version 1.76, 2017/10/09 15:35:15 |
version 1.77, 2017/10/09 15:55:26 |
|
|
<li>Tighter pledge for <a href="https://man.openbsd.org/at.1">at(1)</a>. |
<li>Tighter pledge for <a href="https://man.openbsd.org/at.1">at(1)</a>. |
<li>Fixed and simplified pledge logic for |
<li>Fixed and simplified pledge logic for |
<a href="https://man.openbsd.org/nc.1">nc(1)</a>. |
<a href="https://man.openbsd.org/nc.1">nc(1)</a>. |
<li>More application of recallocarray(3) in userland, and tracked sizes |
<li>More application of |
to free(9) in the kernel. |
<a href="https://man.openbsd.org/recallocarray.3">recallocarray(3)</a> |
|
in userland, and tracked sizes to |
|
<a href="https://man.openbsd.org/free.9">free(9)</a> in the kernel. |
<li>Achieve higher levels of paranoia regarding structure packing, and |
<li>Achieve higher levels of paranoia regarding structure packing, and |
clear many kernel objects before passing to userland. |
clear many kernel objects before passing to userland. |
<li>Disable some optimizations in clang(1) due to incompatibility |
<li>Disable some optimizations in |
with security. |
<a href="https://man.openbsd.org/clang.1">clang(1)</a> |
<li>For instance, cope with clang(1)'s assumption that static or const |
due to incompatibility with security. |
|
<li>For instance, cope with |
|
<a href="https://man.openbsd.org/clang.1">clang(1)</a>'s assumption |
|
that static or const |
objects placed in unknown sections (such as .openbsd.randomdata) |
objects placed in unknown sections (such as .openbsd.randomdata) |
are surely always 0, and therefore such memory accesses can be |
are surely always 0, and therefore such memory accesses can be |
optimized away. |
optimized away. |