From b0b48beab1b74100b61ecbadb9140c9ab4c2ea8c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 2 Aug 2016 11:06:23 +1000 Subject: update recommended autoconf version --- INSTALL | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'INSTALL') diff --git a/INSTALL b/INSTALL index 582eef8ef..d3db6206c 100644 --- a/INSTALL +++ b/INSTALL @@ -85,7 +85,7 @@ http://nlnetlabs.nl/projects/ldns/ Autoconf: If you modify configure.ac or configure doesn't exist (eg if you checked -the code out of CVS yourself) then you will need autoconf-2.68 to rebuild +the code out of CVS yourself) then you will need autoconf-2.69 to rebuild the automatically generated files by running "autoreconf". Earlier versions may also work but this is not guaranteed. -- cgit v1.2.3 From 560c0068541315002ec4c1c00a560bbd30f2d671 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 17 Aug 2016 13:38:30 +1000 Subject: Add a section for compiler specifics. Add a section for compiler specifics and document the runtime requirements for clang's integer sanitization. --- INSTALL | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'INSTALL') diff --git a/INSTALL b/INSTALL index d3db6206c..dc996f8a7 100644 --- a/INSTALL +++ b/INSTALL @@ -1,6 +1,11 @@ -1. Prerequisites ---------------- +A C compiler. Any C89 or better compiler should work. Where supported, +configure will attempt to enable the compiler's run-time integrity checking +options. Some notes about specific compilers: + - clang: -ftrapv and -sanitize=integer require the compiler-rt runtime + (--with-ldflags=--rtlib=compiler-rt) + You will need working installations of Zlib and libcrypto (LibreSSL / OpenSSL) -- cgit v1.2.3 From adab758242121181700e48b4f6c60d6b660411fe Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 17 Aug 2016 13:40:58 +1000 Subject: Remove now-obsolete CVS $Id tags from text files. Since -portable switched to git, the CVS $Id tags are no longer being updated and are becoming increasingly misleading. Remove them. --- CREDITS | 3 --- INSTALL | 3 --- README | 2 -- README.platform | 3 --- README.privsep | 2 -- TODO | 2 -- 6 files changed, 15 deletions(-) (limited to 'INSTALL') diff --git a/CREDITS b/CREDITS index eaf105a91..43be5e5f2 100644 --- a/CREDITS +++ b/CREDITS @@ -100,6 +100,3 @@ Zack Weinberg - GNOME askpass enhancement Apologies to anyone I have missed. Damien Miller - -$Id: CREDITS,v 1.81 2006/08/30 17:24:41 djm Exp $ - diff --git a/INSTALL b/INSTALL index dc996f8a7..bd5967700 100644 --- a/INSTALL +++ b/INSTALL @@ -263,6 +263,3 @@ summary data may be published. If you experience problems compiling, installing or running OpenSSH. Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ - - -$Id: INSTALL,v 1.91 2014/09/09 02:23:11 dtucker Exp $ diff --git a/README b/README index 4b6c3423f..a53551a98 100644 --- a/README +++ b/README @@ -65,5 +65,3 @@ References - (PAM also is standard on Solaris and HP-UX 11) [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 [7] http://www.openssh.com/faq.html - -$Id: README,v 1.87 2014/08/10 01:35:06 djm Exp $ diff --git a/README.platform b/README.platform index 8d75c16c1..c7be95fb6 100644 --- a/README.platform +++ b/README.platform @@ -94,6 +94,3 @@ added to sshd's session stack which will prevent users from starting shell sessions. Alternatively, pam_nologin can be added to either the auth or account stacks which will prevent authentication entirely, but will still return the output from pam_nologin to the client. - - -$Id: README.platform,v 1.10 2009/08/28 23:14:48 dtucker Exp $ diff --git a/README.privsep b/README.privsep index f565e72da..d910650c5 100644 --- a/README.privsep +++ b/README.privsep @@ -59,5 +59,3 @@ Given the following process listing (from HP-UX): process 1005 is the sshd process listening for new connections. process 6917 is the privileged monitor process, 6919 is the user owned sshd process and 6921 is the shell process. - -$Id: README.privsep,v 1.16 2005/06/04 23:21:41 djm Exp $ diff --git a/TODO b/TODO index e8aaa4b96..645787a6c 100644 --- a/TODO +++ b/TODO @@ -82,5 +82,3 @@ PrivSep Issues: + SIA is broken - Cygwin + Privsep for Pre-auth only (no fd passing) - -$Id: TODO,v 1.58 2004/12/06 11:40:11 dtucker Exp $ -- cgit v1.2.3 From 9abf84c25ff4448891edcde60533a6e7b2870de1 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 17 Aug 2016 14:25:43 +1000 Subject: Correct LDFLAGS for clang example. --with-ldflags isn't used until after the -ftrapv test, so mention LDFLAGS instead for now. --- INSTALL | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'INSTALL') diff --git a/INSTALL b/INSTALL index bd5967700..e25adeb1a 100644 --- a/INSTALL +++ b/INSTALL @@ -4,7 +4,7 @@ A C compiler. Any C89 or better compiler should work. Where supported, configure will attempt to enable the compiler's run-time integrity checking options. Some notes about specific compilers: - clang: -ftrapv and -sanitize=integer require the compiler-rt runtime - (--with-ldflags=--rtlib=compiler-rt) + (CC=clang LDFLAGS=--rtlib=compiler-rt ./configure) You will need working installations of Zlib and libcrypto (LibreSSL / OpenSSL) -- cgit v1.2.3 From 976ba8a8fd66a969bf658280c1e5adf694cc2fc6 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 17 Aug 2016 15:33:10 +1000 Subject: Fix typo. --- INSTALL | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'INSTALL') diff --git a/INSTALL b/INSTALL index e25adeb1a..9613233c1 100644 --- a/INSTALL +++ b/INSTALL @@ -9,7 +9,7 @@ options. Some notes about specific compilers: You will need working installations of Zlib and libcrypto (LibreSSL / OpenSSL) -Zlib 1.1.4 or 1.2.1.2 or greater (ealier 1.2.x versions have problems): +Zlib 1.1.4 or 1.2.1.2 or greater (earlier 1.2.x versions have problems): http://www.gzip.org/zlib/ libcrypto (LibreSSL or OpenSSL >= 0.9.8f < 1.1.0) -- cgit v1.2.3 From dd4e7212a6141f37742de97795e79db51e4427ad Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 21 Oct 2016 06:48:46 +1100 Subject: Update host key generation examples. Remove ssh1 host key generation, add ssh-keygen -A --- INSTALL | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'INSTALL') diff --git a/INSTALL b/INSTALL index 9613233c1..aea57902e 100644 --- a/INSTALL +++ b/INSTALL @@ -229,9 +229,13 @@ review it to ensure that it matches your security requirements. To generate a host key, run "make host-key". Alternately you can do so manually using the following commands: - ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N "" - ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N "" - ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N "" + ssh-keygen -t [type] -f /etc/ssh/ssh_host_key -N "" + +for each of the types you wish to generate (rsa, dsa or ecdsaa) or + + ssh-keygen -A + +to generate keys for all supported types. Replacing /etc/ssh with the correct path to the configuration directory. (${prefix}/etc or whatever you specified with --sysconfdir during -- cgit v1.2.3 From 461f50e7ab8751d3a55e9158c44c13031db7ba1d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 21 Oct 2016 06:55:58 +1100 Subject: Update links to https. www.openssh.com now supports https and ftp.openbsd.org no longer supports ftp. Make all links to these https. --- INSTALL | 2 +- PROTOCOL | 6 +++--- buildpkg.sh.in | 2 +- contrib/redhat/openssh.spec | 4 ++-- contrib/suse/openssh.spec | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) (limited to 'INSTALL') diff --git a/INSTALL b/INSTALL index aea57902e..6bc80b68f 100644 --- a/INSTALL +++ b/INSTALL @@ -266,4 +266,4 @@ summary data may be published. If you experience problems compiling, installing or running OpenSSH. Please refer to the "reporting bugs" section of the webpage at -http://www.openssh.com/ +https://www.openssh.com/ diff --git a/PROTOCOL b/PROTOCOL index c6f99a31a..192da55b2 100644 --- a/PROTOCOL +++ b/PROTOCOL @@ -4,7 +4,7 @@ protocol. Note that OpenSSH's sftp and sftp-server implement revision 3 of the SSH filexfer protocol described in: -http://www.openssh.com/txt/draft-ietf-secsh-filexfer-02.txt +https://www.openssh.com/txt/draft-ietf-secsh-filexfer-02.txt Newer versions of the draft will not be supported, though some features are individually implemented as extensions described below. @@ -20,7 +20,7 @@ This is a new transport-layer MAC method using the UMAC algorithm (rfc4418). This method is identical to the "umac-64" method documented in: -http://www.openssh.com/txt/draft-miller-secsh-umac-01.txt +https://www.openssh.com/txt/draft-miller-secsh-umac-01.txt 1.2. transport: Protocol 2 compression algorithm "zlib@openssh.com" @@ -31,7 +31,7 @@ avoids exposing compression code to attacks from unauthenticated users. The method is documented in: -http://www.openssh.com/txt/draft-miller-secsh-compression-delayed-00.txt +https://www.openssh.com/txt/draft-miller-secsh-compression-delayed-00.txt 1.3. transport: New public key algorithms "ssh-rsa-cert-v00@openssh.com", "ssh-dsa-cert-v00@openssh.com", diff --git a/buildpkg.sh.in b/buildpkg.sh.in index 4b842b3f7..4ccc5f8d1 100644 --- a/buildpkg.sh.in +++ b/buildpkg.sh.in @@ -247,7 +247,7 @@ cat > pkginfo << _EOF PKG=$PKGNAME NAME="OpenSSH Portable for ${UNAME_S}" DESC="Secure Shell remote access utility; replaces telnet and rlogin/rsh." -VENDOR="OpenSSH Portable Team - http://www.openssh.com/portable.html" +VENDOR="OpenSSH Portable Team - https://www.openssh.com/portable.html" ARCH=$ARCH VERSION=$VERSION$REV CATEGORY="Security,application" diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index fd8678f12..34bbc469a 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec @@ -72,8 +72,8 @@ Release: %{rel}rescue %else Release: %{rel} %endif -URL: http://www.openssh.com/portable.html -Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz +URL: https://www.openssh.com/portable.html +Source0: https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz %if ! %{no_x11_askpass} Source1: http://www.jmknoble.net/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.gz %endif diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index d2b2728d5..5b64c150f 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec @@ -14,7 +14,7 @@ Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation Name: openssh Version: 7.3p1 -URL: http://www.openssh.com/ +URL: https://www.openssh.com/ Release: 1 Source0: openssh-%{version}.tar.gz Source1: x11-ssh-askpass-%{xversion}.tar.gz -- cgit v1.2.3