===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/57.html,v
retrieving revision 1.72
retrieving revision 1.73
diff -c -r1.72 -r1.73
*** www/57.html	2015/03/17 22:57:32	1.72
--- www/57.html	2015/03/18 15:23:30	1.73
***************
*** 457,468 ****
  
  <li>LibreSSL
      <ul>
!     <li>Fix a Bleichenbacher style timing oracle with bad PKCS padding.
!     <li>Reluctantly add server-side support for TLS_FALLBACK_SCSV.
!     <li>Import BoringSSL's crypto bytestring and crypto bytebuilder APIs.
!     <li>Jettison DTLS over SCTP.
!     <li>Fix memory leaks.
!     <li>Move <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/openssl.1??query=openssl&sec=1">openssl(1)</a> from /usr/sbin/openssl to /usr/bin/openssl
      </ul>
  <p>
  <li>mandoc 1.13.3:
--- 457,513 ----
  
  <li>LibreSSL
      <ul>
!     <li>User-visible features:
!       <ul>
!       <li>Reluctantly add server-side support for <tt>TLS_FALLBACK_SCSV</tt>.
!       <li>Import <i>BoringSSL</i>'s crypto bytestring and crypto bytebuilder
!         APIs.
!       <li>Jettison DTLS over SCTP.
!       <li>Move
!         <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=openssl&amp;sektion=1">openssl(1)</a>
!         from <tt>/usr/sbin/openssl</tt> to <tt>/usr/bin/openssl</tt>.
!       <li>Two important cipher suites, GOST and Camellia, have been reworked
!         or reenabled, providing better interoperability with systems around
!         the world.
!       <li>libtls: New API for loading CA chains directly from memory instead
!         of a file, allowing verification with privilege separation in a
!         <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&amp;sektion=8">chroot(8)</a>
!         without direct access to CA certificate files.
!       <li>libtls: Ciphers default to TLSv1.2 with AEAD and PFS.
!       <li>libtls: Improved error handling and message generation.
!       <li>Added <tt>X509_STORE_load_mem</tt> API for loading certificates from
!         memory.  This facilitates accessing certificates from a chrooted
!         environment.
!       <li>New AEAD "MAC alias" allows configuring TLSv1.2 AEAD ciphers by
!         using 'TLSv1.2+AEAD' as the cipher selection string.
!       <li>New
!         <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=openssl&amp;sektion=1">openssl(1)</a>
!         command '<tt>certhash</tt>' replaces the <tt>c_rehash</tt> script.
!       <li><i>Application-Layer Protocol Negotiation</i> (ALPN) support.
!       </ul>
!     <li>Code improvements:
!       <ul>
!       <li>Dead and disabled code removal including MD5, Netscape workarounds,
!         non-POSIX IO, SCTP, RFC 3779 support, "#if 0" sections, and more.
!       <li>The ASN1 macros are expanded to aid readability and maintainability.
!       <li>Various NULL pointer asserts removed in favor of letting the
!         OS/signal handler catch them.
!       <li>Dozens of issues found with the <i>Coverity scanner</i> fixed.
!       </ul>
!     <li>Security updates:
!       <ul>
!       <li>Fix a Bleichenbacher style timing oracle with bad PKCS padding.
!       <li>Fix memory leaks.
!       <li>Address POODLE attack by disabling SSLv3 by default.
!       <li>SHA256 Camellia cipher suites for TLS 1.2 from RFC 5932.
!       <li>Earlier libtls support for non-blocking sockets and randomized
!         session ID contexts.
!       <li>Ensure the stack is marked non-executable for assembly sections.
!       <li>Multiple CVEs fixed including CVE-2014-3506, CVE-2014-3507,
!         CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511,
!         CVE-2014-3570, CVE-2014-3572, CVE-2014-8275, CVE-2015-0205
!         and CVE-2015-0206.
!       </ul>
      </ul>
  <p>
  <li>mandoc 1.13.3: