From d9c88138f779e07209ddb0f6bccf6b78427be6ed Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 19 Apr 2005 12:21:21 +1000 Subject: - (dtucker) [INSTALL] Reference README.privsep for the privilege separation requirements. Pointed out by Bengt Svensson. --- INSTALL | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'INSTALL') diff --git a/INSTALL b/INSTALL index 4fc3744f3..314e5bdc8 100644 --- a/INSTALL +++ b/INSTALL @@ -91,6 +91,10 @@ make install This will install the binaries in /opt/{bin,lib,sbin}, but will place the configuration files in /etc/ssh. +If you are using Privilege Separation (which is enabled by default) +then you will also need to create the user, group and directory used by +sshd for privilege separation. See README.privsep for details. + If you are using PAM, you may need to manually install a PAM control file as "/etc/pam.d/sshd" (or wherever your system prefers to keep them). Note that the service name used to start PAM is __progname, @@ -221,4 +225,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.66 2005/01/18 01:05:18 dtucker Exp $ +$Id: INSTALL,v 1.67 2005/04/19 02:21:21 dtucker Exp $ -- cgit v1.2.3 From ad1e5e286c13e4e4f3a4df308ab5581a8f46925a Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 19 Apr 2005 15:31:49 +1000 Subject: - (dtucker) [INSTALL] Put the s/key text and URL back together. --- ChangeLog | 3 ++- INSTALL | 13 +++++++------ 2 files changed, 9 insertions(+), 7 deletions(-) (limited to 'INSTALL') diff --git a/ChangeLog b/ChangeLog index ee5b59bf7..d652fdb37 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,7 @@ 20050419 - (dtucker) [INSTALL] Reference README.privsep for the privilege separation requirements. Pointed out by Bengt Svensson. + - (dtucker) [INSTALL] Put the s/key text and URL back together. 20050411 - (tim) [configure.ac] UnixWare needs PASSWD_NEEDS_USERNAME @@ -2434,4 +2435,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3742 2005/04/19 02:21:21 dtucker Exp $ +$Id: ChangeLog,v 1.3743 2005/04/19 05:31:49 dtucker Exp $ diff --git a/INSTALL b/INSTALL index 314e5bdc8..12f53ba9e 100644 --- a/INSTALL +++ b/INSTALL @@ -50,20 +50,21 @@ lacks /dev/random and don't want to use OpenSSH's internal entropy collection. http://www.lothar.com/tech/crypto/ S/Key Libraries: + +If you wish to use --with-skey then you will need the above library +installed. No other current S/Key library is currently known to be +supported. + http://www.sparc.spb.su/solaris/skey/ LibEdit: - sftp now supports command-line editing via NetBSD's libedit. If your platform has it available natively you can use that, alternatively you might try these multi-platform ports: + http://www.thrysoee.dk/editline/ http://sourceforge.net/projects/libedit/ -If you wish to use --with-skey then you will need the above library -installed. No other current S/Key library is currently known to be -supported. - 2. Building / Installation -------------------------- @@ -225,4 +226,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.67 2005/04/19 02:21:21 dtucker Exp $ +$Id: INSTALL,v 1.68 2005/04/19 05:31:49 dtucker Exp $ -- cgit v1.2.3 From 8d158c9937e74cfa5c65187fca83f5ebc0dbef4c Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 19 Apr 2005 15:40:51 +1000 Subject: - (dtucker) [INSTALL] Fix s/key text too. --- ChangeLog | 3 ++- INSTALL | 7 +++---- 2 files changed, 5 insertions(+), 5 deletions(-) (limited to 'INSTALL') diff --git a/ChangeLog b/ChangeLog index d652fdb37..7a51b9b4e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,7 @@ - (dtucker) [INSTALL] Reference README.privsep for the privilege separation requirements. Pointed out by Bengt Svensson. - (dtucker) [INSTALL] Put the s/key text and URL back together. + - (dtucker) [INSTALL] Fix s/key text too. 20050411 - (tim) [configure.ac] UnixWare needs PASSWD_NEEDS_USERNAME @@ -2435,4 +2436,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3743 2005/04/19 05:31:49 dtucker Exp $ +$Id: ChangeLog,v 1.3744 2005/04/19 05:40:51 dtucker Exp $ diff --git a/INSTALL b/INSTALL index 12f53ba9e..7de5cb496 100644 --- a/INSTALL +++ b/INSTALL @@ -51,9 +51,8 @@ http://www.lothar.com/tech/crypto/ S/Key Libraries: -If you wish to use --with-skey then you will need the above library -installed. No other current S/Key library is currently known to be -supported. +If you wish to use --with-skey then you will need the library below +installed. No other S/Key library is currently known to be supported. http://www.sparc.spb.su/solaris/skey/ @@ -226,4 +225,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.68 2005/04/19 05:31:49 dtucker Exp $ +$Id: INSTALL,v 1.69 2005/04/19 05:40:51 dtucker Exp $ -- cgit v1.2.3 From 2f0b5c4869bab45bccb8472590bbd3edb44c092a Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 24 Apr 2005 17:52:22 +1000 Subject: - (dtucker) [INSTALL configure.ac] Make zlib version check test for 1.1.4 or 1.2.1.2 or higher. With tim@, ok djm@ --- ChangeLog | 10 +++++++++- INSTALL | 4 ++-- configure.ac | 29 ++++++++++++++++++++--------- 3 files changed, 31 insertions(+), 12 deletions(-) (limited to 'INSTALL') diff --git a/ChangeLog b/ChangeLog index a865fce6d..d2d2f347f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20050424 + - (dtucker) [INSTALL configure.ac] Make zlib version check test for 1.1.4 or + 1.2.1.2 or higher. With tim@, ok djm@ + 20050423 - (tim) [config.guess] Add support for OpenServer 6. @@ -5,6 +9,10 @@ - (dtucker) [session.c] Bug #1024: Don't check pam_session_is_open if UseLogin is set as PAM is not used to establish credentials in that case. Found by Michael Selvesteen, ok djm@ + - (dtucker) [auth-pam.c] Since people don't seem to be getting the message, + USE_POSIX_THREADS is now known as UNSUPPORTED_POSIX_THREADS_HACK. + USE_POSIX_THREADS will now generate an error so we don't silently change + behaviour. ok djm@ 20050419 - (dtucker) [INSTALL] Reference README.privsep for the privilege separation @@ -2444,4 +2452,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3746 2005/04/24 01:17:29 tim Exp $ +$Id: ChangeLog,v 1.3747 2005/04/24 07:52:22 dtucker Exp $ diff --git a/INSTALL b/INSTALL index 7de5cb496..753d2d061 100644 --- a/INSTALL +++ b/INSTALL @@ -3,7 +3,7 @@ You will need working installations of Zlib and OpenSSL. -Zlib 1.1.4 or greater: +Zlib 1.1.4 or 1.2.1.2 or greater (ealier 1.2.x versions have problems): http://www.gzip.org/zlib/ OpenSSL 0.9.6 or greater: @@ -225,4 +225,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.69 2005/04/19 05:40:51 dtucker Exp $ +$Id: INSTALL,v 1.70 2005/04/24 07:52:23 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 8d8688bfb..20c8f1587 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.259 2005/04/12 02:00:18 tim Exp $ +# $Id: configure.ac,v 1.260 2005/04/24 07:52:23 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -643,29 +643,40 @@ AC_ARG_WITH(zlib-version-check, ] ) -AC_MSG_CHECKING(for zlib 1.1.4 or greater) +AC_MSG_CHECKING(for possibly buggy zlib) AC_RUN_IFELSE([AC_LANG_SOURCE([[ +#include #include int main() { - int a, b, c, v; - if (sscanf(ZLIB_VERSION, "%d.%d.%d", &a, &b, &c) != 3) + int a=0, b=0, c=0, d=0, n, v; + n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); + if (n != 3 && n != 4) exit(1); - v = a*1000000 + b*1000 + c; - if (v >= 1001004) + v = a*1000000 + b*10000 + c*100 + d; + fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); + + /* 1.1.4 is OK */ + if (a == 1 && b == 1 && c >= 4) + exit(0); + + /* 1.2.1.2 and up are OK */ + if (v >= 1020102) exit(0); + exit(2); } ]])], - AC_MSG_RESULT(yes), - [ AC_MSG_RESULT(no) + AC_MSG_RESULT(no), + [ AC_MSG_RESULT(yes) if test -z "$zlib_check_nonfatal" ; then AC_MSG_ERROR([*** zlib too old - check config.log *** Your reported zlib version has known security problems. It's possible your vendor has fixed these problems without changing the version number. If you are sure this is the case, you can disable the check by running "./configure --without-zlib-version-check". -If you are in doubt, upgrade zlib to version 1.1.4 or greater.]) +If you are in doubt, upgrade zlib to version 1.2.1.2 or greater. +See http://www.gzip.org/zlib/ for details.]) else AC_MSG_WARN([zlib version may have security problems]) fi -- cgit v1.2.3