===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/60.html,v
retrieving revision 1.2
retrieving revision 1.3
diff -c -r1.2 -r1.3
*** www/60.html 2016/07/03 20:20:13 1.2
--- www/60.html 2016/07/21 09:57:48 1.3
***************
*** 106,117 ****
--- 106,137 ----
Security improvements:
+ - W^X is now strictly enforced by default;
+ a program can only violate it if the executable is marked with
+ PT_OPENBSD_WXNEEDED and its is located on a filesystem
+ mounted with the wxallowed mount(8) option.
+
- The setjmp(3)
+ family of functions now apply XOR cookies to stack and return-address
+ values in the jmpbuf on amd64, hppa, i386, mips64, and powerpc.
+
- sigreturn(2)
+ can now only be used by the kernel-provided signal trampoline,
+ with a cookie to detect attempts to reuse it.
- ...
Assorted improvements:
+ - The thread library can now be loaded into a single-threaded process.
+
- Improved symbol handling and standards compliance in libc.
+ For example, defining an open() function will no longer
+ interfere with the operation of
+ fopen(3).
+
- PT_TLS sections are now supported in initially loaded object.
+
- Improved handling of "no paths" and "empty path" in
+ fts(3).
+
- kdump(1)
+ now dumps pollfd structures.
- ...