ANNOUNCE: openssh-1.2.2p1

Damien Miller djm at mindrot.org
Tue Mar 7 22:42:37 EST 2000 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


This is a patch release which contains fixes to all the problems 
which have been reported over the last month.

Most importantly: OpenSSL-0.9.5 has exposed a bug in RSA key
generation on systems which lack a /dev/random (Solaris, HPUX,
SCO). On such systems this port was not properly initialising
OpenSSL's entropy pool. This results in lower quality (more easily
predicted) RSA keys on these systems. 

If you have created host or user keys on such as system, please create
new keys using openssh-1.2.2p1 which explicitly seeds OpenSSL from
EGD.

A lot of cleaning up of the autoconf configuration has gone on
recently and this may break on some systems. If so, do not worry as
I OpenSSH-1.2.3 will be out in the next week or two (I just noticed
OpenBSD's version update).

Regards,
Damien

20000305
 - Fix DEC compile fix
 - Explicitly seed OpenSSL's PRNG before checking rsa_alive()
 - Check for getpagesize in libucb.a if not found in libc. Fix for old
   Solaris from Andre Lucas <andre.lucas at dial.pipex.com>
 - Check for libwrap if --with-tcp-wrappers option specified. Suggestion 
   Mate Wierdl <mw at moni.msci.memphis.edu>

20000303
 - Added "make host-key" target, Suggestion from Dominik Brettnacher
 <domi at saargate.de>
 - Don't permanently fail on bind() if getaddrinfo has more choices left for 
   us. Needed to work around messy IPv6 on Linux. Patch from Arkadiusz
   Miskiewicz <misiek at pld.org.pl>
 - DEC Unix compile fix from David Del Piero <David.DelPiero at qed.qld.gov.au>
 - Manpage fix from David Del Piero <David.DelPiero at qed.qld.gov.au>

20000302
 - Big cleanup of autoconf code
   - Rearranged to be a little more logical
   - Added -R option for Solaris
   - Rewrote OpenSSL detection code. Now uses AC_TRY_RUN with a test program
     to detect library and header location _and_ ensure library has proper
     RSA support built in (this is a problem with OpenSSL 0.9.5).
 - Applied pty cleanup patch from markus.friedl at informatik.uni-erlangen.de
 - Avoid warning message with Unix98 ptys
 - Warning was valid - possible race condition on PTYs. Avoided using 
   platform-specific code.
 - Document some common problems
 - Allow root access to any key. Patch from 
   markus.friedl at informatik.uni-erlangen.de

20000207
 - Removed SOCKS code. Will support through a ProxyCommand.

20000203
 - Fixed SEGVs in authloop, fix from vbzoli at hbrt.hu
 - Add --with-ssl-dir option

20000202
 - Fix lastlog code for directory based lastlogs. Fix from Josh Durham 
   <jmd at aoe.vt.edu>
 - Documentation fixes from HARUYAMA Seigo <haruyama at nt.phys.s.u-tokyo.ac.jp>
 - Added URLs to Japanese translations of documents by HARUYAMA Seigo 
   <haruyama at nt.phys.s.u-tokyo.ac.jp>

20000201
 - Use socket pairs by default (instead of pipes). Prevents race condition
   on several (buggy) OSs. Report and fix from tridge at linuxcare.com

20000127
 - Seed OpenSSL's random number generator before generating RSA keypairs
 - Split random collector into seperate file
 - Compile fix from Andre Lucas <andre.lucas at dial.pipex.com>


- --
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work)


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE4xOsxormJ9RG1dI8RAq0/AKDd7P4irWNSH1FPC66VUE2fFcyzNQCdHenW
wulCPRiDs7dC/WxBOuy4QsQ=
=X97+
-----END PGP SIGNATURE-----

More information about the openssh-unix-dev mailing list