version 1.18, 2016/07/22 20:24:02 |
version 1.19, 2016/07/22 20:30:32 |
|
|
<li>... |
<li>... |
</ul> |
</ul> |
<p> |
<p> |
|
|
<li>Improved hardware support, including: |
<li>Improved hardware support, including: |
<ul> |
<ul> |
|
<li>The iwm driver supports more models, notably the 3165 and 8260. |
<li>... |
<li>... |
</ul> |
</ul> |
<p> |
<p> |
|
|
<li><a href="http://man.openbsd.org/sigreturn.2">sigreturn(2)</a> |
<li><a href="http://man.openbsd.org/sigreturn.2">sigreturn(2)</a> |
can now only be used by the kernel-provided signal trampoline, |
can now only be used by the kernel-provided signal trampoline, |
with a cookie to detect attempts to reuse it. |
with a cookie to detect attempts to reuse it. |
<li>In <a href="http://man.openbsd.org/rc.8">rc(8)</a>, |
<li>To deter ROP exploits, in <a href="http://man.openbsd.org/rc.8">rc(8)</a>, |
re-link libc.so on startup, placing the objects in a random order. |
re-link libc.so on startup, placing the objects in a random order. |
<li>In the <a href="http://man.openbsd.org/getpwnam.3">getpwnam(3)</a> |
<li>In the <a href="http://man.openbsd.org/getpwnam.3">getpwnam(3)</a> |
family of functions, stop opening the shadow database by default. |
family of functions, stop opening the shadow database by default. |
|
|
<a href="http://man.openbsd.org/OpenBSD-5.9/systrace">systrace</a>. |
<a href="http://man.openbsd.org/OpenBSD-5.9/systrace">systrace</a>. |
<li>Remove Linux emulation support. |
<li>Remove Linux emulation support. |
<li>Remove support for the usermount option. |
<li>Remove support for the usermount option. |
<li>The TCP SYN cache does reseed its random hash function from |
<li>The TCP SYN cache reseeds its random hash function from |
time to time. |
time to time. |
This prevents that an attacker can figure out the distribution |
This prevents an attacker from calculating the distribution |
of the hash function with a timing attack. |
of the hash function with a timing attack. |
<li>To work against SYN flooding attacks the administrator can |
<li>To work against SYN flooding attacks the administrator can |
change the size of the hash array now. |
change the size of the hash array now. |