version 1.65, 2016/08/17 16:45:41 |
version 1.66, 2016/08/21 22:51:34 |
|
|
a new <tt>chown</tt> promise that allows pledged programs to set |
a new <tt>chown</tt> promise that allows pledged programs to set |
setugid attributes, |
setugid attributes, |
a stricter enforcement of the <tt>recvfd</tt> promise and |
a stricter enforcement of the <tt>recvfd</tt> promise and |
<a href="man.openbsd.org/chroot.2">chroot(2)</a> is no longer allowed |
<a href="http://man.openbsd.org/chroot.2">chroot(2)</a> is no longer |
for pledged programs. |
allowed for pledged programs. |
<li>a number of |
<li>a number of |
<a href="http://man.openbsd.org/pledge">pledge(2)</a>-related bugs |
<a href="http://man.openbsd.org/pledge">pledge(2)</a>-related bugs |
(missing promises, unintended changes of behavior, crashes) were fixed, |
(missing promises, unintended changes of behavior, crashes) were fixed, |
|
|
and only included for legacy compatibility. |
and only included for legacy compatibility. |
<li><a href="http://man.openbsd.org/ssh.1">ssh(1)</a>, |
<li><a href="http://man.openbsd.org/ssh.1">ssh(1)</a>, |
<a href="http://man.openbsd.org/sshd.8">sshd(8)</a>: |
<a href="http://man.openbsd.org/sshd.8">sshd(8)</a>: |
Improve ordering ordering of MAC verification for |
Improve ordering of MAC verification for |
<i>Encrypt-then-MAC</i> (EtM) mode transport MAC algorithms to |
<i>Encrypt-then-MAC</i> (EtM) mode transport MAC algorithms to |
verify the MAC before decrypting any ciphertext. This removes the |
verify the MAC before decrypting any ciphertext. This removes the |
possibility of timing differences leaking facts about the plaintext, |
possibility of timing differences leaking facts about the plaintext, |