Updating HEAD branch #5; Last files from CABAL.

2002-04-09 15:28:45 +00:00 · 2002-04-09 15:28:45 +00:00 · af23dfa5ef
commit af23dfa5ef
parent 462ab530e5
12 changed files with 1427 additions and 744 deletions
--- a/6
+++ b/6
@ -5,3 +5,9 @@ Ivo Timmermans <itimmermans@bigfoot.com>
 These files are from other sources:
 * lib/pidfile.h and lib/pidfile.c are by Martin Schulze, taken from
 the syslog 1.3 sources.
 Also some of the macro files in the directory m4, and their
 accompanying files in lib, were taken from GNU fileutils.
 Please see the file THANKS for more information on contributions from
 users.
--- a/Makefile.am
+++ b/Makefile.am
@ -2,25 +2,23 @@
 AUTOMAKE_OPTIONS = gnu
-SUBDIRS = m4 intl lib src doc po redhat debian
+SUBDIRS = m4 intl lib src doc po
 ACLOCAL_AMFLAGS =
-EXTRA_DIST = system.h ABOUT-NLS
+EXTRA_DIST = system.h COPYING.README depcomp
-CVS_CREATED = configure aclocal.m4 config.h.in config.guess \
+CVS_CREATED = ABOUT-NLS configure aclocal.m4 config.h.in config.guess \
 config.sub install-sh ltconfig ltmain.sh missing mkinstalldirs \
- stamp-h.in m4/Makefile.am ChangeLog
+ stamp-h.in m4/Makefile.am ChangeLog po/Makefile.in.in \
 po/tinc.pot src/.libs intl depcomp
 ChangeLog:
-	rm -f ChangeLog
+	cvs2cl -U cvsusers --fsf
 	rcs2log -u "zarq	Ivo Timmermans	itimmermans@bigfoot.com" \
 	  -u "guus	Guus Sliepen	guus@sliepen.warande.net" | \
 	  sed -e 's,/home/CVS/tinc/,,g' > $@
 cvs-clean: maintainer-clean
-	for f in $(CVS_CREATED) `find -name Makefile.in` ; do\
+	for f in $(CVS_CREATED) `find . -name Makefile.in` tinc-$(VERSION).tar.gz; do\
-	  rm -f "$$f"; \
+	  rm -Rf "$$f"; \
 	done
 deb:
@ -29,5 +27,11 @@ deb:
 rpm: dist
 	cp $(distdir).tar.gz /usr/src/redhat/SOURCES/
 	cp redhat/tinc.spec /usr/src/redhat/SOURCES/
-	cd /usr/src/redhat/SOURCES/
+	cd /usr/src/redhat/SOURCES/ && rpm -bb tinc.spec
-	rpm -bi tinc.spec
+
 release:
 	rm -f ChangeLog
 	$(MAKE) ChangeLog
 	echo "Please edit the NEWS file now..."
 	/usr/bin/editor NEWS
 	$(MAKE) dist
--- a/150
+++ b/150
@ -1,6 +1,152 @@
 version 1.0pre7              Apr  7 2002
 * Don't do blocking read()s when getting a signal.
 * Remove RSA key checking code, since it sometimes thinks perfectly good RSA
  keys are bad.
 * Fix handling of subnets when prefixlength isn't divisible by 8.
 version 1.0pre6              Mar 27 2002
 * Improvement of redundant links:
  * Non-blocking connects.
  * Protocol broadcast messages can no longer go into an infinite loop.
  * Graph algorithm updated to look harder for direct connections.
 * Good support for routing IPv6 packets over the VPN. Works on Linux,
  FreeBSD, possibly OpenBSD but not on Solaris.
 * Support for tunnels over IPv6 networks. Works on all supported
  operating systems.
 * Optional compression of UDP connections using zlib.
 * Optionally let UDP connections inherit TOS field of tunneled packets.
 * Optionally start scripts when certain hosts become (un)reachable.
 version 1.0pre5              Feb  9 2002
 * Security enhancements:
  * Added sequence number and optional message authentication code to
    the packets.
  * Configurable encryption cipher and digest algorithms.
 * More robust handling of dis- and reconnects.
 * Added a "switch" and a "hub" mode to allow bridging setups.
 * Preliminary support for routing of IPv6 packets.
 * Supports Linux, FreeBSD, OpenBSD and Solaris.
 It looks like this might be the last release before 1.0.
 version 1.0pre4              Jan 17 2001
 * Updated documentation; the documentation now reflects the
  configuration as it is.
 * Some internal changes to make tinc scale better for large
  networks, such as using AVL trees instead of linked lists for the
  connection list.  
 * RSA keys can be stored in separate files if needed.  See the
  documentation for more information.
 * tinc has now been reported to run on Linux PowerPC and FreeBSD x86.
 version 1.0pre3              Oct 31 2000
 * The protocol has been redesigned, and although some details are
  still under discussion, this is secure.  Care has been taken to
  resist most, if not all, attacks.
 * Unfortunately this protocol is not compatible with earlier versions,
  nor are earlier versions compatible with this version.  Because the
  older protocol has huge security flaws, we feel that not
  implementing backwards compatibility is justified.
 * Some data about the protocol:
  * It uses public/private RSA keys for authentication (this is the
    actual fix for the security hole).
  * All cryptographic functions have been taken out of tinc, instead
    it uses the OpenSSL library functions.
  * Offers support for multiple subnets per tinc daemon.
 * New is also the support for the universal tun/tap device.  This
  means better portability to FreeBSD and Solaris.
 * tinc is tested to compile on Solaris, Linux x86, Linux alpha.
 * tinc now uses the OpenSSL library for cryptographic operations.
  More information on getting and installing OpenSSL is in the manual.
  This also means that the GMP library is no longer required.
 * Further, thanks to Enrique Zanardi, we have Spanish messages; Matias
  Carrasco provided us with a Spanish translation of the manual.
 What still needs to be done before 1.0:
 * Documentation.  Especially since the protocol has changed, and a lot
  of configuration directives have been added.
 version 1.0pre2              May 31 2000
- * Internationalized, Dutch translation available
+
- * Many sanity checks on the meta protocol added
+* This version has been internationalized; and a Dutch translation has          
  been included.                                                                
 * Two configuration variables have been added:                                  
  * VpnMask - the IP network mask for the entire VPN, not just our              
    subnet (as given by MyVirtualIP).  The Redhat and Debian packages           
    use this variable in their system startup scripts, but it is                
    ignored by tinc.                                                            
  * Hostnames - if set to `yes', look up the names of IP addresses              
    trying to connect to us.  Default set to `no', to prevent lockups           
    during lookups.                                                             
 * The system startup scripts for Debian and Redhat use                          
  /etc/tinc/nets.boot to find out which networks need to be started             
  during system boot.                                                           
 * Fixes to prevent denial of service attacks by sending random data             
  after connecting (and even when the connection has been established),         
  either random garbage or just nonsensical protocol fields.                    
 * tinc will retry to connect upon startup, does not quit if it doesn't          
  work the first time.                                                          
 * Hosts that are disconnected implicitly if we lose a connection get            
  deleted from the internal list, to prevent hogging eachother with             
  add and delete requests when the connection is restored.                      
 What still needs to be done before 1.0:                                         
 * Documentation.                                                                
 * Failover ConnectTo lines, try another one if the first doesn't work.          
 version 1.0pre1              May 12 2000
 * New meta-protocol
--- a/102
+++ b/102
@ -1,9 +1,13 @@
-This is the README file for tinc version 1.0.
+This is the README file for tinc version 1.0pre7. Installation
-Installation instructions may be found in the INSTALL file.
+instructions may be found in the INSTALL file.
-tinc is Copyright (C) 1998,1999,2000 Ivo Timmermans
+tinc is Copyright (C) 1998-2002 by:
-<itimmermans@bigfoot.com>, Guus Sliepen <guus@sliepen.warande.net> and
+
-others. For a complete list of authors see the AUTHORS file.
+Ivo Timmermans <itimmermans@bigfoot.com>,
 Guus Sliepen <guus@sliepen.warande.net>,
 and others.
 For a complete list of authors see the AUTHORS file.
 This program is free software; you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@ -11,6 +15,36 @@ the Free Software Foundation; either version 2 of the License, or (at
 your option) any later version. See the file COPYING for more details.
 Security statement
 ------------------
 In August 2000, we discovered the existence of a security hole in all versions
 of tinc up to and including 1.0pre2. This had to do with the way we exchanged
 keys. Since then, we have been working on a new authentication scheme to make
 tinc as secure as possible. The current version uses the OpenSSL library and
 uses strong authentication with RSA keys.
 On the 29th of December 2001, Jerome Etienne posted a security analysis of tinc
 1.0pre4. Due to a lack of sequence numbers and a message authentication code
 for each packet, an attacker could possibly disrupt certain network services or
 launch a denial of service attack by replaying intercepted packets. The current
 version adds sequence numbers and message authentication codes to prevent such
 attacks.
 Cryptography is a hard thing to get right. We cannot make any
 guarantees. Time, review and feedback are the only things that can
 prove the security of any cryptographic product. If you wish to review
 tinc or give us feedback, you are stronly encouraged to do so.
 Changes to configuration file format since 1.0pre5
 --------------------------------------------------
 Some configuration variables have different names now. Most notably "TapDevice"
 should be changed into "Device", and "Device" should be changed into
 "BindToDevice".
 Requirements
 ------------
@ -21,6 +55,14 @@ this library is not installed on you system, configure will fail.  The
 manual in doc/tinc.texi contains more detailed information on how to
 install this library.
 Since 1.0pre6, the zlib library is used for optional compression. You need this
 library whether or not you plan to enable the compression. You can find it at
 http://www.gzip.org/zlib/. Because of a possible exploit in earlier versions we
 recommand that you download version 1.1.4 or later.
 In order to compile tinc, you will also need autoconf, automake, GNU make, m4
 and gettext.
 Features
 --------
@ -30,18 +72,46 @@ use this feature, you may supply a netname via the -n or --net
 options. The standard locations for the config files will then be
 /etc/tinc/<net>/. Because of this feature, tinc will send packets
 directly to their destinations, instead of to the uplink. If this
-behaviour is undesirable (for instance because of firewalls or
+behaviour is undesirable (for instance because of firewalls or other
-other restrictions), please use an older version of tinc (I would
+restrictions), please use an older version of tinc (I would recommend
-recommend tinc-0.2.19).
+tinc-0.2.19).
-In this version, MAC addresses are stripped off before encoding and
+In order to force the kernel to accept received packets, the
-sending a packet. When the packet reaches its destination, the MAC
+destination MAC address will be set to FE:FD:00:00:00:00 upon
-addresses are rebuilt again. They then have the form
+reception. The MAC address of the ethertap or tun/tap interface must
-FE:FD:aa:bb:cc:dd. aa, bb, cc and dd are taken from the destination
+also be set to this address. See the manual for more detailed
-and source IP address.  See the manual for more detailed information.
+information.
 tincd regenerates its encryption key pairs. It does this on the first
 activity after the keys have expired. This period is adjustable in the
-configuration file, and the default time is 3600 seconds (one
+configuration file, and the default time is 3600 seconds (one hour).
-hour). If you send a USR2 signal to the daemon, it'll regenerate
+
-immediately.
+This version supports multiple subnets at once. They are also sorted
 on subnet mask size. This means that it is possible to have
 overlapping subnets on the VPN, as long as their subnet mask sizes
 differ.
 Since pre5, tinc can operate in several routing modes. The default mode,
 "router", works exactly like the older version, and uses Subnet lines to
 determine the destination of packets. The other two modes, "switch" and "hub",
 allow the tinc daemons to work together like a single network switch or hub.
 This is useful for bridging networks. The latter modes only work properly on
 Linux and FreeBSD.
 The algorithms used for encryption and generating message authentication codes
 can now be changed in the configuration files. All cipher and digest algorithms
 supported by OpenSSL can be used. Useful ciphers are "blowfish" (default),
 "bf-ofb", "des", "des3", etcetera. Useful digests are "sha1" (default), "md5",
 etcetera.
 Support for routing IPv6 packets has been added. Just add Subnet lines with
 IPv6 addresses (without using :: abbreviations) and use ifconfig or ip (from
 the iproute package) to give the virtual network interface corresponding IPv6
 addresses. Autoconfiguration will not work in router mode. Tunneling IPv6
 packets only works on Linux, FreeBSD and possibly OpenBSD.
 It is also possible to make tunnels to other tinc daemons over IPv6 networks.
 In order to enable this feature the option "AddressFamily = any" or
 "AddressFamily = ipv6" must be added to the tinc.conf file. The host
 configuration files should contain IPv6 addresses for the "Address" variables,
 or hostnames which have an AAAA or A6 record.
--- a/9
+++ b/9
@ -1,4 +1,4 @@
-I would like to thank
+We would like to thank
 * Hans Bayle (for making some useful coding suggestions and fixing a
   bug or two)
@ -14,7 +14,12 @@ I would like to thank
 * Cris van Pelt (small fixes)
 * Enrique Zanardi (for the Spanish translation)
 * Matias Carrasco (for the Spanish translation of the manual)
 * Jamie Briggs (for finding a lot of socket leaks)
 * Armijn Hemel (for being our very own PR manager)
 * Jerome Etienne (for a thorough security analysis of tinc)
 * Mark Glines (for his compression patch) 
 for their help, support and ideas.  Thank you guys!
-And especially Guus Sliepen, for starting this whole project...
+Ivo Timmermans
 Guus Sliepen
--- a/14
+++ b/14
@ -1,9 +1,5 @@
-Things left to do to make cabal superstable:
+TODO LIST
--------------------------------------------
+
- * Check for connection loops. Inter-daemon
+1.0:
-   connections should always satisfy the
+
-   tree property.
+* A nice, secure and stable release
 * Redundancy: multiple ConnectTo lines, if
   one fails others might be tried.
 * Allow connects to hosts that use
   nodirectdata.
--- a/autogen.sh
+++ b/autogen.sh
@ -4,7 +4,12 @@
 DIE=0
-srcdir="`pwd`"
+if ${MAKE:-gmake} -q -C . autogen.sh 2> /dev/null
 then
  alias make=${MAKE:-gmake}
 fi
 srcdir="`/bin/pwd`"
 (autoconf --version) < /dev/null > /dev/null 2>&1 || {
  echo
--- a/configure.in
+++ b/configure.in
@ -1,9 +1,9 @@
 dnl Process this file with autoconf to produce a configure script.
-dnl $Id: configure.in,v 1.16 2000/10/19 20:39:04 zarq Exp $
+dnl $Id: configure.in,v 1.17 2002/04/09 15:28:45 zarq Exp $
 AC_INIT(src/tincd.c)
-AM_INIT_AUTOMAKE(tinc, 1.0pre3)
+AM_INIT_AUTOMAKE(tinc, 1.0-cvs)
 AM_CONFIG_HEADER(config.h)
 dnl Include the macros from the m4/ directory
@ -14,7 +14,7 @@ AM_ACLOCAL_INCLUDE(m4)
 # in the latter don't make it into the configure-time tests.
 AC_DEFINE([_GNU_SOURCE], [__USE_BSD])
-ALL_LINGUAS="es nl"
+ALL_LINGUAS="nl"
 dnl Checks for programs.
 AC_PROG_CC
@ -25,15 +25,45 @@ AC_PROG_INSTALL
 AC_PROG_LN_S
 AC_PROG_MAKE_SET
 jm_PERL
-AM_PROG_LIBTOOL
+
 AC_ISC_POSIX
 dnl Check and set OS
 AC_CANONICAL_HOST
 case $host_os in
  *linux*)
    AC_DEFINE(HAVE_LINUX)
    [ rm -f src/device.c; ln -sf linux/device.c src/device.c ]
  ;;
  *freebsd*)
    AC_DEFINE(HAVE_FREEBSD)
    [ rm -f src/device.c; ln -sf freebsd/device.c src/device.c ]
  ;;
  *solaris*)
    AC_DEFINE(HAVE_SOLARIS)
    [ rm -f src/device.c; ln -sf solaris/device.c src/device.c ]
  ;;
  *openbsd*)
    AC_DEFINE(HAVE_OPENBSD)
    [ rm -f src/device.c; ln -sf openbsd/device.c src/device.c ]
  ;;
  *netbsd*)
    AC_DEFINE(HAVE_NETBSD)
    [ rm -f src/device.c; ln -sf netbsd/device.c src/device.c ]
  ;;
 esac
 AC_CACHE_SAVE
 dnl Checks for libraries.
 dnl Checks for header files.
 AC_HEADER_STDC
-AC_CHECK_HEADERS(fcntl.h limits.h sys/ioctl.h syslog.h unistd.h sys/time.h linux/if_tun.h)
+AC_CHECK_HEADERS([fcntl.h limits.h sys/ioctl.h syslog.h unistd.h \
 sys/time.h malloc.h strings.h sys/file.h])
 dnl Checks for typedefs, structures, and compiler characteristics.
 AC_C_CONST
@ -46,12 +76,14 @@ dnl Checks for library functions.
 AC_FUNC_MEMCMP
 AC_FUNC_ALLOCA
 AC_TYPE_SIGNAL
-AC_CHECK_FUNCS(ftime socket select strtol strerror)
+AC_CHECK_FUNCS([ftime socket select strtol strerror flock unsetenv \
 asprintf putenv strdup fcloseall daemon strsignal get_current_dir_name])
 jm_FUNC_MALLOC
 jm_FUNC_REALLOC
 AM_GNU_GETTEXT
 dnl Support for SunOS
 AC_CHECK_FUNC(socket, [], [
@ -61,39 +93,33 @@ AC_CHECK_FUNC(gethostbyname, [], [
  AC_CHECK_LIB(nsl, gethostbyname)
 ])
 AC_CACHE_SAVE
-dnl From the autoconf manual
+dnl These are defined in files in m4/
 AC_CHECK_FUNCS(syslog)
 if test $ac_cv_func_syslog = no; then
  # syslog is not in the default libraries.  See if it's in some other.
  for lib in bsd socket inet; do
    AC_CHECK_LIB($lib, syslog, [AC_DEFINE(HAVE_SYSLOG)
      LIBS="$LIBS $lib"; break])
  done
 fi
 AC_CHECK_LIB(dl, dlopen, [
  LIBS="$LIBS -ldl"
 ])
 dnl Crypto stuff
 libcrypto=none
 AC_CHECK_LIB(crypto, SHA1_version, [
  libcrypto=yes
 ])
 if test $libcrypto = none; then
  AC_MSG_ERROR(It seems like OpenSSL is not installed on this system.)
 else
  LIBS="$LIBS -lcrypto"
 fi
 dnl Check for TUN/TAP support in the kernel
 tinc_TUNTAP
 tinc_OPENSSL
 tinc_ZLIB
-AC_OUTPUT([Makefile src/Makefile
+dnl Check if support for jumbograms is requested 
-doc/Makefile doc/es/Makefile intl/Makefile lib/Makefile
+AC_ARG_ENABLE(jumbograms,
-m4/Makefile po/Makefile.in redhat/Makefile debian/Makefile])
+  [  --enable-jumbograms     enable support for jumbograms (packets up to 9000 bytes)],
  [ AC_DEFINE(ENABLE_JUMBOGRAMS) ]
 )
 dnl Check if checkpoint tracing has to be enabled
 AC_ARG_ENABLE(tracing,
  [  --enable-tracing        enable checkpoint tracing (debugging only)],
  [ AC_DEFINE(ENABLE_TRACING) ]
 )
 AC_SUBST(INCLUDES)
 AC_OUTPUT(Makefile
 src/Makefile
 doc/Makefile
 doc/es/Makefile
 intl/Makefile
 lib/Makefile
 m4/Makefile
 po/Makefile.in
 )
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@ -1,16 +1,15 @@
 ## Process this file with automake to produce Makefile.in
-# $Id: Makefile.am,v 1.4 2000/10/20 16:42:22 zarq Exp $
+# $Id: Makefile.am,v 1.5 2002/04/09 15:28:45 zarq Exp $
 noinst_LIBRARIES = libvpn.a
-INCLUDES = -I. -I$(top_builddir) -I$(top_srcdir)/intl
+INCLUDES = @INCLUDES@ -I. -I$(top_builddir) -I$(top_srcdir)/intl
-libvpn_a_SOURCES = xmalloc.c pidfile.c utils.c getopt.c getopt1.c \
+libvpn_a_SOURCES = xmalloc.c pidfile.c utils.c getopt.c getopt1.c list.c avl_tree.c dropin.c
 	list.c error.c
 libvpn_a_LIBADD = @LIBOBJS@ @ALLOCA@
 libvpn_a_DEPENDENCIES = $(libvpn_a_LIBADD)
-noinst_HEADERS = xalloc.h pidfile.h utils.h getopt.h list.h error.h
+noinst_HEADERS = xalloc.h pidfile.h utils.h getopt.h list.h avl_tree.h dropin.h
 EXTRA_DIST = README
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@ -6,10 +6,28 @@
 lib/pidfile.c
 lib/utils.c
 src/conf.c
-src/genauth.c
+src/connection.c
 src/meta.c
 src/net.c
 src/net_packet.c
 src/net_setup.c
 src/net_socket.c
 src/netutl.c
 src/protocol.c
 src/protocol_auth.c
 src/protocol_edge.c
 src/protocol_key.c
 src/protocol_misc.c
 src/protocol_subnet.c
 src/subnet.c
 src/tincd.c
 src/process.c
 src/route.c
 src/node.c
 src/edge.c
 src/graph.c
 src/linux/device.c
 src/freebsd/device.c
 src/solaris/device.c
 src/netbsd/device.c
 src/openbsd/device.c
--- a/po/nl.po
+++ b/po/nl.po
--- a/src/Makefile.am
+++ b/src/Makefile.am
@ -1,22 +1,31 @@
 ## Produce this file with automake to get Makefile.in
-# $Id: Makefile.am,v 1.5 2000/10/18 20:12:08 zarq Exp $
+# $Id: Makefile.am,v 1.6 2002/04/09 15:28:45 zarq Exp $
-sbin_PROGRAMS = tincd genauth
+sbin_PROGRAMS = tincd
-genauth_SOURCES = genauth.c
+EXTRA_DIST = linux/device.c freebsd/device.c openbsd/device.c solaris/device.c
 tincd_SOURCES = conf.c connlist.c meta.c net.c netutl.c protocol.c subnet.c tincd.c
-INCLUDES = -I$(top_builddir) -I$(top_srcdir)/cipher -I$(top_srcdir)/lib -I$(top_srcdir)/intl
+tincd_SOURCES = conf.c connection.c device.c edge.c event.c graph.c meta.c net.c net_packet.c net_setup.c	\
 	net_socket.c netutl.c node.c process.c protocol.c protocol_auth.c protocol_edge.c protocol_misc.c	\
 	protocol_key.c protocol_subnet.c route.c subnet.c tincd.c
-noinst_HEADERS = conf.h connlist.h meta.h net.h netutl.h protocol.h subnet.h
+INCLUDES = @INCLUDES@ -I$(top_builddir) -I$(top_srcdir)/lib -I$(top_srcdir)/intl
 noinst_HEADERS = conf.h connection.h device.h edge.h event.h graph.h meta.h net.h netutl.h node.h process.h	\
 	protocol.h route.h subnet.h
 LIBS = @LIBS@ @INTLLIBS@
 tincd_LDADD = \
 	$(top_builddir)/lib/libvpn.a
 genauth_LDADD = $(top_builddir)/lib/libvpn.a
 localedir = $(datadir)/locale
-CFLAGS = @CFLAGS@ -DPKGLIBDIR=$(pkglibdir) -DCONFDIR=\"@sysconfdir@\" -DLOCALEDIR=\"$(localedir)\"
+CFLAGS = @CFLAGS@ -DPKGLIBDIR=$(pkglibdir) -DCONFDIR=\"$(sysconfdir)\"	\
 	-DLOCALEDIR=\"$(localedir)\" -DLOCALSTATEDIR=\"$(localstatedir)\"
 dist-hook:
 	rm -f `find . -type l`
 lint: $(tincd_SOURCES)
 	lclint -nullassign -nullret +trytorecover +posixlib -skipansiheaders -skipposixheaders +gnuextensions -I/usr/include -I/usr/lib/gcc-lib/i386-linux/2.95.2/include -I. -I/home/zarq/p/tinc/cvs/cabal/src -I.. -I.. -I/home/zarq/p/tinc/cvs/cabal/lib -I/home/zarq/p/tinc/cvs/cabal/intl -D_POSIX_SOURCE -D__ELF__ -Dunix -D__i386__ -Dlinux -DHAVE_CONFIG_H -DPKGLIBDIR=/usr/local/lib/tinc -DCONFDIR=\"/usr/local/etc\" -DLOCALEDIR=\"/usr/local/share/locale\" $^