version 1.87, 2019/04/15 17:25:26 |
version 1.88, 2019/04/15 17:56:55 |
|
|
<li>RETGUARD performance and security has been improved in |
<li>RETGUARD performance and security has been improved in |
<a href="https://man.openbsd.org/clang-local.1">clang(1)</a> |
<a href="https://man.openbsd.org/clang-local.1">clang(1)</a> |
by keeping data on registers instead of on the stack when possible, |
by keeping data on registers instead of on the stack when possible, |
and lengthing the epilogue trapsled on amd64 to consume the rest |
and lengthening the epilogue trapsled on amd64 to consume the rest |
of the cache line before the return. |
of the cache line before the return. |
<li>RETGUARD replaces the stack protector on amd64 and arm64, |
<li>RETGUARD replaces the stack protector on amd64 and arm64, |
since RETGUARD instruments every function that returns and provides |
since RETGUARD instruments every function that returns and provides |
|
|
<li><a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> already used |
<li><a href="https://man.openbsd.org/tcpdump.8">tcpdump(8)</a> already used |
privsep, <a href="https://man.openbsd.org/pledge.2">pledge(2)</a> and |
privsep, <a href="https://man.openbsd.org/pledge.2">pledge(2)</a> and |
<a href="https://man.openbsd.org/unveil.2">unveil(2)</a> containment. |
<a href="https://man.openbsd.org/unveil.2">unveil(2)</a> containment. |
Now also drop root privileges completely (switching to a reserved uid). |
It now also drops root privileges completely (switching to a reserved uid). |
<li>The multi-threaded performance of |
<li>The multi-threaded performance of |
<a href="https://man.openbsd.org/malloc.3">malloc(3)</a> has been improved. |
<a href="https://man.openbsd.org/malloc.3">malloc(3)</a> has been improved. |
<li><a href="https://man.openbsd.org/malloc.3">malloc(3)</a> now uses |
<li><a href="https://man.openbsd.org/malloc.3">malloc(3)</a> now uses |
|
|
|
|
<li>Ports and packages: |
<li>Ports and packages: |
<ul> |
<ul> |
<li>C++ ports for non clang architectures are now compiled with |
<li>C++ ports for non-clang architectures are now compiled with |
ports gcc, so that more packages can be provided. |
ports gcc, so that more packages can be provided. |
</ul> |
</ul> |
<p> |
<p> |