From 9a967c5bbfca35835165f7d8a6165009f5b21872 Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@dtucker.net>
Date: Mon, 9 Dec 2019 20:25:26 +1100
Subject: [PATCH] Describe how to build libcrypto as PIC.

While there, move the OpenSSL 1.1.0g caveat closer to the other version
information.
---
 INSTALL | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/INSTALL b/INSTALL
index 5057dc287..9754e2179 100644
--- a/INSTALL
+++ b/INSTALL
@@ -25,11 +25,14 @@ is supported but severely restricts the avilable ciphers and algorithms.
  - OpenSSL (https://www.openssl.org) with any of the following versions:
    - 1.0.x >= 1.0.1 or 1.1.0 >= 1.1.0g or any 1.1.1
 
+Note that due to a bug in EVP_CipherInit OpenSSL 1.1 versions prior to
+1.1.0g can't be used.
+
 LibreSSL/OpenSSL should be compiled as a position-independent library
-(i.e. with -fPIC) otherwise OpenSSH will not be able to link with it.
-If you must use a non-position-independent libcrypto, then you may need
-to configure OpenSSH --without-pie.  Note that due to a bug in EVP_CipherInit
-OpenSSL 1.1 versions prior to 1.1.0g can't be used.
+(i.e. -fPIC, eg by configuring OpenSSL as "./config [options] -fPIC"
+or LibreSSL as "CFLAGS=-fPIC ./configure") otherwise OpenSSH will not
+be able to link with it.  If you must use a non-position-independent
+libcrypto, then you may need to configure OpenSSH --without-pie.
 
 If you build either from source, running the OpenSSL self-test ("make
 tests") or the LibreSSL equivalent ("make check") and ensuring that all