version 1.2, 2014/09/09 07:11:41 |
version 1.3, 2014/09/11 17:37:00 |
|
|
<li>Removed <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bdes&manpath=OpenBSD%20Current&sektion=1&format=html">bdes(1)</a>, so as to not encourage its use. |
<li>Removed <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bdes&manpath=OpenBSD%20Current&sektion=1&format=html">bdes(1)</a>, so as to not encourage its use. |
<li>Removed dead KAME code that dealt with IPv4-mapped IPv6 addresses; added check for IPv4-mapped IPv6 destination addresses for non-connected sockets. |
<li>Removed dead KAME code that dealt with IPv4-mapped IPv6 addresses; added check for IPv4-mapped IPv6 destination addresses for non-connected sockets. |
<li>Use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arc4random_buf&manpath=OpenBSD%20Current&sektion=3&format=html">arc4random_buf(3)</a> instead of harmful RAND_xxx in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kerberos&manpath=OpenBSD%20Current&sektion=8&format=html">kerberos(8)</a>. |
<li>Use <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=arc4random_buf&manpath=OpenBSD%20Current&sektion=3&format=html">arc4random_buf(3)</a> instead of harmful RAND_xxx in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=kerberos&manpath=OpenBSD%20Current&sektion=8&format=html">kerberos(8)</a>. |
<li>Sync <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=traceroute6&manpath=OpenBSD%20Current&sektion=8&format=html">traceroute6(8)</a> to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tracroute&manpath=OpenBSD%20Current&sektion=8&format=html">tracroute(8)</a>: don't print source IP if "-s" is not given. |
<li>Sync <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=traceroute6&manpath=OpenBSD%20Current&sektion=8&format=html">traceroute6(8)</a> to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=traceroute&manpath=OpenBSD%20Current&sektion=8&format=html">traceroute(8)</a>: don't print source IP if "-s" is not given. |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=relayd&manpath=OpenBSD%20Current&sektion=8&format=html">relayd(8)</a>, fixed <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&manpath=OpenBSD%20Current&sektion=8&format=html">ssl(8)</a> client-only mode when no RSA private key is needed. |
<li>In <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=relayd&manpath=OpenBSD%20Current&sektion=8&format=html">relayd(8)</a>, fixed <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&manpath=OpenBSD%20Current&sektion=8&format=html">ssl(8)</a> client-only mode when no RSA private key is needed. |
<li>Neuter the -legacy_renegotiation option to the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=openssl&manpath=OpenBSD%20Current&sektion=1&format=html">openssl(1)</a> "openssl s_{client,server}"; added support for "-starttls lmtp" to openssl s_client. |
<li>Neuter the -legacy_renegotiation option to the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=openssl&manpath=OpenBSD%20Current&sektion=1&format=html">openssl(1)</a> "openssl s_{client,server}"; added support for "-starttls lmtp" to openssl s_client. |
<li>When parsing a new cert into memory occupied by a previously verified cert, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&manpath=OpenBSD%20Current&sektion=8&format=html">ssl(8)</a> will no longer bypass verification checks. |
<li>When parsing a new cert into memory occupied by a previously verified cert, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&manpath=OpenBSD%20Current&sektion=8&format=html">ssl(8)</a> will no longer bypass verification checks. |