diff options
Diffstat (limited to 'debian/patches-applied')
32 files changed, 8616 insertions, 0 deletions
diff --git a/debian/patches-applied/006_docs_cleanup b/debian/patches-applied/006_docs_cleanup new file mode 100644 index 00000000..b5dce7c6 --- /dev/null +++ b/debian/patches-applied/006_docs_cleanup @@ -0,0 +1,31 @@ +Upstream status: committed to CVS + +Index: Linux-PAM/doc/man/pam.conf-syntax.xml +=================================================================== +--- Linux-PAM/doc/man/pam.conf-syntax.xml.orig ++++ Linux-PAM/doc/man/pam.conf-syntax.xml +@@ -211,7 +211,8 @@ + <emphasis>authtok_disable_aging</emphasis>, + <emphasis>try_again</emphasis>, <emphasis>ignore</emphasis>, + <emphasis>abort</emphasis>, <emphasis>authtok_expired</emphasis>, +- <emphasis>module_unknown</emphasis>, <emphasis>bad_item</emphasis> ++ <emphasis>module_unknown</emphasis>, <emphasis>bad_item</emphasis>, ++ <emphasis>conv_again</emphasis>, <emphasis>incomplete</emphasis>, + and <emphasis>default</emphasis>. + </para> + <para> +Index: Linux-PAM/doc/man/pam.conf.5 +=================================================================== +--- Linux-PAM/doc/man/pam.conf.5.orig ++++ Linux-PAM/doc/man/pam.conf.5 +@@ -175,7 +175,9 @@ + \fIabort\fR, + \fIauthtok_expired\fR, + \fImodule_unknown\fR, +-\fIbad_item\fR ++\fIbad_item\fR, ++\fIconv_again\fR, ++\fIincomplete\fR, + and + \fIdefault\fR. + .PP diff --git a/debian/patches-applied/007_modules_pam_unix b/debian/patches-applied/007_modules_pam_unix new file mode 100644 index 00000000..f8f3d302 --- /dev/null +++ b/debian/patches-applied/007_modules_pam_unix @@ -0,0 +1,989 @@ +Index: Linux-PAM/modules/pam_unix/pam_unix_passwd.c +=================================================================== +--- Linux-PAM/modules/pam_unix/pam_unix_passwd.c.orig ++++ Linux-PAM/modules/pam_unix/pam_unix_passwd.c +@@ -127,6 +127,9 @@ + #define OPW_TMPFILE "/etc/security/nopasswd" + #define OLD_PASSWORDS_FILE "/etc/security/opasswd" + ++extern const char *obscure_msg(const char *, const char *, const struct passwd *, ++ unsigned int); ++ + /* + * i64c - convert an integer to a radix 64 character + */ +@@ -957,7 +960,8 @@ + static int _pam_unix_approve_pass(pam_handle_t * pamh + ,unsigned int ctrl + ,const char *pass_old +- ,const char *pass_new) ++ ,const char *pass_new, ++ int pass_min_len) + { + const void *user; + const char *remark = NULL; +@@ -991,11 +995,10 @@ + #ifdef USE_CRACKLIB + remark = FascistCheck (pass_new, CRACKLIB_DICTS); + D(("called cracklib [%s]", remark)); +-#else +- if (strlen(pass_new) < 6) ++#endif ++ if (strlen(pass_new) < pass_min_len) + remark = _("You must choose a longer password"); + D(("length check [%s]", remark)); +-#endif + if (on(UNIX_REMEMBER_PASSWD, ctrl)) { + if ((retval = check_old_password(user, pass_new)) == PAM_AUTHTOK_ERR) + remark = _("Password has been already used. Choose another."); +@@ -1005,6 +1008,11 @@ + return retval; + } + } ++ if (!remark && pass_old != NULL) { /* only check if we don't already have a failure */ ++ struct passwd *pwd; ++ pwd = pam_modutil_getpwnam(pamh, user); ++ remark = (char *)obscure_msg(pass_old,pass_new,pwd,ctrl); /* do obscure checks */ ++ } + } + if (remark) { + _make_remark(pamh, ctrl, PAM_ERROR_MSG, remark); +@@ -1020,6 +1028,7 @@ + unsigned int ctrl, lctrl; + int retval, i; + int remember = -1; ++ int pass_min_len = 6; + + /* <DO NOT free() THESE> */ + const char *user; +@@ -1028,7 +1037,7 @@ + + D(("called.")); + +- ctrl = _set_ctrl(pamh, flags, &remember, argc, argv); ++ ctrl = _set_ctrl(pamh, flags, &remember, &pass_min_len, argc, argv); + + /* + * First get the name of a user +@@ -1235,7 +1244,8 @@ + if (*(const char *)pass_new == '\0') { /* "\0" password = NULL */ + pass_new = NULL; + } +- retval = _pam_unix_approve_pass(pamh, ctrl, pass_old, pass_new); ++ retval = _pam_unix_approve_pass(pamh, ctrl, pass_old, ++ pass_new, pass_min_len); + } + + if (retval != PAM_SUCCESS) { +@@ -1281,7 +1291,8 @@ + return retval; + } + +- retval = _pam_unix_approve_pass(pamh, ctrl, pass_old, pass_new); ++ retval = _pam_unix_approve_pass(pamh, ctrl, pass_old, pass_new, ++ pass_min_len); + if (retval != PAM_SUCCESS) { + pam_syslog(pamh, LOG_NOTICE, + "new password not acceptable 2"); +Index: Linux-PAM/modules/pam_unix/pam_unix_acct.c +=================================================================== +--- Linux-PAM/modules/pam_unix/pam_unix_acct.c.orig ++++ Linux-PAM/modules/pam_unix/pam_unix_acct.c +@@ -202,7 +202,7 @@ + + D(("called.")); + +- ctrl = _set_ctrl(pamh, flags, NULL, argc, argv); ++ ctrl = _set_ctrl(pamh, flags, NULL, NULL, argc, argv); + + retval = pam_get_item(pamh, PAM_USER, &void_uname); + uname = void_uname; +@@ -266,7 +266,9 @@ + + curdays = time(NULL) / (60 * 60 * 24); + D(("today is %d, last change %d", curdays, spent->sp_lstchg)); +- if ((curdays > spent->sp_expire) && (spent->sp_expire != -1)) { ++ if ((curdays > spent->sp_expire) && (spent->sp_expire != -1) ++ && (spent->sp_expire != 0)) ++ { + pam_syslog(pamh, LOG_NOTICE, + "account %s has expired (account expired)", + uname); +@@ -293,7 +295,9 @@ + if ((curdays - spent->sp_lstchg > spent->sp_max) + && (curdays - spent->sp_lstchg > spent->sp_inact) + && (curdays - spent->sp_lstchg > spent->sp_max + spent->sp_inact) +- && (spent->sp_max != -1) && (spent->sp_inact != -1)) { ++ && (spent->sp_max != -1) && (spent->sp_max != 0) ++ && (spent->sp_inact != -1) && (spent->sp_inact != 0)) ++ { + pam_syslog(pamh, LOG_NOTICE, + "account %s has expired (failed to change password)", + uname); +@@ -302,7 +306,9 @@ + D(("account expired 2")); + return PAM_ACCT_EXPIRED; + } +- if ((curdays - spent->sp_lstchg > spent->sp_max) && (spent->sp_max != -1)) { ++ if ((curdays - spent->sp_lstchg > spent->sp_max) ++ && (spent->sp_max != -1) && (spent->sp_max != 0)) ++ { + pam_syslog(pamh, LOG_DEBUG, + "expired password for user %s (password aged)", + uname); +@@ -312,7 +318,9 @@ + return PAM_NEW_AUTHTOK_REQD; + } + if ((curdays - spent->sp_lstchg > spent->sp_max - spent->sp_warn) +- && (spent->sp_max != -1) && (spent->sp_warn != -1)) { ++ && (spent->sp_max != -1) && (spent->sp_warn != -1) ++ && (spent->sp_max != 0) && (spent->sp_warn != 0)) ++ { + daysleft = (spent->sp_lstchg + spent->sp_max) - curdays; + pam_syslog(pamh, LOG_DEBUG, + "password for user %s will expire in %d days", +Index: Linux-PAM/modules/pam_unix/support.c +=================================================================== +--- Linux-PAM/modules/pam_unix/support.c.orig ++++ Linux-PAM/modules/pam_unix/support.c +@@ -53,8 +53,8 @@ + * set the control flags for the UNIX module. + */ + +-int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int argc, +- const char **argv) ++int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *pass_min_len, ++ int argc, const char **argv) + { + unsigned int ctrl; + +@@ -80,6 +80,7 @@ + D(("SILENT")); + set(UNIX__QUIET, ctrl); + } ++ + /* now parse the arguments to this module */ + + while (argc-- > 0) { +@@ -89,7 +90,8 @@ + + for (j = 0; j < UNIX_CTRLS_; ++j) { + if (unix_args[j].token +- && !strncmp(*argv, unix_args[j].token, strlen(unix_args[j].token))) { ++ && !strncmp(*argv, unix_args[j].token, strlen(unix_args[j].token))) ++ { + break; + } + } +@@ -101,20 +103,25 @@ + ctrl &= unix_args[j].mask; /* for turning things off */ + ctrl |= unix_args[j].flag; /* for turning things on */ + +- if (remember != NULL) { +- if (j == UNIX_REMEMBER_PASSWD) { +- *remember = strtol(*argv + 9, NULL, 10); +- if ((*remember == INT_MIN) || (*remember == INT_MAX)) +- *remember = -1; +- if (*remember > 400) +- *remember = 400; +- } ++ /* special cases */ ++ if (remember != NULL && j == UNIX_REMEMBER_PASSWD) { ++ *remember = strtol(*argv + 9, NULL, 10); ++ if ((*remember == INT_MIN) || (*remember == INT_MAX)) ++ *remember = -1; ++ if (*remember > 400) ++ *remember = 400; ++ } else if (pass_min_len && j == UNIX_MIN_PASS_LEN) { ++ *pass_min_len = atoi(*argv + 4); + } + } + + ++argv; /* step to next argument */ + } + ++ if (off(UNIX_BIGCRYPT,ctrl) && off(UNIX_MD5_PASS,ctrl) ++ && pass_min_len && *pass_min_len > 8) ++ *pass_min_len = 8; ++ + if (flags & PAM_DISALLOW_NULL_AUTHTOK) { + D(("DISALLOW_NULL_AUTHTOK")); + set(UNIX__NONULL, ctrl); +@@ -692,6 +699,8 @@ + } else if (!p || (*salt == '*')) { + retval = PAM_AUTH_ERR; + } else { ++ /* Hack off sysv pw aging foo */ ++ if (strrchr(salt, ',')) *(strrchr(salt, ',')) = '\0'; + if (!strncmp(salt, "$1$", 3)) { + pp = Goodcrypt_md5(p, salt); + if (strcmp(pp, salt) != 0) { +Index: Linux-PAM/modules/pam_unix/support.h +=================================================================== +--- Linux-PAM/modules/pam_unix/support.h.orig ++++ Linux-PAM/modules/pam_unix/support.h +@@ -84,8 +84,11 @@ + #define UNIX_NOREAP 21 /* don't reap child process */ + #define UNIX_BROKEN_SHADOW 22 /* ignore errors reading password aging + * information during acct management */ ++#define UNIX_MAX_PASS_LEN 23 /* internal, for compatibility only */ ++#define UNIX_MIN_PASS_LEN 24 /* Min length for password */ ++#define UNIX_OBSCURE_CHECKS 25 /* enable obscure checks on passwords */ + /* -------------- */ +-#define UNIX_CTRLS_ 23 /* number of ctrl arguments defined */ ++#define UNIX_CTRLS_ 26 /* number of ctrl arguments defined */ + + + static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = +@@ -93,29 +96,32 @@ + /* symbol token name ctrl mask ctrl * + * ----------------------- ------------------- --------------------- -------- */ + +-/* UNIX__OLD_PASSWD */ {NULL, _ALL_ON_, 01}, +-/* UNIX__VERIFY_PASSWD */ {NULL, _ALL_ON_, 02}, +-/* UNIX__IAMROOT */ {NULL, _ALL_ON_, 04}, +-/* UNIX_AUDIT */ {"audit", _ALL_ON_, 010}, +-/* UNIX_USE_FIRST_PASS */ {"use_first_pass", _ALL_ON_^(060), 020}, +-/* UNIX_TRY_FIRST_PASS */ {"try_first_pass", _ALL_ON_^(060), 040}, +-/* UNIX_NOT_SET_PASS */ {"not_set_pass", _ALL_ON_, 0100}, +-/* UNIX__PRELIM */ {NULL, _ALL_ON_^(0600), 0200}, +-/* UNIX__UPDATE */ {NULL, _ALL_ON_^(0600), 0400}, +-/* UNIX__NONULL */ {NULL, _ALL_ON_, 01000}, +-/* UNIX__QUIET */ {NULL, _ALL_ON_, 02000}, +-/* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 04000}, +-/* UNIX_SHADOW */ {"shadow", _ALL_ON_, 010000}, +-/* UNIX_MD5_PASS */ {"md5", _ALL_ON_^(0400000), 020000}, +-/* UNIX__NULLOK */ {"nullok", _ALL_ON_^(01000), 0}, +-/* UNIX_DEBUG */ {"debug", _ALL_ON_, 040000}, +-/* UNIX_NODELAY */ {"nodelay", _ALL_ON_, 0100000}, +-/* UNIX_NIS */ {"nis", _ALL_ON_, 0200000}, +-/* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(020000), 0400000}, +-/* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 01000000}, +-/* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 02000000}, +-/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 04000000}, +-/* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 010000000}, ++/* UNIX__OLD_PASSWD */ {NULL, _ALL_ON_, 0x1}, ++/* UNIX__VERIFY_PASSWD */ {NULL, _ALL_ON_, 0x2}, ++/* UNIX__IAMROOT */ {NULL, _ALL_ON_, 0x4}, ++/* UNIX_AUDIT */ {"audit", _ALL_ON_, 0x8}, ++/* UNIX_USE_FIRST_PASS */ {"use_first_pass", _ALL_ON_^(0x30), 0x10}, ++/* UNIX_TRY_FIRST_PASS */ {"try_first_pass", _ALL_ON_^(0x30), 0x20}, ++/* UNIX_NOT_SET_PASS */ {"not_set_pass", _ALL_ON_, 0x40}, ++/* UNIX__PRELIM */ {NULL, _ALL_ON_^(0x180), 0x80}, ++/* UNIX__UPDATE */ {NULL, _ALL_ON_^(0x180), 0x100}, ++/* UNIX__NONULL */ {NULL, _ALL_ON_, 0x200}, ++/* UNIX__QUIET */ {NULL, _ALL_ON_, 0x400}, ++/* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 0x800}, ++/* UNIX_SHADOW */ {"shadow", _ALL_ON_, 0x1000}, ++/* UNIX_MD5_PASS */ {"md5", _ALL_ON_^(0x20000), 0x2000}, ++/* UNIX__NULLOK */ {"nullok", _ALL_ON_^(0x200), 0}, ++/* UNIX_DEBUG */ {"debug", _ALL_ON_, 0x4000}, ++/* UNIX_NODELAY */ {"nodelay", _ALL_ON_, 0x8000}, ++/* UNIX_NIS */ {"nis", _ALL_ON_, 0x10000}, ++/* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(0x2000), 0x20000}, ++/* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 0x40000}, ++/* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 0x80000}, ++/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 0x100000}, ++/* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 0x200000}, ++/* UNIX_MAX_PASS_LEN */ {"max=", _ALL_ON_, 0}, ++/* UNIX_MIN_PASS_LEN */ {"min=", _ALL_ON_, 0x400000}, ++/* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x800000}, + }; + + #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) +@@ -131,8 +137,8 @@ + + extern int _make_remark(pam_handle_t * pamh, unsigned int ctrl + ,int type, const char *text); +-extern int _set_ctrl(pam_handle_t * pamh, int flags, int *remember, int argc, +- const char **argv); ++extern int _set_ctrl(pam_handle_t * pamh, int flags, int *remember, ++ int *pass_min_len, int argc, const char **argv); + extern int _unix_getpwnam (pam_handle_t *pamh, + const char *name, int files, int nis, + struct passwd **ret); +Index: Linux-PAM/modules/pam_unix/unix_chkpwd.c +=================================================================== +--- Linux-PAM/modules/pam_unix/unix_chkpwd.c.orig ++++ Linux-PAM/modules/pam_unix/unix_chkpwd.c +@@ -192,6 +192,13 @@ + return PAM_AUTHTOK_ERR; + } + ++ /* Hack off SysVR4 password aging */ ++ { ++ char *tmp; ++ ++ if ((tmp = strrchr(salt, ',')) != NULL) *tmp = '\0'; ++ } ++ + /* the moment of truth -- do we agree with the password? */ + retval = PAM_AUTH_ERR; + if (!strncmp(salt, "$1$", 3)) { +Index: Linux-PAM/modules/pam_unix/pam_unix.8.xml +=================================================================== +--- Linux-PAM/modules/pam_unix/pam_unix.8.xml.orig ++++ Linux-PAM/modules/pam_unix/pam_unix.8.xml +@@ -269,6 +269,90 @@ + </para> + </listitem> + </varlistentry> ++ <varlistentry> ++ <term> ++ <option>min=<replaceable>n</replaceable></option> ++ </term> ++ <listitem> ++ <para> ++ Set a minimum password length of <replaceable>n</replaceable> ++ characters. The default value is 1. ++ </para> ++ </listitem> ++ </varlistentry> ++ <varlistentry> ++ <term> ++ <option>obscure</option> ++ </term> ++ <listitem> ++ <para> ++ Enable some extra checks on password strength. These checks ++ are based on the "obscure" checks in the original shadow ++ package. The behavior is similar to the pam_cracklib ++ module, but for non-dictionary-based checks. The following ++ checks are implemented: ++ <variablelist> ++ <varlistentry> ++ <term> ++ <option>Palindrome</option> ++ </term> ++ <listitem> ++ <para> ++ Verifies that the new password is not a palindrome ++ of (i.e., the reverse of) the previous one. ++ </para> ++ </listitem> ++ </varlistentry> ++ <varlistentry> ++ <term> ++ <option>Case Change Only</option> ++ </term> ++ <listitem> ++ <para> ++ Verifies that the new password isn't the same as the ++ old one with a change of case. ++ </para> ++ </listitem> ++ </varlistentry> ++ <varlistentry> ++ <term> ++ <option>Similar</option> ++ </term> ++ <listitem> ++ <para> ++ Verifies that the new password isn't too much like ++ the previous one. ++ </para> ++ </listitem> ++ </varlistentry> ++ <varlistentry> ++ <term> ++ <option>Simple</option> ++ </term> ++ <listitem> ++ <para> ++ Is the new password too simple? This is based on ++ the length of the password and the number of ++ different types of characters (alpha, numeric, etc.) ++ used. ++ </para> ++ </listitem> ++ </varlistentry> ++ <varlistentry> ++ <term> ++ <option>Rotated</option> ++ </term> ++ <listitem> ++ <para> ++ Is the new password a rotated version of the old ++ password? (E.g., "billy" and "illyb") ++ </para> ++ </listitem> ++ </varlistentry> ++ </variablelist> ++ </para> ++ </listitem> ++ </varlistentry> + </variablelist> + <para> + Invalid arguments are logged with <citerefentry> +Index: Linux-PAM/modules/pam_unix/obscure.c +=================================================================== +--- /dev/null ++++ Linux-PAM/modules/pam_unix/obscure.c +@@ -0,0 +1,198 @@ ++/* ++ * Copyright 1989 - 1994, Julianne Frances Haugh ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. Neither the name of Julianne F. Haugh nor the names of its contributors ++ * may be used to endorse or promote products derived from this software ++ * without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ */ ++ ++#include "config.h" ++ ++#include <ctype.h> ++#include <stdio.h> ++#include <unistd.h> ++#include <string.h> ++#include <stdlib.h> ++#include <pwd.h> ++#include <security/pam_modules.h> ++#include <security/_pam_macros.h> ++ ++ ++#include "support.h" ++ ++/* can't be a palindrome - like `R A D A R' or `M A D A M' */ ++static int palindrome(const char *old, const char *new) { ++ int i, j; ++ ++ i = strlen (new); ++ ++ for (j = 0;j < i;j++) ++ if (new[i - j - 1] != new[j]) ++ return 0; ++ ++ return 1; ++} ++ ++/* more than half of the characters are different ones. */ ++static int similar(const char *old, const char *new) { ++ int i, j; ++ ++ /* ++ * XXX - sometimes this fails when changing from a simple password ++ * to a really long one (MD5). For now, I just return success if ++ * the new password is long enough. Please feel free to suggest ++ * something better... --marekm ++ */ ++ if (strlen(new) >= 8) ++ return 0; ++ ++ for (i = j = 0; new[i] && old[i]; i++) ++ if (strchr(new, old[i])) ++ j++; ++ ++ if (i >= j * 2) ++ return 0; ++ ++ return 1; ++} ++ ++/* a nice mix of characters. */ ++static int simple(const char *old, const char *new) { ++ int digits = 0; ++ int uppers = 0; ++ int lowers = 0; ++ int others = 0; ++ int size; ++ int i; ++ ++ for (i = 0;new[i];i++) { ++ if (isdigit (new[i])) ++ digits++; ++ else if (isupper (new[i])) ++ uppers++; ++ else if (islower (new[i])) ++ lowers++; ++ else ++ others++; ++ } ++ ++ /* ++ * The scam is this - a password of only one character type ++ * must be 8 letters long. Two types, 7, and so on. ++ */ ++ ++ size = 9; ++ if (digits) size--; ++ if (uppers) size--; ++ if (lowers) size--; ++ if (others) size--; ++ ++ if (size <= i) ++ return 0; ++ ++ return 1; ++} ++ ++static char *str_lower(char *string) { ++ char *cp; ++ ++ for (cp = string; *cp; cp++) ++ *cp = tolower(*cp); ++ return string; ++} ++ ++static const char * password_check(const char *old, const char *new, ++ const struct passwd *pwdp) { ++ const char *msg = NULL; ++ char *oldmono, *newmono, *wrapped; ++ ++ if (strcmp(new, old) == 0) ++ return _("Bad: new password must be different than the old one"); ++ ++ newmono = str_lower(strdup(new)); ++ oldmono = str_lower(strdup(old)); ++ wrapped = (char *)malloc(strlen(oldmono) * 2 + 1); ++ strcpy (wrapped, oldmono); ++ strcat (wrapped, oldmono); ++ ++ if (palindrome(oldmono, newmono)) { ++ msg = _("Bad: new password cannot be a palindrome"); ++ } else if (strcmp(oldmono, newmono) == 0) { ++ msg = _("Bad: new and old password must differ by more than just case"); ++ } else if (similar(oldmono, newmono)) { ++ msg = _("Bad: new and old password are too similar"); ++ } else if (simple(old, new)) { ++ msg = _("Bad: new password is too simple"); ++ } else if (strstr(wrapped, newmono)) { ++ msg = _("Bad: new password is just a wrapped version of the old one"); ++ } ++ ++ _pam_delete(newmono); ++ _pam_delete(oldmono); ++ _pam_delete(wrapped); ++ ++ return msg; ++} ++ ++const char *obscure_msg(const char *old, const char *new, ++ const struct passwd *pwdp, unsigned int ctrl) { ++ int oldlen, newlen; ++ char *new1, *old1; ++ const char *msg; ++ ++ if (old == NULL) ++ return NULL; /* no check if old is NULL */ ++ ++ oldlen = strlen(old); ++ newlen = strlen(new); ++ ++ /* Remaining checks are optional. */ ++ if (off(UNIX_OBSCURE_CHECKS,ctrl)) ++ return NULL; ++ ++ if ((msg = password_check(old, new, pwdp)) != NULL) ++ return msg; ++ ++ /* The traditional crypt() truncates passwords to 8 chars. It is ++ possible to circumvent the above checks by choosing an easy ++ 8-char password and adding some random characters to it... ++ Example: "password$%^&*123". So check it again, this time ++ truncated to the maximum length. Idea from npasswd. --marekm */ ++ ++ if (on(UNIX_MD5_PASS,ctrl) || on(UNIX_BIGCRYPT,ctrl)) ++ return NULL; /* unlimited password length */ ++ ++ if (oldlen <= 8 && newlen <= 8) ++ return NULL; ++ ++ new1 = strndup(new,8); ++ old1 = strndup(old,8); ++ ++ msg = password_check(old1, new1, pwdp); ++ ++ _pam_delete(new1); ++ _pam_delete(old1); ++ ++ return msg; ++} +Index: Linux-PAM/modules/pam_unix/pam_unix.8 +=================================================================== +--- Linux-PAM/modules/pam_unix/pam_unix.8.orig ++++ Linux-PAM/modules/pam_unix/pam_unix.8 +@@ -1,133 +1,201 @@ + .\" Title: pam_unix + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> +-.\" Date: 09/20/2006 +-.\" Manual: Linux\-PAM Manual +-.\" Source: Linux\-PAM Manual ++.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/> ++.\" Date: 08/31/2007 ++.\" Manual: Linux-PAM Manual ++.\" Source: Linux-PAM Manual + .\" +-.TH "PAM_UNIX" "8" "09/20/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_UNIX" "8" "08/31/2007" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) + .ad l + .SH "NAME" +-pam_unix \- Module for traditional password authentication ++pam_unix - Module for traditional password authentication + .SH "SYNOPSIS" + .HP 12 +-\fBpam_unix.so\fR [...] ++\fBpam_unix\.so\fR [\.\.\.] + .SH "DESCRIPTION" + .PP +-This is the standard Unix authentication module. It uses standard calls from the system's libraries to retrieve and set account information as well as authentication. Usually this is obtained from the /etc/passwd and the /etc/shadow file as well if shadow is enabled. ++This is the standard Unix authentication module\. It uses standard calls from the system\'s libraries to retrieve and set account information as well as authentication\. Usually this is obtained from the /etc/passwd and the /etc/shadow file as well if shadow is enabled\. + .PP +-The account component performs the task of establishing the status of the user's account and password based on the following ++The account component performs the task of establishing the status of the user\'s account and password based on the following + \fIshadow\fR +-elements: expire, last_change, max_change, min_change, warn_change. In the case of the latter, it may offer advice to the user on changing their password or, through the ++elements: expire, last_change, max_change, min_change, warn_change\. In the case of the latter, it may offer advice to the user on changing their password or, through the + \fBPAM_AUTHTOKEN_REQD\fR +-return, delay giving service to the user until they have established a new password. The entries listed above are documented in the ++return, delay giving service to the user until they have established a new password\. The entries listed above are documented in the + \fBshadow\fR(5) +-manual page. Should the user's record not contain one or more of these entries, the corresponding ++manual page\. Should the user\'s record not contain one or more of these entries, the corresponding + \fIshadow\fR +-check is not performed. ++check is not performed\. + .PP +-The authentication component performs the task of checking the users credentials (password). The default action of this module is to not permit the user access to a service if their official password is blank. ++The authentication component performs the task of checking the users credentials (password)\. The default action of this module is to not permit the user access to a service if their official password is blank\. + .PP + A helper binary, +-\fBunix_chkpwd\fR(8), is provided to check the user's password when it is stored in a read protected database. This binary is very simple and will only check the password of the user invoking it. It is called transparently on behalf of the user by the authenticating component of this module. In this way it is possible for applications like ++\fBunix_chkpwd\fR(8), is provided to check the user\'s password when it is stored in a read protected database\. This binary is very simple and will only check the password of the user invoking it\. It is called transparently on behalf of the user by the authenticating component of this module\. In this way it is possible for applications like + \fBxlock\fR(1) +-to work without being setuid\-root. The module, by default, will temporarily turn off SIGCHLD handling for the duration of execution of the helper binary. This is generally the right thing to do, as many applications are not prepared to handle this signal from a child they didn't know was +-\fBfork()\fRd. The ++to work without being setuid\-root\. The module, by default, will temporarily turn off SIGCHLD handling for the duration of execution of the helper binary\. This is generally the right thing to do, as many applications are not prepared to handle this signal from a child they didn\'t know was ++\fBfork()\fRd\. The + \fBnoreap\fR +-module argument can be used to suppress this temporary shielding and may be needed for use with certain applications. ++module argument can be used to suppress this temporary shielding and may be needed for use with certain applications\. + .PP +-The password component of this module performs the task of updating the user's password. ++The password component of this module performs the task of updating the user\'s password\. + .PP +-The session component of this module logs when a user logins or leave the system. ++The session component of this module logs when a user logins or leave the system\. + .PP +-Remaining arguments, supported by others functions of this module, are silently ignored. Other arguments are logged as errors through +-\fBsyslog\fR(3). ++Remaining arguments, supported by others functions of this module, are silently ignored\. Other arguments are logged as errors through ++\fBsyslog\fR(3)\. + .SH "OPTIONS" +-.TP 3n ++.PP + \fBdebug\fR ++.RS 4 + Turns on debugging via +-\fBsyslog\fR(3). +-.TP 3n ++\fBsyslog\fR(3)\. ++.RE ++.PP + \fBaudit\fR +-A little more extreme than debug. +-.TP 3n ++.RS 4 ++A little more extreme than debug\. ++.RE ++.PP + \fBnullok\fR +-The default action of this module is to not permit the user access to a service if their official password is blank. The ++.RS 4 ++The default action of this module is to not permit the user access to a service if their official password is blank\. The + \fBnullok\fR +-argument overrides this default. +-.TP 3n ++argument overrides this default\. ++.RE ++.PP + \fBtry_first_pass\fR +-Before prompting the user for their password, the module first tries the previous stacked module's password in case that satisfies this module as well. +-.TP 3n ++.RS 4 ++Before prompting the user for their password, the module first tries the previous stacked module\'s password in case that satisfies this module as well\. ++.RE ++.PP + \fBuse_first_pass\fR ++.RS 4 + The argument + \fBuse_first_pass\fR +-forces the module to use a previous stacked modules password and will never prompt the user \- if no password is available or the password is not appropriate, the user will be denied access. +-.TP 3n ++forces the module to use a previous stacked modules password and will never prompt the user \- if no password is available or the password is not appropriate, the user will be denied access\. ++.RE ++.PP + \fBnodelay\fR +-This argument can be used to discourage the authentication component from requesting a delay should the authentication as a whole fail. The default action is for the module to request a delay\-on\-failure of the order of two second. +-.TP 3n ++.RS 4 ++This argument can be used to discourage the authentication component from requesting a delay should the authentication as a whole fail\. The default action is for the module to request a delay\-on\-failure of the order of two second\. ++.RE ++.PP + \fBuse_authtok\fR ++.RS 4 + When password changing enforce the module to set the new password to the one provided by a previously stacked + \fBpassword\fR + module (this is used in the example of the stacking of the + \fBpam_cracklib\fR +-module documented above). +-.TP 3n ++module documented above)\. ++.RE ++.PP + \fBnot_set_pass\fR +-This argument is used to inform the module that it is not to pay attention to/make available the old or new passwords from/to other (stacked) password modules. +-.TP 3n ++.RS 4 ++This argument is used to inform the module that it is not to pay attention to/make available the old or new passwords from/to other (stacked) password modules\. ++.RE ++.PP + \fBnis\fR +-NIS RPC is used for setting new passwords. +-.TP 3n ++.RS 4 ++NIS RPC is used for setting new passwords\. ++.RE ++.PP + \fBremember=\fR\fB\fIn\fR\fR ++.RS 4 + The last + \fIn\fR + passwords for each user are saved in + \fI/etc/security/opasswd\fR +-in order to force password change history and keep the user from alternating between the same password too frequently. +-.TP 3n ++in order to force password change history and keep the user from alternating between the same password too frequently\. ++.RE ++.PP + \fBshadow\fR +-Try to maintain a shadow based system. +-.TP 3n ++.RS 4 ++Try to maintain a shadow based system\. ++.RE ++.PP + \fBmd5\fR +-When a user changes their password next, encrypt it with the MD5 algorithm. +-.TP 3n ++.RS 4 ++When a user changes their password next, encrypt it with the MD5 algorithm\. ++.RE ++.PP + \fBbigcrypt\fR +-When a user changes their password next, encrypt it with the DEC C2 algorithm. +-.TP 3n ++.RS 4 ++When a user changes their password next, encrypt it with the DEC C2 algorithm\. ++.RE ++.PP + \fBbroken_shadow\fR +-Ignore errors reading shadow inforation for users in the account management module. ++.RS 4 ++Ignore errors reading shadow inforation for users in the account management module\. ++.RE ++.PP ++\fBmin=\fR\fB\fIn\fR\fR ++.RS 4 ++Set a minimum password length of ++\fIn\fR ++characters\. The default value is 1\. ++.RE ++.PP ++\fBobscure\fR ++.RS 4 ++Enable some extra checks on password strength\. These checks are based on the "obscure" checks in the original shadow package\. The behavior is similar to the pam_cracklib module, but for non\-dictionary\-based checks\. The following checks are implemented: ++.PP ++\fBPalindrome\fR ++.RS 4 ++Verifies that the new password is not a palindrome of (i\.e\., the reverse of) the previous one\. ++.RE ++.PP ++\fBCase Change Only\fR ++.RS 4 ++Verifies that the new password isn\'t the same as the old one with a change of case\. ++.RE ++.PP ++\fBSimilar\fR ++.RS 4 ++Verifies that the new password isn\'t too much like the previous one\. ++.RE ++.PP ++\fBSimple\fR ++.RS 4 ++Is the new password too simple? This is based on the length of the password and the number of different types of characters (alpha, numeric, etc\.) used\. ++.RE ++.PP ++\fBRotated\fR ++.RS 4 ++Is the new password a rotated version of the old password? (E\.g\., "billy" and "illyb") ++.RE ++.sp ++.RE + .PP + Invalid arguments are logged with +-\fBsyslog\fR(3). ++\fBsyslog\fR(3)\. + .SH "MODULE SERVICES PROVIDED" + .PP +-All service are supported. ++All service are supported\. + .SH "RETURN VALUES" +-.TP 3n ++.PP + PAM_IGNORE +-Ignore this module. ++.RS 4 ++Ignore this module\. ++.RE + .SH "EXAMPLES" + .PP + An example usage for +-\fI/etc/pam.d/login\fR ++\fI/etc/pam\.d/login\fR + would be: + .sp +-.RS 3n ++.RS 4 + .nf + # Authenticate the user +-auth required pam_unix.so ++auth required pam_unix\.so + # Ensure users account and password are still active +-account required pam_unix.so ++account required pam_unix\.so + # Change the users password, but at first check the strength + # with pam_cracklib(8) +-password required pam_cracklib.so retry=3 minlen=6 difok=3 +-password required pam_unix.so use_authtok nullok md5 +-session required pam_unix.so ++password required pam_cracklib\.so retry=3 minlen=6 difok=3 ++password required pam_unix\.so use_authtok nullok md5 ++session required pam_unix\.so + + .fi + .RE +@@ -140,4 +208,4 @@ + \fBpam\fR(8) + .SH "AUTHOR" + .PP +-pam_unix was written by various people. ++pam_unix was written by various people\. +Index: Linux-PAM/modules/pam_unix/Makefile.am +=================================================================== +--- Linux-PAM/modules/pam_unix/Makefile.am.orig ++++ Linux-PAM/modules/pam_unix/Makefile.am +@@ -42,7 +42,7 @@ + + pam_unix_la_SOURCES = bigcrypt.c pam_unix_acct.c \ + pam_unix_auth.c pam_unix_passwd.c pam_unix_sess.c support.c \ +- yppasswd_xdr.c md5_good.c md5_broken.c ++ yppasswd_xdr.c md5_good.c md5_broken.c obscure.c + + bigcrypt_SOURCES = bigcrypt.c bigcrypt_main.c + bigcrypt_CFLAGS = $(AM_CFLAGS) +Index: Linux-PAM/modules/pam_unix/README +=================================================================== +--- Linux-PAM/modules/pam_unix/README.orig ++++ Linux-PAM/modules/pam_unix/README +@@ -119,6 +119,42 @@ + Ignore errors reading shadow inforation for users in the account management + module. + ++min=n ++ ++ Set a minimum password length of n characters. The default value is 6. ++ ++obscure ++ ++ Enable some extra checks on password strength. These checks are based on ++ the "obscure" checks in the original shadow package. The behavior is ++ similar to the pam_cracklib module, but for non-dictionary-based checks. ++ The following checks are implemented: ++ ++ Palindrome ++ ++ Verifies that the new password is not a palindrome of (i.e., the ++ reverse of) the previous one. ++ ++ Case Change Only ++ ++ Verifies that the new password isn't the same as the old one with a ++ change of case. ++ ++ Similar ++ ++ Verifies that the new password isn't too much like the previous one. ++ ++ Simple ++ ++ Is the new password too simple? This is based on the length of the ++ password and the number of different types of characters (alpha, ++ numeric, etc.) used. ++ ++ Rotated ++ ++ Is the new password a rotated version of the old password? (E.g., ++ "billy" and "illyb") ++ + Invalid arguments are logged with syslog(3). + + EXAMPLES +Index: Linux-PAM/modules/pam_unix/pam_unix_auth.c +=================================================================== +--- Linux-PAM/modules/pam_unix/pam_unix_auth.c.orig ++++ Linux-PAM/modules/pam_unix/pam_unix_auth.c +@@ -111,7 +111,7 @@ + + D(("called.")); + +- ctrl = _set_ctrl(pamh, flags, NULL, argc, argv); ++ ctrl = _set_ctrl(pamh, flags, NULL, NULL, argc, argv); + + /* Get a few bytes so we can pass our return value to + pam_sm_setcred(). */ +Index: Linux-PAM/modules/pam_unix/pam_unix_sess.c +=================================================================== +--- Linux-PAM/modules/pam_unix/pam_unix_sess.c.orig ++++ Linux-PAM/modules/pam_unix/pam_unix_sess.c +@@ -73,7 +73,7 @@ + + D(("called.")); + +- ctrl = _set_ctrl(pamh, flags, NULL, argc, argv); ++ ctrl = _set_ctrl(pamh, flags, NULL, NULL, argc, argv); + + retval = pam_get_item(pamh, PAM_USER, (void *) &user_name); + if (user_name == NULL || *user_name == '\0' || retval != PAM_SUCCESS) { +@@ -107,7 +107,7 @@ + + D(("called.")); + +- ctrl = _set_ctrl(pamh, flags, NULL, argc, argv); ++ ctrl = _set_ctrl(pamh, flags, NULL, NULL, argc, argv); + + retval = pam_get_item(pamh, PAM_USER, (void *) &user_name); + if (user_name == NULL || *user_name == '\0' || retval != PAM_SUCCESS) { diff --git a/debian/patches-applied/008_modules_pam_limits_chroot b/debian/patches-applied/008_modules_pam_limits_chroot new file mode 100644 index 00000000..b00ba90f --- /dev/null +++ b/debian/patches-applied/008_modules_pam_limits_chroot @@ -0,0 +1,346 @@ +Index: Linux-PAM/modules/pam_limits/pam_limits.c +=================================================================== +--- Linux-PAM/modules/pam_limits/pam_limits.c.orig ++++ Linux-PAM/modules/pam_limits/pam_limits.c +@@ -74,6 +74,7 @@ + int flag_numsyslogins; /* whether to limit logins only for a + specific user or to count all logins */ + int priority; /* the priority to run user process with */ ++ char chroot_dir[8092]; /* directory to chroot into */ + struct user_limits_struct limits[RLIM_NLIMITS]; + char conf_file[BUFSIZ]; + int utmp_after_pam_call; +@@ -84,6 +85,7 @@ + #define LIMIT_NUMSYSLOGINS RLIM_NLIMITS+2 + + #define LIMIT_PRI RLIM_NLIMITS+3 ++#define LIMIT_CHROOT RLIM_NLIMITS+4 + + #define LIMIT_SOFT 1 + #define LIMIT_HARD 2 +@@ -238,6 +240,8 @@ + pl->login_limit = -2; + pl->login_limit_def = LIMITS_DEF_NONE; + ++ pl->chroot_dir[0] = '\0'; ++ + return retval; + } + +@@ -306,6 +310,8 @@ + pl->flag_numsyslogins = 1; + } else if (strcmp(lim_item, "priority") == 0) { + limit_item = LIMIT_PRI; ++ } else if (strcmp(lim_item, "chroot") == 0) { ++ limit_item = LIMIT_CHROOT; + } else { + pam_syslog(pamh, LOG_DEBUG, "unknown limit item '%s'", lim_item); + return; +@@ -343,9 +349,9 @@ + pam_syslog(pamh, LOG_DEBUG, + "wrong limit value '%s' for limit type '%s'", + lim_value, lim_type); +- return; ++ return; + } +- } else { ++ } else if (limit_item != LIMIT_CHROOT) { + #ifdef __USE_FILE_OFFSET64 + rlimit_value = strtoull (lim_value, &endptr, 10); + #else +@@ -392,7 +398,9 @@ + break; + } + +- if ( (limit_item != LIMIT_LOGIN) ++ if (limit_item == LIMIT_CHROOT) ++ strncpy(pl->chroot_dir, value_orig, sizeof(pl->chroot_dir)); ++ else if ( (limit_item != LIMIT_LOGIN) + && (limit_item != LIMIT_NUMSYSLOGINS) + && (limit_item != LIMIT_PRI) ) { + if (limit_type & LIMIT_SOFT) { +@@ -590,6 +598,13 @@ + retval |= LOGIN_ERR; + } + ++ if (!retval && pl->chroot_dir[0]) { ++ i = chdir(pl->chroot_dir); ++ if (i == 0) ++ i = chroot(pl->chroot_dir); ++ if (i != 0) ++ retval = LIMIT_ERR; ++ } + return retval; + } + +Index: Linux-PAM/modules/pam_limits/limits.conf.5.xml +=================================================================== +--- Linux-PAM/modules/pam_limits/limits.conf.5.xml.orig ++++ Linux-PAM/modules/pam_limits/limits.conf.5.xml +@@ -223,6 +223,12 @@ + (Linux 2.6.12 and higher)</para> + </listitem> + </varlistentry> ++ <varlistentry> ++ <term><option>chroot</option></term> ++ <listitem> ++ <para>the directory to chroot the user to</para> ++ </listitem> ++ </varlistentry> + </variablelist> + </listitem> + </varlistentry> +Index: Linux-PAM/modules/pam_limits/limits.conf.5 +=================================================================== +--- Linux-PAM/modules/pam_limits/limits.conf.5.orig ++++ Linux-PAM/modules/pam_limits/limits.conf.5 +@@ -1,11 +1,11 @@ + .\" Title: limits.conf + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> +-.\" Date: 06/22/2006 +-.\" Manual: Linux\-PAM Manual +-.\" Source: Linux\-PAM Manual ++.\" Generator: DocBook XSL Stylesheets v1.72.0 <http://docbook.sf.net/> ++.\" Date: 08/19/2007 ++.\" Manual: Linux-PAM Manual ++.\" Source: Linux-PAM Manual + .\" +-.TH "LIMITS.CONF" "5" "06/22/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" ++.TH "LIMITS.CONF" "5" "08/19/2007" "Linux\-PAM Manual" "Linux\-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -23,38 +23,45 @@ + \fI<value>\fR + .PP + The fields listed above should be filled as follows: +-.TP 3n ++.PP + \fB<domain>\fR +-.RS 3n +-.TP 3n +-\(bu +-a username +-.TP 3n +-\(bu +-a groupname, with ++.RS 4 ++.sp ++.RS 4 ++\h'-04'\(bu\h'+03'a username ++.RE ++.sp ++.RS 4 ++\h'-04'\(bu\h'+03'a groupname, with + \fB@group\fR + syntax. This should not be confused with netgroups. +-.TP 3n +-\(bu +-the wildcard ++.RE ++.sp ++.RS 4 ++\h'-04'\(bu\h'+03'the wildcard + \fB*\fR, for default entry. +-.TP 3n +-\(bu +-the wildcard ++.RE ++.sp ++.RS 4 ++\h'-04'\(bu\h'+03'the wildcard + \fB%\fR, for maxlogins limit only, can also be used with + \fI%group\fR + syntax. + .RE +-.TP 3n ++.RE ++.PP + \fB<type>\fR +-.RS 3n +-.TP 3n ++.RS 4 ++.PP + \fBhard\fR ++.RS 4 + for enforcing + \fBhard\fR + resource limits. These limits are set by the superuser and enforced by the Kernel. The user cannot raise his requirement of system resources above such values. +-.TP 3n ++.RE ++.PP + \fBsoft\fR ++.RS 4 + for enforcing + \fBsoft\fR + resource limits. These limits are ones that the user can move up or down within the permitted range by any pre\-exisiting +@@ -62,8 +69,10 @@ + limits. The values specified with this token can be thought of as + \fIdefault\fR + values, for normal system usage. +-.TP 3n ++.RE ++.PP + \fB\-\fR ++.RS 4 + for enforcing both + \fBsoft\fR + and +@@ -72,65 +81,107 @@ + .sp + Note, if you specify a type of '\-' but neglect to supply the item and value fields then the module will never enforce any limits on the specified user/group etc. . + .RE +-.TP 3n ++.RE ++.PP + \fB<item>\fR +-.RS 3n +-.TP 3n ++.RS 4 ++.PP + \fBcore\fR ++.RS 4 + limits the core file size (KB) +-.TP 3n ++.RE ++.PP + \fBdata\fR ++.RS 4 + maximum data size (KB) +-.TP 3n ++.RE ++.PP + \fBfsize\fR ++.RS 4 + maximum filesize (KB) +-.TP 3n ++.RE ++.PP + \fBmemlock\fR ++.RS 4 + maximum locked\-in\-memory address space (KB) +-.TP 3n ++.RE ++.PP + \fBnofile\fR ++.RS 4 + maximum number of open files +-.TP 3n ++.RE ++.PP + \fBrss\fR ++.RS 4 + maximum resident set size (KB) +-.TP 3n ++.RE ++.PP + \fBstack\fR ++.RS 4 + maximum stack size (KB) +-.TP 3n ++.RE ++.PP + \fBcpu\fR ++.RS 4 + maximum CPU time (minutes) +-.TP 3n ++.RE ++.PP + \fBnproc\fR ++.RS 4 + maximum number of processes +-.TP 3n ++.RE ++.PP + \fBas\fR ++.RS 4 + address space limit +-.TP 3n ++.RE ++.PP + \fBmaxlogins\fR ++.RS 4 + maximum number of logins for this user +-.TP 3n ++.RE ++.PP + \fBmaxsyslogins\fR ++.RS 4 + maximum number of logins on system +-.TP 3n ++.RE ++.PP + \fBpriority\fR ++.RS 4 + the priority to run user process with (negative values boost process priority) +-.TP 3n ++.RE ++.PP + \fBlocks\fR ++.RS 4 + maximum locked files (Linux 2.4 and higher) +-.TP 3n ++.RE ++.PP + \fBsigpending\fR ++.RS 4 + maximum number of pending signals (Linux 2.6 and higher) +-.TP 3n ++.RE ++.PP + \fBmsqqueue\fR ++.RS 4 + maximum memory used by POSIX message queues (bytes) (Linux 2.6 and higher) +-.TP 3n ++.RE ++.PP + \fBnice\fR ++.RS 4 + maximum nice priority allowed to raise to (Linux 2.6.12 and higher) +-.TP 3n ++.RE ++.PP + \fBrtprio\fR ++.RS 4 + maximum realtime priority allowed for non\-privileged processes (Linux 2.6.12 and higher) + .RE + .PP ++\fBchroot\fR ++.RS 4 ++the directory to chroot the user to ++.RE ++.RE ++.PP + In general, individual limits have priority over group limits, so if you impose no limits for + \fIadmin\fR + group, but one of the members in this group have a limits line, the user will have its limits set according to this line. +@@ -149,7 +200,7 @@ + These are some example lines which might be specified in + \fI/etc/security/limits.conf\fR. + .sp +-.RS 3n ++.RS 4 + .nf + * soft core 0 + * hard rss 10000 +Index: Linux-PAM/modules/pam_limits/limits.conf +=================================================================== +--- Linux-PAM/modules/pam_limits/limits.conf.orig ++++ Linux-PAM/modules/pam_limits/limits.conf +@@ -35,6 +35,7 @@ + # - msgqueue - max memory used by POSIX message queues (bytes) + # - nice - max nice priority allowed to raise to + # - rtprio - max realtime priority ++# - chroot - change root to directory (Debian-specific) + # + #<domain> <type> <item> <value> + # +@@ -45,6 +46,7 @@ + #@faculty soft nproc 20 + #@faculty hard nproc 50 + #ftp hard nproc 0 ++#ftp - chroot /ftp + #@student - maxlogins 4 + + # End of file diff --git a/debian/patches-applied/015_hurd_portability b/debian/patches-applied/015_hurd_portability new file mode 100644 index 00000000..16510318 --- /dev/null +++ b/debian/patches-applied/015_hurd_portability @@ -0,0 +1,60 @@ +Patch from Debian bug #76119 +Authors: Igor Khavkine <i_khavki@alcor.concordia.ca> + +Upstream status: committed to CVS + +Index: Linux-PAM/configure.in +=================================================================== +--- Linux-PAM/configure.in.orig ++++ Linux-PAM/configure.in +@@ -389,7 +389,7 @@ + AC_HEADER_DIRENT + AC_HEADER_STDC + AC_HEADER_SYS_WAIT +-AC_CHECK_HEADERS(fcntl.h limits.h malloc.h sys/file.h sys/ioctl.h sys/time.h syslog.h termio.h unistd.h sys/fsuid.h inittypes.h) ++AC_CHECK_HEADERS(fcntl.h limits.h malloc.h sys/file.h sys/ioctl.h sys/time.h syslog.h net/if.h termio.h unistd.h sys/fsuid.h inittypes.h) + + AC_CHECK_HEADERS(crypt.h) + +Index: Linux-PAM/modules/pam_rhosts/pam_rhosts_auth.c +=================================================================== +--- Linux-PAM/modules/pam_rhosts/pam_rhosts_auth.c.orig ++++ Linux-PAM/modules/pam_rhosts/pam_rhosts_auth.c +@@ -64,11 +64,10 @@ + #include <sys/fsuid.h> + #endif /* HAVE_SYS_FSUID_H */ + #ifdef HAVE_NET_IF_H +-#include <sys/if.h> ++#include <net/if.h> + #endif + #include <sys/types.h> + #include <sys/uio.h> +-#include <net/if.h> + #include <netinet/in.h> + + #ifndef MAXDNAME +Index: Linux-PAM/modules/pam_limits/pam_limits.c +=================================================================== +--- Linux-PAM/modules/pam_limits/pam_limits.c.orig ++++ Linux-PAM/modules/pam_limits/pam_limits.c +@@ -280,8 +280,10 @@ + limit_item = RLIMIT_NOFILE; + else if (strcmp(lim_item, "memlock") == 0) + limit_item = RLIMIT_MEMLOCK; ++#ifdef RLIMIT_AS + else if (strcmp(lim_item, "as") == 0) + limit_item = RLIMIT_AS; ++#endif /*RLIMIT_AS*/ + #ifdef RLIMIT_LOCKS + else if (strcmp(lim_item, "locks") == 0) + limit_item = RLIMIT_LOCKS; +@@ -385,7 +387,9 @@ + case RLIMIT_CORE: + case RLIMIT_RSS: + case RLIMIT_MEMLOCK: ++#ifdef RLIMIT_AS + case RLIMIT_AS: ++#endif + if (rlimit_value != RLIM_INFINITY) + rlimit_value *= 1024; + break; diff --git a/debian/patches-applied/019_pam_listfile_quiet b/debian/patches-applied/019_pam_listfile_quiet new file mode 100644 index 00000000..113c9cfb --- /dev/null +++ b/debian/patches-applied/019_pam_listfile_quiet @@ -0,0 +1,235 @@ +Patch for Debian bug #84428 + +Support a 'quiet' option to pam_listfile, to reduce the logging output + +Authors: Ben Collins <bcollins@debian.org>, + Steve Langasek <vorlon@debian.org> + +Upstream status: committed to CVS + +Index: Linux-PAM/modules/pam_listfile/pam_listfile.c +=================================================================== +--- Linux-PAM/modules/pam_listfile/pam_listfile.c.orig ++++ Linux-PAM/modules/pam_listfile/pam_listfile.c +@@ -68,7 +68,7 @@ + pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { +- int retval, i, citem=0, extitem=0, onerr=PAM_SERVICE_ERR, sense=2; ++ int retval, i, citem=0, extitem=0, onerr=PAM_SERVICE_ERR, sense=2, quiet=0; + const void *void_citemp; + const char *citemp; + char *ifname=NULL; +@@ -155,6 +155,8 @@ + apply_type=APPLY_TYPE_USER; + strncpy(apply_val,myval,sizeof(apply_val)-1); + } ++ } else if (!strcmp(mybuf,"quiet")) { ++ quiet = 1; + } else { + free(ifname); + pam_syslog(pamh,LOG_ERR, "Unknown option: %s",mybuf); +@@ -399,8 +401,9 @@ + #endif + (void) pam_get_item(pamh, PAM_SERVICE, &service); + (void) pam_get_user(pamh, &user_name, NULL); +- pam_syslog (pamh, LOG_ALERT, "Refused user %s for service %s", +- user_name, (const char *)service); ++ if (!quiet) ++ pam_syslog (pamh, LOG_ALERT, "Refused user %s for service %s", ++ user_name, (const char *)service); + return PAM_AUTH_ERR; + } + } +Index: Linux-PAM/modules/pam_listfile/pam_listfile.8 +=================================================================== +--- Linux-PAM/modules/pam_listfile/pam_listfile.8.orig ++++ Linux-PAM/modules/pam_listfile/pam_listfile.8 +@@ -1,11 +1,11 @@ + .\" Title: pam_listfile + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> +-.\" Date: 06/22/2006 +-.\" Manual: Linux\-PAM Manual +-.\" Source: Linux\-PAM Manual ++.\" Generator: DocBook XSL Stylesheets v1.72.0 <http://docbook.sf.net/> ++.\" Date: 08/25/2007 ++.\" Manual: Linux-PAM Manual ++.\" Source: Linux-PAM Manual + .\" +-.TH "PAM_LISTFILE" "8" "06/22/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_LISTFILE" "8" "08/25/2007" "Linux\-PAM Manual" "Linux\-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -14,7 +14,7 @@ + pam_listfile \- deny or allow services based on an arbitrary file + .SH "SYNOPSIS" + .HP 16 +-\fBpam_listfile.so\fR item=[tty|user|rhost|ruser|group|shell] sense=[allow|deny] file=\fI/path/filename\fR onerr=[succeed|fail] [apply=[\fIuser\fR|\fI@group\fR]] ++\fBpam_listfile.so\fR item=[tty|user|rhost|ruser|group|shell] sense=[allow|deny] file=\fI/path/filename\fR onerr=[succeed|fail] [apply=[\fIuser\fR|\fI@group\fR]] [quiet] + .SH "DESCRIPTION" + .PP + pam_listfile is a PAM module which provides a way to deny or allow services based on an arbitrary file. +@@ -64,25 +64,40 @@ + No credentials are awarded by this module. + .SH "OPTIONS" + .PP +-.TP 3n ++.PP + \fBitem=[tty|user|rhost|ruser|group|shell]\fR ++.RS 4 + What is listed in the file and should be checked for. +-.TP 3n ++.RE ++.PP + \fBsense=[allow|deny]\fR ++.RS 4 + Action to take if found in file, if the item is NOT found in the file, then the opposite action is requested. +-.TP 3n ++.RE ++.PP + \fBfile=\fR\fB\fI/path/filename\fR\fR ++.RS 4 + File containing one item per line. The file needs to be a plain file and not world writeable. +-.TP 3n ++.RE ++.PP + \fBonerr=[succeed|fail]\fR ++.RS 4 + What to do if something weird happens like being unable to open the file. +-.TP 3n ++.RE ++.PP + \fBapply=[\fR\fB\fIuser\fR\fR\fB|\fR\fB\fI@group\fR\fR\fB]\fR ++.RS 4 + Restrict the user class for which the restriction apply. Note that with + \fBitem=[user|ruser|group]\fR + this oes not make sense, but for + \fBitem=[tty|rhost|shell]\fR + it have a meaning. ++.RE ++.PP ++\fBquiet\fR ++.RS 4 ++Do not treat service refusals or missing list files as errors that need to be logged. ++.RE + .SH "MODULE SERVICES PROVIDED" + .PP + The services +@@ -94,34 +109,44 @@ + are supported. + .SH "RETURN VALUES" + .PP +-.TP 3n ++.PP + PAM_AUTH_ERR ++.RS 4 + Authentication failure. +-.TP 3n ++.RE ++.PP + PAM_BUF_ERR ++.RS 4 + Memory buffer error. +-.TP 3n ++.RE ++.PP + PAM_IGNORE ++.RS 4 + The rule does not apply to the + \fBapply\fR + option. +-.TP 3n ++.RE ++.PP + PAM_SERVICE_ERR ++.RS 4 + Error in service module. +-.TP 3n ++.RE ++.PP + PAM_SUCCESS ++.RS 4 + Success. ++.RE + .SH "EXAMPLES" + .PP + Classic 'ftpusers' authentication can be implemented with this entry in + \fI/etc/pam.d/ftpd\fR: + .sp +-.RS 3n ++.RS 4 + .nf + # + # deny ftp\-access to users listed in the /etc/ftpusers file + # +-auth required pam_listfile.so \\ ++auth required pam_listfile.so \e + onerr=succeed item=user sense=deny file=/etc/ftpusers + + .fi +@@ -137,12 +162,12 @@ + \fI/etc/pam.d/login\fR + entry like this: + .sp +-.RS 3n ++.RS 4 + .nf + # + # permit login to users listed in /etc/loginusers + # +-auth required pam_listfile.so \\ ++auth required pam_listfile.so \e + onerr=fail item=user sense=allow file=/etc/loginusers + + .fi +Index: Linux-PAM/modules/pam_listfile/pam_listfile.8.xml +=================================================================== +--- Linux-PAM/modules/pam_listfile/pam_listfile.8.xml.orig ++++ Linux-PAM/modules/pam_listfile/pam_listfile.8.xml +@@ -33,6 +33,9 @@ + <arg choice="opt"> + apply=[<replaceable>user</replaceable>|<replaceable>@group</replaceable>] + </arg> ++ <arg choice="opt"> ++ quiet ++ </arg> + </cmdsynopsis> + </refsynopsisdiv> + +@@ -155,6 +158,18 @@ + </para> + </listitem> + </varlistentry> ++ ++ <varlistentry> ++ <term> ++ <option>quiet</option> ++ </term> ++ <listitem> ++ <para> ++ Do not treat service refusals or missing list files as ++ errors that need to be logged. ++ </para> ++ </listitem> ++ </varlistentry> + </variablelist> + + </para> +Index: Linux-PAM/modules/pam_listfile/README +=================================================================== +--- Linux-PAM/modules/pam_listfile/README.orig ++++ Linux-PAM/modules/pam_listfile/README +@@ -58,6 +58,11 @@ + item=[user|ruser|group] this oes not make sense, but for item=[tty|rhost| + shell] it have a meaning. + ++quiet ++ ++ Do not treat service refusals or missing list files as errors that need to ++ be logged. ++ + EXAMPLES + + Classic 'ftpusers' authentication can be implemented with this entry in /etc/ diff --git a/debian/patches-applied/021_nis_cleanup b/debian/patches-applied/021_nis_cleanup new file mode 100644 index 00000000..f3345052 --- /dev/null +++ b/debian/patches-applied/021_nis_cleanup @@ -0,0 +1,44 @@ +Patch from Philippe Troin <phil@fifi.org> + +Originally this included a bunch of changes to locking, but the more +recent code pulled from Linux_pam CVS seems to fix that issue. + +Index: Linux-PAM/modules/pam_unix/pam_unix_passwd.c +=================================================================== +--- Linux-PAM/modules/pam_unix/pam_unix_passwd.c.orig ++++ Linux-PAM/modules/pam_unix/pam_unix_passwd.c +@@ -1107,7 +1107,7 @@ + + if (_unix_blankpasswd(pamh, ctrl, user)) { + return PAM_SUCCESS; +- } else if (off(UNIX__IAMROOT, ctrl)) { ++ } else if (off(UNIX__IAMROOT, ctrl) || on(UNIX_NIS, ctrl)) { + /* instruct user what is happening */ + if (asprintf(&Announce, _("Changing password for %s."), + user) < 0) { +@@ -1120,7 +1120,9 @@ + set(UNIX__OLD_PASSWD, lctrl); + retval = _unix_read_password(pamh, lctrl + ,Announce +- ,_("(current) UNIX password: ") ++ ,(on(UNIX__IAMROOT, ctrl) ++ ? _("NIS server root password: ") ++ : _("(current) UNIX password: ")) + ,NULL + ,_UNIX_OLD_AUTHTOK + ,&pass_old); +@@ -1131,9 +1133,12 @@ + "password - (old) token not obtained"); + return retval; + } +- /* verify that this is the password for this user */ ++ /* verify that this is the password for this user ++ * if we're not using NIS */ + +- retval = _unix_verify_password(pamh, user, pass_old, ctrl); ++ if (off(UNIX_NIS, ctrl)) { ++ retval = _unix_verify_password(pamh, user, pass_old, ctrl); ++ } + } else { + D(("process run by root so do nothing this time around")); + pass_old = NULL; diff --git a/debian/patches-applied/022_pam_unix_group_time_miscfixes b/debian/patches-applied/022_pam_unix_group_time_miscfixes new file mode 100644 index 00000000..e96dd680 --- /dev/null +++ b/debian/patches-applied/022_pam_unix_group_time_miscfixes @@ -0,0 +1,39 @@ + * Add support for credential reinitialization in pam_group, closes: #108697 + * By default do complete matches not substring matches for pam_time. + You can include explicit wildcard for substring, closes: #66152 + +Index: Linux-PAM/modules/pam_time/pam_time.c +=================================================================== +--- Linux-PAM/modules/pam_time/pam_time.c.orig ++++ Linux-PAM/modules/pam_time/pam_time.c +@@ -324,7 +324,11 @@ + return FALSE; + } + } +- return ( !len ); ++ /* By this point we know that we didn't treat a * in b as a wildcard. ++ the only way we got done with the loop is if we consumed every ++ character in b. Thus the strings are equal if their ++ lengths are the same otherwise not equal. */ ++ return (strlen (a) == strlen (b)); + } + + typedef struct { +Index: Linux-PAM/modules/pam_group/pam_group.c +=================================================================== +--- Linux-PAM/modules/pam_group/pam_group.c.orig ++++ Linux-PAM/modules/pam_group/pam_group.c +@@ -758,9 +758,12 @@ + unsigned setting; + + /* only interested in establishing credentials */ ++ /* PAM docs say that an empty flag is to be treated as PAM_ESTABLISH_CRED. ++ Some people just pass PAM_SILENT, so cope with it, too. */ + + setting = flags; +- if (!(setting & (PAM_ESTABLISH_CRED | PAM_REINITIALIZE_CRED))) { ++ if (!(setting & (PAM_ESTABLISH_CRED | PAM_REINITIALIZE_CRED)) ++ && (setting != 0) && (setting != PAM_SILENT)) { + D(("ignoring call - not for establishing credentials")); + return PAM_SUCCESS; /* don't fail because of this */ + } diff --git a/debian/patches-applied/024_debian_cracklib_dict_path b/debian/patches-applied/024_debian_cracklib_dict_path new file mode 100644 index 00000000..229c87e8 --- /dev/null +++ b/debian/patches-applied/024_debian_cracklib_dict_path @@ -0,0 +1,86 @@ +Fix the cracklib autoconf check so that HAVE_CRACK_H gets defined. + +Don't copy around the cracklib dictpath into a fixed-width buffer, when +we can just point at the existing strings; and allow the means to +specify a default dictionary when no dictionary is specified in +pam.conf. + +Authors: Steve Langasek <vorlon@debian.org> + +Upstream status: committed to CVS + +Index: Linux-PAM/modules/pam_cracklib/pam_cracklib.c +=================================================================== +--- Linux-PAM/modules/pam_cracklib/pam_cracklib.c.orig ++++ Linux-PAM/modules/pam_cracklib/pam_cracklib.c +@@ -56,6 +56,10 @@ + extern char *FascistCheck(char *pw, const char *dictpath); + #endif + ++#ifndef CRACKLIB_DICTS ++#define CRACKLIB_DICTS NULL ++#endif ++ + /* For Translators: "%s%s" could be replaced with "<service> " or "". */ + #define PROMPT1 _("New %s%spassword: ") + /* For Translators: "%s%s" could be replaced with "<service> " or "". */ +@@ -94,7 +98,7 @@ + int oth_credit; + int use_authtok; + char prompt_type[BUFSIZ]; +- char cracklib_dictpath[PATH_MAX]; ++ char *cracklib_dictpath; + }; + + #define CO_RETRY_TIMES 1 +@@ -159,14 +163,15 @@ + } else if (!strncmp(*argv,"use_authtok",11)) { + opt->use_authtok = 1; + } else if (!strncmp(*argv,"dictpath=",9)) { +- strncpy(opt->cracklib_dictpath, *argv+9, +- sizeof(opt->cracklib_dictpath) - 1); ++ opt->cracklib_dictpath = *argv+9; ++ if (!*(opt->cracklib_dictpath)) { ++ opt->cracklib_dictpath = CRACKLIB_DICTS; ++ } + } else { + pam_syslog(pamh,LOG_ERR,"pam_parse: unknown option; %s",*argv); + } + } + opt->prompt_type[sizeof(opt->prompt_type) - 1] = '\0'; +- opt->cracklib_dictpath[sizeof(opt->cracklib_dictpath) - 1] = '\0'; + + return ctrl; + } +@@ -514,8 +519,7 @@ + options.use_authtok = CO_USE_AUTHTOK; + memset(options.prompt_type, 0, BUFSIZ); + strcpy(options.prompt_type,"UNIX"); +- memset(options.cracklib_dictpath, 0, +- sizeof (options.cracklib_dictpath)); ++ options.cracklib_dictpath = CRACKLIB_DICTS; + + ctrl = _pam_parse(pamh, &options, argc, argv); + +@@ -609,7 +613,7 @@ + const char *crack_msg; + + D(("against cracklib")); +- if ((crack_msg = FascistCheck(token1,options.cracklib_dictpath[0] == '\0'?NULL:options.cracklib_dictpath))) { ++ if ((crack_msg = FascistCheck(token1,options.cracklib_dictpath))) { + if (ctrl & PAM_DEBUG_ARG) + pam_syslog(pamh,LOG_DEBUG,"bad password: %s",crack_msg); + pam_error(pamh, _("BAD PASSWORD: %s"), crack_msg); +Index: Linux-PAM/configure.in +=================================================================== +--- Linux-PAM/configure.in.orig ++++ Linux-PAM/configure.in +@@ -312,7 +312,7 @@ + AC_HELP_STRING([--disable-cracklib],[do not use cracklib]), + WITH_CRACKLIB=$enableval, WITH_CRACKLIB=yes) + if test x"$WITH_CRACKLIB" != xno ; then +- AC_CHECK_HEADER([crack.h], ++ AC_CHECK_HEADERS([crack.h], + AC_CHECK_LIB([crack], [FascistCheck], LIBCRACK="-lcrack", LIBCRACK="")) + else + LIBCRACK="" diff --git a/debian/patches-applied/026_pam_unix_passwd_unknown_user b/debian/patches-applied/026_pam_unix_passwd_unknown_user new file mode 100644 index 00000000..bf4a4786 --- /dev/null +++ b/debian/patches-applied/026_pam_unix_passwd_unknown_user @@ -0,0 +1,67 @@ +Patch from Martin Schwenke <martin@meltin.net> + +Index: Linux-PAM/modules/pam_unix/pam_unix_passwd.c +=================================================================== +--- Linux-PAM/modules/pam_unix/pam_unix_passwd.c.orig ++++ Linux-PAM/modules/pam_unix/pam_unix_passwd.c +@@ -516,7 +516,7 @@ + struct passwd *tmpent = NULL; + struct stat st; + FILE *pwfile, *opwfile; +- int err = 1; ++ int err = 1, found = 0; + int oldmask; + + oldmask = umask(077); +@@ -584,6 +584,7 @@ + + tmpent->pw_passwd = assigned_passwd.charp; + err = 0; ++ found = 1; + } + if (putpwent(tmpent, pwfile)) { + D(("error writing entry to password file: %m")); +@@ -620,7 +621,7 @@ + return PAM_SUCCESS; + } else { + unlink(PW_TMPFILE); +- return PAM_AUTHTOK_ERR; ++ return found ? PAM_AUTHTOK_ERR : PAM_USER_UNKNOWN; + } + } + +@@ -629,7 +630,7 @@ + struct spwd *spwdent = NULL, *stmpent = NULL; + struct stat st; + FILE *pwfile, *opwfile; +- int err = 1; ++ int err = 1, found = 0; + int oldmask; + + spwdent = getspnam(forwho); +@@ -697,6 +698,7 @@ + stmpent->sp_pwdp = towhat; + stmpent->sp_lstchg = time(NULL) / (60 * 60 * 24); + err = 0; ++ found = 1; + D(("Set password %s for %s", stmpent->sp_pwdp, forwho)); + } + +@@ -738,7 +740,7 @@ + return PAM_SUCCESS; + } else { + unlink(SH_TMPFILE); +- return PAM_AUTHTOK_ERR; ++ return found ? PAM_AUTHTOK_ERR : PAM_USER_UNKNOWN; + } + } + +@@ -885,7 +887,7 @@ + int retval = PAM_SUCCESS; + + /* UNIX passwords area */ +- pwd = getpwnam(user); /* Get password file entry... */ ++ _unix_getpwnam(pamh, user, 1, 0, &pwd); /* Get password *file* entry... */ + if (pwd == NULL) + return PAM_AUTHINFO_UNAVAIL; /* We don't need to do the rest... */ + diff --git a/debian/patches-applied/027_pam_limits_better_init_allow_explicit_root b/debian/patches-applied/027_pam_limits_better_init_allow_explicit_root new file mode 100644 index 00000000..0145201d --- /dev/null +++ b/debian/patches-applied/027_pam_limits_better_init_allow_explicit_root @@ -0,0 +1,110 @@ +Allow explicit limits for root. +Also, remove limits on su. +Index: Linux-PAM/modules/pam_limits/pam_limits.c +=================================================================== +--- Linux-PAM/modules/pam_limits/pam_limits.c.orig ++++ Linux-PAM/modules/pam_limits/pam_limits.c +@@ -69,6 +69,7 @@ + + /* internal data */ + struct pam_limit_s { ++ int root; /* running as root? */ + int login_limit; /* the max logins limit */ + int login_limit_def; /* which entry set the login limit */ + int flag_numsyslogins; /* whether to limit logins only for a +@@ -219,6 +220,7 @@ + + D(("called.")); + ++ pl->root = 0; + for(i = 0; i < RLIM_NLIMITS; i++) { + int r = getrlimit(i, &pl->limits[i].limit); + if (r == -1) { +@@ -230,6 +232,38 @@ + pl->limits[i].supported = 1; + pl->limits[i].src_soft = LIMITS_DEF_NONE; + pl->limits[i].src_hard = LIMITS_DEF_NONE; ++ switch(i) { ++ case RLIMIT_CPU: ++ case RLIMIT_FSIZE: ++ case RLIMIT_DATA: ++ case RLIMIT_RSS: ++ case RLIMIT_NPROC: ++ case RLIMIT_NOFILE: ++ case RLIMIT_MEMLOCK: ++#ifdef RLIMIT_AS ++ case RLIMIT_AS: ++#endif ++#ifdef RLIMIT_LOCKS ++ case RLIMIT_LOCKS: ++#endif ++#ifdef RLIMIT_SIGPENDING ++ case RLIMIT_SIGPENDING: ++#endif ++#ifdef RLIMIT_MSGQUEUE ++ case RLIMIT_MSGQUEUE: ++#endif ++ pl->limits[i].limit.rlim_cur = RLIM_INFINITY; ++ pl->limits[i].limit.rlim_max = RLIM_INFINITY; ++ break; ++ case RLIMIT_CORE: ++ pl->limits[i].limit.rlim_cur = 0; ++ pl->limits[i].limit.rlim_max = RLIM_INFINITY; ++ break; ++ case RLIMIT_STACK: ++ pl->limits[i].limit.rlim_cur = 8192*1024; ++ pl->limits[i].limit.rlim_max = RLIM_INFINITY; ++ break; ++ } + } + } + +@@ -510,7 +544,7 @@ + if (i == 4) { /* a complete line */ + if (strcmp(uname, domain) == 0) /* this user have a limit */ + process_limit(pamh, LIMITS_DEF_USER, ltype, item, value, ctrl, pl); +- else if (domain[0]=='@') { ++ else if (domain[0]=='@' && !pl->root) { + if (ctrl & PAM_DEBUG_ARG) { + pam_syslog(pamh, LOG_DEBUG, + "checking if %s is in group %s", +@@ -519,7 +553,7 @@ + if (pam_modutil_user_in_group_nam_nam(pamh, uname, domain+1)) + process_limit(pamh, LIMITS_DEF_GROUP, ltype, item, value, ctrl, + pl); +- } else if (domain[0]=='%') { ++ } else if (domain[0]=='%' && !pl->root) { + if (ctrl & PAM_DEBUG_ARG) { + pam_syslog(pamh, LOG_DEBUG, + "checking if %s is in group %s", +@@ -533,7 +567,7 @@ + process_limit(pamh, LIMITS_DEF_ALLGROUP, ltype, item, value, ctrl, + pl); + } +- } else if (strcmp(domain, "*") == 0) ++ } else if (strcmp(domain, "*") == 0 && !pl->root) + process_limit(pamh, LIMITS_DEF_DEFAULT, ltype, item, value, ctrl, + pl); + } else if (i == 2 && ltype[0] == '-') { /* Probably a no-limit line */ +@@ -568,6 +602,12 @@ + int status; + int retval = LIMITED_OK; + ++ if (uid == 0) { ++ /* do not impose +ve priority limits on the superuser */ ++ if (pl->priority > 0) ++ pl->priority = 0; ++ } ++ + for (i=0, status=LIMITED_OK; i<RLIM_NLIMITS; i++) { + if (!pl->limits[i].supported) { + /* skip it if its not known to the system */ +@@ -648,6 +688,8 @@ + return PAM_ABORT; + } + ++ if (pwd->pw_uid == 0) ++ pl.root = 1; + retval = parse_config_file(pamh, pwd->pw_name, ctrl, &pl); + if (retval == PAM_IGNORE) { + D(("the configuration file has an applicable '<domain> -' entry")); diff --git a/debian/patches-applied/031_pam_include b/debian/patches-applied/031_pam_include new file mode 100644 index 00000000..e28415c4 --- /dev/null +++ b/debian/patches-applied/031_pam_include @@ -0,0 +1,58 @@ +Patch to implement an @include directive for use in pam.d config files. + +Authors: Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de> + +Upstream status: not yet submitted + +Index: pam/Linux-PAM/libpam/pam_handlers.c +=================================================================== +--- pam.orig/Linux-PAM/libpam/pam_handlers.c ++++ pam/Linux-PAM/libpam/pam_handlers.c +@@ -114,6 +114,10 @@ + module_type = PAM_T_ACCT; + } else if (!strcasecmp("password", tok)) { + module_type = PAM_T_PASS; ++ } else if (!strcasecmp("@include", tok)) { ++ pam_include = 1; ++ module_type = requested_module_type; ++ goto parsing_done; + } else { + /* Illegal module type */ + D(("_pam_init_handlers: bad module type: %s", tok)); +@@ -178,14 +182,33 @@ + _pam_set_default_control(actions, _PAM_ACTION_BAD); + } + ++parsing_done: + tok = _pam_StrTok(NULL, " \n\t", &nexttok); + if (pam_include) { +- if (_pam_load_conf_file(pamh, tok, this_service, module_type ++ struct stat include_dir; ++ if (tok[0] == '/') { ++ if (_pam_load_conf_file(pamh, tok, this_service, module_type + #ifdef PAM_READ_BOTH_CONFS +- , !other ++ , !other + #endif /* PAM_READ_BOTH_CONFS */ + ) == PAM_SUCCESS) +- continue; ++ continue; ++ } else if (!stat(PAM_CONFIG_D, &include_dir) && S_ISDIR(include_dir.st_mode)) { ++ char *include_file; ++ if (asprintf (&include_file, PAM_CONFIG_DF, tok) < 0) { ++ pam_syslog(pamh, LOG_CRIT, "asprintf failed"); ++ return PAM_ABORT; ++ } ++ if (_pam_load_conf_file(pamh, include_file, this_service, module_type ++#ifdef PAM_READ_BOTH_CONFS ++ , !other ++#endif /* PAM_READ_BOTH_CONFS */ ++ ) == PAM_SUCCESS) { ++ free(include_file); ++ continue; ++ } ++ free(include_file); ++ } + _pam_set_default_control(actions, _PAM_ACTION_BAD); + mod_path = NULL; + must_fail = 1; diff --git a/debian/patches-applied/032_pam_limits_EPERM_NOT_FATAL b/debian/patches-applied/032_pam_limits_EPERM_NOT_FATAL new file mode 100644 index 00000000..9baac8cf --- /dev/null +++ b/debian/patches-applied/032_pam_limits_EPERM_NOT_FATAL @@ -0,0 +1,33 @@ +setrlimit will sometimes return EPERM for example if youp try to +increase the number of open files too much. This is not something we +want to consider fatal. This also happens if you use non-root and +try to decrease a limit. Running PAM as non-root is not so great. + +Authors: ? + +Upstream status: submitted in <20070830171918.GB30563@dario.dodds.net> + +Index: Linux-PAM/modules/pam_limits/pam_limits.c +=================================================================== +--- Linux-PAM/modules/pam_limits/pam_limits.c.orig ++++ Linux-PAM/modules/pam_limits/pam_limits.c +@@ -609,6 +609,7 @@ + } + + for (i=0, status=LIMITED_OK; i<RLIM_NLIMITS; i++) { ++ int retval; + if (!pl->limits[i].supported) { + /* skip it if its not known to the system */ + continue; +@@ -620,7 +621,10 @@ + } + if (pl->limits[i].limit.rlim_cur > pl->limits[i].limit.rlim_max) + pl->limits[i].limit.rlim_cur = pl->limits[i].limit.rlim_max; +- status |= setrlimit(i, &pl->limits[i].limit); ++ retval = setrlimit(i, &pl->limits[i].limit); ++ if (retval == -1 && errno==EPERM) ++ continue; ++ status |= retval; + } + + if (status) { diff --git a/debian/patches-applied/036_pam_wheel_getlogin_considered_harmful b/debian/patches-applied/036_pam_wheel_getlogin_considered_harmful new file mode 100644 index 00000000..b95a677b --- /dev/null +++ b/debian/patches-applied/036_pam_wheel_getlogin_considered_harmful @@ -0,0 +1,251 @@ +Patch for Debian bug #163787 et al + +Always use the process uid, not getlogin(), to identify an applicant in +pam_wheel; utmp may be wrong or may have no entry at all in the case of +an xterm + +Authors: Ben Collins <bcollins@debian.org> + +Upstream status: submitted in <20070901175405.GA26092@dario.dodds.net> + +Index: Linux-PAM/modules/pam_wheel/pam_wheel.c +=================================================================== +--- Linux-PAM/modules/pam_wheel/pam_wheel.c.orig ++++ Linux-PAM/modules/pam_wheel/pam_wheel.c +@@ -60,9 +60,8 @@ + /* argument parsing */ + + #define PAM_DEBUG_ARG 0x0001 +-#define PAM_USE_UID_ARG 0x0002 +-#define PAM_TRUST_ARG 0x0004 +-#define PAM_DENY_ARG 0x0010 ++#define PAM_TRUST_ARG 0x0002 ++#define PAM_DENY_ARG 0x0004 + #define PAM_ROOT_ONLY_ARG 0x0020 + + static int +@@ -80,8 +79,7 @@ + + if (!strcmp(*argv,"debug")) + ctrl |= PAM_DEBUG_ARG; +- else if (!strcmp(*argv,"use_uid")) +- ctrl |= PAM_USE_UID_ARG; ++ else if (!strcmp(*argv,"use_uid")); /* ignored for compat. */ + else if (!strcmp(*argv,"trust")) + ctrl |= PAM_TRUST_ARG; + else if (!strcmp(*argv,"deny")) +@@ -129,27 +127,14 @@ + } + } + +- if (ctrl & PAM_USE_UID_ARG) { +- tpwd = pam_modutil_getpwuid (pamh, getuid()); +- if (!tpwd) { +- if (ctrl & PAM_DEBUG_ARG) { +- pam_syslog(pamh, LOG_NOTICE, "who is running me ?!"); +- } +- return PAM_SERVICE_ERR; +- } +- fromsu = tpwd->pw_name; +- } else { +- fromsu = pam_modutil_getlogin(pamh); +- if (fromsu) { +- tpwd = pam_modutil_getpwnam (pamh, fromsu); +- } +- if (!fromsu || !tpwd) { +- if (ctrl & PAM_DEBUG_ARG) { +- pam_syslog(pamh, LOG_NOTICE, "who is running me ?!"); +- } +- return PAM_SERVICE_ERR; ++ tpwd = pam_modutil_getpwuid (pamh, getuid()); ++ if (!tpwd) { ++ if (ctrl & PAM_DEBUG_ARG) { ++ pam_syslog(pamh, LOG_NOTICE, "who is running me ?!"); + } ++ return PAM_SERVICE_ERR; + } ++ fromsu = tpwd->pw_name; + + /* + * At this point fromsu = username-of-invoker; tpwd = pwd ptr for fromsu +Index: Linux-PAM/modules/pam_wheel/pam_wheel.8.xml +=================================================================== +--- Linux-PAM/modules/pam_wheel/pam_wheel.8.xml.orig ++++ Linux-PAM/modules/pam_wheel/pam_wheel.8.xml +@@ -33,9 +33,6 @@ + <arg choice="opt"> + trust + </arg> +- <arg choice="opt"> +- use_uid +- </arg> + </cmdsynopsis> + </refsynopsisdiv> + +@@ -115,18 +112,6 @@ + </para> + </listitem> + </varlistentry> +- <varlistentry> +- <term> +- <option>use_uid</option> +- </term> +- <listitem> +- <para> +- The check for wheel membership will be done against +- the current uid instead of the original one (useful when +- jumping with su from one account to another for example). +- </para> +- </listitem> +- </varlistentry> + </variablelist> + </refsect1> + +Index: Linux-PAM/modules/pam_wheel/pam_wheel.8 +=================================================================== +--- Linux-PAM/modules/pam_wheel/pam_wheel.8.orig ++++ Linux-PAM/modules/pam_wheel/pam_wheel.8 +@@ -1,11 +1,11 @@ + .\" Title: pam_wheel + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> +-.\" Date: 06/09/2006 +-.\" Manual: Linux\-PAM Manual +-.\" Source: Linux\-PAM Manual ++.\" Generator: DocBook XSL Stylesheets v1.72.0 <http://docbook.sf.net/> ++.\" Date: 08/19/2007 ++.\" Manual: Linux-PAM Manual ++.\" Source: Linux-PAM Manual + .\" +-.TH "PAM_WHEEL" "8" "06/09/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_WHEEL" "8" "08/19/2007" "Linux\-PAM Manual" "Linux\-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -14,7 +14,7 @@ + pam_wheel \- Only permit root access to members of group wheel + .SH "SYNOPSIS" + .HP 13 +-\fBpam_wheel.so\fR [debug] [deny] [group=\fIname\fR] [root_only] [trust] [use_uid] ++\fBpam_wheel.so\fR [debug] [deny] [group=\fIname\fR] [root_only] [trust] + .SH "DESCRIPTION" + .PP + The pam_wheel PAM module is used to enforce the so\-called +@@ -24,30 +24,37 @@ + group. If no group with this name exist, the module is using the group with the group\-ID + \fB0\fR. + .SH "OPTIONS" +-.TP 3n ++.PP + \fBdebug\fR ++.RS 4 + Print debug information. +-.TP 3n ++.RE ++.PP + \fBdeny\fR ++.RS 4 + Reverse the sense of the auth operation: if the user is trying to get UID 0 access and is a member of the wheel group (or the group of the + \fBgroup\fR + option), deny access. Conversely, if the user is not in the group, return PAM_IGNORE (unless + \fBtrust\fR + was also specified, in which case we return PAM_SUCCESS). +-.TP 3n ++.RE ++.PP + \fBgroup=\fR\fB\fIname\fR\fR ++.RS 4 + Instead of checking the wheel or GID 0 groups, use the + \fB\fIname\fR\fR + group to perform the authentication. +-.TP 3n ++.RE ++.PP + \fBroot_only\fR ++.RS 4 + The check for wheel membership is done only. +-.TP 3n ++.RE ++.PP + \fBtrust\fR ++.RS 4 + The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a member of the wheel group (thus with a little play stacking the modules the wheel members may be able to su to root without being prompted for a passwd). +-.TP 3n +-\fBuse_uid\fR +-The check for wheel membership will be done against the current uid instead of the original one (useful when jumping with su from one account to another for example). ++.RE + .SH "MODULE SERVICES PROVIDED" + .PP + The +@@ -56,32 +63,46 @@ + \fBaccount\fR + services are supported. + .SH "RETURN VALUES" +-.TP 3n ++.PP + PAM_AUTH_ERR ++.RS 4 + Authentication failure. +-.TP 3n ++.RE ++.PP + PAM_BUF_ERR ++.RS 4 + Memory buffer error. +-.TP 3n ++.RE ++.PP + PAM_IGNORE ++.RS 4 + The return value should be ignored by PAM dispatch. +-.TP 3n ++.RE ++.PP + PAM_PERM_DENY ++.RS 4 + Permission denied. +-.TP 3n ++.RE ++.PP + PAM_SERVICE_ERR ++.RS 4 + Cannot determine the user name. +-.TP 3n ++.RE ++.PP + PAM_SUCCESS ++.RS 4 + Success. +-.TP 3n ++.RE ++.PP + PAM_USER_UNKNOWN ++.RS 4 + User not known. ++.RE + .SH "EXAMPLES" + .PP + The root account gains access by default (rootok), only wheel members can become root (wheel) but Unix authenticate non\-root applicants. + .sp +-.RS 3n ++.RS 4 + .nf + su auth sufficient pam_rootok.so + su auth required pam_wheel.so +Index: Linux-PAM/modules/pam_wheel/README +=================================================================== +--- Linux-PAM/modules/pam_wheel/README.orig ++++ Linux-PAM/modules/pam_wheel/README +@@ -39,12 +39,6 @@ + modules the wheel members may be able to su to root without being prompted + for a passwd). + +-use_uid +- +- The check for wheel membership will be done against the current uid instead +- of the original one (useful when jumping with su from one account to +- another for example). +- + EXAMPLES + + The root account gains access by default (rootok), only wheel members can diff --git a/debian/patches-applied/038_support_hurd b/debian/patches-applied/038_support_hurd new file mode 100644 index 00000000..52e04327 --- /dev/null +++ b/debian/patches-applied/038_support_hurd @@ -0,0 +1,106 @@ +Prefer using getline() instead of a static buffer; makes pam_rhosts +portable to Hurd. + +Authors: Michal 'hramrach' Suchanek" <hramrach_l@centrum.cz>, + Steve Langasek <vorlon@debian.org> + +Upstream status: committed to CVS. + +Index: Linux-PAM/modules/pam_rhosts/pam_rhosts_auth.c +=================================================================== +--- Linux-PAM/modules/pam_rhosts/pam_rhosts_auth.c.orig ++++ Linux-PAM/modules/pam_rhosts/pam_rhosts_auth.c +@@ -293,7 +293,6 @@ + /* + luser is user entry from .rhosts/hosts.equiv file + ruser is user id on remote host +- rhost is the remote host name + */ + const void *user; + +@@ -348,11 +347,17 @@ + register const char *user; + register char *p; + int hcheck, ucheck; +- char buf[MAXHOSTNAMELEN + 128]; /* host + login */ ++ int retval = 1; ++#ifdef HAVE_GETLINE ++ char *buf=NULL; ++ size_t buflen=0; + +- buf[sizeof (buf)-1] = '\0'; /* terminate line */ ++ while (getline(&buf,&buflen,hostf) > 0) { ++#else ++ char buf[MAXHOSTNAMELEN + 128]; /* host + login */ + + while (fgets(buf, sizeof(buf), hostf) != NULL) { /* hostf file line */ ++#endif + p = buf; /* from beginning of file.. */ + + /* Skip empty or comment lines */ +@@ -401,7 +406,7 @@ + hcheck=__icheckhost(pamh, opts, raddr, buf, rhost); + + if (hcheck<0) +- return(1); ++ break; + + if (hcheck) { + /* Then check user part */ +@@ -411,18 +416,23 @@ + ucheck=__icheckuser(pamh, opts, user, ruser); + + /* Positive 'host user' match? */ +- if (ucheck>0) +- return(0); ++ if (ucheck>0) { ++ retval = 0; ++ break; ++ } + + /* Negative 'host -user' match? */ + if (ucheck<0) +- return(1); ++ break; + + /* Neither, go on looking for match */ + } + } ++#ifdef HAVE_GETLINE ++ if(buf)free(buf); ++#endif + +- return (1); ++ return retval; + } + + /* +Index: Linux-PAM/modules/pam_limits/pam_limits.c +=================================================================== +--- Linux-PAM/modules/pam_limits/pam_limits.c.orig ++++ Linux-PAM/modules/pam_limits/pam_limits.c +@@ -14,7 +14,7 @@ + */ + + #if !defined(linux) && !defined(__linux) +-#error THIS CODE IS KNOWN TO WORK ONLY ON LINUX !!! ++#warning THIS CODE IS KNOWN TO WORK ONLY ON LINUX !!! + #endif + + #include "config.h" +Index: Linux-PAM/modules/pam_xauth/pam_xauth.c +=================================================================== +--- Linux-PAM/modules/pam_xauth/pam_xauth.c.orig ++++ Linux-PAM/modules/pam_xauth/pam_xauth.c +@@ -63,6 +63,11 @@ + #define XAUTHDEF ".Xauthority" + #define XAUTHTMP ".xauthXXXXXX" + ++/* Hurd compatibility */ ++#ifndef PATH_MAX ++#define PATH_MAX 4096 ++#endif ++ + /* Possible paths to xauth executable */ + static const char * const xauthpaths[] = { + #ifdef PAM_PATH_XAUTH diff --git a/debian/patches-applied/040_pam_limits_log_failure b/debian/patches-applied/040_pam_limits_log_failure new file mode 100644 index 00000000..0826104d --- /dev/null +++ b/debian/patches-applied/040_pam_limits_log_failure @@ -0,0 +1,33 @@ +Patch for Debian bug #180310 + +Generate some (low-severity) log information whenever setrlimit() fails, +for debugging purposes. + +Authors: Sam Hartman <hartmans@debian.org> + +Upstream status: submitted in <20070830171918.GB30563@dario.dodds.net> + +Index: Linux-PAM/modules/pam_limits/pam_limits.c +=================================================================== +--- Linux-PAM/modules/pam_limits/pam_limits.c.orig ++++ Linux-PAM/modules/pam_limits/pam_limits.c +@@ -622,6 +622,19 @@ + if (pl->limits[i].limit.rlim_cur > pl->limits[i].limit.rlim_max) + pl->limits[i].limit.rlim_cur = pl->limits[i].limit.rlim_max; + retval = setrlimit(i, &pl->limits[i].limit); ++ if (retval != 0 && (i != RLIMIT_NOFILE ++ || pl->limits[i].limit.rlim_cur != RLIM_INFINITY)) ++ { ++ int save_errno = errno; ++ pam_syslog(pamh, LOG_DEBUG, ++ "setrlimit limit #%d to soft=%d, hard=%d failed:" ++ " %m; uid=%lu,euid=%lu", i, ++ pl->limits[i].limit.rlim_cur, ++ pl->limits[i].limit.rlim_max, ++ (unsigned long) getuid(), ++ (unsigned long) geteuid()); ++ errno = save_errno; ++ } + if (retval == -1 && errno==EPERM) + continue; + status |= retval; diff --git a/debian/patches-applied/043_pam_unix_unknown_user_not_alert b/debian/patches-applied/043_pam_unix_unknown_user_not_alert new file mode 100644 index 00000000..1aafc4f6 --- /dev/null +++ b/debian/patches-applied/043_pam_unix_unknown_user_not_alert @@ -0,0 +1,41 @@ +Patch for Debian bugs #95220, #175900 + +A wrong username doesn't need to be logged as an 'alert', a 'warning' +should be sufficient. + +Authors: Sam Hartman <hartmans@debian.org> + +Upstream status: committed to CVS + +Index: Linux-PAM/modules/pam_unix/support.c +=================================================================== +--- Linux-PAM/modules/pam_unix/support.c.orig ++++ Linux-PAM/modules/pam_unix/support.c +@@ -675,12 +675,12 @@ + if (on(UNIX_AUDIT, ctrl)) { + /* this might be a typo and the user has given a password + instead of a username. Careful with this. */ +- pam_syslog(pamh, LOG_ALERT, ++ pam_syslog(pamh, LOG_WARNING, + "check pass; user (%s) unknown", name); + } else { + name = NULL; + if (on(UNIX_DEBUG, ctrl) || pwd == NULL) { +- pam_syslog(pamh, LOG_ALERT, ++ pam_syslog(pamh, LOG_WARNING, + "check pass; user unknown"); + } else { + /* don't log failure as another pam module can succeed */ +Index: Linux-PAM/modules/pam_unix/unix_chkpwd.c +=================================================================== +--- Linux-PAM/modules/pam_unix/unix_chkpwd.c.orig ++++ Linux-PAM/modules/pam_unix/unix_chkpwd.c +@@ -179,7 +179,7 @@ + } + } + if (pwd == NULL || salt == NULL) { +- _log_err(LOG_ALERT, "check pass; user unknown"); ++ _log_err(LOG_WARNING, "check pass; user unknown"); + p = NULL; + return PAM_USER_UNKNOWN; + } diff --git a/debian/patches-applied/045_pam_dispatch_jump_is_ignore b/debian/patches-applied/045_pam_dispatch_jump_is_ignore new file mode 100644 index 00000000..01d67d41 --- /dev/null +++ b/debian/patches-applied/045_pam_dispatch_jump_is_ignore @@ -0,0 +1,31 @@ + +Previously jumps were treated as PAM_IGNORE in the freezing part of +the chain and PAM_OK (aka required) in the frozen part of the chain. +No one on pam-list was able to explain this behavior, so I changed it +to be consistent. + +Index: Linux-PAM/libpam/pam_dispatch.c +=================================================================== +--- Linux-PAM/libpam/pam_dispatch.c.orig ++++ Linux-PAM/libpam/pam_dispatch.c +@@ -229,19 +229,7 @@ + if ( _PAM_ACTION_IS_JUMP(action) ) { + + /* If we are evaluating a cached chain, we treat this +- module as required (aka _PAM_ACTION_OK) as well as +- executing the jump. */ +- +- if (use_cached_chain) { +- if (impression == _PAM_UNDEF +- || (impression == _PAM_POSITIVE +- && status == PAM_SUCCESS) ) { +- if ( retval != PAM_IGNORE || cached_retval == retval ) { +- impression = _PAM_POSITIVE; +- status = retval; +- } +- } +- } ++ module as ignored as well as executing the jump. */ + + /* this means that we need to skip #action stacked modules */ + do { diff --git a/debian/patches-applied/046_pam_group_example b/debian/patches-applied/046_pam_group_example new file mode 100644 index 00000000..c885c822 --- /dev/null +++ b/debian/patches-applied/046_pam_group_example @@ -0,0 +1,27 @@ +Patch for Debian bug #197080 + +Don't use the 'games' group as an example in group.conf, this is a +potential security hole. + +Authors: Peter Cordes <peter@llama.nslug.ns.ca> + +Upstream status: committed to CVS + +Index: Linux-PAM/modules/pam_group/group.conf +=================================================================== +--- Linux-PAM/modules/pam_group/group.conf.orig ++++ Linux-PAM/modules/pam_group/group.conf +@@ -88,10 +88,11 @@ + # + # another example: running 'xsh' on tty* (any ttyXXX device), + # the user 'sword' is given access to games (through membership of +-# the floppy group) after work hours ++# the sound and play group) after work hours. (The games group owns ++# high-score files and so on, so don't ever give users access to it.) + # + +-#xsh; tty* ;sword;!Wk0900-1800;games, sound ++#xsh; tty* ;sword;!Wk0900-1800;sound, play + #xsh; tty* ;*;Al0900-1800;floppy + + # diff --git a/debian/patches-applied/049_pam_unix_sane_locking b/debian/patches-applied/049_pam_unix_sane_locking new file mode 100644 index 00000000..3baced2f --- /dev/null +++ b/debian/patches-applied/049_pam_unix_sane_locking @@ -0,0 +1,150 @@ +Delta from 1.12 to 1.13 from Linux-PAM pam_unix_passwd.c +made to work with our changes. Not sure this is actually relevant, as +other changes seem to have been made upstream. This patch was +specifically reverted in upstream CVS revision 1.18 as introducing a +"race". + +Index: Linux-PAM/modules/pam_unix/pam_unix_passwd.c +=================================================================== +--- Linux-PAM/modules/pam_unix/pam_unix_passwd.c.orig ++++ Linux-PAM/modules/pam_unix/pam_unix_passwd.c +@@ -749,8 +749,7 @@ + char *towhat, unsigned int ctrl, int remember) + { + struct passwd *pwd = NULL; +- int retval = 0; +- int unlocked = 0; ++ int retval = 0, i = 0; + char *master = NULL; + + D(("called")); +@@ -770,12 +769,6 @@ + int status; + enum clnt_stat err; + +- /* Unlock passwd file to avoid deadlock */ +-#ifdef USE_LCKPWDF +- ulckpwdf(); +-#endif +- unlocked = 1; +- + /* Initialize password information */ + yppwd.newpw.pw_passwd = pwd->pw_passwd; + yppwd.newpw.pw_name = pwd->pw_name; +@@ -833,29 +826,28 @@ + } + + if (_unix_comesfromsource(pamh, forwho, 1, 0)) { +-#ifdef USE_LCKPWDF +- if(unlocked) { +- int i = 0; +- /* These values for the number of attempts and the sleep time +- are, of course, completely arbitrary. +- My reading of the PAM docs is that, once pam_chauthtok() has been +- called with PAM_UPDATE_AUTHTOK, we are obliged to take any +- reasonable steps to make sure the token is updated; so retrying +- for 1/10 sec. isn't overdoing it. */ +- while((retval = lckpwdf()) != 0 && i < 100) { +- usleep(1000); +- i++; +- } +- if(retval != 0) { +- return PAM_AUTHTOK_LOCK_BUSY; +- } +- } +-#endif + /* first, save old password */ + if (save_old_password(pamh, forwho, fromwhat, remember)) { + retval = PAM_AUTHTOK_ERR; + goto done; + } ++ ++#ifdef USE_LCKPWDF ++ /* These values for the number of attempts and the sleep time ++ are, of course, completely arbitrary. ++ My reading of the PAM docs is that, once pam_chauthtok() has been ++ called with PAM_UPDATE_AUTHTOK, we are obliged to take any ++ reasonable steps to make sure the token is updated; so retrying ++ for 1/10 sec. isn't overdoing it. */ ++ while((retval = lckpwdf()) != 0 && i < 100) { ++ usleep(1000); ++ i++; ++ } ++ if(retval != 0) { ++ retval = PAM_AUTHTOK_LOCK_BUSY; ++ goto done; ++ } ++#endif + if (on(UNIX_SHADOW, ctrl) || _unix_shadowed(pwd)) { + retval = _update_shadow(pamh, forwho, towhat); + #ifdef WITH_SELINUX +@@ -1024,7 +1016,7 @@ + int argc, const char **argv) + { + unsigned int ctrl, lctrl; +- int retval, i; ++ int retval; + int remember = -1; + + /* <DO NOT free() THESE> */ +@@ -1255,30 +1247,11 @@ + pass_new = pass_old = NULL; /* tidy up */ + return retval; + } +-#ifdef USE_LCKPWDF +- /* These values for the number of attempts and the sleep time +- are, of course, completely arbitrary. +- My reading of the PAM docs is that, once pam_chauthtok() has been +- called with PAM_UPDATE_AUTHTOK, we are obliged to take any +- reasonable steps to make sure the token is updated; so retrying +- for 1/10 sec. isn't overdoing it. */ +- i=0; +- while((retval = lckpwdf()) != 0 && i < 100) { +- usleep(1000); +- i++; +- } +- if(retval != 0) { +- return PAM_AUTHTOK_LOCK_BUSY; +- } +-#endif + + if (pass_old) { + retval = _unix_verify_password(pamh, user, pass_old, ctrl); + if (retval != PAM_SUCCESS) { + pam_syslog(pamh, LOG_NOTICE, "user password changed by another process"); +-#ifdef USE_LCKPWDF +- ulckpwdf(); +-#endif + return retval; + } + } +@@ -1286,9 +1259,6 @@ + retval = _unix_verify_shadow(pamh, user, ctrl); + if (retval != PAM_SUCCESS) { + pam_syslog(pamh, LOG_NOTICE, "user not authenticated 2"); +-#ifdef USE_LCKPWDF +- ulckpwdf(); +-#endif + return retval; + } + +@@ -1297,9 +1267,6 @@ + pam_syslog(pamh, LOG_NOTICE, + "new password not acceptable 2"); + pass_new = pass_old = NULL; /* tidy up */ +-#ifdef USE_LCKPWDF +- ulckpwdf(); +-#endif + return retval; + } + +@@ -1341,9 +1308,6 @@ + pam_syslog(pamh, LOG_CRIT, + "out of memory for password"); + pass_new = pass_old = NULL; /* tidy up */ +-#ifdef USE_LCKPWDF +- ulckpwdf(); +-#endif + return PAM_BUF_ERR; + } + /* copy first 8 bytes of password */ diff --git a/debian/patches-applied/054_pam_security_abstract_securetty_handling b/debian/patches-applied/054_pam_security_abstract_securetty_handling new file mode 100644 index 00000000..ba09cb9f --- /dev/null +++ b/debian/patches-applied/054_pam_security_abstract_securetty_handling @@ -0,0 +1,215 @@ +Index: Linux-PAM/modules/pam_securetty/pam_securetty.c +=================================================================== +--- Linux-PAM/modules/pam_securetty/pam_securetty.c.orig ++++ Linux-PAM/modules/pam_securetty/pam_securetty.c +@@ -1,8 +1,5 @@ + /* pam_securetty module */ + +-#define SECURETTY_FILE "/etc/securetty" +-#define TTY_PREFIX "/dev/" +- + /* + * by Elliot Lee <sopwith@redhat.com>, Red Hat Software. + * July 25, 1996. +@@ -37,6 +34,9 @@ + #include <security/pam_modutil.h> + #include <security/pam_ext.h> + ++extern int _pammodutil_tty_secure(const pam_handle_t *pamh, ++ const char *uttyname); ++ + #define PAM_DEBUG_ARG 0x0001 + + static int +@@ -67,11 +67,7 @@ + const char *username; + const char *uttyname; + const void *void_uttyname; +- char ttyfileline[256]; +- char ptname[256]; +- struct stat ttyfileinfo; + struct passwd *user_pwd; +- FILE *ttyfile; + + /* log a trail for debugging */ + if (ctrl & PAM_DEBUG_ARG) { +@@ -101,63 +97,10 @@ + return PAM_SERVICE_ERR; + } + +- /* The PAM_TTY item may be prefixed with "/dev/" - skip that */ +- if (strncmp(TTY_PREFIX, uttyname, sizeof(TTY_PREFIX)-1) == 0) { +- uttyname += sizeof(TTY_PREFIX)-1; +- } +- +- if (stat(SECURETTY_FILE, &ttyfileinfo)) { +- pam_syslog(pamh, LOG_NOTICE, "Couldn't open %s: %m", SECURETTY_FILE); +- return PAM_SUCCESS; /* for compatibility with old securetty handling, +- this needs to succeed. But we still log the +- error. */ +- } +- +- if ((ttyfileinfo.st_mode & S_IWOTH) || !S_ISREG(ttyfileinfo.st_mode)) { +- /* If the file is world writable or is not a +- normal file, return error */ +- pam_syslog(pamh, LOG_ERR, +- "%s is either world writable or not a normal file", +- SECURETTY_FILE); +- return PAM_AUTH_ERR; +- } +- +- ttyfile = fopen(SECURETTY_FILE,"r"); +- if (ttyfile == NULL) { /* Check that we opened it successfully */ +- pam_syslog(pamh, LOG_ERR, "Error opening %s: %m", SECURETTY_FILE); +- return PAM_SERVICE_ERR; +- } +- +- if (isdigit(uttyname[0])) { +- snprintf(ptname, sizeof(ptname), "pts/%s", uttyname); +- } else { +- ptname[0] = '\0'; +- } +- +- retval = 1; +- +- while ((fgets(ttyfileline, sizeof(ttyfileline)-1, ttyfile) != NULL) +- && retval) { +- if (ttyfileline[strlen(ttyfileline) - 1] == '\n') +- ttyfileline[strlen(ttyfileline) - 1] = '\0'; +- +- retval = ( strcmp(ttyfileline, uttyname) +- && (!ptname[0] || strcmp(ptname, uttyname)) ); +- } +- fclose(ttyfile); +- +- if (retval) { +- pam_syslog(pamh, LOG_WARNING, "access denied: tty '%s' is not secure !", +- uttyname); +- +- retval = PAM_AUTH_ERR; +- } else { +- if ((retval == PAM_SUCCESS) && (ctrl & PAM_DEBUG_ARG)) { +- pam_syslog(pamh, LOG_DEBUG, "access allowed for '%s' on '%s'", +- username, uttyname); +- } +- retval = PAM_SUCCESS; +- ++ retval = _pammodutil_tty_secure(pamh, uttyname); ++ if ((retval == PAM_SUCCESS) && (ctrl & PAM_DEBUG_ARG)) { ++ pam_syslog(pamh, LOG_DEBUG, "access allowed for '%s' on '%s'", ++ username, uttyname); + } + + return retval; +Index: Linux-PAM/modules/pam_securetty/tty_secure.c +=================================================================== +--- /dev/null ++++ Linux-PAM/modules/pam_securetty/tty_secure.c +@@ -0,0 +1,92 @@ ++/* ++ * A function to determine if a particular line is in /etc/securetty ++ */ ++ ++ ++#define SECURETTY_FILE "/etc/securetty" ++#define TTY_PREFIX "/dev/" ++ ++/* This function taken out of pam_securetty by Sam Hartman ++ * <hartmans@debian.org>*/ ++/* ++ * by Elliot Lee <sopwith@redhat.com>, Red Hat Software. ++ * July 25, 1996. ++ * Slight modifications AGM. 1996/12/3 ++ */ ++ ++#include <unistd.h> ++#include <sys/types.h> ++#include <sys/stat.h> ++#include <security/pam_modules.h> ++#include <stdarg.h> ++#include <syslog.h> ++#include <sys/syslog.h> ++#include <stdio.h> ++#include <string.h> ++#include <stdlib.h> ++#include <ctype.h> ++#include <security/pam_modutil.h> ++#include <security/pam_ext.h> ++ ++extern int _pammodutil_tty_secure(const pam_handle_t *pamh, ++ const char *uttyname); ++ ++int _pammodutil_tty_secure(const pam_handle_t *pamh, const char *uttyname) ++{ ++ int retval = PAM_AUTH_ERR; ++ char ttyfileline[256]; ++ char ptname[256]; ++ struct stat ttyfileinfo; ++ FILE *ttyfile; ++ /* The PAM_TTY item may be prefixed with "/dev/" - skip that */ ++ if (strncmp(TTY_PREFIX, uttyname, sizeof(TTY_PREFIX)-1) == 0) ++ uttyname += sizeof(TTY_PREFIX)-1; ++ ++ if (stat(SECURETTY_FILE, &ttyfileinfo)) { ++ pam_syslog(pamh, LOG_NOTICE, "Couldn't open %s: %m", ++ SECURETTY_FILE); ++ return PAM_SUCCESS; /* for compatibility with old securetty handling, ++ this needs to succeed. But we still log the ++ error. */ ++ } ++ ++ if ((ttyfileinfo.st_mode & S_IWOTH) || !S_ISREG(ttyfileinfo.st_mode)) { ++ /* If the file is world writable or is not a ++ normal file, return error */ ++ pam_syslog(pamh, LOG_ERR, ++ "%s is either world writable or not a normal file", ++ SECURETTY_FILE); ++ return PAM_AUTH_ERR; ++ } ++ ++ ttyfile = fopen(SECURETTY_FILE,"r"); ++ if(ttyfile == NULL) { /* Check that we opened it successfully */ ++ pam_syslog(pamh, LOG_ERR, "Error opening %s: %m", SECURETTY_FILE); ++ return PAM_SERVICE_ERR; ++ } ++ ++ if (isdigit(uttyname[0])) { ++ snprintf(ptname, sizeof(ptname), "pts/%s", uttyname); ++ } else { ++ ptname[0] = '\0'; ++ } ++ ++ retval = 1; ++ ++ while ((fgets(ttyfileline,sizeof(ttyfileline)-1, ttyfile) != NULL) ++ && retval) { ++ if(ttyfileline[strlen(ttyfileline) - 1] == '\n') ++ ttyfileline[strlen(ttyfileline) - 1] = '\0'; ++ retval = ( strcmp(ttyfileline,uttyname) ++ && (!ptname[0] || strcmp(ptname, uttyname)) ); ++ } ++ fclose(ttyfile); ++ ++ if(retval) { ++ pam_syslog(pamh, LOG_WARNING, "access denied: tty '%s' is not secure !", ++ uttyname); ++ retval = PAM_AUTH_ERR; ++ } ++ ++ return retval; ++} +Index: Linux-PAM/modules/pam_securetty/Makefile.am +=================================================================== +--- Linux-PAM/modules/pam_securetty/Makefile.am.orig ++++ Linux-PAM/modules/pam_securetty/Makefile.am +@@ -23,6 +23,10 @@ + + securelib_LTLIBRARIES = pam_securetty.la + ++pam_securetty_la_SOURCES = \ ++ pam_securetty.c \ ++ tty_secure.c ++ + if ENABLE_REGENERATE_MAN + noinst_DATA = README + README: pam_securetty.8.xml diff --git a/debian/patches-applied/055_pam_unix_nullok_secure b/debian/patches-applied/055_pam_unix_nullok_secure new file mode 100644 index 00000000..98e1909d --- /dev/null +++ b/debian/patches-applied/055_pam_unix_nullok_secure @@ -0,0 +1,196 @@ +Debian patch to add a new 'nullok_secure' option to pam_unix, which +accepts users with null passwords only when the applicant is connected +from a tty listed in /etc/securetty. + +Authors: Sam Hartman <hartmans@debian.org>, + Steve Langasek <vorlon@debian.org> + +Upstream status: not yet submitted + +Index: Linux-PAM/modules/pam_unix/support.c +=================================================================== +--- Linux-PAM/modules/pam_unix/support.c.orig ++++ Linux-PAM/modules/pam_unix/support.c +@@ -87,15 +87,22 @@ + /* now parse the arguments to this module */ + + while (argc-- > 0) { +- int j; ++ int j, sl; + + D(("pam_unix arg: %s", *argv)); + + for (j = 0; j < UNIX_CTRLS_; ++j) { +- if (unix_args[j].token +- && !strncmp(*argv, unix_args[j].token, strlen(unix_args[j].token))) +- { +- break; ++ if (unix_args[j].token) { ++ sl = strlen(unix_args[j].token); ++ if (unix_args[j].token[sl-1] == '=') { ++ /* exclude argument from comparison */ ++ if (!strncmp(*argv, unix_args[j].token, sl)) ++ break; ++ } else { ++ /* compare full strings */ ++ if (!strcmp(*argv, unix_args[j].token)) ++ break; ++ } + } + } + +@@ -472,6 +479,17 @@ + if (salt) + _pam_delete(salt); + ++ if ((retval == 1) && on(UNIX_NULLOK_SECURE, ctrl)) { ++ int retval2; ++ const void *uttyname; ++ retval2 = pam_get_item(pamh, PAM_TTY, &uttyname); ++ if (retval2 != PAM_SUCCESS || uttyname == NULL) ++ return 0; ++ ++ if (_pammodutil_tty_secure(pamh, (const char *)uttyname) != PAM_SUCCESS) ++ return 0; ++ } ++ + return retval; + } + +@@ -692,7 +710,7 @@ + int salt_len = strlen(salt); + if (!salt_len) { + /* the stored password is NULL */ +- if (off(UNIX__NONULL, ctrl)) {/* this means we've succeeded */ ++ if (_unix_blankpasswd(pamh, ctrl, name)) {/* this means we've succeeded */ + D(("user has empty password - access granted")); + retval = PAM_SUCCESS; + } else { +Index: Linux-PAM/modules/pam_unix/support.h +=================================================================== +--- Linux-PAM/modules/pam_unix/support.h.orig ++++ Linux-PAM/modules/pam_unix/support.h +@@ -87,8 +87,9 @@ + #define UNIX_MAX_PASS_LEN 23 /* internal, for compatibility only */ + #define UNIX_MIN_PASS_LEN 24 /* Min length for password */ + #define UNIX_OBSCURE_CHECKS 25 /* enable obscure checks on passwords */ ++#define UNIX_NULLOK_SECURE 26 /* NULL passwords allowed only on secure ttys */ + /* -------------- */ +-#define UNIX_CTRLS_ 26 /* number of ctrl arguments defined */ ++#define UNIX_CTRLS_ 27 /* number of ctrl arguments defined */ + + + static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = +@@ -105,7 +106,7 @@ + /* UNIX_NOT_SET_PASS */ {"not_set_pass", _ALL_ON_, 0x40}, + /* UNIX__PRELIM */ {NULL, _ALL_ON_^(0x180), 0x80}, + /* UNIX__UPDATE */ {NULL, _ALL_ON_^(0x180), 0x100}, +-/* UNIX__NONULL */ {NULL, _ALL_ON_, 0x200}, ++/* UNIX__NONULL */ {NULL, _ALL_ON_^(0x1000000), 0x200}, + /* UNIX__QUIET */ {NULL, _ALL_ON_, 0x400}, + /* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 0x800}, + /* UNIX_SHADOW */ {"shadow", _ALL_ON_, 0x1000}, +@@ -122,6 +123,7 @@ + /* UNIX_MAX_PASS_LEN */ {"max=", _ALL_ON_, 0}, + /* UNIX_MIN_PASS_LEN */ {"min=", _ALL_ON_, 0x400000}, + /* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x800000}, ++/* UNIX_NULLOK_SECURE */ {"nullok_secure", _ALL_ON_^(0x200), 0x1000000}, + }; + + #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) +@@ -157,6 +159,9 @@ + ,const void **pass); + extern int _unix_shadowed(const struct passwd *pwd); + ++extern int _pammodutil_tty_secure(const pam_handle_t *pamh, ++ const char *uttyname); ++ + extern struct spwd *_unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, const char *user); + + extern unsigned int pass_min_len; +Index: Linux-PAM/modules/pam_unix/Makefile.am +=================================================================== +--- Linux-PAM/modules/pam_unix/Makefile.am.orig ++++ Linux-PAM/modules/pam_unix/Makefile.am +@@ -44,6 +44,9 @@ + pam_unix_auth.c pam_unix_passwd.c pam_unix_sess.c support.c \ + yppasswd_xdr.c md5_good.c md5_broken.c obscure.c + ++pam_unix_la_LIBADD = \ ++ ../pam_securetty/tty_secure.lo ++ + bigcrypt_SOURCES = bigcrypt.c bigcrypt_main.c + bigcrypt_CFLAGS = $(AM_CFLAGS) + bigcrypt_LDFLAGS = @LIBCRYPT@ +Index: Linux-PAM/modules/pam_unix/README +=================================================================== +--- Linux-PAM/modules/pam_unix/README.orig ++++ Linux-PAM/modules/pam_unix/README +@@ -57,7 +57,16 @@ + + The default action of this module is to not permit the user access to a + service if their official password is blank. The nullok argument overrides +- this default. ++ this default and allows any user with a blank password to access the ++ service. ++ ++nullok_secure ++ ++ The default action of this module is to not permit the user access to a ++ service if their official password is blank. The nullok_secure argument ++ overrides this default and allows any user with a blank password to access ++ the service as long as the value of PAM_TTY is set to one of the values ++ found in /etc/securetty. + + try_first_pass + +Index: Linux-PAM/modules/pam_unix/pam_unix.8 +=================================================================== +--- Linux-PAM/modules/pam_unix/pam_unix.8.orig ++++ Linux-PAM/modules/pam_unix/pam_unix.8 +@@ -62,7 +62,14 @@ + .RS 4 + The default action of this module is to not permit the user access to a service if their official password is blank\. The + \fBnullok\fR +-argument overrides this default\. ++argument overrides this default and allows any user with a blank password to access the service\. ++.RE ++.PP ++\fBnullok_secure\fR ++.RS 4 ++The default action of this module is to not permit the user access to a service if their official password is blank\. The ++\fBnullok_secure\fR ++argument overrides this default and allows any user with a blank password to access the service as long as the value of PAM_TTY is set to one of the values found in /etc/securetty\. + .RE + .PP + \fBtry_first_pass\fR +Index: Linux-PAM/modules/pam_unix/pam_unix.8.xml +=================================================================== +--- Linux-PAM/modules/pam_unix/pam_unix.8.xml.orig ++++ Linux-PAM/modules/pam_unix/pam_unix.8.xml +@@ -135,7 +135,24 @@ + <para> + The default action of this module is to not permit the + user access to a service if their official password is blank. +- The <option>nullok</option> argument overrides this default. ++ The <option>nullok</option> argument overrides this default ++ and allows any user with a blank password to access the ++ service. ++ </para> ++ </listitem> ++ </varlistentry> ++ <varlistentry> ++ <term> ++ <option>nullok_secure</option> ++ </term> ++ <listitem> ++ <para> ++ The default action of this module is to not permit the ++ user access to a service if their official password is blank. ++ The <option>nullok_secure</option> argument overrides this ++ default and allows any user with a blank password to access ++ the service as long as the value of PAM_TTY is set to one of ++ the values found in /etc/securetty. + </para> + </listitem> + </varlistentry> diff --git a/debian/patches-applied/057_pam_unix_passwd_OOM_check b/debian/patches-applied/057_pam_unix_passwd_OOM_check new file mode 100644 index 00000000..afae12e1 --- /dev/null +++ b/debian/patches-applied/057_pam_unix_passwd_OOM_check @@ -0,0 +1,21 @@ +Index: Linux-PAM/modules/pam_unix/pam_unix_passwd.c +=================================================================== +--- Linux-PAM/modules/pam_unix/pam_unix_passwd.c.orig ++++ Linux-PAM/modules/pam_unix/pam_unix_passwd.c +@@ -1323,6 +1323,16 @@ + } + } + ++ /* A null pointer here indicates a memory failure ++ somewhere along the way; don't set the password to ++ NULL! */ ++ if (tpass == NULL) { ++ pam_syslog(pamh, LOG_CRIT, ++ "out of memory for password"); ++ pass_new = pass_old = NULL; /* tidy up */ ++ return PAM_BUF_ERR; ++ } ++ + D(("password processed")); + + /* update the password database(s) -- race conditions..? */ diff --git a/debian/patches-applied/065_pam_unix_cracklib_disable b/debian/patches-applied/065_pam_unix_cracklib_disable new file mode 100644 index 00000000..26aa0023 --- /dev/null +++ b/debian/patches-applied/065_pam_unix_cracklib_disable @@ -0,0 +1,18 @@ +Index: pam/Linux-PAM/modules/pam_unix/Makefile.am +=================================================================== +--- pam.orig/Linux-PAM/modules/pam_unix/Makefile.am ++++ pam/Linux-PAM/modules/pam_unix/Makefile.am +@@ -21,12 +21,9 @@ + if HAVE_LIBSELINUX + AM_CFLAGS += -D"WITH_SELINUX" + endif +-if HAVE_LIBCRACK +- AM_CFLAGS += -D"USE_CRACKLIB" +-endif + + pam_unix_la_LDFLAGS = -no-undefined -avoid-version -module \ +- @LIBCRACK@ @LIBNSL@ -L$(top_builddir)/libpam -lpam \ ++ @LIBNSL@ -L$(top_builddir)/libpam -lpam \ + @LIBCRYPT@ @LIBSELINUX@ + if HAVE_VERSIONING + pam_unix_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map diff --git a/debian/patches-applied/PAM-manpage-section b/debian/patches-applied/PAM-manpage-section new file mode 100644 index 00000000..0855d953 --- /dev/null +++ b/debian/patches-applied/PAM-manpage-section @@ -0,0 +1,48 @@ +Index: pam/Linux-PAM/doc/man/PAM.8 +=================================================================== +--- pam.orig/Linux-PAM/doc/man/PAM.8 ++++ pam/Linux-PAM/doc/man/PAM.8 +@@ -5,7 +5,7 @@ + .\" Manual: Linux\-PAM Manual + .\" Source: Linux\-PAM Manual + .\" +-.TH "PAM" "8" "06/27/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM" "7" "06/27/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -100,4 +100,4 @@ + \fBpam_authenticate\fR(3), + \fBpam_sm_setcred\fR(3), + \fBpam_strerror\fR(3), +-\fBPAM\fR(8) ++\fBPAM\fR(7) +Index: pam/Linux-PAM/doc/man/pam.8 +=================================================================== +--- pam.orig/Linux-PAM/doc/man/pam.8 ++++ pam/Linux-PAM/doc/man/pam.8 +@@ -1 +1 @@ +-.so man8/PAM.8 ++.so man7/PAM.7 +Index: pam/Linux-PAM/doc/man/pam.8.xml +=================================================================== +--- pam.orig/Linux-PAM/doc/man/pam.8.xml ++++ pam/Linux-PAM/doc/man/pam.8.xml +@@ -6,7 +6,7 @@ + + <refmeta> + <refentrytitle>pam</refentrytitle> +- <manvolnum>8</manvolnum> ++ <manvolnum>7</manvolnum> + <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> + </refmeta> + +@@ -179,7 +179,7 @@ + <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> +- <refentrytitle>PAM</refentrytitle><manvolnum>8</manvolnum> ++ <refentrytitle>PAM</refentrytitle><manvolnum>7</manvolnum> + </citerefentry> + </para> + </refsect1> diff --git a/debian/patches-applied/autoconf.patch b/debian/patches-applied/autoconf.patch new file mode 100644 index 00000000..67cb8266 --- /dev/null +++ b/debian/patches-applied/autoconf.patch @@ -0,0 +1,4851 @@ +The process for refreshing this patch is: + + export QUILT_PATCHES=debian/patches-applied + quilt push autoconf.patch # to get everything applied up to this point + quilt push -f autoconf.patch # to override the errors when applying + (cd Linux-PAM && autoheader && aclocal -I m4 && automake && autoconf) + quilt refresh + find . -name '*.rej' | xargs rm + +Index: pam/Linux-PAM/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/Makefile.in ++++ pam/Linux-PAM/Makefile.in +@@ -39,7 +39,7 @@ + DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \ + $(srcdir)/Makefile.in $(srcdir)/config.h.in \ + $(top_srcdir)/configure ABOUT-NLS AUTHORS COPYING ChangeLog \ +- INSTALL NEWS compile config.guess config.rpath config.sub \ ++ INSTALL NEWS TODO compile config.guess config.rpath config.sub \ + depcomp install-sh ltmain.sh missing mkinstalldirs ylwrap + ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 + am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ +@@ -171,6 +171,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/aclocal.m4 +=================================================================== +--- pam.orig/Linux-PAM/aclocal.m4 ++++ pam/Linux-PAM/aclocal.m4 +@@ -18,7 +18,7 @@ + + # libtool.m4 - Configure libtool for the host system. -*-Autoconf-*- + +-# serial 48 AC_PROG_LIBTOOL ++# serial 51 Debian 1.5.24-1 AC_PROG_LIBTOOL + + + # AC_PROVIDE_IFELSE(MACRO-NAME, IF-PROVIDED, IF-NOT-PROVIDED) +@@ -181,7 +181,7 @@ + test -z "$ac_objext" && ac_objext=o + + # Determine commands to create old-style static archives. +-old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs$old_deplibs' ++old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs' + old_postinstall_cmds='chmod 644 $oldlib' + old_postuninstall_cmds= + +@@ -268,8 +268,9 @@ + # Check for compiler boilerplate output or warnings with + # the simple compiler test code. + AC_DEFUN([_LT_COMPILER_BOILERPLATE], +-[ac_outfile=conftest.$ac_objext +-printf "$lt_simple_compile_test_code" >conftest.$ac_ext ++[AC_REQUIRE([LT_AC_PROG_SED])dnl ++ac_outfile=conftest.$ac_objext ++echo "$lt_simple_compile_test_code" >conftest.$ac_ext + eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err + _lt_compiler_boilerplate=`cat conftest.err` + $rm conftest* +@@ -281,8 +282,9 @@ + # Check for linker boilerplate output or warnings with + # the simple link test code. + AC_DEFUN([_LT_LINKER_BOILERPLATE], +-[ac_outfile=conftest.$ac_objext +-printf "$lt_simple_link_test_code" >conftest.$ac_ext ++[AC_REQUIRE([LT_AC_PROG_SED])dnl ++ac_outfile=conftest.$ac_objext ++echo "$lt_simple_link_test_code" >conftest.$ac_ext + eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err + _lt_linker_boilerplate=`cat conftest.err` + $rm conftest* +@@ -298,12 +300,20 @@ + # If we don't find anything, use the default library path according + # to the aix ld manual. + AC_DEFUN([_LT_AC_SYS_LIBPATH_AIX], +-[AC_LINK_IFELSE(AC_LANG_PROGRAM,[ +-aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } +-}'` ++[AC_REQUIRE([LT_AC_PROG_SED])dnl ++AC_LINK_IFELSE(AC_LANG_PROGRAM,[ ++lt_aix_libpath_sed=' ++ /Import File Strings/,/^$/ { ++ /^0/ { ++ s/^0 *\(.*\)$/\1/ ++ p ++ } ++ }' ++aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + # Check for a 64-bit object if we didn't find anything. +-if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } +-}'`; fi],[]) ++if test -z "$aix_libpath"; then ++ aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` ++fi],[]) + if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi + ])# _LT_AC_SYS_LIBPATH_AIX + +@@ -534,13 +544,17 @@ + rm -rf conftest* + ;; + +-x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*|s390*-*linux*|sparc*-*linux*) ++x86_64-*kfreebsd*-gnu|x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*| \ ++s390*-*linux*|sparc*-*linux*) + # Find out which ABI we are using. + echo 'int i;' > conftest.$ac_ext + if AC_TRY_EVAL(ac_compile); then + case `/usr/bin/file conftest.o` in + *32-bit*) + case $host in ++ x86_64-*kfreebsd*-gnu) ++ LD="${LD-ld} -m elf_i386_fbsd" ++ ;; + x86_64-*linux*) + LD="${LD-ld} -m elf_i386" + ;; +@@ -557,6 +571,9 @@ + ;; + *64-bit*) + case $host in ++ x86_64-*kfreebsd*-gnu) ++ LD="${LD-ld} -m elf_x86_64_fbsd" ++ ;; + x86_64-*linux*) + LD="${LD-ld} -m elf_x86_64" + ;; +@@ -628,7 +645,7 @@ + AC_CACHE_CHECK([$1], [$2], + [$2=no + ifelse([$4], , [ac_outfile=conftest.$ac_objext], [ac_outfile=$4]) +- printf "$lt_simple_compile_test_code" > conftest.$ac_ext ++ echo "$lt_simple_compile_test_code" > conftest.$ac_ext + lt_compiler_flag="$3" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. +@@ -669,11 +686,12 @@ + # ------------------------------------------------------------ + # Check whether the given compiler option works + AC_DEFUN([AC_LIBTOOL_LINKER_OPTION], +-[AC_CACHE_CHECK([$1], [$2], ++[AC_REQUIRE([LT_AC_PROG_SED])dnl ++AC_CACHE_CHECK([$1], [$2], + [$2=no + save_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS $3" +- printf "$lt_simple_link_test_code" > conftest.$ac_ext ++ echo "$lt_simple_link_test_code" > conftest.$ac_ext + if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then + # The linker can only warn and ignore the option if not recognized + # So say no if there are warnings +@@ -787,24 +805,27 @@ + fi + ;; + *) +- # If test is not a shell built-in, we'll probably end up computing a +- # maximum length that is only half of the actual maximum length, but +- # we can't tell. +- SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}} +- while (test "X"`$SHELL [$]0 --fallback-echo "X$teststring" 2>/dev/null` \ ++ lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null` ++ if test -n "$lt_cv_sys_max_cmd_len"; then ++ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` ++ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` ++ else ++ SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}} ++ while (test "X"`$SHELL [$]0 --fallback-echo "X$teststring" 2>/dev/null` \ + = "XX$teststring") >/dev/null 2>&1 && +- new_result=`expr "X$teststring" : ".*" 2>&1` && +- lt_cv_sys_max_cmd_len=$new_result && +- test $i != 17 # 1/2 MB should be enough +- do +- i=`expr $i + 1` +- teststring=$teststring$teststring +- done +- teststring= +- # Add a significant safety factor because C++ compilers can tack on massive +- # amounts of additional arguments before passing them to the linker. +- # It appears as though 1/2 is a usable value. +- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2` ++ new_result=`expr "X$teststring" : ".*" 2>&1` && ++ lt_cv_sys_max_cmd_len=$new_result && ++ test $i != 17 # 1/2 MB should be enough ++ do ++ i=`expr $i + 1` ++ teststring=$teststring$teststring ++ done ++ teststring= ++ # Add a significant safety factor because C++ compilers can tack on massive ++ # amounts of additional arguments before passing them to the linker. ++ # It appears as though 1/2 is a usable value. ++ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2` ++ fi + ;; + esac + ]) +@@ -1031,7 +1052,8 @@ + # --------------------------------- + # Check to see if options -c and -o are simultaneously supported by compiler + AC_DEFUN([AC_LIBTOOL_PROG_CC_C_O], +-[AC_REQUIRE([_LT_AC_SYS_COMPILER])dnl ++[AC_REQUIRE([LT_AC_PROG_SED])dnl ++AC_REQUIRE([_LT_AC_SYS_COMPILER])dnl + AC_CACHE_CHECK([if $compiler supports -c -o file.$ac_objext], + [_LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)], + [_LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)=no +@@ -1039,7 +1061,7 @@ + mkdir conftest + cd conftest + mkdir out +- printf "$lt_simple_compile_test_code" > conftest.$ac_ext ++ echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + lt_compiler_flag="-o out/conftest2.$ac_objext" + # Insert the option either (1) after the last *FLAGS variable, or +@@ -1179,6 +1201,7 @@ + darwin*) + if test -n "$STRIP" ; then + striplib="$STRIP -x" ++ old_striplib="$STRIP -S" + AC_MSG_RESULT([yes]) + else + AC_MSG_RESULT([no]) +@@ -1196,7 +1219,8 @@ + # ----------------------------- + # PORTME Fill in your ld.so characteristics + AC_DEFUN([AC_LIBTOOL_SYS_DYNAMIC_LINKER], +-[AC_MSG_CHECKING([dynamic linker characteristics]) ++[AC_REQUIRE([LT_AC_PROG_SED])dnl ++AC_MSG_CHECKING([dynamic linker characteristics]) + library_names_spec= + libname_spec='lib$name' + soname_spec= +@@ -1210,20 +1234,58 @@ + version_type=none + dynamic_linker="$host_os ld.so" + sys_lib_dlsearch_path_spec="/lib /usr/lib" ++m4_if($1,[],[ + if test "$GCC" = yes; then +- sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"` +- if echo "$sys_lib_search_path_spec" | grep ';' >/dev/null ; then ++ case $host_os in ++ darwin*) lt_awk_arg="/^libraries:/,/LR/" ;; ++ *) lt_awk_arg="/^libraries:/" ;; ++ esac ++ lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e "s,=/,/,g"` ++ if echo "$lt_search_path_spec" | grep ';' >/dev/null ; then + # if the path contains ";" then we assume it to be the separator + # otherwise default to the standard path separator (i.e. ":") - it is + # assumed that no part of a normal pathname contains ";" but that should + # okay in the real world where ";" in dirpaths is itself problematic. +- sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` ++ lt_search_path_spec=`echo "$lt_search_path_spec" | $SED -e 's/;/ /g'` + else +- sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` ++ lt_search_path_spec=`echo "$lt_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` + fi ++ # Ok, now we have the path, separated by spaces, we can step through it ++ # and add multilib dir if necessary. ++ lt_tmp_lt_search_path_spec= ++ lt_multi_os_dir=`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null` ++ for lt_sys_path in $lt_search_path_spec; do ++ if test -d "$lt_sys_path/$lt_multi_os_dir"; then ++ lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path/$lt_multi_os_dir" ++ else ++ test -d "$lt_sys_path" && \ ++ lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path" ++ fi ++ done ++ lt_search_path_spec=`echo $lt_tmp_lt_search_path_spec | awk ' ++BEGIN {RS=" "; FS="/|\n";} { ++ lt_foo=""; ++ lt_count=0; ++ for (lt_i = NF; lt_i > 0; lt_i--) { ++ if ($lt_i != "" && $lt_i != ".") { ++ if ($lt_i == "..") { ++ lt_count++; ++ } else { ++ if (lt_count == 0) { ++ lt_foo="/" $lt_i lt_foo; ++ } else { ++ lt_count--; ++ } ++ } ++ } ++ } ++ if (lt_foo != "") { lt_freq[[lt_foo]]++; } ++ if (lt_freq[[lt_foo]] == 1) { print lt_foo; } ++}'` ++ sys_lib_search_path_spec=`echo $lt_search_path_spec` + else + sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" +-fi ++fi]) + need_lib_prefix=unknown + hardcode_into_libs=no + +@@ -1380,12 +1442,8 @@ + shlibpath_overrides_runpath=yes + shlibpath_var=DYLD_LIBRARY_PATH + shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' +- # Apple's gcc prints 'gcc -print-search-dirs' doesn't operate the same. +- if test "$GCC" = yes; then +- sys_lib_search_path_spec=`$CC -print-search-dirs | tr "\n" "$PATH_SEPARATOR" | sed -e 's/libraries:/@libraries:/' | tr "@" "\n" | grep "^libraries:" | sed -e "s/^libraries://" -e "s,=/,/,g" -e "s,$PATH_SEPARATOR, ,g" -e "s,.*,& /lib /usr/lib /usr/local/lib,g"` +- else +- sys_lib_search_path_spec='/lib /usr/lib /usr/local/lib' +- fi ++ m4_if([$1], [],[ ++ sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"]) + sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' + ;; + +@@ -1402,18 +1460,6 @@ + dynamic_linker=no + ;; + +-kfreebsd*-gnu) +- version_type=linux +- need_lib_prefix=no +- need_version=no +- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' +- soname_spec='${libname}${release}${shared_ext}$major' +- shlibpath_var=LD_LIBRARY_PATH +- shlibpath_overrides_runpath=no +- hardcode_into_libs=yes +- dynamic_linker='GNU ld.so' +- ;; +- + freebsd* | dragonfly*) + # DragonFly does not have aout. When/if they implement a new + # versioning mechanism, adjust this. +@@ -1451,7 +1497,7 @@ + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; +- freebsd*) # from 4.6 on ++ *) # from 4.6 on, and DragonFly + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; +@@ -1514,7 +1560,7 @@ + postinstall_cmds='chmod 555 $lib' + ;; + +-interix3*) ++interix[[3-9]]*) + version_type=linux + need_lib_prefix=no + need_version=no +@@ -1569,7 +1615,7 @@ + ;; + + # This must be Linux ELF. +-linux*) ++linux* | k*bsd*-gnu) + version_type=linux + need_lib_prefix=no + need_version=no +@@ -1585,7 +1631,7 @@ + + # Append ld.so.conf contents to the search path + if test -f /etc/ld.so.conf; then +- lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` ++ lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` + sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" + fi + +@@ -1598,7 +1644,7 @@ + dynamic_linker='GNU/Linux ld.so' + ;; + +-knetbsd*-gnu) ++netbsdelf*-gnu) + version_type=linux + need_lib_prefix=no + need_version=no +@@ -1607,7 +1653,7 @@ + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes +- dynamic_linker='GNU ld.so' ++ dynamic_linker='NetBSD ld.elf_so' + ;; + + netbsd*) +@@ -1691,6 +1737,10 @@ + sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" + ;; + ++rdos*) ++ dynamic_linker=no ++ ;; ++ + solaris*) + version_type=linux + need_lib_prefix=no +@@ -1796,7 +1846,8 @@ + # _LT_AC_TAGCONFIG + # ---------------- + AC_DEFUN([_LT_AC_TAGCONFIG], +-[AC_ARG_WITH([tags], ++[AC_REQUIRE([LT_AC_PROG_SED])dnl ++AC_ARG_WITH([tags], + [AC_HELP_STRING([--with-tags@<:@=TAGS@:>@], + [include additional configurations @<:@automatic@:>@])], + [tagnames="$withval"]) +@@ -2057,7 +2108,7 @@ + + # AC_PATH_TOOL_PREFIX + # ------------------- +-# find a file program which can recognise shared library ++# find a file program which can recognize shared library + AC_DEFUN([AC_PATH_TOOL_PREFIX], + [AC_REQUIRE([AC_PROG_EGREP])dnl + AC_MSG_CHECKING([for $1]) +@@ -2120,7 +2171,7 @@ + + # AC_PATH_MAGIC + # ------------- +-# find a file program which can recognise a shared library ++# find a file program which can recognize a shared library + AC_DEFUN([AC_PATH_MAGIC], + [AC_PATH_TOOL_PREFIX(${ac_tool_prefix}file, /usr/bin$PATH_SEPARATOR$PATH) + if test -z "$lt_cv_path_MAGIC_CMD"; then +@@ -2267,7 +2318,7 @@ + # how to check for library dependencies + # -- PORTME fill in with the dynamic library characteristics + AC_DEFUN([AC_DEPLIBS_CHECK_METHOD], +-[AC_CACHE_CHECK([how to recognise dependent libraries], ++[AC_CACHE_CHECK([how to recognize dependent libraries], + lt_cv_deplibs_check_method, + [lt_cv_file_magic_cmd='$MAGIC_CMD' + lt_cv_file_magic_test_file= +@@ -2306,16 +2357,22 @@ + + mingw* | pw32*) + # Base MSYS/MinGW do not provide the 'file' command needed by +- # func_win32_libid shell function, so use a weaker test based on 'objdump'. +- lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?' +- lt_cv_file_magic_cmd='$OBJDUMP -f' ++ # func_win32_libid shell function, so use a weaker test based on 'objdump', ++ # unless we find 'file', for example because we are cross-compiling. ++ if ( file / ) >/dev/null 2>&1; then ++ lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' ++ lt_cv_file_magic_cmd='func_win32_libid' ++ else ++ lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?' ++ lt_cv_file_magic_cmd='$OBJDUMP -f' ++ fi + ;; + + darwin* | rhapsody*) + lt_cv_deplibs_check_method=pass_all + ;; + +-freebsd* | kfreebsd*-gnu | dragonfly*) ++freebsd* | dragonfly*) + if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then + case $host_cpu in + i*86 ) +@@ -2353,7 +2410,7 @@ + esac + ;; + +-interix3*) ++interix[[3-9]]*) + # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here + lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|\.a)$' + ;; +@@ -2369,11 +2426,11 @@ + ;; + + # This must be Linux ELF. +-linux*) ++linux* | k*bsd*-gnu) + lt_cv_deplibs_check_method=pass_all + ;; + +-netbsd*) ++netbsd* | netbsdelf*-gnu) + if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then + lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$' + else +@@ -2403,6 +2460,10 @@ + lt_cv_deplibs_check_method=pass_all + ;; + ++rdos*) ++ lt_cv_deplibs_check_method=pass_all ++ ;; ++ + solaris*) + lt_cv_deplibs_check_method=pass_all + ;; +@@ -2455,7 +2516,7 @@ + lt_cv_path_NM="$NM" + else + lt_nm_to_check="${ac_tool_prefix}nm" +- if test -n "$ac_tool_prefix" && test "$build" = "$host"; then ++ if test -n "$ac_tool_prefix" && test "$build" = "$host"; then + lt_nm_to_check="$lt_nm_to_check nm" + fi + for lt_tmp_nm in $lt_nm_to_check; do +@@ -2671,10 +2732,10 @@ + _LT_AC_TAGVAR(objext, $1)=$objext + + # Code to be used in simple compile tests +-lt_simple_compile_test_code="int some_variable = 0;\n" ++lt_simple_compile_test_code="int some_variable = 0;" + + # Code to be used in simple link tests +-lt_simple_link_test_code='int main(){return(0);}\n' ++lt_simple_link_test_code='int main(){return(0);}' + + _LT_AC_SYS_COMPILER + +@@ -2776,10 +2837,10 @@ + _LT_AC_TAGVAR(objext, $1)=$objext + + # Code to be used in simple compile tests +-lt_simple_compile_test_code="int some_variable = 0;\n" ++lt_simple_compile_test_code="int some_variable = 0;" + + # Code to be used in simple link tests +-lt_simple_link_test_code='int main(int, char *[[]]) { return(0); }\n' ++lt_simple_link_test_code='int main(int, char *[[]]) { return(0); }' + + # ltmain only uses $CC for tagged configurations so make sure $CC is set. + _LT_AC_SYS_COMPILER +@@ -2925,7 +2986,7 @@ + strings "$collect2name" | grep resolve_lib_name >/dev/null + then + # We have reworked collect2 +- _LT_AC_TAGVAR(hardcode_direct, $1)=yes ++ : + else + # We have old collect2 + _LT_AC_TAGVAR(hardcode_direct, $1)=unsupported +@@ -3084,10 +3145,10 @@ + case $cc_basename in + xlc*) + output_verbose_link_cmd='echo' +- _LT_AC_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring' ++ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $xlcverstring' + _LT_AC_TAGVAR(module_cmds, $1)='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' + # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds +- _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' ++ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $xlcverstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' + _LT_AC_TAGVAR(module_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' + ;; + *) +@@ -3121,7 +3182,7 @@ + freebsd-elf*) + _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no + ;; +- freebsd* | kfreebsd*-gnu | dragonfly*) ++ freebsd* | dragonfly*) + # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF + # conventions + _LT_AC_TAGVAR(ld_shlibs, $1)=yes +@@ -3170,9 +3231,7 @@ + _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: + + case $host_cpu in +- hppa*64*|ia64*) +- _LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='+b $libdir' +- ;; ++ hppa*64*|ia64*) ;; + *) + _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + ;; +@@ -3240,7 +3299,7 @@ + ;; + esac + ;; +- interix3*) ++ interix[[3-9]]*) + _LT_AC_TAGVAR(hardcode_direct, $1)=no + _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' +@@ -3280,7 +3339,7 @@ + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: + ;; +- linux*) ++ linux* | k*bsd*-gnu) + case $cc_basename in + KCC*) + # Kuck and Associates, Inc. (KAI) C++ Compiler +@@ -3360,6 +3419,29 @@ + # dependencies. + output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list' + ;; ++ *) ++ case `$CC -V 2>&1 | sed 5q` in ++ *Sun\ C*) ++ # Sun C++ 5.9 ++ _LT_AC_TAGVAR(no_undefined_flag, $1)=' -zdefs' ++ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ++ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file ${wl}$export_symbols' ++ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' ++ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive' ++ ++ # Not sure whether something based on ++ # $CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 ++ # would be better. ++ output_verbose_link_cmd='echo' ++ ++ # Archives containing C++ object files must be created using ++ # "CC -xar", where "CC" is the Sun C++ compiler. This is ++ # necessary to make sure instantiated templates are included ++ # in the archive. ++ _LT_AC_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs' ++ ;; ++ esac ++ ;; + esac + ;; + lynxos*) +@@ -3382,7 +3464,7 @@ + ;; + esac + ;; +- netbsd*) ++ netbsd* | netbsdelf*-gnu) + if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then + _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags' + wlarc= +@@ -3398,16 +3480,20 @@ + _LT_AC_TAGVAR(ld_shlibs, $1)=no + ;; + openbsd*) +- _LT_AC_TAGVAR(hardcode_direct, $1)=yes +- _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no +- _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' +- _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' +- if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then +- _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file,$export_symbols -o $lib' +- _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' +- _LT_AC_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' ++ if test -f /usr/libexec/ld.so; then ++ _LT_AC_TAGVAR(hardcode_direct, $1)=yes ++ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no ++ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' ++ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' ++ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then ++ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file,$export_symbols -o $lib' ++ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' ++ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' ++ fi ++ output_verbose_link_cmd='echo' ++ else ++ _LT_AC_TAGVAR(ld_shlibs, $1)=no + fi +- output_verbose_link_cmd='echo' + ;; + osf3*) + case $cc_basename in +@@ -3569,15 +3655,10 @@ + case $host_os in + solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; + *) +- # The C++ compiler is used as linker so we must use $wl +- # flag to pass the commands to the underlying system +- # linker. We must also pass each convience library through +- # to the system linker between allextract/defaultextract. +- # The C++ compiler will combine linker options so we +- # cannot just pass the convience library names through +- # without $wl. ++ # The compiler driver will combine and reorder linker options, ++ # but understands `-z linker_flag'. + # Supported since Solaris 2.6 (maybe 2.5.1?) +- _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract' ++ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract' + ;; + esac + _LT_AC_TAGVAR(link_all_deplibs, $1)=yes +@@ -3624,6 +3705,12 @@ + fi + + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $wl$libdir' ++ case $host_os in ++ solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; ++ *) ++ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' ++ ;; ++ esac + fi + ;; + esac +@@ -3867,7 +3954,7 @@ + # PORTME: override above test on systems where it is broken + ifelse([$1],[CXX], + [case $host_os in +-interix3*) ++interix[[3-9]]*) + # Interix 3.5 installs completely hosed .la files for C++, so rather than + # hack all around it, let's just trust "g++" to DTRT. + _LT_AC_TAGVAR(predep_objects,$1)= +@@ -3875,13 +3962,46 @@ + _LT_AC_TAGVAR(postdeps,$1)= + ;; + ++linux*) ++ case `$CC -V 2>&1 | sed 5q` in ++ *Sun\ C*) ++ # Sun C++ 5.9 ++ # ++ # The more standards-conforming stlport4 library is ++ # incompatible with the Cstd library. Avoid specifying ++ # it if it's in CXXFLAGS. Ignore libCrun as ++ # -library=stlport4 depends on it. ++ case " $CXX $CXXFLAGS " in ++ *" -library=stlport4 "*) ++ solaris_use_stlport4=yes ++ ;; ++ esac ++ if test "$solaris_use_stlport4" != yes; then ++ _LT_AC_TAGVAR(postdeps,$1)='-library=Cstd -library=Crun' ++ fi ++ ;; ++ esac ++ ;; ++ + solaris*) + case $cc_basename in + CC*) ++ # The more standards-conforming stlport4 library is ++ # incompatible with the Cstd library. Avoid specifying ++ # it if it's in CXXFLAGS. Ignore libCrun as ++ # -library=stlport4 depends on it. ++ case " $CXX $CXXFLAGS " in ++ *" -library=stlport4 "*) ++ solaris_use_stlport4=yes ++ ;; ++ esac ++ + # Adding this requires a known-good setup of shared libraries for + # Sun compiler versions before 5.6, else PIC objects from an old + # archive will be linked into the output, leading to subtle bugs. +- _LT_AC_TAGVAR(postdeps,$1)='-lCstd -lCrun' ++ if test "$solaris_use_stlport4" != yes; then ++ _LT_AC_TAGVAR(postdeps,$1)='-library=Cstd -library=Crun' ++ fi + ;; + esac + ;; +@@ -3930,10 +4050,17 @@ + _LT_AC_TAGVAR(objext, $1)=$objext + + # Code to be used in simple compile tests +-lt_simple_compile_test_code=" subroutine t\n return\n end\n" ++lt_simple_compile_test_code="\ ++ subroutine t ++ return ++ end ++" + + # Code to be used in simple link tests +-lt_simple_link_test_code=" program t\n end\n" ++lt_simple_link_test_code="\ ++ program t ++ end ++" + + # ltmain only uses $CC for tagged configurations so make sure $CC is set. + _LT_AC_SYS_COMPILER +@@ -4012,10 +4139,10 @@ + _LT_AC_TAGVAR(objext, $1)=$objext + + # Code to be used in simple compile tests +-lt_simple_compile_test_code="class foo {}\n" ++lt_simple_compile_test_code="class foo {}" + + # Code to be used in simple link tests +-lt_simple_link_test_code='public class conftest { public static void main(String[[]] argv) {}; }\n' ++lt_simple_link_test_code='public class conftest { public static void main(String[[]] argv) {}; }' + + # ltmain only uses $CC for tagged configurations so make sure $CC is set. + _LT_AC_SYS_COMPILER +@@ -4068,7 +4195,7 @@ + _LT_AC_TAGVAR(objext, $1)=$objext + + # Code to be used in simple compile tests +-lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }\n' ++lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }' + + # Code to be used in simple link tests + lt_simple_link_test_code="$lt_simple_compile_test_code" +@@ -4157,6 +4284,7 @@ + _LT_AC_TAGVAR(module_cmds, $1) \ + _LT_AC_TAGVAR(module_expsym_cmds, $1) \ + _LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1) \ ++ _LT_AC_TAGVAR(fix_srcfile_path, $1) \ + _LT_AC_TAGVAR(exclude_expsyms, $1) \ + _LT_AC_TAGVAR(include_expsyms, $1); do + +@@ -4203,7 +4331,7 @@ + # Generated automatically by $PROGRAM (GNU $PACKAGE $VERSION$TIMESTAMP) + # NOTE: Changes made to this file will be lost: look at ltmain.sh. + # +-# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001 ++# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 + # Free Software Foundation, Inc. + # + # This file is part of GNU Libtool: +@@ -4528,7 +4656,7 @@ + sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec + + # Fix the shell variable \$srcfile for the compiler. +-fix_srcfile_path="$_LT_AC_TAGVAR(fix_srcfile_path, $1)" ++fix_srcfile_path=$lt_fix_srcfile_path + + # Set to yes if exported symbols are required. + always_export_symbols=$_LT_AC_TAGVAR(always_export_symbols, $1) +@@ -4611,6 +4739,7 @@ + # --------------------------------- + AC_DEFUN([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE], + [AC_REQUIRE([AC_CANONICAL_HOST]) ++AC_REQUIRE([LT_AC_PROG_SED]) + AC_REQUIRE([AC_PROG_NM]) + AC_REQUIRE([AC_OBJEXT]) + # Check for command to grab the raw symbol name followed by C symbol from nm. +@@ -4647,7 +4776,7 @@ + lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'" + lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\) $/ {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"\2\", (lt_ptr) \&\2},/p'" + ;; +-linux*) ++linux* | k*bsd*-gnu) + if test "$host_cpu" = ia64; then + symcode='[[ABCDGIRSTW]]' + lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'" +@@ -4837,12 +4966,14 @@ + # like `-m68040'. + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4' + ;; +- beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) ++ beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) + # PIC is the default for these OSes. + ;; +- mingw* | os2* | pw32*) ++ mingw* | cygwin* | os2* | pw32*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). ++ # Although the cygwin gcc ignores -fPIC, still need this for old-style ++ # (--disable-auto-import) libraries + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT' + ;; + darwin* | rhapsody*) +@@ -4854,7 +4985,7 @@ + # DJGPP does not support shared libraries at all + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)= + ;; +- interix3*) ++ interix[[3-9]]*) + # Interix 3.x gcc -fpic/-fPIC options generate broken code. + # Instead, we relocate shared libraries at runtime. + ;; +@@ -4920,7 +5051,7 @@ + ;; + esac + ;; +- freebsd* | kfreebsd*-gnu | dragonfly*) ++ freebsd* | dragonfly*) + # FreeBSD uses GNU C++ + ;; + hpux9* | hpux10* | hpux11*) +@@ -4963,7 +5094,7 @@ + ;; + esac + ;; +- linux*) ++ linux* | k*bsd*-gnu) + case $cc_basename in + KCC*) + # KAI C++ Compiler +@@ -4990,6 +5121,14 @@ + _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; + *) ++ case `$CC -V 2>&1 | sed 5q` in ++ *Sun\ C*) ++ # Sun C++ 5.9 ++ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' ++ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ++ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' ++ ;; ++ esac + ;; + esac + ;; +@@ -5006,7 +5145,7 @@ + ;; + esac + ;; +- netbsd*) ++ netbsd* | netbsdelf*-gnu) + ;; + osf3* | osf4* | osf5*) + case $cc_basename in +@@ -5110,13 +5249,15 @@ + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4' + ;; + +- beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) ++ beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) + # PIC is the default for these OSes. + ;; + +- mingw* | pw32* | os2*) ++ mingw* | cygwin* | pw32* | os2*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). ++ # Although the cygwin gcc ignores -fPIC, still need this for old-style ++ # (--disable-auto-import) libraries + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT' + ;; + +@@ -5126,7 +5267,7 @@ + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common' + ;; + +- interix3*) ++ interix[[3-9]]*) + # Interix 3.x gcc -fpic/-fPIC options generate broken code. + # Instead, we relocate shared libraries at runtime. + ;; +@@ -5184,7 +5325,7 @@ + esac + ;; + +- mingw* | pw32* | os2*) ++ mingw* | cygwin* | pw32* | os2*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT' +@@ -5217,7 +5358,7 @@ + _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + +- linux*) ++ linux* | k*bsd*-gnu) + case $cc_basename in + icc* | ecc*) + _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' +@@ -5236,6 +5377,22 @@ + # All Alpha code is PIC. + _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; ++ *) ++ case `$CC -V 2>&1 | sed 5q` in ++ *Sun\ C*) ++ # Sun C 5.9 ++ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' ++ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ++ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' ++ ;; ++ *Sun\ F*) ++ # Sun Fortran 8.3 passes all unrecognized flags to the linker ++ _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' ++ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ++ _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='' ++ ;; ++ esac ++ ;; + esac + ;; + +@@ -5245,6 +5402,10 @@ + _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; + ++ rdos*) ++ _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' ++ ;; ++ + solaris*) + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' +@@ -5339,7 +5500,8 @@ + # ------------------------------------ + # See if the linker supports building shared libraries. + AC_DEFUN([AC_LIBTOOL_PROG_LD_SHLIBS], +-[AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries]) ++[AC_REQUIRE([LT_AC_PROG_SED])dnl ++AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries]) + ifelse([$1],[CXX],[ + _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' + case $host_os in +@@ -5356,7 +5518,10 @@ + _LT_AC_TAGVAR(export_symbols_cmds, $1)="$ltdll_cmds" + ;; + cygwin* | mingw*) +- _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]] /s/.* \([[^ ]]*\)/\1 DATA/;/^.* __nm__/s/^.* __nm__\([[^ ]]*\) [[^ ]]*/\1 DATA/;/^I /d;/^[[AITW]] /s/.* //'\'' | sort | uniq > $export_symbols' ++ _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;/^.*[[ ]]__nm__/s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.*[[ ]]//'\'' | sort | uniq > $export_symbols' ++ ;; ++ linux* | k*bsd*-gnu) ++ _LT_AC_TAGVAR(link_all_deplibs, $1)=no + ;; + *) + _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' +@@ -5495,7 +5660,7 @@ + _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported + _LT_AC_TAGVAR(always_export_symbols, $1)=no + _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=yes +- _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]] /s/.* \([[^ ]]*\)/\1 DATA/'\'' | $SED -e '\''/^[[AITW]] /s/.* //'\'' | sort | uniq > $export_symbols' ++ _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/'\'' -e '\''/^[[AITW]][[ ]]/s/.*[[ ]]//'\'' | sort | uniq > $export_symbols' + + if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' +@@ -5513,7 +5678,7 @@ + fi + ;; + +- interix3*) ++ interix[[3-9]]*) + _LT_AC_TAGVAR(hardcode_direct, $1)=no + _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' +@@ -5528,7 +5693,7 @@ + _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + ;; + +- linux*) ++ gnu* | linux* | k*bsd*-gnu) + if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then + tmp_addflag= + case $cc_basename,$host_cpu in +@@ -5546,20 +5711,30 @@ + ifc* | ifort*) # Intel Fortran compiler + tmp_addflag=' -nofor_main' ;; + esac +- _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' ++ case `$CC -V 2>&1 | sed 5q` in ++ *Sun\ C*) # Sun C 5.9 ++ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive' ++ tmp_sharedflag='-G' ;; ++ *Sun\ F*) # Sun Fortran 8.3 ++ tmp_sharedflag='-G' ;; ++ *) ++ tmp_sharedflag='-shared' ;; ++ esac ++ _LT_AC_TAGVAR(archive_cmds, $1)='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + + if test $supports_anon_versioning = yes; then + _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $output_objdir/$libname.ver~ + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + $echo "local: *; };" >> $output_objdir/$libname.ver~ +- $CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' ++ $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' + fi ++ _LT_AC_TAGVAR(link_all_deplibs, $1)=no + else + _LT_AC_TAGVAR(ld_shlibs, $1)=no + fi + ;; + +- netbsd*) ++ netbsd* | netbsdelf*-gnu) + if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then + _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' + wlarc= +@@ -5592,7 +5767,7 @@ + + sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) + case `$LD -v 2>&1` in +- *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*) ++ *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*) + _LT_AC_TAGVAR(ld_shlibs, $1)=no + cat <<_LT_EOF 1>&2 + +@@ -5711,7 +5886,7 @@ + strings "$collect2name" | grep resolve_lib_name >/dev/null + then + # We have reworked collect2 +- _LT_AC_TAGVAR(hardcode_direct, $1)=yes ++ : + else + # We have old collect2 + _LT_AC_TAGVAR(hardcode_direct, $1)=unsupported +@@ -5804,7 +5979,7 @@ + # The linker will automatically build a .lib file if we build a DLL. + _LT_AC_TAGVAR(old_archive_From_new_cmds, $1)='true' + # FIXME: Should let the user specify the lib program. +- _LT_AC_TAGVAR(old_archive_cmds, $1)='lib /OUT:$oldlib$oldobjs$old_deplibs' ++ _LT_AC_TAGVAR(old_archive_cmds, $1)='lib -OUT:$oldlib$oldobjs$old_deplibs' + _LT_AC_TAGVAR(fix_srcfile_path, $1)='`cygpath -w "$srcfile"`' + _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + ;; +@@ -5846,10 +6021,10 @@ + case $cc_basename in + xlc*) + output_verbose_link_cmd='echo' +- _LT_AC_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring' ++ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $xlcverstring' + _LT_AC_TAGVAR(module_cmds, $1)='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' + # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds +- _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' ++ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $xlcverstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' + _LT_AC_TAGVAR(module_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' + ;; + *) +@@ -5889,7 +6064,7 @@ + ;; + + # FreeBSD 3 and greater uses gcc -shared to do shared libraries. +- freebsd* | kfreebsd*-gnu | dragonfly*) ++ freebsd* | dragonfly*) + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -o $lib $libobjs $deplibs $compiler_flags' + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_AC_TAGVAR(hardcode_direct, $1)=yes +@@ -5991,7 +6166,7 @@ + _LT_AC_TAGVAR(link_all_deplibs, $1)=yes + ;; + +- netbsd*) ++ netbsd* | netbsdelf*-gnu) + if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then + _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out + else +@@ -6011,24 +6186,28 @@ + ;; + + openbsd*) +- _LT_AC_TAGVAR(hardcode_direct, $1)=yes +- _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no +- if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then +- _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' +- _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols' +- _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' +- _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' ++ if test -f /usr/libexec/ld.so; then ++ _LT_AC_TAGVAR(hardcode_direct, $1)=yes ++ _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no ++ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then ++ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' ++ _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols' ++ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' ++ _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' ++ else ++ case $host_os in ++ openbsd[[01]].* | openbsd2.[[0-7]] | openbsd2.[[0-7]].*) ++ _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' ++ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' ++ ;; ++ *) ++ _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' ++ _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' ++ ;; ++ esac ++ fi + else +- case $host_os in +- openbsd[[01]].* | openbsd2.[[0-7]] | openbsd2.[[0-7]].*) +- _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' +- _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' +- ;; +- *) +- _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' +- _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' +- ;; +- esac ++ _LT_AC_TAGVAR(ld_shlibs, $1)=no + fi + ;; + +@@ -6087,17 +6266,16 @@ + case $host_os in + solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; + *) +- # The compiler driver will combine linker options so we +- # cannot just pass the convience library names through +- # without $wl, iff we do not link with $LD. +- # Luckily, gcc supports the same syntax we need for Sun Studio. ++ # The compiler driver will combine and reorder linker options, ++ # but understands `-z linker_flag'. GCC discards it without `$wl', ++ # but is careful enough not to reorder. + # Supported since Solaris 2.6 (maybe 2.5.1?) +- case $wlarc in +- '') +- _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract' ;; +- *) +- _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract' ;; +- esac ;; ++ if test "$GCC" = yes; then ++ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' ++ else ++ _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract' ++ fi ++ ;; + esac + _LT_AC_TAGVAR(link_all_deplibs, $1)=yes + ;; +@@ -6154,7 +6332,7 @@ + fi + ;; + +- sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7*) ++ sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*) + _LT_AC_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' + _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no +@@ -6229,7 +6407,7 @@ + # to ld, don't add -lc before -lgcc. + AC_MSG_CHECKING([whether -lc should be explicitly linked in]) + $rm conftest* +- printf "$lt_simple_compile_test_code" > conftest.$ac_ext ++ echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + if AC_TRY_EVAL(ac_compile) 2>conftest.err; then + soname=conftest +@@ -6332,6 +6510,30 @@ + [AC_CHECK_TOOL(RC, windres, no) + ]) + ++ ++# Cheap backport of AS_EXECUTABLE_P and required macros ++# from Autoconf 2.59; we should not use $as_executable_p directly. ++ ++# _AS_TEST_PREPARE ++# ---------------- ++m4_ifndef([_AS_TEST_PREPARE], ++[m4_defun([_AS_TEST_PREPARE], ++[if test -x / >/dev/null 2>&1; then ++ as_executable_p='test -x' ++else ++ as_executable_p='test -f' ++fi ++])])# _AS_TEST_PREPARE ++ ++# AS_EXECUTABLE_P ++# --------------- ++# Check whether a file is executable. ++m4_ifndef([AS_EXECUTABLE_P], ++[m4_defun([AS_EXECUTABLE_P], ++[AS_REQUIRE([_AS_TEST_PREPARE])dnl ++$as_executable_p $1[]dnl ++])])# AS_EXECUTABLE_P ++ + # NOTE: This macro has been submitted for inclusion into # + # GNU Autoconf as AC_PROG_SED. When it is available in # + # a released version of Autoconf we should remove this # +@@ -6352,12 +6554,13 @@ + test -z "$as_dir" && as_dir=. + for lt_ac_prog in sed gsed; do + for ac_exec_ext in '' $ac_executable_extensions; do +- if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then ++ if AS_EXECUTABLE_P(["$as_dir/$lt_ac_prog$ac_exec_ext"]); then + lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext" + fi + done + done + done ++IFS=$as_save_IFS + lt_ac_max=0 + lt_ac_count=0 + # Add /usr/xpg4/bin/sed as it is typically found on Solaris +@@ -6390,6 +6593,7 @@ + done + ]) + SED=$lt_cv_path_SED ++AC_SUBST([SED]) + AC_MSG_RESULT([$SED]) + ]) + +Index: pam/Linux-PAM/conf/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/conf/Makefile.in ++++ pam/Linux-PAM/conf/Makefile.in +@@ -150,6 +150,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/conf/pam_conv1/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/conf/pam_conv1/Makefile.in ++++ pam/Linux-PAM/conf/pam_conv1/Makefile.in +@@ -170,6 +170,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/config.h.in +=================================================================== +--- pam.orig/Linux-PAM/config.h.in ++++ pam/Linux-PAM/config.h.in +@@ -19,6 +19,9 @@ + the CoreFoundation framework. */ + #undef HAVE_CFPREFERENCESCOPYAPPVALUE + ++/* Define to 1 if you have the <crack.h> header file. */ ++#undef HAVE_CRACK_H ++ + /* Define to 1 if you have the <crypt.h> header file. */ + #undef HAVE_CRYPT_H + +@@ -126,6 +129,9 @@ + /* Define to 1 if you have the <ndir.h> header file, and it defines `DIR'. */ + #undef HAVE_NDIR_H + ++/* Define to 1 if you have the <net/if.h> header file. */ ++#undef HAVE_NET_IF_H ++ + /* Define to 1 if you have the <paths.h> header file. */ + #undef HAVE_PATHS_H + +@@ -165,6 +171,9 @@ + /* Define to 1 if you have the <syslog.h> header file. */ + #undef HAVE_SYSLOG_H + ++/* Define to 1 if you have the <sys/capability.h> header file. */ ++#undef HAVE_SYS_CAPABILITY_H ++ + /* Define to 1 if you have the <sys/dir.h> header file, and it defines `DIR'. + */ + #undef HAVE_SYS_DIR_H +Index: pam/Linux-PAM/configure +=================================================================== +--- pam.orig/Linux-PAM/configure ++++ pam/Linux-PAM/configure +@@ -859,6 +859,7 @@ + LEX_OUTPUT_ROOT + LEXLIB + LN_S ++SED + GREP + EGREP + ECHO +@@ -4252,12 +4253,13 @@ + test -z "$as_dir" && as_dir=. + for lt_ac_prog in sed gsed; do + for ac_exec_ext in '' $ac_executable_extensions; do +- if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then ++ if { test -f "$as_dir/$lt_ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$lt_ac_prog$ac_exec_ext"; }; then + lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext" + fi + done + done + done ++IFS=$as_save_IFS + lt_ac_max=0 + lt_ac_count=0 + # Add /usr/xpg4/bin/sed as it is typically found on Solaris +@@ -4292,6 +4294,7 @@ + fi + + SED=$lt_cv_path_SED ++ + { echo "$as_me:$LINENO: result: $SED" >&5 + echo "${ECHO_T}$SED" >&6; } + +@@ -4642,8 +4645,8 @@ + echo "${ECHO_T}$lt_cv_path_NM" >&6; } + NM="$lt_cv_path_NM" + +-{ echo "$as_me:$LINENO: checking how to recognise dependent libraries" >&5 +-echo $ECHO_N "checking how to recognise dependent libraries... $ECHO_C" >&6; } ++{ echo "$as_me:$LINENO: checking how to recognize dependent libraries" >&5 ++echo $ECHO_N "checking how to recognize dependent libraries... $ECHO_C" >&6; } + if test "${lt_cv_deplibs_check_method+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 + else +@@ -4684,16 +4687,22 @@ + + mingw* | pw32*) + # Base MSYS/MinGW do not provide the 'file' command needed by +- # func_win32_libid shell function, so use a weaker test based on 'objdump'. +- lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?' +- lt_cv_file_magic_cmd='$OBJDUMP -f' ++ # func_win32_libid shell function, so use a weaker test based on 'objdump', ++ # unless we find 'file', for example because we are cross-compiling. ++ if ( file / ) >/dev/null 2>&1; then ++ lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' ++ lt_cv_file_magic_cmd='func_win32_libid' ++ else ++ lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?' ++ lt_cv_file_magic_cmd='$OBJDUMP -f' ++ fi + ;; + + darwin* | rhapsody*) + lt_cv_deplibs_check_method=pass_all + ;; + +-freebsd* | kfreebsd*-gnu | dragonfly*) ++freebsd* | dragonfly*) + if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then + case $host_cpu in + i*86 ) +@@ -4731,7 +4740,7 @@ + esac + ;; + +-interix3*) ++interix[3-9]*) + # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here + lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|\.a)$' + ;; +@@ -4747,11 +4756,11 @@ + ;; + + # This must be Linux ELF. +-linux*) ++linux* | k*bsd*-gnu) + lt_cv_deplibs_check_method=pass_all + ;; + +-netbsd*) ++netbsd* | netbsdelf*-gnu) + if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then + lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$' + else +@@ -4781,6 +4790,10 @@ + lt_cv_deplibs_check_method=pass_all + ;; + ++rdos*) ++ lt_cv_deplibs_check_method=pass_all ++ ;; ++ + solaris*) + lt_cv_deplibs_check_method=pass_all + ;; +@@ -4867,7 +4880,7 @@ + ;; + *-*-irix6*) + # Find out which ABI we are using. +- echo '#line 4870 "configure"' > conftest.$ac_ext ++ echo '#line 4883 "configure"' > conftest.$ac_ext + if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? +@@ -4902,7 +4915,8 @@ + rm -rf conftest* + ;; + +-x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*|s390*-*linux*|sparc*-*linux*) ++x86_64-*kfreebsd*-gnu|x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*| \ ++s390*-*linux*|sparc*-*linux*) + # Find out which ABI we are using. + echo 'int i;' > conftest.$ac_ext + if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 +@@ -4913,6 +4927,9 @@ + case `/usr/bin/file conftest.o` in + *32-bit*) + case $host in ++ x86_64-*kfreebsd*-gnu) ++ LD="${LD-ld} -m elf_i386_fbsd" ++ ;; + x86_64-*linux*) + LD="${LD-ld} -m elf_i386" + ;; +@@ -4929,6 +4946,9 @@ + ;; + *64-bit*) + case $host in ++ x86_64-*kfreebsd*-gnu) ++ LD="${LD-ld} -m elf_x86_64_fbsd" ++ ;; + x86_64-*linux*) + LD="${LD-ld} -m elf_x86_64" + ;; +@@ -6716,24 +6736,27 @@ + fi + ;; + *) +- # If test is not a shell built-in, we'll probably end up computing a +- # maximum length that is only half of the actual maximum length, but +- # we can't tell. +- SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}} +- while (test "X"`$SHELL $0 --fallback-echo "X$teststring" 2>/dev/null` \ ++ lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null` ++ if test -n "$lt_cv_sys_max_cmd_len"; then ++ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` ++ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` ++ else ++ SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}} ++ while (test "X"`$SHELL $0 --fallback-echo "X$teststring" 2>/dev/null` \ + = "XX$teststring") >/dev/null 2>&1 && +- new_result=`expr "X$teststring" : ".*" 2>&1` && +- lt_cv_sys_max_cmd_len=$new_result && +- test $i != 17 # 1/2 MB should be enough +- do +- i=`expr $i + 1` +- teststring=$teststring$teststring +- done +- teststring= +- # Add a significant safety factor because C++ compilers can tack on massive +- # amounts of additional arguments before passing them to the linker. +- # It appears as though 1/2 is a usable value. +- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2` ++ new_result=`expr "X$teststring" : ".*" 2>&1` && ++ lt_cv_sys_max_cmd_len=$new_result && ++ test $i != 17 # 1/2 MB should be enough ++ do ++ i=`expr $i + 1` ++ teststring=$teststring$teststring ++ done ++ teststring= ++ # Add a significant safety factor because C++ compilers can tack on massive ++ # amounts of additional arguments before passing them to the linker. ++ # It appears as though 1/2 is a usable value. ++ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2` ++ fi + ;; + esac + +@@ -6750,6 +6773,7 @@ + + + ++ + # Check for command to grab the raw symbol name followed by C symbol from nm. + { echo "$as_me:$LINENO: checking command to parse $NM output from $compiler object" >&5 + echo $ECHO_N "checking command to parse $NM output from $compiler object... $ECHO_C" >&6; } +@@ -6787,7 +6811,7 @@ + lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'" + lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\) $/ {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"\2\", (lt_ptr) \&\2},/p'" + ;; +-linux*) ++linux* | k*bsd*-gnu) + if test "$host_cpu" = ia64; then + symcode='[ABCDGIRSTW]' + lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'" +@@ -7338,7 +7362,7 @@ + test -z "$ac_objext" && ac_objext=o + + # Determine commands to create old-style static archives. +-old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs$old_deplibs' ++old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs' + old_postinstall_cmds='chmod 644 $oldlib' + old_postuninstall_cmds= + +@@ -7538,10 +7562,10 @@ + objext=$objext + + # Code to be used in simple compile tests +-lt_simple_compile_test_code="int some_variable = 0;\n" ++lt_simple_compile_test_code="int some_variable = 0;" + + # Code to be used in simple link tests +-lt_simple_link_test_code='int main(){return(0);}\n' ++lt_simple_link_test_code='int main(){return(0);}' + + + # If no C compiler was specified, use CC. +@@ -7556,13 +7580,13 @@ + + # save warnings/boilerplate of simple test code + ac_outfile=conftest.$ac_objext +-printf "$lt_simple_compile_test_code" >conftest.$ac_ext ++echo "$lt_simple_compile_test_code" >conftest.$ac_ext + eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err + _lt_compiler_boilerplate=`cat conftest.err` + $rm conftest* + + ac_outfile=conftest.$ac_objext +-printf "$lt_simple_link_test_code" >conftest.$ac_ext ++echo "$lt_simple_link_test_code" >conftest.$ac_ext + eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err + _lt_linker_boilerplate=`cat conftest.err` + $rm conftest* +@@ -7582,7 +7606,7 @@ + else + lt_cv_prog_compiler_rtti_exceptions=no + ac_outfile=conftest.$ac_objext +- printf "$lt_simple_compile_test_code" > conftest.$ac_ext ++ echo "$lt_simple_compile_test_code" > conftest.$ac_ext + lt_compiler_flag="-fno-rtti -fno-exceptions" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. +@@ -7593,11 +7617,11 @@ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` +- (eval echo "\"\$as_me:7596: $lt_compile\"" >&5) ++ (eval echo "\"\$as_me:7620: $lt_compile\"" >&5) + (eval "$lt_compile" 2>conftest.err) + ac_status=$? + cat conftest.err >&5 +- echo "$as_me:7600: \$? = $ac_status" >&5 ++ echo "$as_me:7624: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s "$ac_outfile"; then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings other than the usual output. +@@ -7648,13 +7672,15 @@ + lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4' + ;; + +- beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) ++ beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) + # PIC is the default for these OSes. + ;; + +- mingw* | pw32* | os2*) ++ mingw* | cygwin* | pw32* | os2*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). ++ # Although the cygwin gcc ignores -fPIC, still need this for old-style ++ # (--disable-auto-import) libraries + lt_prog_compiler_pic='-DDLL_EXPORT' + ;; + +@@ -7664,7 +7690,7 @@ + lt_prog_compiler_pic='-fno-common' + ;; + +- interix3*) ++ interix[3-9]*) + # Interix 3.x gcc -fpic/-fPIC options generate broken code. + # Instead, we relocate shared libraries at runtime. + ;; +@@ -7722,7 +7748,7 @@ + esac + ;; + +- mingw* | pw32* | os2*) ++ mingw* | cygwin* | pw32* | os2*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + lt_prog_compiler_pic='-DDLL_EXPORT' +@@ -7755,7 +7781,7 @@ + lt_prog_compiler_static='-Bstatic' + ;; + +- linux*) ++ linux* | k*bsd*-gnu) + case $cc_basename in + icc* | ecc*) + lt_prog_compiler_wl='-Wl,' +@@ -7774,6 +7800,22 @@ + # All Alpha code is PIC. + lt_prog_compiler_static='-non_shared' + ;; ++ *) ++ case `$CC -V 2>&1 | sed 5q` in ++ *Sun\ C*) ++ # Sun C 5.9 ++ lt_prog_compiler_pic='-KPIC' ++ lt_prog_compiler_static='-Bstatic' ++ lt_prog_compiler_wl='-Wl,' ++ ;; ++ *Sun\ F*) ++ # Sun Fortran 8.3 passes all unrecognized flags to the linker ++ lt_prog_compiler_pic='-KPIC' ++ lt_prog_compiler_static='-Bstatic' ++ lt_prog_compiler_wl='' ++ ;; ++ esac ++ ;; + esac + ;; + +@@ -7783,6 +7825,10 @@ + lt_prog_compiler_static='-non_shared' + ;; + ++ rdos*) ++ lt_prog_compiler_static='-non_shared' ++ ;; ++ + solaris*) + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' +@@ -7850,7 +7896,7 @@ + else + lt_prog_compiler_pic_works=no + ac_outfile=conftest.$ac_objext +- printf "$lt_simple_compile_test_code" > conftest.$ac_ext ++ echo "$lt_simple_compile_test_code" > conftest.$ac_ext + lt_compiler_flag="$lt_prog_compiler_pic -DPIC" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. +@@ -7861,11 +7907,11 @@ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` +- (eval echo "\"\$as_me:7864: $lt_compile\"" >&5) ++ (eval echo "\"\$as_me:7910: $lt_compile\"" >&5) + (eval "$lt_compile" 2>conftest.err) + ac_status=$? + cat conftest.err >&5 +- echo "$as_me:7868: \$? = $ac_status" >&5 ++ echo "$as_me:7914: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s "$ac_outfile"; then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings other than the usual output. +@@ -7914,7 +7960,7 @@ + lt_prog_compiler_static_works=no + save_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS $lt_tmp_static_flag" +- printf "$lt_simple_link_test_code" > conftest.$ac_ext ++ echo "$lt_simple_link_test_code" > conftest.$ac_ext + if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then + # The linker can only warn and ignore the option if not recognized + # So say no if there are warnings +@@ -7954,7 +8000,7 @@ + mkdir conftest + cd conftest + mkdir out +- printf "$lt_simple_compile_test_code" > conftest.$ac_ext ++ echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + lt_compiler_flag="-o out/conftest2.$ac_objext" + # Insert the option either (1) after the last *FLAGS variable, or +@@ -7965,11 +8011,11 @@ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` +- (eval echo "\"\$as_me:7968: $lt_compile\"" >&5) ++ (eval echo "\"\$as_me:8014: $lt_compile\"" >&5) + (eval "$lt_compile" 2>out/conftest.err) + ac_status=$? + cat out/conftest.err >&5 +- echo "$as_me:7972: \$? = $ac_status" >&5 ++ echo "$as_me:8018: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s out/conftest2.$ac_objext + then + # The compiler can only warn and ignore the option if not recognized +@@ -8161,7 +8207,7 @@ + allow_undefined_flag=unsupported + always_export_symbols=no + enable_shared_with_static_runtimes=yes +- export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols' ++ export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/'\'' -e '\''/^[AITW][ ]/s/.*[ ]//'\'' | sort | uniq > $export_symbols' + + if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' +@@ -8179,7 +8225,7 @@ + fi + ;; + +- interix3*) ++ interix[3-9]*) + hardcode_direct=no + hardcode_shlibpath_var=no + hardcode_libdir_flag_spec='${wl}-rpath,$libdir' +@@ -8194,7 +8240,7 @@ + archive_expsym_cmds='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + ;; + +- linux*) ++ gnu* | linux* | k*bsd*-gnu) + if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then + tmp_addflag= + case $cc_basename,$host_cpu in +@@ -8212,20 +8258,30 @@ + ifc* | ifort*) # Intel Fortran compiler + tmp_addflag=' -nofor_main' ;; + esac +- archive_cmds='$CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' ++ case `$CC -V 2>&1 | sed 5q` in ++ *Sun\ C*) # Sun C 5.9 ++ whole_archive_flag_spec='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive' ++ tmp_sharedflag='-G' ;; ++ *Sun\ F*) # Sun Fortran 8.3 ++ tmp_sharedflag='-G' ;; ++ *) ++ tmp_sharedflag='-shared' ;; ++ esac ++ archive_cmds='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + + if test $supports_anon_versioning = yes; then + archive_expsym_cmds='$echo "{ global:" > $output_objdir/$libname.ver~ + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + $echo "local: *; };" >> $output_objdir/$libname.ver~ +- $CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' ++ $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' + fi ++ link_all_deplibs=no + else + ld_shlibs=no + fi + ;; + +- netbsd*) ++ netbsd* | netbsdelf*-gnu) + if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then + archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' + wlarc= +@@ -8377,7 +8433,7 @@ + strings "$collect2name" | grep resolve_lib_name >/dev/null + then + # We have reworked collect2 +- hardcode_direct=yes ++ : + else + # We have old collect2 + hardcode_direct=unsupported +@@ -8451,11 +8507,18 @@ + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + +-aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } +-}'` ++lt_aix_libpath_sed=' ++ /Import File Strings/,/^$/ { ++ /^0/ { ++ s/^0 *\(.*\)$/\1/ ++ p ++ } ++ }' ++aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + # Check for a 64-bit object if we didn't find anything. +-if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } +-}'`; fi ++if test -z "$aix_libpath"; then ++ aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` ++fi + else + echo "$as_me: failed program was:" >&5 + sed 's/^/| /' conftest.$ac_ext >&5 +@@ -8510,11 +8573,18 @@ + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + +-aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } +-}'` ++lt_aix_libpath_sed=' ++ /Import File Strings/,/^$/ { ++ /^0/ { ++ s/^0 *\(.*\)$/\1/ ++ p ++ } ++ }' ++aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + # Check for a 64-bit object if we didn't find anything. +-if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } +-}'`; fi ++if test -z "$aix_libpath"; then ++ aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` ++fi + else + echo "$as_me: failed program was:" >&5 + sed 's/^/| /' conftest.$ac_ext >&5 +@@ -8568,7 +8638,7 @@ + # The linker will automatically build a .lib file if we build a DLL. + old_archive_From_new_cmds='true' + # FIXME: Should let the user specify the lib program. +- old_archive_cmds='lib /OUT:$oldlib$oldobjs$old_deplibs' ++ old_archive_cmds='lib -OUT:$oldlib$oldobjs$old_deplibs' + fix_srcfile_path='`cygpath -w "$srcfile"`' + enable_shared_with_static_runtimes=yes + ;; +@@ -8610,10 +8680,10 @@ + case $cc_basename in + xlc*) + output_verbose_link_cmd='echo' +- archive_cmds='$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring' ++ archive_cmds='$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $xlcverstring' + module_cmds='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' + # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds +- archive_expsym_cmds='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' ++ archive_expsym_cmds='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $xlcverstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' + module_expsym_cmds='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' + ;; + *) +@@ -8653,7 +8723,7 @@ + ;; + + # FreeBSD 3 and greater uses gcc -shared to do shared libraries. +- freebsd* | kfreebsd*-gnu | dragonfly*) ++ freebsd* | dragonfly*) + archive_cmds='$CC -shared -o $lib $libobjs $deplibs $compiler_flags' + hardcode_libdir_flag_spec='-R$libdir' + hardcode_direct=yes +@@ -8755,7 +8825,7 @@ + link_all_deplibs=yes + ;; + +- netbsd*) ++ netbsd* | netbsdelf*-gnu) + if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then + archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out + else +@@ -8775,24 +8845,28 @@ + ;; + + openbsd*) +- hardcode_direct=yes +- hardcode_shlibpath_var=no +- if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then +- archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' +- archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols' +- hardcode_libdir_flag_spec='${wl}-rpath,$libdir' +- export_dynamic_flag_spec='${wl}-E' ++ if test -f /usr/libexec/ld.so; then ++ hardcode_direct=yes ++ hardcode_shlibpath_var=no ++ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then ++ archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' ++ archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols' ++ hardcode_libdir_flag_spec='${wl}-rpath,$libdir' ++ export_dynamic_flag_spec='${wl}-E' ++ else ++ case $host_os in ++ openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*) ++ archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' ++ hardcode_libdir_flag_spec='-R$libdir' ++ ;; ++ *) ++ archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' ++ hardcode_libdir_flag_spec='${wl}-rpath,$libdir' ++ ;; ++ esac ++ fi + else +- case $host_os in +- openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*) +- archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' +- hardcode_libdir_flag_spec='-R$libdir' +- ;; +- *) +- archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' +- hardcode_libdir_flag_spec='${wl}-rpath,$libdir' +- ;; +- esac ++ ld_shlibs=no + fi + ;; + +@@ -8851,17 +8925,16 @@ + case $host_os in + solaris2.[0-5] | solaris2.[0-5].*) ;; + *) +- # The compiler driver will combine linker options so we +- # cannot just pass the convience library names through +- # without $wl, iff we do not link with $LD. +- # Luckily, gcc supports the same syntax we need for Sun Studio. ++ # The compiler driver will combine and reorder linker options, ++ # but understands `-z linker_flag'. GCC discards it without `$wl', ++ # but is careful enough not to reorder. + # Supported since Solaris 2.6 (maybe 2.5.1?) +- case $wlarc in +- '') +- whole_archive_flag_spec='-z allextract$convenience -z defaultextract' ;; +- *) +- whole_archive_flag_spec='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract' ;; +- esac ;; ++ if test "$GCC" = yes; then ++ whole_archive_flag_spec='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' ++ else ++ whole_archive_flag_spec='-z allextract$convenience -z defaultextract' ++ fi ++ ;; + esac + link_all_deplibs=yes + ;; +@@ -8918,7 +8991,7 @@ + fi + ;; + +- sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7*) ++ sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*) + no_undefined_flag='${wl}-z,text' + archive_cmds_need_lc=no + hardcode_shlibpath_var=no +@@ -8995,7 +9068,7 @@ + { echo "$as_me:$LINENO: checking whether -lc should be explicitly linked in" >&5 + echo $ECHO_N "checking whether -lc should be explicitly linked in... $ECHO_C" >&6; } + $rm conftest* +- printf "$lt_simple_compile_test_code" > conftest.$ac_ext ++ echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 +@@ -9053,17 +9126,55 @@ + version_type=none + dynamic_linker="$host_os ld.so" + sys_lib_dlsearch_path_spec="/lib /usr/lib" ++ + if test "$GCC" = yes; then +- sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"` +- if echo "$sys_lib_search_path_spec" | grep ';' >/dev/null ; then ++ case $host_os in ++ darwin*) lt_awk_arg="/^libraries:/,/LR/" ;; ++ *) lt_awk_arg="/^libraries:/" ;; ++ esac ++ lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e "s,=/,/,g"` ++ if echo "$lt_search_path_spec" | grep ';' >/dev/null ; then + # if the path contains ";" then we assume it to be the separator + # otherwise default to the standard path separator (i.e. ":") - it is + # assumed that no part of a normal pathname contains ";" but that should + # okay in the real world where ";" in dirpaths is itself problematic. +- sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` ++ lt_search_path_spec=`echo "$lt_search_path_spec" | $SED -e 's/;/ /g'` + else +- sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` ++ lt_search_path_spec=`echo "$lt_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` + fi ++ # Ok, now we have the path, separated by spaces, we can step through it ++ # and add multilib dir if necessary. ++ lt_tmp_lt_search_path_spec= ++ lt_multi_os_dir=`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null` ++ for lt_sys_path in $lt_search_path_spec; do ++ if test -d "$lt_sys_path/$lt_multi_os_dir"; then ++ lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path/$lt_multi_os_dir" ++ else ++ test -d "$lt_sys_path" && \ ++ lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path" ++ fi ++ done ++ lt_search_path_spec=`echo $lt_tmp_lt_search_path_spec | awk ' ++BEGIN {RS=" "; FS="/|\n";} { ++ lt_foo=""; ++ lt_count=0; ++ for (lt_i = NF; lt_i > 0; lt_i--) { ++ if ($lt_i != "" && $lt_i != ".") { ++ if ($lt_i == "..") { ++ lt_count++; ++ } else { ++ if (lt_count == 0) { ++ lt_foo="/" $lt_i lt_foo; ++ } else { ++ lt_count--; ++ } ++ } ++ } ++ } ++ if (lt_foo != "") { lt_freq[lt_foo]++; } ++ if (lt_freq[lt_foo] == 1) { print lt_foo; } ++}'` ++ sys_lib_search_path_spec=`echo $lt_search_path_spec` + else + sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" + fi +@@ -9223,12 +9334,8 @@ + shlibpath_overrides_runpath=yes + shlibpath_var=DYLD_LIBRARY_PATH + shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' +- # Apple's gcc prints 'gcc -print-search-dirs' doesn't operate the same. +- if test "$GCC" = yes; then +- sys_lib_search_path_spec=`$CC -print-search-dirs | tr "\n" "$PATH_SEPARATOR" | sed -e 's/libraries:/@libraries:/' | tr "@" "\n" | grep "^libraries:" | sed -e "s/^libraries://" -e "s,=/,/,g" -e "s,$PATH_SEPARATOR, ,g" -e "s,.*,& /lib /usr/lib /usr/local/lib,g"` +- else +- sys_lib_search_path_spec='/lib /usr/lib /usr/local/lib' +- fi ++ ++ sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib" + sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' + ;; + +@@ -9245,18 +9352,6 @@ + dynamic_linker=no + ;; + +-kfreebsd*-gnu) +- version_type=linux +- need_lib_prefix=no +- need_version=no +- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' +- soname_spec='${libname}${release}${shared_ext}$major' +- shlibpath_var=LD_LIBRARY_PATH +- shlibpath_overrides_runpath=no +- hardcode_into_libs=yes +- dynamic_linker='GNU ld.so' +- ;; +- + freebsd* | dragonfly*) + # DragonFly does not have aout. When/if they implement a new + # versioning mechanism, adjust this. +@@ -9294,7 +9389,7 @@ + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; +- freebsd*) # from 4.6 on ++ *) # from 4.6 on, and DragonFly + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; +@@ -9357,7 +9452,7 @@ + postinstall_cmds='chmod 555 $lib' + ;; + +-interix3*) ++interix[3-9]*) + version_type=linux + need_lib_prefix=no + need_version=no +@@ -9412,7 +9507,7 @@ + ;; + + # This must be Linux ELF. +-linux*) ++linux* | k*bsd*-gnu) + version_type=linux + need_lib_prefix=no + need_version=no +@@ -9428,7 +9523,7 @@ + + # Append ld.so.conf contents to the search path + if test -f /etc/ld.so.conf; then +- lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` ++ lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` + sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" + fi + +@@ -9441,7 +9536,7 @@ + dynamic_linker='GNU/Linux ld.so' + ;; + +-knetbsd*-gnu) ++netbsdelf*-gnu) + version_type=linux + need_lib_prefix=no + need_version=no +@@ -9450,7 +9545,7 @@ + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes +- dynamic_linker='GNU ld.so' ++ dynamic_linker='NetBSD ld.elf_so' + ;; + + netbsd*) +@@ -9534,6 +9629,10 @@ + sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" + ;; + ++rdos*) ++ dynamic_linker=no ++ ;; ++ + solaris*) + version_type=linux + need_lib_prefix=no +@@ -9687,6 +9786,7 @@ + darwin*) + if test -n "$STRIP" ; then + striplib="$STRIP -x" ++ old_striplib="$STRIP -S" + { echo "$as_me:$LINENO: result: yes" >&5 + echo "${ECHO_T}yes" >&6; } + else +@@ -10273,7 +10373,7 @@ + lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 + lt_status=$lt_dlunknown + cat > conftest.$ac_ext <<EOF +-#line 10276 "configure" ++#line 10376 "configure" + #include "confdefs.h" + + #if HAVE_DLFCN_H +@@ -10373,7 +10473,7 @@ + lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 + lt_status=$lt_dlunknown + cat > conftest.$ac_ext <<EOF +-#line 10376 "configure" ++#line 10476 "configure" + #include "confdefs.h" + + #if HAVE_DLFCN_H +@@ -10571,6 +10671,7 @@ + module_cmds \ + module_expsym_cmds \ + lt_cv_prog_compiler_c_o \ ++ fix_srcfile_path \ + exclude_expsyms \ + include_expsyms; do + +@@ -10615,7 +10716,7 @@ + # Generated automatically by $PROGRAM (GNU $PACKAGE $VERSION$TIMESTAMP) + # NOTE: Changes made to this file will be lost: look at ltmain.sh. + # +-# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001 ++# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 + # Free Software Foundation, Inc. + # + # This file is part of GNU Libtool: +@@ -10939,7 +11040,7 @@ + sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec + + # Fix the shell variable \$srcfile for the compiler. +-fix_srcfile_path="$fix_srcfile_path" ++fix_srcfile_path=$lt_fix_srcfile_path + + # Set to yes if exported symbols are required. + always_export_symbols=$always_export_symbols +@@ -11108,10 +11209,10 @@ + objext_CXX=$objext + + # Code to be used in simple compile tests +-lt_simple_compile_test_code="int some_variable = 0;\n" ++lt_simple_compile_test_code="int some_variable = 0;" + + # Code to be used in simple link tests +-lt_simple_link_test_code='int main(int, char *[]) { return(0); }\n' ++lt_simple_link_test_code='int main(int, char *[]) { return(0); }' + + # ltmain only uses $CC for tagged configurations so make sure $CC is set. + +@@ -11127,13 +11228,13 @@ + + # save warnings/boilerplate of simple test code + ac_outfile=conftest.$ac_objext +-printf "$lt_simple_compile_test_code" >conftest.$ac_ext ++echo "$lt_simple_compile_test_code" >conftest.$ac_ext + eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err + _lt_compiler_boilerplate=`cat conftest.err` + $rm conftest* + + ac_outfile=conftest.$ac_objext +-printf "$lt_simple_link_test_code" >conftest.$ac_ext ++echo "$lt_simple_link_test_code" >conftest.$ac_ext + eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err + _lt_linker_boilerplate=`cat conftest.err` + $rm conftest* +@@ -11392,7 +11493,7 @@ + strings "$collect2name" | grep resolve_lib_name >/dev/null + then + # We have reworked collect2 +- hardcode_direct_CXX=yes ++ : + else + # We have old collect2 + hardcode_direct_CXX=unsupported +@@ -11466,11 +11567,18 @@ + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + +-aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } +-}'` ++lt_aix_libpath_sed=' ++ /Import File Strings/,/^$/ { ++ /^0/ { ++ s/^0 *\(.*\)$/\1/ ++ p ++ } ++ }' ++aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + # Check for a 64-bit object if we didn't find anything. +-if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } +-}'`; fi ++if test -z "$aix_libpath"; then ++ aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` ++fi + else + echo "$as_me: failed program was:" >&5 + sed 's/^/| /' conftest.$ac_ext >&5 +@@ -11526,11 +11634,18 @@ + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + +-aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } +-}'` ++lt_aix_libpath_sed=' ++ /Import File Strings/,/^$/ { ++ /^0/ { ++ s/^0 *\(.*\)$/\1/ ++ p ++ } ++ }' ++aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + # Check for a 64-bit object if we didn't find anything. +-if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } +-}'`; fi ++if test -z "$aix_libpath"; then ++ aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` ++fi + else + echo "$as_me: failed program was:" >&5 + sed 's/^/| /' conftest.$ac_ext >&5 +@@ -11649,10 +11764,10 @@ + case $cc_basename in + xlc*) + output_verbose_link_cmd='echo' +- archive_cmds_CXX='$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring' ++ archive_cmds_CXX='$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $xlcverstring' + module_cmds_CXX='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' + # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds +- archive_expsym_cmds_CXX='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' ++ archive_expsym_cmds_CXX='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $xlcverstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' + module_expsym_cmds_CXX='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' + ;; + *) +@@ -11686,7 +11801,7 @@ + freebsd-elf*) + archive_cmds_need_lc_CXX=no + ;; +- freebsd* | kfreebsd*-gnu | dragonfly*) ++ freebsd* | dragonfly*) + # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF + # conventions + ld_shlibs_CXX=yes +@@ -11735,9 +11850,7 @@ + hardcode_libdir_separator_CXX=: + + case $host_cpu in +- hppa*64*|ia64*) +- hardcode_libdir_flag_spec_ld_CXX='+b $libdir' +- ;; ++ hppa*64*|ia64*) ;; + *) + export_dynamic_flag_spec_CXX='${wl}-E' + ;; +@@ -11805,7 +11918,7 @@ + ;; + esac + ;; +- interix3*) ++ interix[3-9]*) + hardcode_direct_CXX=no + hardcode_shlibpath_var_CXX=no + hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir' +@@ -11845,7 +11958,7 @@ + hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir' + hardcode_libdir_separator_CXX=: + ;; +- linux*) ++ linux* | k*bsd*-gnu) + case $cc_basename in + KCC*) + # Kuck and Associates, Inc. (KAI) C++ Compiler +@@ -11925,6 +12038,29 @@ + # dependencies. + output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list' + ;; ++ *) ++ case `$CC -V 2>&1 | sed 5q` in ++ *Sun\ C*) ++ # Sun C++ 5.9 ++ no_undefined_flag_CXX=' -zdefs' ++ archive_cmds_CXX='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ++ archive_expsym_cmds_CXX='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file ${wl}$export_symbols' ++ hardcode_libdir_flag_spec_CXX='-R$libdir' ++ whole_archive_flag_spec_CXX='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive' ++ ++ # Not sure whether something based on ++ # $CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 ++ # would be better. ++ output_verbose_link_cmd='echo' ++ ++ # Archives containing C++ object files must be created using ++ # "CC -xar", where "CC" is the Sun C++ compiler. This is ++ # necessary to make sure instantiated templates are included ++ # in the archive. ++ old_archive_cmds_CXX='$CC -xar -o $oldlib $oldobjs' ++ ;; ++ esac ++ ;; + esac + ;; + lynxos*) +@@ -11947,7 +12083,7 @@ + ;; + esac + ;; +- netbsd*) ++ netbsd* | netbsdelf*-gnu) + if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then + archive_cmds_CXX='$LD -Bshareable -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags' + wlarc= +@@ -11963,16 +12099,20 @@ + ld_shlibs_CXX=no + ;; + openbsd*) +- hardcode_direct_CXX=yes +- hardcode_shlibpath_var_CXX=no +- archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' +- hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir' +- if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then +- archive_expsym_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file,$export_symbols -o $lib' +- export_dynamic_flag_spec_CXX='${wl}-E' +- whole_archive_flag_spec_CXX="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' ++ if test -f /usr/libexec/ld.so; then ++ hardcode_direct_CXX=yes ++ hardcode_shlibpath_var_CXX=no ++ archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' ++ hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir' ++ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then ++ archive_expsym_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file,$export_symbols -o $lib' ++ export_dynamic_flag_spec_CXX='${wl}-E' ++ whole_archive_flag_spec_CXX="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' ++ fi ++ output_verbose_link_cmd='echo' ++ else ++ ld_shlibs_CXX=no + fi +- output_verbose_link_cmd='echo' + ;; + osf3*) + case $cc_basename in +@@ -12134,15 +12274,10 @@ + case $host_os in + solaris2.[0-5] | solaris2.[0-5].*) ;; + *) +- # The C++ compiler is used as linker so we must use $wl +- # flag to pass the commands to the underlying system +- # linker. We must also pass each convience library through +- # to the system linker between allextract/defaultextract. +- # The C++ compiler will combine linker options so we +- # cannot just pass the convience library names through +- # without $wl. ++ # The compiler driver will combine and reorder linker options, ++ # but understands `-z linker_flag'. + # Supported since Solaris 2.6 (maybe 2.5.1?) +- whole_archive_flag_spec_CXX='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract' ++ whole_archive_flag_spec_CXX='-z allextract$convenience -z defaultextract' + ;; + esac + link_all_deplibs_CXX=yes +@@ -12189,6 +12324,12 @@ + fi + + hardcode_libdir_flag_spec_CXX='${wl}-R $wl$libdir' ++ case $host_os in ++ solaris2.[0-5] | solaris2.[0-5].*) ;; ++ *) ++ whole_archive_flag_spec_CXX='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' ++ ;; ++ esac + fi + ;; + esac +@@ -12380,7 +12521,7 @@ + + # PORTME: override above test on systems where it is broken + case $host_os in +-interix3*) ++interix[3-9]*) + # Interix 3.5 installs completely hosed .la files for C++, so rather than + # hack all around it, let's just trust "g++" to DTRT. + predep_objects_CXX= +@@ -12388,13 +12529,46 @@ + postdeps_CXX= + ;; + ++linux*) ++ case `$CC -V 2>&1 | sed 5q` in ++ *Sun\ C*) ++ # Sun C++ 5.9 ++ # ++ # The more standards-conforming stlport4 library is ++ # incompatible with the Cstd library. Avoid specifying ++ # it if it's in CXXFLAGS. Ignore libCrun as ++ # -library=stlport4 depends on it. ++ case " $CXX $CXXFLAGS " in ++ *" -library=stlport4 "*) ++ solaris_use_stlport4=yes ++ ;; ++ esac ++ if test "$solaris_use_stlport4" != yes; then ++ postdeps_CXX='-library=Cstd -library=Crun' ++ fi ++ ;; ++ esac ++ ;; ++ + solaris*) + case $cc_basename in + CC*) ++ # The more standards-conforming stlport4 library is ++ # incompatible with the Cstd library. Avoid specifying ++ # it if it's in CXXFLAGS. Ignore libCrun as ++ # -library=stlport4 depends on it. ++ case " $CXX $CXXFLAGS " in ++ *" -library=stlport4 "*) ++ solaris_use_stlport4=yes ++ ;; ++ esac ++ + # Adding this requires a known-good setup of shared libraries for + # Sun compiler versions before 5.6, else PIC objects from an old + # archive will be linked into the output, leading to subtle bugs. +- postdeps_CXX='-lCstd -lCrun' ++ if test "$solaris_use_stlport4" != yes; then ++ postdeps_CXX='-library=Cstd -library=Crun' ++ fi + ;; + esac + ;; +@@ -12431,12 +12605,14 @@ + # like `-m68040'. + lt_prog_compiler_pic_CXX='-m68020 -resident32 -malways-restore-a4' + ;; +- beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) ++ beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) + # PIC is the default for these OSes. + ;; +- mingw* | os2* | pw32*) ++ mingw* | cygwin* | os2* | pw32*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). ++ # Although the cygwin gcc ignores -fPIC, still need this for old-style ++ # (--disable-auto-import) libraries + lt_prog_compiler_pic_CXX='-DDLL_EXPORT' + ;; + darwin* | rhapsody*) +@@ -12448,7 +12624,7 @@ + # DJGPP does not support shared libraries at all + lt_prog_compiler_pic_CXX= + ;; +- interix3*) ++ interix[3-9]*) + # Interix 3.x gcc -fpic/-fPIC options generate broken code. + # Instead, we relocate shared libraries at runtime. + ;; +@@ -12514,7 +12690,7 @@ + ;; + esac + ;; +- freebsd* | kfreebsd*-gnu | dragonfly*) ++ freebsd* | dragonfly*) + # FreeBSD uses GNU C++ + ;; + hpux9* | hpux10* | hpux11*) +@@ -12557,7 +12733,7 @@ + ;; + esac + ;; +- linux*) ++ linux* | k*bsd*-gnu) + case $cc_basename in + KCC*) + # KAI C++ Compiler +@@ -12584,6 +12760,14 @@ + lt_prog_compiler_static_CXX='-non_shared' + ;; + *) ++ case `$CC -V 2>&1 | sed 5q` in ++ *Sun\ C*) ++ # Sun C++ 5.9 ++ lt_prog_compiler_pic_CXX='-KPIC' ++ lt_prog_compiler_static_CXX='-Bstatic' ++ lt_prog_compiler_wl_CXX='-Qoption ld ' ++ ;; ++ esac + ;; + esac + ;; +@@ -12600,7 +12784,7 @@ + ;; + esac + ;; +- netbsd*) ++ netbsd* | netbsdelf*-gnu) + ;; + osf3* | osf4* | osf5*) + case $cc_basename in +@@ -12698,7 +12882,7 @@ + else + lt_prog_compiler_pic_works_CXX=no + ac_outfile=conftest.$ac_objext +- printf "$lt_simple_compile_test_code" > conftest.$ac_ext ++ echo "$lt_simple_compile_test_code" > conftest.$ac_ext + lt_compiler_flag="$lt_prog_compiler_pic_CXX -DPIC" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. +@@ -12709,11 +12893,11 @@ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` +- (eval echo "\"\$as_me:12712: $lt_compile\"" >&5) ++ (eval echo "\"\$as_me:12896: $lt_compile\"" >&5) + (eval "$lt_compile" 2>conftest.err) + ac_status=$? + cat conftest.err >&5 +- echo "$as_me:12716: \$? = $ac_status" >&5 ++ echo "$as_me:12900: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s "$ac_outfile"; then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings other than the usual output. +@@ -12762,7 +12946,7 @@ + lt_prog_compiler_static_works_CXX=no + save_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS $lt_tmp_static_flag" +- printf "$lt_simple_link_test_code" > conftest.$ac_ext ++ echo "$lt_simple_link_test_code" > conftest.$ac_ext + if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then + # The linker can only warn and ignore the option if not recognized + # So say no if there are warnings +@@ -12802,7 +12986,7 @@ + mkdir conftest + cd conftest + mkdir out +- printf "$lt_simple_compile_test_code" > conftest.$ac_ext ++ echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + lt_compiler_flag="-o out/conftest2.$ac_objext" + # Insert the option either (1) after the last *FLAGS variable, or +@@ -12813,11 +12997,11 @@ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` +- (eval echo "\"\$as_me:12816: $lt_compile\"" >&5) ++ (eval echo "\"\$as_me:13000: $lt_compile\"" >&5) + (eval "$lt_compile" 2>out/conftest.err) + ac_status=$? + cat out/conftest.err >&5 +- echo "$as_me:12820: \$? = $ac_status" >&5 ++ echo "$as_me:13004: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s out/conftest2.$ac_objext + then + # The compiler can only warn and ignore the option if not recognized +@@ -12883,7 +13067,10 @@ + export_symbols_cmds_CXX="$ltdll_cmds" + ;; + cygwin* | mingw*) +- export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS] /s/.* \([^ ]*\)/\1 DATA/;/^.* __nm__/s/^.* __nm__\([^ ]*\) [^ ]*/\1 DATA/;/^I /d;/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols' ++ export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/;/^.*[ ]__nm__/s/^.*[ ]__nm__\([^ ]*\)[ ][^ ]*/\1 DATA/;/^I[ ]/d;/^[AITW][ ]/s/.*[ ]//'\'' | sort | uniq > $export_symbols' ++ ;; ++ linux* | k*bsd*-gnu) ++ link_all_deplibs_CXX=no + ;; + *) + export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' +@@ -12914,7 +13101,7 @@ + { echo "$as_me:$LINENO: checking whether -lc should be explicitly linked in" >&5 + echo $ECHO_N "checking whether -lc should be explicitly linked in... $ECHO_C" >&6; } + $rm conftest* +- printf "$lt_simple_compile_test_code" > conftest.$ac_ext ++ echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 +@@ -12972,20 +13159,7 @@ + version_type=none + dynamic_linker="$host_os ld.so" + sys_lib_dlsearch_path_spec="/lib /usr/lib" +-if test "$GCC" = yes; then +- sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"` +- if echo "$sys_lib_search_path_spec" | grep ';' >/dev/null ; then +- # if the path contains ";" then we assume it to be the separator +- # otherwise default to the standard path separator (i.e. ":") - it is +- # assumed that no part of a normal pathname contains ";" but that should +- # okay in the real world where ";" in dirpaths is itself problematic. +- sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` +- else +- sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` +- fi +-else +- sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" +-fi ++ + need_lib_prefix=unknown + hardcode_into_libs=no + +@@ -13142,12 +13316,7 @@ + shlibpath_overrides_runpath=yes + shlibpath_var=DYLD_LIBRARY_PATH + shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' +- # Apple's gcc prints 'gcc -print-search-dirs' doesn't operate the same. +- if test "$GCC" = yes; then +- sys_lib_search_path_spec=`$CC -print-search-dirs | tr "\n" "$PATH_SEPARATOR" | sed -e 's/libraries:/@libraries:/' | tr "@" "\n" | grep "^libraries:" | sed -e "s/^libraries://" -e "s,=/,/,g" -e "s,$PATH_SEPARATOR, ,g" -e "s,.*,& /lib /usr/lib /usr/local/lib,g"` +- else +- sys_lib_search_path_spec='/lib /usr/lib /usr/local/lib' +- fi ++ + sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' + ;; + +@@ -13164,18 +13333,6 @@ + dynamic_linker=no + ;; + +-kfreebsd*-gnu) +- version_type=linux +- need_lib_prefix=no +- need_version=no +- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' +- soname_spec='${libname}${release}${shared_ext}$major' +- shlibpath_var=LD_LIBRARY_PATH +- shlibpath_overrides_runpath=no +- hardcode_into_libs=yes +- dynamic_linker='GNU ld.so' +- ;; +- + freebsd* | dragonfly*) + # DragonFly does not have aout. When/if they implement a new + # versioning mechanism, adjust this. +@@ -13213,7 +13370,7 @@ + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; +- freebsd*) # from 4.6 on ++ *) # from 4.6 on, and DragonFly + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; +@@ -13276,7 +13433,7 @@ + postinstall_cmds='chmod 555 $lib' + ;; + +-interix3*) ++interix[3-9]*) + version_type=linux + need_lib_prefix=no + need_version=no +@@ -13331,7 +13488,7 @@ + ;; + + # This must be Linux ELF. +-linux*) ++linux* | k*bsd*-gnu) + version_type=linux + need_lib_prefix=no + need_version=no +@@ -13347,7 +13504,7 @@ + + # Append ld.so.conf contents to the search path + if test -f /etc/ld.so.conf; then +- lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` ++ lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` + sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" + fi + +@@ -13360,7 +13517,7 @@ + dynamic_linker='GNU/Linux ld.so' + ;; + +-knetbsd*-gnu) ++netbsdelf*-gnu) + version_type=linux + need_lib_prefix=no + need_version=no +@@ -13369,7 +13526,7 @@ + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes +- dynamic_linker='GNU ld.so' ++ dynamic_linker='NetBSD ld.elf_so' + ;; + + netbsd*) +@@ -13453,6 +13610,10 @@ + sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" + ;; + ++rdos*) ++ dynamic_linker=no ++ ;; ++ + solaris*) + version_type=linux + need_lib_prefix=no +@@ -13647,6 +13808,7 @@ + module_cmds_CXX \ + module_expsym_cmds_CXX \ + lt_cv_prog_compiler_c_o_CXX \ ++ fix_srcfile_path_CXX \ + exclude_expsyms_CXX \ + include_expsyms_CXX; do + +@@ -13967,7 +14129,7 @@ + sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec + + # Fix the shell variable \$srcfile for the compiler. +-fix_srcfile_path="$fix_srcfile_path_CXX" ++fix_srcfile_path=$lt_fix_srcfile_path + + # Set to yes if exported symbols are required. + always_export_symbols=$always_export_symbols_CXX +@@ -14058,10 +14220,17 @@ + objext_F77=$objext + + # Code to be used in simple compile tests +-lt_simple_compile_test_code=" subroutine t\n return\n end\n" ++lt_simple_compile_test_code="\ ++ subroutine t ++ return ++ end ++" + + # Code to be used in simple link tests +-lt_simple_link_test_code=" program t\n end\n" ++lt_simple_link_test_code="\ ++ program t ++ end ++" + + # ltmain only uses $CC for tagged configurations so make sure $CC is set. + +@@ -14077,13 +14246,13 @@ + + # save warnings/boilerplate of simple test code + ac_outfile=conftest.$ac_objext +-printf "$lt_simple_compile_test_code" >conftest.$ac_ext ++echo "$lt_simple_compile_test_code" >conftest.$ac_ext + eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err + _lt_compiler_boilerplate=`cat conftest.err` + $rm conftest* + + ac_outfile=conftest.$ac_objext +-printf "$lt_simple_link_test_code" >conftest.$ac_ext ++echo "$lt_simple_link_test_code" >conftest.$ac_ext + eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err + _lt_linker_boilerplate=`cat conftest.err` + $rm conftest* +@@ -14170,13 +14339,15 @@ + lt_prog_compiler_pic_F77='-m68020 -resident32 -malways-restore-a4' + ;; + +- beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) ++ beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) + # PIC is the default for these OSes. + ;; + +- mingw* | pw32* | os2*) ++ mingw* | cygwin* | pw32* | os2*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). ++ # Although the cygwin gcc ignores -fPIC, still need this for old-style ++ # (--disable-auto-import) libraries + lt_prog_compiler_pic_F77='-DDLL_EXPORT' + ;; + +@@ -14186,7 +14357,7 @@ + lt_prog_compiler_pic_F77='-fno-common' + ;; + +- interix3*) ++ interix[3-9]*) + # Interix 3.x gcc -fpic/-fPIC options generate broken code. + # Instead, we relocate shared libraries at runtime. + ;; +@@ -14244,7 +14415,7 @@ + esac + ;; + +- mingw* | pw32* | os2*) ++ mingw* | cygwin* | pw32* | os2*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + lt_prog_compiler_pic_F77='-DDLL_EXPORT' +@@ -14277,7 +14448,7 @@ + lt_prog_compiler_static_F77='-Bstatic' + ;; + +- linux*) ++ linux* | k*bsd*-gnu) + case $cc_basename in + icc* | ecc*) + lt_prog_compiler_wl_F77='-Wl,' +@@ -14296,6 +14467,22 @@ + # All Alpha code is PIC. + lt_prog_compiler_static_F77='-non_shared' + ;; ++ *) ++ case `$CC -V 2>&1 | sed 5q` in ++ *Sun\ C*) ++ # Sun C 5.9 ++ lt_prog_compiler_pic_F77='-KPIC' ++ lt_prog_compiler_static_F77='-Bstatic' ++ lt_prog_compiler_wl_F77='-Wl,' ++ ;; ++ *Sun\ F*) ++ # Sun Fortran 8.3 passes all unrecognized flags to the linker ++ lt_prog_compiler_pic_F77='-KPIC' ++ lt_prog_compiler_static_F77='-Bstatic' ++ lt_prog_compiler_wl_F77='' ++ ;; ++ esac ++ ;; + esac + ;; + +@@ -14305,6 +14492,10 @@ + lt_prog_compiler_static_F77='-non_shared' + ;; + ++ rdos*) ++ lt_prog_compiler_static_F77='-non_shared' ++ ;; ++ + solaris*) + lt_prog_compiler_pic_F77='-KPIC' + lt_prog_compiler_static_F77='-Bstatic' +@@ -14372,7 +14563,7 @@ + else + lt_prog_compiler_pic_works_F77=no + ac_outfile=conftest.$ac_objext +- printf "$lt_simple_compile_test_code" > conftest.$ac_ext ++ echo "$lt_simple_compile_test_code" > conftest.$ac_ext + lt_compiler_flag="$lt_prog_compiler_pic_F77" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. +@@ -14383,11 +14574,11 @@ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` +- (eval echo "\"\$as_me:14386: $lt_compile\"" >&5) ++ (eval echo "\"\$as_me:14577: $lt_compile\"" >&5) + (eval "$lt_compile" 2>conftest.err) + ac_status=$? + cat conftest.err >&5 +- echo "$as_me:14390: \$? = $ac_status" >&5 ++ echo "$as_me:14581: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s "$ac_outfile"; then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings other than the usual output. +@@ -14436,7 +14627,7 @@ + lt_prog_compiler_static_works_F77=no + save_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS $lt_tmp_static_flag" +- printf "$lt_simple_link_test_code" > conftest.$ac_ext ++ echo "$lt_simple_link_test_code" > conftest.$ac_ext + if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then + # The linker can only warn and ignore the option if not recognized + # So say no if there are warnings +@@ -14476,7 +14667,7 @@ + mkdir conftest + cd conftest + mkdir out +- printf "$lt_simple_compile_test_code" > conftest.$ac_ext ++ echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + lt_compiler_flag="-o out/conftest2.$ac_objext" + # Insert the option either (1) after the last *FLAGS variable, or +@@ -14487,11 +14678,11 @@ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` +- (eval echo "\"\$as_me:14490: $lt_compile\"" >&5) ++ (eval echo "\"\$as_me:14681: $lt_compile\"" >&5) + (eval "$lt_compile" 2>out/conftest.err) + ac_status=$? + cat out/conftest.err >&5 +- echo "$as_me:14494: \$? = $ac_status" >&5 ++ echo "$as_me:14685: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s out/conftest2.$ac_objext + then + # The compiler can only warn and ignore the option if not recognized +@@ -14683,7 +14874,7 @@ + allow_undefined_flag_F77=unsupported + always_export_symbols_F77=no + enable_shared_with_static_runtimes_F77=yes +- export_symbols_cmds_F77='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols' ++ export_symbols_cmds_F77='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/'\'' -e '\''/^[AITW][ ]/s/.*[ ]//'\'' | sort | uniq > $export_symbols' + + if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then + archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' +@@ -14701,7 +14892,7 @@ + fi + ;; + +- interix3*) ++ interix[3-9]*) + hardcode_direct_F77=no + hardcode_shlibpath_var_F77=no + hardcode_libdir_flag_spec_F77='${wl}-rpath,$libdir' +@@ -14716,7 +14907,7 @@ + archive_expsym_cmds_F77='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + ;; + +- linux*) ++ gnu* | linux* | k*bsd*-gnu) + if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then + tmp_addflag= + case $cc_basename,$host_cpu in +@@ -14734,20 +14925,30 @@ + ifc* | ifort*) # Intel Fortran compiler + tmp_addflag=' -nofor_main' ;; + esac +- archive_cmds_F77='$CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' ++ case `$CC -V 2>&1 | sed 5q` in ++ *Sun\ C*) # Sun C 5.9 ++ whole_archive_flag_spec_F77='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive' ++ tmp_sharedflag='-G' ;; ++ *Sun\ F*) # Sun Fortran 8.3 ++ tmp_sharedflag='-G' ;; ++ *) ++ tmp_sharedflag='-shared' ;; ++ esac ++ archive_cmds_F77='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + + if test $supports_anon_versioning = yes; then + archive_expsym_cmds_F77='$echo "{ global:" > $output_objdir/$libname.ver~ + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + $echo "local: *; };" >> $output_objdir/$libname.ver~ +- $CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' ++ $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' + fi ++ link_all_deplibs_F77=no + else + ld_shlibs_F77=no + fi + ;; + +- netbsd*) ++ netbsd* | netbsdelf*-gnu) + if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then + archive_cmds_F77='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' + wlarc= +@@ -14899,7 +15100,7 @@ + strings "$collect2name" | grep resolve_lib_name >/dev/null + then + # We have reworked collect2 +- hardcode_direct_F77=yes ++ : + else + # We have old collect2 + hardcode_direct_F77=unsupported +@@ -14963,11 +15164,18 @@ + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + +-aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } +-}'` ++lt_aix_libpath_sed=' ++ /Import File Strings/,/^$/ { ++ /^0/ { ++ s/^0 *\(.*\)$/\1/ ++ p ++ } ++ }' ++aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + # Check for a 64-bit object if we didn't find anything. +-if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } +-}'`; fi ++if test -z "$aix_libpath"; then ++ aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` ++fi + else + echo "$as_me: failed program was:" >&5 + sed 's/^/| /' conftest.$ac_ext >&5 +@@ -15012,11 +15220,18 @@ + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + +-aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } +-}'` ++lt_aix_libpath_sed=' ++ /Import File Strings/,/^$/ { ++ /^0/ { ++ s/^0 *\(.*\)$/\1/ ++ p ++ } ++ }' ++aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + # Check for a 64-bit object if we didn't find anything. +-if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } +-}'`; fi ++if test -z "$aix_libpath"; then ++ aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` ++fi + else + echo "$as_me: failed program was:" >&5 + sed 's/^/| /' conftest.$ac_ext >&5 +@@ -15070,7 +15285,7 @@ + # The linker will automatically build a .lib file if we build a DLL. + old_archive_From_new_cmds_F77='true' + # FIXME: Should let the user specify the lib program. +- old_archive_cmds_F77='lib /OUT:$oldlib$oldobjs$old_deplibs' ++ old_archive_cmds_F77='lib -OUT:$oldlib$oldobjs$old_deplibs' + fix_srcfile_path_F77='`cygpath -w "$srcfile"`' + enable_shared_with_static_runtimes_F77=yes + ;; +@@ -15112,10 +15327,10 @@ + case $cc_basename in + xlc*) + output_verbose_link_cmd='echo' +- archive_cmds_F77='$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring' ++ archive_cmds_F77='$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $xlcverstring' + module_cmds_F77='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' + # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds +- archive_expsym_cmds_F77='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' ++ archive_expsym_cmds_F77='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $xlcverstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' + module_expsym_cmds_F77='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' + ;; + *) +@@ -15155,7 +15370,7 @@ + ;; + + # FreeBSD 3 and greater uses gcc -shared to do shared libraries. +- freebsd* | kfreebsd*-gnu | dragonfly*) ++ freebsd* | dragonfly*) + archive_cmds_F77='$CC -shared -o $lib $libobjs $deplibs $compiler_flags' + hardcode_libdir_flag_spec_F77='-R$libdir' + hardcode_direct_F77=yes +@@ -15257,7 +15472,7 @@ + link_all_deplibs_F77=yes + ;; + +- netbsd*) ++ netbsd* | netbsdelf*-gnu) + if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then + archive_cmds_F77='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out + else +@@ -15277,24 +15492,28 @@ + ;; + + openbsd*) +- hardcode_direct_F77=yes +- hardcode_shlibpath_var_F77=no +- if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then +- archive_cmds_F77='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' +- archive_expsym_cmds_F77='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols' +- hardcode_libdir_flag_spec_F77='${wl}-rpath,$libdir' +- export_dynamic_flag_spec_F77='${wl}-E' ++ if test -f /usr/libexec/ld.so; then ++ hardcode_direct_F77=yes ++ hardcode_shlibpath_var_F77=no ++ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then ++ archive_cmds_F77='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' ++ archive_expsym_cmds_F77='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols' ++ hardcode_libdir_flag_spec_F77='${wl}-rpath,$libdir' ++ export_dynamic_flag_spec_F77='${wl}-E' ++ else ++ case $host_os in ++ openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*) ++ archive_cmds_F77='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' ++ hardcode_libdir_flag_spec_F77='-R$libdir' ++ ;; ++ *) ++ archive_cmds_F77='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' ++ hardcode_libdir_flag_spec_F77='${wl}-rpath,$libdir' ++ ;; ++ esac ++ fi + else +- case $host_os in +- openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*) +- archive_cmds_F77='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' +- hardcode_libdir_flag_spec_F77='-R$libdir' +- ;; +- *) +- archive_cmds_F77='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' +- hardcode_libdir_flag_spec_F77='${wl}-rpath,$libdir' +- ;; +- esac ++ ld_shlibs_F77=no + fi + ;; + +@@ -15353,17 +15572,16 @@ + case $host_os in + solaris2.[0-5] | solaris2.[0-5].*) ;; + *) +- # The compiler driver will combine linker options so we +- # cannot just pass the convience library names through +- # without $wl, iff we do not link with $LD. +- # Luckily, gcc supports the same syntax we need for Sun Studio. ++ # The compiler driver will combine and reorder linker options, ++ # but understands `-z linker_flag'. GCC discards it without `$wl', ++ # but is careful enough not to reorder. + # Supported since Solaris 2.6 (maybe 2.5.1?) +- case $wlarc in +- '') +- whole_archive_flag_spec_F77='-z allextract$convenience -z defaultextract' ;; +- *) +- whole_archive_flag_spec_F77='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract' ;; +- esac ;; ++ if test "$GCC" = yes; then ++ whole_archive_flag_spec_F77='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' ++ else ++ whole_archive_flag_spec_F77='-z allextract$convenience -z defaultextract' ++ fi ++ ;; + esac + link_all_deplibs_F77=yes + ;; +@@ -15420,7 +15638,7 @@ + fi + ;; + +- sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7*) ++ sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*) + no_undefined_flag_F77='${wl}-z,text' + archive_cmds_need_lc_F77=no + hardcode_shlibpath_var_F77=no +@@ -15497,7 +15715,7 @@ + { echo "$as_me:$LINENO: checking whether -lc should be explicitly linked in" >&5 + echo $ECHO_N "checking whether -lc should be explicitly linked in... $ECHO_C" >&6; } + $rm conftest* +- printf "$lt_simple_compile_test_code" > conftest.$ac_ext ++ echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 +@@ -15555,20 +15773,7 @@ + version_type=none + dynamic_linker="$host_os ld.so" + sys_lib_dlsearch_path_spec="/lib /usr/lib" +-if test "$GCC" = yes; then +- sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"` +- if echo "$sys_lib_search_path_spec" | grep ';' >/dev/null ; then +- # if the path contains ";" then we assume it to be the separator +- # otherwise default to the standard path separator (i.e. ":") - it is +- # assumed that no part of a normal pathname contains ";" but that should +- # okay in the real world where ";" in dirpaths is itself problematic. +- sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` +- else +- sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` +- fi +-else +- sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" +-fi ++ + need_lib_prefix=unknown + hardcode_into_libs=no + +@@ -15725,12 +15930,7 @@ + shlibpath_overrides_runpath=yes + shlibpath_var=DYLD_LIBRARY_PATH + shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' +- # Apple's gcc prints 'gcc -print-search-dirs' doesn't operate the same. +- if test "$GCC" = yes; then +- sys_lib_search_path_spec=`$CC -print-search-dirs | tr "\n" "$PATH_SEPARATOR" | sed -e 's/libraries:/@libraries:/' | tr "@" "\n" | grep "^libraries:" | sed -e "s/^libraries://" -e "s,=/,/,g" -e "s,$PATH_SEPARATOR, ,g" -e "s,.*,& /lib /usr/lib /usr/local/lib,g"` +- else +- sys_lib_search_path_spec='/lib /usr/lib /usr/local/lib' +- fi ++ + sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' + ;; + +@@ -15747,18 +15947,6 @@ + dynamic_linker=no + ;; + +-kfreebsd*-gnu) +- version_type=linux +- need_lib_prefix=no +- need_version=no +- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' +- soname_spec='${libname}${release}${shared_ext}$major' +- shlibpath_var=LD_LIBRARY_PATH +- shlibpath_overrides_runpath=no +- hardcode_into_libs=yes +- dynamic_linker='GNU ld.so' +- ;; +- + freebsd* | dragonfly*) + # DragonFly does not have aout. When/if they implement a new + # versioning mechanism, adjust this. +@@ -15796,7 +15984,7 @@ + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; +- freebsd*) # from 4.6 on ++ *) # from 4.6 on, and DragonFly + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; +@@ -15859,7 +16047,7 @@ + postinstall_cmds='chmod 555 $lib' + ;; + +-interix3*) ++interix[3-9]*) + version_type=linux + need_lib_prefix=no + need_version=no +@@ -15914,7 +16102,7 @@ + ;; + + # This must be Linux ELF. +-linux*) ++linux* | k*bsd*-gnu) + version_type=linux + need_lib_prefix=no + need_version=no +@@ -15930,7 +16118,7 @@ + + # Append ld.so.conf contents to the search path + if test -f /etc/ld.so.conf; then +- lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` ++ lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` + sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" + fi + +@@ -15943,7 +16131,7 @@ + dynamic_linker='GNU/Linux ld.so' + ;; + +-knetbsd*-gnu) ++netbsdelf*-gnu) + version_type=linux + need_lib_prefix=no + need_version=no +@@ -15952,7 +16140,7 @@ + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes +- dynamic_linker='GNU ld.so' ++ dynamic_linker='NetBSD ld.elf_so' + ;; + + netbsd*) +@@ -16036,6 +16224,10 @@ + sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" + ;; + ++rdos*) ++ dynamic_linker=no ++ ;; ++ + solaris*) + version_type=linux + need_lib_prefix=no +@@ -16230,6 +16422,7 @@ + module_cmds_F77 \ + module_expsym_cmds_F77 \ + lt_cv_prog_compiler_c_o_F77 \ ++ fix_srcfile_path_F77 \ + exclude_expsyms_F77 \ + include_expsyms_F77; do + +@@ -16550,7 +16743,7 @@ + sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec + + # Fix the shell variable \$srcfile for the compiler. +-fix_srcfile_path="$fix_srcfile_path_F77" ++fix_srcfile_path=$lt_fix_srcfile_path + + # Set to yes if exported symbols are required. + always_export_symbols=$always_export_symbols_F77 +@@ -16608,10 +16801,10 @@ + objext_GCJ=$objext + + # Code to be used in simple compile tests +-lt_simple_compile_test_code="class foo {}\n" ++lt_simple_compile_test_code="class foo {}" + + # Code to be used in simple link tests +-lt_simple_link_test_code='public class conftest { public static void main(String[] argv) {}; }\n' ++lt_simple_link_test_code='public class conftest { public static void main(String[] argv) {}; }' + + # ltmain only uses $CC for tagged configurations so make sure $CC is set. + +@@ -16627,13 +16820,13 @@ + + # save warnings/boilerplate of simple test code + ac_outfile=conftest.$ac_objext +-printf "$lt_simple_compile_test_code" >conftest.$ac_ext ++echo "$lt_simple_compile_test_code" >conftest.$ac_ext + eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err + _lt_compiler_boilerplate=`cat conftest.err` + $rm conftest* + + ac_outfile=conftest.$ac_objext +-printf "$lt_simple_link_test_code" >conftest.$ac_ext ++echo "$lt_simple_link_test_code" >conftest.$ac_ext + eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err + _lt_linker_boilerplate=`cat conftest.err` + $rm conftest* +@@ -16674,7 +16867,7 @@ + else + lt_cv_prog_compiler_rtti_exceptions=no + ac_outfile=conftest.$ac_objext +- printf "$lt_simple_compile_test_code" > conftest.$ac_ext ++ echo "$lt_simple_compile_test_code" > conftest.$ac_ext + lt_compiler_flag="-fno-rtti -fno-exceptions" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. +@@ -16685,11 +16878,11 @@ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` +- (eval echo "\"\$as_me:16688: $lt_compile\"" >&5) ++ (eval echo "\"\$as_me:16881: $lt_compile\"" >&5) + (eval "$lt_compile" 2>conftest.err) + ac_status=$? + cat conftest.err >&5 +- echo "$as_me:16692: \$? = $ac_status" >&5 ++ echo "$as_me:16885: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s "$ac_outfile"; then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings other than the usual output. +@@ -16740,13 +16933,15 @@ + lt_prog_compiler_pic_GCJ='-m68020 -resident32 -malways-restore-a4' + ;; + +- beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) ++ beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) + # PIC is the default for these OSes. + ;; + +- mingw* | pw32* | os2*) ++ mingw* | cygwin* | pw32* | os2*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). ++ # Although the cygwin gcc ignores -fPIC, still need this for old-style ++ # (--disable-auto-import) libraries + lt_prog_compiler_pic_GCJ='-DDLL_EXPORT' + ;; + +@@ -16756,7 +16951,7 @@ + lt_prog_compiler_pic_GCJ='-fno-common' + ;; + +- interix3*) ++ interix[3-9]*) + # Interix 3.x gcc -fpic/-fPIC options generate broken code. + # Instead, we relocate shared libraries at runtime. + ;; +@@ -16814,7 +17009,7 @@ + esac + ;; + +- mingw* | pw32* | os2*) ++ mingw* | cygwin* | pw32* | os2*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + lt_prog_compiler_pic_GCJ='-DDLL_EXPORT' +@@ -16847,7 +17042,7 @@ + lt_prog_compiler_static_GCJ='-Bstatic' + ;; + +- linux*) ++ linux* | k*bsd*-gnu) + case $cc_basename in + icc* | ecc*) + lt_prog_compiler_wl_GCJ='-Wl,' +@@ -16866,6 +17061,22 @@ + # All Alpha code is PIC. + lt_prog_compiler_static_GCJ='-non_shared' + ;; ++ *) ++ case `$CC -V 2>&1 | sed 5q` in ++ *Sun\ C*) ++ # Sun C 5.9 ++ lt_prog_compiler_pic_GCJ='-KPIC' ++ lt_prog_compiler_static_GCJ='-Bstatic' ++ lt_prog_compiler_wl_GCJ='-Wl,' ++ ;; ++ *Sun\ F*) ++ # Sun Fortran 8.3 passes all unrecognized flags to the linker ++ lt_prog_compiler_pic_GCJ='-KPIC' ++ lt_prog_compiler_static_GCJ='-Bstatic' ++ lt_prog_compiler_wl_GCJ='' ++ ;; ++ esac ++ ;; + esac + ;; + +@@ -16875,6 +17086,10 @@ + lt_prog_compiler_static_GCJ='-non_shared' + ;; + ++ rdos*) ++ lt_prog_compiler_static_GCJ='-non_shared' ++ ;; ++ + solaris*) + lt_prog_compiler_pic_GCJ='-KPIC' + lt_prog_compiler_static_GCJ='-Bstatic' +@@ -16942,7 +17157,7 @@ + else + lt_prog_compiler_pic_works_GCJ=no + ac_outfile=conftest.$ac_objext +- printf "$lt_simple_compile_test_code" > conftest.$ac_ext ++ echo "$lt_simple_compile_test_code" > conftest.$ac_ext + lt_compiler_flag="$lt_prog_compiler_pic_GCJ" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. +@@ -16953,11 +17168,11 @@ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` +- (eval echo "\"\$as_me:16956: $lt_compile\"" >&5) ++ (eval echo "\"\$as_me:17171: $lt_compile\"" >&5) + (eval "$lt_compile" 2>conftest.err) + ac_status=$? + cat conftest.err >&5 +- echo "$as_me:16960: \$? = $ac_status" >&5 ++ echo "$as_me:17175: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s "$ac_outfile"; then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings other than the usual output. +@@ -17006,7 +17221,7 @@ + lt_prog_compiler_static_works_GCJ=no + save_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS $lt_tmp_static_flag" +- printf "$lt_simple_link_test_code" > conftest.$ac_ext ++ echo "$lt_simple_link_test_code" > conftest.$ac_ext + if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then + # The linker can only warn and ignore the option if not recognized + # So say no if there are warnings +@@ -17046,7 +17261,7 @@ + mkdir conftest + cd conftest + mkdir out +- printf "$lt_simple_compile_test_code" > conftest.$ac_ext ++ echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + lt_compiler_flag="-o out/conftest2.$ac_objext" + # Insert the option either (1) after the last *FLAGS variable, or +@@ -17057,11 +17272,11 @@ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` +- (eval echo "\"\$as_me:17060: $lt_compile\"" >&5) ++ (eval echo "\"\$as_me:17275: $lt_compile\"" >&5) + (eval "$lt_compile" 2>out/conftest.err) + ac_status=$? + cat out/conftest.err >&5 +- echo "$as_me:17064: \$? = $ac_status" >&5 ++ echo "$as_me:17279: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s out/conftest2.$ac_objext + then + # The compiler can only warn and ignore the option if not recognized +@@ -17253,7 +17468,7 @@ + allow_undefined_flag_GCJ=unsupported + always_export_symbols_GCJ=no + enable_shared_with_static_runtimes_GCJ=yes +- export_symbols_cmds_GCJ='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols' ++ export_symbols_cmds_GCJ='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/'\'' -e '\''/^[AITW][ ]/s/.*[ ]//'\'' | sort | uniq > $export_symbols' + + if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then + archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' +@@ -17271,7 +17486,7 @@ + fi + ;; + +- interix3*) ++ interix[3-9]*) + hardcode_direct_GCJ=no + hardcode_shlibpath_var_GCJ=no + hardcode_libdir_flag_spec_GCJ='${wl}-rpath,$libdir' +@@ -17286,7 +17501,7 @@ + archive_expsym_cmds_GCJ='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + ;; + +- linux*) ++ gnu* | linux* | k*bsd*-gnu) + if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then + tmp_addflag= + case $cc_basename,$host_cpu in +@@ -17304,20 +17519,30 @@ + ifc* | ifort*) # Intel Fortran compiler + tmp_addflag=' -nofor_main' ;; + esac +- archive_cmds_GCJ='$CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' ++ case `$CC -V 2>&1 | sed 5q` in ++ *Sun\ C*) # Sun C 5.9 ++ whole_archive_flag_spec_GCJ='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive' ++ tmp_sharedflag='-G' ;; ++ *Sun\ F*) # Sun Fortran 8.3 ++ tmp_sharedflag='-G' ;; ++ *) ++ tmp_sharedflag='-shared' ;; ++ esac ++ archive_cmds_GCJ='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + + if test $supports_anon_versioning = yes; then + archive_expsym_cmds_GCJ='$echo "{ global:" > $output_objdir/$libname.ver~ + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + $echo "local: *; };" >> $output_objdir/$libname.ver~ +- $CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' ++ $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' + fi ++ link_all_deplibs_GCJ=no + else + ld_shlibs_GCJ=no + fi + ;; + +- netbsd*) ++ netbsd* | netbsdelf*-gnu) + if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then + archive_cmds_GCJ='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' + wlarc= +@@ -17469,7 +17694,7 @@ + strings "$collect2name" | grep resolve_lib_name >/dev/null + then + # We have reworked collect2 +- hardcode_direct_GCJ=yes ++ : + else + # We have old collect2 + hardcode_direct_GCJ=unsupported +@@ -17543,11 +17768,18 @@ + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + +-aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } +-}'` ++lt_aix_libpath_sed=' ++ /Import File Strings/,/^$/ { ++ /^0/ { ++ s/^0 *\(.*\)$/\1/ ++ p ++ } ++ }' ++aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + # Check for a 64-bit object if we didn't find anything. +-if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } +-}'`; fi ++if test -z "$aix_libpath"; then ++ aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` ++fi + else + echo "$as_me: failed program was:" >&5 + sed 's/^/| /' conftest.$ac_ext >&5 +@@ -17602,11 +17834,18 @@ + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + +-aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } +-}'` ++lt_aix_libpath_sed=' ++ /Import File Strings/,/^$/ { ++ /^0/ { ++ s/^0 *\(.*\)$/\1/ ++ p ++ } ++ }' ++aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + # Check for a 64-bit object if we didn't find anything. +-if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } +-}'`; fi ++if test -z "$aix_libpath"; then ++ aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` ++fi + else + echo "$as_me: failed program was:" >&5 + sed 's/^/| /' conftest.$ac_ext >&5 +@@ -17660,7 +17899,7 @@ + # The linker will automatically build a .lib file if we build a DLL. + old_archive_From_new_cmds_GCJ='true' + # FIXME: Should let the user specify the lib program. +- old_archive_cmds_GCJ='lib /OUT:$oldlib$oldobjs$old_deplibs' ++ old_archive_cmds_GCJ='lib -OUT:$oldlib$oldobjs$old_deplibs' + fix_srcfile_path_GCJ='`cygpath -w "$srcfile"`' + enable_shared_with_static_runtimes_GCJ=yes + ;; +@@ -17702,10 +17941,10 @@ + case $cc_basename in + xlc*) + output_verbose_link_cmd='echo' +- archive_cmds_GCJ='$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring' ++ archive_cmds_GCJ='$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $xlcverstring' + module_cmds_GCJ='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' + # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds +- archive_expsym_cmds_GCJ='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' ++ archive_expsym_cmds_GCJ='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $xlcverstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' + module_expsym_cmds_GCJ='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' + ;; + *) +@@ -17745,7 +17984,7 @@ + ;; + + # FreeBSD 3 and greater uses gcc -shared to do shared libraries. +- freebsd* | kfreebsd*-gnu | dragonfly*) ++ freebsd* | dragonfly*) + archive_cmds_GCJ='$CC -shared -o $lib $libobjs $deplibs $compiler_flags' + hardcode_libdir_flag_spec_GCJ='-R$libdir' + hardcode_direct_GCJ=yes +@@ -17847,7 +18086,7 @@ + link_all_deplibs_GCJ=yes + ;; + +- netbsd*) ++ netbsd* | netbsdelf*-gnu) + if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then + archive_cmds_GCJ='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out + else +@@ -17867,24 +18106,28 @@ + ;; + + openbsd*) +- hardcode_direct_GCJ=yes +- hardcode_shlibpath_var_GCJ=no +- if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then +- archive_cmds_GCJ='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' +- archive_expsym_cmds_GCJ='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols' +- hardcode_libdir_flag_spec_GCJ='${wl}-rpath,$libdir' +- export_dynamic_flag_spec_GCJ='${wl}-E' ++ if test -f /usr/libexec/ld.so; then ++ hardcode_direct_GCJ=yes ++ hardcode_shlibpath_var_GCJ=no ++ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then ++ archive_cmds_GCJ='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' ++ archive_expsym_cmds_GCJ='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols' ++ hardcode_libdir_flag_spec_GCJ='${wl}-rpath,$libdir' ++ export_dynamic_flag_spec_GCJ='${wl}-E' ++ else ++ case $host_os in ++ openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*) ++ archive_cmds_GCJ='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' ++ hardcode_libdir_flag_spec_GCJ='-R$libdir' ++ ;; ++ *) ++ archive_cmds_GCJ='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' ++ hardcode_libdir_flag_spec_GCJ='${wl}-rpath,$libdir' ++ ;; ++ esac ++ fi + else +- case $host_os in +- openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*) +- archive_cmds_GCJ='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' +- hardcode_libdir_flag_spec_GCJ='-R$libdir' +- ;; +- *) +- archive_cmds_GCJ='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' +- hardcode_libdir_flag_spec_GCJ='${wl}-rpath,$libdir' +- ;; +- esac ++ ld_shlibs_GCJ=no + fi + ;; + +@@ -17943,17 +18186,16 @@ + case $host_os in + solaris2.[0-5] | solaris2.[0-5].*) ;; + *) +- # The compiler driver will combine linker options so we +- # cannot just pass the convience library names through +- # without $wl, iff we do not link with $LD. +- # Luckily, gcc supports the same syntax we need for Sun Studio. ++ # The compiler driver will combine and reorder linker options, ++ # but understands `-z linker_flag'. GCC discards it without `$wl', ++ # but is careful enough not to reorder. + # Supported since Solaris 2.6 (maybe 2.5.1?) +- case $wlarc in +- '') +- whole_archive_flag_spec_GCJ='-z allextract$convenience -z defaultextract' ;; +- *) +- whole_archive_flag_spec_GCJ='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract' ;; +- esac ;; ++ if test "$GCC" = yes; then ++ whole_archive_flag_spec_GCJ='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' ++ else ++ whole_archive_flag_spec_GCJ='-z allextract$convenience -z defaultextract' ++ fi ++ ;; + esac + link_all_deplibs_GCJ=yes + ;; +@@ -18010,7 +18252,7 @@ + fi + ;; + +- sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7*) ++ sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*) + no_undefined_flag_GCJ='${wl}-z,text' + archive_cmds_need_lc_GCJ=no + hardcode_shlibpath_var_GCJ=no +@@ -18087,7 +18329,7 @@ + { echo "$as_me:$LINENO: checking whether -lc should be explicitly linked in" >&5 + echo $ECHO_N "checking whether -lc should be explicitly linked in... $ECHO_C" >&6; } + $rm conftest* +- printf "$lt_simple_compile_test_code" > conftest.$ac_ext ++ echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 +@@ -18145,20 +18387,7 @@ + version_type=none + dynamic_linker="$host_os ld.so" + sys_lib_dlsearch_path_spec="/lib /usr/lib" +-if test "$GCC" = yes; then +- sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"` +- if echo "$sys_lib_search_path_spec" | grep ';' >/dev/null ; then +- # if the path contains ";" then we assume it to be the separator +- # otherwise default to the standard path separator (i.e. ":") - it is +- # assumed that no part of a normal pathname contains ";" but that should +- # okay in the real world where ";" in dirpaths is itself problematic. +- sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` +- else +- sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` +- fi +-else +- sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" +-fi ++ + need_lib_prefix=unknown + hardcode_into_libs=no + +@@ -18315,12 +18544,7 @@ + shlibpath_overrides_runpath=yes + shlibpath_var=DYLD_LIBRARY_PATH + shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' +- # Apple's gcc prints 'gcc -print-search-dirs' doesn't operate the same. +- if test "$GCC" = yes; then +- sys_lib_search_path_spec=`$CC -print-search-dirs | tr "\n" "$PATH_SEPARATOR" | sed -e 's/libraries:/@libraries:/' | tr "@" "\n" | grep "^libraries:" | sed -e "s/^libraries://" -e "s,=/,/,g" -e "s,$PATH_SEPARATOR, ,g" -e "s,.*,& /lib /usr/lib /usr/local/lib,g"` +- else +- sys_lib_search_path_spec='/lib /usr/lib /usr/local/lib' +- fi ++ + sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' + ;; + +@@ -18337,18 +18561,6 @@ + dynamic_linker=no + ;; + +-kfreebsd*-gnu) +- version_type=linux +- need_lib_prefix=no +- need_version=no +- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' +- soname_spec='${libname}${release}${shared_ext}$major' +- shlibpath_var=LD_LIBRARY_PATH +- shlibpath_overrides_runpath=no +- hardcode_into_libs=yes +- dynamic_linker='GNU ld.so' +- ;; +- + freebsd* | dragonfly*) + # DragonFly does not have aout. When/if they implement a new + # versioning mechanism, adjust this. +@@ -18386,7 +18598,7 @@ + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; +- freebsd*) # from 4.6 on ++ *) # from 4.6 on, and DragonFly + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; +@@ -18449,7 +18661,7 @@ + postinstall_cmds='chmod 555 $lib' + ;; + +-interix3*) ++interix[3-9]*) + version_type=linux + need_lib_prefix=no + need_version=no +@@ -18504,7 +18716,7 @@ + ;; + + # This must be Linux ELF. +-linux*) ++linux* | k*bsd*-gnu) + version_type=linux + need_lib_prefix=no + need_version=no +@@ -18520,7 +18732,7 @@ + + # Append ld.so.conf contents to the search path + if test -f /etc/ld.so.conf; then +- lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` ++ lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` + sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" + fi + +@@ -18533,7 +18745,7 @@ + dynamic_linker='GNU/Linux ld.so' + ;; + +-knetbsd*-gnu) ++netbsdelf*-gnu) + version_type=linux + need_lib_prefix=no + need_version=no +@@ -18542,7 +18754,7 @@ + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes +- dynamic_linker='GNU ld.so' ++ dynamic_linker='NetBSD ld.elf_so' + ;; + + netbsd*) +@@ -18626,6 +18838,10 @@ + sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" + ;; + ++rdos*) ++ dynamic_linker=no ++ ;; ++ + solaris*) + version_type=linux + need_lib_prefix=no +@@ -18820,6 +19036,7 @@ + module_cmds_GCJ \ + module_expsym_cmds_GCJ \ + lt_cv_prog_compiler_c_o_GCJ \ ++ fix_srcfile_path_GCJ \ + exclude_expsyms_GCJ \ + include_expsyms_GCJ; do + +@@ -19140,7 +19357,7 @@ + sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec + + # Fix the shell variable \$srcfile for the compiler. +-fix_srcfile_path="$fix_srcfile_path_GCJ" ++fix_srcfile_path=$lt_fix_srcfile_path + + # Set to yes if exported symbols are required. + always_export_symbols=$always_export_symbols_GCJ +@@ -19197,7 +19414,7 @@ + objext_RC=$objext + + # Code to be used in simple compile tests +-lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }\n' ++lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }' + + # Code to be used in simple link tests + lt_simple_link_test_code="$lt_simple_compile_test_code" +@@ -19216,13 +19433,13 @@ + + # save warnings/boilerplate of simple test code + ac_outfile=conftest.$ac_objext +-printf "$lt_simple_compile_test_code" >conftest.$ac_ext ++echo "$lt_simple_compile_test_code" >conftest.$ac_ext + eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err + _lt_compiler_boilerplate=`cat conftest.err` + $rm conftest* + + ac_outfile=conftest.$ac_objext +-printf "$lt_simple_link_test_code" >conftest.$ac_ext ++echo "$lt_simple_link_test_code" >conftest.$ac_ext + eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err + _lt_linker_boilerplate=`cat conftest.err` + $rm conftest* +@@ -19300,6 +19517,7 @@ + module_cmds_RC \ + module_expsym_cmds_RC \ + lt_cv_prog_compiler_c_o_RC \ ++ fix_srcfile_path_RC \ + exclude_expsyms_RC \ + include_expsyms_RC; do + +@@ -19620,7 +19838,7 @@ + sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec + + # Fix the shell variable \$srcfile for the compiler. +-fix_srcfile_path="$fix_srcfile_path_RC" ++fix_srcfile_path=$lt_fix_srcfile_path + + # Set to yes if exported symbols are required. + always_export_symbols=$always_export_symbols_RC +@@ -21235,18 +21453,23 @@ + fi + + if test x"$WITH_CRACKLIB" != xno ; then +- if test "${ac_cv_header_crack_h+set}" = set; then +- { echo "$as_me:$LINENO: checking for crack.h" >&5 +-echo $ECHO_N "checking for crack.h... $ECHO_C" >&6; } +-if test "${ac_cv_header_crack_h+set}" = set; then ++ ++for ac_header in crack.h ++do ++as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` ++if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then ++ { echo "$as_me:$LINENO: checking for $ac_header" >&5 ++echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } ++if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then + echo $ECHO_N "(cached) $ECHO_C" >&6 + fi +-{ echo "$as_me:$LINENO: result: $ac_cv_header_crack_h" >&5 +-echo "${ECHO_T}$ac_cv_header_crack_h" >&6; } ++ac_res=`eval echo '${'$as_ac_Header'}'` ++ { echo "$as_me:$LINENO: result: $ac_res" >&5 ++echo "${ECHO_T}$ac_res" >&6; } + else + # Is the header compilable? +-{ echo "$as_me:$LINENO: checking crack.h usability" >&5 +-echo $ECHO_N "checking crack.h usability... $ECHO_C" >&6; } ++{ echo "$as_me:$LINENO: checking $ac_header usability" >&5 ++echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; } + cat >conftest.$ac_ext <<_ACEOF + /* confdefs.h. */ + _ACEOF +@@ -21254,7 +21477,7 @@ + cat >>conftest.$ac_ext <<_ACEOF + /* end confdefs.h. */ + $ac_includes_default +-#include <crack.h> ++#include <$ac_header> + _ACEOF + rm -f conftest.$ac_objext + if { (ac_try="$ac_compile" +@@ -21286,15 +21509,15 @@ + echo "${ECHO_T}$ac_header_compiler" >&6; } + + # Is the header present? +-{ echo "$as_me:$LINENO: checking crack.h presence" >&5 +-echo $ECHO_N "checking crack.h presence... $ECHO_C" >&6; } ++{ echo "$as_me:$LINENO: checking $ac_header presence" >&5 ++echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; } + cat >conftest.$ac_ext <<_ACEOF + /* confdefs.h. */ + _ACEOF + cat confdefs.h >>conftest.$ac_ext + cat >>conftest.$ac_ext <<_ACEOF + /* end confdefs.h. */ +-#include <crack.h> ++#include <$ac_header> + _ACEOF + if { (ac_try="$ac_cpp conftest.$ac_ext" + case "(($ac_try" in +@@ -21327,41 +21550,45 @@ + # So? What about this header? + case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in + yes:no: ) +- { echo "$as_me:$LINENO: WARNING: crack.h: accepted by the compiler, rejected by the preprocessor!" >&5 +-echo "$as_me: WARNING: crack.h: accepted by the compiler, rejected by the preprocessor!" >&2;} +- { echo "$as_me:$LINENO: WARNING: crack.h: proceeding with the compiler's result" >&5 +-echo "$as_me: WARNING: crack.h: proceeding with the compiler's result" >&2;} ++ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 ++echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} ++ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 ++echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} + ac_header_preproc=yes + ;; + no:yes:* ) +- { echo "$as_me:$LINENO: WARNING: crack.h: present but cannot be compiled" >&5 +-echo "$as_me: WARNING: crack.h: present but cannot be compiled" >&2;} +- { echo "$as_me:$LINENO: WARNING: crack.h: check for missing prerequisite headers?" >&5 +-echo "$as_me: WARNING: crack.h: check for missing prerequisite headers?" >&2;} +- { echo "$as_me:$LINENO: WARNING: crack.h: see the Autoconf documentation" >&5 +-echo "$as_me: WARNING: crack.h: see the Autoconf documentation" >&2;} +- { echo "$as_me:$LINENO: WARNING: crack.h: section \"Present But Cannot Be Compiled\"" >&5 +-echo "$as_me: WARNING: crack.h: section \"Present But Cannot Be Compiled\"" >&2;} +- { echo "$as_me:$LINENO: WARNING: crack.h: proceeding with the preprocessor's result" >&5 +-echo "$as_me: WARNING: crack.h: proceeding with the preprocessor's result" >&2;} +- { echo "$as_me:$LINENO: WARNING: crack.h: in the future, the compiler will take precedence" >&5 +-echo "$as_me: WARNING: crack.h: in the future, the compiler will take precedence" >&2;} ++ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 ++echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} ++ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 ++echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} ++ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 ++echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} ++ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 ++echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} ++ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 ++echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} ++ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 ++echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} + + ;; + esac +-{ echo "$as_me:$LINENO: checking for crack.h" >&5 +-echo $ECHO_N "checking for crack.h... $ECHO_C" >&6; } +-if test "${ac_cv_header_crack_h+set}" = set; then ++{ echo "$as_me:$LINENO: checking for $ac_header" >&5 ++echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } ++if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then + echo $ECHO_N "(cached) $ECHO_C" >&6 + else +- ac_cv_header_crack_h=$ac_header_preproc ++ eval "$as_ac_Header=\$ac_header_preproc" + fi +-{ echo "$as_me:$LINENO: result: $ac_cv_header_crack_h" >&5 +-echo "${ECHO_T}$ac_cv_header_crack_h" >&6; } ++ac_res=`eval echo '${'$as_ac_Header'}'` ++ { echo "$as_me:$LINENO: result: $ac_res" >&5 ++echo "${ECHO_T}$ac_res" >&6; } + + fi +-if test $ac_cv_header_crack_h = yes; then +- { echo "$as_me:$LINENO: checking for FascistCheck in -lcrack" >&5 ++if test `eval echo '${'$as_ac_Header'}'` = yes; then ++ cat >>confdefs.h <<_ACEOF ++#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 ++_ACEOF ++ { echo "$as_me:$LINENO: checking for FascistCheck in -lcrack" >&5 + echo $ECHO_N "checking for FascistCheck in -lcrack... $ECHO_C" >&6; } + if test "${ac_cv_lib_crack_FascistCheck+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +@@ -21430,6 +21657,7 @@ + + fi + ++done + + else + LIBCRACK="" +@@ -23012,7 +23240,8 @@ + + + +-for ac_header in fcntl.h limits.h malloc.h sys/file.h sys/ioctl.h sys/time.h syslog.h termio.h unistd.h sys/fsuid.h inittypes.h ++ ++for ac_header in fcntl.h limits.h malloc.h sys/file.h sys/ioctl.h sys/time.h syslog.h net/if.h termio.h unistd.h sys/fsuid.h inittypes.h + do + as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` + if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then +@@ -28407,12 +28636,12 @@ + LEX_OUTPUT_ROOT!$LEX_OUTPUT_ROOT$ac_delim + LEXLIB!$LEXLIB$ac_delim + LN_S!$LN_S$ac_delim ++SED!$SED$ac_delim + GREP!$GREP$ac_delim + EGREP!$EGREP$ac_delim + ECHO!$ECHO$ac_delim + AR!$AR$ac_delim + RANLIB!$RANLIB$ac_delim +-CPP!$CPP$ac_delim + _ACEOF + + if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then +@@ -28454,6 +28683,7 @@ + ac_delim='%!_!# ' + for ac_last_try in false false false false false :; do + cat >conf$$subs.sed <<_ACEOF ++CPP!$CPP$ac_delim + CXX!$CXX$ac_delim + CXXFLAGS!$CXXFLAGS$ac_delim + ac_ct_CXX!$ac_ct_CXX$ac_delim +@@ -28531,7 +28761,7 @@ + LTLIBOBJS!$LTLIBOBJS$ac_delim + _ACEOF + +- if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 75; then ++ if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 76; then + break + elif $ac_last_try; then + { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 +Index: pam/Linux-PAM/doc/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/doc/Makefile.in ++++ pam/Linux-PAM/doc/Makefile.in +@@ -165,6 +165,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/doc/adg/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/doc/adg/Makefile.in ++++ pam/Linux-PAM/doc/adg/Makefile.in +@@ -142,6 +142,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/doc/man/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/doc/man/Makefile.in ++++ pam/Linux-PAM/doc/man/Makefile.in +@@ -149,6 +149,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/doc/mwg/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/doc/mwg/Makefile.in ++++ pam/Linux-PAM/doc/mwg/Makefile.in +@@ -142,6 +142,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/doc/sag/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/doc/sag/Makefile.in ++++ pam/Linux-PAM/doc/sag/Makefile.in +@@ -142,6 +142,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/doc/specs/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/doc/specs/Makefile.in ++++ pam/Linux-PAM/doc/specs/Makefile.in +@@ -180,6 +180,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/examples/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/examples/Makefile.in ++++ pam/Linux-PAM/examples/Makefile.in +@@ -172,6 +172,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/libpam/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/libpam/Makefile.in ++++ pam/Linux-PAM/libpam/Makefile.in +@@ -190,6 +190,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/libpam_misc/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/libpam_misc/Makefile.in ++++ pam/Linux-PAM/libpam_misc/Makefile.in +@@ -177,6 +177,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/libpamc/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/libpamc/Makefile.in ++++ pam/Linux-PAM/libpamc/Makefile.in +@@ -187,6 +187,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/libpamc/test/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/libpamc/test/Makefile.in ++++ pam/Linux-PAM/libpamc/test/Makefile.in +@@ -142,6 +142,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/modules/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/modules/Makefile.in ++++ pam/Linux-PAM/modules/Makefile.in +@@ -154,6 +154,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/modules/pam_access/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/modules/pam_access/Makefile.in ++++ pam/Linux-PAM/modules/pam_access/Makefile.in +@@ -178,6 +178,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/modules/pam_cracklib/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/modules/pam_cracklib/Makefile.in ++++ pam/Linux-PAM/modules/pam_cracklib/Makefile.in +@@ -176,6 +176,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/modules/pam_debug/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/modules/pam_debug/Makefile.in ++++ pam/Linux-PAM/modules/pam_debug/Makefile.in +@@ -175,6 +175,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/modules/pam_deny/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/modules/pam_deny/Makefile.in ++++ pam/Linux-PAM/modules/pam_deny/Makefile.in +@@ -175,6 +175,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/modules/pam_echo/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/modules/pam_echo/Makefile.in ++++ pam/Linux-PAM/modules/pam_echo/Makefile.in +@@ -175,6 +175,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/modules/pam_env/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/modules/pam_env/Makefile.in ++++ pam/Linux-PAM/modules/pam_env/Makefile.in +@@ -180,6 +180,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/modules/pam_exec/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/modules/pam_exec/Makefile.in ++++ pam/Linux-PAM/modules/pam_exec/Makefile.in +@@ -175,6 +175,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/modules/pam_faildelay/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/modules/pam_faildelay/Makefile.in ++++ pam/Linux-PAM/modules/pam_faildelay/Makefile.in +@@ -175,6 +175,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/modules/pam_filter/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/modules/pam_filter/Makefile.in ++++ pam/Linux-PAM/modules/pam_filter/Makefile.in +@@ -190,6 +190,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/modules/pam_filter/upperLOWER/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/modules/pam_filter/upperLOWER/Makefile.in ++++ pam/Linux-PAM/modules/pam_filter/upperLOWER/Makefile.in +@@ -164,6 +164,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/modules/pam_ftp/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/modules/pam_ftp/Makefile.in ++++ pam/Linux-PAM/modules/pam_ftp/Makefile.in +@@ -175,6 +175,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/modules/pam_group/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/modules/pam_group/Makefile.in ++++ pam/Linux-PAM/modules/pam_group/Makefile.in +@@ -178,6 +178,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/modules/pam_issue/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/modules/pam_issue/Makefile.in ++++ pam/Linux-PAM/modules/pam_issue/Makefile.in +@@ -175,6 +175,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/modules/pam_keyinit/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/modules/pam_keyinit/Makefile.in ++++ pam/Linux-PAM/modules/pam_keyinit/Makefile.in +@@ -177,6 +177,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/modules/pam_lastlog/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/modules/pam_lastlog/Makefile.in ++++ pam/Linux-PAM/modules/pam_lastlog/Makefile.in +@@ -175,6 +175,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/modules/pam_limits/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/modules/pam_limits/Makefile.in ++++ pam/Linux-PAM/modules/pam_limits/Makefile.in +@@ -178,6 +178,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/modules/pam_listfile/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/modules/pam_listfile/Makefile.in ++++ pam/Linux-PAM/modules/pam_listfile/Makefile.in +@@ -175,6 +175,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/modules/pam_localuser/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/modules/pam_localuser/Makefile.in ++++ pam/Linux-PAM/modules/pam_localuser/Makefile.in +@@ -175,6 +175,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/modules/pam_loginuid/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/modules/pam_loginuid/Makefile.in ++++ pam/Linux-PAM/modules/pam_loginuid/Makefile.in +@@ -175,6 +175,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/modules/pam_mail/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/modules/pam_mail/Makefile.in ++++ pam/Linux-PAM/modules/pam_mail/Makefile.in +@@ -175,6 +175,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/modules/pam_mkhomedir/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/modules/pam_mkhomedir/Makefile.in ++++ pam/Linux-PAM/modules/pam_mkhomedir/Makefile.in +@@ -175,6 +175,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/modules/pam_motd/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/modules/pam_motd/Makefile.in ++++ pam/Linux-PAM/modules/pam_motd/Makefile.in +@@ -175,6 +175,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/modules/pam_namespace/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/modules/pam_namespace/Makefile.in ++++ pam/Linux-PAM/modules/pam_namespace/Makefile.in +@@ -189,6 +189,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/modules/pam_nologin/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/modules/pam_nologin/Makefile.in ++++ pam/Linux-PAM/modules/pam_nologin/Makefile.in +@@ -175,6 +175,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/modules/pam_permit/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/modules/pam_permit/Makefile.in ++++ pam/Linux-PAM/modules/pam_permit/Makefile.in +@@ -175,6 +175,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/modules/pam_rhosts/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/modules/pam_rhosts/Makefile.in ++++ pam/Linux-PAM/modules/pam_rhosts/Makefile.in +@@ -178,6 +178,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/modules/pam_rootok/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/modules/pam_rootok/Makefile.in ++++ pam/Linux-PAM/modules/pam_rootok/Makefile.in +@@ -176,6 +176,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/modules/pam_securetty/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/modules/pam_securetty/Makefile.in ++++ pam/Linux-PAM/modules/pam_securetty/Makefile.in +@@ -65,8 +65,8 @@ + securelibLTLIBRARIES_INSTALL = $(INSTALL) + LTLIBRARIES = $(securelib_LTLIBRARIES) + pam_securetty_la_LIBADD = +-pam_securetty_la_SOURCES = pam_securetty.c +-pam_securetty_la_OBJECTS = pam_securetty.lo ++am_pam_securetty_la_OBJECTS = pam_securetty.lo tty_secure.lo ++pam_securetty_la_OBJECTS = $(am_pam_securetty_la_OBJECTS) + DEFAULT_INCLUDES = -I. -I$(top_builddir)@am__isrc@ + depcomp = $(SHELL) $(top_srcdir)/depcomp + am__depfiles_maybe = depfiles +@@ -79,8 +79,8 @@ + LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +-SOURCES = pam_securetty.c +-DIST_SOURCES = pam_securetty.c ++SOURCES = $(pam_securetty_la_SOURCES) ++DIST_SOURCES = $(pam_securetty_la_SOURCES) + man8dir = $(mandir)/man8 + NROFF = nroff + MANS = $(man_MANS) +@@ -175,6 +175,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +@@ -255,6 +256,10 @@ + AM_LDFLAGS = -no-undefined -avoid-version -module \ + -L$(top_builddir)/libpam -lpam $(am__append_1) + securelib_LTLIBRARIES = pam_securetty.la ++pam_securetty_la_SOURCES = \ ++ pam_securetty.c \ ++ tty_secure.c ++ + @ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README + all: all-am + +@@ -326,6 +331,7 @@ + -rm -f *.tab.c + + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_securetty.Plo@am__quote@ ++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tty_secure.Plo@am__quote@ + + .c.o: + @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +Index: pam/Linux-PAM/modules/pam_selinux/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/modules/pam_selinux/Makefile.in ++++ pam/Linux-PAM/modules/pam_selinux/Makefile.in +@@ -190,6 +190,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/modules/pam_shells/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/modules/pam_shells/Makefile.in ++++ pam/Linux-PAM/modules/pam_shells/Makefile.in +@@ -175,6 +175,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/modules/pam_stress/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/modules/pam_stress/Makefile.in ++++ pam/Linux-PAM/modules/pam_stress/Makefile.in +@@ -170,6 +170,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/modules/pam_succeed_if/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/modules/pam_succeed_if/Makefile.in ++++ pam/Linux-PAM/modules/pam_succeed_if/Makefile.in +@@ -175,6 +175,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/modules/pam_tally/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/modules/pam_tally/Makefile.in ++++ pam/Linux-PAM/modules/pam_tally/Makefile.in +@@ -192,6 +192,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/modules/pam_time/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/modules/pam_time/Makefile.in ++++ pam/Linux-PAM/modules/pam_time/Makefile.in +@@ -178,6 +178,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/modules/pam_umask/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/modules/pam_umask/Makefile.in ++++ pam/Linux-PAM/modules/pam_umask/Makefile.in +@@ -175,6 +175,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/modules/pam_unix/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/modules/pam_unix/Makefile.in ++++ pam/Linux-PAM/modules/pam_unix/Makefile.in +@@ -40,8 +40,7 @@ + build_triplet = @build@ + host_triplet = @host@ + @HAVE_LIBSELINUX_TRUE@am__append_1 = -D"WITH_SELINUX" +-@HAVE_LIBCRACK_TRUE@am__append_2 = -D"USE_CRACKLIB" +-@HAVE_VERSIONING_TRUE@am__append_3 = -Wl,--version-script=$(srcdir)/../modules.map ++@HAVE_VERSIONING_TRUE@am__append_2 = -Wl,--version-script=$(srcdir)/../modules.map + sbin_PROGRAMS = unix_chkpwd$(EXEEXT) + noinst_PROGRAMS = bigcrypt$(EXEEXT) + subdir = modules/pam_unix +@@ -72,10 +71,10 @@ + "$(DESTDIR)$(man8dir)" + securelibLTLIBRARIES_INSTALL = $(INSTALL) + LTLIBRARIES = $(securelib_LTLIBRARIES) +-pam_unix_la_LIBADD = ++pam_unix_la_DEPENDENCIES = ../pam_securetty/tty_secure.lo + am_pam_unix_la_OBJECTS = bigcrypt.lo pam_unix_acct.lo pam_unix_auth.lo \ + pam_unix_passwd.lo pam_unix_sess.lo support.lo yppasswd_xdr.lo \ +- md5_good.lo md5_broken.lo ++ md5_good.lo md5_broken.lo obscure.lo + pam_unix_la_OBJECTS = $(am_pam_unix_la_OBJECTS) + pam_unix_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ +@@ -209,6 +208,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +@@ -289,16 +289,18 @@ + secureconfdir = $(SCONFIGDIR) + AM_CFLAGS = -I$(top_srcdir)/libpam/include \ + -I$(top_srcdir)/libpamc/include \ +- -DCHKPWD_HELPER=\"$(sbindir)/unix_chkpwd\" $(am__append_1) \ ++ -DCHKPWD_HELPER=\"$(sbindir)/unix_chkpwd\" $(am__append_1) ++pam_unix_la_LDFLAGS = -no-undefined -avoid-version -module @LIBNSL@ \ ++ -L$(top_builddir)/libpam -lpam @LIBCRYPT@ @LIBSELINUX@ \ + $(am__append_2) +-pam_unix_la_LDFLAGS = -no-undefined -avoid-version -module @LIBCRACK@ \ +- @LIBNSL@ -L$(top_builddir)/libpam -lpam @LIBCRYPT@ \ +- @LIBSELINUX@ $(am__append_3) + securelib_LTLIBRARIES = pam_unix.la + noinst_HEADERS = md5.h support.h yppasswd.h bigcrypt.h + pam_unix_la_SOURCES = bigcrypt.c pam_unix_acct.c \ + pam_unix_auth.c pam_unix_passwd.c pam_unix_sess.c support.c \ +- yppasswd_xdr.c md5_good.c md5_broken.c ++ yppasswd_xdr.c md5_good.c md5_broken.c obscure.c ++ ++pam_unix_la_LIBADD = \ ++ ../pam_securetty/tty_secure.lo + + bigcrypt_SOURCES = bigcrypt.c bigcrypt_main.c + bigcrypt_CFLAGS = $(AM_CFLAGS) +@@ -424,6 +426,7 @@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bigcrypt.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/md5_broken.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/md5_good.Plo@am__quote@ ++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/obscure.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_unix_acct.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_unix_auth.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_unix_passwd.Plo@am__quote@ +Index: pam/Linux-PAM/modules/pam_userdb/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/modules/pam_userdb/Makefile.in ++++ pam/Linux-PAM/modules/pam_userdb/Makefile.in +@@ -179,6 +179,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/modules/pam_warn/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/modules/pam_warn/Makefile.in ++++ pam/Linux-PAM/modules/pam_warn/Makefile.in +@@ -175,6 +175,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/modules/pam_wheel/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/modules/pam_wheel/Makefile.in ++++ pam/Linux-PAM/modules/pam_wheel/Makefile.in +@@ -175,6 +175,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/modules/pam_xauth/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/modules/pam_xauth/Makefile.in ++++ pam/Linux-PAM/modules/pam_xauth/Makefile.in +@@ -175,6 +175,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/tests/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/tests/Makefile.in ++++ pam/Linux-PAM/tests/Makefile.in +@@ -224,6 +224,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ +Index: pam/Linux-PAM/xtests/Makefile.in +=================================================================== +--- pam.orig/Linux-PAM/xtests/Makefile.in ++++ pam/Linux-PAM/xtests/Makefile.in +@@ -179,6 +179,7 @@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ + SECUREDIR = @SECUREDIR@ ++SED = @SED@ + SET_MAKE = @SET_MAKE@ + SHELL = @SHELL@ + STRIP = @STRIP@ diff --git a/debian/patches-applied/hurd_no_setfsuid b/debian/patches-applied/hurd_no_setfsuid new file mode 100644 index 00000000..71ae5d77 --- /dev/null +++ b/debian/patches-applied/hurd_no_setfsuid @@ -0,0 +1,110 @@ +On systems without setfsuid(), use setreuid() instead. + +Authors: Steve Langasek <vorlon@debian.org> + +Upstream status: superseded by pam_modutil_set_euid proposal + +Index: Linux-PAM/modules/pam_xauth/pam_xauth.c +=================================================================== +--- Linux-PAM/modules/pam_xauth/pam_xauth.c.orig ++++ Linux-PAM/modules/pam_xauth/pam_xauth.c +@@ -35,7 +35,9 @@ + + #include "config.h" + #include <sys/types.h> ++#ifdef HAVE_SYS_FSUID_H + #include <sys/fsuid.h> ++#endif /* HAVE_SYS_FSUID_H */ + #include <sys/wait.h> + #include <errno.h> + #include <fnmatch.h> +@@ -210,6 +212,9 @@ + FILE *fp; + int i; + uid_t euid; ++#ifndef HAVE_SYS_FSUID_H ++ uid_t uid; ++#endif + /* Check this user's <sense> file. */ + pwd = pam_modutil_getpwnam(pamh, this_user); + if (pwd == NULL) { +@@ -226,9 +231,34 @@ + return PAM_SESSION_ERR; + } + euid = geteuid(); ++#ifdef HAVE_SYS_FSUID_H + setfsuid(pwd->pw_uid); ++#else ++ uid = getuid(); ++ if (uid == pwd->pw_uid) ++ setreuid(euid, uid); ++ else { ++ setreuid(0, -1); ++ if (setreuid(-1, uid) == -1) { ++ setreuid(-1, 0); ++ setreuid(0, -1); ++ if (setreuid(-1, pwd->pw_uid)) ++ return PAM_CRED_INSUFFICIENT; ++ } ++ } ++#endif + fp = fopen(path, "r"); ++#ifdef HAVE_SYS_FSUID_H + setfsuid(euid); ++#else ++ if (uid == pwd->pw_uid) ++ setreuid(uid, euid); ++ else { ++ if (setreuid(-1, 0) == -1) ++ setreuid(uid, -1); ++ setreuid(-1, euid); ++ } ++#endif + if (fp != NULL) { + char buf[LINE_MAX], *tmp; + /* Scan the file for a list of specs of users to "trust". */ +@@ -297,6 +327,9 @@ + int fd, i, debug = 0; + int retval = PAM_SUCCESS; + uid_t systemuser = 499, targetuser = 0, euid; ++#ifndef HAVE_SYS_FSUID_H ++ uid_t uid; ++#endif + + /* Parse arguments. We don't understand many, so no sense in breaking + * this into a separate function. */ +@@ -541,9 +574,34 @@ + + /* Generate a new file to hold the data. */ + euid = geteuid(); ++#ifdef HAVE_SYS_FSUID_H + setfsuid(tpwd->pw_uid); ++#else ++ uid = getuid(); ++ if (uid == tpwd->pw_uid) ++ setreuid(euid, uid); ++ else { ++ setreuid(0, -1); ++ if (setreuid(-1, uid) == -1) { ++ setreuid(-1, 0); ++ setreuid(0, -1); ++ if (setreuid(-1, tpwd->pw_uid)) ++ return PAM_CRED_INSUFFICIENT; ++ } ++ } ++#endif + fd = mkstemp(xauthority + strlen(XAUTHENV) + 1); ++#ifdef HAVE_SYS_FSUID_H + setfsuid(euid); ++#else ++ if (uid == tpwd->pw_uid) ++ setreuid(uid, euid); ++ else { ++ if (setreuid(-1, 0) == -1) ++ setreuid(uid, -1); ++ setreuid(-1, euid); ++ } ++#endif + if (fd == -1) { + pam_syslog(pamh, LOG_ERR, + "error creating temporary file `%s': %m", diff --git a/debian/patches-applied/limits_wrong_strncpy b/debian/patches-applied/limits_wrong_strncpy new file mode 100644 index 00000000..155eab51 --- /dev/null +++ b/debian/patches-applied/limits_wrong_strncpy @@ -0,0 +1,92 @@ +Patch for Debian bug #331278 + +Remove a number of unnecessary string manipulations, including a +strncpy() that was acting on overlapping memory. + +Authors: Steve Langasek <vorlon@debian.org> + +Upstream status: committed to CVS + +Index: pam/Linux-PAM/modules/pam_limits/pam_limits.c +=================================================================== +--- pam.orig/Linux-PAM/modules/pam_limits/pam_limits.c ++++ pam/Linux-PAM/modules/pam_limits/pam_limits.c +@@ -492,8 +492,6 @@ + } + #undef CONF_FILE + +- /* init things */ +- memset(buf, 0, sizeof(buf)); + /* start the show */ + while (fgets(buf, LINE_LENGTH, fil) != NULL) { + char domain[LINE_LENGTH]; +@@ -502,46 +500,40 @@ + char value[LINE_LENGTH]; + int i; + size_t j; +- char *tptr; ++ char *tptr,*line; + +- tptr = buf; ++ line = buf; + /* skip the leading white space */ +- while (*tptr && isspace(*tptr)) +- tptr++; +- strncpy(buf, tptr, sizeof(buf)-1); +- buf[sizeof(buf)-1] = '\0'; ++ while (*line && isspace(*line)) ++ line++; + + /* Rip off the comments */ +- tptr = strchr(buf,'#'); ++ tptr = strchr(line,'#'); + if (tptr) + *tptr = '\0'; + /* Rip off the newline char */ +- tptr = strchr(buf,'\n'); ++ tptr = strchr(line,'\n'); + if (tptr) + *tptr = '\0'; + /* Anything left ? */ +- if (!strlen(buf)) { +- memset(buf, 0, sizeof(buf)); ++ if (!strlen(line)) + continue; +- } + +- memset(domain, 0, sizeof(domain)); +- memset(ltype, 0, sizeof(ltype)); +- memset(item, 0, sizeof(item)); +- memset(value, 0, sizeof(value)); ++ domain[0] = ltype[0] = item[0] = value[0] = '\0'; + +- i = sscanf(buf,"%s%s%s%s", domain, ltype, item, value); ++ i = sscanf(line,"%s%s%s%s", domain, ltype, item, value); + D(("scanned line[%d]: domain[%s], ltype[%s], item[%s], value[%s]", + i, domain, ltype, item, value)); + + for(j=0; j < strlen(ltype); j++) + ltype[j]=tolower(ltype[j]); +- for(j=0; j < strlen(item); j++) +- item[j]=tolower(item[j]); +- for(j=0; j < strlen(value); j++) +- value[j]=tolower(value[j]); + + if (i == 4) { /* a complete line */ ++ for(j=0; j < strlen(item); j++) ++ item[j]=tolower(item[j]); ++ for(j=0; j < strlen(value); j++) ++ value[j]=tolower(value[j]); ++ + if (strcmp(uname, domain) == 0) /* this user have a limit */ + process_limit(pamh, LIMITS_DEF_USER, ltype, item, value, ctrl, pl); + else if (domain[0]=='@' && !pl->root) { +@@ -587,7 +579,7 @@ + return PAM_IGNORE; + } + } else { +- pam_syslog(pamh, LOG_WARNING, "invalid line '%s' - skipped", buf); ++ pam_syslog(pamh, LOG_WARNING, "invalid line '%s' - skipped", line); + } + } + fclose(fil); diff --git a/debian/patches-applied/misc_conv_allow_sigint.patch b/debian/patches-applied/misc_conv_allow_sigint.patch new file mode 100644 index 00000000..75ffe8b7 --- /dev/null +++ b/debian/patches-applied/misc_conv_allow_sigint.patch @@ -0,0 +1,28 @@ +Patch for Debian bug #1708 + +Don't block SIGINT in misc_conv, it's perfectly valid to allow the user +to interrupt at a prompt if the application hasn't otherwise blocked the +signal. + +Authors: Steve Langasek <vorlon@debian.org> + +Upstream status: committed to CVS + +Index: pam/Linux-PAM/libpam_misc/misc_conv.c +=================================================================== +--- pam.orig/Linux-PAM/libpam_misc/misc_conv.c ++++ pam/Linux-PAM/libpam_misc/misc_conv.c +@@ -150,12 +150,11 @@ + have_term = 1; + + /* +- * We make a simple attempt to block TTY signals from terminating ++ * We make a simple attempt to block TTY signals from suspending + * the conversation without giving PAM a chance to clean up. + */ + + sigemptyset(&nset); +- sigaddset(&nset, SIGINT); + sigaddset(&nset, SIGTSTP); + (void) sigprocmask(SIG_BLOCK, &nset, &oset); + diff --git a/debian/patches-applied/no_pthread_mutexes b/debian/patches-applied/no_pthread_mutexes new file mode 100644 index 00000000..8983e11e --- /dev/null +++ b/debian/patches-applied/no_pthread_mutexes @@ -0,0 +1,205 @@ +Don't use pthread mutexes in libpam unnecessarily; this avoids linking +problems on non-Linux platforms. + +Authors: Steve Langasek <vorlon@debian.org> + +Upstream status: committed to CVS + +Index: pam/Linux-PAM/libpam/pam_modutil_getgrgid.c +=================================================================== +--- pam.orig/Linux-PAM/libpam/pam_modutil_getgrgid.c ++++ pam/Linux-PAM/libpam/pam_modutil_getgrgid.c +@@ -12,20 +12,9 @@ + #include <errno.h> + #include <limits.h> + #include <grp.h> +-#include <pthread.h> + #include <stdio.h> + #include <stdlib.h> + +-static pthread_mutex_t _pammodutil_mutex = PTHREAD_MUTEX_INITIALIZER; +-static void _pammodutil_lock(void) +-{ +- pthread_mutex_lock(&_pammodutil_mutex); +-} +-static void _pammodutil_unlock(void) +-{ +- pthread_mutex_unlock(&_pammodutil_mutex); +-} +- + static int intlen(int number) + { + int len = 2; +@@ -95,13 +84,11 @@ + for (i = 0; i < INT_MAX; i++) { + sprintf(data_name, "_pammodutil_getgrgid_%ld_%d", + (long) gid, i); +- _pammodutil_lock(); + status = PAM_NO_MODULE_DATA; + if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { + status = pam_set_data(pamh, data_name, + result, pam_modutil_cleanup); + } +- _pammodutil_unlock(); + if (status == PAM_SUCCESS) { + break; + } +Index: pam/Linux-PAM/libpam/pam_modutil_getgrnam.c +=================================================================== +--- pam.orig/Linux-PAM/libpam/pam_modutil_getgrnam.c ++++ pam/Linux-PAM/libpam/pam_modutil_getgrnam.c +@@ -12,20 +12,9 @@ + #include <errno.h> + #include <limits.h> + #include <grp.h> +-#include <pthread.h> + #include <stdio.h> + #include <stdlib.h> + +-static pthread_mutex_t _pammodutil_mutex = PTHREAD_MUTEX_INITIALIZER; +-static void _pammodutil_lock(void) +-{ +- pthread_mutex_lock(&_pammodutil_mutex); +-} +-static void _pammodutil_unlock(void) +-{ +- pthread_mutex_unlock(&_pammodutil_mutex); +-} +- + static int intlen(int number) + { + int len = 2; +@@ -84,13 +73,11 @@ + if (pamh != NULL) { + for (i = 0; i < INT_MAX; i++) { + sprintf(data_name, "_pammodutil_getgrnam_%s_%d", group, i); +- _pammodutil_lock(); + status = PAM_NO_MODULE_DATA; + if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { + status = pam_set_data(pamh, data_name, + result, pam_modutil_cleanup); + } +- _pammodutil_unlock(); + if (status == PAM_SUCCESS) { + break; + } +Index: pam/Linux-PAM/libpam/pam_modutil_getpwnam.c +=================================================================== +--- pam.orig/Linux-PAM/libpam/pam_modutil_getpwnam.c ++++ pam/Linux-PAM/libpam/pam_modutil_getpwnam.c +@@ -11,21 +11,10 @@ + + #include <errno.h> + #include <limits.h> +-#include <pthread.h> + #include <pwd.h> + #include <stdio.h> + #include <stdlib.h> + +-static pthread_mutex_t _pammodutil_mutex = PTHREAD_MUTEX_INITIALIZER; +-static void _pammodutil_lock(void) +-{ +- pthread_mutex_lock(&_pammodutil_mutex); +-} +-static void _pammodutil_unlock(void) +-{ +- pthread_mutex_unlock(&_pammodutil_mutex); +-} +- + static int intlen(int number) + { + int len = 2; +@@ -84,13 +73,11 @@ + if (pamh != NULL) { + for (i = 0; i < INT_MAX; i++) { + sprintf(data_name, "_pammodutil_getpwnam_%s_%d", user, i); +- _pammodutil_lock(); + status = PAM_NO_MODULE_DATA; + if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { + status = pam_set_data(pamh, data_name, + result, pam_modutil_cleanup); + } +- _pammodutil_unlock(); + if (status == PAM_SUCCESS) { + break; + } +Index: pam/Linux-PAM/libpam/pam_modutil_getpwuid.c +=================================================================== +--- pam.orig/Linux-PAM/libpam/pam_modutil_getpwuid.c ++++ pam/Linux-PAM/libpam/pam_modutil_getpwuid.c +@@ -11,21 +11,10 @@ + + #include <errno.h> + #include <limits.h> +-#include <pthread.h> + #include <pwd.h> + #include <stdio.h> + #include <stdlib.h> + +-static pthread_mutex_t _pammodutil_mutex = PTHREAD_MUTEX_INITIALIZER; +-static void _pammodutil_lock(void) +-{ +- pthread_mutex_lock(&_pammodutil_mutex); +-} +-static void _pammodutil_unlock(void) +-{ +- pthread_mutex_unlock(&_pammodutil_mutex); +-} +- + static int intlen(int number) + { + int len = 2; +@@ -95,13 +84,11 @@ + for (i = 0; i < INT_MAX; i++) { + sprintf(data_name, "_pammodutil_getpwuid_%ld_%d", + (long) uid, i); +- _pammodutil_lock(); + status = PAM_NO_MODULE_DATA; + if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { + status = pam_set_data(pamh, data_name, + result, pam_modutil_cleanup); + } +- _pammodutil_unlock(); + if (status == PAM_SUCCESS) { + break; + } +Index: pam/Linux-PAM/libpam/pam_modutil_getspnam.c +=================================================================== +--- pam.orig/Linux-PAM/libpam/pam_modutil_getspnam.c ++++ pam/Linux-PAM/libpam/pam_modutil_getspnam.c +@@ -11,21 +11,10 @@ + + #include <errno.h> + #include <limits.h> +-#include <pthread.h> + #include <shadow.h> + #include <stdio.h> + #include <stdlib.h> + +-static pthread_mutex_t _pammodutil_mutex = PTHREAD_MUTEX_INITIALIZER; +-static void _pammodutil_lock(void) +-{ +- pthread_mutex_lock(&_pammodutil_mutex); +-} +-static void _pammodutil_unlock(void) +-{ +- pthread_mutex_unlock(&_pammodutil_mutex); +-} +- + static int intlen(int number) + { + int len = 2; +@@ -84,13 +73,11 @@ + if (pamh != NULL) { + for (i = 0; i < INT_MAX; i++) { + sprintf(data_name, "_pammodutil_getspnam_%s_%d", user, i); +- _pammodutil_lock(); + status = PAM_NO_MODULE_DATA; + if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { + status = pam_set_data(pamh, data_name, + result, pam_modutil_cleanup); + } +- _pammodutil_unlock(); + if (status == PAM_SUCCESS) { + break; + } diff --git a/debian/patches-applied/pam_env_ignore_garbage.patch b/debian/patches-applied/pam_env_ignore_garbage.patch new file mode 100644 index 00000000..b224a02b --- /dev/null +++ b/debian/patches-applied/pam_env_ignore_garbage.patch @@ -0,0 +1,46 @@ +Patch for Debian bug #439984 + +pam_env was not correctly skipping over non-alphanumeric variable names, +and was not handling the PAM_BAD_ITEM error return from pam_putenv() +when clearing an unset variable. + +Authors: Steve Langasek <vorlon@debian.org> + +Upstream status: submitted in <20070830222058.GA9984@dario.dodds.net> + +Index: pam/Linux-PAM/modules/pam_env/pam_env.c +=================================================================== +--- pam.orig/Linux-PAM/modules/pam_env/pam_env.c ++++ pam/Linux-PAM/modules/pam_env/pam_env.c +@@ -232,9 +232,14 @@ + + for ( i = 0 ; key[i] != '=' && key[i] != '\0' ; i++ ) + if (!isalnum(key[i]) && key[i] != '_') { +- D(("key is not alpha numeric - '%s', ignoring", key)); +- continue; ++ pam_syslog(pamh, LOG_ERR, ++ "non-alphanumeric key '%s' in %s', ignoring", ++ key, file); ++ break; + } ++ /* non-alphanumeric key, ignore this line */ ++ if (key[i] != '=' && key[i] != '\0') ++ continue; + + /* now we try to be smart about quotes around the value, + but not too smart, we can't get all fancy with escaped +@@ -248,6 +253,14 @@ + key[i] = '\0'; + } + ++ /* if this is a request to delete a variable, check that it's ++ actually set first, so we don't get a vague error back from ++ pam_putenv() */ ++ for (i = 0; key[i] != '=' && key[i] != '\0'; i++); ++ ++ if (key[i] == '\0' && !pam_getenv(pamh,key)) ++ continue; ++ + /* set the env var, if it fails, we break out of the loop */ + retval = pam_putenv(pamh, key); + if (retval != PAM_SUCCESS) { diff --git a/debian/patches-applied/pam_tally_audit.patch b/debian/patches-applied/pam_tally_audit.patch new file mode 100644 index 00000000..f7f5764b --- /dev/null +++ b/debian/patches-applied/pam_tally_audit.patch @@ -0,0 +1,18 @@ +Patch to fix the definition of OPT_AUDIT to be octal instead of decimal, +so that it works properly in a bit field. + +Authors: Corey Wright <undefined@pobox.com> + +Upstream status: not yet submitted + +--- Linux-PAM/modules/pam_tally/pam_tally.c~ 2007-10-12 01:49:15.000000000 +0000 ++++ Linux-PAM/modules/pam_tally/pam_tally.c 2007-10-12 03:26:04.000000000 +0000 +@@ -95,7 +95,7 @@ struct tally_options { + #define OPT_PER_USER 010 + #define OPT_NO_LOCK_TIME 020 + #define OPT_NO_RESET 040 +-#define OPT_AUDIT 100 ++#define OPT_AUDIT 0100 + + + /*---------------------------------------------------------------------*/ diff --git a/debian/patches-applied/series b/debian/patches-applied/series new file mode 100644 index 00000000..4fd2c35a --- /dev/null +++ b/debian/patches-applied/series @@ -0,0 +1,31 @@ +006_docs_cleanup -p0 +007_modules_pam_unix -p0 +008_modules_pam_limits_chroot -p0 +015_hurd_portability -p0 +019_pam_listfile_quiet -p0 +021_nis_cleanup -p0 +022_pam_unix_group_time_miscfixes -p0 +024_debian_cracklib_dict_path -p0 +026_pam_unix_passwd_unknown_user -p0 +027_pam_limits_better_init_allow_explicit_root -p0 +031_pam_include +032_pam_limits_EPERM_NOT_FATAL -p0 +036_pam_wheel_getlogin_considered_harmful -p0 +038_support_hurd -p0 +hurd_no_setfsuid -p0 +040_pam_limits_log_failure -p0 +043_pam_unix_unknown_user_not_alert -p0 +045_pam_dispatch_jump_is_ignore -p0 +046_pam_group_example -p0 +049_pam_unix_sane_locking -p0 +054_pam_security_abstract_securetty_handling -p0 +055_pam_unix_nullok_secure -p0 +057_pam_unix_passwd_OOM_check -p0 +065_pam_unix_cracklib_disable +PAM-manpage-section +no_pthread_mutexes +limits_wrong_strncpy +misc_conv_allow_sigint.patch +pam_env_ignore_garbage.patch +pam_tally_audit.patch -p0 +autoconf.patch |