ANNOUNCE: openssh-1.2.2p1

Damien Miller djm at
Tue Mar 7 22:42:37 EST 2000

Hash: SHA1

This is a patch release which contains fixes to all the problems 
which have been reported over the last month.

Most importantly: OpenSSL-0.9.5 has exposed a bug in RSA key
generation on systems which lack a /dev/random (Solaris, HPUX,
SCO). On such systems this port was not properly initialising
OpenSSL's entropy pool. This results in lower quality (more easily
predicted) RSA keys on these systems. 

If you have created host or user keys on such as system, please create
new keys using openssh-1.2.2p1 which explicitly seeds OpenSSL from

A lot of cleaning up of the autoconf configuration has gone on
recently and this may break on some systems. If so, do not worry as
I OpenSSH-1.2.3 will be out in the next week or two (I just noticed
OpenBSD's version update).


 - Fix DEC compile fix
 - Explicitly seed OpenSSL's PRNG before checking rsa_alive()
 - Check for getpagesize in libucb.a if not found in libc. Fix for old
   Solaris from Andre Lucas <andre.lucas at>
 - Check for libwrap if --with-tcp-wrappers option specified. Suggestion 
   Mate Wierdl <mw at>

 - Added "make host-key" target, Suggestion from Dominik Brettnacher
 <domi at>
 - Don't permanently fail on bind() if getaddrinfo has more choices left for 
   us. Needed to work around messy IPv6 on Linux. Patch from Arkadiusz
   Miskiewicz <misiek at>
 - DEC Unix compile fix from David Del Piero <David.DelPiero at>
 - Manpage fix from David Del Piero <David.DelPiero at>

 - Big cleanup of autoconf code
   - Rearranged to be a little more logical
   - Added -R option for Solaris
   - Rewrote OpenSSL detection code. Now uses AC_TRY_RUN with a test program
     to detect library and header location _and_ ensure library has proper
     RSA support built in (this is a problem with OpenSSL 0.9.5).
 - Applied pty cleanup patch from markus.friedl at
 - Avoid warning message with Unix98 ptys
 - Warning was valid - possible race condition on PTYs. Avoided using 
   platform-specific code.
 - Document some common problems
 - Allow root access to any key. Patch from 
   markus.friedl at

 - Removed SOCKS code. Will support through a ProxyCommand.

 - Fixed SEGVs in authloop, fix from vbzoli at
 - Add --with-ssl-dir option

 - Fix lastlog code for directory based lastlogs. Fix from Josh Durham 
   <jmd at>
 - Documentation fixes from HARUYAMA Seigo <haruyama at>
 - Added URLs to Japanese translations of documents by HARUYAMA Seigo 
   <haruyama at>

 - Use socket pairs by default (instead of pipes). Prevents race condition
   on several (buggy) OSs. Report and fix from tridge at

 - Seed OpenSSL's random number generator before generating RSA keypairs
 - Split random collector into seperate file
 - Compile fix from Andre Lucas <andre.lucas at>

- --
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller -
| Email: djm at (home) -or- djm at (work)

Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see


More information about the openssh-unix-dev mailing list