-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This is a patch release which contains fixes to all the problems
which have been reported over the last month.
Most importantly: OpenSSL-0.9.5 has exposed a bug in RSA key
generation on systems which lack a /dev/random (Solaris, HPUX,
SCO). On such systems this port was not properly initialising
OpenSSL's entropy pool. This results in lower quality (more easily
predicted) RSA keys on these systems.
If you have created host or user keys on such as system, please create
new keys using openssh-1.2.2p1 which explicitly seeds OpenSSL from
EGD.
A lot of cleaning up of the autoconf configuration has gone on
recently and this may break on some systems. If so, do not worry as
I OpenSSH-1.2.3 will be out in the next week or two (I just noticed
OpenBSD's version update).
Regards,
Damien
20000305
- Fix DEC compile fix
- Explicitly seed OpenSSL's PRNG before checking rsa_alive()
- Check for getpagesize in libucb.a if not found in libc. Fix for old
Solaris from Andre Lucas <andre.lucas@dial.pipex.com>
- Check for libwrap if --with-tcp-wrappers option specified. Suggestion
Mate Wierdl <mw@moni.msci.memphis.edu>
20000303
- Added "make host-key" target, Suggestion from Dominik Brettnacher
<domi@saargate.de>
- Don't permanently fail on bind() if getaddrinfo has more choices left for
us. Needed to work around messy IPv6 on Linux. Patch from Arkadiusz
Miskiewicz <misiek@pld.org.pl>
- DEC Unix compile fix from David Del Piero <David.DelPiero@qed.qld.gov.au>
- Manpage fix from David Del Piero <David.DelPiero@qed.qld.gov.au>
20000302
- Big cleanup of autoconf code
- Rearranged to be a little more logical
- Added -R option for Solaris
- Rewrote OpenSSL detection code. Now uses AC_TRY_RUN with a test program
to detect library and header location _and_ ensure library has proper
RSA support built in (this is a problem with OpenSSL 0.9.5).
- Applied pty cleanup patch from markus.friedl@informatik.uni-erlangen.de
- Avoid warning message with Unix98 ptys
- Warning was valid - possible race condition on PTYs. Avoided using
platform-specific code.
- Document some common problems
- Allow root access to any key. Patch from
markus.friedl@informatik.uni-erlangen.de
20000207
- Removed SOCKS code. Will support through a ProxyCommand.
20000203
- Fixed SEGVs in authloop, fix from vbzoli@hbrt.hu
- Add --with-ssl-dir option
20000202
- Fix lastlog code for directory based lastlogs. Fix from Josh Durham
<jmd@aoe.vt.edu>
- Documentation fixes from HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
- Added URLs to Japanese translations of documents by HARUYAMA Seigo
<haruyama@nt.phys.s.u-tokyo.ac.jp>
20000201
- Use socket pairs by default (instead of pipes). Prevents race condition
on several (buggy) OSs. Report and fix from tridge@linuxcare.com
20000127
- Seed OpenSSL's random number generator before generating RSA keypairs
- Split random collector into seperate file
- Compile fix from Andre Lucas <andre.lucas@dial.pipex.com>
- --
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm@mindrot.org (home) -or- djm@ibs.com.au (work)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE4xOsxormJ9RG1dI8RAq0/AKDd7P4irWNSH1FPC66VUE2fFcyzNQCdHenW
wulCPRiDs7dC/WxBOuy4QsQ=
=X97+
-----END PGP SIGNATURE-----
Hash: SHA1
This is a patch release which contains fixes to all the problems
which have been reported over the last month.
Most importantly: OpenSSL-0.9.5 has exposed a bug in RSA key
generation on systems which lack a /dev/random (Solaris, HPUX,
SCO). On such systems this port was not properly initialising
OpenSSL's entropy pool. This results in lower quality (more easily
predicted) RSA keys on these systems.
If you have created host or user keys on such as system, please create
new keys using openssh-1.2.2p1 which explicitly seeds OpenSSL from
EGD.
A lot of cleaning up of the autoconf configuration has gone on
recently and this may break on some systems. If so, do not worry as
I OpenSSH-1.2.3 will be out in the next week or two (I just noticed
OpenBSD's version update).
Regards,
Damien
20000305
- Fix DEC compile fix
- Explicitly seed OpenSSL's PRNG before checking rsa_alive()
- Check for getpagesize in libucb.a if not found in libc. Fix for old
Solaris from Andre Lucas <andre.lucas@dial.pipex.com>
- Check for libwrap if --with-tcp-wrappers option specified. Suggestion
Mate Wierdl <mw@moni.msci.memphis.edu>
20000303
- Added "make host-key" target, Suggestion from Dominik Brettnacher
<domi@saargate.de>
- Don't permanently fail on bind() if getaddrinfo has more choices left for
us. Needed to work around messy IPv6 on Linux. Patch from Arkadiusz
Miskiewicz <misiek@pld.org.pl>
- DEC Unix compile fix from David Del Piero <David.DelPiero@qed.qld.gov.au>
- Manpage fix from David Del Piero <David.DelPiero@qed.qld.gov.au>
20000302
- Big cleanup of autoconf code
- Rearranged to be a little more logical
- Added -R option for Solaris
- Rewrote OpenSSL detection code. Now uses AC_TRY_RUN with a test program
to detect library and header location _and_ ensure library has proper
RSA support built in (this is a problem with OpenSSL 0.9.5).
- Applied pty cleanup patch from markus.friedl@informatik.uni-erlangen.de
- Avoid warning message with Unix98 ptys
- Warning was valid - possible race condition on PTYs. Avoided using
platform-specific code.
- Document some common problems
- Allow root access to any key. Patch from
markus.friedl@informatik.uni-erlangen.de
20000207
- Removed SOCKS code. Will support through a ProxyCommand.
20000203
- Fixed SEGVs in authloop, fix from vbzoli@hbrt.hu
- Add --with-ssl-dir option
20000202
- Fix lastlog code for directory based lastlogs. Fix from Josh Durham
<jmd@aoe.vt.edu>
- Documentation fixes from HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
- Added URLs to Japanese translations of documents by HARUYAMA Seigo
<haruyama@nt.phys.s.u-tokyo.ac.jp>
20000201
- Use socket pairs by default (instead of pipes). Prevents race condition
on several (buggy) OSs. Report and fix from tridge@linuxcare.com
20000127
- Seed OpenSSL's random number generator before generating RSA keypairs
- Split random collector into seperate file
- Compile fix from Andre Lucas <andre.lucas@dial.pipex.com>
- --
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm@mindrot.org (home) -or- djm@ibs.com.au (work)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE4xOsxormJ9RG1dI8RAq0/AKDd7P4irWNSH1FPC66VUE2fFcyzNQCdHenW
wulCPRiDs7dC/WxBOuy4QsQ=
=X97+
-----END PGP SIGNATURE-----