| version 1.62, 2016/08/16 10:01:37 |
version 1.63, 2016/08/16 18:39:13 |
|
|
| Copyright 1997-2016, Theo de Raadt.<br> |
Copyright 1997-2016, Theo de Raadt.<br> |
| <font color="#e00000">ISBN 978-0-9881561-8-0</font> |
<font color="#e00000">ISBN 978-0-9881561-8-0</font> |
| <br> |
<br> |
| 6.0 Songs: |
6.0 Songs: |
| <a href="lyrics.html#60a">"Another Smash of the Stack"</a>, |
<a href="lyrics.html#60a">"Another Smash of the Stack"</a>, |
| <a href="lyrics.html#60b">"Black Hat"</a>, |
<a href="lyrics.html#60b">"Black Hat"</a>, |
| <a href="lyrics.html#60c">"Money"</a><br> |
<a href="lyrics.html#60c">"Money"</a><br> |
|
|
| can now only be used by the kernel-provided signal trampoline, |
can now only be used by the kernel-provided signal trampoline, |
| with a cookie to detect attempts to reuse it. |
with a cookie to detect attempts to reuse it. |
| <li>To deter code reuse exploits, <a href="http://man.openbsd.org/rc.8">rc(8)</a> |
<li>To deter code reuse exploits, <a href="http://man.openbsd.org/rc.8">rc(8)</a> |
| re-links libc.so on startup, placing the objects in a random order. |
re-links libc.so on startup, placing the objects in a random order. |
| <li>In the <a href="http://man.openbsd.org/getpwnam.3">getpwnam(3)</a> |
<li>In the <a href="http://man.openbsd.org/getpwnam.3">getpwnam(3)</a> |
| family of functions, stop opening the shadow database by default. |
family of functions, stop opening the shadow database by default. |
| <li>Allow <a href="http://man.openbsd.org/tcpdump.8">tcpdump(8)</a> |
<li>Allow <a href="http://man.openbsd.org/tcpdump.8">tcpdump(8)</a> |
| <tt>-r</tt> to be started without root privileges. |
<tt>-r</tt> to be started without root privileges. |
| <li>Remove |
<li>Remove |
|
|
| <li>Implement the <a href="http://man.openbsd.org/rcs.1">rcs(1)</a> |
<li>Implement the <a href="http://man.openbsd.org/rcs.1">rcs(1)</a> |
| <tt>-I</tt> (interactive) flag. |
<tt>-I</tt> (interactive) flag. |
| <li>In <a href="http://man.openbsd.org/rcs.1">rcs(1)</a>, |
<li>In <a href="http://man.openbsd.org/rcs.1">rcs(1)</a>, |
| implement Mdocdate keyword substitution. |
implement Mdocdate keyword substitution. |
| <li>In <a href="http://man.openbsd.org/top.1">top(1)</a>, |
<li>In <a href="http://man.openbsd.org/top.1">top(1)</a>, |
| allow to filter process arguments if they are being displayed. |
allow to filter process arguments if they are being displayed. |
| <li>Added UTF-8 support to |
<li>Added UTF-8 support to |
| <a href="http://man.openbsd.org/fold.1">fold(1)</a> and |
<a href="http://man.openbsd.org/fold.1">fold(1)</a> and |
| <a href="http://man.openbsd.org/rev.1">rev(1)</a>. |
<a href="http://man.openbsd.org/rev.1">rev(1)</a>. |
|
|
| <li>Fix a logic issue in the SMTP state machine that can lead to |
<li>Fix a logic issue in the SMTP state machine that can lead to |
| an invalid state and result in a crash. |
an invalid state and result in a crash. |
| <li>Plug a file-pointer leak that can lead to resource exhaustion |
<li>Plug a file-pointer leak that can lead to resource exhaustion |
| and result in a crash. |
and result in a crash. |
| <li>Use automatic DH parameters instead of fixed ones. |
<li>Use automatic DH parameters instead of fixed ones. |
| <li>Disable DHE by default since it is computationally expensive |
<li>Disable DHE by default since it is computationally expensive |
| and a potential DoS vector. |
and a potential DoS vector. |
| </ul> |
</ul> |
| <li>The following improvements were brought in this release: |
<li>The following improvements were brought in this release: |
| <ul> |
<ul> |
| <li>Add the <tt>-r</tt> option to the |
<li>Add the <tt>-r</tt> option to the |
| <a href="http://man.openbsd.org/smtpd">smtpd(8)</a> |
<a href="http://man.openbsd.org/smtpd">smtpd(8)</a> |
| enqueuer for compatibility with mailx. |
enqueuer for compatibility with mailx. |
| <li>Explicitly enclose SMTP transactions between BEGIN and |
|
| COMMIT/ROLLBACK filter events. |
|
| <li>Add missing date or message-id when listening on the submit |
<li>Add missing date or message-id when listening on the submit |
| port. |
port. |
| <li>Fix "smtpctl show queue" reporting "invalid" envelope state. |
<li>Fix "smtpctl show queue" reporting "invalid" envelope state. |
| <li>Rework the format of the "Received" header so that the TLS |
<li>Rework the format of the "Received" header so that the TLS |
| part does not violate the RFC. |
part does not violate the RFC. |
| <li>Increase the number of connections a local address is |
<li>Increase the number of connections a local address is |
| allowed to establish, and decrease the delay between |
allowed to establish, and decrease the delay between |
| transactions in the same session. |
transactions in the same session. |
| <li>Properly reset the transaction when a filter rejects a |
<li>Fix LMTP delivery to servers returning continuation lines. |
| message. |
<li>Further improve the still experimental filer API and fix |
| <li>Deal with LMTP servers returning continuation lines. |
various related issues. |
| |
<li>Start improving and unifying the format of log messages. |
| |
<li>Fix several documentation discrepancies and typos in the man |
| |
pages. |
| </ul> |
</ul> |
| </ul> |
</ul> |
| <p> |
<p> |
|
|
| <li>In <a href="http://man.openbsd.org/scp.1">scp(1)</a> |
<li>In <a href="http://man.openbsd.org/scp.1">scp(1)</a> |
| and <a href="http://man.openbsd.org/sftp.1">sftp(1)</a>, |
and <a href="http://man.openbsd.org/sftp.1">sftp(1)</a>, |
| prevent screwing up terminal settings by escaping bytes |
prevent screwing up terminal settings by escaping bytes |
| not forming ASCII or UTF-8 characters. |
not forming ASCII or UTF-8 characters. |
| <li><a href="http://man.openbsd.org/ssh.1">ssh(1)</a>, |
<li><a href="http://man.openbsd.org/ssh.1">ssh(1)</a>, |
| <a href="http://man.openbsd.org/sshd.8">sshd(8)</a>: |
<a href="http://man.openbsd.org/sshd.8">sshd(8)</a>: |
| Reduce the syslog level of some relatively common protocol events |
Reduce the syslog level of some relatively common protocol events |
|
|
| <li>Deprecated internal use of |
<li>Deprecated internal use of |
| <a href="http://man.openbsd.org/EVP_EncryptInit">EVP_[Cipher|Encrypt|Decrypt]_Final</a>. |
<a href="http://man.openbsd.org/EVP_EncryptInit">EVP_[Cipher|Encrypt|Decrypt]_Final</a>. |
| <li>Fixed a problem that prevents the DSA signing algorithm from running |
<li>Fixed a problem that prevents the DSA signing algorithm from running |
| in constant time even if the flag <tt>BN_FLG_CONSTTIME</tt> is set. |
in constant time even if the flag <tt>BN_FLG_CONSTTIME</tt> is set. |
| <li>Fixed several issues in the OCSP code that could result in the |
<li>Fixed several issues in the OCSP code that could result in the |
| incorrect generation and parsing of OCSP requests. This remediates |
incorrect generation and parsing of OCSP requests. This remediates |
| a lack of error checking on time parsing in these functions, and |
a lack of error checking on time parsing in these functions, and |
![[BACK]](/icons/back.gif){kind=icon}
Return to 60.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www