diff --git a/SOURCES/sudo-1.8.6p3-mantypos-ldap.patch b/SOURCES/sudo-1.8.6p3-mantypos-ldap.patch
new file mode 100644
index 0000000..57fbfba
--- /dev/null
+++ b/SOURCES/sudo-1.8.6p3-mantypos-ldap.patch
@@ -0,0 +1,74 @@
+diff -up sudo-1.8.6p3/doc/sudoers.ldap.cat.mantypos-ldap sudo-1.8.6p3/doc/sudoers.ldap.cat
+--- sudo-1.8.6p3/doc/sudoers.ldap.cat.mantypos-ldap 2012-09-18 15:57:43.000000000 +0200
++++ sudo-1.8.6p3/doc/sudoers.ldap.cat 2015-04-16 11:24:08.277692534 +0200
+@@ -119,7 +119,7 @@ D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N
+ s�su�ud�do�oN�No�ot�tA�Af�ft�te�er�r
+ A timestamp in the form yyyymmddHHMMSSZ that indicates an
+ expiration date/time, after which the sudoRole will no longer be
+- valid. If multiple sudoNotBefore entries are present, the last one
++ valid. If multiple sudoNotAfter entries are present, the last one
+ is used. Note that timestamps must be in Coordinated Universal
+ Time (UTC), not the local timezone. The minute and seconds
+ portions are optional, but some LDAP servers require that they be
+@@ -134,8 +134,8 @@ D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N
+ inherent order. The sudoOrder attribute is an integer (or floating
+ point value for LDAP servers that support it) that is used to sort
+ the matching entries. This allows LDAP-based sudoers entries to
+- more closely mimic the behaviour of the sudoers file, where the of
+- the entries influences the result. If multiple entries match, the
++ more closely mimic the behaviour of the sudoers file, where the order
++ of the entries influences the result. If multiple entries match, the
+ entry with the highest sudoOrder attribute is chosen. This
+ corresponds to the ``last match'' behavior of the sudoers file. If
+ the sudoOrder attribute is not present, a value of 0 is assumed.
+diff -up sudo-1.8.6p3/doc/sudoers.ldap.man.in.mantypos-ldap sudo-1.8.6p3/doc/sudoers.ldap.man.in
+--- sudo-1.8.6p3/doc/sudoers.ldap.man.in.mantypos-ldap 2012-09-18 15:57:43.000000000 +0200
++++ sudo-1.8.6p3/doc/sudoers.ldap.man.in 2015-04-16 11:24:08.277692534 +0200
+@@ -238,7 +238,7 @@ that indicates an expiration date/time,
+ \fRsudoRole\fR
+ will no longer be valid.
+ If multiple
+-\fRsudoNotBefore\fR
++\fRsudoNotAfter\fR
+ entries are present, the last one is used.
+ Note that timestamps must be in Coordinated Universal Time (UTC),
+ not the local timezone.
+@@ -264,7 +264,7 @@ The
+ attribute is an integer (or floating point value for LDAP servers
+ that support it) that is used to sort the matching entries.
+ This allows LDAP-based sudoers entries to more closely mimic the behaviour
+-of the sudoers file, where the of the entries influences the result.
++of the sudoers file, where the order of the entries influences the result.
+ If multiple entries match, the entry with the highest
+ \fRsudoOrder\fR
+ attribute is chosen.
+diff -up sudo-1.8.6p3/doc/sudoers.ldap.mdoc.in.mantypos-ldap sudo-1.8.6p3/doc/sudoers.ldap.mdoc.in
+--- sudo-1.8.6p3/doc/sudoers.ldap.mdoc.in.mantypos-ldap 2012-09-18 15:57:43.000000000 +0200
++++ sudo-1.8.6p3/doc/sudoers.ldap.mdoc.in 2015-04-16 11:32:51.574469447 +0200
+@@ -15,7 +15,7 @@
+ .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ .\"
+ .Dd July 12, 2012
+-.Dt SUDOERS.LDAP @mansectsu@
++.Dt SUDOERS.LDAP @mansectform@
+ .Os Sudo @PACKAGE_VERSION@
+ .Sh NAME
+ .Nm sudoers.ldap
+@@ -224,7 +224,7 @@ that indicates an expiration date/time,
+ .Li sudoRole
+ will no longer be valid.
+ If multiple
+-.Li sudoNotBefore
++.Li sudoNotAfter
+ entries are present, the last one is used.
+ Note that timestamps must be in Coordinated Universal Time (UTC),
+ not the local timezone.
+@@ -249,7 +249,7 @@ The
+ attribute is an integer (or floating point value for LDAP servers
+ that support it) that is used to sort the matching entries.
+ This allows LDAP-based sudoers entries to more closely mimic the behaviour
+-of the sudoers file, where the of the entries influences the result.
++of the sudoers file, where the order of the entries influences the result.
+ If multiple entries match, the entry with the highest
+ .Li sudoOrder
+ attribute is chosen.
diff --git a/SOURCES/sudo-1.8.6p7-14-sudoers b/SOURCES/sudo-1.8.6p7-14-sudoers
new file mode 100644
index 0000000..a943c24
--- /dev/null
+++ b/SOURCES/sudo-1.8.6p7-14-sudoers
@@ -0,0 +1,118 @@
+## Sudoers allows particular users to run various commands as
+## the root user, without needing the root password.
+##
+## Examples are provided at the bottom of the file for collections
+## of related commands, which can then be delegated out to particular
+## users or groups.
+##
+## This file must be edited with the 'visudo' command.
+
+## Host Aliases
+## Groups of machines. You may prefer to use hostnames (perhaps using
+## wildcards for entire domains) or IP addresses instead.
+# Host_Alias FILESERVERS = fs1, fs2
+# Host_Alias MAILSERVERS = smtp, smtp2
+
+## User Aliases
+## These aren't often necessary, as you can use regular groups
+## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname
+## rather than USERALIAS
+# User_Alias ADMINS = jsmith, mikem
+
+
+## Command Aliases
+## These are groups of related commands...
+
+## Networking
+# Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool
+
+## Installation and management of software
+# Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum
+
+## Services
+# Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig, /usr/bin/systemctl start, /usr/bin/systemctl stop, /usr/bin/systemctl reload, /usr/bin/systemctl restart, /usr/bin/systemctl status, /usr/bin/systemctl enable, /usr/bin/systemctl disable
+
+## Updating the locate database
+# Cmnd_Alias LOCATE = /usr/bin/updatedb
+
+## Storage
+# Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount
+
+## Delegating permissions
+# Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp
+
+## Processes
+# Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall
+
+## Drivers
+# Cmnd_Alias DRIVERS = /sbin/modprobe
+
+# Defaults specification
+
+#
+# Disable "ssh hostname sudo <cmd>", because it will show the password in clear.
+# You have to run "ssh -t hostname sudo <cmd>".
+#
+Defaults requiretty
+
+#
+# Refuse to run if unable to disable echo on the tty. This setting should also be
+# changed in order to be able to use sudo without a tty. See requiretty above.
+#
+Defaults !visiblepw
+
+#
+# Preserving HOME has security implications since many programs
+# use it when searching for configuration files. Note that HOME
+# is already set when the the env_reset option is enabled, so
+# this option is only effective for configurations where either
+# env_reset is disabled or HOME is present in the env_keep list.
+#
+Defaults always_set_home
+
+Defaults env_reset
+Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
+Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
+Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
+Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
+Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
+
+#
+# Adding HOME to env_keep may enable a user to run unrestricted
+# commands via sudo.
+#
+# Defaults env_keep += "HOME"
+
+Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
+
+## Next comes the main part: which users can run what software on
+## which machines (the sudoers file can be shared between multiple
+## systems).
+## Syntax:
+##
+## user MACHINE=COMMANDS
+##
+## The COMMANDS section may have other options added to it.
+##
+## Allow root to run any commands anywhere
+root ALL=(ALL) ALL
+
+## Allows members of the 'sys' group to run networking, software,
+## service management apps and more.
+# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS
+
+## Allows people in group wheel to run all commands
+%wheel ALL=(ALL) ALL
+
+## Same thing without a password
+# %wheel ALL=(ALL) NOPASSWD: ALL
+
+## Allows members of the users group to mount and unmount the
+## cdrom as root
+# %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom
+
+## Allows members of the users group to shutdown this system
+# %users localhost=/sbin/shutdown -h now
+
+## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
+#includedir /etc/sudoers.d
diff --git a/SOURCES/sudo-1.8.6p7-CVE-2014-9680.patch b/SOURCES/sudo-1.8.6p7-CVE-2014-9680.patch
new file mode 100644
index 0000000..64cfdb9
--- /dev/null
+++ b/SOURCES/sudo-1.8.6p7-CVE-2014-9680.patch
@@ -0,0 +1,333 @@
+diff -up sudo-1.8.6p7/aclocal.m4.CVE-2014-9680 sudo-1.8.6p7/aclocal.m4
+--- sudo-1.8.6p7/aclocal.m4.CVE-2014-9680 2013-02-25 20:42:44.000000000 +0100
++++ sudo-1.8.6p7/aclocal.m4 2015-07-05 13:44:11.610596042 +0200
+@@ -156,6 +156,25 @@ AC_DEFUN([SUDO_IO_LOGDIR], [
+ AC_MSG_RESULT($iolog_dir)
+ ])dnl
+
++dnl Detect time zone file directory, if any.
++dnl
++AC_DEFUN([SUDO_TZDIR], [AC_MSG_CHECKING(time zone data directory)
++tzdir="$with_tzdir"
++if test -z "$tzdir"; then
++ tzdir=no
++ for d in /usr/share /usr/share/lib /usr/lib /etc; do
++ if test -d "$d/zoneinfo"; then
++ tzdir="$d/zoneinfo"
++ break
++ fi
++ done
++fi
++AC_MSG_RESULT([$tzdir])
++if test "${tzdir}" != "no"; then
++ SUDO_DEFINE_UNQUOTED(_PATH_ZONEINFO, "$tzdir")
++fi
++])dnl
++
+ dnl
+ dnl check for working fnmatch(3)
+ dnl
+diff -up sudo-1.8.6p7/configure.in.CVE-2014-9680 sudo-1.8.6p7/configure.in
+--- sudo-1.8.6p7/configure.in.CVE-2014-9680 2015-07-05 13:44:11.598596222 +0200
++++ sudo-1.8.6p7/configure.in 2015-07-05 13:44:11.610596042 +0200
+@@ -776,6 +776,12 @@ AC_ARG_WITH(iologdir, [AS_HELP_STRING([-
+ ;;
+ esac])
+
++AC_ARG_WITH(tzdir, [AS_HELP_STRING([--with-tzdir=DIR], [path to the time zone data directory])],
++[case $with_tzdir in
++ yes) AC_MSG_ERROR(["must give --with-tzdir an argument."])
++ ;;
++esac])
++
+ AC_ARG_WITH(sendmail, [AS_HELP_STRING([--with-sendmail], [set path to sendmail])
+ AS_HELP_STRING([--without-sendmail], [do not send mail at all])],
+ [case $with_sendmail in
+@@ -3250,6 +3256,7 @@ fi
+ SUDO_LOGFILE
+ SUDO_TIMEDIR
+ SUDO_IO_LOGDIR
++SUDO_TZDIR
+
+ dnl
+ dnl Turn warnings into errors.
+diff -up sudo-1.8.6p7/doc/sudoers.cat.CVE-2014-9680 sudo-1.8.6p7/doc/sudoers.cat
+--- sudo-1.8.6p7/doc/sudoers.cat.CVE-2014-9680 2015-07-05 13:44:11.586596402 +0200
++++ sudo-1.8.6p7/doc/sudoers.cat 2015-07-05 13:44:11.610596042 +0200
+@@ -1421,20 +1421,36 @@ S�SU�UD�DO�OE�ER�RS�S O�OP�PT�TI�IO�ON�N
+
+ L�Li�is�st�ts�s t�th�ha�at�t c�ca�an�n b�be�e u�us�se�ed�d i�in�n a�a b�bo�oo�ol�le�ea�an�n c�co�on�nt�te�ex�xt�t:
+
+- env_check Environment variables to be removed from the user's
+- environment if the variable's value contains `%' or `/'
++ env_check Environment variables to be removed from the user's
++ environment if unless they are considered ``safe''.
++ For all variables except TZ, ``safe'' means that the
++ variable's value does not contain any `%' or `/'
+ characters. This can be used to guard against printf-
+ style format vulnerabilities in poorly-written
+- programs. The argument may be a double-quoted, space-
+- separated list or a single value without double-quotes.
+- The list can be replaced, added to, deleted from, or
+- disabled by using the =, +=, -=, and ! operators
+- respectively. Regardless of whether the env_reset
+- option is enabled or disabled, variables specified by
+- env_check will be preserved in the environment if they
+- pass the aforementioned check. The default list of
+- environment variables to check is displayed when s�su�ud�do�o
+- is run by root with the -�-V�V option.
++ programs. The TZ variable is considerd unsafe if any
++ of the following are true:
++
++ +�+�o�o It consists of a fully-qualified path name,
++ optionally prefixed with a colon (`:'), that does
++ not match the location of the _�z_�o_�n_�e_�i_�n_�f_�o directory.
++
++ +�+�o�o It contains a _�._�. path element.
++
++ +�+�o�o It contains white space or non-printable
++ characters.
++
++ +�+�o�o It is longer than the value of PATH_MAX.
++
++ The argument may be a double-quoted, space-separated
++ list or a single value without double-quotes. The list
++ can be replaced, added to, deleted from, or disabled by
++ using the =, +=, -=, and ! operators respectively.
++ Regardless of whether the env_reset option is enabled
++ or disabled, variables specified by env_check will be
++ preserved in the environment if they pass the
++ aforementioned check. The default list of environment
++ variables to check is displayed when s�su�ud�do�o is run by
++ root with the -�-V�V option.
+
+ env_delete Environment variables to be removed from the user's
+ environment when the _�e_�n_�v_�__�r_�e_�s_�e_�t option is not in effect.
+diff -up sudo-1.8.6p7/doc/sudoers.man.in.CVE-2014-9680 sudo-1.8.6p7/doc/sudoers.man.in
+--- sudo-1.8.6p7/doc/sudoers.man.in.CVE-2014-9680 2015-07-05 13:44:11.586596402 +0200
++++ sudo-1.8.6p7/doc/sudoers.man.in 2015-07-05 13:44:11.611596027 +0200
+@@ -3002,14 +3002,47 @@ The default value is
+ \fBLists that can be used in a boolean context\fR:
+ .TP 18n
+ env_check
+-Environment variables to be removed from the user's environment if
+-the variable's value contains
+-`%'
++ Environment variables to be removed from the user's environment if
++unless they are considered
++\(lqsafe\(rq.
++For all variables except
++\fRTZ\fR,
++\(lqsafe\(rq
++means that the variable's value does not contain any
++\(oq%\(cq
+ or
+-`/'
++\(oq/\(cq
+ characters.
+ This can be used to guard against printf-style format vulnerabilities
+ in poorly-written programs.
++The
++\fRTZ\fR
++variable is considerd unsafe if any of the following are true:
++.PP
++.RS 18n
++.PD 0
++.TP 4n
++\fB\(bu\fR
++It consists of a fully-qualified path name,
++optionally prefixed with a colon
++(\(oq:\&\(cq),
++that does not match the location of the
++\fIzoneinfo\fR
++directory.
++.PD
++.TP 4n
++\fB\(bu\fR
++It contains a
++\fI..\fR
++path element.
++.TP 4n
++\fB\(bu\fR
++It contains white space or non-printable characters.
++.TP 4n
++\fB\(bu\fR
++It is longer than the value of
++\fRPATH_MAX\fR.
++.PP
+ The argument may be a double-quoted, space-separated list or a
+ single value without double-quotes.
+ The list can be replaced, added to, deleted from, or disabled by using
+@@ -3031,6 +3064,7 @@ is run by root with
+ the
+ \fB\-V\fR
+ option.
++.RE
+ .TP 18n
+ env_delete
+ Environment variables to be removed from the user's environment when the
+diff -up sudo-1.8.6p7/doc/sudoers.mdoc.in.CVE-2014-9680 sudo-1.8.6p7/doc/sudoers.mdoc.in
+--- sudo-1.8.6p7/doc/sudoers.mdoc.in.CVE-2014-9680 2015-07-05 13:44:11.586596402 +0200
++++ sudo-1.8.6p7/doc/sudoers.mdoc.in 2015-07-05 13:44:11.611596027 +0200
+@@ -2791,13 +2791,40 @@ The default value is
+ .Bl -tag -width 16n
+ .It env_check
+ Environment variables to be removed from the user's environment if
+-the variable's value contains
++unless they are considered
++.Dq safe .
++For all variables except
++.Li TZ ,
++.Dq safe
++means that the variable's value does not contain any
+ .Ql %
+ or
+ .Ql /
+ characters.
+ This can be used to guard against printf-style format vulnerabilities
+ in poorly-written programs.
++The
++.Li TZ
++variable is considerd unsafe if any of the following are true:
++.Bl -bullet
++.It
++It consists of a fully-qualified path name,
++optionally prefixed with a colon
++.Pq Ql :\& ,
++that does not match the location of the
++.Pa zoneinfo
++directory.
++.It
++It contains a
++.Pa ..
++path element.
++.It
++It contains white space or non-printable characters.
++.It
++It is longer than the value of
++.Li PATH_MAX .
++.El
++.Pp
+ The argument may be a double-quoted, space-separated list or a
+ single value without double-quotes.
+ The list can be replaced, added to, deleted from, or disabled by using
+diff -up sudo-1.8.6p7/INSTALL.CVE-2014-9680 sudo-1.8.6p7/INSTALL
+--- sudo-1.8.6p7/INSTALL.CVE-2014-9680 2013-02-25 20:42:43.000000000 +0100
++++ sudo-1.8.6p7/INSTALL 2015-07-05 13:44:11.611596027 +0200
+@@ -461,6 +461,16 @@ The following options are also configura
+ Override the default location of the sudo timestamp directory and
+ use "path" instead.
+
++ --with-tzdir=DIR
++ Set the directory to the system's time zone data files. This
++ is only used when sanitizing the TZ environment variable to
++ allow for fully-qualified paths in TZ.
++ By default, configure will look for an existing "zoneinfo"
++ directory in the following locations:
++ /usr/share /usr/share/lib /usr/lib /etc
++ If no zoneinfo directory is found, the TZ variable may not
++ contain a fully-qualified path.
++
+ --with-sendmail=PATH
+ Override configure's guess as to the location of sendmail.
+
+diff -up sudo-1.8.6p7/pathnames.h.in.CVE-2014-9680 sudo-1.8.6p7/pathnames.h.in
+--- sudo-1.8.6p7/pathnames.h.in.CVE-2014-9680 2012-09-18 15:56:28.000000000 +0200
++++ sudo-1.8.6p7/pathnames.h.in 2015-07-05 13:44:11.612596011 +0200
+@@ -168,3 +168,7 @@
+ #ifndef _PATH_NETSVC_CONF
+ #undef _PATH_NETSVC_CONF
+ #endif /* _PATH_NETSVC_CONF */
++
++#ifndef _PATH_ZONEINFO
++# undef _PATH_ZONEINFO
++#endif /* _PATH_ZONEINFO */
+diff -up sudo-1.8.6p7/plugins/sudoers/env.c.CVE-2014-9680 sudo-1.8.6p7/plugins/sudoers/env.c
+--- sudo-1.8.6p7/plugins/sudoers/env.c.CVE-2014-9680 2013-02-25 20:42:44.000000000 +0100
++++ sudo-1.8.6p7/plugins/sudoers/env.c 2015-07-05 13:44:11.612596011 +0200
+@@ -198,6 +198,7 @@ static const char *initial_checkenv_tabl
+ "LC_*",
+ "LINGUAS",
+ "TERM",
++ "TZ",
+ NULL
+ };
+
+@@ -213,7 +214,6 @@ static const char *initial_keepenv_table
+ "PATH",
+ "PS1",
+ "PS2",
+- "TZ",
+ "XAUTHORITY",
+ "XAUTHORIZATION",
+ NULL
+@@ -584,6 +584,54 @@ matches_env_delete(const char *var)
+ }
+
+ /*
++ * Sanity-check the TZ environment variable.
++ * On many systems it is possible to set this to a pathname.
++ */
++static bool
++tz_is_sane(const char *tzval)
++{
++ const char *cp;
++ char lastch;
++ debug_decl(tz_is_sane, SUDO_DEBUG_ENV)
++
++ /* tzcode treats a value beginning with a ':' as a path. */
++ if (tzval[0] == ':')
++ tzval++;
++
++ /* Reject fully-qualified TZ that doesn't being with the zoneinfo dir. */
++ if (tzval[0] == '/') {
++#ifdef _PATH_ZONEINFO
++ if (strncmp(tzval, _PATH_ZONEINFO, sizeof(_PATH_ZONEINFO) - 1) != 0 ||
++ tzval[sizeof(_PATH_ZONEINFO) - 1] != '/')
++ debug_return_bool(false);
++#else
++ /* Assume the worst. */
++ debug_return_bool(false);
++#endif
++ }
++
++ /*
++ * Make sure TZ only contains printable non-space characters
++ * and does not contain a '..' path element.
++ */
++ lastch = '/';
++ for (cp = tzval; *cp != '\0'; cp++) {
++ if (isspace((unsigned char)*cp) || !isprint((unsigned char)*cp))
++ debug_return_bool(false);
++ if (lastch == '/' && cp[0] == '.' && cp[1] == '.' &&
++ (cp[2] == '/' || cp[2] == '\0'))
++ debug_return_bool(false);
++ lastch = *cp;
++ }
++
++ /* Reject extra long TZ values (even if not a path). */
++ if ((size_t)(cp - tzval) >= PATH_MAX)
++ debug_return_bool(false);
++
++ debug_return_bool(true);
++}
++
++/*
+ * Apply the env_check list.
+ * Returns true if the variable is allowed, false if denied
+ * or -1 if no match.
+@@ -607,8 +655,13 @@ matches_env_check(const char *var)
+ iswild = false;
+ if (strncmp(cur->value, var, len) == 0 &&
+ (iswild || var[len] == '=')) {
++ if (strncmp(var, "TZ=", 3) == 0 ) {
++ /* Sperial case for TZ */
++ keepit = tz_is_sane(var + 3);
++ } else {
+ keepit = !strpbrk(var, "/%");
+- break;
++ }
++ break;
+ }
+ }
+ debug_return_bool(keepit);
diff --git a/SOURCES/sudo-1.8.6p7-authlogicfix.patch b/SOURCES/sudo-1.8.6p7-authlogicfix.patch
new file mode 100644
index 0000000..f721589
--- /dev/null
+++ b/SOURCES/sudo-1.8.6p7-authlogicfix.patch
@@ -0,0 +1,38 @@
+diff -up sudo-1.8.6p7/plugins/sudoers/ldap.c.authlogicfix sudo-1.8.6p7/plugins/sudoers/ldap.c
+--- sudo-1.8.6p7/plugins/sudoers/ldap.c.authlogicfix 2015-07-05 13:40:15.389145839 +0200
++++ sudo-1.8.6p7/plugins/sudoers/ldap.c 2015-07-05 13:40:15.413145478 +0200
+@@ -2392,9 +2392,13 @@ sudo_ldap_lookup(struct sudo_nss *nss, i
+ for (i = 0; i < lres->nentries; i++) {
+ entry = lres->entries[i].entry;
+ if ((pwcheck == any && doauth != false) ||
+- (pwcheck == all && doauth == false)) {
+- doauth = sudo_ldap_check_bool(ld, entry, "authenticate");
++ (pwcheck == all && doauth != true)) {
++ doauth = !!sudo_ldap_check_bool(ld, entry, "authenticate");
+ }
++ }
++
++ for (i = 0; i < lres->nentries; i++) {
++ entry = lres->entries[i].entry;
+ /* Only check the command when listing another user. */
+ if (user_uid == 0 || list_pw == NULL ||
+ user_uid == list_pw->pw_uid ||
+diff -up sudo-1.8.6p7/plugins/sudoers/sssd.c.authlogicfix sudo-1.8.6p7/plugins/sudoers/sssd.c
+--- sudo-1.8.6p7/plugins/sudoers/sssd.c.authlogicfix 2015-07-05 13:40:15.412145494 +0200
++++ sudo-1.8.6p7/plugins/sudoers/sssd.c 2015-07-05 13:40:15.414145463 +0200
+@@ -970,9 +970,13 @@ sudo_sss_lookup(struct sudo_nss *nss, in
+ for (i = 0; i < sss_result->num_rules; i++) {
+ rule = sss_result->rules + i;
+ if ((pwcheck == any && doauth != false) ||
+- (pwcheck == all && doauth == false)) {
+- doauth = sudo_sss_check_bool(handle, rule, "authenticate");
++ (pwcheck == all && doauth != true)) {
++ doauth = !!sudo_sss_check_bool(handle, rule, "authenticate");
+ }
++ }
++
++ for (i = 0; i < sss_result->num_rules; i++) {
++ rule = sss_result->rules + i;
+ /* Only check the command when listing another user. */
+ if (user_uid == 0 || list_pw == NULL ||
+ user_uid == list_pw->pw_uid ||
diff --git a/SOURCES/sudo-1.8.6p7-digest-backport-checklinkfix.patch b/SOURCES/sudo-1.8.6p7-digest-backport-checklinkfix.patch
new file mode 100644
index 0000000..feeeb6c
--- /dev/null
+++ b/SOURCES/sudo-1.8.6p7-digest-backport-checklinkfix.patch
@@ -0,0 +1,12 @@
+diff -up sudo-1.8.6p7/plugins/sudoers/Makefile.in.digest-backport-checklinkfix sudo-1.8.6p7/plugins/sudoers/Makefile.in
+--- sudo-1.8.6p7/plugins/sudoers/Makefile.in.digest-backport-checklinkfix 2015-08-25 14:31:24.889199953 +0200
++++ sudo-1.8.6p7/plugins/sudoers/Makefile.in 2015-08-25 14:32:34.817198098 +0200
+@@ -146,7 +146,7 @@ TEST_OBJS = interfaces.o testsudoers.o t
+
+ CHECK_ADDR_OBJS = check_addr.o match_addr.o interfaces.o error.o
+
+-CHECK_FILL_OBJS = check_fill.o toke_util.o error.o
++CHECK_FILL_OBJS = check_fill.o toke_util.o error.o hexchar.o
+
+ CHECK_IOLOG_PATH_OBJS = check_iolog_path.o error.o iolog_path.o pwutil.o \
+ redblack.o
diff --git a/SOURCES/sudo-1.8.6p7-digest-backport-docs.patch b/SOURCES/sudo-1.8.6p7-digest-backport-docs.patch
new file mode 100644
index 0000000..2b99b26
--- /dev/null
+++ b/SOURCES/sudo-1.8.6p7-digest-backport-docs.patch
@@ -0,0 +1,260 @@
+diff -up sudo-1.8.6p7/doc/sudoers.cat.digest-backport-docs sudo-1.8.6p7/doc/sudoers.cat
+--- sudo-1.8.6p7/doc/sudoers.cat.digest-backport-docs 2015-07-07 13:06:11.078653045 +0200
++++ sudo-1.8.6p7/doc/sudoers.cat 2015-07-07 13:12:05.170955417 +0200
+@@ -260,6 +260,14 @@ S�SU�UD�DO�OE�ER�RS�S F�FI�IL�LE�E F�FO�
+ ``localhost'' will only match if that is the actual host name, which is
+ usually only the case for non-networked systems.
+
++ digest ::= [A-Fa-f0-9]+ |
++ [[A-Za-z0-9+/=]+
++
++ Digest_Spec ::= "sha224" ':' digest |
++ "sha256" ':' digest |
++ "sha384" ':' digest |
++ "sha512" ':' digest
++
+ Cmnd_List ::= Cmnd |
+ Cmnd ',' Cmnd_List
+
+@@ -267,7 +275,7 @@ S�SU�UD�DO�OE�ER�RS�S F�FI�IL�LE�E F�FO�
+ file name args |
+ file name '""'
+
+- Cmnd ::= '!'* command name |
++ Cmnd ::= Digest_Spec? '!'* command name |
+ '!'* directory |
+ '!'* "sudoedit" |
+ '!'* Cmnd_Alias
+@@ -291,6 +299,26 @@ S�SU�UD�DO�OE�ER�RS�S F�FI�IL�LE�E F�FO�
+ to permit a user to run s�su�ud�do�o with the -�-e�e option (or as s�su�ud�do�oe�ed�di�it�t). It may
+ take command line arguments just as a normal command does.
+
++ If a command name is prefixed with a Digest_Spec, the command will only
++ match successfully if it can be verified using the specified SHA-2
++ digest. This may be useful in situations where the user invoking s�su�ud�do�o
++ has write access to the command or its parent directory. The following
++ digest formats are supported: sha224, sha256, sha384 and sha512. The
++ string may be specified in either hex or base64 format (base64 is more
++ compact). There are several utilities capable of generating SHA-2
++ digests in hex format such as openssl, shasum, sha224sum, sha256sum,
++ sha384sum, sha512sum.
++
++ For example, using openssl:
++
++ $ openssl dgst -sha224 /bin/ls
++ SHA224(/bin/ls)= 118187da8364d490b4a7debbf483004e8f3e053ec954309de2c41a25
++
++ It is also possible to use openssl to generate base64 output:
++
++ $ openssl dgst -binary -sha224 /bin/ls | openssl base64
++ EYGH2oNk1JC0p9679IMATo8+BT7JVDCd4sQaJQ==
++
+ D�De�ef�fa�au�ul�lt�ts�s
+ Certain configuration options may be changed from their default values at
+ run-time via one or more Default_Entry lines. These may affect all users
+@@ -1797,7 +1825,9 @@ E�EX�XA�AM�MP�PL�LE�ES�S
+
+ # Cmnd alias specification
+ Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\
+- /usr/sbin/restore, /usr/sbin/rrestore
++ /usr/sbin/restore, /usr/sbin/rrestore\
++ sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== \
++ /home/operator/bin/start_backups
+ Cmnd_Alias KILL = /usr/bin/kill
+ Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
+ Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
+@@ -1867,7 +1897,11 @@ E�EX�XA�AM�MP�PL�LE�ES�S
+ The o�op�pe�er�ra�at�to�or�r user may run commands limited to simple maintenance. Here,
+ those are commands related to backups, killing processes, the printing
+ system, shutting down the system, and any commands in the directory
+- _�/_�u_�s_�r_�/_�o_�p_�e_�r_�/_�b_�i_�n_�/.
++ _�/_�u_�s_�r_�/_�o_�p_�e_�r_�/_�b_�i_�n_�/. Note that one command in the DUMPS Cmnd_Alias includes a
++ sha224 digest, _�/_�h_�o_�m_�e_�/_�o_�p_�e_�r_�a_�t_�o_�r_�/_�b_�i_�n_�/_�s_�t_�a_�r_�t_�__�b_�a_�c_�k_�u_�p_�s. This is because the
++ directory containing the script is writable by the operator user. If the
++ script is modified (resulting in a digest mismatch) it will no longer be
++ possible to run it via s�su�ud�do�o.
+
+ joe ALL = /usr/bin/su operator
+
+diff -up sudo-1.8.6p7/doc/sudoers.man.in.digest-backport-docs sudo-1.8.6p7/doc/sudoers.man.in
+--- sudo-1.8.6p7/doc/sudoers.man.in.digest-backport-docs 2015-07-07 13:06:28.363472547 +0200
++++ sudo-1.8.6p7/doc/sudoers.man.in 2015-07-07 13:16:05.250448374 +0200
+@@ -602,6 +602,14 @@ only the case for non-networked systems.
+ .nf
+ .sp
+ .RS 0n
++digest ::= [A-Fa-f0-9]+ |
++ [[A-Za-z0-9\+/=]+
++
++Digest_Spec ::= "sha224" ':' digest |
++ "sha256" ':' digest |
++ "sha384" ':' digest |
++ "sha512" ':' digest
++
+ Cmnd_List ::= Cmnd |
+ Cmnd ',' Cmnd_List
+
+@@ -609,7 +617,7 @@ command name ::= file name |
+ file name args |
+ file name '""'
+
+-Cmnd ::= '!'* command name |
++Cmnd ::= Digest_Spec? '!'* command name |
+ '!'* directory |
+ '!'* "sudoedit" |
+ '!'* Cmnd_Alias
+@@ -664,6 +672,39 @@ with the
+ option (or as
+ \fBsudoedit\fR).
+ It may take command line arguments just as a normal command does.
++.PP
++If a
++\fRcommand name\fR
++is prefixed with a
++\fRDigest_Spec\fR,
++the command will only match successfully if it can be verified
++using the specified SHA-2 digest.
++This may be useful in situations where the user invoking
++\fBsudo\fR
++has write access to the command or its parent directory.
++The following digest formats are supported: sha224, sha256, sha384 and sha512.
++The string may be specified in either hex or base64 format
++(base64 is more compact).
++There are several utilities capable of generating SHA-2 digests in hex
++format such as openssl, shasum, sha224sum, sha256sum, sha384sum, sha512sum.
++.PP
++For example, using openssl:
++.nf
++.sp
++.RS 0n
++$ openssl dgst -sha224 /bin/ls
++SHA224(/bin/ls)= 118187da8364d490b4a7debbf483004e8f3e053ec954309de2c41a25
++.RE
++.fi
++.PP
++It is also possible to use openssl to generate base64 output:
++.nf
++.sp
++.RS 0n
++$ openssl dgst -binary -sha224 /bin/ls | openssl base64
++EYGH2oNk1JC0p9679IMATo8+BT7JVDCd4sQaJQ==
++.RE
++.fi
+ .SS "Defaults"
+ Certain configuration options may be changed from their default
+ values at run-time via one or more
+@@ -3684,7 +3725,9 @@ Host_Alias CDROM = orion, perseus, hercu
+
+ # Cmnd alias specification
+ Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\e
+- /usr/sbin/restore, /usr/sbin/rrestore
++ /usr/sbin/restore, /usr/sbin/rrestore\e
++ sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== \e
++ /home/operator/bin/start_backups
+ Cmnd_Alias KILL = /usr/bin/kill
+ Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
+ Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
+@@ -3836,6 +3879,15 @@ Here, those are commands related to back
+ printing system, shutting down the system, and any commands in the
+ directory
+ \fI/usr/oper/bin/\fR.
++Note that one command in the
++\fRDUMPS\fR
++Cmnd_Alias includes a sha224 digest,
++\fI/home/operator/bin/start_backups\fR.
++This is because the directory containing the script is writable by the
++operator user.
++If the script is modified (resulting in a digest mismatch) it will no longer
++be possible to run it via
++\fBsudo\fR.
+ .nf
+ .sp
+ .RS 0n
+diff -up sudo-1.8.6p7/doc/sudoers.mdoc.in.digest-backport-docs sudo-1.8.6p7/doc/sudoers.mdoc.in
+--- sudo-1.8.6p7/doc/sudoers.mdoc.in.digest-backport-docs 2015-07-07 13:06:18.919571166 +0200
++++ sudo-1.8.6p7/doc/sudoers.mdoc.in 2015-07-07 13:23:45.072854748 +0200
+@@ -579,6 +579,14 @@ Also, the host name
+ will only match if that is the actual host name, which is usually
+ only the case for non-networked systems.
+ .Bd -literal
++digest ::= [A-Fa-f0-9]+ |
++ [[A-Za-z0-9\+/=]+
++
++Digest_Spec ::= "sha224" ':' digest |
++ "sha256" ':' digest |
++ "sha384" ':' digest |
++ "sha512" ':' digest
++
+ Cmnd_List ::= Cmnd |
+ Cmnd ',' Cmnd_List
+
+@@ -586,7 +594,7 @@ command name ::= file name |
+ file name args |
+ file name '""'
+
+-Cmnd ::= '!'* command name |
++Cmnd ::= Digest_Spec? '!'* command name |
+ '!'* directory |
+ '!'* "sudoedit" |
+ '!'* Cmnd_Alias
+@@ -640,6 +648,33 @@ with the
+ option (or as
+ .Nm sudoedit ) .
+ It may take command line arguments just as a normal command does.
++.Pp
++If a
++.Li command name
++is prefixed with a
++.Li Digest_Spec ,
++the command will only match successfully if it can be verified
++using the specified SHA-2 digest.
++This may be useful in situations where the user invoking
++.Nm sudo
++has write access to the command or its parent directory.
++The following digest formats are supported: sha224, sha256, sha384 and sha512.
++The string may be specified in either hex or base64 format
++(base64 is more compact).
++There are several utilities capable of generating SHA-2 digests in hex
++format such as openssl, shasum, sha224sum, sha256sum, sha384sum, sha512sum.
++.Pp
++For example, using openssl:
++.Bd -literal
++$ openssl dgst -sha224 /bin/ls
++SHA224(/bin/ls)= 118187da8364d490b4a7debbf483004e8f3e053ec954309de2c41a25
++.Ed
++.Pp
++It is also possible to use openssl to generate base64 output:
++.Bd -literal
++$ openssl dgst -binary -sha224 /bin/ls | openssl base64
++EYGH2oNk1JC0p9679IMATo8+BT7JVDCd4sQaJQ==
++.Ed
+ .Ss Defaults
+ Certain configuration options may be changed from their default
+ values at run-time via one or more
+@@ -3407,7 +3442,9 @@ Host_Alias CDROM = orion, perseus, hercu
+
+ # Cmnd alias specification
+ Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\e
+- /usr/sbin/restore, /usr/sbin/rrestore
++ /usr/sbin/restore, /usr/sbin/rrestore\e
++ sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== \e
++ /home/operator/bin/start_backups
+ Cmnd_Alias KILL = /usr/bin/kill
+ Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
+ Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
+@@ -3540,6 +3577,15 @@ Here, those are commands related to back
+ printing system, shutting down the system, and any commands in the
+ directory
+ .Pa /usr/oper/bin/ .
++Note that one command in the
++.Li DUMPS
++Cmnd_Alias includes a sha224 digest,
++.Pa /home/operator/bin/start_backups .
++This is because the directory containing the script is writable by the
++operator user.
++If the script is modified (resulting in a digest mismatch) it will no longer
++be possible to run it via
++.Nm sudo .
+ .Bd -literal
+ joe ALL = /usr/bin/su operator
+ .Ed
diff --git a/SOURCES/sudo-1.8.6p7-digest-backport.patch b/SOURCES/sudo-1.8.6p7-digest-backport.patch
new file mode 100644
index 0000000..f815af2
--- /dev/null
+++ b/SOURCES/sudo-1.8.6p7-digest-backport.patch
@@ -0,0 +1,11389 @@
+diff -up sudo-1.8.6p7/config.h.in.digest-backport sudo-1.8.6p7/config.h.in
+--- sudo-1.8.6p7/config.h.in.digest-backport 2013-02-25 20:46:09.000000000 +0100
++++ sudo-1.8.6p7/config.h.in 2015-07-06 11:42:35.000000000 +0200
+@@ -164,6 +164,9 @@
+ /* Define to 1 if you use the FWTK authsrv daemon. */
+ #undef HAVE_FWTK
+
++/* Define to 1 if you have the `gcry_md_open' function. */
++#undef HAVE_GCRY_MD_OPEN
++
+ /* Define to 1 if you have the `getaddrinfo' function. */
+ #undef HAVE_GETADDRINFO
+
+@@ -331,6 +334,9 @@
+ /* Define to 1 if you have the `ldap_unbind_ext_s' function. */
+ #undef HAVE_LDAP_UNBIND_EXT_S
+
++/* Define to 1 to enable libgcrypt support. */
++#undef HAVE_LIBGCRYPT
++
+ /* Define to 1 if you have the <libintl.h> header file. */
+ #undef HAVE_LIBINTL_H
+
+@@ -676,6 +682,9 @@
+ /* Define to 1 if you have the `unsetenv' function. */
+ #undef HAVE_UNSETENV
+
++/* Define to 1 if the system has the type `unsigned long long int'. */
++#undef HAVE_UNSIGNED_LONG_LONG_INT
++
+ /* Define to 1 if you have the <util.h> header file. */
+ #undef HAVE_UTIL_H
+
+@@ -901,6 +910,11 @@
+ /* Define to avoid using the passwd/shadow file for authentication. */
+ #undef WITHOUT_PASSWD
+
++/* Enable large inode numbers on Mac OS X 10.5. */
++#ifndef _DARWIN_USE_64_BIT_INODE
++# define _DARWIN_USE_64_BIT_INODE 1
++#endif
++
+ /* Number of bits in a file offset, on hosts where this is settable. */
+ #undef _FILE_OFFSET_BITS
+
+@@ -945,6 +959,15 @@
+ /* Define to `int' if <sys/types.h> doesn't define. */
+ #undef uid_t
+
++/* Define to `unsigned int' if <sys/types.h> does not define. */
++#undef uint32_t
++
++/* Define to `unsigned long long' if <sys/types.h> does not define. */
++#undef uint64_t
++
++/* Define to `unsigned char' if <sys/types.h> does not define. */
++#undef uint8_t
++
+ /* Define to empty if the keyword `volatile' does not work. Warning: valid
+ code using `volatile' can become incorrect without. Disable with care. */
+ #undef volatile
+diff -up sudo-1.8.6p7/configure.in.digest-backport sudo-1.8.6p7/configure.in
+--- sudo-1.8.6p7/configure.in.digest-backport 2015-07-06 11:42:33.124904862 +0200
++++ sudo-1.8.6p7/configure.in 2015-07-06 11:42:33.129904786 +0200
+@@ -31,6 +31,7 @@ AC_SUBST([SUDO_OBJS])
+ AC_SUBST([LIBS])
+ AC_SUBST([SUDO_LIBS])
+ AC_SUBST([SUDOERS_LIBS])
++AC_SUBST([LIBPARSESUDOERS_LIBS])
+ AC_SUBST([NET_LIBS])
+ AC_SUBST([AFS_LIBS])
+ AC_SUBST([REPLAY_LIBS])
+@@ -1404,6 +1405,19 @@ AC_ARG_WITH(selinux, [AS_HELP_STRING([--
+ ;;
+ esac])
+
++AC_ARG_WITH(gcrypt, [AS_HELP_STRING([--with-gcrypt], [enable libgcrypt support])],
++[case $with_gcrypt in
++ yes)
++ AC_DEFINE(HAVE_LIBGCRYPT)
++ LIBPARSESUDOERS_LIBS="${LIBPARSESUDOERS_LIBS} -lgcrypt"
++ AC_CHECK_LIB([gcrypt], [gcry_md_open],
++ [AC_DEFINE(HAVE_GCRY_MD_OPEN)])
++ ;;
++ no) ;;
++ *) AC_MSG_ERROR(["--with-gcrypt does not take an argument."])
++ ;;
++esac])
++
+ dnl
+ dnl gss_krb5_ccache_name() may not work on Heimdal so we don't use it by default
+ dnl
+@@ -2152,6 +2166,9 @@ AC_CHECK_TYPE(size_t, unsigned int)
+ AC_CHECK_TYPE(ssize_t, int)
+ AC_CHECK_TYPE(dev_t, int)
+ AC_CHECK_TYPE(ino_t, unsigned int)
++AC_CHECK_TYPE(uint8_t, unsigned char)
++AC_CHECK_TYPE(uint32_t, unsigned int)
++AC_CHECK_TYPE(uint64_t, unsigned long long)
+ AC_CHECK_TYPE(socklen_t, [], [AC_DEFINE(socklen_t, unsigned int)], [
+ AC_INCLUDES_DEFAULT
+ #include <sys/socket.h>])
+@@ -3625,6 +3642,8 @@ AH_TEMPLATE(HAVE_PROJECT_H, [Define to 1
+ AH_TEMPLATE(HAVE_SECURID, [Define to 1 if you use SecurID for authentication.])
+ AH_TEMPLATE(HAVE_SELINUX, [Define to 1 to enable SELinux RBAC support.])
+ AH_TEMPLATE(HAVE_SETKEYCREATECON, [Define to 1 if you have the `setkeycreatecon' function.])
++AH_TEMPLATE(HAVE_LIBGCRYPT, [Define to 1 to enable libgcrypt support.])
++AH_TEMPLATE(HAVE_GCRY_MD_OPEN, [Define to 1 if you have the `gcry_md_open' function.])
+ AH_TEMPLATE(HAVE_SHL_LOAD, [Define to 1 if you have the `shl_load' function.])
+ AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.])
+ AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().])
+diff -up sudo-1.8.6p7/MANIFEST.digest-backport sudo-1.8.6p7/MANIFEST
+--- sudo-1.8.6p7/MANIFEST.digest-backport 2015-07-06 11:42:33.103905177 +0200
++++ sudo-1.8.6p7/MANIFEST 2015-07-06 11:42:33.129904786 +0200
+@@ -171,6 +171,7 @@ plugins/sudoers/gram.c
+ plugins/sudoers/gram.h
+ plugins/sudoers/gram.y
+ plugins/sudoers/group_plugin.c
++plugins/sudoers/hexchar.c
+ plugins/sudoers/ins_2001.h
+ plugins/sudoers/ins_classic.h
+ plugins/sudoers/ins_csops.h
+diff -up sudo-1.8.6p7/plugins/sudoers/filedigest.c.digest-backport sudo-1.8.6p7/plugins/sudoers/filedigest.c
+--- sudo-1.8.6p7/plugins/sudoers/filedigest.c.digest-backport 2015-07-06 11:42:33.129904786 +0200
++++ sudo-1.8.6p7/plugins/sudoers/filedigest.c 2015-07-06 11:42:33.129904786 +0200
+@@ -0,0 +1,105 @@
++#include <config.h>
++#include <errno.h>
++#include <stddef.h>
++#include <sys/types.h>
++#include <sys/stat.h>
++#include <fcntl.h>
++#include <unistd.h>
++#include "filedigest.h"
++#include "missing.h"
++#include "sudo_debug.h"
++#include "alloc.h"
++
++#if defined(HAVE_LIBGCRYPT)
++#include <gcrypt.h>
++
++static int sudo_filedigest_gcrypt(int fd, int algo, unsigned char **dvalue, size_t *dvalue_size)
++{
++ char buffer[4096];
++ gcry_md_hd_t ctx;
++ int gcry_algo;
++ debug_decl(sudo_filedigest_gcrypt, SUDO_DEBUG_UTIL);
++
++ switch(algo) {
++ case SUDO_DIGEST_SHA224:
++ gcry_algo = GCRY_MD_SHA224; break;
++ case SUDO_DIGEST_SHA256:
++ gcry_algo = GCRY_MD_SHA256; break;
++ case SUDO_DIGEST_SHA384:
++ gcry_algo = GCRY_MD_SHA384; break;
++ case SUDO_DIGEST_SHA512:
++ gcry_algo = GCRY_MD_SHA512; break;
++ default:
++ debug_return_int(-1);
++ }
++
++ gcry_md_open(&ctx, gcry_algo, 0);
++
++ /* Read block of data from fd and digest them */
++ while (1) {
++ const ssize_t read_bytes = read(fd, buffer, sizeof buffer);
++
++ if (read_bytes < 0) {
++ /* Error */
++ gcry_md_close(ctx);
++ debug_return_int(-1);
++ }
++ else if (read_bytes > 0) {
++ /* Some data read -- update the digest */
++ gcry_md_write(ctx, buffer, (size_t)read_bytes);
++ }
++ else {
++ /* EOF */
++ break;
++ }
++ }
++
++ /*
++ * All data digested. Finalize the digest value.
++ */
++ const unsigned char *value = gcry_md_read(ctx, gcry_algo);
++
++ if (value == NULL) {
++ debug_return_int(-1);
++ }
++
++ /*
++ * Make a copy of the digest value. The pointer
++ * returned from gcry_md_read cannot be used after
++ * gcry_md_close was called
++ */
++ (*dvalue_size) = gcry_md_get_algo_dlen(gcry_algo);
++ (*dvalue) = emalloc(*dvalue_size);
++
++ if (*dvalue == NULL) {
++ debug_return_int(-1);
++ }
++
++ memcpy(*dvalue, value, *dvalue_size);
++ gcry_md_close(ctx);
++
++ debug_return_int(0);
++}
++#endif
++
++#include <stdio.h>
++
++int sudo_filedigest(const char *path, int algo, unsigned char **dvalue, size_t *dvalue_size)
++{
++ int rc = -1;
++ int fd = -1;
++ debug_decl(sudo_filedigest, SUDO_DEBUG_UTIL);
++
++ if ((fd = open(path, O_RDONLY)) < 0) {
++ debug_return_int(rc);
++ }
++
++#if defined(HAVE_LIBGCRYPT)
++ rc = sudo_filedigest_gcrypt(fd, algo, dvalue, dvalue_size);
++ close(fd);
++#else
++ rc = -1;
++ errno = ENOTSUP;
++#endif
++ debug_return_int(rc);
++}
+diff -up sudo-1.8.6p7/plugins/sudoers/filedigest.h.digest-backport sudo-1.8.6p7/plugins/sudoers/filedigest.h
+--- sudo-1.8.6p7/plugins/sudoers/filedigest.h.digest-backport 2015-07-06 11:42:33.129904786 +0200
++++ sudo-1.8.6p7/plugins/sudoers/filedigest.h 2015-07-06 12:03:03.006422923 +0200
+@@ -0,0 +1,17 @@
++#include <stddef.h>
++
++#define SUDO_DIGEST_INVALID -1
++#define SUDO_DIGEST_SHA224 0
++#define SUDO_DIGEST_SHA256 1
++#define SUDO_DIGEST_SHA384 2
++#define SUDO_DIGEST_SHA512 3
++
++#define SUDO_SHA224_DIGEST_LENGTH 28
++#define SUDO_SHA256_DIGEST_LENGTH 32
++#define SUDO_SHA384_DIGEST_LENGTH 48
++#define SUDO_SHA512_DIGEST_LENGTH 64
++
++/*
++ * Compute a digest of a given file. Returns 0 on success, -1 otherwise.
++ */
++int sudo_filedigest(const char *path, int algo, unsigned char **dvalue, size_t *dvalue_size);
+diff -up sudo-1.8.6p7/plugins/sudoers/gram.c.digest-backport sudo-1.8.6p7/plugins/sudoers/gram.c
+--- sudo-1.8.6p7/plugins/sudoers/gram.c.digest-backport 2013-02-25 20:42:44.000000000 +0100
++++ sudo-1.8.6p7/plugins/sudoers/gram.c 2015-07-06 11:42:33.131904756 +0200
+@@ -1,16 +1,71 @@
+ #include <config.h>
+-#include <stdlib.h>
+-#include <string.h>
+-#define YYBYACC 1
+-#define YYMAJOR 1
+-#define YYMINOR 9
+-#define YYLEX yylex()
+-#define YYEMPTY -1
+-#define yyclearin (yychar=(YYEMPTY))
+-#define yyerrok (yyerrflag=0)
+-#define YYRECOVERING() (yyerrflag!=0)
+-#define YYPREFIX "yy"
+-#line 2 "gram.y"
++/* A Bison parser, made by GNU Bison 2.7. */
++
++/* Bison implementation for Yacc-like parsers in C
++
++ Copyright (C) 1984, 1989-1990, 2000-2012 Free Software Foundation, Inc.
++
++ This program is free software: you can redistribute it and/or modify
++ it under the terms of the GNU General Public License as published by
++ the Free Software Foundation, either version 3 of the License, or
++ (at your option) any later version.
++
++ This program is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ GNU General Public License for more details.
++
++ You should have received a copy of the GNU General Public License
++ along with this program. If not, see <http://www.gnu.org/licenses/>. */
++
++/* As a special exception, you may create a larger work that contains
++ part or all of the Bison parser skeleton and distribute that work
++ under terms of your choice, so long as that work isn't itself a
++ parser generator using the skeleton or a modified version thereof
++ as a parser skeleton. Alternatively, if you modify or redistribute
++ the parser skeleton itself, you may (at your option) remove this
++ special exception, which will cause the skeleton and the resulting
++ Bison output files to be licensed under the GNU General Public
++ License without this special exception.
++
++ This special exception was added by the Free Software Foundation in
++ version 2.2 of Bison. */
++
++/* C LALR(1) parser skeleton written by Richard Stallman, by
++ simplifying the original so-called "semantic" parser. */
++
++/* All symbols defined below should begin with yy or YY, to avoid
++ infringing on user name space. This should be done even for local
++ variables, as they might otherwise be expanded by user macros.
++ There are some unavoidable exceptions within include files to
++ define necessary library symbols; they are noted "INFRINGES ON
++ USER NAME SPACE" below. */
++
++/* Identify Bison output. */
++#define YYBISON 1
++
++/* Bison version. */
++#define YYBISON_VERSION "2.7"
++
++/* Skeleton name. */
++#define YYSKELETON_NAME "yacc.c"
++
++/* Pure parsers. */
++#define YYPURE 0
++
++/* Push parsers. */
++#define YYPUSH 0
++
++/* Pull parsers. */
++#define YYPULL 1
++
++
++
++
++/* Copy the first part of user declarations. */
++/* Line 371 of yacc.c */
++#line 1 "gram.y"
++
+ /*
+ * Copyright (c) 1996, 1998-2005, 2007-2012
+ * Todd C. Miller <Todd.Miller@courtesan.com>
+@@ -103,6 +158,8 @@ static void add_defaults(int, struct me
+ static void add_userspec(struct member *, struct privilege *);
+ static struct defaults *new_default(char *, char *, int);
+ static struct member *new_member(char *, int);
++static struct sudo_digest *new_digest(int, const char *);
++
+ void yyerror(const char *);
+
+ void
+@@ -129,1661 +186,2863 @@ yyerror(const char *s)
+ parse_error = true;
+ debug_return;
+ }
+-#line 122 "gram.y"
+-#ifndef YYSTYPE_DEFINED
+-#define YYSTYPE_DEFINED
+-typedef union {
++
++/* Line 371 of yacc.c */
++#line 191 "gram.c"
++
++# ifndef YY_NULL
++# if defined __cplusplus && 201103L <= __cplusplus
++# define YY_NULL nullptr
++# else
++# define YY_NULL 0
++# endif
++# endif
++
++/* Enabling verbose error messages. */
++#ifdef YYERROR_VERBOSE
++# undef YYERROR_VERBOSE
++# define YYERROR_VERBOSE 1
++#else
++# define YYERROR_VERBOSE 0
++#endif
++
++/* In a future release of Bison, this section will be replaced
++ by #include "y.tab.h". */
++#ifndef YY_YY_Y_TAB_H_INCLUDED
++# define YY_YY_Y_TAB_H_INCLUDED
++/* Enabling traces. */
++#ifndef YYDEBUG
++# define YYDEBUG 0
++#endif
++#if YYDEBUG
++extern int yydebug;
++#endif
++
++/* Tokens. */
++#ifndef YYTOKENTYPE
++# define YYTOKENTYPE
++ /* Put the tokens into the symbol table, so that GDB and other debuggers
++ know about them. */
++ enum yytokentype {
++ COMMAND = 258,
++ ALIAS = 259,
++ DEFVAR = 260,
++ NTWKADDR = 261,
++ NETGROUP = 262,
++ USERGROUP = 263,
++ WORD = 264,
++ DIGEST = 265,
++ DEFAULTS = 266,
++ DEFAULTS_HOST = 267,
++ DEFAULTS_USER = 268,
++ DEFAULTS_RUNAS = 269,
++ DEFAULTS_CMND = 270,
++ NOPASSWD = 271,
++ PASSWD = 272,
++ NOEXEC = 273,
++ EXEC = 274,
++ SETENV = 275,
++ NOSETENV = 276,
++ LOG_INPUT = 277,
++ NOLOG_INPUT = 278,
++ LOG_OUTPUT = 279,
++ NOLOG_OUTPUT = 280,
++ ALL = 281,
++ COMMENT = 282,
++ HOSTALIAS = 283,
++ CMNDALIAS = 284,
++ USERALIAS = 285,
++ RUNASALIAS = 286,
++ ERROR = 287,
++ TYPE = 288,
++ ROLE = 289,
++ PRIVS = 290,
++ LIMITPRIVS = 291,
++ MYSELF = 292,
++ SHA224 = 293,
++ SHA256 = 294,
++ SHA384 = 295,
++ SHA512 = 296
++ };
++#endif
++/* Tokens. */
++#define COMMAND 258
++#define ALIAS 259
++#define DEFVAR 260
++#define NTWKADDR 261
++#define NETGROUP 262
++#define USERGROUP 263
++#define WORD 264
++#define DIGEST 265
++#define DEFAULTS 266
++#define DEFAULTS_HOST 267
++#define DEFAULTS_USER 268
++#define DEFAULTS_RUNAS 269
++#define DEFAULTS_CMND 270
++#define NOPASSWD 271
++#define PASSWD 272
++#define NOEXEC 273
++#define EXEC 274
++#define SETENV 275
++#define NOSETENV 276
++#define LOG_INPUT 277
++#define NOLOG_INPUT 278
++#define LOG_OUTPUT 279
++#define NOLOG_OUTPUT 280
++#define ALL 281
++#define COMMENT 282
++#define HOSTALIAS 283
++#define CMNDALIAS 284
++#define USERALIAS 285
++#define RUNASALIAS 286
++#define ERROR 287
++#define TYPE 288
++#define ROLE 289
++#define PRIVS 290
++#define LIMITPRIVS 291
++#define MYSELF 292
++#define SHA224 293
++#define SHA256 294
++#define SHA384 295
++#define SHA512 296
++
++
++
++#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
++typedef union YYSTYPE
++{
++/* Line 387 of yacc.c */
++#line 124 "gram.y"
++
+ struct cmndspec *cmndspec;
+ struct defaults *defaults;
+ struct member *member;
+ struct runascontainer *runas;
+ struct privilege *privilege;
++ struct sudo_digest *digest;
+ struct sudo_command command;
+ struct cmndtag tag;
+ struct selinux_info seinfo;
+ struct solaris_privs_info privinfo;
+ char *string;
+ int tok;
++
++
++/* Line 387 of yacc.c */
++#line 332 "gram.c"
+ } YYSTYPE;
+-#endif /* YYSTYPE_DEFINED */
+-#line 149 "gram.c"
+-#define COMMAND 257
+-#define ALIAS 258
+-#define DEFVAR 259
+-#define NTWKADDR 260
+-#define NETGROUP 261
+-#define USERGROUP 262
+-#define WORD 263
+-#define DEFAULTS 264
+-#define DEFAULTS_HOST 265
+-#define DEFAULTS_USER 266
+-#define DEFAULTS_RUNAS 267
+-#define DEFAULTS_CMND 268
+-#define NOPASSWD 269
+-#define PASSWD 270
+-#define NOEXEC 271
+-#define EXEC 272
+-#define SETENV 273
+-#define NOSETENV 274
+-#define LOG_INPUT 275
+-#define NOLOG_INPUT 276
+-#define LOG_OUTPUT 277
+-#define NOLOG_OUTPUT 278
+-#define ALL 279
+-#define COMMENT 280
+-#define HOSTALIAS 281
+-#define CMNDALIAS 282
+-#define USERALIAS 283
+-#define RUNASALIAS 284
+-#define ERROR 285
+-#define TYPE 286
+-#define ROLE 287
+-#define PRIVS 288
+-#define LIMITPRIVS 289
+-#define MYSELF 290
+-#define YYERRCODE 256
+-#if defined(__cplusplus) || defined(__STDC__)
+-const short yylhs[] =
+-#else
+-short yylhs[] =
+-#endif
+- { -1,
+- 0, 0, 28, 28, 29, 29, 29, 29, 29, 29,
+- 29, 29, 29, 29, 29, 29, 4, 4, 3, 3,
+- 3, 3, 3, 20, 20, 19, 10, 10, 8, 8,
+- 8, 8, 8, 2, 2, 1, 6, 6, 23, 24,
+- 22, 22, 22, 22, 22, 26, 27, 25, 25, 25,
+- 25, 25, 17, 17, 18, 18, 18, 18, 18, 21,
+- 21, 21, 21, 21, 21, 21, 21, 21, 21, 21,
+- 5, 5, 5, 31, 31, 34, 9, 9, 32, 32,
+- 35, 7, 7, 33, 33, 36, 30, 30, 37, 13,
+- 13, 11, 11, 12, 12, 12, 12, 12, 16, 16,
+- 14, 14, 15, 15, 15,
+-};
+-#if defined(__cplusplus) || defined(__STDC__)
+-const short yylen[] =
++# define YYSTYPE_IS_TRIVIAL 1
++# define yystype YYSTYPE /* obsolescent; will be withdrawn */
++# define YYSTYPE_IS_DECLARED 1
++#endif
++
++extern YYSTYPE yylval;
++
++#ifdef YYPARSE_PARAM
++#if defined __STDC__ || defined __cplusplus
++int yyparse (void *YYPARSE_PARAM);
+ #else
+-short yylen[] =
++int yyparse ();
+ #endif
+- { 2,
+- 0, 1, 1, 2, 1, 2, 2, 2, 2, 2,
+- 2, 2, 3, 3, 3, 3, 1, 3, 1, 2,
+- 3, 3, 3, 1, 3, 3, 1, 2, 1, 1,
+- 1, 1, 1, 1, 3, 5, 1, 2, 3, 3,
+- 0, 1, 1, 2, 2, 3, 3, 0, 1, 1,
+- 2, 2, 0, 3, 0, 1, 3, 2, 1, 0,
+- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+- 1, 1, 1, 1, 3, 3, 1, 3, 1, 3,
+- 3, 1, 3, 1, 3, 3, 1, 3, 3, 1,
+- 3, 1, 2, 1, 1, 1, 1, 1, 1, 3,
+- 1, 2, 1, 1, 1,
+-};
+-#if defined(__cplusplus) || defined(__STDC__)
+-const short yydefred[] =
++#else /* ! YYPARSE_PARAM */
++#if defined __STDC__ || defined __cplusplus
++int yyparse (void);
+ #else
+-short yydefred[] =
++int yyparse ();
+ #endif
+- { 0,
+- 0, 94, 96, 97, 98, 0, 0, 0, 0, 0,
+- 95, 5, 0, 0, 0, 0, 0, 0, 90, 92,
+- 0, 0, 3, 6, 0, 0, 17, 0, 29, 32,
+- 31, 33, 30, 0, 27, 0, 77, 0, 0, 73,
+- 72, 71, 0, 37, 82, 0, 0, 0, 74, 0,
+- 0, 79, 0, 0, 87, 0, 0, 84, 93, 0,
+- 0, 24, 0, 4, 0, 0, 0, 20, 0, 28,
+- 0, 0, 0, 0, 38, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 91, 0, 0, 21, 22,
+- 23, 18, 78, 83, 0, 75, 0, 80, 0, 88,
+- 0, 85, 0, 34, 0, 0, 25, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 103, 105, 104, 0,
+- 99, 101, 0, 0, 54, 35, 0, 0, 0, 0,
+- 60, 0, 0, 44, 45, 102, 0, 0, 40, 39,
+- 0, 0, 0, 51, 52, 100, 46, 47, 61, 62,
+- 63, 64, 65, 66, 67, 68, 69, 70, 36,
+-};
+-#if defined(__cplusplus) || defined(__STDC__)
+-const short yydgoto[] =
++#endif /* ! YYPARSE_PARAM */
++
++#endif /* !YY_YY_Y_TAB_H_INCLUDED */
++
++/* Copy the second part of user declarations. */
++
++/* Line 390 of yacc.c */
++#line 360 "gram.c"
++
++#ifdef short
++# undef short
++#endif
++
++#ifdef YYTYPE_UINT8
++typedef YYTYPE_UINT8 yytype_uint8;
+ #else
+-short yydgoto[] =
++typedef unsigned char yytype_uint8;
+ #endif
+- { 18,
+- 104, 105, 27, 28, 44, 45, 46, 35, 61, 37,
+- 19, 20, 21, 121, 122, 123, 106, 110, 62, 63,
+- 143, 114, 115, 116, 131, 132, 133, 22, 23, 54,
+- 48, 51, 57, 49, 52, 58, 55,
+-};
+-#if defined(__cplusplus) || defined(__STDC__)
+-const short yysindex[] =
++
++#ifdef YYTYPE_INT8
++typedef YYTYPE_INT8 yytype_int8;
++#elif (defined __STDC__ || defined __C99__FUNC__ \
++ || defined __cplusplus || defined _MSC_VER)
++typedef signed char yytype_int8;
+ #else
+-short yysindex[] =
++typedef short int yytype_int8;
+ #endif
+- { 541,
+- -270, 0, 0, 0, 0, -21, -5, 553, 553, 20,
+- 0, 0, -242, -229, -216, -214, -240, 0, 0, 0,
+- -27, 541, 0, 0, -18, -227, 0, 2, 0, 0,
+- 0, 0, 0, -223, 0, -33, 0, -31, -31, 0,
+- 0, 0, -243, 0, 0, -24, -12, -6, 0, 3,
+- 4, 0, 5, 7, 0, 6, 10, 0, 0, 553,
+- -20, 0, 11, 0, -206, -193, -191, 0, -21, 0,
+- -5, 2, 2, 2, 0, 20, 2, -5, -242, 20,
+- -229, 553, -216, 553, -214, 0, 33, -5, 0, 0,
+- 0, 0, 0, 0, 31, 0, 32, 0, 34, 0,
+- 34, 0, 513, 0, 35, -226, 0, 86, -25, 36,
+- 33, 19, 21, -234, -202, -201, 0, 0, 0, -232,
+- 0, 0, 41, 86, 0, 0, -176, -173, 37, 38,
+- 0, -198, -195, 0, 0, 0, 86, 41, 0, 0,
+- -169, -168, 569, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0,};
+-#if defined(__cplusplus) || defined(__STDC__)
+-const short yyrindex[] =
+-#else
+-short yyrindex[] =
+-#endif
+- { 96,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 97, 0, 0, 1, 0, 0, 177, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 207, 0, 0,
+- 237, 0, 0, 271, 0, 0, 300, 0, 0, 0,
+- 0, 0, 329, 0, 0, 0, 0, 0, 0, 0,
+- 0, 358, 387, 417, 0, 0, 446, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 463, 0, 0, 0,
+- 0, 0, 0, 0, 30, 0, 59, 0, 89, 0,
+- 118, 0, 60, 0, 148, -28, 0, 62, 63, 0,
+- 463, 0, 0, 594, 489, 512, 0, 0, 0, 0,
+- 0, 0, 64, 0, 0, 0, 0, 0, 0, 0,
+- 0, 623, 653, 0, 0, 0, 0, 65, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0,};
+-#if defined(__cplusplus) || defined(__STDC__)
+-const short yygindex[] =
+-#else
+-short yygindex[] =
+-#endif
+- { 0,
+- -11, 0, 39, 12, 66, -72, 27, 76, -4, 40,
+- 52, 98, -1, -23, -7, -8, 0, 0, 42, 0,
+- 0, 0, 8, 13, 0, -13, -9, 0, 99, 0,
+- 0, 0, 0, 46, 45, 44, 48,
+-};
+-#define YYTABLESIZE 932
+-#if defined(__cplusplus) || defined(__STDC__)
+-const short yytable[] =
+-#else
+-short yytable[] =
+-#endif
+- { 26,
+- 19, 26, 36, 94, 41, 34, 38, 39, 26, 24,
+- 71, 26, 60, 40, 41, 47, 60, 2, 60, 76,
+- 3, 4, 5, 71, 66, 117, 67, 34, 50, 76,
+- 118, 68, 124, 19, 29, 42, 30, 31, 11, 32,
+- 87, 53, 65, 56, 19, 69, 119, 72, 78, 73,
+- 74, 79, 43, 129, 130, 33, 89, 77, 81, 112,
+- 113, 81, 76, 80, 83, 82, 84, 85, 88, 90,
+- 159, 91, 103, 95, 71, 76, 125, 60, 111, 127,
+- 99, 128, 101, 112, 137, 113, 139, 76, 89, 140,
+- 130, 81, 129, 147, 148, 1, 2, 141, 142, 126,
+- 55, 109, 59, 56, 58, 57, 97, 92, 75, 70,
+- 93, 86, 136, 146, 59, 138, 81, 86, 120, 145,
+- 64, 89, 144, 135, 96, 98, 0, 134, 102, 107,
+- 100, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 89, 26, 0, 0,
+- 86, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 86, 12, 0, 0, 0,
+- 26, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 26, 9, 0, 0, 12,
+- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 25, 0, 25, 41, 41,
+- 29, 0, 30, 31, 25, 32, 10, 25, 0, 9,
+- 41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
+- 41, 33, 29, 0, 30, 31, 19, 32, 19, 41,
+- 41, 19, 19, 19, 19, 19, 19, 19, 19, 10,
+- 8, 0, 0, 33, 0, 0, 40, 41, 0, 19,
+- 19, 19, 19, 19, 19, 76, 0, 76, 0, 0,
+- 76, 76, 76, 76, 76, 76, 76, 76, 42, 11,
+- 0, 0, 0, 8, 0, 0, 0, 0, 76, 76,
+- 76, 76, 76, 76, 81, 0, 81, 0, 0, 81,
+- 81, 81, 81, 81, 81, 81, 81, 0, 7, 0,
+- 0, 0, 11, 0, 0, 0, 0, 81, 81, 81,
+- 81, 81, 81, 117, 89, 0, 89, 0, 118, 89,
+- 89, 89, 89, 89, 89, 89, 89, 15, 0, 0,
+- 0, 7, 0, 0, 119, 0, 0, 89, 89, 89,
+- 89, 89, 89, 86, 0, 86, 0, 0, 86, 86,
+- 86, 86, 86, 86, 86, 86, 13, 0, 0, 0,
+- 15, 0, 0, 0, 0, 0, 86, 86, 86, 86,
+- 86, 86, 0, 26, 0, 26, 0, 0, 26, 26,
+- 26, 26, 26, 26, 26, 26, 14, 0, 0, 13,
+- 0, 0, 0, 0, 0, 0, 26, 26, 26, 26,
+- 26, 26, 12, 0, 12, 0, 0, 12, 12, 12,
+- 12, 12, 12, 12, 12, 16, 0, 0, 0, 14,
+- 0, 0, 0, 0, 0, 12, 12, 12, 12, 12,
+- 12, 0, 9, 0, 9, 0, 0, 9, 9, 9,
+- 9, 9, 9, 9, 9, 0, 0, 0, 16, 0,
+- 0, 0, 0, 0, 0, 9, 9, 9, 9, 9,
+- 9, 0, 10, 0, 10, 53, 0, 10, 10, 10,
+- 10, 10, 10, 10, 10, 0, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 10, 10, 10, 10, 10,
+- 10, 42, 0, 0, 0, 0, 8, 0, 8, 0,
+- 0, 8, 8, 8, 8, 8, 8, 8, 8, 0,
+- 0, 0, 0, 0, 43, 17, 0, 0, 0, 8,
+- 8, 8, 8, 8, 8, 11, 0, 11, 0, 0,
+- 11, 11, 11, 11, 11, 11, 11, 11, 0, 0,
+- 108, 0, 0, 17, 0, 0, 0, 0, 11, 11,
+- 11, 11, 11, 11, 7, 17, 7, 0, 0, 7,
+- 7, 7, 7, 7, 7, 7, 7, 0, 0, 0,
+- 0, 43, 0, 0, 0, 0, 0, 7, 7, 7,
+- 7, 7, 7, 15, 0, 15, 0, 0, 15, 15,
+- 15, 15, 15, 15, 15, 15, 48, 0, 0, 0,
+- 0, 0, 0, 0, 0, 0, 15, 15, 15, 15,
+- 15, 15, 13, 0, 13, 0, 0, 13, 13, 13,
+- 13, 13, 13, 13, 13, 49, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 13, 13, 13, 13, 13,
+- 13, 0, 14, 0, 14, 0, 0, 14, 14, 14,
+- 14, 14, 14, 14, 14, 50, 0, 0, 0, 0,
+- 0, 0, 0, 0, 0, 14, 14, 14, 14, 14,
+- 14, 16, 0, 16, 0, 0, 16, 16, 16, 16,
+- 16, 16, 16, 16, 0, 0, 0, 0, 0, 53,
+- 53, 0, 0, 0, 16, 16, 16, 16, 16, 16,
+- 0, 53, 53, 53, 53, 53, 53, 53, 53, 53,
+- 53, 53, 0, 0, 0, 42, 42, 0, 53, 53,
+- 53, 53, 0, 0, 0, 0, 0, 42, 42, 42,
+- 42, 42, 42, 42, 42, 42, 42, 42, 43, 43,
+- 2, 0, 0, 3, 4, 5, 42, 42, 0, 0,
+- 43, 43, 43, 43, 43, 43, 43, 43, 43, 43,
+- 43, 11, 0, 0, 0, 0, 1, 0, 2, 43,
+- 43, 3, 4, 5, 6, 7, 8, 9, 10, 0,
+- 2, 0, 0, 3, 4, 5, 0, 0, 0, 11,
+- 12, 13, 14, 15, 16, 40, 41, 0, 0, 0,
+- 0, 11, 0, 0, 0, 0, 0, 149, 150, 151,
+- 152, 153, 154, 155, 156, 157, 158, 42, 0, 0,
+- 48, 48, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 48, 48, 48, 48, 48, 48, 48, 48,
+- 48, 48, 48, 0, 0, 0, 0, 0, 0, 49,
+- 49, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 49, 49, 49, 49, 49, 49, 49, 49, 49,
+- 49, 49, 0, 0, 0, 0, 0, 0, 0, 50,
+- 50, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 50, 50, 50, 50, 50, 50, 50, 50, 50,
+- 50, 50,
+-};
+-#if defined(__cplusplus) || defined(__STDC__)
+-const short yycheck[] =
++
++#ifdef YYTYPE_UINT16
++typedef YYTYPE_UINT16 yytype_uint16;
++#else
++typedef unsigned short int yytype_uint16;
++#endif
++
++#ifdef YYTYPE_INT16
++typedef YYTYPE_INT16 yytype_int16;
++#else
++typedef short int yytype_int16;
++#endif
++
++#ifndef YYSIZE_T
++# ifdef __SIZE_TYPE__
++# define YYSIZE_T __SIZE_TYPE__
++# elif defined size_t
++# define YYSIZE_T size_t
++# elif ! defined YYSIZE_T && (defined __STDC__ || defined __C99__FUNC__ \
++ || defined __cplusplus || defined _MSC_VER)
++# include <stddef.h> /* INFRINGES ON USER NAME SPACE */
++# define YYSIZE_T size_t
++# else
++# define YYSIZE_T unsigned int
++# endif
++#endif
++
++#define YYSIZE_MAXIMUM ((YYSIZE_T) -1)
++
++#ifndef YY_
++# if defined YYENABLE_NLS && YYENABLE_NLS
++# if ENABLE_NLS
++# include <libintl.h> /* INFRINGES ON USER NAME SPACE */
++# define YY_(Msgid) dgettext ("bison-runtime", Msgid)
++# endif
++# endif
++# ifndef YY_
++# define YY_(Msgid) Msgid
++# endif
++#endif
++
++/* Suppress unused-variable warnings by "using" E. */
++#if ! defined lint || defined __GNUC__
++# define YYUSE(E) ((void) (E))
++#else
++# define YYUSE(E) /* empty */
++#endif
++
++/* Identity function, used to suppress warnings about constant conditions. */
++#ifndef lint
++# define YYID(N) (N)
++#else
++#if (defined __STDC__ || defined __C99__FUNC__ \
++ || defined __cplusplus || defined _MSC_VER)
++static int
++YYID (int yyi)
+ #else
+-short yycheck[] =
++static int
++YYID (yyi)
++ int yyi;
++#endif
++{
++ return yyi;
++}
+ #endif
+- { 33,
+- 0, 33, 7, 76, 33, 33, 8, 9, 33, 280,
+- 44, 33, 44, 257, 258, 258, 44, 258, 44, 44,
+- 261, 262, 263, 44, 43, 258, 45, 33, 258, 0,
+- 263, 259, 58, 33, 258, 279, 260, 261, 279, 263,
+- 61, 258, 61, 258, 44, 44, 279, 36, 61, 38,
+- 39, 58, 33, 288, 289, 279, 263, 46, 0, 286,
+- 287, 58, 33, 61, 58, 61, 61, 58, 58, 263,
+- 143, 263, 40, 78, 44, 44, 41, 44, 44, 61,
+- 82, 61, 84, 286, 44, 287, 263, 58, 0, 263,
+- 289, 33, 288, 263, 263, 0, 0, 61, 61, 111,
+- 41, 103, 41, 41, 41, 41, 80, 69, 43, 34,
+- 71, 60, 120, 137, 17, 124, 58, 0, 33, 133,
+- 22, 33, 132, 116, 79, 81, -1, 115, 85, 88,
+- 83, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+- -1, -1, -1, -1, -1, -1, 58, 0, -1, -1,
+- 33, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+- -1, -1, -1, -1, -1, 58, 0, -1, -1, -1,
+- 33, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+- -1, -1, -1, -1, -1, 58, 0, -1, -1, 33,
+- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+- -1, -1, -1, -1, -1, 259, -1, 259, 257, 258,
+- 258, -1, 260, 261, 259, 263, 0, 259, -1, 33,
+- 269, 270, 271, 272, 273, 274, 275, 276, 277, 278,
+- 279, 279, 258, -1, 260, 261, 256, 263, 258, 288,
+- 289, 261, 262, 263, 264, 265, 266, 267, 268, 33,
+- 0, -1, -1, 279, -1, -1, 257, 258, -1, 279,
+- 280, 281, 282, 283, 284, 256, -1, 258, -1, -1,
+- 261, 262, 263, 264, 265, 266, 267, 268, 279, 0,
+- -1, -1, -1, 33, -1, -1, -1, -1, 279, 280,
+- 281, 282, 283, 284, 256, -1, 258, -1, -1, 261,
+- 262, 263, 264, 265, 266, 267, 268, -1, 0, -1,
+- -1, -1, 33, -1, -1, -1, -1, 279, 280, 281,
+- 282, 283, 284, 258, 256, -1, 258, -1, 263, 261,
+- 262, 263, 264, 265, 266, 267, 268, 0, -1, -1,
+- -1, 33, -1, -1, 279, -1, -1, 279, 280, 281,
+- 282, 283, 284, 256, -1, 258, -1, -1, 261, 262,
+- 263, 264, 265, 266, 267, 268, 0, -1, -1, -1,
+- 33, -1, -1, -1, -1, -1, 279, 280, 281, 282,
+- 283, 284, -1, 256, -1, 258, -1, -1, 261, 262,
+- 263, 264, 265, 266, 267, 268, 0, -1, -1, 33,
+- -1, -1, -1, -1, -1, -1, 279, 280, 281, 282,
+- 283, 284, 256, -1, 258, -1, -1, 261, 262, 263,
+- 264, 265, 266, 267, 268, 0, -1, -1, -1, 33,
+- -1, -1, -1, -1, -1, 279, 280, 281, 282, 283,
+- 284, -1, 256, -1, 258, -1, -1, 261, 262, 263,
+- 264, 265, 266, 267, 268, -1, -1, -1, 33, -1,
+- -1, -1, -1, -1, -1, 279, 280, 281, 282, 283,
+- 284, -1, 256, -1, 258, 33, -1, 261, 262, 263,
+- 264, 265, 266, 267, 268, -1, -1, -1, -1, -1,
+- -1, -1, -1, -1, -1, 279, 280, 281, 282, 283,
+- 284, 33, -1, -1, -1, -1, 256, -1, 258, -1,
+- -1, 261, 262, 263, 264, 265, 266, 267, 268, -1,
+- -1, -1, -1, -1, 33, 33, -1, -1, -1, 279,
+- 280, 281, 282, 283, 284, 256, -1, 258, -1, -1,
+- 261, 262, 263, 264, 265, 266, 267, 268, -1, -1,
+- 58, -1, -1, 33, -1, -1, -1, -1, 279, 280,
+- 281, 282, 283, 284, 256, 33, 258, -1, -1, 261,
+- 262, 263, 264, 265, 266, 267, 268, -1, -1, -1,
+- -1, 33, -1, -1, -1, -1, -1, 279, 280, 281,
+- 282, 283, 284, 256, -1, 258, -1, -1, 261, 262,
+- 263, 264, 265, 266, 267, 268, 33, -1, -1, -1,
+- -1, -1, -1, -1, -1, -1, 279, 280, 281, 282,
+- 283, 284, 256, -1, 258, -1, -1, 261, 262, 263,
+- 264, 265, 266, 267, 268, 33, -1, -1, -1, -1,
+- -1, -1, -1, -1, -1, 279, 280, 281, 282, 283,
+- 284, -1, 256, -1, 258, -1, -1, 261, 262, 263,
+- 264, 265, 266, 267, 268, 33, -1, -1, -1, -1,
+- -1, -1, -1, -1, -1, 279, 280, 281, 282, 283,
+- 284, 256, -1, 258, -1, -1, 261, 262, 263, 264,
+- 265, 266, 267, 268, -1, -1, -1, -1, -1, 257,
+- 258, -1, -1, -1, 279, 280, 281, 282, 283, 284,
+- -1, 269, 270, 271, 272, 273, 274, 275, 276, 277,
+- 278, 279, -1, -1, -1, 257, 258, -1, 286, 287,
+- 288, 289, -1, -1, -1, -1, -1, 269, 270, 271,
+- 272, 273, 274, 275, 276, 277, 278, 279, 257, 258,
+- 258, -1, -1, 261, 262, 263, 288, 289, -1, -1,
+- 269, 270, 271, 272, 273, 274, 275, 276, 277, 278,
+- 279, 279, -1, -1, -1, -1, 256, -1, 258, 288,
+- 289, 261, 262, 263, 264, 265, 266, 267, 268, -1,
+- 258, -1, -1, 261, 262, 263, -1, -1, -1, 279,
+- 280, 281, 282, 283, 284, 257, 258, -1, -1, -1,
+- -1, 279, -1, -1, -1, -1, -1, 269, 270, 271,
+- 272, 273, 274, 275, 276, 277, 278, 279, -1, -1,
+- 257, 258, -1, -1, -1, -1, -1, -1, -1, -1,
+- -1, -1, 269, 270, 271, 272, 273, 274, 275, 276,
+- 277, 278, 279, -1, -1, -1, -1, -1, -1, 257,
+- 258, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+- -1, 269, 270, 271, 272, 273, 274, 275, 276, 277,
+- 278, 279, -1, -1, -1, -1, -1, -1, -1, 257,
+- 258, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+- -1, 269, 270, 271, 272, 273, 274, 275, 276, 277,
+- 278, 279,
++
++#if ! defined yyoverflow || YYERROR_VERBOSE
++
++/* The parser invokes alloca or malloc; define the necessary symbols. */
++
++# ifdef YYSTACK_USE_ALLOCA
++# if YYSTACK_USE_ALLOCA
++# ifdef __GNUC__
++# define YYSTACK_ALLOC __builtin_alloca
++# elif defined __BUILTIN_VA_ARG_INCR
++# include <alloca.h> /* INFRINGES ON USER NAME SPACE */
++# elif defined _AIX
++# define YYSTACK_ALLOC __alloca
++# elif defined _MSC_VER
++# include <malloc.h> /* INFRINGES ON USER NAME SPACE */
++# define alloca _alloca
++# else
++# define YYSTACK_ALLOC alloca
++# if ! defined _ALLOCA_H && ! defined EXIT_SUCCESS && (defined __STDC__ || defined __C99__FUNC__ \
++ || defined __cplusplus || defined _MSC_VER)
++# include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
++ /* Use EXIT_SUCCESS as a witness for stdlib.h. */
++# ifndef EXIT_SUCCESS
++# define EXIT_SUCCESS 0
++# endif
++# endif
++# endif
++# endif
++# endif
++
++# ifdef YYSTACK_ALLOC
++ /* Pacify GCC's `empty if-body' warning. */
++# define YYSTACK_FREE(Ptr) do { /* empty */; } while (YYID (0))
++# ifndef YYSTACK_ALLOC_MAXIMUM
++ /* The OS might guarantee only one guard page at the bottom of the stack,
++ and a page size can be as small as 4096 bytes. So we cannot safely
++ invoke alloca (N) if N exceeds 4096. Use a slightly smaller number
++ to allow for a few compiler-allocated temporary stack slots. */
++# define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2006 */
++# endif
++# else
++# define YYSTACK_ALLOC YYMALLOC
++# define YYSTACK_FREE YYFREE
++# ifndef YYSTACK_ALLOC_MAXIMUM
++# define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM
++# endif
++# if (defined __cplusplus && ! defined EXIT_SUCCESS \
++ && ! ((defined YYMALLOC || defined malloc) \
++ && (defined YYFREE || defined free)))
++# include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
++# ifndef EXIT_SUCCESS
++# define EXIT_SUCCESS 0
++# endif
++# endif
++# ifndef YYMALLOC
++# define YYMALLOC malloc
++# if ! defined malloc && ! defined EXIT_SUCCESS && (defined __STDC__ || defined __C99__FUNC__ \
++ || defined __cplusplus || defined _MSC_VER)
++void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */
++# endif
++# endif
++# ifndef YYFREE
++# define YYFREE free
++# if ! defined free && ! defined EXIT_SUCCESS && (defined __STDC__ || defined __C99__FUNC__ \
++ || defined __cplusplus || defined _MSC_VER)
++void free (void *); /* INFRINGES ON USER NAME SPACE */
++# endif
++# endif
++# endif
++#endif /* ! defined yyoverflow || YYERROR_VERBOSE */
++
++
++#if (! defined yyoverflow \
++ && (! defined __cplusplus \
++ || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL)))
++
++/* A type that is properly aligned for any stack member. */
++union yyalloc
++{
++ yytype_int16 yyss_alloc;
++ YYSTYPE yyvs_alloc;
+ };
+-#define YYFINAL 18
+-#ifndef YYDEBUG
+-#define YYDEBUG 0
++
++/* The size of the maximum gap between one aligned stack and the next. */
++# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1)
++
++/* The size of an array large to enough to hold all stacks, each with
++ N elements. */
++# define YYSTACK_BYTES(N) \
++ ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \
++ + YYSTACK_GAP_MAXIMUM)
++
++# define YYCOPY_NEEDED 1
++
++/* Relocate STACK from its old location to the new one. The
++ local variables YYSIZE and YYSTACKSIZE give the old and new number of
++ elements in the stack, and YYPTR gives the new location of the
++ stack. Advance YYPTR to a properly aligned location for the next
++ stack. */
++# define YYSTACK_RELOCATE(Stack_alloc, Stack) \
++ do \
++ { \
++ YYSIZE_T yynewbytes; \
++ YYCOPY (&yyptr->Stack_alloc, Stack, yysize); \
++ Stack = &yyptr->Stack_alloc; \
++ yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \
++ yyptr += yynewbytes / sizeof (*yyptr); \
++ } \
++ while (YYID (0))
++
+ #endif
+-#define YYMAXTOKEN 290
++
++#if defined YYCOPY_NEEDED && YYCOPY_NEEDED
++/* Copy COUNT objects from SRC to DST. The source and destination do
++ not overlap. */
++# ifndef YYCOPY
++# if defined __GNUC__ && 1 < __GNUC__
++# define YYCOPY(Dst, Src, Count) \
++ __builtin_memcpy (Dst, Src, (Count) * sizeof (*(Src)))
++# else
++# define YYCOPY(Dst, Src, Count) \
++ do \
++ { \
++ YYSIZE_T yyi; \
++ for (yyi = 0; yyi < (Count); yyi++) \
++ (Dst)[yyi] = (Src)[yyi]; \
++ } \
++ while (YYID (0))
++# endif
++# endif
++#endif /* !YYCOPY_NEEDED */
++
++/* YYFINAL -- State number of the termination state. */
++#define YYFINAL 66
++/* YYLAST -- Last index in YYTABLE. */
++#define YYLAST 225
++
++/* YYNTOKENS -- Number of terminals. */
++#define YYNTOKENS 50
++/* YYNNTS -- Number of nonterminals. */
++#define YYNNTS 41
++/* YYNRULES -- Number of rules. */
++#define YYNRULES 112
++/* YYNRULES -- Number of states. */
++#define YYNSTATES 176
++
++/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */
++#define YYUNDEFTOK 2
++#define YYMAXUTOK 296
++
++#define YYTRANSLATE(YYX) \
++ ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK)
++
++/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX. */
++static const yytype_uint8 yytranslate[] =
++{
++ 0, 2, 2, 2, 2, 2, 2, 2, 2, 2,
++ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
++ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
++ 2, 2, 2, 35, 2, 2, 2, 2, 2, 2,
++ 38, 39, 2, 36, 34, 37, 2, 2, 2, 2,
++ 2, 2, 2, 2, 2, 2, 2, 2, 32, 2,
++ 2, 33, 2, 2, 2, 2, 2, 2, 2, 2,
++ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
++ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
++ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
++ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
++ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
++ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
++ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
++ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
++ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
++ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
++ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
++ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
++ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
++ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
++ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
++ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
++ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
++ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
++ 2, 2, 2, 2, 2, 2, 1, 2, 3, 4,
++ 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
++ 15, 16, 17, 18, 19, 20, 21, 22, 23, 24,
++ 25, 26, 27, 28, 29, 30, 31, 40, 41, 42,
++ 43, 44, 45, 46, 47, 48, 49
++};
++
+ #if YYDEBUG
+-#if defined(__cplusplus) || defined(__STDC__)
+-const char * const yyname[] =
+-#else
+-char *yyname[] =
++/* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in
++ YYRHS. */
++static const yytype_uint16 yyprhs[] =
++{
++ 0, 0, 3, 4, 6, 8, 11, 13, 16, 19,
++ 22, 25, 28, 31, 34, 38, 42, 46, 50, 52,
++ 56, 58, 61, 65, 69, 73, 75, 79, 83, 85,
++ 88, 90, 92, 94, 96, 98, 100, 104, 110, 114,
++ 118, 122, 126, 128, 131, 133, 136, 140, 144, 145,
++ 147, 149, 152, 155, 159, 163, 164, 166, 168, 171,
++ 174, 175, 179, 180, 182, 186, 189, 191, 192, 195,
++ 198, 201, 204, 207, 210, 213, 216, 219, 222, 224,
++ 226, 228, 230, 234, 238, 240, 244, 246, 250, 254,
++ 256, 260, 262, 266, 270, 272, 276, 280, 282, 286,
++ 288, 291, 293, 295, 297, 299, 301, 303, 307, 309,
++ 312, 314, 316
++};
++
++/* YYRHS -- A `-1'-separated list of the rules' RHS. */
++static const yytype_int8 yyrhs[] =
++{
++ 51, 0, -1, -1, 52, -1, 53, -1, 52, 53,
++ -1, 27, -1, 1, 27, -1, 85, 56, -1, 30,
++ 83, -1, 28, 75, -1, 29, 78, -1, 31, 81,
++ -1, 11, 54, -1, 13, 85, 54, -1, 14, 85,
++ 54, -1, 12, 77, 54, -1, 15, 80, 54, -1,
++ 55, -1, 54, 34, 55, -1, 5, -1, 35, 5,
++ -1, 5, 33, 9, -1, 5, 36, 9, -1, 5,
++ 37, 9, -1, 57, -1, 56, 32, 57, -1, 77,
++ 33, 60, -1, 59, -1, 35, 59, -1, 4, -1,
++ 26, -1, 7, -1, 6, -1, 9, -1, 61, -1,
++ 60, 34, 61, -1, 71, 67, 70, 73, 63, -1,
++ 46, 32, 10, -1, 47, 32, 10, -1, 48, 32,
++ 10, -1, 49, 32, 10, -1, 64, -1, 62, 64,
++ -1, 74, -1, 35, 74, -1, 42, 33, 9, -1,
++ 41, 33, 9, -1, -1, 65, -1, 66, -1, 65,
++ 66, -1, 66, 65, -1, 43, 33, 9, -1, 44,
++ 33, 9, -1, -1, 68, -1, 69, -1, 68, 69,
++ -1, 69, 68, -1, -1, 38, 72, 39, -1, -1,
++ 85, -1, 85, 32, 88, -1, 32, 88, -1, 32,
++ -1, -1, 73, 16, -1, 73, 17, -1, 73, 18,
++ -1, 73, 19, -1, 73, 20, -1, 73, 21, -1,
++ 73, 22, -1, 73, 23, -1, 73, 24, -1, 73,
++ 25, -1, 26, -1, 4, -1, 3, -1, 76, -1,
++ 75, 32, 76, -1, 4, 33, 77, -1, 58, -1,
++ 77, 34, 58, -1, 79, -1, 78, 32, 79, -1,
++ 4, 33, 80, -1, 63, -1, 80, 34, 63, -1,
++ 82, -1, 81, 32, 82, -1, 4, 33, 85, -1,
++ 84, -1, 83, 32, 84, -1, 4, 33, 85, -1,
++ 86, -1, 85, 34, 86, -1, 87, -1, 35, 87,
++ -1, 4, -1, 26, -1, 7, -1, 8, -1, 9,
++ -1, 89, -1, 88, 34, 89, -1, 90, -1, 35,
++ 90, -1, 4, -1, 26, -1, 9, -1
++};
++
++/* YYRLINE[YYN] -- source line where rule number YYN was defined. */
++static const yytype_uint16 yyrline[] =
++{
++ 0, 214, 214, 215, 218, 219, 222, 225, 228, 231,
++ 234, 237, 240, 243, 246, 249, 252, 255, 260, 261,
++ 267, 270, 273, 276, 279, 284, 285, 291, 301, 305,
++ 311, 314, 317, 320, 323, 328, 329, 368, 398, 401,
++ 404, 407, 412, 415, 425, 429, 435, 440, 445, 449,
++ 453, 457, 461, 467, 471, 476, 480, 484, 488, 492,
++ 497, 500, 505, 510, 515, 520, 525, 532, 536, 539,
++ 542, 545, 548, 551, 554, 557, 560, 563, 568, 571,
++ 574, 582, 583, 586, 595, 596, 602, 603, 606, 615,
++ 616, 622, 623, 626, 635, 636, 639, 648, 649, 655,
++ 659, 665, 668, 671, 674, 677, 682, 683, 689, 693,
++ 699, 702, 705
++};
+ #endif
+- {
+-"end-of-file",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+-"'!'",0,0,0,0,0,0,"'('","')'",0,"'+'","','","'-'",0,0,0,0,0,0,0,0,0,0,0,0,"':'",
+-0,0,"'='",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+-0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+-0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+-0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+-0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+-"COMMAND","ALIAS","DEFVAR","NTWKADDR","NETGROUP","USERGROUP","WORD","DEFAULTS",
+-"DEFAULTS_HOST","DEFAULTS_USER","DEFAULTS_RUNAS","DEFAULTS_CMND","NOPASSWD",
+-"PASSWD","NOEXEC","EXEC","SETENV","NOSETENV","LOG_INPUT","NOLOG_INPUT",
+-"LOG_OUTPUT","NOLOG_OUTPUT","ALL","COMMENT","HOSTALIAS","CMNDALIAS","USERALIAS",
+-"RUNASALIAS","ERROR","TYPE","ROLE","PRIVS","LIMITPRIVS","MYSELF",
++
++#if YYDEBUG || YYERROR_VERBOSE || 0
++/* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM.
++ First, the terminals, then, starting at YYNTOKENS, nonterminals. */
++static const char *const yytname[] =
++{
++ "$end", "error", "$undefined", "COMMAND", "ALIAS", "DEFVAR", "NTWKADDR",
++ "NETGROUP", "USERGROUP", "WORD", "DIGEST", "DEFAULTS", "DEFAULTS_HOST",
++ "DEFAULTS_USER", "DEFAULTS_RUNAS", "DEFAULTS_CMND", "NOPASSWD", "PASSWD",
++ "NOEXEC", "EXEC", "SETENV", "NOSETENV", "LOG_INPUT", "NOLOG_INPUT",
++ "LOG_OUTPUT", "NOLOG_OUTPUT", "ALL", "COMMENT", "HOSTALIAS", "CMNDALIAS",
++ "USERALIAS", "RUNASALIAS", "':'", "'='", "','", "'!'", "'+'", "'-'",
++ "'('", "')'", "ERROR", "TYPE", "ROLE", "PRIVS", "LIMITPRIVS", "MYSELF",
++ "SHA224", "SHA256", "SHA384", "SHA512", "$accept", "file", "line",
++ "entry", "defaults_list", "defaults_entry", "privileges", "privilege",
++ "ophost", "host", "cmndspeclist", "cmndspec", "digest", "digcmnd",
++ "opcmnd", "rolespec", "typespec", "selinux", "privsspec",
++ "limitprivsspec", "solarisprivs", "runasspec", "runaslist", "cmndtag",
++ "cmnd", "hostaliases", "hostalias", "hostlist", "cmndaliases",
++ "cmndalias", "cmndlist", "runasaliases", "runasalias", "useraliases",
++ "useralias", "userlist", "opuser", "user", "grouplist", "opgroup",
++ "group", YY_NULL
+ };
+-#if defined(__cplusplus) || defined(__STDC__)
+-const char * const yyrule[] =
+-#else
+-char *yyrule[] =
+ #endif
+- {"$accept : file",
+-"file :",
+-"file : line",
+-"line : entry",
+-"line : line entry",
+-"entry : COMMENT",
+-"entry : error COMMENT",
+-"entry : userlist privileges",
+-"entry : USERALIAS useraliases",
+-"entry : HOSTALIAS hostaliases",
+-"entry : CMNDALIAS cmndaliases",
+-"entry : RUNASALIAS runasaliases",
+-"entry : DEFAULTS defaults_list",
+-"entry : DEFAULTS_USER userlist defaults_list",
+-"entry : DEFAULTS_RUNAS userlist defaults_list",
+-"entry : DEFAULTS_HOST hostlist defaults_list",
+-"entry : DEFAULTS_CMND cmndlist defaults_list",
+-"defaults_list : defaults_entry",
+-"defaults_list : defaults_list ',' defaults_entry",
+-"defaults_entry : DEFVAR",
+-"defaults_entry : '!' DEFVAR",
+-"defaults_entry : DEFVAR '=' WORD",
+-"defaults_entry : DEFVAR '+' WORD",
+-"defaults_entry : DEFVAR '-' WORD",
+-"privileges : privilege",
+-"privileges : privileges ':' privilege",
+-"privilege : hostlist '=' cmndspeclist",
+-"ophost : host",
+-"ophost : '!' host",
+-"host : ALIAS",
+-"host : ALL",
+-"host : NETGROUP",
+-"host : NTWKADDR",
+-"host : WORD",
+-"cmndspeclist : cmndspec",
+-"cmndspeclist : cmndspeclist ',' cmndspec",
+-"cmndspec : runasspec selinux solarisprivs cmndtag opcmnd",
+-"opcmnd : cmnd",
+-"opcmnd : '!' cmnd",
+-"rolespec : ROLE '=' WORD",
+-"typespec : TYPE '=' WORD",
+-"selinux :",
+-"selinux : rolespec",
+-"selinux : typespec",
+-"selinux : rolespec typespec",
+-"selinux : typespec rolespec",
+-"privsspec : PRIVS '=' WORD",
+-"limitprivsspec : LIMITPRIVS '=' WORD",
+-"solarisprivs :",
+-"solarisprivs : privsspec",
+-"solarisprivs : limitprivsspec",
+-"solarisprivs : privsspec limitprivsspec",
+-"solarisprivs : limitprivsspec privsspec",
+-"runasspec :",
+-"runasspec : '(' runaslist ')'",
+-"runaslist :",
+-"runaslist : userlist",
+-"runaslist : userlist ':' grouplist",
+-"runaslist : ':' grouplist",
+-"runaslist : ':'",
+-"cmndtag :",
+-"cmndtag : cmndtag NOPASSWD",
+-"cmndtag : cmndtag PASSWD",
+-"cmndtag : cmndtag NOEXEC",
+-"cmndtag : cmndtag EXEC",
+-"cmndtag : cmndtag SETENV",
+-"cmndtag : cmndtag NOSETENV",
+-"cmndtag : cmndtag LOG_INPUT",
+-"cmndtag : cmndtag NOLOG_INPUT",
+-"cmndtag : cmndtag LOG_OUTPUT",
+-"cmndtag : cmndtag NOLOG_OUTPUT",
+-"cmnd : ALL",
+-"cmnd : ALIAS",
+-"cmnd : COMMAND",
+-"hostaliases : hostalias",
+-"hostaliases : hostaliases ':' hostalias",
+-"hostalias : ALIAS '=' hostlist",
+-"hostlist : ophost",
+-"hostlist : hostlist ',' ophost",
+-"cmndaliases : cmndalias",
+-"cmndaliases : cmndaliases ':' cmndalias",
+-"cmndalias : ALIAS '=' cmndlist",
+-"cmndlist : opcmnd",
+-"cmndlist : cmndlist ',' opcmnd",
+-"runasaliases : runasalias",
+-"runasaliases : runasaliases ':' runasalias",
+-"runasalias : ALIAS '=' userlist",
+-"useraliases : useralias",
+-"useraliases : useraliases ':' useralias",
+-"useralias : ALIAS '=' userlist",
+-"userlist : opuser",
+-"userlist : userlist ',' opuser",
+-"opuser : user",
+-"opuser : '!' user",
+-"user : ALIAS",
+-"user : ALL",
+-"user : NETGROUP",
+-"user : USERGROUP",
+-"user : WORD",
+-"grouplist : opgroup",
+-"grouplist : grouplist ',' opgroup",
+-"opgroup : group",
+-"opgroup : '!' group",
+-"group : ALIAS",
+-"group : ALL",
+-"group : WORD",
++
++# ifdef YYPRINT
++/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to
++ token YYLEX-NUM. */
++static const yytype_uint16 yytoknum[] =
++{
++ 0, 256, 257, 258, 259, 260, 261, 262, 263, 264,
++ 265, 266, 267, 268, 269, 270, 271, 272, 273, 274,
++ 275, 276, 277, 278, 279, 280, 281, 282, 283, 284,
++ 285, 286, 58, 61, 44, 33, 43, 45, 40, 41,
++ 287, 288, 289, 290, 291, 292, 293, 294, 295, 296
++};
++# endif
++
++/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */
++static const yytype_uint8 yyr1[] =
++{
++ 0, 50, 51, 51, 52, 52, 53, 53, 53, 53,
++ 53, 53, 53, 53, 53, 53, 53, 53, 54, 54,
++ 55, 55, 55, 55, 55, 56, 56, 57, 58, 58,
++ 59, 59, 59, 59, 59, 60, 60, 61, 62, 62,
++ 62, 62, 63, 63, 64, 64, 65, 66, 67, 67,
++ 67, 67, 67, 68, 69, 70, 70, 70, 70, 70,
++ 71, 71, 72, 72, 72, 72, 72, 73, 73, 73,
++ 73, 73, 73, 73, 73, 73, 73, 73, 74, 74,
++ 74, 75, 75, 76, 77, 77, 78, 78, 79, 80,
++ 80, 81, 81, 82, 83, 83, 84, 85, 85, 86,
++ 86, 87, 87, 87, 87, 87, 88, 88, 89, 89,
++ 90, 90, 90
++};
++
++/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */
++static const yytype_uint8 yyr2[] =
++{
++ 0, 2, 0, 1, 1, 2, 1, 2, 2, 2,
++ 2, 2, 2, 2, 3, 3, 3, 3, 1, 3,
++ 1, 2, 3, 3, 3, 1, 3, 3, 1, 2,
++ 1, 1, 1, 1, 1, 1, 3, 5, 3, 3,
++ 3, 3, 1, 2, 1, 2, 3, 3, 0, 1,
++ 1, 2, 2, 3, 3, 0, 1, 1, 2, 2,
++ 0, 3, 0, 1, 3, 2, 1, 0, 2, 2,
++ 2, 2, 2, 2, 2, 2, 2, 2, 1, 1,
++ 1, 1, 3, 3, 1, 3, 1, 3, 3, 1,
++ 3, 1, 3, 3, 1, 3, 3, 1, 3, 1,
++ 2, 1, 1, 1, 1, 1, 1, 3, 1, 2,
++ 1, 1, 1
++};
++
++/* YYDEFACT[STATE-NAME] -- Default reduction number in state STATE-NUM.
++ Performed when YYTABLE doesn't specify something else to do. Zero
++ means the default is an error. */
++static const yytype_uint8 yydefact[] =
++{
++ 0, 0, 101, 103, 104, 105, 0, 0, 0, 0,
++ 0, 102, 6, 0, 0, 0, 0, 0, 0, 0,
++ 4, 0, 97, 99, 7, 20, 0, 13, 18, 30,
++ 33, 32, 34, 31, 0, 84, 28, 0, 0, 0,
++ 80, 79, 78, 0, 0, 0, 0, 0, 0, 89,
++ 42, 44, 0, 0, 10, 81, 0, 11, 86, 0,
++ 9, 94, 0, 12, 91, 100, 1, 5, 0, 8,
++ 25, 0, 0, 0, 0, 21, 0, 29, 0, 16,
++ 14, 15, 45, 0, 0, 0, 0, 43, 0, 17,
++ 0, 0, 0, 0, 0, 0, 0, 0, 98, 0,
++ 60, 22, 23, 24, 19, 85, 38, 39, 40, 41,
++ 90, 83, 82, 88, 87, 96, 95, 93, 92, 26,
++ 62, 27, 35, 48, 66, 0, 63, 60, 0, 0,
++ 49, 50, 55, 110, 112, 111, 0, 65, 106, 108,
++ 61, 0, 36, 0, 0, 51, 52, 0, 0, 56,
++ 57, 67, 109, 0, 64, 47, 46, 0, 0, 58,
++ 59, 0, 107, 53, 54, 68, 69, 70, 71, 72,
++ 73, 74, 75, 76, 77, 37
++};
++
++/* YYDEFGOTO[NTERM-NUM]. */
++static const yytype_int16 yydefgoto[] =
++{
++ -1, 18, 19, 20, 27, 28, 69, 70, 35, 36,
++ 121, 122, 48, 49, 50, 130, 131, 132, 149, 150,
++ 151, 123, 125, 161, 51, 54, 55, 71, 57, 58,
++ 52, 63, 64, 60, 61, 21, 22, 23, 137, 138,
++ 139
++};
++
++/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing
++ STATE-NUM. */
++#define YYPACT_NINF -86
++static const yytype_int16 yypact[] =
++{
++ 66, 8, -86, -86, -86, -86, 29, 56, 134, 134,
++ 5, -86, -86, 26, 28, 33, 39, 144, 46, 102,
++ -86, 7, -86, -86, -86, 121, 54, 27, -86, -86,
++ -86, -86, -86, -86, 155, -86, -86, 10, 23, 23,
++ -86, -86, -86, 101, 55, 57, 58, 67, 3, -86,
++ -86, -86, 34, 65, 68, -86, 74, 76, -86, 86,
++ 88, -86, 91, 93, -86, -86, -86, -86, 134, 94,
++ -86, 22, 126, 127, 138, -86, 29, -86, 56, 27,
++ 27, 27, -86, 145, 153, 156, 158, -86, 5, 27,
++ 56, 26, 5, 28, 134, 33, 134, 39, -86, 56,
++ 106, -86, -86, -86, -86, -86, -86, -86, -86, -86,
++ -86, 137, -86, 142, -86, 143, -86, 143, -86, -86,
++ 114, 146, -86, 30, 130, 136, -22, 106, 149, 150,
++ 147, 148, 40, -86, -86, -86, 141, 151, -86, -86,
++ -86, 130, -86, 169, 170, -86, -86, 159, 160, 140,
++ 152, -86, -86, 130, 151, -86, -86, 177, 180, -86,
++ -86, 1, -86, -86, -86, -86, -86, -86, -86, -86,
++ -86, -86, -86, -86, -86, -86
++};
++
++/* YYPGOTO[NTERM-NUM]. */
++static const yytype_int16 yypgoto[] =
++{
++ -86, -86, -86, 172, 135, 118, -86, 97, 119, 164,
++ -86, 72, -86, -85, 154, 69, 71, -86, 53, 59,
++ -86, -86, -86, -86, 161, -86, 115, -5, -86, 112,
++ 117, -86, 110, -86, 116, -8, 157, 193, 73, 60,
++ 79
++};
++
++/* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If
++ positive, shift that token. If negative, reduce the rule which
++ number is the opposite. If YYTABLE_NINF, syntax error. */
++#define YYTABLE_NINF -4
++static const yytype_int16 yytable[] =
++{
++ 38, 39, 37, 110, 40, 41, 40, 41, 40, 41,
++ 141, 29, 68, 30, 31, 25, 32, 165, 166, 167,
++ 168, 169, 170, 171, 172, 173, 174, 42, 25, 42,
++ 53, 42, 56, 33, 25, 24, 43, 59, 43, 25,
++ 43, 68, 34, 62, 78, 26, 66, 44, 45, 46,
++ 47, 44, 45, 46, 47, 100, 78, 68, 26, 75,
++ 29, 76, 30, 31, 26, 32, -2, 1, 88, 26,
++ 2, 128, 129, 3, 4, 5, 175, 6, 7, 8,
++ 9, 10, 33, 147, 148, 111, 115, 83, 117, 84,
++ 85, 34, 11, 12, 13, 14, 15, 16, 90, 86,
++ 91, 17, -3, 1, 40, 41, 2, 92, 93, 3,
++ 4, 5, 126, 6, 7, 8, 9, 10, 2, 94,
++ 95, 3, 4, 5, 96, 97, 99, 42, 11, 12,
++ 13, 14, 15, 16, 133, 101, 102, 17, 2, 134,
++ 11, 3, 4, 5, 120, 133, 124, 103, 2, 17,
++ 134, 3, 4, 5, 72, 106, 135, 73, 74, 29,
++ 11, 30, 31, 107, 32, 136, 108, 135, 109, 17,
++ 11, 78, 79, 80, 81, 140, 88, 68, 155, 156,
++ 127, 33, 143, 144, 148, 153, 163, 89, 128, 164,
++ 129, 67, 157, 158, 104, 147, 119, 105, 77, 142,
++ 146, 145, 87, 160, 82, 114, 112, 118, 159, 113,
++ 65, 116, 0, 162, 154, 152, 0, 0, 0, 0,
++ 0, 0, 0, 0, 0, 98
+ };
++
++#define yypact_value_is_default(Yystate) \
++ (!!((Yystate) == (-86)))
++
++#define yytable_value_is_error(Yytable_value) \
++ YYID (0)
++
++static const yytype_int16 yycheck[] =
++{
++ 8, 9, 7, 88, 3, 4, 3, 4, 3, 4,
++ 32, 4, 34, 6, 7, 5, 9, 16, 17, 18,
++ 19, 20, 21, 22, 23, 24, 25, 26, 5, 26,
++ 4, 26, 4, 26, 5, 27, 35, 4, 35, 5,
++ 35, 34, 35, 4, 34, 35, 0, 46, 47, 48,
++ 49, 46, 47, 48, 49, 33, 34, 34, 35, 5,
++ 4, 34, 6, 7, 35, 9, 0, 1, 34, 35,
++ 4, 41, 42, 7, 8, 9, 161, 11, 12, 13,
++ 14, 15, 26, 43, 44, 90, 94, 32, 96, 32,
++ 32, 35, 26, 27, 28, 29, 30, 31, 33, 32,
++ 32, 35, 0, 1, 3, 4, 4, 33, 32, 7,
++ 8, 9, 120, 11, 12, 13, 14, 15, 4, 33,
++ 32, 7, 8, 9, 33, 32, 32, 26, 26, 27,
++ 28, 29, 30, 31, 4, 9, 9, 35, 4, 9,
++ 26, 7, 8, 9, 38, 4, 32, 9, 4, 35,
++ 9, 7, 8, 9, 33, 10, 26, 36, 37, 4,
++ 26, 6, 7, 10, 9, 35, 10, 26, 10, 35,
++ 26, 34, 37, 38, 39, 39, 34, 34, 9, 9,
++ 34, 26, 33, 33, 44, 34, 9, 52, 41, 9,
++ 42, 19, 33, 33, 76, 43, 99, 78, 34, 127,
++ 131, 130, 48, 150, 43, 93, 91, 97, 149, 92,
++ 17, 95, -1, 153, 141, 136, -1, -1, -1, -1,
++ -1, -1, -1, -1, -1, 68
++};
++
++/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
++ symbol of state STATE-NUM. */
++static const yytype_uint8 yystos[] =
++{
++ 0, 1, 4, 7, 8, 9, 11, 12, 13, 14,
++ 15, 26, 27, 28, 29, 30, 31, 35, 51, 52,
++ 53, 85, 86, 87, 27, 5, 35, 54, 55, 4,
++ 6, 7, 9, 26, 35, 58, 59, 77, 85, 85,
++ 3, 4, 26, 35, 46, 47, 48, 49, 62, 63,
++ 64, 74, 80, 4, 75, 76, 4, 78, 79, 4,
++ 83, 84, 4, 81, 82, 87, 0, 53, 34, 56,
++ 57, 77, 33, 36, 37, 5, 34, 59, 34, 54,
++ 54, 54, 74, 32, 32, 32, 32, 64, 34, 54,
++ 33, 32, 33, 32, 33, 32, 33, 32, 86, 32,
++ 33, 9, 9, 9, 55, 58, 10, 10, 10, 10,
++ 63, 77, 76, 80, 79, 85, 84, 85, 82, 57,
++ 38, 60, 61, 71, 32, 72, 85, 34, 41, 42,
++ 65, 66, 67, 4, 9, 26, 35, 88, 89, 90,
++ 39, 32, 61, 33, 33, 66, 65, 43, 44, 68,
++ 69, 70, 90, 34, 88, 9, 9, 33, 33, 69,
++ 68, 73, 89, 9, 9, 16, 17, 18, 19, 20,
++ 21, 22, 23, 24, 25, 63
++};
++
++#define yyerrok (yyerrstatus = 0)
++#define yyclearin (yychar = YYEMPTY)
++#define YYEMPTY (-2)
++#define YYEOF 0
++
++#define YYACCEPT goto yyacceptlab
++#define YYABORT goto yyabortlab
++#define YYERROR goto yyerrorlab
++
++
++/* Like YYERROR except do call yyerror. This remains here temporarily
++ to ease the transition to the new meaning of YYERROR, for GCC.
++ Once GCC version 2 has supplanted version 1, this can go. However,
++ YYFAIL appears to be in use. Nevertheless, it is formally deprecated
++ in Bison 2.4.2's NEWS entry, where a plan to phase it out is
++ discussed. */
++
++#define YYFAIL goto yyerrlab
++#if defined YYFAIL
++ /* This is here to suppress warnings from the GCC cpp's
++ -Wunused-macros. Normally we don't worry about that warning, but
++ some users do, and we want to make it easy for users to remove
++ YYFAIL uses, which will produce warnings from Bison 2.5. */
++#endif
++
++#define YYRECOVERING() (!!yyerrstatus)
++
++#define YYBACKUP(Token, Value) \
++do \
++ if (yychar == YYEMPTY) \
++ { \
++ yychar = (Token); \
++ yylval = (Value); \
++ YYPOPSTACK (yylen); \
++ yystate = *yyssp; \
++ goto yybackup; \
++ } \
++ else \
++ { \
++ yyerror (YY_("syntax error: cannot back up")); \
++ YYERROR; \
++ } \
++while (YYID (0))
++
++/* Error token number */
++#define YYTERROR 1
++#define YYERRCODE 256
++
++
++/* This macro is provided for backward compatibility. */
++#ifndef YY_LOCATION_PRINT
++# define YY_LOCATION_PRINT(File, Loc) ((void) 0)
+ #endif
+-#ifdef YYSTACKSIZE
+-#undef YYMAXDEPTH
+-#define YYMAXDEPTH YYSTACKSIZE
+-#else
+-#ifdef YYMAXDEPTH
+-#define YYSTACKSIZE YYMAXDEPTH
++
++
++/* YYLEX -- calling `yylex' with the right arguments. */
++#ifdef YYLEX_PARAM
++# define YYLEX yylex (YYLEX_PARAM)
+ #else
+-#define YYSTACKSIZE 10000
+-#define YYMAXDEPTH 10000
++# define YYLEX yylex ()
+ #endif
++
++/* Enable debugging if requested. */
++#if YYDEBUG
++
++# ifndef YYFPRINTF
++# include <stdio.h> /* INFRINGES ON USER NAME SPACE */
++# define YYFPRINTF fprintf
++# endif
++
++# define YYDPRINTF(Args) \
++do { \
++ if (yydebug) \
++ YYFPRINTF Args; \
++} while (YYID (0))
++
++# define YY_SYMBOL_PRINT(Title, Type, Value, Location) \
++do { \
++ if (yydebug) \
++ { \
++ YYFPRINTF (stderr, "%s ", Title); \
++ yy_symbol_print (stderr, \
++ Type, Value); \
++ YYFPRINTF (stderr, "\n"); \
++ } \
++} while (YYID (0))
++
++
++/*--------------------------------.
++| Print this symbol on YYOUTPUT. |
++`--------------------------------*/
++
++/*ARGSUSED*/
++#if (defined __STDC__ || defined __C99__FUNC__ \
++ || defined __cplusplus || defined _MSC_VER)
++static void
++yy_symbol_value_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
++#else
++static void
++yy_symbol_value_print (yyoutput, yytype, yyvaluep)
++ FILE *yyoutput;
++ int yytype;
++ YYSTYPE const * const yyvaluep;
+ #endif
+-#define YYINITSTACKSIZE 200
+-/* LINTUSED */
+-int yydebug;
+-int yynerrs;
+-int yyerrflag;
+-int yychar;
+-short *yyssp;
+-YYSTYPE *yyvsp;
+-YYSTYPE yyval;
+-YYSTYPE yylval;
+-short *yyss;
+-short *yysslim;
+-YYSTYPE *yyvs;
+-int yystacksize;
+-#line 674 "gram.y"
+-static struct defaults *
+-new_default(char *var, char *val, int op)
+ {
+- struct defaults *d;
+- debug_decl(new_default, SUDO_DEBUG_PARSER)
++ FILE *yyo = yyoutput;
++ YYUSE (yyo);
++ if (!yyvaluep)
++ return;
++# ifdef YYPRINT
++ if (yytype < YYNTOKENS)
++ YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep);
++# else
++ YYUSE (yyoutput);
++# endif
++ switch (yytype)
++ {
++ default:
++ break;
++ }
++}
+
+- d = ecalloc(1, sizeof(struct defaults));
+- d->var = var;
+- d->val = val;
+- tq_init(&d->binding);
+- /* d->type = 0; */
+- d->op = op;
+- d->prev = d;
+- /* d->next = NULL; */
+
+- debug_return_ptr(d);
+-}
++/*--------------------------------.
++| Print this symbol on YYOUTPUT. |
++`--------------------------------*/
+
+-static struct member *
+-new_member(char *name, int type)
++#if (defined __STDC__ || defined __C99__FUNC__ \
++ || defined __cplusplus || defined _MSC_VER)
++static void
++yy_symbol_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep)
++#else
++static void
++yy_symbol_print (yyoutput, yytype, yyvaluep)
++ FILE *yyoutput;
++ int yytype;
++ YYSTYPE const * const yyvaluep;
++#endif
+ {
+- struct member *m;
+- debug_decl(new_member, SUDO_DEBUG_PARSER)
+-
+- m = ecalloc(1, sizeof(struct member));
+- m->name = name;
+- m->type = type;
+- m->prev = m;
+- /* m->next = NULL; */
++ if (yytype < YYNTOKENS)
++ YYFPRINTF (yyoutput, "token %s (", yytname[yytype]);
++ else
++ YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]);
+
+- debug_return_ptr(m);
++ yy_symbol_value_print (yyoutput, yytype, yyvaluep);
++ YYFPRINTF (yyoutput, ")");
+ }
+
+-/*
+- * Add a list of defaults structures to the defaults list.
+- * The binding, if non-NULL, specifies a list of hosts, users, or
+- * runas users the entries apply to (specified by the type).
+- */
++/*------------------------------------------------------------------.
++| yy_stack_print -- Print the state stack from its BOTTOM up to its |
++| TOP (included). |
++`------------------------------------------------------------------*/
++
++#if (defined __STDC__ || defined __C99__FUNC__ \
++ || defined __cplusplus || defined _MSC_VER)
+ static void
+-add_defaults(int type, struct member *bmem, struct defaults *defs)
++yy_stack_print (yytype_int16 *yybottom, yytype_int16 *yytop)
++#else
++static void
++yy_stack_print (yybottom, yytop)
++ yytype_int16 *yybottom;
++ yytype_int16 *yytop;
++#endif
+ {
+- struct defaults *d;
+- struct member_list binding;
+- debug_decl(add_defaults, SUDO_DEBUG_PARSER)
++ YYFPRINTF (stderr, "Stack now");
++ for (; yybottom <= yytop; yybottom++)
++ {
++ int yybot = *yybottom;
++ YYFPRINTF (stderr, " %d", yybot);
++ }
++ YYFPRINTF (stderr, "\n");
++}
+
+- /*
+- * We can only call list2tq once on bmem as it will zero
+- * out the prev pointer when it consumes bmem.
+- */
+- list2tq(&binding, bmem);
++# define YY_STACK_PRINT(Bottom, Top) \
++do { \
++ if (yydebug) \
++ yy_stack_print ((Bottom), (Top)); \
++} while (YYID (0))
+
+- /*
+- * Set type and binding (who it applies to) for new entries.
+- */
+- for (d = defs; d != NULL; d = d->next) {
+- d->type = type;
+- d->binding = binding;
++
++/*------------------------------------------------.
++| Report that the YYRULE is going to be reduced. |
++`------------------------------------------------*/
++
++#if (defined __STDC__ || defined __C99__FUNC__ \
++ || defined __cplusplus || defined _MSC_VER)
++static void
++yy_reduce_print (YYSTYPE *yyvsp, int yyrule)
++#else
++static void
++yy_reduce_print (yyvsp, yyrule)
++ YYSTYPE *yyvsp;
++ int yyrule;
++#endif
++{
++ int yynrhs = yyr2[yyrule];
++ int yyi;
++ unsigned long int yylno = yyrline[yyrule];
++ YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n",
++ yyrule - 1, yylno);
++ /* The symbols being reduced. */
++ for (yyi = 0; yyi < yynrhs; yyi++)
++ {
++ YYFPRINTF (stderr, " $%d = ", yyi + 1);
++ yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi],
++ &(yyvsp[(yyi + 1) - (yynrhs)])
++ );
++ YYFPRINTF (stderr, "\n");
+ }
+- tq_append(&defaults, defs);
++}
+
+- debug_return;
++# define YY_REDUCE_PRINT(Rule) \
++do { \
++ if (yydebug) \
++ yy_reduce_print (yyvsp, Rule); \
++} while (YYID (0))
++
++/* Nonzero means print parse trace. It is left uninitialized so that
++ multiple parsers can coexist. */
++int yydebug;
++#else /* !YYDEBUG */
++# define YYDPRINTF(Args)
++# define YY_SYMBOL_PRINT(Title, Type, Value, Location)
++# define YY_STACK_PRINT(Bottom, Top)
++# define YY_REDUCE_PRINT(Rule)
++#endif /* !YYDEBUG */
++
++
++/* YYINITDEPTH -- initial size of the parser's stacks. */
++#ifndef YYINITDEPTH
++# define YYINITDEPTH 200
++#endif
++
++/* YYMAXDEPTH -- maximum size the stacks can grow to (effective only
++ if the built-in stack extension method is used).
++
++ Do not make this value too large; the results are undefined if
++ YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH)
++ evaluated with infinite-precision integer arithmetic. */
++
++#ifndef YYMAXDEPTH
++# define YYMAXDEPTH 10000
++#endif
++
++
++#if YYERROR_VERBOSE
++
++# ifndef yystrlen
++# if defined __GLIBC__ && defined _STRING_H
++# define yystrlen strlen
++# else
++/* Return the length of YYSTR. */
++#if (defined __STDC__ || defined __C99__FUNC__ \
++ || defined __cplusplus || defined _MSC_VER)
++static YYSIZE_T
++yystrlen (const char *yystr)
++#else
++static YYSIZE_T
++yystrlen (yystr)
++ const char *yystr;
++#endif
++{
++ YYSIZE_T yylen;
++ for (yylen = 0; yystr[yylen]; yylen++)
++ continue;
++ return yylen;
+ }
++# endif
++# endif
+
+-/*
+- * Allocate a new struct userspec, populate it, and insert it at the
+- * and of the userspecs list.
+- */
+-static void
+-add_userspec(struct member *members, struct privilege *privs)
++# ifndef yystpcpy
++# if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE
++# define yystpcpy stpcpy
++# else
++/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in
++ YYDEST. */
++#if (defined __STDC__ || defined __C99__FUNC__ \
++ || defined __cplusplus || defined _MSC_VER)
++static char *
++yystpcpy (char *yydest, const char *yysrc)
++#else
++static char *
++yystpcpy (yydest, yysrc)
++ char *yydest;
++ const char *yysrc;
++#endif
+ {
+- struct userspec *u;
+- debug_decl(add_userspec, SUDO_DEBUG_PARSER)
++ char *yyd = yydest;
++ const char *yys = yysrc;
+
+- u = ecalloc(1, sizeof(*u));
+- list2tq(&u->users, members);
+- list2tq(&u->privileges, privs);
+- u->prev = u;
+- /* u->next = NULL; */
+- tq_append(&userspecs, u);
++ while ((*yyd++ = *yys++) != '\0')
++ continue;
+
+- debug_return;
++ return yyd - 1;
+ }
++# endif
++# endif
+
+-/*
+- * Free up space used by data structures from a previous parser run and sets
+- * the current sudoers file to path.
+- */
+-void
+-init_parser(const char *path, bool quiet)
++# ifndef yytnamerr
++/* Copy to YYRES the contents of YYSTR after stripping away unnecessary
++ quotes and backslashes, so that it's suitable for yyerror. The
++ heuristic is that double-quoting is unnecessary unless the string
++ contains an apostrophe, a comma, or backslash (other than
++ backslash-backslash). YYSTR is taken from yytname. If YYRES is
++ null, do not copy; instead, return the length of what the result
++ would have been. */
++static YYSIZE_T
++yytnamerr (char *yyres, const char *yystr)
+ {
+- struct defaults *d;
+- struct member *m, *binding;
+- struct userspec *us;
+- struct privilege *priv;
+- struct cmndspec *cs;
+- struct sudo_command *c;
+- debug_decl(init_parser, SUDO_DEBUG_PARSER)
++ if (*yystr == '"')
++ {
++ YYSIZE_T yyn = 0;
++ char const *yyp = yystr;
+
+- while ((us = tq_pop(&userspecs)) != NULL) {
+- while ((m = tq_pop(&us->users)) != NULL) {
+- efree(m->name);
+- efree(m);
+- }
+- while ((priv = tq_pop(&us->privileges)) != NULL) {
+- struct member *runasuser = NULL, *runasgroup = NULL;
+-#ifdef HAVE_SELINUX
+- char *role = NULL, *type = NULL;
+-#endif /* HAVE_SELINUX */
+-#ifdef HAVE_PRIV_SET
+- char *privs = NULL, *limitprivs = NULL;
+-#endif /* HAVE_PRIV_SET */
++ for (;;)
++ switch (*++yyp)
++ {
++ case '\'':
++ case ',':
++ goto do_not_strip_quotes;
++
++ case '\\':
++ if (*++yyp != '\\')
++ goto do_not_strip_quotes;
++ /* Fall through. */
++ default:
++ if (yyres)
++ yyres[yyn] = *yyp;
++ yyn++;
++ break;
++
++ case '"':
++ if (yyres)
++ yyres[yyn] = '\0';
++ return yyn;
++ }
++ do_not_strip_quotes: ;
++ }
+
+- while ((m = tq_pop(&priv->hostlist)) != NULL) {
+- efree(m->name);
+- efree(m);
+- }
+- while ((cs = tq_pop(&priv->cmndlist)) != NULL) {
+-#ifdef HAVE_SELINUX
+- /* Only free the first instance of a role/type. */
+- if (cs->role != role) {
+- role = cs->role;
+- efree(cs->role);
+- }
+- if (cs->type != type) {
+- type = cs->type;
+- efree(cs->type);
+- }
+-#endif /* HAVE_SELINUX */
+-#ifdef HAVE_PRIV_SET
+- /* Only free the first instance of privs/limitprivs. */
+- if (cs->privs != privs) {
+- privs = cs->privs;
+- efree(cs->privs);
+- }
+- if (cs->limitprivs != limitprivs) {
+- limitprivs = cs->limitprivs;
+- efree(cs->limitprivs);
+- }
+-#endif /* HAVE_PRIV_SET */
+- if (tq_last(&cs->runasuserlist) != runasuser) {
+- runasuser = tq_last(&cs->runasuserlist);
+- while ((m = tq_pop(&cs->runasuserlist)) != NULL) {
+- efree(m->name);
+- efree(m);
+- }
+- }
+- if (tq_last(&cs->runasgrouplist) != runasgroup) {
+- runasgroup = tq_last(&cs->runasgrouplist);
+- while ((m = tq_pop(&cs->runasgrouplist)) != NULL) {
+- efree(m->name);
+- efree(m);
+- }
+- }
+- if (cs->cmnd->type == COMMAND) {
+- c = (struct sudo_command *) cs->cmnd->name;
+- efree(c->cmnd);
+- efree(c->args);
+- }
+- efree(cs->cmnd->name);
+- efree(cs->cmnd);
+- efree(cs);
+- }
+- efree(priv);
+- }
+- efree(us);
++ if (! yyres)
++ return yystrlen (yystr);
++
++ return yystpcpy (yyres, yystr) - yyres;
++}
++# endif
++
++/* Copy into *YYMSG, which is of size *YYMSG_ALLOC, an error message
++ about the unexpected token YYTOKEN for the state stack whose top is
++ YYSSP.
++
++ Return 0 if *YYMSG was successfully written. Return 1 if *YYMSG is
++ not large enough to hold the message. In that case, also set
++ *YYMSG_ALLOC to the required number of bytes. Return 2 if the
++ required number of bytes is too large to store. */
++static int
++yysyntax_error (YYSIZE_T *yymsg_alloc, char **yymsg,
++ yytype_int16 *yyssp, int yytoken)
++{
++ YYSIZE_T yysize0 = yytnamerr (YY_NULL, yytname[yytoken]);
++ YYSIZE_T yysize = yysize0;
++ enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 };
++ /* Internationalized format string. */
++ const char *yyformat = YY_NULL;
++ /* Arguments of yyformat. */
++ char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
++ /* Number of reported tokens (one for the "unexpected", one per
++ "expected"). */
++ int yycount = 0;
++
++ /* There are many possibilities here to consider:
++ - Assume YYFAIL is not used. It's too flawed to consider. See
++ <http://lists.gnu.org/archive/html/bison-patches/2009-12/msg00024.html>
++ for details. YYERROR is fine as it does not invoke this
++ function.
++ - If this state is a consistent state with a default action, then
++ the only way this function was invoked is if the default action
++ is an error action. In that case, don't check for expected
++ tokens because there are none.
++ - The only way there can be no lookahead present (in yychar) is if
++ this state is a consistent state with a default action. Thus,
++ detecting the absence of a lookahead is sufficient to determine
++ that there is no unexpected or expected token to report. In that
++ case, just report a simple "syntax error".
++ - Don't assume there isn't a lookahead just because this state is a
++ consistent state with a default action. There might have been a
++ previous inconsistent state, consistent state with a non-default
++ action, or user semantic action that manipulated yychar.
++ - Of course, the expected token list depends on states to have
++ correct lookahead information, and it depends on the parser not
++ to perform extra reductions after fetching a lookahead from the
++ scanner and before detecting a syntax error. Thus, state merging
++ (from LALR or IELR) and default reductions corrupt the expected
++ token list. However, the list is correct for canonical LR with
++ one exception: it will still contain any token that will not be
++ accepted due to an error action in a later state.
++ */
++ if (yytoken != YYEMPTY)
++ {
++ int yyn = yypact[*yyssp];
++ yyarg[yycount++] = yytname[yytoken];
++ if (!yypact_value_is_default (yyn))
++ {
++ /* Start YYX at -YYN if negative to avoid negative indexes in
++ YYCHECK. In other words, skip the first -YYN actions for
++ this state because they are default actions. */
++ int yyxbegin = yyn < 0 ? -yyn : 0;
++ /* Stay within bounds of both yycheck and yytname. */
++ int yychecklim = YYLAST - yyn + 1;
++ int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS;
++ int yyx;
++
++ for (yyx = yyxbegin; yyx < yyxend; ++yyx)
++ if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR
++ && !yytable_value_is_error (yytable[yyx + yyn]))
++ {
++ if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM)
++ {
++ yycount = 1;
++ yysize = yysize0;
++ break;
++ }
++ yyarg[yycount++] = yytname[yyx];
++ {
++ YYSIZE_T yysize1 = yysize + yytnamerr (YY_NULL, yytname[yyx]);
++ if (! (yysize <= yysize1
++ && yysize1 <= YYSTACK_ALLOC_MAXIMUM))
++ return 2;
++ yysize = yysize1;
++ }
++ }
++ }
+ }
+- tq_init(&userspecs);
+
+- binding = NULL;
+- while ((d = tq_pop(&defaults)) != NULL) {
+- if (tq_last(&d->binding) != binding) {
+- binding = tq_last(&d->binding);
+- while ((m = tq_pop(&d->binding)) != NULL) {
+- if (m->type == COMMAND) {
+- c = (struct sudo_command *) m->name;
+- efree(c->cmnd);
+- efree(c->args);
+- }
+- efree(m->name);
+- efree(m);
+- }
+- }
+- efree(d->var);
+- efree(d->val);
+- efree(d);
++ switch (yycount)
++ {
++# define YYCASE_(N, S) \
++ case N: \
++ yyformat = S; \
++ break
++ YYCASE_(0, YY_("syntax error"));
++ YYCASE_(1, YY_("syntax error, unexpected %s"));
++ YYCASE_(2, YY_("syntax error, unexpected %s, expecting %s"));
++ YYCASE_(3, YY_("syntax error, unexpected %s, expecting %s or %s"));
++ YYCASE_(4, YY_("syntax error, unexpected %s, expecting %s or %s or %s"));
++ YYCASE_(5, YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s"));
++# undef YYCASE_
+ }
+- tq_init(&defaults);
+
+- init_aliases();
++ {
++ YYSIZE_T yysize1 = yysize + yystrlen (yyformat);
++ if (! (yysize <= yysize1 && yysize1 <= YYSTACK_ALLOC_MAXIMUM))
++ return 2;
++ yysize = yysize1;
++ }
+
+- init_lexer();
++ if (*yymsg_alloc < yysize)
++ {
++ *yymsg_alloc = 2 * yysize;
++ if (! (yysize <= *yymsg_alloc
++ && *yymsg_alloc <= YYSTACK_ALLOC_MAXIMUM))
++ *yymsg_alloc = YYSTACK_ALLOC_MAXIMUM;
++ return 1;
++ }
+
+- efree(sudoers);
+- sudoers = path ? estrdup(path) : NULL;
++ /* Avoid sprintf, as that infringes on the user's name space.
++ Don't have undefined behavior even if the translation
++ produced a string with the wrong number of "%s"s. */
++ {
++ char *yyp = *yymsg;
++ int yyi = 0;
++ while ((*yyp = *yyformat) != '\0')
++ if (*yyp == '%' && yyformat[1] == 's' && yyi < yycount)
++ {
++ yyp += yytnamerr (yyp, yyarg[yyi++]);
++ yyformat += 2;
++ }
++ else
++ {
++ yyp++;
++ yyformat++;
++ }
++ }
++ return 0;
++}
++#endif /* YYERROR_VERBOSE */
+
+- parse_error = false;
+- errorlineno = -1;
+- errorfile = sudoers;
+- sudoers_warnings = !quiet;
++/*-----------------------------------------------.
++| Release the memory associated to this symbol. |
++`-----------------------------------------------*/
++
++/*ARGSUSED*/
++#if (defined __STDC__ || defined __C99__FUNC__ \
++ || defined __cplusplus || defined _MSC_VER)
++static void
++yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep)
++#else
++static void
++yydestruct (yymsg, yytype, yyvaluep)
++ const char *yymsg;
++ int yytype;
++ YYSTYPE *yyvaluep;
++#endif
++{
++ YYUSE (yyvaluep);
+
+- debug_return;
+-}
+-#line 827 "gram.c"
+-/* allocate initial stack or double stack size, up to YYMAXDEPTH */
+-#if defined(__cplusplus) || defined(__STDC__)
+-static int yygrowstack(void)
+-#else
+-static int yygrowstack()
+-#endif
+-{
+- int newsize, i;
+- short *newss;
+- YYSTYPE *newvs;
+-
+- newsize = yystacksize ? yystacksize : YYINITSTACKSIZE;
+- if (newsize >= YYMAXDEPTH)
+- return -1;
+- else if ((newsize *= 2) > YYMAXDEPTH)
+- newsize = YYMAXDEPTH;
+-#ifdef SIZE_MAX
+-#define YY_SIZE_MAX SIZE_MAX
+-#else
+-#define YY_SIZE_MAX 0x7fffffff
+-#endif
+- if (YY_SIZE_MAX / newsize < sizeof *newss)
+- goto bail;
+- i = yyssp - yyss;
+- newss = yyss ? (short *)realloc(yyss, newsize * sizeof *newss) :
+- (short *)malloc(newsize * sizeof *newss); /* overflow check above */
+- if (newss == NULL)
+- goto bail;
+- yyss = newss;
+- yyssp = newss + i;
+- newvs = yyvs ? (YYSTYPE *)realloc(yyvs, newsize * sizeof *newvs) :
+- (YYSTYPE *)malloc(newsize * sizeof *newvs); /* overflow check above */
+- if (newvs == NULL)
+- goto bail;
+- yyvs = newvs;
+- yyvsp = newvs + i;
+- yystacksize = newsize;
+- yysslim = yyss + newsize - 1;
+- return 0;
+-bail:
+- if (yyss)
+- free(yyss);
+- if (yyvs)
+- free(yyvs);
+- yyss = yyssp = NULL;
+- yyvs = yyvsp = NULL;
+- yystacksize = 0;
+- return -1;
++ if (!yymsg)
++ yymsg = "Deleting";
++ YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp);
++
++ switch (yytype)
++ {
++
++ default:
++ break;
++ }
+ }
+
+-#define YYABORT goto yyabort
+-#define YYREJECT goto yyabort
+-#define YYACCEPT goto yyaccept
+-#define YYERROR goto yyerrlab
++
++
++
++/* The lookahead symbol. */
++int yychar;
++
++
++#ifndef YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN
++# define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN
++# define YY_IGNORE_MAYBE_UNINITIALIZED_END
++#endif
++#ifndef YY_INITIAL_VALUE
++# define YY_INITIAL_VALUE(Value) /* Nothing. */
++#endif
++
++/* The semantic value of the lookahead symbol. */
++YYSTYPE yylval YY_INITIAL_VALUE(yyval_default);
++
++/* Number of syntax errors so far. */
++int yynerrs;
++
++
++/*----------.
++| yyparse. |
++`----------*/
++
++#ifdef YYPARSE_PARAM
++#if (defined __STDC__ || defined __C99__FUNC__ \
++ || defined __cplusplus || defined _MSC_VER)
++int
++yyparse (void *YYPARSE_PARAM)
++#else
+ int
+-#if defined(__cplusplus) || defined(__STDC__)
+-yyparse(void)
++yyparse (YYPARSE_PARAM)
++ void *YYPARSE_PARAM;
++#endif
++#else /* ! YYPARSE_PARAM */
++#if (defined __STDC__ || defined __C99__FUNC__ \
++ || defined __cplusplus || defined _MSC_VER)
++int
++yyparse (void)
+ #else
+-yyparse()
++int
++yyparse ()
++
++#endif
+ #endif
+ {
+- int yym, yyn, yystate;
+-#if YYDEBUG
+-#if defined(__cplusplus) || defined(__STDC__)
+- const char *yys;
+-#else /* !(defined(__cplusplus) || defined(__STDC__)) */
+- char *yys;
+-#endif /* !(defined(__cplusplus) || defined(__STDC__)) */
+-
+- if ((yys = getenv("YYDEBUG")))
+- {
+- yyn = *yys;
+- if (yyn >= '0' && yyn <= '9')
+- yydebug = yyn - '0';
+- }
+-#endif /* YYDEBUG */
+-
+- yynerrs = 0;
+- yyerrflag = 0;
+- yychar = (-1);
+-
+- if (yyss == NULL && yygrowstack()) goto yyoverflow;
+- yyssp = yyss;
+- yyvsp = yyvs;
+- *yyssp = yystate = 0;
+-
+-yyloop:
+- if ((yyn = yydefred[yystate]) != 0) goto yyreduce;
+- if (yychar < 0)
+- {
+- if ((yychar = yylex()) < 0) yychar = 0;
+-#if YYDEBUG
+- if (yydebug)
+- {
+- yys = 0;
+- if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
+- if (!yys) yys = "illegal-symbol";
+- printf("%sdebug: state %d, reading %d (%s)\n",
+- YYPREFIX, yystate, yychar, yys);
+- }
++ int yystate;
++ /* Number of tokens to shift before error messages enabled. */
++ int yyerrstatus;
++
++ /* The stacks and their tools:
++ `yyss': related to states.
++ `yyvs': related to semantic values.
++
++ Refer to the stacks through separate pointers, to allow yyoverflow
++ to reallocate them elsewhere. */
++
++ /* The state stack. */
++ yytype_int16 yyssa[YYINITDEPTH];
++ yytype_int16 *yyss;
++ yytype_int16 *yyssp;
++
++ /* The semantic value stack. */
++ YYSTYPE yyvsa[YYINITDEPTH];
++ YYSTYPE *yyvs;
++ YYSTYPE *yyvsp;
++
++ YYSIZE_T yystacksize;
++
++ int yyn;
++ int yyresult;
++ /* Lookahead token as an internal (translated) token number. */
++ int yytoken = 0;
++ /* The variables used to return semantic value and location from the
++ action routines. */
++ YYSTYPE yyval;
++
++#if YYERROR_VERBOSE
++ /* Buffer for error messages, and its allocated size. */
++ char yymsgbuf[128];
++ char *yymsg = yymsgbuf;
++ YYSIZE_T yymsg_alloc = sizeof yymsgbuf;
+ #endif
++
++#define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N))
++
++ /* The number of symbols on the RHS of the reduced rule.
++ Keep to zero when no symbol should be popped. */
++ int yylen = 0;
++
++ yyssp = yyss = yyssa;
++ yyvsp = yyvs = yyvsa;
++ yystacksize = YYINITDEPTH;
++
++ YYDPRINTF ((stderr, "Starting parse\n"));
++
++ yystate = 0;
++ yyerrstatus = 0;
++ yynerrs = 0;
++ yychar = YYEMPTY; /* Cause a token to be read. */
++ goto yysetstate;
++
++/*------------------------------------------------------------.
++| yynewstate -- Push a new state, which is found in yystate. |
++`------------------------------------------------------------*/
++ yynewstate:
++ /* In all cases, when you get here, the value and location stacks
++ have just been pushed. So pushing a state here evens the stacks. */
++ yyssp++;
++
++ yysetstate:
++ *yyssp = yystate;
++
++ if (yyss + yystacksize - 1 <= yyssp)
++ {
++ /* Get the current used size of the three stacks, in elements. */
++ YYSIZE_T yysize = yyssp - yyss + 1;
++
++#ifdef yyoverflow
++ {
++ /* Give user a chance to reallocate the stack. Use copies of
++ these so that the &'s don't force the real ones into
++ memory. */
++ YYSTYPE *yyvs1 = yyvs;
++ yytype_int16 *yyss1 = yyss;
++
++ /* Each stack pointer address is followed by the size of the
++ data in use in that stack, in bytes. This used to be a
++ conditional around just the two extra args, but that might
++ be undefined if yyoverflow is a macro. */
++ yyoverflow (YY_("memory exhausted"),
++ &yyss1, yysize * sizeof (*yyssp),
++ &yyvs1, yysize * sizeof (*yyvsp),
++ &yystacksize);
++
++ yyss = yyss1;
++ yyvs = yyvs1;
++ }
++#else /* no yyoverflow */
++# ifndef YYSTACK_RELOCATE
++ goto yyexhaustedlab;
++# else
++ /* Extend the stack our own way. */
++ if (YYMAXDEPTH <= yystacksize)
++ goto yyexhaustedlab;
++ yystacksize *= 2;
++ if (YYMAXDEPTH < yystacksize)
++ yystacksize = YYMAXDEPTH;
++
++ {
++ yytype_int16 *yyss1 = yyss;
++ union yyalloc *yyptr =
++ (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize));
++ if (! yyptr)
++ goto yyexhaustedlab;
++ YYSTACK_RELOCATE (yyss_alloc, yyss);
++ YYSTACK_RELOCATE (yyvs_alloc, yyvs);
++# undef YYSTACK_RELOCATE
++ if (yyss1 != yyssa)
++ YYSTACK_FREE (yyss1);
++ }
++# endif
++#endif /* no yyoverflow */
++
++ yyssp = yyss + yysize - 1;
++ yyvsp = yyvs + yysize - 1;
++
++ YYDPRINTF ((stderr, "Stack size increased to %lu\n",
++ (unsigned long int) yystacksize));
++
++ if (yyss + yystacksize - 1 <= yyssp)
++ YYABORT;
+ }
+- if ((yyn = yysindex[yystate]) && (yyn += yychar) >= 0 &&
+- yyn <= YYTABLESIZE && yycheck[yyn] == yychar)
++
++ YYDPRINTF ((stderr, "Entering state %d\n", yystate));
++
++ if (yystate == YYFINAL)
++ YYACCEPT;
++
++ goto yybackup;
++
++/*-----------.
++| yybackup. |
++`-----------*/
++yybackup:
++
++ /* Do appropriate processing given the current state. Read a
++ lookahead token if we need one and don't already have one. */
++
++ /* First try to decide what to do without reference to lookahead token. */
++ yyn = yypact[yystate];
++ if (yypact_value_is_default (yyn))
++ goto yydefault;
++
++ /* Not known => get a lookahead token if don't already have one. */
++
++ /* YYCHAR is either YYEMPTY or YYEOF or a valid lookahead symbol. */
++ if (yychar == YYEMPTY)
+ {
+-#if YYDEBUG
+- if (yydebug)
+- printf("%sdebug: state %d, shifting to state %d\n",
+- YYPREFIX, yystate, yytable[yyn]);
+-#endif
+- if (yyssp >= yysslim && yygrowstack())
+- {
+- goto yyoverflow;
+- }
+- *++yyssp = yystate = yytable[yyn];
+- *++yyvsp = yylval;
+- yychar = (-1);
+- if (yyerrflag > 0) --yyerrflag;
+- goto yyloop;
+- }
+- if ((yyn = yyrindex[yystate]) && (yyn += yychar) >= 0 &&
+- yyn <= YYTABLESIZE && yycheck[yyn] == yychar)
+- {
+- yyn = yytable[yyn];
+- goto yyreduce;
+- }
+- if (yyerrflag) goto yyinrecovery;
+-#if defined(lint) || defined(__GNUC__)
+- goto yynewerror;
+-#endif
+-yynewerror:
+- yyerror("syntax error");
+-#if defined(lint) || defined(__GNUC__)
+- goto yyerrlab;
+-#endif
+-yyerrlab:
+- ++yynerrs;
+-yyinrecovery:
+- if (yyerrflag < 3)
++ YYDPRINTF ((stderr, "Reading a token: "));
++ yychar = YYLEX;
++ }
++
++ if (yychar <= YYEOF)
+ {
+- yyerrflag = 3;
+- for (;;)
+- {
+- if ((yyn = yysindex[*yyssp]) && (yyn += YYERRCODE) >= 0 &&
+- yyn <= YYTABLESIZE && yycheck[yyn] == YYERRCODE)
+- {
+-#if YYDEBUG
+- if (yydebug)
+- printf("%sdebug: state %d, error recovery shifting\
+- to state %d\n", YYPREFIX, *yyssp, yytable[yyn]);
+-#endif
+- if (yyssp >= yysslim && yygrowstack())
+- {
+- goto yyoverflow;
+- }
+- *++yyssp = yystate = yytable[yyn];
+- *++yyvsp = yylval;
+- goto yyloop;
+- }
+- else
+- {
+-#if YYDEBUG
+- if (yydebug)
+- printf("%sdebug: error recovery discarding state %d\n",
+- YYPREFIX, *yyssp);
+-#endif
+- if (yyssp <= yyss) goto yyabort;
+- --yyssp;
+- --yyvsp;
+- }
+- }
++ yychar = yytoken = YYEOF;
++ YYDPRINTF ((stderr, "Now at end of input.\n"));
+ }
+- else
++ else
+ {
+- if (yychar == 0) goto yyabort;
+-#if YYDEBUG
+- if (yydebug)
+- {
+- yys = 0;
+- if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
+- if (!yys) yys = "illegal-symbol";
+- printf("%sdebug: state %d, error recovery discards token %d (%s)\n",
+- YYPREFIX, yystate, yychar, yys);
+- }
+-#endif
+- yychar = (-1);
+- goto yyloop;
++ yytoken = YYTRANSLATE (yychar);
++ YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc);
++ }
++
++ /* If the proper action on seeing token YYTOKEN is to reduce or to
++ detect an error, take that action. */
++ yyn += yytoken;
++ if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken)
++ goto yydefault;
++ yyn = yytable[yyn];
++ if (yyn <= 0)
++ {
++ if (yytable_value_is_error (yyn))
++ goto yyerrlab;
++ yyn = -yyn;
++ goto yyreduce;
+ }
++
++ /* Count tokens shifted since error; after three, turn off error
++ status. */
++ if (yyerrstatus)
++ yyerrstatus--;
++
++ /* Shift the lookahead token. */
++ YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc);
++
++ /* Discard the shifted token. */
++ yychar = YYEMPTY;
++
++ yystate = yyn;
++ YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN
++ *++yyvsp = yylval;
++ YY_IGNORE_MAYBE_UNINITIALIZED_END
++
++ goto yynewstate;
++
++
++/*-----------------------------------------------------------.
++| yydefault -- do the default action for the current state. |
++`-----------------------------------------------------------*/
++yydefault:
++ yyn = yydefact[yystate];
++ if (yyn == 0)
++ goto yyerrlab;
++ goto yyreduce;
++
++
++/*-----------------------------.
++| yyreduce -- Do a reduction. |
++`-----------------------------*/
+ yyreduce:
+-#if YYDEBUG
+- if (yydebug)
+- printf("%sdebug: state %d, reducing by rule %d (%s)\n",
+- YYPREFIX, yystate, yyn, yyrule[yyn]);
+-#endif
+- yym = yylen[yyn];
+- if (yym)
+- yyval = yyvsp[1-yym];
+- else
+- memset(&yyval, 0, sizeof yyval);
+- switch (yyn)
+- {
+-case 1:
+-#line 204 "gram.y"
+-{ ; }
+-break;
+-case 5:
+-#line 212 "gram.y"
+-{
++ /* yyn is the number of a rule to reduce with. */
++ yylen = yyr2[yyn];
++
++ /* If YYLEN is nonzero, implement the default value of the action:
++ `$$ = $1'.
++
++ Otherwise, the following line sets YYVAL to garbage.
++ This behavior is undocumented and Bison
++ users should not rely upon it. Assigning to YYVAL
++ unconditionally makes the parser a bit smaller, and it avoids a
++ GCC warning that YYVAL may be used uninitialized. */
++ yyval = yyvsp[1-yylen];
++
++
++ YY_REDUCE_PRINT (yyn);
++ switch (yyn)
++ {
++ case 2:
++/* Line 1792 of yacc.c */
++#line 214 "gram.y"
++ { ; }
++ break;
++
++ case 6:
++/* Line 1792 of yacc.c */
++#line 222 "gram.y"
++ {
+ ;
+ }
+-break;
+-case 6:
+-#line 215 "gram.y"
+-{
++ break;
++
++ case 7:
++/* Line 1792 of yacc.c */
++#line 225 "gram.y"
++ {
+ yyerrok;
+ }
+-break;
+-case 7:
+-#line 218 "gram.y"
+-{
+- add_userspec(yyvsp[-1].member, yyvsp[0].privilege);
+- }
+-break;
+-case 8:
+-#line 221 "gram.y"
+-{
+- ;
++ break;
++
++ case 8:
++/* Line 1792 of yacc.c */
++#line 228 "gram.y"
++ {
++ add_userspec((yyvsp[(1) - (2)].member), (yyvsp[(2) - (2)].privilege));
+ }
+-break;
+-case 9:
+-#line 224 "gram.y"
+-{
++ break;
++
++ case 9:
++/* Line 1792 of yacc.c */
++#line 231 "gram.y"
++ {
+ ;
+ }
+-break;
+-case 10:
+-#line 227 "gram.y"
+-{
++ break;
++
++ case 10:
++/* Line 1792 of yacc.c */
++#line 234 "gram.y"
++ {
+ ;
+ }
+-break;
+-case 11:
+-#line 230 "gram.y"
+-{
++ break;
++
++ case 11:
++/* Line 1792 of yacc.c */
++#line 237 "gram.y"
++ {
+ ;
+ }
+-break;
+-case 12:
+-#line 233 "gram.y"
+-{
+- add_defaults(DEFAULTS, NULL, yyvsp[0].defaults);
++ break;
++
++ case 12:
++/* Line 1792 of yacc.c */
++#line 240 "gram.y"
++ {
++ ;
+ }
+-break;
+-case 13:
+-#line 236 "gram.y"
+-{
+- add_defaults(DEFAULTS_USER, yyvsp[-1].member, yyvsp[0].defaults);
++ break;
++
++ case 13:
++/* Line 1792 of yacc.c */
++#line 243 "gram.y"
++ {
++ add_defaults(DEFAULTS, NULL, (yyvsp[(2) - (2)].defaults));
+ }
+-break;
+-case 14:
+-#line 239 "gram.y"
+-{
+- add_defaults(DEFAULTS_RUNAS, yyvsp[-1].member, yyvsp[0].defaults);
++ break;
++
++ case 14:
++/* Line 1792 of yacc.c */
++#line 246 "gram.y"
++ {
++ add_defaults(DEFAULTS_USER, (yyvsp[(2) - (3)].member), (yyvsp[(3) - (3)].defaults));
+ }
+-break;
+-case 15:
+-#line 242 "gram.y"
+-{
+- add_defaults(DEFAULTS_HOST, yyvsp[-1].member, yyvsp[0].defaults);
++ break;
++
++ case 15:
++/* Line 1792 of yacc.c */
++#line 249 "gram.y"
++ {
++ add_defaults(DEFAULTS_RUNAS, (yyvsp[(2) - (3)].member), (yyvsp[(3) - (3)].defaults));
+ }
+-break;
+-case 16:
+-#line 245 "gram.y"
+-{
+- add_defaults(DEFAULTS_CMND, yyvsp[-1].member, yyvsp[0].defaults);
++ break;
++
++ case 16:
++/* Line 1792 of yacc.c */
++#line 252 "gram.y"
++ {
++ add_defaults(DEFAULTS_HOST, (yyvsp[(2) - (3)].member), (yyvsp[(3) - (3)].defaults));
+ }
+-break;
+-case 18:
+-#line 251 "gram.y"
+-{
+- list_append(yyvsp[-2].defaults, yyvsp[0].defaults);
+- yyval.defaults = yyvsp[-2].defaults;
++ break;
++
++ case 17:
++/* Line 1792 of yacc.c */
++#line 255 "gram.y"
++ {
++ add_defaults(DEFAULTS_CMND, (yyvsp[(2) - (3)].member), (yyvsp[(3) - (3)].defaults));
+ }
+-break;
+-case 19:
+-#line 257 "gram.y"
+-{
+- yyval.defaults = new_default(yyvsp[0].string, NULL, true);
++ break;
++
++ case 19:
++/* Line 1792 of yacc.c */
++#line 261 "gram.y"
++ {
++ list_append((yyvsp[(1) - (3)].defaults), (yyvsp[(3) - (3)].defaults));
++ (yyval.defaults) = (yyvsp[(1) - (3)].defaults);
+ }
+-break;
+-case 20:
+-#line 260 "gram.y"
+-{
+- yyval.defaults = new_default(yyvsp[0].string, NULL, false);
++ break;
++
++ case 20:
++/* Line 1792 of yacc.c */
++#line 267 "gram.y"
++ {
++ (yyval.defaults) = new_default((yyvsp[(1) - (1)].string), NULL, true);
+ }
+-break;
+-case 21:
+-#line 263 "gram.y"
+-{
+- yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, true);
++ break;
++
++ case 21:
++/* Line 1792 of yacc.c */
++#line 270 "gram.y"
++ {
++ (yyval.defaults) = new_default((yyvsp[(2) - (2)].string), NULL, false);
+ }
+-break;
+-case 22:
+-#line 266 "gram.y"
+-{
+- yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '+');
++ break;
++
++ case 22:
++/* Line 1792 of yacc.c */
++#line 273 "gram.y"
++ {
++ (yyval.defaults) = new_default((yyvsp[(1) - (3)].string), (yyvsp[(3) - (3)].string), true);
+ }
+-break;
+-case 23:
+-#line 269 "gram.y"
+-{
+- yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '-');
++ break;
++
++ case 23:
++/* Line 1792 of yacc.c */
++#line 276 "gram.y"
++ {
++ (yyval.defaults) = new_default((yyvsp[(1) - (3)].string), (yyvsp[(3) - (3)].string), '+');
+ }
+-break;
+-case 25:
+-#line 275 "gram.y"
+-{
+- list_append(yyvsp[-2].privilege, yyvsp[0].privilege);
+- yyval.privilege = yyvsp[-2].privilege;
++ break;
++
++ case 24:
++/* Line 1792 of yacc.c */
++#line 279 "gram.y"
++ {
++ (yyval.defaults) = new_default((yyvsp[(1) - (3)].string), (yyvsp[(3) - (3)].string), '-');
+ }
+-break;
+-case 26:
+-#line 281 "gram.y"
+-{
++ break;
++
++ case 26:
++/* Line 1792 of yacc.c */
++#line 285 "gram.y"
++ {
++ list_append((yyvsp[(1) - (3)].privilege), (yyvsp[(3) - (3)].privilege));
++ (yyval.privilege) = (yyvsp[(1) - (3)].privilege);
++ }
++ break;
++
++ case 27:
++/* Line 1792 of yacc.c */
++#line 291 "gram.y"
++ {
+ struct privilege *p = ecalloc(1, sizeof(*p));
+- list2tq(&p->hostlist, yyvsp[-2].member);
+- list2tq(&p->cmndlist, yyvsp[0].cmndspec);
++ list2tq(&p->hostlist, (yyvsp[(1) - (3)].member));
++ list2tq(&p->cmndlist, (yyvsp[(3) - (3)].cmndspec));
+ p->prev = p;
+ /* p->next = NULL; */
+- yyval.privilege = p;
++ (yyval.privilege) = p;
+ }
+-break;
+-case 27:
+-#line 291 "gram.y"
+-{
+- yyval.member = yyvsp[0].member;
+- yyval.member->negated = false;
++ break;
++
++ case 28:
++/* Line 1792 of yacc.c */
++#line 301 "gram.y"
++ {
++ (yyval.member) = (yyvsp[(1) - (1)].member);
++ (yyval.member)->negated = false;
+ }
+-break;
+-case 28:
+-#line 295 "gram.y"
+-{
+- yyval.member = yyvsp[0].member;
+- yyval.member->negated = true;
++ break;
++
++ case 29:
++/* Line 1792 of yacc.c */
++#line 305 "gram.y"
++ {
++ (yyval.member) = (yyvsp[(2) - (2)].member);
++ (yyval.member)->negated = true;
+ }
+-break;
+-case 29:
+-#line 301 "gram.y"
+-{
+- yyval.member = new_member(yyvsp[0].string, ALIAS);
++ break;
++
++ case 30:
++/* Line 1792 of yacc.c */
++#line 311 "gram.y"
++ {
++ (yyval.member) = new_member((yyvsp[(1) - (1)].string), ALIAS);
+ }
+-break;
+-case 30:
+-#line 304 "gram.y"
+-{
+- yyval.member = new_member(NULL, ALL);
++ break;
++
++ case 31:
++/* Line 1792 of yacc.c */
++#line 314 "gram.y"
++ {
++ (yyval.member) = new_member(NULL, ALL);
+ }
+-break;
+-case 31:
+-#line 307 "gram.y"
+-{
+- yyval.member = new_member(yyvsp[0].string, NETGROUP);
++ break;
++
++ case 32:
++/* Line 1792 of yacc.c */
++#line 317 "gram.y"
++ {
++ (yyval.member) = new_member((yyvsp[(1) - (1)].string), NETGROUP);
+ }
+-break;
+-case 32:
+-#line 310 "gram.y"
+-{
+- yyval.member = new_member(yyvsp[0].string, NTWKADDR);
++ break;
++
++ case 33:
++/* Line 1792 of yacc.c */
++#line 320 "gram.y"
++ {
++ (yyval.member) = new_member((yyvsp[(1) - (1)].string), NTWKADDR);
+ }
+-break;
+-case 33:
+-#line 313 "gram.y"
+-{
+- yyval.member = new_member(yyvsp[0].string, WORD);
++ break;
++
++ case 34:
++/* Line 1792 of yacc.c */
++#line 323 "gram.y"
++ {
++ (yyval.member) = new_member((yyvsp[(1) - (1)].string), WORD);
+ }
+-break;
+-case 35:
+-#line 319 "gram.y"
+-{
+- list_append(yyvsp[-2].cmndspec, yyvsp[0].cmndspec);
++ break;
++
++ case 36:
++/* Line 1792 of yacc.c */
++#line 329 "gram.y"
++ {
++ list_append((yyvsp[(1) - (3)].cmndspec), (yyvsp[(3) - (3)].cmndspec));
+ #ifdef HAVE_SELINUX
+ /* propagate role and type */
+- if (yyvsp[0].cmndspec->role == NULL)
+- yyvsp[0].cmndspec->role = yyvsp[0].cmndspec->prev->role;
+- if (yyvsp[0].cmndspec->type == NULL)
+- yyvsp[0].cmndspec->type = yyvsp[0].cmndspec->prev->type;
++ if ((yyvsp[(3) - (3)].cmndspec)->role == NULL)
++ (yyvsp[(3) - (3)].cmndspec)->role = (yyvsp[(3) - (3)].cmndspec)->prev->role;
++ if ((yyvsp[(3) - (3)].cmndspec)->type == NULL)
++ (yyvsp[(3) - (3)].cmndspec)->type = (yyvsp[(3) - (3)].cmndspec)->prev->type;
+ #endif /* HAVE_SELINUX */
+ #ifdef HAVE_PRIV_SET
+ /* propagate privs & limitprivs */
+- if (yyvsp[0].cmndspec->privs == NULL)
+- yyvsp[0].cmndspec->privs = yyvsp[0].cmndspec->prev->privs;
+- if (yyvsp[0].cmndspec->limitprivs == NULL)
+- yyvsp[0].cmndspec->limitprivs = yyvsp[0].cmndspec->prev->limitprivs;
++ if ((yyvsp[(3) - (3)].cmndspec)->privs == NULL)
++ (yyvsp[(3) - (3)].cmndspec)->privs = (yyvsp[(3) - (3)].cmndspec)->prev->privs;
++ if ((yyvsp[(3) - (3)].cmndspec)->limitprivs == NULL)
++ (yyvsp[(3) - (3)].cmndspec)->limitprivs = (yyvsp[(3) - (3)].cmndspec)->prev->limitprivs;
+ #endif /* HAVE_PRIV_SET */
+ /* propagate tags and runas list */
+- if (yyvsp[0].cmndspec->tags.nopasswd == UNSPEC)
+- yyvsp[0].cmndspec->tags.nopasswd = yyvsp[0].cmndspec->prev->tags.nopasswd;
+- if (yyvsp[0].cmndspec->tags.noexec == UNSPEC)
+- yyvsp[0].cmndspec->tags.noexec = yyvsp[0].cmndspec->prev->tags.noexec;
+- if (yyvsp[0].cmndspec->tags.setenv == UNSPEC &&
+- yyvsp[0].cmndspec->prev->tags.setenv != IMPLIED)
+- yyvsp[0].cmndspec->tags.setenv = yyvsp[0].cmndspec->prev->tags.setenv;
+- if (yyvsp[0].cmndspec->tags.log_input == UNSPEC)
+- yyvsp[0].cmndspec->tags.log_input = yyvsp[0].cmndspec->prev->tags.log_input;
+- if (yyvsp[0].cmndspec->tags.log_output == UNSPEC)
+- yyvsp[0].cmndspec->tags.log_output = yyvsp[0].cmndspec->prev->tags.log_output;
+- if ((tq_empty(&yyvsp[0].cmndspec->runasuserlist) &&
+- tq_empty(&yyvsp[0].cmndspec->runasgrouplist)) &&
+- (!tq_empty(&yyvsp[0].cmndspec->prev->runasuserlist) ||
+- !tq_empty(&yyvsp[0].cmndspec->prev->runasgrouplist))) {
+- yyvsp[0].cmndspec->runasuserlist = yyvsp[0].cmndspec->prev->runasuserlist;
+- yyvsp[0].cmndspec->runasgrouplist = yyvsp[0].cmndspec->prev->runasgrouplist;
++ if ((yyvsp[(3) - (3)].cmndspec)->tags.nopasswd == UNSPEC)
++ (yyvsp[(3) - (3)].cmndspec)->tags.nopasswd = (yyvsp[(3) - (3)].cmndspec)->prev->tags.nopasswd;
++ if ((yyvsp[(3) - (3)].cmndspec)->tags.noexec == UNSPEC)
++ (yyvsp[(3) - (3)].cmndspec)->tags.noexec = (yyvsp[(3) - (3)].cmndspec)->prev->tags.noexec;
++ if ((yyvsp[(3) - (3)].cmndspec)->tags.setenv == UNSPEC &&
++ (yyvsp[(3) - (3)].cmndspec)->prev->tags.setenv != IMPLIED)
++ (yyvsp[(3) - (3)].cmndspec)->tags.setenv = (yyvsp[(3) - (3)].cmndspec)->prev->tags.setenv;
++ if ((yyvsp[(3) - (3)].cmndspec)->tags.log_input == UNSPEC)
++ (yyvsp[(3) - (3)].cmndspec)->tags.log_input = (yyvsp[(3) - (3)].cmndspec)->prev->tags.log_input;
++ if ((yyvsp[(3) - (3)].cmndspec)->tags.log_output == UNSPEC)
++ (yyvsp[(3) - (3)].cmndspec)->tags.log_output = (yyvsp[(3) - (3)].cmndspec)->prev->tags.log_output;
++ if ((tq_empty(&(yyvsp[(3) - (3)].cmndspec)->runasuserlist) &&
++ tq_empty(&(yyvsp[(3) - (3)].cmndspec)->runasgrouplist)) &&
++ (!tq_empty(&(yyvsp[(3) - (3)].cmndspec)->prev->runasuserlist) ||
++ !tq_empty(&(yyvsp[(3) - (3)].cmndspec)->prev->runasgrouplist))) {
++ (yyvsp[(3) - (3)].cmndspec)->runasuserlist = (yyvsp[(3) - (3)].cmndspec)->prev->runasuserlist;
++ (yyvsp[(3) - (3)].cmndspec)->runasgrouplist = (yyvsp[(3) - (3)].cmndspec)->prev->runasgrouplist;
+ }
+- yyval.cmndspec = yyvsp[-2].cmndspec;
++ (yyval.cmndspec) = (yyvsp[(1) - (3)].cmndspec);
+ }
+-break;
+-case 36:
+-#line 358 "gram.y"
+-{
++ break;
++
++ case 37:
++/* Line 1792 of yacc.c */
++#line 368 "gram.y"
++ {
+ struct cmndspec *cs = ecalloc(1, sizeof(*cs));
+- if (yyvsp[-4].runas != NULL) {
+- list2tq(&cs->runasuserlist, yyvsp[-4].runas->runasusers);
+- list2tq(&cs->runasgrouplist, yyvsp[-4].runas->runasgroups);
+- efree(yyvsp[-4].runas);
++ if ((yyvsp[(1) - (5)].runas) != NULL) {
++ list2tq(&cs->runasuserlist, (yyvsp[(1) - (5)].runas)->runasusers);
++ list2tq(&cs->runasgrouplist, (yyvsp[(1) - (5)].runas)->runasgroups);
++ efree((yyvsp[(1) - (5)].runas));
+ } else {
+ tq_init(&cs->runasuserlist);
+ tq_init(&cs->runasgrouplist);
+ }
+ #ifdef HAVE_SELINUX
+- cs->role = yyvsp[-3].seinfo.role;
+- cs->type = yyvsp[-3].seinfo.type;
++ cs->role = (yyvsp[(2) - (5)].seinfo).role;
++ cs->type = (yyvsp[(2) - (5)].seinfo).type;
+ #endif
+ #ifdef HAVE_PRIV_SET
+- cs->privs = yyvsp[-2].privinfo.privs;
+- cs->limitprivs = yyvsp[-2].privinfo.limitprivs;
++ cs->privs = (yyvsp[(3) - (5)].privinfo).privs;
++ cs->limitprivs = (yyvsp[(3) - (5)].privinfo).limitprivs;
+ #endif
+- cs->tags = yyvsp[-1].tag;
+- cs->cmnd = yyvsp[0].member;
++ cs->tags = (yyvsp[(4) - (5)].tag);
++ cs->cmnd = (yyvsp[(5) - (5)].member);
+ cs->prev = cs;
+ cs->next = NULL;
+ /* sudo "ALL" implies the SETENV tag */
+ if (cs->cmnd->type == ALL && !cs->cmnd->negated &&
+ cs->tags.setenv == UNSPEC)
+ cs->tags.setenv = IMPLIED;
+- yyval.cmndspec = cs;
+- }
+-break;
+-case 37:
+-#line 388 "gram.y"
+-{
+- yyval.member = yyvsp[0].member;
+- yyval.member->negated = false;
++ (yyval.cmndspec) = cs;
+ }
+-break;
+-case 38:
+-#line 392 "gram.y"
+-{
+- yyval.member = yyvsp[0].member;
+- yyval.member->negated = true;
+- }
+-break;
+-case 39:
++ break;
++
++ case 38:
++/* Line 1792 of yacc.c */
+ #line 398 "gram.y"
+-{
+- yyval.string = yyvsp[0].string;
++ {
++ (yyval.digest) = new_digest(SUDO_DIGEST_SHA224, (yyvsp[(3) - (3)].string));
+ }
+-break;
+-case 40:
+-#line 403 "gram.y"
+-{
+- yyval.string = yyvsp[0].string;
++ break;
++
++ case 39:
++/* Line 1792 of yacc.c */
++#line 401 "gram.y"
++ {
++ (yyval.digest) = new_digest(SUDO_DIGEST_SHA256, (yyvsp[(3) - (3)].string));
+ }
+-break;
+-case 41:
+-#line 408 "gram.y"
+-{
+- yyval.seinfo.role = NULL;
+- yyval.seinfo.type = NULL;
++ break;
++
++ case 40:
++/* Line 1792 of yacc.c */
++#line 404 "gram.y"
++ {
++ (yyval.digest) = new_digest(SUDO_DIGEST_SHA384, (yyvsp[(3) - (3)].string));
+ }
+-break;
+-case 42:
++ break;
++
++ case 41:
++/* Line 1792 of yacc.c */
++#line 407 "gram.y"
++ {
++ (yyval.digest) = new_digest(SUDO_DIGEST_SHA512, (yyvsp[(3) - (3)].string));
++ }
++ break;
++
++ case 42:
++/* Line 1792 of yacc.c */
+ #line 412 "gram.y"
+-{
+- yyval.seinfo.role = yyvsp[0].string;
+- yyval.seinfo.type = NULL;
++ {
++ (yyval.member) = (yyvsp[(1) - (1)].member);
+ }
+-break;
+-case 43:
+-#line 416 "gram.y"
+-{
+- yyval.seinfo.type = yyvsp[0].string;
+- yyval.seinfo.role = NULL;
++ break;
++
++ case 43:
++/* Line 1792 of yacc.c */
++#line 415 "gram.y"
++ {
++ if ((yyvsp[(2) - (2)].member)->type != COMMAND) {
++ YYERROR;
++ }
++ /* XXX - yuck */
++ ((struct sudo_command *) (yyvsp[(2) - (2)].member)->name)->digest = (yyvsp[(1) - (2)].digest);
++ (yyval.member) = (yyvsp[(2) - (2)].member);
++ }
++ break;
++
++ case 44:
++/* Line 1792 of yacc.c */
++#line 425 "gram.y"
++ {
++ (yyval.member) = (yyvsp[(1) - (1)].member);
++ (yyval.member)->negated = false;
+ }
+-break;
+-case 44:
+-#line 420 "gram.y"
+-{
+- yyval.seinfo.role = yyvsp[-1].string;
+- yyval.seinfo.type = yyvsp[0].string;
++ break;
++
++ case 45:
++/* Line 1792 of yacc.c */
++#line 429 "gram.y"
++ {
++ (yyval.member) = (yyvsp[(2) - (2)].member);
++ (yyval.member)->negated = true;
+ }
+-break;
+-case 45:
+-#line 424 "gram.y"
+-{
+- yyval.seinfo.type = yyvsp[-1].string;
+- yyval.seinfo.role = yyvsp[0].string;
++ break;
++
++ case 46:
++/* Line 1792 of yacc.c */
++#line 435 "gram.y"
++ {
++ (yyval.string) = (yyvsp[(3) - (3)].string);
+ }
+-break;
+-case 46:
+-#line 430 "gram.y"
+-{
+- yyval.string = yyvsp[0].string;
++ break;
++
++ case 47:
++/* Line 1792 of yacc.c */
++#line 440 "gram.y"
++ {
++ (yyval.string) = (yyvsp[(3) - (3)].string);
+ }
+-break;
+-case 47:
+-#line 434 "gram.y"
+-{
+- yyval.string = yyvsp[0].string;
++ break;
++
++ case 48:
++/* Line 1792 of yacc.c */
++#line 445 "gram.y"
++ {
++ (yyval.seinfo).role = NULL;
++ (yyval.seinfo).type = NULL;
+ }
+-break;
+-case 48:
+-#line 439 "gram.y"
+-{
+- yyval.privinfo.privs = NULL;
+- yyval.privinfo.limitprivs = NULL;
++ break;
++
++ case 49:
++/* Line 1792 of yacc.c */
++#line 449 "gram.y"
++ {
++ (yyval.seinfo).role = (yyvsp[(1) - (1)].string);
++ (yyval.seinfo).type = NULL;
+ }
+-break;
+-case 49:
+-#line 443 "gram.y"
+-{
+- yyval.privinfo.privs = yyvsp[0].string;
+- yyval.privinfo.limitprivs = NULL;
++ break;
++
++ case 50:
++/* Line 1792 of yacc.c */
++#line 453 "gram.y"
++ {
++ (yyval.seinfo).type = (yyvsp[(1) - (1)].string);
++ (yyval.seinfo).role = NULL;
+ }
+-break;
+-case 50:
+-#line 447 "gram.y"
+-{
+- yyval.privinfo.privs = NULL;
+- yyval.privinfo.limitprivs = yyvsp[0].string;
++ break;
++
++ case 51:
++/* Line 1792 of yacc.c */
++#line 457 "gram.y"
++ {
++ (yyval.seinfo).role = (yyvsp[(1) - (2)].string);
++ (yyval.seinfo).type = (yyvsp[(2) - (2)].string);
+ }
+-break;
+-case 51:
+-#line 451 "gram.y"
+-{
+- yyval.privinfo.privs = yyvsp[-1].string;
+- yyval.privinfo.limitprivs = yyvsp[0].string;
++ break;
++
++ case 52:
++/* Line 1792 of yacc.c */
++#line 461 "gram.y"
++ {
++ (yyval.seinfo).type = (yyvsp[(1) - (2)].string);
++ (yyval.seinfo).role = (yyvsp[(2) - (2)].string);
+ }
+-break;
+-case 52:
+-#line 455 "gram.y"
+-{
+- yyval.privinfo.limitprivs = yyvsp[-1].string;
+- yyval.privinfo.privs = yyvsp[0].string;
++ break;
++
++ case 53:
++/* Line 1792 of yacc.c */
++#line 467 "gram.y"
++ {
++ (yyval.string) = (yyvsp[(3) - (3)].string);
+ }
+-break;
+-case 53:
+-#line 460 "gram.y"
+-{
+- yyval.runas = NULL;
++ break;
++
++ case 54:
++/* Line 1792 of yacc.c */
++#line 471 "gram.y"
++ {
++ (yyval.string) = (yyvsp[(3) - (3)].string);
+ }
+-break;
+-case 54:
+-#line 463 "gram.y"
+-{
+- yyval.runas = yyvsp[-1].runas;
++ break;
++
++ case 55:
++/* Line 1792 of yacc.c */
++#line 476 "gram.y"
++ {
++ (yyval.privinfo).privs = NULL;
++ (yyval.privinfo).limitprivs = NULL;
+ }
+-break;
+-case 55:
+-#line 468 "gram.y"
+-{
+- yyval.runas = ecalloc(1, sizeof(struct runascontainer));
+- yyval.runas->runasusers = new_member(NULL, MYSELF);
++ break;
++
++ case 56:
++/* Line 1792 of yacc.c */
++#line 480 "gram.y"
++ {
++ (yyval.privinfo).privs = (yyvsp[(1) - (1)].string);
++ (yyval.privinfo).limitprivs = NULL;
++ }
++ break;
++
++ case 57:
++/* Line 1792 of yacc.c */
++#line 484 "gram.y"
++ {
++ (yyval.privinfo).privs = NULL;
++ (yyval.privinfo).limitprivs = (yyvsp[(1) - (1)].string);
++ }
++ break;
++
++ case 58:
++/* Line 1792 of yacc.c */
++#line 488 "gram.y"
++ {
++ (yyval.privinfo).privs = (yyvsp[(1) - (2)].string);
++ (yyval.privinfo).limitprivs = (yyvsp[(2) - (2)].string);
++ }
++ break;
++
++ case 59:
++/* Line 1792 of yacc.c */
++#line 492 "gram.y"
++ {
++ (yyval.privinfo).limitprivs = (yyvsp[(1) - (2)].string);
++ (yyval.privinfo).privs = (yyvsp[(2) - (2)].string);
++ }
++ break;
++
++ case 60:
++/* Line 1792 of yacc.c */
++#line 497 "gram.y"
++ {
++ (yyval.runas) = NULL;
++ }
++ break;
++
++ case 61:
++/* Line 1792 of yacc.c */
++#line 500 "gram.y"
++ {
++ (yyval.runas) = (yyvsp[(2) - (3)].runas);
++ }
++ break;
++
++ case 62:
++/* Line 1792 of yacc.c */
++#line 505 "gram.y"
++ {
++ (yyval.runas) = ecalloc(1, sizeof(struct runascontainer));
++ (yyval.runas)->runasusers = new_member(NULL, MYSELF);
+ /* $$->runasgroups = NULL; */
+ }
+-break;
+-case 56:
+-#line 473 "gram.y"
+-{
+- yyval.runas = ecalloc(1, sizeof(struct runascontainer));
+- yyval.runas->runasusers = yyvsp[0].member;
++ break;
++
++ case 63:
++/* Line 1792 of yacc.c */
++#line 510 "gram.y"
++ {
++ (yyval.runas) = ecalloc(1, sizeof(struct runascontainer));
++ (yyval.runas)->runasusers = (yyvsp[(1) - (1)].member);
+ /* $$->runasgroups = NULL; */
+ }
+-break;
+-case 57:
+-#line 478 "gram.y"
+-{
+- yyval.runas = ecalloc(1, sizeof(struct runascontainer));
+- yyval.runas->runasusers = yyvsp[-2].member;
+- yyval.runas->runasgroups = yyvsp[0].member;
+- }
+-break;
+-case 58:
+-#line 483 "gram.y"
+-{
+- yyval.runas = ecalloc(1, sizeof(struct runascontainer));
++ break;
++
++ case 64:
++/* Line 1792 of yacc.c */
++#line 515 "gram.y"
++ {
++ (yyval.runas) = ecalloc(1, sizeof(struct runascontainer));
++ (yyval.runas)->runasusers = (yyvsp[(1) - (3)].member);
++ (yyval.runas)->runasgroups = (yyvsp[(3) - (3)].member);
++ }
++ break;
++
++ case 65:
++/* Line 1792 of yacc.c */
++#line 520 "gram.y"
++ {
++ (yyval.runas) = ecalloc(1, sizeof(struct runascontainer));
+ /* $$->runasusers = NULL; */
+- yyval.runas->runasgroups = yyvsp[0].member;
++ (yyval.runas)->runasgroups = (yyvsp[(2) - (2)].member);
+ }
+-break;
+-case 59:
+-#line 488 "gram.y"
+-{
+- yyval.runas = ecalloc(1, sizeof(struct runascontainer));
+- yyval.runas->runasusers = new_member(NULL, MYSELF);
++ break;
++
++ case 66:
++/* Line 1792 of yacc.c */
++#line 525 "gram.y"
++ {
++ (yyval.runas) = ecalloc(1, sizeof(struct runascontainer));
++ (yyval.runas)->runasusers = new_member(NULL, MYSELF);
+ /* $$->runasgroups = NULL; */
+ }
+-break;
+-case 60:
+-#line 495 "gram.y"
+-{
+- yyval.tag.nopasswd = yyval.tag.noexec = yyval.tag.setenv =
+- yyval.tag.log_input = yyval.tag.log_output = UNSPEC;
++ break;
++
++ case 67:
++/* Line 1792 of yacc.c */
++#line 532 "gram.y"
++ {
++ (yyval.tag).nopasswd = (yyval.tag).noexec = (yyval.tag).setenv =
++ (yyval.tag).log_input = (yyval.tag).log_output = UNSPEC;
+ }
+-break;
+-case 61:
+-#line 499 "gram.y"
+-{
+- yyval.tag.nopasswd = true;
++ break;
++
++ case 68:
++/* Line 1792 of yacc.c */
++#line 536 "gram.y"
++ {
++ (yyval.tag).nopasswd = true;
+ }
+-break;
+-case 62:
+-#line 502 "gram.y"
+-{
+- yyval.tag.nopasswd = false;
++ break;
++
++ case 69:
++/* Line 1792 of yacc.c */
++#line 539 "gram.y"
++ {
++ (yyval.tag).nopasswd = false;
+ }
+-break;
+-case 63:
+-#line 505 "gram.y"
+-{
+- yyval.tag.noexec = true;
++ break;
++
++ case 70:
++/* Line 1792 of yacc.c */
++#line 542 "gram.y"
++ {
++ (yyval.tag).noexec = true;
+ }
+-break;
+-case 64:
+-#line 508 "gram.y"
+-{
+- yyval.tag.noexec = false;
++ break;
++
++ case 71:
++/* Line 1792 of yacc.c */
++#line 545 "gram.y"
++ {
++ (yyval.tag).noexec = false;
+ }
+-break;
+-case 65:
+-#line 511 "gram.y"
+-{
+- yyval.tag.setenv = true;
++ break;
++
++ case 72:
++/* Line 1792 of yacc.c */
++#line 548 "gram.y"
++ {
++ (yyval.tag).setenv = true;
+ }
+-break;
+-case 66:
+-#line 514 "gram.y"
+-{
+- yyval.tag.setenv = false;
++ break;
++
++ case 73:
++/* Line 1792 of yacc.c */
++#line 551 "gram.y"
++ {
++ (yyval.tag).setenv = false;
+ }
+-break;
+-case 67:
+-#line 517 "gram.y"
+-{
+- yyval.tag.log_input = true;
++ break;
++
++ case 74:
++/* Line 1792 of yacc.c */
++#line 554 "gram.y"
++ {
++ (yyval.tag).log_input = true;
+ }
+-break;
+-case 68:
+-#line 520 "gram.y"
+-{
+- yyval.tag.log_input = false;
++ break;
++
++ case 75:
++/* Line 1792 of yacc.c */
++#line 557 "gram.y"
++ {
++ (yyval.tag).log_input = false;
+ }
+-break;
+-case 69:
+-#line 523 "gram.y"
+-{
+- yyval.tag.log_output = true;
++ break;
++
++ case 76:
++/* Line 1792 of yacc.c */
++#line 560 "gram.y"
++ {
++ (yyval.tag).log_output = true;
+ }
+-break;
+-case 70:
+-#line 526 "gram.y"
+-{
+- yyval.tag.log_output = false;
++ break;
++
++ case 77:
++/* Line 1792 of yacc.c */
++#line 563 "gram.y"
++ {
++ (yyval.tag).log_output = false;
+ }
+-break;
+-case 71:
+-#line 531 "gram.y"
+-{
+- yyval.member = new_member(NULL, ALL);
++ break;
++
++ case 78:
++/* Line 1792 of yacc.c */
++#line 568 "gram.y"
++ {
++ (yyval.member) = new_member(NULL, ALL);
+ }
+-break;
+-case 72:
+-#line 534 "gram.y"
+-{
+- yyval.member = new_member(yyvsp[0].string, ALIAS);
++ break;
++
++ case 79:
++/* Line 1792 of yacc.c */
++#line 571 "gram.y"
++ {
++ (yyval.member) = new_member((yyvsp[(1) - (1)].string), ALIAS);
+ }
+-break;
+-case 73:
+-#line 537 "gram.y"
+-{
++ break;
++
++ case 80:
++/* Line 1792 of yacc.c */
++#line 574 "gram.y"
++ {
+ struct sudo_command *c = ecalloc(1, sizeof(*c));
+- c->cmnd = yyvsp[0].command.cmnd;
+- c->args = yyvsp[0].command.args;
+- yyval.member = new_member((char *)c, COMMAND);
+- }
+-break;
+-case 76:
+-#line 549 "gram.y"
+-{
++ c->cmnd = (yyvsp[(1) - (1)].command).cmnd;
++ c->args = (yyvsp[(1) - (1)].command).args;
++ (yyval.member) = new_member((char *)c, COMMAND);
++ }
++ break;
++
++ case 83:
++/* Line 1792 of yacc.c */
++#line 586 "gram.y"
++ {
+ char *s;
+- if ((s = alias_add(yyvsp[-2].string, HOSTALIAS, yyvsp[0].member)) != NULL) {
++ if ((s = alias_add((yyvsp[(1) - (3)].string), HOSTALIAS, (yyvsp[(3) - (3)].member))) != NULL) {
+ yyerror(s);
+ YYERROR;
+ }
+ }
+-break;
+-case 78:
+-#line 559 "gram.y"
+-{
+- list_append(yyvsp[-2].member, yyvsp[0].member);
+- yyval.member = yyvsp[-2].member;
+- }
+-break;
+-case 81:
+-#line 569 "gram.y"
+-{
++ break;
++
++ case 85:
++/* Line 1792 of yacc.c */
++#line 596 "gram.y"
++ {
++ list_append((yyvsp[(1) - (3)].member), (yyvsp[(3) - (3)].member));
++ (yyval.member) = (yyvsp[(1) - (3)].member);
++ }
++ break;
++
++ case 88:
++/* Line 1792 of yacc.c */
++#line 606 "gram.y"
++ {
+ char *s;
+- if ((s = alias_add(yyvsp[-2].string, CMNDALIAS, yyvsp[0].member)) != NULL) {
++ if ((s = alias_add((yyvsp[(1) - (3)].string), CMNDALIAS, (yyvsp[(3) - (3)].member))) != NULL) {
+ yyerror(s);
+ YYERROR;
+ }
+ }
+-break;
+-case 83:
+-#line 579 "gram.y"
+-{
+- list_append(yyvsp[-2].member, yyvsp[0].member);
+- yyval.member = yyvsp[-2].member;
+- }
+-break;
+-case 86:
+-#line 589 "gram.y"
+-{
++ break;
++
++ case 90:
++/* Line 1792 of yacc.c */
++#line 616 "gram.y"
++ {
++ list_append((yyvsp[(1) - (3)].member), (yyvsp[(3) - (3)].member));
++ (yyval.member) = (yyvsp[(1) - (3)].member);
++ }
++ break;
++
++ case 93:
++/* Line 1792 of yacc.c */
++#line 626 "gram.y"
++ {
+ char *s;
+- if ((s = alias_add(yyvsp[-2].string, RUNASALIAS, yyvsp[0].member)) != NULL) {
++ if ((s = alias_add((yyvsp[(1) - (3)].string), RUNASALIAS, (yyvsp[(3) - (3)].member))) != NULL) {
+ yyerror(s);
+ YYERROR;
+ }
+ }
+-break;
+-case 89:
+-#line 602 "gram.y"
+-{
++ break;
++
++ case 96:
++/* Line 1792 of yacc.c */
++#line 639 "gram.y"
++ {
+ char *s;
+- if ((s = alias_add(yyvsp[-2].string, USERALIAS, yyvsp[0].member)) != NULL) {
++ if ((s = alias_add((yyvsp[(1) - (3)].string), USERALIAS, (yyvsp[(3) - (3)].member))) != NULL) {
+ yyerror(s);
+ YYERROR;
+ }
+ }
+-break;
+-case 91:
+-#line 612 "gram.y"
+-{
+- list_append(yyvsp[-2].member, yyvsp[0].member);
+- yyval.member = yyvsp[-2].member;
++ break;
++
++ case 98:
++/* Line 1792 of yacc.c */
++#line 649 "gram.y"
++ {
++ list_append((yyvsp[(1) - (3)].member), (yyvsp[(3) - (3)].member));
++ (yyval.member) = (yyvsp[(1) - (3)].member);
+ }
+-break;
+-case 92:
+-#line 618 "gram.y"
+-{
+- yyval.member = yyvsp[0].member;
+- yyval.member->negated = false;
++ break;
++
++ case 99:
++/* Line 1792 of yacc.c */
++#line 655 "gram.y"
++ {
++ (yyval.member) = (yyvsp[(1) - (1)].member);
++ (yyval.member)->negated = false;
+ }
+-break;
+-case 93:
+-#line 622 "gram.y"
+-{
+- yyval.member = yyvsp[0].member;
+- yyval.member->negated = true;
++ break;
++
++ case 100:
++/* Line 1792 of yacc.c */
++#line 659 "gram.y"
++ {
++ (yyval.member) = (yyvsp[(2) - (2)].member);
++ (yyval.member)->negated = true;
+ }
+-break;
+-case 94:
+-#line 628 "gram.y"
+-{
+- yyval.member = new_member(yyvsp[0].string, ALIAS);
++ break;
++
++ case 101:
++/* Line 1792 of yacc.c */
++#line 665 "gram.y"
++ {
++ (yyval.member) = new_member((yyvsp[(1) - (1)].string), ALIAS);
+ }
+-break;
+-case 95:
+-#line 631 "gram.y"
+-{
+- yyval.member = new_member(NULL, ALL);
++ break;
++
++ case 102:
++/* Line 1792 of yacc.c */
++#line 668 "gram.y"
++ {
++ (yyval.member) = new_member(NULL, ALL);
+ }
+-break;
+-case 96:
+-#line 634 "gram.y"
+-{
+- yyval.member = new_member(yyvsp[0].string, NETGROUP);
++ break;
++
++ case 103:
++/* Line 1792 of yacc.c */
++#line 671 "gram.y"
++ {
++ (yyval.member) = new_member((yyvsp[(1) - (1)].string), NETGROUP);
+ }
+-break;
+-case 97:
+-#line 637 "gram.y"
+-{
+- yyval.member = new_member(yyvsp[0].string, USERGROUP);
++ break;
++
++ case 104:
++/* Line 1792 of yacc.c */
++#line 674 "gram.y"
++ {
++ (yyval.member) = new_member((yyvsp[(1) - (1)].string), USERGROUP);
+ }
+-break;
+-case 98:
+-#line 640 "gram.y"
+-{
+- yyval.member = new_member(yyvsp[0].string, WORD);
++ break;
++
++ case 105:
++/* Line 1792 of yacc.c */
++#line 677 "gram.y"
++ {
++ (yyval.member) = new_member((yyvsp[(1) - (1)].string), WORD);
+ }
+-break;
+-case 100:
+-#line 646 "gram.y"
+-{
+- list_append(yyvsp[-2].member, yyvsp[0].member);
+- yyval.member = yyvsp[-2].member;
++ break;
++
++ case 107:
++/* Line 1792 of yacc.c */
++#line 683 "gram.y"
++ {
++ list_append((yyvsp[(1) - (3)].member), (yyvsp[(3) - (3)].member));
++ (yyval.member) = (yyvsp[(1) - (3)].member);
+ }
+-break;
+-case 101:
+-#line 652 "gram.y"
+-{
+- yyval.member = yyvsp[0].member;
+- yyval.member->negated = false;
++ break;
++
++ case 108:
++/* Line 1792 of yacc.c */
++#line 689 "gram.y"
++ {
++ (yyval.member) = (yyvsp[(1) - (1)].member);
++ (yyval.member)->negated = false;
+ }
+-break;
+-case 102:
+-#line 656 "gram.y"
+-{
+- yyval.member = yyvsp[0].member;
+- yyval.member->negated = true;
++ break;
++
++ case 109:
++/* Line 1792 of yacc.c */
++#line 693 "gram.y"
++ {
++ (yyval.member) = (yyvsp[(2) - (2)].member);
++ (yyval.member)->negated = true;
+ }
+-break;
+-case 103:
+-#line 662 "gram.y"
+-{
+- yyval.member = new_member(yyvsp[0].string, ALIAS);
++ break;
++
++ case 110:
++/* Line 1792 of yacc.c */
++#line 699 "gram.y"
++ {
++ (yyval.member) = new_member((yyvsp[(1) - (1)].string), ALIAS);
+ }
+-break;
+-case 104:
+-#line 665 "gram.y"
+-{
+- yyval.member = new_member(NULL, ALL);
++ break;
++
++ case 111:
++/* Line 1792 of yacc.c */
++#line 702 "gram.y"
++ {
++ (yyval.member) = new_member(NULL, ALL);
+ }
+-break;
+-case 105:
+-#line 668 "gram.y"
+-{
+- yyval.member = new_member(yyvsp[0].string, WORD);
++ break;
++
++ case 112:
++/* Line 1792 of yacc.c */
++#line 705 "gram.y"
++ {
++ (yyval.member) = new_member((yyvsp[(1) - (1)].string), WORD);
+ }
+-break;
+-#line 1667 "gram.c"
++ break;
++
++
++/* Line 1792 of yacc.c */
++#line 2600 "gram.c"
++ default: break;
+ }
+- yyssp -= yym;
+- yystate = *yyssp;
+- yyvsp -= yym;
+- yym = yylhs[yyn];
+- if (yystate == 0 && yym == 0)
++ /* User semantic actions sometimes alter yychar, and that requires
++ that yytoken be updated with the new translation. We take the
++ approach of translating immediately before every use of yytoken.
++ One alternative is translating here after every semantic action,
++ but that translation would be missed if the semantic action invokes
++ YYABORT, YYACCEPT, or YYERROR immediately after altering yychar or
++ if it invokes YYBACKUP. In the case of YYABORT or YYACCEPT, an
++ incorrect destructor might then be invoked immediately. In the
++ case of YYERROR or YYBACKUP, subsequent parser actions might lead
++ to an incorrect destructor call or verbose syntax error message
++ before the lookahead is translated. */
++ YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc);
++
++ YYPOPSTACK (yylen);
++ yylen = 0;
++ YY_STACK_PRINT (yyss, yyssp);
++
++ *++yyvsp = yyval;
++
++ /* Now `shift' the result of the reduction. Determine what state
++ that goes to, based on the state we popped back to and the rule
++ number reduced by. */
++
++ yyn = yyr1[yyn];
++
++ yystate = yypgoto[yyn - YYNTOKENS] + *yyssp;
++ if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp)
++ yystate = yytable[yystate];
++ else
++ yystate = yydefgoto[yyn - YYNTOKENS];
++
++ goto yynewstate;
++
++
++/*------------------------------------.
++| yyerrlab -- here on detecting error |
++`------------------------------------*/
++yyerrlab:
++ /* Make sure we have latest lookahead translation. See comments at
++ user semantic actions for why this is necessary. */
++ yytoken = yychar == YYEMPTY ? YYEMPTY : YYTRANSLATE (yychar);
++
++ /* If not already recovering from an error, report this error. */
++ if (!yyerrstatus)
+ {
+-#if YYDEBUG
+- if (yydebug)
+- printf("%sdebug: after reduction, shifting from state 0 to\
+- state %d\n", YYPREFIX, YYFINAL);
+-#endif
+- yystate = YYFINAL;
+- *++yyssp = YYFINAL;
+- *++yyvsp = yyval;
+- if (yychar < 0)
+- {
+- if ((yychar = yylex()) < 0) yychar = 0;
+-#if YYDEBUG
+- if (yydebug)
+- {
+- yys = 0;
+- if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
+- if (!yys) yys = "illegal-symbol";
+- printf("%sdebug: state %d, reading %d (%s)\n",
+- YYPREFIX, YYFINAL, yychar, yys);
+- }
++ ++yynerrs;
++#if ! YYERROR_VERBOSE
++ yyerror (YY_("syntax error"));
++#else
++# define YYSYNTAX_ERROR yysyntax_error (&yymsg_alloc, &yymsg, \
++ yyssp, yytoken)
++ {
++ char const *yymsgp = YY_("syntax error");
++ int yysyntax_error_status;
++ yysyntax_error_status = YYSYNTAX_ERROR;
++ if (yysyntax_error_status == 0)
++ yymsgp = yymsg;
++ else if (yysyntax_error_status == 1)
++ {
++ if (yymsg != yymsgbuf)
++ YYSTACK_FREE (yymsg);
++ yymsg = (char *) YYSTACK_ALLOC (yymsg_alloc);
++ if (!yymsg)
++ {
++ yymsg = yymsgbuf;
++ yymsg_alloc = sizeof yymsgbuf;
++ yysyntax_error_status = 2;
++ }
++ else
++ {
++ yysyntax_error_status = YYSYNTAX_ERROR;
++ yymsgp = yymsg;
++ }
++ }
++ yyerror (yymsgp);
++ if (yysyntax_error_status == 2)
++ goto yyexhaustedlab;
++ }
++# undef YYSYNTAX_ERROR
+ #endif
+- }
+- if (yychar == 0) goto yyaccept;
+- goto yyloop;
+ }
+- if ((yyn = yygindex[yym]) && (yyn += yystate) >= 0 &&
+- yyn <= YYTABLESIZE && yycheck[yyn] == yystate)
+- yystate = yytable[yyn];
+- else
+- yystate = yydgoto[yym];
+-#if YYDEBUG
+- if (yydebug)
+- printf("%sdebug: after reduction, shifting from state %d \
+-to state %d\n", YYPREFIX, *yyssp, yystate);
+-#endif
+- if (yyssp >= yysslim && yygrowstack())
+- {
+- goto yyoverflow;
+- }
+- *++yyssp = yystate;
+- *++yyvsp = yyval;
+- goto yyloop;
+-yyoverflow:
+- yyerror("yacc stack overflow");
+-yyabort:
+- if (yyss)
+- free(yyss);
+- if (yyvs)
+- free(yyvs);
+- yyss = yyssp = NULL;
+- yyvs = yyvsp = NULL;
+- yystacksize = 0;
+- return (1);
+-yyaccept:
+- if (yyss)
+- free(yyss);
+- if (yyvs)
+- free(yyvs);
+- yyss = yyssp = NULL;
+- yyvs = yyvsp = NULL;
+- yystacksize = 0;
+- return (0);
++
++
++
++ if (yyerrstatus == 3)
++ {
++ /* If just tried and failed to reuse lookahead token after an
++ error, discard it. */
++
++ if (yychar <= YYEOF)
++ {
++ /* Return failure if at end of input. */
++ if (yychar == YYEOF)
++ YYABORT;
++ }
++ else
++ {
++ yydestruct ("Error: discarding",
++ yytoken, &yylval);
++ yychar = YYEMPTY;
++ }
++ }
++
++ /* Else will try to reuse lookahead token after shifting the error
++ token. */
++ goto yyerrlab1;
++
++
++/*---------------------------------------------------.
++| yyerrorlab -- error raised explicitly by YYERROR. |
++`---------------------------------------------------*/
++yyerrorlab:
++
++ /* Pacify compilers like GCC when the user code never invokes
++ YYERROR and the label yyerrorlab therefore never appears in user
++ code. */
++ if (/*CONSTCOND*/ 0)
++ goto yyerrorlab;
++
++ /* Do not reclaim the symbols of the rule which action triggered
++ this YYERROR. */
++ YYPOPSTACK (yylen);
++ yylen = 0;
++ YY_STACK_PRINT (yyss, yyssp);
++ yystate = *yyssp;
++ goto yyerrlab1;
++
++
++/*-------------------------------------------------------------.
++| yyerrlab1 -- common code for both syntax error and YYERROR. |
++`-------------------------------------------------------------*/
++yyerrlab1:
++ yyerrstatus = 3; /* Each real token shifted decrements this. */
++
++ for (;;)
++ {
++ yyn = yypact[yystate];
++ if (!yypact_value_is_default (yyn))
++ {
++ yyn += YYTERROR;
++ if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR)
++ {
++ yyn = yytable[yyn];
++ if (0 < yyn)
++ break;
++ }
++ }
++
++ /* Pop the current state because it cannot handle the error token. */
++ if (yyssp == yyss)
++ YYABORT;
++
++
++ yydestruct ("Error: popping",
++ yystos[yystate], yyvsp);
++ YYPOPSTACK (1);
++ yystate = *yyssp;
++ YY_STACK_PRINT (yyss, yyssp);
++ }
++
++ YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN
++ *++yyvsp = yylval;
++ YY_IGNORE_MAYBE_UNINITIALIZED_END
++
++
++ /* Shift the error token. */
++ YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp);
++
++ yystate = yyn;
++ goto yynewstate;
++
++
++/*-------------------------------------.
++| yyacceptlab -- YYACCEPT comes here. |
++`-------------------------------------*/
++yyacceptlab:
++ yyresult = 0;
++ goto yyreturn;
++
++/*-----------------------------------.
++| yyabortlab -- YYABORT comes here. |
++`-----------------------------------*/
++yyabortlab:
++ yyresult = 1;
++ goto yyreturn;
++
++#if !defined yyoverflow || YYERROR_VERBOSE
++/*-------------------------------------------------.
++| yyexhaustedlab -- memory exhaustion comes here. |
++`-------------------------------------------------*/
++yyexhaustedlab:
++ yyerror (YY_("memory exhausted"));
++ yyresult = 2;
++ /* Fall through. */
++#endif
++
++yyreturn:
++ if (yychar != YYEMPTY)
++ {
++ /* Make sure we have latest lookahead translation. See comments at
++ user semantic actions for why this is necessary. */
++ yytoken = YYTRANSLATE (yychar);
++ yydestruct ("Cleanup: discarding lookahead",
++ yytoken, &yylval);
++ }
++ /* Do not reclaim the symbols of the rule which action triggered
++ this YYABORT or YYACCEPT. */
++ YYPOPSTACK (yylen);
++ YY_STACK_PRINT (yyss, yyssp);
++ while (yyssp != yyss)
++ {
++ yydestruct ("Cleanup: popping",
++ yystos[*yyssp], yyvsp);
++ YYPOPSTACK (1);
++ }
++#ifndef yyoverflow
++ if (yyss != yyssa)
++ YYSTACK_FREE (yyss);
++#endif
++#if YYERROR_VERBOSE
++ if (yymsg != yymsgbuf)
++ YYSTACK_FREE (yymsg);
++#endif
++ /* Make sure YYID is used. */
++ return YYID (yyresult);
++}
++
++
++/* Line 2055 of yacc.c */
++#line 710 "gram.y"
++
++static struct defaults *
++new_default(char *var, char *val, int op)
++{
++ struct defaults *d;
++ debug_decl(new_default, SUDO_DEBUG_PARSER)
++
++ d = ecalloc(1, sizeof(struct defaults));
++ d->var = var;
++ d->val = val;
++ tq_init(&d->binding);
++ /* d->type = 0; */
++ d->op = op;
++ d->prev = d;
++ /* d->next = NULL; */
++
++ debug_return_ptr(d);
++}
++
++static struct member *
++new_member(char *name, int type)
++{
++ struct member *m;
++ debug_decl(new_member, SUDO_DEBUG_PARSER)
++
++ m = ecalloc(1, sizeof(struct member));
++ m->name = name;
++ m->type = type;
++ m->prev = m;
++ /* m->next = NULL; */
++
++ debug_return_ptr(m);
++}
++
++struct sudo_digest *
++new_digest(int digest_type, const char *digest_str)
++{
++ struct sudo_digest *dig;
++ debug_decl(new_digest, SUDO_DEBUG_PARSER)
++
++ dig = emalloc(sizeof(*dig));
++ dig->digest_type = digest_type;
++ dig->digest_str = estrdup(digest_str);
++
++ debug_return_ptr(dig);
++}
++
++/*
++ * Add a list of defaults structures to the defaults list.
++ * The binding, if non-NULL, specifies a list of hosts, users, or
++ * runas users the entries apply to (specified by the type).
++ */
++static void
++add_defaults(int type, struct member *bmem, struct defaults *defs)
++{
++ struct defaults *d;
++ struct member_list binding;
++ debug_decl(add_defaults, SUDO_DEBUG_PARSER)
++
++ /*
++ * We can only call list2tq once on bmem as it will zero
++ * out the prev pointer when it consumes bmem.
++ */
++ list2tq(&binding, bmem);
++
++ /*
++ * Set type and binding (who it applies to) for new entries.
++ */
++ for (d = defs; d != NULL; d = d->next) {
++ d->type = type;
++ d->binding = binding;
++ }
++ tq_append(&defaults, defs);
++
++ debug_return;
++}
++
++/*
++ * Allocate a new struct userspec, populate it, and insert it at the
++ * and of the userspecs list.
++ */
++static void
++add_userspec(struct member *members, struct privilege *privs)
++{
++ struct userspec *u;
++ debug_decl(add_userspec, SUDO_DEBUG_PARSER)
++
++ u = ecalloc(1, sizeof(*u));
++ list2tq(&u->users, members);
++ list2tq(&u->privileges, privs);
++ u->prev = u;
++ /* u->next = NULL; */
++ tq_append(&userspecs, u);
++
++ debug_return;
++}
++
++/*
++ * Free up space used by data structures from a previous parser run and sets
++ * the current sudoers file to path.
++ */
++void
++init_parser(const char *path, bool quiet)
++{
++ struct defaults *d;
++ struct member *m, *binding;
++ struct userspec *us;
++ struct privilege *priv;
++ struct cmndspec *cs;
++ struct sudo_command *c;
++ debug_decl(init_parser, SUDO_DEBUG_PARSER)
++
++ while ((us = tq_pop(&userspecs)) != NULL) {
++ while ((m = tq_pop(&us->users)) != NULL) {
++ efree(m->name);
++ efree(m);
++ }
++ while ((priv = tq_pop(&us->privileges)) != NULL) {
++ struct member *runasuser = NULL, *runasgroup = NULL;
++#ifdef HAVE_SELINUX
++ char *role = NULL, *type = NULL;
++#endif /* HAVE_SELINUX */
++#ifdef HAVE_PRIV_SET
++ char *privs = NULL, *limitprivs = NULL;
++#endif /* HAVE_PRIV_SET */
++
++ while ((m = tq_pop(&priv->hostlist)) != NULL) {
++ efree(m->name);
++ efree(m);
++ }
++ while ((cs = tq_pop(&priv->cmndlist)) != NULL) {
++#ifdef HAVE_SELINUX
++ /* Only free the first instance of a role/type. */
++ if (cs->role != role) {
++ role = cs->role;
++ efree(cs->role);
++ }
++ if (cs->type != type) {
++ type = cs->type;
++ efree(cs->type);
++ }
++#endif /* HAVE_SELINUX */
++#ifdef HAVE_PRIV_SET
++ /* Only free the first instance of privs/limitprivs. */
++ if (cs->privs != privs) {
++ privs = cs->privs;
++ efree(cs->privs);
++ }
++ if (cs->limitprivs != limitprivs) {
++ limitprivs = cs->limitprivs;
++ efree(cs->limitprivs);
++ }
++#endif /* HAVE_PRIV_SET */
++ if (tq_last(&cs->runasuserlist) != runasuser) {
++ runasuser = tq_last(&cs->runasuserlist);
++ while ((m = tq_pop(&cs->runasuserlist)) != NULL) {
++ efree(m->name);
++ efree(m);
++ }
++ }
++ if (tq_last(&cs->runasgrouplist) != runasgroup) {
++ runasgroup = tq_last(&cs->runasgrouplist);
++ while ((m = tq_pop(&cs->runasgrouplist)) != NULL) {
++ efree(m->name);
++ efree(m);
++ }
++ }
++ if (cs->cmnd->type == COMMAND) {
++ c = (struct sudo_command *) cs->cmnd->name;
++ efree(c->cmnd);
++ efree(c->args);
++ }
++ efree(cs->cmnd->name);
++ efree(cs->cmnd);
++ efree(cs);
++ }
++ efree(priv);
++ }
++ efree(us);
++ }
++ tq_init(&userspecs);
++
++ binding = NULL;
++ while ((d = tq_pop(&defaults)) != NULL) {
++ if (tq_last(&d->binding) != binding) {
++ binding = tq_last(&d->binding);
++ while ((m = tq_pop(&d->binding)) != NULL) {
++ if (m->type == COMMAND) {
++ c = (struct sudo_command *) m->name;
++ efree(c->cmnd);
++ efree(c->args);
++ }
++ efree(m->name);
++ efree(m);
++ }
++ }
++ efree(d->var);
++ efree(d->val);
++ efree(d);
++ }
++ tq_init(&defaults);
++
++ init_aliases();
++
++ init_lexer();
++
++ efree(sudoers);
++ sudoers = path ? estrdup(path) : NULL;
++
++ parse_error = false;
++ errorlineno = -1;
++ errorfile = sudoers;
++ sudoers_warnings = !quiet;
++
++ debug_return;
+ }
+diff -up sudo-1.8.6p7/plugins/sudoers/gram.h.digest-backport sudo-1.8.6p7/plugins/sudoers/gram.h
+--- sudo-1.8.6p7/plugins/sudoers/gram.h.digest-backport 2013-02-25 20:42:44.000000000 +0100
++++ sudo-1.8.6p7/plugins/sudoers/gram.h 2015-07-06 11:42:33.131904756 +0200
+@@ -1,51 +1,177 @@
+-#define COMMAND 257
+-#define ALIAS 258
+-#define DEFVAR 259
+-#define NTWKADDR 260
+-#define NETGROUP 261
+-#define USERGROUP 262
+-#define WORD 263
+-#define DEFAULTS 264
+-#define DEFAULTS_HOST 265
+-#define DEFAULTS_USER 266
+-#define DEFAULTS_RUNAS 267
+-#define DEFAULTS_CMND 268
+-#define NOPASSWD 269
+-#define PASSWD 270
+-#define NOEXEC 271
+-#define EXEC 272
+-#define SETENV 273
+-#define NOSETENV 274
+-#define LOG_INPUT 275
+-#define NOLOG_INPUT 276
+-#define LOG_OUTPUT 277
+-#define NOLOG_OUTPUT 278
+-#define ALL 279
+-#define COMMENT 280
+-#define HOSTALIAS 281
+-#define CMNDALIAS 282
+-#define USERALIAS 283
+-#define RUNASALIAS 284
+-#define ERROR 285
+-#define TYPE 286
+-#define ROLE 287
+-#define PRIVS 288
+-#define LIMITPRIVS 289
+-#define MYSELF 290
+-#ifndef YYSTYPE_DEFINED
+-#define YYSTYPE_DEFINED
+-typedef union {
++/* A Bison parser, made by GNU Bison 2.7. */
++
++/* Bison interface for Yacc-like parsers in C
++
++ Copyright (C) 1984, 1989-1990, 2000-2012 Free Software Foundation, Inc.
++
++ This program is free software: you can redistribute it and/or modify
++ it under the terms of the GNU General Public License as published by
++ the Free Software Foundation, either version 3 of the License, or
++ (at your option) any later version.
++
++ This program is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ GNU General Public License for more details.
++
++ You should have received a copy of the GNU General Public License
++ along with this program. If not, see <http://www.gnu.org/licenses/>. */
++
++/* As a special exception, you may create a larger work that contains
++ part or all of the Bison parser skeleton and distribute that work
++ under terms of your choice, so long as that work isn't itself a
++ parser generator using the skeleton or a modified version thereof
++ as a parser skeleton. Alternatively, if you modify or redistribute
++ the parser skeleton itself, you may (at your option) remove this
++ special exception, which will cause the skeleton and the resulting
++ Bison output files to be licensed under the GNU General Public
++ License without this special exception.
++
++ This special exception was added by the Free Software Foundation in
++ version 2.2 of Bison. */
++
++#ifndef YY_YY_Y_TAB_H_INCLUDED
++# define YY_YY_Y_TAB_H_INCLUDED
++/* Enabling traces. */
++#ifndef YYDEBUG
++# define YYDEBUG 1
++#endif
++#if YYDEBUG
++extern int yydebug;
++#endif
++
++/* Tokens. */
++#ifndef YYTOKENTYPE
++# define YYTOKENTYPE
++ /* Put the tokens into the symbol table, so that GDB and other debuggers
++ know about them. */
++ enum yytokentype {
++ COMMAND = 258,
++ ALIAS = 259,
++ DEFVAR = 260,
++ NTWKADDR = 261,
++ NETGROUP = 262,
++ USERGROUP = 263,
++ WORD = 264,
++ DIGEST = 265,
++ DEFAULTS = 266,
++ DEFAULTS_HOST = 267,
++ DEFAULTS_USER = 268,
++ DEFAULTS_RUNAS = 269,
++ DEFAULTS_CMND = 270,
++ NOPASSWD = 271,
++ PASSWD = 272,
++ NOEXEC = 273,
++ EXEC = 274,
++ SETENV = 275,
++ NOSETENV = 276,
++ LOG_INPUT = 277,
++ NOLOG_INPUT = 278,
++ LOG_OUTPUT = 279,
++ NOLOG_OUTPUT = 280,
++ ALL = 281,
++ COMMENT = 282,
++ HOSTALIAS = 283,
++ CMNDALIAS = 284,
++ USERALIAS = 285,
++ RUNASALIAS = 286,
++ ERROR = 287,
++ TYPE = 288,
++ ROLE = 289,
++ PRIVS = 290,
++ LIMITPRIVS = 291,
++ MYSELF = 292,
++ SHA224 = 293,
++ SHA256 = 294,
++ SHA384 = 295,
++ SHA512 = 296
++ };
++#endif
++/* Tokens. */
++#define COMMAND 258
++#define ALIAS 259
++#define DEFVAR 260
++#define NTWKADDR 261
++#define NETGROUP 262
++#define USERGROUP 263
++#define WORD 264
++#define DIGEST 265
++#define DEFAULTS 266
++#define DEFAULTS_HOST 267
++#define DEFAULTS_USER 268
++#define DEFAULTS_RUNAS 269
++#define DEFAULTS_CMND 270
++#define NOPASSWD 271
++#define PASSWD 272
++#define NOEXEC 273
++#define EXEC 274
++#define SETENV 275
++#define NOSETENV 276
++#define LOG_INPUT 277
++#define NOLOG_INPUT 278
++#define LOG_OUTPUT 279
++#define NOLOG_OUTPUT 280
++#define ALL 281
++#define COMMENT 282
++#define HOSTALIAS 283
++#define CMNDALIAS 284
++#define USERALIAS 285
++#define RUNASALIAS 286
++#define ERROR 287
++#define TYPE 288
++#define ROLE 289
++#define PRIVS 290
++#define LIMITPRIVS 291
++#define MYSELF 292
++#define SHA224 293
++#define SHA256 294
++#define SHA384 295
++#define SHA512 296
++
++
++
++#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
++typedef union YYSTYPE
++{
++/* Line 2058 of yacc.c */
++#line 124 "gram.y"
++
+ struct cmndspec *cmndspec;
+ struct defaults *defaults;
+ struct member *member;
+ struct runascontainer *runas;
+ struct privilege *privilege;
++ struct sudo_digest *digest;
+ struct sudo_command command;
+ struct cmndtag tag;
+ struct selinux_info seinfo;
+ struct solaris_privs_info privinfo;
+ char *string;
+ int tok;
++
++
++/* Line 2058 of yacc.c */
++#line 155 "y.tab.h"
+ } YYSTYPE;
+-#endif /* YYSTYPE_DEFINED */
++# define YYSTYPE_IS_TRIVIAL 1
++# define yystype YYSTYPE /* obsolescent; will be withdrawn */
++# define YYSTYPE_IS_DECLARED 1
++#endif
++
+ extern YYSTYPE yylval;
++
++#ifdef YYPARSE_PARAM
++#if defined __STDC__ || defined __cplusplus
++int yyparse (void *YYPARSE_PARAM);
++#else
++int yyparse ();
++#endif
++#else /* ! YYPARSE_PARAM */
++#if defined __STDC__ || defined __cplusplus
++int yyparse (void);
++#else
++int yyparse ();
++#endif
++#endif /* ! YYPARSE_PARAM */
++
++#endif /* !YY_YY_Y_TAB_H_INCLUDED */
+diff -up sudo-1.8.6p7/plugins/sudoers/gram.y.digest-backport sudo-1.8.6p7/plugins/sudoers/gram.y
+--- sudo-1.8.6p7/plugins/sudoers/gram.y.digest-backport 2013-02-25 20:42:44.000000000 +0100
++++ sudo-1.8.6p7/plugins/sudoers/gram.y 2015-07-06 11:42:33.131904756 +0200
+@@ -91,6 +91,8 @@ static void add_defaults(int, struct me
+ static void add_userspec(struct member *, struct privilege *);
+ static struct defaults *new_default(char *, char *, int);
+ static struct member *new_member(char *, int);
++static struct sudo_digest *new_digest(int, const char *);
++
+ void yyerror(const char *);
+
+ void
+@@ -125,6 +127,7 @@ yyerror(const char *s)
+ struct member *member;
+ struct runascontainer *runas;
+ struct privilege *privilege;
++ struct sudo_digest *digest;
+ struct sudo_command command;
+ struct cmndtag tag;
+ struct selinux_info seinfo;
+@@ -141,6 +144,7 @@ yyerror(const char *s)
+ %token <string> NETGROUP /* a netgroup (+NAME) */
+ %token <string> USERGROUP /* a usergroup (%NAME) */
+ %token <string> WORD /* a word */
++%token <string> DIGEST /* a SHA-2 digest */
+ %token <tok> DEFAULTS /* Defaults entry */
+ %token <tok> DEFAULTS_HOST /* Host-specific defaults entry */
+ %token <tok> DEFAULTS_USER /* User-specific defaults entry */
+@@ -168,8 +172,12 @@ yyerror(const char *s)
+ %token <tok> TYPE /* SELinux type */
+ %token <tok> ROLE /* SELinux role */
+ %token <tok> PRIVS /* Solaris privileges */
+-%token <tok> LIMITPRIVS /* Solaris limit privileges */
++%token <tok> LIMITPRIVS /* Solaris limit privileges */
+ %token <tok> MYSELF /* run as myself, not another user */
++%token <tok> SHA224 /* sha224 digest */
++%token <tok> SHA256 /* sha256 digest */
++%token <tok> SHA384 /* sha384 digest */
++%token <tok> SHA512 /* sha512 digest */
+
+ %type <cmndspec> cmndspec
+ %type <cmndspec> cmndspeclist
+@@ -177,6 +185,7 @@ yyerror(const char *s)
+ %type <defaults> defaults_list
+ %type <member> cmnd
+ %type <member> opcmnd
++%type <member> digcmnd
+ %type <member> cmndlist
+ %type <member> host
+ %type <member> hostlist
+@@ -198,6 +207,7 @@ yyerror(const char *s)
+ %type <privinfo> solarisprivs
+ %type <string> privsspec
+ %type <string> limitprivsspec
++%type <digest> digest
+
+ %%
+
+@@ -355,7 +365,7 @@ cmndspeclist : cmndspec
+ }
+ ;
+
+-cmndspec : runasspec selinux solarisprivs cmndtag opcmnd {
++cmndspec : runasspec selinux solarisprivs cmndtag digcmnd {
+ struct cmndspec *cs = ecalloc(1, sizeof(*cs));
+ if ($1 != NULL) {
+ list2tq(&cs->runasuserlist, $1->runasusers);
+@@ -385,6 +395,33 @@ cmndspec : runasspec selinux solarispriv
+ }
+ ;
+
++digest : SHA224 ':' DIGEST {
++ $$ = new_digest(SUDO_DIGEST_SHA224, $3);
++ }
++ | SHA256 ':' DIGEST {
++ $$ = new_digest(SUDO_DIGEST_SHA256, $3);
++ }
++ | SHA384 ':' DIGEST {
++ $$ = new_digest(SUDO_DIGEST_SHA384, $3);
++ }
++ | SHA512 ':' DIGEST {
++ $$ = new_digest(SUDO_DIGEST_SHA512, $3);
++ }
++ ;
++
++digcmnd : opcmnd {
++ $$ = $1;
++ }
++ | digest opcmnd {
++ if ($2->type != COMMAND) {
++ YYERROR;
++ }
++ /* XXX - yuck */
++ ((struct sudo_command *) $2->name)->digest = $1;
++ $$ = $2;
++ }
++ ;
++
+ opcmnd : cmnd {
+ $$ = $1;
+ $$->negated = false;
+@@ -575,8 +612,8 @@ cmndalias : ALIAS '=' cmndlist {
+ }
+ ;
+
+-cmndlist : opcmnd
+- | cmndlist ',' opcmnd {
++cmndlist : digcmnd
++ | cmndlist ',' digcmnd {
+ list_append($1, $3);
+ $$ = $1;
+ }
+@@ -704,6 +741,19 @@ new_member(char *name, int type)
+ debug_return_ptr(m);
+ }
+
++struct sudo_digest *
++new_digest(int digest_type, const char *digest_str)
++{
++ struct sudo_digest *dig;
++ debug_decl(new_digest, SUDO_DEBUG_PARSER)
++
++ dig = emalloc(sizeof(*dig));
++ dig->digest_type = digest_type;
++ dig->digest_str = estrdup(digest_str);
++
++ debug_return_ptr(dig);
++}
++
+ /*
+ * Add a list of defaults structures to the defaults list.
+ * The binding, if non-NULL, specifies a list of hosts, users, or
+diff -up sudo-1.8.6p7/plugins/sudoers/hexchar.c.digest-backport sudo-1.8.6p7/plugins/sudoers/hexchar.c
+--- sudo-1.8.6p7/plugins/sudoers/hexchar.c.digest-backport 2015-07-06 11:42:33.131904756 +0200
++++ sudo-1.8.6p7/plugins/sudoers/hexchar.c 2015-07-06 11:42:33.131904756 +0200
+@@ -0,0 +1,95 @@
++/*
++ * Copyright (c) 2013 Todd C. Miller <Todd.Miller@courtesan.com>
++ *
++ * Permission to use, copy, modify, and distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
++ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++ */
++
++#include <config.h>
++
++#include <sys/types.h>
++#include <stdio.h>
++
++#include "missing.h"
++#include "sudo_debug.h"
++#include "error.h"
++
++int
++hexchar(const char *s)
++{
++ unsigned char result[2];
++ int i;
++ debug_decl(hexchar, SUDO_DEBUG_UTIL)
++
++ for (i = 0; i < 2; i++) {
++ switch (s[i]) {
++ case '0':
++ result[i] = 0;
++ break;
++ case '1':
++ result[i] = 1;
++ break;
++ case '2':
++ result[i] = 2;
++ break;
++ case '3':
++ result[i] = 3;
++ break;
++ case '4':
++ result[i] = 4;
++ break;
++ case '5':
++ result[i] = 5;
++ break;
++ case '6':
++ result[i] = 6;
++ break;
++ case '7':
++ result[i] = 7;
++ break;
++ case '8':
++ result[i] = 8;
++ break;
++ case '9':
++ result[i] = 9;
++ break;
++ case 'A':
++ case 'a':
++ result[i] = 10;
++ break;
++ case 'B':
++ case 'b':
++ result[i] = 11;
++ break;
++ case 'C':
++ case 'c':
++ result[i] = 12;
++ break;
++ case 'D':
++ case 'd':
++ result[i] = 13;
++ break;
++ case 'E':
++ case 'e':
++ result[i] = 14;
++ break;
++ case 'F':
++ case 'f':
++ result[i] = 15;
++ break;
++ default:
++ /* Should not happen. */
++ errorx(1, "internal error, \\x%s not in proper hex format", s);
++ }
++ }
++ debug_return_int((result[0] << 4) | result[1]);
++}
+diff -up sudo-1.8.6p7/plugins/sudoers/ldap.c.digest-backport sudo-1.8.6p7/plugins/sudoers/ldap.c
+--- sudo-1.8.6p7/plugins/sudoers/ldap.c.digest-backport 2015-07-06 11:42:33.123904876 +0200
++++ sudo-1.8.6p7/plugins/sudoers/ldap.c 2015-07-06 12:05:06.636565082 +0200
+@@ -805,6 +805,68 @@ sudo_ldap_check_runas(LDAP *ld, LDAPMess
+ debug_return_bool(ret);
+ }
+
++static struct sudo_digest *
++sudo_ldap_extract_digest(char **cmnd, struct sudo_digest *digest)
++{
++ char *ep, *cp = *cmnd;
++ int digest_type = SUDO_DIGEST_INVALID;
++ debug_decl(sudo_ldap_extract_digest, SUDO_DEBUG_LDAP)
++
++ /*
++ * Check for and extract a digest prefix, e.g.
++ * sha224:d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1 /bin/ls
++ */
++ if (cp[0] == 's' && cp[1] == 'h' && cp[2] == 'a') {
++ switch (cp[3]) {
++ case '2':
++ if (cp[4] == '2' && cp[5] == '4')
++ digest_type = SUDO_DIGEST_SHA224;
++ else if (cp[4] == '5' && cp[5] == '6')
++ digest_type = SUDO_DIGEST_SHA256;
++ break;
++ case '3':
++ if (cp[4] == '8' && cp[5] == '4')
++ digest_type = SUDO_DIGEST_SHA384;
++ break;
++ case '5':
++ if (cp[4] == '1' && cp[5] == '2')
++ digest_type = SUDO_DIGEST_SHA512;
++ break;
++ }
++ if (digest_type != SUDO_DIGEST_INVALID) {
++ cp += 6;
++ while (isblank((unsigned char)*cp))
++ cp++;
++ if (*cp == ':') {
++ cp++;
++ while (isblank((unsigned char)*cp))
++ cp++;
++ ep = cp;
++ while (*ep != '\0' && !isblank((unsigned char)*ep))
++ ep++;
++ if (*ep != '\0') {
++ digest->digest_type = digest_type;
++ digest->digest_str = strndup(cp, (size_t)(ep - cp));
++ if (digest->digest_str == NULL) {
++ debug_return_ptr(NULL);
++ }
++ cp = ep + 1;
++ while (isblank((unsigned char)*cp))
++ cp++;
++ *cmnd = cp;
++ DPRINTF(("%s digest %s for %s",
++ digest_type == SUDO_DIGEST_SHA224 ? "sha224" :
++ digest_type == SUDO_DIGEST_SHA256 ? "sha256" :
++ digest_type == SUDO_DIGEST_SHA384 ? "sha384" :
++ "sha512", digest->digest_str, cp), 2);
++ debug_return_ptr(digest);
++ }
++ }
++ }
++ }
++ debug_return_ptr(NULL);
++}
++
+ /*
+ * Walk through search results and return true if we have a command match,
+ * false if disallowed and UNSPEC if not matched.
+@@ -812,6 +874,7 @@ sudo_ldap_check_runas(LDAP *ld, LDAPMess
+ static int
+ sudo_ldap_check_command(LDAP *ld, LDAPMessage *entry, int *setenv_implied)
+ {
++ struct sudo_digest digest, *allowed_digest = NULL;
+ struct berval **bv, **p;
+ char *allowed_cmnd, *allowed_args, *val;
+ bool foundbang;
+@@ -836,6 +899,9 @@ sudo_ldap_check_command(LDAP *ld, LDAPMe
+ continue;
+ }
+
++ /* check for sha-2 digest */
++ allowed_digest = sudo_ldap_extract_digest(&val, &digest);
++
+ /* check for !command */
+ if (*val == '!') {
+ foundbang = true;
+@@ -851,7 +917,7 @@ sudo_ldap_check_command(LDAP *ld, LDAPMe
+ *allowed_args++ = '\0';
+
+ /* check the command like normal */
+- if (command_matches(allowed_cmnd, allowed_args)) {
++ if (command_matches(allowed_cmnd, allowed_args, allowed_digest)) {
+ /*
+ * If allowed (no bang) set ret but keep on checking.
+ * If disallowed (bang), exit loop.
+@@ -861,6 +927,9 @@ sudo_ldap_check_command(LDAP *ld, LDAPMe
+ DPRINTF(("ldap sudoCommand '%s' ... %s", val,
+ ret == true ? "MATCH!" : "not"), 2);
+
++ if (allowed_digest != NULL)
++ free(allowed_digest->digest_str);
++
+ efree(allowed_cmnd); /* cleanup */
+ }
+
+diff -up sudo-1.8.6p7/plugins/sudoers/Makefile.in.digest-backport sudo-1.8.6p7/plugins/sudoers/Makefile.in
+--- sudo-1.8.6p7/plugins/sudoers/Makefile.in.digest-backport 2015-07-06 11:42:33.112905042 +0200
++++ sudo-1.8.6p7/plugins/sudoers/Makefile.in 2015-07-06 11:42:33.132904741 +0200
+@@ -50,6 +50,7 @@ LT_LIBS = $(top_builddir)/common/libcomm
+ LIBS = $(LT_LIBS) @LIBINTL@
+ NET_LIBS = @NET_LIBS@
+ SUDOERS_LIBS = @SUDOERS_LIBS@ @AFS_LIBS@ @GETGROUPS_LIB@ $(LIBS) $(NET_LIBS) @ZLIB@
++LIBPARSESUDOERS_LIBS = @LIBPARSESUDOERS_LIBS@
+ REPLAY_LIBS = @REPLAY_LIBS@ @ZLIB@
+
+ # C preprocessor flags
+@@ -129,7 +130,7 @@ AUTH_OBJS = sudo_auth.lo @AUTH_OBJS@
+
+ LIBPARSESUDOERS_OBJS = alias.lo audit.lo defaults.lo gram.lo match.lo \
+ match_addr.lo pwutil.lo timestr.lo toke.lo \
+- toke_util.lo redblack.lo
++ toke_util.lo redblack.lo hexchar.lo filedigest.lo
+
+ SUDOERS_OBJS = $(AUTH_OBJS) boottime.lo check.lo env.lo goodpath.lo \
+ group_plugin.lo find_path.lo interfaces.lo logging.lo \
+@@ -184,7 +185,7 @@ Makefile: $(srcdir)/Makefile.in
+ (cd $(top_builddir) && ./config.status --file plugins/sudoers/Makefile)
+
+ libparsesudoers.la: $(LIBPARSESUDOERS_OBJS)
+- $(LIBTOOL) --mode=link $(CC) -o $@ $(LIBPARSESUDOERS_OBJS) -no-install
++ $(LIBTOOL) --mode=link $(CC) -o $@ $(LIBPARSESUDOERS_OBJS) $(LIBPARSESUDOERS_LIBS) -no-install
+
+ sudoers.la: $(SUDOERS_OBJS) $(LT_LIBS) libparsesudoers.la @LT_LDDEP@
+ $(LIBTOOL) @LT_STATIC@ --mode=link $(CC) $(LDFLAGS) $(LT_LDFLAGS) -o $@ $(SUDOERS_OBJS) libparsesudoers.la $(SUDOERS_LIBS) -module -avoid-version -rpath $(plugindir)
+@@ -512,6 +513,10 @@ env.lo: $(srcdir)/env.c $(top_builddir)/
+ error.o: $(top_srcdir)/src/error.c $(top_builddir)/config.h \
+ $(incdir)/missing.h $(incdir)/error.h $(incdir)/gettext.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(top_srcdir)/src/error.c
++filedigest.lo: $(srcdir)/filedigest.c $(top_builddir)/config.h $(incdir)/missing.h \
++ $(incdir)/sudo_debug.h $(incdir)/error.h
++ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/filedigest.c
++filedigest.o: filedigest.lo
+ find_path.lo: $(srcdir)/find_path.c $(top_builddir)/config.h \
+ $(srcdir)/sudoers.h $(top_srcdir)/compat/stdbool.h \
+ $(top_builddir)/pathnames.h $(incdir)/missing.h \
+@@ -565,6 +570,10 @@ group_plugin.lo: $(srcdir)/group_plugin.
+ $(incdir)/gettext.h
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/group_plugin.c
+ group_plugin.o: group_plugin.lo
++hexchar.lo: $(srcdir)/hexchar.c $(top_builddir)/config.h $(incdir)/missing.h \
++ $(incdir)/sudo_debug.h $(incdir)/error.h
++ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/hexchar.c
++hexchar.o: hexchar.lo
+ interfaces.lo: $(srcdir)/interfaces.c $(top_builddir)/config.h \
+ $(srcdir)/sudoers.h $(top_srcdir)/compat/stdbool.h \
+ $(top_builddir)/pathnames.h $(incdir)/missing.h \
+diff -up sudo-1.8.6p7/plugins/sudoers/match.c.digest-backport sudo-1.8.6p7/plugins/sudoers/match.c
+--- sudo-1.8.6p7/plugins/sudoers/match.c.digest-backport 2015-07-06 11:42:33.120904922 +0200
++++ sudo-1.8.6p7/plugins/sudoers/match.c 2015-07-06 11:42:33.132904741 +0200
+@@ -53,9 +53,6 @@
+ #ifdef HAVE_NETGROUP_H
+ # include <netgroup.h>
+ #endif /* HAVE_NETGROUP_H */
+-#include <ctype.h>
+-#include <pwd.h>
+-#include <grp.h>
+ #include <netdb.h>
+ #ifdef HAVE_DIRENT_H
+ # include <dirent.h>
+@@ -73,9 +70,14 @@
+ # include <ndir.h>
+ # endif
+ #endif
++#include <ctype.h>
++#include <pwd.h>
++#include <grp.h>
++#include <errno.h>
+
+ #include "sudoers.h"
+ #include "parse.h"
++#include "filedigest.h"
+ #include <gram.h>
+
+ #ifndef HAVE_FNMATCH
+@@ -90,7 +92,7 @@ static struct member_list empty;
+ static bool command_matches_dir(char *, size_t);
+ static bool command_matches_glob(char *, char *);
+ static bool command_matches_fnmatch(char *, char *);
+-static bool command_matches_normal(char *, char *);
++static bool command_matches_normal(char *, char *, struct sudo_digest *);
+
+ /*
+ * Returns true if string 's' contains meta characters.
+@@ -339,7 +341,7 @@ cmnd_matches(struct member *m)
+ break;
+ case COMMAND:
+ c = (struct sudo_command *)m->name;
+- if (command_matches(c->cmnd, c->args))
++ if (command_matches(c->cmnd, c->args, c->digest))
+ matched = !m->negated;
+ break;
+ }
+@@ -347,9 +349,7 @@ cmnd_matches(struct member *m)
+ }
+
+ static bool
+-command_args_match(sudoers_cmnd, sudoers_args)
+- char *sudoers_cmnd;
+- char *sudoers_args;
++command_args_match(char *sudoers_cmnd, char *sudoers_args)
+ {
+ int flags = 0;
+ debug_decl(command_args_match, SUDO_DEBUG_MATCH)
+@@ -380,7 +380,7 @@ command_args_match(sudoers_cmnd, sudoers
+ * otherwise, return true if user_cmnd names one of the inodes in path.
+ */
+ bool
+-command_matches(char *sudoers_cmnd, char *sudoers_args)
++command_matches(char *sudoers_cmnd, char *sudoers_args, struct sudo_digest *digest)
+ {
+ debug_decl(command_matches, SUDO_DEBUG_MATCH)
+
+@@ -412,7 +412,7 @@ command_matches(char *sudoers_cmnd, char
+ debug_return_bool(command_matches_fnmatch(sudoers_cmnd, sudoers_args));
+ debug_return_bool(command_matches_glob(sudoers_cmnd, sudoers_args));
+ }
+- debug_return_bool(command_matches_normal(sudoers_cmnd, sudoers_args));
++ debug_return_bool(command_matches_normal(sudoers_cmnd, sudoers_args, digest));
+ }
+
+ static bool
+@@ -509,8 +509,119 @@ command_matches_glob(char *sudoers_cmnd,
+ debug_return_bool(false);
+ }
+
++/*
++ * Decode a NUL-terminated string in base64 format and store the
++ * result in dst.
++ */
++size_t
++base64_decode(const char *str, unsigned char *dst, size_t dsize)
++{
++ static const char b64[] =
++ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
++ const unsigned char *dst0 = dst;
++ const unsigned char *dend = dst + dsize;
++ unsigned char ch[4];
++ char *pos;
++ int i;
++ debug_decl(base64_decode, SUDO_DEBUG_MATCH)
++
++ /*
++ * Convert from base64 to binary. Each base64 char holds 6 bits of data
++ * so 4 base64 chars equals 3 chars of data.
++ * Padding (with the '=' char) may or may not be present.
++ */
++ while (*str != '\0') {
++ for (i = 0; i < 4; i++) {
++ switch (*str) {
++ case '=':
++ str++;
++ /* FALLTHROUGH */
++ case '\0':
++ ch[i] = '=';
++ break;
++ default:
++ if ((pos = strchr(b64, *str++)) == NULL)
++ debug_return_size_t((size_t)-1);
++ ch[i] = (unsigned char)(pos - b64);
++ break;
++ }
++ }
++ if (ch[0] == '=' || ch[1] == '=' || dst == dend)
++ break;
++ *dst++ = (ch[0] << 2) | ((ch[1] & 0x30) >> 4);
++ if (ch[2] == '=' || dst == dend)
++ break;
++ *dst++ = ((ch[1] & 0x0f) << 4) | ((ch[2] & 0x3c) >> 2);
++ if (ch[3] == '=' || dst == dend)
++ break;
++ *dst++ = ((ch[2] & 0x03) << 6) | ch[3];
++ }
++ debug_return_size_t((size_t)(dst - dst0));
++}
++
++static bool
++digest_matches(char *file, struct sudo_digest *sd)
++{
++ unsigned char *sudoers_digest = NULL;
++ size_t sudoers_digest_size;
++ unsigned char *file_digest = NULL;
++ size_t file_digest_size;
++ int i;
++ debug_decl(digest_matches, SUDO_DEBUG_MATCH);
++
++ if (sudo_filedigest(file, sd->digest_type,
++ &file_digest, &file_digest_size) != 0) {
++ warningx(_("Cannot compute digest type %d for %s"), sd->digest_type, file);
++ debug_return_bool(false);
++ }
++
++ /* First convert the digest from sudoers from ascii to binary. */
++ sudoers_digest = emalloc(file_digest_size);
++ sudoers_digest_size = file_digest_size;
++
++ if (sudoers_digest == NULL) {
++ efree(file_digest);
++ debug_return_bool(false);
++ }
++
++ /* Check whether the digest is specifed as a hexchar string */
++ if (strlen(sd->digest_str) == file_digest_size * 2) {
++ for (i = 0; i < sudoers_digest_size; i++) {
++ if (!isxdigit((unsigned char)sd->digest_str[i + i]) ||
++ !isxdigit((unsigned char)sd->digest_str[i + i + 1])) {
++ warningx(_("digest for %s (%s) is not in %s form"), file,
++ sd->digest_str, sd->digest_str);
++ goto bad_format;
++ }
++ sudoers_digest[i] = hexchar(&sd->digest_str[i + i]);
++ }
++ }
++ /* Try base64 */
++ else {
++ if (base64_decode(sd->digest_str, sudoers_digest,
++ sudoers_digest_size) != file_digest_size) {
++ goto bad_format;
++ }
++ }
++
++ bool match = memcmp(file_digest, sudoers_digest, file_digest_size) == 0;
++
++ efree(sudoers_digest);
++ efree(file_digest);
++
++ debug_return_bool(match);
++ bad_format:
++ warningx(_("digest for %s (%s) is not in %s form"), file,
++ sd->digest_str, sd->digest_str);
++ if (sudoers_digest)
++ efree(sudoers_digest);
++ if (file_digest)
++ efree(file_digest);
++ debug_return_bool(false);
++}
++
+ static bool
+-command_matches_normal(char *sudoers_cmnd, char *sudoers_args)
++command_matches_normal(char *sudoers_cmnd, char *sudoers_args, struct sudo_digest *digest)
+ {
+ struct stat sudoers_stat;
+ char *base;
+@@ -541,12 +652,15 @@ command_matches_normal(char *sudoers_cmn
+ (user_stat->st_dev != sudoers_stat.st_dev ||
+ user_stat->st_ino != sudoers_stat.st_ino))
+ debug_return_bool(false);
+- if (command_args_match(sudoers_cmnd, sudoers_args)) {
+- efree(safe_cmnd);
+- safe_cmnd = estrdup(sudoers_cmnd);
+- debug_return_bool(true);
++ if (!command_args_match(sudoers_cmnd, sudoers_args))
++ debug_return_bool(false);
++ if (digest != NULL && !digest_matches(sudoers_cmnd, digest)) {
++ /* XXX - log functions not available but we should log very loudly */
++ debug_return_bool(false);
+ }
+- debug_return_bool(false);
++ efree(safe_cmnd);
++ safe_cmnd = estrdup(sudoers_cmnd);
++ debug_return_bool(true);
+ }
+
+ /*
+diff -up sudo-1.8.6p7/plugins/sudoers/parse.h.digest-backport sudo-1.8.6p7/plugins/sudoers/parse.h
+--- sudo-1.8.6p7/plugins/sudoers/parse.h.digest-backport 2015-07-06 11:42:33.120904922 +0200
++++ sudo-1.8.6p7/plugins/sudoers/parse.h 2015-07-06 11:42:33.132904741 +0200
+@@ -27,12 +27,21 @@
+ #undef IMPLIED
+ #define IMPLIED 2
+
++#include "filedigest.h"
++
++struct sudo_digest {
++ int digest_type;
++ char *digest_str;
++};
++
+ /*
+- * A command with args. XXX - merge into struct member.
++ * A command with args and digest.
++ * XXX - merge into struct member.
+ */
+ struct sudo_command {
+ char *cmnd;
+ char *args;
++ struct sudo_digest *digest;
+ };
+
+ /*
+@@ -117,6 +126,7 @@ struct cmndspec {
+ struct member_list runasuserlist; /* list of runas users */
+ struct member_list runasgrouplist; /* list of runas groups */
+ struct member *cmnd; /* command to allow/deny */
++ char *digest; /* optional command digest */
+ struct cmndtag tags; /* tag specificaion */
+ #ifdef HAVE_SELINUX
+ char *role, *type; /* SELinux role and type */
+@@ -183,11 +193,14 @@ void init_aliases(void);
+ /* gram.c */
+ void init_parser(const char *, bool);
+
++/* hexchar.c */
++int hexchar(const char *s);
++
+ /* match_addr.c */
+ bool addr_matches(char *n);
+
+ /* match.c */
+-bool command_matches(char *sudoers_cmnd, char *sudoers_args);
++bool command_matches(char *sudoers_cmnd, char *sudoers_args, struct sudo_digest *);
+ bool group_matches(const char *sudoers_group, const struct group *gr);
+ bool hostname_matches(const char *shost, const char *lhost, const char *pattern);
+ bool netgr_matches(const char *netgr, const char *lhost, const char *shost, const char *user);
+diff -up sudo-1.8.6p7/plugins/sudoers/sssd.c.digest-backport sudo-1.8.6p7/plugins/sudoers/sssd.c
+--- sudo-1.8.6p7/plugins/sudoers/sssd.c.digest-backport 2015-07-06 11:42:33.123904876 +0200
++++ sudo-1.8.6p7/plugins/sudoers/sssd.c 2015-07-06 12:03:21.220149218 +0200
+@@ -812,6 +812,74 @@ sudo_sss_check_bool(struct sudo_sss_hand
+ }
+
+ /*
++ * If a digest prefix is present, fills in struct sudo_digest
++ * and returns a pointer to it, updating cmnd to point to the
++ * command after the digest.
++ */
++static struct sudo_digest *
++sudo_sss_extract_digest(char **cmnd, struct sudo_digest *digest)
++{
++ char *ep, *cp = *cmnd;
++ int digest_type = SUDO_DIGEST_INVALID;
++ debug_decl(sudo_sss_check_command, SUDO_DEBUG_SSSD)
++
++ /*
++ * Check for and extract a digest prefix, e.g.
++ * sha224:d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1 /bin/ls
++ */
++ if (cp[0] == 's' && cp[1] == 'h' && cp[2] == 'a') {
++ switch (cp[3]) {
++ case '2':
++ if (cp[4] == '2' && cp[5] == '4')
++ digest_type = SUDO_DIGEST_SHA224;
++ else if (cp[4] == '5' && cp[5] == '6')
++ digest_type = SUDO_DIGEST_SHA256;
++ break;
++ case '3':
++ if (cp[4] == '8' && cp[5] == '4')
++ digest_type = SUDO_DIGEST_SHA384;
++ break;
++ case '5':
++ if (cp[4] == '1' && cp[5] == '2')
++ digest_type = SUDO_DIGEST_SHA512;
++ break;
++ }
++ if (digest_type != SUDO_DIGEST_INVALID) {
++ cp += 6;
++ while (isblank((unsigned char)*cp))
++ cp++;
++ if (*cp == ':') {
++ cp++;
++ while (isblank((unsigned char)*cp))
++ cp++;
++ ep = cp;
++ while (*ep != '\0' && !isblank((unsigned char)*ep))
++ ep++;
++ if (*ep != '\0') {
++ digest->digest_type = digest_type;
++ digest->digest_str = strndup(cp, (size_t)(ep - cp));
++ if (digest->digest_str == NULL) {
++ debug_return_ptr(NULL);
++ }
++ cp = ep + 1;
++ while (isblank((unsigned char)*cp))
++ cp++;
++ *cmnd = cp;
++ sudo_debug_printf(SUDO_DEBUG_INFO,
++ "%s digest %s for %s",
++ digest_type == SUDO_DIGEST_SHA224 ? "sha224" :
++ digest_type == SUDO_DIGEST_SHA256 ? "sha256" :
++ digest_type == SUDO_DIGEST_SHA384 ? "sha384" :
++ "sha512", digest->digest_str, cp);
++ debug_return_ptr(digest);
++ }
++ }
++ }
++ }
++ debug_return_ptr(NULL);
++}
++
++/*
+ * Walk through search results and return true if we have a command match,
+ * false if disallowed and UNSPEC if not matched.
+ */
+@@ -822,6 +890,7 @@ sudo_sss_check_command(struct sudo_sss_h
+ char **val_array = NULL, *val;
+ char *allowed_cmnd, *allowed_args;
+ int i, foundbang, ret = UNSPEC;
++ struct sudo_digest digest, *allowed_digest = NULL;
+ debug_decl(sudo_sss_check_command, SUDO_DEBUG_SSSD);
+
+ if (rule == NULL)
+@@ -853,6 +922,9 @@ sudo_sss_check_command(struct sudo_sss_h
+ continue;
+ }
+
++ /* check for sha-2 digest */
++ allowed_digest = sudo_sss_extract_digest(&val, &digest);
++
+ /* check for !command */
+ if (*val == '!') {
+ foundbang = true;
+@@ -868,7 +940,7 @@ sudo_sss_check_command(struct sudo_sss_h
+ *allowed_args++ = '\0';
+
+ /* check the command like normal */
+- if (command_matches(allowed_cmnd, allowed_args)) {
++ if (command_matches(allowed_cmnd, allowed_args, allowed_digest)) {
+ /*
+ * If allowed (no bang) set ret but keep on checking.
+ * If disallowed (bang), exit loop.
+@@ -878,6 +950,8 @@ sudo_sss_check_command(struct sudo_sss_h
+
+ sudo_debug_printf(SUDO_DEBUG_INFO, "sssd/ldap sudoCommand '%s' ... %s",
+ val, ret == true ? "MATCH!" : "not");
++ if (allowed_digest != NULL)
++ free(allowed_digest->digest_str);
+ efree(allowed_cmnd); /* cleanup */
+ }
+
+diff -up sudo-1.8.6p7/plugins/sudoers/toke.c.digest-backport sudo-1.8.6p7/plugins/sudoers/toke.c
+--- sudo-1.8.6p7/plugins/sudoers/toke.c.digest-backport 2015-07-06 11:42:33.114905012 +0200
++++ sudo-1.8.6p7/plugins/sudoers/toke.c 2015-07-06 11:42:33.135904696 +0200
+@@ -1,71 +1,114 @@
+ #include <config.h>
+-/* $OpenBSD: flex.skl,v 1.11 2010/08/04 18:24:50 millert Exp $ */
+
+-/* A lexical scanner generated by flex */
++#line 3 "lex.yy.c"
+
+-/* Scanner skeleton version:
+- * $Header: /home/cvs/openbsd/src/usr.bin/lex/flex.skl,v 1.11 2010/08/04 18:24:50 millert Exp $
+- */
++#define YY_INT_ALIGNED short int
++
++/* A lexical scanner generated by flex */
+
+ #define FLEX_SCANNER
+ #define YY_FLEX_MAJOR_VERSION 2
+ #define YY_FLEX_MINOR_VERSION 5
++#define YY_FLEX_SUBMINOR_VERSION 37
++#if YY_FLEX_SUBMINOR_VERSION > 0
++#define FLEX_BETA
++#endif
++
++/* First, we deal with platform-specific or compiler-specific issues. */
+
++/* begin standard C headers. */
+ #include <stdio.h>
++#include <string.h>
+ #include <errno.h>
++#include <stdlib.h>
+
++/* end standard C headers. */
+
+-/* cfront 1.2 defines "c_plusplus" instead of "__cplusplus" */
+-#ifdef c_plusplus
+-#ifndef __cplusplus
+-#define __cplusplus
+-#endif
++/* flex integer type definitions */
++
++#ifndef FLEXINT_H
++#define FLEXINT_H
++
++/* C99 systems have <inttypes.h>. Non-C99 systems may or may not. */
++
++#if defined (__STDC_VERSION__) && __STDC_VERSION__ >= 199901L
++
++/* C99 says to define __STDC_LIMIT_MACROS before including stdint.h,
++ * if you want the limit (max/min) macros for int types.
++ */
++#ifndef __STDC_LIMIT_MACROS
++#define __STDC_LIMIT_MACROS 1
+ #endif
+
++#include <inttypes.h>
++typedef int8_t flex_int8_t;
++typedef uint8_t flex_uint8_t;
++typedef int16_t flex_int16_t;
++typedef uint16_t flex_uint16_t;
++typedef int32_t flex_int32_t;
++typedef uint32_t flex_uint32_t;
++#else
++typedef signed char flex_int8_t;
++typedef short int flex_int16_t;
++typedef int flex_int32_t;
++typedef unsigned char flex_uint8_t;
++typedef unsigned short int flex_uint16_t;
++typedef unsigned int flex_uint32_t;
+
+-#ifdef __cplusplus
++/* Limits of integral types. */
++#ifndef INT8_MIN
++#define INT8_MIN (-128)
++#endif
++#ifndef INT16_MIN
++#define INT16_MIN (-32767-1)
++#endif
++#ifndef INT32_MIN
++#define INT32_MIN (-2147483647-1)
++#endif
++#ifndef INT8_MAX
++#define INT8_MAX (127)
++#endif
++#ifndef INT16_MAX
++#define INT16_MAX (32767)
++#endif
++#ifndef INT32_MAX
++#define INT32_MAX (2147483647)
++#endif
++#ifndef UINT8_MAX
++#define UINT8_MAX (255U)
++#endif
++#ifndef UINT16_MAX
++#define UINT16_MAX (65535U)
++#endif
++#ifndef UINT32_MAX
++#define UINT32_MAX (4294967295U)
++#endif
+
+-#include <stdlib.h>
+-#include <unistd.h>
++#endif /* ! C99 */
+
+-/* Use prototypes in function declarations. */
+-#define YY_USE_PROTOS
++#endif /* ! FLEXINT_H */
++
++#ifdef __cplusplus
+
+ /* The "const" storage-class-modifier is valid. */
+ #define YY_USE_CONST
+
+ #else /* ! __cplusplus */
+
+-#ifdef __STDC__
++/* C99 requires __STDC__ to be defined as 1. */
++#if defined (__STDC__)
+
+-#define YY_USE_PROTOS
+ #define YY_USE_CONST
+
+-#endif /* __STDC__ */
++#endif /* defined (__STDC__) */
+ #endif /* ! __cplusplus */
+
+-#ifdef __TURBOC__
+- #pragma warn -rch
+- #pragma warn -use
+-#include <io.h>
+-#include <stdlib.h>
+-#define YY_USE_CONST
+-#define YY_USE_PROTOS
+-#endif
+-
+ #ifdef YY_USE_CONST
+ #define yyconst const
+ #else
+ #define yyconst
+ #endif
+
+-
+-#ifdef YY_USE_PROTOS
+-#define YY_PROTO(proto) proto
+-#else
+-#define YY_PROTO(proto) ()
+-#endif
+-
+ /* Returned upon end-of-file. */
+ #define YY_NULL 0
+
+@@ -80,71 +123,70 @@
+ * but we do it the disgusting crufty way forced on us by the ()-less
+ * definition of BEGIN.
+ */
+-#define BEGIN yy_start = 1 + 2 *
++#define BEGIN (yy_start) = 1 + 2 *
+
+ /* Translate the current start state into a value that can be later handed
+ * to BEGIN to return to the state. The YYSTATE alias is for lex
+ * compatibility.
+ */
+-#define YY_START ((yy_start - 1) / 2)
++#define YY_START (((yy_start) - 1) / 2)
+ #define YYSTATE YY_START
+
+ /* Action number for EOF rule of a given start state. */
+ #define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1)
+
+ /* Special action meaning "start processing a new file". */
+-#define YY_NEW_FILE yyrestart( yyin )
++#define YY_NEW_FILE yyrestart(yyin )
+
+ #define YY_END_OF_BUFFER_CHAR 0
+
+ /* Size of default input buffer. */
++#ifndef YY_BUF_SIZE
+ #define YY_BUF_SIZE 16384
++#endif
++
++/* The state buf must be large enough to hold one state per character in the main buffer.
++ */
++#define YY_STATE_BUF_SIZE ((YY_BUF_SIZE + 2) * sizeof(yy_state_type))
+
++#ifndef YY_TYPEDEF_YY_BUFFER_STATE
++#define YY_TYPEDEF_YY_BUFFER_STATE
+ typedef struct yy_buffer_state *YY_BUFFER_STATE;
++#endif
++
++#ifndef YY_TYPEDEF_YY_SIZE_T
++#define YY_TYPEDEF_YY_SIZE_T
++typedef size_t yy_size_t;
++#endif
++
++extern yy_size_t yyleng;
+
+-extern int yyleng;
+ extern FILE *yyin, *yyout;
+
+ #define EOB_ACT_CONTINUE_SCAN 0
+ #define EOB_ACT_END_OF_FILE 1
+ #define EOB_ACT_LAST_MATCH 2
+
+-/* The funky do-while in the following #define is used to turn the definition
+- * int a single C statement (which needs a semi-colon terminator). This
+- * avoids problems with code like:
+- *
+- * if ( condition_holds )
+- * yyless( 5 );
+- * else
+- * do_something_else();
+- *
+- * Prior to using the do-while the compiler would get upset at the
+- * "else" because it interpreted the "if" statement as being all
+- * done when it reached the ';' after the yyless() call.
+- */
+-
+-/* Return all but the first 'n' matched characters back to the input stream. */
+-
++ #define YY_LESS_LINENO(n)
++
++/* Return all but the first "n" matched characters back to the input stream. */
+ #define yyless(n) \
+ do \
+ { \
+ /* Undo effects of setting up yytext. */ \
+- *yy_cp = yy_hold_char; \
++ int yyless_macro_arg = (n); \
++ YY_LESS_LINENO(yyless_macro_arg);\
++ *yy_cp = (yy_hold_char); \
+ YY_RESTORE_YY_MORE_OFFSET \
+- yy_c_buf_p = yy_cp = yy_bp + n - YY_MORE_ADJ; \
++ (yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \
+ YY_DO_BEFORE_ACTION; /* set up yytext again */ \
+ } \
+ while ( 0 )
+
+-#define unput(c) yyunput( c, yytext_ptr )
+-
+-/* The following is because we cannot portably get our hands on size_t
+- * (without autoconf's help, which isn't available because we want
+- * flex-generated scanners to compile on their own).
+- */
+-typedef unsigned int yy_size_t;
+-
++#define unput(c) yyunput( c, (yytext_ptr) )
+
++#ifndef YY_STRUCT_YY_BUFFER_STATE
++#define YY_STRUCT_YY_BUFFER_STATE
+ struct yy_buffer_state
+ {
+ FILE *yy_input_file;
+@@ -160,7 +202,7 @@ struct yy_buffer_state
+ /* Number of characters read into yy_ch_buf, not including EOB
+ * characters.
+ */
+- int yy_n_chars;
++ yy_size_t yy_n_chars;
+
+ /* Whether we "own" the buffer - i.e., we know we created it,
+ * and can realloc() it to grow it, and should free() it to
+@@ -181,12 +223,16 @@ struct yy_buffer_state
+ */
+ int yy_at_bol;
+
++ int yy_bs_lineno; /**< The line count. */
++ int yy_bs_column; /**< The column count. */
++
+ /* Whether to try to fill the input buffer when we reach the
+ * end of it.
+ */
+ int yy_fill_buffer;
+
+ int yy_buffer_status;
++
+ #define YY_BUFFER_NEW 0
+ #define YY_BUFFER_NORMAL 1
+ /* When an EOF's been seen but there's still some text to process
+@@ -200,28 +246,38 @@ struct yy_buffer_state
+ * just pointing yyin at a new input file.
+ */
+ #define YY_BUFFER_EOF_PENDING 2
++
+ };
++#endif /* !YY_STRUCT_YY_BUFFER_STATE */
+
+-static YY_BUFFER_STATE yy_current_buffer = 0;
++/* Stack of input buffers. */
++static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */
++static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */
++static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */
+
+ /* We provide macros for accessing buffer states in case in the
+ * future we want to put the buffer states in a more general
+ * "scanner state".
++ *
++ * Returns the top of the stack, or NULL.
+ */
+-#define YY_CURRENT_BUFFER yy_current_buffer
++#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \
++ ? (yy_buffer_stack)[(yy_buffer_stack_top)] \
++ : NULL)
+
++/* Same as previous macro, but useful when we know that the buffer stack is not
++ * NULL or when we need an lvalue. For internal use only.
++ */
++#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)]
+
+ /* yy_hold_char holds the character lost when yytext is formed. */
+ static char yy_hold_char;
+-
+-static int yy_n_chars; /* number of characters read into yy_ch_buf */
+-
+-
+-int yyleng;
++static yy_size_t yy_n_chars; /* number of characters read into yy_ch_buf */
++yy_size_t yyleng;
+
+ /* Points to current character in buffer. */
+ static char *yy_c_buf_p = (char *) 0;
+-static int yy_init = 1; /* whether we need to initialize */
++static int yy_init = 0; /* whether we need to initialize */
+ static int yy_start = 0; /* start state number */
+
+ /* Flag which is used to allow yywrap()'s to do buffer switches
+@@ -229,157 +285,204 @@ static int yy_start = 0; /* start state
+ */
+ static int yy_did_buffer_switch_on_eof;
+
+-void yyrestart YY_PROTO(( FILE *input_file ));
+-
+-void yy_switch_to_buffer YY_PROTO(( YY_BUFFER_STATE new_buffer ));
+-void yy_load_buffer_state YY_PROTO(( void ));
+-YY_BUFFER_STATE yy_create_buffer YY_PROTO(( FILE *file, int size ));
+-void yy_delete_buffer YY_PROTO(( YY_BUFFER_STATE b ));
+-void yy_init_buffer YY_PROTO(( YY_BUFFER_STATE b, FILE *file ));
+-void yy_flush_buffer YY_PROTO(( YY_BUFFER_STATE b ));
+-#define YY_FLUSH_BUFFER yy_flush_buffer( yy_current_buffer )
+-
+-YY_BUFFER_STATE yy_scan_buffer YY_PROTO(( char *base, yy_size_t size ));
+-YY_BUFFER_STATE yy_scan_string YY_PROTO(( yyconst char *yy_str ));
+-YY_BUFFER_STATE yy_scan_bytes YY_PROTO(( yyconst char *bytes, int len ));
+-
+-static void *yy_flex_alloc YY_PROTO(( yy_size_t ));
+-static void *yy_flex_realloc YY_PROTO(( void *, yy_size_t ));
+-static void yy_flex_free YY_PROTO(( void * ));
++void yyrestart (FILE *input_file );
++void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer );
++YY_BUFFER_STATE yy_create_buffer (FILE *file,int size );
++void yy_delete_buffer (YY_BUFFER_STATE b );
++void yy_flush_buffer (YY_BUFFER_STATE b );
++void yypush_buffer_state (YY_BUFFER_STATE new_buffer );
++void yypop_buffer_state (void );
++
++static void yyensure_buffer_stack (void );
++static void yy_load_buffer_state (void );
++static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file );
++
++#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER )
++
++YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size );
++YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str );
++YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,yy_size_t len );
++
++void *yyalloc (yy_size_t );
++void *yyrealloc (void *,yy_size_t );
++void yyfree (void * );
+
+ #define yy_new_buffer yy_create_buffer
+
+ #define yy_set_interactive(is_interactive) \
+ { \
+- if ( ! yy_current_buffer ) \
+- yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \
+- yy_current_buffer->yy_is_interactive = is_interactive; \
++ if ( ! YY_CURRENT_BUFFER ){ \
++ yyensure_buffer_stack (); \
++ YY_CURRENT_BUFFER_LVALUE = \
++ yy_create_buffer(yyin,YY_BUF_SIZE ); \
++ } \
++ YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \
+ }
+
+ #define yy_set_bol(at_bol) \
+ { \
+- if ( ! yy_current_buffer ) \
+- yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \
+- yy_current_buffer->yy_at_bol = at_bol; \
++ if ( ! YY_CURRENT_BUFFER ){\
++ yyensure_buffer_stack (); \
++ YY_CURRENT_BUFFER_LVALUE = \
++ yy_create_buffer(yyin,YY_BUF_SIZE ); \
++ } \
++ YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \
+ }
+
+-#define YY_AT_BOL() (yy_current_buffer->yy_at_bol)
++#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol)
+
++/* Begin user sect3 */
+
+ #define yywrap() 1
+ #define YY_SKIP_YYWRAP
++
+ typedef unsigned char YY_CHAR;
++
+ FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0;
++
+ typedef int yy_state_type;
++
++extern int yylineno;
++
++int yylineno = 1;
++
+ extern char *yytext;
+ #define yytext_ptr yytext
+
+-static yy_state_type yy_get_previous_state YY_PROTO(( void ));
+-static yy_state_type yy_try_NUL_trans YY_PROTO(( yy_state_type current_state ));
+-static int yy_get_next_buffer YY_PROTO(( void ));
+-static void yy_fatal_error YY_PROTO(( yyconst char msg[] ));
++static yy_state_type yy_get_previous_state (void );
++static yy_state_type yy_try_NUL_trans (yy_state_type current_state );
++static int yy_get_next_buffer (void );
++static void yy_fatal_error (yyconst char msg[] );
+
+ /* Done after the current pattern has been matched and before the
+ * corresponding action - sets up yytext.
+ */
+ #define YY_DO_BEFORE_ACTION \
+- yytext_ptr = yy_bp; \
+- yyleng = (int) (yy_cp - yy_bp); \
+- yy_hold_char = *yy_cp; \
++ (yytext_ptr) = yy_bp; \
++ yyleng = (size_t) (yy_cp - yy_bp); \
++ (yy_hold_char) = *yy_cp; \
+ *yy_cp = '\0'; \
+- yy_c_buf_p = yy_cp;
++ (yy_c_buf_p) = yy_cp;
+
+-#define YY_NUM_RULES 61
+-#define YY_END_OF_BUFFER 62
+-static yyconst short int yy_accept[622] =
++#define YY_NUM_RULES 67
++#define YY_END_OF_BUFFER 68
++/* This struct is not used in this scanner,
++ but its presence is necessary. */
++struct yy_trans_info
++ {
++ flex_int32_t yy_verify;
++ flex_int32_t yy_nxt;
++ };
++static yyconst flex_int16_t yy_accept[814] =
+ { 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 62, 49, 57, 56, 55, 48, 60, 32,
+- 50, 51, 32, 52, 49, 49, 49, 49, 54, 53,
+- 60, 44, 44, 44, 44, 44, 44, 44, 44, 44,
+- 44, 60, 49, 49, 57, 60, 44, 44, 44, 44,
+- 44, 2, 60, 1, 49, 44, 44, 49, 17, 16,
+- 17, 16, 16, 60, 60, 60, 3, 9, 8, 9,
+- 4, 9, 5, 60, 13, 13, 13, 11, 12, 49,
+- 0, 57, 55, 0, 59, 0, 49, 34, 0, 32,
+- 0, 33, 0, 47, 47, 0, 49, 49, 0, 49,
+-
+- 49, 49, 49, 0, 37, 44, 44, 44, 44, 44,
+- 44, 44, 44, 44, 44, 44, 44, 49, 58, 49,
+- 57, 0, 0, 0, 0, 0, 0, 49, 49, 49,
+- 49, 49, 2, 1, 0, 1, 45, 45, 0, 49,
+- 17, 17, 15, 14, 15, 0, 0, 3, 9, 0,
+- 6, 7, 9, 9, 13, 0, 13, 13, 0, 10,
+- 0, 0, 0, 34, 34, 0, 0, 49, 49, 49,
+- 49, 49, 0, 0, 37, 37, 44, 39, 44, 44,
+- 44, 44, 44, 44, 44, 44, 44, 44, 44, 44,
+- 49, 0, 0, 0, 0, 0, 0, 49, 49, 49,
+-
+- 49, 49, 0, 49, 10, 0, 49, 49, 49, 49,
+- 49, 49, 0, 38, 38, 38, 0, 0, 37, 37,
+- 37, 37, 37, 37, 37, 44, 44, 44, 44, 44,
+- 44, 44, 44, 44, 44, 40, 44, 41, 49, 0,
+- 0, 0, 0, 0, 0, 49, 49, 49, 49, 49,
+- 49, 49, 0, 0, 38, 38, 38, 0, 37, 37,
+- 0, 37, 37, 37, 37, 37, 37, 37, 37, 37,
+- 37, 37, 0, 25, 44, 44, 44, 44, 44, 44,
+- 44, 44, 42, 44, 49, 0, 0, 0, 0, 49,
+- 49, 49, 49, 49, 49, 49, 49, 0, 38, 0,
+-
+- 37, 37, 37, 0, 0, 0, 37, 37, 37, 37,
+- 37, 37, 37, 37, 37, 37, 37, 37, 37, 44,
+- 44, 44, 44, 44, 44, 44, 44, 44, 49, 0,
+- 0, 0, 49, 49, 49, 35, 35, 35, 0, 0,
+- 37, 37, 37, 37, 37, 37, 37, 0, 0, 0,
+- 0, 0, 37, 37, 37, 37, 37, 37, 37, 37,
+- 37, 37, 37, 37, 37, 37, 44, 44, 44, 0,
+- 24, 44, 44, 44, 44, 0, 23, 0, 26, 49,
+- 0, 0, 0, 49, 49, 49, 49, 35, 35, 35,
+- 35, 0, 37, 0, 37, 37, 37, 37, 37, 37,
+-
+- 37, 37, 37, 37, 37, 0, 0, 0, 37, 37,
+- 37, 37, 37, 37, 37, 37, 37, 37, 37, 37,
+- 37, 44, 44, 44, 44, 44, 44, 44, 46, 0,
+- 0, 0, 49, 20, 45, 36, 36, 36, 36, 37,
+- 0, 0, 0, 37, 37, 37, 37, 37, 37, 37,
+- 37, 37, 37, 37, 37, 37, 0, 0, 0, 0,
+- 0, 37, 37, 37, 37, 37, 37, 37, 37, 44,
+- 44, 44, 44, 44, 0, 22, 0, 27, 0, 20,
+- 0, 0, 49, 0, 49, 49, 49, 36, 36, 36,
+- 36, 0, 0, 0, 0, 0, 37, 37, 37, 37,
++ 0, 0, 0, 0, 68, 55, 63, 62, 61, 54,
++ 66, 34, 56, 57, 34, 58, 55, 55, 55, 55,
++ 60, 59, 66, 46, 46, 46, 46, 46, 46, 46,
++ 46, 46, 46, 66, 55, 55, 63, 66, 46, 46,
++ 46, 46, 46, 2, 66, 1, 55, 46, 46, 55,
++ 17, 16, 17, 16, 16, 66, 66, 66, 3, 9,
++ 8, 9, 4, 9, 5, 66, 13, 13, 13, 11,
++ 12, 66, 19, 19, 18, 18, 18, 19, 18, 18,
++ 18, 19, 19, 19, 19, 19, 18, 19, 19, 55,
++
++ 0, 63, 61, 0, 65, 0, 55, 36, 0, 34,
++ 0, 35, 0, 53, 53, 0, 55, 55, 0, 55,
++ 55, 55, 55, 0, 39, 46, 46, 46, 46, 46,
++ 46, 46, 46, 46, 46, 46, 46, 55, 64, 55,
++ 55, 63, 0, 0, 0, 0, 0, 0, 55, 55,
++ 55, 55, 55, 2, 1, 0, 1, 47, 47, 0,
++ 55, 17, 17, 15, 14, 15, 0, 0, 3, 9,
++ 0, 6, 7, 9, 9, 13, 0, 13, 13, 0,
++ 10, 36, 0, 0, 35, 19, 19, 0, 19, 0,
++ 0, 18, 18, 18, 18, 18, 18, 19, 19, 46,
++
++ 19, 19, 19, 19, 19, 19, 19, 0, 0, 0,
++ 36, 55, 55, 55, 55, 55, 0, 0, 39, 39,
++ 46, 41, 46, 46, 46, 46, 46, 46, 46, 46,
++ 46, 46, 46, 46, 55, 55, 0, 0, 0, 0,
++ 0, 0, 55, 55, 55, 55, 55, 0, 55, 10,
++ 0, 0, 0, 18, 18, 18, 19, 19, 19, 19,
++ 19, 19, 19, 19, 19, 19, 19, 0, 55, 55,
++ 55, 55, 55, 55, 0, 40, 40, 40, 0, 0,
++ 39, 39, 39, 39, 39, 39, 39, 46, 46, 46,
++ 46, 46, 46, 46, 46, 46, 46, 42, 46, 43,
++
++ 55, 55, 55, 55, 0, 0, 0, 0, 0, 0,
++ 55, 55, 55, 55, 0, 0, 0, 0, 0, 18,
++ 18, 19, 46, 19, 19, 19, 19, 19, 19, 19,
++ 19, 19, 19, 55, 55, 55, 0, 0, 40, 40,
++ 40, 0, 39, 39, 0, 39, 39, 39, 39, 39,
++ 39, 39, 39, 39, 39, 39, 0, 27, 46, 46,
++ 46, 46, 46, 46, 46, 46, 44, 46, 55, 55,
++ 55, 55, 55, 0, 0, 0, 0, 55, 55, 55,
++ 0, 0, 0, 18, 18, 46, 46, 19, 19, 19,
++ 19, 19, 19, 19, 19, 19, 19, 19, 55, 55,
++
++ 55, 55, 55, 0, 40, 0, 39, 39, 39, 0,
++ 0, 0, 39, 39, 39, 39, 39, 39, 39, 39,
++ 39, 39, 39, 39, 39, 46, 46, 46, 46, 46,
++ 46, 46, 46, 46, 48, 49, 50, 51, 55, 0,
++ 0, 0, 55, 55, 55, 0, 0, 0, 0, 0,
++ 46, 46, 19, 46, 19, 19, 19, 19, 19, 19,
++ 19, 19, 19, 37, 37, 37, 0, 0, 39, 39,
++ 39, 39, 39, 39, 39, 0, 0, 0, 0, 0,
++ 39, 39, 39, 39, 39, 39, 39, 39, 39, 39,
++ 39, 39, 39, 39, 46, 46, 46, 0, 26, 46,
++
++ 46, 46, 46, 0, 25, 0, 28, 55, 0, 0,
++ 0, 55, 55, 55, 37, 37, 37, 46, 46, 46,
++ 46, 19, 19, 19, 55, 37, 37, 37, 37, 0,
++ 39, 0, 39, 39, 39, 39, 39, 39, 39, 39,
++ 39, 39, 39, 0, 0, 0, 39, 39, 39, 39,
++ 39, 39, 39, 39, 39, 39, 39, 39, 39, 46,
++ 46, 46, 46, 46, 46, 46, 52, 0, 0, 0,
++ 55, 22, 47, 0, 37, 37, 37, 37, 46, 46,
++ 46, 46, 19, 19, 19, 38, 38, 38, 38, 39,
++ 0, 0, 0, 39, 39, 39, 39, 39, 39, 39,
++
++ 39, 39, 39, 39, 39, 39, 0, 0, 0, 0,
++ 0, 39, 39, 39, 39, 39, 39, 39, 39, 46,
++ 46, 46, 46, 46, 0, 24, 0, 29, 0, 22,
++ 0, 0, 55, 0, 55, 38, 38, 38, 38, 46,
++ 46, 46, 46, 55, 55, 38, 38, 38, 38, 0,
++ 0, 0, 0, 0, 39, 39, 39, 39, 39, 39,
++ 39, 39, 39, 39, 39, 39, 39, 39, 39, 39,
++ 39, 39, 39, 39, 45, 0, 32, 46, 46, 46,
++ 0, 0, 0, 20, 0, 23, 22, 0, 0, 0,
++ 0, 0, 22, 0, 0, 0, 38, 38, 38, 38,
++
++ 46, 46, 46, 55, 55, 55, 0, 0, 0, 39,
++ 39, 39, 39, 39, 39, 39, 39, 39, 39, 39,
++ 39, 39, 39, 39, 39, 39, 39, 0, 30, 46,
++ 46, 23, 0, 0, 22, 0, 0, 0, 46, 46,
++ 55, 55, 55, 55, 55, 0, 0, 0, 0, 0,
++ 39, 39, 39, 39, 39, 39, 39, 39, 0, 33,
++ 46, 0, 0, 0, 0, 0, 0, 46, 55, 55,
++ 55, 39, 39, 39, 39, 39, 39, 0, 31, 0,
++ 0, 21, 0, 0, 0, 55, 55, 55, 55, 55,
++ 39, 39, 39, 39, 39, 0, 0, 0, 0, 0,
+
+ 37, 37, 37, 37, 37, 37, 37, 37, 37, 37,
+- 37, 37, 37, 37, 37, 37, 43, 0, 30, 44,
+- 44, 44, 0, 0, 0, 18, 0, 21, 20, 0,
+- 0, 0, 0, 0, 20, 0, 49, 49, 49, 0,
+- 0, 0, 37, 37, 37, 37, 37, 37, 37, 37,
+- 37, 37, 37, 37, 37, 37, 37, 37, 37, 37,
+- 0, 28, 44, 44, 21, 0, 0, 20, 49, 49,
+- 49, 49, 49, 0, 0, 0, 0, 0, 37, 37,
+- 37, 37, 37, 37, 37, 37, 0, 31, 44, 0,
+- 49, 49, 49, 37, 37, 37, 37, 37, 37, 0,
+-
+- 29, 0, 0, 19, 49, 49, 49, 49, 49, 37,
+- 37, 37, 37, 37, 35, 35, 35, 35, 35, 35,
+- 0
++ 37, 37, 0
+ } ;
+
+-static yyconst int yy_ec[256] =
++static yyconst flex_int32_t yy_ec[256] =
+ { 0,
+ 1, 1, 1, 1, 1, 1, 1, 1, 2, 3,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 2, 4, 5, 6, 1, 7, 1, 1, 8,
+ 9, 10, 11, 12, 13, 14, 15, 16, 17, 18,
+- 19, 20, 21, 22, 22, 22, 23, 24, 1, 1,
+- 25, 26, 10, 27, 28, 29, 30, 31, 32, 29,
+- 33, 34, 35, 36, 36, 37, 38, 39, 40, 41,
+- 36, 42, 43, 44, 45, 46, 47, 48, 49, 36,
+- 10, 50, 10, 1, 51, 1, 52, 53, 54, 55,
+-
+- 56, 57, 58, 58, 59, 58, 58, 60, 61, 62,
+- 63, 58, 58, 64, 65, 66, 67, 58, 58, 58,
+- 58, 58, 1, 1, 1, 1, 1, 1, 1, 1,
++ 19, 20, 21, 22, 23, 24, 25, 26, 1, 1,
++ 27, 28, 10, 29, 30, 31, 32, 33, 34, 31,
++ 35, 36, 37, 38, 38, 39, 40, 41, 42, 43,
++ 38, 44, 45, 46, 47, 48, 49, 50, 51, 38,
++ 10, 52, 10, 1, 53, 1, 54, 55, 56, 57,
++
++ 58, 59, 60, 61, 62, 60, 60, 63, 64, 65,
++ 66, 60, 60, 67, 68, 69, 70, 60, 60, 60,
++ 60, 60, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+@@ -396,583 +499,858 @@ static yyconst int yy_ec[256] =
+ 1, 1, 1, 1, 1
+ } ;
+
+-static yyconst int yy_meta[68] =
++static yyconst flex_int32_t yy_meta[71] =
+ { 0,
+ 1, 2, 3, 4, 5, 6, 1, 7, 7, 1,
+- 1, 8, 1, 9, 10, 11, 11, 11, 11, 11,
+- 11, 11, 11, 12, 13, 7, 1, 11, 11, 11,
+- 11, 11, 1, 1, 1, 1, 1, 1, 1, 1,
+- 1, 1, 1, 1, 1, 1, 1, 1, 1, 14,
+- 15, 16, 16, 16, 16, 16, 16, 15, 15, 15,
+- 15, 15, 15, 15, 15, 15, 15
++ 8, 9, 10, 11, 12, 13, 13, 13, 13, 13,
++ 13, 13, 13, 13, 13, 14, 15, 7, 1, 16,
++ 16, 16, 16, 16, 17, 17, 17, 17, 17, 17,
++ 17, 17, 17, 17, 17, 17, 17, 17, 17, 17,
++ 17, 18, 19, 20, 20, 20, 20, 20, 20, 21,
++ 21, 21, 21, 21, 21, 21, 21, 21, 21, 21
+ } ;
+
+-static yyconst short int yy_base[686] =
++static yyconst flex_int16_t yy_base[931] =
+ { 0,
+- 0, 66, 68, 76, 119, 124, 173, 239, 148, 197,
+- 82, 90, 2937, 2886, 2933, 3595, 2929, 3595, 165, 65,
+- 3595, 3595, 2882, 3595, 130, 293, 173, 146, 2907, 3595,
+- 3595, 350, 2893, 42, 402, 41, 2889, 74, 2888, 2895,
+- 2876, 458, 197, 57, 219, 482, 38, 207, 2854, 37,
+- 2851, 117, 249, 2880, 326, 2841, 2852, 105, 0, 3595,
+- 2875, 3595, 0, 469, 424, 143, 0, 2828, 3595, 48,
+- 3595, 223, 3595, 155, 2827, 202, 97, 3595, 252, 2817,
+- 504, 2855, 2852, 2852, 3595, 258, 504, 312, 526, 201,
+- 548, 2796, 557, 528, 2795, 582, 579, 614, 2820, 2829,
+-
+- 593, 601, 266, 2818, 182, 656, 0, 2796, 2791, 2766,
+- 2761, 296, 2727, 2725, 2713, 2696, 2691, 426, 3595, 87,
+- 659, 2659, 2663, 2655, 2650, 2651, 257, 196, 318, 276,
+- 258, 288, 436, 2694, 631, 2693, 655, 2644, 690, 303,
+- 0, 2681, 168, 3595, 3595, 701, 352, 0, 2634, 723,
+- 3595, 3595, 2633, 447, 2632, 2676, 467, 461, 433, 2670,
+- 2659, 2600, 720, 733, 206, 755, 759, 771, 781, 791,
+- 828, 2581, 2570, 870, 453, 913, 955, 0, 2563, 2557,
+- 2540, 2523, 2530, 2541, 2536, 2516, 2502, 2496, 2475, 2473,
+- 277, 2442, 2436, 2402, 2404, 2407, 477, 436, 2405, 424,
+-
+- 401, 292, 813, 488, 2454, 2450, 845, 438, 855, 890,
+- 756, 465, 2428, 2418, 930, 554, 2409, 2408, 463, 898,
+- 999, 939, 972, 1042, 980, 2403, 490, 2378, 500, 2380,
+- 2338, 2327, 2325, 2321, 2310, 0, 2305, 0, 508, 2274,
+- 2238, 2212, 2211, 2176, 515, 517, 615, 527, 529, 1018,
+- 1061, 1086, 2212, 2210, 1026, 2209, 2203, 2171, 2166, 565,
+- 1069, 754, 1096, 802, 1123, 0, 1106, 1134, 1151, 1159,
+- 1177, 1196, 601, 3595, 2136, 2137, 2127, 2131, 2090, 2090,
+- 2084, 2078, 0, 2062, 607, 2056, 2024, 2025, 573, 576,
+- 578, 676, 1204, 591, 1221, 1239, 1231, 2064, 2031, 2006,
+-
+- 2004, 1274, 676, 1256, 1293, 1318, 682, 808, 815, 1301,
+- 819, 1328, 0, 1339, 1350, 1367, 1247, 1393, 1377, 1955,
+- 1915, 1888, 742, 692, 1884, 1891, 794, 980, 777, 1889,
+- 1856, 652, 945, 680, 820, 1411, 1420, 1436, 1842, 1824,
+- 1800, 1446, 1473, 1455, 1266, 1515, 1492, 1500, 1809, 1534,
+- 1559, 1544, 1009, 1052, 1569, 1571, 1580, 1590, 1601, 0,
+- 1612, 1623, 1590, 1463, 1666, 1642, 1762, 1737, 1740, 1108,
+- 3595, 1696, 1672, 1662, 1628, 1157, 3595, 1158, 3595, 774,
+- 1514, 1500, 730, 1152, 697, 913, 1650, 805, 1686, 1709,
+- 1695, 1516, 1500, 1721, 1222, 1730, 1474, 1744, 0, 830,
+-
+- 1755, 1772, 1571, 1797, 1782, 1816, 1841, 1851, 1284, 1377,
+- 1832, 1861, 1861, 1872, 1883, 0, 1894, 1905, 1872, 1824,
+- 1924, 1414, 1400, 1375, 1336, 1331, 1159, 1483, 1312, 1274,
+- 1260, 1539, 606, 1730, 1238, 1949, 1959, 1969, 1984, 1256,
+- 1994, 2004, 2019, 1245, 1535, 1915, 1932, 1950, 2029, 0,
+- 874, 2040, 2057, 2065, 2082, 2101, 2109, 1214, 2126, 2136,
+- 2146, 1633, 1675, 2154, 924, 966, 2165, 0, 1003, 1092,
+- 1731, 1087, 1056, 1052, 2042, 3595, 2063, 3595, 1017, 2147,
+- 1126, 624, 1311, 2187, 2192, 2183, 1756, 2193, 2203, 2230,
+- 1979, 2238, 992, 2248, 2265, 2275, 830, 811, 1970, 2194,
+-
+- 2281, 2214, 2291, 0, 1111, 2302, 2319, 2256, 2344, 2329,
+- 2362, 2371, 2387, 1807, 813, 1170, 0, 2065, 3595, 2228,
+- 738, 713, 680, 731, 1201, 3595, 900, 653, 2409, 2414,
+- 2419, 2424, 2418, 2436, 2445, 2446, 2459, 2469, 2480, 2494,
+- 2504, 2515, 569, 531, 2215, 2217, 2523, 2221, 2533, 0,
+- 1278, 2544, 2561, 2569, 2588, 519, 2597, 2606, 2615, 492,
+- 2304, 3595, 2393, 452, 3595, 1416, 2621, 2629, 2637, 1981,
+- 2647, 2657, 2672, 2682, 345, 2692, 2707, 2717, 305, 264,
+- 2303, 245, 191, 2725, 0, 1477, 2441, 3595, 2444, 1632,
+- 2735, 2745, 2755, 2770, 2780, 2790, 90, 0, 92, 2482,
+-
+- 3595, 100, 1647, 3595, 2798, 1982, 2808, 2818, 2833, 3595,
+- 2843, 2853, 2763, 3595, 2868, 2876, 2884, 19, 2892, 2903,
+- 3595, 2953, 2969, 2985, 3001, 3017, 3033, 3049, 3065, 3081,
+- 3087, 3103, 3119, 1676, 3135, 3151, 3167, 3183, 3199, 3215,
+- 3231, 3237, 3244, 3260, 3276, 3282, 3289, 3295, 3301, 3307,
+- 3314, 3320, 3326, 3332, 3339, 3347, 3353, 3359, 3365, 3372,
+- 3380, 3386, 3392, 3399, 3407, 3413, 3421, 3428, 3436, 3442,
+- 3450, 3457, 3465, 3481, 3497, 3513, 3519, 3527, 3534, 3540,
+- 3548, 3554, 3562, 3578, 2159
++ 0, 69, 71, 79, 94, 124, 175, 244, 153, 197,
++ 85, 130, 314, 0, 4514, 4461, 4510, 5604, 4507, 5604,
++ 382, 86, 5604, 5604, 4458, 5604, 140, 394, 195, 153,
++ 4483, 5604, 5604, 453, 4383, 43, 508, 37, 4379, 65,
++ 4378, 4385, 4367, 566, 581, 91, 151, 604, 39, 41,
++ 4351, 34, 4348, 117, 4402, 4412, 428, 4371, 4382, 136,
++ 0, 5604, 4407, 5604, 0, 606, 664, 105, 0, 4358,
++ 5604, 115, 5604, 133, 5604, 138, 4357, 152, 171, 5604,
++ 188, 383, 641, 694, 737, 235, 245, 794, 843, 4369,
++ 157, 898, 4365, 4364, 4375, 4370, 944, 0, 206, 4351,
++
++ 266, 4400, 4397, 4397, 5604, 263, 532, 585, 4386, 608,
++ 707, 4346, 829, 648, 4345, 968, 981, 1018, 4359, 4370,
++ 563, 708, 422, 4357, 371, 1062, 1106, 4343, 4347, 4340,
++ 4344, 596, 4333, 4340, 4337, 4329, 4331, 644, 5604, 237,
++ 137, 946, 4309, 4314, 4305, 4300, 4301, 121, 225, 530,
++ 377, 369, 335, 445, 4366, 720, 4365, 931, 4314, 1018,
++ 169, 0, 4361, 160, 5604, 5604, 991, 388, 0, 4312,
++ 638, 5604, 5604, 4311, 661, 4310, 4356, 392, 221, 420,
++ 4358, 653, 665, 1139, 4296, 1145, 0, 1173, 1201, 1210,
++ 1037, 1239, 4333, 1081, 1170, 826, 1288, 1343, 4307, 0,
++
++ 4311, 4309, 899, 4298, 4296, 4287, 4283, 4336, 4335, 1222,
++ 1258, 1389, 1362, 968, 1428, 4323, 4310, 1472, 520, 1517,
++ 1561, 1605, 4303, 4297, 4280, 4282, 4289, 4300, 4295, 4283,
++ 4279, 4292, 4291, 4290, 654, 493, 4258, 4252, 4242, 4244,
++ 4250, 534, 579, 4253, 491, 407, 506, 1413, 626, 4304,
++ 4251, 4239, 1651, 1661, 4227, 1705, 0, 4197, 4164, 4155,
++ 4151, 4151, 4135, 4112, 4111, 811, 4067, 4122, 1749, 378,
++ 0, 0, 1041, 243, 4098, 4097, 1786, 805, 4096, 4095,
++ 623, 1410, 1799, 1447, 1091, 1844, 1890, 4094, 429, 4073,
++ 632, 4084, 4082, 4056, 4054, 4050, 4053, 0, 4046, 0,
++
++ 929, 638, 544, 561, 4022, 4024, 4008, 4022, 4008, 746,
++ 524, 1063, 413, 662, 1491, 4060, 4059, 4058, 1270, 1900,
++ 1944, 763, 904, 4037, 4020, 4009, 4007, 3992, 3988, 818,
++ 3993, 3988, 3912, 1990, 2002, 2014, 3930, 3929, 2024, 3929,
++ 3912, 3911, 3910, 919, 1536, 1003, 1580, 1142, 2037, 0,
++ 1626, 2083, 1680, 1372, 2128, 2174, 764, 5604, 3892, 3877,
++ 3870, 3884, 3862, 3869, 3879, 3879, 0, 3863, 698, 593,
++ 820, 973, 1093, 3857, 3824, 3825, 922, 897, 969, 1097,
++ 3866, 3858, 2186, 2196, 3829, 3807, 3800, 3814, 3778, 3784,
++ 3794, 3793, 3747, 3726, 3716, 3711, 3696, 3656, 2240, 1017,
++
++ 2279, 2291, 1637, 3686, 3662, 3648, 3646, 2301, 1127, 3642,
++ 3641, 2347, 1154, 1205, 1209, 1724, 1761, 2359, 0, 1763,
++ 2405, 1774, 1457, 2450, 2496, 2521, 1024, 1127, 1181, 1190,
++ 1169, 1207, 1224, 1392, 3602, 3584, 3577, 3560, 1240, 3581,
++ 3547, 1313, 1391, 874, 1774, 1821, 3584, 3576, 3569, 1503,
++ 3523, 3519, 869, 1379, 3515, 3511, 949, 1045, 0, 0,
++ 0, 0, 3478, 2577, 1863, 1546, 3510, 3509, 3506, 1919,
++ 2616, 1963, 1590, 2660, 2706, 2056, 3517, 3509, 3487, 1692,
++ 1879, 1979, 2096, 2104, 2147, 2106, 2718, 0, 2217, 2764,
++ 2250, 1734, 2809, 2855, 2880, 2086, 1133, 1088, 5604, 421,
++
++ 2087, 1184, 2088, 1369, 5604, 1370, 5604, 1197, 3418, 3389,
++ 1282, 2127, 1249, 1368, 3442, 3427, 2936, 3386, 3320, 3309,
++ 3295, 2951, 1219, 3272, 3006, 1181, 3044, 0, 1709, 3290,
++ 3263, 2260, 58, 2320, 1774, 3083, 0, 2380, 3129, 2424,
++ 1831, 3173, 3219, 3270, 3265, 3231, 2336, 2462, 2464, 2471,
++ 3256, 2477, 3243, 0, 2589, 3289, 2600, 1929, 3335, 3360,
++ 1376, 1087, 1847, 1409, 1542, 1586, 3218, 3184, 3166, 1832,
++ 1427, 2060, 3174, 2635, 3210, 3186, 3185, 2435, 3129, 3111,
++ 3114, 3066, 3429, 1454, 0, 3486, 2679, 2737, 1483, 3085,
++ 2989, 2839, 3525, 2819, 2003, 2280, 2783, 2381, 3537, 0,
++
++ 2830, 3583, 3016, 2157, 3627, 3673, 3026, 2821, 2801, 2750,
++ 2228, 2472, 2474, 2695, 1189, 1531, 3685, 0, 2647, 1848,
++ 1925, 1602, 1522, 1849, 1587, 5604, 1664, 5604, 2692, 1967,
++ 1630, 2177, 2014, 2406, 2761, 2674, 2630, 3731, 2272, 1926,
++ 2155, 2500, 1927, 3741, 2076, 3780, 0, 1967, 2277, 3054,
++ 2598, 2535, 2509, 2841, 2470, 2431, 2485, 2600, 3064, 2617,
++ 3819, 0, 3104, 3865, 3148, 3036, 3909, 3955, 2390, 2373,
++ 3966, 3118, 2338, 1742, 2298, 2129, 5604, 2743, 1825, 1738,
++ 2219, 2153, 1825, 5604, 2062, 2083, 3130, 3172, 3276, 3281,
++ 1984, 2880, 1920, 3360, 3192, 1912, 1877, 1858, 3274, 1744,
++
++ 2326, 2643, 2745, 3978, 3990, 4002, 1700, 1693, 4014, 1662,
++ 1623, 2856, 2951, 3496, 3084, 4026, 0, 3508, 4072, 3556,
++ 3074, 0, 1599, 1510, 1503, 3319, 1423, 2328, 5604, 3154,
++ 2037, 5604, 2124, 3602, 3646, 1409, 1403, 4118, 2407, 2791,
++ 4130, 2334, 4142, 4154, 3659, 3704, 1390, 1286, 1251, 3418,
++ 1158, 1087, 3105, 1077, 1056, 4166, 0, 3568, 2499, 5604,
++ 3270, 2220, 3751, 1014, 1005, 957, 3614, 2522, 4178, 4190,
++ 4202, 3761, 3790, 3800, 684, 0, 683, 2685, 5604, 658,
++ 2222, 5604, 522, 382, 4214, 4226, 2335, 4238, 4250, 3840,
++ 5604, 3846, 3884, 3202, 5604, 3928, 374, 208, 117, 3716,
++
++ 4260, 4297, 4334, 4045, 4091, 4270, 59, 4371, 3941, 5604,
++ 4280, 3771, 5604, 4423, 4444, 4465, 4486, 4507, 4528, 4549,
++ 4570, 4591, 4600, 2074, 4620, 4641, 2383, 4662, 4683, 4704,
++ 4725, 4746, 4767, 4788, 4809, 2337, 4830, 4839, 4847, 4856,
++ 4876, 4897, 4918, 2474, 4939, 4960, 4981, 5002, 5011, 5030,
++ 5039, 5048, 2421, 2516, 5056, 5064, 5072, 5081, 5089, 5096,
++ 5104, 5112, 5121, 5131, 2600, 2694, 5139, 5147, 5155, 2695,
++ 2757, 5164, 5174, 5194, 2798, 5203, 5211, 2799, 5220, 5230,
++ 5250, 2228, 2615, 5259, 5271, 5280, 5290, 2803, 2825, 5299,
++ 5309, 5318, 5338, 2700, 5347, 5359, 2841, 2872, 5368, 5378,
++
++ 2873, 5387, 5397, 5417, 5438, 5459, 3115, 3116, 5479, 3168,
++ 5486, 5496, 2951, 2967, 5505, 2520, 5525, 3304, 3313, 5534,
++ 5544, 3517, 3314, 3318, 5552, 5562, 5582, 3814, 3319, 3430
+ } ;
+
+-static yyconst short int yy_def[686] =
++static yyconst flex_int16_t yy_def[931] =
+ { 0,
+- 621, 1, 1, 1, 622, 622, 623, 623, 624, 624,
+- 625, 625, 621, 626, 621, 621, 621, 621, 627, 628,
+- 621, 621, 629, 621, 630, 626, 26, 26, 631, 621,
+- 621, 621, 32, 32, 32, 35, 35, 35, 35, 35,
+- 35, 626, 26, 626, 621, 627, 32, 32, 35, 35,
+- 35, 621, 621, 621, 632, 35, 35, 626, 633, 621,
+- 633, 621, 633, 621, 627, 621, 634, 635, 621, 635,
+- 621, 635, 621, 636, 637, 637, 637, 621, 621, 626,
+- 626, 621, 621, 638, 621, 639, 621, 628, 621, 640,
+- 628, 629, 629, 630, 641, 626, 626, 26, 631, 98,
+-
+- 98, 98, 98, 642, 643, 35, 35, 35, 35, 35,
+- 35, 35, 35, 35, 35, 35, 35, 626, 621, 626,
+- 621, 621, 621, 621, 621, 621, 638, 626, 98, 626,
+- 626, 626, 621, 621, 621, 621, 632, 644, 626, 626,
+- 633, 633, 621, 621, 621, 639, 621, 634, 635, 635,
+- 621, 621, 635, 635, 637, 621, 637, 637, 621, 621,
+- 638, 645, 621, 621, 640, 640, 621, 626, 626, 626,
+- 98, 171, 646, 621, 647, 621, 106, 35, 35, 35,
+- 35, 35, 35, 35, 35, 35, 35, 35, 35, 35,
+- 626, 621, 621, 621, 621, 621, 638, 626, 171, 626,
+-
+- 626, 626, 621, 626, 621, 645, 626, 626, 626, 626,
+- 626, 626, 648, 649, 649, 215, 650, 649, 651, 176,
+- 621, 221, 221, 621, 221, 35, 35, 35, 35, 35,
+- 35, 35, 35, 35, 35, 35, 35, 35, 626, 621,
+- 621, 621, 621, 621, 638, 626, 626, 626, 626, 626,
+- 626, 626, 621, 652, 652, 255, 652, 653, 654, 655,
+- 621, 656, 224, 656, 656, 265, 656, 621, 268, 268,
+- 621, 268, 621, 621, 35, 35, 35, 35, 35, 35,
+- 35, 35, 35, 35, 626, 621, 621, 621, 638, 626,
+- 626, 626, 626, 626, 626, 626, 626, 657, 657, 658,
+-
+- 659, 621, 621, 621, 621, 621, 660, 660, 661, 271,
+- 661, 661, 312, 661, 621, 315, 315, 621, 315, 35,
+- 35, 35, 35, 35, 35, 35, 35, 35, 626, 621,
+- 621, 638, 626, 626, 626, 626, 626, 626, 621, 662,
+- 663, 302, 621, 343, 343, 621, 343, 621, 621, 621,
+- 621, 621, 621, 664, 664, 665, 318, 665, 665, 359,
+- 665, 621, 362, 362, 621, 362, 35, 35, 35, 621,
+- 621, 35, 35, 35, 35, 621, 621, 621, 621, 626,
+- 621, 621, 638, 626, 626, 626, 626, 626, 626, 626,
+- 626, 621, 666, 621, 667, 346, 667, 667, 398, 398,
+-
+- 621, 401, 401, 621, 401, 621, 621, 621, 621, 668,
+- 668, 669, 365, 669, 669, 415, 669, 621, 418, 418,
+- 418, 35, 35, 35, 35, 35, 35, 35, 626, 621,
+- 621, 638, 626, 626, 626, 626, 626, 626, 626, 621,
+- 621, 621, 621, 670, 670, 671, 404, 671, 671, 449,
+- 449, 621, 452, 452, 621, 452, 621, 621, 621, 621,
+- 621, 621, 672, 672, 673, 673, 673, 467, 467, 35,
+- 35, 35, 35, 35, 621, 621, 621, 621, 621, 621,
+- 674, 638, 626, 675, 676, 626, 626, 626, 626, 626,
+- 626, 621, 621, 621, 621, 621, 621, 677, 677, 678,
+-
+- 455, 678, 678, 503, 503, 621, 506, 506, 621, 506,
+- 621, 621, 621, 621, 679, 679, 35, 621, 621, 35,
+- 35, 35, 621, 674, 674, 621, 638, 626, 675, 675,
+- 675, 675, 621, 675, 676, 676, 626, 626, 626, 621,
+- 621, 621, 621, 680, 680, 681, 509, 681, 681, 549,
+- 549, 621, 552, 552, 552, 621, 621, 621, 621, 621,
+- 621, 621, 35, 35, 621, 638, 621, 621, 626, 626,
+- 626, 626, 626, 621, 621, 621, 621, 621, 621, 682,
+- 682, 683, 683, 683, 584, 584, 621, 621, 35, 684,
+- 626, 626, 626, 621, 621, 621, 621, 685, 685, 621,
+-
+- 621, 684, 684, 621, 626, 626, 626, 626, 626, 621,
+- 621, 621, 621, 621, 626, 626, 626, 626, 626, 626,
+- 0, 621, 621, 621, 621, 621, 621, 621, 621, 621,
+- 621, 621, 621, 621, 621, 621, 621, 621, 621, 621,
+- 621, 621, 621, 621, 621, 621, 621, 621, 621, 621,
+- 621, 621, 621, 621, 621, 621, 621, 621, 621, 621,
+- 621, 621, 621, 621, 621, 621, 621, 621, 621, 621,
+- 621, 621, 621, 621, 621, 621, 621, 621, 621, 621,
+- 621, 621, 621, 621, 621
++ 813, 1, 1, 1, 814, 814, 815, 815, 816, 816,
++ 817, 817, 813, 13, 813, 818, 813, 813, 813, 813,
++ 819, 820, 813, 813, 821, 813, 822, 818, 28, 28,
++ 823, 813, 813, 813, 34, 34, 34, 37, 37, 37,
++ 37, 37, 37, 818, 28, 818, 813, 819, 34, 34,
++ 37, 37, 37, 813, 824, 813, 825, 37, 37, 818,
++ 826, 813, 826, 813, 826, 813, 819, 813, 827, 828,
++ 813, 828, 813, 828, 813, 829, 830, 830, 830, 813,
++ 813, 831, 832, 833, 813, 85, 85, 85, 813, 89,
++ 89, 89, 92, 92, 92, 92, 85, 88, 88, 818,
++
++ 818, 813, 813, 834, 813, 835, 813, 820, 836, 831,
++ 820, 821, 821, 822, 837, 818, 818, 28, 838, 118,
++ 118, 118, 118, 839, 840, 37, 126, 127, 127, 127,
++ 127, 127, 127, 127, 127, 127, 127, 818, 813, 818,
++ 818, 813, 813, 813, 813, 813, 813, 834, 818, 118,
++ 818, 818, 818, 813, 813, 813, 813, 841, 842, 818,
++ 818, 843, 843, 813, 813, 813, 835, 813, 844, 845,
++ 845, 813, 813, 845, 845, 830, 813, 830, 830, 813,
++ 813, 831, 831, 831, 846, 847, 88, 846, 848, 813,
++ 813, 85, 192, 192, 192, 192, 813, 197, 198, 849,
++
++ 198, 198, 198, 198, 198, 88, 88, 834, 850, 813,
++ 813, 818, 212, 212, 118, 215, 851, 813, 852, 813,
++ 127, 221, 222, 222, 222, 222, 222, 222, 222, 222,
++ 222, 222, 222, 222, 818, 818, 813, 813, 813, 813,
++ 813, 834, 818, 215, 818, 818, 818, 813, 818, 813,
++ 853, 854, 813, 88, 254, 197, 198, 198, 198, 198,
++ 198, 198, 198, 198, 198, 88, 88, 850, 818, 818,
++ 212, 212, 212, 818, 855, 856, 856, 277, 857, 856,
++ 858, 220, 813, 283, 283, 813, 283, 222, 222, 222,
++ 222, 222, 222, 222, 222, 222, 222, 222, 222, 222,
++
++ 818, 818, 818, 818, 813, 813, 813, 813, 813, 834,
++ 818, 818, 818, 818, 813, 813, 853, 853, 813, 254,
++ 197, 198, 859, 198, 198, 198, 198, 198, 198, 88,
++ 88, 88, 88, 212, 212, 212, 813, 860, 860, 339,
++ 860, 861, 862, 863, 813, 864, 286, 864, 813, 349,
++ 864, 813, 352, 352, 813, 352, 813, 813, 222, 222,
++ 222, 222, 222, 222, 222, 222, 222, 222, 818, 818,
++ 818, 818, 818, 813, 813, 813, 834, 818, 818, 818,
++ 865, 866, 813, 88, 321, 859, 859, 198, 198, 198,
++ 198, 198, 198, 88, 88, 88, 88, 88, 818, 818,
++
++ 212, 212, 818, 867, 867, 868, 869, 813, 813, 870,
++ 871, 813, 872, 872, 873, 355, 873, 813, 418, 873,
++ 813, 421, 421, 813, 421, 813, 426, 426, 426, 426,
++ 426, 426, 426, 426, 818, 818, 818, 818, 818, 813,
++ 813, 874, 818, 818, 818, 813, 813, 875, 875, 813,
++ 859, 859, 198, 859, 198, 198, 198, 198, 88, 88,
++ 88, 88, 88, 818, 464, 464, 813, 876, 877, 408,
++ 813, 471, 471, 813, 471, 813, 813, 878, 878, 813,
++ 813, 879, 879, 880, 424, 880, 813, 487, 880, 813,
++ 490, 490, 813, 490, 813, 495, 495, 813, 813, 495,
++
++ 495, 495, 495, 813, 813, 813, 813, 818, 813, 813,
++ 881, 818, 818, 818, 882, 883, 813, 884, 884, 884,
++ 884, 813, 522, 885, 818, 818, 818, 527, 527, 813,
++ 886, 813, 887, 474, 887, 813, 536, 887, 813, 539,
++ 539, 813, 539, 888, 889, 813, 813, 890, 890, 891,
++ 892, 891, 813, 553, 891, 813, 556, 556, 556, 813,
++ 560, 560, 560, 560, 560, 560, 818, 813, 813, 893,
++ 818, 818, 818, 813, 813, 894, 894, 813, 895, 895,
++ 895, 895, 813, 583, 896, 818, 586, 586, 586, 813,
++ 897, 898, 813, 899, 899, 900, 542, 900, 813, 599,
++
++ 900, 813, 602, 602, 813, 602, 813, 813, 901, 901,
++ 813, 813, 902, 902, 903, 903, 813, 617, 903, 560,
++ 560, 560, 560, 560, 813, 813, 813, 813, 813, 813,
++ 904, 893, 818, 905, 906, 907, 908, 813, 907, 909,
++ 909, 909, 909, 818, 818, 818, 646, 646, 818, 813,
++ 813, 910, 910, 813, 813, 911, 911, 912, 605, 912,
++ 813, 661, 912, 813, 664, 664, 813, 664, 913, 914,
++ 813, 813, 915, 915, 560, 813, 813, 560, 560, 560,
++ 813, 904, 904, 813, 893, 818, 905, 905, 905, 905,
++ 916, 905, 917, 917, 813, 813, 907, 907, 813, 813,
++
++ 909, 909, 909, 646, 646, 646, 918, 919, 813, 813,
++ 920, 920, 921, 667, 921, 813, 716, 921, 813, 719,
++ 719, 922, 813, 913, 913, 813, 813, 813, 813, 560,
++ 560, 813, 893, 813, 813, 923, 924, 813, 909, 909,
++ 646, 818, 646, 646, 818, 813, 813, 918, 918, 813,
++ 813, 925, 925, 926, 926, 926, 756, 926, 813, 813,
++ 560, 927, 813, 813, 923, 923, 813, 909, 646, 646,
++ 646, 813, 813, 813, 813, 928, 928, 813, 813, 927,
++ 927, 813, 929, 930, 813, 646, 818, 646, 646, 818,
++ 813, 813, 813, 813, 813, 813, 813, 929, 929, 813,
++
++ 818, 818, 818, 813, 813, 813, 818, 818, 818, 813,
++ 813, 813, 0, 813, 813, 813, 813, 813, 813, 813,
++ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
++ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
++ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
++ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
++ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
++ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
++ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
++ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
++
++ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
++ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
++ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813
+ } ;
+
+-static yyconst short int yy_nxt[3663] =
++static yyconst flex_int16_t yy_nxt[5675] =
+ { 0,
+- 14, 15, 16, 17, 18, 19, 20, 21, 22, 14,
+- 23, 24, 14, 14, 25, 26, 27, 28, 26, 26,
+- 26, 26, 26, 29, 30, 31, 14, 32, 33, 33,
+- 33, 34, 35, 35, 35, 35, 36, 35, 37, 35,
+- 38, 39, 40, 41, 35, 35, 35, 35, 35, 42,
+- 14, 43, 43, 43, 43, 43, 43, 14, 14, 14,
+- 14, 14, 14, 14, 44, 14, 14, 45, 81, 52,
+- 89, 46, 151, 53, 107, 110, 115, 52, 107, 54,
+- 111, 53, 55, 76, 16, 77, 78, 54, 90, 109,
+- 55, 76, 16, 77, 78, 47, 48, 150, 128, 49,
+-
+- 158, 113, 604, 131, 56, 394, 81, 50, 57, 35,
+- 51, 35, 56, 547, 91, 114, 57, 35, 133, 35,
+- 15, 60, 61, 120, 62, 15, 60, 61, 134, 62,
+- 62, 79, 58, 95, 95, 62, 81, 95, 95, 79,
+- 58, 191, 62, 63, 147, 119, 156, 62, 63, 15,
+- 16, 17, 69, 65, 81, 95, 154, 119, 70, 71,
+- 72, 102, 102, 102, 102, 102, 103, 85, 64, 147,
+- 119, 140, 73, 64, 15, 16, 17, 86, 65, 96,
+- 87, 87, 87, 87, 87, 87, 87, 87, 101, 101,
+- 101, 101, 101, 101, 101, 101, 174, 74, 15, 16,
+-
+- 17, 69, 65, 157, 621, 176, 89, 70, 71, 72,
+- 80, 621, 100, 100, 100, 100, 100, 100, 100, 100,
+- 121, 73, 66, 67, 67, 67, 67, 67, 67, 67,
+- 67, 67, 67, 67, 67, 67, 67, 67, 67, 67,
+- 15, 16, 17, 107, 65, 81, 74, 152, 122, 123,
+- 166, 156, 124, 159, 160, 166, 155, 198, 394, 85,
+- 125, 135, 129, 126, 87, 87, 87, 87, 87, 87,
+- 87, 87, 150, 87, 87, 87, 87, 87, 87, 87,
+- 87, 172, 172, 172, 172, 172, 172, 547, 66, 67,
+- 67, 67, 67, 67, 67, 67, 67, 67, 67, 67,
+-
+- 67, 67, 67, 67, 67, 67, 97, 81, 98, 98,
+- 98, 98, 98, 98, 98, 98, 99, 621, 197, 201,
+- 100, 100, 100, 100, 100, 81, 81, 182, 501, 138,
+- 138, 80, 183, 138, 138, 621, 184, 81, 185, 239,
+- 200, 81, 81, 202, 100, 100, 100, 100, 100, 100,
+- 80, 138, 81, 147, 119, 246, 80, 204, 574, 80,
+- 80, 91, 80, 80, 80, 106, 106, 106, 106, 106,
+- 106, 106, 106, 99, 199, 139, 80, 106, 106, 106,
+- 106, 106, 107, 107, 107, 107, 108, 107, 107, 107,
+- 107, 107, 107, 107, 107, 107, 107, 107, 107, 81,
+-
+- 107, 100, 100, 100, 100, 100, 100, 80, 80, 80,
+- 80, 80, 80, 80, 80, 80, 80, 107, 107, 107,
+- 107, 107, 107, 107, 107, 621, 85, 147, 119, 107,
+- 107, 107, 107, 107, 159, 160, 146, 133, 107, 621,
+- 621, 621, 621, 621, 621, 621, 621, 134, 147, 119,
+- 81, 207, 248, 80, 80, 80, 80, 80, 80, 118,
+- 119, 80, 80, 80, 158, 80, 80, 174, 157, 80,
+- 143, 119, 144, 81, 145, 81, 220, 174, 144, 85,
+- 145, 80, 80, 80, 85, 81, 220, 81, 99, 246,
+- 246, 273, 145, 145, 86, 589, 150, 87, 87, 87,
+-
+- 87, 87, 87, 87, 87, 80, 174, 80, 80, 80,
+- 156, 80, 80, 274, 81, 80, 156, 85, 145, 87,
+- 87, 87, 87, 87, 87, 87, 87, 80, 80, 80,
+- 245, 95, 95, 174, 276, 95, 95, 81, 163, 277,
+- 127, 164, 164, 164, 164, 164, 164, 164, 164, 88,
+- 249, 88, 88, 95, 501, 88, 88, 81, 92, 88,
+- 92, 92, 92, 285, 92, 92, 81, 290, 92, 257,
+- 257, 257, 88, 88, 289, 85, 81, 96, 81, 174,
+- 92, 92, 92, 94, 292, 80, 80, 94, 220, 80,
+- 80, 246, 447, 94, 168, 169, 170, 168, 168, 168,
+-
+- 168, 168, 273, 333, 293, 94, 94, 80, 172, 172,
+- 172, 172, 172, 172, 172, 172, 172, 172, 172, 172,
+- 172, 172, 172, 172, 274, 81, 85, 81, 81, 171,
+- 171, 171, 171, 171, 171, 171, 171, 334, 99, 332,
+- 81, 171, 171, 171, 171, 171, 87, 87, 87, 87,
+- 87, 87, 87, 87, 85, 81, 81, 483, 138, 138,
+- 121, 329, 138, 138, 81, 171, 171, 171, 171, 171,
+- 171, 177, 177, 177, 177, 177, 177, 177, 177, 99,
+- 138, 291, 527, 177, 177, 177, 177, 177, 122, 123,
+- 174, 137, 124, 80, 80, 137, 174, 80, 80, 220,
+-
+- 125, 137, 81, 126, 139, 263, 383, 171, 171, 171,
+- 171, 171, 171, 137, 137, 80, 621, 621, 621, 621,
+- 621, 621, 621, 621, 149, 81, 372, 149, 149, 81,
+- 335, 373, 85, 526, 149, 164, 164, 164, 164, 164,
+- 164, 164, 164, 370, 565, 385, 81, 149, 164, 164,
+- 164, 164, 164, 164, 164, 164, 165, 564, 165, 165,
+- 95, 434, 165, 165, 95, 371, 165, 261, 174, 207,
+- 95, 208, 208, 208, 208, 208, 208, 263, 165, 165,
+- 165, 563, 95, 95, 207, 432, 208, 208, 208, 208,
+- 208, 208, 208, 208, 207, 376, 209, 209, 209, 209,
+-
+- 209, 209, 209, 209, 207, 81, 210, 210, 210, 210,
+- 210, 211, 208, 208, 138, 621, 174, 377, 138, 387,
+- 81, 261, 174, 81, 138, 263, 81, 174, 261, 174,
+- 81, 263, 621, 174, 447, 380, 138, 138, 310, 429,
+- 81, 80, 310, 212, 212, 212, 212, 212, 212, 212,
+- 212, 444, 444, 396, 81, 212, 212, 212, 212, 212,
+- 250, 251, 252, 250, 250, 250, 250, 250, 207, 81,
+- 208, 208, 208, 208, 208, 208, 208, 208, 386, 212,
+- 212, 212, 212, 212, 212, 214, 215, 216, 216, 216,
+- 216, 216, 216, 217, 81, 498, 498, 218, 218, 218,
+-
+- 218, 218, 85, 207, 81, 208, 208, 208, 208, 208,
+- 208, 208, 208, 225, 225, 225, 225, 225, 225, 225,
+- 225, 218, 218, 218, 218, 218, 218, 174, 221, 222,
+- 223, 221, 221, 221, 221, 221, 224, 261, 174, 81,
+- 225, 225, 225, 225, 225, 255, 255, 256, 257, 257,
+- 257, 257, 257, 217, 265, 265, 265, 265, 265, 265,
+- 265, 265, 81, 566, 225, 225, 225, 225, 225, 225,
+- 226, 226, 226, 226, 226, 226, 226, 226, 435, 621,
+- 174, 378, 226, 226, 226, 226, 226, 266, 266, 266,
+- 266, 266, 267, 621, 81, 264, 264, 264, 264, 264,
+-
+- 264, 264, 264, 379, 384, 492, 212, 212, 212, 212,
+- 212, 212, 261, 174, 262, 262, 262, 262, 262, 262,
+- 262, 262, 263, 174, 515, 515, 264, 264, 264, 264,
+- 264, 293, 263, 294, 294, 294, 294, 294, 294, 294,
+- 294, 299, 299, 299, 299, 299, 299, 299, 299, 217,
+- 264, 264, 264, 264, 264, 264, 174, 268, 269, 270,
+- 268, 268, 268, 268, 268, 271, 174, 81, 523, 272,
+- 272, 272, 272, 272, 293, 310, 295, 295, 295, 295,
+- 295, 295, 295, 295, 304, 305, 306, 304, 304, 304,
+- 304, 304, 522, 272, 272, 272, 272, 272, 272, 293,
+-
+- 521, 296, 296, 296, 296, 296, 297, 294, 294, 370,
+- 81, 272, 272, 272, 272, 272, 272, 272, 272, 261,
+- 174, 308, 308, 308, 308, 308, 308, 525, 526, 263,
+- 520, 371, 544, 544, 517, 81, 261, 174, 308, 308,
+- 308, 308, 308, 308, 308, 308, 263, 261, 174, 309,
+- 309, 309, 309, 309, 309, 309, 309, 310, 376, 378,
+- 475, 311, 311, 311, 311, 311, 312, 312, 312, 312,
+- 312, 312, 312, 312, 313, 313, 313, 313, 313, 314,
+- 377, 379, 476, 261, 174, 311, 311, 311, 311, 311,
+- 311, 174, 315, 316, 317, 315, 315, 315, 315, 315,
+-
+- 318, 81, 525, 526, 319, 319, 319, 319, 319, 621,
+- 433, 311, 311, 311, 311, 311, 311, 311, 311, 336,
+- 337, 338, 336, 336, 336, 336, 336, 457, 319, 319,
+- 319, 319, 319, 319, 293, 394, 294, 294, 294, 294,
+- 294, 294, 294, 294, 293, 396, 294, 294, 294, 294,
+- 294, 294, 293, 81, 294, 294, 294, 294, 294, 294,
+- 294, 294, 360, 360, 360, 360, 360, 361, 396, 348,
+- 81, 349, 349, 349, 349, 349, 349, 349, 349, 342,
+- 81, 399, 399, 399, 399, 399, 400, 81, 81, 343,
+- 344, 345, 343, 343, 343, 343, 343, 346, 174, 580,
+-
+- 580, 347, 347, 347, 347, 347, 348, 310, 350, 350,
+- 350, 350, 350, 350, 350, 350, 319, 319, 319, 319,
+- 319, 319, 319, 319, 480, 347, 347, 347, 347, 347,
+- 347, 348, 479, 351, 351, 351, 351, 351, 352, 349,
+- 349, 261, 174, 355, 355, 355, 355, 355, 355, 355,
+- 355, 310, 261, 174, 355, 355, 355, 355, 355, 355,
+- 81, 81, 310, 261, 174, 356, 356, 356, 356, 356,
+- 356, 356, 356, 357, 474, 528, 473, 358, 358, 358,
+- 358, 358, 359, 359, 359, 359, 359, 359, 359, 359,
+- 621, 174, 358, 358, 358, 358, 358, 358, 358, 358,
+-
+- 357, 358, 358, 358, 358, 358, 358, 174, 362, 363,
+- 364, 362, 362, 362, 362, 362, 365, 590, 85, 472,
+- 366, 366, 366, 366, 366, 387, 388, 388, 388, 388,
+- 388, 388, 388, 388, 387, 389, 389, 389, 389, 389,
+- 389, 389, 389, 471, 366, 366, 366, 366, 366, 366,
+- 387, 390, 390, 390, 390, 390, 391, 388, 388, 470,
+- 81, 347, 347, 347, 347, 347, 347, 347, 347, 81,
+- 398, 398, 398, 398, 398, 398, 398, 398, 416, 416,
+- 416, 416, 416, 417, 477, 81, 394, 621, 395, 395,
+- 395, 395, 395, 395, 395, 395, 396, 396, 598, 598,
+-
+- 397, 397, 397, 397, 397, 621, 478, 397, 397, 397,
+- 397, 397, 397, 397, 397, 406, 407, 408, 406, 406,
+- 406, 406, 406, 342, 397, 397, 397, 397, 397, 397,
+- 401, 402, 403, 401, 401, 401, 401, 401, 404, 259,
+- 481, 85, 405, 405, 405, 405, 405, 348, 394, 349,
+- 349, 349, 349, 349, 349, 349, 349, 348, 396, 349,
+- 349, 349, 349, 349, 349, 431, 405, 405, 405, 405,
+- 405, 405, 348, 430, 349, 349, 349, 349, 349, 349,
+- 349, 349, 261, 174, 261, 174, 450, 450, 450, 450,
+- 450, 451, 310, 482, 357, 366, 366, 366, 366, 366,
+-
+- 366, 366, 366, 621, 174, 415, 415, 415, 415, 415,
+- 415, 415, 415, 357, 261, 174, 411, 411, 411, 411,
+- 411, 411, 411, 411, 357, 261, 174, 411, 411, 411,
+- 411, 411, 411, 603, 604, 357, 261, 174, 412, 412,
+- 412, 412, 412, 412, 412, 412, 413, 174, 603, 604,
+- 414, 414, 414, 414, 414, 621, 357, 414, 414, 414,
+- 414, 414, 414, 414, 414, 436, 437, 438, 439, 436,
+- 436, 436, 436, 428, 414, 414, 414, 414, 414, 414,
+- 174, 418, 419, 420, 418, 418, 418, 418, 418, 174,
+- 148, 148, 427, 421, 421, 421, 421, 421, 413, 81,
+-
+- 387, 388, 388, 388, 388, 388, 388, 388, 388, 387,
+- 388, 388, 388, 388, 388, 388, 426, 421, 421, 421,
+- 421, 421, 421, 387, 388, 388, 388, 388, 388, 388,
+- 388, 388, 518, 484, 425, 81, 441, 442, 443, 441,
+- 441, 441, 441, 441, 81, 405, 405, 405, 405, 405,
+- 405, 405, 405, 484, 519, 484, 485, 394, 81, 445,
+- 445, 445, 445, 445, 445, 445, 445, 396, 394, 486,
+- 446, 446, 446, 446, 446, 446, 446, 446, 447, 81,
+- 424, 423, 448, 448, 448, 448, 448, 449, 449, 449,
+- 449, 449, 449, 449, 449, 621, 422, 448, 448, 448,
+-
+- 448, 448, 448, 448, 448, 81, 448, 448, 448, 448,
+- 448, 448, 452, 453, 454, 452, 452, 452, 452, 452,
+- 455, 174, 348, 342, 456, 456, 456, 456, 456, 457,
+- 413, 458, 458, 458, 458, 458, 458, 458, 458, 468,
+- 468, 468, 468, 468, 469, 261, 174, 259, 456, 456,
+- 456, 456, 456, 456, 457, 357, 459, 459, 459, 459,
+- 459, 459, 459, 459, 457, 217, 460, 460, 460, 460,
+- 460, 461, 458, 458, 261, 174, 421, 421, 421, 421,
+- 421, 421, 421, 421, 413, 621, 174, 467, 467, 467,
+- 467, 467, 467, 467, 467, 413, 261, 174, 464, 464,
+-
+- 464, 464, 464, 464, 464, 464, 413, 261, 174, 464,
+- 464, 464, 464, 464, 464, 382, 381, 413, 261, 174,
+- 465, 465, 465, 465, 465, 465, 465, 465, 394, 375,
+- 374, 369, 466, 466, 466, 466, 466, 621, 447, 466,
+- 466, 466, 466, 466, 466, 466, 466, 456, 456, 456,
+- 456, 456, 456, 456, 456, 368, 466, 466, 466, 466,
+- 466, 466, 486, 621, 487, 487, 487, 487, 487, 487,
+- 487, 487, 486, 447, 488, 488, 488, 488, 488, 488,
+- 488, 488, 486, 394, 489, 489, 489, 489, 489, 490,
+- 491, 491, 486, 447, 569, 605, 367, 486, 81, 491,
+-
+- 491, 491, 487, 487, 487, 487, 487, 492, 81, 493,
+- 493, 493, 493, 493, 493, 493, 493, 492, 81, 494,
+- 494, 494, 494, 494, 494, 494, 494, 342, 81, 259,
+- 81, 81, 492, 81, 495, 495, 495, 495, 495, 496,
+- 493, 493, 394, 475, 499, 499, 499, 499, 499, 499,
+- 499, 499, 447, 394, 217, 500, 500, 500, 500, 500,
+- 500, 500, 500, 501, 477, 476, 518, 502, 502, 502,
+- 502, 502, 503, 503, 503, 503, 503, 503, 503, 503,
+- 504, 504, 504, 504, 504, 505, 478, 217, 519, 286,
+- 331, 502, 502, 502, 502, 502, 502, 506, 507, 508,
+-
+- 506, 506, 506, 506, 506, 509, 330, 328, 327, 510,
+- 510, 510, 510, 510, 621, 326, 502, 502, 502, 502,
+- 502, 502, 502, 502, 511, 512, 513, 511, 511, 511,
+- 511, 511, 325, 510, 510, 510, 510, 510, 510, 457,
+- 324, 458, 458, 458, 458, 458, 458, 458, 458, 457,
+- 484, 458, 458, 458, 458, 458, 458, 458, 458, 457,
+- 323, 458, 458, 458, 458, 458, 458, 261, 174, 614,
+- 484, 322, 484, 484, 614, 321, 320, 413, 261, 174,
+- 516, 516, 516, 516, 516, 516, 516, 516, 530, 302,
+- 531, 532, 533, 530, 259, 531, 532, 533, 537, 538,
+-
+- 539, 537, 537, 537, 537, 537, 486, 394, 487, 487,
+- 487, 487, 487, 487, 487, 487, 486, 501, 487, 487,
+- 487, 487, 487, 487, 487, 487, 217, 621, 394, 561,
+- 394, 298, 81, 217, 621, 105, 534, 501, 501, 286,
+- 547, 536, 81, 486, 547, 487, 487, 487, 487, 487,
+- 487, 562, 81, 540, 541, 542, 540, 540, 540, 540,
+- 540, 492, 288, 493, 493, 493, 493, 493, 493, 493,
+- 493, 550, 550, 550, 550, 550, 551, 286, 492, 81,
+- 493, 493, 493, 493, 493, 493, 493, 493, 492, 287,
+- 493, 493, 493, 493, 493, 493, 510, 510, 510, 510,
+-
+- 510, 510, 510, 510, 394, 561, 545, 545, 545, 545,
+- 545, 545, 545, 545, 501, 394, 394, 546, 546, 546,
+- 546, 546, 546, 546, 546, 547, 547, 562, 286, 548,
+- 548, 548, 548, 548, 549, 549, 549, 549, 549, 549,
+- 549, 549, 621, 284, 548, 548, 548, 548, 548, 548,
+- 548, 548, 283, 548, 548, 548, 548, 548, 548, 552,
+- 553, 554, 552, 552, 552, 552, 552, 282, 281, 280,
+- 279, 555, 555, 555, 555, 555, 174, 556, 556, 556,
+- 556, 556, 556, 556, 556, 174, 557, 557, 557, 557,
+- 557, 557, 557, 557, 587, 555, 555, 555, 555, 555,
+-
+- 555, 174, 558, 558, 558, 558, 558, 559, 556, 556,
+- 621, 278, 621, 621, 621, 530, 588, 531, 532, 533,
+- 621, 275, 531, 532, 533, 621, 99, 621, 621, 533,
+- 567, 217, 259, 568, 568, 568, 568, 568, 568, 568,
+- 568, 217, 587, 529, 529, 600, 621, 529, 621, 621,
+- 621, 105, 85, 535, 535, 205, 247, 535, 534, 529,
+- 529, 529, 244, 534, 588, 243, 242, 601, 534, 535,
+- 535, 535, 569, 534, 570, 570, 570, 570, 570, 570,
+- 570, 570, 569, 600, 571, 571, 571, 571, 571, 571,
+- 571, 571, 241, 569, 536, 572, 572, 572, 572, 572,
+-
+- 573, 570, 570, 240, 238, 601, 237, 574, 81, 575,
+- 575, 575, 575, 575, 575, 575, 575, 574, 81, 576,
+- 576, 576, 576, 576, 576, 576, 576, 236, 574, 81,
+- 577, 577, 577, 577, 577, 578, 575, 575, 555, 555,
+- 555, 555, 555, 555, 555, 555, 394, 235, 581, 581,
+- 581, 581, 581, 581, 581, 581, 547, 394, 234, 582,
+- 582, 582, 582, 582, 582, 582, 582, 233, 232, 231,
+- 230, 583, 583, 583, 583, 583, 584, 584, 584, 584,
+- 584, 584, 584, 584, 585, 585, 585, 585, 585, 586,
+- 229, 228, 227, 105, 97, 583, 583, 583, 583, 583,
+-
+- 583, 621, 85, 583, 583, 583, 583, 583, 583, 583,
+- 583, 174, 556, 556, 556, 556, 556, 556, 556, 556,
+- 174, 556, 556, 556, 556, 556, 556, 556, 556, 174,
+- 556, 556, 556, 556, 556, 556, 568, 568, 568, 568,
+- 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
+- 568, 568, 591, 592, 593, 591, 591, 591, 591, 591,
+- 569, 85, 570, 570, 570, 570, 570, 570, 570, 570,
+- 569, 205, 570, 570, 570, 570, 570, 570, 570, 570,
+- 155, 156, 150, 150, 142, 569, 81, 570, 570, 570,
+- 570, 570, 570, 203, 136, 136, 81, 594, 595, 596,
+-
+- 594, 594, 594, 594, 594, 574, 81, 575, 575, 575,
+- 575, 575, 575, 575, 575, 196, 195, 194, 193, 192,
+- 574, 81, 575, 575, 575, 575, 575, 575, 575, 575,
+- 574, 190, 575, 575, 575, 575, 575, 575, 394, 189,
+- 599, 599, 599, 599, 599, 599, 599, 599, 605, 188,
+- 606, 606, 606, 606, 606, 606, 606, 606, 605, 187,
+- 607, 607, 607, 607, 607, 607, 607, 607, 605, 186,
+- 608, 608, 608, 608, 608, 609, 606, 606, 610, 610,
+- 610, 610, 610, 610, 81, 610, 610, 610, 610, 610,
+- 610, 610, 610, 181, 81, 611, 611, 611, 611, 611,
+-
+- 611, 611, 611, 180, 81, 612, 612, 612, 612, 612,
+- 613, 610, 610, 615, 616, 617, 615, 615, 615, 615,
+- 615, 605, 179, 606, 606, 606, 606, 606, 606, 606,
+- 606, 605, 178, 606, 606, 606, 606, 606, 606, 606,
+- 606, 105, 80, 105, 167, 93, 605, 81, 606, 606,
+- 606, 606, 606, 606, 85, 83, 82, 81, 610, 610,
+- 610, 610, 610, 610, 610, 610, 81, 81, 610, 610,
+- 610, 610, 610, 610, 610, 610, 156, 150, 142, 113,
+- 111, 136, 81, 618, 618, 618, 618, 618, 618, 618,
+- 618, 615, 615, 615, 615, 615, 615, 615, 615, 619,
+-
+- 619, 619, 619, 619, 620, 618, 618, 618, 618, 618,
+- 618, 618, 618, 618, 618, 132, 130, 81, 618, 618,
+- 618, 618, 618, 618, 117, 81, 116, 115, 112, 107,
+- 105, 93, 83, 81, 82, 81, 621, 621, 621, 621,
+- 621, 81, 621, 621, 621, 621, 621, 621, 621, 621,
+- 621, 621, 81, 59, 59, 59, 59, 59, 59, 59,
+- 59, 59, 59, 59, 59, 59, 59, 59, 59, 31,
+- 31, 31, 31, 31, 31, 31, 31, 31, 31, 31,
+- 31, 31, 31, 31, 31, 68, 68, 68, 68, 68,
+- 68, 68, 68, 68, 68, 68, 68, 68, 68, 68,
+-
+- 68, 75, 75, 75, 75, 75, 75, 75, 75, 75,
+- 75, 75, 75, 75, 75, 75, 75, 80, 621, 621,
+- 621, 621, 621, 621, 621, 80, 80, 80, 621, 621,
+- 80, 80, 80, 84, 84, 84, 84, 84, 84, 84,
+- 84, 84, 84, 84, 84, 84, 84, 84, 84, 88,
+- 621, 621, 621, 621, 88, 621, 621, 88, 88, 88,
+- 88, 621, 88, 88, 88, 92, 621, 621, 621, 621,
+- 621, 621, 621, 92, 92, 92, 621, 621, 92, 92,
+- 92, 94, 621, 621, 94, 94, 621, 94, 621, 94,
+- 94, 94, 621, 621, 94, 94, 94, 104, 104, 621,
+-
+- 621, 621, 104, 137, 621, 621, 137, 137, 621, 137,
+- 621, 137, 137, 137, 621, 621, 137, 137, 137, 141,
+- 621, 621, 141, 141, 621, 141, 621, 141, 141, 141,
+- 621, 141, 621, 141, 141, 149, 621, 621, 149, 621,
+- 621, 149, 621, 149, 149, 149, 149, 621, 149, 149,
+- 149, 153, 153, 153, 153, 153, 153, 153, 153, 153,
+- 153, 153, 153, 153, 153, 153, 153, 155, 155, 621,
+- 155, 621, 155, 155, 155, 155, 155, 155, 155, 155,
+- 155, 155, 155, 161, 161, 161, 161, 161, 161, 161,
+- 161, 161, 161, 161, 161, 161, 161, 161, 161, 162,
+-
+- 162, 621, 162, 162, 162, 162, 162, 162, 162, 162,
+- 162, 162, 162, 162, 162, 165, 621, 621, 621, 621,
+- 165, 621, 621, 165, 165, 165, 621, 621, 165, 165,
+- 165, 95, 621, 621, 95, 95, 621, 95, 621, 95,
+- 95, 95, 621, 621, 95, 95, 95, 173, 173, 621,
+- 621, 621, 173, 175, 175, 175, 621, 621, 621, 175,
+- 138, 621, 621, 138, 138, 621, 138, 621, 138, 138,
+- 138, 621, 621, 138, 138, 138, 206, 206, 206, 206,
+- 206, 206, 206, 206, 206, 206, 206, 206, 206, 206,
+- 206, 206, 213, 213, 621, 621, 621, 213, 219, 219,
+-
+- 219, 621, 621, 621, 219, 253, 253, 621, 621, 621,
+- 253, 254, 254, 621, 621, 621, 254, 258, 258, 621,
+- 621, 621, 258, 260, 260, 260, 621, 621, 621, 260,
+- 298, 298, 621, 621, 621, 298, 300, 300, 621, 621,
+- 621, 300, 301, 301, 621, 621, 621, 301, 303, 303,
+- 303, 621, 621, 621, 303, 307, 307, 307, 307, 621,
+- 621, 621, 307, 339, 339, 621, 621, 621, 339, 340,
+- 340, 621, 621, 621, 340, 341, 341, 621, 621, 621,
+- 341, 353, 353, 353, 621, 621, 621, 353, 354, 354,
+- 354, 354, 621, 621, 621, 354, 392, 392, 621, 621,
+-
+- 621, 392, 393, 393, 621, 621, 621, 393, 409, 409,
+- 409, 621, 621, 621, 409, 410, 410, 410, 410, 621,
+- 621, 621, 410, 440, 440, 621, 621, 621, 440, 444,
+- 621, 444, 444, 621, 621, 621, 444, 462, 462, 462,
+- 621, 621, 621, 462, 463, 463, 463, 463, 621, 621,
+- 621, 463, 497, 497, 621, 621, 621, 497, 498, 621,
+- 498, 498, 621, 621, 621, 498, 514, 514, 514, 621,
+- 621, 621, 514, 515, 515, 515, 621, 621, 621, 621,
+- 515, 524, 524, 524, 524, 524, 524, 524, 524, 524,
+- 524, 524, 524, 524, 524, 524, 524, 529, 529, 621,
+-
+- 529, 529, 529, 621, 621, 529, 529, 529, 621, 621,
+- 529, 529, 529, 535, 535, 621, 535, 535, 535, 621,
+- 621, 535, 535, 535, 621, 621, 535, 535, 535, 543,
+- 543, 621, 621, 621, 543, 544, 621, 544, 544, 621,
+- 621, 621, 544, 560, 560, 621, 621, 621, 621, 560,
+- 579, 579, 621, 621, 621, 579, 580, 621, 580, 580,
+- 621, 621, 621, 580, 597, 597, 621, 621, 621, 597,
+- 598, 621, 598, 621, 621, 621, 621, 598, 602, 602,
+- 602, 602, 602, 602, 602, 602, 602, 602, 602, 602,
+- 602, 602, 602, 602, 13, 621, 621, 621, 621, 621,
+-
+- 621, 621, 621, 621, 621, 621, 621, 621, 621, 621,
+- 621, 621, 621, 621, 621, 621, 621, 621, 621, 621,
+- 621, 621, 621, 621, 621, 621, 621, 621, 621, 621,
+- 621, 621, 621, 621, 621, 621, 621, 621, 621, 621,
+- 621, 621, 621, 621, 621, 621, 621, 621, 621, 621,
+- 621, 621, 621, 621, 621, 621, 621, 621, 621, 621,
+- 621, 621
++ 16, 17, 18, 19, 20, 21, 22, 23, 24, 16,
++ 25, 26, 16, 16, 27, 28, 29, 30, 28, 28,
++ 28, 28, 28, 28, 28, 31, 32, 33, 16, 34,
++ 35, 35, 35, 36, 37, 37, 37, 37, 38, 37,
++ 39, 37, 40, 41, 42, 43, 37, 37, 37, 37,
++ 37, 44, 16, 45, 45, 45, 45, 45, 45, 16,
++ 16, 16, 16, 16, 16, 16, 16, 46, 16, 16,
++ 47, 532, 54, 130, 48, 135, 55, 127, 131, 127,
++ 54, 127, 56, 534, 55, 57, 78, 18, 79, 80,
++ 56, 109, 129, 57, 133, 17, 62, 63, 150, 64,
++
++ 49, 50, 149, 152, 51, 64, 168, 139, 134, 58,
++ 101, 110, 52, 59, 37, 53, 37, 58, 154, 64,
++ 65, 59, 37, 105, 37, 17, 62, 63, 155, 64,
++ 796, 78, 18, 79, 80, 64, 81, 111, 60, 175,
++ 139, 172, 101, 115, 115, 66, 60, 115, 115, 64,
++ 65, 140, 142, 178, 17, 18, 19, 71, 67, 173,
++ 141, 168, 139, 72, 73, 74, 171, 115, 122, 122,
++ 122, 122, 122, 123, 179, 66, 17, 18, 19, 75,
++ 67, 81, 143, 144, 171, 242, 145, 101, 101, 180,
++ 181, 116, 176, 236, 146, 198, 140, 147, 17, 18,
++
++ 19, 71, 67, 177, 76, 161, 201, 72, 73, 74,
++ 121, 121, 121, 121, 121, 121, 121, 121, 121, 121,
++ 101, 796, 177, 75, 179, 249, 68, 69, 69, 69,
++ 69, 69, 69, 69, 69, 69, 69, 69, 69, 69,
++ 69, 69, 69, 69, 69, 17, 18, 19, 76, 67,
++ 194, 194, 194, 194, 194, 194, 194, 194, 194, 194,
++ 195, 195, 195, 195, 195, 196, 206, 100, 119, 100,
++ 100, 100, 177, 100, 100, 207, 101, 100, 107, 107,
++ 107, 107, 107, 107, 107, 107, 107, 107, 101, 243,
++ 235, 100, 100, 100, 101, 68, 69, 69, 69, 69,
++
++ 69, 69, 69, 69, 69, 69, 69, 69, 69, 69,
++ 69, 69, 69, 69, 33, 17, 18, 19, 33, 33,
++ 82, 23, 24, 33, 83, 26, 33, 33, 84, 85,
++ 86, 87, 85, 85, 85, 85, 85, 85, 85, 31,
++ 88, 33, 33, 89, 90, 90, 90, 91, 92, 92,
++ 92, 92, 93, 92, 94, 92, 95, 92, 96, 92,
++ 92, 92, 92, 92, 92, 68, 33, 97, 97, 97,
++ 97, 97, 97, 98, 98, 98, 98, 98, 98, 98,
++ 98, 99, 98, 98, 105, 218, 101, 796, 109, 168,
++ 139, 269, 247, 178, 106, 796, 220, 107, 107, 107,
++
++ 107, 107, 107, 107, 107, 107, 107, 117, 183, 118,
++ 118, 118, 118, 118, 118, 118, 118, 118, 118, 119,
++ 101, 180, 181, 120, 120, 120, 120, 120, 101, 101,
++ 357, 159, 159, 246, 184, 159, 159, 216, 216, 216,
++ 216, 216, 216, 177, 245, 101, 154, 120, 120, 120,
++ 120, 120, 120, 100, 358, 159, 155, 127, 101, 100,
++ 313, 563, 100, 100, 101, 100, 100, 100, 126, 126,
++ 126, 126, 126, 126, 126, 126, 126, 126, 119, 160,
++ 311, 100, 126, 126, 126, 126, 126, 127, 127, 127,
++ 127, 128, 127, 127, 127, 127, 127, 127, 127, 127,
++
++ 127, 127, 127, 127, 101, 127, 120, 120, 120, 120,
++ 120, 120, 100, 100, 100, 100, 100, 100, 100, 100,
++ 100, 100, 100, 127, 127, 127, 127, 127, 127, 127,
++ 127, 127, 127, 813, 218, 796, 105, 127, 127, 127,
++ 127, 127, 101, 100, 101, 282, 127, 107, 107, 107,
++ 107, 107, 107, 107, 107, 107, 107, 101, 304, 311,
++ 372, 100, 100, 100, 100, 100, 100, 138, 139, 100,
++ 100, 100, 311, 100, 100, 101, 378, 100, 216, 216,
++ 216, 216, 216, 216, 216, 216, 216, 216, 244, 310,
++ 813, 100, 100, 100, 100, 101, 120, 120, 120, 120,
++
++ 120, 120, 120, 120, 120, 120, 105, 164, 139, 165,
++ 813, 166, 101, 109, 436, 165, 106, 166, 373, 107,
++ 107, 107, 107, 107, 107, 107, 107, 107, 107, 226,
++ 101, 166, 166, 813, 227, 311, 111, 218, 228, 170,
++ 229, 185, 170, 170, 101, 168, 139, 185, 282, 170,
++ 185, 115, 115, 185, 185, 115, 115, 166, 813, 184,
++ 782, 371, 168, 139, 170, 148, 105, 187, 360, 185,
++ 109, 301, 302, 361, 303, 115, 167, 101, 813, 813,
++ 813, 813, 813, 813, 813, 813, 813, 813, 813, 101,
++ 813, 314, 188, 185, 115, 101, 532, 115, 115, 116,
++
++ 115, 115, 115, 115, 184, 101, 115, 115, 108, 714,
++ 108, 108, 171, 101, 108, 108, 184, 435, 108, 380,
++ 187, 115, 115, 216, 216, 216, 216, 216, 216, 216,
++ 216, 216, 216, 108, 108, 107, 107, 107, 107, 107,
++ 107, 107, 107, 107, 107, 190, 115, 187, 105, 101,
++ 191, 187, 192, 192, 192, 192, 192, 192, 192, 192,
++ 192, 192, 119, 187, 357, 357, 193, 193, 193, 193,
++ 193, 187, 187, 187, 187, 187, 187, 187, 187, 187,
++ 187, 187, 187, 187, 187, 187, 187, 187, 358, 358,
++ 193, 193, 193, 193, 193, 193, 187, 187, 187, 187,
++
++ 187, 187, 187, 187, 187, 187, 187, 813, 377, 187,
++ 187, 187, 187, 187, 187, 187, 187, 187, 187, 813,
++ 341, 341, 341, 187, 187, 187, 187, 187, 330, 331,
++ 112, 332, 112, 112, 112, 394, 112, 112, 395, 437,
++ 112, 255, 255, 255, 255, 255, 255, 187, 187, 187,
++ 187, 187, 187, 187, 112, 112, 112, 187, 197, 197,
++ 197, 197, 197, 197, 197, 197, 197, 197, 119, 187,
++ 498, 101, 197, 197, 197, 197, 197, 198, 198, 198,
++ 198, 199, 198, 198, 198, 198, 198, 198, 198, 198,
++ 198, 198, 198, 198, 499, 200, 193, 193, 193, 193,
++
++ 193, 193, 187, 187, 187, 187, 187, 187, 187, 187,
++ 187, 187, 187, 198, 198, 198, 198, 198, 198, 198,
++ 198, 198, 198, 813, 105, 101, 443, 198, 198, 198,
++ 198, 198, 260, 218, 159, 159, 198, 261, 159, 159,
++ 386, 262, 513, 263, 282, 387, 369, 142, 101, 370,
++ 504, 187, 187, 187, 187, 187, 187, 813, 159, 193,
++ 193, 193, 193, 193, 193, 193, 193, 193, 193, 114,
++ 763, 100, 100, 114, 505, 100, 100, 143, 144, 114,
++ 101, 145, 160, 272, 272, 272, 272, 272, 273, 146,
++ 438, 442, 147, 114, 114, 100, 212, 213, 214, 212,
++
++ 212, 212, 212, 212, 212, 212, 813, 813, 813, 813,
++ 813, 813, 813, 813, 813, 813, 345, 218, 763, 158,
++ 101, 100, 100, 158, 101, 100, 100, 763, 347, 158,
++ 399, 444, 101, 215, 215, 215, 215, 215, 215, 215,
++ 215, 215, 215, 158, 158, 100, 506, 215, 215, 215,
++ 215, 215, 251, 252, 253, 251, 251, 251, 251, 251,
++ 251, 251, 100, 100, 100, 100, 496, 127, 101, 813,
++ 507, 215, 215, 215, 215, 215, 215, 221, 221, 221,
++ 221, 221, 221, 221, 221, 221, 221, 119, 119, 498,
++ 532, 221, 221, 221, 221, 221, 255, 255, 255, 255,
++
++ 255, 255, 255, 255, 255, 255, 350, 350, 350, 350,
++ 350, 351, 714, 499, 101, 215, 215, 215, 215, 215,
++ 215, 127, 127, 127, 127, 127, 127, 127, 127, 127,
++ 127, 813, 379, 622, 127, 127, 127, 127, 127, 127,
++ 182, 218, 182, 182, 101, 185, 182, 182, 101, 439,
++ 182, 185, 282, 445, 185, 813, 218, 185, 185, 100,
++ 100, 100, 100, 100, 100, 182, 182, 347, 218, 127,
++ 127, 187, 497, 185, 185, 562, 185, 185, 185, 347,
++ 185, 185, 498, 659, 185, 255, 255, 255, 255, 255,
++ 255, 255, 255, 255, 255, 525, 188, 185, 185, 185,
++
++ 185, 115, 345, 218, 115, 115, 499, 115, 115, 115,
++ 115, 115, 127, 115, 115, 115, 565, 502, 345, 218,
++ 127, 115, 345, 218, 127, 504, 500, 187, 115, 115,
++ 347, 501, 101, 127, 416, 115, 115, 211, 211, 211,
++ 211, 211, 211, 211, 211, 211, 211, 503, 101, 505,
++ 127, 198, 190, 115, 254, 254, 254, 254, 254, 254,
++ 254, 254, 254, 254, 746, 567, 584, 127, 254, 254,
++ 254, 254, 254, 211, 211, 211, 211, 211, 211, 211,
++ 211, 211, 211, 315, 105, 316, 316, 316, 316, 316,
++ 316, 101, 254, 254, 254, 254, 254, 254, 187, 746,
++
++ 101, 508, 187, 256, 256, 256, 256, 256, 256, 256,
++ 256, 256, 256, 119, 187, 105, 572, 256, 256, 256,
++ 256, 256, 198, 198, 198, 198, 198, 198, 198, 198,
++ 198, 198, 198, 198, 198, 198, 198, 198, 198, 570,
++ 200, 254, 254, 254, 254, 254, 254, 187, 187, 187,
++ 187, 187, 187, 187, 187, 187, 187, 187, 198, 198,
++ 198, 198, 198, 198, 198, 198, 198, 198, 813, 511,
++ 504, 506, 198, 198, 198, 198, 198, 271, 271, 271,
++ 271, 271, 271, 271, 271, 271, 271, 419, 419, 419,
++ 419, 419, 420, 506, 505, 507, 187, 187, 187, 187,
++
++ 187, 187, 269, 746, 270, 270, 270, 270, 270, 270,
++ 270, 270, 270, 270, 159, 520, 763, 507, 159, 101,
++ 521, 621, 763, 127, 159, 287, 287, 287, 287, 287,
++ 287, 287, 287, 287, 287, 127, 573, 218, 159, 159,
++ 101, 100, 101, 274, 274, 274, 274, 274, 274, 274,
++ 274, 274, 274, 512, 624, 627, 127, 274, 274, 274,
++ 274, 274, 349, 349, 349, 349, 349, 349, 349, 349,
++ 349, 349, 488, 488, 488, 488, 488, 489, 101, 628,
++ 633, 274, 274, 274, 274, 274, 274, 276, 277, 278,
++ 278, 278, 278, 278, 278, 278, 278, 279, 649, 649,
++
++ 649, 280, 280, 280, 280, 280, 381, 382, 383, 381,
++ 381, 381, 381, 381, 381, 381, 446, 218, 447, 447,
++ 447, 447, 447, 447, 218, 280, 280, 280, 280, 280,
++ 280, 218, 283, 284, 285, 283, 283, 283, 283, 283,
++ 283, 283, 286, 625, 813, 218, 287, 287, 287, 287,
++ 287, 410, 411, 412, 410, 410, 410, 410, 410, 410,
++ 410, 528, 528, 528, 528, 528, 529, 626, 679, 127,
++ 287, 287, 287, 287, 287, 287, 288, 288, 288, 288,
++ 288, 288, 288, 288, 288, 288, 119, 627, 625, 127,
++ 288, 288, 288, 288, 288, 356, 356, 356, 356, 356,
++
++ 356, 356, 356, 356, 356, 537, 537, 537, 537, 537,
++ 538, 628, 626, 218, 274, 274, 274, 274, 274, 274,
++ 127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
++ 813, 683, 684, 127, 127, 127, 127, 127, 127, 345,
++ 218, 414, 414, 414, 414, 414, 414, 678, 659, 127,
++ 399, 347, 400, 400, 400, 400, 400, 400, 100, 100,
++ 100, 100, 100, 100, 315, 627, 318, 318, 318, 318,
++ 318, 319, 316, 316, 316, 316, 320, 320, 320, 320,
++ 320, 320, 320, 320, 320, 320, 119, 597, 101, 628,
++ 320, 320, 320, 320, 320, 418, 418, 418, 418, 418,
++
++ 418, 418, 418, 418, 418, 476, 746, 477, 477, 477,
++ 477, 477, 477, 746, 320, 320, 320, 320, 320, 320,
++ 321, 321, 321, 321, 321, 321, 321, 321, 321, 321,
++ 100, 100, 100, 100, 321, 321, 321, 321, 321, 425,
++ 425, 425, 425, 425, 425, 425, 425, 425, 425, 554,
++ 554, 554, 554, 554, 555, 345, 218, 695, 320, 320,
++ 320, 320, 320, 320, 334, 335, 336, 334, 334, 334,
++ 334, 334, 334, 334, 813, 218, 345, 218, 483, 483,
++ 483, 483, 483, 483, 731, 127, 416, 813, 416, 487,
++ 487, 487, 487, 487, 487, 487, 487, 487, 487, 534,
++
++ 101, 339, 339, 340, 341, 341, 341, 341, 341, 341,
++ 341, 279, 345, 218, 346, 346, 346, 346, 346, 346,
++ 346, 346, 346, 346, 347, 101, 683, 684, 348, 348,
++ 348, 348, 348, 631, 105, 514, 515, 516, 517, 515,
++ 515, 515, 515, 515, 515, 515, 600, 600, 600, 600,
++ 600, 601, 348, 348, 348, 348, 348, 348, 218, 352,
++ 353, 354, 352, 352, 352, 352, 352, 352, 352, 355,
++ 730, 695, 127, 356, 356, 356, 356, 356, 527, 527,
++ 527, 527, 527, 527, 527, 527, 527, 527, 632, 623,
++ 695, 680, 675, 218, 127, 127, 127, 356, 356, 356,
++
++ 356, 356, 356, 813, 347, 348, 348, 348, 348, 348,
++ 348, 348, 348, 348, 348, 384, 384, 384, 384, 384,
++ 384, 384, 384, 384, 384, 695, 676, 676, 813, 384,
++ 384, 384, 384, 384, 475, 475, 475, 475, 475, 475,
++ 475, 475, 475, 475, 618, 618, 618, 618, 618, 619,
++ 677, 677, 813, 384, 384, 384, 384, 384, 384, 385,
++ 385, 385, 385, 385, 385, 385, 385, 385, 385, 703,
++ 634, 694, 127, 385, 385, 385, 385, 385, 536, 536,
++ 536, 536, 536, 536, 536, 536, 536, 536, 100, 100,
++ 100, 100, 634, 218, 634, 634, 734, 384, 384, 384,
++
++ 384, 384, 384, 399, 416, 400, 400, 400, 400, 400,
++ 400, 400, 400, 400, 400, 399, 532, 401, 401, 401,
++ 401, 401, 401, 401, 401, 401, 401, 399, 534, 402,
++ 402, 402, 402, 402, 403, 400, 400, 400, 400, 405,
++ 405, 405, 405, 405, 405, 405, 405, 405, 405, 279,
++ 345, 218, 414, 414, 414, 414, 414, 414, 414, 414,
++ 414, 414, 347, 634, 105, 101, 413, 413, 413, 413,
++ 413, 544, 545, 546, 544, 544, 544, 544, 544, 544,
++ 544, 686, 761, 107, 127, 634, 107, 634, 635, 644,
++ 413, 413, 413, 413, 413, 413, 345, 218, 415, 415,
++
++ 415, 415, 415, 415, 415, 415, 415, 415, 416, 345,
++ 218, 101, 417, 417, 417, 417, 417, 345, 218, 813,
++ 218, 416, 127, 127, 127, 762, 105, 101, 733, 485,
++ 676, 485, 561, 564, 101, 566, 417, 417, 417, 417,
++ 417, 417, 218, 421, 422, 423, 421, 421, 421, 421,
++ 421, 421, 421, 424, 677, 684, 813, 425, 425, 425,
++ 425, 425, 494, 494, 494, 494, 494, 494, 494, 494,
++ 494, 494, 662, 662, 662, 662, 662, 663, 101, 105,
++ 813, 425, 425, 425, 425, 425, 425, 813, 571, 417,
++ 417, 417, 417, 417, 417, 417, 417, 417, 417, 446,
++
++ 701, 449, 449, 449, 449, 449, 450, 447, 447, 447,
++ 447, 384, 384, 384, 384, 384, 384, 384, 384, 384,
++ 384, 781, 782, 781, 782, 384, 384, 384, 384, 384,
++ 345, 218, 549, 549, 549, 549, 549, 549, 685, 575,
++ 575, 607, 485, 608, 608, 608, 608, 608, 608, 384,
++ 384, 384, 384, 384, 384, 464, 465, 466, 464, 464,
++ 464, 464, 464, 464, 464, 553, 553, 553, 553, 553,
++ 553, 553, 553, 553, 553, 591, 592, 593, 591, 591,
++ 591, 591, 591, 591, 591, 695, 732, 700, 700, 700,
++ 644, 101, 399, 532, 400, 400, 400, 400, 400, 400,
++
++ 400, 400, 400, 400, 399, 597, 400, 400, 400, 400,
++ 400, 400, 400, 400, 400, 400, 471, 472, 473, 471,
++ 471, 471, 471, 471, 471, 471, 474, 728, 101, 728,
++ 475, 475, 475, 475, 475, 543, 543, 543, 543, 543,
++ 543, 543, 543, 543, 543, 127, 211, 741, 786, 211,
++ 218, 729, 218, 729, 475, 475, 475, 475, 475, 475,
++ 476, 416, 479, 479, 479, 479, 479, 480, 477, 477,
++ 477, 477, 345, 218, 483, 483, 483, 483, 483, 483,
++ 483, 483, 483, 483, 416, 101, 101, 218, 482, 482,
++ 482, 482, 482, 532, 813, 595, 595, 595, 595, 595,
++
++ 595, 169, 169, 169, 218, 534, 597, 688, 759, 689,
++ 690, 691, 482, 482, 482, 482, 482, 482, 345, 218,
++ 484, 484, 484, 484, 484, 484, 484, 484, 484, 484,
++ 485, 316, 760, 316, 486, 486, 486, 486, 486, 599,
++ 599, 599, 599, 599, 599, 599, 599, 599, 599, 574,
++ 575, 575, 575, 575, 575, 575, 597, 692, 486, 486,
++ 486, 486, 486, 486, 218, 490, 491, 492, 490, 490,
++ 490, 490, 490, 490, 490, 493, 218, 345, 218, 494,
++ 494, 494, 494, 494, 345, 218, 218, 485, 218, 485,
++ 813, 218, 169, 169, 169, 534, 551, 485, 532, 551,
++
++ 759, 813, 551, 494, 494, 494, 494, 494, 494, 813,
++ 597, 486, 486, 486, 486, 486, 486, 486, 486, 486,
++ 486, 100, 650, 778, 760, 813, 317, 100, 317, 735,
++ 100, 100, 735, 100, 100, 100, 127, 127, 127, 127,
++ 127, 127, 127, 127, 127, 127, 702, 779, 650, 100,
++ 127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
++ 127, 127, 127, 127, 495, 127, 127, 127, 127, 127,
++ 127, 127, 101, 127, 100, 100, 100, 100, 100, 100,
++ 100, 100, 100, 100, 100, 100, 100, 100, 100, 100,
++ 100, 525, 526, 526, 526, 526, 526, 526, 526, 526,
++
++ 526, 526, 345, 218, 614, 614, 614, 614, 614, 614,
++ 447, 650, 447, 532, 551, 617, 617, 617, 617, 617,
++ 617, 617, 617, 617, 617, 659, 576, 576, 101, 532,
++ 813, 533, 533, 533, 533, 533, 533, 533, 533, 533,
++ 533, 534, 659, 695, 813, 535, 535, 535, 535, 535,
++ 636, 637, 638, 639, 636, 636, 636, 636, 636, 636,
++ 345, 218, 674, 674, 674, 674, 674, 674, 813, 535,
++ 535, 535, 535, 535, 535, 539, 540, 541, 539, 539,
++ 539, 539, 539, 539, 539, 542, 778, 695, 739, 543,
++ 543, 543, 543, 543, 646, 646, 646, 646, 646, 646,
++
++ 646, 646, 646, 646, 448, 477, 448, 477, 345, 218,
++ 779, 575, 575, 543, 543, 543, 543, 543, 543, 813,
++ 551, 535, 535, 535, 535, 535, 535, 535, 535, 535,
++ 535, 345, 218, 549, 549, 549, 549, 549, 549, 549,
++ 549, 549, 549, 485, 728, 681, 813, 548, 548, 548,
++ 548, 548, 647, 647, 647, 647, 647, 648, 649, 649,
++ 649, 649, 688, 607, 689, 690, 691, 478, 729, 478,
++ 813, 548, 548, 548, 548, 548, 548, 345, 218, 550,
++ 550, 550, 550, 550, 550, 550, 550, 550, 550, 551,
++ 127, 740, 813, 552, 552, 552, 552, 552, 606, 606,
++
++ 606, 606, 606, 606, 606, 606, 606, 606, 447, 477,
++ 447, 477, 694, 608, 607, 608, 813, 552, 552, 552,
++ 552, 552, 552, 218, 556, 557, 558, 556, 556, 556,
++ 556, 556, 556, 556, 607, 609, 768, 609, 559, 559,
++ 559, 559, 559, 532, 534, 657, 657, 657, 657, 657,
++ 657, 651, 650, 651, 650, 597, 651, 651, 651, 651,
++ 651, 651, 559, 559, 559, 559, 559, 559, 813, 532,
++ 552, 552, 552, 552, 552, 552, 552, 552, 552, 552,
++ 100, 659, 652, 608, 652, 608, 100, 687, 687, 100,
++ 100, 687, 100, 100, 100, 127, 127, 127, 127, 127,
++
++ 127, 127, 127, 127, 127, 687, 687, 687, 100, 127,
++ 127, 127, 127, 127, 127, 127, 560, 127, 127, 127,
++ 127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
++ 127, 101, 127, 100, 100, 100, 100, 100, 100, 100,
++ 100, 100, 100, 100, 100, 100, 100, 100, 100, 100,
++ 574, 577, 577, 577, 577, 577, 578, 575, 575, 575,
++ 575, 187, 723, 723, 532, 187, 198, 198, 198, 198,
++ 198, 198, 198, 198, 198, 198, 714, 187, 724, 724,
++ 198, 198, 198, 583, 198, 198, 198, 198, 198, 198,
++ 198, 198, 198, 198, 198, 198, 198, 198, 198, 198,
++
++ 198, 198, 650, 200, 187, 187, 187, 187, 187, 187,
++ 187, 187, 187, 187, 187, 187, 187, 187, 187, 187,
++ 187, 586, 587, 588, 589, 586, 586, 586, 586, 586,
++ 586, 661, 661, 661, 661, 661, 661, 661, 661, 661,
++ 661, 669, 670, 671, 669, 669, 669, 669, 669, 669,
++ 669, 717, 717, 717, 717, 717, 718, 101, 525, 526,
++ 526, 526, 526, 526, 526, 526, 526, 526, 526, 707,
++ 708, 709, 707, 707, 707, 707, 707, 707, 707, 668,
++ 668, 668, 668, 668, 668, 668, 668, 668, 668, 757,
++ 757, 757, 757, 757, 758, 101, 532, 813, 595, 595,
++
++ 595, 595, 595, 595, 595, 595, 595, 595, 534, 714,
++ 470, 643, 594, 594, 594, 594, 594, 532, 532, 712,
++ 712, 712, 712, 712, 712, 696, 697, 696, 697, 659,
++ 714, 813, 218, 813, 813, 813, 594, 594, 594, 594,
++ 594, 594, 532, 551, 596, 596, 596, 596, 596, 596,
++ 596, 596, 596, 596, 597, 759, 642, 641, 598, 598,
++ 598, 598, 598, 716, 716, 716, 716, 716, 716, 716,
++ 716, 716, 716, 688, 640, 689, 690, 691, 651, 760,
++ 651, 692, 598, 598, 598, 598, 598, 598, 602, 603,
++ 604, 602, 602, 602, 602, 602, 602, 602, 605, 574,
++
++ 574, 127, 606, 606, 606, 606, 606, 736, 737, 738,
++ 736, 736, 736, 736, 736, 736, 736, 791, 791, 791,
++ 791, 791, 791, 692, 574, 101, 606, 606, 606, 606,
++ 606, 606, 813, 630, 598, 598, 598, 598, 598, 598,
++ 598, 598, 598, 598, 607, 629, 610, 610, 610, 610,
++ 610, 611, 608, 608, 608, 608, 345, 218, 614, 614,
++ 614, 614, 614, 614, 614, 614, 614, 614, 551, 101,
++ 218, 778, 613, 613, 613, 613, 613, 813, 607, 689,
++ 690, 691, 813, 607, 813, 813, 691, 695, 470, 696,
++ 696, 696, 696, 696, 696, 779, 613, 613, 613, 613,
++
++ 613, 613, 345, 218, 615, 615, 615, 615, 615, 615,
++ 615, 615, 615, 615, 747, 343, 747, 127, 616, 616,
++ 616, 616, 616, 748, 764, 748, 764, 692, 765, 797,
++ 765, 797, 692, 218, 723, 723, 723, 723, 723, 723,
++ 585, 582, 616, 616, 616, 616, 616, 616, 813, 581,
++ 616, 616, 616, 616, 616, 616, 616, 616, 616, 616,
++ 100, 693, 580, 693, 693, 693, 100, 693, 693, 100,
++ 100, 693, 100, 100, 100, 127, 127, 127, 127, 127,
++ 127, 127, 127, 127, 127, 693, 693, 693, 100, 127,
++ 127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
++
++ 127, 127, 127, 127, 127, 127, 127, 620, 127, 127,
++ 127, 101, 127, 100, 100, 100, 100, 100, 100, 100,
++ 100, 100, 100, 100, 100, 100, 100, 100, 100, 100,
++ 625, 746, 579, 747, 747, 747, 747, 747, 747, 187,
++ 798, 574, 798, 187, 198, 198, 198, 198, 198, 198,
++ 198, 198, 198, 198, 626, 187, 574, 569, 198, 198,
++ 198, 198, 198, 198, 198, 198, 198, 198, 198, 198,
++ 198, 198, 198, 198, 198, 198, 198, 198, 198, 198,
++ 568, 200, 187, 187, 187, 187, 187, 187, 187, 187,
++ 187, 187, 187, 187, 187, 187, 187, 187, 187, 644,
++
++ 476, 645, 645, 645, 645, 645, 645, 645, 645, 645,
++ 645, 722, 722, 722, 722, 722, 722, 722, 722, 722,
++ 722, 532, 476, 753, 753, 753, 753, 753, 753, 755,
++ 476, 470, 755, 714, 343, 279, 755, 101, 650, 524,
++ 653, 653, 653, 653, 653, 654, 651, 651, 651, 651,
++ 532, 523, 657, 657, 657, 657, 657, 657, 657, 657,
++ 657, 657, 597, 522, 519, 518, 656, 656, 656, 656,
++ 656, 756, 756, 756, 756, 756, 756, 756, 756, 756,
++ 756, 532, 446, 777, 777, 777, 777, 777, 777, 446,
++ 656, 656, 656, 656, 656, 656, 532, 446, 658, 658,
++
++ 658, 658, 658, 658, 658, 658, 658, 658, 659, 510,
++ 509, 101, 660, 660, 660, 660, 660, 735, 735, 735,
++ 735, 735, 735, 735, 735, 735, 735, 763, 101, 764,
++ 764, 764, 764, 764, 764, 101, 660, 660, 660, 660,
++ 660, 660, 664, 665, 666, 664, 664, 664, 664, 664,
++ 664, 664, 667, 101, 476, 476, 668, 668, 668, 668,
++ 668, 735, 735, 735, 735, 735, 735, 735, 735, 735,
++ 735, 470, 741, 343, 742, 742, 742, 742, 742, 742,
++ 668, 668, 668, 668, 668, 668, 813, 279, 660, 660,
++ 660, 660, 660, 660, 660, 660, 660, 660, 345, 218,
++
++ 674, 674, 674, 674, 674, 674, 674, 674, 674, 674,
++ 101, 279, 463, 462, 673, 673, 673, 673, 673, 772,
++ 773, 774, 772, 772, 772, 772, 772, 772, 772, 796,
++ 461, 797, 797, 797, 797, 797, 797, 460, 673, 673,
++ 673, 673, 673, 673, 695, 459, 698, 698, 698, 698,
++ 698, 699, 700, 700, 700, 700, 704, 705, 706, 704,
++ 704, 704, 704, 704, 704, 704, 783, 784, 785, 783,
++ 783, 783, 783, 783, 783, 783, 791, 791, 791, 791,
++ 791, 791, 791, 791, 791, 791, 810, 810, 810, 810,
++ 810, 810, 101, 644, 458, 645, 645, 645, 645, 645,
++
++ 645, 645, 645, 645, 645, 792, 792, 792, 792, 792,
++ 792, 792, 792, 792, 792, 793, 793, 793, 793, 793,
++ 794, 791, 791, 791, 791, 457, 795, 456, 455, 795,
++ 454, 101, 532, 795, 712, 712, 712, 712, 712, 712,
++ 712, 712, 712, 712, 659, 453, 452, 451, 711, 711,
++ 711, 711, 711, 786, 813, 787, 787, 787, 787, 787,
++ 787, 791, 791, 791, 791, 791, 791, 791, 791, 791,
++ 791, 446, 711, 711, 711, 711, 711, 711, 532, 446,
++ 713, 713, 713, 713, 713, 713, 713, 713, 713, 713,
++ 714, 101, 374, 441, 715, 715, 715, 715, 715, 791,
++
++ 791, 791, 791, 791, 791, 791, 791, 791, 791, 440,
++ 434, 433, 432, 431, 430, 429, 428, 427, 715, 715,
++ 715, 715, 715, 715, 719, 720, 721, 719, 719, 719,
++ 719, 719, 719, 719, 426, 408, 343, 279, 722, 722,
++ 722, 722, 722, 804, 805, 806, 804, 804, 804, 804,
++ 804, 804, 804, 404, 279, 125, 807, 807, 807, 807,
++ 807, 807, 722, 722, 722, 722, 722, 722, 813, 398,
++ 715, 715, 715, 715, 715, 715, 715, 715, 715, 715,
++ 218, 725, 725, 725, 725, 725, 726, 723, 723, 723,
++ 723, 741, 101, 742, 742, 742, 742, 742, 742, 742,
++
++ 742, 742, 742, 741, 397, 743, 743, 743, 743, 743,
++ 743, 743, 743, 743, 743, 741, 396, 744, 744, 744,
++ 744, 744, 745, 742, 742, 742, 742, 746, 393, 749,
++ 749, 749, 749, 749, 750, 747, 747, 747, 747, 532,
++ 392, 753, 753, 753, 753, 753, 753, 753, 753, 753,
++ 753, 714, 391, 390, 389, 752, 752, 752, 752, 752,
++ 810, 810, 810, 810, 810, 810, 810, 810, 810, 810,
++ 388, 315, 315, 315, 374, 376, 374, 375, 374, 752,
++ 752, 752, 752, 752, 752, 532, 368, 754, 754, 754,
++ 754, 754, 754, 754, 754, 754, 754, 367, 366, 365,
++
++ 364, 755, 755, 755, 755, 755, 804, 804, 804, 804,
++ 804, 804, 804, 804, 804, 804, 363, 362, 359, 119,
++ 279, 343, 279, 125, 105, 755, 755, 755, 755, 755,
++ 755, 763, 333, 766, 766, 766, 766, 766, 767, 764,
++ 764, 764, 764, 100, 329, 769, 770, 771, 769, 769,
++ 769, 769, 769, 769, 769, 741, 328, 742, 742, 742,
++ 742, 742, 742, 742, 742, 742, 742, 741, 327, 742,
++ 742, 742, 742, 742, 742, 742, 742, 742, 742, 532,
++ 326, 777, 777, 777, 777, 777, 777, 777, 777, 777,
++ 777, 786, 325, 787, 787, 787, 787, 787, 787, 787,
++
++ 787, 787, 787, 786, 324, 788, 788, 788, 788, 788,
++ 788, 788, 788, 788, 788, 786, 323, 789, 789, 789,
++ 789, 789, 790, 787, 787, 787, 787, 796, 322, 799,
++ 799, 799, 799, 799, 800, 797, 797, 797, 797, 100,
++ 191, 801, 802, 803, 801, 801, 801, 801, 801, 801,
++ 801, 786, 315, 787, 787, 787, 787, 787, 787, 787,
++ 787, 787, 787, 786, 315, 787, 787, 787, 787, 787,
++ 787, 787, 787, 787, 787, 807, 807, 807, 807, 807,
++ 807, 807, 807, 807, 807, 811, 811, 811, 811, 811,
++ 812, 810, 810, 810, 810, 810, 810, 810, 810, 810,
++
++ 810, 810, 810, 810, 810, 250, 312, 309, 308, 307,
++ 306, 101, 801, 801, 801, 801, 801, 801, 801, 801,
++ 801, 801, 305, 300, 299, 298, 297, 296, 295, 294,
++ 293, 292, 291, 290, 289, 125, 117, 105, 105, 267,
++ 266, 265, 264, 259, 258, 257, 813, 188, 101, 808,
++ 808, 808, 808, 808, 809, 807, 807, 807, 807, 250,
++ 176, 177, 171, 171, 163, 248, 157, 157, 241, 240,
++ 239, 238, 237, 234, 233, 232, 231, 230, 225, 224,
++ 223, 222, 125, 100, 125, 101, 807, 807, 807, 807,
++ 807, 807, 807, 807, 807, 807, 190, 113, 210, 105,
++
++ 103, 102, 101, 205, 204, 203, 202, 198, 177, 171,
++ 163, 133, 131, 157, 156, 153, 151, 137, 136, 135,
++ 132, 127, 101, 61, 61, 61, 61, 61, 61, 61,
++ 61, 61, 61, 61, 61, 61, 61, 61, 61, 61,
++ 61, 61, 61, 61, 33, 33, 33, 33, 33, 33,
++ 33, 33, 33, 33, 33, 33, 33, 33, 33, 33,
++ 33, 33, 33, 33, 33, 70, 70, 70, 70, 70,
++ 70, 70, 70, 70, 70, 70, 70, 70, 70, 70,
++ 70, 70, 70, 70, 70, 70, 77, 77, 77, 77,
++ 77, 77, 77, 77, 77, 77, 77, 77, 77, 77,
++
++ 77, 77, 77, 77, 77, 77, 77, 100, 125, 113,
++ 103, 102, 101, 813, 100, 813, 100, 100, 100, 100,
++ 813, 813, 100, 100, 100, 100, 100, 100, 104, 104,
++ 104, 104, 104, 104, 104, 104, 104, 104, 104, 104,
++ 104, 104, 104, 104, 104, 104, 104, 104, 104, 108,
++ 813, 813, 813, 813, 108, 813, 108, 813, 108, 108,
++ 108, 108, 108, 813, 108, 108, 108, 108, 108, 108,
++ 112, 813, 813, 813, 813, 813, 813, 112, 813, 112,
++ 112, 112, 112, 813, 813, 112, 112, 112, 112, 112,
++ 112, 114, 813, 813, 114, 114, 813, 114, 114, 813,
++
++ 114, 114, 114, 114, 813, 813, 114, 114, 114, 114,
++ 114, 114, 124, 124, 813, 124, 813, 813, 813, 124,
++ 158, 813, 813, 158, 158, 813, 158, 158, 813, 158,
++ 158, 158, 158, 813, 813, 158, 158, 158, 158, 158,
++ 158, 162, 813, 813, 162, 162, 813, 162, 162, 813,
++ 162, 162, 162, 162, 813, 162, 162, 162, 813, 162,
++ 162, 162, 170, 813, 813, 170, 813, 813, 170, 170,
++ 813, 170, 170, 170, 170, 170, 813, 170, 170, 170,
++ 170, 170, 170, 174, 174, 174, 174, 174, 174, 174,
++ 174, 174, 174, 174, 174, 174, 174, 174, 174, 174,
++
++ 174, 174, 174, 174, 176, 176, 813, 176, 813, 176,
++ 176, 176, 176, 176, 176, 176, 176, 176, 176, 176,
++ 176, 176, 176, 176, 176, 182, 813, 813, 813, 813,
++ 182, 813, 182, 813, 182, 182, 182, 182, 182, 813,
++ 182, 182, 182, 182, 182, 182, 186, 813, 813, 813,
++ 813, 813, 813, 186, 813, 186, 186, 186, 186, 813,
++ 186, 186, 186, 186, 186, 186, 186, 189, 813, 813,
++ 189, 189, 813, 189, 189, 813, 189, 189, 189, 189,
++ 813, 189, 189, 189, 189, 189, 189, 189, 208, 208,
++ 208, 208, 208, 208, 208, 208, 208, 208, 208, 208,
++
++ 208, 208, 208, 208, 208, 208, 208, 208, 208, 209,
++ 209, 813, 209, 209, 209, 209, 209, 209, 209, 209,
++ 209, 209, 209, 209, 209, 209, 209, 209, 209, 209,
++ 115, 813, 813, 115, 115, 813, 115, 115, 813, 115,
++ 115, 115, 115, 813, 813, 115, 115, 115, 115, 115,
++ 115, 124, 124, 813, 124, 813, 813, 813, 124, 217,
++ 217, 813, 217, 813, 813, 813, 217, 219, 219, 219,
++ 813, 219, 813, 813, 813, 219, 158, 813, 813, 158,
++ 158, 813, 158, 158, 813, 158, 158, 158, 158, 813,
++ 813, 158, 158, 158, 158, 158, 158, 159, 813, 813,
++
++ 159, 159, 813, 159, 159, 813, 159, 159, 159, 159,
++ 813, 813, 159, 159, 159, 159, 159, 159, 162, 813,
++ 813, 162, 162, 813, 162, 162, 813, 162, 162, 162,
++ 162, 813, 162, 162, 162, 813, 162, 162, 162, 170,
++ 813, 813, 170, 813, 813, 170, 170, 813, 170, 170,
++ 170, 170, 170, 813, 170, 170, 170, 170, 170, 170,
++ 185, 813, 813, 813, 813, 813, 813, 185, 813, 185,
++ 185, 185, 185, 813, 813, 185, 185, 185, 185, 185,
++ 185, 186, 813, 813, 813, 813, 813, 813, 186, 813,
++ 186, 186, 186, 186, 813, 186, 186, 186, 186, 186,
++
++ 186, 186, 189, 813, 813, 189, 189, 813, 189, 189,
++ 813, 189, 189, 189, 189, 813, 189, 189, 189, 189,
++ 189, 189, 189, 200, 813, 813, 200, 200, 813, 200,
++ 268, 268, 268, 268, 268, 268, 268, 268, 268, 268,
++ 268, 268, 268, 268, 268, 268, 268, 268, 268, 268,
++ 268, 275, 275, 813, 275, 813, 813, 813, 275, 281,
++ 281, 281, 813, 281, 813, 813, 813, 281, 337, 337,
++ 813, 337, 813, 813, 813, 337, 338, 338, 813, 338,
++ 813, 813, 813, 338, 342, 342, 813, 342, 813, 813,
++ 813, 342, 344, 344, 344, 813, 344, 813, 813, 813,
++
++ 344, 200, 813, 813, 200, 200, 813, 200, 404, 404,
++ 813, 404, 813, 813, 813, 404, 406, 406, 813, 406,
++ 813, 813, 813, 406, 407, 407, 813, 407, 813, 813,
++ 813, 407, 409, 409, 409, 813, 409, 813, 813, 813,
++ 409, 413, 413, 413, 413, 813, 413, 813, 813, 813,
++ 413, 467, 467, 813, 467, 813, 813, 813, 467, 468,
++ 468, 813, 468, 813, 813, 813, 468, 469, 469, 813,
++ 469, 813, 813, 813, 469, 481, 481, 481, 813, 481,
++ 813, 813, 813, 481, 482, 482, 482, 482, 813, 482,
++ 813, 813, 813, 482, 208, 208, 208, 208, 208, 208,
++
++ 208, 208, 208, 208, 208, 208, 208, 208, 208, 208,
++ 208, 208, 208, 208, 208, 530, 530, 813, 530, 813,
++ 813, 813, 530, 531, 531, 813, 531, 813, 813, 813,
++ 531, 547, 547, 547, 813, 547, 813, 813, 813, 547,
++ 548, 548, 548, 548, 813, 548, 813, 813, 813, 548,
++ 208, 208, 208, 208, 208, 208, 208, 208, 208, 208,
++ 208, 208, 208, 208, 208, 208, 208, 208, 208, 208,
++ 208, 200, 813, 813, 200, 200, 813, 200, 187, 813,
++ 813, 813, 187, 187, 813, 187, 187, 187, 813, 813,
++ 187, 187, 590, 590, 813, 590, 813, 813, 813, 590,
++
++ 594, 813, 594, 594, 813, 594, 813, 813, 813, 594,
++ 612, 612, 612, 813, 612, 813, 813, 813, 612, 613,
++ 613, 613, 613, 813, 613, 813, 813, 813, 613, 559,
++ 559, 813, 813, 559, 813, 813, 813, 559, 208, 208,
++ 208, 208, 208, 208, 208, 208, 208, 208, 208, 208,
++ 208, 208, 208, 208, 208, 208, 208, 208, 208, 200,
++ 813, 813, 200, 200, 813, 200, 187, 813, 813, 813,
++ 187, 187, 813, 187, 187, 187, 813, 813, 187, 187,
++ 655, 655, 813, 655, 813, 813, 813, 655, 656, 813,
++ 656, 656, 813, 656, 813, 813, 813, 656, 672, 672,
++
++ 672, 813, 672, 813, 813, 813, 672, 673, 673, 673,
++ 813, 813, 673, 813, 813, 813, 673, 682, 682, 682,
++ 682, 682, 682, 682, 682, 682, 682, 682, 682, 682,
++ 682, 682, 682, 682, 682, 682, 682, 682, 687, 687,
++ 813, 687, 687, 687, 813, 687, 813, 687, 687, 687,
++ 687, 813, 813, 687, 687, 687, 687, 687, 687, 693,
++ 693, 813, 693, 693, 693, 813, 693, 813, 693, 693,
++ 693, 693, 813, 813, 693, 693, 693, 693, 693, 693,
++ 200, 813, 813, 813, 813, 813, 813, 813, 813, 813,
++ 813, 200, 200, 813, 200, 200, 813, 200, 710, 710,
++
++ 813, 710, 813, 813, 813, 710, 711, 813, 711, 711,
++ 813, 711, 813, 813, 813, 711, 727, 727, 813, 813,
++ 727, 813, 813, 813, 727, 693, 813, 813, 813, 813,
++ 813, 813, 693, 813, 693, 693, 693, 693, 813, 813,
++ 693, 693, 693, 693, 693, 693, 751, 751, 813, 751,
++ 813, 813, 813, 751, 752, 813, 752, 752, 813, 752,
++ 813, 813, 813, 752, 775, 775, 813, 775, 813, 813,
++ 813, 775, 776, 813, 776, 813, 813, 776, 813, 813,
++ 813, 776, 780, 780, 780, 780, 780, 780, 780, 780,
++ 780, 780, 780, 780, 780, 780, 780, 780, 780, 780,
++
++ 780, 780, 780, 15, 813, 813, 813, 813, 813, 813,
++ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
++ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
++ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
++ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
++ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
++ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
++ 813, 813, 813, 813
+ } ;
+
+-static yyconst short int yy_chk[3663] =
++static yyconst flex_int16_t yy_chk[5675] =
+ { 0,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+@@ -980,408 +1358,632 @@ static yyconst short int yy_chk[3663] =
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+- 1, 1, 1, 1, 1, 1, 1, 2, 618, 3,
+- 20, 2, 70, 3, 47, 36, 50, 4, 34, 3,
+- 36, 4, 3, 11, 11, 11, 11, 4, 20, 34,
+- 4, 12, 12, 12, 12, 2, 2, 70, 47, 2,
+-
+- 77, 38, 602, 50, 3, 599, 44, 2, 3, 3,
+- 2, 3, 4, 597, 20, 38, 4, 4, 52, 4,
+- 5, 5, 5, 44, 5, 6, 6, 6, 52, 6,
+- 5, 11, 3, 25, 25, 6, 120, 25, 25, 12,
+- 4, 120, 5, 5, 66, 66, 77, 6, 6, 9,
+- 9, 9, 9, 9, 58, 25, 74, 74, 9, 9,
+- 9, 28, 28, 28, 28, 28, 28, 19, 5, 143,
+- 143, 58, 9, 6, 7, 7, 7, 19, 7, 25,
+- 19, 19, 19, 19, 19, 19, 19, 19, 27, 27,
+- 27, 27, 27, 27, 27, 27, 105, 9, 10, 10,
+-
+- 10, 10, 10, 76, 583, 105, 90, 10, 10, 10,
+- 43, 165, 43, 43, 43, 43, 43, 43, 43, 43,
+- 45, 10, 7, 7, 7, 7, 7, 7, 7, 7,
++ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
++ 2, 533, 3, 38, 2, 52, 3, 49, 38, 50,
++ 4, 36, 3, 533, 4, 3, 11, 11, 11, 11,
++ 4, 22, 36, 4, 40, 5, 5, 5, 50, 5,
++
++ 2, 2, 49, 52, 2, 5, 68, 68, 40, 3,
++ 807, 22, 2, 3, 3, 2, 3, 4, 54, 5,
++ 5, 4, 4, 148, 4, 6, 6, 6, 54, 6,
++ 799, 12, 12, 12, 12, 6, 11, 22, 3, 76,
++ 76, 72, 46, 27, 27, 5, 4, 27, 27, 6,
++ 6, 46, 47, 78, 9, 9, 9, 9, 9, 74,
++ 46, 164, 164, 9, 9, 9, 72, 27, 30, 30,
++ 30, 30, 30, 30, 79, 6, 7, 7, 7, 9,
++ 7, 12, 47, 47, 74, 148, 47, 60, 141, 81,
++ 81, 27, 81, 141, 47, 91, 60, 47, 10, 10,
++
++ 10, 10, 10, 78, 9, 60, 91, 10, 10, 10,
++ 29, 29, 29, 29, 29, 29, 29, 29, 29, 29,
++ 161, 798, 79, 10, 179, 161, 7, 7, 7, 7,
+ 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
+- 8, 8, 8, 48, 8, 128, 10, 72, 45, 45,
+- 90, 76, 45, 79, 79, 165, 79, 128, 582, 127,
+- 45, 53, 48, 45, 53, 53, 53, 53, 53, 53,
+- 53, 53, 72, 86, 86, 86, 86, 86, 86, 86,
+- 86, 103, 103, 103, 103, 103, 103, 580, 8, 8,
+- 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
++ 7, 7, 7, 7, 7, 8, 8, 8, 10, 8,
++ 86, 86, 86, 86, 86, 86, 86, 86, 86, 86,
++ 87, 87, 87, 87, 87, 87, 99, 101, 274, 101,
++ 101, 101, 179, 101, 101, 99, 149, 101, 106, 106,
++ 106, 106, 106, 106, 106, 106, 106, 106, 140, 149,
++ 140, 101, 101, 101, 274, 8, 8, 8, 8, 8,
+
+- 8, 8, 8, 8, 8, 8, 26, 131, 26, 26,
+- 26, 26, 26, 26, 26, 26, 26, 88, 127, 131,
+- 26, 26, 26, 26, 26, 130, 191, 112, 579, 55,
+- 55, 129, 112, 55, 55, 88, 112, 132, 112, 191,
+- 130, 202, 26, 132, 26, 26, 26, 26, 26, 26,
+- 32, 55, 140, 147, 147, 202, 32, 140, 575, 32,
+- 32, 88, 32, 32, 32, 32, 32, 32, 32, 32,
+- 32, 32, 32, 32, 129, 55, 32, 32, 32, 32,
+- 32, 32, 32, 32, 32, 32, 32, 32, 32, 32,
+- 32, 32, 32, 32, 32, 32, 32, 32, 32, 32,
+-
+- 32, 32, 32, 32, 32, 32, 32, 32, 32, 32,
+- 32, 32, 32, 32, 32, 32, 32, 35, 35, 35,
+- 35, 35, 35, 35, 35, 35, 65, 118, 118, 35,
+- 35, 35, 35, 35, 159, 159, 65, 133, 35, 65,
+- 65, 65, 65, 65, 65, 65, 65, 133, 154, 154,
+- 201, 208, 201, 35, 35, 35, 35, 35, 35, 42,
+- 42, 42, 42, 42, 158, 42, 42, 175, 157, 42,
+- 64, 64, 64, 200, 64, 118, 175, 219, 64, 197,
+- 64, 42, 42, 42, 46, 198, 219, 208, 212, 200,
+- 198, 227, 64, 64, 46, 564, 154, 46, 46, 46,
+-
+- 46, 46, 46, 46, 46, 81, 560, 81, 81, 81,
+- 158, 81, 81, 227, 212, 81, 157, 245, 64, 87,
+- 87, 87, 87, 87, 87, 87, 87, 81, 81, 81,
+- 197, 94, 94, 556, 229, 94, 94, 204, 89, 229,
+- 46, 89, 89, 89, 89, 89, 89, 89, 89, 91,
+- 204, 91, 91, 94, 544, 91, 91, 239, 93, 91,
+- 93, 93, 93, 239, 93, 93, 246, 246, 93, 216,
+- 216, 216, 91, 91, 245, 289, 248, 94, 249, 260,
+- 93, 93, 93, 96, 249, 96, 96, 96, 260, 96,
+- 96, 248, 543, 96, 97, 97, 97, 97, 97, 97,
+-
+- 97, 97, 273, 290, 294, 96, 96, 96, 101, 101,
+- 101, 101, 101, 101, 101, 101, 102, 102, 102, 102,
+- 102, 102, 102, 102, 273, 290, 482, 291, 97, 98,
+- 98, 98, 98, 98, 98, 98, 98, 291, 247, 289,
+- 294, 98, 98, 98, 98, 98, 135, 135, 135, 135,
+- 135, 135, 135, 135, 332, 433, 285, 433, 137, 137,
+- 121, 285, 137, 137, 247, 98, 98, 98, 98, 98,
+- 98, 106, 106, 106, 106, 106, 106, 106, 106, 106,
+- 137, 247, 482, 106, 106, 106, 106, 106, 121, 121,
+- 303, 139, 121, 139, 139, 139, 307, 139, 139, 303,
+-
+- 121, 139, 528, 121, 137, 307, 332, 106, 106, 106,
+- 106, 106, 106, 139, 139, 139, 146, 146, 146, 146,
+- 146, 146, 146, 146, 150, 292, 324, 150, 150, 334,
+- 292, 324, 383, 524, 150, 163, 163, 163, 163, 163,
+- 163, 163, 163, 323, 523, 334, 385, 150, 164, 164,
+- 164, 164, 164, 164, 164, 164, 166, 522, 166, 166,
+- 167, 385, 166, 166, 167, 323, 166, 262, 262, 211,
+- 167, 211, 211, 211, 211, 211, 211, 262, 166, 166,
+- 166, 521, 167, 167, 168, 383, 168, 168, 168, 168,
+- 168, 168, 168, 168, 169, 327, 169, 169, 169, 169,
+-
+- 169, 169, 169, 169, 170, 211, 170, 170, 170, 170,
+- 170, 170, 170, 170, 203, 264, 264, 327, 203, 388,
+- 168, 308, 308, 380, 203, 264, 329, 515, 309, 309,
+- 169, 308, 311, 311, 498, 329, 203, 203, 309, 380,
+- 170, 171, 311, 171, 171, 171, 171, 171, 171, 171,
+- 171, 400, 400, 497, 388, 171, 171, 171, 171, 171,
+- 207, 207, 207, 207, 207, 207, 207, 207, 209, 335,
+- 209, 209, 209, 209, 209, 209, 209, 209, 335, 171,
+- 171, 171, 171, 171, 171, 174, 174, 174, 174, 174,
+- 174, 174, 174, 174, 207, 451, 451, 174, 174, 174,
+-
+- 174, 174, 527, 210, 209, 210, 210, 210, 210, 210,
+- 210, 210, 210, 220, 220, 220, 220, 220, 220, 220,
+- 220, 174, 174, 174, 174, 174, 174, 176, 176, 176,
+- 176, 176, 176, 176, 176, 176, 176, 465, 465, 210,
+- 176, 176, 176, 176, 176, 215, 215, 215, 215, 215,
+- 215, 215, 215, 215, 222, 222, 222, 222, 222, 222,
+- 222, 222, 386, 527, 176, 176, 176, 176, 176, 176,
+- 177, 177, 177, 177, 177, 177, 177, 177, 386, 466,
+- 466, 328, 177, 177, 177, 177, 177, 223, 223, 223,
+- 223, 223, 223, 225, 333, 225, 225, 225, 225, 225,
+-
+- 225, 225, 225, 328, 333, 493, 177, 177, 177, 177,
+- 177, 177, 221, 221, 221, 221, 221, 221, 221, 221,
+- 221, 221, 221, 353, 469, 469, 221, 221, 221, 221,
+- 221, 250, 353, 250, 250, 250, 250, 250, 250, 250,
+- 250, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+- 221, 221, 221, 221, 221, 221, 224, 224, 224, 224,
+- 224, 224, 224, 224, 224, 224, 354, 250, 479, 224,
+- 224, 224, 224, 224, 251, 354, 251, 251, 251, 251,
+- 251, 251, 251, 251, 261, 261, 261, 261, 261, 261,
+- 261, 261, 474, 224, 224, 224, 224, 224, 224, 252,
+-
+- 473, 252, 252, 252, 252, 252, 252, 252, 252, 370,
+- 251, 263, 263, 263, 263, 263, 263, 263, 263, 267,
+- 267, 267, 267, 267, 267, 267, 267, 481, 481, 267,
+- 472, 370, 505, 505, 470, 252, 265, 265, 265, 265,
+- 265, 265, 265, 265, 265, 265, 265, 268, 268, 268,
+- 268, 268, 268, 268, 268, 268, 268, 268, 376, 378,
+- 427, 268, 268, 268, 268, 268, 269, 269, 269, 269,
+- 269, 269, 269, 269, 270, 270, 270, 270, 270, 270,
+- 376, 378, 427, 516, 516, 268, 268, 268, 268, 268,
+- 268, 271, 271, 271, 271, 271, 271, 271, 271, 271,
+-
+- 271, 384, 525, 525, 271, 271, 271, 271, 271, 272,
+- 384, 272, 272, 272, 272, 272, 272, 272, 272, 293,
+- 293, 293, 293, 293, 293, 293, 293, 458, 271, 271,
+- 271, 271, 271, 271, 295, 395, 295, 295, 295, 295,
+- 295, 295, 295, 295, 297, 395, 297, 297, 297, 297,
+- 297, 297, 296, 293, 296, 296, 296, 296, 296, 296,
+- 296, 296, 317, 317, 317, 317, 317, 317, 444, 304,
+- 295, 304, 304, 304, 304, 304, 304, 304, 304, 440,
+- 297, 345, 345, 345, 345, 345, 345, 435, 296, 302,
+- 302, 302, 302, 302, 302, 302, 302, 302, 409, 551,
+-
+- 551, 302, 302, 302, 302, 302, 305, 409, 305, 305,
+- 305, 305, 305, 305, 305, 305, 310, 310, 310, 310,
+- 310, 310, 310, 310, 431, 302, 302, 302, 302, 302,
+- 302, 306, 430, 306, 306, 306, 306, 306, 306, 306,
+- 306, 312, 312, 312, 312, 312, 312, 312, 312, 312,
+- 312, 312, 314, 314, 314, 314, 314, 314, 314, 314,
+- 483, 429, 314, 315, 315, 315, 315, 315, 315, 315,
+- 315, 315, 315, 315, 426, 483, 425, 315, 315, 315,
+- 315, 315, 316, 316, 316, 316, 316, 316, 316, 316,
+- 319, 410, 319, 319, 319, 319, 319, 319, 319, 319,
+-
+- 410, 315, 315, 315, 315, 315, 315, 318, 318, 318,
+- 318, 318, 318, 318, 318, 318, 318, 566, 566, 424,
+- 318, 318, 318, 318, 318, 336, 336, 336, 336, 336,
+- 336, 336, 336, 336, 337, 337, 337, 337, 337, 337,
+- 337, 337, 337, 423, 318, 318, 318, 318, 318, 318,
+- 338, 338, 338, 338, 338, 338, 338, 338, 338, 422,
+- 336, 342, 342, 342, 342, 342, 342, 342, 342, 337,
+- 344, 344, 344, 344, 344, 344, 344, 344, 364, 364,
+- 364, 364, 364, 364, 428, 338, 343, 397, 343, 343,
+- 343, 343, 343, 343, 343, 343, 343, 397, 586, 586,
+-
+- 343, 343, 343, 343, 343, 347, 428, 347, 347, 347,
+- 347, 347, 347, 347, 347, 348, 348, 348, 348, 348,
+- 348, 348, 348, 393, 343, 343, 343, 343, 343, 343,
+- 346, 346, 346, 346, 346, 346, 346, 346, 346, 392,
+- 432, 432, 346, 346, 346, 346, 346, 350, 445, 350,
+- 350, 350, 350, 350, 350, 350, 350, 352, 445, 352,
+- 352, 352, 352, 352, 352, 382, 346, 346, 346, 346,
+- 346, 346, 351, 381, 351, 351, 351, 351, 351, 351,
+- 351, 351, 355, 355, 356, 356, 403, 403, 403, 403,
+- 403, 403, 355, 432, 356, 357, 357, 357, 357, 357,
+-
+- 357, 357, 357, 358, 358, 363, 363, 363, 363, 363,
+- 363, 363, 363, 358, 359, 359, 359, 359, 359, 359,
+- 359, 359, 359, 359, 359, 361, 361, 361, 361, 361,
+- 361, 361, 361, 590, 590, 361, 362, 362, 362, 362,
+- 362, 362, 362, 362, 362, 362, 362, 462, 603, 603,
+- 362, 362, 362, 362, 362, 366, 462, 366, 366, 366,
+- 366, 366, 366, 366, 366, 387, 387, 387, 387, 387,
+- 387, 387, 387, 375, 362, 362, 362, 362, 362, 362,
+- 365, 365, 365, 365, 365, 365, 365, 365, 365, 463,
+- 634, 634, 374, 365, 365, 365, 365, 365, 463, 387,
+-
+- 389, 389, 389, 389, 389, 389, 389, 389, 389, 391,
+- 391, 391, 391, 391, 391, 391, 373, 365, 365, 365,
+- 365, 365, 365, 390, 390, 390, 390, 390, 390, 390,
+- 390, 390, 471, 434, 372, 389, 394, 394, 394, 394,
+- 394, 394, 394, 394, 391, 396, 396, 396, 396, 396,
+- 396, 396, 396, 434, 471, 434, 434, 398, 390, 398,
+- 398, 398, 398, 398, 398, 398, 398, 398, 401, 487,
+- 401, 401, 401, 401, 401, 401, 401, 401, 401, 434,
+- 369, 368, 401, 401, 401, 401, 401, 402, 402, 402,
+- 402, 402, 402, 402, 402, 405, 367, 405, 405, 405,
+-
+- 405, 405, 405, 405, 405, 487, 401, 401, 401, 401,
+- 401, 401, 404, 404, 404, 404, 404, 404, 404, 404,
+- 404, 514, 349, 341, 404, 404, 404, 404, 404, 406,
+- 514, 406, 406, 406, 406, 406, 406, 406, 406, 420,
+- 420, 420, 420, 420, 420, 411, 411, 340, 404, 404,
+- 404, 404, 404, 404, 407, 411, 407, 407, 407, 407,
+- 407, 407, 407, 407, 408, 339, 408, 408, 408, 408,
+- 408, 408, 408, 408, 412, 412, 413, 413, 413, 413,
+- 413, 413, 413, 413, 412, 414, 414, 419, 419, 419,
+- 419, 419, 419, 419, 419, 414, 415, 415, 415, 415,
+-
+- 415, 415, 415, 415, 415, 415, 415, 417, 417, 417,
+- 417, 417, 417, 417, 417, 331, 330, 417, 418, 418,
+- 418, 418, 418, 418, 418, 418, 418, 418, 446, 326,
+- 325, 322, 418, 418, 418, 418, 418, 421, 446, 421,
+- 421, 421, 421, 421, 421, 421, 421, 447, 447, 447,
+- 447, 447, 447, 447, 447, 321, 418, 418, 418, 418,
+- 418, 418, 436, 448, 436, 436, 436, 436, 436, 436,
+- 436, 436, 437, 448, 437, 437, 437, 437, 437, 437,
+- 437, 437, 438, 499, 438, 438, 438, 438, 438, 438,
+- 438, 438, 491, 499, 570, 606, 320, 439, 436, 439,
+-
+- 439, 439, 439, 439, 439, 439, 439, 441, 437, 441,
+- 441, 441, 441, 441, 441, 441, 441, 442, 438, 442,
+- 442, 442, 442, 442, 442, 442, 442, 301, 491, 300,
+- 570, 606, 443, 439, 443, 443, 443, 443, 443, 443,
+- 443, 443, 449, 475, 449, 449, 449, 449, 449, 449,
+- 449, 449, 449, 452, 299, 452, 452, 452, 452, 452,
+- 452, 452, 452, 452, 477, 475, 518, 452, 452, 452,
+- 452, 452, 453, 453, 453, 453, 453, 453, 453, 453,
+- 454, 454, 454, 454, 454, 454, 477, 298, 518, 288,
+- 287, 452, 452, 452, 452, 452, 452, 455, 455, 455,
+-
+- 455, 455, 455, 455, 455, 455, 286, 284, 282, 455,
+- 455, 455, 455, 455, 456, 281, 456, 456, 456, 456,
+- 456, 456, 456, 456, 457, 457, 457, 457, 457, 457,
+- 457, 457, 280, 455, 455, 455, 455, 455, 455, 459,
+- 279, 459, 459, 459, 459, 459, 459, 459, 459, 460,
+- 480, 460, 460, 460, 460, 460, 460, 460, 460, 461,
+- 278, 461, 461, 461, 461, 461, 461, 464, 464, 685,
+- 480, 277, 480, 480, 685, 276, 275, 464, 467, 467,
+- 467, 467, 467, 467, 467, 467, 467, 467, 484, 259,
+- 484, 484, 484, 485, 258, 485, 485, 485, 486, 486,
+-
+- 486, 486, 486, 486, 486, 486, 488, 500, 488, 488,
+- 488, 488, 488, 488, 488, 488, 489, 500, 489, 489,
+- 489, 489, 489, 489, 489, 489, 257, 502, 545, 520,
+- 546, 256, 486, 254, 548, 253, 484, 502, 545, 244,
+- 546, 485, 488, 490, 548, 490, 490, 490, 490, 490,
+- 490, 520, 489, 492, 492, 492, 492, 492, 492, 492,
+- 492, 494, 243, 494, 494, 494, 494, 494, 494, 494,
+- 494, 508, 508, 508, 508, 508, 508, 242, 495, 490,
+- 495, 495, 495, 495, 495, 495, 495, 495, 496, 241,
+- 496, 496, 496, 496, 496, 496, 501, 501, 501, 501,
+-
+- 501, 501, 501, 501, 503, 561, 503, 503, 503, 503,
+- 503, 503, 503, 503, 503, 506, 581, 506, 506, 506,
+- 506, 506, 506, 506, 506, 506, 581, 561, 240, 506,
+- 506, 506, 506, 506, 507, 507, 507, 507, 507, 507,
+- 507, 507, 510, 237, 510, 510, 510, 510, 510, 510,
+- 510, 510, 235, 506, 506, 506, 506, 506, 506, 509,
+- 509, 509, 509, 509, 509, 509, 509, 234, 233, 232,
+- 231, 509, 509, 509, 509, 509, 511, 511, 511, 511,
+- 511, 511, 511, 511, 511, 512, 512, 512, 512, 512,
+- 512, 512, 512, 512, 563, 509, 509, 509, 509, 509,
+-
+- 509, 513, 513, 513, 513, 513, 513, 513, 513, 513,
+- 529, 230, 529, 529, 529, 530, 563, 530, 530, 530,
+- 531, 228, 531, 531, 531, 532, 226, 532, 532, 532,
+- 533, 218, 217, 533, 533, 533, 533, 533, 533, 533,
+- 533, 214, 587, 534, 534, 589, 535, 534, 535, 535,
+- 535, 213, 206, 536, 536, 205, 199, 536, 529, 534,
+- 534, 534, 196, 530, 587, 195, 194, 589, 531, 536,
+- 536, 536, 537, 532, 537, 537, 537, 537, 537, 537,
+- 537, 537, 538, 600, 538, 538, 538, 538, 538, 538,
+- 538, 538, 193, 539, 535, 539, 539, 539, 539, 539,
+-
+- 539, 539, 539, 192, 190, 600, 189, 540, 537, 540,
+- 540, 540, 540, 540, 540, 540, 540, 541, 538, 541,
+- 541, 541, 541, 541, 541, 541, 541, 188, 542, 539,
+- 542, 542, 542, 542, 542, 542, 542, 542, 547, 547,
+- 547, 547, 547, 547, 547, 547, 549, 187, 549, 549,
+- 549, 549, 549, 549, 549, 549, 549, 552, 186, 552,
+- 552, 552, 552, 552, 552, 552, 552, 185, 184, 183,
+- 182, 552, 552, 552, 552, 552, 553, 553, 553, 553,
+- 553, 553, 553, 553, 554, 554, 554, 554, 554, 554,
+- 181, 180, 179, 173, 172, 552, 552, 552, 552, 552,
+-
+- 552, 555, 162, 555, 555, 555, 555, 555, 555, 555,
+- 555, 557, 557, 557, 557, 557, 557, 557, 557, 557,
+- 558, 558, 558, 558, 558, 558, 558, 558, 558, 559,
+- 559, 559, 559, 559, 559, 559, 567, 567, 567, 567,
+- 567, 567, 567, 567, 568, 568, 568, 568, 568, 568,
+- 568, 568, 569, 569, 569, 569, 569, 569, 569, 569,
+- 571, 161, 571, 571, 571, 571, 571, 571, 571, 571,
+- 572, 160, 572, 572, 572, 572, 572, 572, 572, 572,
+- 156, 155, 153, 149, 142, 573, 569, 573, 573, 573,
+- 573, 573, 573, 138, 136, 134, 571, 574, 574, 574,
+-
+- 574, 574, 574, 574, 574, 576, 572, 576, 576, 576,
+- 576, 576, 576, 576, 576, 126, 125, 124, 123, 122,
+- 577, 573, 577, 577, 577, 577, 577, 577, 577, 577,
+- 578, 117, 578, 578, 578, 578, 578, 578, 584, 116,
+- 584, 584, 584, 584, 584, 584, 584, 584, 591, 115,
+- 591, 591, 591, 591, 591, 591, 591, 591, 592, 114,
+- 592, 592, 592, 592, 592, 592, 592, 592, 593, 113,
+- 593, 593, 593, 593, 593, 593, 593, 593, 613, 613,
+- 613, 613, 613, 613, 591, 594, 594, 594, 594, 594,
+- 594, 594, 594, 111, 592, 595, 595, 595, 595, 595,
+-
+- 595, 595, 595, 110, 593, 596, 596, 596, 596, 596,
+- 596, 596, 596, 605, 605, 605, 605, 605, 605, 605,
+- 605, 607, 109, 607, 607, 607, 607, 607, 607, 607,
+- 607, 608, 108, 608, 608, 608, 608, 608, 608, 608,
+- 608, 104, 100, 99, 95, 92, 609, 605, 609, 609,
+- 609, 609, 609, 609, 84, 83, 82, 607, 611, 611,
+- 611, 611, 611, 611, 611, 611, 80, 608, 612, 612,
+- 612, 612, 612, 612, 612, 612, 75, 68, 61, 57,
+- 56, 54, 609, 615, 615, 615, 615, 615, 615, 615,
+- 615, 616, 616, 616, 616, 616, 616, 616, 616, 617,
+-
+- 617, 617, 617, 617, 617, 617, 617, 619, 619, 619,
+- 619, 619, 619, 619, 619, 51, 49, 615, 620, 620,
+- 620, 620, 620, 620, 41, 616, 40, 39, 37, 33,
+- 29, 23, 17, 617, 15, 14, 13, 0, 0, 0,
+- 0, 619, 0, 0, 0, 0, 0, 0, 0, 0,
+- 0, 0, 620, 622, 622, 622, 622, 622, 622, 622,
+- 622, 622, 622, 622, 622, 622, 622, 622, 622, 623,
+- 623, 623, 623, 623, 623, 623, 623, 623, 623, 623,
+- 623, 623, 623, 623, 623, 624, 624, 624, 624, 624,
+- 624, 624, 624, 624, 624, 624, 624, 624, 624, 624,
+-
+- 624, 625, 625, 625, 625, 625, 625, 625, 625, 625,
+- 625, 625, 625, 625, 625, 625, 625, 626, 0, 0,
+- 0, 0, 0, 0, 0, 626, 626, 626, 0, 0,
+- 626, 626, 626, 627, 627, 627, 627, 627, 627, 627,
+- 627, 627, 627, 627, 627, 627, 627, 627, 627, 628,
+- 0, 0, 0, 0, 628, 0, 0, 628, 628, 628,
+- 628, 0, 628, 628, 628, 629, 0, 0, 0, 0,
+- 0, 0, 0, 629, 629, 629, 0, 0, 629, 629,
+- 629, 630, 0, 0, 630, 630, 0, 630, 0, 630,
+- 630, 630, 0, 0, 630, 630, 630, 631, 631, 0,
+-
+- 0, 0, 631, 632, 0, 0, 632, 632, 0, 632,
+- 0, 632, 632, 632, 0, 0, 632, 632, 632, 633,
+- 0, 0, 633, 633, 0, 633, 0, 633, 633, 633,
+- 0, 633, 0, 633, 633, 635, 0, 0, 635, 0,
+- 0, 635, 0, 635, 635, 635, 635, 0, 635, 635,
+- 635, 636, 636, 636, 636, 636, 636, 636, 636, 636,
+- 636, 636, 636, 636, 636, 636, 636, 637, 637, 0,
+- 637, 0, 637, 637, 637, 637, 637, 637, 637, 637,
+- 637, 637, 637, 638, 638, 638, 638, 638, 638, 638,
+- 638, 638, 638, 638, 638, 638, 638, 638, 638, 639,
+-
+- 639, 0, 639, 639, 639, 639, 639, 639, 639, 639,
+- 639, 639, 639, 639, 639, 640, 0, 0, 0, 0,
+- 640, 0, 0, 640, 640, 640, 0, 0, 640, 640,
+- 640, 641, 0, 0, 641, 641, 0, 641, 0, 641,
+- 641, 641, 0, 0, 641, 641, 641, 642, 642, 0,
+- 0, 0, 642, 643, 643, 643, 0, 0, 0, 643,
+- 644, 0, 0, 644, 644, 0, 644, 0, 644, 644,
+- 644, 0, 0, 644, 644, 644, 645, 645, 645, 645,
+- 645, 645, 645, 645, 645, 645, 645, 645, 645, 645,
+- 645, 645, 646, 646, 0, 0, 0, 646, 647, 647,
+-
+- 647, 0, 0, 0, 647, 648, 648, 0, 0, 0,
+- 648, 649, 649, 0, 0, 0, 649, 650, 650, 0,
+- 0, 0, 650, 651, 651, 651, 0, 0, 0, 651,
+- 652, 652, 0, 0, 0, 652, 653, 653, 0, 0,
+- 0, 653, 654, 654, 0, 0, 0, 654, 655, 655,
+- 655, 0, 0, 0, 655, 656, 656, 656, 656, 0,
+- 0, 0, 656, 657, 657, 0, 0, 0, 657, 658,
+- 658, 0, 0, 0, 658, 659, 659, 0, 0, 0,
+- 659, 660, 660, 660, 0, 0, 0, 660, 661, 661,
+- 661, 661, 0, 0, 0, 661, 662, 662, 0, 0,
+-
+- 0, 662, 663, 663, 0, 0, 0, 663, 664, 664,
+- 664, 0, 0, 0, 664, 665, 665, 665, 665, 0,
+- 0, 0, 665, 666, 666, 0, 0, 0, 666, 667,
+- 0, 667, 667, 0, 0, 0, 667, 668, 668, 668,
+- 0, 0, 0, 668, 669, 669, 669, 669, 0, 0,
+- 0, 669, 670, 670, 0, 0, 0, 670, 671, 0,
+- 671, 671, 0, 0, 0, 671, 672, 672, 672, 0,
+- 0, 0, 672, 673, 673, 673, 0, 0, 0, 0,
+- 673, 674, 674, 674, 674, 674, 674, 674, 674, 674,
+- 674, 674, 674, 674, 674, 674, 674, 675, 675, 0,
+-
+- 675, 675, 675, 0, 0, 675, 675, 675, 0, 0,
+- 675, 675, 675, 676, 676, 0, 676, 676, 676, 0,
+- 0, 676, 676, 676, 0, 0, 676, 676, 676, 677,
+- 677, 0, 0, 0, 677, 678, 0, 678, 678, 0,
+- 0, 0, 678, 679, 679, 0, 0, 0, 0, 679,
+- 680, 680, 0, 0, 0, 680, 681, 0, 681, 681,
+- 0, 0, 0, 681, 682, 682, 0, 0, 0, 682,
+- 683, 0, 683, 0, 0, 0, 0, 683, 684, 684,
+- 684, 684, 684, 684, 684, 684, 684, 684, 684, 684,
+- 684, 684, 684, 684, 621, 621, 621, 621, 621, 621,
+-
+- 621, 621, 621, 621, 621, 621, 621, 621, 621, 621,
+- 621, 621, 621, 621, 621, 621, 621, 621, 621, 621,
+- 621, 621, 621, 621, 621, 621, 621, 621, 621, 621,
+- 621, 621, 621, 621, 621, 621, 621, 621, 621, 621,
+- 621, 621, 621, 621, 621, 621, 621, 621, 621, 621,
+- 621, 621, 621, 621, 621, 621, 621, 621, 621, 621,
+- 621, 621
++ 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
++ 8, 8, 8, 8, 13, 13, 13, 13, 13, 13,
++ 13, 13, 13, 13, 13, 13, 13, 13, 13, 13,
++ 13, 13, 13, 13, 13, 13, 13, 13, 13, 13,
++ 13, 13, 13, 13, 13, 13, 13, 13, 13, 13,
++ 13, 13, 13, 13, 13, 13, 13, 13, 13, 13,
++ 13, 13, 13, 13, 13, 13, 13, 13, 13, 13,
++ 13, 13, 13, 13, 13, 13, 13, 13, 13, 13,
++ 13, 13, 13, 13, 21, 125, 153, 797, 82, 168,
++ 168, 270, 153, 178, 21, 784, 125, 21, 21, 21,
++
++ 21, 21, 21, 21, 21, 21, 21, 28, 82, 28,
++ 28, 28, 28, 28, 28, 28, 28, 28, 28, 28,
++ 152, 180, 180, 28, 28, 28, 28, 28, 151, 270,
++ 289, 57, 57, 152, 82, 57, 57, 123, 123, 123,
++ 123, 123, 123, 178, 151, 28, 154, 28, 28, 28,
++ 28, 28, 28, 34, 289, 57, 154, 500, 246, 34,
++ 246, 500, 34, 34, 313, 34, 34, 34, 34, 34,
++ 34, 34, 34, 34, 34, 34, 34, 34, 34, 57,
++ 313, 34, 34, 34, 34, 34, 34, 34, 34, 34,
++ 34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
++
++ 34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
++ 34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
++ 34, 34, 34, 37, 37, 37, 37, 37, 37, 37,
++ 37, 37, 37, 37, 219, 783, 242, 37, 37, 37,
++ 37, 37, 245, 150, 236, 219, 37, 107, 107, 107,
++ 107, 107, 107, 107, 107, 107, 107, 247, 236, 245,
++ 303, 37, 37, 37, 37, 37, 37, 44, 44, 44,
++ 44, 44, 247, 44, 44, 311, 311, 44, 121, 121,
++ 121, 121, 121, 121, 121, 121, 121, 121, 150, 242,
++ 108, 44, 44, 44, 45, 303, 45, 45, 45, 45,
++
++ 45, 45, 45, 45, 45, 45, 48, 66, 66, 66,
++ 108, 66, 304, 110, 370, 66, 48, 66, 304, 48,
++ 48, 48, 48, 48, 48, 48, 48, 48, 48, 132,
++ 243, 66, 66, 110, 132, 243, 108, 281, 132, 171,
++ 132, 83, 171, 171, 370, 138, 138, 83, 281, 171,
++ 83, 114, 114, 83, 83, 114, 114, 66, 182, 110,
++ 780, 302, 175, 175, 171, 48, 67, 83, 291, 83,
++ 183, 235, 235, 291, 235, 114, 67, 249, 182, 67,
++ 67, 67, 67, 67, 67, 67, 67, 67, 67, 302,
++ 183, 249, 83, 83, 84, 138, 777, 84, 84, 114,
++
++ 84, 84, 84, 84, 182, 235, 84, 84, 111, 775,
++ 111, 111, 175, 314, 111, 111, 183, 369, 111, 314,
++ 84, 84, 84, 122, 122, 122, 122, 122, 122, 122,
++ 122, 122, 122, 111, 111, 156, 156, 156, 156, 156,
++ 156, 156, 156, 156, 156, 84, 84, 85, 310, 369,
++ 85, 85, 85, 85, 85, 85, 85, 85, 85, 85,
++ 85, 85, 85, 85, 322, 357, 85, 85, 85, 85,
++ 85, 85, 85, 85, 85, 85, 85, 85, 85, 85,
++ 85, 85, 85, 85, 85, 85, 85, 85, 322, 357,
++ 85, 85, 85, 85, 85, 85, 85, 85, 85, 85,
++
++ 85, 85, 85, 85, 85, 85, 85, 88, 310, 88,
++ 88, 88, 88, 88, 88, 88, 88, 88, 88, 88,
++ 278, 278, 278, 88, 88, 88, 88, 88, 266, 266,
++ 113, 266, 113, 113, 113, 330, 113, 113, 330, 371,
++ 113, 196, 196, 196, 196, 196, 196, 88, 88, 88,
++ 88, 88, 88, 89, 113, 113, 113, 89, 89, 89,
++ 89, 89, 89, 89, 89, 89, 89, 89, 89, 89,
++ 453, 371, 89, 89, 89, 89, 89, 89, 89, 89,
++ 89, 89, 89, 89, 89, 89, 89, 89, 89, 89,
++ 89, 89, 89, 89, 453, 89, 89, 89, 89, 89,
++
++ 89, 89, 89, 89, 89, 89, 89, 89, 89, 89,
++ 89, 89, 89, 92, 92, 92, 92, 92, 92, 92,
++ 92, 92, 92, 92, 377, 444, 378, 92, 92, 92,
++ 92, 92, 203, 344, 158, 158, 92, 203, 158, 158,
++ 323, 203, 444, 203, 344, 323, 301, 142, 378, 301,
++ 457, 92, 92, 92, 92, 92, 92, 97, 158, 97,
++ 97, 97, 97, 97, 97, 97, 97, 97, 97, 116,
++ 766, 116, 116, 116, 457, 116, 116, 142, 142, 116,
++ 301, 142, 158, 214, 214, 214, 214, 214, 214, 142,
++ 372, 377, 142, 116, 116, 116, 117, 117, 117, 117,
++
++ 117, 117, 117, 117, 117, 117, 167, 167, 167, 167,
++ 167, 167, 167, 167, 167, 167, 346, 346, 765, 160,
++ 379, 160, 160, 160, 372, 160, 160, 764, 346, 160,
++ 400, 379, 117, 118, 118, 118, 118, 118, 118, 118,
++ 118, 118, 118, 160, 160, 160, 458, 118, 118, 118,
++ 118, 118, 191, 191, 191, 191, 191, 191, 191, 191,
++ 191, 191, 273, 273, 273, 273, 427, 427, 400, 755,
++ 458, 118, 118, 118, 118, 118, 118, 126, 126, 126,
++ 126, 126, 126, 126, 126, 126, 126, 126, 312, 498,
++ 754, 126, 126, 126, 126, 126, 194, 194, 194, 194,
++
++ 194, 194, 194, 194, 194, 194, 285, 285, 285, 285,
++ 285, 285, 752, 498, 312, 126, 126, 126, 126, 126,
++ 126, 127, 127, 127, 127, 127, 127, 127, 127, 127,
++ 127, 127, 312, 562, 562, 127, 127, 127, 127, 127,
++ 184, 409, 184, 184, 373, 186, 184, 184, 380, 373,
++ 184, 186, 409, 380, 186, 348, 348, 186, 186, 127,
++ 127, 127, 127, 127, 127, 184, 184, 348, 413, 497,
++ 428, 186, 428, 186, 188, 497, 188, 188, 188, 413,
++ 188, 188, 429, 751, 188, 195, 195, 195, 195, 195,
++ 195, 195, 195, 195, 195, 526, 186, 186, 188, 188,
++
++ 188, 189, 615, 615, 189, 189, 429, 189, 189, 189,
++ 189, 190, 431, 189, 189, 190, 502, 431, 414, 414,
++ 502, 190, 415, 415, 429, 433, 430, 189, 189, 189,
++ 414, 430, 526, 430, 415, 190, 190, 210, 210, 210,
++ 210, 210, 210, 210, 210, 210, 210, 432, 508, 433,
++ 432, 523, 189, 189, 192, 192, 192, 192, 192, 192,
++ 192, 192, 192, 192, 749, 508, 523, 433, 192, 192,
++ 192, 192, 192, 211, 211, 211, 211, 211, 211, 211,
++ 211, 211, 211, 319, 511, 319, 319, 319, 319, 319,
++ 319, 439, 192, 192, 192, 192, 192, 192, 197, 748,
++
++ 513, 439, 197, 197, 197, 197, 197, 197, 197, 197,
++ 197, 197, 197, 197, 197, 442, 513, 197, 197, 197,
++ 197, 197, 197, 197, 197, 197, 197, 197, 197, 197,
++ 197, 197, 197, 197, 197, 197, 197, 197, 197, 511,
++ 197, 197, 197, 197, 197, 197, 197, 197, 197, 197,
++ 197, 197, 197, 197, 197, 197, 197, 197, 198, 198,
++ 198, 198, 198, 198, 198, 198, 198, 198, 198, 442,
++ 504, 506, 198, 198, 198, 198, 198, 213, 213, 213,
++ 213, 213, 213, 213, 213, 213, 213, 354, 354, 354,
++ 354, 354, 354, 434, 504, 506, 198, 198, 198, 198,
++
++ 198, 198, 212, 747, 212, 212, 212, 212, 212, 212,
++ 212, 212, 212, 212, 248, 454, 737, 434, 248, 514,
++ 454, 561, 736, 561, 248, 282, 282, 282, 282, 282,
++ 282, 282, 282, 282, 282, 434, 514, 727, 248, 248,
++ 212, 215, 443, 215, 215, 215, 215, 215, 215, 215,
++ 215, 215, 215, 443, 564, 584, 564, 215, 215, 215,
++ 215, 215, 284, 284, 284, 284, 284, 284, 284, 284,
++ 284, 284, 423, 423, 423, 423, 423, 423, 571, 584,
++ 571, 215, 215, 215, 215, 215, 215, 218, 218, 218,
++ 218, 218, 218, 218, 218, 218, 218, 218, 589, 589,
++
++ 589, 218, 218, 218, 218, 218, 315, 315, 315, 315,
++ 315, 315, 315, 315, 315, 315, 450, 725, 450, 450,
++ 450, 450, 450, 450, 724, 218, 218, 218, 218, 218,
++ 218, 220, 220, 220, 220, 220, 220, 220, 220, 220,
++ 220, 220, 220, 565, 616, 616, 220, 220, 220, 220,
++ 220, 345, 345, 345, 345, 345, 345, 345, 345, 345,
++ 345, 466, 466, 466, 466, 466, 466, 565, 623, 623,
++ 220, 220, 220, 220, 220, 220, 221, 221, 221, 221,
++ 221, 221, 221, 221, 221, 221, 221, 566, 625, 565,
++ 221, 221, 221, 221, 221, 347, 347, 347, 347, 347,
++
++ 347, 347, 347, 347, 347, 473, 473, 473, 473, 473,
++ 473, 566, 625, 723, 221, 221, 221, 221, 221, 221,
++ 222, 222, 222, 222, 222, 222, 222, 222, 222, 222,
++ 222, 631, 631, 566, 222, 222, 222, 222, 222, 351,
++ 351, 351, 351, 351, 351, 351, 351, 622, 711, 622,
++ 403, 351, 403, 403, 403, 403, 403, 403, 222, 222,
++ 222, 222, 222, 222, 253, 627, 253, 253, 253, 253,
++ 253, 253, 253, 253, 253, 253, 254, 254, 254, 254,
++ 254, 254, 254, 254, 254, 254, 254, 710, 403, 627,
++ 254, 254, 254, 254, 254, 353, 353, 353, 353, 353,
++
++ 353, 353, 353, 353, 353, 480, 708, 480, 480, 480,
++ 480, 480, 480, 707, 254, 254, 254, 254, 254, 254,
++ 256, 256, 256, 256, 256, 256, 256, 256, 256, 256,
++ 529, 529, 529, 529, 256, 256, 256, 256, 256, 416,
++ 416, 416, 416, 416, 416, 416, 416, 416, 416, 492,
++ 492, 492, 492, 492, 492, 674, 674, 700, 256, 256,
++ 256, 256, 256, 256, 269, 269, 269, 269, 269, 269,
++ 269, 269, 269, 269, 417, 417, 420, 420, 420, 420,
++ 420, 420, 420, 420, 680, 680, 417, 535, 420, 422,
++ 422, 422, 422, 422, 422, 422, 422, 422, 422, 535,
++
++ 269, 277, 277, 277, 277, 277, 277, 277, 277, 277,
++ 277, 277, 283, 283, 283, 283, 283, 283, 283, 283,
++ 283, 283, 283, 283, 283, 445, 683, 683, 283, 283,
++ 283, 283, 283, 570, 570, 445, 446, 446, 446, 446,
++ 446, 446, 446, 446, 446, 446, 541, 541, 541, 541,
++ 541, 541, 283, 283, 283, 283, 283, 283, 286, 286,
++ 286, 286, 286, 286, 286, 286, 286, 286, 286, 286,
++ 679, 698, 679, 286, 286, 286, 286, 286, 465, 465,
++ 465, 465, 465, 465, 465, 465, 465, 465, 570, 563,
++ 697, 624, 620, 481, 563, 620, 624, 286, 286, 286,
++
++ 286, 286, 286, 287, 481, 287, 287, 287, 287, 287,
++ 287, 287, 287, 287, 287, 320, 320, 320, 320, 320,
++ 320, 320, 320, 320, 320, 696, 621, 640, 643, 320,
++ 320, 320, 320, 320, 470, 470, 470, 470, 470, 470,
++ 470, 470, 470, 470, 558, 558, 558, 558, 558, 558,
++ 621, 640, 643, 320, 320, 320, 320, 320, 320, 321,
++ 321, 321, 321, 321, 321, 321, 321, 321, 321, 643,
++ 630, 693, 621, 321, 321, 321, 321, 321, 472, 472,
++ 472, 472, 472, 472, 472, 472, 472, 472, 648, 648,
++ 648, 648, 630, 482, 630, 630, 691, 321, 321, 321,
++
++ 321, 321, 321, 334, 482, 334, 334, 334, 334, 334,
++ 334, 334, 334, 334, 334, 335, 595, 335, 335, 335,
++ 335, 335, 335, 335, 335, 335, 335, 336, 595, 336,
++ 336, 336, 336, 336, 336, 336, 336, 336, 336, 339,
++ 339, 339, 339, 339, 339, 339, 339, 339, 339, 339,
++ 349, 349, 349, 349, 349, 349, 349, 349, 349, 349,
++ 349, 349, 349, 572, 685, 633, 349, 349, 349, 349,
++ 349, 476, 476, 476, 476, 476, 476, 476, 476, 476,
++ 476, 633, 731, 824, 731, 572, 824, 572, 572, 645,
++ 349, 349, 349, 349, 349, 349, 352, 352, 352, 352,
++
++ 352, 352, 352, 352, 352, 352, 352, 352, 352, 483,
++ 483, 572, 352, 352, 352, 352, 352, 484, 484, 486,
++ 486, 483, 496, 501, 503, 733, 733, 645, 685, 484,
++ 676, 486, 496, 501, 686, 503, 352, 352, 352, 352,
++ 352, 352, 355, 355, 355, 355, 355, 355, 355, 355,
++ 355, 355, 355, 355, 676, 682, 641, 355, 355, 355,
++ 355, 355, 485, 485, 485, 485, 485, 485, 485, 485,
++ 485, 485, 604, 604, 604, 604, 604, 604, 512, 632,
++ 641, 355, 355, 355, 355, 355, 355, 356, 512, 356,
++ 356, 356, 356, 356, 356, 356, 356, 356, 356, 383,
++
++ 641, 383, 383, 383, 383, 383, 383, 383, 383, 383,
++ 383, 384, 384, 384, 384, 384, 384, 384, 384, 384,
++ 384, 762, 762, 781, 781, 384, 384, 384, 384, 384,
++ 489, 489, 489, 489, 489, 489, 489, 489, 632, 882,
++ 882, 611, 489, 611, 611, 611, 611, 611, 611, 384,
++ 384, 384, 384, 384, 384, 399, 399, 399, 399, 399,
++ 399, 399, 399, 399, 399, 491, 491, 491, 491, 491,
++ 491, 491, 491, 491, 491, 532, 532, 532, 532, 532,
++ 532, 532, 532, 532, 532, 639, 681, 639, 639, 639,
++ 649, 399, 401, 596, 401, 401, 401, 401, 401, 401,
++
++ 401, 401, 401, 401, 402, 596, 402, 402, 402, 402,
++ 402, 402, 402, 402, 402, 402, 408, 408, 408, 408,
++ 408, 408, 408, 408, 408, 408, 408, 701, 649, 728,
++ 408, 408, 408, 408, 408, 534, 534, 534, 534, 534,
++ 534, 534, 534, 534, 534, 675, 836, 742, 787, 836,
++ 547, 701, 673, 728, 408, 408, 408, 408, 408, 408,
++ 412, 547, 412, 412, 412, 412, 412, 412, 412, 412,
++ 412, 412, 418, 418, 418, 418, 418, 418, 418, 418,
++ 418, 418, 418, 418, 418, 742, 787, 670, 418, 418,
++ 418, 418, 418, 538, 598, 538, 538, 538, 538, 538,
++
++ 538, 827, 827, 827, 669, 538, 598, 634, 739, 634,
++ 634, 634, 418, 418, 418, 418, 418, 418, 421, 421,
++ 421, 421, 421, 421, 421, 421, 421, 421, 421, 421,
++ 421, 853, 739, 853, 421, 421, 421, 421, 421, 540,
++ 540, 540, 540, 540, 540, 540, 540, 540, 540, 578,
++ 578, 578, 578, 578, 578, 578, 656, 634, 421, 421,
++ 421, 421, 421, 421, 424, 424, 424, 424, 424, 424,
++ 424, 424, 424, 424, 424, 424, 548, 549, 549, 424,
++ 424, 424, 424, 424, 550, 550, 612, 548, 613, 549,
++ 552, 552, 844, 844, 844, 655, 550, 612, 657, 613,
++
++ 759, 642, 552, 424, 424, 424, 424, 424, 424, 425,
++ 657, 425, 425, 425, 425, 425, 425, 425, 425, 425,
++ 425, 426, 653, 768, 759, 642, 854, 426, 854, 916,
++ 426, 426, 916, 426, 426, 426, 426, 426, 426, 426,
++ 426, 426, 426, 426, 426, 426, 642, 768, 652, 426,
++ 426, 426, 426, 426, 426, 426, 426, 426, 426, 426,
++ 426, 426, 426, 426, 426, 426, 426, 426, 426, 426,
++ 426, 426, 426, 426, 426, 426, 426, 426, 426, 426,
++ 426, 426, 426, 426, 426, 426, 426, 426, 426, 426,
++ 426, 464, 464, 464, 464, 464, 464, 464, 464, 464,
++
++ 464, 464, 555, 555, 555, 555, 555, 555, 555, 555,
++ 865, 651, 865, 658, 555, 557, 557, 557, 557, 557,
++ 557, 557, 557, 557, 557, 658, 883, 883, 464, 471,
++ 660, 471, 471, 471, 471, 471, 471, 471, 471, 471,
++ 471, 471, 660, 637, 702, 471, 471, 471, 471, 471,
++ 574, 574, 574, 574, 574, 574, 574, 574, 574, 574,
++ 619, 619, 619, 619, 619, 619, 619, 619, 702, 471,
++ 471, 471, 471, 471, 471, 474, 474, 474, 474, 474,
++ 474, 474, 474, 474, 474, 474, 778, 636, 702, 474,
++ 474, 474, 474, 474, 587, 587, 587, 587, 587, 587,
++
++ 587, 587, 587, 587, 866, 870, 866, 870, 614, 614,
++ 778, 894, 894, 474, 474, 474, 474, 474, 474, 475,
++ 614, 475, 475, 475, 475, 475, 475, 475, 475, 475,
++ 475, 487, 487, 487, 487, 487, 487, 487, 487, 487,
++ 487, 487, 487, 487, 678, 629, 703, 487, 487, 487,
++ 487, 487, 588, 588, 588, 588, 588, 588, 588, 588,
++ 588, 588, 635, 610, 635, 635, 635, 871, 678, 871,
++ 703, 487, 487, 487, 487, 487, 487, 490, 490, 490,
++ 490, 490, 490, 490, 490, 490, 490, 490, 490, 490,
++ 678, 703, 740, 490, 490, 490, 490, 490, 597, 597,
++
++ 597, 597, 597, 597, 597, 597, 597, 597, 875, 878,
++ 875, 878, 635, 888, 609, 888, 740, 490, 490, 490,
++ 490, 490, 490, 493, 493, 493, 493, 493, 493, 493,
++ 493, 493, 493, 493, 608, 889, 740, 889, 493, 493,
++ 493, 493, 493, 601, 594, 601, 601, 601, 601, 601,
++ 601, 897, 592, 897, 654, 601, 654, 654, 654, 654,
++ 654, 654, 493, 493, 493, 493, 493, 493, 494, 712,
++ 494, 494, 494, 494, 494, 494, 494, 494, 494, 494,
++ 495, 712, 898, 901, 898, 901, 495, 692, 692, 495,
++ 495, 692, 495, 495, 495, 495, 495, 495, 495, 495,
++
++ 495, 495, 495, 495, 495, 692, 692, 692, 495, 495,
++ 495, 495, 495, 495, 495, 495, 495, 495, 495, 495,
++ 495, 495, 495, 495, 495, 495, 495, 495, 495, 495,
++ 495, 495, 495, 495, 495, 495, 495, 495, 495, 495,
++ 495, 495, 495, 495, 495, 495, 495, 495, 495, 495,
++ 517, 517, 517, 517, 517, 517, 517, 517, 517, 517,
++ 517, 522, 913, 913, 713, 522, 522, 522, 522, 522,
++ 522, 522, 522, 522, 522, 522, 713, 522, 914, 914,
++ 522, 522, 522, 522, 522, 522, 522, 522, 522, 522,
++ 522, 522, 522, 522, 522, 522, 522, 522, 522, 522,
++
++ 522, 522, 591, 522, 522, 522, 522, 522, 522, 522,
++ 522, 522, 522, 522, 522, 522, 522, 522, 522, 522,
++ 522, 525, 525, 525, 525, 525, 525, 525, 525, 525,
++ 525, 603, 603, 603, 603, 603, 603, 603, 603, 603,
++ 603, 607, 607, 607, 607, 607, 607, 607, 607, 607,
++ 607, 666, 666, 666, 666, 666, 666, 525, 527, 527,
++ 527, 527, 527, 527, 527, 527, 527, 527, 527, 650,
++ 650, 650, 650, 650, 650, 650, 650, 650, 650, 659,
++ 659, 659, 659, 659, 659, 659, 659, 659, 659, 721,
++ 721, 721, 721, 721, 721, 527, 536, 715, 536, 536,
++
++ 536, 536, 536, 536, 536, 536, 536, 536, 536, 715,
++ 590, 582, 536, 536, 536, 536, 536, 663, 753, 663,
++ 663, 663, 663, 663, 663, 907, 908, 907, 908, 663,
++ 753, 687, 672, 687, 687, 687, 536, 536, 536, 536,
++ 536, 536, 539, 672, 539, 539, 539, 539, 539, 539,
++ 539, 539, 539, 539, 539, 730, 581, 580, 539, 539,
++ 539, 539, 539, 665, 665, 665, 665, 665, 665, 665,
++ 665, 665, 665, 688, 579, 688, 688, 688, 910, 730,
++ 910, 687, 539, 539, 539, 539, 539, 539, 542, 542,
++ 542, 542, 542, 542, 542, 542, 542, 542, 542, 577,
++
++ 576, 730, 542, 542, 542, 542, 542, 695, 695, 695,
++ 695, 695, 695, 695, 695, 695, 695, 794, 794, 794,
++ 794, 794, 794, 688, 575, 573, 542, 542, 542, 542,
++ 542, 542, 543, 569, 543, 543, 543, 543, 543, 543,
++ 543, 543, 543, 543, 546, 568, 546, 546, 546, 546,
++ 546, 546, 546, 546, 546, 546, 553, 553, 553, 553,
++ 553, 553, 553, 553, 553, 553, 553, 553, 553, 567,
++ 551, 761, 553, 553, 553, 553, 553, 689, 545, 689,
++ 689, 689, 690, 544, 690, 690, 690, 699, 531, 699,
++ 699, 699, 699, 699, 699, 761, 553, 553, 553, 553,
++
++ 553, 553, 556, 556, 556, 556, 556, 556, 556, 556,
++ 556, 556, 556, 556, 918, 530, 918, 761, 556, 556,
++ 556, 556, 556, 919, 923, 919, 923, 689, 924, 929,
++ 924, 929, 690, 726, 726, 726, 726, 726, 726, 726,
++ 524, 521, 556, 556, 556, 556, 556, 556, 559, 520,
++ 559, 559, 559, 559, 559, 559, 559, 559, 559, 559,
++ 560, 694, 519, 694, 694, 694, 560, 694, 694, 560,
++ 560, 694, 560, 560, 560, 560, 560, 560, 560, 560,
++ 560, 560, 560, 560, 560, 694, 694, 694, 560, 560,
++ 560, 560, 560, 560, 560, 560, 560, 560, 560, 560,
++
++ 560, 560, 560, 560, 560, 560, 560, 560, 560, 560,
++ 560, 560, 560, 560, 560, 560, 560, 560, 560, 560,
++ 560, 560, 560, 560, 560, 560, 560, 560, 560, 560,
++ 583, 750, 518, 750, 750, 750, 750, 750, 750, 583,
++ 930, 516, 930, 583, 583, 583, 583, 583, 583, 583,
++ 583, 583, 583, 583, 583, 583, 515, 510, 583, 583,
++ 583, 583, 583, 583, 583, 583, 583, 583, 583, 583,
++ 583, 583, 583, 583, 583, 583, 583, 583, 583, 583,
++ 509, 583, 583, 583, 583, 583, 583, 583, 583, 583,
++ 583, 583, 583, 583, 583, 583, 583, 583, 583, 586,
++
++ 479, 586, 586, 586, 586, 586, 586, 586, 586, 586,
++ 586, 714, 714, 714, 714, 714, 714, 714, 714, 714,
++ 714, 718, 478, 718, 718, 718, 718, 718, 718, 922,
++ 477, 469, 922, 718, 468, 467, 922, 586, 593, 463,
++ 593, 593, 593, 593, 593, 593, 593, 593, 593, 593,
++ 599, 456, 599, 599, 599, 599, 599, 599, 599, 599,
++ 599, 599, 599, 455, 452, 451, 599, 599, 599, 599,
++ 599, 720, 720, 720, 720, 720, 720, 720, 720, 720,
++ 720, 758, 449, 758, 758, 758, 758, 758, 758, 448,
++ 599, 599, 599, 599, 599, 599, 602, 447, 602, 602,
++
++ 602, 602, 602, 602, 602, 602, 602, 602, 602, 441,
++ 440, 438, 602, 602, 602, 602, 602, 734, 734, 734,
++ 734, 734, 734, 734, 734, 734, 734, 767, 437, 767,
++ 767, 767, 767, 767, 767, 436, 602, 602, 602, 602,
++ 602, 602, 605, 605, 605, 605, 605, 605, 605, 605,
++ 605, 605, 605, 435, 411, 410, 605, 605, 605, 605,
++ 605, 735, 735, 735, 735, 735, 735, 735, 735, 735,
++ 735, 407, 745, 406, 745, 745, 745, 745, 745, 745,
++ 605, 605, 605, 605, 605, 605, 606, 405, 606, 606,
++ 606, 606, 606, 606, 606, 606, 606, 606, 617, 617,
++
++ 617, 617, 617, 617, 617, 617, 617, 617, 617, 617,
++ 745, 404, 398, 397, 617, 617, 617, 617, 617, 746,
++ 746, 746, 746, 746, 746, 746, 746, 746, 746, 800,
++ 396, 800, 800, 800, 800, 800, 800, 395, 617, 617,
++ 617, 617, 617, 617, 638, 394, 638, 638, 638, 638,
++ 638, 638, 638, 638, 638, 638, 644, 644, 644, 644,
++ 644, 644, 644, 644, 644, 644, 763, 763, 763, 763,
++ 763, 763, 763, 763, 763, 763, 772, 772, 772, 772,
++ 772, 772, 772, 772, 772, 772, 812, 812, 812, 812,
++ 812, 812, 644, 646, 393, 646, 646, 646, 646, 646,
++
++ 646, 646, 646, 646, 646, 773, 773, 773, 773, 773,
++ 773, 773, 773, 773, 773, 774, 774, 774, 774, 774,
++ 774, 774, 774, 774, 774, 392, 928, 391, 390, 928,
++ 389, 646, 661, 928, 661, 661, 661, 661, 661, 661,
++ 661, 661, 661, 661, 661, 388, 387, 386, 661, 661,
++ 661, 661, 661, 790, 385, 790, 790, 790, 790, 790,
++ 790, 792, 792, 792, 792, 792, 792, 792, 792, 792,
++ 792, 382, 661, 661, 661, 661, 661, 661, 664, 381,
++ 664, 664, 664, 664, 664, 664, 664, 664, 664, 664,
++ 664, 790, 376, 375, 664, 664, 664, 664, 664, 793,
++
++ 793, 793, 793, 793, 793, 793, 793, 793, 793, 374,
++ 368, 366, 365, 364, 363, 362, 361, 360, 664, 664,
++ 664, 664, 664, 664, 667, 667, 667, 667, 667, 667,
++ 667, 667, 667, 667, 359, 343, 342, 341, 667, 667,
++ 667, 667, 667, 796, 796, 796, 796, 796, 796, 796,
++ 796, 796, 796, 340, 338, 337, 809, 809, 809, 809,
++ 809, 809, 667, 667, 667, 667, 667, 667, 668, 333,
++ 668, 668, 668, 668, 668, 668, 668, 668, 668, 668,
++ 671, 671, 671, 671, 671, 671, 671, 671, 671, 671,
++ 671, 704, 809, 704, 704, 704, 704, 704, 704, 704,
++
++ 704, 704, 704, 705, 332, 705, 705, 705, 705, 705,
++ 705, 705, 705, 705, 705, 706, 331, 706, 706, 706,
++ 706, 706, 706, 706, 706, 706, 706, 709, 329, 709,
++ 709, 709, 709, 709, 709, 709, 709, 709, 709, 716,
++ 328, 716, 716, 716, 716, 716, 716, 716, 716, 716,
++ 716, 716, 327, 326, 325, 716, 716, 716, 716, 716,
++ 804, 804, 804, 804, 804, 804, 804, 804, 804, 804,
++ 324, 318, 317, 316, 309, 308, 307, 306, 305, 716,
++ 716, 716, 716, 716, 716, 719, 299, 719, 719, 719,
++ 719, 719, 719, 719, 719, 719, 719, 297, 296, 295,
++
++ 294, 719, 719, 719, 719, 719, 805, 805, 805, 805,
++ 805, 805, 805, 805, 805, 805, 293, 292, 290, 288,
++ 280, 279, 276, 275, 268, 719, 719, 719, 719, 719,
++ 719, 738, 267, 738, 738, 738, 738, 738, 738, 738,
++ 738, 738, 738, 741, 265, 741, 741, 741, 741, 741,
++ 741, 741, 741, 741, 741, 743, 264, 743, 743, 743,
++ 743, 743, 743, 743, 743, 743, 743, 744, 263, 744,
++ 744, 744, 744, 744, 744, 744, 744, 744, 744, 756,
++ 262, 756, 756, 756, 756, 756, 756, 756, 756, 756,
++ 756, 769, 261, 769, 769, 769, 769, 769, 769, 769,
++
++ 769, 769, 769, 770, 260, 770, 770, 770, 770, 770,
++ 770, 770, 770, 770, 770, 771, 259, 771, 771, 771,
++ 771, 771, 771, 771, 771, 771, 771, 785, 258, 785,
++ 785, 785, 785, 785, 785, 785, 785, 785, 785, 786,
++ 255, 786, 786, 786, 786, 786, 786, 786, 786, 786,
++ 786, 788, 252, 788, 788, 788, 788, 788, 788, 788,
++ 788, 788, 788, 789, 251, 789, 789, 789, 789, 789,
++ 789, 789, 789, 789, 789, 801, 801, 801, 801, 801,
++ 801, 801, 801, 801, 801, 806, 806, 806, 806, 806,
++ 806, 806, 806, 806, 806, 811, 811, 811, 811, 811,
++
++ 811, 811, 811, 811, 811, 250, 244, 241, 240, 239,
++ 238, 801, 802, 802, 802, 802, 802, 802, 802, 802,
++ 802, 802, 237, 234, 233, 232, 231, 230, 229, 228,
++ 227, 226, 225, 224, 223, 217, 216, 209, 208, 207,
++ 206, 205, 204, 202, 201, 199, 193, 185, 802, 803,
++ 803, 803, 803, 803, 803, 803, 803, 803, 803, 181,
++ 177, 176, 174, 170, 163, 159, 157, 155, 147, 146,
++ 145, 144, 143, 137, 136, 135, 134, 133, 131, 130,
++ 129, 128, 124, 120, 119, 803, 808, 808, 808, 808,
++ 808, 808, 808, 808, 808, 808, 115, 112, 109, 104,
++
++ 103, 102, 100, 96, 95, 94, 93, 90, 77, 70,
++ 63, 59, 58, 56, 55, 53, 51, 43, 42, 41,
++ 39, 35, 808, 814, 814, 814, 814, 814, 814, 814,
++ 814, 814, 814, 814, 814, 814, 814, 814, 814, 814,
++ 814, 814, 814, 814, 815, 815, 815, 815, 815, 815,
++ 815, 815, 815, 815, 815, 815, 815, 815, 815, 815,
++ 815, 815, 815, 815, 815, 816, 816, 816, 816, 816,
++ 816, 816, 816, 816, 816, 816, 816, 816, 816, 816,
++ 816, 816, 816, 816, 816, 816, 817, 817, 817, 817,
++ 817, 817, 817, 817, 817, 817, 817, 817, 817, 817,
++
++ 817, 817, 817, 817, 817, 817, 817, 818, 31, 25,
++ 19, 17, 16, 15, 818, 0, 818, 818, 818, 818,
++ 0, 0, 818, 818, 818, 818, 818, 818, 819, 819,
++ 819, 819, 819, 819, 819, 819, 819, 819, 819, 819,
++ 819, 819, 819, 819, 819, 819, 819, 819, 819, 820,
++ 0, 0, 0, 0, 820, 0, 820, 0, 820, 820,
++ 820, 820, 820, 0, 820, 820, 820, 820, 820, 820,
++ 821, 0, 0, 0, 0, 0, 0, 821, 0, 821,
++ 821, 821, 821, 0, 0, 821, 821, 821, 821, 821,
++ 821, 822, 0, 0, 822, 822, 0, 822, 822, 0,
++
++ 822, 822, 822, 822, 0, 0, 822, 822, 822, 822,
++ 822, 822, 823, 823, 0, 823, 0, 0, 0, 823,
++ 825, 0, 0, 825, 825, 0, 825, 825, 0, 825,
++ 825, 825, 825, 0, 0, 825, 825, 825, 825, 825,
++ 825, 826, 0, 0, 826, 826, 0, 826, 826, 0,
++ 826, 826, 826, 826, 0, 826, 826, 826, 0, 826,
++ 826, 826, 828, 0, 0, 828, 0, 0, 828, 828,
++ 0, 828, 828, 828, 828, 828, 0, 828, 828, 828,
++ 828, 828, 828, 829, 829, 829, 829, 829, 829, 829,
++ 829, 829, 829, 829, 829, 829, 829, 829, 829, 829,
++
++ 829, 829, 829, 829, 830, 830, 0, 830, 0, 830,
++ 830, 830, 830, 830, 830, 830, 830, 830, 830, 830,
++ 830, 830, 830, 830, 830, 831, 0, 0, 0, 0,
++ 831, 0, 831, 0, 831, 831, 831, 831, 831, 0,
++ 831, 831, 831, 831, 831, 831, 832, 0, 0, 0,
++ 0, 0, 0, 832, 0, 832, 832, 832, 832, 0,
++ 832, 832, 832, 832, 832, 832, 832, 833, 0, 0,
++ 833, 833, 0, 833, 833, 0, 833, 833, 833, 833,
++ 0, 833, 833, 833, 833, 833, 833, 833, 834, 834,
++ 834, 834, 834, 834, 834, 834, 834, 834, 834, 834,
++
++ 834, 834, 834, 834, 834, 834, 834, 834, 834, 835,
++ 835, 0, 835, 835, 835, 835, 835, 835, 835, 835,
++ 835, 835, 835, 835, 835, 835, 835, 835, 835, 835,
++ 837, 0, 0, 837, 837, 0, 837, 837, 0, 837,
++ 837, 837, 837, 0, 0, 837, 837, 837, 837, 837,
++ 837, 838, 838, 0, 838, 0, 0, 0, 838, 839,
++ 839, 0, 839, 0, 0, 0, 839, 840, 840, 840,
++ 0, 840, 0, 0, 0, 840, 841, 0, 0, 841,
++ 841, 0, 841, 841, 0, 841, 841, 841, 841, 0,
++ 0, 841, 841, 841, 841, 841, 841, 842, 0, 0,
++
++ 842, 842, 0, 842, 842, 0, 842, 842, 842, 842,
++ 0, 0, 842, 842, 842, 842, 842, 842, 843, 0,
++ 0, 843, 843, 0, 843, 843, 0, 843, 843, 843,
++ 843, 0, 843, 843, 843, 0, 843, 843, 843, 845,
++ 0, 0, 845, 0, 0, 845, 845, 0, 845, 845,
++ 845, 845, 845, 0, 845, 845, 845, 845, 845, 845,
++ 846, 0, 0, 0, 0, 0, 0, 846, 0, 846,
++ 846, 846, 846, 0, 0, 846, 846, 846, 846, 846,
++ 846, 847, 0, 0, 0, 0, 0, 0, 847, 0,
++ 847, 847, 847, 847, 0, 847, 847, 847, 847, 847,
++
++ 847, 847, 848, 0, 0, 848, 848, 0, 848, 848,
++ 0, 848, 848, 848, 848, 0, 848, 848, 848, 848,
++ 848, 848, 848, 849, 0, 0, 849, 849, 0, 849,
++ 850, 850, 850, 850, 850, 850, 850, 850, 850, 850,
++ 850, 850, 850, 850, 850, 850, 850, 850, 850, 850,
++ 850, 851, 851, 0, 851, 0, 0, 0, 851, 852,
++ 852, 852, 0, 852, 0, 0, 0, 852, 855, 855,
++ 0, 855, 0, 0, 0, 855, 856, 856, 0, 856,
++ 0, 0, 0, 856, 857, 857, 0, 857, 0, 0,
++ 0, 857, 858, 858, 858, 0, 858, 0, 0, 0,
++
++ 858, 859, 0, 0, 859, 859, 0, 859, 860, 860,
++ 0, 860, 0, 0, 0, 860, 861, 861, 0, 861,
++ 0, 0, 0, 861, 862, 862, 0, 862, 0, 0,
++ 0, 862, 863, 863, 863, 0, 863, 0, 0, 0,
++ 863, 864, 864, 864, 864, 0, 864, 0, 0, 0,
++ 864, 867, 867, 0, 867, 0, 0, 0, 867, 868,
++ 868, 0, 868, 0, 0, 0, 868, 869, 869, 0,
++ 869, 0, 0, 0, 869, 872, 872, 872, 0, 872,
++ 0, 0, 0, 872, 873, 873, 873, 873, 0, 873,
++ 0, 0, 0, 873, 874, 874, 874, 874, 874, 874,
++
++ 874, 874, 874, 874, 874, 874, 874, 874, 874, 874,
++ 874, 874, 874, 874, 874, 876, 876, 0, 876, 0,
++ 0, 0, 876, 877, 877, 0, 877, 0, 0, 0,
++ 877, 879, 879, 879, 0, 879, 0, 0, 0, 879,
++ 880, 880, 880, 880, 0, 880, 0, 0, 0, 880,
++ 881, 881, 881, 881, 881, 881, 881, 881, 881, 881,
++ 881, 881, 881, 881, 881, 881, 881, 881, 881, 881,
++ 881, 884, 0, 0, 884, 884, 0, 884, 885, 0,
++ 0, 0, 885, 885, 0, 885, 885, 885, 0, 0,
++ 885, 885, 886, 886, 0, 886, 0, 0, 0, 886,
++
++ 887, 0, 887, 887, 0, 887, 0, 0, 0, 887,
++ 890, 890, 890, 0, 890, 0, 0, 0, 890, 891,
++ 891, 891, 891, 0, 891, 0, 0, 0, 891, 892,
++ 892, 0, 0, 892, 0, 0, 0, 892, 893, 893,
++ 893, 893, 893, 893, 893, 893, 893, 893, 893, 893,
++ 893, 893, 893, 893, 893, 893, 893, 893, 893, 895,
++ 0, 0, 895, 895, 0, 895, 896, 0, 0, 0,
++ 896, 896, 0, 896, 896, 896, 0, 0, 896, 896,
++ 899, 899, 0, 899, 0, 0, 0, 899, 900, 0,
++ 900, 900, 0, 900, 0, 0, 0, 900, 902, 902,
++
++ 902, 0, 902, 0, 0, 0, 902, 903, 903, 903,
++ 0, 0, 903, 0, 0, 0, 903, 904, 904, 904,
++ 904, 904, 904, 904, 904, 904, 904, 904, 904, 904,
++ 904, 904, 904, 904, 904, 904, 904, 904, 905, 905,
++ 0, 905, 905, 905, 0, 905, 0, 905, 905, 905,
++ 905, 0, 0, 905, 905, 905, 905, 905, 905, 906,
++ 906, 0, 906, 906, 906, 0, 906, 0, 906, 906,
++ 906, 906, 0, 0, 906, 906, 906, 906, 906, 906,
++ 909, 0, 0, 0, 0, 0, 0, 0, 0, 0,
++ 0, 909, 909, 0, 909, 909, 0, 909, 911, 911,
++
++ 0, 911, 0, 0, 0, 911, 912, 0, 912, 912,
++ 0, 912, 0, 0, 0, 912, 915, 915, 0, 0,
++ 915, 0, 0, 0, 915, 917, 0, 0, 0, 0,
++ 0, 0, 917, 0, 917, 917, 917, 917, 0, 0,
++ 917, 917, 917, 917, 917, 917, 920, 920, 0, 920,
++ 0, 0, 0, 920, 921, 0, 921, 921, 0, 921,
++ 0, 0, 0, 921, 925, 925, 0, 925, 0, 0,
++ 0, 925, 926, 0, 926, 0, 0, 926, 0, 0,
++ 0, 926, 927, 927, 927, 927, 927, 927, 927, 927,
++ 927, 927, 927, 927, 927, 927, 927, 927, 927, 927,
++
++ 927, 927, 927, 813, 813, 813, 813, 813, 813, 813,
++ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
++ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
++ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
++ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
++ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
++ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
++ 813, 813, 813, 813
+ } ;
+
+ static yy_state_type yy_last_accepting_state;
+ static char *yy_last_accepting_cpos;
+
++extern int yy_flex_debug;
++int yy_flex_debug = 0;
++
+ /* The intent behind this definition is that it'll catch
+ * any uses of REJECT which flex missed.
+ */
+@@ -1391,7 +1993,6 @@ static char *yy_last_accepting_cpos;
+ #define YY_RESTORE_YY_MORE_OFFSET
+ char *yytext;
+ #line 1 "toke.l"
+-#define INITIAL 0
+ #line 2 "toke.l"
+ /*
+ * Copyright (c) 1996, 1998-2005, 2007-2012
+@@ -1466,6 +2067,7 @@ char *yytext;
+ #include "toke.h"
+ #include <gram.h>
+ #include "lbuf.h"
++#include "filedigest.h"
+ #include "secure_path.h"
+
+ extern YYSTYPE yylval;
+@@ -1483,6 +2085,7 @@ gid_t sudoers_gid = SUDOERS_GID;
+
+ static bool continued, sawspace;
+ static int prev_state;
++static int digest_len;
+
+ static bool _push_include(char *, bool);
+ static bool pop_include(void);
+@@ -1500,18 +2103,64 @@ int (*trace_print)(const char *msg) = su
+ #define push_include(_p) (_push_include((_p), false))
+ #define push_includedir(_p) (_push_include((_p), true))
+ #define YY_NO_INPUT 1
+-#define YY_NO_UNPUT 1
+-#define GOTDEFS 1
+
+-#define GOTCMND 2
+
+-#define STARTDEFS 3
+
+-#define INDEFS 4
+
++
++
++#line 2112 "lex.yy.c"
++
++#define INITIAL 0
++#define GOTDEFS 1
++#define GOTCMND 2
++#define STARTDEFS 3
++#define INDEFS 4
+ #define INSTR 5
++#define WANTDIGEST 6
++
++#ifndef YY_NO_UNISTD_H
++/* Special case for "unistd.h", since it is non-ANSI. We include it way
++ * down here because we want the user's section 1 to have been scanned first.
++ * The user has a chance to override it with an option.
++ */
++#include <unistd.h>
++#endif
++
++#ifndef YY_EXTRA_TYPE
++#define YY_EXTRA_TYPE void *
++#endif
++
++static int yy_init_globals (void );
++
++/* Accessor methods to globals.
++ These are made visible to non-reentrant scanners for convenience. */
++
++int yylex_destroy (void );
+
+-#line 1514 "lex.yy.c"
++int yyget_debug (void );
++
++void yyset_debug (int debug_flag );
++
++YY_EXTRA_TYPE yyget_extra (void );
++
++void yyset_extra (YY_EXTRA_TYPE user_defined );
++
++FILE *yyget_in (void );
++
++void yyset_in (FILE * in_str );
++
++FILE *yyget_out (void );
++
++void yyset_out (FILE * out_str );
++
++yy_size_t yyget_leng (void );
++
++char *yyget_text (void );
++
++int yyget_lineno (void );
++
++void yyset_lineno (int line_number );
+
+ /* Macros after this point can all be overridden by user definitions in
+ * section 1.
+@@ -1519,65 +2168,28 @@ int (*trace_print)(const char *msg) = su
+
+ #ifndef YY_SKIP_YYWRAP
+ #ifdef __cplusplus
+-extern "C" int yywrap YY_PROTO(( void ));
++extern "C" int yywrap (void );
+ #else
+-extern int yywrap YY_PROTO(( void ));
+-#endif
++extern int yywrap (void );
+ #endif
+-
+-#ifndef YY_NO_UNPUT
+-static void yyunput YY_PROTO(( int c, char *buf_ptr ));
+ #endif
+
+ #ifndef yytext_ptr
+-static void yy_flex_strncpy YY_PROTO(( char *, yyconst char *, int ));
++static void yy_flex_strncpy (char *,yyconst char *,int );
+ #endif
+
+ #ifdef YY_NEED_STRLEN
+-static int yy_flex_strlen YY_PROTO(( yyconst char * ));
++static int yy_flex_strlen (yyconst char * );
+ #endif
+
+ #ifndef YY_NO_INPUT
+-#ifdef __cplusplus
+-static int yyinput YY_PROTO(( void ));
+-#else
+-static int input YY_PROTO(( void ));
+-#endif
+-#endif
+-
+-#if defined(YY_STACK_USED) && YY_STACK_USED
+-static int yy_start_stack_ptr = 0;
+-static int yy_start_stack_depth = 0;
+-static int *yy_start_stack = 0;
+-#ifndef YY_NO_PUSH_STATE
+-static void yy_push_state YY_PROTO(( int new_state ));
+-#endif
+-#ifndef YY_NO_POP_STATE
+-static void yy_pop_state YY_PROTO(( void ));
+-#endif
+-#ifndef YY_NO_TOP_STATE
+-static int yy_top_state YY_PROTO(( void ));
+-#endif
+
++#ifdef __cplusplus
++static int yyinput (void );
+ #else
+-#define YY_NO_PUSH_STATE 1
+-#define YY_NO_POP_STATE 1
+-#define YY_NO_TOP_STATE 1
++static int input (void );
+ #endif
+
+-#ifdef YY_MALLOC_DECL
+-YY_MALLOC_DECL
+-#else
+-#ifdef __STDC__
+-#ifndef __cplusplus
+-#include <stdlib.h>
+-#endif
+-#else
+-/* Just try to get by without declaring the routines. This will fail
+- * miserably on non-ANSI systems for which sizeof(size_t) != sizeof(int)
+- * or sizeof(void*) != sizeof(int).
+- */
+-#endif
+ #endif
+
+ /* Amount of stuff to slurp up with each read. */
+@@ -1586,12 +2198,11 @@ YY_MALLOC_DECL
+ #endif
+
+ /* Copy whatever the last rule matched to the standard output. */
+-
+ #ifndef ECHO
+ /* This used to be an fputs(), but since the string might contain NUL's,
+ * we now use fwrite().
+ */
+-#define ECHO (void) fwrite( yytext, yyleng, 1, yyout )
++#define ECHO do { if (fwrite( yytext, yyleng, 1, yyout )) {} } while (0)
+ #endif
+
+ /* Gets input and stuffs it into "buf". number of characters read, or YY_NULL,
+@@ -1599,9 +2210,10 @@ YY_MALLOC_DECL
+ */
+ #ifndef YY_INPUT
+ #define YY_INPUT(buf,result,max_size) \
+- if ( yy_current_buffer->yy_is_interactive ) \
++ if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \
+ { \
+- int c = '*', n; \
++ int c = '*'; \
++ size_t n; \
+ for ( n = 0; n < max_size && \
+ (c = getc( yyin )) != EOF && c != '\n'; ++n ) \
+ buf[n] = (char) c; \
+@@ -1611,9 +2223,22 @@ YY_MALLOC_DECL
+ YY_FATAL_ERROR( "input in flex scanner failed" ); \
+ result = n; \
+ } \
+- else if ( ((result = fread( buf, 1, max_size, yyin )) == 0) \
+- && ferror( yyin ) ) \
+- YY_FATAL_ERROR( "input in flex scanner failed" );
++ else \
++ { \
++ errno=0; \
++ while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \
++ { \
++ if( errno != EINTR) \
++ { \
++ YY_FATAL_ERROR( "input in flex scanner failed" ); \
++ break; \
++ } \
++ errno=0; \
++ clearerr(yyin); \
++ } \
++ }\
++\
++
+ #endif
+
+ /* No semi-colon after return; correct usage is to write "yyterminate();" -
+@@ -1634,12 +2259,18 @@ YY_MALLOC_DECL
+ #define YY_FATAL_ERROR(msg) yy_fatal_error( msg )
+ #endif
+
++/* end tables serialization structures and prototypes */
++
+ /* Default declaration of generated scanner - a define so the user can
+ * easily add parameters.
+ */
+ #ifndef YY_DECL
+-#define YY_DECL int yylex YY_PROTO(( void ))
+-#endif
++#define YY_DECL_IS_OURS 1
++
++extern int yylex (void);
++
++#define YY_DECL int yylex (void)
++#endif /* !YY_DECL */
+
+ /* Code executed at the beginning of each rule, after yytext and yyleng
+ * have been set up.
+@@ -1655,30 +2286,32 @@ YY_MALLOC_DECL
+
+ #define YY_RULE_SETUP \
+ if ( yyleng > 0 ) \
+- yy_current_buffer->yy_at_bol = \
++ YY_CURRENT_BUFFER_LVALUE->yy_at_bol = \
+ (yytext[yyleng - 1] == '\n'); \
+ YY_USER_ACTION
+
++/** The main scanner function which does all the work.
++ */
+ YY_DECL
+- {
++{
+ register yy_state_type yy_current_state;
+ register char *yy_cp, *yy_bp;
+ register int yy_act;
++
++#line 135 "toke.l"
+
+-#line 132 "toke.l"
++#line 2303 "lex.yy.c"
+
+-#line 1670 "lex.yy.c"
+-
+- if ( yy_init )
++ if ( !(yy_init) )
+ {
+- yy_init = 0;
++ (yy_init) = 1;
+
+ #ifdef YY_USER_INIT
+ YY_USER_INIT;
+ #endif
+
+- if ( ! yy_start )
+- yy_start = 1; /* first start state */
++ if ( ! (yy_start) )
++ (yy_start) = 1; /* first start state */
+
+ if ( ! yyin )
+ yyin = stdin;
+@@ -1686,26 +2319,28 @@ YY_DECL
+ if ( ! yyout )
+ yyout = stdout;
+
+- if ( ! yy_current_buffer )
+- yy_current_buffer =
+- yy_create_buffer( yyin, YY_BUF_SIZE );
++ if ( ! YY_CURRENT_BUFFER ) {
++ yyensure_buffer_stack ();
++ YY_CURRENT_BUFFER_LVALUE =
++ yy_create_buffer(yyin,YY_BUF_SIZE );
++ }
+
+- yy_load_buffer_state();
++ yy_load_buffer_state( );
+ }
+
+ while ( 1 ) /* loops until end-of-file is reached */
+ {
+- yy_cp = yy_c_buf_p;
++ yy_cp = (yy_c_buf_p);
+
+ /* Support of yytext. */
+- *yy_cp = yy_hold_char;
++ *yy_cp = (yy_hold_char);
+
+ /* yy_bp points to the position in yy_ch_buf of the start of
+ * the current run.
+ */
+ yy_bp = yy_cp;
+
+- yy_current_state = yy_start;
++ yy_current_state = (yy_start);
+ yy_current_state += YY_AT_BOL();
+ yy_match:
+ do
+@@ -1713,47 +2348,45 @@ yy_match:
+ register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)];
+ if ( yy_accept[yy_current_state] )
+ {
+- yy_last_accepting_state = yy_current_state;
+- yy_last_accepting_cpos = yy_cp;
++ (yy_last_accepting_state) = yy_current_state;
++ (yy_last_accepting_cpos) = yy_cp;
+ }
+ while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
+ {
+ yy_current_state = (int) yy_def[yy_current_state];
+- if ( yy_current_state >= 622 )
++ if ( yy_current_state >= 814 )
+ yy_c = yy_meta[(unsigned int) yy_c];
+ }
+ yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
+ ++yy_cp;
+ }
+- while ( yy_base[yy_current_state] != 3595 );
++ while ( yy_base[yy_current_state] != 5604 );
+
+ yy_find_action:
+ yy_act = yy_accept[yy_current_state];
+ if ( yy_act == 0 )
+ { /* have to back up */
+- yy_cp = yy_last_accepting_cpos;
+- yy_current_state = yy_last_accepting_state;
++ yy_cp = (yy_last_accepting_cpos);
++ yy_current_state = (yy_last_accepting_state);
+ yy_act = yy_accept[yy_current_state];
+ }
+
+ YY_DO_BEFORE_ACTION;
+
+-
+ do_action: /* This label is used only to access EOF actions. */
+
+-
+ switch ( yy_act )
+ { /* beginning of action switch */
+ case 0: /* must back up */
+ /* undo the effects of YY_DO_BEFORE_ACTION */
+- *yy_cp = yy_hold_char;
+- yy_cp = yy_last_accepting_cpos;
+- yy_current_state = yy_last_accepting_state;
++ *yy_cp = (yy_hold_char);
++ yy_cp = (yy_last_accepting_cpos);
++ yy_current_state = (yy_last_accepting_state);
+ goto yy_find_action;
+
+ case 1:
+ YY_RULE_SETUP
+-#line 133 "toke.l"
++#line 136 "toke.l"
+ {
+ LEXTRACE(", ");
+ LEXRETURN(',');
+@@ -1761,12 +2394,12 @@ YY_RULE_SETUP
+ YY_BREAK
+ case 2:
+ YY_RULE_SETUP
+-#line 138 "toke.l"
++#line 141 "toke.l"
+ BEGIN STARTDEFS;
+ YY_BREAK
+ case 3:
+ YY_RULE_SETUP
+-#line 140 "toke.l"
++#line 143 "toke.l"
+ {
+ BEGIN INDEFS;
+ LEXTRACE("DEFVAR ");
+@@ -1778,7 +2411,7 @@ YY_RULE_SETUP
+
+ case 4:
+ YY_RULE_SETUP
+-#line 149 "toke.l"
++#line 152 "toke.l"
+ {
+ BEGIN STARTDEFS;
+ LEXTRACE(", ");
+@@ -1787,7 +2420,7 @@ YY_RULE_SETUP
+ YY_BREAK
+ case 5:
+ YY_RULE_SETUP
+-#line 155 "toke.l"
++#line 158 "toke.l"
+ {
+ LEXTRACE("= ");
+ LEXRETURN('=');
+@@ -1795,7 +2428,7 @@ YY_RULE_SETUP
+ YY_BREAK
+ case 6:
+ YY_RULE_SETUP
+-#line 160 "toke.l"
++#line 163 "toke.l"
+ {
+ LEXTRACE("+= ");
+ LEXRETURN('+');
+@@ -1803,7 +2436,7 @@ YY_RULE_SETUP
+ YY_BREAK
+ case 7:
+ YY_RULE_SETUP
+-#line 165 "toke.l"
++#line 168 "toke.l"
+ {
+ LEXTRACE("-= ");
+ LEXRETURN('-');
+@@ -1811,7 +2444,7 @@ YY_RULE_SETUP
+ YY_BREAK
+ case 8:
+ YY_RULE_SETUP
+-#line 170 "toke.l"
++#line 173 "toke.l"
+ {
+ LEXTRACE("BEGINSTR ");
+ yylval.string = NULL;
+@@ -1821,7 +2454,7 @@ YY_RULE_SETUP
+ YY_BREAK
+ case 9:
+ YY_RULE_SETUP
+-#line 177 "toke.l"
++#line 180 "toke.l"
+ {
+ LEXTRACE("WORD(2) ");
+ if (!fill(yytext, yyleng))
+@@ -1832,8 +2465,9 @@ YY_RULE_SETUP
+
+
+ case 10:
++/* rule 10 can match eol */
+ YY_RULE_SETUP
+-#line 186 "toke.l"
++#line 189 "toke.l"
+ {
+ /* Line continuation char followed by newline. */
+ sudolineno++;
+@@ -1842,7 +2476,7 @@ YY_RULE_SETUP
+ YY_BREAK
+ case 11:
+ YY_RULE_SETUP
+-#line 192 "toke.l"
++#line 195 "toke.l"
+ {
+ LEXTRACE("ENDSTR ");
+ BEGIN prev_state;
+@@ -1877,7 +2511,7 @@ YY_RULE_SETUP
+ YY_BREAK
+ case 12:
+ YY_RULE_SETUP
+-#line 224 "toke.l"
++#line 227 "toke.l"
+ {
+ LEXTRACE("BACKSLASH ");
+ if (!append(yytext, yyleng))
+@@ -1886,7 +2520,7 @@ YY_RULE_SETUP
+ YY_BREAK
+ case 13:
+ YY_RULE_SETUP
+-#line 230 "toke.l"
++#line 233 "toke.l"
+ {
+ LEXTRACE("STRBODY ");
+ if (!append(yytext, yyleng))
+@@ -1897,7 +2531,7 @@ YY_RULE_SETUP
+
+ case 14:
+ YY_RULE_SETUP
+-#line 238 "toke.l"
++#line 241 "toke.l"
+ {
+ /* quoted fnmatch glob char, pass verbatim */
+ LEXTRACE("QUOTEDCHAR ");
+@@ -1908,7 +2542,7 @@ YY_RULE_SETUP
+ YY_BREAK
+ case 15:
+ YY_RULE_SETUP
+-#line 246 "toke.l"
++#line 249 "toke.l"
+ {
+ /* quoted sudoers special char, strip backslash */
+ LEXTRACE("QUOTEDCHAR ");
+@@ -1918,8 +2552,9 @@ YY_RULE_SETUP
+ }
+ YY_BREAK
+ case 16:
++/* rule 16 can match eol */
+ YY_RULE_SETUP
+-#line 254 "toke.l"
++#line 257 "toke.l"
+ {
+ BEGIN INITIAL;
+ yyless(0);
+@@ -1928,7 +2563,7 @@ YY_RULE_SETUP
+ YY_BREAK
+ case 17:
+ YY_RULE_SETUP
+-#line 260 "toke.l"
++#line 263 "toke.l"
+ {
+ LEXTRACE("ARG ");
+ if (!fill_args(yytext, yyleng, sawspace))
+@@ -1939,7 +2574,48 @@ YY_RULE_SETUP
+
+ case 18:
+ YY_RULE_SETUP
+-#line 268 "toke.l"
++#line 271 "toke.l"
++{
++ /* Only return DIGEST if the length is correct. */
++ if (yyleng == digest_len * 2) {
++ if (!fill(yytext, yyleng))
++ yyterminate();
++ BEGIN INITIAL;
++ LEXTRACE("DIGEST ");
++ LEXRETURN(DIGEST);
++ }
++ BEGIN INITIAL;
++ yyless(yyleng);
++ } /* hex digest */
++ YY_BREAK
++case 19:
++YY_RULE_SETUP
++#line 284 "toke.l"
++{
++ /* Only return DIGEST if the length is correct. */
++ size_t len;
++ if (yytext[yyleng - 1] == '=') {
++ /* use padding */
++ len = 4 * ((digest_len + 2) / 3);
++ } else {
++ /* no padding */
++ len = (4 * digest_len + 2) / 3;
++ }
++ if (yyleng == len) {
++ if (!fill(yytext, yyleng))
++ yyterminate();
++ BEGIN INITIAL;
++ LEXTRACE("DIGEST ");
++ LEXRETURN(DIGEST);
++ }
++ BEGIN INITIAL;
++ yyless(yyleng);
++ } /* base64 digest */
++ YY_BREAK
++case 20:
++/* rule 20 can match eol */
++YY_RULE_SETUP
++#line 305 "toke.l"
+ {
+ char *path;
+
+@@ -1958,9 +2634,10 @@ YY_RULE_SETUP
+ yyterminate();
+ }
+ YY_BREAK
+-case 19:
++case 21:
++/* rule 21 can match eol */
+ YY_RULE_SETUP
+-#line 286 "toke.l"
++#line 323 "toke.l"
+ {
+ char *path;
+
+@@ -1982,9 +2659,9 @@ YY_RULE_SETUP
+ yyterminate();
+ }
+ YY_BREAK
+-case 20:
++case 22:
+ YY_RULE_SETUP
+-#line 307 "toke.l"
++#line 344 "toke.l"
+ {
+ char deftype;
+ int n;
+@@ -2025,9 +2702,9 @@ YY_RULE_SETUP
+ }
+ }
+ YY_BREAK
+-case 21:
++case 23:
+ YY_RULE_SETUP
+-#line 347 "toke.l"
++#line 384 "toke.l"
+ {
+ int n;
+
+@@ -2054,100 +2731,100 @@ YY_RULE_SETUP
+ }
+ }
+ YY_BREAK
+-case 22:
++case 24:
+ YY_RULE_SETUP
+-#line 373 "toke.l"
++#line 410 "toke.l"
+ {
+ /* cmnd does not require passwd for this user */
+ LEXTRACE("NOPASSWD ");
+ LEXRETURN(NOPASSWD);
+ }
+ YY_BREAK
+-case 23:
++case 25:
+ YY_RULE_SETUP
+-#line 379 "toke.l"
++#line 416 "toke.l"
+ {
+ /* cmnd requires passwd for this user */
+ LEXTRACE("PASSWD ");
+ LEXRETURN(PASSWD);
+ }
+ YY_BREAK
+-case 24:
++case 26:
+ YY_RULE_SETUP
+-#line 385 "toke.l"
++#line 422 "toke.l"
+ {
+ LEXTRACE("NOEXEC ");
+ LEXRETURN(NOEXEC);
+ }
+ YY_BREAK
+-case 25:
++case 27:
+ YY_RULE_SETUP
+-#line 390 "toke.l"
++#line 427 "toke.l"
+ {
+ LEXTRACE("EXEC ");
+ LEXRETURN(EXEC);
+ }
+ YY_BREAK
+-case 26:
++case 28:
+ YY_RULE_SETUP
+-#line 395 "toke.l"
++#line 432 "toke.l"
+ {
+ LEXTRACE("SETENV ");
+ LEXRETURN(SETENV);
+ }
+ YY_BREAK
+-case 27:
++case 29:
+ YY_RULE_SETUP
+-#line 400 "toke.l"
++#line 437 "toke.l"
+ {
+ LEXTRACE("NOSETENV ");
+ LEXRETURN(NOSETENV);
+ }
+ YY_BREAK
+-case 28:
++case 30:
+ YY_RULE_SETUP
+-#line 405 "toke.l"
++#line 442 "toke.l"
+ {
+ LEXTRACE("LOG_OUTPUT ");
+ LEXRETURN(LOG_OUTPUT);
+ }
+ YY_BREAK
+-case 29:
++case 31:
+ YY_RULE_SETUP
+-#line 410 "toke.l"
++#line 447 "toke.l"
+ {
+ LEXTRACE("NOLOG_OUTPUT ");
+ LEXRETURN(NOLOG_OUTPUT);
+ }
+ YY_BREAK
+-case 30:
++case 32:
+ YY_RULE_SETUP
+-#line 415 "toke.l"
++#line 452 "toke.l"
+ {
+ LEXTRACE("LOG_INPUT ");
+ LEXRETURN(LOG_INPUT);
+ }
+ YY_BREAK
+-case 31:
++case 33:
+ YY_RULE_SETUP
+-#line 420 "toke.l"
++#line 457 "toke.l"
+ {
+ LEXTRACE("NOLOG_INPUT ");
+ LEXRETURN(NOLOG_INPUT);
+ }
+ YY_BREAK
+-case 32:
++case 34:
+ YY_RULE_SETUP
+-#line 425 "toke.l"
++#line 462 "toke.l"
+ {
+ /* empty group or netgroup */
+ LEXTRACE("ERROR ");
+ LEXRETURN(ERROR);
+ }
+ YY_BREAK
+-case 33:
++case 35:
+ YY_RULE_SETUP
+-#line 431 "toke.l"
++#line 468 "toke.l"
+ {
+ /* netgroup */
+ if (!fill(yytext, yyleng))
+@@ -2156,9 +2833,9 @@ YY_RULE_SETUP
+ LEXRETURN(NETGROUP);
+ }
+ YY_BREAK
+-case 34:
++case 36:
+ YY_RULE_SETUP
+-#line 439 "toke.l"
++#line 476 "toke.l"
+ {
+ /* group */
+ if (!fill(yytext, yyleng))
+@@ -2167,9 +2844,9 @@ YY_RULE_SETUP
+ LEXRETURN(USERGROUP);
+ }
+ YY_BREAK
+-case 35:
++case 37:
+ YY_RULE_SETUP
+-#line 447 "toke.l"
++#line 484 "toke.l"
+ {
+ if (!fill(yytext, yyleng))
+ yyterminate();
+@@ -2177,9 +2854,9 @@ YY_RULE_SETUP
+ LEXRETURN(NTWKADDR);
+ }
+ YY_BREAK
+-case 36:
++case 38:
+ YY_RULE_SETUP
+-#line 454 "toke.l"
++#line 491 "toke.l"
+ {
+ if (!fill(yytext, yyleng))
+ yyterminate();
+@@ -2187,9 +2864,9 @@ YY_RULE_SETUP
+ LEXRETURN(NTWKADDR);
+ }
+ YY_BREAK
+-case 37:
++case 39:
+ YY_RULE_SETUP
+-#line 461 "toke.l"
++#line 498 "toke.l"
+ {
+ if (!ipv6_valid(yytext)) {
+ LEXTRACE("ERROR ");
+@@ -2201,9 +2878,9 @@ YY_RULE_SETUP
+ LEXRETURN(NTWKADDR);
+ }
+ YY_BREAK
+-case 38:
++case 40:
+ YY_RULE_SETUP
+-#line 472 "toke.l"
++#line 509 "toke.l"
+ {
+ if (!ipv6_valid(yytext)) {
+ LEXTRACE("ERROR ");
+@@ -2215,18 +2892,18 @@ YY_RULE_SETUP
+ LEXRETURN(NTWKADDR);
+ }
+ YY_BREAK
+-case 39:
++case 41:
+ YY_RULE_SETUP
+-#line 483 "toke.l"
++#line 520 "toke.l"
+ {
+ LEXTRACE("ALL ");
+ LEXRETURN(ALL);
+
+ }
+ YY_BREAK
+-case 40:
++case 42:
+ YY_RULE_SETUP
+-#line 489 "toke.l"
++#line 526 "toke.l"
+ {
+ #ifdef HAVE_SELINUX
+ LEXTRACE("ROLE ");
+@@ -2236,9 +2913,9 @@ YY_RULE_SETUP
+ #endif
+ }
+ YY_BREAK
+-case 41:
++case 43:
+ YY_RULE_SETUP
+-#line 498 "toke.l"
++#line 535 "toke.l"
+ {
+ #ifdef HAVE_SELINUX
+ LEXTRACE("TYPE ");
+@@ -2248,9 +2925,9 @@ YY_RULE_SETUP
+ #endif
+ }
+ YY_BREAK
+-case 42:
++case 44:
+ YY_RULE_SETUP
+-#line 506 "toke.l"
++#line 543 "toke.l"
+ {
+ #ifdef HAVE_PRIV_SET
+ LEXTRACE("PRIVS ");
+@@ -2260,9 +2937,9 @@ YY_RULE_SETUP
+ #endif
+ }
+ YY_BREAK
+-case 43:
++case 45:
+ YY_RULE_SETUP
+-#line 515 "toke.l"
++#line 552 "toke.l"
+ {
+ #ifdef HAVE_PRIV_SET
+ LEXTRACE("LIMITPRIVS ");
+@@ -2272,9 +2949,9 @@ YY_RULE_SETUP
+ #endif
+ }
+ YY_BREAK
+-case 44:
++case 46:
+ YY_RULE_SETUP
+-#line 524 "toke.l"
++#line 561 "toke.l"
+ {
+ got_alias:
+ if (!fill(yytext, yyleng))
+@@ -2283,10 +2960,11 @@ YY_RULE_SETUP
+ LEXRETURN(ALIAS);
+ }
+ YY_BREAK
+-case 45:
++case 47:
+ YY_RULE_SETUP
+-#line 532 "toke.l"
++#line 569 "toke.l"
+ {
++ /* XXX - no way to specify digest for command */
+ /* no command args allowed for Defaults!/path */
+ if (!fill_cmnd(yytext, yyleng))
+ yyterminate();
+@@ -2294,9 +2972,49 @@ YY_RULE_SETUP
+ LEXRETURN(COMMAND);
+ }
+ YY_BREAK
+-case 46:
++case 48:
++YY_RULE_SETUP
++#line 578 "toke.l"
++{
++ digest_len = SUDO_SHA224_DIGEST_LENGTH;
++ BEGIN WANTDIGEST;
++ LEXTRACE("SHA224 ");
++ LEXRETURN(SHA224);
++ }
++ YY_BREAK
++case 49:
++YY_RULE_SETUP
++#line 585 "toke.l"
++{
++ digest_len = SUDO_SHA256_DIGEST_LENGTH;
++ BEGIN WANTDIGEST;
++ LEXTRACE("SHA256 ");
++ LEXRETURN(SHA256);
++ }
++ YY_BREAK
++case 50:
++YY_RULE_SETUP
++#line 592 "toke.l"
++{
++ digest_len = SUDO_SHA384_DIGEST_LENGTH;
++ BEGIN WANTDIGEST;
++ LEXTRACE("SHA384 ");
++ LEXRETURN(SHA384);
++ }
++ YY_BREAK
++case 51:
++YY_RULE_SETUP
++#line 599 "toke.l"
++{
++ digest_len = SUDO_SHA512_DIGEST_LENGTH;
++ BEGIN WANTDIGEST;
++ LEXTRACE("SHA512 ");
++ LEXRETURN(SHA512);
++ }
++ YY_BREAK
++case 52:
+ YY_RULE_SETUP
+-#line 540 "toke.l"
++#line 606 "toke.l"
+ {
+ BEGIN GOTCMND;
+ LEXTRACE("COMMAND ");
+@@ -2304,9 +3022,9 @@ YY_RULE_SETUP
+ yyterminate();
+ } /* sudo -e */
+ YY_BREAK
+-case 47:
++case 53:
+ YY_RULE_SETUP
+-#line 547 "toke.l"
++#line 613 "toke.l"
+ {
+ /* directories can't have args... */
+ if (yytext[yyleng - 1] == '/') {
+@@ -2322,9 +3040,9 @@ YY_RULE_SETUP
+ }
+ } /* a pathname */
+ YY_BREAK
+-case 48:
++case 54:
+ YY_RULE_SETUP
+-#line 562 "toke.l"
++#line 628 "toke.l"
+ {
+ LEXTRACE("BEGINSTR ");
+ yylval.string = NULL;
+@@ -2332,9 +3050,9 @@ YY_RULE_SETUP
+ BEGIN INSTR;
+ }
+ YY_BREAK
+-case 49:
++case 55:
+ YY_RULE_SETUP
+-#line 569 "toke.l"
++#line 635 "toke.l"
+ {
+ /* a word */
+ if (!fill(yytext, yyleng))
+@@ -2343,49 +3061,49 @@ YY_RULE_SETUP
+ LEXRETURN(WORD);
+ }
+ YY_BREAK
+-case 50:
++case 56:
+ YY_RULE_SETUP
+-#line 577 "toke.l"
++#line 643 "toke.l"
+ {
+ LEXTRACE("( ");
+ LEXRETURN('(');
+ }
+ YY_BREAK
+-case 51:
++case 57:
+ YY_RULE_SETUP
+-#line 582 "toke.l"
++#line 648 "toke.l"
+ {
+ LEXTRACE(") ");
+ LEXRETURN(')');
+ }
+ YY_BREAK
+-case 52:
++case 58:
+ YY_RULE_SETUP
+-#line 587 "toke.l"
++#line 653 "toke.l"
+ {
+ LEXTRACE(", ");
+ LEXRETURN(',');
+ } /* return ',' */
+ YY_BREAK
+-case 53:
++case 59:
+ YY_RULE_SETUP
+-#line 592 "toke.l"
++#line 658 "toke.l"
+ {
+ LEXTRACE("= ");
+ LEXRETURN('=');
+ } /* return '=' */
+ YY_BREAK
+-case 54:
++case 60:
+ YY_RULE_SETUP
+-#line 597 "toke.l"
++#line 663 "toke.l"
+ {
+ LEXTRACE(": ");
+ LEXRETURN(':');
+ } /* return ':' */
+ YY_BREAK
+-case 55:
++case 61:
+ YY_RULE_SETUP
+-#line 602 "toke.l"
++#line 668 "toke.l"
+ {
+ if (yyleng & 1) {
+ LEXTRACE("!");
+@@ -2393,9 +3111,10 @@ YY_RULE_SETUP
+ }
+ }
+ YY_BREAK
+-case 56:
++case 62:
++/* rule 62 can match eol */
+ YY_RULE_SETUP
+-#line 609 "toke.l"
++#line 675 "toke.l"
+ {
+ if (YY_START == INSTR) {
+ LEXTRACE("ERROR ");
+@@ -2408,25 +3127,27 @@ YY_RULE_SETUP
+ LEXRETURN(COMMENT);
+ } /* return newline */
+ YY_BREAK
+-case 57:
++case 63:
+ YY_RULE_SETUP
+-#line 621 "toke.l"
++#line 687 "toke.l"
+ { /* throw away space/tabs */
+ sawspace = true; /* but remember for fill_args */
+ }
+ YY_BREAK
+-case 58:
++case 64:
++/* rule 64 can match eol */
+ YY_RULE_SETUP
+-#line 625 "toke.l"
++#line 691 "toke.l"
+ {
+ sawspace = true; /* remember for fill_args */
+ sudolineno++;
+ continued = true;
+ } /* throw away EOL after \ */
+ YY_BREAK
+-case 59:
++case 65:
++/* rule 65 can match eol */
+ YY_RULE_SETUP
+-#line 631 "toke.l"
++#line 697 "toke.l"
+ {
+ BEGIN INITIAL;
+ sudolineno++;
+@@ -2435,9 +3156,9 @@ YY_RULE_SETUP
+ LEXRETURN(COMMENT);
+ } /* comment, not uid/gid */
+ YY_BREAK
+-case 60:
++case 66:
+ YY_RULE_SETUP
+-#line 639 "toke.l"
++#line 705 "toke.l"
+ {
+ LEXTRACE("ERROR ");
+ LEXRETURN(ERROR);
+@@ -2449,7 +3170,8 @@ case YY_STATE_EOF(GOTCMND):
+ case YY_STATE_EOF(STARTDEFS):
+ case YY_STATE_EOF(INDEFS):
+ case YY_STATE_EOF(INSTR):
+-#line 644 "toke.l"
++case YY_STATE_EOF(WANTDIGEST):
++#line 710 "toke.l"
+ {
+ if (YY_START != INITIAL) {
+ BEGIN INITIAL;
+@@ -2460,36 +3182,36 @@ case YY_STATE_EOF(INSTR):
+ yyterminate();
+ }
+ YY_BREAK
+-case 61:
++case 67:
+ YY_RULE_SETUP
+-#line 654 "toke.l"
++#line 720 "toke.l"
+ ECHO;
+ YY_BREAK
+-#line 2468 "lex.yy.c"
++#line 3190 "lex.yy.c"
+
+ case YY_END_OF_BUFFER:
+ {
+ /* Amount of text matched not including the EOB char. */
+- int yy_amount_of_matched_text = (int) (yy_cp - yytext_ptr) - 1;
++ int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1;
+
+ /* Undo the effects of YY_DO_BEFORE_ACTION. */
+- *yy_cp = yy_hold_char;
++ *yy_cp = (yy_hold_char);
+ YY_RESTORE_YY_MORE_OFFSET
+
+- if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_NEW )
++ if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW )
+ {
+ /* We're scanning a new file or input source. It's
+ * possible that this happened because the user
+ * just pointed yyin at a new source and called
+ * yylex(). If so, then we have to assure
+- * consistency between yy_current_buffer and our
++ * consistency between YY_CURRENT_BUFFER and our
+ * globals. Here is the right place to do so, because
+ * this is the first action (other than possibly a
+ * back-up) that will match for the new input source.
+ */
+- yy_n_chars = yy_current_buffer->yy_n_chars;
+- yy_current_buffer->yy_input_file = yyin;
+- yy_current_buffer->yy_buffer_status = YY_BUFFER_NORMAL;
++ (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
++ YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin;
++ YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL;
+ }
+
+ /* Note that here we test for yy_c_buf_p "<=" to the position
+@@ -2499,13 +3221,13 @@ ECHO;
+ * end-of-buffer state). Contrast this with the test
+ * in input().
+ */
+- if ( yy_c_buf_p <= &yy_current_buffer->yy_ch_buf[yy_n_chars] )
++ if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
+ { /* This was really a NUL. */
+ yy_state_type yy_next_state;
+
+- yy_c_buf_p = yytext_ptr + yy_amount_of_matched_text;
++ (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text;
+
+- yy_current_state = yy_get_previous_state();
++ yy_current_state = yy_get_previous_state( );
+
+ /* Okay, we're now positioned to make the NUL
+ * transition. We couldn't have
+@@ -2518,30 +3240,30 @@ ECHO;
+
+ yy_next_state = yy_try_NUL_trans( yy_current_state );
+
+- yy_bp = yytext_ptr + YY_MORE_ADJ;
++ yy_bp = (yytext_ptr) + YY_MORE_ADJ;
+
+ if ( yy_next_state )
+ {
+ /* Consume the NUL. */
+- yy_cp = ++yy_c_buf_p;
++ yy_cp = ++(yy_c_buf_p);
+ yy_current_state = yy_next_state;
+ goto yy_match;
+ }
+
+ else
+ {
+- yy_cp = yy_c_buf_p;
++ yy_cp = (yy_c_buf_p);
+ goto yy_find_action;
+ }
+ }
+
+- else switch ( yy_get_next_buffer() )
++ else switch ( yy_get_next_buffer( ) )
+ {
+ case EOB_ACT_END_OF_FILE:
+ {
+- yy_did_buffer_switch_on_eof = 0;
++ (yy_did_buffer_switch_on_eof) = 0;
+
+- if ( yywrap() )
++ if ( yywrap( ) )
+ {
+ /* Note: because we've taken care in
+ * yy_get_next_buffer() to have set up
+@@ -2552,7 +3274,7 @@ ECHO;
+ * YY_NULL, it'll still work - another
+ * YY_NULL will get returned.
+ */
+- yy_c_buf_p = yytext_ptr + YY_MORE_ADJ;
++ (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ;
+
+ yy_act = YY_STATE_EOF(YY_START);
+ goto do_action;
+@@ -2560,30 +3282,30 @@ ECHO;
+
+ else
+ {
+- if ( ! yy_did_buffer_switch_on_eof )
++ if ( ! (yy_did_buffer_switch_on_eof) )
+ YY_NEW_FILE;
+ }
+ break;
+ }
+
+ case EOB_ACT_CONTINUE_SCAN:
+- yy_c_buf_p =
+- yytext_ptr + yy_amount_of_matched_text;
++ (yy_c_buf_p) =
++ (yytext_ptr) + yy_amount_of_matched_text;
+
+- yy_current_state = yy_get_previous_state();
++ yy_current_state = yy_get_previous_state( );
+
+- yy_cp = yy_c_buf_p;
+- yy_bp = yytext_ptr + YY_MORE_ADJ;
++ yy_cp = (yy_c_buf_p);
++ yy_bp = (yytext_ptr) + YY_MORE_ADJ;
+ goto yy_match;
+
+ case EOB_ACT_LAST_MATCH:
+- yy_c_buf_p =
+- &yy_current_buffer->yy_ch_buf[yy_n_chars];
++ (yy_c_buf_p) =
++ &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)];
+
+- yy_current_state = yy_get_previous_state();
++ yy_current_state = yy_get_previous_state( );
+
+- yy_cp = yy_c_buf_p;
+- yy_bp = yytext_ptr + YY_MORE_ADJ;
++ yy_cp = (yy_c_buf_p);
++ yy_bp = (yytext_ptr) + YY_MORE_ADJ;
+ goto yy_find_action;
+ }
+ break;
+@@ -2594,8 +3316,7 @@ ECHO;
+ "fatal flex scanner internal error--no action found" );
+ } /* end of action switch */
+ } /* end of scanning one token */
+- } /* end of yylex */
+-
++} /* end of yylex */
+
+ /* yy_get_next_buffer - try to read in a new buffer
+ *
+@@ -2604,21 +3325,20 @@ ECHO;
+ * EOB_ACT_CONTINUE_SCAN - continue scanning from current position
+ * EOB_ACT_END_OF_FILE - end of file
+ */
+-
+-static int yy_get_next_buffer()
+- {
+- register char *dest = yy_current_buffer->yy_ch_buf;
+- register char *source = yytext_ptr;
++static int yy_get_next_buffer (void)
++{
++ register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf;
++ register char *source = (yytext_ptr);
+ register int number_to_move, i;
+ int ret_val;
+
+- if ( yy_c_buf_p > &yy_current_buffer->yy_ch_buf[yy_n_chars + 1] )
++ if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] )
+ YY_FATAL_ERROR(
+ "fatal flex scanner internal error--end of buffer missed" );
+
+- if ( yy_current_buffer->yy_fill_buffer == 0 )
++ if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 )
+ { /* Don't try to fill the buffer, so this is an EOF. */
+- if ( yy_c_buf_p - yytext_ptr - YY_MORE_ADJ == 1 )
++ if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 )
+ {
+ /* We matched a single character, the EOB, so
+ * treat this as a final EOF.
+@@ -2638,38 +3358,34 @@ static int yy_get_next_buffer()
+ /* Try to read more data. */
+
+ /* First move last chars to start of buffer. */
+- number_to_move = (int) (yy_c_buf_p - yytext_ptr) - 1;
++ number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1;
+
+ for ( i = 0; i < number_to_move; ++i )
+ *(dest++) = *(source++);
+
+- if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_EOF_PENDING )
++ if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING )
+ /* don't do the read, it's not guaranteed to return an EOF,
+ * just force an EOF
+ */
+- yy_current_buffer->yy_n_chars = yy_n_chars = 0;
++ YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0;
+
+ else
+ {
+- int num_to_read =
+- yy_current_buffer->yy_buf_size - number_to_move - 1;
++ yy_size_t num_to_read =
++ YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
+
+ while ( num_to_read <= 0 )
+ { /* Not enough room in the buffer - grow it. */
+-#ifdef YY_USES_REJECT
+- YY_FATAL_ERROR(
+-"input buffer overflow, can't enlarge buffer because scanner uses REJECT" );
+-#else
+
+ /* just a shorter name for the current buffer */
+- YY_BUFFER_STATE b = yy_current_buffer;
++ YY_BUFFER_STATE b = YY_CURRENT_BUFFER_LVALUE;
+
+ int yy_c_buf_p_offset =
+- (int) (yy_c_buf_p - b->yy_ch_buf);
++ (int) ((yy_c_buf_p) - b->yy_ch_buf);
+
+ if ( b->yy_is_our_buffer )
+ {
+- int new_size = b->yy_buf_size * 2;
++ yy_size_t new_size = b->yy_buf_size * 2;
+
+ if ( new_size <= 0 )
+ b->yy_buf_size += b->yy_buf_size / 8;
+@@ -2678,8 +3394,7 @@ static int yy_get_next_buffer()
+
+ b->yy_ch_buf = (char *)
+ /* Include room in for 2 EOB chars. */
+- yy_flex_realloc( (void *) b->yy_ch_buf,
+- b->yy_buf_size + 2 );
++ yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 );
+ }
+ else
+ /* Can't grow it, we don't own it. */
+@@ -2689,35 +3404,35 @@ static int yy_get_next_buffer()
+ YY_FATAL_ERROR(
+ "fatal error - scanner input buffer overflow" );
+
+- yy_c_buf_p = &b->yy_ch_buf[yy_c_buf_p_offset];
++ (yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset];
+
+- num_to_read = yy_current_buffer->yy_buf_size -
++ num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size -
+ number_to_move - 1;
+-#endif
++
+ }
+
+ if ( num_to_read > YY_READ_BUF_SIZE )
+ num_to_read = YY_READ_BUF_SIZE;
+
+ /* Read in more data. */
+- YY_INPUT( (&yy_current_buffer->yy_ch_buf[number_to_move]),
+- yy_n_chars, num_to_read );
++ YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]),
++ (yy_n_chars), num_to_read );
+
+- yy_current_buffer->yy_n_chars = yy_n_chars;
++ YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
+ }
+
+- if ( yy_n_chars == 0 )
++ if ( (yy_n_chars) == 0 )
+ {
+ if ( number_to_move == YY_MORE_ADJ )
+ {
+ ret_val = EOB_ACT_END_OF_FILE;
+- yyrestart( yyin );
++ yyrestart(yyin );
+ }
+
+ else
+ {
+ ret_val = EOB_ACT_LAST_MATCH;
+- yy_current_buffer->yy_buffer_status =
++ YY_CURRENT_BUFFER_LVALUE->yy_buffer_status =
+ YY_BUFFER_EOF_PENDING;
+ }
+ }
+@@ -2725,154 +3440,109 @@ static int yy_get_next_buffer()
+ else
+ ret_val = EOB_ACT_CONTINUE_SCAN;
+
+- yy_n_chars += number_to_move;
+- yy_current_buffer->yy_ch_buf[yy_n_chars] = YY_END_OF_BUFFER_CHAR;
+- yy_current_buffer->yy_ch_buf[yy_n_chars + 1] = YY_END_OF_BUFFER_CHAR;
++ if ((yy_size_t) ((yy_n_chars) + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) {
++ /* Extend the array by 50%, plus the number we really need. */
++ yy_size_t new_size = (yy_n_chars) + number_to_move + ((yy_n_chars) >> 1);
++ YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) yyrealloc((void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf,new_size );
++ if ( ! YY_CURRENT_BUFFER_LVALUE->yy_ch_buf )
++ YY_FATAL_ERROR( "out of dynamic memory in yy_get_next_buffer()" );
++ }
+
+- yytext_ptr = &yy_current_buffer->yy_ch_buf[0];
++ (yy_n_chars) += number_to_move;
++ YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR;
++ YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR;
+
+- return ret_val;
+- }
++ (yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0];
+
++ return ret_val;
++}
+
+ /* yy_get_previous_state - get the state just before the EOB char was reached */
+
+-static yy_state_type yy_get_previous_state()
+- {
++ static yy_state_type yy_get_previous_state (void)
++{
+ register yy_state_type yy_current_state;
+ register char *yy_cp;
+-
+- yy_current_state = yy_start;
++
++ yy_current_state = (yy_start);
+ yy_current_state += YY_AT_BOL();
+
+- for ( yy_cp = yytext_ptr + YY_MORE_ADJ; yy_cp < yy_c_buf_p; ++yy_cp )
++ for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp )
+ {
+ register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1);
+ if ( yy_accept[yy_current_state] )
+ {
+- yy_last_accepting_state = yy_current_state;
+- yy_last_accepting_cpos = yy_cp;
++ (yy_last_accepting_state) = yy_current_state;
++ (yy_last_accepting_cpos) = yy_cp;
+ }
+ while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
+ {
+ yy_current_state = (int) yy_def[yy_current_state];
+- if ( yy_current_state >= 622 )
++ if ( yy_current_state >= 814 )
+ yy_c = yy_meta[(unsigned int) yy_c];
+ }
+ yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
+ }
+
+ return yy_current_state;
+- }
+-
++}
+
+ /* yy_try_NUL_trans - try to make a transition on the NUL character
+ *
+ * synopsis
+ * next_state = yy_try_NUL_trans( current_state );
+ */
+-
+-#ifdef YY_USE_PROTOS
+-static yy_state_type yy_try_NUL_trans( yy_state_type yy_current_state )
+-#else
+-static yy_state_type yy_try_NUL_trans( yy_current_state )
+-yy_state_type yy_current_state;
+-#endif
+- {
++ static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state )
++{
+ register int yy_is_jam;
+- register char *yy_cp = yy_c_buf_p;
++ register char *yy_cp = (yy_c_buf_p);
+
+ register YY_CHAR yy_c = 1;
+ if ( yy_accept[yy_current_state] )
+ {
+- yy_last_accepting_state = yy_current_state;
+- yy_last_accepting_cpos = yy_cp;
++ (yy_last_accepting_state) = yy_current_state;
++ (yy_last_accepting_cpos) = yy_cp;
+ }
+ while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
+ {
+ yy_current_state = (int) yy_def[yy_current_state];
+- if ( yy_current_state >= 622 )
++ if ( yy_current_state >= 814 )
+ yy_c = yy_meta[(unsigned int) yy_c];
+ }
+ yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
+- yy_is_jam = (yy_current_state == 621);
+-
+- return yy_is_jam ? 0 : yy_current_state;
+- }
+-
+-
+-#ifndef YY_NO_UNPUT
+-#ifdef YY_USE_PROTOS
+-static void yyunput( int c, register char *yy_bp )
+-#else
+-static void yyunput( c, yy_bp )
+-int c;
+-register char *yy_bp;
+-#endif
+- {
+- register char *yy_cp = yy_c_buf_p;
+-
+- /* undo effects of setting up yytext */
+- *yy_cp = yy_hold_char;
+-
+- if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 )
+- { /* need to shift things up to make room */
+- /* +2 for EOB chars. */
+- register int number_to_move = yy_n_chars + 2;
+- register char *dest = &yy_current_buffer->yy_ch_buf[
+- yy_current_buffer->yy_buf_size + 2];
+- register char *source =
+- &yy_current_buffer->yy_ch_buf[number_to_move];
+-
+- while ( source > yy_current_buffer->yy_ch_buf )
+- *--dest = *--source;
+-
+- yy_cp += (int) (dest - source);
+- yy_bp += (int) (dest - source);
+- yy_current_buffer->yy_n_chars =
+- yy_n_chars = yy_current_buffer->yy_buf_size;
+-
+- if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 )
+- YY_FATAL_ERROR( "flex scanner push-back overflow" );
+- }
+-
+- *--yy_cp = (char) c;
+-
+-
+- yytext_ptr = yy_bp;
+- yy_hold_char = *yy_cp;
+- yy_c_buf_p = yy_cp;
+- }
+-#endif /* ifndef YY_NO_UNPUT */
++ yy_is_jam = (yy_current_state == 813);
+
++ return yy_is_jam ? 0 : yy_current_state;
++}
+
+ #ifndef YY_NO_INPUT
+ #ifdef __cplusplus
+-static int yyinput()
++ static int yyinput (void)
+ #else
+-static int input()
++ static int input (void)
+ #endif
+- {
+- int c;
+
+- *yy_c_buf_p = yy_hold_char;
++{
++ int c;
++
++ *(yy_c_buf_p) = (yy_hold_char);
+
+- if ( *yy_c_buf_p == YY_END_OF_BUFFER_CHAR )
++ if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR )
+ {
+ /* yy_c_buf_p now points to the character we want to return.
+ * If this occurs *before* the EOB characters, then it's a
+ * valid NUL; if not, then we've hit the end of the buffer.
+ */
+- if ( yy_c_buf_p < &yy_current_buffer->yy_ch_buf[yy_n_chars] )
++ if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
+ /* This was really a NUL. */
+- *yy_c_buf_p = '\0';
++ *(yy_c_buf_p) = '\0';
+
+ else
+ { /* need more input */
+- int offset = yy_c_buf_p - yytext_ptr;
+- ++yy_c_buf_p;
++ yy_size_t offset = (yy_c_buf_p) - (yytext_ptr);
++ ++(yy_c_buf_p);
+
+- switch ( yy_get_next_buffer() )
++ switch ( yy_get_next_buffer( ) )
+ {
+ case EOB_ACT_LAST_MATCH:
+ /* This happens because yy_g_n_b()
+@@ -2886,16 +3556,16 @@ static int input()
+ */
+
+ /* Reset buffer status. */
+- yyrestart( yyin );
++ yyrestart(yyin );
+
+- /* fall through */
++ /*FALLTHROUGH*/
+
+ case EOB_ACT_END_OF_FILE:
+ {
+- if ( yywrap() )
++ if ( yywrap( ) )
+ return EOF;
+
+- if ( ! yy_did_buffer_switch_on_eof )
++ if ( ! (yy_did_buffer_switch_on_eof) )
+ YY_NEW_FILE;
+ #ifdef __cplusplus
+ return yyinput();
+@@ -2905,92 +3575,94 @@ static int input()
+ }
+
+ case EOB_ACT_CONTINUE_SCAN:
+- yy_c_buf_p = yytext_ptr + offset;
++ (yy_c_buf_p) = (yytext_ptr) + offset;
+ break;
+ }
+ }
+ }
+
+- c = *(unsigned char *) yy_c_buf_p; /* cast for 8-bit char's */
+- *yy_c_buf_p = '\0'; /* preserve yytext */
+- yy_hold_char = *++yy_c_buf_p;
++ c = *(unsigned char *) (yy_c_buf_p); /* cast for 8-bit char's */
++ *(yy_c_buf_p) = '\0'; /* preserve yytext */
++ (yy_hold_char) = *++(yy_c_buf_p);
+
+- yy_current_buffer->yy_at_bol = (c == '\n');
++ YY_CURRENT_BUFFER_LVALUE->yy_at_bol = (c == '\n');
+
+ return c;
+- }
++}
+ #endif /* ifndef YY_NO_INPUT */
+
+-
+-#ifdef YY_USE_PROTOS
+-void yyrestart( FILE *input_file )
+-#else
+-void yyrestart( input_file )
+-FILE *input_file;
+-#endif
+- {
+- if ( ! yy_current_buffer )
+- yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE );
+-
+- yy_init_buffer( yy_current_buffer, input_file );
+- yy_load_buffer_state();
++/** Immediately switch to a different input stream.
++ * @param input_file A readable stream.
++ *
++ * @note This function does not reset the start condition to @c INITIAL .
++ */
++ void yyrestart (FILE * input_file )
++{
++
++ if ( ! YY_CURRENT_BUFFER ){
++ yyensure_buffer_stack ();
++ YY_CURRENT_BUFFER_LVALUE =
++ yy_create_buffer(yyin,YY_BUF_SIZE );
+ }
+
++ yy_init_buffer(YY_CURRENT_BUFFER,input_file );
++ yy_load_buffer_state( );
++}
+
+-#ifdef YY_USE_PROTOS
+-void yy_switch_to_buffer( YY_BUFFER_STATE new_buffer )
+-#else
+-void yy_switch_to_buffer( new_buffer )
+-YY_BUFFER_STATE new_buffer;
+-#endif
+- {
+- if ( yy_current_buffer == new_buffer )
++/** Switch to a different input buffer.
++ * @param new_buffer The new input buffer.
++ *
++ */
++ void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer )
++{
++
++ /* TODO. We should be able to replace this entire function body
++ * with
++ * yypop_buffer_state();
++ * yypush_buffer_state(new_buffer);
++ */
++ yyensure_buffer_stack ();
++ if ( YY_CURRENT_BUFFER == new_buffer )
+ return;
+
+- if ( yy_current_buffer )
++ if ( YY_CURRENT_BUFFER )
+ {
+ /* Flush out information for old buffer. */
+- *yy_c_buf_p = yy_hold_char;
+- yy_current_buffer->yy_buf_pos = yy_c_buf_p;
+- yy_current_buffer->yy_n_chars = yy_n_chars;
++ *(yy_c_buf_p) = (yy_hold_char);
++ YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
++ YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
+ }
+
+- yy_current_buffer = new_buffer;
+- yy_load_buffer_state();
++ YY_CURRENT_BUFFER_LVALUE = new_buffer;
++ yy_load_buffer_state( );
+
+ /* We don't actually know whether we did this switch during
+ * EOF (yywrap()) processing, but the only time this flag
+ * is looked at is after yywrap() is called, so it's safe
+ * to go ahead and always set it.
+ */
+- yy_did_buffer_switch_on_eof = 1;
+- }
+-
+-
+-#ifdef YY_USE_PROTOS
+-void yy_load_buffer_state( void )
+-#else
+-void yy_load_buffer_state()
+-#endif
+- {
+- yy_n_chars = yy_current_buffer->yy_n_chars;
+- yytext_ptr = yy_c_buf_p = yy_current_buffer->yy_buf_pos;
+- yyin = yy_current_buffer->yy_input_file;
+- yy_hold_char = *yy_c_buf_p;
+- }
++ (yy_did_buffer_switch_on_eof) = 1;
++}
+
++static void yy_load_buffer_state (void)
++{
++ (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
++ (yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos;
++ yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file;
++ (yy_hold_char) = *(yy_c_buf_p);
++}
+
+-#ifdef YY_USE_PROTOS
+-YY_BUFFER_STATE yy_create_buffer( FILE *file, int size )
+-#else
+-YY_BUFFER_STATE yy_create_buffer( file, size )
+-FILE *file;
+-int size;
+-#endif
+- {
++/** Allocate and initialize an input buffer state.
++ * @param file A readable stream.
++ * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE.
++ *
++ * @return the allocated buffer state.
++ */
++ YY_BUFFER_STATE yy_create_buffer (FILE * file, int size )
++{
+ YY_BUFFER_STATE b;
+-
+- b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) );
++
++ b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) );
+ if ( ! b )
+ YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
+
+@@ -2999,83 +3671,71 @@ int size;
+ /* yy_ch_buf has to be 2 characters longer than the size given because
+ * we need to put in 2 end-of-buffer characters.
+ */
+- b->yy_ch_buf = (char *) yy_flex_alloc( b->yy_buf_size + 2 );
++ b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2 );
+ if ( ! b->yy_ch_buf )
+ YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
+
+ b->yy_is_our_buffer = 1;
+
+- yy_init_buffer( b, file );
++ yy_init_buffer(b,file );
+
+ return b;
+- }
+-
++}
+
+-#ifdef YY_USE_PROTOS
+-void yy_delete_buffer( YY_BUFFER_STATE b )
+-#else
+-void yy_delete_buffer( b )
+-YY_BUFFER_STATE b;
+-#endif
+- {
++/** Destroy the buffer.
++ * @param b a buffer created with yy_create_buffer()
++ *
++ */
++ void yy_delete_buffer (YY_BUFFER_STATE b )
++{
++
+ if ( ! b )
+ return;
+
+- if ( b == yy_current_buffer )
+- yy_current_buffer = (YY_BUFFER_STATE) 0;
++ if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */
++ YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0;
+
+ if ( b->yy_is_our_buffer )
+- yy_flex_free( (void *) b->yy_ch_buf );
+-
+- yy_flex_free( (void *) b );
+- }
+-
++ yyfree((void *) b->yy_ch_buf );
+
+-#ifndef YY_ALWAYS_INTERACTIVE
+-#ifndef YY_NEVER_INTERACTIVE
+-#include <unistd.h>
+-#endif
+-#endif
+-
+-#ifdef YY_USE_PROTOS
+-void yy_init_buffer( YY_BUFFER_STATE b, FILE *file )
+-#else
+-void yy_init_buffer( b, file )
+-YY_BUFFER_STATE b;
+-FILE *file;
+-#endif
++ yyfree((void *) b );
++}
+
++/* Initializes or reinitializes a buffer.
++ * This function is sometimes called more than once on the same buffer,
++ * such as during a yyrestart() or at EOF.
++ */
++ static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file )
+
+- {
++{
+ int oerrno = errno;
+-
+- yy_flush_buffer( b );
++
++ yy_flush_buffer(b );
+
+ b->yy_input_file = file;
+ b->yy_fill_buffer = 1;
+
+-#if defined(YY_ALWAYS_INTERACTIVE) && YY_ALWAYS_INTERACTIVE
+- b->yy_is_interactive = 1;
+-#else
+-#if defined(YY_NEVER_INTERACTIVE) && YY_NEVER_INTERACTIVE
+- b->yy_is_interactive = 0;
+-#else
+- b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0;
+-#endif
+-#endif
+- errno = oerrno;
+- }
+-
++ /* If b is the current buffer, then yy_init_buffer was _probably_
++ * called from yyrestart() or through yy_get_next_buffer.
++ * In that case, we don't want to reset the lineno or column.
++ */
++ if (b != YY_CURRENT_BUFFER){
++ b->yy_bs_lineno = 1;
++ b->yy_bs_column = 0;
++ }
+
+-#ifdef YY_USE_PROTOS
+-void yy_flush_buffer( YY_BUFFER_STATE b )
+-#else
+-void yy_flush_buffer( b )
+-YY_BUFFER_STATE b;
+-#endif
++ b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0;
++
++ errno = oerrno;
++}
+
+- {
+- if ( ! b )
++/** Discard all buffered characters. On the next scan, YY_INPUT will be called.
++ * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER.
++ *
++ */
++ void yy_flush_buffer (YY_BUFFER_STATE b )
++{
++ if ( ! b )
+ return;
+
+ b->yy_n_chars = 0;
+@@ -3092,29 +3752,125 @@ YY_BUFFER_STATE b;
+ b->yy_at_bol = 1;
+ b->yy_buffer_status = YY_BUFFER_NEW;
+
+- if ( b == yy_current_buffer )
+- yy_load_buffer_state();
++ if ( b == YY_CURRENT_BUFFER )
++ yy_load_buffer_state( );
++}
++
++/** Pushes the new state onto the stack. The new state becomes
++ * the current state. This function will allocate the stack
++ * if necessary.
++ * @param new_buffer The new state.
++ *
++ */
++void yypush_buffer_state (YY_BUFFER_STATE new_buffer )
++{
++ if (new_buffer == NULL)
++ return;
++
++ yyensure_buffer_stack();
++
++ /* This block is copied from yy_switch_to_buffer. */
++ if ( YY_CURRENT_BUFFER )
++ {
++ /* Flush out information for old buffer. */
++ *(yy_c_buf_p) = (yy_hold_char);
++ YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
++ YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
++ }
++
++ /* Only push if top exists. Otherwise, replace top. */
++ if (YY_CURRENT_BUFFER)
++ (yy_buffer_stack_top)++;
++ YY_CURRENT_BUFFER_LVALUE = new_buffer;
++
++ /* copied from yy_switch_to_buffer. */
++ yy_load_buffer_state( );
++ (yy_did_buffer_switch_on_eof) = 1;
++}
++
++/** Removes and deletes the top of the stack, if present.
++ * The next element becomes the new top.
++ *
++ */
++void yypop_buffer_state (void)
++{
++ if (!YY_CURRENT_BUFFER)
++ return;
++
++ yy_delete_buffer(YY_CURRENT_BUFFER );
++ YY_CURRENT_BUFFER_LVALUE = NULL;
++ if ((yy_buffer_stack_top) > 0)
++ --(yy_buffer_stack_top);
++
++ if (YY_CURRENT_BUFFER) {
++ yy_load_buffer_state( );
++ (yy_did_buffer_switch_on_eof) = 1;
+ }
++}
+
++/* Allocates the stack if it does not exist.
++ * Guarantees space for at least one push.
++ */
++static void yyensure_buffer_stack (void)
++{
++ yy_size_t num_to_alloc;
++
++ if (!(yy_buffer_stack)) {
++
++ /* First allocation is just for 2 elements, since we don't know if this
++ * scanner will even need a stack. We use 2 instead of 1 to avoid an
++ * immediate realloc on the next call.
++ */
++ num_to_alloc = 1;
++ (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc
++ (num_to_alloc * sizeof(struct yy_buffer_state*)
++ );
++ if ( ! (yy_buffer_stack) )
++ YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" );
++
++ memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*));
++
++ (yy_buffer_stack_max) = num_to_alloc;
++ (yy_buffer_stack_top) = 0;
++ return;
++ }
+
+-#ifndef YY_NO_SCAN_BUFFER
+-#ifdef YY_USE_PROTOS
+-YY_BUFFER_STATE yy_scan_buffer( char *base, yy_size_t size )
+-#else
+-YY_BUFFER_STATE yy_scan_buffer( base, size )
+-char *base;
+-yy_size_t size;
+-#endif
+- {
+- YY_BUFFER_STATE b;
++ if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){
+
++ /* Increase the buffer to prepare for a possible push. */
++ int grow_size = 8 /* arbitrary grow size */;
++
++ num_to_alloc = (yy_buffer_stack_max) + grow_size;
++ (yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc
++ ((yy_buffer_stack),
++ num_to_alloc * sizeof(struct yy_buffer_state*)
++ );
++ if ( ! (yy_buffer_stack) )
++ YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" );
++
++ /* zero only the new slots.*/
++ memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*));
++ (yy_buffer_stack_max) = num_to_alloc;
++ }
++}
++
++/** Setup the input buffer state to scan directly from a user-specified character buffer.
++ * @param base the character buffer
++ * @param size the size in bytes of the character buffer
++ *
++ * @return the newly allocated buffer state object.
++ */
++YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size )
++{
++ YY_BUFFER_STATE b;
++
+ if ( size < 2 ||
+ base[size-2] != YY_END_OF_BUFFER_CHAR ||
+ base[size-1] != YY_END_OF_BUFFER_CHAR )
+ /* They forgot to leave room for the EOB's. */
+ return 0;
+
+- b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) );
++ b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) );
+ if ( ! b )
+ YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" );
+
+@@ -3128,56 +3884,51 @@ yy_size_t size;
+ b->yy_fill_buffer = 0;
+ b->yy_buffer_status = YY_BUFFER_NEW;
+
+- yy_switch_to_buffer( b );
++ yy_switch_to_buffer(b );
+
+ return b;
+- }
+-#endif
+-
+-
+-#ifndef YY_NO_SCAN_STRING
+-#ifdef YY_USE_PROTOS
+-YY_BUFFER_STATE yy_scan_string( yyconst char *yy_str )
+-#else
+-YY_BUFFER_STATE yy_scan_string( yy_str )
+-yyconst char *yy_str;
+-#endif
+- {
+- int len;
+- for ( len = 0; yy_str[len]; ++len )
+- ;
+-
+- return yy_scan_bytes( yy_str, len );
+- }
+-#endif
++}
+
++/** Setup the input buffer state to scan a string. The next call to yylex() will
++ * scan from a @e copy of @a str.
++ * @param yystr a NUL-terminated string to scan
++ *
++ * @return the newly allocated buffer state object.
++ * @note If you want to scan bytes that may contain NUL values, then use
++ * yy_scan_bytes() instead.
++ */
++YY_BUFFER_STATE yy_scan_string (yyconst char * yystr )
++{
++
++ return yy_scan_bytes(yystr,strlen(yystr) );
++}
+
+-#ifndef YY_NO_SCAN_BYTES
+-#ifdef YY_USE_PROTOS
+-YY_BUFFER_STATE yy_scan_bytes( yyconst char *bytes, int len )
+-#else
+-YY_BUFFER_STATE yy_scan_bytes( bytes, len )
+-yyconst char *bytes;
+-int len;
+-#endif
+- {
++/** Setup the input buffer state to scan the given bytes. The next call to yylex() will
++ * scan from a @e copy of @a bytes.
++ * @param yybytes the byte buffer to scan
++ * @param _yybytes_len the number of bytes in the buffer pointed to by @a bytes.
++ *
++ * @return the newly allocated buffer state object.
++ */
++YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, yy_size_t _yybytes_len )
++{
+ YY_BUFFER_STATE b;
+ char *buf;
+ yy_size_t n;
+- int i;
+-
++ yy_size_t i;
++
+ /* Get memory for full buffer, including space for trailing EOB's. */
+- n = len + 2;
+- buf = (char *) yy_flex_alloc( n );
++ n = _yybytes_len + 2;
++ buf = (char *) yyalloc(n );
+ if ( ! buf )
+ YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" );
+
+- for ( i = 0; i < len; ++i )
+- buf[i] = bytes[i];
++ for ( i = 0; i < _yybytes_len; ++i )
++ buf[i] = yybytes[i];
+
+- buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR;
++ buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR;
+
+- b = yy_scan_buffer( buf, n );
++ b = yy_scan_buffer(buf,n );
+ if ( ! b )
+ YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" );
+
+@@ -3187,148 +3938,196 @@ int len;
+ b->yy_is_our_buffer = 1;
+
+ return b;
+- }
++}
++
++#ifndef YY_EXIT_FAILURE
++#define YY_EXIT_FAILURE 2
+ #endif
+
++static void yy_fatal_error (yyconst char* msg )
++{
++ (void) fprintf( stderr, "%s\n", msg );
++ exit( YY_EXIT_FAILURE );
++}
+
+-#ifndef YY_NO_PUSH_STATE
+-#ifdef YY_USE_PROTOS
+-static void yy_push_state( int new_state )
+-#else
+-static void yy_push_state( new_state )
+-int new_state;
+-#endif
+- {
+- if ( yy_start_stack_ptr >= yy_start_stack_depth )
+- {
+- yy_size_t new_size;
++/* Redefine yyless() so it works in section 3 code. */
+
+- yy_start_stack_depth += YY_START_STACK_INCR;
+- new_size = yy_start_stack_depth * sizeof( int );
++#undef yyless
++#define yyless(n) \
++ do \
++ { \
++ /* Undo effects of setting up yytext. */ \
++ int yyless_macro_arg = (n); \
++ YY_LESS_LINENO(yyless_macro_arg);\
++ yytext[yyleng] = (yy_hold_char); \
++ (yy_c_buf_p) = yytext + yyless_macro_arg; \
++ (yy_hold_char) = *(yy_c_buf_p); \
++ *(yy_c_buf_p) = '\0'; \
++ yyleng = yyless_macro_arg; \
++ } \
++ while ( 0 )
+
+- if ( ! yy_start_stack )
+- yy_start_stack = (int *) yy_flex_alloc( new_size );
++/* Accessor methods (get/set functions) to struct members. */
+
+- else
+- yy_start_stack = (int *) yy_flex_realloc(
+- (void *) yy_start_stack, new_size );
++/** Get the current line number.
++ *
++ */
++int yyget_lineno (void)
++{
++
++ return yylineno;
++}
+
+- if ( ! yy_start_stack )
+- YY_FATAL_ERROR(
+- "out of memory expanding start-condition stack" );
+- }
++/** Get the input stream.
++ *
++ */
++FILE *yyget_in (void)
++{
++ return yyin;
++}
+
+- yy_start_stack[yy_start_stack_ptr++] = YY_START;
++/** Get the output stream.
++ *
++ */
++FILE *yyget_out (void)
++{
++ return yyout;
++}
+
+- BEGIN(new_state);
+- }
+-#endif
++/** Get the length of the current token.
++ *
++ */
++yy_size_t yyget_leng (void)
++{
++ return yyleng;
++}
+
++/** Get the current token.
++ *
++ */
+
+-#ifndef YY_NO_POP_STATE
+-static void yy_pop_state()
+- {
+- if ( --yy_start_stack_ptr < 0 )
+- YY_FATAL_ERROR( "start-condition stack underflow" );
++char *yyget_text (void)
++{
++ return yytext;
++}
+
+- BEGIN(yy_start_stack[yy_start_stack_ptr]);
+- }
+-#endif
++/** Set the current line number.
++ * @param line_number
++ *
++ */
++void yyset_lineno (int line_number )
++{
++
++ yylineno = line_number;
++}
+
++/** Set the input stream. This does not discard the current
++ * input buffer.
++ * @param in_str A readable stream.
++ *
++ * @see yy_switch_to_buffer
++ */
++void yyset_in (FILE * in_str )
++{
++ yyin = in_str ;
++}
+
+-#ifndef YY_NO_TOP_STATE
+-static int yy_top_state()
+- {
+- return yy_start_stack[yy_start_stack_ptr - 1];
+- }
+-#endif
++void yyset_out (FILE * out_str )
++{
++ yyout = out_str ;
++}
+
+-#ifndef YY_EXIT_FAILURE
+-#define YY_EXIT_FAILURE 2
+-#endif
++int yyget_debug (void)
++{
++ return yy_flex_debug;
++}
++
++void yyset_debug (int bdebug )
++{
++ yy_flex_debug = bdebug ;
++}
+
+-#ifdef YY_USE_PROTOS
+-static void yy_fatal_error( yyconst char msg[] )
++static int yy_init_globals (void)
++{
++ /* Initialization is the same as for the non-reentrant scanner.
++ * This function is called from yylex_destroy(), so don't allocate here.
++ */
++
++ (yy_buffer_stack) = 0;
++ (yy_buffer_stack_top) = 0;
++ (yy_buffer_stack_max) = 0;
++ (yy_c_buf_p) = (char *) 0;
++ (yy_init) = 0;
++ (yy_start) = 0;
++
++/* Defined in main.c */
++#ifdef YY_STDINIT
++ yyin = stdin;
++ yyout = stdout;
+ #else
+-static void yy_fatal_error( msg )
+-char msg[];
++ yyin = (FILE *) 0;
++ yyout = (FILE *) 0;
+ #endif
+- {
+- (void) fprintf( stderr, "%s\n", msg );
+- exit( YY_EXIT_FAILURE );
+- }
+
++ /* For future reference: Set errno on error, since we are called by
++ * yylex_init()
++ */
++ return 0;
++}
+
++/* yylex_destroy is for both reentrant and non-reentrant scanners. */
++int yylex_destroy (void)
++{
++
++ /* Pop the buffer stack, destroying each element. */
++ while(YY_CURRENT_BUFFER){
++ yy_delete_buffer(YY_CURRENT_BUFFER );
++ YY_CURRENT_BUFFER_LVALUE = NULL;
++ yypop_buffer_state();
++ }
++
++ /* Destroy the stack itself. */
++ yyfree((yy_buffer_stack) );
++ (yy_buffer_stack) = NULL;
++
++ /* Reset the globals. This is important in a non-reentrant scanner so the next time
++ * yylex() is called, initialization will occur. */
++ yy_init_globals( );
+
+-/* Redefine yyless() so it works in section 3 code. */
+-
+-#undef yyless
+-#define yyless(n) \
+- do \
+- { \
+- /* Undo effects of setting up yytext. */ \
+- yytext[yyleng] = yy_hold_char; \
+- yy_c_buf_p = yytext + n; \
+- yy_hold_char = *yy_c_buf_p; \
+- *yy_c_buf_p = '\0'; \
+- yyleng = n; \
+- } \
+- while ( 0 )
+-
++ return 0;
++}
+
+-/* Internal utility routines. */
++/*
++ * Internal utility routines.
++ */
+
+ #ifndef yytext_ptr
+-#ifdef YY_USE_PROTOS
+-static void yy_flex_strncpy( char *s1, yyconst char *s2, int n )
+-#else
+-static void yy_flex_strncpy( s1, s2, n )
+-char *s1;
+-yyconst char *s2;
+-int n;
+-#endif
+- {
++static void yy_flex_strncpy (char* s1, yyconst char * s2, int n )
++{
+ register int i;
+ for ( i = 0; i < n; ++i )
+ s1[i] = s2[i];
+- }
++}
+ #endif
+
+ #ifdef YY_NEED_STRLEN
+-#ifdef YY_USE_PROTOS
+-static int yy_flex_strlen( yyconst char *s )
+-#else
+-static int yy_flex_strlen( s )
+-yyconst char *s;
+-#endif
+- {
++static int yy_flex_strlen (yyconst char * s )
++{
+ register int n;
+ for ( n = 0; s[n]; ++n )
+ ;
+
+ return n;
+- }
++}
+ #endif
+
+-
+-#ifdef YY_USE_PROTOS
+-static void *yy_flex_alloc( yy_size_t size )
+-#else
+-static void *yy_flex_alloc( size )
+-yy_size_t size;
+-#endif
+- {
++void *yyalloc (yy_size_t size )
++{
+ return (void *) malloc( size );
+- }
++}
+
+-#ifdef YY_USE_PROTOS
+-static void *yy_flex_realloc( void *ptr, yy_size_t size )
+-#else
+-static void *yy_flex_realloc( ptr, size )
+-void *ptr;
+-yy_size_t size;
+-#endif
+- {
++void *yyrealloc (void * ptr, yy_size_t size )
++{
+ /* The cast to (char *) in the following accommodates both
+ * implementations that use char* generic pointers, and those
+ * that use void* generic pointers. It works with the latter
+@@ -3337,26 +4136,17 @@ yy_size_t size;
+ * as though doing an assignment.
+ */
+ return (void *) realloc( (char *) ptr, size );
+- }
++}
+
+-#ifdef YY_USE_PROTOS
+-static void yy_flex_free( void *ptr )
+-#else
+-static void yy_flex_free( ptr )
+-void *ptr;
+-#endif
+- {
+- free( ptr );
+- }
++void yyfree (void * ptr )
++{
++ free( (char *) ptr ); /* see yyrealloc() for (char *) cast */
++}
++
++#define YYTABLES_NAME "yytables"
++
++#line 720 "toke.l"
+
+-#if defined(YY_MAIN) && YY_MAIN
+-int main()
+- {
+- yylex();
+- return 0;
+- }
+-#endif
+-#line 654 "toke.l"
+
+ struct path_list {
+ char *path;
+@@ -3598,7 +4388,7 @@ _push_include(char *path, bool isdir)
+ idepth++;
+ sudolineno = 1;
+ sudoers = path;
+- yy_switch_to_buffer(yy_create_buffer(fp, YY_BUF_SIZE));
++ yy_switch_to_buffer(yy_create_buffer(fp,YY_BUF_SIZE));
+
+ debug_return_bool(true);
+ }
+@@ -3624,7 +4414,7 @@ pop_include(void)
+ efree(sudoers);
+ sudoers = pl->path;
+ sudolineno = 1;
+- yy_switch_to_buffer(yy_create_buffer(fp, YY_BUF_SIZE));
++ yy_switch_to_buffer(yy_create_buffer(fp,YY_BUF_SIZE));
+ efree(pl);
+ break;
+ }
+@@ -3740,3 +4530,4 @@ sudoers_trace_print(const char *msg)
+ return 0;
+ }
+ #endif /* TRACELEXER */
++
+diff -up sudo-1.8.6p7/plugins/sudoers/toke.l.digest-backport sudo-1.8.6p7/plugins/sudoers/toke.l
+--- sudo-1.8.6p7/plugins/sudoers/toke.l.digest-backport 2015-07-06 11:42:33.115904997 +0200
++++ sudo-1.8.6p7/plugins/sudoers/toke.l 2015-07-06 11:42:33.135904696 +0200
+@@ -72,6 +72,7 @@
+ #include "toke.h"
+ #include <gram.h>
+ #include "lbuf.h"
++#include "filedigest.h"
+ #include "secure_path.h"
+
+ extern YYSTYPE yylval;
+@@ -89,6 +90,7 @@ gid_t sudoers_gid = SUDOERS_GID;
+
+ static bool continued, sawspace;
+ static int prev_state;
++static int digest_len;
+
+ static bool _push_include(char *, bool);
+ static bool pop_include(void);
+@@ -128,6 +130,7 @@ DEFVAR [a-z_]+
+ %x STARTDEFS
+ %x INDEFS
+ %x INSTR
++%s WANTDIGEST
+
+ %%
+ <GOTDEFS>[[:blank:]]*,[[:blank:]]* {
+@@ -265,6 +268,40 @@ DEFVAR [a-z_]+
+ } /* a command line arg */
+ }
+
++<WANTDIGEST>[[:xdigit:]]+ {
++ /* Only return DIGEST if the length is correct. */
++ if (yyleng == digest_len * 2) {
++ if (!fill(yytext, yyleng))
++ yyterminate();
++ BEGIN INITIAL;
++ LEXTRACE("DIGEST ");
++ LEXRETURN(DIGEST);
++ }
++ BEGIN INITIAL;
++ yyless(yyleng);
++ } /* hex digest */
++
++<WANTDIGEST>[A-Za-z0-9\+/=]+ {
++ /* Only return DIGEST if the length is correct. */
++ size_t len;
++ if (yytext[yyleng - 1] == '=') {
++ /* use padding */
++ len = 4 * ((digest_len + 2) / 3);
++ } else {
++ /* no padding */
++ len = (4 * digest_len + 2) / 3;
++ }
++ if (yyleng == len) {
++ if (!fill(yytext, yyleng))
++ yyterminate();
++ BEGIN INITIAL;
++ LEXTRACE("DIGEST ");
++ LEXRETURN(DIGEST);
++ }
++ BEGIN INITIAL;
++ yyless(yyleng);
++ } /* base64 digest */
++
+ <INITIAL>^#include[[:blank:]]+.*\n {
+ char *path;
+
+@@ -530,6 +567,7 @@ ALL {
+ }
+
+ <GOTDEFS>({PATH}|sudoedit) {
++ /* XXX - no way to specify digest for command */
+ /* no command args allowed for Defaults!/path */
+ if (!fill_cmnd(yytext, yyleng))
+ yyterminate();
+@@ -537,6 +575,34 @@ ALL {
+ LEXRETURN(COMMAND);
+ }
+
++sha224 {
++ digest_len = SUDO_SHA224_DIGEST_LENGTH;
++ BEGIN WANTDIGEST;
++ LEXTRACE("SHA224 ");
++ LEXRETURN(SHA224);
++ }
++
++sha256 {
++ digest_len = SUDO_SHA256_DIGEST_LENGTH;
++ BEGIN WANTDIGEST;
++ LEXTRACE("SHA256 ");
++ LEXRETURN(SHA256);
++ }
++
++sha384 {
++ digest_len = SUDO_SHA384_DIGEST_LENGTH;
++ BEGIN WANTDIGEST;
++ LEXTRACE("SHA384 ");
++ LEXRETURN(SHA384);
++ }
++
++sha512 {
++ digest_len = SUDO_SHA512_DIGEST_LENGTH;
++ BEGIN WANTDIGEST;
++ LEXTRACE("SHA512 ");
++ LEXRETURN(SHA512);
++ }
++
+ sudoedit {
+ BEGIN GOTCMND;
+ LEXTRACE("COMMAND ");
+diff -up sudo-1.8.6p7/plugins/sudoers/toke_util.c.digest-backport sudo-1.8.6p7/plugins/sudoers/toke_util.c
+--- sudo-1.8.6p7/plugins/sudoers/toke_util.c.digest-backport 2013-02-25 20:42:45.000000000 +0100
++++ sudo-1.8.6p7/plugins/sudoers/toke_util.c 2015-07-06 11:42:33.135904696 +0200
+@@ -57,51 +57,6 @@
+ static int arg_len = 0;
+ static int arg_size = 0;
+
+-static int
+-hexchar(const char *s)
+-{
+- int i, result = 0;
+- debug_decl(hexchar, SUDO_DEBUG_PARSER)
+-
+- s += 2; /* skip \\x */
+- for (i = 0; i < 2; i++) {
+- switch (*s) {
+- case 'A':
+- case 'a':
+- result += 10;
+- break;
+- case 'B':
+- case 'b':
+- result += 11;
+- break;
+- case 'C':
+- case 'c':
+- result += 12;
+- break;
+- case 'D':
+- case 'd':
+- result += 13;
+- break;
+- case 'E':
+- case 'e':
+- result += 14;
+- break;
+- case 'F':
+- case 'f':
+- result += 15;
+- break;
+- default:
+- result += *s - '0';
+- break;
+- }
+- if (i == 0) {
+- result *= 16;
+- s++;
+- }
+- }
+- debug_return_int(result);
+-}
+-
+ bool
+ fill_txt(const char *src, int len, int olen)
+ {
+@@ -122,7 +77,7 @@ fill_txt(const char *src, int len, int o
+ if (src[1] == 'x' && len >= 3 &&
+ isxdigit((unsigned char) src[2]) &&
+ isxdigit((unsigned char) src[3])) {
+- *dst++ = hexchar(src);
++ *dst++ = hexchar(src + 2);
+ src += 4;
+ len -= 3;
+ } else {
diff --git a/SOURCES/sudo-1.8.6p7-digestmessagesfix.patch b/SOURCES/sudo-1.8.6p7-digestmessagesfix.patch
new file mode 100644
index 0000000..929d526
--- /dev/null
+++ b/SOURCES/sudo-1.8.6p7-digestmessagesfix.patch
@@ -0,0 +1,43 @@
+diff -up sudo-1.8.6p7/plugins/sudoers/match.c.digestmessagesfix sudo-1.8.6p7/plugins/sudoers/match.c
+--- sudo-1.8.6p7/plugins/sudoers/match.c.digestmessagesfix 2015-09-01 15:33:27.493054381 +0200
++++ sudo-1.8.6p7/plugins/sudoers/match.c 2015-09-01 15:33:31.327054279 +0200
+@@ -566,6 +566,21 @@ base64_decode(const char *in, unsigned c
+ return io;
+ }
+
++static const char *digesttype2str(int digest_type)
++{
++ switch(digest_type) {
++ case SUDO_DIGEST_SHA224:
++ return "SHA224";
++ case SUDO_DIGEST_SHA256:
++ return "SHA256";
++ case SUDO_DIGEST_SHA384:
++ return "SHA384";
++ case SUDO_DIGEST_SHA512:
++ return "SHA512";
++ }
++ return "<INVALID>";
++}
++
+ static bool
+ digest_matches(char *file, struct sudo_digest *sd)
+ {
+@@ -597,7 +612,7 @@ digest_matches(char *file, struct sudo_d
+ if (!isxdigit((unsigned char)sd->digest_str[i + i]) ||
+ !isxdigit((unsigned char)sd->digest_str[i + i + 1])) {
+ warningx(_("digest for %s (%s) is not in %s form"), file,
+- sd->digest_str, sd->digest_str);
++ sd->digest_str, digesttype2str(sd->digest_type));
+ goto bad_format;
+ }
+ sudoers_digest[i] = hexchar(&sd->digest_str[i + i]);
+@@ -619,7 +634,7 @@ digest_matches(char *file, struct sudo_d
+ debug_return_bool(match);
+ bad_format:
+ warningx(_("digest for %s (%s) is not in %s form"), file,
+- sd->digest_str, sd->digest_str);
++ sd->digest_str, digesttype2str(sd->digest_type));
+ if (sudoers_digest)
+ efree(sudoers_digest);
+ if (file_digest)
diff --git a/SOURCES/sudo-1.8.6p7-ldapsearchuidfix.patch b/SOURCES/sudo-1.8.6p7-ldapsearchuidfix.patch
new file mode 100644
index 0000000..5d5e933
--- /dev/null
+++ b/SOURCES/sudo-1.8.6p7-ldapsearchuidfix.patch
@@ -0,0 +1,27 @@
+diff -up sudo-1.8.6p7/plugins/sudoers/ldap.c.ldapsearchuidfix sudo-1.8.6p7/plugins/sudoers/ldap.c
+--- sudo-1.8.6p7/plugins/sudoers/ldap.c.ldapsearchuidfix 2015-07-07 15:02:41.504731613 +0200
++++ sudo-1.8.6p7/plugins/sudoers/ldap.c 2015-07-07 15:07:57.991777302 +0200
+@@ -1211,8 +1211,8 @@ sudo_ldap_build_pass1(struct passwd *pw)
+ if (ldap_conf.search_filter)
+ sz += strlen(ldap_conf.search_filter);
+
+- /* Then add (|(sudoUser=USERNAME)(sudoUser=ALL)) + NUL */
+- sz += 29 + sudo_ldap_value_len(pw->pw_name);
++ /* Then add (|(sudoUser=USERNAME)(sudoUser=#uid)(sudoUser=ALL)) + NUL */
++ sz += 29 + (12 + MAX_UID_T_LEN) + sudo_ldap_value_len(pw->pw_name);
+
+ /* Add space for primary and supplementary groups and gids */
+ if ((grp = sudo_getgrgid(pw->pw_gid)) != NULL) {
+@@ -1253,6 +1253,12 @@ sudo_ldap_build_pass1(struct passwd *pw)
+ (void) sudo_ldap_value_cat(buf, pw->pw_name, sz);
+ (void) strlcat(buf, ")", sz);
+
++ /* Append user uid */
++ (void) snprintf(gidbuf, sizeof(gidbuf), "%u", (unsigned int)pw->pw_uid);
++ (void) strlcat(buf, "(sudoUser=#", sz);
++ (void) strlcat(buf, gidbuf, sz);
++ (void) strlcat(buf, ")", sz);
++
+ /* Append primary group and gid */
+ if (grp != NULL) {
+ (void) strlcat(buf, "(sudoUser=%", sz);
diff --git a/SOURCES/sudo-1.8.6p7-legacy-group-processing.patch b/SOURCES/sudo-1.8.6p7-legacy-group-processing.patch
new file mode 100644
index 0000000..3e018fb
--- /dev/null
+++ b/SOURCES/sudo-1.8.6p7-legacy-group-processing.patch
@@ -0,0 +1,224 @@
+diff -up sudo-1.8.6p7/plugins/sudoers/defaults.c.legacy-group-processing sudo-1.8.6p7/plugins/sudoers/defaults.c
+--- sudo-1.8.6p7/plugins/sudoers/defaults.c.legacy-group-processing 2013-02-25 20:42:44.000000000 +0100
++++ sudo-1.8.6p7/plugins/sudoers/defaults.c 2015-08-28 10:52:13.658671686 +0200
+@@ -362,6 +362,7 @@ init_defaults(void)
+ }
+
+ /* First initialize the flags. */
++ def_legacy_group_processing = true;
+ #ifdef LONG_OTP_PROMPT
+ def_long_otp_prompt = true;
+ #endif
+diff -up sudo-1.8.6p7/plugins/sudoers/def_data.c.legacy-group-processing sudo-1.8.6p7/plugins/sudoers/def_data.c
+--- sudo-1.8.6p7/plugins/sudoers/def_data.c.legacy-group-processing 2015-08-28 10:52:13.604671687 +0200
++++ sudo-1.8.6p7/plugins/sudoers/def_data.c 2015-08-28 10:52:13.658671686 +0200
+@@ -355,6 +355,10 @@ struct sudo_defs_types sudo_defs_table[]
+ N_("Don't fork and wait for the command to finish, just exec it"),
+ NULL,
+ }, {
++ "legacy_group_processing", T_FLAG,
++ N_("Don't pre-resolve all group names"),
++ NULL,
++ }, {
+ NULL, 0, NULL
+ }
+ };
+diff -up sudo-1.8.6p7/plugins/sudoers/def_data.h.legacy-group-processing sudo-1.8.6p7/plugins/sudoers/def_data.h
+--- sudo-1.8.6p7/plugins/sudoers/def_data.h.legacy-group-processing 2015-08-28 10:52:13.604671687 +0200
++++ sudo-1.8.6p7/plugins/sudoers/def_data.h 2015-08-28 10:52:13.658671686 +0200
+@@ -164,6 +164,8 @@
+ #define I_LIMITPRIVS 81
+ #define def_cmnd_no_wait (sudo_defs_table[82].sd_un.flag)
+ #define I_CMND_NO_WAIT 82
++#define def_legacy_group_processing (sudo_defs_table[83].sd_un.flag)
++#define I_LEGACY_GROUP_PROCESSING 83
+
+ enum def_tuple {
+ never,
+diff -up sudo-1.8.6p7/plugins/sudoers/ldap.c.legacy-group-processing sudo-1.8.6p7/plugins/sudoers/ldap.c
+--- sudo-1.8.6p7/plugins/sudoers/ldap.c.legacy-group-processing 2015-08-28 10:52:13.656671686 +0200
++++ sudo-1.8.6p7/plugins/sudoers/ldap.c 2015-08-28 10:52:13.659671686 +0200
+@@ -1220,6 +1220,15 @@ sudo_ldap_build_pass1(struct passwd *pw)
+ }
+ sz += 13 + MAX_UID_T_LEN;
+ if ((grlist = sudo_get_grlist(pw)) != NULL) {
++ if (!grlist->groups_resolved) {
++ int rc = sudo_resolve_gids(grlist->gids, grlist->ngids,
++ grlist->groups, grlist->groups_buffer);
++ if (rc < 0) {
++ return NULL;
++ }
++ grlist->ngroups = rc;
++ grlist->groups_resolved = true;
++ }
+ for (i = 0; i < grlist->ngroups; i++) {
+ if (grp != NULL && strcasecmp(grlist->groups[i], grp->gr_name) == 0)
+ continue;
+diff -up sudo-1.8.6p7/plugins/sudoers/pwutil.c.legacy-group-processing sudo-1.8.6p7/plugins/sudoers/pwutil.c
+--- sudo-1.8.6p7/plugins/sudoers/pwutil.c.legacy-group-processing 2015-08-28 10:52:13.633671686 +0200
++++ sudo-1.8.6p7/plugins/sudoers/pwutil.c 2015-08-28 10:52:13.659671686 +0200
+@@ -542,10 +542,9 @@ static struct cache_item *
+ make_grlist_item(const char *user, GETGROUPS_T *gids, int ngids)
+ {
+ char *cp;
+- size_t i, nsize, ngroups, total, len;
++ size_t i, nsize, total;
+ struct cache_item_grlist *grlitem;
+ struct group_list *grlist;
+- struct group *grp;
+ debug_decl(make_grlist_item, SUDO_DEBUG_NSS)
+
+ #ifdef HAVE_SETAUTHDB
+@@ -559,7 +558,6 @@ make_grlist_item(const char *user, GETGR
+ total += sizeof(gid_t *) * ngids;
+ total += GROUPNAME_LEN * ngids;
+
+-again:
+ grlitem = ecalloc(1, total);
+
+ /*
+@@ -587,27 +585,26 @@ again:
+ for (i = 0; i < ngids; i++)
+ grlist->gids[i] = gids[i];
+ grlist->ngids = ngids;
++ grlist->groups_buffer = cp;
+
+ /*
+- * Resolve and store group names by ID.
++ * Resolve and store group names by ID if legacy_group_processing is off.
+ */
+- ngroups = 0;
+- for (i = 0; i < ngids; i++) {
+- if ((grp = sudo_getgrgid(gids[i])) != NULL) {
+- len = strlen(grp->gr_name) + 1;
+- if (cp - (char *)grlitem + len > total) {
+- total += len + GROUPNAME_LEN;
+- efree(grlitem);
+- sudo_gr_delref(grp);
+- goto again;
+- }
+- memcpy(cp, grp->gr_name, len);
+- grlist->groups[ngroups++] = cp;
+- cp += len;
+- sudo_gr_delref(grp);
+- }
++ if (def_legacy_group_processing) {
++ for (i = 0; i < ngids; i++) {
++ grlist->groups[i] = NULL;
++ }
++ grlist->ngroups = 0;
++ grlist->groups_resolved = false;
++ } else {
++ int rc = sudo_resolve_gids(gids, ngids, grlist->groups, grlist->groups_buffer);
++ if (rc < 0) {
++ efree(grlitem);
++ return NULL;
++ }
++ grlist->ngroups = rc;
++ grlist->groups_resolved = true;
+ }
+- grlist->ngroups = ngroups;
+
+ #ifdef HAVE_SETAUTHDB
+ aix_restoreauthdb();
+@@ -616,6 +613,35 @@ again:
+ debug_return_ptr(&grlitem->cache);
+ }
+
++int sudo_resolve_gids(GETGROUPS_T *gids, int ngids, char **groups, char *group_buffer)
++{
++ struct group *grp;
++ int space_left = ngids * GROUPNAME_LEN;
++ int ngroups = 0;
++ int i;
++ char *cp = group_buffer;
++ debug_decl(sudo_resolve_gids, SUDO_DEBUG_NSS)
++
++ for (i = 0; i < ngids; i++) {
++ if ((grp = sudo_getgrgid(gids[i])) != NULL) {
++ int len = strlen(grp->gr_name) + 1;
++
++ if (space_left < len) {
++ sudo_gr_delref(grp);
++ debug_return_int(-1);
++ }
++
++ memcpy(cp, grp->gr_name, len);
++ groups[ngroups++] = cp;
++ cp += len;
++ space_left -= len;
++ sudo_gr_delref(grp);
++ }
++ }
++
++ debug_return_int(ngroups);
++}
++
+ void
+ sudo_gr_addref(struct group *gr)
+ {
+@@ -917,8 +943,22 @@ user_in_group(const struct passwd *pw, c
+ /*
+ * If it could be a sudo-style group ID check gids first.
+ */
++ bool do_gid_lookup = false;
++ gid_t gid;
++
+ if (group[0] == '#') {
+- gid_t gid = atoi(group + 1);
++ gid = atoi(group + 1);
++ do_gid_lookup = true;
++ } else if (def_legacy_group_processing) {
++ struct group *grent = sudo_getgrnam(group);
++ if (grent == NULL) {
++ goto done;
++ }
++ gid = grent->gr_gid;
++ do_gid_lookup = true;
++ }
++
++ if (do_gid_lookup) {
+ if (gid == pw->pw_gid) {
+ matched = true;
+ goto done;
+@@ -931,6 +971,19 @@ user_in_group(const struct passwd *pw, c
+ }
+ }
+
++ if (def_legacy_group_processing) {
++ goto done;
++ }
++ if (!grlist->groups_resolved) {
++ int rc = sudo_resolve_gids(grlist->gids, grlist->ngids,
++ grlist->groups, grlist->groups_buffer);
++ if (rc < 0) {
++ goto done;
++ }
++ grlist->ngroups = rc;
++ grlist->groups_resolved = true;
++ }
++
+ /*
+ * Next check the supplementary group vector.
+ * It usually includes the password db group too.
+diff -up sudo-1.8.6p7/plugins/sudoers/sudoers.h.legacy-group-processing sudo-1.8.6p7/plugins/sudoers/sudoers.h
+--- sudo-1.8.6p7/plugins/sudoers/sudoers.h.legacy-group-processing 2015-08-28 10:52:13.634671686 +0200
++++ sudo-1.8.6p7/plugins/sudoers/sudoers.h 2015-08-28 10:52:13.659671686 +0200
+@@ -52,6 +52,8 @@ struct group_list {
+ GETGROUPS_T *gids;
+ int ngroups;
+ int ngids;
++ int groups_resolved;
++ char *groups_buffer;
+ };
+
+ /*
+@@ -289,6 +291,8 @@ __dso_public struct group *sudo_getgrnam
+ __dso_public void sudo_gr_addref(struct group *);
+ __dso_public void sudo_gr_delref(struct group *);
+ bool user_in_group(const struct passwd *, const char *);
++int sudo_resolve_gids(GETGROUPS_T *gids, int ngids, char **groups, char *group_buffer);
++
+ struct group *sudo_fakegrnam(const char *);
+ struct group_list *sudo_get_grlist(const struct passwd *pw);
+ struct passwd *sudo_fakepwnam(const char *, gid_t);
diff --git a/SOURCES/sudo-1.8.6p7-manfix-usepty.patch b/SOURCES/sudo-1.8.6p7-manfix-usepty.patch
new file mode 100644
index 0000000..0da67ec
--- /dev/null
+++ b/SOURCES/sudo-1.8.6p7-manfix-usepty.patch
@@ -0,0 +1,107 @@
+diff -up sudo-1.8.6p7/doc/fixmdoc.sh.manfix-usepty sudo-1.8.6p7/doc/fixmdoc.sh
+--- sudo-1.8.6p7/doc/fixmdoc.sh.manfix-usepty 2015-07-07 09:06:37.893592317 +0200
++++ sudo-1.8.6p7/doc/fixmdoc.sh 2015-07-07 09:07:40.575602754 +0200
+@@ -1,4 +1,19 @@
+ #!/bin/sh
++#
++# Copyright (c) 2012-2014 Todd C. Miller <Todd.Miller@courtesan.com>
++#
++# Permission to use, copy, modify, and distribute this software for any
++# purpose with or without fee is hereby granted, provided that the above
++# copyright notice and this permission notice appear in all copies.
++#
++# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
++# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
++# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
++# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
++# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++#
+
+ OUTFILE="$1"
+ rm -f "$OUTFILE"
+@@ -18,11 +33,9 @@ case "$OUTFILE" in
+ # BSD auth
+ BA_FLAG=
+ if [ X"$BAMAN" != X"1" ]; then
+- BA_FLAG='/^.*\n\.Op Fl a Ar auth_type/{;N;/^.*\n\.Ek$/d;};'
++ BA_FLAG='/^.*\n\.Op Fl a Ar type/{;N;/^.*\n\.Ek$/d;};'
+ cat >>"$OUTFILE" <<-'EOF'
+- /^\.It Fl a Ar type/,/BSD authentication\.$/ {
+- d
+- }
++ /^\.It Fl a Ar type/,/BSD authentication\.$/d
+ EOF
+ fi
+
+@@ -31,9 +44,7 @@ case "$OUTFILE" in
+ if [ X"$LCMAN" != X"1" ]; then
+ LC_FLAG='/^.*\n\.Op Fl c Ar class/{;N;/^.*\n\.Ek$/d;};'
+ cat >>"$OUTFILE" <<-'EOF'
+- /^\.It Fl c Ar class/,/BSD login classes\.$/ {
+- d
+- }
++ /^\.It Fl c Ar class/,/BSD login classes\.$/d
+ /^\.Xr login_cap 3 ,$/d
+ /^BSD login class$/ {
+ N
+@@ -47,12 +58,8 @@ case "$OUTFILE" in
+ if [ X"$SEMAN" != X"1" ]; then
+ SE_FLAG='/^.*\n\.Op Fl r Ar role/{;N;/^.*\n\.Ek$/d;};/^.*\n\.Op Fl t Ar type/{;N;/^.*\n\.Ek$/d;};'
+ cat >>"$OUTFILE" <<-'EOF'
+- /^\.It Fl r Ar role/,/newline character\.$/ {
+- d
+- }
+- /^\.It Fl t Ar type/,/specified role\.$/ {
+- d
+- }
++ /^\.It Fl r Ar role/,/^\.Ar role \.$/d
++ /^\.It Fl t Ar type/,/derived from the role\.$/d
+ /^SELinux role and type$/ {
+ N
+ /^SELinux role and type\n\.It$/d
+@@ -103,12 +110,8 @@ case "$OUTFILE" in
+ # BSD login class
+ if [ X"$LCMAN" != X"1" ]; then
+ cat >>"$OUTFILE" <<-'EOF'
+- /^On BSD systems/,/\.$/ {
+- d
+- }
+- /^\.It use_loginclass$/,/^\.It/ {
+- /^\.It [^u][^s][^e][^_][^l]/!d
+- }
++ /^On BSD systems/,/\.$/d
++ /^\.It use_loginclass$/,/^by default\./d
+ EOF
+ fi
+
+@@ -120,15 +123,8 @@ case "$OUTFILE" in
+ N
+ d
+ }
+- /^\.It limitprivs$/,/^\.It/ {
+- /^\.It [^l][^i][^m][^i][^t]/!d
+- }
+- /^\.It privs$/,/^\.It/ {
+- /^\.It [^p][^r][^i][^v][^s]$/!d
+- }
+- /^On Solaris 10/,/^\.Pp/ {
+- d
+- }
++ /^\.It \(limit\)*privs$/,/is built on Solaris 10 or higher\.$/d
++ /^On Solaris 10/,/^\.Pp/d
+ EOF
+ fi
+
+@@ -140,9 +136,7 @@ case "$OUTFILE" in
+ N
+ d
+ }
+- /^\.It [rt][oy][lp]e$/,/^\.It/ {
+- /^\.It [^rt][^oy][^lp][^e]$/!d
+- }
++ /^\.It [rt][oy][lp]e$/,/is built with SELinux support\.$/d
+ EOF
+ fi
+ ;;
diff --git a/SOURCES/sudo-1.8.6p7-newbase64decoder.patch b/SOURCES/sudo-1.8.6p7-newbase64decoder.patch
new file mode 100644
index 0000000..d224f3c
--- /dev/null
+++ b/SOURCES/sudo-1.8.6p7-newbase64decoder.patch
@@ -0,0 +1,104 @@
+diff -up sudo-1.8.6p7/plugins/sudoers/match.c.newbase64decoder sudo-1.8.6p7/plugins/sudoers/match.c
+--- sudo-1.8.6p7/plugins/sudoers/match.c.newbase64decoder 2015-09-01 13:35:42.746241825 +0200
++++ sudo-1.8.6p7/plugins/sudoers/match.c 2015-09-01 13:40:52.360233611 +0200
+@@ -510,53 +510,60 @@ command_matches_glob(char *sudoers_cmnd,
+ }
+
+ /*
++ * base64 decoder
++ * PUBLIC DOMAIN - Jon Mayo - November 13, 2003
++ */
++static const uint8_t base64dec_tab[256]= {
++ 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,
++ 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,
++ 255,255,255,255,255,255,255,255,255,255,255, 62,255,255,255, 63,
++ 52, 53, 54, 55, 56, 57, 58, 59, 60, 61,255,255,255, 0,255,255,
++ 255, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
++ 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25,255,255,255,255,255,
++ 255, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40,
++ 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51,255,255,255,255,255,
++ 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,
++ 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,
++ 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,
++ 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,
++ 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,
++ 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,
++ 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,
++ 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,
++};
++
++/*
+ * Decode a NUL-terminated string in base64 format and store the
+ * result in dst.
+ */
+ size_t
+-base64_decode(const char *str, unsigned char *dst, size_t dsize)
++base64_decode(const char *in, unsigned char *out, size_t out_len)
+ {
+- static const char b64[] =
+- "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+- const unsigned char *dst0 = dst;
+- const unsigned char *dend = dst + dsize;
+- unsigned char ch[4];
+- char *pos;
+- int i;
+- debug_decl(base64_decode, SUDO_DEBUG_MATCH)
++ size_t in_len = strlen(in);
++ size_t ii, io;
++ uint_least32_t v;
++ size_t rem;
+
+- /*
+- * Convert from base64 to binary. Each base64 char holds 6 bits of data
+- * so 4 base64 chars equals 3 chars of data.
+- * Padding (with the '=' char) may or may not be present.
+- */
+- while (*str != '\0') {
+- for (i = 0; i < 4; i++) {
+- switch (*str) {
+- case '=':
+- str++;
+- /* FALLTHROUGH */
+- case '\0':
+- ch[i] = '=';
+- break;
+- default:
+- if ((pos = strchr(b64, *str++)) == NULL)
+- debug_return_size_t((size_t)-1);
+- ch[i] = (unsigned char)(pos - b64);
+- break;
+- }
+- }
+- if (ch[0] == '=' || ch[1] == '=' || dst == dend)
+- break;
+- *dst++ = (ch[0] << 2) | ((ch[1] & 0x30) >> 4);
+- if (ch[2] == '=' || dst == dend)
+- break;
+- *dst++ = ((ch[1] & 0x0f) << 4) | ((ch[2] & 0x3c) >> 2);
+- if (ch[3] == '=' || dst == dend)
+- break;
+- *dst++ = ((ch[2] & 0x03) << 6) | ch[3];
++ for(io=0,ii=0,v=0,rem=0;ii<in_len;ii++) {
++ unsigned char ch;
++ if(isspace(in[ii])) continue;
++ if(in[ii]=='=') break; /* stop at = */
++ ch=base64dec_tab[(size_t)in[ii]];
++ if(ch==255) break; /* stop at a parse error */
++ v=(v<<6)|ch;
++ rem+=6;
++ if(rem>=8) {
++ rem-=8;
++ if(io>=out_len) return -1; /* truncation is failure */
++ out[io++]=(v>>rem)&255;
+ }
+- debug_return_size_t((size_t)(dst - dst0));
++ }
++ if(rem>=8) {
++ rem-=8;
++ if(io>=out_len) return -1; /* truncation is failure */
++ out[io++]=(v>>rem)&255;
++ }
++ return io;
+ }
+
+ static bool
diff --git a/SOURCES/sudo-1.8.6p7-strunquote.patch b/SOURCES/sudo-1.8.6p7-strunquote.patch
new file mode 100644
index 0000000..63aa964
--- /dev/null
+++ b/SOURCES/sudo-1.8.6p7-strunquote.patch
@@ -0,0 +1,137 @@
+diff -up sudo-1.8.6p7/common/Makefile.in.strunquote sudo-1.8.6p7/common/Makefile.in
+--- sudo-1.8.6p7/common/Makefile.in.strunquote 2013-02-25 20:46:09.000000000 +0100
++++ sudo-1.8.6p7/common/Makefile.in 2015-07-07 14:30:09.267181200 +0200
+@@ -63,7 +63,7 @@ SHELL = @SHELL@
+
+ LTOBJS = alloc.lo atobool.lo fileops.lo fmt_string.lo lbuf.lo list.lo \
+ secure_path.lo setgroups.lo sudo_conf.lo sudo_debug.lo term.lo \
+- ttysize.lo zero_bytes.lo @COMMON_OBJS@
++ ttysize.lo zero_bytes.lo strunquote.lo @COMMON_OBJS@
+
+ all: libcommon.la
+
+@@ -164,3 +164,6 @@ ttysize.lo: $(srcdir)/ttysize.c $(top_bu
+ zero_bytes.lo: $(srcdir)/zero_bytes.c $(top_builddir)/config.h \
+ $(incdir)/missing.h
+ $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/zero_bytes.c
++strunquote.lo: $(srcdir)/strunquote.c $(top_builddir)/config.h \
++ $(incdir)/missing.h
++ $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/strunquote.c
+diff -up sudo-1.8.6p7/common/strunquote.c.strunquote sudo-1.8.6p7/common/strunquote.c
+--- sudo-1.8.6p7/common/strunquote.c.strunquote 2015-07-07 14:30:09.267181200 +0200
++++ sudo-1.8.6p7/common/strunquote.c 2015-07-07 14:31:05.403649285 +0200
+@@ -0,0 +1,45 @@
++/*
++ * Copyright (c) 2015 Daniel Kopecek <dkopecek@redhat.com>
++ *
++ * Permission to use, copy, modify, and distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
++ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++ */
++#include <string.h>
++#include <ctype.h>
++
++char *strunquote(char *arg)
++{
++ char *str = arg;
++ if (str == NULL) {
++ return NULL;
++ }
++ const size_t len = strlen(str);
++ char *strend = str + len - 1;
++
++ /* Remove blanks */
++ for (; isblank((unsigned char)*str); str++);
++ for (; isblank((unsigned char)*strend) && strend > str; strend--);
++ /*
++ * Check that the string is double-quoted.
++ * If not, we are done.
++ */
++ if (*str != '"' || *strend != '"' || str == strend) {
++ /* Return the original argument if we didn't touch it */
++ return arg;
++ }
++
++ /* Remove the double-quotes */
++ *strend = '\0';
++ ++str;
++
++ return str;
++}
+diff -up sudo-1.8.6p7/include/strunquote.h.strunquote sudo-1.8.6p7/include/strunquote.h
+--- sudo-1.8.6p7/include/strunquote.h.strunquote 2015-07-07 14:30:09.267181200 +0200
++++ sudo-1.8.6p7/include/strunquote.h 2015-07-07 14:30:09.267181200 +0200
+@@ -0,0 +1,17 @@
++/*
++ * Copyright (c) 2015 Daniel Kopecek <dkopecek@redhat.com>
++ *
++ * Permission to use, copy, modify, and distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
++ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++ */
++
++char *strunquote(char *arg);
+diff -up sudo-1.8.6p7/plugins/sudoers/ldap.c.strunquote sudo-1.8.6p7/plugins/sudoers/ldap.c
+--- sudo-1.8.6p7/plugins/sudoers/ldap.c.strunquote 2015-07-07 14:30:09.259181276 +0200
++++ sudo-1.8.6p7/plugins/sudoers/ldap.c 2015-07-07 14:30:09.267181200 +0200
+@@ -79,6 +79,7 @@
+ #include "sudoers.h"
+ #include "parse.h"
+ #include "lbuf.h"
++#include "strunquote.h"
+
+ /* Older Netscape LDAP SDKs don't prototype ldapssl_set_strength() */
+ #if defined(HAVE_LDAPSSL_SET_STRENGTH) && !defined(HAVE_LDAP_SSL_H) && !defined(HAVE_MPS_LDAP_SSL_H)
+@@ -1004,10 +1005,10 @@ sudo_ldap_parse_options(LDAP *ld, LDAPMe
+ if (op == '+' || op == '-') {
+ *(val - 2) = '\0'; /* found, remove extra char */
+ /* case var+=val or var-=val */
+- set_default(var, val, (int) op);
++ set_default(var, strunquote(val), (int) op);
+ } else {
+ /* case var=val */
+- set_default(var, val, true);
++ set_default(var, strunquote(val), true);
+ }
+ } else if (*var == '!') {
+ /* case !var Boolean False */
+diff -up sudo-1.8.6p7/plugins/sudoers/sssd.c.strunquote sudo-1.8.6p7/plugins/sudoers/sssd.c
+--- sudo-1.8.6p7/plugins/sudoers/sssd.c.strunquote 2015-07-07 14:30:09.260181267 +0200
++++ sudo-1.8.6p7/plugins/sudoers/sssd.c 2015-07-07 14:30:09.268181191 +0200
+@@ -61,6 +61,7 @@
+ #include "lbuf.h"
+ #include "sudo_debug.h"
+ #include "ipa_hostname.h"
++#include "strunquote.h"
+
+ /* SSSD <--> SUDO interface - do not change */
+ struct sss_sudo_attr {
+@@ -996,10 +997,10 @@ sudo_sss_parse_options(struct sudo_sss_h
+ if (op == '+' || op == '-') {
+ *(val - 2) = '\0'; /* found, remove extra char */
+ /* case var+=val or var-=val */
+- set_default(v, val, (int) op);
++ set_default(v, strunquote(val), (int) op);
+ } else {
+ /* case var=val */
+- set_default(v, val, true);
++ set_default(v, strunquote(val), true);
+ }
+ } else if (*v == '!') {
+ /* case !var Boolean False */
diff --git a/SOURCES/sudo-1.8.6p7-sudoers b/SOURCES/sudo-1.8.6p7-sudoers
deleted file mode 100644
index 3b19ebf..0000000
--- a/SOURCES/sudo-1.8.6p7-sudoers
+++ /dev/null
@@ -1,118 +0,0 @@
-## Sudoers allows particular users to run various commands as
-## the root user, without needing the root password.
-##
-## Examples are provided at the bottom of the file for collections
-## of related commands, which can then be delegated out to particular
-## users or groups.
-##
-## This file must be edited with the 'visudo' command.
-
-## Host Aliases
-## Groups of machines. You may prefer to use hostnames (perhaps using
-## wildcards for entire domains) or IP addresses instead.
-# Host_Alias FILESERVERS = fs1, fs2
-# Host_Alias MAILSERVERS = smtp, smtp2
-
-## User Aliases
-## These aren't often necessary, as you can use regular groups
-## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname
-## rather than USERALIAS
-# User_Alias ADMINS = jsmith, mikem
-
-
-## Command Aliases
-## These are groups of related commands...
-
-## Networking
-# Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool
-
-## Installation and management of software
-# Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum
-
-## Services
-# Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig
-
-## Updating the locate database
-# Cmnd_Alias LOCATE = /usr/bin/updatedb
-
-## Storage
-# Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount
-
-## Delegating permissions
-# Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp
-
-## Processes
-# Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall
-
-## Drivers
-# Cmnd_Alias DRIVERS = /sbin/modprobe
-
-# Defaults specification
-
-#
-# Disable "ssh hostname sudo <cmd>", because it will show the password in clear.
-# You have to run "ssh -t hostname sudo <cmd>".
-#
-Defaults requiretty
-
-#
-# Refuse to run if unable to disable echo on the tty. This setting should also be
-# changed in order to be able to use sudo without a tty. See requiretty above.
-#
-Defaults !visiblepw
-
-#
-# Preserving HOME has security implications since many programs
-# use it when searching for configuration files. Note that HOME
-# is already set when the the env_reset option is enabled, so
-# this option is only effective for configurations where either
-# env_reset is disabled or HOME is present in the env_keep list.
-#
-Defaults always_set_home
-
-Defaults env_reset
-Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
-Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
-Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
-Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
-Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
-
-#
-# Adding HOME to env_keep may enable a user to run unrestricted
-# commands via sudo.
-#
-# Defaults env_keep += "HOME"
-
-Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
-
-## Next comes the main part: which users can run what software on
-## which machines (the sudoers file can be shared between multiple
-## systems).
-## Syntax:
-##
-## user MACHINE=COMMANDS
-##
-## The COMMANDS section may have other options added to it.
-##
-## Allow root to run any commands anywhere
-root ALL=(ALL) ALL
-
-## Allows members of the 'sys' group to run networking, software,
-## service management apps and more.
-# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS
-
-## Allows people in group wheel to run all commands
-%wheel ALL=(ALL) ALL
-
-## Same thing without a password
-# %wheel ALL=(ALL) NOPASSWD: ALL
-
-## Allows members of the users group to mount and unmount the
-## cdrom as root
-# %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom
-
-## Allows members of the users group to shutdown this system
-# %users localhost=/sbin/shutdown -h now
-
-## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
-#includedir /etc/sudoers.d
diff --git a/SPECS/sudo.spec b/SPECS/sudo.spec
index 2884d13..e651d1c 100644
--- a/SPECS/sudo.spec
+++ b/SPECS/sudo.spec
@@ -1,12 +1,12 @@
Summary: Allows restricted root access for specified users
Name: sudo
Version: 1.8.6p7
-Release: 13%{?dist}
+Release: 16%{?dist}
License: ISC
Group: Applications/System
URL: http://www.courtesan.com/sudo/
Source0: http://www.courtesan.com/sudo/dist/sudo-%{version}.tar.gz
-Source1: sudo-1.8.6p7-sudoers
+Source1: sudo-1.8.6p7-14-sudoers
Source2: sudo-1.7.4p5-sudo-ldap.conf
Source3: sudo-1.8.6p3-sudo.conf
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -23,6 +23,7 @@ BuildRequires: libselinux-devel
BuildRequires: /usr/sbin/sendmail
BuildRequires: gettext
BuildRequires: zlib-devel
+BuildRequires: libgcrypt-devel
# don't strip
Patch1: sudo-1.6.7p5-strip.patch
@@ -90,6 +91,31 @@ Patch29: sudo-1.8.6p7-duplicatenssfix.patch
Patch30: sudo-1.8.6p7-constwarnfix.patch
# 1147616 - New defect found in sudo-1.8.6p7-12.el7
Patch31: sudo-1.8.6p7-clangfixes.patch
+## RHEL 7.2 errata ##
+# 1144446 - sudo with ldap doesn't work correctly with 'listpw=all' and 'verifypw=all' in sudoOption entry
+Patch32: sudo-1.8.6p7-authlogicfix.patch
+# 1235570 - CVE-2014-9680 sudo: unsafe handling of TZ environment variable [rhel-7.2]
+Patch33: sudo-1.8.6p7-CVE-2014-9680.patch
+# 1138259 - sudoers.ldap man page has typos in description
+Patch34: sudo-1.8.6p3-mantypos-ldap.patch
+# 1183818 - backport of command digest specification feature
+Patch35: sudo-1.8.6p7-digest-backport.patch
+# 1233607 - In sudoers man page, "use_pty" information is merged with "umask_override".
+Patch36: sudo-1.8.6p7-manfix-usepty.patch
+# 1183818 - backport of command digest specification feature (documentation part)
+Patch37: sudo-1.8.6p7-digest-backport-docs.patch
+# 1144419 - sudo with ldap/sssd doesn't respect env_keep,env_check and env_delete variables in sudoOption
+Patch38: sudo-1.8.6p7-strunquote.patch
+# 1135539 - sudo with ldap doesn't work with 'user id' in sudoUser option
+Patch39: sudo-1.8.6p7-ldapsearchuidfix.patch
+# 1254621 - make check broken by missing hexchar.o object file
+Patch40: sudo-1.8.6p7-digest-backport-checklinkfix.patch
+# 1247591 - Sudo taking a long time when user information is stored externally.
+Patch41: sudo-1.8.6p7-legacy-group-processing.patch
+# 1183818 - [RFE] store checksum alongside the command being permitted
+Patch42: sudo-1.8.6p7-newbase64decoder.patch
+# 1183818 - [RFE] store checksum alongside the command being permitted
+Patch43: sudo-1.8.6p7-digestmessagesfix.patch
%description
Sudo (superuser do) allows a system administrator to give certain
@@ -145,6 +171,18 @@ plugins that use %{name}.
%patch29 -p1 -b .duplicatenssfix
%patch30 -p1 -b .constwarnfix
%patch31 -p1 -b .clangfixes
+%patch32 -p1 -b .authlogicfix
+%patch33 -p1 -b .CVE-2014-9680
+%patch34 -p1 -b .mantypos-ldap
+%patch35 -p1 -b .digest-backport
+%patch36 -p1 -b .manfix-usepty
+%patch37 -p1 -b .digest-backport-docs
+%patch38 -p1 -b .strunquote
+%patch39 -p1 -b .ldapsearchuidfix
+%patch40 -p1 -b .checklinkfix
+%patch41 -p1 -b .legacy-group-processing
+%patch42 -p1 -b .newbase64decoder
+%patch43 -p1 -b .digestmessagesfix
%build
autoreconf -I m4 -fv --install
@@ -175,7 +213,8 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SHL
--with-selinux \
--with-passprompt="[sudo] password for %p: " \
--with-linux-audit \
- --with-sssd
+ --with-sssd \
+ --with-gcrypt
# --without-kerb5 \
# --without-kerb4
make
@@ -265,6 +304,38 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man8/sudo_plugin.8*
%changelog
+* Tue Sep 1 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-16
+- RHEL 7.2 erratum
+ - show the digest type in warning messages
+ Resolves: rhbz#1183818
+
+* Tue Sep 1 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-15
+- RHEL 7.2 erratum
+ - fixed compilation of testing binaries during make check
+ - added legacy group processing patch
+ - replaced buggy base64 decoder with a public domain implementation
+ Resolves: rhbz#1254621
+ Resolves: rhbz#1183818
+ Resolves: rhbz#1247591
+
+* Tue Jul 7 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-14
+- RHEL 7.2 erratum
+ - backported command digest specification
+ - fixed CVE-2014-9680 sudo: unsafe handling of TZ environment variable
+ - fixed typos in sudoers.ldap man page
+ - fixed handling of double-quoted sudoOption values in ldap, sssd sources
+ - fixed numeric uid specification support in ldap source
+ - fixed authentication flag logic in ldap source
+ - added the systemctl command to the SERVICES alias in the default sudoers file
+ Resolves: rhbz#1144446
+ Resolves: rhbz#1235570
+ Resolves: rhbz#1138259
+ Resolves: rhbz#1183818
+ Resolves: rhbz#1233607
+ Resolves: rhbz#1144419
+ Resolves: rhbz#1135539
+ Resolves: rhbz#1215400
+
* Tue Sep 30 2014 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p7-13
- RHEL 7.1 erratum
- fixed issues found by covscan/clang-analyzer