===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/59.html,v
retrieving revision 1.27
retrieving revision 1.28
diff -c -r1.27 -r1.28
*** www/59.html 2016/02/18 01:55:02 1.27
--- www/59.html 2016/02/18 11:39:14 1.28
***************
*** 76,82 ****
Generic network stack improvements:
! - Remove support for obsolete IPv6 socket options
- ...
--- 76,82 ----
Generic network stack improvements:
! - Remove support for obsolete IPv6 socket options.
- ...
***************
*** 120,128 ****
Assorted improvements:
! - doas is a little friendlier to use
!
- Updated flex
!
- Updated and improved less
- pdisk(8) was largely rewritten and pledged.
- Renaming files in the root directory of a MSDOS filesystem was fixed.
- Many obsolete disktab(5) attributes and entries were removed.
--- 120,130 ----
- Assorted improvements:
! - doas is a little friendlier to use.
!
- Updated
! flex(1).
!
- Updated and improved
! less(1).
- pdisk(8) was largely rewritten and pledged.
- Renaming files in the root directory of a MSDOS filesystem was fixed.
- Many obsolete disktab(5) attributes and entries were removed.
***************
*** 225,243 ****
- Added Certplus CA root certificate to the default
cert.pem file.
- Fixed a leak in
! SSL_new(3)
in the error path.
!
- Fixed a memory leak and out-of-bounds access in OBJ_obj2txt.
- Fixed an up-to 7 byte overflow in RC4 when len is not a multiple of
sizeof(RC4_CHUNK).
- Added
! EVP_aead_chacha20_poly1305(3)
which matches the
AEAD construction introduced in RFC 7539, which is different
than that already used in TLS with
! EVP_aead_chacha20_poly1305(3).
- More man pages converted from pod to
! mdoc(7)
format.
- Added COMODO RSA Certification Authority and
QuoVadis root certificates to cert.pem.
--- 227,246 ----
- Added Certplus CA root certificate to the default
cert.pem file.
- Fixed a leak in
! SSL_new(3)
in the error path.
!
- Fixed a memory leak and out-of-bounds access in
! OBJ_obj2txt(3).
- Fixed an up-to 7 byte overflow in RC4 when len is not a multiple of
sizeof(RC4_CHUNK).
- Added
! EVP_aead_chacha20_poly1305(3)
which matches the
AEAD construction introduced in RFC 7539, which is different
than that already used in TLS with
! EVP_aead_chacha20_poly1305(3).
- More man pages converted from pod to
! mdoc(7)
format.
- Added COMODO RSA Certification Authority and
QuoVadis root certificates to cert.pem.
***************
*** 246,265 ****
(serial 3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be)
root certificate from cert.pem.
- Fixed incorrect TLS certificate loading by
! nc(1).
- The following CVEs had been fixed:
! - CVE-2015-3194—NULL pointer dereference in client
! side certificate validation.
!
- CVE-2015-3195—memory leak in PKCS7, not reachable
! from TLS/SSL.
- Note: The following OpenSSL CVEs did not apply to LibreSSL:
! - CVE-2015-3193—carry propagating bug in the x86_64
! Montgomery squaring procedure.
!
- CVE-2015-3196—double free race condition of the
! identify hint data.
- Code improvements:
--- 249,268 ----
(serial 3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be)
root certificate from cert.pem.
- Fixed incorrect TLS certificate loading by
! nc(1).
- The following CVEs had been fixed:
! - CVE-2015-3194—NULL pointer dereference in client
! side certificate validation.
!
- CVE-2015-3195—memory leak in PKCS7, not reachable
! from TLS/SSL.
- Note: The following OpenSSL CVEs did not apply to LibreSSL:
! - CVE-2015-3193—carry propagating bug in the x86_64
! Montgomery squaring procedure.
!
- CVE-2015-3196—double free race condition of the
! identify hint data.
Code improvements:
***************
*** 270,289 ****
SSLv3 is now permanently removed from the tree.
The libtls API is changed from the 2.2.x series:
! - The
! tls_read(3)
! and
! tls_write(3)
! functions now work better with external event libraries.
!
- Client-side verification is now supported, with the client
! supplying the certificate to the server.
!
- Also, when using
! tls_connect_fds(3),
! tls_connect_socket(3)
! or
! tls_accept_fds(3),
! libtls no longer implicitly closes the passed in sockets.
! The caller is responsible for closing them in this case.
New interface OPENSSL_cpu_caps is provided that does not
allow software to inadvertently modify cpu capability flags.
--- 273,292 ----
SSLv3 is now permanently removed from the tree.
The libtls API is changed from the 2.2.x series:
! - The
! tls_read(3)
! and
! tls_write(3)
! functions now work better with external event libraries.
!
- Client-side verification is now supported, with the client
! supplying the certificate to the server.
!
- Also, when using
! tls_connect_fds(3),
! tls_connect_socket(3)
! or
! tls_accept_fds(3),
! libtls no longer implicitly closes the passed in sockets.
! The caller is responsible for closing them in this case.
New interface OPENSSL_cpu_caps is provided that does not
allow software to inadvertently modify cpu capability flags.
***************
*** 292,298 ****
ssize_t to size_t.
Deduplicated DTLS code, sharing bugfixes and improvements with TLS.
Converted
! nc(1)
to use libtls for client and server operations; it is
included in the libressl-portable distribution as an example of how
to use the libtls library. This is intended to be a simpler
--- 295,301 ----
ssize_t to size_t.
Deduplicated DTLS code, sharing bugfixes and improvements with TLS.
Converted
! nc(1)
to use libtls for client and server operations; it is
included in the libressl-portable distribution as an example of how
to use the libtls library. This is intended to be a simpler
***************
*** 306,322 ****
libtls.
Added ability to check certificate validity times with
libtls,
! tls_peer_cert_notbefore(3)
and
! tls_peer_cert_notafter(3).
Changed
! tls_connect_servername(3)
to use the first address that resolves with
! getaddrinfo(3).
Remove broken conditional EVP_CHECK_DES_KEY code
(non-functional since initial commit in 2004).
Reject too small bits value in
! BN_generate_prime_ex(3),
so that it does not risk becoming negative in
probable_prime_dh_safe().
Changed format of LIBRESSL_VERSION_NUMBER to match that of
--- 309,325 ----
libtls.
Added ability to check certificate validity times with
libtls,
! tls_peer_cert_notbefore(3)
and
! tls_peer_cert_notafter(3).
Changed
! tls_connect_servername(3)
to use the first address that resolves with
! getaddrinfo(3).
Remove broken conditional EVP_CHECK_DES_KEY code
(non-functional since initial commit in 2004).
Reject too small bits value in
! BN_generate_prime_ex(3),
so that it does not risk becoming negative in
probable_prime_dh_safe().
Changed format of LIBRESSL_VERSION_NUMBER to match that of