version 1.1, 2024/03/02 21:23:01 |
version 1.2, 2024/03/03 20:55:54 |
|
|
<li>... |
<li>... |
</ul> |
</ul> |
|
|
|
|
<li>Routing daemons and other userland network improvements: |
<li>Routing daemons and other userland network improvements: |
<ul> |
<ul> |
|
|
|
|
<li>... |
<li>... |
</ul> |
</ul> |
|
|
<li><a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> saw some changes: |
<li><a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> saw these and more changes: |
<ul> |
<ul> |
<li>... |
<li>Add ability to constrain an RPKI Trust Anchor's effective signing |
|
authority to a limited set of Internet numbers. This allows Relying |
|
Parties to enjoy the potential benefits of assuming trust, but within |
|
a bounded scope. |
|
<li>Following a 'failed fetch' (described in RFC 9286), emit a warning and |
|
continue with a previously cached Manifest file. |
|
<li>Emit a warning when the remote repository presents a Manifest with an |
|
unexpected manifestNumber. |
|
<li>Improved CRL extension checking. |
|
<li>Experimental support for the P-256 signature algorithm. |
|
<!-- 8.8. --> |
|
<li>A failed manifest fetch could result in a NULL pointer dereference or |
|
a use after free. |
|
<li>Reject non-conforming RRDP delta elements that contain neither publish |
|
nor a withdraw element and fall back to the RRDP snapshot. |
|
<li>Refactoring and minor bug fixes in the warning display functions. |
|
<!-- 8.9 --> |
|
<li>The handling of manifests fetched via rsync or RRDP was reworked to |
|
fully conform to RFC 9286. |
|
<li>Fix a race condition between closing an idle connection and scheduling a |
|
new request on it. |
|
<li>The evaluation time specified with -P now also applies to trust anchor |
|
certificates. |
|
<li>Check that the entire CMS eContent was consumed. Previously, trailing |
|
data would be silently discarded on deserialization of products. |
|
<li>In file mode do not consider overclaiming intermediate CA certificates |
|
as invalid. OAA warning is still issued. |
|
<li>Print the revocation time of certificates in file mode. |
|
<li>Be more careful when converting OpenSSL numeric identifiers (NIDs) |
|
to strings. |
|
<!-- 9.0 --> |
|
<li>Added support for RPKI Signed Prefix Lists. |
|
<li>Added an -x flag to opt into parsing and evaluation of file types that are |
|
still considered experimental. |
|
<li>Added a metric to track the number of new files that were moved to the |
|
validated cache. |
|
<li>Ensure that the FileAndHashes list in a Manifest contains no duplicate |
|
file names and no duplicate hashes. |
</ul> |
</ul> |
|
|
<li>In <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>, |
<li>In <a href="https://man.openbsd.org/smtpd.8">smtpd(8)</a>, |