===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/59.html,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- www/59.html 2016/02/03 15:00:51 1.17
+++ www/59.html 2016/02/03 16:40:02 1.18
@@ -130,7 +130,7 @@
- Qualys Security identified vulnerabilities in the
ssh(1)
- client experimential support for resuming SSH-connections (roaming).
+ client experimental support for resuming SSH-connections (roaming).
In the default configuration, this could potentially leak client keys
to a hostile server. The authentication of the server host key
prevents exploitation by a man-in-the-middle, so this information leak
@@ -149,25 +149,26 @@
forwarding for cases when the X server disables the SECURITY
extension.
- Fix an out of-bound read access in the packet handling code.
-
- Further use of explicit_bzero has been added in various buffer
- handling code paths to guard against compilers aggressively doing
- dead-store removal.
+
- Further use of
+ explicit_bzero(3)
+ has been added in various buffer handling code paths to guard against
+ compilers aggressively doing dead-store removal.
The following significant bugs have been fixed in this release:
- ssh(1),
sshd(8):
- add compatability workarounds for FuTTY.
+ add compatibility workarounds for FuTTY.
- ssh(1),
sshd(8):
- refine compatability workarounds for WinSCP.
+ refine compatibility workarounds for WinSCP.
- Fix a number of memory faults (double-free, free of uninitialised
memory, etc) in
ssh(1)
and
ssh-keygen(1).
-
- Correctly interpret the 'first_kex_follows' option during the intial
- key exchange.
+
- Correctly interpret the first_kex_follows option during the
+ initial key exchange.
@@ -198,9 +199,12 @@
Fixed an up-to 7 byte overflow in RC4 when len is not a multiple of
sizeof(RC4_CHUNK).
Added EVP_aead_chacha20_poly1305_ietf() which matches the
- AEAD construction introduced in RFC 7539, which is different than that
- already used in TLS with EVP_aead_chacha20_poly1305().
- More man pages converted from pod to mdoc format.
+ AEAD construction introduced in RFC 7539, which is different
+ than that already used in TLS with
+ EVP_aead_chacha20_poly1305().
+ More man pages converted from pod to
+ mdoc(7)
+ format.
Added COMODO RSA Certification Authority and
QuoVadis root certificates to cert.pem.
Removed Remhve "C=US, O=VeriSign, Inc., OU=Class 3 Public Primary
@@ -232,8 +236,8 @@
SSLv3 is now permanently removed from the tree.
The libtls API is changed from the 2.2.x series:
- - The tls_read/write functions now work better with external event
- libraries.
+
- The tls_read/write functions now work better
+ with external event libraries.
- Client-side verification is now supported, with the client
supplying the certificate to the server.
- Also, when using tls_connect_fds,
@@ -244,8 +248,8 @@
- New interface OPENSSL_cpu_caps is provided that does not
allow software to inadvertently modify cpu capability flags.
OPENSSL_ia32cap and OPENSSL_ia32cap_loc are removed.
-
- The out_len argument of AEAD changed from ssize_t
- to size_t.
+
- The out_len argument of AEAD changed from
+ ssize_t to size_t.
- Deduplicated DTLS code, sharing bugfixes and improvements with TLS.
- Converted
nc(1)
@@ -263,14 +267,15 @@
- Added ability to check certificate validity times with
libtls, tls_peer_cert_notbefore and
tls_peer_cert_notafter.
-
- Changed tls_connect_servername to use the first address that
- resolves with getaddrinfo().
+
- Changed tls_connect_servername to use the first address that
+ resolves with
+ getaddrinfo(3).
- Remove broken conditional EVP_CHECK_DES_KEY code
(non-functional since initial commit in 2004).
- Reject too small bits value in BN_generate_prime_ex(),
so that it does not risk becoming negative in
probable_prime_dh_safe().
-
- Changed format of LIBRESSL_VERSION_NUMBER to match that of
+
- Changed format of LIBRESSL_VERSION_NUMBER to match that of
OPENSSL_VERSION_NUMBER.
- Avoid a potential undefined C99+ behavior due to shift overflow in
AES_decrypt.