===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/60.html,v
retrieving revision 1.62
retrieving revision 1.63
diff -c -r1.62 -r1.63
*** www/60.html 2016/08/16 10:01:37 1.62
--- www/60.html 2016/08/16 18:39:13 1.63
***************
*** 24,30 ****
Copyright 1997-2016, Theo de Raadt.
ISBN 978-0-9881561-8-0
! 6.0 Songs:
"Another Smash of the Stack",
"Black Hat",
"Money"
--- 24,30 ----
Copyright 1997-2016, Theo de Raadt.
ISBN 978-0-9881561-8-0
! 6.0 Songs:
"Another Smash of the Stack",
"Black Hat",
"Money"
***************
*** 267,275 ****
can now only be used by the kernel-provided signal trampoline,
with a cookie to detect attempts to reuse it.
To deter code reuse exploits, rc(8)
! re-links libc.so on startup, placing the objects in a random order.
In the getpwnam(3)
! family of functions, stop opening the shadow database by default.
Allow tcpdump(8)
-r to be started without root privileges.
Remove
--- 267,275 ----
can now only be used by the kernel-provided signal trampoline,
with a cookie to detect attempts to reuse it.
To deter code reuse exploits, rc(8)
! re-links libc.so on startup, placing the objects in a random order.
In the getpwnam(3)
! family of functions, stop opening the shadow database by default.
Allow tcpdump(8)
-r to be started without root privileges.
Remove
***************
*** 341,349 ****
Implement the rcs(1)
-I (interactive) flag.
In rcs(1),
! implement Mdocdate keyword substitution.
In top(1),
! allow to filter process arguments if they are being displayed.
Added UTF-8 support to
fold(1) and
rev(1).
--- 341,349 ----
Implement the rcs(1)
-I (interactive) flag.
In rcs(1),
! implement Mdocdate keyword substitution.
In top(1),
! allow to filter process arguments if they are being displayed.
Added UTF-8 support to
fold(1) and
rev(1).
***************
*** 441,469 ****
Fix a logic issue in the SMTP state machine that can lead to
an invalid state and result in a crash.
Plug a file-pointer leak that can lead to resource exhaustion
! and result in a crash.
Use automatic DH parameters instead of fixed ones.
Disable DHE by default since it is computationally expensive
! and a potential DoS vector.
The following improvements were brought in this release:
- Add the -r option to the
smtpd(8)
enqueuer for compatibility with mailx.
-
- Explicitly enclose SMTP transactions between BEGIN and
- COMMIT/ROLLBACK filter events.
- Add missing date or message-id when listening on the submit
! port.
- Fix "smtpctl show queue" reporting "invalid" envelope state.
- Rework the format of the "Received" header so that the TLS
part does not violate the RFC.
- Increase the number of connections a local address is
allowed to establish, and decrease the delay between
transactions in the same session.
!
- Properly reset the transaction when a filter rejects a
! message.
!
- Deal with LMTP servers returning continuation lines.
--- 441,470 ----
Fix a logic issue in the SMTP state machine that can lead to
an invalid state and result in a crash.
Plug a file-pointer leak that can lead to resource exhaustion
! and result in a crash.
Use automatic DH parameters instead of fixed ones.
Disable DHE by default since it is computationally expensive
! and a potential DoS vector.
The following improvements were brought in this release:
- Add the -r option to the
smtpd(8)
enqueuer for compatibility with mailx.
- Add missing date or message-id when listening on the submit
! port.
- Fix "smtpctl show queue" reporting "invalid" envelope state.
- Rework the format of the "Received" header so that the TLS
part does not violate the RFC.
- Increase the number of connections a local address is
allowed to establish, and decrease the delay between
transactions in the same session.
!
- Fix LMTP delivery to servers returning continuation lines.
!
- Further improve the still experimental filer API and fix
! various related issues.
!
- Start improving and unifying the format of log messages.
!
- Fix several documentation discrepancies and typos in the man
! pages.
***************
*** 538,544 ****
In scp(1)
and sftp(1),
prevent screwing up terminal settings by escaping bytes
! not forming ASCII or UTF-8 characters.
ssh(1),
sshd(8):
Reduce the syslog level of some relatively common protocol events
--- 539,545 ----
In scp(1)
and sftp(1),
prevent screwing up terminal settings by escaping bytes
! not forming ASCII or UTF-8 characters.
ssh(1),
sshd(8):
Reduce the syslog level of some relatively common protocol events
***************
*** 644,650 ****
Deprecated internal use of
EVP_[Cipher|Encrypt|Decrypt]_Final.
Fixed a problem that prevents the DSA signing algorithm from running
! in constant time even if the flag BN_FLG_CONSTTIME is set.
Fixed several issues in the OCSP code that could result in the
incorrect generation and parsing of OCSP requests. This remediates
a lack of error checking on time parsing in these functions, and
--- 645,651 ----
Deprecated internal use of
EVP_[Cipher|Encrypt|Decrypt]_Final.
Fixed a problem that prevents the DSA signing algorithm from running
! in constant time even if the flag BN_FLG_CONSTTIME is set.
Fixed several issues in the OCSP code that could result in the
incorrect generation and parsing of OCSP requests. This remediates
a lack of error checking on time parsing in these functions, and