Date: Wed, 29 Aug 2012 15:55:55 +0000 (UTC) From: Dag-Erling Smørgrav <des@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r239849 - in vendor-crypto/openssh/dist: . contrib contrib/caldera contrib/cygwin contrib/redhat contrib/suse openbsd-compat regress Message-ID: <201208291555.q7TFttHv072129@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: des Date: Wed Aug 29 15:55:54 2012 New Revision: 239849 URL: http://svn.freebsd.org/changeset/base/239849 Log: Vendor import of OpenSSH 6.1p1. Modified: vendor-crypto/openssh/dist/ChangeLog vendor-crypto/openssh/dist/PROTOCOL.certkeys vendor-crypto/openssh/dist/PROTOCOL.mux vendor-crypto/openssh/dist/README vendor-crypto/openssh/dist/addrmatch.c vendor-crypto/openssh/dist/auth-krb5.c vendor-crypto/openssh/dist/auth-passwd.c vendor-crypto/openssh/dist/auth.c vendor-crypto/openssh/dist/channels.c vendor-crypto/openssh/dist/channels.h vendor-crypto/openssh/dist/clientloop.c vendor-crypto/openssh/dist/config.h.in vendor-crypto/openssh/dist/configure vendor-crypto/openssh/dist/configure.ac vendor-crypto/openssh/dist/contrib/Makefile vendor-crypto/openssh/dist/contrib/caldera/openssh.spec vendor-crypto/openssh/dist/contrib/cygwin/ssh-host-config vendor-crypto/openssh/dist/contrib/redhat/openssh.spec vendor-crypto/openssh/dist/contrib/suse/openssh.spec vendor-crypto/openssh/dist/dns.c vendor-crypto/openssh/dist/dns.h vendor-crypto/openssh/dist/jpake.c vendor-crypto/openssh/dist/key.c vendor-crypto/openssh/dist/key.h vendor-crypto/openssh/dist/mac.c vendor-crypto/openssh/dist/moduli vendor-crypto/openssh/dist/moduli.0 vendor-crypto/openssh/dist/moduli.c vendor-crypto/openssh/dist/monitor.c vendor-crypto/openssh/dist/mux.c vendor-crypto/openssh/dist/myproposal.h vendor-crypto/openssh/dist/openbsd-compat/bsd-cygwin_util.h vendor-crypto/openssh/dist/openbsd-compat/bsd-misc.h vendor-crypto/openssh/dist/openbsd-compat/getrrsetbyname-ldns.c vendor-crypto/openssh/dist/regress/addrmatch.sh vendor-crypto/openssh/dist/regress/cipher-speed.sh vendor-crypto/openssh/dist/regress/connect-privsep.sh vendor-crypto/openssh/dist/regress/forwarding.sh vendor-crypto/openssh/dist/regress/multiplex.sh vendor-crypto/openssh/dist/regress/reexec.sh vendor-crypto/openssh/dist/regress/sftp-cmds.sh vendor-crypto/openssh/dist/regress/test-exec.sh vendor-crypto/openssh/dist/regress/try-ciphers.sh vendor-crypto/openssh/dist/sandbox-rlimit.c vendor-crypto/openssh/dist/sandbox-seccomp-filter.c vendor-crypto/openssh/dist/sandbox-systrace.c vendor-crypto/openssh/dist/scp.0 vendor-crypto/openssh/dist/servconf.c vendor-crypto/openssh/dist/servconf.h vendor-crypto/openssh/dist/serverloop.c vendor-crypto/openssh/dist/session.c vendor-crypto/openssh/dist/sftp-client.c vendor-crypto/openssh/dist/sftp-server.0 vendor-crypto/openssh/dist/sftp.0 vendor-crypto/openssh/dist/sftp.c vendor-crypto/openssh/dist/ssh-add.0 vendor-crypto/openssh/dist/ssh-agent.0 vendor-crypto/openssh/dist/ssh-keygen.0 vendor-crypto/openssh/dist/ssh-keygen.1 vendor-crypto/openssh/dist/ssh-keygen.c vendor-crypto/openssh/dist/ssh-keyscan.0 vendor-crypto/openssh/dist/ssh-keyscan.1 vendor-crypto/openssh/dist/ssh-keyscan.c vendor-crypto/openssh/dist/ssh-keysign.0 vendor-crypto/openssh/dist/ssh-pkcs11-helper.0 vendor-crypto/openssh/dist/ssh-pkcs11-helper.c vendor-crypto/openssh/dist/ssh.0 vendor-crypto/openssh/dist/ssh.1 vendor-crypto/openssh/dist/ssh.c vendor-crypto/openssh/dist/ssh_config.0 vendor-crypto/openssh/dist/ssh_config.5 vendor-crypto/openssh/dist/sshconnect2.c vendor-crypto/openssh/dist/sshd.0 vendor-crypto/openssh/dist/sshd.8 vendor-crypto/openssh/dist/sshd.c vendor-crypto/openssh/dist/sshd_config vendor-crypto/openssh/dist/sshd_config.0 vendor-crypto/openssh/dist/sshd_config.5 vendor-crypto/openssh/dist/version.h Modified: vendor-crypto/openssh/dist/ChangeLog ============================================================================== --- vendor-crypto/openssh/dist/ChangeLog Wed Aug 29 15:53:27 2012 (r239848) +++ vendor-crypto/openssh/dist/ChangeLog Wed Aug 29 15:55:54 2012 (r239849) @@ -1,3 +1,298 @@ +20120828 + - (djm) Release openssh-6.1 + +20120828 + - (dtucker) [openbsd-compat/bsd-cygwin_util.h] define WIN32_LEAN_AND_MEAN + for compatibility with future mingw-w64 headers. Patch from vinschen at + redhat com. + +20120822 + - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] + [contrib/suse/openssh.spec] Update version numbers + +20120731 + - (djm) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2012/07/06 06:38:03 + [ssh-keygen.c] + missing full stop in usage(); + - djm@cvs.openbsd.org 2012/07/10 02:19:15 + [servconf.c servconf.h sshd.c sshd_config] + Turn on systrace sandboxing of pre-auth sshd by default for new installs + by shipping a config that overrides the current UsePrivilegeSeparation=yes + default. Make it easier to flip the default in the future by adding too. + prodded markus@ feedback dtucker@ "get it in" deraadt@ + - dtucker@cvs.openbsd.org 2012/07/13 01:35:21 + [servconf.c] + handle long comments in config files better. bz#2025, ok markus + - markus@cvs.openbsd.org 2012/07/22 18:19:21 + [version.h] + openssh 6.1 + +20120720 + - (dtucker) Import regened moduli file. + +20120706 + - (djm) [sandbox-seccomp-filter.c] fallback to rlimit if seccomp filter is + not available. Allows use of sshd compiled on host with a filter-capable + kernel on hosts that lack the support. bz#2011 ok dtucker@ + - (djm) [configure.ac] Recursively expand $(bindir) to ensure it has no + unexpanded $(prefix) embedded. bz#2007 patch from nix-corp AT + esperi.org.uk; ok dtucker@ +- (djm) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2012/07/06 00:41:59 + [moduli.c ssh-keygen.1 ssh-keygen.c] + Add options to specify starting line number and number of lines to process + when screening moduli candidates. This allows processing of different + parts of a candidate moduli file in parallel. man page help jmc@, ok djm@ + - djm@cvs.openbsd.org 2012/07/06 01:37:21 + [mux.c] + fix memory leak of passed-in environment variables and connection + context when new session message is malformed; bz#2003 from Bert.Wesarg + AT googlemail.com + - djm@cvs.openbsd.org 2012/07/06 01:47:38 + [ssh.c] + move setting of tty_flag to after config parsing so RequestTTY options + are correctly picked up. bz#1995 patch from przemoc AT gmail.com; + ok dtucker@ + +20120704 + - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] Add setlinebuf for + platforms that don't have it. "looks good" tim@ + +20120703 + - (dtucker) [configure.ac] Detect platforms that can't use select(2) with + setrlimit(RLIMIT_NOFILE, rl_zero) and disable the rlimit sandbox on those. + - (dtucker) [configure.ac sandbox-rlimit.c] Test whether or not + setrlimit(RLIMIT_FSIZE, rl_zero) and skip it if it's not supported. Its + benefit is minor, so it's not worth disabling the sandbox if it doesn't + work. + +20120702 +- (dtucker) OpenBSD CVS Sync + - naddy@cvs.openbsd.org 2012/06/29 13:57:25 + [ssh_config.5 sshd_config.5] + match the documented MAC order of preference to the actual one; + ok dtucker@ + - markus@cvs.openbsd.org 2012/06/30 14:35:09 + [sandbox-systrace.c sshd.c] + fix a during the load of the sandbox policies (child can still make + the read-syscall and wait forever for systrace-answers) by replacing + the read/write synchronisation with SIGSTOP/SIGCONT; + report and help hshoexer@; ok djm@, dtucker@ + - dtucker@cvs.openbsd.org 2012/07/02 08:50:03 + [ssh.c] + set interactive ToS for forwarded X11 sessions. ok djm@ + - dtucker@cvs.openbsd.org 2012/07/02 12:13:26 + [ssh-pkcs11-helper.c sftp-client.c] + fix a couple of "assigned but not used" warnings. ok markus@ + - dtucker@cvs.openbsd.org 2012/07/02 14:37:06 + [regress/connect-privsep.sh] + remove exit from end of test since it prevents reporting failure + - (dtucker) [regress/reexec.sh regress/sftp-cmds.sh regress/test-exec.sh] + Move cygwin detection to test-exec and use to skip reexec test on cygwin. + - (dtucker) [regress/test-exec.sh] Correct uname for cygwin/w2k. + +20120629 + - OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2012/06/21 00:16:07 + [addrmatch.c] + fix strlcpy truncation check. from carsten at debian org, ok markus + - dtucker@cvs.openbsd.org 2012/06/22 12:30:26 + [monitor.c sshconnect2.c] + remove dead code following 'for (;;)' loops. + From Steve.McClellan at radisys com, ok markus@ + - dtucker@cvs.openbsd.org 2012/06/22 14:36:33 + [sftp.c] + Remove unused variable leftover from tab-completion changes. + From Steve.McClellan at radisys com, ok markus@ + - dtucker@cvs.openbsd.org 2012/06/26 11:02:30 + [sandbox-systrace.c] + Add mquery to the list of allowed syscalls for "UsePrivilegeSeparation + sandbox" since malloc now uses it. From johnw.mail at gmail com. + - dtucker@cvs.openbsd.org 2012/06/28 05:07:45 + [mac.c myproposal.h ssh_config.5 sshd_config.5] + Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed + from draft6 of the spec and will not be in the RFC when published. Patch + from mdb at juniper net via bz#2023, ok markus. + - naddy@cvs.openbsd.org 2012/06/29 13:57:25 + [ssh_config.5 sshd_config.5] + match the documented MAC order of preference to the actual one; ok dtucker@ + - dtucker@cvs.openbsd.org 2012/05/13 01:42:32 + [regress/addrmatch.sh] + Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests + to match. Feedback and ok djm@ markus@. + - djm@cvs.openbsd.org 2012/06/01 00:47:35 + [regress/multiplex.sh regress/forwarding.sh] + append to rather than truncate test log; bz#2013 from openssh AT + roumenpetrov.info + - djm@cvs.openbsd.org 2012/06/01 00:52:52 + [regress/sftp-cmds.sh] + don't delete .* on cleanup due to unintended env expansion; pointed out in + bz#2014 by openssh AT roumenpetrov.info + - dtucker@cvs.openbsd.org 2012/06/26 12:06:59 + [regress/connect-privsep.sh] + test sandbox with every malloc option + - dtucker@cvs.openbsd.org 2012/06/28 05:07:45 + [regress/try-ciphers.sh regress/cipher-speed.sh] + Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed + from draft6 of the spec and will not be in the RFC when published. Patch + from mdb at juniper net via bz#2023, ok markus. + - (dtucker) [myproposal.h] Remove trailing backslash to fix compile error. + - (dtucker) [key.c] ifdef out sha256 key types on platforms that don't have + the required functions in libcrypto. + +20120628 + - (dtucker) [openbsd-compat/getrrsetbyname-ldns.c] bz #2022: prevent null + pointer deref in the client when built with LDNS and using DNSSEC with a + CNAME. Patch from gregdlg+mr at hochet info. + +20120622 + - (dtucker) [contrib/cygwin/ssh-host-config] Ensure that user sshd runs as + can logon as a service. Patch from vinschen at redhat com. + +20120620 + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2011/12/02 00:41:56 + [mux.c] + fix bz#1948: ssh -f doesn't fork for multiplexed connection. + ok dtucker@ + - djm@cvs.openbsd.org 2011/12/04 23:16:12 + [mux.c] + revert: + > revision 1.32 + > date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1 + > fix bz#1948: ssh -f doesn't fork for multiplexed connection. + > ok dtucker@ + it interacts badly with ControlPersist + - djm@cvs.openbsd.org 2012/01/07 21:11:36 + [mux.c] + fix double-free in new session handler + NB. Id sync only + - djm@cvs.openbsd.org 2012/05/23 03:28:28 + [dns.c dns.h key.c key.h ssh-keygen.c] + add support for RFC6594 SSHFP DNS records for ECDSA key types. + patch from bugzilla-m67 AT nulld.me in bz#1978; ok + tweak markus@ + - djm@cvs.openbsd.org 2012/06/01 00:49:35 + [PROTOCOL.mux] + correct types of port numbers (integers, not strings); bz#2004 from + bert.wesarg AT googlemail.com + - djm@cvs.openbsd.org 2012/06/01 01:01:22 + [mux.c] + fix memory leak when mux socket creation fails; bz#2002 from bert.wesarg + AT googlemail.com + - dtucker@cvs.openbsd.org 2012/06/18 11:43:53 + [jpake.c] + correct sizeof usage. patch from saw at online.de, ok deraadt + - dtucker@cvs.openbsd.org 2012/06/18 11:49:58 + [ssh_config.5] + RSA instead of DSA twice. From Steve.McClellan at radisys com + - dtucker@cvs.openbsd.org 2012/06/18 12:07:07 + [ssh.1 sshd.8] + Remove mention of 'three' key files since there are now four. From + Steve.McClellan at radisys com. + - dtucker@cvs.openbsd.org 2012/06/18 12:17:18 + [ssh.1] + Clarify description of -W. Noted by Steve.McClellan at radisys com, + ok jmc + - markus@cvs.openbsd.org 2012/06/19 18:25:28 + [servconf.c servconf.h sshd_config.5] + sshd_config: extend Match to allow AcceptEnv and {Allow,Deny}{Users,Groups} + this allows 'Match LocalPort 1022' combined with 'AllowUser bauer' + ok djm@ (back in March) + - jmc@cvs.openbsd.org 2012/06/19 21:35:54 + [sshd_config.5] + tweak previous; ok markus + - djm@cvs.openbsd.org 2012/06/20 04:42:58 + [clientloop.c serverloop.c] + initialise accept() backoff timer to avoid EINVAL from select(2) in + rekeying + +20120519 + - (dtucker) [configure.ac] bz#2010: fix non-portable shell construct. Patch + from cjwatson at debian org. + - (dtucker) [configure.ac contrib/Makefile] bz#1996: use AC_PATH_TOOL to find + pkg-config so it does the right thing when cross-compiling. Patch from + cjwatson at debian org. +- (dtucker) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2012/05/13 01:42:32 + [servconf.h servconf.c sshd.8 sshd.c auth.c sshd_config.5] + Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests + to match. Feedback and ok djm@ markus@. + - dtucker@cvs.openbsd.org 2012/05/19 06:30:30 + [sshd_config.5] + Document PermitOpen none. bz#2001, patch from Loganaden Velvindron + +20120504 + - (dtucker) [configure.ac] Include <sys/param.h> rather than <sys/types.h> + to fix building on some plaforms. Fom bowman at math utah edu and + des at des no. + +20120427 + - (dtucker) [regress/addrmatch.sh] skip tests when running on a non-ipv6 + platform rather than exiting early, so that we still clean up and return + success or failure to test-exec.sh + +20120426 + - (djm) [auth-passwd.c] Handle crypt() returning NULL; from Paul Wouters + via Niels + - (djm) [auth-krb5.c] Save errno across calls that might modify it; + ok dtucker@ + +20120423 + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2012/04/23 08:18:17 + [channels.c] + fix function proto/source mismatch + +20120422 + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2012/02/29 11:21:26 + [ssh-keygen.c] + allow conversion of RSA1 keys to public PEM and PKCS8; "nice" markus@ + - guenther@cvs.openbsd.org 2012/03/15 03:10:27 + [session.c] + root should always be excluded from the test for /etc/nologin instead + of having it always enforced even when marked as ignorenologin. This + regressed when the logic was incompletely flipped around in rev 1.251 + ok halex@ millert@ + - djm@cvs.openbsd.org 2012/03/28 07:23:22 + [PROTOCOL.certkeys] + explain certificate extensions/crit split rationale. Mention requirement + that each appear at most once per cert. + - dtucker@cvs.openbsd.org 2012/03/29 23:54:36 + [channels.c channels.h servconf.c] + Add PermitOpen none option based on patch from Loganaden Velvindron + (bz #1949). ok djm@ + - djm@cvs.openbsd.org 2012/04/11 13:16:19 + [channels.c channels.h clientloop.c serverloop.c] + don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a + while; ok deraadt@ markus@ + - djm@cvs.openbsd.org 2012/04/11 13:17:54 + [auth.c] + Support "none" as an argument for AuthorizedPrincipalsFile to indicate + no file should be read. + - djm@cvs.openbsd.org 2012/04/11 13:26:40 + [sshd.c] + don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a + while; ok deraadt@ markus@ + - djm@cvs.openbsd.org 2012/04/11 13:34:17 + [ssh-keyscan.1 ssh-keyscan.c] + now that sshd defaults to offering ECDSA keys, ssh-keyscan should also + look for them by default; bz#1971 + - djm@cvs.openbsd.org 2012/04/12 02:42:32 + [servconf.c servconf.h sshd.c sshd_config sshd_config.5] + VersionAddendum option to allow server operators to append some arbitrary + text to the SSH-... banner; ok deraadt@ "don't care" markus@ + - djm@cvs.openbsd.org 2012/04/12 02:43:55 + [sshd_config sshd_config.5] + mention AuthorizedPrincipalsFile=none default + - djm@cvs.openbsd.org 2012/04/20 03:24:23 + [sftp.c] + setlinebuf(3) is more readable than setvbuf(.., _IOLBF, ...) + - jmc@cvs.openbsd.org 2012/04/20 16:26:22 + [ssh.1] + use "brackets" instead of "braces", for consistency; + 20120420 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] [contrib/suse/openssh.spec] Update for release 6.0 Modified: vendor-crypto/openssh/dist/PROTOCOL.certkeys ============================================================================== --- vendor-crypto/openssh/dist/PROTOCOL.certkeys Wed Aug 29 15:53:27 2012 (r239848) +++ vendor-crypto/openssh/dist/PROTOCOL.certkeys Wed Aug 29 15:55:54 2012 (r239849) @@ -162,6 +162,13 @@ extensions is a set of zero or more opti are not critical, and an implementation that encounters one that it does not recognise may safely ignore it. +Generally, critical options are used to control features that restrict +access where extensions are used to enable features that grant access. +This ensures that certificates containing unknown restrictions do not +inadvertently grant access while allowing new protocol features to be +enabled via extensions without breaking certificates' backwards +compatibility. + The reserved field is currently unused and is ignored in this version of the protocol. @@ -189,7 +196,7 @@ is a sequence of zero or more tuples: string data Options must be lexically ordered by "name" if they appear in the -sequence. +sequence. Each named option may only appear once in a certificate. The name field identifies the option and the data field encodes option-specific information (see below). All options are @@ -220,7 +227,9 @@ Extensions The extensions section of the certificate specifies zero or more non-critical certificate extensions. The encoding and ordering of -extensions in this field is identical to that of the critical options. +extensions in this field is identical to that of the critical options, +as is the requirement that each name appear only once. + If an implementation does not recognise an extension, then it should ignore it. @@ -253,4 +262,4 @@ permit-user-rc empty Fl of this script will not be permitted if this option is not present. -$OpenBSD: PROTOCOL.certkeys,v 1.8 2010/08/31 11:54:45 djm Exp $ +$OpenBSD: PROTOCOL.certkeys,v 1.9 2012/03/28 07:23:22 djm Exp $ Modified: vendor-crypto/openssh/dist/PROTOCOL.mux ============================================================================== --- vendor-crypto/openssh/dist/PROTOCOL.mux Wed Aug 29 15:53:27 2012 (r239848) +++ vendor-crypto/openssh/dist/PROTOCOL.mux Wed Aug 29 15:55:54 2012 (r239849) @@ -110,9 +110,9 @@ A client may request the master to estab uint32 request id uint32 forwarding type string listen host - string listen port + uint32 listen port string connect host - string connect port + uint32 connect port forwarding type may be MUX_FWD_LOCAL, MUX_FWD_REMOTE, MUX_FWD_DYNAMIC. @@ -135,9 +135,9 @@ A client may request the master to close uint32 request id uint32 forwarding type string listen host - string listen port + uint32 listen port string connect host - string connect port + uint32 connect port A server may reply with a MUX_S_OK, a MUX_S_PERMISSION_DENIED or a MUX_S_FAILURE. @@ -219,4 +219,4 @@ XXX inject packet (what about replies) XXX server->client error/warning notifications XXX send signals via mux -$OpenBSD: PROTOCOL.mux,v 1.8 2011/09/09 00:44:07 djm Exp $ +$OpenBSD: PROTOCOL.mux,v 1.9 2012/06/01 00:49:35 djm Exp $ Modified: vendor-crypto/openssh/dist/README ============================================================================== --- vendor-crypto/openssh/dist/README Wed Aug 29 15:53:27 2012 (r239848) +++ vendor-crypto/openssh/dist/README Wed Aug 29 15:55:54 2012 (r239849) @@ -1,4 +1,4 @@ -See http://www.openssh.com/txt/release-6.0 for the release notes. +See http://www.openssh.com/txt/release-6.1 for the release notes. - A Japanese translation of this document and of the OpenSSH FAQ is - available at http://www.unixuser.org/~haruyama/security/openssh/index.html @@ -62,4 +62,4 @@ References - [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 [7] http://www.openssh.com/faq.html -$Id: README,v 1.80 2012/04/20 04:11:04 djm Exp $ +$Id: README,v 1.81 2012/08/22 11:57:13 djm Exp $ Modified: vendor-crypto/openssh/dist/addrmatch.c ============================================================================== --- vendor-crypto/openssh/dist/addrmatch.c Wed Aug 29 15:53:27 2012 (r239848) +++ vendor-crypto/openssh/dist/addrmatch.c Wed Aug 29 15:55:54 2012 (r239849) @@ -1,4 +1,4 @@ -/* $OpenBSD: addrmatch.c,v 1.5 2010/02/26 20:29:54 djm Exp $ */ +/* $OpenBSD: addrmatch.c,v 1.6 2012/06/21 00:16:07 dtucker Exp $ */ /* * Copyright (c) 2004-2008 Damien Miller <djm@mindrot.org> @@ -318,7 +318,7 @@ addr_pton_cidr(const char *p, struct xad char addrbuf[64], *mp, *cp; /* Don't modify argument */ - if (p == NULL || strlcpy(addrbuf, p, sizeof(addrbuf)) > sizeof(addrbuf)) + if (p == NULL || strlcpy(addrbuf, p, sizeof(addrbuf)) >= sizeof(addrbuf)) return -1; if ((mp = strchr(addrbuf, '/')) != NULL) { Modified: vendor-crypto/openssh/dist/auth-krb5.c ============================================================================== --- vendor-crypto/openssh/dist/auth-krb5.c Wed Aug 29 15:53:27 2012 (r239848) +++ vendor-crypto/openssh/dist/auth-krb5.c Wed Aug 29 15:55:54 2012 (r239849) @@ -226,7 +226,7 @@ krb5_cleanup_proc(Authctxt *authctxt) #ifndef HEIMDAL krb5_error_code ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) { - int tmpfd, ret; + int tmpfd, ret, oerrno; char ccname[40]; mode_t old_umask; @@ -237,16 +237,18 @@ ssh_krb5_cc_gen(krb5_context ctx, krb5_c old_umask = umask(0177); tmpfd = mkstemp(ccname + strlen("FILE:")); + oerrno = errno; umask(old_umask); if (tmpfd == -1) { - logit("mkstemp(): %.100s", strerror(errno)); - return errno; + logit("mkstemp(): %.100s", strerror(oerrno)); + return oerrno; } if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) { - logit("fchmod(): %.100s", strerror(errno)); + oerrno = errno; + logit("fchmod(): %.100s", strerror(oerrno)); close(tmpfd); - return errno; + return oerrno; } close(tmpfd); Modified: vendor-crypto/openssh/dist/auth-passwd.c ============================================================================== --- vendor-crypto/openssh/dist/auth-passwd.c Wed Aug 29 15:53:27 2012 (r239848) +++ vendor-crypto/openssh/dist/auth-passwd.c Wed Aug 29 15:55:54 2012 (r239849) @@ -209,6 +209,7 @@ sys_auth_passwd(Authctxt *authctxt, cons * Authentication is accepted if the encrypted passwords * are identical. */ - return (strcmp(encrypted_password, pw_password) == 0); + return encrypted_password != NULL && + strcmp(encrypted_password, pw_password) == 0; } #endif Modified: vendor-crypto/openssh/dist/auth.c ============================================================================== --- vendor-crypto/openssh/dist/auth.c Wed Aug 29 15:53:27 2012 (r239848) +++ vendor-crypto/openssh/dist/auth.c Wed Aug 29 15:55:54 2012 (r239849) @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.94 2011/05/23 03:33:38 djm Exp $ */ +/* $OpenBSD: auth.c,v 1.96 2012/05/13 01:42:32 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -357,7 +357,8 @@ expand_authorized_keys(const char *filen char * authorized_principals_file(struct passwd *pw) { - if (options.authorized_principals_file == NULL) + if (options.authorized_principals_file == NULL || + strcasecmp(options.authorized_principals_file, "none") == 0) return NULL; return expand_authorized_keys(options.authorized_principals_file, pw); } @@ -544,9 +545,10 @@ getpwnamallow(const char *user) #endif #endif struct passwd *pw; + struct connection_info *ci = get_connection_info(1, options.use_dns); - parse_server_match_config(&options, user, - get_canonical_hostname(options.use_dns), get_remote_ipaddr()); + ci->user = user; + parse_server_match_config(&options, ci); #if defined(_AIX) && defined(HAVE_SETAUTHDB) aix_setauthdb(user); Modified: vendor-crypto/openssh/dist/channels.c ============================================================================== --- vendor-crypto/openssh/dist/channels.c Wed Aug 29 15:53:27 2012 (r239848) +++ vendor-crypto/openssh/dist/channels.c Wed Aug 29 15:55:54 2012 (r239849) @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.315 2011/09/23 07:45:05 markus Exp $ */ +/* $OpenBSD: channels.c,v 1.318 2012/04/23 08:18:17 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -311,6 +311,7 @@ channel_new(char *ctype, int type, int r c->istate = CHAN_INPUT_OPEN; c->flags = 0; channel_register_fds(c, rfd, wfd, efd, extusage, nonblock, 0); + c->notbefore = 0; c->self = found; c->type = type; c->ctype = ctype; @@ -1339,6 +1340,8 @@ channel_post_x11_listener(Channel *c, fd } if (newsock < 0) { error("accept: %.100s", strerror(errno)); + if (errno == EMFILE || errno == ENFILE) + c->notbefore = time(NULL) + 1; return; } set_nodelay(newsock); @@ -1482,6 +1485,8 @@ channel_post_port_listener(Channel *c, f newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen); if (newsock < 0) { error("accept: %.100s", strerror(errno)); + if (errno == EMFILE || errno == ENFILE) + c->notbefore = time(NULL) + 1; return; } set_nodelay(newsock); @@ -1514,7 +1519,10 @@ channel_post_auth_listener(Channel *c, f addrlen = sizeof(addr); newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen); if (newsock < 0) { - error("accept from auth socket: %.100s", strerror(errno)); + error("accept from auth socket: %.100s", + strerror(errno)); + if (errno == EMFILE || errno == ENFILE) + c->notbefore = time(NULL) + 1; return; } nc = channel_new("accepted auth socket", @@ -1917,6 +1925,8 @@ channel_post_mux_listener(Channel *c, fd if ((newsock = accept(c->sock, (struct sockaddr*)&addr, &addrlen)) == -1) { error("%s accept: %s", __func__, strerror(errno)); + if (errno == EMFILE || errno == ENFILE) + c->notbefore = time(NULL) + 1; return; } @@ -2067,16 +2077,21 @@ channel_garbage_collect(Channel *c) } static void -channel_handler(chan_fn *ftab[], fd_set *readset, fd_set *writeset) +channel_handler(chan_fn *ftab[], fd_set *readset, fd_set *writeset, + time_t *unpause_secs) { static int did_init = 0; u_int i, oalloc; Channel *c; + time_t now; if (!did_init) { channel_handler_init(); did_init = 1; } + now = time(NULL); + if (unpause_secs != NULL) + *unpause_secs = 0; for (i = 0, oalloc = channels_alloc; i < oalloc; i++) { c = channels[i]; if (c == NULL) @@ -2087,10 +2102,30 @@ channel_handler(chan_fn *ftab[], fd_set else continue; } - if (ftab[c->type] != NULL) - (*ftab[c->type])(c, readset, writeset); + if (ftab[c->type] != NULL) { + /* + * Run handlers that are not paused. + */ + if (c->notbefore <= now) + (*ftab[c->type])(c, readset, writeset); + else if (unpause_secs != NULL) { + /* + * Collect the time that the earliest + * channel comes off pause. + */ + debug3("%s: chan %d: skip for %d more seconds", + __func__, c->self, + (int)(c->notbefore - now)); + if (*unpause_secs == 0 || + (c->notbefore - now) < *unpause_secs) + *unpause_secs = c->notbefore - now; + } + } channel_garbage_collect(c); } + if (unpause_secs != NULL && *unpause_secs != 0) + debug3("%s: first channel unpauses in %d seconds", + __func__, (int)*unpause_secs); } /* @@ -2099,7 +2134,7 @@ channel_handler(chan_fn *ftab[], fd_set */ void channel_prepare_select(fd_set **readsetp, fd_set **writesetp, int *maxfdp, - u_int *nallocp, int rekeying) + u_int *nallocp, time_t *minwait_secs, int rekeying) { u_int n, sz, nfdset; @@ -2122,7 +2157,8 @@ channel_prepare_select(fd_set **readsetp memset(*writesetp, 0, sz); if (!rekeying) - channel_handler(channel_pre, *readsetp, *writesetp); + channel_handler(channel_pre, *readsetp, *writesetp, + minwait_secs); } /* @@ -2132,7 +2168,7 @@ channel_prepare_select(fd_set **readsetp void channel_after_select(fd_set *readset, fd_set *writeset) { - channel_handler(channel_post, readset, writeset); + channel_handler(channel_post, readset, writeset, NULL); } @@ -3127,6 +3163,17 @@ channel_add_adm_permitted_opens(char *ho } void +channel_disable_adm_local_opens(void) +{ + if (num_adm_permitted_opens == 0) { + permitted_adm_opens = xmalloc(sizeof(*permitted_adm_opens)); + permitted_adm_opens[num_adm_permitted_opens].host_to_connect + = NULL; + num_adm_permitted_opens = 1; + } +} + +void channel_clear_permitted_opens(void) { int i; @@ -3167,7 +3214,9 @@ channel_print_adm_permitted_opens(void) return; } for (i = 0; i < num_adm_permitted_opens; i++) - if (permitted_adm_opens[i].host_to_connect != NULL) + if (permitted_adm_opens[i].host_to_connect == NULL) + printf(" none"); + else printf(" %s:%d", permitted_adm_opens[i].host_to_connect, permitted_adm_opens[i].port_to_connect); printf("\n"); Modified: vendor-crypto/openssh/dist/channels.h ============================================================================== --- vendor-crypto/openssh/dist/channels.h Wed Aug 29 15:53:27 2012 (r239848) +++ vendor-crypto/openssh/dist/channels.h Wed Aug 29 15:55:54 2012 (r239849) @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.109 2011/09/23 07:45:05 markus Exp $ */ +/* $OpenBSD: channels.h,v 1.111 2012/04/11 13:16:19 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -105,6 +105,7 @@ struct Channel { int wfd_isatty; /* wfd is a tty */ int client_tty; /* (client) TTY has been requested */ int force_drain; /* force close on iEOF */ + time_t notbefore; /* Pause IO until deadline (time_t) */ int delayed; /* post-select handlers for newly created * channels are delayed until the first call * to a matching pre-select handler. @@ -238,7 +239,8 @@ void channel_input_status_confirm(int, /* file descriptor handling (read/write) */ -void channel_prepare_select(fd_set **, fd_set **, int *, u_int*, int); +void channel_prepare_select(fd_set **, fd_set **, int *, u_int*, + time_t*, int); void channel_after_select(fd_set *, fd_set *); void channel_output_poll(void); @@ -253,6 +255,7 @@ void channel_set_af(int af); void channel_permit_all_opens(void); void channel_add_permitted_opens(char *, int); int channel_add_adm_permitted_opens(char *, int); +void channel_disable_adm_local_opens(void); void channel_update_permitted_opens(int, int); void channel_clear_permitted_opens(void); void channel_clear_adm_permitted_opens(void); Modified: vendor-crypto/openssh/dist/clientloop.c ============================================================================== --- vendor-crypto/openssh/dist/clientloop.c Wed Aug 29 15:53:27 2012 (r239848) +++ vendor-crypto/openssh/dist/clientloop.c Wed Aug 29 15:55:54 2012 (r239849) @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.238 2012/01/18 21:46:43 dtucker Exp $ */ +/* $OpenBSD: clientloop.c,v 1.240 2012/06/20 04:42:58 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -583,10 +583,12 @@ client_wait_until_can_do_something(fd_se { struct timeval tv, *tvp; int timeout_secs; + time_t minwait_secs = 0; int ret; /* Add any selections by the channel mechanism. */ - channel_prepare_select(readsetp, writesetp, maxfdp, nallocp, rekeying); + channel_prepare_select(readsetp, writesetp, maxfdp, nallocp, + &minwait_secs, rekeying); if (!compat20) { /* Read from the connection, unless our buffers are full. */ @@ -639,6 +641,8 @@ client_wait_until_can_do_something(fd_se if (timeout_secs < 0) timeout_secs = 0; } + if (minwait_secs != 0) + timeout_secs = MIN(timeout_secs, (int)minwait_secs); if (timeout_secs == INT_MAX) tvp = NULL; else { Modified: vendor-crypto/openssh/dist/config.h.in ============================================================================== --- vendor-crypto/openssh/dist/config.h.in Wed Aug 29 15:53:27 2012 (r239848) +++ vendor-crypto/openssh/dist/config.h.in Wed Aug 29 15:55:54 2012 (r239849) @@ -822,6 +822,9 @@ /* Define to 1 if you have the `setgroups' function. */ #undef HAVE_SETGROUPS +/* Define to 1 if you have the `setlinebuf' function. */ +#undef HAVE_SETLINEBUF + /* Define to 1 if you have the `setlogin' function. */ #undef HAVE_SETLOGIN @@ -1374,6 +1377,9 @@ /* Sandbox using seccomp filter */ #undef SANDBOX_SECCOMP_FILTER +/* setrlimit RLIMIT_FSIZE works */ +#undef SANDBOX_SKIP_RLIMIT_FSIZE + /* Sandbox using systrace(4) */ #undef SANDBOX_SYSTRACE Modified: vendor-crypto/openssh/dist/configure ============================================================================== --- vendor-crypto/openssh/dist/configure Wed Aug 29 15:53:27 2012 (r239848) +++ vendor-crypto/openssh/dist/configure Wed Aug 29 15:55:54 2012 (r239849) @@ -1,5 +1,5 @@ #! /bin/sh -# From configure.ac Revision: 1.489 . +# From configure.ac Revision: 1.496 . # Guess values for system-dependent variables and create Makefiles. # Generated by GNU Autoconf 2.68 for OpenSSH Portable. # @@ -6927,7 +6927,8 @@ $as_echo "#define SSH_TUN_PREPEND_AF 1" for ac_header in linux/seccomp.h linux/filter.h linux/audit.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "#include <linux/types.h> +" if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 @@ -9137,8 +9138,9 @@ LIBEDIT_MSG="no" if test "${with_libedit+set}" = set; then : withval=$with_libedit; if test "x$withval" != "xno" ; then if test "x$withval" = "xyes" ; then - # Extract the first word of "pkg-config", so it can be a program name with args. -set dummy pkg-config; ac_word=$2 + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. +set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_PKGCONFIG+:} false; then : @@ -9164,7 +9166,6 @@ done done IFS=$as_save_IFS - test -z "$ac_cv_path_PKGCONFIG" && ac_cv_path_PKGCONFIG="no" ;; esac fi @@ -9178,6 +9179,63 @@ $as_echo "no" >&6; } fi +fi +if test -z "$ac_cv_path_PKGCONFIG"; then + ac_pt_PKGCONFIG=$PKGCONFIG + # Extract the first word of "pkg-config", so it can be a program name with args. +set dummy pkg-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_ac_pt_PKGCONFIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $ac_pt_PKGCONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_ac_pt_PKGCONFIG="$ac_pt_PKGCONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_path_ac_pt_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +ac_pt_PKGCONFIG=$ac_cv_path_ac_pt_PKGCONFIG +if test -n "$ac_pt_PKGCONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKGCONFIG" >&5 +$as_echo "$ac_pt_PKGCONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_pt_PKGCONFIG" = x; then + PKGCONFIG="no" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + PKGCONFIG=$ac_pt_PKGCONFIG + fi +else + PKGCONFIG="$ac_cv_path_PKGCONFIG" +fi + if test "x$PKGCONFIG" != "xno"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $PKGCONFIG knows about libedit" >&5 $as_echo_n "checking if $PKGCONFIG knows about libedit... " >&6; } @@ -9499,6 +9557,7 @@ for ac_func in \ seteuid \ setgroupent \ setgroups \ + setlinebuf \ setlogin \ setpassent\ setpcred \ @@ -11784,6 +11843,109 @@ if test "${with_sandbox+set}" = set; the fi + +# Some platforms (seems to be the ones that have a kernel poll(2)-type +# function with which they implement select(2)) use an extra file descriptor +# when calling select(2), which means we can't use the rlimit sandbox. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if select works with descriptor rlimit" >&5 +$as_echo_n "checking if select works with descriptor rlimit... " >&6; } +if test "$cross_compiling" = yes; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5 +$as_echo "$as_me: WARNING: cross compiling: assuming yes" >&2;} + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include <sys/types.h> +#ifdef HAVE_SYS_TIME_H +# include <sys/time.h> +#endif +#include <sys/resource.h> +#ifdef HAVE_SYS_SELECT_H +# include <sys/select.h> +#endif +#include <errno.h> +#include <fcntl.h> +#include <stdlib.h> + +int +main () +{ + + struct rlimit rl_zero; + int fd, r; + fd_set fds; + + fd = open("/dev/null", O_RDONLY); + FD_ZERO(&fds); + FD_SET(fd, &fds); + rl_zero.rlim_cur = rl_zero.rlim_max = 0; + setrlimit(RLIMIT_FSIZE, &rl_zero); + setrlimit(RLIMIT_NOFILE, &rl_zero); + r = select(fd+1, &fds, NULL, NULL, NULL); + exit (r == -1 ? 1 : 0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + select_works_with_rlimit=yes +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + select_works_with_rlimit=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if setrlimit RLIMIT_FSIZE works" >&5 +$as_echo_n "checking if setrlimit RLIMIT_FSIZE works... " >&6; } +if test "$cross_compiling" = yes; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5 +$as_echo "$as_me: WARNING: cross compiling: assuming yes" >&2;} + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include <sys/types.h> +#include <sys/resource.h> +#include <stdlib.h> + +int +main () +{ + + struct rlimit rl_zero; + + rl_zero.rlim_cur = rl_zero.rlim_max = 0; + exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +$as_echo "#define SANDBOX_SKIP_RLIMIT_FSIZE 1" >>confdefs.h + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + if test "x$sandbox_arg" = "xsystrace" || \ ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then test "x$have_systr_policy_kill" != "x1" && \ @@ -11804,7 +11966,7 @@ $as_echo "#define SANDBOX_DARWIN 1" >>co elif test "x$sandbox_arg" = "xseccomp_filter" || \ ( test -z "$sandbox_arg" && \ - test "x$have_seccomp_filter" == "x1" && \ + test "x$have_seccomp_filter" = "x1" && \ test "x$ac_cv_header_linux_audit_h" = "xyes" && \ test "x$have_seccomp_audit_arch" = "x1" && \ test "x$have_linux_no_new_privs" = "x1" && \ @@ -11822,9 +11984,12 @@ elif test "x$sandbox_arg" = "xseccomp_fi $as_echo "#define SANDBOX_SECCOMP_FILTER 1" >>confdefs.h elif test "x$sandbox_arg" = "xrlimit" || \ - ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" ) ; then + ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ + test "x$select_works_with_rlimit" == "xyes" ) ; then test "x$ac_cv_func_setrlimit" != "xyes" && \ as_fn_error $? "rlimit sandbox requires setrlimit function" "$LINENO" 5 + test "x$select_works_with_rlimit" != "xyes" && \ + as_fn_error $? "rlimit sandbox requires select to work with rlimit" "$LINENO" 5 SANDBOX_STYLE="rlimit" $as_echo "#define SANDBOX_RLIMIT 1" >>confdefs.h @@ -14118,7 +14283,7 @@ $as_echo_n "checking if struct statvfs.f cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include <sys/types.h> +#include <sys/param.h> #include <sys/stat.h> #ifdef HAVE_SYS_TIME_H # include <sys/time.h> @@ -16077,13 +16242,16 @@ rm -f core *.core core.conftest.* gmon.o fi # make sure $bindir is in USER_PATH so scp will work - t_bindir=`eval echo ${bindir}` - case $t_bindir in - NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; - esac - case $t_bindir in - NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201208291555.q7TFttHv072129>