX;
- strlcpy(addr_un->sun_path, socket_path,
- sizeof(addr_un->sun_path));
- addr_len = offsetof(struct sockaddr_un, sun_path) +
- strlen(socket_path) + 1;
- }
-
- old_sigpipe = mysignal(SIGPIPE, SIG_IGN);
-
- errors = 0;
- rval = -1;
-reopen:
- fd = socket(addr.ss_family, SOCK_STREAM, 0);
- if (fd == -1) {
- error("Couldn't create socket: %s", strerror(errno));
- goto done;
- }
-
- if (connect(fd, (struct sockaddr*)&addr, addr_len) == -1) {
- if (tcp_port != 0) {
- error("Couldn't connect to PRNGD port %d: %s",
- tcp_port, strerror(errno));
- } else {
- error("Couldn't connect to PRNGD socket \"%s\": %s",
- addr_un->sun_path, strerror(errno));
- }
- goto done;
- }
-
- /* Send blocking read request to PRNGD */
- msg[0] = 0x02;
- msg[1] = len;
-
- if (atomicio(vwrite, fd, msg, sizeof(msg)) != sizeof(msg)) {
- if (errno == EPIPE && errors < 10) {
- close(fd);
- errors++;
- goto reopen;
- }
- error("Couldn't write to PRNGD socket: %s",
- strerror(errno));
- goto done;
- }
-
- if (atomicio(read, fd, buf, len) != (size_t)len) {
- if (errno == EPIPE && errors < 10) {
- close(fd);
- errors++;
- goto reopen;
- }
- error("Couldn't read from PRNGD socket: %s",
- strerror(errno));
- goto done;
- }
-
- rval = 0;
-done:
- mysignal(SIGPIPE, old_sigpipe);
- if (fd != -1)
- close(fd);
- return rval;
-}
-
-static int
-seed_from_prngd(unsigned char *buf, size_t bytes)
-{
-#ifdef PRNGD_PORT
- debug("trying egd/prngd port %d", PRNGD_PORT);
- if (get_random_bytes_prngd(buf, bytes, PRNGD_PORT, NULL) == 0)
- return 0;
-#endif
-#ifdef PRNGD_SOCKET
- debug("trying egd/prngd socket %s", PRNGD_SOCKET);
- if (get_random_bytes_prngd(buf, bytes, 0, PRNGD_SOCKET) == 0)
- return 0;
-#endif
- return -1;
-}
-
-double
-stir_gettimeofday(double entropy_estimate)
-{
- struct timeval tv;
-
- if (gettimeofday(&tv, NULL) == -1)
- fatal("Couldn't gettimeofday: %s", strerror(errno));
-
- RAND_add(&tv, sizeof(tv), entropy_estimate);
-
- return entropy_estimate;
-}
-
-double
-stir_clock(double entropy_estimate)
-{
-#ifdef HAVE_CLOCK
- clock_t c;
-
- c = clock();
- RAND_add(&c, sizeof(c), entropy_estimate);
-
- return entropy_estimate;
-#else /* _HAVE_CLOCK */
- return 0;
-#endif /* _HAVE_CLOCK */
-}
-
-double
-stir_rusage(int who, double entropy_estimate)
-{
-#ifdef HAVE_GETRUSAGE
- struct rusage ru;
-
- if (getrusage(who, &ru) == -1)
- return 0;
-
- RAND_add(&ru, sizeof(ru), entropy_estimate);
-
- return entropy_estimate;
-#else /* _HAVE_GETRUSAGE */
- return 0;
-#endif /* _HAVE_GETRUSAGE */
-}
-
-static int
-timeval_diff(struct timeval *t1, struct timeval *t2)
-{
- int secdiff, usecdiff;
-
- secdiff = t2->tv_sec - t1->tv_sec;
- usecdiff = (secdiff*1000000) + (t2->tv_usec - t1->tv_usec);
- return (int)(usecdiff / 1000);
-}
-
-double
-hash_command_output(entropy_cmd_t *src, unsigned char *hash)
-{
- char buf[8192];
- fd_set rdset;
- int bytes_read, cmd_eof, error_abort, msec_elapsed, p[2];
- int status, total_bytes_read;
- static int devnull = -1;
- pid_t pid;
- SHA_CTX sha;
- struct timeval tv_start, tv_current;
-
- debug3("Reading output from \'%s\'", src->cmdstring);
-
- if (devnull == -1) {
- devnull = open("/dev/null", O_RDWR);
- if (devnull == -1)
- fatal("Couldn't open /dev/null: %s",
- strerror(errno));
- }
-
- if (pipe(p) == -1)
- fatal("Couldn't open pipe: %s", strerror(errno));
-
- (void)gettimeofday(&tv_start, NULL); /* record start time */
-
- switch (pid = fork()) {
- case -1: /* Error */
- close(p[0]);
- close(p[1]);
- fatal("Couldn't fork: %s", strerror(errno));
- /* NOTREACHED */
- case 0: /* Child */
- dup2(devnull, STDIN_FILENO);
- dup2(p[1], STDOUT_FILENO);
- dup2(p[1], STDERR_FILENO);
- close(p[0]);
- close(p[1]);
- close(devnull);
-
- execv(src->path, (char**)(src->args));
-
- debug("(child) Couldn't exec '%s': %s",
- src->cmdstring, strerror(errno));
- _exit(-1);
- default: /* Parent */
- break;
- }
-
- RAND_add(&pid, sizeof(&pid), 0.0);
-
- close(p[1]);
-
- /* Hash output from child */
- SHA1_Init(&sha);
-
- cmd_eof = error_abort = msec_elapsed = total_bytes_read = 0;
- while (!error_abort && !cmd_eof) {
- int ret;
- struct timeval tv;
- int msec_remaining;
-
- (void) gettimeofday(&tv_current, 0);
- msec_elapsed = timeval_diff(&tv_start, &tv_current);
- if (msec_elapsed >= entropy_timeout_current) {
- error_abort=1;
- continue;
- }
- msec_remaining = entropy_timeout_current - msec_elapsed;
-
- FD_ZERO(&rdset);
- FD_SET(p[0], &rdset);
- tv.tv_sec = msec_remaining / 1000;
- tv.tv_usec = (msec_remaining % 1000) * 1000;
-
- ret = select(p[0] + 1, &rdset, NULL, NULL, &tv);
-
- RAND_add(&tv, sizeof(tv), 0.0);
-
- switch (ret) {
- case 0:
- /* timer expired */
- error_abort = 1;
- kill(pid, SIGINT);
- break;
- case 1:
- /* command input */
- do {
- bytes_read = read(p[0], buf, sizeof(buf));
- } while (bytes_read == -1 && errno == EINTR);
- RAND_add(&bytes_read, sizeof(&bytes_read), 0.0);
- if (bytes_read == -1) {
- error_abort = 1;
- break;
- } else if (bytes_read) {
- SHA1_Update(&sha, buf, bytes_read);
- total_bytes_read += bytes_read;
- } else {
- cmd_eof = 1;
- }
- break;
- case -1:
- default:
- /* error */
- debug("Command '%s': select() failed: %s",
- src->cmdstring, strerror(errno));
- error_abort = 1;
- break;
- }
- }
-
- SHA1_Final(hash, &sha);
-
- close(p[0]);
-
- debug3("Time elapsed: %d msec", msec_elapsed);
-
- if (waitpid(pid, &status, 0) == -1) {
- error("Couldn't wait for child '%s' completion: %s",
- src->cmdstring, strerror(errno));
- return 0.0;
- }
-
- RAND_add(&status, sizeof(&status), 0.0);
-
- if (error_abort) {
- /*
- * Closing p[0] on timeout causes the entropy command to
- * SIGPIPE. Take whatever output we got, and mark this
- * command as slow
- */
- debug2("Command '%s' timed out", src->cmdstring);
- src->sticky_badness *= 2;
- src->badness = src->sticky_badness;
- return total_bytes_read;
- }
-
- if (WIFEXITED(status)) {
- if (WEXITSTATUS(status) == 0) {
- return total_bytes_read;
- } else {
- debug2("Command '%s' exit status was %d",
- src->cmdstring, WEXITSTATUS(status));
- src->badness = src->sticky_badness = 128;
- return 0.0;
- }
- } else if (WIFSIGNALED(status)) {
- debug2("Command '%s' returned on uncaught signal %d !",
- src->cmdstring, status);
- src->badness = src->sticky_badness = 128;
- return 0.0;
- } else
- return 0.0;
-}
-
-double
-stir_from_system(void)
-{
- double total_entropy_estimate;
- long int i;
-
- total_entropy_estimate = 0;
-
- i = getpid();
- RAND_add(&i, sizeof(i), 0.5);
- total_entropy_estimate += 0.1;
-
- i = getppid();
- RAND_add(&i, sizeof(i), 0.5);
- total_entropy_estimate += 0.1;
-
- i = getuid();
- RAND_add(&i, sizeof(i), 0.0);
- i = getgid();
- RAND_add(&i, sizeof(i), 0.0);
-
- total_entropy_estimate += stir_gettimeofday(1.0);
- total_entropy_estimate += stir_clock(0.5);
- total_entropy_estimate += stir_rusage(RUSAGE_SELF, 2.0);
-
- return total_entropy_estimate;
-}
-
-double
-stir_from_programs(void)
-{
- int c;
- double entropy, total_entropy;
- unsigned char hash[SHA_DIGEST_LENGTH];
-
- total_entropy = 0;
- for(c = 0; entropy_cmds[c].path != NULL; c++) {
- if (!entropy_cmds[c].badness) {
- /* Hash output from command */
- entropy = hash_command_output(&entropy_cmds[c],
- hash);
-
- /* Scale back estimate by command's rate */
- entropy *= entropy_cmds[c].rate;
-
- /* Upper bound of entropy is SHA_DIGEST_LENGTH */
- if (entropy > SHA_DIGEST_LENGTH)
- entropy = SHA_DIGEST_LENGTH;
-
- /* Stir it in */
- RAND_add(hash, sizeof(hash), entropy);
-
- debug3("Got %0.2f bytes of entropy from '%s'",
- entropy, entropy_cmds[c].cmdstring);
-
- total_entropy += entropy;
-
- /* Execution time should be a bit unpredictable */
- total_entropy += stir_gettimeofday(0.05);
- total_entropy += stir_clock(0.05);
- total_entropy += stir_rusage(RUSAGE_SELF, 0.1);
- total_entropy += stir_rusage(RUSAGE_CHILDREN, 0.1);
- } else {
- debug2("Command '%s' disabled (badness %d)",
- entropy_cmds[c].cmdstring,
- entropy_cmds[c].badness);
-
- if (entropy_cmds[c].badness > 0)
- entropy_cmds[c].badness--;
- }
- }
-
- return total_entropy;
-}
-
-/*
- * prng seedfile functions
- */
-int
-prng_check_seedfile(char *filename)
-{
- struct stat st;
-
- /*
- * XXX raceable: eg replace seed between this stat and subsequent
- * open. Not such a problem because we don't really trust the
- * seed file anyway.
- * XXX: use secure path checking as elsewhere in OpenSSH
- */
- if (lstat(filename, &st) == -1) {
- /* Give up on hard errors */
- if (errno != ENOENT)
- debug("WARNING: Couldn't stat random seed file "
- "\"%.100s\": %s", filename, strerror(errno));
- return 0;
- }
-
- /* regular file? */
- if (!S_ISREG(st.st_mode))
- fatal("PRNG seedfile %.100s is not a regular file",
- filename);
-
- /* mode 0600, owned by root or the current user? */
- if (((st.st_mode & 0177) != 0) || !(st.st_uid == getuid())) {
- debug("WARNING: PRNG seedfile %.100s must be mode 0600, "
- "owned by uid %li", filename, (long int)getuid());
- return 0;
- }
-
- return 1;
-}
-
-void
-prng_write_seedfile(void)
-{
- int fd, save_errno;
- unsigned char seed[SEED_FILE_SIZE];
- char filename[MAXPATHLEN], tmpseed[MAXPATHLEN];
- struct passwd *pw;
- mode_t old_umask;
-
- pw = getpwuid(getuid());
- if (pw == NULL)
- fatal("Couldn't get password entry for current user "
- "(%li): %s", (long int)getuid(), strerror(errno));
-
- /* Try to ensure that the parent directory is there */
- snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir,
- _PATH_SSH_USER_DIR);
- if (mkdir(filename, 0700) < 0 && errno != EEXIST)
- fatal("mkdir %.200s: %s", filename, strerror(errno));
-
- snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir,
- SSH_PRNG_SEED_FILE);
-
- strlcpy(tmpseed, filename, sizeof(tmpseed));
- if (strlcat(tmpseed, ".XXXXXXXXXX", sizeof(tmpseed)) >=
- sizeof(tmpseed))
- fatal("PRNG seed filename too long");
-
- if (RAND_bytes(seed, sizeof(seed)) <= 0)
- fatal("PRNG seed extraction failed");
-
- /* Don't care if the seed doesn't exist */
- prng_check_seedfile(filename);
-
- old_umask = umask(0177);
-
- if ((fd = mkstemp(tmpseed)) == -1) {
- debug("WARNING: couldn't make temporary PRNG seedfile %.100s "
- "(%.100s)", tmpseed, strerror(errno));
- } else {
- debug("writing PRNG seed to file %.100s", tmpseed);
- if (atomicio(vwrite, fd, &seed, sizeof(seed)) < sizeof(seed)) {
- save_errno = errno;
- close(fd);
- unlink(tmpseed);
- fatal("problem writing PRNG seedfile %.100s "
- "(%.100s)", filename, strerror(save_errno));
- }
- close(fd);
- debug("moving temporary PRNG seed to file %.100s", filename);
- if (rename(tmpseed, filename) == -1) {
- save_errno = errno;
- unlink(tmpseed);
- fatal("problem renaming PRNG seedfile from %.100s "
- "to %.100s (%.100s)", tmpseed, filename,
- strerror(save_errno));
- }
- }
- umask(old_umask);
-}
-
-void
-prng_read_seedfile(void)
-{
- int fd;
- char seed[SEED_FILE_SIZE], filename[MAXPATHLEN];
- struct passwd *pw;
-
- pw = getpwuid(getuid());
- if (pw == NULL)
- fatal("Couldn't get password entry for current user "
- "(%li): %s", (long int)getuid(), strerror(errno));
-
- snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir,
- SSH_PRNG_SEED_FILE);
-
- debug("loading PRNG seed from file %.100s", filename);
-
- if (!prng_check_seedfile(filename)) {
- verbose("Random seed file not found or invalid, ignoring.");
- return;
- }
-
- /* open the file and read in the seed */
- fd = open(filename, O_RDONLY);
- if (fd == -1)
- fatal("could not open PRNG seedfile %.100s (%.100s)",
- filename, strerror(errno));
-
- if (atomicio(read, fd, &seed, sizeof(seed)) < sizeof(seed)) {
- verbose("invalid or short read from PRNG seedfile "
- "%.100s - ignoring", filename);
- memset(seed, '\0', sizeof(seed));
- }
- close(fd);
-
- /* stir in the seed, with estimated entropy zero */
- RAND_add(&seed, sizeof(seed), 0.0);
-}
-
-
-/*
- * entropy command initialisation functions
- */
-int
-prng_read_commands(char *cmdfilename)
-{
- char cmd[SEED_FILE_SIZE], *cp, line[1024], path[SEED_FILE_SIZE];
- double est;
- entropy_cmd_t *entcmd;
- FILE *f;
- int cur_cmd, linenum, num_cmds, arg;
-
- if ((f = fopen(cmdfilename, "r")) == NULL) {
- fatal("couldn't read entropy commands file %.100s: %.100s",
- cmdfilename, strerror(errno));
- }
-
- num_cmds = 64;
- entcmd = xcalloc(num_cmds, sizeof(entropy_cmd_t));
-
- /* Read in file */
- cur_cmd = linenum = 0;
- while (fgets(line, sizeof(line), f)) {
- linenum++;
-
- /* Skip leading whitespace, blank lines and comments */
- cp = line + strspn(line, WHITESPACE);
- if ((*cp == 0) || (*cp == '#'))
- continue; /* done with this line */
-
- /*
- * The first non-whitespace char should be a double quote
- * delimiting the commandline
- */
- if (*cp != '"') {
- error("bad entropy command, %.100s line %d",
- cmdfilename, linenum);
- continue;
- }
-
- /*
- * First token, command args (incl. argv[0]) in double
- * quotes
- */
- cp = strtok(cp, "\"");
- if (cp == NULL) {
- error("missing or bad command string, %.100s "
- "line %d -- ignored", cmdfilename, linenum);
- continue;
- }
- strlcpy(cmd, cp, sizeof(cmd));
-
- /* Second token, full command path */
- if ((cp = strtok(NULL, WHITESPACE)) == NULL) {
- error("missing command path, %.100s "
- "line %d -- ignored", cmdfilename, linenum);
- continue;
- }
-
- /* Did configure mark this as dead? */
- if (strncmp("undef", cp, 5) == 0)
- continue;
-
- strlcpy(path, cp, sizeof(path));
-
- /* Third token, entropy rate estimate for this command */
- if ((cp = strtok(NULL, WHITESPACE)) == NULL) {
- error("missing entropy estimate, %.100s "
- "line %d -- ignored", cmdfilename, linenum);
- continue;
- }
- est = strtod(cp, NULL);
-
- /* end of line */
- if ((cp = strtok(NULL, WHITESPACE)) != NULL) {
- error("garbage at end of line %d in %.100s "
- "-- ignored", linenum, cmdfilename);
- continue;
- }
-
- /* save the command for debug messages */
- entcmd[cur_cmd].cmdstring = xstrdup(cmd);
-
- /* split the command args */
- cp = strtok(cmd, WHITESPACE);
- arg = 0;
- do {
- entcmd[cur_cmd].args[arg] = xstrdup(cp);
- arg++;
- } while(arg < NUM_ARGS && (cp = strtok(NULL, WHITESPACE)));
-
- if (strtok(NULL, WHITESPACE))
- error("ignored extra commands (max %d), %.100s "
- "line %d", NUM_ARGS, cmdfilename, linenum);
-
- /* Copy the command path and rate estimate */
- entcmd[cur_cmd].path = xstrdup(path);
- entcmd[cur_cmd].rate = est;
-
- /* Initialise other values */
- entcmd[cur_cmd].sticky_badness = 1;
-
- cur_cmd++;
-
- /*
- * If we've filled the array, reallocate it twice the size
- * Do this now because even if this we're on the last
- * command we need another slot to mark the last entry
- */
- if (cur_cmd == num_cmds) {
- num_cmds *= 2;
- entcmd = xrealloc(entcmd, num_cmds,
- sizeof(entropy_cmd_t));
- }
- }
-
- /* zero the last entry */
- memset(&entcmd[cur_cmd], '\0', sizeof(entropy_cmd_t));
-
- /* trim to size */
- entropy_cmds = xrealloc(entcmd, (cur_cmd + 1),
- sizeof(entropy_cmd_t));
-
- debug("Loaded %d entropy commands from %.100s", cur_cmd,
- cmdfilename);
-
- fclose(f);
- return cur_cmd < MIN_ENTROPY_SOURCES ? -1 : 0;
-}
-
-void
-usage(void)
-{
- fprintf(stderr, "Usage: %s [options]\n", __progname);
- fprintf(stderr, " -v Verbose; display verbose debugging messages.\n");
- fprintf(stderr, " Multiple -v increases verbosity.\n");
- fprintf(stderr, " -x Force output in hexadecimal (for debugging)\n");
- fprintf(stderr, " -X Force output in binary\n");
- fprintf(stderr, " -b bytes Number of bytes to output (default %d)\n",
- OUTPUT_SEED_SIZE);
-}
-
-int
-main(int argc, char **argv)
-{
- unsigned char *buf;
- int ret, ch, debug_level, output_hex, bytes;
- extern char *optarg;
- extern int optind;
- LogLevel ll;
-
- __progname = ssh_get_progname(argv[0]);
- log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
-
- ll = SYSLOG_LEVEL_INFO;
- debug_level = output_hex = 0;
- bytes = OUTPUT_SEED_SIZE;
-
- /* Don't write binary data to a tty, unless we are forced to */
- if (isatty(STDOUT_FILENO))
- output_hex = 1;
-
- while ((ch = getopt(argc, argv, "vxXhb:")) != -1) {
- switch (ch) {
- case 'v':
- if (debug_level < 3)
- ll = SYSLOG_LEVEL_DEBUG1 + debug_level++;
- break;
- case 'x':
- output_hex = 1;
- break;
- case 'X':
- output_hex = 0;
- break;
- case 'b':
- if ((bytes = atoi(optarg)) <= 0)
- fatal("Invalid number of output bytes");
- break;
- case 'h':
- usage();
- exit(0);
- default:
- error("Invalid commandline option");
- usage();
- exit(1);
- }
- }
- log_init(argv[0], ll, SYSLOG_FACILITY_USER, 1);
-
- if (argc != optind) {
- error("Unexpected commandline arguments.");
- usage();
- exit(1);
- }
-
-#ifdef USE_SEED_FILES
- prng_read_seedfile();
-#endif
-
- buf = xmalloc(bytes);
-
- /*
- * Seed the RNG from wherever we can
- */
-
- /* Take whatever is on the stack, but don't credit it */
- RAND_add(buf, bytes, 0);
-
- debug("Seeded RNG with %i bytes from system calls",
- (int)stir_from_system());
-
- /* try prngd, fall back to commands if prngd fails or not configured */
- if (seed_from_prngd(buf, bytes) == 0) {
- RAND_add(buf, bytes, bytes);
- } else {
- /* Read in collection commands */
- if (prng_read_commands(SSH_PRNG_COMMAND_FILE) == -1)
- fatal("PRNG initialisation failed -- exiting.");
- debug("Seeded RNG with %i bytes from programs",
- (int)stir_from_programs());
- }
-
-#ifdef USE_SEED_FILES
- prng_write_seedfile();
-#endif
-
- /*
- * Write the seed to stdout
- */
-
- if (!RAND_status())
- fatal("Not enough entropy in RNG");
-
- if (RAND_bytes(buf, bytes) <= 0)
- fatal("Couldn't extract entropy from PRNG");
-
- if (output_hex) {
- for(ret = 0; ret < bytes; ret++)
- printf("%02x", (unsigned char)(buf[ret]));
- printf("\n");
- } else
- ret = atomicio(vwrite, STDOUT_FILENO, buf, bytes);
-
- memset(buf, '\0', bytes);
- xfree(buf);
-
- return ret == bytes ? 0 : 1;
-}
-
-/*
- * We may attempt to re-seed during mkstemp if we are using the one in the
- * compat library (via mkstemp -> _gettemp -> arc4random -> seed_rng) so we
- * need our own seed_rng(). We must also check that we have enough entropy.
- */
-void
-seed_rng(void)
-{
- if (!RAND_status())
- fatal("Not enough entropy in RNG");
-}
Modified: vendor-crypto/openssh/dist/ssh-rsa.c
===================================================================
--- vendor-crypto/openssh/dist/ssh-rsa.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/ssh-rsa.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-rsa.c,v 1.45 2010/08/31 09:58:37 djm Exp $ */
+/* $OpenBSD: ssh-rsa.c,v 1.46 2013/05/17 00:13:14 djm Exp $ */
/*
* Copyright (c) 2000, 2003 Markus Friedl <markus at openbsd.org>
*
@@ -72,7 +72,7 @@
error("ssh_rsa_sign: RSA_sign failed: %s",
ERR_error_string(ecode, NULL));
- xfree(sig);
+ free(sig);
return -1;
}
if (len < slen) {
@@ -82,7 +82,7 @@
memset(sig, 0, diff);
} else if (len > slen) {
error("ssh_rsa_sign: slen %u slen2 %u", slen, len);
- xfree(sig);
+ free(sig);
return -1;
}
/* encode signature */
@@ -98,7 +98,7 @@
}
buffer_free(&b);
memset(sig, 's', slen);
- xfree(sig);
+ free(sig);
return 0;
}
@@ -131,16 +131,16 @@
if (strcmp("ssh-rsa", ktype) != 0) {
error("ssh_rsa_verify: cannot handle type %s", ktype);
buffer_free(&b);
- xfree(ktype);
+ free(ktype);
return -1;
}
- xfree(ktype);
+ free(ktype);
sigblob = buffer_get_string(&b, &len);
rlen = buffer_len(&b);
buffer_free(&b);
if (rlen != 0) {
error("ssh_rsa_verify: remaining bytes in signature %d", rlen);
- xfree(sigblob);
+ free(sigblob);
return -1;
}
/* RSA_verify expects a signature of RSA_size */
@@ -147,7 +147,7 @@
modlen = RSA_size(key->rsa);
if (len > modlen) {
error("ssh_rsa_verify: len %u > modlen %u", len, modlen);
- xfree(sigblob);
+ free(sigblob);
return -1;
} else if (len < modlen) {
u_int diff = modlen - len;
@@ -161,7 +161,7 @@
nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1;
if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
error("ssh_rsa_verify: EVP_get_digestbynid %d failed", nid);
- xfree(sigblob);
+ free(sigblob);
return -1;
}
EVP_DigestInit(&md, evp_md);
@@ -171,7 +171,7 @@
ret = openssh_RSA_verify(nid, digest, dlen, sigblob, len, key->rsa);
memset(digest, 'd', sizeof(digest));
memset(sigblob, 's', len);
- xfree(sigblob);
+ free(sigblob);
debug("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : "");
return ret;
}
@@ -262,7 +262,6 @@
}
ret = 1;
done:
- if (decrypted)
- xfree(decrypted);
+ free(decrypted);
return ret;
}
Property changes on: vendor-crypto/openssh/dist/ssh-rsa.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Added: vendor-crypto/openssh/dist/ssh-sandbox.h
===================================================================
--- vendor-crypto/openssh/dist/ssh-sandbox.h (rev 0)
+++ vendor-crypto/openssh/dist/ssh-sandbox.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,23 @@
+/* $OpenBSD: ssh-sandbox.h,v 1.1 2011/06/23 09:34:13 djm Exp $ */
+/*
+ * Copyright (c) 2011 Damien Miller <djm at mindrot.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+struct ssh_sandbox;
+
+struct ssh_sandbox *ssh_sandbox_init(void);
+void ssh_sandbox_child(struct ssh_sandbox *);
+void ssh_sandbox_parent_finish(struct ssh_sandbox *);
+void ssh_sandbox_parent_preauth(struct ssh_sandbox *, pid_t);
Added: vendor-crypto/openssh/dist/ssh.0
===================================================================
--- vendor-crypto/openssh/dist/ssh.0 (rev 0)
+++ vendor-crypto/openssh/dist/ssh.0 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,935 @@
+SSH(1) OpenBSD Reference Manual SSH(1)
+
+NAME
+ ssh - OpenSSH SSH client (remote login program)
+
+SYNOPSIS
+ ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
+ [-D [bind_address:]port] [-E log_file] [-e escape_char]
+ [-F configfile] [-I pkcs11] [-i identity_file]
+ [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec]
+ [-O ctl_cmd] [-o option] [-p port]
+ [-R [bind_address:]port:host:hostport] [-S ctl_path] [-W host:port]
+ [-w local_tun[:remote_tun]] [user@]hostname [command]
+ ssh -Q protocol_feature
+
+DESCRIPTION
+ ssh (SSH client) is a program for logging into a remote machine and for
+ executing commands on a remote machine. It is intended to replace rlogin
+ and rsh, and provide secure encrypted communications between two
+ untrusted hosts over an insecure network. X11 connections and arbitrary
+ TCP ports can also be forwarded over the secure channel.
+
+ ssh connects and logs into the specified hostname (with optional user
+ name). The user must prove his/her identity to the remote machine using
+ one of several methods depending on the protocol version used (see
+ below).
+
+ If command is specified, it is executed on the remote host instead of a
+ login shell.
+
+ The options are as follows:
+
+ -1 Forces ssh to try protocol version 1 only.
+
+ -2 Forces ssh to try protocol version 2 only.
+
+ -4 Forces ssh to use IPv4 addresses only.
+
+ -6 Forces ssh to use IPv6 addresses only.
+
+ -A Enables forwarding of the authentication agent connection. This
+ can also be specified on a per-host basis in a configuration
+ file.
+
+ Agent forwarding should be enabled with caution. Users with the
+ ability to bypass file permissions on the remote host (for the
+ agent's UNIX-domain socket) can access the local agent through
+ the forwarded connection. An attacker cannot obtain key material
+ from the agent, however they can perform operations on the keys
+ that enable them to authenticate using the identities loaded into
+ the agent.
+
+ -a Disables forwarding of the authentication agent connection.
+
+ -b bind_address
+ Use bind_address on the local machine as the source address of
+ the connection. Only useful on systems with more than one
+ address.
+
+ -C Requests compression of all data (including stdin, stdout,
+ stderr, and data for forwarded X11 and TCP connections). The
+ compression algorithm is the same used by gzip(1), and the
+ ``level'' can be controlled by the CompressionLevel option for
+ protocol version 1. Compression is desirable on modem lines and
+ other slow connections, but will only slow down things on fast
+ networks. The default value can be set on a host-by-host basis
+ in the configuration files; see the Compression option.
+
+ -c cipher_spec
+ Selects the cipher specification for encrypting the session.
+
+ Protocol version 1 allows specification of a single cipher. The
+ supported values are ``3des'', ``blowfish'', and ``des''. 3des
+ (triple-des) is an encrypt-decrypt-encrypt triple with three
+ different keys. It is believed to be secure. blowfish is a fast
+ block cipher; it appears very secure and is much faster than
+ 3des. des is only supported in the ssh client for
+ interoperability with legacy protocol 1 implementations that do
+ not support the 3des cipher. Its use is strongly discouraged due
+ to cryptographic weaknesses. The default is ``3des''.
+
+ For protocol version 2, cipher_spec is a comma-separated list of
+ ciphers listed in order of preference. See the Ciphers keyword
+ in ssh_config(5) for more information.
+
+ -D [bind_address:]port
+ Specifies a local ``dynamic'' application-level port forwarding.
+ This works by allocating a socket to listen to port on the local
+ side, optionally bound to the specified bind_address. Whenever a
+ connection is made to this port, the connection is forwarded over
+ the secure channel, and the application protocol is then used to
+ determine where to connect to from the remote machine. Currently
+ the SOCKS4 and SOCKS5 protocols are supported, and ssh will act
+ as a SOCKS server. Only root can forward privileged ports.
+ Dynamic port forwardings can also be specified in the
+ configuration file.
+
+ IPv6 addresses can be specified by enclosing the address in
+ square brackets. Only the superuser can forward privileged
+ ports. By default, the local port is bound in accordance with
+ the GatewayPorts setting. However, an explicit bind_address may
+ be used to bind the connection to a specific address. The
+ bind_address of ``localhost'' indicates that the listening port
+ be bound for local use only, while an empty address or `*'
+ indicates that the port should be available from all interfaces.
+
+ -E log_file
+ Append debug logs to log_file instead of standard error.
+
+ -e escape_char
+ Sets the escape character for sessions with a pty (default: `~').
+ The escape character is only recognized at the beginning of a
+ line. The escape character followed by a dot (`.') closes the
+ connection; followed by control-Z suspends the connection; and
+ followed by itself sends the escape character once. Setting the
+ character to ``none'' disables any escapes and makes the session
+ fully transparent.
+
+ -F configfile
+ Specifies an alternative per-user configuration file. If a
+ configuration file is given on the command line, the system-wide
+ configuration file (/etc/ssh/ssh_config) will be ignored. The
+ default for the per-user configuration file is ~/.ssh/config.
+
+ -f Requests ssh to go to background just before command execution.
+ This is useful if ssh is going to ask for passwords or
+ passphrases, but the user wants it in the background. This
+ implies -n. The recommended way to start X11 programs at a
+ remote site is with something like ssh -f host xterm.
+
+ If the ExitOnForwardFailure configuration option is set to
+ ``yes'', then a client started with -f will wait for all remote
+ port forwards to be successfully established before placing
+ itself in the background.
+
+ -g Allows remote hosts to connect to local forwarded ports.
+
+ -I pkcs11
+ Specify the PKCS#11 shared library ssh should use to communicate
+ with a PKCS#11 token providing the user's private RSA key.
+
+ -i identity_file
+ Selects a file from which the identity (private key) for public
+ key authentication is read. The default is ~/.ssh/identity for
+ protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and
+ ~/.ssh/id_rsa for protocol version 2. Identity files may also be
+ specified on a per-host basis in the configuration file. It is
+ possible to have multiple -i options (and multiple identities
+ specified in configuration files). ssh will also try to load
+ certificate information from the filename obtained by appending
+ -cert.pub to identity filenames.
+
+ -K Enables GSSAPI-based authentication and forwarding (delegation)
+ of GSSAPI credentials to the server.
+
+ -k Disables forwarding (delegation) of GSSAPI credentials to the
+ server.
+
+ -L [bind_address:]port:host:hostport
+ Specifies that the given port on the local (client) host is to be
+ forwarded to the given host and port on the remote side. This
+ works by allocating a socket to listen to port on the local side,
+ optionally bound to the specified bind_address. Whenever a
+ connection is made to this port, the connection is forwarded over
+ the secure channel, and a connection is made to host port
+ hostport from the remote machine. Port forwardings can also be
+ specified in the configuration file. IPv6 addresses can be
+ specified by enclosing the address in square brackets. Only the
+ superuser can forward privileged ports. By default, the local
+ port is bound in accordance with the GatewayPorts setting.
+ However, an explicit bind_address may be used to bind the
+ connection to a specific address. The bind_address of
+ ``localhost'' indicates that the listening port be bound for
+ local use only, while an empty address or `*' indicates that the
+ port should be available from all interfaces.
+
+ -l login_name
+ Specifies the user to log in as on the remote machine. This also
+ may be specified on a per-host basis in the configuration file.
+
+ -M Places the ssh client into ``master'' mode for connection
+ sharing. Multiple -M options places ssh into ``master'' mode
+ with confirmation required before slave connections are accepted.
+ Refer to the description of ControlMaster in ssh_config(5) for
+ details.
+
+ -m mac_spec
+ Additionally, for protocol version 2 a comma-separated list of
+ MAC (message authentication code) algorithms can be specified in
+ order of preference. See the MACs keyword for more information.
+
+ -N Do not execute a remote command. This is useful for just
+ forwarding ports (protocol version 2 only).
+
+ -n Redirects stdin from /dev/null (actually, prevents reading from
+ stdin). This must be used when ssh is run in the background. A
+ common trick is to use this to run X11 programs on a remote
+ machine. For example, ssh -n shadows.cs.hut.fi emacs & will
+ start an emacs on shadows.cs.hut.fi, and the X11 connection will
+ be automatically forwarded over an encrypted channel. The ssh
+ program will be put in the background. (This does not work if
+ ssh needs to ask for a password or passphrase; see also the -f
+ option.)
+
+ -O ctl_cmd
+ Control an active connection multiplexing master process. When
+ the -O option is specified, the ctl_cmd argument is interpreted
+ and passed to the master process. Valid commands are: ``check''
+ (check that the master process is running), ``forward'' (request
+ forwardings without command execution), ``cancel'' (cancel
+ forwardings), ``exit'' (request the master to exit), and ``stop''
+ (request the master to stop accepting further multiplexing
+ requests).
+
+ -o option
+ Can be used to give options in the format used in the
+ configuration file. This is useful for specifying options for
+ which there is no separate command-line flag. For full details
+ of the options listed below, and their possible values, see
+ ssh_config(5).
+
+ AddressFamily
+ BatchMode
+ BindAddress
+ ChallengeResponseAuthentication
+ CheckHostIP
+ Cipher
+ Ciphers
+ ClearAllForwardings
+ Compression
+ CompressionLevel
+ ConnectionAttempts
+ ConnectTimeout
+ ControlMaster
+ ControlPath
+ ControlPersist
+ DynamicForward
+ EscapeChar
+ ExitOnForwardFailure
+ ForwardAgent
+ ForwardX11
+ ForwardX11Timeout
+ ForwardX11Trusted
+ GatewayPorts
+ GlobalKnownHostsFile
+ GSSAPIAuthentication
+ GSSAPIDelegateCredentials
+ HashKnownHosts
+ Host
+ HostbasedAuthentication
+ HostKeyAlgorithms
+ HostKeyAlias
+ HostName
+ IdentityFile
+ IdentitiesOnly
+ IPQoS
+ KbdInteractiveAuthentication
+ KbdInteractiveDevices
+ KexAlgorithms
+ LocalCommand
+ LocalForward
+ LogLevel
+ MACs
+ NoHostAuthenticationForLocalhost
+ NumberOfPasswordPrompts
+ PasswordAuthentication
+ PermitLocalCommand
+ PKCS11Provider
+ Port
+ PreferredAuthentications
+ Protocol
+ ProxyCommand
+ PubkeyAuthentication
+ RekeyLimit
+ RemoteForward
+ RequestTTY
+ RhostsRSAAuthentication
+ RSAAuthentication
+ SendEnv
+ ServerAliveInterval
+ ServerAliveCountMax
+ StrictHostKeyChecking
+ TCPKeepAlive
+ Tunnel
+ TunnelDevice
+ UsePrivilegedPort
+ User
+ UserKnownHostsFile
+ VerifyHostKeyDNS
+ VisualHostKey
+ XAuthLocation
+
+ -p port
+ Port to connect to on the remote host. This can be specified on
+ a per-host basis in the configuration file.
+
+ -Q protocol_feature
+ Queries ssh for the algorithms supported for the specified
+ version 2 protocol_feature. The queriable features are:
+ ``cipher'' (supported symmetric ciphers), ``MAC'' (supported
+ message integrity codes), ``KEX'' (key exchange algorithms),
+ ``key'' (key types). Protocol features are treated case-
+ insensitively.
+
+ -q Quiet mode. Causes most warning and diagnostic messages to be
+ suppressed.
+
+ -R [bind_address:]port:host:hostport
+ Specifies that the given port on the remote (server) host is to
+ be forwarded to the given host and port on the local side. This
+ works by allocating a socket to listen to port on the remote
+ side, and whenever a connection is made to this port, the
+ connection is forwarded over the secure channel, and a connection
+ is made to host port hostport from the local machine.
+
+ Port forwardings can also be specified in the configuration file.
+ Privileged ports can be forwarded only when logging in as root on
+ the remote machine. IPv6 addresses can be specified by enclosing
+ the address in square brackets.
+
+ By default, the listening socket on the server will be bound to
+ the loopback interface only. This may be overridden by
+ specifying a bind_address. An empty bind_address, or the address
+ `*', indicates that the remote socket should listen on all
+ interfaces. Specifying a remote bind_address will only succeed
+ if the server's GatewayPorts option is enabled (see
+ sshd_config(5)).
+
+ If the port argument is `0', the listen port will be dynamically
+ allocated on the server and reported to the client at run time.
+ When used together with -O forward the allocated port will be
+ printed to the standard output.
+
+ -S ctl_path
+ Specifies the location of a control socket for connection
+ sharing, or the string ``none'' to disable connection sharing.
+ Refer to the description of ControlPath and ControlMaster in
+ ssh_config(5) for details.
+
+ -s May be used to request invocation of a subsystem on the remote
+ system. Subsystems are a feature of the SSH2 protocol which
+ facilitate the use of SSH as a secure transport for other
+ applications (eg. sftp(1)). The subsystem is specified as the
+ remote command.
+
+ -T Disable pseudo-tty allocation.
+
+ -t Force pseudo-tty allocation. This can be used to execute
+ arbitrary screen-based programs on a remote machine, which can be
+ very useful, e.g. when implementing menu services. Multiple -t
+ options force tty allocation, even if ssh has no local tty.
+
+ -V Display the version number and exit.
+
+ -v Verbose mode. Causes ssh to print debugging messages about its
+ progress. This is helpful in debugging connection,
+ authentication, and configuration problems. Multiple -v options
+ increase the verbosity. The maximum is 3.
+
+ -W host:port
+ Requests that standard input and output on the client be
+ forwarded to host on port over the secure channel. Implies -N,
+ -T, ExitOnForwardFailure and ClearAllForwardings. Works with
+ Protocol version 2 only.
+
+ -w local_tun[:remote_tun]
+ Requests tunnel device forwarding with the specified tun(4)
+ devices between the client (local_tun) and the server
+ (remote_tun).
+
+ The devices may be specified by numerical ID or the keyword
+ ``any'', which uses the next available tunnel device. If
+ remote_tun is not specified, it defaults to ``any''. See also
+ the Tunnel and TunnelDevice directives in ssh_config(5). If the
+ Tunnel directive is unset, it is set to the default tunnel mode,
+ which is ``point-to-point''.
+
+ -X Enables X11 forwarding. This can also be specified on a per-host
+ basis in a configuration file.
+
+ X11 forwarding should be enabled with caution. Users with the
+ ability to bypass file permissions on the remote host (for the
+ user's X authorization database) can access the local X11 display
+ through the forwarded connection. An attacker may then be able
+ to perform activities such as keystroke monitoring.
+
+ For this reason, X11 forwarding is subjected to X11 SECURITY
+ extension restrictions by default. Please refer to the ssh -Y
+ option and the ForwardX11Trusted directive in ssh_config(5) for
+ more information.
+
+ -x Disables X11 forwarding.
+
+ -Y Enables trusted X11 forwarding. Trusted X11 forwardings are not
+ subjected to the X11 SECURITY extension controls.
+
+ -y Send log information using the syslog(3) system module. By
+ default this information is sent to stderr.
+
+ ssh may additionally obtain configuration data from a per-user
+ configuration file and a system-wide configuration file. The file format
+ and configuration options are described in ssh_config(5).
+
+AUTHENTICATION
+ The OpenSSH SSH client supports SSH protocols 1 and 2. The default is to
+ use protocol 2 only, though this can be changed via the Protocol option
+ in ssh_config(5) or the -1 and -2 options (see above). Both protocols
+ support similar authentication methods, but protocol 2 is the default
+ since it provides additional mechanisms for confidentiality (the traffic
+ is encrypted using AES, 3DES, Blowfish, CAST128, or Arcfour) and
+ integrity (hmac-md5, hmac-sha1, hmac-sha2-256, hmac-sha2-512, umac-64,
+ umac-128, hmac-ripemd160). Protocol 1 lacks a strong mechanism for
+ ensuring the integrity of the connection.
+
+ The methods available for authentication are: GSSAPI-based
+ authentication, host-based authentication, public key authentication,
+ challenge-response authentication, and password authentication.
+ Authentication methods are tried in the order specified above, though
+ protocol 2 has a configuration option to change the default order:
+ PreferredAuthentications.
+
+ Host-based authentication works as follows: If the machine the user logs
+ in from is listed in /etc/hosts.equiv or /etc/shosts.equiv on the remote
+ machine, and the user names are the same on both sides, or if the files
+ ~/.rhosts or ~/.shosts exist in the user's home directory on the remote
+ machine and contain a line containing the name of the client machine and
+ the name of the user on that machine, the user is considered for login.
+ Additionally, the server must be able to verify the client's host key
+ (see the description of /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts,
+ below) for login to be permitted. This authentication method closes
+ security holes due to IP spoofing, DNS spoofing, and routing spoofing.
+ [Note to the administrator: /etc/hosts.equiv, ~/.rhosts, and the
+ rlogin/rsh protocol in general, are inherently insecure and should be
+ disabled if security is desired.]
+
+ Public key authentication works as follows: The scheme is based on
+ public-key cryptography, using cryptosystems where encryption and
+ decryption are done using separate keys, and it is unfeasible to derive
+ the decryption key from the encryption key. The idea is that each user
+ creates a public/private key pair for authentication purposes. The
+ server knows the public key, and only the user knows the private key.
+ ssh implements public key authentication protocol automatically, using
+ one of the DSA, ECDSA or RSA algorithms. Protocol 1 is restricted to
+ using only RSA keys, but protocol 2 may use any. The HISTORY section of
+ ssl(8) contains a brief discussion of the DSA and RSA algorithms.
+
+ The file ~/.ssh/authorized_keys lists the public keys that are permitted
+ for logging in. When the user logs in, the ssh program tells the server
+ which key pair it would like to use for authentication. The client
+ proves that it has access to the private key and the server checks that
+ the corresponding public key is authorized to accept the account.
+
+ The user creates his/her key pair by running ssh-keygen(1). This stores
+ the private key in ~/.ssh/identity (protocol 1), ~/.ssh/id_dsa (protocol
+ 2 DSA), ~/.ssh/id_ecdsa (protocol 2 ECDSA), or ~/.ssh/id_rsa (protocol 2
+ RSA) and stores the public key in ~/.ssh/identity.pub (protocol 1),
+ ~/.ssh/id_dsa.pub (protocol 2 DSA), ~/.ssh/id_ecdsa.pub (protocol 2
+ ECDSA), or ~/.ssh/id_rsa.pub (protocol 2 RSA) in the user's home
+ directory. The user should then copy the public key to
+ ~/.ssh/authorized_keys in his/her home directory on the remote machine.
+ The authorized_keys file corresponds to the conventional ~/.rhosts file,
+ and has one key per line, though the lines can be very long. After this,
+ the user can log in without giving the password.
+
+ A variation on public key authentication is available in the form of
+ certificate authentication: instead of a set of public/private keys,
+ signed certificates are used. This has the advantage that a single
+ trusted certification authority can be used in place of many
+ public/private keys. See the CERTIFICATES section of ssh-keygen(1) for
+ more information.
+
+ The most convenient way to use public key or certificate authentication
+ may be with an authentication agent. See ssh-agent(1) for more
+ information.
+
+ Challenge-response authentication works as follows: The server sends an
+ arbitrary "challenge" text, and prompts for a response. Protocol 2
+ allows multiple challenges and responses; protocol 1 is restricted to
+ just one challenge/response. Examples of challenge-response
+ authentication include BSD Authentication (see login.conf(5)) and PAM
+ (some non-OpenBSD systems).
+
+ Finally, if other authentication methods fail, ssh prompts the user for a
+ password. The password is sent to the remote host for checking; however,
+ since all communications are encrypted, the password cannot be seen by
+ someone listening on the network.
+
+ ssh automatically maintains and checks a database containing
+ identification for all hosts it has ever been used with. Host keys are
+ stored in ~/.ssh/known_hosts in the user's home directory. Additionally,
+ the file /etc/ssh/ssh_known_hosts is automatically checked for known
+ hosts. Any new hosts are automatically added to the user's file. If a
+ host's identification ever changes, ssh warns about this and disables
+ password authentication to prevent server spoofing or man-in-the-middle
+ attacks, which could otherwise be used to circumvent the encryption. The
+ StrictHostKeyChecking option can be used to control logins to machines
+ whose host key is not known or has changed.
+
+ When the user's identity has been accepted by the server, the server
+ either executes the given command, or logs into the machine and gives the
+ user a normal shell on the remote machine. All communication with the
+ remote command or shell will be automatically encrypted.
+
+ If a pseudo-terminal has been allocated (normal login session), the user
+ may use the escape characters noted below.
+
+ If no pseudo-tty has been allocated, the session is transparent and can
+ be used to reliably transfer binary data. On most systems, setting the
+ escape character to ``none'' will also make the session transparent even
+ if a tty is used.
+
+ The session terminates when the command or shell on the remote machine
+ exits and all X11 and TCP connections have been closed.
+
+ESCAPE CHARACTERS
+ When a pseudo-terminal has been requested, ssh supports a number of
+ functions through the use of an escape character.
+
+ A single tilde character can be sent as ~~ or by following the tilde by a
+ character other than those described below. The escape character must
+ always follow a newline to be interpreted as special. The escape
+ character can be changed in configuration files using the EscapeChar
+ configuration directive or on the command line by the -e option.
+
+ The supported escapes (assuming the default `~') are:
+
+ ~. Disconnect.
+
+ ~^Z Background ssh.
+
+ ~# List forwarded connections.
+
+ ~& Background ssh at logout when waiting for forwarded connection /
+ X11 sessions to terminate.
+
+ ~? Display a list of escape characters.
+
+ ~B Send a BREAK to the remote system (only useful for SSH protocol
+ version 2 and if the peer supports it).
+
+ ~C Open command line. Currently this allows the addition of port
+ forwardings using the -L, -R and -D options (see above). It also
+ allows the cancellation of existing port-forwardings with
+ -KL[bind_address:]port for local, -KR[bind_address:]port for
+ remote and -KD[bind_address:]port for dynamic port-forwardings.
+ !command allows the user to execute a local command if the
+ PermitLocalCommand option is enabled in ssh_config(5). Basic
+ help is available, using the -h option.
+
+ ~R Request rekeying of the connection (only useful for SSH protocol
+ version 2 and if the peer supports it).
+
+ ~V Decrease the verbosity (LogLevel) when errors are being written
+ to stderr.
+
+ ~v Increase the verbosity (LogLevel) when errors are being written
+ to stderr.
+
+TCP FORWARDING
+ Forwarding of arbitrary TCP connections over the secure channel can be
+ specified either on the command line or in a configuration file. One
+ possible application of TCP forwarding is a secure connection to a mail
+ server; another is going through firewalls.
+
+ In the example below, we look at encrypting communication between an IRC
+ client and server, even though the IRC server does not directly support
+ encrypted communications. This works as follows: the user connects to
+ the remote host using ssh, specifying a port to be used to forward
+ connections to the remote server. After that it is possible to start the
+ service which is to be encrypted on the client machine, connecting to the
+ same local port, and ssh will encrypt and forward the connection.
+
+ The following example tunnels an IRC session from client machine
+ ``127.0.0.1'' (localhost) to remote server ``server.example.com'':
+
+ $ ssh -f -L 1234:localhost:6667 server.example.com sleep 10
+ $ irc -c '#users' -p 1234 pinky 127.0.0.1
+
+ This tunnels a connection to IRC server ``server.example.com'', joining
+ channel ``#users'', nickname ``pinky'', using port 1234. It doesn't
+ matter which port is used, as long as it's greater than 1023 (remember,
+ only root can open sockets on privileged ports) and doesn't conflict with
+ any ports already in use. The connection is forwarded to port 6667 on
+ the remote server, since that's the standard port for IRC services.
+
+ The -f option backgrounds ssh and the remote command ``sleep 10'' is
+ specified to allow an amount of time (10 seconds, in the example) to
+ start the service which is to be tunnelled. If no connections are made
+ within the time specified, ssh will exit.
+
+X11 FORWARDING
+ If the ForwardX11 variable is set to ``yes'' (or see the description of
+ the -X, -x, and -Y options above) and the user is using X11 (the DISPLAY
+ environment variable is set), the connection to the X11 display is
+ automatically forwarded to the remote side in such a way that any X11
+ programs started from the shell (or command) will go through the
+ encrypted channel, and the connection to the real X server will be made
+ from the local machine. The user should not manually set DISPLAY.
+ Forwarding of X11 connections can be configured on the command line or in
+ configuration files.
+
+ The DISPLAY value set by ssh will point to the server machine, but with a
+ display number greater than zero. This is normal, and happens because
+ ssh creates a ``proxy'' X server on the server machine for forwarding the
+ connections over the encrypted channel.
+
+ ssh will also automatically set up Xauthority data on the server machine.
+ For this purpose, it will generate a random authorization cookie, store
+ it in Xauthority on the server, and verify that any forwarded connections
+ carry this cookie and replace it by the real cookie when the connection
+ is opened. The real authentication cookie is never sent to the server
+ machine (and no cookies are sent in the plain).
+
+ If the ForwardAgent variable is set to ``yes'' (or see the description of
+ the -A and -a options above) and the user is using an authentication
+ agent, the connection to the agent is automatically forwarded to the
+ remote side.
+
+VERIFYING HOST KEYS
+ When connecting to a server for the first time, a fingerprint of the
+ server's public key is presented to the user (unless the option
+ StrictHostKeyChecking has been disabled). Fingerprints can be determined
+ using ssh-keygen(1):
+
+ $ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key
+
+ If the fingerprint is already known, it can be matched and the key can be
+ accepted or rejected. Because of the difficulty of comparing host keys
+ just by looking at hex strings, there is also support to compare host
+ keys visually, using random art. By setting the VisualHostKey option to
+ ``yes'', a small ASCII graphic gets displayed on every login to a server,
+ no matter if the session itself is interactive or not. By learning the
+ pattern a known server produces, a user can easily find out that the host
+ key has changed when a completely different pattern is displayed.
+ Because these patterns are not unambiguous however, a pattern that looks
+ similar to the pattern remembered only gives a good probability that the
+ host key is the same, not guaranteed proof.
+
+ To get a listing of the fingerprints along with their random art for all
+ known hosts, the following command line can be used:
+
+ $ ssh-keygen -lv -f ~/.ssh/known_hosts
+
+ If the fingerprint is unknown, an alternative method of verification is
+ available: SSH fingerprints verified by DNS. An additional resource
+ record (RR), SSHFP, is added to a zonefile and the connecting client is
+ able to match the fingerprint with that of the key presented.
+
+ In this example, we are connecting a client to a server,
+ ``host.example.com''. The SSHFP resource records should first be added
+ to the zonefile for host.example.com:
+
+ $ ssh-keygen -r host.example.com.
+
+ The output lines will have to be added to the zonefile. To check that
+ the zone is answering fingerprint queries:
+
+ $ dig -t SSHFP host.example.com
+
+ Finally the client connects:
+
+ $ ssh -o "VerifyHostKeyDNS ask" host.example.com
+ [...]
+ Matching host key fingerprint found in DNS.
+ Are you sure you want to continue connecting (yes/no)?
+
+ See the VerifyHostKeyDNS option in ssh_config(5) for more information.
+
+SSH-BASED VIRTUAL PRIVATE NETWORKS
+ ssh contains support for Virtual Private Network (VPN) tunnelling using
+ the tun(4) network pseudo-device, allowing two networks to be joined
+ securely. The sshd_config(5) configuration option PermitTunnel controls
+ whether the server supports this, and at what level (layer 2 or 3
+ traffic).
+
+ The following example would connect client network 10.0.50.0/24 with
+ remote network 10.0.99.0/24 using a point-to-point connection from
+ 10.1.1.1 to 10.1.1.2, provided that the SSH server running on the gateway
+ to the remote network, at 192.168.1.15, allows it.
+
+ On the client:
+
+ # ssh -f -w 0:1 192.168.1.15 true
+ # ifconfig tun0 10.1.1.1 10.1.1.2 netmask 255.255.255.252
+ # route add 10.0.99.0/24 10.1.1.2
+
+ On the server:
+
+ # ifconfig tun1 10.1.1.2 10.1.1.1 netmask 255.255.255.252
+ # route add 10.0.50.0/24 10.1.1.1
+
+ Client access may be more finely tuned via the /root/.ssh/authorized_keys
+ file (see below) and the PermitRootLogin server option. The following
+ entry would permit connections on tun(4) device 1 from user ``jane'' and
+ on tun device 2 from user ``john'', if PermitRootLogin is set to
+ ``forced-commands-only'':
+
+ tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... jane
+ tunnel="2",command="sh /etc/netstart tun2" ssh-rsa ... john
+
+ Since an SSH-based setup entails a fair amount of overhead, it may be
+ more suited to temporary setups, such as for wireless VPNs. More
+ permanent VPNs are better provided by tools such as ipsecctl(8) and
+ isakmpd(8).
+
+ENVIRONMENT
+ ssh will normally set the following environment variables:
+
+ DISPLAY The DISPLAY variable indicates the location of the
+ X11 server. It is automatically set by ssh to
+ point to a value of the form ``hostname:n'', where
+ ``hostname'' indicates the host where the shell
+ runs, and `n' is an integer >= 1. ssh uses this
+ special value to forward X11 connections over the
+ secure channel. The user should normally not set
+ DISPLAY explicitly, as that will render the X11
+ connection insecure (and will require the user to
+ manually copy any required authorization cookies).
+
+ HOME Set to the path of the user's home directory.
+
+ LOGNAME Synonym for USER; set for compatibility with
+ systems that use this variable.
+
+ MAIL Set to the path of the user's mailbox.
+
+ PATH Set to the default PATH, as specified when
+ compiling ssh.
+
+ SSH_ASKPASS If ssh needs a passphrase, it will read the
+ passphrase from the current terminal if it was run
+ from a terminal. If ssh does not have a terminal
+ associated with it but DISPLAY and SSH_ASKPASS are
+ set, it will execute the program specified by
+ SSH_ASKPASS and open an X11 window to read the
+ passphrase. This is particularly useful when
+ calling ssh from a .xsession or related script.
+ (Note that on some machines it may be necessary to
+ redirect the input from /dev/null to make this
+ work.)
+
+ SSH_AUTH_SOCK Identifies the path of a UNIX-domain socket used to
+ communicate with the agent.
+
+ SSH_CONNECTION Identifies the client and server ends of the
+ connection. The variable contains four space-
+ separated values: client IP address, client port
+ number, server IP address, and server port number.
+
+ SSH_ORIGINAL_COMMAND This variable contains the original command line if
+ a forced command is executed. It can be used to
+ extract the original arguments.
+
+ SSH_TTY This is set to the name of the tty (path to the
+ device) associated with the current shell or
+ command. If the current session has no tty, this
+ variable is not set.
+
+ TZ This variable is set to indicate the present time
+ zone if it was set when the daemon was started
+ (i.e. the daemon passes the value on to new
+ connections).
+
+ USER Set to the name of the user logging in.
+
+ Additionally, ssh reads ~/.ssh/environment, and adds lines of the format
+ ``VARNAME=value'' to the environment if the file exists and users are
+ allowed to change their environment. For more information, see the
+ PermitUserEnvironment option in sshd_config(5).
+
+FILES
+ ~/.rhosts
+ This file is used for host-based authentication (see above). On
+ some machines this file may need to be world-readable if the
+ user's home directory is on an NFS partition, because sshd(8)
+ reads it as root. Additionally, this file must be owned by the
+ user, and must not have write permissions for anyone else. The
+ recommended permission for most machines is read/write for the
+ user, and not accessible by others.
+
+ ~/.shosts
+ This file is used in exactly the same way as .rhosts, but allows
+ host-based authentication without permitting login with
+ rlogin/rsh.
+
+ ~/.ssh/
+ This directory is the default location for all user-specific
+ configuration and authentication information. There is no
+ general requirement to keep the entire contents of this directory
+ secret, but the recommended permissions are read/write/execute
+ for the user, and not accessible by others.
+
+ ~/.ssh/authorized_keys
+ Lists the public keys (DSA/ECDSA/RSA) that can be used for
+ logging in as this user. The format of this file is described in
+ the sshd(8) manual page. This file is not highly sensitive, but
+ the recommended permissions are read/write for the user, and not
+ accessible by others.
+
+ ~/.ssh/config
+ This is the per-user configuration file. The file format and
+ configuration options are described in ssh_config(5). Because of
+ the potential for abuse, this file must have strict permissions:
+ read/write for the user, and not writable by others.
+
+ ~/.ssh/environment
+ Contains additional definitions for environment variables; see
+ ENVIRONMENT, above.
+
+ ~/.ssh/identity
+ ~/.ssh/id_dsa
+ ~/.ssh/id_ecdsa
+ ~/.ssh/id_rsa
+ Contains the private key for authentication. These files contain
+ sensitive data and should be readable by the user but not
+ accessible by others (read/write/execute). ssh will simply
+ ignore a private key file if it is accessible by others. It is
+ possible to specify a passphrase when generating the key which
+ will be used to encrypt the sensitive part of this file using
+ 3DES.
+
+ ~/.ssh/identity.pub
+ ~/.ssh/id_dsa.pub
+ ~/.ssh/id_ecdsa.pub
+ ~/.ssh/id_rsa.pub
+ Contains the public key for authentication. These files are not
+ sensitive and can (but need not) be readable by anyone.
+
+ ~/.ssh/known_hosts
+ Contains a list of host keys for all hosts the user has logged
+ into that are not already in the systemwide list of known host
+ keys. See sshd(8) for further details of the format of this
+ file.
+
+ ~/.ssh/rc
+ Commands in this file are executed by ssh when the user logs in,
+ just before the user's shell (or command) is started. See the
+ sshd(8) manual page for more information.
+
+ /etc/hosts.equiv
+ This file is for host-based authentication (see above). It
+ should only be writable by root.
+
+ /etc/shosts.equiv
+ This file is used in exactly the same way as hosts.equiv, but
+ allows host-based authentication without permitting login with
+ rlogin/rsh.
+
+ /etc/ssh/ssh_config
+ Systemwide configuration file. The file format and configuration
+ options are described in ssh_config(5).
+
+ /etc/ssh/ssh_host_key
+ /etc/ssh/ssh_host_dsa_key
+ /etc/ssh/ssh_host_ecdsa_key
+ /etc/ssh/ssh_host_rsa_key
+ These files contain the private parts of the host keys and are
+ used for host-based authentication. If protocol version 1 is
+ used, ssh must be setuid root, since the host key is readable
+ only by root. For protocol version 2, ssh uses ssh-keysign(8) to
+ access the host keys, eliminating the requirement that ssh be
+ setuid root when host-based authentication is used. By default
+ ssh is not setuid root.
+
+ /etc/ssh/ssh_known_hosts
+ Systemwide list of known host keys. This file should be prepared
+ by the system administrator to contain the public host keys of
+ all machines in the organization. It should be world-readable.
+ See sshd(8) for further details of the format of this file.
+
+ /etc/ssh/sshrc
+ Commands in this file are executed by ssh when the user logs in,
+ just before the user's shell (or command) is started. See the
+ sshd(8) manual page for more information.
+
+EXIT STATUS
+ ssh exits with the exit status of the remote command or with 255 if an
+ error occurred.
+
+SEE ALSO
+ scp(1), sftp(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), ssh-keyscan(1),
+ tun(4), hosts.equiv(5), ssh_config(5), ssh-keysign(8), sshd(8)
+
+STANDARDS
+ S. Lehtinen and C. Lonvick, The Secure Shell (SSH) Protocol Assigned
+ Numbers, RFC 4250, January 2006.
+
+ T. Ylonen and C. Lonvick, The Secure Shell (SSH) Protocol Architecture,
+ RFC 4251, January 2006.
+
+ T. Ylonen and C. Lonvick, The Secure Shell (SSH) Authentication Protocol,
+ RFC 4252, January 2006.
+
+ T. Ylonen and C. Lonvick, The Secure Shell (SSH) Transport Layer
+ Protocol, RFC 4253, January 2006.
+
+ T. Ylonen and C. Lonvick, The Secure Shell (SSH) Connection Protocol, RFC
+ 4254, January 2006.
+
+ J. Schlyter and W. Griffin, Using DNS to Securely Publish Secure Shell
+ (SSH) Key Fingerprints, RFC 4255, January 2006.
+
+ F. Cusack and M. Forssen, Generic Message Exchange Authentication for the
+ Secure Shell Protocol (SSH), RFC 4256, January 2006.
+
+ J. Galbraith and P. Remaker, The Secure Shell (SSH) Session Channel Break
+ Extension, RFC 4335, January 2006.
+
+ M. Bellare, T. Kohno, and C. Namprempre, The Secure Shell (SSH) Transport
+ Layer Encryption Modes, RFC 4344, January 2006.
+
+ B. Harris, Improved Arcfour Modes for the Secure Shell (SSH) Transport
+ Layer Protocol, RFC 4345, January 2006.
+
+ M. Friedl, N. Provos, and W. Simpson, Diffie-Hellman Group Exchange for
+ the Secure Shell (SSH) Transport Layer Protocol, RFC 4419, March 2006.
+
+ J. Galbraith and R. Thayer, The Secure Shell (SSH) Public Key File
+ Format, RFC 4716, November 2006.
+
+ D. Stebila and J. Green, Elliptic Curve Algorithm Integration in the
+ Secure Shell Transport Layer, RFC 5656, December 2009.
+
+ A. Perrig and D. Song, Hash Visualization: a New Technique to improve
+ Real-World Security, 1999, International Workshop on Cryptographic
+ Techniques and E-Commerce (CrypTEC '99).
+
+AUTHORS
+ OpenSSH is a derivative of the original and free ssh 1.2.12 release by
+ Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
+ de Raadt and Dug Song removed many bugs, re-added newer features and
+ created OpenSSH. Markus Friedl contributed the support for SSH protocol
+ versions 1.5 and 2.0.
+
+OpenBSD 5.4 July 18, 2013 OpenBSD 5.4
Modified: vendor-crypto/openssh/dist/ssh.1
===================================================================
--- vendor-crypto/openssh/dist/ssh.1 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/ssh.1 2013-12-05 12:55:03 UTC (rev 6462)
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.316 2010/11/18 15:01:00 jmc Exp $
-.Dd $Mdocdate: November 18 2010 $
+.\" $OpenBSD: ssh.1,v 1.334 2013/07/18 01:12:26 djm Exp $
+.Dd $Mdocdate: July 18 2013 $
.Dt SSH 1
.Os
.Sh NAME
@@ -47,6 +47,7 @@
.Op Fl b Ar bind_address
.Op Fl c Ar cipher_spec
.Op Fl D Oo Ar bind_address : Oc Ns Ar port
+.Op Fl E Ar log_file
.Op Fl e Ar escape_char
.Op Fl F Ar configfile
.Op Fl I Ar pkcs11
@@ -64,6 +65,8 @@
.Oo Ar user Ns @ Oc Ns Ar hostname
.Op Ar command
.Ek
+.Nm
+.Fl Q Ar protocol_feature
.Sh DESCRIPTION
.Nm
(SSH client) is a program for logging into a remote machine and for
@@ -217,6 +220,10 @@
empty address or
.Sq *
indicates that the port should be available from all interfaces.
+.It Fl E Ar log_file
+Append debug logs to
+.Ar log_file
+instead of standard error.
.It Fl e Ar escape_char
Sets the escape character for sessions with a pty (default:
.Ql ~ ) .
@@ -392,9 +399,13 @@
.Dq check
(check that the master process is running),
.Dq forward
-(request forwardings without command execution) and
+(request forwardings without command execution),
+.Dq cancel
+(cancel forwardings),
.Dq exit
-(request the master to exit).
+(request the master to exit), and
+.Dq stop
+(request the master to stop accepting further multiplexing requests).
.It Fl o Ar option
Can be used to give options in the format used in the configuration file.
This is useful for specifying options for which there is no separate
@@ -417,11 +428,13 @@
.It ConnectTimeout
.It ControlMaster
.It ControlPath
+.It ControlPersist
.It DynamicForward
.It EscapeChar
.It ExitOnForwardFailure
.It ForwardAgent
.It ForwardX11
+.It ForwardX11Timeout
.It ForwardX11Trusted
.It GatewayPorts
.It GlobalKnownHostsFile
@@ -436,6 +449,7 @@
.It IdentityFile
.It IdentitiesOnly
.It IPQoS
+.It KbdInteractiveAuthentication
.It KbdInteractiveDevices
.It KexAlgorithms
.It LocalCommand
@@ -454,6 +468,7 @@
.It PubkeyAuthentication
.It RekeyLimit
.It RemoteForward
+.It RequestTTY
.It RhostsRSAAuthentication
.It RSAAuthentication
.It SendEnv
@@ -474,6 +489,21 @@
Port to connect to on the remote host.
This can be specified on a
per-host basis in the configuration file.
+.It Fl Q Ar protocol_feature
+Queries
+.Nm
+for the algorithms supported for the specified version 2
+.Ar protocol_feature .
+The queriable features are:
+.Dq cipher
+(supported symmetric ciphers),
+.Dq MAC
+(supported message integrity codes),
+.Dq KEX
+(key exchange algorithms),
+.Dq key
+(key types).
+Protocol features are treated case-insensitively.
.It Fl q
Quiet mode.
Causes most warning and diagnostic messages to be suppressed.
@@ -498,7 +528,7 @@
Port forwardings can also be specified in the configuration file.
Privileged ports can be forwarded only when
logging in as root on the remote machine.
-IPv6 addresses can be specified by enclosing the address in square braces.
+IPv6 addresses can be specified by enclosing the address in square brackets.
.Pp
By default, the listening socket on the server will be bound to the loopback
interface only.
@@ -579,8 +609,8 @@
.Fl T ,
.Cm ExitOnForwardFailure
and
-.Cm ClearAllForwardings
-and works with Protocol version 2 only.
+.Cm ClearAllForwardings .
+Works with Protocol version 2 only.
.It Fl w Xo
.Ar local_tun Ns Op : Ns Ar remote_tun
.Xc
@@ -664,7 +694,9 @@
but protocol 2 is the default since
it provides additional mechanisms for confidentiality
(the traffic is encrypted using AES, 3DES, Blowfish, CAST128, or Arcfour)
-and integrity (hmac-md5, hmac-sha1, umac-64, hmac-ripemd160).
+and integrity (hmac-md5, hmac-sha1,
+hmac-sha2-256, hmac-sha2-512,
+umac-64, umac-128, hmac-ripemd160).
Protocol 1 lacks a strong mechanism for ensuring the
integrity of the connection.
.Pp
@@ -722,9 +754,7 @@
using one of the DSA, ECDSA or RSA algorithms.
Protocol 1 is restricted to using only RSA keys,
but protocol 2 may use any.
-The
-.Sx HISTORY
-section of
+The HISTORY section of
.Xr ssl 8
contains a brief discussion of the DSA and RSA algorithms.
.Pp
@@ -780,9 +810,7 @@
signed certificates are used.
This has the advantage that a single trusted certification authority
can be used in place of many public/private keys.
-See the
-.Sx CERTIFICATES
-section of
+See the CERTIFICATES section of
.Xr ssh-keygen 1
for more information.
.Pp
@@ -891,11 +919,20 @@
and
.Fl D
options (see above).
-It also allows the cancellation of existing remote port-forwardings
-using
+It also allows the cancellation of existing port-forwardings
+with
.Sm off
-.Fl KR Oo Ar bind_address : Oc Ar port .
+.Fl KL Oo Ar bind_address : Oc Ar port
.Sm on
+for local,
+.Sm off
+.Fl KR Oo Ar bind_address : Oc Ar port
+.Sm on
+for remote and
+.Sm off
+.Fl KD Oo Ar bind_address : Oc Ar port
+.Sm on
+for dynamic port-forwardings.
.Ic !\& Ns Ar command
allows the user to execute a local command if the
.Ic PermitLocalCommand
@@ -907,6 +944,14 @@
.It Cm ~R
Request rekeying of the connection
(only useful for SSH protocol version 2 and if the peer supports it).
+.It Cm ~V
+Decrease the verbosity
+.Pq Ic LogLevel
+when errors are being written to stderr.
+.It Cm ~v
+Increase the verbosity
+.Pq Ic LogLevel
+when errors are being written to stderr.
.El
.Sh TCP FORWARDING
Forwarding of arbitrary TCP connections over the secure channel can
@@ -1292,7 +1337,7 @@
The file format and configuration options are described in
.Xr ssh_config 5 .
Because of the potential for abuse, this file must have strict permissions:
-read/write for the user, and not accessible by others.
+read/write for the user, and not writable by others.
.Pp
.It Pa ~/.ssh/environment
Contains additional definitions for environment variables; see
@@ -1356,7 +1401,7 @@
.It Pa /etc/ssh/ssh_host_dsa_key
.It Pa /etc/ssh/ssh_host_ecdsa_key
.It Pa /etc/ssh/ssh_host_rsa_key
-These three files contain the private parts of the host keys
+These files contain the private parts of the host keys
and are used for host-based authentication.
If protocol version 1 is used,
.Nm
@@ -1407,77 +1452,118 @@
.Xr ssh_config 5 ,
.Xr ssh-keysign 8 ,
.Xr sshd 8
+.Sh STANDARDS
.Rs
+.%A S. Lehtinen
+.%A C. Lonvick
+.%D January 2006
.%R RFC 4250
-.%T "The Secure Shell (SSH) Protocol Assigned Numbers"
-.%D 2006
+.%T The Secure Shell (SSH) Protocol Assigned Numbers
.Re
+.Pp
.Rs
+.%A T. Ylonen
+.%A C. Lonvick
+.%D January 2006
.%R RFC 4251
-.%T "The Secure Shell (SSH) Protocol Architecture"
-.%D 2006
+.%T The Secure Shell (SSH) Protocol Architecture
.Re
+.Pp
.Rs
+.%A T. Ylonen
+.%A C. Lonvick
+.%D January 2006
.%R RFC 4252
-.%T "The Secure Shell (SSH) Authentication Protocol"
-.%D 2006
+.%T The Secure Shell (SSH) Authentication Protocol
.Re
+.Pp
.Rs
+.%A T. Ylonen
+.%A C. Lonvick
+.%D January 2006
.%R RFC 4253
-.%T "The Secure Shell (SSH) Transport Layer Protocol"
-.%D 2006
+.%T The Secure Shell (SSH) Transport Layer Protocol
.Re
+.Pp
.Rs
+.%A T. Ylonen
+.%A C. Lonvick
+.%D January 2006
.%R RFC 4254
-.%T "The Secure Shell (SSH) Connection Protocol"
-.%D 2006
+.%T The Secure Shell (SSH) Connection Protocol
.Re
+.Pp
.Rs
+.%A J. Schlyter
+.%A W. Griffin
+.%D January 2006
.%R RFC 4255
-.%T "Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints"
-.%D 2006
+.%T Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints
.Re
+.Pp
.Rs
+.%A F. Cusack
+.%A M. Forssen
+.%D January 2006
.%R RFC 4256
-.%T "Generic Message Exchange Authentication for the Secure Shell Protocol (SSH)"
-.%D 2006
+.%T Generic Message Exchange Authentication for the Secure Shell Protocol (SSH)
.Re
+.Pp
.Rs
+.%A J. Galbraith
+.%A P. Remaker
+.%D January 2006
.%R RFC 4335
-.%T "The Secure Shell (SSH) Session Channel Break Extension"
-.%D 2006
+.%T The Secure Shell (SSH) Session Channel Break Extension
.Re
+.Pp
.Rs
+.%A M. Bellare
+.%A T. Kohno
+.%A C. Namprempre
+.%D January 2006
.%R RFC 4344
-.%T "The Secure Shell (SSH) Transport Layer Encryption Modes"
-.%D 2006
+.%T The Secure Shell (SSH) Transport Layer Encryption Modes
.Re
+.Pp
.Rs
+.%A B. Harris
+.%D January 2006
.%R RFC 4345
-.%T "Improved Arcfour Modes for the Secure Shell (SSH) Transport Layer Protocol"
-.%D 2006
+.%T Improved Arcfour Modes for the Secure Shell (SSH) Transport Layer Protocol
.Re
+.Pp
.Rs
+.%A M. Friedl
+.%A N. Provos
+.%A W. Simpson
+.%D March 2006
.%R RFC 4419
-.%T "Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol"
-.%D 2006
+.%T Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol
.Re
+.Pp
.Rs
+.%A J. Galbraith
+.%A R. Thayer
+.%D November 2006
.%R RFC 4716
-.%T "The Secure Shell (SSH) Public Key File Format"
-.%D 2006
+.%T The Secure Shell (SSH) Public Key File Format
.Re
+.Pp
.Rs
+.%A D. Stebila
+.%A J. Green
+.%D December 2009
.%R RFC 5656
-.%T "Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer"
-.%D 2009
+.%T Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer
.Re
+.Pp
.Rs
-.%T "Hash Visualization: a New Technique to improve Real-World Security"
.%A A. Perrig
.%A D. Song
.%D 1999
-.%O "International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC '99)"
+.%O International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC '99)
+.%T Hash Visualization: a New Technique to improve Real-World Security
.Re
.Sh AUTHORS
OpenSSH is a derivative of the original and free
Property changes on: vendor-crypto/openssh/dist/ssh.1
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.8
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/ssh.c
===================================================================
--- vendor-crypto/openssh/dist/ssh.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/ssh.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.356 2011/01/06 22:23:53 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.381 2013/07/25 00:29:10 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -111,13 +111,16 @@
extern char *__progname;
+/* Saves a copy of argv for setproctitle emulation */
+#ifndef HAVE_SETPROCTITLE
+static char **saved_av;
+#endif
+
/* Flag indicating whether debug mode is on. May be set on the command line. */
int debug_flag = 0;
-/* Flag indicating whether a tty should be allocated */
+/* Flag indicating whether a tty should be requested */
int tty_flag = 0;
-int no_tty_flag = 0;
-int force_tty_flag = 0;
/* don't exec a shell */
int no_shell_flag = 0;
@@ -135,7 +138,7 @@
int need_controlpersist_detach = 0;
/* Copies of flags for ControlPersist foreground slave */
-int ostdin_null_flag, ono_shell_flag, ono_tty_flag, otty_flag;
+int ostdin_null_flag, ono_shell_flag, otty_flag, orequest_tty;
/*
* Flag indicating that ssh should fork after authentication. This is useful
@@ -194,9 +197,9 @@
{
fprintf(stderr,
"usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n"
-" [-D [bind_address:]port] [-e escape_char] [-F configfile]\n"
-" [-I pkcs11] [-i identity_file]\n"
-" [-L [bind_address:]port:host:hostport]\n"
+" [-D [bind_address:]port] [-E log_file] [-e escape_char]\n"
+" [-F configfile] [-I pkcs11] [-i identity_file]\n"
+" [-L [bind_address:]port:host:hostport] [-Q protocol_feature]\n"
" [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n"
" [-R [bind_address:]port:host:hostport] [-S ctl_path]\n"
" [-W host:port] [-w local_tun[:remote_tun]]\n"
@@ -214,6 +217,20 @@
void muxclient(const char *);
void muxserver_listen(void);
+/* ~/ expand a list of paths. NB. assumes path[n] is heap-allocated. */
+static void
+tilde_expand_paths(char **paths, u_int num_paths)
+{
+ u_int i;
+ char *cp;
+
+ for (i = 0; i < num_paths; i++) {
+ cp = tilde_expand_filename(paths[i], original_real_uid);
+ free(paths[i]);
+ paths[i] = cp;
+ }
+}
+
/*
* Main program for the ssh client.
*/
@@ -221,12 +238,14 @@
main(int ac, char **av)
{
int i, r, opt, exit_status, use_syslog;
- char *p, *cp, *line, *argv0, buf[MAXPATHLEN], *host_arg;
+ char *p, *cp, *line, *argv0, buf[MAXPATHLEN], *host_arg, *logfile;
+ char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV];
struct stat st;
struct passwd *pw;
int dummy, timeout_ms;
extern int optind, optreset;
extern char *optarg;
+
struct servent *sp;
Forward fwd;
@@ -234,8 +253,18 @@
sanitise_stdfd();
__progname = ssh_get_progname(av[0]);
- init_rng();
+#ifndef HAVE_SETPROCTITLE
+ /* Prepare for later setproctitle emulation */
+ /* Save argv so it isn't clobbered by setproctitle() emulation */
+ saved_av = xcalloc(ac + 1, sizeof(*saved_av));
+ for (i = 0; i < ac; i++)
+ saved_av[i] = xstrdup(av[i]);
+ saved_av[i] = NULL;
+ compat_init_setproctitle(ac, av);
+ av = saved_av;
+#endif
+
/*
* Discard other fds that are hanging around. These can cause problem
* with backgrounded ssh processes started by ControlPersist.
@@ -270,7 +299,7 @@
/* Get user data. */
pw = getpwuid(original_real_uid);
if (!pw) {
- logit("You don't exist, go away!");
+ logit("No user exists for uid %lu", (u_long)original_real_uid);
exit(255);
}
/* Take a copy of the returned structure. */
@@ -293,11 +322,12 @@
/* Parse command-line arguments. */
host = NULL;
use_syslog = 0;
+ logfile = NULL;
argv0 = av[0];
again:
while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
- "ACD:F:I:KL:MNO:PR:S:TVw:W:XYy")) != -1) {
+ "ACD:E:F:I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
switch (opt) {
case '1':
options.protocol = SSH_PROTO_1;
@@ -327,6 +357,9 @@
case 'y':
use_syslog = 1;
break;
+ case 'E':
+ logfile = xstrdup(optarg);
+ break;
case 'Y':
options.forward_x11 = 1;
options.forward_x11_trusted = 1;
@@ -346,6 +379,10 @@
muxclient_command = SSHMUX_COMMAND_FORWARD;
else if (strcmp(optarg, "exit") == 0)
muxclient_command = SSHMUX_COMMAND_TERMINATE;
+ else if (strcmp(optarg, "stop") == 0)
+ muxclient_command = SSHMUX_COMMAND_STOP;
+ else if (strcmp(optarg, "cancel") == 0)
+ muxclient_command = SSHMUX_COMMAND_CANCEL_FWD;
else
fatal("Invalid multiplex command.");
break;
@@ -352,6 +389,22 @@
case 'P': /* deprecated */
options.use_privileged_port = 0;
break;
+ case 'Q': /* deprecated */
+ cp = NULL;
+ if (strcasecmp(optarg, "cipher") == 0)
+ cp = cipher_alg_list();
+ else if (strcasecmp(optarg, "mac") == 0)
+ cp = mac_alg_list();
+ else if (strcasecmp(optarg, "kex") == 0)
+ cp = kex_alg_list();
+ else if (strcasecmp(optarg, "key") == 0)
+ cp = key_alg_list();
+ if (cp == NULL)
+ fatal("Unsupported query \"%s\"", optarg);
+ printf("%s\n", cp);
+ free(cp);
+ exit(0);
+ break;
case 'a':
options.forward_agent = 0;
break;
@@ -372,12 +425,7 @@
strerror(errno));
break;
}
- if (options.num_identity_files >=
- SSH_MAX_IDENTITY_FILES)
- fatal("Too many identity files specified "
- "(max %d)", SSH_MAX_IDENTITY_FILES);
- options.identity_files[options.num_identity_files++] =
- xstrdup(optarg);
+ add_identity_file(&options, NULL, optarg, 1);
break;
case 'I':
#ifdef ENABLE_PKCS11
@@ -387,9 +435,10 @@
#endif
break;
case 't':
- if (tty_flag)
- force_tty_flag = 1;
- tty_flag = 1;
+ if (options.request_tty == REQUEST_TTY_YES)
+ options.request_tty = REQUEST_TTY_FORCE;
+ else
+ options.request_tty = REQUEST_TTY_YES;
break;
case 'v':
if (debug_flag == 0) {
@@ -398,9 +447,8 @@
} else {
if (options.log_level < SYSLOG_LEVEL_DEBUG3)
options.log_level++;
- break;
}
- /* FALLTHROUGH */
+ break;
case 'V':
fprintf(stderr, "%s, %s\n",
SSH_RELEASE, SSLeay_version(SSLEAY_VERSION));
@@ -425,7 +473,7 @@
if (parse_forward(&fwd, optarg, 1, 0)) {
stdio_forward_host = fwd.listen_host;
stdio_forward_port = fwd.listen_port;
- xfree(fwd.connect_host);
+ free(fwd.connect_host);
} else {
fprintf(stderr,
"Bad stdio forwarding specification '%s'\n",
@@ -432,7 +480,7 @@
optarg);
exit(255);
}
- no_tty_flag = 1;
+ options.request_tty = REQUEST_TTY_NO;
no_shell_flag = 1;
options.clear_forwardings = 1;
options.exit_on_forward_failure = 1;
@@ -541,18 +589,19 @@
break;
case 'N':
no_shell_flag = 1;
- no_tty_flag = 1;
+ options.request_tty = REQUEST_TTY_NO;
break;
case 'T':
- no_tty_flag = 1;
+ options.request_tty = REQUEST_TTY_NO;
break;
case 'o':
dummy = 1;
line = xstrdup(optarg);
if (process_config_line(&options, host ? host : "",
- line, "command-line", 0, &dummy) != 0)
+ line, "command-line", 0, &dummy, SSHCONF_USERCONF)
+ != 0)
exit(255);
- xfree(line);
+ free(line);
break;
case 's':
subsystem_flag = 1;
@@ -611,7 +660,6 @@
*/
if (!ac) {
/* No command specified - execute shell on a tty. */
- tty_flag = 1;
if (subsystem_flag) {
fprintf(stderr,
"You must specify a subsystem to invoke.\n");
@@ -632,35 +680,30 @@
fatal("Cannot fork into background without a command "
"to execute.");
- /* Allocate a tty by default if no command specified. */
- if (buffer_len(&command) == 0)
- tty_flag = 1;
-
- /* Force no tty */
- if (no_tty_flag || muxclient_command != 0)
- tty_flag = 0;
- /* Do not allocate a tty if stdin is not a tty. */
- if ((!isatty(fileno(stdin)) || stdin_null_flag) && !force_tty_flag) {
- if (tty_flag)
- logit("Pseudo-terminal will not be allocated because "
- "stdin is not a terminal.");
- tty_flag = 0;
- }
-
/*
* Initialize "log" output. Since we are the client all output
- * actually goes to stderr.
+ * goes to stderr unless otherwise specified by -y or -E.
*/
+ if (use_syslog && logfile != NULL)
+ fatal("Can't specify both -y and -E");
+ if (logfile != NULL) {
+ log_redirect_stderr_to(logfile);
+ free(logfile);
+ }
log_init(argv0,
options.log_level == -1 ? SYSLOG_LEVEL_INFO : options.log_level,
SYSLOG_FACILITY_USER, !use_syslog);
+ if (debug_flag)
+ logit("%s, %s", SSH_VERSION, SSLeay_version(SSLEAY_VERSION));
+
/*
* Read per-user configuration file. Ignore the system wide config
* file if the user specifies a config file on the command line.
*/
if (config != NULL) {
- if (!read_config_file(config, host, &options, 0))
+ if (strcasecmp(config, "none") != 0 &&
+ !read_config_file(config, host, &options, SSHCONF_USERCONF))
fatal("Can't open user config file %.100s: "
"%.100s", config, strerror(errno));
} else {
@@ -667,9 +710,10 @@
r = snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir,
_PATH_SSH_USER_CONFFILE);
if (r > 0 && (size_t)r < sizeof(buf))
- (void)read_config_file(buf, host, &options, 1);
+ (void)read_config_file(buf, host, &options,
+ SSHCONF_CHECKPERM|SSHCONF_USERCONF);
- /* Read systemwide configuration file after use config. */
+ /* Read systemwide configuration file after user config. */
(void)read_config_file(_PATH_HOST_CONFIG_FILE, host,
&options, 0);
}
@@ -682,6 +726,26 @@
/* reinit */
log_init(argv0, options.log_level, SYSLOG_FACILITY_USER, !use_syslog);
+ if (options.request_tty == REQUEST_TTY_YES ||
+ options.request_tty == REQUEST_TTY_FORCE)
+ tty_flag = 1;
+
+ /* Allocate a tty by default if no command specified. */
+ if (buffer_len(&command) == 0)
+ tty_flag = options.request_tty != REQUEST_TTY_NO;
+
+ /* Force no tty */
+ if (options.request_tty == REQUEST_TTY_NO || muxclient_command != 0)
+ tty_flag = 0;
+ /* Do not allocate a tty if stdin is not a tty. */
+ if ((!isatty(fileno(stdin)) || stdin_null_flag) &&
+ options.request_tty != REQUEST_TTY_FORCE) {
+ if (tty_flag)
+ logit("Pseudo-terminal will not be allocated because "
+ "stdin is not a terminal.");
+ tty_flag = 0;
+ }
+
seed_rng();
if (options.user == NULL)
@@ -700,19 +764,21 @@
"h", host, (char *)NULL);
}
+ if (gethostname(thishost, sizeof(thishost)) == -1)
+ fatal("gethostname: %s", strerror(errno));
+ strlcpy(shorthost, thishost, sizeof(shorthost));
+ shorthost[strcspn(thishost, ".")] = '\0';
+ snprintf(portstr, sizeof(portstr), "%d", options.port);
+
if (options.local_command != NULL) {
- char thishost[NI_MAXHOST];
-
- if (gethostname(thishost, sizeof(thishost)) == -1)
- fatal("gethostname: %s", strerror(errno));
- snprintf(buf, sizeof(buf), "%d", options.port);
debug3("expanding LocalCommand: %s", options.local_command);
cp = options.local_command;
options.local_command = percent_expand(cp, "d", pw->pw_dir,
"h", host, "l", thishost, "n", host_arg, "r", options.user,
- "p", buf, "u", pw->pw_name, (char *)NULL);
+ "p", portstr, "u", pw->pw_name, "L", shorthost,
+ (char *)NULL);
debug3("expanded LocalCommand: %s", options.local_command);
- xfree(cp);
+ free(cp);
}
/* force lowercase for hostkey matching */
@@ -724,27 +790,24 @@
if (options.proxy_command != NULL &&
strcmp(options.proxy_command, "none") == 0) {
- xfree(options.proxy_command);
+ free(options.proxy_command);
options.proxy_command = NULL;
}
if (options.control_path != NULL &&
strcmp(options.control_path, "none") == 0) {
- xfree(options.control_path);
+ free(options.control_path);
options.control_path = NULL;
}
if (options.control_path != NULL) {
- char thishost[NI_MAXHOST];
-
- if (gethostname(thishost, sizeof(thishost)) == -1)
- fatal("gethostname: %s", strerror(errno));
- snprintf(buf, sizeof(buf), "%d", options.port);
cp = tilde_expand_filename(options.control_path,
original_real_uid);
- xfree(options.control_path);
- options.control_path = percent_expand(cp, "p", buf, "h", host,
- "r", options.user, "l", thishost, (char *)NULL);
- xfree(cp);
+ free(options.control_path);
+ options.control_path = percent_expand(cp, "h", host,
+ "l", thishost, "n", host_arg, "r", options.user,
+ "p", portstr, "u", pw->pw_name, "L", shorthost,
+ (char *)NULL);
+ free(cp);
}
if (muxclient_command != 0 && options.control_path == NULL)
fatal("No ControlPath specified for \"-O\" command");
@@ -848,31 +911,28 @@
* Now that we are back to our own permissions, create ~/.ssh
* directory if it doesn't already exist.
*/
- r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir,
- strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
- if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
+ if (config == NULL) {
+ r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir,
+ strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
+ if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
#ifdef WITH_SELINUX
- ssh_selinux_setfscreatecon(buf);
+ ssh_selinux_setfscreatecon(buf);
#endif
- if (mkdir(buf, 0700) < 0)
- error("Could not create directory '%.200s'.", buf);
+ if (mkdir(buf, 0700) < 0)
+ error("Could not create directory '%.200s'.",
+ buf);
#ifdef WITH_SELINUX
- ssh_selinux_setfscreatecon(NULL);
+ ssh_selinux_setfscreatecon(NULL);
#endif
+ }
}
/* load options.identity_files */
load_public_identity_files();
/* Expand ~ in known host file names. */
- /* XXX mem-leaks: */
- options.system_hostfile =
- tilde_expand_filename(options.system_hostfile, original_real_uid);
- options.user_hostfile =
- tilde_expand_filename(options.user_hostfile, original_real_uid);
- options.system_hostfile2 =
- tilde_expand_filename(options.system_hostfile2, original_real_uid);
- options.user_hostfile2 =
- tilde_expand_filename(options.user_hostfile2, original_real_uid);
+ tilde_expand_paths(options.system_hostfiles,
+ options.num_system_hostfiles);
+ tilde_expand_paths(options.user_hostfiles, options.num_user_hostfiles);
signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */
signal(SIGCHLD, main_sigchld_handler);
@@ -898,13 +958,11 @@
sensitive_data.keys[i] = NULL;
}
}
- xfree(sensitive_data.keys);
+ free(sensitive_data.keys);
}
for (i = 0; i < options.num_identity_files; i++) {
- if (options.identity_files[i]) {
- xfree(options.identity_files[i]);
- options.identity_files[i] = NULL;
- }
+ free(options.identity_files[i]);
+ options.identity_files[i] = NULL;
if (options.identity_keys[i]) {
key_free(options.identity_keys[i]);
options.identity_keys[i] = NULL;
@@ -945,8 +1003,7 @@
/* Parent: set up mux slave to connect to backgrounded master */
debug2("%s: background process is %ld", __func__, (long)pid);
stdin_null_flag = ostdin_null_flag;
- no_shell_flag = ono_shell_flag;
- no_tty_flag = ono_tty_flag;
+ options.request_tty = orequest_tty;
tty_flag = otty_flag;
close(muxserver_sock);
muxserver_sock = -1;
@@ -965,6 +1022,8 @@
if (devnull > STDERR_FILENO)
close(devnull);
}
+ daemon(1, 1);
+ setproctitle("%s [mux]", options.control_path);
}
/* Do fork() after authentication. Used by "ssh -f" */
@@ -989,11 +1048,17 @@
debug("remote forward %s for: listen %d, connect %s:%d",
type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure",
rfwd->listen_port, rfwd->connect_host, rfwd->connect_port);
- if (type == SSH2_MSG_REQUEST_SUCCESS && rfwd->listen_port == 0) {
- rfwd->allocated_port = packet_get_int();
- logit("Allocated port %u for remote forward to %s:%d",
- rfwd->allocated_port,
- rfwd->connect_host, rfwd->connect_port);
+ if (rfwd->listen_port == 0) {
+ if (type == SSH2_MSG_REQUEST_SUCCESS) {
+ rfwd->allocated_port = packet_get_int();
+ logit("Allocated port %u for remote forward to %s:%d",
+ rfwd->allocated_port,
+ rfwd->connect_host, rfwd->connect_port);
+ channel_update_permitted_opens(rfwd->handle,
+ rfwd->allocated_port);
+ } else {
+ channel_update_permitted_opens(rfwd->handle, -1);
+ }
}
if (type == SSH2_MSG_REQUEST_FAILURE) {
@@ -1018,25 +1083,26 @@
cleanup_exit(0);
}
-static int
-client_setup_stdio_fwd(const char *host_to_connect, u_short port_to_connect)
+static void
+ssh_init_stdio_forwarding(void)
{
Channel *c;
int in, out;
- debug3("client_setup_stdio_fwd %s:%d", host_to_connect,
- port_to_connect);
+ if (stdio_forward_host == NULL)
+ return;
+ if (!compat20)
+ fatal("stdio forwarding require Protocol 2");
- in = dup(STDIN_FILENO);
- out = dup(STDOUT_FILENO);
- if (in < 0 || out < 0)
+ debug3("%s: %s:%d", __func__, stdio_forward_host, stdio_forward_port);
+
+ if ((in = dup(STDIN_FILENO)) < 0 ||
+ (out = dup(STDOUT_FILENO)) < 0)
fatal("channel_connect_stdio_fwd: dup() in/out failed");
-
- if ((c = channel_connect_stdio_fwd(host_to_connect, port_to_connect,
- in, out)) == NULL)
- return 0;
+ if ((c = channel_connect_stdio_fwd(stdio_forward_host,
+ stdio_forward_port, in, out)) == NULL)
+ fatal("%s: channel_connect_stdio_fwd failed", __func__);
channel_register_cleanup(c->self, client_cleanup_stdio_fwd, 0);
- return 1;
}
static void
@@ -1045,15 +1111,6 @@
int success = 0;
int i;
- if (stdio_forward_host != NULL) {
- if (!compat20) {
- fatal("stdio forwarding require Protocol 2");
- }
- if (!client_setup_stdio_fwd(stdio_forward_host,
- stdio_forward_port))
- fatal("Failed to connect in stdio forward mode.");
- }
-
/* Initiate local TCP/IP port forwardings. */
for (i = 0; i < options.num_local_forwards; i++) {
debug("Local connections to %.200s:%d forwarded to remote "
@@ -1085,19 +1142,22 @@
options.remote_forwards[i].listen_port,
options.remote_forwards[i].connect_host,
options.remote_forwards[i].connect_port);
- if (channel_request_remote_forwarding(
+ options.remote_forwards[i].handle =
+ channel_request_remote_forwarding(
options.remote_forwards[i].listen_host,
options.remote_forwards[i].listen_port,
options.remote_forwards[i].connect_host,
- options.remote_forwards[i].connect_port) < 0) {
+ options.remote_forwards[i].connect_port);
+ if (options.remote_forwards[i].handle < 0) {
if (options.exit_on_forward_failure)
fatal("Could not request remote forwarding.");
else
logit("Warning: Could not request remote "
"forwarding.");
+ } else {
+ client_register_global_confirm(ssh_confirm_remote_forward,
+ &options.remote_forwards[i]);
}
- client_register_global_confirm(ssh_confirm_remote_forward,
- &options.remote_forwards[i]);
}
/* Initiate tunnel forwarding. */
@@ -1209,8 +1269,8 @@
/* Request forwarding with authentication spoofing. */
debug("Requesting X11 forwarding with authentication "
"spoofing.");
- x11_request_forwarding_with_spoofing(0, display, proto, data);
-
+ x11_request_forwarding_with_spoofing(0, display, proto,
+ data, 0);
/* Read response from the server. */
type = packet_read();
if (type == SSH_SMSG_SUCCESS) {
@@ -1241,6 +1301,7 @@
}
/* Initiate port forwardings. */
+ ssh_init_stdio_forwarding();
ssh_init_forwarding();
/* Execute a local command */
@@ -1308,9 +1369,11 @@
/* Request forwarding with authentication spoofing. */
debug("Requesting X11 forwarding with authentication "
"spoofing.");
- x11_request_forwarding_with_spoofing(id, display, proto, data);
+ x11_request_forwarding_with_spoofing(id, display, proto,
+ data, 1);
+ client_expect_confirm(id, "X11 forwarding", CONFIRM_WARN);
+ /* XXX exit_on_forward_failure */
interactive = 1;
- /* XXX wait for reply */
}
check_agent_present();
@@ -1320,6 +1383,10 @@
packet_send();
}
+ /* Tell the packet module whether this is an interactive session. */
+ packet_set_interactive(interactive,
+ options.ip_qos_interactive, options.ip_qos_bulk);
+
client_session2_setup(id, tty_flag, subsystem_flag, getenv("TERM"),
NULL, fileno(stdin), &command, environ);
}
@@ -1377,6 +1444,8 @@
int id = -1;
/* XXX should be pre-session */
+ if (!options.control_persist)
+ ssh_init_stdio_forwarding();
ssh_init_forwarding();
/* Start listening for multiplex clients */
@@ -1383,9 +1452,10 @@
muxserver_listen();
/*
- * If we are in control persist mode, then prepare to background
- * ourselves and have a foreground client attach as a control
- * slave. NB. we must save copies of the flags that we override for
+ * If we are in control persist mode and have a working mux listen
+ * socket, then prepare to background ourselves and have a foreground
+ * client attach as a control slave.
+ * NB. we must save copies of the flags that we override for
* the backgrounding, since we defer attachment of the slave until
* after the connection is fully established (in particular,
* async rfwd replies have been received for ExitOnForwardFailure).
@@ -1393,19 +1463,29 @@
if (options.control_persist && muxserver_sock != -1) {
ostdin_null_flag = stdin_null_flag;
ono_shell_flag = no_shell_flag;
- ono_tty_flag = no_tty_flag;
+ orequest_tty = options.request_tty;
otty_flag = tty_flag;
stdin_null_flag = 1;
no_shell_flag = 1;
- no_tty_flag = 1;
tty_flag = 0;
if (!fork_after_authentication_flag)
need_controlpersist_detach = 1;
fork_after_authentication_flag = 1;
}
+ /*
+ * ControlPersist mux listen socket setup failed, attempt the
+ * stdio forward setup that we skipped earlier.
+ */
+ if (options.control_persist && muxserver_sock == -1)
+ ssh_init_stdio_forwarding();
if (!no_shell_flag || (datafellows & SSH_BUG_DUMMYCHAN))
id = ssh_session2_open();
+ else {
+ packet_set_interactive(
+ options.control_master == SSHCTL_MASTER_NO,
+ options.ip_qos_interactive, options.ip_qos_bulk);
+ }
/* If we don't expect to open a new session, then disallow it */
if (options.control_master == SSHCTL_MASTER_NO &&
@@ -1478,7 +1558,7 @@
xstrdup(options.pkcs11_provider); /* XXX */
n_ids++;
}
- xfree(keys);
+ free(keys);
}
#endif /* ENABLE_PKCS11 */
if ((pw = getpwuid(original_real_uid)) == NULL)
@@ -1489,8 +1569,9 @@
fatal("load_public_identity_files: gethostname: %s",
strerror(errno));
for (i = 0; i < options.num_identity_files; i++) {
- if (n_ids >= SSH_MAX_IDENTITY_FILES) {
- xfree(options.identity_files[i]);
+ if (n_ids >= SSH_MAX_IDENTITY_FILES ||
+ strcasecmp(options.identity_files[i], "none") == 0) {
+ free(options.identity_files[i]);
continue;
}
cp = tilde_expand_filename(options.identity_files[i],
@@ -1498,11 +1579,11 @@
filename = percent_expand(cp, "d", pwdir,
"u", pwname, "l", thishost, "h", host,
"r", options.user, (char *)NULL);
- xfree(cp);
+ free(cp);
public = key_load_public(filename, NULL);
debug("identity file %s type %d", filename,
public ? public->type : -1);
- xfree(options.identity_files[i]);
+ free(options.identity_files[i]);
identity_files[n_ids] = filename;
identity_keys[n_ids] = public;
@@ -1515,7 +1596,7 @@
debug("identity file %s type %d", cp,
public ? public->type : -1);
if (public == NULL) {
- xfree(cp);
+ free(cp);
continue;
}
if (!key_is_cert(public)) {
@@ -1522,7 +1603,7 @@
debug("%s: key %s type %s is not a certificate",
__func__, cp, key_type(public));
key_free(public);
- xfree(cp);
+ free(cp);
continue;
}
identity_keys[n_ids] = public;
@@ -1535,9 +1616,9 @@
memcpy(options.identity_keys, identity_keys, sizeof(identity_keys));
bzero(pwname, strlen(pwname));
- xfree(pwname);
+ free(pwname);
bzero(pwdir, strlen(pwdir));
- xfree(pwdir);
+ free(pwdir);
}
static void
Property changes on: vendor-crypto/openssh/dist/ssh.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.10
\ No newline at end of property
Index: vendor-crypto/openssh/dist/ssh.h
===================================================================
--- vendor-crypto/openssh/dist/ssh.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/ssh.h 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/ssh.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Index: vendor-crypto/openssh/dist/ssh1.h
===================================================================
--- vendor-crypto/openssh/dist/ssh1.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/ssh1.h 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/ssh1.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Index: vendor-crypto/openssh/dist/ssh2.h
===================================================================
--- vendor-crypto/openssh/dist/ssh2.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/ssh2.h 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/ssh2.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/ssh_config
===================================================================
--- vendor-crypto/openssh/dist/ssh_config 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/ssh_config 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-# $OpenBSD: ssh_config,v 1.26 2010/01/11 01:39:46 dtucker Exp $
+# $OpenBSD: ssh_config,v 1.27 2013/05/16 02:00:34 dtucker Exp $
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
@@ -45,3 +45,4 @@
# PermitLocalCommand no
# VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com
+# RekeyLimit 1G 1h
Property changes on: vendor-crypto/openssh/dist/ssh_config
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.7
\ No newline at end of property
Added: vendor-crypto/openssh/dist/ssh_config.0
===================================================================
--- vendor-crypto/openssh/dist/ssh_config.0 (rev 0)
+++ vendor-crypto/openssh/dist/ssh_config.0 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,795 @@
+SSH_CONFIG(5) OpenBSD Programmer's Manual SSH_CONFIG(5)
+
+NAME
+ ssh_config - OpenSSH SSH client configuration files
+
+SYNOPSIS
+ ~/.ssh/config
+ /etc/ssh/ssh_config
+
+DESCRIPTION
+ ssh(1) obtains configuration data from the following sources in the
+ following order:
+
+ 1. command-line options
+ 2. user's configuration file (~/.ssh/config)
+ 3. system-wide configuration file (/etc/ssh/ssh_config)
+
+ For each parameter, the first obtained value will be used. The
+ configuration files contain sections separated by ``Host''
+ specifications, and that section is only applied for hosts that match one
+ of the patterns given in the specification. The matched host name is the
+ one given on the command line.
+
+ Since the first obtained value for each parameter is used, more host-
+ specific declarations should be given near the beginning of the file, and
+ general defaults at the end.
+
+ The configuration file has the following format:
+
+ Empty lines and lines starting with `#' are comments. Otherwise a line
+ is of the format ``keyword arguments''. Configuration options may be
+ separated by whitespace or optional whitespace and exactly one `='; the
+ latter format is useful to avoid the need to quote whitespace when
+ specifying configuration options using the ssh, scp, and sftp -o option.
+ Arguments may optionally be enclosed in double quotes (") in order to
+ represent arguments containing spaces.
+
+ The possible keywords and their meanings are as follows (note that
+ keywords are case-insensitive and arguments are case-sensitive):
+
+ Host Restricts the following declarations (up to the next Host
+ keyword) to be only for those hosts that match one of the
+ patterns given after the keyword. If more than one pattern is
+ provided, they should be separated by whitespace. A single `*'
+ as a pattern can be used to provide global defaults for all
+ hosts. The host is the hostname argument given on the command
+ line (i.e. the name is not converted to a canonicalized host name
+ before matching).
+
+ A pattern entry may be negated by prefixing it with an
+ exclamation mark (`!'). If a negated entry is matched, then the
+ Host entry is ignored, regardless of whether any other patterns
+ on the line match. Negated matches are therefore useful to
+ provide exceptions for wildcard matches.
+
+ See PATTERNS for more information on patterns.
+
+ AddressFamily
+ Specifies which address family to use when connecting. Valid
+ arguments are ``any'', ``inet'' (use IPv4 only), or ``inet6''
+ (use IPv6 only).
+
+ BatchMode
+ If set to ``yes'', passphrase/password querying will be disabled.
+ This option is useful in scripts and other batch jobs where no
+ user is present to supply the password. The argument must be
+ ``yes'' or ``no''. The default is ``no''.
+
+ BindAddress
+ Use the specified address on the local machine as the source
+ address of the connection. Only useful on systems with more than
+ one address. Note that this option does not work if
+ UsePrivilegedPort is set to ``yes''.
+
+ ChallengeResponseAuthentication
+ Specifies whether to use challenge-response authentication. The
+ argument to this keyword must be ``yes'' or ``no''. The default
+ is ``yes''.
+
+ CheckHostIP
+ If this flag is set to ``yes'', ssh(1) will additionally check
+ the host IP address in the known_hosts file. This allows ssh to
+ detect if a host key changed due to DNS spoofing. If the option
+ is set to ``no'', the check will not be executed. The default is
+ ``yes''.
+
+ Cipher Specifies the cipher to use for encrypting the session in
+ protocol version 1. Currently, ``blowfish'', ``3des'', and
+ ``des'' are supported. des is only supported in the ssh(1)
+ client for interoperability with legacy protocol 1
+ implementations that do not support the 3des cipher. Its use is
+ strongly discouraged due to cryptographic weaknesses. The
+ default is ``3des''.
+
+ Ciphers
+ Specifies the ciphers allowed for protocol version 2 in order of
+ preference. Multiple ciphers must be comma-separated. The
+ supported ciphers are ``3des-cbc'', ``aes128-cbc'',
+ ``aes192-cbc'', ``aes256-cbc'', ``aes128-ctr'', ``aes192-ctr'',
+ ``aes256-ctr'', ``aes128-gcm at openssh.com'',
+ ``aes256-gcm at openssh.com'', ``arcfour128'', ``arcfour256'',
+ ``arcfour'', ``blowfish-cbc'', and ``cast128-cbc''. The default
+ is:
+
+ aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
+ aes128-gcm at openssh.com,aes256-gcm at openssh.com,
+ aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
+ aes256-cbc,arcfour
+
+ ClearAllForwardings
+ Specifies that all local, remote, and dynamic port forwardings
+ specified in the configuration files or on the command line be
+ cleared. This option is primarily useful when used from the
+ ssh(1) command line to clear port forwardings set in
+ configuration files, and is automatically set by scp(1) and
+ sftp(1). The argument must be ``yes'' or ``no''. The default is
+ ``no''.
+
+ Compression
+ Specifies whether to use compression. The argument must be
+ ``yes'' or ``no''. The default is ``no''.
+
+ CompressionLevel
+ Specifies the compression level to use if compression is enabled.
+ The argument must be an integer from 1 (fast) to 9 (slow, best).
+ The default level is 6, which is good for most applications. The
+ meaning of the values is the same as in gzip(1). Note that this
+ option applies to protocol version 1 only.
+
+ ConnectionAttempts
+ Specifies the number of tries (one per second) to make before
+ exiting. The argument must be an integer. This may be useful in
+ scripts if the connection sometimes fails. The default is 1.
+
+ ConnectTimeout
+ Specifies the timeout (in seconds) used when connecting to the
+ SSH server, instead of using the default system TCP timeout.
+ This value is used only when the target is down or really
+ unreachable, not when it refuses the connection.
+
+ ControlMaster
+ Enables the sharing of multiple sessions over a single network
+ connection. When set to ``yes'', ssh(1) will listen for
+ connections on a control socket specified using the ControlPath
+ argument. Additional sessions can connect to this socket using
+ the same ControlPath with ControlMaster set to ``no'' (the
+ default). These sessions will try to reuse the master instance's
+ network connection rather than initiating new ones, but will fall
+ back to connecting normally if the control socket does not exist,
+ or is not listening.
+
+ Setting this to ``ask'' will cause ssh to listen for control
+ connections, but require confirmation using the SSH_ASKPASS
+ program before they are accepted (see ssh-add(1) for details).
+ If the ControlPath cannot be opened, ssh will continue without
+ connecting to a master instance.
+
+ X11 and ssh-agent(1) forwarding is supported over these
+ multiplexed connections, however the display and agent forwarded
+ will be the one belonging to the master connection i.e. it is not
+ possible to forward multiple displays or agents.
+
+ Two additional options allow for opportunistic multiplexing: try
+ to use a master connection but fall back to creating a new one if
+ one does not already exist. These options are: ``auto'' and
+ ``autoask''. The latter requires confirmation like the ``ask''
+ option.
+
+ ControlPath
+ Specify the path to the control socket used for connection
+ sharing as described in the ControlMaster section above or the
+ string ``none'' to disable connection sharing. In the path, `%L'
+ will be substituted by the first component of the local host
+ name, `%l' will be substituted by the local host name (including
+ any domain name), `%h' will be substituted by the target host
+ name, `%n' will be substituted by the original target host name
+ specified on the command line, `%p' the port, `%r' by the remote
+ login username, and `%u' by the username of the user running
+ ssh(1). It is recommended that any ControlPath used for
+ opportunistic connection sharing include at least %h, %p, and %r.
+ This ensures that shared connections are uniquely identified.
+
+ ControlPersist
+ When used in conjunction with ControlMaster, specifies that the
+ master connection should remain open in the background (waiting
+ for future client connections) after the initial client
+ connection has been closed. If set to ``no'', then the master
+ connection will not be placed into the background, and will close
+ as soon as the initial client connection is closed. If set to
+ ``yes'', then the master connection will remain in the background
+ indefinitely (until killed or closed via a mechanism such as the
+ ssh(1) ``-O exit'' option). If set to a time in seconds, or a
+ time in any of the formats documented in sshd_config(5), then the
+ backgrounded master connection will automatically terminate after
+ it has remained idle (with no client connections) for the
+ specified time.
+
+ DynamicForward
+ Specifies that a TCP port on the local machine be forwarded over
+ the secure channel, and the application protocol is then used to
+ determine where to connect to from the remote machine.
+
+ The argument must be [bind_address:]port. IPv6 addresses can be
+ specified by enclosing addresses in square brackets. By default,
+ the local port is bound in accordance with the GatewayPorts
+ setting. However, an explicit bind_address may be used to bind
+ the connection to a specific address. The bind_address of
+ ``localhost'' indicates that the listening port be bound for
+ local use only, while an empty address or `*' indicates that the
+ port should be available from all interfaces.
+
+ Currently the SOCKS4 and SOCKS5 protocols are supported, and
+ ssh(1) will act as a SOCKS server. Multiple forwardings may be
+ specified, and additional forwardings can be given on the command
+ line. Only the superuser can forward privileged ports.
+
+ EnableSSHKeysign
+ Setting this option to ``yes'' in the global client configuration
+ file /etc/ssh/ssh_config enables the use of the helper program
+ ssh-keysign(8) during HostbasedAuthentication. The argument must
+ be ``yes'' or ``no''. The default is ``no''. This option should
+ be placed in the non-hostspecific section. See ssh-keysign(8)
+ for more information.
+
+ EscapeChar
+ Sets the escape character (default: `~'). The escape character
+ can also be set on the command line. The argument should be a
+ single character, `^' followed by a letter, or ``none'' to
+ disable the escape character entirely (making the connection
+ transparent for binary data).
+
+ ExitOnForwardFailure
+ Specifies whether ssh(1) should terminate the connection if it
+ cannot set up all requested dynamic, tunnel, local, and remote
+ port forwardings. The argument must be ``yes'' or ``no''. The
+ default is ``no''.
+
+ ForwardAgent
+ Specifies whether the connection to the authentication agent (if
+ any) will be forwarded to the remote machine. The argument must
+ be ``yes'' or ``no''. The default is ``no''.
+
+ Agent forwarding should be enabled with caution. Users with the
+ ability to bypass file permissions on the remote host (for the
+ agent's Unix-domain socket) can access the local agent through
+ the forwarded connection. An attacker cannot obtain key material
+ from the agent, however they can perform operations on the keys
+ that enable them to authenticate using the identities loaded into
+ the agent.
+
+ ForwardX11
+ Specifies whether X11 connections will be automatically
+ redirected over the secure channel and DISPLAY set. The argument
+ must be ``yes'' or ``no''. The default is ``no''.
+
+ X11 forwarding should be enabled with caution. Users with the
+ ability to bypass file permissions on the remote host (for the
+ user's X11 authorization database) can access the local X11
+ display through the forwarded connection. An attacker may then
+ be able to perform activities such as keystroke monitoring if the
+ ForwardX11Trusted option is also enabled.
+
+ ForwardX11Timeout
+ Specify a timeout for untrusted X11 forwarding using the format
+ described in the TIME FORMATS section of sshd_config(5). X11
+ connections received by ssh(1) after this time will be refused.
+ The default is to disable untrusted X11 forwarding after twenty
+ minutes has elapsed.
+
+ ForwardX11Trusted
+ If this option is set to ``yes'', remote X11 clients will have
+ full access to the original X11 display.
+
+ If this option is set to ``no'', remote X11 clients will be
+ considered untrusted and prevented from stealing or tampering
+ with data belonging to trusted X11 clients. Furthermore, the
+ xauth(1) token used for the session will be set to expire after
+ 20 minutes. Remote clients will be refused access after this
+ time.
+
+ The default is ``no''.
+
+ See the X11 SECURITY extension specification for full details on
+ the restrictions imposed on untrusted clients.
+
+ GatewayPorts
+ Specifies whether remote hosts are allowed to connect to local
+ forwarded ports. By default, ssh(1) binds local port forwardings
+ to the loopback address. This prevents other remote hosts from
+ connecting to forwarded ports. GatewayPorts can be used to
+ specify that ssh should bind local port forwardings to the
+ wildcard address, thus allowing remote hosts to connect to
+ forwarded ports. The argument must be ``yes'' or ``no''. The
+ default is ``no''.
+
+ GlobalKnownHostsFile
+ Specifies one or more files to use for the global host key
+ database, separated by whitespace. The default is
+ /etc/ssh/ssh_known_hosts, /etc/ssh/ssh_known_hosts2.
+
+ GSSAPIAuthentication
+ Specifies whether user authentication based on GSSAPI is allowed.
+ The default is ``no''. Note that this option applies to protocol
+ version 2 only.
+
+ GSSAPIDelegateCredentials
+ Forward (delegate) credentials to the server. The default is
+ ``no''. Note that this option applies to protocol version 2
+ only.
+
+ HashKnownHosts
+ Indicates that ssh(1) should hash host names and addresses when
+ they are added to ~/.ssh/known_hosts. These hashed names may be
+ used normally by ssh(1) and sshd(8), but they do not reveal
+ identifying information should the file's contents be disclosed.
+ The default is ``no''. Note that existing names and addresses in
+ known hosts files will not be converted automatically, but may be
+ manually hashed using ssh-keygen(1).
+
+ HostbasedAuthentication
+ Specifies whether to try rhosts based authentication with public
+ key authentication. The argument must be ``yes'' or ``no''. The
+ default is ``no''. This option applies to protocol version 2
+ only and is similar to RhostsRSAAuthentication.
+
+ HostKeyAlgorithms
+ Specifies the protocol version 2 host key algorithms that the
+ client wants to use in order of preference. The default for this
+ option is:
+
+ ecdsa-sha2-nistp256-cert-v01 at openssh.com,
+ ecdsa-sha2-nistp384-cert-v01 at openssh.com,
+ ecdsa-sha2-nistp521-cert-v01 at openssh.com,
+ ssh-rsa-cert-v01 at openssh.com,ssh-dss-cert-v01 at openssh.com,
+ ssh-rsa-cert-v00 at openssh.com,ssh-dss-cert-v00 at openssh.com,
+ ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+ ssh-rsa,ssh-dss
+
+ If hostkeys are known for the destination host then this default
+ is modified to prefer their algorithms.
+
+ HostKeyAlias
+ Specifies an alias that should be used instead of the real host
+ name when looking up or saving the host key in the host key
+ database files. This option is useful for tunneling SSH
+ connections or for multiple servers running on a single host.
+
+ HostName
+ Specifies the real host name to log into. This can be used to
+ specify nicknames or abbreviations for hosts. If the hostname
+ contains the character sequence `%h', then this will be replaced
+ with the host name specified on the command line (this is useful
+ for manipulating unqualified names). The default is the name
+ given on the command line. Numeric IP addresses are also
+ permitted (both on the command line and in HostName
+ specifications).
+
+ IdentitiesOnly
+ Specifies that ssh(1) should only use the authentication identity
+ files configured in the ssh_config files, even if ssh-agent(1) or
+ a PKCS11Provider offers more identities. The argument to this
+ keyword must be ``yes'' or ``no''. This option is intended for
+ situations where ssh-agent offers many different identities. The
+ default is ``no''.
+
+ IdentityFile
+ Specifies a file from which the user's DSA, ECDSA or RSA
+ authentication identity is read. The default is ~/.ssh/identity
+ for protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and
+ ~/.ssh/id_rsa for protocol version 2. Additionally, any
+ identities represented by the authentication agent will be used
+ for authentication unless IdentitiesOnly is set. ssh(1) will try
+ to load certificate information from the filename obtained by
+ appending -cert.pub to the path of a specified IdentityFile.
+
+ The file name may use the tilde syntax to refer to a user's home
+ directory or one of the following escape characters: `%d' (local
+ user's home directory), `%u' (local user name), `%l' (local host
+ name), `%h' (remote host name) or `%r' (remote user name).
+
+ It is possible to have multiple identity files specified in
+ configuration files; all these identities will be tried in
+ sequence. Multiple IdentityFile directives will add to the list
+ of identities tried (this behaviour differs from that of other
+ configuration directives).
+
+ IdentityFile may be used in conjunction with IdentitiesOnly to
+ select which identities in an agent are offered during
+ authentication.
+
+ IgnoreUnknown
+ Specifies a pattern-list of unknown options to be ignored if they
+ are encountered in configuration parsing. This may be used to
+ suppress errors if ssh_config contains options that are
+ unrecognised by ssh(1). It is recommended that IgnoreUnknown be
+ listed early in the configuration file as it will not be applied
+ to unknown options that appear before it.
+
+ IPQoS Specifies the IPv4 type-of-service or DSCP class for connections.
+ Accepted values are ``af11'', ``af12'', ``af13'', ``af21'',
+ ``af22'', ``af23'', ``af31'', ``af32'', ``af33'', ``af41'',
+ ``af42'', ``af43'', ``cs0'', ``cs1'', ``cs2'', ``cs3'', ``cs4'',
+ ``cs5'', ``cs6'', ``cs7'', ``ef'', ``lowdelay'', ``throughput'',
+ ``reliability'', or a numeric value. This option may take one or
+ two arguments, separated by whitespace. If one argument is
+ specified, it is used as the packet class unconditionally. If
+ two values are specified, the first is automatically selected for
+ interactive sessions and the second for non-interactive sessions.
+ The default is ``lowdelay'' for interactive sessions and
+ ``throughput'' for non-interactive sessions.
+
+ KbdInteractiveAuthentication
+ Specifies whether to use keyboard-interactive authentication.
+ The argument to this keyword must be ``yes'' or ``no''. The
+ default is ``yes''.
+
+ KbdInteractiveDevices
+ Specifies the list of methods to use in keyboard-interactive
+ authentication. Multiple method names must be comma-separated.
+ The default is to use the server specified list. The methods
+ available vary depending on what the server supports. For an
+ OpenSSH server, it may be zero or more of: ``bsdauth'', ``pam'',
+ and ``skey''.
+
+ KexAlgorithms
+ Specifies the available KEX (Key Exchange) algorithms. Multiple
+ algorithms must be comma-separated. The default is:
+
+ ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
+ diffie-hellman-group-exchange-sha256,
+ diffie-hellman-group-exchange-sha1,
+ diffie-hellman-group14-sha1,
+ diffie-hellman-group1-sha1
+
+ LocalCommand
+ Specifies a command to execute on the local machine after
+ successfully connecting to the server. The command string
+ extends to the end of the line, and is executed with the user's
+ shell. The following escape character substitutions will be
+ performed: `%d' (local user's home directory), `%h' (remote host
+ name), `%l' (local host name), `%n' (host name as provided on the
+ command line), `%p' (remote port), `%r' (remote user name) or
+ `%u' (local user name).
+
+ The command is run synchronously and does not have access to the
+ session of the ssh(1) that spawned it. It should not be used for
+ interactive commands.
+
+ This directive is ignored unless PermitLocalCommand has been
+ enabled.
+
+ LocalForward
+ Specifies that a TCP port on the local machine be forwarded over
+ the secure channel to the specified host and port from the remote
+ machine. The first argument must be [bind_address:]port and the
+ second argument must be host:hostport. IPv6 addresses can be
+ specified by enclosing addresses in square brackets. Multiple
+ forwardings may be specified, and additional forwardings can be
+ given on the command line. Only the superuser can forward
+ privileged ports. By default, the local port is bound in
+ accordance with the GatewayPorts setting. However, an explicit
+ bind_address may be used to bind the connection to a specific
+ address. The bind_address of ``localhost'' indicates that the
+ listening port be bound for local use only, while an empty
+ address or `*' indicates that the port should be available from
+ all interfaces.
+
+ LogLevel
+ Gives the verbosity level that is used when logging messages from
+ ssh(1). The possible values are: QUIET, FATAL, ERROR, INFO,
+ VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. The default is INFO.
+ DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify
+ higher levels of verbose output.
+
+ MACs Specifies the MAC (message authentication code) algorithms in
+ order of preference. The MAC algorithm is used in protocol
+ version 2 for data integrity protection. Multiple algorithms
+ must be comma-separated. The algorithms that contain ``-etm''
+ calculate the MAC after encryption (encrypt-then-mac). These are
+ considered safer and their use recommended. The default is:
+
+ hmac-md5-etm at openssh.com,hmac-sha1-etm at openssh.com,
+ umac-64-etm at openssh.com,umac-128-etm at openssh.com,
+ hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,
+ hmac-ripemd160-etm at openssh.com,hmac-sha1-96-etm at openssh.com,
+ hmac-md5-96-etm at openssh.com,
+ hmac-md5,hmac-sha1,umac-64 at openssh.com,umac-128 at openssh.com,
+ hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
+ hmac-sha1-96,hmac-md5-96
+
+ NoHostAuthenticationForLocalhost
+ This option can be used if the home directory is shared across
+ machines. In this case localhost will refer to a different
+ machine on each of the machines and the user will get many
+ warnings about changed host keys. However, this option disables
+ host authentication for localhost. The argument to this keyword
+ must be ``yes'' or ``no''. The default is to check the host key
+ for localhost.
+
+ NumberOfPasswordPrompts
+ Specifies the number of password prompts before giving up. The
+ argument to this keyword must be an integer. The default is 3.
+
+ PasswordAuthentication
+ Specifies whether to use password authentication. The argument
+ to this keyword must be ``yes'' or ``no''. The default is
+ ``yes''.
+
+ PermitLocalCommand
+ Allow local command execution via the LocalCommand option or
+ using the !command escape sequence in ssh(1). The argument must
+ be ``yes'' or ``no''. The default is ``no''.
+
+ PKCS11Provider
+ Specifies which PKCS#11 provider to use. The argument to this
+ keyword is the PKCS#11 shared library ssh(1) should use to
+ communicate with a PKCS#11 token providing the user's private RSA
+ key.
+
+ Port Specifies the port number to connect on the remote host. The
+ default is 22.
+
+ PreferredAuthentications
+ Specifies the order in which the client should try protocol 2
+ authentication methods. This allows a client to prefer one
+ method (e.g. keyboard-interactive) over another method (e.g.
+ password). The default is:
+
+ gssapi-with-mic,hostbased,publickey,
+ keyboard-interactive,password
+
+ Protocol
+ Specifies the protocol versions ssh(1) should support in order of
+ preference. The possible values are `1' and `2'. Multiple
+ versions must be comma-separated. When this option is set to
+ ``2,1'' ssh will try version 2 and fall back to version 1 if
+ version 2 is not available. The default is `2'.
+
+ ProxyCommand
+ Specifies the command to use to connect to the server. The
+ command string extends to the end of the line, and is executed
+ with the user's shell. In the command string, any occurrence of
+ `%h' will be substituted by the host name to connect, `%p' by the
+ port, and `%r' by the remote user name. The command can be
+ basically anything, and should read from its standard input and
+ write to its standard output. It should eventually connect an
+ sshd(8) server running on some machine, or execute sshd -i
+ somewhere. Host key management will be done using the HostName
+ of the host being connected (defaulting to the name typed by the
+ user). Setting the command to ``none'' disables this option
+ entirely. Note that CheckHostIP is not available for connects
+ with a proxy command.
+
+ This directive is useful in conjunction with nc(1) and its proxy
+ support. For example, the following directive would connect via
+ an HTTP proxy at 192.0.2.0:
+
+ ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p
+
+ PubkeyAuthentication
+ Specifies whether to try public key authentication. The argument
+ to this keyword must be ``yes'' or ``no''. The default is
+ ``yes''. This option applies to protocol version 2 only.
+
+ RekeyLimit
+ Specifies the maximum amount of data that may be transmitted
+ before the session key is renegotiated, optionally followed a
+ maximum amount of time that may pass before the session key is
+ renegotiated. The first argument is specified in bytes and may
+ have a suffix of `K', `M', or `G' to indicate Kilobytes,
+ Megabytes, or Gigabytes, respectively. The default is between
+ `1G' and `4G', depending on the cipher. The optional second
+ value is specified in seconds and may use any of the units
+ documented in the TIME FORMATS section of sshd_config(5). The
+ default value for RekeyLimit is ``default none'', which means
+ that rekeying is performed after the cipher's default amount of
+ data has been sent or received and no time based rekeying is
+ done. This option applies to protocol version 2 only.
+
+ RemoteForward
+ Specifies that a TCP port on the remote machine be forwarded over
+ the secure channel to the specified host and port from the local
+ machine. The first argument must be [bind_address:]port and the
+ second argument must be host:hostport. IPv6 addresses can be
+ specified by enclosing addresses in square brackets. Multiple
+ forwardings may be specified, and additional forwardings can be
+ given on the command line. Privileged ports can be forwarded
+ only when logging in as root on the remote machine.
+
+ If the port argument is `0', the listen port will be dynamically
+ allocated on the server and reported to the client at run time.
+
+ If the bind_address is not specified, the default is to only bind
+ to loopback addresses. If the bind_address is `*' or an empty
+ string, then the forwarding is requested to listen on all
+ interfaces. Specifying a remote bind_address will only succeed
+ if the server's GatewayPorts option is enabled (see
+ sshd_config(5)).
+
+ RequestTTY
+ Specifies whether to request a pseudo-tty for the session. The
+ argument may be one of: ``no'' (never request a TTY), ``yes''
+ (always request a TTY when standard input is a TTY), ``force''
+ (always request a TTY) or ``auto'' (request a TTY when opening a
+ login session). This option mirrors the -t and -T flags for
+ ssh(1).
+
+ RhostsRSAAuthentication
+ Specifies whether to try rhosts based authentication with RSA
+ host authentication. The argument must be ``yes'' or ``no''.
+ The default is ``no''. This option applies to protocol version 1
+ only and requires ssh(1) to be setuid root.
+
+ RSAAuthentication
+ Specifies whether to try RSA authentication. The argument to
+ this keyword must be ``yes'' or ``no''. RSA authentication will
+ only be attempted if the identity file exists, or an
+ authentication agent is running. The default is ``yes''. Note
+ that this option applies to protocol version 1 only.
+
+ SendEnv
+ Specifies what variables from the local environ(7) should be sent
+ to the server. Note that environment passing is only supported
+ for protocol 2. The server must also support it, and the server
+ must be configured to accept these environment variables. Refer
+ to AcceptEnv in sshd_config(5) for how to configure the server.
+ Variables are specified by name, which may contain wildcard
+ characters. Multiple environment variables may be separated by
+ whitespace or spread across multiple SendEnv directives. The
+ default is not to send any environment variables.
+
+ See PATTERNS for more information on patterns.
+
+ ServerAliveCountMax
+ Sets the number of server alive messages (see below) which may be
+ sent without ssh(1) receiving any messages back from the server.
+ If this threshold is reached while server alive messages are
+ being sent, ssh will disconnect from the server, terminating the
+ session. It is important to note that the use of server alive
+ messages is very different from TCPKeepAlive (below). The server
+ alive messages are sent through the encrypted channel and
+ therefore will not be spoofable. The TCP keepalive option
+ enabled by TCPKeepAlive is spoofable. The server alive mechanism
+ is valuable when the client or server depend on knowing when a
+ connection has become inactive.
+
+ The default value is 3. If, for example, ServerAliveInterval
+ (see below) is set to 15 and ServerAliveCountMax is left at the
+ default, if the server becomes unresponsive, ssh will disconnect
+ after approximately 45 seconds. This option applies to protocol
+ version 2 only.
+
+ ServerAliveInterval
+ Sets a timeout interval in seconds after which if no data has
+ been received from the server, ssh(1) will send a message through
+ the encrypted channel to request a response from the server. The
+ default is 0, indicating that these messages will not be sent to
+ the server. This option applies to protocol version 2 only.
+
+ StrictHostKeyChecking
+ If this flag is set to ``yes'', ssh(1) will never automatically
+ add host keys to the ~/.ssh/known_hosts file, and refuses to
+ connect to hosts whose host key has changed. This provides
+ maximum protection against trojan horse attacks, though it can be
+ annoying when the /etc/ssh/ssh_known_hosts file is poorly
+ maintained or when connections to new hosts are frequently made.
+ This option forces the user to manually add all new hosts. If
+ this flag is set to ``no'', ssh will automatically add new host
+ keys to the user known hosts files. If this flag is set to
+ ``ask'', new host keys will be added to the user known host files
+ only after the user has confirmed that is what they really want
+ to do, and ssh will refuse to connect to hosts whose host key has
+ changed. The host keys of known hosts will be verified
+ automatically in all cases. The argument must be ``yes'',
+ ``no'', or ``ask''. The default is ``ask''.
+
+ TCPKeepAlive
+ Specifies whether the system should send TCP keepalive messages
+ to the other side. If they are sent, death of the connection or
+ crash of one of the machines will be properly noticed. However,
+ this means that connections will die if the route is down
+ temporarily, and some people find it annoying.
+
+ The default is ``yes'' (to send TCP keepalive messages), and the
+ client will notice if the network goes down or the remote host
+ dies. This is important in scripts, and many users want it too.
+
+ To disable TCP keepalive messages, the value should be set to
+ ``no''.
+
+ Tunnel Request tun(4) device forwarding between the client and the
+ server. The argument must be ``yes'', ``point-to-point'' (layer
+ 3), ``ethernet'' (layer 2), or ``no''. Specifying ``yes''
+ requests the default tunnel mode, which is ``point-to-point''.
+ The default is ``no''.
+
+ TunnelDevice
+ Specifies the tun(4) devices to open on the client (local_tun)
+ and the server (remote_tun).
+
+ The argument must be local_tun[:remote_tun]. The devices may be
+ specified by numerical ID or the keyword ``any'', which uses the
+ next available tunnel device. If remote_tun is not specified, it
+ defaults to ``any''. The default is ``any:any''.
+
+ UsePrivilegedPort
+ Specifies whether to use a privileged port for outgoing
+ connections. The argument must be ``yes'' or ``no''. The
+ default is ``no''. If set to ``yes'', ssh(1) must be setuid
+ root. Note that this option must be set to ``yes'' for
+ RhostsRSAAuthentication with older servers.
+
+ User Specifies the user to log in as. This can be useful when a
+ different user name is used on different machines. This saves
+ the trouble of having to remember to give the user name on the
+ command line.
+
+ UserKnownHostsFile
+ Specifies one or more files to use for the user host key
+ database, separated by whitespace. The default is
+ ~/.ssh/known_hosts, ~/.ssh/known_hosts2.
+
+ VerifyHostKeyDNS
+ Specifies whether to verify the remote key using DNS and SSHFP
+ resource records. If this option is set to ``yes'', the client
+ will implicitly trust keys that match a secure fingerprint from
+ DNS. Insecure fingerprints will be handled as if this option was
+ set to ``ask''. If this option is set to ``ask'', information on
+ fingerprint match will be displayed, but the user will still need
+ to confirm new host keys according to the StrictHostKeyChecking
+ option. The argument must be ``yes'', ``no'', or ``ask''. The
+ default is ``no''. Note that this option applies to protocol
+ version 2 only.
+
+ See also VERIFYING HOST KEYS in ssh(1).
+
+ VisualHostKey
+ If this flag is set to ``yes'', an ASCII art representation of
+ the remote host key fingerprint is printed in addition to the hex
+ fingerprint string at login and for unknown host keys. If this
+ flag is set to ``no'', no fingerprint strings are printed at
+ login and only the hex fingerprint string will be printed for
+ unknown host keys. The default is ``no''.
+
+ XAuthLocation
+ Specifies the full pathname of the xauth(1) program. The default
+ is /usr/X11R6/bin/xauth.
+
+PATTERNS
+ A pattern consists of zero or more non-whitespace characters, `*' (a
+ wildcard that matches zero or more characters), or `?' (a wildcard that
+ matches exactly one character). For example, to specify a set of
+ declarations for any host in the ``.co.uk'' set of domains, the following
+ pattern could be used:
+
+ Host *.co.uk
+
+ The following pattern would match any host in the 192.168.0.[0-9] network
+ range:
+
+ Host 192.168.0.?
+
+ A pattern-list is a comma-separated list of patterns. Patterns within
+ pattern-lists may be negated by preceding them with an exclamation mark
+ (`!'). For example, to allow a key to be used from anywhere within an
+ organisation except from the ``dialup'' pool, the following entry (in
+ authorized_keys) could be used:
+
+ from="!*.dialup.example.com,*.example.com"
+
+FILES
+ ~/.ssh/config
+ This is the per-user configuration file. The format of this file
+ is described above. This file is used by the SSH client.
+ Because of the potential for abuse, this file must have strict
+ permissions: read/write for the user, and not accessible by
+ others.
+
+ /etc/ssh/ssh_config
+ Systemwide configuration file. This file provides defaults for
+ those values that are not specified in the user's configuration
+ file, and for those users who do not have a configuration file.
+ This file must be world-readable.
+
+SEE ALSO
+ ssh(1)
+
+AUTHORS
+ OpenSSH is a derivative of the original and free ssh 1.2.12 release by
+ Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
+ de Raadt and Dug Song removed many bugs, re-added newer features and
+ created OpenSSH. Markus Friedl contributed the support for SSH protocol
+ versions 1.5 and 2.0.
+
+OpenBSD 5.4 June 27, 2013 OpenBSD 5.4
Modified: vendor-crypto/openssh/dist/ssh_config.5
===================================================================
--- vendor-crypto/openssh/dist/ssh_config.5 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/ssh_config.5 2013-12-05 12:55:03 UTC (rev 6462)
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.146 2010/12/08 04:02:47 djm Exp $
-.Dd $Mdocdate: December 8 2010 $
+.\" $OpenBSD: ssh_config.5,v 1.166 2013/06/27 14:05:37 jmc Exp $
+.Dd $Mdocdate: June 27 2013 $
.Dt SSH_CONFIG 5
.Os
.Sh NAME
@@ -112,6 +112,15 @@
argument given on the command line (i.e. the name is not converted to
a canonicalized host name before matching).
.Pp
+A pattern entry may be negated by prefixing it with an exclamation mark
+.Pq Sq !\& .
+If a negated entry is matched, then the
+.Cm Host
+entry is ignored, regardless of whether any other patterns on the line
+match.
+Negated matches are therefore useful to provide exceptions for wildcard
+matches.
+.Pp
See
.Sx PATTERNS
for more information on patterns.
@@ -195,6 +204,8 @@
.Dq aes128-ctr ,
.Dq aes192-ctr ,
.Dq aes256-ctr ,
+.Dq aes128-gcm at openssh.com ,
+.Dq aes256-gcm at openssh.com ,
.Dq arcfour128 ,
.Dq arcfour256 ,
.Dq arcfour ,
@@ -204,6 +215,7 @@
The default is:
.Bd -literal -offset 3n
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
+aes128-gcm at openssh.com,aes256-gcm at openssh.com,
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
aes256-cbc,arcfour
.Ed
@@ -305,14 +317,22 @@
.Dq none
to disable connection sharing.
In the path,
+.Ql %L
+will be substituted by the first component of the local host name,
.Ql %l
-will be substituted by the local host name,
+will be substituted by the local host name (including any domain name),
.Ql %h
will be substituted by the target host name,
+.Ql %n
+will be substituted by the original target host name
+specified on the command line,
.Ql %p
-the port, and
+the port,
.Ql %r
-by the remote login username.
+by the remote login username, and
+.Ql %u
+by the username of the user running
+.Xr ssh 1 .
It is recommended that any
.Cm ControlPath
used for opportunistic connection sharing include
@@ -454,8 +474,7 @@
.It Cm ForwardX11Timeout
Specify a timeout for untrusted X11 forwarding
using the format described in the
-.Sx TIME FORMATS
-section of
+TIME FORMATS section of
.Xr sshd_config 5 .
X11 connections received by
.Xr ssh 1
@@ -500,9 +519,11 @@
The default is
.Dq no .
.It Cm GlobalKnownHostsFile
-Specifies a file to use for the global
-host key database instead of
-.Pa /etc/ssh/ssh_known_hosts .
+Specifies one or more files to use for the global
+host key database, separated by whitespace.
+The default is
+.Pa /etc/ssh/ssh_known_hosts ,
+.Pa /etc/ssh/ssh_known_hosts2 .
.It Cm GSSAPIAuthentication
Specifies whether user authentication based on GSSAPI is allowed.
The default is
@@ -569,7 +590,7 @@
This can be used to specify nicknames or abbreviations for hosts.
If the hostname contains the character sequence
.Ql %h ,
-then this will be replaced with the host name specified on the commandline
+then this will be replaced with the host name specified on the command line
(this is useful for manipulating unqualified names).
The default is the name given on the command line.
Numeric IP addresses are also permitted (both on the command line and in
@@ -583,6 +604,8 @@
files,
even if
.Xr ssh-agent 1
+or a
+.Cm PKCS11Provider
offers more identities.
The argument to this keyword must be
.Dq yes
@@ -593,7 +616,7 @@
The default is
.Dq no .
.It Cm IdentityFile
-Specifies a file from which the user's DSA, ECDSA or DSA authentication
+Specifies a file from which the user's DSA, ECDSA or RSA authentication
identity is read.
The default is
.Pa ~/.ssh/identity
@@ -604,7 +627,9 @@
.Pa ~/.ssh/id_rsa
for protocol version 2.
Additionally, any identities represented by the authentication agent
-will be used for authentication.
+will be used for authentication unless
+.Cm IdentitiesOnly
+is set.
.Xr ssh 1
will try to load certificate information from the filename obtained by
appending
@@ -629,6 +654,26 @@
It is possible to have
multiple identity files specified in configuration files; all these
identities will be tried in sequence.
+Multiple
+.Cm IdentityFile
+directives will add to the list of identities tried (this behaviour
+differs from that of other configuration directives).
+.Pp
+.Cm IdentityFile
+may be used in conjunction with
+.Cm IdentitiesOnly
+to select which identities in an agent are offered during authentication.
+.It Cm IgnoreUnknown
+Specifies a pattern-list of unknown options to be ignored if they are
+encountered in configuration parsing.
+This may be used to suppress errors if
+.Nm
+contains options that are unrecognised by
+.Xr ssh 1 .
+It is recommended that
+.Cm IgnoreUnknown
+be listed early in the configuration file as it will not be applied
+to unknown options that appear before it.
.It Cm IPQoS
Specifies the IPv4 type-of-service or DSCP class for connections.
Accepted values are
@@ -635,7 +680,7 @@
.Dq af11 ,
.Dq af12 ,
.Dq af13 ,
-.Dq af14 ,
+.Dq af21 ,
.Dq af22 ,
.Dq af23 ,
.Dq af31 ,
@@ -767,10 +812,20 @@
The MAC algorithm is used in protocol version 2
for data integrity protection.
Multiple algorithms must be comma-separated.
+The algorithms that contain
+.Dq -etm
+calculate the MAC after encryption (encrypt-then-mac).
+These are considered safer and their use recommended.
The default is:
.Bd -literal -offset indent
-hmac-md5,hmac-sha1,umac-64 at openssh.com,
-hmac-ripemd160,hmac-sha1-96,hmac-md5-96
+hmac-md5-etm at openssh.com,hmac-sha1-etm at openssh.com,
+umac-64-etm at openssh.com,umac-128-etm at openssh.com,
+hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,
+hmac-ripemd160-etm at openssh.com,hmac-sha1-96-etm at openssh.com,
+hmac-md5-96-etm at openssh.com,
+hmac-md5,hmac-sha1,umac-64 at openssh.com,umac-128 at openssh.com,
+hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
+hmac-sha1-96,hmac-md5-96
.Ed
.It Cm NoHostAuthenticationForLocalhost
This option can be used if the home directory is shared across machines.
@@ -893,8 +948,9 @@
This option applies to protocol version 2 only.
.It Cm RekeyLimit
Specifies the maximum amount of data that may be transmitted before the
-session key is renegotiated.
-The argument is the number of bytes, with an optional suffix of
+session key is renegotiated, optionally followed a maximum amount of
+time that may pass before the session key is renegotiated.
+The first argument is specified in bytes and may have a suffix of
.Sq K ,
.Sq M ,
or
@@ -905,6 +961,16 @@
and
.Sq 4G ,
depending on the cipher.
+The optional second value is specified in seconds and may use any of the
+units documented in the
+TIME FORMATS section of
+.Xr sshd_config 5 .
+The default value for
+.Cm RekeyLimit
+is
+.Dq default none ,
+which means that rekeying is performed after the cipher's default amount
+of data has been sent or received and no time based rekeying is done.
This option applies to protocol version 2 only.
.It Cm RemoteForward
Specifies that a TCP port on the remote machine be forwarded over
@@ -943,6 +1009,23 @@
.Cm GatewayPorts
option is enabled (see
.Xr sshd_config 5 ) .
+.It Cm RequestTTY
+Specifies whether to request a pseudo-tty for the session.
+The argument may be one of:
+.Dq no
+(never request a TTY),
+.Dq yes
+(always request a TTY when standard input is a TTY),
+.Dq force
+(always request a TTY) or
+.Dq auto
+(request a TTY when opening a login session).
+This option mirrors the
+.Fl t
+and
+.Fl T
+flags for
+.Xr ssh 1 .
.It Cm RhostsRSAAuthentication
Specifies whether to try rhosts based authentication with RSA host
authentication.
@@ -1137,9 +1220,11 @@
This saves the trouble of
having to remember to give the user name on the command line.
.It Cm UserKnownHostsFile
-Specifies a file to use for the user
-host key database instead of
-.Pa ~/.ssh/known_hosts .
+Specifies one or more files to use for the user
+host key database, separated by whitespace.
+The default is
+.Pa ~/.ssh/known_hosts ,
+.Pa ~/.ssh/known_hosts2 .
.It Cm VerifyHostKeyDNS
Specifies whether to verify the remote key using DNS and SSHFP resource
records.
@@ -1164,9 +1249,7 @@
.Dq no .
Note that this option applies to protocol version 2 only.
.Pp
-See also
-.Sx VERIFYING HOST KEYS
-in
+See also VERIFYING HOST KEYS in
.Xr ssh 1 .
.It Cm VisualHostKey
If this flag is set to
Property changes on: vendor-crypto/openssh/dist/ssh_config.5
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.7
\ No newline at end of property
Deleted: vendor-crypto/openssh/dist/ssh_namespace.h
===================================================================
--- vendor-crypto/openssh/dist/ssh_namespace.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/ssh_namespace.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,369 +0,0 @@
-/*
- * Namespace munging inspired by an equivalent hack in NetBSD's tree: add
- * the "ssh_" prefix to every symbol in libssh which doesn't already have
- * it. This prevents collisions between symbols in libssh and symbols in
- * other libraries or applications which link with libssh, either directly
- * or indirectly (e.g. through PAM loading pam_ssh).
- *
- * A list of symbols which need munging is obtained as follows:
- *
- * nm libssh.a | awk '$2 == "T" && $3 !~ /^ssh_/ { print "#define", $3, "ssh_" $3 }'
- *
- * $FreeBSD: src/crypto/openssh/ssh_namespace.h,v 1.1.2.2 2006/10/06 14:07:16 des Exp $
- */
-
-#define a2port ssh_a2port
-#define a2tun ssh_a2tun
-#define acss ssh_acss
-#define acss_setkey ssh_acss_setkey
-#define acss_setsubkey ssh_acss_setsubkey
-#define add_host_to_hostfile ssh_add_host_to_hostfile
-#define addargs ssh_addargs
-#define ask_permission ssh_ask_permission
-#define atomicio ssh_atomicio
-#define atomiciov ssh_atomiciov
-#define auth_request_forwarding ssh_auth_request_forwarding
-#define buffer_append ssh_buffer_append
-#define buffer_append_space ssh_buffer_append_space
-#define buffer_check_alloc ssh_buffer_check_alloc
-#define buffer_clear ssh_buffer_clear
-#define buffer_compress ssh_buffer_compress
-#define buffer_compress_init_recv ssh_buffer_compress_init_recv
-#define buffer_compress_init_send ssh_buffer_compress_init_send
-#define buffer_compress_uninit ssh_buffer_compress_uninit
-#define buffer_consume ssh_buffer_consume
-#define buffer_consume_end ssh_buffer_consume_end
-#define buffer_consume_end_ret ssh_buffer_consume_end_ret
-#define buffer_consume_ret ssh_buffer_consume_ret
-#define buffer_dump ssh_buffer_dump
-#define buffer_free ssh_buffer_free
-#define buffer_get ssh_buffer_get
-#define buffer_get_bignum ssh_buffer_get_bignum
-#define buffer_get_bignum2 ssh_buffer_get_bignum2
-#define buffer_get_bignum2_ret ssh_buffer_get_bignum2_ret
-#define buffer_get_bignum_ret ssh_buffer_get_bignum_ret
-#define buffer_get_char ssh_buffer_get_char
-#define buffer_get_char_ret ssh_buffer_get_char_ret
-#define buffer_get_int ssh_buffer_get_int
-#define buffer_get_int64 ssh_buffer_get_int64
-#define buffer_get_int64_ret ssh_buffer_get_int64_ret
-#define buffer_get_int_ret ssh_buffer_get_int_ret
-#define buffer_get_ret ssh_buffer_get_ret
-#define buffer_get_short ssh_buffer_get_short
-#define buffer_get_short_ret ssh_buffer_get_short_ret
-#define buffer_get_string ssh_buffer_get_string
-#define buffer_get_string_ret ssh_buffer_get_string_ret
-#define buffer_init ssh_buffer_init
-#define buffer_len ssh_buffer_len
-#define buffer_ptr ssh_buffer_ptr
-#define buffer_put_bignum ssh_buffer_put_bignum
-#define buffer_put_bignum2 ssh_buffer_put_bignum2
-#define buffer_put_bignum2_ret ssh_buffer_put_bignum2_ret
-#define buffer_put_bignum_ret ssh_buffer_put_bignum_ret
-#define buffer_put_char ssh_buffer_put_char
-#define buffer_put_cstring ssh_buffer_put_cstring
-#define buffer_put_int ssh_buffer_put_int
-#define buffer_put_int64 ssh_buffer_put_int64
-#define buffer_put_short ssh_buffer_put_short
-#define buffer_put_string ssh_buffer_put_string
-#define buffer_uncompress ssh_buffer_uncompress
-#define chan_ibuf_empty ssh_chan_ibuf_empty
-#define chan_is_dead ssh_chan_is_dead
-#define chan_mark_dead ssh_chan_mark_dead
-#define chan_obuf_empty ssh_chan_obuf_empty
-#define chan_rcvd_ieof ssh_chan_rcvd_ieof
-#define chan_rcvd_oclose ssh_chan_rcvd_oclose
-#define chan_read_failed ssh_chan_read_failed
-#define chan_write_failed ssh_chan_write_failed
-#define channel_add_adm_permitted_opens ssh_channel_add_adm_permitted_opens
-#define channel_add_permitted_opens ssh_channel_add_permitted_opens
-#define channel_after_select ssh_channel_after_select
-#define channel_by_id ssh_channel_by_id
-#define channel_cancel_cleanup ssh_channel_cancel_cleanup
-#define channel_cancel_rport_listener ssh_channel_cancel_rport_listener
-#define channel_clear_adm_permitted_opens ssh_channel_clear_adm_permitted_opens
-#define channel_clear_permitted_opens ssh_channel_clear_permitted_opens
-#define channel_close_all ssh_channel_close_all
-#define channel_close_fd ssh_channel_close_fd
-#define channel_connect_by_listen_address ssh_channel_connect_by_listen_address
-#define channel_connect_to ssh_channel_connect_to
-#define channel_find_open ssh_channel_find_open
-#define channel_free ssh_channel_free
-#define channel_free_all ssh_channel_free_all
-#define channel_input_close ssh_channel_input_close
-#define channel_input_close_confirmation ssh_channel_input_close_confirmation
-#define channel_input_data ssh_channel_input_data
-#define channel_input_extended_data ssh_channel_input_extended_data
-#define channel_input_ieof ssh_channel_input_ieof
-#define channel_input_oclose ssh_channel_input_oclose
-#define channel_input_open_confirmation ssh_channel_input_open_confirmation
-#define channel_input_open_failure ssh_channel_input_open_failure
-#define channel_input_port_forward_request ssh_channel_input_port_forward_request
-#define channel_input_port_open ssh_channel_input_port_open
-#define channel_input_window_adjust ssh_channel_input_window_adjust
-#define channel_lookup ssh_channel_lookup
-#define channel_new ssh_channel_new
-#define channel_not_very_much_buffered_data ssh_channel_not_very_much_buffered_data
-#define channel_open_message ssh_channel_open_message
-#define channel_output_poll ssh_channel_output_poll
-#define channel_permit_all_opens ssh_channel_permit_all_opens
-#define channel_prepare_select ssh_channel_prepare_select
-#define channel_register_cleanup ssh_channel_register_cleanup
-#define channel_register_confirm ssh_channel_register_confirm
-#define channel_register_filter ssh_channel_register_filter
-#define channel_request_remote_forwarding ssh_channel_request_remote_forwarding
-#define channel_request_rforward_cancel ssh_channel_request_rforward_cancel
-#define channel_request_start ssh_channel_request_start
-#define channel_send_open ssh_channel_send_open
-#define channel_send_window_changes ssh_channel_send_window_changes
-#define channel_set_af ssh_channel_set_af
-#define channel_set_fds ssh_channel_set_fds
-#define channel_setup_local_fwd_listener ssh_channel_setup_local_fwd_listener
-#define channel_setup_remote_fwd_listener ssh_channel_setup_remote_fwd_listener
-#define channel_still_open ssh_channel_still_open
-#define channel_stop_listening ssh_channel_stop_listening
-#define check_host_in_hostfile ssh_check_host_in_hostfile
-#define choose_dh ssh_choose_dh
-#define chop ssh_chop
-#define cipher_blocksize ssh_cipher_blocksize
-#define cipher_by_name ssh_cipher_by_name
-#define cipher_by_number ssh_cipher_by_number
-#define cipher_cleanup ssh_cipher_cleanup
-#define cipher_crypt ssh_cipher_crypt
-#define cipher_get_keycontext ssh_cipher_get_keycontext
-#define cipher_get_keyiv ssh_cipher_get_keyiv
-#define cipher_get_keyiv_len ssh_cipher_get_keyiv_len
-#define cipher_get_number ssh_cipher_get_number
-#define cipher_init ssh_cipher_init
-#define cipher_keylen ssh_cipher_keylen
-#define cipher_mask_ssh1 ssh_cipher_mask_ssh1
-#define cipher_name ssh_cipher_name
-#define cipher_number ssh_cipher_number
-#define cipher_set_key_string ssh_cipher_set_key_string
-#define cipher_set_keycontext ssh_cipher_set_keycontext
-#define cipher_set_keyiv ssh_cipher_set_keyiv
-#define ciphers_valid ssh_ciphers_valid
-#define cleanhostname ssh_cleanhostname
-#define cleanup_exit ssh_cleanup_exit
-#define closefrom ssh_closefrom
-#define colon ssh_colon
-#define compat_cipher_proposal ssh_compat_cipher_proposal
-#define compat_datafellows ssh_compat_datafellows
-#define convtime ssh_convtime
-#define decode_reply ssh_decode_reply
-#define deny_input_open ssh_deny_input_open
-#define derive_ssh1_session_id ssh_derive_ssh1_session_id
-#define detect_attack ssh_detect_attack
-#define dh_estimate ssh_dh_estimate
-#define dh_gen_key ssh_dh_gen_key
-#define dh_new_group ssh_dh_new_group
-#define dh_new_group1 ssh_dh_new_group1
-#define dh_new_group14 ssh_dh_new_group14
-#define dh_new_group_asc ssh_dh_new_group_asc
-#define dh_pub_is_valid ssh_dh_pub_is_valid
-#define dispatch_init ssh_dispatch_init
-#define dispatch_protocol_error ssh_dispatch_protocol_error
-#define dispatch_protocol_ignore ssh_dispatch_protocol_ignore
-#define dispatch_range ssh_dispatch_range
-#define dispatch_run ssh_dispatch_run
-#define dispatch_set ssh_dispatch_set
-#define do_log ssh_do_log
-#define dump_base64 ssh_dump_base64
-#define enable_compat13 ssh_enable_compat13
-#define enable_compat20 ssh_enable_compat20
-#define evp_acss ssh_evp_acss
-#define evp_aes_128_ctr ssh_evp_aes_128_ctr
-#define evp_rijndael ssh_evp_rijndael
-#define evp_ssh1_3des ssh_evp_ssh1_3des
-#define evp_ssh1_bf ssh_evp_ssh1_bf
-#define export_dns_rr ssh_export_dns_rr
-#define freeargs ssh_freeargs
-#define freerrset ssh_freerrset
-#define gen_candidates ssh_gen_candidates
-#define get_canonical_hostname ssh_get_canonical_hostname
-#define get_local_ipaddr ssh_get_local_ipaddr
-#define get_local_name ssh_get_local_name
-#define get_local_port ssh_get_local_port
-#define get_peer_ipaddr ssh_get_peer_ipaddr
-#define get_peer_port ssh_get_peer_port
-#define get_remote_ipaddr ssh_get_remote_ipaddr
-#define get_remote_name_or_ip ssh_get_remote_name_or_ip
-#define get_remote_port ssh_get_remote_port
-#define get_u16 ssh_get_u16
-#define get_u32 ssh_get_u32
-#define get_u64 ssh_get_u64
-#define getrrsetbyname ssh_getrrsetbyname
-#define host_hash ssh_host_hash
-#define hostfile_read_key ssh_hostfile_read_key
-#define hpdelim ssh_hpdelim
-#define init_rng ssh_init_rng
-#define ipv64_normalise_mapped ssh_ipv64_normalise_mapped
-#define kex_derive_keys ssh_kex_derive_keys
-#define kex_dh_hash ssh_kex_dh_hash
-#define kex_finish ssh_kex_finish
-#define kex_get_newkeys ssh_kex_get_newkeys
-#define kex_input_kexinit ssh_kex_input_kexinit
-#define kex_send_kexinit ssh_kex_send_kexinit
-#define kex_setup ssh_kex_setup
-#define kexdh_client ssh_kexdh_client
-#define kexgex_client ssh_kexgex_client
-#define kexgex_hash ssh_kexgex_hash
-#define key_demote ssh_key_demote
-#define key_equal ssh_key_equal
-#define key_fingerprint ssh_key_fingerprint
-#define key_fingerprint_raw ssh_key_fingerprint_raw
-#define key_free ssh_key_free
-#define key_from_blob ssh_key_from_blob
-#define key_from_private ssh_key_from_private
-#define key_generate ssh_key_generate
-#define key_load_private ssh_key_load_private
-#define key_load_private_pem ssh_key_load_private_pem
-#define key_load_private_type ssh_key_load_private_type
-#define key_load_public ssh_key_load_public
-#define key_load_public_type ssh_key_load_public_type
-#define key_names_valid2 ssh_key_names_valid2
-#define key_new ssh_key_new
-#define key_new_private ssh_key_new_private
-#define key_perm_ok ssh_key_perm_ok
-#define key_read ssh_key_read
-#define key_save_private ssh_key_save_private
-#define key_sign ssh_key_sign
-#define key_size ssh_key_size
-#define key_ssh_name ssh_key_ssh_name
-#define key_to_blob ssh_key_to_blob
-#define key_type ssh_key_type
-#define key_type_from_name ssh_key_type_from_name
-#define key_verify ssh_key_verify
-#define key_write ssh_key_write
-#define log_facility_number ssh_log_facility_number
-#define log_init ssh_log_init
-#define log_level_number ssh_log_level_number
-#define lookup_key_in_hostfile_by_type ssh_lookup_key_in_hostfile_by_type
-#define mac_compute ssh_mac_compute
-#define mac_init ssh_mac_init
-#define mac_valid ssh_mac_valid
-#define match_host_and_ip ssh_match_host_and_ip
-#define match_hostname ssh_match_hostname
-#define match_list ssh_match_list
-#define match_pattern ssh_match_pattern
-#define match_pattern_list ssh_match_pattern_list
-#define match_user ssh_match_user
-#define mm_receive_fd ssh_mm_receive_fd
-#define mm_send_fd ssh_mm_send_fd
-#define mysignal ssh_mysignal
-#define packet_add_padding ssh_packet_add_padding
-#define packet_close ssh_packet_close
-#define packet_connection_is_ipv4 ssh_packet_connection_is_ipv4
-#define packet_connection_is_on_socket ssh_packet_connection_is_on_socket
-#define packet_disconnect ssh_packet_disconnect
-#define packet_get_bignum ssh_packet_get_bignum
-#define packet_get_bignum2 ssh_packet_get_bignum2
-#define packet_get_char ssh_packet_get_char
-#define packet_get_connection_in ssh_packet_get_connection_in
-#define packet_get_connection_out ssh_packet_get_connection_out
-#define packet_get_encryption_key ssh_packet_get_encryption_key
-#define packet_get_int ssh_packet_get_int
-#define packet_get_keycontext ssh_packet_get_keycontext
-#define packet_get_keyiv ssh_packet_get_keyiv
-#define packet_get_keyiv_len ssh_packet_get_keyiv_len
-#define packet_get_protocol_flags ssh_packet_get_protocol_flags
-#define packet_get_raw ssh_packet_get_raw
-#define packet_get_ssh1_cipher ssh_packet_get_ssh1_cipher
-#define packet_get_state ssh_packet_get_state
-#define packet_get_string ssh_packet_get_string
-#define packet_have_data_to_write ssh_packet_have_data_to_write
-#define packet_is_interactive ssh_packet_is_interactive
-#define packet_need_rekeying ssh_packet_need_rekeying
-#define packet_not_very_much_data_to_write ssh_packet_not_very_much_data_to_write
-#define packet_process_incoming ssh_packet_process_incoming
-#define packet_put_bignum ssh_packet_put_bignum
-#define packet_put_bignum2 ssh_packet_put_bignum2
-#define packet_put_char ssh_packet_put_char
-#define packet_put_cstring ssh_packet_put_cstring
-#define packet_put_int ssh_packet_put_int
-#define packet_put_raw ssh_packet_put_raw
-#define packet_put_string ssh_packet_put_string
-#define packet_read ssh_packet_read
-#define packet_read_expect ssh_packet_read_expect
-#define packet_read_poll ssh_packet_read_poll
-#define packet_read_poll_seqnr ssh_packet_read_poll_seqnr
-#define packet_read_seqnr ssh_packet_read_seqnr
-#define packet_remaining ssh_packet_remaining
-#define packet_send ssh_packet_send
-#define packet_send_debug ssh_packet_send_debug
-#define packet_send_ignore ssh_packet_send_ignore
-#define packet_set_authenticated ssh_packet_set_authenticated
-#define packet_set_connection ssh_packet_set_connection
-#define packet_set_encryption_key ssh_packet_set_encryption_key
-#define packet_set_interactive ssh_packet_set_interactive
-#define packet_set_iv ssh_packet_set_iv
-#define packet_set_keycontext ssh_packet_set_keycontext
-#define packet_set_maxsize ssh_packet_set_maxsize
-#define packet_set_nonblocking ssh_packet_set_nonblocking
-#define packet_set_protocol_flags ssh_packet_set_protocol_flags
-#define packet_set_rekey_limit ssh_packet_set_rekey_limit
-#define packet_set_server ssh_packet_set_server
-#define packet_set_state ssh_packet_set_state
-#define packet_start ssh_packet_start
-#define packet_start_compression ssh_packet_start_compression
-#define packet_write_poll ssh_packet_write_poll
-#define packet_write_wait ssh_packet_write_wait
-#define percent_expand ssh_percent_expand
-#define permanently_drop_suid ssh_permanently_drop_suid
-#define permanently_set_uid ssh_permanently_set_uid
-#define prime_test ssh_prime_test
-#define proto_spec ssh_proto_spec
-#define put_host_port ssh_put_host_port
-#define put_u16 ssh_put_u16
-#define put_u32 ssh_put_u32
-#define put_u64 ssh_put_u64
-#define pwcopy ssh_pwcopy
-#define read_keyfile_line ssh_read_keyfile_line
-#define read_passphrase ssh_read_passphrase
-#define refresh_progress_meter ssh_refresh_progress_meter
-#define replacearg ssh_replacearg
-#define restore_uid ssh_restore_uid
-#define rijndael_decrypt ssh_rijndael_decrypt
-#define rijndael_encrypt ssh_rijndael_encrypt
-#define rijndael_set_key ssh_rijndael_set_key
-#define rsa_generate_additional_parameters ssh_rsa_generate_additional_parameters
-#define rsa_private_decrypt ssh_rsa_private_decrypt
-#define rsa_public_encrypt ssh_rsa_public_encrypt
-#define sanitise_stdfd ssh_sanitise_stdfd
-#define seed_rng ssh_seed_rng
-#define set_newkeys ssh_set_newkeys
-#define set_nodelay ssh_set_nodelay
-#define set_nonblock ssh_set_nonblock
-#define shadow_pw ssh_shadow_pw
-#define sigdie ssh_sigdie
-#define ssh1_3des_iv ssh_ssh1_3des_iv
-#define start_progress_meter ssh_start_progress_meter
-#define stop_progress_meter ssh_stop_progress_meter
-#define strdelim ssh_strdelim
-#define strnvis ssh_strnvis
-#define strvis ssh_strvis
-#define strvisx ssh_strvisx
-#define sys_tun_open ssh_sys_tun_open
-#define temporarily_use_uid ssh_temporarily_use_uid
-#define tilde_expand_filename ssh_tilde_expand_filename
-#define tohex ssh_tohex
-#define tty_make_modes ssh_tty_make_modes
-#define tty_parse_modes ssh_tty_parse_modes
-#define tun_open ssh_tun_open
-#define unset_nonblock ssh_unset_nonblock
-#define uudecode ssh_uudecode
-#define uuencode ssh_uuencode
-#define verify_host_key_dns ssh_verify_host_key_dns
-#define vis ssh_vis
-#define x11_connect_display ssh_x11_connect_display
-#define x11_create_display_inet ssh_x11_create_display_inet
-#define x11_input_open ssh_x11_input_open
-#define x11_request_forwarding_with_spoofing ssh_x11_request_forwarding_with_spoofing
-#define xasprintf ssh_xasprintf
-#define xcalloc ssh_xcalloc
-#define xcrypt ssh_xcrypt
-#define xfree ssh_xfree
-#define xmalloc ssh_xmalloc
-#define xmmap ssh_xmmap
-#define xrealloc ssh_xrealloc
-#define xstrdup ssh_xstrdup
Deleted: vendor-crypto/openssh/dist/ssh_prng_cmds.in
===================================================================
--- vendor-crypto/openssh/dist/ssh_prng_cmds.in 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/ssh_prng_cmds.in 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,75 +0,0 @@
-# entropy gathering commands
-
-# Format is: "program-name args" path rate
-
-# The "rate" represents the number of bits of usuable entropy per
-# byte of command output. Be conservative.
-#
-# $Id: ssh_prng_cmds.in,v 1.1.1.2 2006-02-25 02:34:25 laffer1 Exp $
-
-"ls -alni /var/log" @PROG_LS@ 0.02
-"ls -alni /var/adm" @PROG_LS@ 0.02
-"ls -alni /usr/adm" @PROG_LS@ 0.02
-"ls -alni /var/mail" @PROG_LS@ 0.02
-"ls -alni /usr/mail" @PROG_LS@ 0.02
-"ls -alni /var/adm/syslog" @PROG_LS@ 0.02
-"ls -alni /usr/adm/syslog" @PROG_LS@ 0.02
-"ls -alni /var/spool/mail" @PROG_LS@ 0.02
-"ls -alni /proc" @PROG_LS@ 0.02
-"ls -alni /tmp" @PROG_LS@ 0.02
-"ls -alni /var/tmp" @PROG_LS@ 0.02
-"ls -alni /usr/tmp" @PROG_LS@ 0.02
-"ls -alTi /var/log" @PROG_LS@ 0.02
-"ls -alTi /var/adm" @PROG_LS@ 0.02
-"ls -alTi /var/mail" @PROG_LS@ 0.02
-"ls -alTi /var/adm/syslog" @PROG_LS@ 0.02
-"ls -alTi /var/spool/mail" @PROG_LS@ 0.02
-"ls -alTi /proc" @PROG_LS@ 0.02
-"ls -alTi /tmp" @PROG_LS@ 0.02
-"ls -alTi /var/tmp" @PROG_LS@ 0.02
-"ls -alTi /usr/tmp" @PROG_LS@ 0.02
-
-"netstat -an" @PROG_NETSTAT@ 0.05
-"netstat -in" @PROG_NETSTAT@ 0.05
-"netstat -rn" @PROG_NETSTAT@ 0.02
-"netstat -pn" @PROG_NETSTAT@ 0.02
-"netstat -ia" @PROG_NETSTAT@ 0.05
-"netstat -s" @PROG_NETSTAT@ 0.02
-"netstat -is" @PROG_NETSTAT@ 0.07
-
-"arp -n -a" @PROG_ARP@ 0.02
-
-"ifconfig -a" @PROG_IFCONFIG@ 0.02
-
-"ps laxww" @PROG_PS@ 0.03
-"ps -al" @PROG_PS@ 0.03
-"ps -efl" @PROG_PS@ 0.03
-"jstat" @PROG_JSTAT@ 0.07
-
-"w" @PROG_W@ 0.05
-
-"who -i" @PROG_WHO@ 0.01
-
-"last" @PROG_LAST@ 0.01
-
-"lastlog" @PROG_LASTLOG@ 0.01
-
-"df" @PROG_DF@ 0.01
-"df -i" @PROG_DF@ 0.01
-
-"sar -d" @PROG_SAR@ 0.04
-
-"vmstat" @PROG_VMSTAT@ 0.01
-"uptime" @PROG_UPTIME@ 0.01
-
-"ipcs -a" @PROG_IPCS@ 0.01
-
-"tail -200 /var/log/messages" @PROG_TAIL@ 0.01
-"tail -200 /var/log/syslog" @PROG_TAIL@ 0.01
-"tail -200 /var/adm/messages" @PROG_TAIL@ 0.01
-"tail -200 /var/adm/syslog" @PROG_TAIL@ 0.01
-"tail -200 /var/adm/syslog/syslog.log" @PROG_TAIL@ 0.01
-"tail -200 /var/log/maillog" @PROG_TAIL@ 0.01
-"tail -200 /var/adm/maillog" @PROG_TAIL@ 0.01
-"tail -200 /var/adm/syslog/mail.log" @PROG_TAIL@ 0.01
-
Modified: vendor-crypto/openssh/dist/sshconnect.c
===================================================================
--- vendor-crypto/openssh/dist/sshconnect.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/sshconnect.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.232 2011/01/16 11:50:36 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.238 2013/05/17 00:13:14 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -89,6 +89,13 @@
pid_t pid;
char *shell, strport[NI_MAXSERV];
+ if (!strcmp(proxy_command, "-")) {
+ packet_set_connection(STDIN_FILENO, STDOUT_FILENO);
+ packet_set_timeout(options.server_alive_interval,
+ options.server_alive_count_max);
+ return 0;
+ }
+
if ((shell = getenv("SHELL")) == NULL || *shell == '\0')
shell = _PATH_BSHELL;
@@ -105,7 +112,7 @@
xasprintf(&tmp, "exec %s", proxy_command);
command_string = percent_expand(tmp, "h", host, "p", strport,
"r", options.user, (char *)NULL);
- xfree(tmp);
+ free(tmp);
/* Create pipes for communicating with the proxy. */
if (pipe(pin) < 0 || pipe(pout) < 0)
@@ -159,7 +166,7 @@
close(pout[1]);
/* Free the command name. */
- xfree(command_string);
+ free(command_string);
/* Set the connection file descriptors. */
packet_set_connection(pout[0], pin[1]);
@@ -308,7 +315,7 @@
fatal("Bogus return (%d) from select()", rc);
}
- xfree(fdset);
+ free(fdset);
done:
if (result == 0 && *timeoutp > 0) {
@@ -429,6 +436,24 @@
return 0;
}
+static void
+send_client_banner(int connection_out, int minor1)
+{
+ /* Send our own protocol version identification. */
+ if (compat20) {
+ xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n",
+ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION);
+ } else {
+ xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n",
+ PROTOCOL_MAJOR_1, minor1, SSH_VERSION);
+ }
+ if (roaming_atomicio(vwrite, connection_out, client_version_string,
+ strlen(client_version_string)) != strlen(client_version_string))
+ fatal("write: %.100s", strerror(errno));
+ chop(client_version_string);
+ debug("Local version string %.100s", client_version_string);
+}
+
/*
* Waits for the server identification string, and sends our own
* identification string.
@@ -440,7 +465,7 @@
int remote_major, remote_minor, mismatch;
int connection_in = packet_get_connection_in();
int connection_out = packet_get_connection_out();
- int minor1 = PROTOCOL_MINOR_1;
+ int minor1 = PROTOCOL_MINOR_1, client_banner_sent = 0;
u_int i, n;
size_t len;
int fdsetsz, remaining, rc;
@@ -450,6 +475,16 @@
fdsetsz = howmany(connection_in + 1, NFDBITS) * sizeof(fd_mask);
fdset = xcalloc(1, fdsetsz);
+ /*
+ * If we are SSH2-only then we can send the banner immediately and
+ * save a round-trip.
+ */
+ if (options.protocol == SSH_PROTO_2) {
+ enable_compat20();
+ send_client_banner(connection_out, 0);
+ client_banner_sent = 1;
+ }
+
/* Read other side's version identification. */
remaining = timeout_ms;
for (n = 0;;) {
@@ -499,7 +534,7 @@
debug("ssh_exchange_identification: %s", buf);
}
server_version_string = xstrdup(buf);
- xfree(fdset);
+ free(fdset);
/*
* Check that the versions match. In future this might accept
@@ -552,18 +587,9 @@
fatal("Protocol major versions differ: %d vs. %d",
(options.protocol & SSH_PROTO_2) ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1,
remote_major);
- /* Send our own protocol version identification. */
- snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s",
- compat20 ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1,
- compat20 ? PROTOCOL_MINOR_2 : minor1,
- SSH_VERSION, compat20 ? "\r\n" : "\n");
- if (roaming_atomicio(vwrite, connection_out, buf, strlen(buf))
- != strlen(buf))
- fatal("write: %.100s", strerror(errno));
- client_version_string = xstrdup(buf);
- chop(client_version_string);
+ if (!client_banner_sent)
+ send_client_banner(connection_out, minor1);
chop(server_version_string);
- debug("Local version string %.100s", client_version_string);
}
/* defaults to 'no' */
@@ -584,8 +610,7 @@
ret = 0;
if (p && strncasecmp(p, "yes", 3) == 0)
ret = 1;
- if (p)
- xfree(p);
+ free(p);
if (ret != -1)
return ret;
}
@@ -683,7 +708,7 @@
/*
* check whether the supplied host key is valid, return -1 if the key
- * is not valid. the user_hostfile will not be updated if 'readonly' is true.
+ * is not valid. user_hostfile[0] will not be updated if 'readonly' is true.
*/
#define RDRW 0
#define RDONLY 1
@@ -690,21 +715,23 @@
#define ROQUIET 2
static int
check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
- Key *host_key, int readonly, char *user_hostfile,
- char *system_hostfile)
+ Key *host_key, int readonly,
+ char **user_hostfiles, u_int num_user_hostfiles,
+ char **system_hostfiles, u_int num_system_hostfiles)
{
+ HostStatus host_status;
+ HostStatus ip_status;
Key *raw_key = NULL;
- const char *type;
char *ip = NULL, *host = NULL;
char hostline[1000], *hostp, *fp, *ra;
- HostStatus host_status;
- HostStatus ip_status;
- int r, want_cert = key_is_cert(host_key), host_ip_differ = 0;
- int local = sockaddr_is_local(hostaddr);
char msg[1024];
+ const char *type;
+ const struct hostkey_entry *host_found, *ip_found;
int len, cancelled_forwarding = 0;
+ int local = sockaddr_is_local(hostaddr);
+ int r, want_cert = key_is_cert(host_key), host_ip_differ = 0;
struct hostkeys *host_hostkeys, *ip_hostkeys;
- const struct hostkey_entry *host_found, *ip_found;
+ u_int i;
/*
* Force accepting of the host key for loopback/localhost. The
@@ -736,14 +763,18 @@
options.check_host_ip = 0;
host_hostkeys = init_hostkeys();
- load_hostkeys(host_hostkeys, host, user_hostfile);
- load_hostkeys(host_hostkeys, host, system_hostfile);
+ for (i = 0; i < num_user_hostfiles; i++)
+ load_hostkeys(host_hostkeys, host, user_hostfiles[i]);
+ for (i = 0; i < num_system_hostfiles; i++)
+ load_hostkeys(host_hostkeys, host, system_hostfiles[i]);
ip_hostkeys = NULL;
if (!want_cert && options.check_host_ip) {
ip_hostkeys = init_hostkeys();
- load_hostkeys(ip_hostkeys, ip, user_hostfile);
- load_hostkeys(ip_hostkeys, ip, system_hostfile);
+ for (i = 0; i < num_user_hostfiles; i++)
+ load_hostkeys(ip_hostkeys, ip, user_hostfiles[i]);
+ for (i = 0; i < num_system_hostfiles; i++)
+ load_hostkeys(ip_hostkeys, ip, system_hostfiles[i]);
}
retry:
@@ -788,11 +819,12 @@
logit("%s host key for IP address "
"'%.128s' not in list of known hosts.",
type, ip);
- else if (!add_host_to_hostfile(user_hostfile, ip,
+ else if (!add_host_to_hostfile(user_hostfiles[0], ip,
host_key, options.hash_known_hosts))
logit("Failed to add the %s host key for IP "
"address '%.128s' to the list of known "
- "hosts (%.30s).", type, ip, user_hostfile);
+ "hosts (%.30s).", type, ip,
+ user_hostfiles[0]);
else
logit("Warning: Permanently added the %s host "
"key for IP address '%.128s' to the list "
@@ -802,8 +834,8 @@
ra = key_fingerprint(host_key, SSH_FP_MD5,
SSH_FP_RANDOMART);
logit("Host key fingerprint is %s\n%s\n", fp, ra);
- xfree(ra);
- xfree(fp);
+ free(ra);
+ free(fp);
}
break;
case HOST_NEW:
@@ -811,7 +843,8 @@
port != SSH_DEFAULT_PORT) {
debug("checking without port identifier");
if (check_host_key(hostname, hostaddr, 0, host_key,
- ROQUIET, user_hostfile, system_hostfile) == 0) {
+ ROQUIET, user_hostfiles, num_user_hostfiles,
+ system_hostfiles, num_system_hostfiles) == 0) {
debug("found matching key w/out port");
break;
}
@@ -862,8 +895,8 @@
options.visual_host_key ? "\n" : "",
options.visual_host_key ? ra : "",
msg2);
- xfree(ra);
- xfree(fp);
+ free(ra);
+ free(fp);
if (!confirm(msg))
goto fail;
}
@@ -876,25 +909,25 @@
hostp = hostline;
if (options.hash_known_hosts) {
/* Add hash of host and IP separately */
- r = add_host_to_hostfile(user_hostfile, host,
- host_key, options.hash_known_hosts) &&
- add_host_to_hostfile(user_hostfile, ip,
+ r = add_host_to_hostfile(user_hostfiles[0],
+ host, host_key, options.hash_known_hosts) &&
+ add_host_to_hostfile(user_hostfiles[0], ip,
host_key, options.hash_known_hosts);
} else {
/* Add unhashed "host,ip" */
- r = add_host_to_hostfile(user_hostfile,
+ r = add_host_to_hostfile(user_hostfiles[0],
hostline, host_key,
options.hash_known_hosts);
}
} else {
- r = add_host_to_hostfile(user_hostfile, host, host_key,
- options.hash_known_hosts);
+ r = add_host_to_hostfile(user_hostfiles[0], host,
+ host_key, options.hash_known_hosts);
hostp = host;
}
if (!r)
logit("Failed to add the host to the list of known "
- "hosts (%.500s).", user_hostfile);
+ "hosts (%.500s).", user_hostfiles[0]);
else
logit("Warning: Permanently added '%.200s' (%s) to the "
"list of known hosts.", hostp, type);
@@ -955,7 +988,7 @@
/* The host key has changed. */
warn_changed_key(host_key);
error("Add correct host key in %.100s to get rid of this message.",
- user_hostfile);
+ user_hostfiles[0]);
error("Offending %s key in %s:%lu", key_type(host_found->key),
host_found->file, host_found->line);
@@ -1064,8 +1097,8 @@
}
}
- xfree(ip);
- xfree(host);
+ free(ip);
+ free(host);
if (host_hostkeys != NULL)
free_hostkeys(host_hostkeys);
if (ip_hostkeys != NULL)
@@ -1087,8 +1120,8 @@
}
if (raw_key != NULL)
key_free(raw_key);
- xfree(ip);
- xfree(host);
+ free(ip);
+ free(host);
if (host_hostkeys != NULL)
free_hostkeys(host_hostkeys);
if (ip_hostkeys != NULL)
@@ -1100,18 +1133,16 @@
int
verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key)
{
- struct stat st;
int flags = 0;
char *fp;
fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
debug("Server host key: %s %s", key_type(host_key), fp);
- xfree(fp);
+ free(fp);
/* XXX certs are not yet supported for DNS */
if (!key_is_cert(host_key) && options.verify_host_key_dns &&
verify_host_key_dns(host, hostaddr, host_key, &flags) == 0) {
-
if (flags & DNS_VERIFY_FOUND) {
if (options.verify_host_key_dns == 1 &&
@@ -1129,16 +1160,9 @@
}
}
- /* return ok if the key can be found in an old keyfile */
- if (stat(options.system_hostfile2, &st) == 0 ||
- stat(options.user_hostfile2, &st) == 0) {
- if (check_host_key(host, hostaddr, options.port, host_key,
- RDONLY, options.user_hostfile2,
- options.system_hostfile2) == 0)
- return 0;
- }
- return check_host_key(host, hostaddr, options.port, host_key,
- RDRW, options.user_hostfile, options.system_hostfile);
+ return check_host_key(host, hostaddr, options.port, host_key, RDRW,
+ options.user_hostfiles, options.num_user_hostfiles,
+ options.system_hostfiles, options.num_system_hostfiles);
}
/*
@@ -1179,7 +1203,7 @@
ssh_kex(host, hostaddr);
ssh_userauth1(local_user, server_user, host, sensitive);
}
- xfree(local_user);
+ free(local_user);
}
void
@@ -1197,7 +1221,7 @@
strlcpy(padded, password, size);
packet_put_string(padded, size);
memset(padded, 0, size);
- xfree(padded);
+ free(padded);
}
/* print all known host keys for a given host, but skip keys of given type */
@@ -1224,8 +1248,8 @@
key_type(found->key), fp);
if (options.visual_host_key)
logit("%s", ra);
- xfree(ra);
- xfree(fp);
+ free(ra);
+ free(fp);
ret = 1;
}
return ret;
@@ -1248,7 +1272,7 @@
key_type(host_key), fp);
error("Please contact your system administrator.");
- xfree(fp);
+ free(fp);
}
/*
Property changes on: vendor-crypto/openssh/dist/sshconnect.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.8
\ No newline at end of property
Index: vendor-crypto/openssh/dist/sshconnect.h
===================================================================
--- vendor-crypto/openssh/dist/sshconnect.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/sshconnect.h 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/sshconnect.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/sshconnect1.c
===================================================================
--- vendor-crypto/openssh/dist/sshconnect1.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/sshconnect1.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect1.c,v 1.70 2006/11/06 21:25:28 markus Exp $ */
+/* $OpenBSD: sshconnect1.c,v 1.71 2013/05/17 00:13:14 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -84,7 +84,7 @@
/* Try this identity. */
debug("Trying RSA authentication via agent with '%.100s'", comment);
- xfree(comment);
+ free(comment);
/* Tell the server that we are willing to authenticate using this key. */
packet_start(SSH_CMSG_AUTH_RSA);
@@ -231,7 +231,7 @@
*/
if (type == SSH_SMSG_FAILURE) {
debug("Server refused our key.");
- xfree(comment);
+ free(comment);
return 0;
}
/* Otherwise, the server should respond with a challenge. */
@@ -270,7 +270,7 @@
quit = 1;
}
memset(passphrase, 0, strlen(passphrase));
- xfree(passphrase);
+ free(passphrase);
if (private != NULL || quit)
break;
debug2("bad passphrase given, try again...");
@@ -277,7 +277,7 @@
}
}
/* We no longer need the comment. */
- xfree(comment);
+ free(comment);
if (private == NULL) {
if (!options.batch_mode && perm_ok)
@@ -412,7 +412,7 @@
packet_check_eom();
snprintf(prompt, sizeof prompt, "%s%s", challenge,
strchr(challenge, '\n') ? "" : "\nResponse: ");
- xfree(challenge);
+ free(challenge);
if (i != 0)
error("Permission denied, please try again.");
if (options.cipher == SSH_CIPHER_NONE)
@@ -420,13 +420,13 @@
"Response will be transmitted in clear text.");
response = read_passphrase(prompt, 0);
if (strcmp(response, "") == 0) {
- xfree(response);
+ free(response);
break;
}
packet_start(SSH_CMSG_AUTH_TIS_RESPONSE);
ssh_put_password(response);
memset(response, 0, strlen(response));
- xfree(response);
+ free(response);
packet_send();
packet_write_wait();
type = packet_read();
@@ -459,7 +459,7 @@
packet_start(SSH_CMSG_AUTH_PASSWORD);
ssh_put_password(password);
memset(password, 0, strlen(password));
- xfree(password);
+ free(password);
packet_send();
packet_write_wait();
Property changes on: vendor-crypto/openssh/dist/sshconnect1.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/sshconnect2.c
===================================================================
--- vendor-crypto/openssh/dist/sshconnect2.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/sshconnect2.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.186 2010/11/29 23:45:51 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.198 2013/06/05 12:52:38 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -40,7 +40,7 @@
#include <stdio.h>
#include <string.h>
#include <unistd.h>
-#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H)
+#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H) && !defined(BROKEN_STRNVIS)
#include <vis.h>
#endif
@@ -109,14 +109,15 @@
size_t maxlen;
struct hostkeys *hostkeys;
int ktype;
+ u_int i;
/* Find all hostkeys for this hostname */
get_hostfile_hostname_ipaddr(host, hostaddr, port, &hostname, NULL);
hostkeys = init_hostkeys();
- load_hostkeys(hostkeys, hostname, options.user_hostfile2);
- load_hostkeys(hostkeys, hostname, options.system_hostfile2);
- load_hostkeys(hostkeys, hostname, options.user_hostfile);
- load_hostkeys(hostkeys, hostname, options.system_hostfile);
+ for (i = 0; i < options.num_user_hostfiles; i++)
+ load_hostkeys(hostkeys, hostname, options.user_hostfiles[i]);
+ for (i = 0; i < options.num_system_hostfiles; i++)
+ load_hostkeys(hostkeys, hostname, options.system_hostfiles[i]);
oavail = avail = xstrdup(KEX_DEFAULT_PK_ALG);
maxlen = strlen(avail) + 1;
@@ -145,10 +146,10 @@
if (*first != '\0')
debug3("%s: prefer hostkeyalgs: %s", __func__, first);
- xfree(first);
- xfree(last);
- xfree(hostname);
- xfree(oavail);
+ free(first);
+ free(last);
+ free(hostname);
+ free(oavail);
free_hostkeys(hostkeys);
return ret;
@@ -196,8 +197,9 @@
if (options.kex_algorithms != NULL)
myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
- if (options.rekey_limit)
- packet_set_rekey_limit((u_int32_t)options.rekey_limit);
+ if (options.rekey_limit || options.rekey_interval)
+ packet_set_rekey_limits((u_int32_t)options.rekey_limit,
+ (time_t)options.rekey_interval);
/* start key exchange */
kex = kex_setup(myproposal);
@@ -247,6 +249,7 @@
char *filename; /* comment for agent-only keys */
int tried;
int isprivate; /* key points to the private key */
+ int userprovided;
};
TAILQ_HEAD(idlist, identity);
@@ -311,7 +314,7 @@
static int sign_and_send_pubkey(Authctxt *, Identity *);
static void pubkey_prepare(Authctxt *);
static void pubkey_cleanup(Authctxt *);
-static Key *load_identity_file(char *);
+static Key *load_identity_file(char *, int);
static Authmethod *authmethod_get(char *authlist);
static Authmethod *authmethod_lookup(const char *name);
@@ -381,7 +384,7 @@
if (packet_remaining() > 0) {
char *reply = packet_get_string(NULL);
debug2("service_accept: %s", reply);
- xfree(reply);
+ free(reply);
} else {
debug2("buggy server: service_accept w/o service");
}
@@ -428,15 +431,12 @@
if (authctxt->method != NULL && authctxt->method->cleanup != NULL)
authctxt->method->cleanup(authctxt);
- if (authctxt->methoddata) {
- xfree(authctxt->methoddata);
- authctxt->methoddata = NULL;
- }
+ free(authctxt->methoddata);
+ authctxt->methoddata = NULL;
if (authlist == NULL) {
authlist = authctxt->authlist;
} else {
- if (authctxt->authlist)
- xfree(authctxt->authlist);
+ free(authctxt->authlist);
authctxt->authlist = authlist;
}
for (;;) {
@@ -484,10 +484,10 @@
msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */
strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL|VIS_NOSLASH);
fprintf(stderr, "%s", msg);
- xfree(msg);
+ free(msg);
}
- xfree(raw);
- xfree(lang);
+ free(raw);
+ free(lang);
}
/* ARGSUSED */
@@ -498,16 +498,12 @@
if (authctxt == NULL)
fatal("input_userauth_success: no authentication context");
- if (authctxt->authlist) {
- xfree(authctxt->authlist);
- authctxt->authlist = NULL;
- }
+ free(authctxt->authlist);
+ authctxt->authlist = NULL;
if (authctxt->method != NULL && authctxt->method->cleanup != NULL)
authctxt->method->cleanup(authctxt);
- if (authctxt->methoddata) {
- xfree(authctxt->methoddata);
- authctxt->methoddata = NULL;
- }
+ free(authctxt->methoddata);
+ authctxt->methoddata = NULL;
authctxt->success = 1; /* break out */
}
@@ -538,8 +534,12 @@
partial = packet_get_char();
packet_check_eom();
- if (partial != 0)
+ if (partial != 0) {
logit("Authenticated with partial success.");
+ /* reset state */
+ pubkey_cleanup(authctxt);
+ pubkey_prepare(authctxt);
+ }
debug("Authentications that can continue: %s", authlist);
userauth(authctxt, authlist);
@@ -592,7 +592,7 @@
}
fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
debug2("input_userauth_pk_ok: fp %s", fp);
- xfree(fp);
+ free(fp);
/*
* search keys in the reverse order, because last candidate has been
@@ -608,8 +608,8 @@
done:
if (key != NULL)
key_free(key);
- xfree(pkalg);
- xfree(pkblob);
+ free(pkalg);
+ free(pkblob);
/* try another method if we did not send a packet */
if (sent == 0)
@@ -747,7 +747,7 @@
if (oidlen <= 2 ||
oidv[0] != SSH_GSS_OIDTYPE ||
oidv[1] != oidlen - 2) {
- xfree(oidv);
+ free(oidv);
debug("Badly encoded mechanism OID received");
userauth(authctxt, NULL);
return;
@@ -758,7 +758,7 @@
packet_check_eom();
- xfree(oidv);
+ free(oidv);
if (GSS_ERROR(process_gssapi_token(ctxt, GSS_C_NO_BUFFER))) {
/* Start again with next method on list */
@@ -787,7 +787,7 @@
status = process_gssapi_token(ctxt, &recv_tok);
- xfree(recv_tok.value);
+ free(recv_tok.value);
if (GSS_ERROR(status)) {
/* Start again with the next method in the list */
@@ -804,7 +804,7 @@
Gssctxt *gssctxt;
gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
gss_buffer_desc recv_tok;
- OM_uint32 status, ms;
+ OM_uint32 ms;
u_int len;
if (authctxt == NULL)
@@ -817,10 +817,10 @@
packet_check_eom();
/* Stick it into GSSAPI and see what it says */
- status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,
+ (void)ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,
&recv_tok, &send_tok, NULL);
- xfree(recv_tok.value);
+ free(recv_tok.value);
gss_release_buffer(&ms, &send_tok);
/* Server will be returning a failed packet after this one */
@@ -830,12 +830,11 @@
void
input_gssapi_error(int type, u_int32_t plen, void *ctxt)
{
- OM_uint32 maj, min;
char *msg;
char *lang;
- maj=packet_get_int();
- min=packet_get_int();
+ /* maj */(void)packet_get_int();
+ /* min */(void)packet_get_int();
msg=packet_get_string(NULL);
lang=packet_get_string(NULL);
@@ -842,8 +841,8 @@
packet_check_eom();
debug("Server GSSAPI Error:\n%s", msg);
- xfree(msg);
- xfree(lang);
+ free(msg);
+ free(lang);
}
#endif /* GSSAPI */
@@ -884,7 +883,7 @@
packet_put_char(0);
packet_put_cstring(password);
memset(password, 0, strlen(password));
- xfree(password);
+ free(password);
packet_add_padding(64);
packet_send();
@@ -917,8 +916,8 @@
lang = packet_get_string(NULL);
if (strlen(info) > 0)
logit("%s", info);
- xfree(info);
- xfree(lang);
+ free(info);
+ free(lang);
packet_start(SSH2_MSG_USERAUTH_REQUEST);
packet_put_cstring(authctxt->server_user);
packet_put_cstring(authctxt->service);
@@ -930,7 +929,7 @@
password = read_passphrase(prompt, 0);
packet_put_cstring(password);
memset(password, 0, strlen(password));
- xfree(password);
+ free(password);
password = NULL;
while (password == NULL) {
snprintf(prompt, sizeof(prompt),
@@ -947,16 +946,16 @@
retype = read_passphrase(prompt, 0);
if (strcmp(password, retype) != 0) {
memset(password, 0, strlen(password));
- xfree(password);
+ free(password);
logit("Mismatch; try again, EOF to quit.");
password = NULL;
}
memset(retype, 0, strlen(retype));
- xfree(retype);
+ free(retype);
}
packet_put_cstring(password);
memset(password, 0, strlen(password));
- xfree(password);
+ free(password);
packet_add_padding(64);
packet_send();
@@ -1011,13 +1010,13 @@
bzero(password, strlen(password));
bzero(crypted, strlen(crypted));
- xfree(password);
- xfree(crypted);
+ free(password);
+ free(crypted);
if ((ret = BN_bin2bn(secret, secret_len, NULL)) == NULL)
fatal("%s: BN_bin2bn (secret)", __func__);
bzero(secret, secret_len);
- xfree(secret);
+ free(secret);
return ret;
}
@@ -1055,8 +1054,8 @@
pctx->s = jpake_password_to_secret(authctxt, crypt_scheme, salt);
bzero(crypt_scheme, strlen(crypt_scheme));
bzero(salt, strlen(salt));
- xfree(crypt_scheme);
- xfree(salt);
+ free(crypt_scheme);
+ free(salt);
JPAKE_DEBUG_BN((pctx->s, "%s: s = ", __func__));
/* Calculate step 2 values */
@@ -1071,8 +1070,8 @@
bzero(x3_proof, x3_proof_len);
bzero(x4_proof, x4_proof_len);
- xfree(x3_proof);
- xfree(x4_proof);
+ free(x3_proof);
+ free(x4_proof);
JPAKE_DEBUG_CTX((pctx, "step 2 sending in %s", __func__));
@@ -1083,7 +1082,7 @@
packet_send();
bzero(x2_s_proof, x2_s_proof_len);
- xfree(x2_s_proof);
+ free(x2_s_proof);
/* Expect step 2 packet from peer */
dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP2,
@@ -1123,7 +1122,7 @@
&pctx->h_k_cid_sessid, &pctx->h_k_cid_sessid_len);
bzero(x4_s_proof, x4_s_proof_len);
- xfree(x4_s_proof);
+ free(x4_s_proof);
JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__));
@@ -1185,7 +1184,7 @@
if (id->isprivate || (id->key->flags & KEY_FLAG_EXT))
return (key_sign(id->key, sigp, lenp, data, datalen));
/* load the private key from the file */
- if ((prv = load_identity_file(id->filename)) == NULL)
+ if ((prv = load_identity_file(id->filename, id->userprovided)) == NULL)
return (-1);
ret = key_sign(prv, sigp, lenp, data, datalen);
key_free(prv);
@@ -1205,7 +1204,7 @@
fp = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX);
debug3("sign_and_send_pubkey: %s %s", key_type(id->key), fp);
- xfree(fp);
+ free(fp);
if (key_to_blob(id->key, &blob, &bloblen) == 0) {
/* we cannot handle this key */
@@ -1240,7 +1239,7 @@
ret = identity_sign(id, &signature, &slen,
buffer_ptr(&b), buffer_len(&b));
if (ret == -1) {
- xfree(blob);
+ free(blob);
buffer_free(&b);
return 0;
}
@@ -1260,11 +1259,11 @@
buffer_put_cstring(&b, key_ssh_name(id->key));
buffer_put_string(&b, blob, bloblen);
}
- xfree(blob);
+ free(blob);
/* append signature */
buffer_put_string(&b, signature, slen);
- xfree(signature);
+ free(signature);
/* skip session id and packet type */
if (buffer_len(&b) < skip + 1)
@@ -1304,13 +1303,13 @@
if (!(datafellows & SSH_BUG_PKAUTH))
packet_put_cstring(key_ssh_name(id->key));
packet_put_string(blob, bloblen);
- xfree(blob);
+ free(blob);
packet_send();
return 1;
}
static Key *
-load_identity_file(char *filename)
+load_identity_file(char *filename, int userprovided)
{
Key *private;
char prompt[300], *passphrase;
@@ -1318,12 +1317,16 @@
struct stat st;
if (stat(filename, &st) < 0) {
- debug3("no such identity: %s", filename);
+ (userprovided ? logit : debug3)("no such identity: %s: %s",
+ filename, strerror(errno));
return NULL;
}
private = key_load_private_type(KEY_UNSPEC, filename, "", NULL, &perm_ok);
- if (!perm_ok)
+ if (!perm_ok) {
+ if (private != NULL)
+ key_free(private);
return NULL;
+ }
if (private == NULL) {
if (options.batch_mode)
return NULL;
@@ -1340,7 +1343,7 @@
quit = 1;
}
memset(passphrase, 0, strlen(passphrase));
- xfree(passphrase);
+ free(passphrase);
if (private != NULL || quit)
break;
debug2("bad passphrase given, try again...");
@@ -1358,7 +1361,7 @@
static void
pubkey_prepare(Authctxt *authctxt)
{
- Identity *id;
+ Identity *id, *id2, *tmp;
Idlist agent, files, *preferred;
Key *key;
AuthenticationConnection *ac;
@@ -1370,7 +1373,7 @@
preferred = &authctxt->keys;
TAILQ_INIT(preferred); /* preferred order of keys */
- /* list of keys stored in the filesystem */
+ /* list of keys stored in the filesystem and PKCS#11 */
for (i = 0; i < options.num_identity_files; i++) {
key = options.identity_keys[i];
if (key && key->type == KEY_RSA1)
@@ -1381,8 +1384,32 @@
id = xcalloc(1, sizeof(*id));
id->key = key;
id->filename = xstrdup(options.identity_files[i]);
+ id->userprovided = options.identity_file_userprovided[i];
TAILQ_INSERT_TAIL(&files, id, next);
}
+ /* Prefer PKCS11 keys that are explicitly listed */
+ TAILQ_FOREACH_SAFE(id, &files, next, tmp) {
+ if (id->key == NULL || (id->key->flags & KEY_FLAG_EXT) == 0)
+ continue;
+ found = 0;
+ TAILQ_FOREACH(id2, &files, next) {
+ if (id2->key == NULL ||
+ (id2->key->flags & KEY_FLAG_EXT) != 0)
+ continue;
+ if (key_equal(id->key, id2->key)) {
+ TAILQ_REMOVE(&files, id, next);
+ TAILQ_INSERT_TAIL(preferred, id, next);
+ found = 1;
+ break;
+ }
+ }
+ /* If IdentitiesOnly set and key not found then don't use it */
+ if (!found && options.identities_only) {
+ TAILQ_REMOVE(&files, id, next);
+ bzero(id, sizeof(*id));
+ free(id);
+ }
+ }
/* list of keys supported by the agent */
if ((ac = ssh_get_authentication_connection())) {
for (key = ssh_get_first_identity(ac, &comment, 2);
@@ -1393,7 +1420,7 @@
/* agent keys from the config file are preferred */
if (key_equal(key, id->key)) {
key_free(key);
- xfree(comment);
+ free(comment);
TAILQ_REMOVE(&files, id, next);
TAILQ_INSERT_TAIL(preferred, id, next);
id->ac = ac;
@@ -1422,7 +1449,8 @@
TAILQ_INSERT_TAIL(preferred, id, next);
}
TAILQ_FOREACH(id, preferred, next) {
- debug2("key: %s (%p)", id->filename, id->key);
+ debug2("key: %s (%p),%s", id->filename, id->key,
+ id->userprovided ? " explicit" : "");
}
}
@@ -1438,9 +1466,8 @@
TAILQ_REMOVE(&authctxt->keys, id, next);
if (id->key)
key_free(id->key);
- if (id->filename)
- xfree(id->filename);
- xfree(id);
+ free(id->filename);
+ free(id);
}
}
@@ -1467,7 +1494,8 @@
sent = send_pubkey_test(authctxt, id);
} else if (id->key == NULL) {
debug("Trying private key: %s", id->filename);
- id->key = load_identity_file(id->filename);
+ id->key = load_identity_file(id->filename,
+ id->userprovided);
if (id->key != NULL) {
id->isprivate = 1;
sent = sign_and_send_pubkey(authctxt, id);
@@ -1537,9 +1565,9 @@
logit("%s", name);
if (strlen(inst) > 0)
logit("%s", inst);
- xfree(name);
- xfree(inst);
- xfree(lang);
+ free(name);
+ free(inst);
+ free(lang);
num_prompts = packet_get_int();
/*
@@ -1560,8 +1588,8 @@
packet_put_cstring(response);
memset(response, 0, strlen(response));
- xfree(response);
- xfree(prompt);
+ free(response);
+ free(prompt);
}
packet_check_eom(); /* done with parsing incoming message. */
@@ -1681,12 +1709,12 @@
if (p == NULL) {
error("userauth_hostbased: cannot get local ipaddr/name");
key_free(private);
- xfree(blob);
+ free(blob);
return 0;
}
xasprintf(&chost, "%s.", p);
debug2("userauth_hostbased: chost %s", chost);
- xfree(p);
+ free(p);
service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
authctxt->service;
@@ -1715,9 +1743,9 @@
buffer_free(&b);
if (ok != 0) {
error("key_sign failed");
- xfree(chost);
- xfree(pkalg);
- xfree(blob);
+ free(chost);
+ free(pkalg);
+ free(blob);
return 0;
}
packet_start(SSH2_MSG_USERAUTH_REQUEST);
@@ -1730,10 +1758,10 @@
packet_put_cstring(authctxt->local_user);
packet_put_string(signature, slen);
memset(signature, 's', slen);
- xfree(signature);
- xfree(chost);
- xfree(pkalg);
- xfree(blob);
+ free(signature);
+ free(chost);
+ free(pkalg);
+ free(blob);
packet_send();
return 1;
@@ -1788,8 +1816,8 @@
bzero(x1_proof, x1_proof_len);
bzero(x2_proof, x2_proof_len);
- xfree(x1_proof);
- xfree(x2_proof);
+ free(x1_proof);
+ free(x2_proof);
/* Expect step 1 packet from peer */
dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1,
@@ -1866,8 +1894,7 @@
if (supported == NULL || strcmp(authlist, supported) != 0) {
debug3("start over, passed a different list %s", authlist);
- if (supported != NULL)
- xfree(supported);
+ free(supported);
supported = xstrdup(authlist);
preferred = options.preferred_authentications;
debug3("preferred %s", preferred);
@@ -1888,8 +1915,10 @@
authmethod_is_enabled(current)) {
debug3("authmethod_is_enabled %s", name);
debug("Next authentication method: %s", name);
+ free(name);
return current;
}
+ free(name);
}
}
Property changes on: vendor-crypto/openssh/dist/sshconnect2.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.7
\ No newline at end of property
Added: vendor-crypto/openssh/dist/sshd.0
===================================================================
--- vendor-crypto/openssh/dist/sshd.0 (rev 0)
+++ vendor-crypto/openssh/dist/sshd.0 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,640 @@
+SSHD(8) OpenBSD System Manager's Manual SSHD(8)
+
+NAME
+ sshd - OpenSSH SSH daemon
+
+SYNOPSIS
+ sshd [-46DdeiqTt] [-b bits] [-C connection_spec]
+ [-c host_certificate_file] [-E log_file] [-f config_file]
+ [-g login_grace_time] [-h host_key_file] [-k key_gen_time]
+ [-o option] [-p port] [-u len]
+
+DESCRIPTION
+ sshd (OpenSSH Daemon) is the daemon program for ssh(1). Together these
+ programs replace rlogin(1) and rsh(1), and provide secure encrypted
+ communications between two untrusted hosts over an insecure network.
+
+ sshd listens for connections from clients. It is normally started at
+ boot from /etc/rc. It forks a new daemon for each incoming connection.
+ The forked daemons handle key exchange, encryption, authentication,
+ command execution, and data exchange.
+
+ sshd can be configured using command-line options or a configuration file
+ (by default sshd_config(5)); command-line options override values
+ specified in the configuration file. sshd rereads its configuration file
+ when it receives a hangup signal, SIGHUP, by executing itself with the
+ name and options it was started with, e.g. /usr/sbin/sshd.
+
+ The options are as follows:
+
+ -4 Forces sshd to use IPv4 addresses only.
+
+ -6 Forces sshd to use IPv6 addresses only.
+
+ -b bits
+ Specifies the number of bits in the ephemeral protocol version 1
+ server key (default 1024).
+
+ -C connection_spec
+ Specify the connection parameters to use for the -T extended test
+ mode. If provided, any Match directives in the configuration
+ file that would apply to the specified user, host, and address
+ will be set before the configuration is written to standard
+ output. The connection parameters are supplied as keyword=value
+ pairs. The keywords are ``user'', ``host'', ``laddr'',
+ ``lport'', and ``addr''. All are required and may be supplied in
+ any order, either with multiple -C options or as a comma-
+ separated list.
+
+ -c host_certificate_file
+ Specifies a path to a certificate file to identify sshd during
+ key exchange. The certificate file must match a host key file
+ specified using the -h option or the HostKey configuration
+ directive.
+
+ -D When this option is specified, sshd will not detach and does not
+ become a daemon. This allows easy monitoring of sshd.
+
+ -d Debug mode. The server sends verbose debug output to standard
+ error, and does not put itself in the background. The server
+ also will not fork and will only process one connection. This
+ option is only intended for debugging for the server. Multiple
+ -d options increase the debugging level. Maximum is 3.
+
+ -E log_file
+ Append debug logs to log_file instead of the system log.
+
+ -e Write debug logs to standard error instead of the system log.
+
+ -f config_file
+ Specifies the name of the configuration file. The default is
+ /etc/ssh/sshd_config. sshd refuses to start if there is no
+ configuration file.
+
+ -g login_grace_time
+ Gives the grace time for clients to authenticate themselves
+ (default 120 seconds). If the client fails to authenticate the
+ user within this many seconds, the server disconnects and exits.
+ A value of zero indicates no limit.
+
+ -h host_key_file
+ Specifies a file from which a host key is read. This option must
+ be given if sshd is not run as root (as the normal host key files
+ are normally not readable by anyone but root). The default is
+ /etc/ssh/ssh_host_key for protocol version 1, and
+ /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key and
+ /etc/ssh/ssh_host_rsa_key for protocol version 2. It is possible
+ to have multiple host key files for the different protocol
+ versions and host key algorithms.
+
+ -i Specifies that sshd is being run from inetd(8). sshd is normally
+ not run from inetd because it needs to generate the server key
+ before it can respond to the client, and this may take tens of
+ seconds. Clients would have to wait too long if the key was
+ regenerated every time. However, with small key sizes (e.g. 512)
+ using sshd from inetd may be feasible.
+
+ -k key_gen_time
+ Specifies how often the ephemeral protocol version 1 server key
+ is regenerated (default 3600 seconds, or one hour). The
+ motivation for regenerating the key fairly often is that the key
+ is not stored anywhere, and after about an hour it becomes
+ impossible to recover the key for decrypting intercepted
+ communications even if the machine is cracked into or physically
+ seized. A value of zero indicates that the key will never be
+ regenerated.
+
+ -o option
+ Can be used to give options in the format used in the
+ configuration file. This is useful for specifying options for
+ which there is no separate command-line flag. For full details
+ of the options, and their values, see sshd_config(5).
+
+ -p port
+ Specifies the port on which the server listens for connections
+ (default 22). Multiple port options are permitted. Ports
+ specified in the configuration file with the Port option are
+ ignored when a command-line port is specified. Ports specified
+ using the ListenAddress option override command-line ports.
+
+ -q Quiet mode. Nothing is sent to the system log. Normally the
+ beginning, authentication, and termination of each connection is
+ logged.
+
+ -T Extended test mode. Check the validity of the configuration
+ file, output the effective configuration to stdout and then exit.
+ Optionally, Match rules may be applied by specifying the
+ connection parameters using one or more -C options.
+
+ -t Test mode. Only check the validity of the configuration file and
+ sanity of the keys. This is useful for updating sshd reliably as
+ configuration options may change.
+
+ -u len This option is used to specify the size of the field in the utmp
+ structure that holds the remote host name. If the resolved host
+ name is longer than len, the dotted decimal value will be used
+ instead. This allows hosts with very long host names that
+ overflow this field to still be uniquely identified. Specifying
+ -u0 indicates that only dotted decimal addresses should be put
+ into the utmp file. -u0 may also be used to prevent sshd from
+ making DNS requests unless the authentication mechanism or
+ configuration requires it. Authentication mechanisms that may
+ require DNS include RhostsRSAAuthentication,
+ HostbasedAuthentication, and using a from="pattern-list" option
+ in a key file. Configuration options that require DNS include
+ using a USER at HOST pattern in AllowUsers or DenyUsers.
+
+AUTHENTICATION
+ The OpenSSH SSH daemon supports SSH protocols 1 and 2. The default is to
+ use protocol 2 only, though this can be changed via the Protocol option
+ in sshd_config(5). Protocol 2 supports DSA, ECDSA and RSA keys; protocol
+ 1 only supports RSA keys. For both protocols, each host has a host-
+ specific key, normally 2048 bits, used to identify the host.
+
+ Forward security for protocol 1 is provided through an additional server
+ key, normally 768 bits, generated when the server starts. This key is
+ normally regenerated every hour if it has been used, and is never stored
+ on disk. Whenever a client connects, the daemon responds with its public
+ host and server keys. The client compares the RSA host key against its
+ own database to verify that it has not changed. The client then
+ generates a 256-bit random number. It encrypts this random number using
+ both the host key and the server key, and sends the encrypted number to
+ the server. Both sides then use this random number as a session key
+ which is used to encrypt all further communications in the session. The
+ rest of the session is encrypted using a conventional cipher, currently
+ Blowfish or 3DES, with 3DES being used by default. The client selects
+ the encryption algorithm to use from those offered by the server.
+
+ For protocol 2, forward security is provided through a Diffie-Hellman key
+ agreement. This key agreement results in a shared session key. The rest
+ of the session is encrypted using a symmetric cipher, currently 128-bit
+ AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. The
+ client selects the encryption algorithm to use from those offered by the
+ server. Additionally, session integrity is provided through a
+ cryptographic message authentication code (hmac-md5, hmac-sha1, umac-64,
+ umac-128, hmac-ripemd160, hmac-sha2-256 or hmac-sha2-512).
+
+ Finally, the server and the client enter an authentication dialog. The
+ client tries to authenticate itself using host-based authentication,
+ public key authentication, challenge-response authentication, or password
+ authentication.
+
+ Regardless of the authentication type, the account is checked to ensure
+ that it is accessible. An account is not accessible if it is locked,
+ listed in DenyUsers or its group is listed in DenyGroups . The
+ definition of a locked account is system dependant. Some platforms have
+ their own account database (eg AIX) and some modify the passwd field (
+ `*LK*' on Solaris and UnixWare, `*' on HP-UX, containing `Nologin' on
+ Tru64, a leading `*LOCKED*' on FreeBSD and a leading `!' on most
+ Linuxes). If there is a requirement to disable password authentication
+ for the account while allowing still public-key, then the passwd field
+ should be set to something other than these values (eg `NP' or `*NP*' ).
+
+ If the client successfully authenticates itself, a dialog for preparing
+ the session is entered. At this time the client may request things like
+ allocating a pseudo-tty, forwarding X11 connections, forwarding TCP
+ connections, or forwarding the authentication agent connection over the
+ secure channel.
+
+ After this, the client either requests a shell or execution of a command.
+ The sides then enter session mode. In this mode, either side may send
+ data at any time, and such data is forwarded to/from the shell or command
+ on the server side, and the user terminal in the client side.
+
+ When the user program terminates and all forwarded X11 and other
+ connections have been closed, the server sends command exit status to the
+ client, and both sides exit.
+
+LOGIN PROCESS
+ When a user successfully logs in, sshd does the following:
+
+ 1. If the login is on a tty, and no command has been specified,
+ prints last login time and /etc/motd (unless prevented in the
+ configuration file or by ~/.hushlogin; see the FILES section).
+
+ 2. If the login is on a tty, records login time.
+
+ 3. Checks /etc/nologin; if it exists, prints contents and quits
+ (unless root).
+
+ 4. Changes to run with normal user privileges.
+
+ 5. Sets up basic environment.
+
+ 6. Reads the file ~/.ssh/environment, if it exists, and users are
+ allowed to change their environment. See the
+ PermitUserEnvironment option in sshd_config(5).
+
+ 7. Changes to user's home directory.
+
+ 8. If ~/.ssh/rc exists, runs it; else if /etc/ssh/sshrc exists,
+ runs it; otherwise runs xauth. The ``rc'' files are given the
+ X11 authentication protocol and cookie in standard input. See
+ SSHRC, below.
+
+ 9. Runs user's shell or command.
+
+SSHRC
+ If the file ~/.ssh/rc exists, sh(1) runs it after reading the environment
+ files but before starting the user's shell or command. It must not
+ produce any output on stdout; stderr must be used instead. If X11
+ forwarding is in use, it will receive the "proto cookie" pair in its
+ standard input (and DISPLAY in its environment). The script must call
+ xauth(1) because sshd will not run xauth automatically to add X11
+ cookies.
+
+ The primary purpose of this file is to run any initialization routines
+ which may be needed before the user's home directory becomes accessible;
+ AFS is a particular example of such an environment.
+
+ This file will probably contain some initialization code followed by
+ something similar to:
+
+ if read proto cookie && [ -n "$DISPLAY" ]; then
+ if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then
+ # X11UseLocalhost=yes
+ echo add unix:`echo $DISPLAY |
+ cut -c11-` $proto $cookie
+ else
+ # X11UseLocalhost=no
+ echo add $DISPLAY $proto $cookie
+ fi | xauth -q -
+ fi
+
+ If this file does not exist, /etc/ssh/sshrc is run, and if that does not
+ exist either, xauth is used to add the cookie.
+
+AUTHORIZED_KEYS FILE FORMAT
+ AuthorizedKeysFile specifies the files containing public keys for public
+ key authentication; if none is specified, the default is
+ ~/.ssh/authorized_keys and ~/.ssh/authorized_keys2. Each line of the
+ file contains one key (empty lines and lines starting with a `#' are
+ ignored as comments). Protocol 1 public keys consist of the following
+ space-separated fields: options, bits, exponent, modulus, comment.
+ Protocol 2 public key consist of: options, keytype, base64-encoded key,
+ comment. The options field is optional; its presence is determined by
+ whether the line starts with a number or not (the options field never
+ starts with a number). The bits, exponent, modulus, and comment fields
+ give the RSA key for protocol version 1; the comment field is not used
+ for anything (but may be convenient for the user to identify the key).
+ For protocol version 2 the keytype is ``ecdsa-sha2-nistp256'',
+ ``ecdsa-sha2-nistp384'', ``ecdsa-sha2-nistp521'', ``ssh-dss'' or
+ ``ssh-rsa''.
+
+ Note that lines in this file are usually several hundred bytes long
+ (because of the size of the public key encoding) up to a limit of 8
+ kilobytes, which permits DSA keys up to 8 kilobits and RSA keys up to 16
+ kilobits. You don't want to type them in; instead, copy the
+ identity.pub, id_dsa.pub, id_ecdsa.pub, or the id_rsa.pub file and edit
+ it.
+
+ sshd enforces a minimum RSA key modulus size for protocol 1 and protocol
+ 2 keys of 768 bits.
+
+ The options (if present) consist of comma-separated option
+ specifications. No spaces are permitted, except within double quotes.
+ The following option specifications are supported (note that option
+ keywords are case-insensitive):
+
+ cert-authority
+ Specifies that the listed key is a certification authority (CA)
+ that is trusted to validate signed certificates for user
+ authentication.
+
+ Certificates may encode access restrictions similar to these key
+ options. If both certificate restrictions and key options are
+ present, the most restrictive union of the two is applied.
+
+ command="command"
+ Specifies that the command is executed whenever this key is used
+ for authentication. The command supplied by the user (if any) is
+ ignored. The command is run on a pty if the client requests a
+ pty; otherwise it is run without a tty. If an 8-bit clean
+ channel is required, one must not request a pty or should specify
+ no-pty. A quote may be included in the command by quoting it
+ with a backslash. This option might be useful to restrict
+ certain public keys to perform just a specific operation. An
+ example might be a key that permits remote backups but nothing
+ else. Note that the client may specify TCP and/or X11 forwarding
+ unless they are explicitly prohibited. The command originally
+ supplied by the client is available in the SSH_ORIGINAL_COMMAND
+ environment variable. Note that this option applies to shell,
+ command or subsystem execution. Also note that this command may
+ be superseded by either a sshd_config(5) ForceCommand directive
+ or a command embedded in a certificate.
+
+ environment="NAME=value"
+ Specifies that the string is to be added to the environment when
+ logging in using this key. Environment variables set this way
+ override other default environment values. Multiple options of
+ this type are permitted. Environment processing is disabled by
+ default and is controlled via the PermitUserEnvironment option.
+ This option is automatically disabled if UseLogin is enabled.
+
+ from="pattern-list"
+ Specifies that in addition to public key authentication, either
+ the canonical name of the remote host or its IP address must be
+ present in the comma-separated list of patterns. See PATTERNS in
+ ssh_config(5) for more information on patterns.
+
+ In addition to the wildcard matching that may be applied to
+ hostnames or addresses, a from stanza may match IP addresses
+ using CIDR address/masklen notation.
+
+ The purpose of this option is to optionally increase security:
+ public key authentication by itself does not trust the network or
+ name servers or anything (but the key); however, if somebody
+ somehow steals the key, the key permits an intruder to log in
+ from anywhere in the world. This additional option makes using a
+ stolen key more difficult (name servers and/or routers would have
+ to be compromised in addition to just the key).
+
+ no-agent-forwarding
+ Forbids authentication agent forwarding when this key is used for
+ authentication.
+
+ no-port-forwarding
+ Forbids TCP forwarding when this key is used for authentication.
+ Any port forward requests by the client will return an error.
+ This might be used, e.g. in connection with the command option.
+
+ no-pty Prevents tty allocation (a request to allocate a pty will fail).
+
+ no-user-rc
+ Disables execution of ~/.ssh/rc.
+
+ no-X11-forwarding
+ Forbids X11 forwarding when this key is used for authentication.
+ Any X11 forward requests by the client will return an error.
+
+ permitopen="host:port"
+ Limit local ``ssh -L'' port forwarding such that it may only
+ connect to the specified host and port. IPv6 addresses can be
+ specified by enclosing the address in square brackets. Multiple
+ permitopen options may be applied separated by commas. No
+ pattern matching is performed on the specified hostnames, they
+ must be literal domains or addresses. A port specification of *
+ matches any port.
+
+ principals="principals"
+ On a cert-authority line, specifies allowed principals for
+ certificate authentication as a comma-separated list. At least
+ one name from the list must appear in the certificate's list of
+ principals for the certificate to be accepted. This option is
+ ignored for keys that are not marked as trusted certificate
+ signers using the cert-authority option.
+
+ tunnel="n"
+ Force a tun(4) device on the server. Without this option, the
+ next available device will be used if the client requests a
+ tunnel.
+
+ An example authorized_keys file:
+
+ # Comments allowed at start of line
+ ssh-rsa AAAAB3Nza...LiPk== user at example.net
+ from="*.sales.example.net,!pc.sales.example.net" ssh-rsa
+ AAAAB2...19Q== john at example.net
+ command="dump /home",no-pty,no-port-forwarding ssh-dss
+ AAAAC3...51R== example.net
+ permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-dss
+ AAAAB5...21S==
+ tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...==
+ jane at example.net
+
+SSH_KNOWN_HOSTS FILE FORMAT
+ The /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts files contain host
+ public keys for all known hosts. The global file should be prepared by
+ the administrator (optional), and the per-user file is maintained
+ automatically: whenever the user connects from an unknown host, its key
+ is added to the per-user file.
+
+ Each line in these files contains the following fields: markers
+ (optional), hostnames, bits, exponent, modulus, comment. The fields are
+ separated by spaces.
+
+ The marker is optional, but if it is present then it must be one of
+ ``@cert-authority'', to indicate that the line contains a certification
+ authority (CA) key, or ``@revoked'', to indicate that the key contained
+ on the line is revoked and must not ever be accepted. Only one marker
+ should be used on a key line.
+
+ Hostnames is a comma-separated list of patterns (`*' and `?' act as
+ wildcards); each pattern in turn is matched against the canonical host
+ name (when authenticating a client) or against the user-supplied name
+ (when authenticating a server). A pattern may also be preceded by `!' to
+ indicate negation: if the host name matches a negated pattern, it is not
+ accepted (by that line) even if it matched another pattern on the line.
+ A hostname or address may optionally be enclosed within `[' and `]'
+ brackets then followed by `:' and a non-standard port number.
+
+ Alternately, hostnames may be stored in a hashed form which hides host
+ names and addresses should the file's contents be disclosed. Hashed
+ hostnames start with a `|' character. Only one hashed hostname may
+ appear on a single line and none of the above negation or wildcard
+ operators may be applied.
+
+ Bits, exponent, and modulus are taken directly from the RSA host key;
+ they can be obtained, for example, from /etc/ssh/ssh_host_key.pub. The
+ optional comment field continues to the end of the line, and is not used.
+
+ Lines starting with `#' and empty lines are ignored as comments.
+
+ When performing host authentication, authentication is accepted if any
+ matching line has the proper key; either one that matches exactly or, if
+ the server has presented a certificate for authentication, the key of the
+ certification authority that signed the certificate. For a key to be
+ trusted as a certification authority, it must use the ``@cert-authority''
+ marker described above.
+
+ The known hosts file also provides a facility to mark keys as revoked,
+ for example when it is known that the associated private key has been
+ stolen. Revoked keys are specified by including the ``@revoked'' marker
+ at the beginning of the key line, and are never accepted for
+ authentication or as certification authorities, but instead will produce
+ a warning from ssh(1) when they are encountered.
+
+ It is permissible (but not recommended) to have several lines or
+ different host keys for the same names. This will inevitably happen when
+ short forms of host names from different domains are put in the file. It
+ is possible that the files contain conflicting information;
+ authentication is accepted if valid information can be found from either
+ file.
+
+ Note that the lines in these files are typically hundreds of characters
+ long, and you definitely don't want to type in the host keys by hand.
+ Rather, generate them by a script, ssh-keyscan(1) or by taking
+ /etc/ssh/ssh_host_key.pub and adding the host names at the front.
+ ssh-keygen(1) also offers some basic automated editing for
+ ~/.ssh/known_hosts including removing hosts matching a host name and
+ converting all host names to their hashed representations.
+
+ An example ssh_known_hosts file:
+
+ # Comments allowed at start of line
+ closenet,...,192.0.2.53 1024 37 159...93 closenet.example.net
+ cvs.example.net,192.0.2.10 ssh-rsa AAAA1234.....=
+ # A hashed hostname
+ |1|JfKTdBh7rNbXkVAQCRp4OQoPfmI=|USECr3SWf1JUPsms5AqfD5QfxkM= ssh-rsa
+ AAAA1234.....=
+ # A revoked key
+ @revoked * ssh-rsa AAAAB5W...
+ # A CA key, accepted for any host in *.mydomain.com or *.mydomain.org
+ @cert-authority *.mydomain.org,*.mydomain.com ssh-rsa AAAAB5W...
+
+FILES
+ ~/.hushlogin
+ This file is used to suppress printing the last login time and
+ /etc/motd, if PrintLastLog and PrintMotd, respectively, are
+ enabled. It does not suppress printing of the banner specified
+ by Banner.
+
+ ~/.rhosts
+ This file is used for host-based authentication (see ssh(1) for
+ more information). On some machines this file may need to be
+ world-readable if the user's home directory is on an NFS
+ partition, because sshd reads it as root. Additionally, this
+ file must be owned by the user, and must not have write
+ permissions for anyone else. The recommended permission for most
+ machines is read/write for the user, and not accessible by
+ others.
+
+ ~/.shosts
+ This file is used in exactly the same way as .rhosts, but allows
+ host-based authentication without permitting login with
+ rlogin/rsh.
+
+ ~/.ssh/
+ This directory is the default location for all user-specific
+ configuration and authentication information. There is no
+ general requirement to keep the entire contents of this directory
+ secret, but the recommended permissions are read/write/execute
+ for the user, and not accessible by others.
+
+ ~/.ssh/authorized_keys
+ Lists the public keys (DSA/ECDSA/RSA) that can be used for
+ logging in as this user. The format of this file is described
+ above. The content of the file is not highly sensitive, but the
+ recommended permissions are read/write for the user, and not
+ accessible by others.
+
+ If this file, the ~/.ssh directory, or the user's home directory
+ are writable by other users, then the file could be modified or
+ replaced by unauthorized users. In this case, sshd will not
+ allow it to be used unless the StrictModes option has been set to
+ ``no''.
+
+ ~/.ssh/environment
+ This file is read into the environment at login (if it exists).
+ It can only contain empty lines, comment lines (that start with
+ `#'), and assignment lines of the form name=value. The file
+ should be writable only by the user; it need not be readable by
+ anyone else. Environment processing is disabled by default and
+ is controlled via the PermitUserEnvironment option.
+
+ ~/.ssh/known_hosts
+ Contains a list of host keys for all hosts the user has logged
+ into that are not already in the systemwide list of known host
+ keys. The format of this file is described above. This file
+ should be writable only by root/the owner and can, but need not
+ be, world-readable.
+
+ ~/.ssh/rc
+ Contains initialization routines to be run before the user's home
+ directory becomes accessible. This file should be writable only
+ by the user, and need not be readable by anyone else.
+
+ /etc/hosts.allow
+ /etc/hosts.deny
+ Access controls that should be enforced by tcp-wrappers are
+ defined here. Further details are described in hosts_access(5).
+
+ /etc/hosts.equiv
+ This file is for host-based authentication (see ssh(1)). It
+ should only be writable by root.
+
+ /etc/moduli
+ Contains Diffie-Hellman groups used for the "Diffie-Hellman Group
+ Exchange". The file format is described in moduli(5).
+
+ /etc/motd
+ See motd(5).
+
+ /etc/nologin
+ If this file exists, sshd refuses to let anyone except root log
+ in. The contents of the file are displayed to anyone trying to
+ log in, and non-root connections are refused. The file should be
+ world-readable.
+
+ /etc/shosts.equiv
+ This file is used in exactly the same way as hosts.equiv, but
+ allows host-based authentication without permitting login with
+ rlogin/rsh.
+
+ /etc/ssh/ssh_host_key
+ /etc/ssh/ssh_host_dsa_key
+ /etc/ssh/ssh_host_ecdsa_key
+ /etc/ssh/ssh_host_rsa_key
+ These files contain the private parts of the host keys. These
+ files should only be owned by root, readable only by root, and
+ not accessible to others. Note that sshd does not start if these
+ files are group/world-accessible.
+
+ /etc/ssh/ssh_host_key.pub
+ /etc/ssh/ssh_host_dsa_key.pub
+ /etc/ssh/ssh_host_ecdsa_key.pub
+ /etc/ssh/ssh_host_rsa_key.pub
+ These files contain the public parts of the host keys. These
+ files should be world-readable but writable only by root. Their
+ contents should match the respective private parts. These files
+ are not really used for anything; they are provided for the
+ convenience of the user so their contents can be copied to known
+ hosts files. These files are created using ssh-keygen(1).
+
+ /etc/ssh/ssh_known_hosts
+ Systemwide list of known host keys. This file should be prepared
+ by the system administrator to contain the public host keys of
+ all machines in the organization. The format of this file is
+ described above. This file should be writable only by root/the
+ owner and should be world-readable.
+
+ /etc/ssh/sshd_config
+ Contains configuration data for sshd. The file format and
+ configuration options are described in sshd_config(5).
+
+ /etc/ssh/sshrc
+ Similar to ~/.ssh/rc, it can be used to specify machine-specific
+ login-time initializations globally. This file should be
+ writable only by root, and should be world-readable.
+
+ /var/empty
+ chroot(2) directory used by sshd during privilege separation in
+ the pre-authentication phase. The directory should not contain
+ any files and must be owned by root and not group or world-
+ writable.
+
+ /var/run/sshd.pid
+ Contains the process ID of the sshd listening for connections (if
+ there are several daemons running concurrently for different
+ ports, this contains the process ID of the one started last).
+ The content of this file is not sensitive; it can be world-
+ readable.
+
+SEE ALSO
+ scp(1), sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1),
+ ssh-keyscan(1), chroot(2), hosts_access(5), login.conf(5), moduli(5),
+ sshd_config(5), inetd(8), sftp-server(8)
+
+AUTHORS
+ OpenSSH is a derivative of the original and free ssh 1.2.12 release by
+ Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
+ de Raadt and Dug Song removed many bugs, re-added newer features and
+ created OpenSSH. Markus Friedl contributed the support for SSH protocol
+ versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
+ for privilege separation.
+
+CAVEATS
+ System security is not improved unless rshd, rlogind, and rexecd are
+ disabled (thus completely disabling rlogin and rsh into the machine).
+
+OpenBSD 5.4 June 27, 2013 OpenBSD 5.4
Modified: vendor-crypto/openssh/dist/sshd.8
===================================================================
--- vendor-crypto/openssh/dist/sshd.8 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/sshd.8 2013-12-05 12:55:03 UTC (rev 6462)
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.260 2010/10/28 18:33:28 jmc Exp $
-.Dd $Mdocdate: October 28 2010 $
+.\" $OpenBSD: sshd.8,v 1.270 2013/06/27 14:05:37 jmc Exp $
+.Dd $Mdocdate: June 27 2013 $
.Dt SSHD 8
.Os
.Sh NAME
@@ -47,6 +47,7 @@
.Op Fl b Ar bits
.Op Fl C Ar connection_spec
.Op Fl c Ar host_certificate_file
+.Op Fl E Ar log_file
.Op Fl f Ar config_file
.Op Fl g Ar login_grace_time
.Op Fl h Ar host_key_file
@@ -114,6 +115,8 @@
The keywords are
.Dq user ,
.Dq host ,
+.Dq laddr ,
+.Dq lport ,
and
.Dq addr .
All are required and may be supplied in any order, either with multiple
@@ -144,10 +147,12 @@
.Fl d
options increase the debugging level.
Maximum is 3.
+.It Fl E Ar log_file
+Append debug logs to
+.Ar log_file
+instead of the system log.
.It Fl e
-When this option is specified,
-.Nm
-will send the output to the standard error instead of the system log.
+Write debug logs to standard error instead of the system log.
.It Fl f Ar config_file
Specifies the name of the configuration file.
The default is
@@ -314,7 +319,8 @@
to use from those offered by the server.
Additionally, session integrity is provided
through a cryptographic message authentication code
-(hmac-md5, hmac-sha1, umac-64 or hmac-ripemd160).
+(hmac-md5, hmac-sha1, umac-64, umac-128, hmac-ripemd160,
+hmac-sha2-256 or hmac-sha2-512).
.Pp
Finally, the server and the client enter an authentication dialog.
The client tries to authenticate itself using
@@ -462,10 +468,12 @@
does not exist either, xauth is used to add the cookie.
.Sh AUTHORIZED_KEYS FILE FORMAT
.Cm AuthorizedKeysFile
-specifies the file containing public keys for
+specifies the files containing public keys for
public key authentication;
if none is specified, the default is
-.Pa ~/.ssh/authorized_keys .
+.Pa ~/.ssh/authorized_keys
+and
+.Pa ~/.ssh/authorized_keys2 .
Each line of the file contains one
key (empty lines and lines starting with a
.Ql #
@@ -559,9 +567,7 @@
Specifies that in addition to public key authentication, either the canonical
name of the remote host or its IP address must be present in the
comma-separated list of patterns.
-See
-.Sx PATTERNS
-in
+See PATTERNS in
.Xr ssh_config 5
for more information on patterns.
.Pp
@@ -605,6 +611,9 @@
options may be applied separated by commas.
No pattern matching is performed on the specified hostnames,
they must be literal domains or addresses.
+A port specification of
+.Cm *
+matches any port.
.It Cm principals="principals"
On a
.Cm cert-authority
@@ -878,7 +887,7 @@
.It Pa /etc/ssh/ssh_host_dsa_key
.It Pa /etc/ssh/ssh_host_ecdsa_key
.It Pa /etc/ssh/ssh_host_rsa_key
-These three files contain the private parts of the host keys.
+These files contain the private parts of the host keys.
These files should only be owned by root, readable only by root, and not
accessible to others.
Note that
@@ -889,7 +898,7 @@
.It Pa /etc/ssh/ssh_host_dsa_key.pub
.It Pa /etc/ssh/ssh_host_ecdsa_key.pub
.It Pa /etc/ssh/ssh_host_rsa_key.pub
-These three files contain the public parts of the host keys.
+These files contain the public parts of the host keys.
These files should be world-readable but writable only by
root.
Their contents should match the respective private parts.
Property changes on: vendor-crypto/openssh/dist/sshd.8
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.10
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/sshd.c
===================================================================
--- vendor-crypto/openssh/dist/sshd.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/sshd.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.381 2011/01/11 06:13:10 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.404 2013/07/19 07:37:48 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -106,6 +106,7 @@
#include "canohost.h"
#include "hostfile.h"
#include "auth.h"
+#include "authfd.h"
#include "misc.h"
#include "msg.h"
#include "dispatch.h"
@@ -118,6 +119,7 @@
#endif
#include "monitor_wrap.h"
#include "roaming.h"
+#include "ssh-sandbox.h"
#include "version.h"
#ifdef LIBWRAP
@@ -193,6 +195,10 @@
/* for rekeying XXX fixme */
Kex *xxx_kex;
+/* Daemon's agent connection */
+AuthenticationConnection *auth_conn = NULL;
+int have_agent = 0;
+
/*
* Any really sensitive data in the application is contained in this
* structure. The idea is that this structure could be locked into memory so
@@ -205,6 +211,7 @@
Key *server_key; /* ephemeral server key */
Key *ssh1_host_key; /* ssh1 host key */
Key **host_keys; /* all private host keys */
+ Key **host_pubkeys; /* all public host keys */
Key **host_certificates; /* all public host certificates */
int have_ssh1_key;
int have_ssh2_key;
@@ -238,6 +245,7 @@
/* variables used for privilege separation */
int use_privsep = -1;
struct monitor *pmonitor = NULL;
+int privsep_is_preauth = 1;
/* global authentication context */
Authctxt *the_authctxt = NULL;
@@ -357,6 +365,15 @@
if (use_privsep && pmonitor != NULL && pmonitor->m_pid > 0)
kill(pmonitor->m_pid, SIGALRM);
+ /*
+ * Try to kill any processes that we have spawned, E.g. authorized
+ * keys command helpers.
+ */
+ if (getpgid(0) == getpid()) {
+ signal(SIGTERM, SIG_IGN);
+ killpg(0, SIGTERM);
+ }
+
/* Log error and exit. */
sigdie("Timeout before authentication for %s", get_remote_ipaddr());
}
@@ -417,10 +434,12 @@
major = PROTOCOL_MAJOR_1;
minor = PROTOCOL_MINOR_1;
}
- snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor,
- SSH_VERSION, newline);
- server_version_string = xstrdup(buf);
+ xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
+ major, minor, SSH_VERSION,
+ *options.version_addendum == '\0' ? "" : " ",
+ options.version_addendum, newline);
+
/* Send our protocol version identification. */
if (roaming_atomicio(vwrite, sock_out, server_version_string,
strlen(server_version_string))
@@ -624,6 +643,7 @@
{
int status;
pid_t pid;
+ struct ssh_sandbox *box = NULL;
/* Set up unprivileged child process to deal with network data */
pmonitor = monitor_init();
@@ -630,6 +650,8 @@
/* Store a pointer to the kex for later rekeying */
pmonitor->m_pkex = &xxx_kex;
+ if (use_privsep == PRIVSEP_ON)
+ box = ssh_sandbox_init();
pid = fork();
if (pid == -1) {
fatal("fork of unprivileged child failed");
@@ -636,30 +658,52 @@
} else if (pid != 0) {
debug2("Network child is on pid %ld", (long)pid);
- close(pmonitor->m_recvfd);
pmonitor->m_pid = pid;
+ if (have_agent)
+ auth_conn = ssh_get_authentication_connection();
+ if (box != NULL)
+ ssh_sandbox_parent_preauth(box, pid);
monitor_child_preauth(authctxt, pmonitor);
- close(pmonitor->m_sendfd);
/* Sync memory */
monitor_sync(pmonitor);
/* Wait for the child's exit status */
- while (waitpid(pid, &status, 0) < 0)
- if (errno != EINTR)
- break;
- return (1);
+ while (waitpid(pid, &status, 0) < 0) {
+ if (errno == EINTR)
+ continue;
+ pmonitor->m_pid = -1;
+ fatal("%s: waitpid: %s", __func__, strerror(errno));
+ }
+ privsep_is_preauth = 0;
+ pmonitor->m_pid = -1;
+ if (WIFEXITED(status)) {
+ if (WEXITSTATUS(status) != 0)
+ fatal("%s: preauth child exited with status %d",
+ __func__, WEXITSTATUS(status));
+ } else if (WIFSIGNALED(status))
+ fatal("%s: preauth child terminated by signal %d",
+ __func__, WTERMSIG(status));
+ if (box != NULL)
+ ssh_sandbox_parent_finish(box);
+ return 1;
} else {
/* child */
-
close(pmonitor->m_sendfd);
+ close(pmonitor->m_log_recvfd);
+ /* Arrange for logging to be sent to the monitor */
+ set_log_handler(mm_log_handler, pmonitor);
+
/* Demote the child */
if (getuid() == 0 || geteuid() == 0)
privsep_preauth_child();
setproctitle("%s", "[net]");
+ if (box != NULL)
+ ssh_sandbox_child(box);
+
+ return 0;
}
- return (0);
}
static void
@@ -685,7 +729,6 @@
fatal("fork of unprivileged child failed");
else if (pmonitor->m_pid != 0) {
verbose("User child is on pid %ld", (long)pmonitor->m_pid);
- close(pmonitor->m_recvfd);
buffer_clear(&loginmsg);
monitor_child_postauth(pmonitor);
@@ -693,7 +736,10 @@
exit(0);
}
+ /* child */
+
close(pmonitor->m_sendfd);
+ pmonitor->m_sendfd = -1;
/* Demote the private keys to public keys. */
demote_sensitive_data();
@@ -729,6 +775,8 @@
for (i = 0; i < options.num_host_key_files; i++) {
key = sensitive_data.host_keys[i];
if (key == NULL)
+ key = sensitive_data.host_pubkeys[i];
+ if (key == NULL)
continue;
switch (key->type) {
case KEY_RSA:
@@ -781,6 +829,8 @@
break;
default:
key = sensitive_data.host_keys[i];
+ if (key == NULL && !need_private)
+ key = sensitive_data.host_pubkeys[i];
break;
}
if (key != NULL && key->type == type)
@@ -810,6 +860,14 @@
return (sensitive_data.host_keys[ind]);
}
+Key *
+get_hostkey_public_by_index(int ind)
+{
+ if (ind < 0 || ind >= options.num_host_key_files)
+ return (NULL);
+ return (sensitive_data.host_pubkeys[ind]);
+}
+
int
get_hostkey_index(Key *key)
{
@@ -822,6 +880,8 @@
} else {
if (key == sensitive_data.host_keys[i])
return (i);
+ if (key == sensitive_data.host_pubkeys[i])
+ return (i);
}
}
return (-1);
@@ -862,8 +922,9 @@
SSH_RELEASE, SSLeay_version(SSLEAY_VERSION));
fprintf(stderr,
"usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file]\n"
-" [-f config_file] [-g login_grace_time] [-h host_key_file]\n"
-" [-k key_gen_time] [-o option] [-p port] [-u len]\n"
+" [-E log_file] [-f config_file] [-g login_grace_time]\n"
+" [-h host_key_file] [-k key_gen_time] [-o option] [-p port]\n"
+" [-u len]\n"
);
exit(1);
}
@@ -934,7 +995,7 @@
cp = buffer_get_string(&m, &len);
if (conf != NULL)
buffer_append(conf, cp, len + 1);
- xfree(cp);
+ free(cp);
if (buffer_get_int(&m)) {
if (sensitive_data.server_key != NULL)
@@ -985,7 +1046,9 @@
if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
dup2(fd, STDIN_FILENO);
dup2(fd, STDOUT_FILENO);
- if (fd > STDOUT_FILENO)
+ if (!log_stderr)
+ dup2(fd, STDERR_FILENO);
+ if (fd > (log_stderr ? STDERR_FILENO : STDOUT_FILENO))
close(fd);
}
debug("inetd sockets after dupping: %d, %d", *sock_in, *sock_out);
@@ -1096,7 +1159,7 @@
if (received_sighup)
sighup_restart();
if (fdset != NULL)
- xfree(fdset);
+ free(fdset);
fdset = (fd_set *)xcalloc(howmany(maxfd + 1, NFDBITS),
sizeof(fd_mask));
@@ -1115,7 +1178,7 @@
(int) received_sigterm);
close_listen_socks();
unlink(options.pid_file);
- exit(255);
+ exit(received_sigterm == SIGTERM ? 0 : 255);
}
if (key_used && key_do_regen) {
generate_ephemeral_server_key();
@@ -1145,9 +1208,12 @@
*newsock = accept(listen_socks[i],
(struct sockaddr *)&from, &fromlen);
if (*newsock < 0) {
- if (errno != EINTR && errno != EAGAIN &&
- errno != EWOULDBLOCK)
- error("accept: %.100s", strerror(errno));
+ if (errno != EINTR && errno != EWOULDBLOCK &&
+ errno != ECONNABORTED && errno != EAGAIN)
+ error("accept: %.100s",
+ strerror(errno));
+ if (errno == EMFILE || errno == ENFILE)
+ usleep(100 * 1000);
continue;
}
if (unset_nonblock(*newsock) == -1) {
@@ -1293,20 +1359,22 @@
int opt, i, j, on = 1;
int sock_in = -1, sock_out = -1, newsock = -1;
const char *remote_ip;
- char *test_user = NULL, *test_host = NULL, *test_addr = NULL;
int remote_port;
- char *line, *p, *cp;
+ char *line, *logfile = NULL;
int config_s[2] = { -1 , -1 };
+ u_int n;
u_int64_t ibytes, obytes;
mode_t new_umask;
Key *key;
+ Key *pubkey;
+ int keytype;
Authctxt *authctxt;
+ struct connection_info *connection_info = get_connection_info(0, 0);
#ifdef HAVE_SECUREWARE
(void)set_auth_parameters(ac, av);
#endif
__progname = ssh_get_progname(av[0]);
- init_rng();
/* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
saved_argc = ac;
@@ -1332,7 +1400,7 @@
initialize_server_options(&options);
/* Parse command-line arguments. */
- while ((opt = getopt(ac, av, "f:p:b:k:h:g:u:o:C:dDeiqrtQRT46")) != -1) {
+ while ((opt = getopt(ac, av, "f:p:b:k:h:g:u:o:C:dDeE:iqrtQRT46")) != -1) {
switch (opt) {
case '4':
options.address_family = AF_INET;
@@ -1361,6 +1429,9 @@
case 'D':
no_daemon_flag = 1;
break;
+ case 'E':
+ logfile = xstrdup(optarg);
+ /* FALLTHROUGH */
case 'e':
log_stderr = 1;
break;
@@ -1423,20 +1494,9 @@
test_flag = 2;
break;
case 'C':
- cp = optarg;
- while ((p = strsep(&cp, ",")) && *p != '\0') {
- if (strncmp(p, "addr=", 5) == 0)
- test_addr = xstrdup(p + 5);
- else if (strncmp(p, "host=", 5) == 0)
- test_host = xstrdup(p + 5);
- else if (strncmp(p, "user=", 5) == 0)
- test_user = xstrdup(p + 5);
- else {
- fprintf(stderr, "Invalid test "
- "mode specification %s\n", p);
- exit(1);
- }
- }
+ if (parse_server_match_testspec(connection_info,
+ optarg) == -1)
+ exit(1);
break;
case 'u':
utmp_len = (u_int)strtonum(optarg, 0, MAXHOSTNAMELEN+1, NULL);
@@ -1448,9 +1508,9 @@
case 'o':
line = xstrdup(optarg);
if (process_server_config_line(&options, line,
- "command-line", 0, NULL, NULL, NULL, NULL) != 0)
+ "command-line", 0, NULL, NULL) != 0)
exit(1);
- xfree(line);
+ free(line);
break;
case '?':
default:
@@ -1469,6 +1529,11 @@
OpenSSL_add_all_algorithms();
+ /* If requested, redirect the logs to the specified logfile. */
+ if (logfile != NULL) {
+ log_redirect_stderr_to(logfile);
+ free(logfile);
+ }
/*
* Force logging to stderr until we have loaded the private host
* key (unless started from inetd)
@@ -1485,7 +1550,7 @@
* root's environment
*/
if (getenv("KRB5CCNAME") != NULL)
- unsetenv("KRB5CCNAME");
+ (void) unsetenv("KRB5CCNAME");
#ifdef _UNICOS
/* Cray can define user privs drop all privs now!
@@ -1504,13 +1569,10 @@
* the parameters we need. If we're not doing an extended test,
* do not silently ignore connection test params.
*/
- if (test_flag >= 2 &&
- (test_user != NULL || test_host != NULL || test_addr != NULL)
- && (test_user == NULL || test_host == NULL || test_addr == NULL))
+ if (test_flag >= 2 && server_match_spec_complete(connection_info) == 0)
fatal("user, host and addr are all required when testing "
"Match configs");
- if (test_flag < 2 && (test_user != NULL || test_host != NULL ||
- test_addr != NULL))
+ if (test_flag < 2 && server_match_spec_complete(connection_info) >= 0)
fatal("Config test connection parameter (-C) provided without "
"test mode (-T)");
@@ -1522,7 +1584,7 @@
load_server_config(config_file_name, &cfg);
parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name,
- &cfg, NULL, NULL, NULL);
+ &cfg, NULL);
seed_rng();
@@ -1533,6 +1595,33 @@
if (options.challenge_response_authentication)
options.kbd_interactive_authentication = 1;
+ /* Check that options are sensible */
+ if (options.authorized_keys_command_user == NULL &&
+ (options.authorized_keys_command != NULL &&
+ strcasecmp(options.authorized_keys_command, "none") != 0))
+ fatal("AuthorizedKeysCommand set without "
+ "AuthorizedKeysCommandUser");
+
+ /*
+ * Check whether there is any path through configured auth methods.
+ * Unfortunately it is not possible to verify this generally before
+ * daemonisation in the presence of Match block, but this catches
+ * and warns for trivial misconfigurations that could break login.
+ */
+ if (options.num_auth_methods != 0) {
+ if ((options.protocol & SSH_PROTO_1))
+ fatal("AuthenticationMethods is not supported with "
+ "SSH protocol 1");
+ for (n = 0; n < options.num_auth_methods; n++) {
+ if (auth2_methods_valid(options.auth_methods[n],
+ 1) == 0)
+ break;
+ }
+ if (n >= options.num_auth_methods)
+ fatal("AuthenticationMethods cannot be satisfied by "
+ "enabled authentication methods");
+ }
+
/* set default channel AF */
channel_set_af(options.address_family);
@@ -1542,7 +1631,8 @@
exit(1);
}
- debug("sshd version %.100s", SSH_RELEASE);
+ debug("sshd version %s, %s", SSH_VERSION,
+ SSLeay_version(SSLEAY_VERSION));
/* Store privilege separation user for later use if required. */
if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {
@@ -1552,27 +1642,50 @@
} else {
memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd));
privsep_pw = pwcopy(privsep_pw);
- xfree(privsep_pw->pw_passwd);
+ free(privsep_pw->pw_passwd);
privsep_pw->pw_passwd = xstrdup("*");
}
endpwent();
- /* load private host keys */
+ /* load host keys */
sensitive_data.host_keys = xcalloc(options.num_host_key_files,
sizeof(Key *));
- for (i = 0; i < options.num_host_key_files; i++)
+ sensitive_data.host_pubkeys = xcalloc(options.num_host_key_files,
+ sizeof(Key *));
+ for (i = 0; i < options.num_host_key_files; i++) {
sensitive_data.host_keys[i] = NULL;
+ sensitive_data.host_pubkeys[i] = NULL;
+ }
+ if (options.host_key_agent) {
+ if (strcmp(options.host_key_agent, SSH_AUTHSOCKET_ENV_NAME))
+ setenv(SSH_AUTHSOCKET_ENV_NAME,
+ options.host_key_agent, 1);
+ have_agent = ssh_agent_present();
+ }
+
for (i = 0; i < options.num_host_key_files; i++) {
key = key_load_private(options.host_key_files[i], "", NULL);
+ pubkey = key_load_public(options.host_key_files[i], NULL);
sensitive_data.host_keys[i] = key;
- if (key == NULL) {
+ sensitive_data.host_pubkeys[i] = pubkey;
+
+ if (key == NULL && pubkey != NULL && pubkey->type != KEY_RSA1 &&
+ have_agent) {
+ debug("will rely on agent for hostkey %s",
+ options.host_key_files[i]);
+ keytype = pubkey->type;
+ } else if (key != NULL) {
+ keytype = key->type;
+ } else {
error("Could not load host key: %s",
options.host_key_files[i]);
sensitive_data.host_keys[i] = NULL;
+ sensitive_data.host_pubkeys[i] = NULL;
continue;
}
- switch (key->type) {
+
+ switch (keytype) {
case KEY_RSA1:
sensitive_data.ssh1_host_key = key;
sensitive_data.have_ssh1_key = 1;
@@ -1583,8 +1696,8 @@
sensitive_data.have_ssh2_key = 1;
break;
}
- debug("private host key: #%d type %d %s", i, key->type,
- key_type(key));
+ debug("private host key: #%d type %d %s", i, keytype,
+ key_type(key ? key : pubkey));
}
if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) {
logit("Disabling protocol version 1. Could not load host key");
@@ -1684,9 +1797,8 @@
}
if (test_flag > 1) {
- if (test_user != NULL && test_addr != NULL && test_host != NULL)
- parse_server_match_config(&options, test_user,
- test_host, test_addr);
+ if (server_match_spec_complete(connection_info) == 1)
+ parse_server_match_config(&options, connection_info);
dump_config(&options);
}
@@ -1752,7 +1864,8 @@
/* Chdir to the root directory so that the current disk can be
unmounted if desired. */
- chdir("/");
+ if (chdir("/") == -1)
+ error("chdir(\"/\"): %s", strerror(errno));
/* ignore SIGPIPE */
signal(SIGPIPE, SIG_IGN);
@@ -1954,9 +2067,11 @@
buffer_init(&loginmsg);
auth_debug_reset();
- if (use_privsep)
+ if (use_privsep) {
if (privsep_preauth(authctxt) == 1)
goto authenticated;
+ } else if (compat20 && have_agent)
+ auth_conn = ssh_get_authentication_connection();
/* perform the key exchange */
/* authenticate user and start session */
@@ -2243,7 +2358,7 @@
MD5_Update(&md, sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH);
MD5_Final(session_key + 16, &md);
memset(buf, 0, bytes);
- xfree(buf);
+ free(buf);
for (i = 0; i < 16; i++)
session_id[i] = session_key[i] ^ session_key[i + 16];
}
@@ -2270,6 +2385,23 @@
packet_write_wait();
}
+void
+sshd_hostkey_sign(Key *privkey, Key *pubkey, u_char **signature, u_int *slen,
+ u_char *data, u_int dlen)
+{
+ if (privkey) {
+ if (PRIVSEP(key_sign(privkey, signature, slen, data, dlen) < 0))
+ fatal("%s: key_sign failed", __func__);
+ } else if (use_privsep) {
+ if (mm_key_sign(pubkey, signature, slen, data, dlen) < 0)
+ fatal("%s: pubkey_sign failed", __func__);
+ } else {
+ if (ssh_agent_sign(auth_conn, pubkey, signature, slen, data,
+ dlen))
+ fatal("%s: ssh_agent_sign failed", __func__);
+ }
+}
+
/*
* SSH2 key exchange: diffie-hellman-group1-sha1
*/
@@ -2301,6 +2433,10 @@
if (options.kex_algorithms != NULL)
myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
+ if (options.rekey_limit || options.rekey_interval)
+ packet_set_rekey_limits((u_int32_t)options.rekey_limit,
+ (time_t)options.rekey_interval);
+
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
/* start key exchange */
@@ -2316,6 +2452,7 @@
kex->load_host_public_key=&get_hostkey_public_by_type;
kex->load_host_private_key=&get_hostkey_private_by_type;
kex->host_key_index=&get_hostkey_index;
+ kex->sign = sshd_hostkey_sign;
xxx_kex = kex;
@@ -2338,8 +2475,16 @@
void
cleanup_exit(int i)
{
- if (the_authctxt)
+ if (the_authctxt) {
do_cleanup(the_authctxt);
+ if (use_privsep && privsep_is_preauth && pmonitor->m_pid > 1) {
+ debug("Killing privsep child %d", pmonitor->m_pid);
+ if (kill(pmonitor->m_pid, SIGKILL) != 0 &&
+ errno != ESRCH)
+ error("%s: kill(%d): %s", __func__,
+ pmonitor->m_pid, strerror(errno));
+ }
+ }
#ifdef SSH_AUDIT_EVENTS
/* done after do_cleanup so it can cancel the PAM auth 'thread' */
if (!use_privsep || mm_is_monitor())
Property changes on: vendor-crypto/openssh/dist/sshd.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.9
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/sshd_config
===================================================================
--- vendor-crypto/openssh/dist/sshd_config 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/sshd_config 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-# $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $
+# $OpenBSD: sshd_config,v 1.90 2013/05/16 04:09:14 dtucker Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
@@ -7,7 +7,7 @@
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
-# possible, but leave them commented. Uncommented options change a
+# possible, but leave them commented. Uncommented options override the
# default value.
#Port 22
@@ -29,6 +29,9 @@
#KeyRegenerationInterval 1h
#ServerKeyBits 1024
+# Ciphers and keying
+#RekeyLimit default none
+
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
@@ -44,8 +47,16 @@
#RSAAuthentication yes
#PubkeyAuthentication yes
-#AuthorizedKeysFile .ssh/authorized_keys
+# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+# but this is overridden so installations will only check .ssh/authorized_keys
+AuthorizedKeysFile .ssh/authorized_keys
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
@@ -94,7 +105,7 @@
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
-#UsePrivilegeSeparation yes
+UsePrivilegeSeparation sandbox # Default for new installations.
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
@@ -101,9 +112,10 @@
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
-#MaxStartups 10
+#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
+#VersionAddendum none
# no default banner path
#Banner none
Property changes on: vendor-crypto/openssh/dist/sshd_config
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.8
\ No newline at end of property
Added: vendor-crypto/openssh/dist/sshd_config.0
===================================================================
--- vendor-crypto/openssh/dist/sshd_config.0 (rev 0)
+++ vendor-crypto/openssh/dist/sshd_config.0 2013-12-05 12:55:03 UTC (rev 6462)
@@ -0,0 +1,813 @@
+SSHD_CONFIG(5) OpenBSD Programmer's Manual SSHD_CONFIG(5)
+
+NAME
+ sshd_config - OpenSSH SSH daemon configuration file
+
+SYNOPSIS
+ /etc/ssh/sshd_config
+
+DESCRIPTION
+ sshd(8) reads configuration data from /etc/ssh/sshd_config (or the file
+ specified with -f on the command line). The file contains keyword-
+ argument pairs, one per line. Lines starting with `#' and empty lines
+ are interpreted as comments. Arguments may optionally be enclosed in
+ double quotes (") in order to represent arguments containing spaces.
+
+ The possible keywords and their meanings are as follows (note that
+ keywords are case-insensitive and arguments are case-sensitive):
+
+ AcceptEnv
+ Specifies what environment variables sent by the client will be
+ copied into the session's environ(7). See SendEnv in
+ ssh_config(5) for how to configure the client. Note that
+ environment passing is only supported for protocol 2. Variables
+ are specified by name, which may contain the wildcard characters
+ `*' and `?'. Multiple environment variables may be separated by
+ whitespace or spread across multiple AcceptEnv directives. Be
+ warned that some environment variables could be used to bypass
+ restricted user environments. For this reason, care should be
+ taken in the use of this directive. The default is not to accept
+ any environment variables.
+
+ AddressFamily
+ Specifies which address family should be used by sshd(8). Valid
+ arguments are ``any'', ``inet'' (use IPv4 only), or ``inet6''
+ (use IPv6 only). The default is ``any''.
+
+ AllowAgentForwarding
+ Specifies whether ssh-agent(1) forwarding is permitted. The
+ default is ``yes''. Note that disabling agent forwarding does
+ not improve security unless users are also denied shell access,
+ as they can always install their own forwarders.
+
+ AllowGroups
+ This keyword can be followed by a list of group name patterns,
+ separated by spaces. If specified, login is allowed only for
+ users whose primary group or supplementary group list matches one
+ of the patterns. Only group names are valid; a numerical group
+ ID is not recognized. By default, login is allowed for all
+ groups. The allow/deny directives are processed in the following
+ order: DenyUsers, AllowUsers, DenyGroups, and finally
+ AllowGroups.
+
+ See PATTERNS in ssh_config(5) for more information on patterns.
+
+ AllowTcpForwarding
+ Specifies whether TCP forwarding is permitted. The available
+ options are ``yes'' or ``all'' to allow TCP forwarding, ``no'' to
+ prevent all TCP forwarding, ``local'' to allow local (from the
+ perspective of ssh(1)) forwarding only or ``remote'' to allow
+ remote forwarding only. The default is ``yes''. Note that
+ disabling TCP forwarding does not improve security unless users
+ are also denied shell access, as they can always install their
+ own forwarders.
+
+ AllowUsers
+ This keyword can be followed by a list of user name patterns,
+ separated by spaces. If specified, login is allowed only for
+ user names that match one of the patterns. Only user names are
+ valid; a numerical user ID is not recognized. By default, login
+ is allowed for all users. If the pattern takes the form
+ USER at HOST then USER and HOST are separately checked, restricting
+ logins to particular users from particular hosts. The allow/deny
+ directives are processed in the following order: DenyUsers,
+ AllowUsers, DenyGroups, and finally AllowGroups.
+
+ See PATTERNS in ssh_config(5) for more information on patterns.
+
+ AuthenticationMethods
+ Specifies the authentication methods that must be successfully
+ completed for a user to be granted access. This option must be
+ followed by one or more comma-separated lists of authentication
+ method names. Successful authentication requires completion of
+ every method in at least one of these lists.
+
+ For example, an argument of ``publickey,password
+ publickey,keyboard-interactive'' would require the user to
+ complete public key authentication, followed by either password
+ or keyboard interactive authentication. Only methods that are
+ next in one or more lists are offered at each stage, so for this
+ example, it would not be possible to attempt password or
+ keyboard-interactive authentication before public key.
+
+ For keyboard interactive authentication it is also possible to
+ restrict authentication to a specific device by appending a colon
+ followed by the device identifier ``bsdauth'', ``pam'', or
+ ``skey'', depending on the server configuration. For example,
+ ``keyboard-interactive:bsdauth'' would restrict keyboard
+ interactive authentication to the ``bsdauth'' device.
+
+ This option is only available for SSH protocol 2 and will yield a
+ fatal error if enabled if protocol 1 is also enabled. Note that
+ each authentication method listed should also be explicitly
+ enabled in the configuration. The default is not to require
+ multiple authentication; successful completion of a single
+ authentication method is sufficient.
+
+ AuthorizedKeysCommand
+ Specifies a program to be used to look up the user's public keys.
+ The program must be owned by root and not writable by group or
+ others. It will be invoked with a single argument of the
+ username being authenticated, and should produce on standard
+ output zero or more lines of authorized_keys output (see
+ AUTHORIZED_KEYS in sshd(8)). If a key supplied by
+ AuthorizedKeysCommand does not successfully authenticate and
+ authorize the user then public key authentication continues using
+ the usual AuthorizedKeysFile files. By default, no
+ AuthorizedKeysCommand is run.
+
+ AuthorizedKeysCommandUser
+ Specifies the user under whose account the AuthorizedKeysCommand
+ is run. It is recommended to use a dedicated user that has no
+ other role on the host than running authorized keys commands.
+
+ AuthorizedKeysFile
+ Specifies the file that contains the public keys that can be used
+ for user authentication. The format is described in the
+ AUTHORIZED_KEYS FILE FORMAT section of sshd(8).
+ AuthorizedKeysFile may contain tokens of the form %T which are
+ substituted during connection setup. The following tokens are
+ defined: %% is replaced by a literal '%', %h is replaced by the
+ home directory of the user being authenticated, and %u is
+ replaced by the username of that user. After expansion,
+ AuthorizedKeysFile is taken to be an absolute path or one
+ relative to the user's home directory. Multiple files may be
+ listed, separated by whitespace. The default is
+ ``.ssh/authorized_keys .ssh/authorized_keys2''.
+
+ AuthorizedPrincipalsFile
+ Specifies a file that lists principal names that are accepted for
+ certificate authentication. When using certificates signed by a
+ key listed in TrustedUserCAKeys, this file lists names, one of
+ which must appear in the certificate for it to be accepted for
+ authentication. Names are listed one per line preceded by key
+ options (as described in AUTHORIZED_KEYS FILE FORMAT in sshd(8)).
+ Empty lines and comments starting with `#' are ignored.
+
+ AuthorizedPrincipalsFile may contain tokens of the form %T which
+ are substituted during connection setup. The following tokens
+ are defined: %% is replaced by a literal '%', %h is replaced by
+ the home directory of the user being authenticated, and %u is
+ replaced by the username of that user. After expansion,
+ AuthorizedPrincipalsFile is taken to be an absolute path or one
+ relative to the user's home directory.
+
+ The default is ``none'', i.e. not to use a principals file - in
+ this case, the username of the user must appear in a
+ certificate's principals list for it to be accepted. Note that
+ AuthorizedPrincipalsFile is only used when authentication
+ proceeds using a CA listed in TrustedUserCAKeys and is not
+ consulted for certification authorities trusted via
+ ~/.ssh/authorized_keys, though the principals= key option offers
+ a similar facility (see sshd(8) for details).
+
+ Banner The contents of the specified file are sent to the remote user
+ before authentication is allowed. If the argument is ``none''
+ then no banner is displayed. This option is only available for
+ protocol version 2. By default, no banner is displayed.
+
+ ChallengeResponseAuthentication
+ Specifies whether challenge-response authentication is allowed
+ (e.g. via PAM or though authentication styles supported in
+ login.conf(5)) The default is ``yes''.
+
+ ChrootDirectory
+ Specifies the pathname of a directory to chroot(2) to after
+ authentication. All components of the pathname must be root-
+ owned directories that are not writable by any other user or
+ group. After the chroot, sshd(8) changes the working directory
+ to the user's home directory.
+
+ The pathname may contain the following tokens that are expanded
+ at runtime once the connecting user has been authenticated: %% is
+ replaced by a literal '%', %h is replaced by the home directory
+ of the user being authenticated, and %u is replaced by the
+ username of that user.
+
+ The ChrootDirectory must contain the necessary files and
+ directories to support the user's session. For an interactive
+ session this requires at least a shell, typically sh(1), and
+ basic /dev nodes such as null(4), zero(4), stdin(4), stdout(4),
+ stderr(4), arandom(4) and tty(4) devices. For file transfer
+ sessions using ``sftp'', no additional configuration of the
+ environment is necessary if the in-process sftp server is used,
+ though sessions which use logging do require /dev/log inside the
+ chroot directory (see sftp-server(8) for details).
+
+ The default is not to chroot(2).
+
+ Ciphers
+ Specifies the ciphers allowed for protocol version 2. Multiple
+ ciphers must be comma-separated. The supported ciphers are
+ ``3des-cbc'', ``aes128-cbc'', ``aes192-cbc'', ``aes256-cbc'',
+ ``aes128-ctr'', ``aes192-ctr'', ``aes256-ctr'',
+ ``aes128-gcm at openssh.com'', ``aes256-gcm at openssh.com'',
+ ``arcfour128'', ``arcfour256'', ``arcfour'', ``blowfish-cbc'',
+ and ``cast128-cbc''. The default is:
+
+ aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
+ aes128-gcm at openssh.com,aes256-gcm at openssh.com,
+ aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
+ aes256-cbc,arcfour
+
+ ClientAliveCountMax
+ Sets the number of client alive messages (see below) which may be
+ sent without sshd(8) receiving any messages back from the client.
+ If this threshold is reached while client alive messages are
+ being sent, sshd will disconnect the client, terminating the
+ session. It is important to note that the use of client alive
+ messages is very different from TCPKeepAlive (below). The client
+ alive messages are sent through the encrypted channel and
+ therefore will not be spoofable. The TCP keepalive option
+ enabled by TCPKeepAlive is spoofable. The client alive mechanism
+ is valuable when the client or server depend on knowing when a
+ connection has become inactive.
+
+ The default value is 3. If ClientAliveInterval (see below) is
+ set to 15, and ClientAliveCountMax is left at the default,
+ unresponsive SSH clients will be disconnected after approximately
+ 45 seconds. This option applies to protocol version 2 only.
+
+ ClientAliveInterval
+ Sets a timeout interval in seconds after which if no data has
+ been received from the client, sshd(8) will send a message
+ through the encrypted channel to request a response from the
+ client. The default is 0, indicating that these messages will
+ not be sent to the client. This option applies to protocol
+ version 2 only.
+
+ Compression
+ Specifies whether compression is allowed, or delayed until the
+ user has authenticated successfully. The argument must be
+ ``yes'', ``delayed'', or ``no''. The default is ``delayed''.
+
+ DenyGroups
+ This keyword can be followed by a list of group name patterns,
+ separated by spaces. Login is disallowed for users whose primary
+ group or supplementary group list matches one of the patterns.
+ Only group names are valid; a numerical group ID is not
+ recognized. By default, login is allowed for all groups. The
+ allow/deny directives are processed in the following order:
+ DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups.
+
+ See PATTERNS in ssh_config(5) for more information on patterns.
+
+ DenyUsers
+ This keyword can be followed by a list of user name patterns,
+ separated by spaces. Login is disallowed for user names that
+ match one of the patterns. Only user names are valid; a
+ numerical user ID is not recognized. By default, login is
+ allowed for all users. If the pattern takes the form USER at HOST
+ then USER and HOST are separately checked, restricting logins to
+ particular users from particular hosts. The allow/deny
+ directives are processed in the following order: DenyUsers,
+ AllowUsers, DenyGroups, and finally AllowGroups.
+
+ See PATTERNS in ssh_config(5) for more information on patterns.
+
+ ForceCommand
+ Forces the execution of the command specified by ForceCommand,
+ ignoring any command supplied by the client and ~/.ssh/rc if
+ present. The command is invoked by using the user's login shell
+ with the -c option. This applies to shell, command, or subsystem
+ execution. It is most useful inside a Match block. The command
+ originally supplied by the client is available in the
+ SSH_ORIGINAL_COMMAND environment variable. Specifying a command
+ of ``internal-sftp'' will force the use of an in-process sftp
+ server that requires no support files when used with
+ ChrootDirectory.
+
+ GatewayPorts
+ Specifies whether remote hosts are allowed to connect to ports
+ forwarded for the client. By default, sshd(8) binds remote port
+ forwardings to the loopback address. This prevents other remote
+ hosts from connecting to forwarded ports. GatewayPorts can be
+ used to specify that sshd should allow remote port forwardings to
+ bind to non-loopback addresses, thus allowing other hosts to
+ connect. The argument may be ``no'' to force remote port
+ forwardings to be available to the local host only, ``yes'' to
+ force remote port forwardings to bind to the wildcard address, or
+ ``clientspecified'' to allow the client to select the address to
+ which the forwarding is bound. The default is ``no''.
+
+ GSSAPIAuthentication
+ Specifies whether user authentication based on GSSAPI is allowed.
+ The default is ``no''. Note that this option applies to protocol
+ version 2 only.
+
+ GSSAPICleanupCredentials
+ Specifies whether to automatically destroy the user's credentials
+ cache on logout. The default is ``yes''. Note that this option
+ applies to protocol version 2 only.
+
+ HostbasedAuthentication
+ Specifies whether rhosts or /etc/hosts.equiv authentication
+ together with successful public key client host authentication is
+ allowed (host-based authentication). This option is similar to
+ RhostsRSAAuthentication and applies to protocol version 2 only.
+ The default is ``no''.
+
+ HostbasedUsesNameFromPacketOnly
+ Specifies whether or not the server will attempt to perform a
+ reverse name lookup when matching the name in the ~/.shosts,
+ ~/.rhosts, and /etc/hosts.equiv files during
+ HostbasedAuthentication. A setting of ``yes'' means that sshd(8)
+ uses the name supplied by the client rather than attempting to
+ resolve the name from the TCP connection itself. The default is
+ ``no''.
+
+ HostCertificate
+ Specifies a file containing a public host certificate. The
+ certificate's public key must match a private host key already
+ specified by HostKey. The default behaviour of sshd(8) is not to
+ load any certificates.
+
+ HostKey
+ Specifies a file containing a private host key used by SSH. The
+ default is /etc/ssh/ssh_host_key for protocol version 1, and
+ /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key and
+ /etc/ssh/ssh_host_rsa_key for protocol version 2. Note that
+ sshd(8) will refuse to use a file if it is group/world-
+ accessible. It is possible to have multiple host key files.
+ ``rsa1'' keys are used for version 1 and ``dsa'', ``ecdsa'' or
+ ``rsa'' are used for version 2 of the SSH protocol. It is also
+ possible to specify public host key files instead. In this case
+ operations on the private key will be delegated to an
+ ssh-agent(1).
+
+ HostKeyAgent
+ Identifies the UNIX-domain socket used to communicate with an
+ agent that has access to the private host keys. If
+ ``SSH_AUTH_SOCK'' is specified, the location of the socket will
+ be read from the SSH_AUTH_SOCK environment variable.
+
+ IgnoreRhosts
+ Specifies that .rhosts and .shosts files will not be used in
+ RhostsRSAAuthentication or HostbasedAuthentication.
+
+ /etc/hosts.equiv and /etc/shosts.equiv are still used. The
+ default is ``yes''.
+
+ IgnoreUserKnownHosts
+ Specifies whether sshd(8) should ignore the user's
+ ~/.ssh/known_hosts during RhostsRSAAuthentication or
+ HostbasedAuthentication. The default is ``no''.
+
+ IPQoS Specifies the IPv4 type-of-service or DSCP class for the
+ connection. Accepted values are ``af11'', ``af12'', ``af13'',
+ ``af21'', ``af22'', ``af23'', ``af31'', ``af32'', ``af33'',
+ ``af41'', ``af42'', ``af43'', ``cs0'', ``cs1'', ``cs2'', ``cs3'',
+ ``cs4'', ``cs5'', ``cs6'', ``cs7'', ``ef'', ``lowdelay'',
+ ``throughput'', ``reliability'', or a numeric value. This option
+ may take one or two arguments, separated by whitespace. If one
+ argument is specified, it is used as the packet class
+ unconditionally. If two values are specified, the first is
+ automatically selected for interactive sessions and the second
+ for non-interactive sessions. The default is ``lowdelay'' for
+ interactive sessions and ``throughput'' for non-interactive
+ sessions.
+
+ KerberosAuthentication
+ Specifies whether the password provided by the user for
+ PasswordAuthentication will be validated through the Kerberos
+ KDC. To use this option, the server needs a Kerberos servtab
+ which allows the verification of the KDC's identity. The default
+ is ``no''.
+
+ KerberosGetAFSToken
+ If AFS is active and the user has a Kerberos 5 TGT, attempt to
+ acquire an AFS token before accessing the user's home directory.
+ The default is ``no''.
+
+ KerberosOrLocalPasswd
+ If password authentication through Kerberos fails then the
+ password will be validated via any additional local mechanism
+ such as /etc/passwd. The default is ``yes''.
+
+ KerberosTicketCleanup
+ Specifies whether to automatically destroy the user's ticket
+ cache file on logout. The default is ``yes''.
+
+ KexAlgorithms
+ Specifies the available KEX (Key Exchange) algorithms. Multiple
+ algorithms must be comma-separated. The default is
+ ``ecdh-sha2-nistp256'', ``ecdh-sha2-nistp384'',
+ ``ecdh-sha2-nistp521'', ``diffie-hellman-group-exchange-sha256'',
+ ``diffie-hellman-group-exchange-sha1'',
+ ``diffie-hellman-group14-sha1'', ``diffie-hellman-group1-sha1''.
+
+ KeyRegenerationInterval
+ In protocol version 1, the ephemeral server key is automatically
+ regenerated after this many seconds (if it has been used). The
+ purpose of regeneration is to prevent decrypting captured
+ sessions by later breaking into the machine and stealing the
+ keys. The key is never stored anywhere. If the value is 0, the
+ key is never regenerated. The default is 3600 (seconds).
+
+ ListenAddress
+ Specifies the local addresses sshd(8) should listen on. The
+ following forms may be used:
+
+ ListenAddress host|IPv4_addr|IPv6_addr
+ ListenAddress host|IPv4_addr:port
+ ListenAddress [host|IPv6_addr]:port
+
+ If port is not specified, sshd will listen on the address and all
+ prior Port options specified. The default is to listen on all
+ local addresses. Multiple ListenAddress options are permitted.
+ Additionally, any Port options must precede this option for non-
+ port qualified addresses.
+
+ LoginGraceTime
+ The server disconnects after this time if the user has not
+ successfully logged in. If the value is 0, there is no time
+ limit. The default is 120 seconds.
+
+ LogLevel
+ Gives the verbosity level that is used when logging messages from
+ sshd(8). The possible values are: QUIET, FATAL, ERROR, INFO,
+ VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. The default is INFO.
+ DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify
+ higher levels of debugging output. Logging with a DEBUG level
+ violates the privacy of users and is not recommended.
+
+ MACs Specifies the available MAC (message authentication code)
+ algorithms. The MAC algorithm is used in protocol version 2 for
+ data integrity protection. Multiple algorithms must be comma-
+ separated. The algorithms that contain ``-etm'' calculate the
+ MAC after encryption (encrypt-then-mac). These are considered
+ safer and their use recommended. The default is:
+
+ hmac-md5-etm at openssh.com,hmac-sha1-etm at openssh.com,
+ umac-64-etm at openssh.com,umac-128-etm at openssh.com,
+ hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,
+ hmac-ripemd160-etm at openssh.com,hmac-sha1-96-etm at openssh.com,
+ hmac-md5-96-etm at openssh.com,
+ hmac-md5,hmac-sha1,umac-64 at openssh.com,umac-128 at openssh.com,
+ hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
+ hmac-sha1-96,hmac-md5-96
+
+ Match Introduces a conditional block. If all of the criteria on the
+ Match line are satisfied, the keywords on the following lines
+ override those set in the global section of the config file,
+ until either another Match line or the end of the file.
+
+ The arguments to Match are one or more criteria-pattern pairs.
+ The available criteria are User, Group, Host, LocalAddress,
+ LocalPort, and Address. The match patterns may consist of single
+ entries or comma-separated lists and may use the wildcard and
+ negation operators described in the PATTERNS section of
+ ssh_config(5).
+
+ The patterns in an Address criteria may additionally contain
+ addresses to match in CIDR address/masklen format, e.g.
+ ``192.0.2.0/24'' or ``3ffe:ffff::/32''. Note that the mask
+ length provided must be consistent with the address - it is an
+ error to specify a mask length that is too long for the address
+ or one with bits set in this host portion of the address. For
+ example, ``192.0.2.0/33'' and ``192.0.2.0/8'' respectively.
+
+ Only a subset of keywords may be used on the lines following a
+ Match keyword. Available keywords are AcceptEnv,
+ AllowAgentForwarding, AllowGroups, AllowTcpForwarding,
+ AllowUsers, AuthenticationMethods, AuthorizedKeysCommand,
+ AuthorizedKeysCommandUser, AuthorizedKeysFile,
+ AuthorizedPrincipalsFile, Banner, ChrootDirectory, DenyGroups,
+ DenyUsers, ForceCommand, GatewayPorts, GSSAPIAuthentication,
+ HostbasedAuthentication, HostbasedUsesNameFromPacketOnly,
+ KbdInteractiveAuthentication, KerberosAuthentication,
+ MaxAuthTries, MaxSessions, PasswordAuthentication,
+ PermitEmptyPasswords, PermitOpen, PermitRootLogin, PermitTunnel,
+ PubkeyAuthentication, RekeyLimit, RhostsRSAAuthentication,
+ RSAAuthentication, X11DisplayOffset, X11Forwarding and
+ X11UseLocalHost.
+
+ MaxAuthTries
+ Specifies the maximum number of authentication attempts permitted
+ per connection. Once the number of failures reaches half this
+ value, additional failures are logged. The default is 6.
+
+ MaxSessions
+ Specifies the maximum number of open sessions permitted per
+ network connection. The default is 10.
+
+ MaxStartups
+ Specifies the maximum number of concurrent unauthenticated
+ connections to the SSH daemon. Additional connections will be
+ dropped until authentication succeeds or the LoginGraceTime
+ expires for a connection. The default is 10:30:100.
+
+ Alternatively, random early drop can be enabled by specifying the
+ three colon separated values ``start:rate:full'' (e.g.
+ "10:30:60"). sshd(8) will refuse connection attempts with a
+ probability of ``rate/100'' (30%) if there are currently
+ ``start'' (10) unauthenticated connections. The probability
+ increases linearly and all connection attempts are refused if the
+ number of unauthenticated connections reaches ``full'' (60).
+
+ PasswordAuthentication
+ Specifies whether password authentication is allowed. The
+ default is ``yes''.
+
+ PermitEmptyPasswords
+ When password authentication is allowed, it specifies whether the
+ server allows login to accounts with empty password strings. The
+ default is ``no''.
+
+ PermitOpen
+ Specifies the destinations to which TCP port forwarding is
+ permitted. The forwarding specification must be one of the
+ following forms:
+
+ PermitOpen host:port
+ PermitOpen IPv4_addr:port
+ PermitOpen [IPv6_addr]:port
+
+ Multiple forwards may be specified by separating them with
+ whitespace. An argument of ``any'' can be used to remove all
+ restrictions and permit any forwarding requests. An argument of
+ ``none'' can be used to prohibit all forwarding requests. By
+ default all port forwarding requests are permitted.
+
+ PermitRootLogin
+ Specifies whether root can log in using ssh(1). The argument
+ must be ``yes'', ``without-password'', ``forced-commands-only'',
+ or ``no''. The default is ``yes''.
+
+ If this option is set to ``without-password'', password
+ authentication is disabled for root.
+
+ If this option is set to ``forced-commands-only'', root login
+ with public key authentication will be allowed, but only if the
+ command option has been specified (which may be useful for taking
+ remote backups even if root login is normally not allowed). All
+ other authentication methods are disabled for root.
+
+ If this option is set to ``no'', root is not allowed to log in.
+
+ PermitTunnel
+ Specifies whether tun(4) device forwarding is allowed. The
+ argument must be ``yes'', ``point-to-point'' (layer 3),
+ ``ethernet'' (layer 2), or ``no''. Specifying ``yes'' permits
+ both ``point-to-point'' and ``ethernet''. The default is ``no''.
+
+ PermitUserEnvironment
+ Specifies whether ~/.ssh/environment and environment= options in
+ ~/.ssh/authorized_keys are processed by sshd(8). The default is
+ ``no''. Enabling environment processing may enable users to
+ bypass access restrictions in some configurations using
+ mechanisms such as LD_PRELOAD.
+
+ PidFile
+ Specifies the file that contains the process ID of the SSH
+ daemon. The default is /var/run/sshd.pid.
+
+ Port Specifies the port number that sshd(8) listens on. The default
+ is 22. Multiple options of this type are permitted. See also
+ ListenAddress.
+
+ PrintLastLog
+ Specifies whether sshd(8) should print the date and time of the
+ last user login when a user logs in interactively. The default
+ is ``yes''.
+
+ PrintMotd
+ Specifies whether sshd(8) should print /etc/motd when a user logs
+ in interactively. (On some systems it is also printed by the
+ shell, /etc/profile, or equivalent.) The default is ``yes''.
+
+ Protocol
+ Specifies the protocol versions sshd(8) supports. The possible
+ values are `1' and `2'. Multiple versions must be comma-
+ separated. The default is `2'. Note that the order of the
+ protocol list does not indicate preference, because the client
+ selects among multiple protocol versions offered by the server.
+ Specifying ``2,1'' is identical to ``1,2''.
+
+ PubkeyAuthentication
+ Specifies whether public key authentication is allowed. The
+ default is ``yes''. Note that this option applies to protocol
+ version 2 only.
+
+ RekeyLimit
+ Specifies the maximum amount of data that may be transmitted
+ before the session key is renegotiated, optionally followed a
+ maximum amount of time that may pass before the session key is
+ renegotiated. The first argument is specified in bytes and may
+ have a suffix of `K', `M', or `G' to indicate Kilobytes,
+ Megabytes, or Gigabytes, respectively. The default is between
+ `1G' and `4G', depending on the cipher. The optional second
+ value is specified in seconds and may use any of the units
+ documented in the TIME FORMATS section. The default value for
+ RekeyLimit is ``default none'', which means that rekeying is
+ performed after the cipher's default amount of data has been sent
+ or received and no time based rekeying is done. This option
+ applies to protocol version 2 only.
+
+ RevokedKeys
+ Specifies revoked public keys. Keys listed in this file will be
+ refused for public key authentication. Note that if this file is
+ not readable, then public key authentication will be refused for
+ all users. Keys may be specified as a text file, listing one
+ public key per line, or as an OpenSSH Key Revocation List (KRL)
+ as generated by ssh-keygen(1). For more information on KRLs, see
+ the KEY REVOCATION LISTS section in ssh-keygen(1).
+
+ RhostsRSAAuthentication
+ Specifies whether rhosts or /etc/hosts.equiv authentication
+ together with successful RSA host authentication is allowed. The
+ default is ``no''. This option applies to protocol version 1
+ only.
+
+ RSAAuthentication
+ Specifies whether pure RSA authentication is allowed. The
+ default is ``yes''. This option applies to protocol version 1
+ only.
+
+ ServerKeyBits
+ Defines the number of bits in the ephemeral protocol version 1
+ server key. The minimum value is 512, and the default is 1024.
+
+ StrictModes
+ Specifies whether sshd(8) should check file modes and ownership
+ of the user's files and home directory before accepting login.
+ This is normally desirable because novices sometimes accidentally
+ leave their directory or files world-writable. The default is
+ ``yes''. Note that this does not apply to ChrootDirectory, whose
+ permissions and ownership are checked unconditionally.
+
+ Subsystem
+ Configures an external subsystem (e.g. file transfer daemon).
+ Arguments should be a subsystem name and a command (with optional
+ arguments) to execute upon subsystem request.
+
+ The command sftp-server(8) implements the ``sftp'' file transfer
+ subsystem.
+
+ Alternately the name ``internal-sftp'' implements an in-process
+ ``sftp'' server. This may simplify configurations using
+ ChrootDirectory to force a different filesystem root on clients.
+
+ By default no subsystems are defined. Note that this option
+ applies to protocol version 2 only.
+
+ SyslogFacility
+ Gives the facility code that is used when logging messages from
+ sshd(8). The possible values are: DAEMON, USER, AUTH, LOCAL0,
+ LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The
+ default is AUTH.
+
+ TCPKeepAlive
+ Specifies whether the system should send TCP keepalive messages
+ to the other side. If they are sent, death of the connection or
+ crash of one of the machines will be properly noticed. However,
+ this means that connections will die if the route is down
+ temporarily, and some people find it annoying. On the other
+ hand, if TCP keepalives are not sent, sessions may hang
+ indefinitely on the server, leaving ``ghost'' users and consuming
+ server resources.
+
+ The default is ``yes'' (to send TCP keepalive messages), and the
+ server will notice if the network goes down or the client host
+ crashes. This avoids infinitely hanging sessions.
+
+ To disable TCP keepalive messages, the value should be set to
+ ``no''.
+
+ TrustedUserCAKeys
+ Specifies a file containing public keys of certificate
+ authorities that are trusted to sign user certificates for
+ authentication. Keys are listed one per line; empty lines and
+ comments starting with `#' are allowed. If a certificate is
+ presented for authentication and has its signing CA key listed in
+ this file, then it may be used for authentication for any user
+ listed in the certificate's principals list. Note that
+ certificates that lack a list of principals will not be permitted
+ for authentication using TrustedUserCAKeys. For more details on
+ certificates, see the CERTIFICATES section in ssh-keygen(1).
+
+ UseDNS Specifies whether sshd(8) should look up the remote host name and
+ check that the resolved host name for the remote IP address maps
+ back to the very same IP address. The default is ``yes''.
+
+ UseLogin
+ Specifies whether login(1) is used for interactive login
+ sessions. The default is ``no''. Note that login(1) is never
+ used for remote command execution. Note also, that if this is
+ enabled, X11Forwarding will be disabled because login(1) does not
+ know how to handle xauth(1) cookies. If UsePrivilegeSeparation
+ is specified, it will be disabled after authentication.
+
+ UsePAM Enables the Pluggable Authentication Module interface. If set to
+ ``yes'' this will enable PAM authentication using
+ ChallengeResponseAuthentication and PasswordAuthentication in
+ addition to PAM account and session module processing for all
+ authentication types.
+
+ Because PAM challenge-response authentication usually serves an
+ equivalent role to password authentication, you should disable
+ either PasswordAuthentication or ChallengeResponseAuthentication.
+
+ If UsePAM is enabled, you will not be able to run sshd(8) as a
+ non-root user. The default is ``no''.
+
+ UsePrivilegeSeparation
+ Specifies whether sshd(8) separates privileges by creating an
+ unprivileged child process to deal with incoming network traffic.
+ After successful authentication, another process will be created
+ that has the privilege of the authenticated user. The goal of
+ privilege separation is to prevent privilege escalation by
+ containing any corruption within the unprivileged processes. The
+ default is ``yes''. If UsePrivilegeSeparation is set to
+ ``sandbox'' then the pre-authentication unprivileged process is
+ subject to additional restrictions.
+
+ VersionAddendum
+ Optionally specifies additional text to append to the SSH
+ protocol banner sent by the server upon connection. The default
+ is ``none''.
+
+ X11DisplayOffset
+ Specifies the first display number available for sshd(8)'s X11
+ forwarding. This prevents sshd from interfering with real X11
+ servers. The default is 10.
+
+ X11Forwarding
+ Specifies whether X11 forwarding is permitted. The argument must
+ be ``yes'' or ``no''. The default is ``no''.
+
+ When X11 forwarding is enabled, there may be additional exposure
+ to the server and to client displays if the sshd(8) proxy display
+ is configured to listen on the wildcard address (see
+ X11UseLocalhost below), though this is not the default.
+ Additionally, the authentication spoofing and authentication data
+ verification and substitution occur on the client side. The
+ security risk of using X11 forwarding is that the client's X11
+ display server may be exposed to attack when the SSH client
+ requests forwarding (see the warnings for ForwardX11 in
+ ssh_config(5)). A system administrator may have a stance in
+ which they want to protect clients that may expose themselves to
+ attack by unwittingly requesting X11 forwarding, which can
+ warrant a ``no'' setting.
+
+ Note that disabling X11 forwarding does not prevent users from
+ forwarding X11 traffic, as users can always install their own
+ forwarders. X11 forwarding is automatically disabled if UseLogin
+ is enabled.
+
+ X11UseLocalhost
+ Specifies whether sshd(8) should bind the X11 forwarding server
+ to the loopback address or to the wildcard address. By default,
+ sshd binds the forwarding server to the loopback address and sets
+ the hostname part of the DISPLAY environment variable to
+ ``localhost''. This prevents remote hosts from connecting to the
+ proxy display. However, some older X11 clients may not function
+ with this configuration. X11UseLocalhost may be set to ``no'' to
+ specify that the forwarding server should be bound to the
+ wildcard address. The argument must be ``yes'' or ``no''. The
+ default is ``yes''.
+
+ XAuthLocation
+ Specifies the full pathname of the xauth(1) program. The default
+ is /usr/X11R6/bin/xauth.
+
+TIME FORMATS
+ sshd(8) command-line arguments and configuration file options that
+ specify time may be expressed using a sequence of the form:
+ time[qualifier], where time is a positive integer value and qualifier is
+ one of the following:
+
+ <none> seconds
+ s | S seconds
+ m | M minutes
+ h | H hours
+ d | D days
+ w | W weeks
+
+ Each member of the sequence is added together to calculate the total time
+ value.
+
+ Time format examples:
+
+ 600 600 seconds (10 minutes)
+ 10m 10 minutes
+ 1h30m 1 hour 30 minutes (90 minutes)
+
+FILES
+ /etc/ssh/sshd_config
+ Contains configuration data for sshd(8). This file should be
+ writable by root only, but it is recommended (though not
+ necessary) that it be world-readable.
+
+SEE ALSO
+ sshd(8)
+
+AUTHORS
+ OpenSSH is a derivative of the original and free ssh 1.2.12 release by
+ Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
+ de Raadt and Dug Song removed many bugs, re-added newer features and
+ created OpenSSH. Markus Friedl contributed the support for SSH protocol
+ versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
+ for privilege separation.
+
+OpenBSD 5.4 July 19, 2013 OpenBSD 5.4
Modified: vendor-crypto/openssh/dist/sshd_config.5
===================================================================
--- vendor-crypto/openssh/dist/sshd_config.5 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/sshd_config.5 2013-12-05 12:55:03 UTC (rev 6462)
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.131 2010/12/08 04:02:47 djm Exp $
-.Dd $Mdocdate: December 8 2010 $
+.\" $OpenBSD: sshd_config.5,v 1.162 2013/07/19 07:37:48 markus Exp $
+.Dd $Mdocdate: July 19 2013 $
.Dt SSHD_CONFIG 5
.Os
.Sh NAME
@@ -117,13 +117,24 @@
and finally
.Cm AllowGroups .
.Pp
-See
-.Sx PATTERNS
-in
+See PATTERNS in
.Xr ssh_config 5
for more information on patterns.
.It Cm AllowTcpForwarding
Specifies whether TCP forwarding is permitted.
+The available options are
+.Dq yes
+or
+.Dq all
+to allow TCP forwarding,
+.Dq no
+to prevent all TCP forwarding,
+.Dq local
+to allow local (from the perspective of
+.Xr ssh 1 )
+forwarding only or
+.Dq remote
+to allow remote forwarding only.
The default is
.Dq yes .
Note that disabling TCP forwarding does not improve security unless
@@ -146,16 +157,66 @@
and finally
.Cm AllowGroups .
.Pp
-See
-.Sx PATTERNS
-in
+See PATTERNS in
.Xr ssh_config 5
for more information on patterns.
+.It Cm AuthenticationMethods
+Specifies the authentication methods that must be successfully completed
+for a user to be granted access.
+This option must be followed by one or more comma-separated lists of
+authentication method names.
+Successful authentication requires completion of every method in at least
+one of these lists.
+.Pp
+For example, an argument of
+.Dq publickey,password publickey,keyboard-interactive
+would require the user to complete public key authentication, followed by
+either password or keyboard interactive authentication.
+Only methods that are next in one or more lists are offered at each stage,
+so for this example, it would not be possible to attempt password or
+keyboard-interactive authentication before public key.
+.Pp
+For keyboard interactive authentication it is also possible to
+restrict authentication to a specific device by appending a
+colon followed by the device identifier
+.Dq bsdauth ,
+.Dq pam ,
+or
+.Dq skey ,
+depending on the server configuration.
+For example,
+.Dq keyboard-interactive:bsdauth
+would restrict keyboard interactive authentication to the
+.Dq bsdauth
+device.
+.Pp
+This option is only available for SSH protocol 2 and will yield a fatal
+error if enabled if protocol 1 is also enabled.
+Note that each authentication method listed should also be explicitly enabled
+in the configuration.
+The default is not to require multiple authentication; successful completion
+of a single authentication method is sufficient.
+.It Cm AuthorizedKeysCommand
+Specifies a program to be used to look up the user's public keys.
+The program must be owned by root and not writable by group or others.
+It will be invoked with a single argument of the username
+being authenticated, and should produce on standard output zero or
+more lines of authorized_keys output (see AUTHORIZED_KEYS in
+.Xr sshd 8 ) .
+If a key supplied by AuthorizedKeysCommand does not successfully authenticate
+and authorize the user then public key authentication continues using the usual
+.Cm AuthorizedKeysFile
+files.
+By default, no AuthorizedKeysCommand is run.
+.It Cm AuthorizedKeysCommandUser
+Specifies the user under whose account the AuthorizedKeysCommand is run.
+It is recommended to use a dedicated user that has no other role on the host
+than running authorized keys commands.
.It Cm AuthorizedKeysFile
Specifies the file that contains the public keys that can be used
for user authentication.
The format is described in the
-.Sx AUTHORIZED_KEYS FILE FORMAT
+AUTHORIZED_KEYS FILE FORMAT
section of
.Xr sshd 8 .
.Cm AuthorizedKeysFile
@@ -168,8 +229,9 @@
.Cm AuthorizedKeysFile
is taken to be an absolute path or one relative to the user's home
directory.
+Multiple files may be listed, separated by whitespace.
The default is
-.Dq .ssh/authorized_keys .
+.Dq .ssh/authorized_keys .ssh/authorized_keys2 .
.It Cm AuthorizedPrincipalsFile
Specifies a file that lists principal names that are accepted for
certificate authentication.
@@ -178,9 +240,7 @@
this file lists names, one of which must appear in the certificate for it
to be accepted for authentication.
Names are listed one per line preceded by key options (as described
-in
-.Sx AUTHORIZED_KEYS FILE FORMAT
-in
+in AUTHORIZED_KEYS FILE FORMAT in
.Xr sshd 8 ) .
Empty lines and comments starting with
.Ql #
@@ -197,7 +257,9 @@
is taken to be an absolute path or one relative to the user's home
directory.
.Pp
-The default is not to use a principals file \(en in this case, the username
+The default is
+.Dq none ,
+i.e. not to use a principals file \(en in this case, the username
of the user must appear in a certificate's principals list for it to be
accepted.
Note that
@@ -281,6 +343,8 @@
.Dq aes128-ctr ,
.Dq aes192-ctr ,
.Dq aes256-ctr ,
+.Dq aes128-gcm at openssh.com ,
+.Dq aes256-gcm at openssh.com ,
.Dq arcfour128 ,
.Dq arcfour256 ,
.Dq arcfour ,
@@ -290,6 +354,7 @@
The default is:
.Bd -literal -offset 3n
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
+aes128-gcm at openssh.com,aes256-gcm at openssh.com,
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
aes256-cbc,arcfour
.Ed
@@ -353,9 +418,7 @@
and finally
.Cm AllowGroups .
.Pp
-See
-.Sx PATTERNS
-in
+See PATTERNS in
.Xr ssh_config 5
for more information on patterns.
.It Cm DenyUsers
@@ -374,9 +437,7 @@
and finally
.Cm AllowGroups .
.Pp
-See
-.Sx PATTERNS
-in
+See PATTERNS in
.Xr ssh_config 5
for more information on patterns.
.It Cm ForceCommand
@@ -485,6 +546,18 @@
or
.Dq rsa
are used for version 2 of the SSH protocol.
+It is also possible to specify public host key files instead.
+In this case operations on the private key will be delegated
+to an
+.Xr ssh-agent 1 .
+.It Cm HostKeyAgent
+Identifies the UNIX-domain socket used to communicate
+with an agent that has access to the private host keys.
+If
+.Dq SSH_AUTH_SOCK
+is specified, the location of the socket will be read from the
+.Ev SSH_AUTH_SOCK
+environment variable.
.It Cm IgnoreRhosts
Specifies that
.Pa .rhosts
@@ -518,7 +591,7 @@
.Dq af11 ,
.Dq af12 ,
.Dq af13 ,
-.Dq af14 ,
+.Dq af21 ,
.Dq af22 ,
.Dq af23 ,
.Dq af31 ,
@@ -651,10 +724,20 @@
The MAC algorithm is used in protocol version 2
for data integrity protection.
Multiple algorithms must be comma-separated.
+The algorithms that contain
+.Dq -etm
+calculate the MAC after encryption (encrypt-then-mac).
+These are considered safer and their use recommended.
The default is:
.Bd -literal -offset indent
-hmac-md5,hmac-sha1,umac-64 at openssh.com,
-hmac-ripemd160,hmac-sha1-96,hmac-md5-96
+hmac-md5-etm at openssh.com,hmac-sha1-etm at openssh.com,
+umac-64-etm at openssh.com,umac-128-etm at openssh.com,
+hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,
+hmac-ripemd160-etm at openssh.com,hmac-sha1-96-etm at openssh.com,
+hmac-md5-96-etm at openssh.com,
+hmac-md5,hmac-sha1,umac-64 at openssh.com,umac-128 at openssh.com,
+hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
+hmac-sha1-96,hmac-md5-96
.Ed
.It Cm Match
Introduces a conditional block.
@@ -672,12 +755,13 @@
.Cm User ,
.Cm Group ,
.Cm Host ,
+.Cm LocalAddress ,
+.Cm LocalPort ,
and
.Cm Address .
The match patterns may consist of single entries or comma-separated
lists and may use the wildcard and negation operators described in the
-.Sx PATTERNS
-section of
+PATTERNS section of
.Xr ssh_config 5 .
.Pp
The patterns in an
@@ -700,12 +784,20 @@
.Cm Match
keyword.
Available keywords are
+.Cm AcceptEnv ,
.Cm AllowAgentForwarding ,
+.Cm AllowGroups ,
.Cm AllowTcpForwarding ,
+.Cm AllowUsers ,
+.Cm AuthenticationMethods ,
+.Cm AuthorizedKeysCommand ,
+.Cm AuthorizedKeysCommandUser ,
.Cm AuthorizedKeysFile ,
.Cm AuthorizedPrincipalsFile ,
.Cm Banner ,
.Cm ChrootDirectory ,
+.Cm DenyGroups ,
+.Cm DenyUsers ,
.Cm ForceCommand ,
.Cm GatewayPorts ,
.Cm GSSAPIAuthentication ,
@@ -721,6 +813,7 @@
.Cm PermitRootLogin ,
.Cm PermitTunnel ,
.Cm PubkeyAuthentication ,
+.Cm RekeyLimit ,
.Cm RhostsRSAAuthentication ,
.Cm RSAAuthentication ,
.Cm X11DisplayOffset ,
@@ -742,7 +835,7 @@
Additional connections will be dropped until authentication succeeds or the
.Cm LoginGraceTime
expires for a connection.
-The default is 10.
+The default is 10:30:100.
.Pp
Alternatively, random early drop can be enabled by specifying
the three colon separated values
@@ -795,6 +888,9 @@
An argument of
.Dq any
can be used to remove all restrictions and permit any forwarding requests.
+An argument of
+.Dq none
+can be used to prohibit all forwarding requests.
By default all port forwarding requests are permitted.
.It Cm PermitRootLogin
Specifies whether root can log in using
@@ -912,11 +1008,42 @@
The default is
.Dq yes .
Note that this option applies to protocol version 2 only.
+.It Cm RekeyLimit
+Specifies the maximum amount of data that may be transmitted before the
+session key is renegotiated, optionally followed a maximum amount of
+time that may pass before the session key is renegotiated.
+The first argument is specified in bytes and may have a suffix of
+.Sq K ,
+.Sq M ,
+or
+.Sq G
+to indicate Kilobytes, Megabytes, or Gigabytes, respectively.
+The default is between
+.Sq 1G
+and
+.Sq 4G ,
+depending on the cipher.
+The optional second value is specified in seconds and may use any of the
+units documented in the
+.Sx TIME FORMATS
+section.
+The default value for
+.Cm RekeyLimit
+is
+.Dq default none ,
+which means that rekeying is performed after the cipher's default amount
+of data has been sent or received and no time based rekeying is done.
+This option applies to protocol version 2 only.
.It Cm RevokedKeys
-Specifies a list of revoked public keys.
+Specifies revoked public keys.
Keys listed in this file will be refused for public key authentication.
Note that if this file is not readable, then public key authentication will
be refused for all users.
+Keys may be specified as a text file, listing one public key per line, or as
+an OpenSSH Key Revocation List (KRL) as generated by
+.Xr ssh-keygen 1 .
+For more information on KRLs, see the KEY REVOCATION LISTS section in
+.Xr ssh-keygen 1 .
.It Cm RhostsRSAAuthentication
Specifies whether rhosts or /etc/hosts.equiv authentication together
with successful RSA host authentication is allowed.
@@ -1004,9 +1131,7 @@
Note that certificates that lack a list of principals will not be permitted
for authentication using
.Cm TrustedUserCAKeys .
-For more details on certificates, see the
-.Sx CERTIFICATES
-section in
+For more details on certificates, see the CERTIFICATES section in
.Xr ssh-keygen 1 .
.It Cm UseDNS
Specifies whether
@@ -1070,6 +1195,17 @@
escalation by containing any corruption within the unprivileged processes.
The default is
.Dq yes .
+If
+.Cm UsePrivilegeSeparation
+is set to
+.Dq sandbox
+then the pre-authentication unprivileged process is subject to additional
+restrictions.
+.It Cm VersionAddendum
+Optionally specifies additional text to append to the SSH protocol banner
+sent by the server upon connection.
+The default is
+.Dq none .
.It Cm X11DisplayOffset
Specifies the first display number available for
.Xr sshd 8 Ns 's
Property changes on: vendor-crypto/openssh/dist/sshd_config.5
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.9
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/sshlogin.c
===================================================================
--- vendor-crypto/openssh/dist/sshlogin.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/sshlogin.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -97,7 +97,7 @@
time_string = sys_auth_get_lastlogin_msg(user, uid);
if (time_string != NULL) {
buffer_append(&loginmsg, time_string, strlen(time_string));
- xfree(time_string);
+ free(time_string);
}
# else
last_login_time = get_last_login_time(uid, user, hostname,
Property changes on: vendor-crypto/openssh/dist/sshlogin.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.6
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/sshlogin.h
===================================================================
--- vendor-crypto/openssh/dist/sshlogin.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/sshlogin.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -15,7 +15,7 @@
void record_login(pid_t, const char *, const char *, uid_t,
const char *, struct sockaddr *, socklen_t);
void record_logout(pid_t, const char *, const char *);
-time_t get_last_login_time(uid_t, const char *, char *, u_int);
+time_t get_last_login_time(uid_t, const char *, char *, size_t);
#ifdef LOGIN_NEEDS_UTMPX
void record_utmp_only(pid_t, const char *, const char *, const char *,
Property changes on: vendor-crypto/openssh/dist/sshlogin.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Index: vendor-crypto/openssh/dist/sshpty.c
===================================================================
--- vendor-crypto/openssh/dist/sshpty.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/sshpty.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/sshpty.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.6
\ No newline at end of property
Index: vendor-crypto/openssh/dist/sshpty.h
===================================================================
--- vendor-crypto/openssh/dist/sshpty.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/sshpty.h 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/sshpty.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Index: vendor-crypto/openssh/dist/sshtty.c
===================================================================
--- vendor-crypto/openssh/dist/sshtty.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/sshtty.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/sshtty.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Index: vendor-crypto/openssh/dist/survey.sh.in
===================================================================
--- vendor-crypto/openssh/dist/survey.sh.in 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/survey.sh.in 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/survey.sh.in
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Index: vendor-crypto/openssh/dist/ttymodes.c
===================================================================
--- vendor-crypto/openssh/dist/ttymodes.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/ttymodes.c 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/ttymodes.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Index: vendor-crypto/openssh/dist/ttymodes.h
===================================================================
--- vendor-crypto/openssh/dist/ttymodes.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/ttymodes.h 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/ttymodes.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Deleted: vendor-crypto/openssh/dist/typescript
===================================================================
--- vendor-crypto/openssh/dist/typescript 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/typescript 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,92 +0,0 @@
-Script started on Sun Apr 6 00:37:52 2008
-defiant# ls
-
-CREDITS crc32.c readpass.c
-ChangeLog crc32.h regress
-INSTALL deattack.c rijndael.c
-LICENCE deattack.h rijndael.h
-Makefile.in defines.h rsa.c
-OVERVIEW dh.c rsa.h
-README dh.h scard
-README.dns dispatch.c scard-opensc.c
-README.platform dispatch.h scard.c
-README.privsep dns.c scard.h
-README.smartcard dns.h scp.1
-README.tun entropy.c scp.c
-RFC.nroff entropy.h servconf.c
-TODO fatal.c servconf.h
-WARNING.RNG fixpaths serverloop.c
-aclocal.m4 fixprogs serverloop.h
-acss.c groupaccess.c session.c
-acss.h groupaccess.h session.h
-atomicio.c gss-genr.c sftp-client.c
-atomicio.h gss-serv-krb5.c sftp-client.h
-audit-bsm.c gss-serv.c sftp-common.c
-audit.c hostfile.c sftp-common.h
-audit.h hostfile.h sftp-glob.c
-auth-bsdauth.c includes.h sftp-server-main.c
-auth-chall.c install-sh sftp-server.8
-auth-krb5.c kex.c sftp-server.c
-auth-options.c kex.h sftp.1
-auth-options.h kexdh.c sftp.c
-auth-pam.c kexdhc.c sftp.h
-auth-pam.h kexdhs.c ssh-add.1
-auth-passwd.c kexgex.c ssh-add.c
-auth-rh-rsa.c kexgexc.c ssh-agent.1
-auth-rhosts.c kexgexs.c ssh-agent.c
-auth-rsa.c key.c ssh-dss.c
-auth-shadow.c key.h ssh-gss.h
-auth-sia.c log.c ssh-keygen.1
-auth-sia.h log.h ssh-keygen.c
-auth-skey.c loginrec.c ssh-keyscan.1
-auth.c loginrec.h ssh-keyscan.c
-auth.h logintest.c ssh-keysign.8
-auth1.c mac.c ssh-keysign.c
-auth2-chall.c mac.h ssh-rand-helper.8
-auth2-gss.c match.c ssh-rand-helper.c
-auth2-hostbased.c match.h ssh-rsa.c
-auth2-kbdint.c md-sha256.c ssh.1
-auth2-none.c md5crypt.c ssh.c
-auth2-passwd.c md5crypt.h ssh.h
-auth2-pubkey.c mdoc2man.awk ssh1.h
-auth2.c misc.c ssh2.h
-authfd.c misc.h ssh_config
-authfd.h mkinstalldirs ssh_config.5
-authfile.c moduli ssh_prng_cmds.in
-authfile.h moduli.c sshconnect.c
-bufaux.c monitor.c sshconnect.h
-bufbn.c monitor.h sshconnect1.c
-buffer.c monitor_fdpass.c sshconnect2.c
-buffer.h monitor_fdpass.h sshd.8
-buildpkg.sh.in monitor_mm.c sshd.c
-canohost.c monitor_mm.h sshd_config
-canohost.h monitor_wrap.c sshd_config.5
-channels.c monitor_wrap.h sshlogin.c
-channels.h msg.c sshlogin.h
-cipher-3des1.c msg.h sshpty.c
-cipher-acss.c myproposal.h sshpty.h
-cipher-aes.c nchan.c sshtty.c
-cipher-bf1.c nchan.ms survey.sh.in
-cipher-ctr.c nchan2.ms ttymodes.c
-cipher.c openbsd-compat ttymodes.h
-cipher.h openssh.xml.in typescript
-cleanup.c opensshd.init.in uidswap.c
-clientloop.c packet.c uidswap.h
-clientloop.h packet.h umac.c
-compat.c pathnames.h umac.h
-compat.h platform.c uuencode.c
-compress.c platform.h uuencode.h
-compress.h progressmeter.c version.h
-config.guess progressmeter.h xmalloc.c
-config.sub readconf.c xmalloc.h
-configure.ac readconf.h
-defiant# cvs imprt ���[K��[K��[Ko��[Kport src/crypto/openssh OPENSSH OpenSSH_4_0��[K9p1
-
-laffer1 at stargazer's password:
-�(B�)0�[1;24r�[m��[4l�[?1h�=�[H�[2JCVS: ----------------------------------------------------------------------
-�[1BCVS: Enter Log. Lines beginning with `CVS:' are removed automatically
-�[1BCVS:
-�[1BCVS: ----------------------------------------------------------------------
-�[1B~�[1B�~�[1B�~�[1B�~�[1B�~�[1B�~�[1B�~�[1B�~�[1B�~�[1B�~�[1B�~�[1B�~�[1B�~�[1B�~�[1B�~�[1B�~�[1B�~�[1B�~�[1B�~�[H�[23B/tmp/cvsdxqWgb: unmodified: line 1�[H�[23B�[K�[H�[1;23r�[1;1H�M�[1;24r�[2;1H�[22BCopying file for recovery...
-�[K�[2;1H�[AImport virgin OpenSSH 4.9p1�
-�[23B:wq
\ No newline at end of file
Modified: vendor-crypto/openssh/dist/uidswap.c
===================================================================
--- vendor-crypto/openssh/dist/uidswap.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/uidswap.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -90,8 +90,7 @@
if (getgroups(saved_egroupslen, saved_egroups) < 0)
fatal("getgroups: %.100s", strerror(errno));
} else { /* saved_egroupslen == 0 */
- if (saved_egroups != NULL)
- xfree(saved_egroups);
+ free(saved_egroups);
}
/* set and save the user's groups */
@@ -109,8 +108,7 @@
if (getgroups(user_groupslen, user_groups) < 0)
fatal("getgroups: %.100s", strerror(errno));
} else { /* user_groupslen == 0 */
- if (user_groups)
- xfree(user_groups);
+ free(user_groups);
}
}
/* Set the effective uid to the given (unprivileged) uid. */
@@ -138,20 +136,8 @@
uid_t old_uid = getuid();
debug("permanently_drop_suid: %u", (u_int)uid);
-#if defined(HAVE_SETRESUID) && !defined(BROKEN_SETRESUID)
if (setresuid(uid, uid, uid) < 0)
fatal("setresuid %u: %.100s", (u_int)uid, strerror(errno));
-#elif defined(HAVE_SETREUID) && !defined(BROKEN_SETREUID)
- if (setreuid(uid, uid) < 0)
- fatal("setreuid %u: %.100s", (u_int)uid, strerror(errno));
-#else
-# ifndef SETEUID_BREAKS_SETUID
- if (seteuid(uid) < 0)
- fatal("seteuid %u: %.100s", (u_int)uid, strerror(errno));
-# endif
- if (setuid(uid) < 0)
- fatal("setuid %u: %.100s", (u_int)uid, strerror(errno));
-#endif
#ifndef HAVE_CYGWIN
/* Try restoration of UID if changed (test clearing of saved uid) */
@@ -220,18 +206,8 @@
debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid,
(u_int)pw->pw_gid);
-#if defined(HAVE_SETRESGID) && !defined(BROKEN_SETRESGID)
if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0)
fatal("setresgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
-#elif defined(HAVE_SETREGID) && !defined(BROKEN_SETREGID)
- if (setregid(pw->pw_gid, pw->pw_gid) < 0)
- fatal("setregid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
-#else
- if (setegid(pw->pw_gid) < 0)
- fatal("setegid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
- if (setgid(pw->pw_gid) < 0)
- fatal("setgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
-#endif
#ifdef __APPLE__
/*
@@ -243,20 +219,8 @@
pw->pw_name, (u_int)pw->pw_gid, strerror(errno));
#endif
-#if defined(HAVE_SETRESUID) && !defined(BROKEN_SETRESUID)
if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0)
fatal("setresuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));
-#elif defined(HAVE_SETREUID) && !defined(BROKEN_SETREUID)
- if (setreuid(pw->pw_uid, pw->pw_uid) < 0)
- fatal("setreuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));
-#else
-# ifndef SETEUID_BREAKS_SETUID
- if (seteuid(pw->pw_uid) < 0)
- fatal("seteuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));
-# endif
- if (setuid(pw->pw_uid) < 0)
- fatal("setuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));
-#endif
#ifndef HAVE_CYGWIN
/* Try restoration of GID if changed (test clearing of saved gid) */
Property changes on: vendor-crypto/openssh/dist/uidswap.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Index: vendor-crypto/openssh/dist/uidswap.h
===================================================================
--- vendor-crypto/openssh/dist/uidswap.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/uidswap.h 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/uidswap.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/umac.c
===================================================================
--- vendor-crypto/openssh/dist/umac.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/umac.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: umac.c,v 1.3 2008/05/12 20:52:20 pvalchev Exp $ */
+/* $OpenBSD: umac.c,v 1.8 2013/11/08 00:39:15 djm Exp $ */
/* -----------------------------------------------------------------------
*
* umac.c -- C Implementation UMAC Message Authentication
@@ -52,7 +52,15 @@
/* --- User Switches ---------------------------------------------------- */
/* ---------------------------------------------------------------------- */
+#ifndef UMAC_OUTPUT_LEN
#define UMAC_OUTPUT_LEN 8 /* Alowable: 4, 8, 12, 16 */
+#endif
+
+#if UMAC_OUTPUT_LEN != 4 && UMAC_OUTPUT_LEN != 8 && \
+ UMAC_OUTPUT_LEN != 12 && UMAC_OUTPUT_LEN != 16
+# error UMAC_OUTPUT_LEN must be defined to 4, 8, 12 or 16
+#endif
+
/* #define FORCE_C_ONLY 1 ANSI C and 64-bit integers req'd */
/* #define AES_IMPLEMENTAION 1 1 = OpenSSL, 2 = Barreto, 3 = Gladman */
/* #define SSE2 0 Is SSE2 is available? */
@@ -124,13 +132,13 @@
/* ---------------------------------------------------------------------- */
#if HAVE_SWAP32
-#define LOAD_UINT32_REVERSED(p) (swap32(*(UINT32 *)(p)))
+#define LOAD_UINT32_REVERSED(p) (swap32(*(const UINT32 *)(p)))
#define STORE_UINT32_REVERSED(p,v) (*(UINT32 *)(p) = swap32(v))
#else /* HAVE_SWAP32 */
-static UINT32 LOAD_UINT32_REVERSED(void *ptr)
+static UINT32 LOAD_UINT32_REVERSED(const void *ptr)
{
- UINT32 temp = *(UINT32 *)ptr;
+ UINT32 temp = *(const UINT32 *)ptr;
temp = (temp >> 24) | ((temp & 0x00FF0000) >> 8 )
| ((temp & 0x0000FF00) << 8 ) | (temp << 24);
return (UINT32)temp;
@@ -151,7 +159,7 @@
*/
#if (__LITTLE_ENDIAN__)
-#define LOAD_UINT32_LITTLE(ptr) (*(UINT32 *)(ptr))
+#define LOAD_UINT32_LITTLE(ptr) (*(const UINT32 *)(ptr))
#define STORE_UINT32_BIG(ptr,x) STORE_UINT32_REVERSED(ptr,x)
#else
#define LOAD_UINT32_LITTLE(ptr) LOAD_UINT32_REVERSED(ptr)
@@ -176,7 +184,7 @@
#define aes_encryption(in,out,int_key) \
AES_encrypt((u_char *)(in),(u_char *)(out),(AES_KEY *)int_key)
#define aes_key_setup(key,int_key) \
- AES_set_encrypt_key((u_char *)(key),UMAC_KEY_LEN*8,int_key)
+ AES_set_encrypt_key((const u_char *)(key),UMAC_KEY_LEN*8,int_key)
/* The user-supplied UMAC key is stretched using AES in a counter
* mode to supply all random bits needed by UMAC. The kdf function takes
@@ -232,7 +240,7 @@
aes_encryption(pc->nonce, pc->cache, pc->prf_key);
}
-static void pdf_gen_xor(pdf_ctx *pc, UINT8 nonce[8], UINT8 buf[8])
+static void pdf_gen_xor(pdf_ctx *pc, const UINT8 nonce[8], UINT8 buf[8])
{
/* 'ndx' indicates that we'll be using the 0th or 1st eight bytes
* of the AES output. If last time around we returned the ndx-1st
@@ -246,19 +254,21 @@
#elif (UMAC_OUTPUT_LEN > 8)
#define LOW_BIT_MASK 0
#endif
-
- UINT8 tmp_nonce_lo[4];
+ union {
+ UINT8 tmp_nonce_lo[4];
+ UINT32 align;
+ } t;
#if LOW_BIT_MASK != 0
int ndx = nonce[7] & LOW_BIT_MASK;
#endif
- *(UINT32 *)tmp_nonce_lo = ((UINT32 *)nonce)[1];
- tmp_nonce_lo[3] &= ~LOW_BIT_MASK; /* zero last bit */
+ *(UINT32 *)t.tmp_nonce_lo = ((const UINT32 *)nonce)[1];
+ t.tmp_nonce_lo[3] &= ~LOW_BIT_MASK; /* zero last bit */
- if ( (((UINT32 *)tmp_nonce_lo)[0] != ((UINT32 *)pc->nonce)[1]) ||
- (((UINT32 *)nonce)[0] != ((UINT32 *)pc->nonce)[0]) )
+ if ( (((UINT32 *)t.tmp_nonce_lo)[0] != ((UINT32 *)pc->nonce)[1]) ||
+ (((const UINT32 *)nonce)[0] != ((UINT32 *)pc->nonce)[0]) )
{
- ((UINT32 *)pc->nonce)[0] = ((UINT32 *)nonce)[0];
- ((UINT32 *)pc->nonce)[1] = ((UINT32 *)tmp_nonce_lo)[0];
+ ((UINT32 *)pc->nonce)[0] = ((const UINT32 *)nonce)[0];
+ ((UINT32 *)pc->nonce)[1] = ((UINT32 *)t.tmp_nonce_lo)[0];
aes_encryption(pc->nonce, pc->cache, pc->prf_key);
}
@@ -316,7 +326,7 @@
typedef struct {
UINT8 nh_key [L1_KEY_LEN + L1_KEY_SHIFT * (STREAMS - 1)]; /* NH Key */
- UINT8 data [HASH_BUF_BYTES]; /* Incomming data buffer */
+ UINT8 data [HASH_BUF_BYTES]; /* Incoming data buffer */
int next_data_empty; /* Bookeeping variable for data buffer. */
int bytes_hashed; /* Bytes (out of L1_KEY_LEN) incorperated. */
UINT64 state[STREAMS]; /* on-line state */
@@ -325,7 +335,7 @@
#if (UMAC_OUTPUT_LEN == 4)
-static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen)
+static void nh_aux(void *kp, const void *dp, void *hp, UINT32 dlen)
/* NH hashing primitive. Previous (partial) hash result is loaded and
* then stored via hp pointer. The length of the data pointed at by "dp",
* "dlen", is guaranteed to be divisible by L1_PAD_BOUNDARY (32). Key
@@ -335,7 +345,7 @@
UINT64 h;
UWORD c = dlen / 32;
UINT32 *k = (UINT32 *)kp;
- UINT32 *d = (UINT32 *)dp;
+ const UINT32 *d = (const UINT32 *)dp;
UINT32 d0,d1,d2,d3,d4,d5,d6,d7;
UINT32 k0,k1,k2,k3,k4,k5,k6,k7;
@@ -360,7 +370,7 @@
#elif (UMAC_OUTPUT_LEN == 8)
-static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen)
+static void nh_aux(void *kp, const void *dp, void *hp, UINT32 dlen)
/* Same as previous nh_aux, but two streams are handled in one pass,
* reading and writing 16 bytes of hash-state per call.
*/
@@ -368,7 +378,7 @@
UINT64 h1,h2;
UWORD c = dlen / 32;
UINT32 *k = (UINT32 *)kp;
- UINT32 *d = (UINT32 *)dp;
+ const UINT32 *d = (const UINT32 *)dp;
UINT32 d0,d1,d2,d3,d4,d5,d6,d7;
UINT32 k0,k1,k2,k3,k4,k5,k6,k7,
k8,k9,k10,k11;
@@ -407,7 +417,7 @@
#elif (UMAC_OUTPUT_LEN == 12)
-static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen)
+static void nh_aux(void *kp, const void *dp, void *hp, UINT32 dlen)
/* Same as previous nh_aux, but two streams are handled in one pass,
* reading and writing 24 bytes of hash-state per call.
*/
@@ -415,7 +425,7 @@
UINT64 h1,h2,h3;
UWORD c = dlen / 32;
UINT32 *k = (UINT32 *)kp;
- UINT32 *d = (UINT32 *)dp;
+ const UINT32 *d = (const UINT32 *)dp;
UINT32 d0,d1,d2,d3,d4,d5,d6,d7;
UINT32 k0,k1,k2,k3,k4,k5,k6,k7,
k8,k9,k10,k11,k12,k13,k14,k15;
@@ -462,7 +472,7 @@
#elif (UMAC_OUTPUT_LEN == 16)
-static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen)
+static void nh_aux(void *kp, const void *dp, void *hp, UINT32 dlen)
/* Same as previous nh_aux, but two streams are handled in one pass,
* reading and writing 24 bytes of hash-state per call.
*/
@@ -470,7 +480,7 @@
UINT64 h1,h2,h3,h4;
UWORD c = dlen / 32;
UINT32 *k = (UINT32 *)kp;
- UINT32 *d = (UINT32 *)dp;
+ const UINT32 *d = (const UINT32 *)dp;
UINT32 d0,d1,d2,d3,d4,d5,d6,d7;
UINT32 k0,k1,k2,k3,k4,k5,k6,k7,
k8,k9,k10,k11,k12,k13,k14,k15,
@@ -531,7 +541,7 @@
/* ---------------------------------------------------------------------- */
-static void nh_transform(nh_ctx *hc, UINT8 *buf, UINT32 nbytes)
+static void nh_transform(nh_ctx *hc, const UINT8 *buf, UINT32 nbytes)
/* This function is a wrapper for the primitive NH hash functions. It takes
* as argument "hc" the current hash context and a buffer which must be a
* multiple of L1_PAD_BOUNDARY. The key passed to nh_aux is offset
@@ -606,7 +616,7 @@
/* ---------------------------------------------------------------------- */
-static void nh_update(nh_ctx *hc, UINT8 *buf, UINT32 nbytes)
+static void nh_update(nh_ctx *hc, const UINT8 *buf, UINT32 nbytes)
/* Incorporate nbytes of data into a nh_ctx, buffer whatever is not an */
/* even multiple of HASH_BUF_BYTES. */
{
@@ -701,7 +711,7 @@
/* ---------------------------------------------------------------------- */
-static void nh(nh_ctx *hc, UINT8 *buf, UINT32 padded_len,
+static void nh(nh_ctx *hc, const UINT8 *buf, UINT32 padded_len,
UINT32 unpadded_len, UINT8 *result)
/* All-in-one nh_update() and nh_final() equivalent.
* Assumes that padded_len is divisible by L1_PAD_BOUNDARY and result is
@@ -1039,7 +1049,7 @@
#endif
/* ---------------------------------------------------------------------- */
-static int uhash_update(uhash_ctx_t ctx, u_char *input, long len)
+static int uhash_update(uhash_ctx_t ctx, const u_char *input, long len)
/* Given len bytes of data, we parse it into L1_KEY_LEN chunks and
* hash each one with NH, calling the polyhash on each NH output.
*/
@@ -1049,7 +1059,7 @@
UINT8 *nh_result = (UINT8 *)&result_buf;
if (ctx->msg_len + len <= L1_KEY_LEN) {
- nh_update(&ctx->hash, (UINT8 *)input, len);
+ nh_update(&ctx->hash, (const UINT8 *)input, len);
ctx->msg_len += len;
} else {
@@ -1064,7 +1074,7 @@
/* bytes to complete the current nh_block. */
if (bytes_hashed) {
bytes_remaining = (L1_KEY_LEN - bytes_hashed);
- nh_update(&ctx->hash, (UINT8 *)input, bytes_remaining);
+ nh_update(&ctx->hash, (const UINT8 *)input, bytes_remaining);
nh_final(&ctx->hash, nh_result);
ctx->msg_len += bytes_remaining;
poly_hash(ctx,(UINT32 *)nh_result);
@@ -1074,7 +1084,7 @@
/* Hash directly from input stream if enough bytes */
while (len >= L1_KEY_LEN) {
- nh(&ctx->hash, (UINT8 *)input, L1_KEY_LEN,
+ nh(&ctx->hash, (const UINT8 *)input, L1_KEY_LEN,
L1_KEY_LEN, nh_result);
ctx->msg_len += L1_KEY_LEN;
len -= L1_KEY_LEN;
@@ -1085,7 +1095,7 @@
/* pass remaining < L1_KEY_LEN bytes of input data to NH */
if (len) {
- nh_update(&ctx->hash, (UINT8 *)input, len);
+ nh_update(&ctx->hash, (const UINT8 *)input, len);
ctx->msg_len += len;
}
}
@@ -1201,7 +1211,7 @@
if (ctx) {
if (ALLOC_BOUNDARY)
ctx = (struct umac_ctx *)ctx->free_ptr;
- xfree(ctx);
+ free(ctx);
}
return (1);
}
@@ -1208,7 +1218,7 @@
/* ---------------------------------------------------------------------- */
-struct umac_ctx *umac_new(u_char key[])
+struct umac_ctx *umac_new(const u_char key[])
/* Dynamically allocate a umac_ctx struct, initialize variables,
* generate subkeys from key. Align to 16-byte boundary.
*/
@@ -1217,7 +1227,7 @@
size_t bytes_to_add;
aes_int_key prf_key;
- octx = ctx = xmalloc(sizeof(*ctx) + ALLOC_BOUNDARY);
+ octx = ctx = xcalloc(1, sizeof(*ctx) + ALLOC_BOUNDARY);
if (ctx) {
if (ALLOC_BOUNDARY) {
bytes_to_add = ALLOC_BOUNDARY -
@@ -1225,7 +1235,7 @@
ctx = (struct umac_ctx *)((u_char *)ctx + bytes_to_add);
}
ctx->free_ptr = octx;
- aes_key_setup(key,prf_key);
+ aes_key_setup(key, prf_key);
pdf_init(&ctx->pdf, prf_key);
uhash_init(&ctx->hash, prf_key);
}
@@ -1235,11 +1245,11 @@
/* ---------------------------------------------------------------------- */
-int umac_final(struct umac_ctx *ctx, u_char tag[], u_char nonce[8])
+int umac_final(struct umac_ctx *ctx, u_char tag[], const u_char nonce[8])
/* Incorporate any pending data, pad, and generate tag */
{
uhash_final(&ctx->hash, (u_char *)tag);
- pdf_gen_xor(&ctx->pdf, (UINT8 *)nonce, (UINT8 *)tag);
+ pdf_gen_xor(&ctx->pdf, (const UINT8 *)nonce, (UINT8 *)tag);
return (1);
}
@@ -1246,7 +1256,7 @@
/* ---------------------------------------------------------------------- */
-int umac_update(struct umac_ctx *ctx, u_char *input, long len)
+int umac_update(struct umac_ctx *ctx, const u_char *input, long len)
/* Given len bytes of data, we parse it into L1_KEY_LEN chunks and */
/* hash each one, calling the PDF on the hashed output whenever the hash- */
/* output buffer is full. */
Property changes on: vendor-crypto/openssh/dist/umac.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/umac.h
===================================================================
--- vendor-crypto/openssh/dist/umac.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/umac.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: umac.h,v 1.1 2007/06/07 19:37:34 pvalchev Exp $ */
+/* $OpenBSD: umac.h,v 1.3 2013/07/22 12:20:02 djm Exp $ */
/* -----------------------------------------------------------------------
*
* umac.h -- C Implementation UMAC Message Authentication
@@ -52,7 +52,7 @@
extern "C" {
#endif
-struct umac_ctx *umac_new(u_char key[]);
+struct umac_ctx *umac_new(const u_char key[]);
/* Dynamically allocate a umac_ctx struct, initialize variables,
* generate subkeys from key.
*/
@@ -62,10 +62,10 @@
/* Reset a umac_ctx to begin authenicating a new message */
#endif
-int umac_update(struct umac_ctx *ctx, u_char *input, long len);
+int umac_update(struct umac_ctx *ctx, const u_char *input, long len);
/* Incorporate len bytes pointed to by input into context ctx */
-int umac_final(struct umac_ctx *ctx, u_char tag[], u_char nonce[8]);
+int umac_final(struct umac_ctx *ctx, u_char tag[], const u_char nonce[8]);
/* Incorporate any pending data and the ctr value, and return tag.
* This function returns error code if ctr < 0.
*/
@@ -116,6 +116,12 @@
#endif
+/* matching umac-128 API, we reuse umac_ctx, since it's opaque */
+struct umac_ctx *umac128_new(const u_char key[]);
+int umac128_update(struct umac_ctx *ctx, const u_char *input, long len);
+int umac128_final(struct umac_ctx *ctx, u_char tag[], const u_char nonce[8]);
+int umac128_delete(struct umac_ctx *ctx);
+
#ifdef __cplusplus
}
#endif
Property changes on: vendor-crypto/openssh/dist/umac.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.1
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/uuencode.c
===================================================================
--- vendor-crypto/openssh/dist/uuencode.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/uuencode.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: uuencode.c,v 1.26 2010/08/31 11:54:45 djm Exp $ */
+/* $OpenBSD: uuencode.c,v 1.27 2013/05/17 00:13:14 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -29,6 +29,7 @@
#include <netinet/in.h>
#include <resolv.h>
#include <stdio.h>
+#include <stdlib.h>
#include "xmalloc.h"
#include "uuencode.h"
@@ -67,7 +68,7 @@
/* and remove trailing whitespace because __b64_pton needs this */
*p = '\0';
len = __b64_pton(encoded, target, targsize);
- xfree(encoded);
+ free(encoded);
return len;
}
@@ -90,5 +91,5 @@
}
if (i % 70 != 69)
fprintf(fp, "\n");
- xfree(buf);
+ free(buf);
}
Property changes on: vendor-crypto/openssh/dist/uuencode.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.5
\ No newline at end of property
Index: vendor-crypto/openssh/dist/uuencode.h
===================================================================
--- vendor-crypto/openssh/dist/uuencode.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/uuencode.h 2013-12-05 12:55:03 UTC (rev 6462)
Property changes on: vendor-crypto/openssh/dist/uuencode.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.3
\ No newline at end of property
Deleted: vendor-crypto/openssh/dist/version.c
===================================================================
--- vendor-crypto/openssh/dist/version.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/version.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,58 +0,0 @@
-/*-
- * Copyright (c) 2001 Brian Fundakowski Feldman
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- */
-
-#include "includes.h"
-#include "version.h"
-#include "xmalloc.h"
-
-
-static char *version = NULL;
-
-const char *
-ssh_version_get(void) {
-
- if (version == NULL)
- version = xstrdup(SSH_VERSION_BASE " " SSH_VERSION_ADDENDUM);
- return (version);
-}
-
-void
-ssh_version_set_addendum(const char *add) {
- char *newvers;
- size_t size;
-
- if (add != NULL) {
- size = strlen(SSH_VERSION_BASE) + 1 + strlen(add) + 1;
- newvers = xmalloc(size);
- snprintf(newvers, size, "%s %s", SSH_VERSION_BASE, add);
- } else {
- newvers = xstrdup(SSH_VERSION_BASE);
- }
- if (version != NULL)
- xfree(version);
- version = newvers;
-}
Modified: vendor-crypto/openssh/dist/version.h
===================================================================
--- vendor-crypto/openssh/dist/version.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/version.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,6 +1,6 @@
-/* $OpenBSD: version.h,v 1.61 2011/02/04 00:44:43 djm Exp $ */
+/* $OpenBSD: version.h,v 1.68 2013/11/08 01:38:11 djm Exp $ */
-#define SSH_VERSION "OpenSSH_5.8"
+#define SSH_VERSION "OpenSSH_6.4"
-#define SSH_PORTABLE "p2"
+#define SSH_PORTABLE "p1"
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
Property changes on: vendor-crypto/openssh/dist/version.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.11
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/xmalloc.c
===================================================================
--- vendor-crypto/openssh/dist/xmalloc.c 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/xmalloc.c 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: xmalloc.c,v 1.27 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: xmalloc.c,v 1.28 2013/05/17 00:13:14 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -73,14 +73,6 @@
return new_ptr;
}
-void
-xfree(void *ptr)
-{
- if (ptr == NULL)
- fatal("xfree: NULL pointer given as argument");
- free(ptr);
-}
-
char *
xstrdup(const char *str)
{
Property changes on: vendor-crypto/openssh/dist/xmalloc.c
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.4
\ No newline at end of property
Modified: vendor-crypto/openssh/dist/xmalloc.h
===================================================================
--- vendor-crypto/openssh/dist/xmalloc.h 2013-12-04 03:47:58 UTC (rev 6461)
+++ vendor-crypto/openssh/dist/xmalloc.h 2013-12-05 12:55:03 UTC (rev 6462)
@@ -1,4 +1,4 @@
-/* $OpenBSD: xmalloc.h,v 1.13 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: xmalloc.h,v 1.14 2013/05/17 00:13:14 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -19,7 +19,6 @@
void *xmalloc(size_t);
void *xcalloc(size_t, size_t);
void *xrealloc(void *, size_t, size_t);
-void xfree(void *);
char *xstrdup(const char *);
int xasprintf(char **, const char *, ...)
__attribute__((__format__ (printf, 2, 3)))
Property changes on: vendor-crypto/openssh/dist/xmalloc.h
___________________________________________________________________
Deleted: cvs2svn:cvs-rev
## -1 +0,0 ##
-1.1.1.2
\ No newline at end of property
More information about the Midnightbsd-cvs
mailing list