* New upstream release (closes: #536182). Yes, I know 5.3p1 has been out

for a while, but there's no GSSAPI patch available for it yet. - Change the default cipher order to prefer the AES CTR modes and the revised "arcfour256" mode to CBC mode ciphers that are susceptible to CPNI-957037 "Plaintext Recovery Attack Against SSH". - Add countermeasures to mitigate CPNI-957037-style attacks against the SSH protocol's use of CBC-mode ciphers. Upon detection of an invalid packet length or Message Authentication Code, ssh/sshd will continue reading up to the maximum supported packet length rather than immediately terminating the connection. This eliminates most of the known differences in behaviour that leaked information about the plaintext of injected data which formed the basis of this attack (closes: #506115, LP: #379329). - ForceCommand directive now accepts commandline arguments for the internal-sftp server (closes: #524423, LP: #362511). - Add AllowAgentForwarding to available Match keywords list (closes: #540623). - Make ssh(1) send the correct channel number for SSH2_MSG_CHANNEL_SUCCESS and SSH2_MSG_CHANNEL_FAILURE messages to avoid triggering 'Non-public channel' error messages on sshd(8) in openssh-5.1. - Avoid printing 'Non-public channel' warnings in sshd(8), since the ssh(1) has sent incorrect channel numbers since ~2004 (this reverts a behaviour introduced in openssh-5.1; closes: #496017). * Update to GSSAPI patch from http://www.sxw.org.uk/computing/patches/openssh-5.2p1-gsskex-all-20090726.patch, including cascading credentials support (LP: #416958).
author: Colin Watson <cjwatson@debian.org> 2010-01-01 23:53:30 +0000
committer: Colin Watson <cjwatson@debian.org> 2010-01-01 23:53:30 +0000
commit: df03186a4f9e0c2ece398b5c0571cb6263d7a752 (patch)
tree: 1aab079441dff9615274769b19f2d734ddf508dd /configure
parent: 6ad6994c288662fca6949f42bf91fec2aff00bca (diff)
parent: 99b402ea4c8457b0a3cafff37f5b3410a8dc6476 (diff)
1 files changed, 391 insertions, 8 deletions
diff --git a/configure b/configure
index f4662e922..1fe8a20e9 100755
--- a/configure
+++ b/configure
@@ -1,5 +1,5 @@
 #! /bin/sh
-# From configure.ac Revision: 1.409 .
+# From configure.ac Revision: 1.415 .
 # Guess values for system-dependent variables and create Makefiles.
 # Generated by GNU Autoconf 2.61 for OpenSSH Portable.
 #
@@ -5461,7 +5461,7 @@ rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
        # -fstack-protector-all doesn't always work for some GCC versions
        # and/or platforms, so we test if we can.  If it's not supported
-        # on a give platform gcc will emit a warning so we use -Werror.
+        # on a given platform gcc will emit a warning so we use -Werror.
        if test "x$use_stack_protector" = "x1"; then
            for t in -fstack-protector-all -fstack-protector; do
                { echo "$as_me:$LINENO: checking if $CC supports $t" >&5
@@ -5477,8 +5477,8 @@ cat confdefs.h >>conftest.$ac_ext
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
-#include <stdlib.h>
+#include <stdio.h>
-int main(void){return 0;}
+int main(void){char x[256]; snprintf(x, sizeof(x), "XXX"); return 0;}
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
@@ -5518,8 +5518,8 @@ cat confdefs.h >>conftest.$ac_ext
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
-#include <stdlib.h>
+#include <stdio.h>
-int main(void){exit(0);}
+int main(void){char x[256]; snprintf(x, sizeof(x), "XXX"); return 0;}
 _ACEOF
 rm -f conftest$ac_exeext
@@ -7365,6 +7365,11 @@ _ACEOF
            #include <bsm/audit.h>
+cat >>confdefs.h <<\_ACEOF
+#define LASTLOG_WRITE_PUTUTXLINE 1
+_ACEOF
 fi
        { echo "$as_me:$LINENO: checking if we have the Security Authorization Session API" >&5
@@ -7792,7 +7797,7 @@ _ACEOF
 _ACEOF
        ;;
-*-*-k*bsd*-gnu)
+*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
        check_for_libcrypt_later=1
        cat >>confdefs.h <<\_ACEOF
 #define PAM_TTY_KLUDGE 1
@@ -8885,7 +8890,6 @@ _ACEOF
        ;;
 # UnixWare 7.x, OpenUNIX 8
 *-*-sysv5*)
-        check_for_libcrypt_later=1
 cat >>confdefs.h <<\_ACEOF
 #define UNIXWARE_LONG_PASSWORDS 1
@@ -8923,11 +8927,181 @@ _ACEOF
 #define BROKEN_UPDWTMPX 1
 _ACEOF
+                { echo "$as_me:$LINENO: checking for getluid in -lprot" >&5
+echo $ECHO_N "checking for getluid in -lprot... $ECHO_C" >&6; }
+if test "${ac_cv_lib_prot_getluid+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lprot  $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char getluid ();
+int
+main ()
+{
+return getluid ();
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+         test -z "$ac_c_werror_flag" ||
+         test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
+  ac_cv_lib_prot_getluid=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+        ac_cv_lib_prot_getluid=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+      conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_prot_getluid" >&5
+echo "${ECHO_T}$ac_cv_lib_prot_getluid" >&6; }
+if test $ac_cv_lib_prot_getluid = yes; then
+   LIBS="$LIBS -lprot"
+for ac_func in getluid setluid
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
+#define $ac_func innocuous_$ac_func
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func (); below.
+    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+    <limits.h> exists even on freestanding compilers.  */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+#undef $ac_func
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+int
+main ()
+{
+return $ac_func ();
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+         test -z "$ac_c_werror_flag" ||
+         test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
+  eval "$as_ac_var=yes"
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+        eval "$as_ac_var=no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+      conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+               { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+  cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+fi
+done
+                        cat >>confdefs.h <<\_ACEOF
+#define HAVE_SECUREWARE 1
+_ACEOF
+                        cat >>confdefs.h <<\_ACEOF
+#define DISABLE_SHADOW 1
+_ACEOF
+fi
                ;;
        *)      cat >>confdefs.h <<\_ACEOF
 #define LOCKED_PASSWD_STRING "*LK*"
 _ACEOF
+                check_for_libcrypt_later=1
                ;;
        esac
        ;;
@@ -14916,6 +15090,100 @@ fi
 done
+for ac_func in getlastlogxbyname
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
+#define $ac_func innocuous_$ac_func
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func (); below.
+    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+    <limits.h> exists even on freestanding compilers.  */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+#undef $ac_func
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+int
+main ()
+{
+return $ac_func ();
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+         test -z "$ac_c_werror_flag" ||
+         test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
+  eval "$as_ac_var=yes"
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+        eval "$as_ac_var=no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+      conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+               { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+  cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+fi
+done
 { echo "$as_me:$LINENO: checking for daemon" >&5
 echo $ECHO_N "checking for daemon... $ECHO_C" >&6; }
 if test "${ac_cv_func_daemon+set}" = set; then
@@ -22642,6 +22910,121 @@ cat >>confdefs.h <<\_ACEOF
 #define HAVE_STRUCT_IN6_ADDR 1
 _ACEOF
+        { echo "$as_me:$LINENO: checking for struct sockaddr_in6.sin6_scope_id" >&5
+echo $ECHO_N "checking for struct sockaddr_in6.sin6_scope_id... $ECHO_C" >&6; }
+if test "${ac_cv_member_struct_sockaddr_in6_sin6_scope_id+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#include <netinet/in.h>
+int
+main ()
+{
+static struct sockaddr_in6 ac_aggr;
+if (ac_aggr.sin6_scope_id)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+         test -z "$ac_c_werror_flag" ||
+         test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_member_struct_sockaddr_in6_sin6_scope_id=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+        cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#include <netinet/in.h>
+int
+main ()
+{
+static struct sockaddr_in6 ac_aggr;
+if (sizeof ac_aggr.sin6_scope_id)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+         test -z "$ac_c_werror_flag" ||
+         test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_member_struct_sockaddr_in6_sin6_scope_id=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+        ac_cv_member_struct_sockaddr_in6_sin6_scope_id=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_member_struct_sockaddr_in6_sin6_scope_id" >&5
+echo "${ECHO_T}$ac_cv_member_struct_sockaddr_in6_sin6_scope_id" >&6; }
+if test $ac_cv_member_struct_sockaddr_in6_sin6_scope_id = yes; then
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID 1
+_ACEOF
+fi
 fi
 { echo "$as_me:$LINENO: checking for struct addrinfo" >&5
author	Colin Watson <cjwatson@debian.org>	2010-01-01 23:53:30 +0000
committer	Colin Watson <cjwatson@debian.org>	2010-01-01 23:53:30 +0000
commit	df03186a4f9e0c2ece398b5c0571cb6263d7a752 (patch)
tree	1aab079441dff9615274769b19f2d734ddf508dd /configure
parent	6ad6994c288662fca6949f42bf91fec2aff00bca (diff)
parent	99b402ea4c8457b0a3cafff37f5b3410a8dc6476 (diff)

diff --git a/configure b/configure index f4662e922..1fe8a20e9 100755 --- a/configure +++ b/configure
@@ -1,5 +1,5 @@
1	#! /bin/sh	1	#! /bin/sh
2	# From configure.ac Revision: 1.409 .	2	# From configure.ac Revision: 1.415 .
3	# Guess values for system-dependent variables and create Makefiles.	3	# Guess values for system-dependent variables and create Makefiles.
4	# Generated by GNU Autoconf 2.61 for OpenSSH Portable.	4	# Generated by GNU Autoconf 2.61 for OpenSSH Portable.
5	#	5	#
@@ -5461,7 +5461,7 @@ rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
5461		5461
5462	# -fstack-protector-all doesn't always work for some GCC versions	5462	# -fstack-protector-all doesn't always work for some GCC versions
5463	# and/or platforms, so we test if we can. If it's not supported	5463	# and/or platforms, so we test if we can. If it's not supported
5464	# on a give platform gcc will emit a warning so we use -Werror.	5464	# on a given platform gcc will emit a warning so we use -Werror.
5465	if test "x$use_stack_protector" = "x1"; then	5465	if test "x$use_stack_protector" = "x1"; then
5466	for t in -fstack-protector-all -fstack-protector; do	5466	for t in -fstack-protector-all -fstack-protector; do
5467	{ echo "$as_me:$LINENO: checking if $CC supports $t" >&5	5467	{ echo "$as_me:$LINENO: checking if $CC supports $t" >&5
@@ -5477,8 +5477,8 @@ cat confdefs.h >>conftest.$ac_ext
5477	cat >>conftest.$ac_ext <<_ACEOF	5477	cat >>conftest.$ac_ext <<_ACEOF
5478	/* end confdefs.h. */	5478	/* end confdefs.h. */
5479		5479
5480	#include <stdlib.h>	5480	#include <stdio.h>
5481	int main(void){return 0;}	5481	int main(void){char x[256]; snprintf(x, sizeof(x), "XXX"); return 0;}
5482		5482
5483	_ACEOF	5483	_ACEOF
5484	rm -f conftest.$ac_objext conftest$ac_exeext	5484	rm -f conftest.$ac_objext conftest$ac_exeext
@@ -5518,8 +5518,8 @@ cat confdefs.h >>conftest.$ac_ext
5518	cat >>conftest.$ac_ext <<_ACEOF	5518	cat >>conftest.$ac_ext <<_ACEOF
5519	/* end confdefs.h. */	5519	/* end confdefs.h. */
5520		5520
5521	#include <stdlib.h>	5521	#include <stdio.h>
5522	int main(void){exit(0);}	5522	int main(void){char x[256]; snprintf(x, sizeof(x), "XXX"); return 0;}
5523		5523
5524	_ACEOF	5524	_ACEOF
5525	rm -f conftest$ac_exeext	5525	rm -f conftest$ac_exeext
@@ -7365,6 +7365,11 @@ _ACEOF
7365		7365
7366	#include <bsm/audit.h>	7366	#include <bsm/audit.h>
7367		7367
		7368	cat >>confdefs.h <<\_ACEOF
		7369	#define LASTLOG_WRITE_PUTUTXLINE 1
		7370	_ACEOF
		7371
		7372
7368	fi	7373	fi
7369		7374
7370	{ echo "$as_me:$LINENO: checking if we have the Security Authorization Session API" >&5	7375	{ echo "$as_me:$LINENO: checking if we have the Security Authorization Session API" >&5
@@ -7792,7 +7797,7 @@ _ACEOF
7792	_ACEOF	7797	_ACEOF
7793		7798
7794	;;	7799	;;
7795	--kbsd-gnu)	7800	--kbsd-gnu \| --kopensolaris*-gnu)
7796	check_for_libcrypt_later=1	7801	check_for_libcrypt_later=1
7797	cat >>confdefs.h <<\_ACEOF	7802	cat >>confdefs.h <<\_ACEOF
7798	#define PAM_TTY_KLUDGE 1	7803	#define PAM_TTY_KLUDGE 1
@@ -8885,7 +8890,6 @@ _ACEOF
8885	;;	8890	;;
8886	# UnixWare 7.x, OpenUNIX 8	8891	# UnixWare 7.x, OpenUNIX 8
8887	--sysv5*)	8892	--sysv5*)
8888	check_for_libcrypt_later=1
8889		8893
8890	cat >>confdefs.h <<\_ACEOF	8894	cat >>confdefs.h <<\_ACEOF
8891	#define UNIXWARE_LONG_PASSWORDS 1	8895	#define UNIXWARE_LONG_PASSWORDS 1
@@ -8923,11 +8927,181 @@ _ACEOF
8923	#define BROKEN_UPDWTMPX 1	8927	#define BROKEN_UPDWTMPX 1
8924	_ACEOF	8928	_ACEOF
8925		8929
		8930	{ echo "$as_me:$LINENO: checking for getluid in -lprot" >&5
		8931	echo $ECHO_N "checking for getluid in -lprot... $ECHO_C" >&6; }
		8932	if test "${ac_cv_lib_prot_getluid+set}" = set; then
		8933	echo $ECHO_N "(cached) $ECHO_C" >&6
		8934	else
		8935	ac_check_lib_save_LIBS=$LIBS
		8936	LIBS="-lprot $LIBS"
		8937	cat >conftest.$ac_ext <<_ACEOF
		8938	/* confdefs.h. */
		8939	_ACEOF
		8940	cat confdefs.h >>conftest.$ac_ext
		8941	cat >>conftest.$ac_ext <<_ACEOF
		8942	/* end confdefs.h. */
		8943
		8944	/* Override any GCC internal prototype to avoid an error.
		8945	Use char because int might match the return type of a GCC
		8946	builtin and then its argument prototype would still apply. */
		8947	#ifdef __cplusplus
		8948	extern "C"
		8949	#endif
		8950	char getluid ();
		8951	int
		8952	main ()
		8953	{
		8954	return getluid ();
		8955	;
		8956	return 0;
		8957	}
		8958	_ACEOF
		8959	rm -f conftest.$ac_objext conftest$ac_exeext
		8960	if { (ac_try="$ac_link"
		8961	case "(($ac_try" in
		8962	\" \| \` \| \\) ac_try_echo=\$ac_try;;
		8963	*) ac_try_echo=$ac_try;;
		8964	esac
		8965	eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
		8966	(eval "$ac_link") 2>conftest.er1
		8967	ac_status=$?
		8968	grep -v '^ *+' conftest.er1 >conftest.err
		8969	rm -f conftest.er1
		8970	cat conftest.err >&5
		8971	echo "$as_me:$LINENO: \$? = $ac_status" >&5
		8972	(exit $ac_status); } && {
		8973	test -z "$ac_c_werror_flag" \|\|
		8974	test ! -s conftest.err
		8975	} && test -s conftest$ac_exeext &&
		8976	$as_test_x conftest$ac_exeext; then
		8977	ac_cv_lib_prot_getluid=yes
		8978	else
		8979	echo "$as_me: failed program was:" >&5
		8980	sed 's/^/\| /' conftest.$ac_ext >&5
		8981
		8982	ac_cv_lib_prot_getluid=no
		8983	fi
		8984
		8985	rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
		8986	conftest$ac_exeext conftest.$ac_ext
		8987	LIBS=$ac_check_lib_save_LIBS
		8988	fi
		8989	{ echo "$as_me:$LINENO: result: $ac_cv_lib_prot_getluid" >&5
		8990	echo "${ECHO_T}$ac_cv_lib_prot_getluid" >&6; }
		8991	if test $ac_cv_lib_prot_getluid = yes; then
		8992	LIBS="$LIBS -lprot"
		8993
		8994
		8995	for ac_func in getluid setluid
		8996	do
		8997	as_ac_var=`echo "ac_cv_func_$ac_func" \| $as_tr_sh`
		8998	{ echo "$as_me:$LINENO: checking for $ac_func" >&5
		8999	echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
		9000	if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
		9001	echo $ECHO_N "(cached) $ECHO_C" >&6
		9002	else
		9003	cat >conftest.$ac_ext <<_ACEOF
		9004	/* confdefs.h. */
		9005	_ACEOF
		9006	cat confdefs.h >>conftest.$ac_ext
		9007	cat >>conftest.$ac_ext <<_ACEOF
		9008	/* end confdefs.h. */
		9009	/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
		9010	For example, HP-UX 11i <limits.h> declares gettimeofday. */
		9011	#define $ac_func innocuous_$ac_func
		9012
		9013	/* System header to define __stub macros and hopefully few prototypes,
		9014	which can conflict with char $ac_func (); below.
		9015	Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
		9016	<limits.h> exists even on freestanding compilers. */
		9017
		9018	#ifdef __STDC__
		9019	# include <limits.h>
		9020	#else
		9021	# include <assert.h>
		9022	#endif
		9023
		9024	#undef $ac_func
		9025
		9026	/* Override any GCC internal prototype to avoid an error.
		9027	Use char because int might match the return type of a GCC
		9028	builtin and then its argument prototype would still apply. */
		9029	#ifdef __cplusplus
		9030	extern "C"
		9031	#endif
		9032	char $ac_func ();
		9033	/* The GNU C library defines this for functions which it implements
		9034	to always fail with ENOSYS. Some functions are actually named
		9035	something starting with __ and the normal name is an alias. */
		9036	#if defined __stub_$ac_func \|\| defined __stub___$ac_func
		9037	choke me
		9038	#endif
		9039
		9040	int
		9041	main ()
		9042	{
		9043	return $ac_func ();
		9044	;
		9045	return 0;
		9046	}
		9047	_ACEOF
		9048	rm -f conftest.$ac_objext conftest$ac_exeext
		9049	if { (ac_try="$ac_link"
		9050	case "(($ac_try" in
		9051	\" \| \` \| \\) ac_try_echo=\$ac_try;;
		9052	*) ac_try_echo=$ac_try;;
		9053	esac
		9054	eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
		9055	(eval "$ac_link") 2>conftest.er1
		9056	ac_status=$?
		9057	grep -v '^ *+' conftest.er1 >conftest.err
		9058	rm -f conftest.er1
		9059	cat conftest.err >&5
		9060	echo "$as_me:$LINENO: \$? = $ac_status" >&5
		9061	(exit $ac_status); } && {
		9062	test -z "$ac_c_werror_flag" \|\|
		9063	test ! -s conftest.err
		9064	} && test -s conftest$ac_exeext &&
		9065	$as_test_x conftest$ac_exeext; then
		9066	eval "$as_ac_var=yes"
		9067	else
		9068	echo "$as_me: failed program was:" >&5
		9069	sed 's/^/\| /' conftest.$ac_ext >&5
		9070
		9071	eval "$as_ac_var=no"
		9072	fi
		9073
		9074	rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
		9075	conftest$ac_exeext conftest.$ac_ext
		9076	fi
		9077	ac_res=`eval echo '${'$as_ac_var'}'`
		9078	{ echo "$as_me:$LINENO: result: $ac_res" >&5
		9079	echo "${ECHO_T}$ac_res" >&6; }
		9080	if test `eval echo '${'$as_ac_var'}'` = yes; then
		9081	cat >>confdefs.h <<_ACEOF
		9082	#define `echo "HAVE_$ac_func" \| $as_tr_cpp` 1
		9083	_ACEOF
		9084
		9085	fi
		9086	done
		9087
		9088	cat >>confdefs.h <<\_ACEOF
		9089	#define HAVE_SECUREWARE 1
		9090	_ACEOF
		9091
		9092	cat >>confdefs.h <<\_ACEOF
		9093	#define DISABLE_SHADOW 1
		9094	_ACEOF
		9095
		9096
		9097	fi
		9098
8926	;;	9099	;;
8927	*) cat >>confdefs.h <<\_ACEOF	9100	*) cat >>confdefs.h <<\_ACEOF
8928	#define LOCKED_PASSWD_STRING "LK"	9101	#define LOCKED_PASSWD_STRING "LK"
8929	_ACEOF	9102	_ACEOF
8930		9103
		9104	check_for_libcrypt_later=1
8931	;;	9105	;;
8932	esac	9106	esac
8933	;;	9107	;;
@@ -14916,6 +15090,100 @@ fi
14916	done	15090	done
14917		15091
14918		15092
		15093	for ac_func in getlastlogxbyname
		15094	do
		15095	as_ac_var=`echo "ac_cv_func_$ac_func" \| $as_tr_sh`
		15096	{ echo "$as_me:$LINENO: checking for $ac_func" >&5
		15097	echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
		15098	if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
		15099	echo $ECHO_N "(cached) $ECHO_C" >&6
		15100	else
		15101	cat >conftest.$ac_ext <<_ACEOF
		15102	/* confdefs.h. */
		15103	_ACEOF
		15104	cat confdefs.h >>conftest.$ac_ext
		15105	cat >>conftest.$ac_ext <<_ACEOF
		15106	/* end confdefs.h. */
		15107	/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
		15108	For example, HP-UX 11i <limits.h> declares gettimeofday. */
		15109	#define $ac_func innocuous_$ac_func
		15110
		15111	/* System header to define __stub macros and hopefully few prototypes,
		15112	which can conflict with char $ac_func (); below.
		15113	Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
		15114	<limits.h> exists even on freestanding compilers. */
		15115
		15116	#ifdef __STDC__
		15117	# include <limits.h>
		15118	#else
		15119	# include <assert.h>
		15120	#endif
		15121
		15122	#undef $ac_func
		15123
		15124	/* Override any GCC internal prototype to avoid an error.
		15125	Use char because int might match the return type of a GCC
		15126	builtin and then its argument prototype would still apply. */
		15127	#ifdef __cplusplus
		15128	extern "C"
		15129	#endif
		15130	char $ac_func ();
		15131	/* The GNU C library defines this for functions which it implements
		15132	to always fail with ENOSYS. Some functions are actually named
		15133	something starting with __ and the normal name is an alias. */
		15134	#if defined __stub_$ac_func \|\| defined __stub___$ac_func
		15135	choke me
		15136	#endif
		15137
		15138	int
		15139	main ()
		15140	{
		15141	return $ac_func ();
		15142	;
		15143	return 0;
		15144	}
		15145	_ACEOF
		15146	rm -f conftest.$ac_objext conftest$ac_exeext
		15147	if { (ac_try="$ac_link"
		15148	case "(($ac_try" in
		15149	\" \| \` \| \\) ac_try_echo=\$ac_try;;
		15150	*) ac_try_echo=$ac_try;;
		15151	esac
		15152	eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
		15153	(eval "$ac_link") 2>conftest.er1
		15154	ac_status=$?
		15155	grep -v '^ *+' conftest.er1 >conftest.err
		15156	rm -f conftest.er1
		15157	cat conftest.err >&5
		15158	echo "$as_me:$LINENO: \$? = $ac_status" >&5
		15159	(exit $ac_status); } && {
		15160	test -z "$ac_c_werror_flag" \|\|
		15161	test ! -s conftest.err
		15162	} && test -s conftest$ac_exeext &&
		15163	$as_test_x conftest$ac_exeext; then
		15164	eval "$as_ac_var=yes"
		15165	else
		15166	echo "$as_me: failed program was:" >&5
		15167	sed 's/^/\| /' conftest.$ac_ext >&5
		15168
		15169	eval "$as_ac_var=no"
		15170	fi
		15171
		15172	rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
		15173	conftest$ac_exeext conftest.$ac_ext
		15174	fi
		15175	ac_res=`eval echo '${'$as_ac_var'}'`
		15176	{ echo "$as_me:$LINENO: result: $ac_res" >&5
		15177	echo "${ECHO_T}$ac_res" >&6; }
		15178	if test `eval echo '${'$as_ac_var'}'` = yes; then
		15179	cat >>confdefs.h <<_ACEOF
		15180	#define `echo "HAVE_$ac_func" \| $as_tr_cpp` 1
		15181	_ACEOF
		15182
		15183	fi
		15184	done
		15185
		15186
14919	{ echo "$as_me:$LINENO: checking for daemon" >&5	15187	{ echo "$as_me:$LINENO: checking for daemon" >&5
14920	echo $ECHO_N "checking for daemon... $ECHO_C" >&6; }	15188	echo $ECHO_N "checking for daemon... $ECHO_C" >&6; }
14921	if test "${ac_cv_func_daemon+set}" = set; then	15189	if test "${ac_cv_func_daemon+set}" = set; then
@@ -22642,6 +22910,121 @@ cat >>confdefs.h <<\_ACEOF
22642	#define HAVE_STRUCT_IN6_ADDR 1	22910	#define HAVE_STRUCT_IN6_ADDR 1
22643	_ACEOF	22911	_ACEOF
22644		22912
		22913
		22914	{ echo "$as_me:$LINENO: checking for struct sockaddr_in6.sin6_scope_id" >&5
		22915	echo $ECHO_N "checking for struct sockaddr_in6.sin6_scope_id... $ECHO_C" >&6; }
		22916	if test "${ac_cv_member_struct_sockaddr_in6_sin6_scope_id+set}" = set; then
		22917	echo $ECHO_N "(cached) $ECHO_C" >&6
		22918	else
		22919	cat >conftest.$ac_ext <<_ACEOF
		22920	/* confdefs.h. */
		22921	_ACEOF
		22922	cat confdefs.h >>conftest.$ac_ext
		22923	cat >>conftest.$ac_ext <<_ACEOF
		22924	/* end confdefs.h. */
		22925
		22926	#ifdef HAVE_SYS_TYPES_H
		22927	#include <sys/types.h>
		22928	#endif
		22929	#include <netinet/in.h>
		22930
		22931
		22932	int
		22933	main ()
		22934	{
		22935	static struct sockaddr_in6 ac_aggr;
		22936	if (ac_aggr.sin6_scope_id)
		22937	return 0;
		22938	;
		22939	return 0;
		22940	}
		22941	_ACEOF
		22942	rm -f conftest.$ac_objext
		22943	if { (ac_try="$ac_compile"
		22944	case "(($ac_try" in
		22945	\" \| \` \| \\) ac_try_echo=\$ac_try;;
		22946	*) ac_try_echo=$ac_try;;
		22947	esac
		22948	eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
		22949	(eval "$ac_compile") 2>conftest.er1
		22950	ac_status=$?
		22951	grep -v '^ *+' conftest.er1 >conftest.err
		22952	rm -f conftest.er1
		22953	cat conftest.err >&5
		22954	echo "$as_me:$LINENO: \$? = $ac_status" >&5
		22955	(exit $ac_status); } && {
		22956	test -z "$ac_c_werror_flag" \|\|
		22957	test ! -s conftest.err
		22958	} && test -s conftest.$ac_objext; then
		22959	ac_cv_member_struct_sockaddr_in6_sin6_scope_id=yes
		22960	else
		22961	echo "$as_me: failed program was:" >&5
		22962	sed 's/^/\| /' conftest.$ac_ext >&5
		22963
		22964	cat >conftest.$ac_ext <<_ACEOF
		22965	/* confdefs.h. */
		22966	_ACEOF
		22967	cat confdefs.h >>conftest.$ac_ext
		22968	cat >>conftest.$ac_ext <<_ACEOF
		22969	/* end confdefs.h. */
		22970
		22971	#ifdef HAVE_SYS_TYPES_H
		22972	#include <sys/types.h>
		22973	#endif
		22974	#include <netinet/in.h>
		22975
		22976
		22977	int
		22978	main ()
		22979	{
		22980	static struct sockaddr_in6 ac_aggr;
		22981	if (sizeof ac_aggr.sin6_scope_id)
		22982	return 0;
		22983	;
		22984	return 0;
		22985	}
		22986	_ACEOF
		22987	rm -f conftest.$ac_objext
		22988	if { (ac_try="$ac_compile"
		22989	case "(($ac_try" in
		22990	\" \| \` \| \\) ac_try_echo=\$ac_try;;
		22991	*) ac_try_echo=$ac_try;;
		22992	esac
		22993	eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
		22994	(eval "$ac_compile") 2>conftest.er1
		22995	ac_status=$?
		22996	grep -v '^ *+' conftest.er1 >conftest.err
		22997	rm -f conftest.er1
		22998	cat conftest.err >&5
		22999	echo "$as_me:$LINENO: \$? = $ac_status" >&5
		23000	(exit $ac_status); } && {
		23001	test -z "$ac_c_werror_flag" \|\|
		23002	test ! -s conftest.err
		23003	} && test -s conftest.$ac_objext; then
		23004	ac_cv_member_struct_sockaddr_in6_sin6_scope_id=yes
		23005	else
		23006	echo "$as_me: failed program was:" >&5
		23007	sed 's/^/\| /' conftest.$ac_ext >&5
		23008
		23009	ac_cv_member_struct_sockaddr_in6_sin6_scope_id=no
		23010	fi
		23011
		23012	rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
		23013	fi
		23014
		23015	rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
		23016	fi
		23017	{ echo "$as_me:$LINENO: result: $ac_cv_member_struct_sockaddr_in6_sin6_scope_id" >&5
		23018	echo "${ECHO_T}$ac_cv_member_struct_sockaddr_in6_sin6_scope_id" >&6; }
		23019	if test $ac_cv_member_struct_sockaddr_in6_sin6_scope_id = yes; then
		23020
		23021	cat >>confdefs.h <<_ACEOF
		23022	#define HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID 1
		23023	_ACEOF
		23024
		23025
		23026	fi
		23027
22645	fi	23028	fi
22646		23029
22647	{ echo "$as_me:$LINENO: checking for struct addrinfo" >&5	23030	{ echo "$as_me:$LINENO: checking for struct addrinfo" >&5