===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/60.html,v
retrieving revision 1.62
retrieving revision 1.63
diff -u -r1.62 -r1.63
--- www/60.html 2016/08/16 10:01:37 1.62
+++ www/60.html 2016/08/16 18:39:13 1.63
@@ -24,7 +24,7 @@
Copyright 1997-2016, Theo de Raadt.
ISBN 978-0-9881561-8-0
-6.0 Songs:
+6.0 Songs:
"Another Smash of the Stack",
"Black Hat",
"Money"
@@ -267,9 +267,9 @@
can now only be used by the kernel-provided signal trampoline,
with a cookie to detect attempts to reuse it.
To deter code reuse exploits, rc(8)
- re-links libc.so on startup, placing the objects in a random order.
+ re-links libc.so on startup, placing the objects in a random order.
In the getpwnam(3)
- family of functions, stop opening the shadow database by default.
+ family of functions, stop opening the shadow database by default.
Allow tcpdump(8)
-r to be started without root privileges.
Remove
@@ -341,9 +341,9 @@
Implement the rcs(1)
-I (interactive) flag.
In rcs(1),
- implement Mdocdate keyword substitution.
+ implement Mdocdate keyword substitution.
In top(1),
- allow to filter process arguments if they are being displayed.
+ allow to filter process arguments if they are being displayed.
Added UTF-8 support to
fold(1) and
rev(1).
@@ -441,29 +441,30 @@
Fix a logic issue in the SMTP state machine that can lead to
an invalid state and result in a crash.
Plug a file-pointer leak that can lead to resource exhaustion
- and result in a crash.
+ and result in a crash.
Use automatic DH parameters instead of fixed ones.
Disable DHE by default since it is computationally expensive
- and a potential DoS vector.
+ and a potential DoS vector.
The following improvements were brought in this release:
- Add the -r option to the
smtpd(8)
enqueuer for compatibility with mailx.
-
- Explicitly enclose SMTP transactions between BEGIN and
- COMMIT/ROLLBACK filter events.
- Add missing date or message-id when listening on the submit
- port.
+ port.
- Fix "smtpctl show queue" reporting "invalid" envelope state.
- Rework the format of the "Received" header so that the TLS
part does not violate the RFC.
- Increase the number of connections a local address is
allowed to establish, and decrease the delay between
transactions in the same session.
-
- Properly reset the transaction when a filter rejects a
- message.
-
- Deal with LMTP servers returning continuation lines.
+
- Fix LMTP delivery to servers returning continuation lines.
+
- Further improve the still experimental filer API and fix
+ various related issues.
+
- Start improving and unifying the format of log messages.
+
- Fix several documentation discrepancies and typos in the man
+ pages.
@@ -538,7 +539,7 @@
In scp(1)
and sftp(1),
prevent screwing up terminal settings by escaping bytes
- not forming ASCII or UTF-8 characters.
+ not forming ASCII or UTF-8 characters.
ssh(1),
sshd(8):
Reduce the syslog level of some relatively common protocol events
@@ -644,7 +645,7 @@
Deprecated internal use of
EVP_[Cipher|Encrypt|Decrypt]_Final.
Fixed a problem that prevents the DSA signing algorithm from running
- in constant time even if the flag BN_FLG_CONSTTIME is set.
+ in constant time even if the flag BN_FLG_CONSTTIME is set.
Fixed several issues in the OCSP code that could result in the
incorrect generation and parsing of OCSP requests. This remediates
a lack of error checking on time parsing in these functions, and