version 1.38, 2016/02/22 16:09:03 |
version 1.39, 2016/02/23 01:10:19 |
|
|
<ul> |
<ul> |
<li>Remove support for obsolete IPv6 socket options. |
<li>Remove support for obsolete IPv6 socket options. |
<li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=etherip&sektion=4">etherip(4)</a> |
<li>New <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=etherip&sektion=4">etherip(4)</a> |
pseude-device for tunnelling Ethernet frames across IP[46] networks using RFC 3378 EtherIP encapsulation. |
pseudo-device for tunnelling Ethernet frames across IP[46] networks using RFC 3378 EtherIP encapsulation. |
<li>... |
<li>... |
</ul> |
</ul> |
<p> |
<p> |
|
|
have been pledged. |
have been pledged. |
<li>The offline enqueue mode of |
<li>The offline enqueue mode of |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=smtpctl&sektion=8">smtpctl(8)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=smtpctl&sektion=8">smtpctl(8)</a> |
has been redesigned to remove the need for a publically writeable directory which was a vector of multiple attacks in the Qualys Security audit. |
has been redesigned to remove the need for a publicly writable directory which was a vector of multiple attacks in the Qualys Security audit. |
</ul> |
</ul> |
<li>The following improvements were brought in this release: |
<li>The following improvements were brought in this release: |
<ul> |
<ul> |
<li>Experimental support for filters API is now available with several filters available in ports. |
<li>Experimental support for filters API is now available with several filters available in ports. |
<li>Add Message-Id header if necessary. |
<li>Add Message-Id header if necessary. |
<li>Removed the kick mechanism which was misbehaving. |
<li>Removed the kick mechanism which was misbehaving. |
<li>Increased the lenght of acceptable headers lines. |
<li>Increased the length of acceptable headers lines. |
<li>Assume messages are 8-bit bytes by default. |
<li>Assume messages are 8-bit bytes by default. |
</ul> |
</ul> |
</ul> |
</ul> |
|
|
<li>This release corrects the handling of <tt>ClientHello</tt> messages |
<li>This release corrects the handling of <tt>ClientHello</tt> messages |
that do not include TLS extensions, resulting in such handshakes being |
that do not include TLS extensions, resulting in such handshakes being |
aborted. |
aborted. |
<li>When loading a DSA key from an raw (without DH parameters) ASN.1 |
<li>When loading a DSA key from a raw (without DH parameters) ASN.1 |
serialization, perform some consistency checks on its `p' and `q' |
serialization, perform some consistency checks on its `p' and `q' |
values, and return an error if the checks failed. |
values, and return an error if the checks failed. |
<li>Fixed a bug in <tt>ECDH_compute_key</tt> that can lead to silent |
<li>Fixed a bug in <tt>ECDH_compute_key</tt> that can lead to silent |
|
|
are no longer supported. |
are no longer supported. |
<li>The engine command and parameters are removed from |
<li>The engine command and parameters are removed from |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=openssl&sektion=1">openssl(1)</a>. |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=openssl&sektion=1">openssl(1)</a>. |
Previous releases removed dynamic and builtin engine support already. |
Previous releases removed dynamic and built-in engine support already. |
<li>SHA-0 is removed, which was withdrawn shortly after publication |
<li>SHA-0 is removed, which was withdrawn shortly after publication |
twenty years ago. |
twenty years ago. |
<li>Added <tt>Certplus CA</tt> root certificate to the default |
<li>Added <tt>Certplus CA</tt> root certificate to the default |