From fabdb6c29022846ed10fde235db0a7c53f21a6b1 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 20 Feb 2006 20:17:35 +1100 Subject: - (dtucker) [INSTALL configure.ac openbsd-compat/openssl-compat.{c,h}] Add optional enabling of OpenSSL's (hardware) Engine support, via configure --with-ssl-engine. Based in part on a diff by michal at logix.cz. --- INSTALL | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'INSTALL') diff --git a/INSTALL b/INSTALL index 753d2d061..38f39473f 100644 --- a/INSTALL +++ b/INSTALL @@ -165,6 +165,8 @@ created. --with-ssl-dir=DIR allows you to specify where your OpenSSL libraries are installed. +--with-ssl-engine enables OpenSSL's (hardware) ENGINE support + --with-4in6 Check for IPv4 in IPv6 mapped addresses and convert them to real (AF_INET) IPv4 addresses. Works around some quirks on Linux. @@ -225,4 +227,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.70 2005/04/24 07:52:23 dtucker Exp $ +$Id: INSTALL,v 1.71 2006/02/20 09:17:36 dtucker Exp $ -- cgit v1.2.3 From 3eb4834489426bd796da90299b2f8174b744dddd Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 23 Jun 2006 21:05:12 +1000 Subject: - (dtucker) [README.platform configure.ac openbsd-compat/port-tun.c] Add tunnel support for Mac OS X/Darwin via a third-party tun driver. Patch from reyk@, tested by anil@ --- ChangeLog | 7 ++++++- INSTALL | 12 +++++++----- README.platform | 14 +++++++++++++- configure.ac | 10 ++++++++-- openbsd-compat/port-tun.c | 4 ++++ 5 files changed, 38 insertions(+), 9 deletions(-) (limited to 'INSTALL') diff --git a/ChangeLog b/ChangeLog index 30cd23659..327fec1d6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20060623 + - (dtucker) [README.platform configure.ac openbsd-compat/port-tun.c] Add + tunnel support for Mac OS X/Darwin via a third-party tun driver. Patch + from reyk@, tested by anil@ + 20060613 - (djm) [getput.h] This file has been replaced by functions in misc.c - OpenBSD CVS Sync @@ -4685,4 +4690,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4344 2006/06/13 03:15:54 djm Exp $ +$Id: ChangeLog,v 1.4345 2006/06/23 11:05:12 dtucker Exp $ diff --git a/INSTALL b/INSTALL index 38f39473f..efc7b47d0 100644 --- a/INSTALL +++ b/INSTALL @@ -57,9 +57,10 @@ installed. No other S/Key library is currently known to be supported. http://www.sparc.spb.su/solaris/skey/ LibEdit: -sftp now supports command-line editing via NetBSD's libedit. If your -platform has it available natively you can use that, alternatively -you might try these multi-platform ports: + +sftp supports command-line editing via NetBSD's libedit. If your platform +has it available natively you can use that, alternatively you might try +these multi-platform ports: http://www.thrysoee.dk/editline/ http://sourceforge.net/projects/libedit/ @@ -210,7 +211,8 @@ for sshd, ssh and ssh-agent. ------------------------- $ make survey -[check the contents and make sure there's no sensitive information] +[check the contents of the file "survey" to ensure there's no information +that you consider sensitive] $ make send-survey This will send configuration information for the currently configured @@ -227,4 +229,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.71 2006/02/20 09:17:36 dtucker Exp $ +$Id: INSTALL,v 1.72 2006/06/23 11:05:13 dtucker Exp $ diff --git a/README.platform b/README.platform index 4c18a3278..b7dc3f91c 100644 --- a/README.platform +++ b/README.platform @@ -30,6 +30,18 @@ gcc, gcc-mingw-core, mingw-runtime, binutils, make, openssl, openssl-devel, zlib, minres, minires-devel. +Darwin and MacOS X +------------------ +Darwin does not provide a tun(4) driver required for OpenSSH-based +virtual private networks. The BSD manpage still exists, but the driver +has been removed in recent releases of Darwin and MacOS X. + +Nevertheless, tunnel support is known to work with Darwin 8 and +MacOS X 10.4 in Point-to-Point (Layer 3) and Ethernet (Layer 2) mode +using a third party driver. More information is available at: + http://www-user.rhrk.uni-kl.de/~nissler/tuntap/ + + Solaris ------- If you enable BSM auditing on Solaris, you need to update audit_event(4) @@ -55,4 +67,4 @@ account stacks which will prevent authentication entirely, but will still return the output from pam_nologin to the client. -$Id: README.platform,v 1.6 2005/11/05 05:28:35 dtucker Exp $ +$Id: README.platform,v 1.7 2006/06/23 11:05:13 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 093c17643..c3cb68f28 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.339 2006/04/22 11:26:08 djm Exp $ +# $Id: configure.ac,v 1.340 2006/06/23 11:05:13 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.339 $) +AC_REVISION($Revision: 1.340 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -231,6 +231,11 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) AC_DEFINE(BROKEN_SETREGID) AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1, [Define if your resolver libs need this for getrrsetbyname]) + AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way]) + AC_DEFINE(SSH_TUN_COMPAT_AF, 1, + [Use tunnel device compatibility to OpenBSD]) + AC_DEFINE(SSH_TUN_PREPEND_AF, 1, + [Prepend the address family to IP tunnel traffic]) ;; *-*-hpux*) # first we define all of the options common to all HP-UX releases @@ -682,6 +687,7 @@ AC_CHECK_HEADERS( \ login.h \ maillock.h \ ndir.h \ + net/if_tun.h \ netdb.h \ netgroup.h \ pam/pam_appl.h \ diff --git a/openbsd-compat/port-tun.c b/openbsd-compat/port-tun.c index d09fe3d06..6e1fed969 100644 --- a/openbsd-compat/port-tun.c +++ b/openbsd-compat/port-tun.c @@ -29,6 +29,7 @@ * settings. * * SSH_TUN_LINUX Use the (newer) Linux tun/tap device + * SSH_TUN_FREEBSD Use the FreeBSD tun/tap device * SSH_TUN_COMPAT_AF Translate the OpenBSD address family * SSH_TUN_PREPEND_AF Prepend/remove the address family */ @@ -96,7 +97,10 @@ sys_tun_open(int tun, int mode) #ifdef SSH_TUN_FREEBSD #include #include + +#ifdef HAVE_NET_IF_TUN_H #include +#endif int sys_tun_open(int tun, int mode) -- cgit v1.2.3 From db4c54bed101d48e0fc844e8b8d37ec025d9f50d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 30 Jun 2006 16:20:58 +1000 Subject: - (dtucker) [INSTALL] Bug #1202: Note when autoconf is required and which version. --- ChangeLog | 4 +++- INSTALL | 12 +++++++++++- 2 files changed, 14 insertions(+), 2 deletions(-) (limited to 'INSTALL') diff --git a/ChangeLog b/ChangeLog index 9dad80a70..1b4ac886d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,8 @@ declaration too. Patch from russ at sludge.net. - (dtucker) [openbsd-compat/getrrsetbyname.c] Undef _res before defining it, prevents warnings on platforms where _res is in the system headers. + - (dtucker) [INSTALL] Bug #1202: Note when autoconf is required and which + version. 20060627 - (dtucker) [configure.ac] Bug #1203: Add missing '[', which causes problems @@ -4718,4 +4720,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4352 2006/06/30 01:47:49 dtucker Exp $ +$Id: ChangeLog,v 1.4353 2006/06/30 06:20:58 dtucker Exp $ diff --git a/INSTALL b/INSTALL index efc7b47d0..616e0ba83 100644 --- a/INSTALL +++ b/INSTALL @@ -12,6 +12,8 @@ http://www.openssl.org/ (OpenSSL 0.9.5a is partially supported, but some ciphers (SSH protocol 1 Blowfish) do not work correctly.) +The remaining items are optional. + OpenSSH can utilise Pluggable Authentication Modules (PAM) if your system supports it. PAM is standard on Redhat and Debian Linux, Solaris and HP-UX 11. @@ -65,6 +67,14 @@ these multi-platform ports: http://www.thrysoee.dk/editline/ http://sourceforge.net/projects/libedit/ +Autoconf: + +If you modify configure.ac then you will need autoconf-2.59 to rebuild +the automatically generated files by running "autoreconf". + +http://www.gnu.org/software/autoconf/ + + 2. Building / Installation -------------------------- @@ -229,4 +239,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.72 2006/06/23 11:05:13 dtucker Exp $ +$Id: INSTALL,v 1.73 2006/06/30 06:20:59 dtucker Exp $ -- cgit v1.2.3 From f32f55259c1209903bac2845cf70e3464158c42d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 6 Jul 2006 19:12:08 +1000 Subject: - (dtucker) [INSTALL] A bit more info on autoconf. --- ChangeLog | 3 ++- INSTALL | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) (limited to 'INSTALL') diff --git a/ChangeLog b/ChangeLog index e438b495f..13102343e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,7 @@ - (dtucker) [configure.ac] Try AIX blibpath test in different order when compiling with gcc. gcc 4.1.x will accept (but ignore) -b flags so configure would not select the correct libpath linker flags. + - (dtucker) [INSTALL] A bit more info on autoconf. 20060705 - (dtucker) [ssh-rand-helper.c] Don't exit if mkdir fails because the @@ -4729,4 +4730,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4357 2006/07/06 01:56:25 dtucker Exp $ +$Id: ChangeLog,v 1.4358 2006/07/06 09:12:08 dtucker Exp $ diff --git a/INSTALL b/INSTALL index 616e0ba83..186938c14 100644 --- a/INSTALL +++ b/INSTALL @@ -69,7 +69,8 @@ http://sourceforge.net/projects/libedit/ Autoconf: -If you modify configure.ac then you will need autoconf-2.59 to rebuild +If you modify configure.ac or configure doesn't exist (eg if you checked +the code out of CVS yourself) then you will need autoconf-2.59 to rebuild the automatically generated files by running "autoreconf". http://www.gnu.org/software/autoconf/ @@ -239,4 +240,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.73 2006/06/30 06:20:59 dtucker Exp $ +$Id: INSTALL,v 1.74 2006/07/06 09:12:08 dtucker Exp $ -- cgit v1.2.3 From e34c96aea139680ffe8101b6527e45420811e0c0 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 10 Jul 2006 12:55:24 +1000 Subject: - (dtucker) [INSTALL] New autoconf version: 2.60. --- ChangeLog | 5 ++++- INSTALL | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'INSTALL') diff --git a/ChangeLog b/ChangeLog index 13102343e..b95525db2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20060710 + - (dtucker) [INSTALL] New autoconf version: 2.60. + 20060706 - (dtucker) [configure.ac] Try AIX blibpath test in different order when compiling with gcc. gcc 4.1.x will accept (but ignore) -b flags so @@ -4730,4 +4733,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4358 2006/07/06 09:12:08 dtucker Exp $ +$Id: ChangeLog,v 1.4359 2006/07/10 02:55:24 dtucker Exp $ diff --git a/INSTALL b/INSTALL index 186938c14..3f0adfa1d 100644 --- a/INSTALL +++ b/INSTALL @@ -70,7 +70,7 @@ http://sourceforge.net/projects/libedit/ Autoconf: If you modify configure.ac or configure doesn't exist (eg if you checked -the code out of CVS yourself) then you will need autoconf-2.59 to rebuild +the code out of CVS yourself) then you will need autoconf-2.60 to rebuild the automatically generated files by running "autoreconf". http://www.gnu.org/software/autoconf/ @@ -240,4 +240,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.74 2006/07/06 09:12:08 dtucker Exp $ +$Id: INSTALL,v 1.75 2006/07/10 02:55:24 dtucker Exp $ -- cgit v1.2.3 From 83bbb03e52743b8b0d6500fdf46bd9436b0a2543 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 17 Sep 2006 22:55:52 +1000 Subject: - (dtucker) [INSTALL] Add info about audit support. --- ChangeLog | 3 ++- INSTALL | 12 +++++++++++- 2 files changed, 13 insertions(+), 2 deletions(-) (limited to 'INSTALL') diff --git a/ChangeLog b/ChangeLog index 6af6190c6..a16e83478 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,7 @@ - (dtucker) [monitor.c] Correctly handle auditing of single commands when using Protocol 1. From jhb at freebsd. - (djm) [sshd.c] Fix warning/API abuse; ok dtucker@ + - (dtucker) [INSTALL] Add info about audit support. 20060912 - (djm) [Makefile.in buildpkg.sh.in configure.ac openssh.xml.in] @@ -5448,4 +5449,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4549 2006/09/17 04:04:46 djm Exp $ +$Id: ChangeLog,v 1.4550 2006/09/17 12:55:52 dtucker Exp $ diff --git a/INSTALL b/INSTALL index 3f0adfa1d..1c784a527 100644 --- a/INSTALL +++ b/INSTALL @@ -75,6 +75,12 @@ the automatically generated files by running "autoreconf". http://www.gnu.org/software/autoconf/ +Basic Security Module (BSM): + +Native BSM support is know to exist in Solaris from at least 2.5.1, +FreeBSD 6.1 and OS X. Alternatively, you may use the OpenBSM +implementation (http://www.openbsm.org). + 2. Building / Installation -------------------------- @@ -125,6 +131,10 @@ name). There are a few other options to the configure script: +--with-audit=[module] enable additional auditing via the specified module. +Currently, drivers for "debug" (additional info via syslog) and "bsm" +(Sun's Basic Security Module) are supported. + --with-pam enables PAM support. If PAM support is compiled in, it must also be enabled in sshd_config (refer to the UsePAM directive). @@ -240,4 +250,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.75 2006/07/10 02:55:24 dtucker Exp $ +$Id: INSTALL,v 1.76 2006/09/17 12:55:52 dtucker Exp $ -- cgit v1.2.3 From aef5beef1287144cc2e21047c95b351db374ff03 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 2 Mar 2007 17:53:41 +1100 Subject: - (dtucker) [INSTALL] Update to autoconf-2.61. --- ChangeLog | 3 ++- INSTALL | 7 ++++--- 2 files changed, 6 insertions(+), 4 deletions(-) (limited to 'INSTALL') diff --git a/ChangeLog b/ChangeLog index b1faab391..84781a403 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,7 @@ - (dtucker) [configure.ac] For Cygwin, read files in textmode (which allows CRLF as well as LF lineendings) and write in binary mode. Patch from vinschen at redhat.com. + - (dtucker) [INSTALL] Update to autoconf-2.61. 20070301 - (dtucker) OpenBSD CVS Sync @@ -2789,4 +2790,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4627 2007/03/02 06:50:03 dtucker Exp $ +$Id: ChangeLog,v 1.4628 2007/03/02 06:53:41 dtucker Exp $ diff --git a/INSTALL b/INSTALL index 1c784a527..af02c0b49 100644 --- a/INSTALL +++ b/INSTALL @@ -70,8 +70,9 @@ http://sourceforge.net/projects/libedit/ Autoconf: If you modify configure.ac or configure doesn't exist (eg if you checked -the code out of CVS yourself) then you will need autoconf-2.60 to rebuild -the automatically generated files by running "autoreconf". +the code out of CVS yourself) then you will need autoconf-2.61 to rebuild +the automatically generated files by running "autoreconf". Earlier +version may also work but this is not guaranteed. http://www.gnu.org/software/autoconf/ @@ -250,4 +251,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.76 2006/09/17 12:55:52 dtucker Exp $ +$Id: INSTALL,v 1.77 2007/03/02 06:53:41 dtucker Exp $ -- cgit v1.2.3