head	1.18;
access;
symbols
	RELENG_8_4:1.17.0.2
	RELENG_9_1_0_RELEASE:1.15.4.1.4.2
	RELENG_9_1:1.15.4.1.0.4
	RELENG_9_1_BP:1.15.4.1
	RELENG_8_3_0_RELEASE:1.15.2.1.8.1
	RELENG_8_3:1.15.2.1.0.8
	RELENG_8_3_BP:1.15.2.1
	RELENG_9_0_0_RELEASE:1.15.4.1.2.1
	RELENG_9_0:1.15.4.1.0.2
	RELENG_9_0_BP:1.15.4.1
	RELENG_9:1.15.0.4
	RELENG_9_BP:1.15
	RELENG_7_4_0_RELEASE:1.12.2.1.8.1
	RELENG_8_2_0_RELEASE:1.15.2.1.6.1
	RELENG_7_4:1.12.2.1.0.8
	RELENG_7_4_BP:1.12.2.1
	RELENG_8_2:1.15.2.1.0.6
	RELENG_8_2_BP:1.15.2.1
	RELENG_8_1_0_RELEASE:1.15.2.1.4.1
	RELENG_8_1:1.15.2.1.0.4
	RELENG_8_1_BP:1.15.2.1
	RELENG_7_3_0_RELEASE:1.12.2.1.6.1
	RELENG_7_3:1.12.2.1.0.6
	RELENG_7_3_BP:1.12.2.1
	RELENG_8_0_0_RELEASE:1.15.2.1.2.1
	RELENG_8_0:1.15.2.1.0.2
	RELENG_8_0_BP:1.15.2.1
	RELENG_8:1.15.0.2
	RELENG_8_BP:1.15
	RELENG_7_2_0_RELEASE:1.12.2.1.4.1
	RELENG_7_2:1.12.2.1.0.4
	RELENG_7_2_BP:1.12.2.1
	RELENG_7_1_0_RELEASE:1.12.2.1.2.1
	RELENG_6_4_0_RELEASE:1.10.2.1.6.1
	RELENG_7_1:1.12.2.1.0.2
	RELENG_7_1_BP:1.12.2.1
	RELENG_6_4:1.10.2.1.0.6
	RELENG_6_4_BP:1.10.2.1
	RELENG_7_0_0_RELEASE:1.12
	RELENG_6_3_0_RELEASE:1.10.2.1
	RELENG_7_0:1.12.0.4
	RELENG_7_0_BP:1.12
	RELENG_6_3:1.10.2.1.0.4
	RELENG_6_3_BP:1.10.2.1
	RELENG_7:1.12.0.2
	RELENG_7_BP:1.12
	RELENG_6_2_0_RELEASE:1.10.2.1
	RELENG_6_2:1.10.2.1.0.2
	RELENG_6_2_BP:1.10.2.1
	RELENG_5_5_0_RELEASE:1.8
	RELENG_5_5:1.8.0.8
	RELENG_5_5_BP:1.8
	RELENG_6_1_0_RELEASE:1.10
	RELENG_6_1:1.10.0.6
	RELENG_6_1_BP:1.10
	RELENG_6_0_0_RELEASE:1.10
	RELENG_6_0:1.10.0.4
	RELENG_6_0_BP:1.10
	RELENG_6:1.10.0.2
	RELENG_6_BP:1.10
	RELENG_5_4_0_RELEASE:1.8
	RELENG_5_4:1.8.0.6
	RELENG_5_4_BP:1.8
	RELENG_4_11_0_RELEASE:1.1.2.2
	RELENG_4_11:1.1.2.2.0.8
	RELENG_4_11_BP:1.1.2.2
	RELENG_5_3_0_RELEASE:1.8
	RELENG_5_3:1.8.0.4
	RELENG_5_3_BP:1.8
	RELENG_5:1.8.0.2
	RELENG_5_BP:1.8
	RELENG_4_10_0_RELEASE:1.1.2.2
	RELENG_4_10:1.1.2.2.0.6
	RELENG_4_10_BP:1.1.2.2
	RELENG_5_2_1_RELEASE:1.5
	RELENG_5_2_0_RELEASE:1.5
	RELENG_5_2:1.5.0.4
	RELENG_5_2_BP:1.5
	RELENG_4_9_0_RELEASE:1.1.2.2
	RELENG_4_9:1.1.2.2.0.4
	RELENG_4_9_BP:1.1.2.2
	RELENG_5_1_0_RELEASE:1.5
	RELENG_5_1:1.5.0.2
	RELENG_5_1_BP:1.5
	RELENG_4_8_0_RELEASE:1.1.2.2
	RELENG_4_8:1.1.2.2.0.2
	RELENG_4_8_BP:1.1.2.2
	RELENG_5_0_0_RELEASE:1.4
	RELENG_5_0:1.4.0.2
	RELENG_5_0_BP:1.4
	RELENG_4_7_0_RELEASE:1.1.2.1
	RELENG_4_7:1.1.2.1.0.2
	RELENG_4_7_BP:1.1.2.1
	RELENG_4_6_2_RELEASE:1.2.2.1
	RELENG_4_6_1_RELEASE:1.2.2.1
	RELENG_4_6:1.2.0.2
	RELENG_4:1.1.0.2;
locks; strict;
comment	@# @;


1.18
date	2013.03.28.13.50.16;	author svnexp;	state Exp;
branches;
next	1.17;

1.17
date	2013.03.07.00.31.11;	author svnexp;	state Exp;
branches
	1.17.2.1;
next	1.16;

1.16
date	2012.11.17.01.49.00;	author svnexp;	state Exp;
branches;
next	1.15;

1.15
date	2008.08.01.02.48.36;	author des;	state Exp;
branches
	1.15.2.1
	1.15.4.1;
next	1.14;

1.14
date	2008.08.01.00.28.50;	author des;	state Exp;
branches;
next	1.13;

1.13
date	2008.02.06.23.14.24;	author des;	state Exp;
branches;
next	1.12;

1.12
date	2006.10.02.12.39.28;	author des;	state Exp;
branches
	1.12.2.1;
next	1.11;

1.11
date	2006.03.17.18.54.20;	author ru;	state Exp;
branches;
next	1.10;

1.10
date	2005.06.05.15.43.57;	author des;	state Exp;
branches
	1.10.2.1;
next	1.9;

1.9
date	2004.10.28.16.13.28;	author des;	state Exp;
branches;
next	1.8;

1.8
date	2004.02.26.10.57.28;	author des;	state Exp;
branches;
next	1.7;

1.7
date	2004.01.25.13.09.56;	author des;	state Exp;
branches;
next	1.6;

1.6
date	2004.01.07.11.51.18;	author des;	state Exp;
branches;
next	1.5;

1.5
date	2003.04.23.17.23.06;	author des;	state Exp;
branches;
next	1.4;

1.4
date	2002.10.29.09.55.28;	author des;	state Exp;
branches;
next	1.3;

1.3
date	2002.09.09.02.00.28;	author kuriyama;	state Exp;
branches;
next	1.2;

1.2
date	2002.07.05.15.25.55;	author des;	state Exp;
branches
	1.2.2.1;
next	1.1;

1.1
date	2002.06.29.10.39.14;	author des;	state Exp;
branches
	1.1.2.1;
next	;

1.17.2.1
date	2013.03.07.00.31.11;	author svnexp;	state dead;
branches;
next	1.17.2.2;

1.17.2.2
date	2013.03.28.13.02.24;	author svnexp;	state Exp;
branches;
next	;

1.15.2.1
date	2009.08.03.08.13.06;	author kensmith;	state Exp;
branches
	1.15.2.1.2.1
	1.15.2.1.4.1
	1.15.2.1.6.1
	1.15.2.1.8.1;
next	1.15.2.2;

1.15.2.2
date	2012.11.17.10.35.55;	author svnexp;	state Exp;
branches;
next	;

1.15.2.1.2.1
date	2009.10.25.01.10.29;	author kensmith;	state Exp;
branches;
next	;

1.15.2.1.4.1
date	2010.06.14.02.09.06;	author kensmith;	state Exp;
branches;
next	;

1.15.2.1.6.1
date	2010.12.21.17.09.25;	author kensmith;	state Exp;
branches;
next	;

1.15.2.1.8.1
date	2012.03.03.06.15.13;	author kensmith;	state Exp;
branches;
next	1.15.2.1.8.2;

1.15.2.1.8.2
date	2012.11.17.08.24.37;	author svnexp;	state Exp;
branches;
next	;

1.15.4.1
date	2011.09.23.00.51.37;	author kensmith;	state Exp;
branches
	1.15.4.1.2.1
	1.15.4.1.4.1;
next	1.15.4.2;

1.15.4.2
date	2012.11.17.11.36.10;	author svnexp;	state Exp;
branches;
next	1.15.4.3;

1.15.4.3
date	2014.03.31.15.01.50;	author svnexp;	state Exp;
branches;
next	;

1.15.4.1.2.1
date	2011.11.11.04.20.22;	author kensmith;	state Exp;
branches;
next	1.15.4.1.2.2;

1.15.4.1.2.2
date	2012.11.17.08.36.10;	author svnexp;	state Exp;
branches;
next	;

1.15.4.1.4.1
date	2012.08.05.23.54.33;	author kensmith;	state Exp;
branches;
next	1.15.4.1.4.2;

1.15.4.1.4.2
date	2012.11.17.08.47.00;	author svnexp;	state Exp;
branches;
next	;

1.12.2.1
date	2008.09.01.20.03.13;	author des;	state Exp;
branches
	1.12.2.1.2.1
	1.12.2.1.4.1
	1.12.2.1.6.1
	1.12.2.1.8.1;
next	1.12.2.2;

1.12.2.2
date	2012.11.17.08.01.13;	author svnexp;	state Exp;
branches;
next	;

1.12.2.1.2.1
date	2008.11.25.02.59.29;	author kensmith;	state Exp;
branches;
next	;

1.12.2.1.4.1
date	2009.04.15.03.14.26;	author kensmith;	state Exp;
branches;
next	;

1.12.2.1.6.1
date	2010.02.10.00.26.20;	author kensmith;	state Exp;
branches;
next	;

1.12.2.1.8.1
date	2010.12.21.17.10.29;	author kensmith;	state Exp;
branches;
next	1.12.2.1.8.2;

1.12.2.1.8.2
date	2012.11.17.08.16.36;	author svnexp;	state Exp;
branches;
next	;

1.10.2.1
date	2006.10.06.14.07.11;	author des;	state Exp;
branches
	1.10.2.1.6.1;
next	1.10.2.2;

1.10.2.2
date	2012.11.17.07.38.59;	author svnexp;	state Exp;
branches;
next	;

1.10.2.1.6.1
date	2008.10.02.02.57.24;	author kensmith;	state Exp;
branches;
next	;

1.2.2.1
date	2002.07.16.12.27.05;	author des;	state Exp;
branches;
next	;

1.1.2.1
date	2002.07.03.22.11.41;	author des;	state Exp;
branches;
next	1.1.2.2;

1.1.2.2
date	2003.02.03.17.31.06;	author des;	state Exp;
branches;
next	1.1.2.3;

1.1.2.3
date	2012.11.17.07.22.31;	author svnexp;	state Exp;
branches;
next	;


desc
@@


1.18
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/248648
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@

	    FreeBSD maintainer's guide to OpenSSH-portable
	    ==============================================

[needs rewriting for svn]

0) Make sure your mail spool has plenty of free space.  It'll fill up
   pretty fast once you're done with this checklist.

1) Grab the latest OpenSSH-portable tarball from the OpenBSD FTP
   site (ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/)

2) Unpack the tarball in a suitable directory.

	$ tar xf openssh-X.YpZ.tar.gz \
		-X /usr/src/crypto/openssh/FREEBSD-Xlist

3) Remove trash:

   Make sure -X took care of everything, and if it didn't, make sure
   to update FREEBSD-Xlist so you won't miss it the next time.  A good
   way to do this is to run a test import and see if any new files
   show up:

	$ cvs -n import src/crypto/openssh OPENSSH x | grep \^N

4) Import the sources:

	$ cvs import src/crypto/openssh OPENSSH OpenSSH_X_YpZ

5) Resolve conflicts.  Remember to bump the version number and
   addendum in version.h, and update the default value in
   ssh{,d}_config and ssh{,d}_config.5.

6) Generate configure and config.h.in:

	$ autoconf
	$ autoheader

   Note: this requires a recent version of autoconf, not autoconf213.

7) Run configure with the appropriate arguments:

	$ ./configure --prefix=/usr --sysconfdir=/etc/ssh \
		--with-pam --with-tcp-wrappers --with-libedit \
		--with-ssl-engine

   This will regenerate config.h, which must be committed along with
   the rest.

   Note that we don't want to configure OpenSSH for Kerberos using
   configure since we have to be able to turn it on or off depending
   on the value of MK_KERBEROS.  Our Makefiles take care of this.

8) If source files have been added or removed, update the appropriate
   makefiles to reflect changes in the vendor's Makefile.in.

9) Build libssh.  Follow the instructions in ssh_namespace.h to get a
   list of new symbols.  Update ssh_namespace.h, build everything,
   install and test.

A) Build and test the pam_ssh PAM module.  It gropes around libssh's
   internals and will break if something significant changes or if
   ssh_namespace.h is out of whack.

B) Re-commit everything on repoman (you *did* use a test repo for
   this, didn't you?)



	  An overview of FreeBSD changes to OpenSSH-portable
	  ==================================================

0) VersionAddendum

   The SSH protocol allows for a human-readable version string of up
   to 40 characters to be appended to the protocol version string.
   FreeBSD takes advantage of this to include a date indicating the
   "patch level", so people can easily determine whether their system
   is vulnerable when an OpenSSH advisory goes out.  Some people,
   however, dislike advertising their patch level in the protocol
   handshake, so we've added a VersionAddendum configuration variable
   to allow them to change or disable it.

1) Modified server-side defaults

   We've modified some configuration defaults in sshd:

      - PasswordAuthentication defaults to "no".

      - LoginGraceTime defaults to 120 seconds instead of 600.

      - PermitRootLogin defaults to "no".

      - X11Forwarding defaults to "yes" (it's a threat to the client,
        not to the server.)

2) Modified client-side defaults

   We've modified some configuration defaults in ssh:

      - CheckHostIP defaults to "no".

3) Canonic host names

   We've added code to ssh.c to canonicize the target host name after
   reading options but before trying to connect.  This eliminates the
   usual problem with duplicate known_hosts entries.

4) setusercontext() environment

   Our setusercontext(3) can set environment variables, which we must
   take care to transfer to the child's environment.



This port was brought to you by (in no particular order) DARPA, NAI
Labs, ThinkSec, Nescaf, the Aberlour Glenlivet Distillery Co.,
Suzanne Vega, and a Sanford's #69 Deluxe Marker.

					-- des@@FreeBSD.org

$FreeBSD: head/crypto/openssh/FREEBSD-upgrade 248648 2013-03-23 14:52:31Z des $
@


1.17
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/247892
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@a45 1
		--disable-lastlog --disable-utmp --disable-wtmp \
d124 1
a124 1
$FreeBSD: head/crypto/openssh/FREEBSD-upgrade 247892 2013-03-06 13:46:20Z des $
@


1.17.2.1
log
@file FREEBSD-upgrade was added on branch RELENG_8_4 on 2013-03-28 13:02:24 +0000
@
text
@d1 125
@


1.17.2.2
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/248810
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@a0 124


	    FreeBSD maintainer's guide to OpenSSH-portable
	    ==============================================

[needs rewriting for svn]

0) Make sure your mail spool has plenty of free space.  It'll fill up
   pretty fast once you're done with this checklist.

1) Grab the latest OpenSSH-portable tarball from the OpenBSD FTP
   site (ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/)

2) Unpack the tarball in a suitable directory.

	$ tar xf openssh-X.YpZ.tar.gz \
		-X /usr/src/crypto/openssh/FREEBSD-Xlist

3) Remove trash:

   Make sure -X took care of everything, and if it didn't, make sure
   to update FREEBSD-Xlist so you won't miss it the next time.  A good
   way to do this is to run a test import and see if any new files
   show up:

	$ cvs -n import src/crypto/openssh OPENSSH x | grep \^N

4) Import the sources:

	$ cvs import src/crypto/openssh OPENSSH OpenSSH_X_YpZ

5) Resolve conflicts.  Remember to bump the version number and
   addendum in version.h, and update the default value in
   ssh{,d}_config and ssh{,d}_config.5.

6) Generate configure and config.h.in:

	$ autoconf
	$ autoheader

   Note: this requires a recent version of autoconf, not autoconf213.

7) Run configure with the appropriate arguments:

	$ ./configure --prefix=/usr --sysconfdir=/etc/ssh \
		--with-pam --with-tcp-wrappers --with-libedit \
		--with-ssl-engine

   This will regenerate config.h, which must be committed along with
   the rest.

   Note that we don't want to configure OpenSSH for Kerberos using
   configure since we have to be able to turn it on or off depending
   on the value of MK_KERBEROS.  Our Makefiles take care of this.

8) If source files have been added or removed, update the appropriate
   makefiles to reflect changes in the vendor's Makefile.in.

9) Build libssh.  Follow the instructions in ssh_namespace.h to get a
   list of new symbols.  Update ssh_namespace.h, build everything,
   install and test.

A) Build and test the pam_ssh PAM module.  It gropes around libssh's
   internals and will break if something significant changes or if
   ssh_namespace.h is out of whack.

B) Re-commit everything on repoman (you *did* use a test repo for
   this, didn't you?)



	  An overview of FreeBSD changes to OpenSSH-portable
	  ==================================================

0) VersionAddendum

   The SSH protocol allows for a human-readable version string of up
   to 40 characters to be appended to the protocol version string.
   FreeBSD takes advantage of this to include a date indicating the
   "patch level", so people can easily determine whether their system
   is vulnerable when an OpenSSH advisory goes out.  Some people,
   however, dislike advertising their patch level in the protocol
   handshake, so we've added a VersionAddendum configuration variable
   to allow them to change or disable it.

1) Modified server-side defaults

   We've modified some configuration defaults in sshd:

      - PasswordAuthentication defaults to "no".

      - LoginGraceTime defaults to 120 seconds instead of 600.

      - PermitRootLogin defaults to "no".

      - X11Forwarding defaults to "yes" (it's a threat to the client,
        not to the server.)

2) Modified client-side defaults

   We've modified some configuration defaults in ssh:

      - CheckHostIP defaults to "no".

3) Canonic host names

   We've added code to ssh.c to canonicize the target host name after
   reading options but before trying to connect.  This eliminates the
   usual problem with duplicate known_hosts entries.

4) setusercontext() environment

   Our setusercontext(3) can set environment variables, which we must
   take care to transfer to the child's environment.



This port was brought to you by (in no particular order) DARPA, NAI
Labs, ThinkSec, Nescaf, the Aberlour Glenlivet Distillery Co.,
Suzanne Vega, and a Sanford's #69 Deluxe Marker.

					-- des@@FreeBSD.org

$FreeBSD: releng/8.4/crypto/openssh/FREEBSD-upgrade 181111 2008-08-01 02:48:36Z des $
@


1.16
log
@Switching exporter and resync
@
text
@d46 1
d125 1
a125 1
$FreeBSD: head/crypto/openssh/FREEBSD-upgrade 181111 2008-08-01 02:48:36Z des $
@


1.15
log
@SVN rev 181111 on 2008-08-01 02:48:36Z by des

Upgrade to OpenSSH 5.1p1.

I have worked hard to reduce diffs against the vendor branch.  One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago.  This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.

MFC after:	6 weeks
@
text
@d124 1
a124 1
$FreeBSD$
@


1.15.4.1
log
@SVN rev 225736 on 2011-09-23 00:51:37Z by kensmith

Copy head to stable/9 as part of 9.0-RELEASE release cycle.

Approved by:	re (implicit)
@
text
@@


1.15.4.2
log
@## SVN ##
## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/ 242902
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ## r242902 | dteske | 2012-11-11 23:29:45 +0000 (Sun, 11 Nov 2012) | 10 lines
## SVN ##
## SVN ## Fix a regression introduced by SVN r211417 that saw the breakage of a feature
## SVN ## documented in usr.sbin/sysinstall/help/shortcuts.hlp (reproduced below):
## SVN ##
## SVN ## If /usr/sbin/sysinstall is linked to another filename, say
## SVN ## `/usr/local/bin/configPackages', then the basename will be used
## SVN ## as an implicit command name.
## SVN ##
## SVN ## Reviewed by:	adrian (co-mentor)
## SVN ## Approved by:	adrian (co-mentor)
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ##
@
text
@d124 1
a124 1
$FreeBSD: stable/9/crypto/openssh/FREEBSD-upgrade 181111 2008-08-01 02:48:36Z des $
@


1.15.4.3
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/263970
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@d6 1
a6 2
00) Make sure your mail spool has plenty of free space.  It'll fill up
    pretty fast once you're done with this checklist.
d8 2
a9 2
01) Download the latest OpenSSH-portable tarball and signature from
    OpenBSD (ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/).
d11 2
a12 1
02) Verify the signature:
d14 1
a14 1
    $ gpg --verify openssh-X.YpZ.tar.gz.asc
d16 2
a17 1
03) Unpack the tarball in a suitable directory:
d19 1
a19 1
    $ tar xf openssh-X.YpZ.tar.gz
d21 4
a24 1
04) Copy to the vendor directory:
d26 1
a26 2
    $ svn co svn+ssh://svn.freebsd.org/base/vendor-crypto/openssh/dist
    $ rsync --archive --delete openssh-X.YpZ/ dist/
d28 1
a28 1
05) Take care of added / deleted files:
d30 1
a30 2
    $ svn rm $(svn stat dist | awk '$1 == "!" { print $2 }')
    $ svn add --no-auto-props $(svn stat dist | awk '$1 == "?" { print $2 }')
d32 3
a34 1
06) Commit:
d36 1
a36 1
    $ svn commit -m "Vendor import of OpenSSH X.YpZ." dist
d38 2
a39 1
07) Tag:
d41 1
a41 3
    $ svn copy -m "Tag OpenSSH X.YpZ." \
        svn+ssh://svn.freebsd.org/base/vendor-crypto/openssh/dist \
        svn+ssh://svn.freebsd.org/base/vendor-crypto/openssh/X.YpZ
d43 1
a43 1
08) Check out head and run the pre-merge script:
d45 3
a47 3
    $ svn co svn+ssh://svn.freebsd.org/base/head
    $ cd head/crypto/openssh
    $ sh freebsd-pre-merge.sh
d49 2
a50 1
09) Merge from the vendor branch:
d52 3
a54 1
    $ svn merge -cNNNNNN \^/vendor-crypto/openssh/dist .
d56 2
a57 3
0A) Resolve conflicts.  Remember to bump the version addendum in
    version.h, and update the default value in ssh{,d}_config and
    ssh{,d}_config.5.
d59 3
a61 1
0B) Diff against the vendor branch:
d63 3
a65 1
    $ svn diff \^/vendor-crypto/openssh/dist .
d67 2
a68 31
    Files that have modifications relative to the vendor code, and
    only those files, must have the svn:keywords property set to
    FreeBSD=%H and be listed in the 'keywords' file created by the
    pre-merge script.

0C) Run the post-merge script:

    $ sh freebsd-post-merge.sh

0D) Run the configure script:

    $ sh freebsd-configure.sh

0E) Check config.h very carefully.

0F) If source files have been added or removed, update the appropriate
    makefiles to reflect changes in the vendor's Makefile.in.

10) Build libssh:

    $ cd ../../secure/lib/libssh && make obj && make depend && make

11) Follow the instructions in ssh_namespace.h to get a list of new
    symbols, and them to ssh_namespace.h.  Keep it sorted!

12) Build and install world, reboot, test.  Pay particular attention
    to pam_ssh(8), which gropes inside libssh and will break if
    something significant changes or if ssh_namespace.h is out of
    whack.

13) Commit, and hunker down for the inevitable storm of complaints.
a74 2
XXX This section is out of date

d119 1
a119 1
Labs, ThinkSec, Nescafé, the Aberlour Glenlivet Distillery Co.,
d124 1
a124 1
$FreeBSD: stable/9/crypto/openssh/FREEBSD-upgrade 263970 2014-03-31 14:39:56Z des $
@


1.15.4.1.4.1
log
@SVN rev 239080 on 2012-08-05 23:54:33Z by kensmith

Copy stable/9 to releng/9.1 as part of the 9.1-RELEASE release process.

Approved by:	re (implicit)
@
text
@@


1.15.4.1.4.2
log
@Switch importer
@
text
@d124 1
a124 1
$FreeBSD: releng/9.1/crypto/openssh/FREEBSD-upgrade 181111 2008-08-01 02:48:36Z des $
@


1.15.4.1.2.1
log
@SVN rev 227445 on 2011-11-11 04:20:22Z by kensmith

Copy stable/9 to releng/9.0 as part of the FreeBSD 9.0-RELEASE release
cycle.

Approved by:	re (implicit)
@
text
@@


1.15.4.1.2.2
log
@Switch importer
@
text
@d124 1
a124 1
$FreeBSD: releng/9.0/crypto/openssh/FREEBSD-upgrade 181111 2008-08-01 02:48:36Z des $
@


1.15.2.1
log
@SVN rev 196045 on 2009-08-03 08:13:06Z by kensmith

Copy head to stable/8 as part of 8.0 Release cycle.

Approved by:	re (Implicit)
@
text
@@


1.15.2.2
log
@## SVN ##
## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/ 242909
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ## r242909 | dim | 2012-11-12 07:47:19 +0000 (Mon, 12 Nov 2012) | 20 lines
## SVN ##
## SVN ## MFC r242625:
## SVN ##
## SVN ## Remove duplicate const specifiers in many drivers (I hope I got all of
## SVN ## them, please let me know if not).  Most of these are of the form:
## SVN ##
## SVN ## static const struct bzzt_type {
## SVN ##       [...list of members...]
## SVN ## } const bzzt_devs[] = {
## SVN ##       [...list of initializers...]
## SVN ## };
## SVN ##
## SVN ## The second const is unnecessary, as arrays cannot be modified anyway,
## SVN ## and if the elements are const, the whole thing is const automatically
## SVN ## (e.g. it is placed in .rodata).
## SVN ##
## SVN ## I have verified this does not change the binary output of a full kernel
## SVN ## build (except for build timestamps embedded in the object files).
## SVN ##
## SVN ## Reviewed by:	yongari, marius
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ##
@
text
@d124 1
a124 1
$FreeBSD: stable/8/crypto/openssh/FREEBSD-upgrade 181111 2008-08-01 02:48:36Z des $
@


1.15.2.1.8.1
log
@SVN rev 232438 on 2012-03-03 06:15:13Z by kensmith

Copy stable/8 to releng/8.3 as part of 8.3-RELEASE release cycle.

Approved by:	re (implicit)
@
text
@@


1.15.2.1.8.2
log
@Switch importer
@
text
@d124 1
a124 1
$FreeBSD: releng/8.3/crypto/openssh/FREEBSD-upgrade 181111 2008-08-01 02:48:36Z des $
@


1.15.2.1.6.1
log
@SVN rev 216617 on 2010-12-21 17:09:25Z by kensmith

Copy stable/8 to releng/8.2 in preparation for FreeBSD-8.2 release.

Approved by:	re (implicit)
@
text
@@


1.15.2.1.4.1
log
@SVN rev 209145 on 2010-06-14 02:09:06Z by kensmith

Copy stable/8 to releng/8.1 in preparation for 8.1-RC1.

Approved by:	re (implicit)
@
text
@@


1.15.2.1.2.1
log
@SVN rev 198460 on 2009-10-25 01:10:29Z by kensmith

Copy stable/8 to releng/8.0 as part of 8.0-RELEASE release procedure.

Approved by:	re (implicit)
@
text
@@


1.14
log
@SVN rev 181091 on 2008-08-01 00:28:50Z by des

Catch up with reality.
@
text
@d6 1
d90 1
a90 5
      - PasswordAuthentication defaults to "no" when PAM is enabled.

      - For protocol version 2, we don't load RSA host keys by
        default.  If both RSA and DSA keys are present, we prefer DSA
        to RSA.
a102 3
      - For protocol version 2, if both RSA and DSA keys are present,
        we prefer DSA to RSA.

@


1.13
log
@Fix the Xlist so it actually works with 'tar -X', and update the upgrade
instructions accordingly.
@
text
@a88 2
      - Protocol defaults to "2".

d117 1
a117 6
4) OPIE

   We've added support for using OPIE as a drop-in replacement for
   S/Key.

5) setusercontext() environment
d130 1
a130 1
$FreeBSD: src/crypto/openssh/FREEBSD-upgrade,v 1.12 2006/10/02 12:39:28 des Exp $
@


1.12
log
@Update configure options and add some missing steps.
The section about our local changes needs reviewing, and some of those
changes should probably be reconsidered (such as preferring DSA over RSA,
which made sense when RSA was encumbered but probably doesn't any more)
@
text
@d15 3
d20 1
a20 4
	$ sh -c 'while read glob ; do rm -rvf $glob ; done' \
		</usr/src/crypto/openssh/FREEBSD-Xlist

   Make sure that took care of everything, and if it didn't, make sure
d137 1
a137 1
$FreeBSD: src/crypto/openssh/FREEBSD-upgrade,v 1.11 2006/03/17 18:54:20 ru Exp $
@


1.12.2.1
log
@SVN rev 182634 on 2008-09-01 20:03:13Z by des

MFH OpenSSH 5.1p1
@
text
@a5 1
[needs rewriting for svn]
d15 1
a15 2
	$ tar xf openssh-X.YpZ.tar.gz \
		-X /usr/src/crypto/openssh/FREEBSD-Xlist
d17 2
a18 1
3) Remove trash:
d20 1
a20 1
   Make sure -X took care of everything, and if it didn't, make sure
d89 3
a91 1
      - PasswordAuthentication defaults to "no".
d119 6
a124 1
4) setusercontext() environment
d137 1
a137 1
$FreeBSD$
@


1.12.2.2
log
@Switch importer
@
text
@d131 1
a131 1
$FreeBSD: stable/7/crypto/openssh/FREEBSD-upgrade 182634 2008-09-01 20:03:13Z des $
@


1.12.2.1.8.1
log
@SVN rev 216618 on 2010-12-21 17:10:29Z by kensmith

Copy stable/7 to releng/7.4 in preparation for FreeBSD-7.4 release.

Approved by:	re (implicit)
@
text
@@


1.12.2.1.8.2
log
@Switch importer
@
text
@d131 1
a131 1
$FreeBSD: releng/7.4/crypto/openssh/FREEBSD-upgrade 182634 2008-09-01 20:03:13Z des $
@


1.12.2.1.6.1
log
@SVN rev 203736 on 2010-02-10 00:26:20Z by kensmith

Copy stable/7 to releng/7.3 as part of the 7.3-RELEASE process.

Approved by:	re (implicit)
@
text
@@


1.12.2.1.4.1
log
@SVN rev 191087 on 2009-04-15 03:14:26Z by kensmith

Create releng/7.2 from stable/7 in preparation for 7.2-RELEASE.

Approved by:	re (implicit)
@
text
@@


1.12.2.1.2.1
log
@SVN rev 185281 on 2008-11-25 02:59:29Z by kensmith

Create releng/7.1 in preparation for moving into RC phase of 7.1 release
cycle.

Approved by:	re (implicit)
@
text
@@


1.11
log
@Reimplementation of world/kernel build options.  For details, see:

http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html

The src.conf(5) manpage is to follow in a few days.

Brought to you by:	imp, jhb, kris, phk, ru (all bugs are mine)
@
text
@d45 5
a49 1
		--with-pam --with-tcp-wrappers --with-libedit
d55 2
a56 4
8) Commit the resulting config.h.  Make sure you don't accidentally
   commit any other files created by autoconf, autoheader or
   configure; they'll just clutter up the repo and cause trouble at
   the next upgrade.
d58 7
a64 1
9) Build and test.
d66 1
a66 1
A) Re-commit everything on freefall (you *did* use a test repo for
d137 1
a137 1
$FreeBSD: src/crypto/openssh/FREEBSD-upgrade,v 1.10 2005/06/05 15:43:57 des Exp $
@


1.10
log
@Update for 4.1p1.
@
text
@d49 1
a49 1
   on the value of NO_KERBEROS.  Our Makefiles take care of this.
d129 1
a129 1
$FreeBSD: src/crypto/openssh/FREEBSD-upgrade,v 1.9 2004/10/28 16:13:28 des Exp $
@


1.10.2.1
log
@MFC: OpenSSH 4.4p1.

Approved by:	re (kensmith)
@
text
@d45 1
a45 5
		--with-pam --with-tcp-wrappers --with-libedit \
		--with-ssl-engine

   This will regenerate config.h, which must be committed along with
   the rest.
d49 1
a49 4
   on the value of MK_KERBEROS.  Our Makefiles take care of this.

8) If source files have been added or removed, update the appropriate
   makefiles to reflect changes in the vendor's Makefile.in.
d51 4
a54 3
9) Build libssh.  Follow the instructions in ssh_namespace.h to get a
   list of new symbols.  Update ssh_namespace.h, build everything,
   install and test.
d56 1
a56 3
A) Build and test the pam_ssh PAM module.  It gropes around libssh's
   internals and will break if something significant changes or if
   ssh_namespace.h is out of whack.
d58 1
a58 1
B) Re-commit everything on repoman (you *did* use a test repo for
d129 1
a129 1
$FreeBSD: src/crypto/openssh/FREEBSD-upgrade,v 1.12 2006/10/02 12:39:28 des Exp $
@


1.10.2.2
log
@Switch importer
@
text
@d137 1
a137 1
$FreeBSD: stable/6/crypto/openssh/FREEBSD-upgrade 163052 2006-10-06 14:07:23Z des $
@


1.10.2.1.6.1
log
@SVN rev 183531 on 2008-10-02 02:57:24Z by kensmith

Create releng/6.4 from stable/6 in preparation for 6.4-RC1.

Approved by:	re (implicit)
@
text
@d137 1
a137 1
$FreeBSD$
@


1.9
log
@Better Xlist command line.
@
text
@d45 1
a45 1
		--with-pam --with-tcp-wrappers
d129 1
a129 1
$FreeBSD: src/crypto/openssh/FREEBSD-upgrade,v 1.8 2004/02/26 10:57:28 des Exp $
@


1.8
log
@Document recently changed configuration defaults.
@
text
@d17 2
a18 2
	$ tail +2 /usr/src/crypto/openssh/FREEBSD-Xlist |
		while read glob ; do eval "rm -rvf $glob" ; done
d129 1
a129 1
$FreeBSD: src/crypto/openssh/FREEBSD-upgrade,v 1.7 2004/01/25 13:09:56 des Exp $
@


1.7
log
@Update the "overview of FreeBSD changes to OpenSSH-portable" to reflect
reality.
@
text
@d81 4
d129 1
a129 1
$FreeBSD: src/crypto/openssh/FREEBSD-upgrade,v 1.6 2004/01/07 11:51:18 des Exp $
@


1.6
log
@Update to reflect changes since the last version.
@
text
@a91 5
      - Unless the config file says otherwise, we automatically enable
        Kerberos support if an appropriate keytab is present.

      - PAMAuthenticationViaKbdInt defaults to "yes".

d112 1
a112 6
5) PAM

   We use our own PAM code, which wraps PAM in a KbdintDevice and
   works with privsep, instead of OpenSSH's own PAM code.

6) setusercontext() environment
d125 1
a125 1
$FreeBSD: src/crypto/openssh/FREEBSD-upgrade,v 1.5 2003/04/23 17:23:06 des Exp $
@


1.5
log
@Nit.
@
text
@d17 2
a18 1
	$ eval "rm -rvf $(tr '[:space:]' ' ' </usr/src/crypto/openssh/FREEBSD-Xlist)"
d21 5
a25 1
   to update FREEBSD-Xlist so you won't miss it the next time.
d32 2
a33 1
   addendum in version.h.
d49 1
a49 2
   on the value of MAKE_KERBEROS[45].  Our Makefiles take care of
   this.
d135 1
a135 1
$FreeBSD: src/crypto/openssh/FREEBSD-upgrade,v 1.4 2002/10/29 09:55:28 des Exp $
@


1.4
log
@Correct shell code to expand globs in FREEBSD-Xlist
@
text
@d17 1
a17 1
	$ eval "rm -rf $(tr '[:space:]' ' ' </usr/src/crypto/openssh/FREEBSD-Xlist)"
d130 1
a130 1
$FreeBSD$
@


1.3
log
@Fix typo (s@@src/crypto/openssh-portable@@src/crypto/openssh@@).
@
text
@d17 1
a17 1
	$ rm -rf $(cat FREEBSD-Xlist)
@


1.2
log
@(forgot to commit) We don't need --with-opie since PAM takes care of it.
@
text
@d24 1
a24 1
	$ cvs import src/crypto/openssh-portable OPENSSH OpenSSH_X_YpZ
@


1.2.2.1
log
@Merge OpenSSH, OPIE, PAM and a number of dependencies from -STABLE.
@
text
@d130 1
a130 1
$FreeBSD: src/crypto/openssh/FREEBSD-upgrade,v 1.1.2.1 2002/07/03 22:11:41 des Exp $
@


1.1
log
@Document the upgrade process.
@
text
@d39 1
a39 1
		--with-pam --with-opie --with-tcp-wrappers
@


1.1.2.1
log
@Synch up to OpenSSH 3.4p1 - very nearly the same sources as in -CURRENT,
with a slightly different config.h to account for differences between
-CURRENT and -STABLE.

Privilege separation defaults to off for now as it breaks some aspects
of Kerberos authentication.

Sponsored by:	DARPA, NAI Labs
@
text
@d39 1
a39 1
		--with-pam --with-tcp-wrappers
d130 1
a130 1
$FreeBSD: src/crypto/openssh/FREEBSD-upgrade,v 1.1 2002/06/29 10:39:14 des Exp $
@


1.1.2.2
log
@MFC: OpenSSH 3.5p1, with all FreeBSD patches.
@
text
@d17 1
a17 1
	$ eval "rm -rf $(tr '[:space:]' ' ' </usr/src/crypto/openssh/FREEBSD-Xlist)"
d24 1
a24 1
	$ cvs import src/crypto/openssh OPENSSH OpenSSH_X_YpZ
d130 1
a130 1
$FreeBSD$
@


1.1.2.3
log
@Switch importer
@
text
@d130 1
a130 1
$FreeBSD: stable/4/crypto/openssh/FREEBSD-upgrade 110292 2003-02-03 17:31:12Z des $
@


