version 1.62, 2016/08/16 10:01:37 |
version 1.63, 2016/08/16 18:39:13 |
|
|
Copyright 1997-2016, Theo de Raadt.<br> |
Copyright 1997-2016, Theo de Raadt.<br> |
<font color="#e00000">ISBN 978-0-9881561-8-0</font> |
<font color="#e00000">ISBN 978-0-9881561-8-0</font> |
<br> |
<br> |
6.0 Songs: |
6.0 Songs: |
<a href="lyrics.html#60a">"Another Smash of the Stack"</a>, |
<a href="lyrics.html#60a">"Another Smash of the Stack"</a>, |
<a href="lyrics.html#60b">"Black Hat"</a>, |
<a href="lyrics.html#60b">"Black Hat"</a>, |
<a href="lyrics.html#60c">"Money"</a><br> |
<a href="lyrics.html#60c">"Money"</a><br> |
|
|
can now only be used by the kernel-provided signal trampoline, |
can now only be used by the kernel-provided signal trampoline, |
with a cookie to detect attempts to reuse it. |
with a cookie to detect attempts to reuse it. |
<li>To deter code reuse exploits, <a href="http://man.openbsd.org/rc.8">rc(8)</a> |
<li>To deter code reuse exploits, <a href="http://man.openbsd.org/rc.8">rc(8)</a> |
re-links libc.so on startup, placing the objects in a random order. |
re-links libc.so on startup, placing the objects in a random order. |
<li>In the <a href="http://man.openbsd.org/getpwnam.3">getpwnam(3)</a> |
<li>In the <a href="http://man.openbsd.org/getpwnam.3">getpwnam(3)</a> |
family of functions, stop opening the shadow database by default. |
family of functions, stop opening the shadow database by default. |
<li>Allow <a href="http://man.openbsd.org/tcpdump.8">tcpdump(8)</a> |
<li>Allow <a href="http://man.openbsd.org/tcpdump.8">tcpdump(8)</a> |
<tt>-r</tt> to be started without root privileges. |
<tt>-r</tt> to be started without root privileges. |
<li>Remove |
<li>Remove |
|
|
<li>Implement the <a href="http://man.openbsd.org/rcs.1">rcs(1)</a> |
<li>Implement the <a href="http://man.openbsd.org/rcs.1">rcs(1)</a> |
<tt>-I</tt> (interactive) flag. |
<tt>-I</tt> (interactive) flag. |
<li>In <a href="http://man.openbsd.org/rcs.1">rcs(1)</a>, |
<li>In <a href="http://man.openbsd.org/rcs.1">rcs(1)</a>, |
implement Mdocdate keyword substitution. |
implement Mdocdate keyword substitution. |
<li>In <a href="http://man.openbsd.org/top.1">top(1)</a>, |
<li>In <a href="http://man.openbsd.org/top.1">top(1)</a>, |
allow to filter process arguments if they are being displayed. |
allow to filter process arguments if they are being displayed. |
<li>Added UTF-8 support to |
<li>Added UTF-8 support to |
<a href="http://man.openbsd.org/fold.1">fold(1)</a> and |
<a href="http://man.openbsd.org/fold.1">fold(1)</a> and |
<a href="http://man.openbsd.org/rev.1">rev(1)</a>. |
<a href="http://man.openbsd.org/rev.1">rev(1)</a>. |
|
|
<li>Fix a logic issue in the SMTP state machine that can lead to |
<li>Fix a logic issue in the SMTP state machine that can lead to |
an invalid state and result in a crash. |
an invalid state and result in a crash. |
<li>Plug a file-pointer leak that can lead to resource exhaustion |
<li>Plug a file-pointer leak that can lead to resource exhaustion |
and result in a crash. |
and result in a crash. |
<li>Use automatic DH parameters instead of fixed ones. |
<li>Use automatic DH parameters instead of fixed ones. |
<li>Disable DHE by default since it is computationally expensive |
<li>Disable DHE by default since it is computationally expensive |
and a potential DoS vector. |
and a potential DoS vector. |
</ul> |
</ul> |
<li>The following improvements were brought in this release: |
<li>The following improvements were brought in this release: |
<ul> |
<ul> |
<li>Add the <tt>-r</tt> option to the |
<li>Add the <tt>-r</tt> option to the |
<a href="http://man.openbsd.org/smtpd">smtpd(8)</a> |
<a href="http://man.openbsd.org/smtpd">smtpd(8)</a> |
enqueuer for compatibility with mailx. |
enqueuer for compatibility with mailx. |
<li>Explicitly enclose SMTP transactions between BEGIN and |
|
COMMIT/ROLLBACK filter events. |
|
<li>Add missing date or message-id when listening on the submit |
<li>Add missing date or message-id when listening on the submit |
port. |
port. |
<li>Fix "smtpctl show queue" reporting "invalid" envelope state. |
<li>Fix "smtpctl show queue" reporting "invalid" envelope state. |
<li>Rework the format of the "Received" header so that the TLS |
<li>Rework the format of the "Received" header so that the TLS |
part does not violate the RFC. |
part does not violate the RFC. |
<li>Increase the number of connections a local address is |
<li>Increase the number of connections a local address is |
allowed to establish, and decrease the delay between |
allowed to establish, and decrease the delay between |
transactions in the same session. |
transactions in the same session. |
<li>Properly reset the transaction when a filter rejects a |
<li>Fix LMTP delivery to servers returning continuation lines. |
message. |
<li>Further improve the still experimental filer API and fix |
<li>Deal with LMTP servers returning continuation lines. |
various related issues. |
|
<li>Start improving and unifying the format of log messages. |
|
<li>Fix several documentation discrepancies and typos in the man |
|
pages. |
</ul> |
</ul> |
</ul> |
</ul> |
<p> |
<p> |
|
|
<li>In <a href="http://man.openbsd.org/scp.1">scp(1)</a> |
<li>In <a href="http://man.openbsd.org/scp.1">scp(1)</a> |
and <a href="http://man.openbsd.org/sftp.1">sftp(1)</a>, |
and <a href="http://man.openbsd.org/sftp.1">sftp(1)</a>, |
prevent screwing up terminal settings by escaping bytes |
prevent screwing up terminal settings by escaping bytes |
not forming ASCII or UTF-8 characters. |
not forming ASCII or UTF-8 characters. |
<li><a href="http://man.openbsd.org/ssh.1">ssh(1)</a>, |
<li><a href="http://man.openbsd.org/ssh.1">ssh(1)</a>, |
<a href="http://man.openbsd.org/sshd.8">sshd(8)</a>: |
<a href="http://man.openbsd.org/sshd.8">sshd(8)</a>: |
Reduce the syslog level of some relatively common protocol events |
Reduce the syslog level of some relatively common protocol events |
|
|
<li>Deprecated internal use of |
<li>Deprecated internal use of |
<a href="http://man.openbsd.org/EVP_EncryptInit">EVP_[Cipher|Encrypt|Decrypt]_Final</a>. |
<a href="http://man.openbsd.org/EVP_EncryptInit">EVP_[Cipher|Encrypt|Decrypt]_Final</a>. |
<li>Fixed a problem that prevents the DSA signing algorithm from running |
<li>Fixed a problem that prevents the DSA signing algorithm from running |
in constant time even if the flag <tt>BN_FLG_CONSTTIME</tt> is set. |
in constant time even if the flag <tt>BN_FLG_CONSTTIME</tt> is set. |
<li>Fixed several issues in the OCSP code that could result in the |
<li>Fixed several issues in the OCSP code that could result in the |
incorrect generation and parsing of OCSP requests. This remediates |
incorrect generation and parsing of OCSP requests. This remediates |
a lack of error checking on time parsing in these functions, and |
a lack of error checking on time parsing in these functions, and |