[openssl] OpenSSL_1_1_1-stable update

Thu Aug 8 09:22:17 UTC 2019

The branch OpenSSL_1_1_1-stable has been updated
       via  d00209a3b14b37a05fb91972f972b1fe8db6196f (commit)
      from  728f9449c3e5a974593c516cd609b60e760ed537 (commit)


- Log -----------------------------------------------------------------
commit d00209a3b14b37a05fb91972f972b1fe8db6196f
Author: Matt Caswell <matt at openssl.org>
Date:   Fri Jun 28 12:07:55 2019 +0100

    Clarify the INSTALL instructions
    
    Ensure users understand that they need to have appropriate permissions
    to write to the install location.
    
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/9268)
    
    (cherry picked from commit 7c03bb9fff02b7f08d4654f51f8667584a92cf72)

-----------------------------------------------------------------------

Summary of changes:
 INSTALL | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/INSTALL b/INSTALL
index 0b6a3fd1ec..993e61a585 100644
--- a/INSTALL
+++ b/INSTALL
@@ -98,6 +98,9 @@
     $ nmake test
     $ nmake install
 
+ Note that in order to perform the install step above you need to have
+ appropriate permissions to write to the installation directory.
+
  If any of these steps fails, see section Installation in Detail below.
 
  This will build and install OpenSSL in the default location, which is:
@@ -107,6 +110,12 @@
            OpenSSL version number with underscores instead of periods.
   Windows: C:\Program Files\OpenSSL or C:\Program Files (x86)\OpenSSL
 
+ The installation directory should be appropriately protected to ensure
+ unprivileged users cannot make changes to OpenSSL binaries or files, or install
+ engines. If you already have a pre-installed version of OpenSSL as part of
+ your Operating System it is recommended that you do not overwrite the system
+ version and instead install to somewhere else.
+
  If you want to install it anywhere else, run config like this:
 
   On Unix:
@@ -908,8 +917,11 @@
        $ mms install                                    ! OpenVMS
        $ nmake install                                  # Windows
 
-     This will install all the software components in this directory
-     tree under PREFIX (the directory given with --prefix or its
+     Note that in order to perform the install step above you need to have
+     appropriate permissions to write to the installation directory.
+
+     The above commands will install all the software components in this
+     directory tree under PREFIX (the directory given with --prefix or its
      default):
 
        Unix:
@@ -965,6 +977,12 @@
                         for private key files.
          misc           Various scripts.
 
+     The installation directory should be appropriately protected to ensure
+     unprivileged users cannot make changes to OpenSSL binaries or files, or
+     install engines. If you already have a pre-installed version of OpenSSL as
+     part of your Operating System it is recommended that you do not overwrite
+     the system version and instead install to somewhere else.
+
      Package builders who want to configure the library for standard
      locations, but have the package installed somewhere else so that
      it can easily be packaged, can use
