www/62.html - diff

Return to 62.html CVS log

Up to [local] / www

Diff for /www/62.html between version 1.52 and 1.53

version 1.52, 2017/10/05 00:26:55

version 1.53, 2017/10/05 03:55:02

Line 18

6.2

</h2>

Released October 15, 2017

Line 61

to 6.2.

<ul>

<li>New/extended platforms:

<ul>

<li>The <a href="https://www.openbsd.org/i386.html">i386</a> and

platforms have switched to using

<a href="https://man.openbsd.org/clang-local.1">clang(1)</a>

as the base system compiler.

<li>...

</ul>

<li>Improved hardware support, including:

<ul>

Line 109

Line 99

<li>The <a href="https://man.openbsd.org/puc.4">puc(4)</a> driver now supports ASIX AX99100 devices.

<li>Xen platform support and the <a href="https://man.openbsd.org/xbf.4">xbf(4)</a> driver in particular have been substantially improved.

<li><a href="https://man.openbsd.org/nvme.4">nvme(4)</a> driver now reports correct last sector address to scsi, allowing valid GPT to be created.

<li>...

<li>Repair ioapic(8) misconfigurations.

</ul>

Line 234

Line 224

were rewritten to cope with the removal.

<li>Trapsleds, a new mitigation that significantly reduces the amount of

nops in the instruction stream, converting them to traps, making it

nops in the instruction stream, replacing them with trap instructions

harder to target potential gadgets.

or jump-over-trap sequences, thereby requiring greater accuracy for

targetting potential gadgets.

<li>Kernel Address Randomized Link (KARL), a new "link-kit" allows the .o

files of the kernel to be relinked in a random order, creating a unique

kernel for each boot.

kernel for each boot. /bsd is now non-readable to users, to try to

keep the secret.

<li>Like with libc previously,

<a href="https://man.openbsd.org/rc.8">rc(8)</a> re-links libcrypto on

startup, placing the objects in a random order.

Line 263

Line 255

<li>Tighter pledge for <a href="https://man.openbsd.org/at.1">at(1)</a>.

<li>Fixed and simplified pledge logic for

<a href="https://man.openbsd.org/nc.1">nc(1)</a>.

<li>More application of recallocarray(3) in userland, and tracked sizes

to free(9) in the kernel.

<li>Achieve higher levels of paranoia regarding structure packing, and

clear many kernel objects before passing to userland.

<li>Disable some optimizations in clang(1) due to incompatibility

with security.

<li>For instance, cope with clang(1)'s assumption that static or const

objects placed in unknown sections (such as .openbsd.randomdata)

are surely always 0, and therefore such memory accesses can be

optimized away..

<li>In kernel, randomly bias down the top-of-stack per kthread.

</ul>

Line 345

Line 348

<li>Assorted improvements:

<ul>

<li>The <a href="https://www.openbsd.org/i386.html">i386</a> and

platforms have switched to using

<a href="https://man.openbsd.org/clang-local.1">clang(1)</a>

as the base system compiler.

<li>Improved UTF-8 line editing support for

Emacs and Vi input mode.

Line 419

Line 427

for debugging lock order issues in the kernel.

The tool is not built in by default, and only amd64, hppa and i386

are supported.

<li>Modernize some bizzare tty behaviours of getty(8).

<li>Some subtle changes to pledge(2) to satisfy requirements observed

in real life.

<li>Prefer use of waitpid(2) rather than wait(3) where possible, to

avoid problems with pre-existing children.

<li>Rewrite swaths of machine-dependent system call stub code in ld.so(1)

in a more portable fashion.

<li><a href="https://man.openbsd.org/pool_cache_init.9">Per-CPU

caches</a> implemented in pools

</ul>

Line 512

Line 527

<ul>

<li>alpha: XXXX

<li>amd64: XXXX

<li>amd64: 9728

<li>arm: XXXX

</ul></td><td valign=top width="25%"><ul>

<li>hppa: XXXX

<li>i386: XXXX

<li>i386: 9285

<li>mips64: XXXX

</ul></td><td valign=top width="25%"><ul>

<li>mips64el: XXXX