Skip to content

10
Compare
Choose a tag to compare
@thestinger thestinger released this 12 Jan 20:15
· 97 commits to main since this release
10
This tag was signed with the committer’s verified signature.
thestinger Daniel Micay
GPG key ID: F9E712E59AF5F22A
Learn about vigilant mode.
17891d7

Full list of changes from the previous release (version 9). Notable changes:

  • improved memory corruption mitigation test suite
  • remove canary value field from slab metadata when the slab canary feature is disabled
  • add appropriate attributes to the public API defined in the hardened_malloc header
  • add configuration variant system with two standard recommended configurations: default for an aggressive security-focused configuration and light for a more balanced configuration disabling a subset of the optional security features for better performance (comparable to glibc malloc without the thread cache) and much lower memory usage while still providing most of the security properties (details in README)
  • switch from C11 to C17

See the README for this release for an overview of the project and many details about the design goals and implementation.

These integer numbered tags are the standalone releases, while the SQ1A.211205.008.2021122018 style tags are part of GrapheneOS releases and may contain GrapheneOS-specific changes such as workarounds for latent memory corruption bugs encountered in the wild while waiting for an upstream or downstream fix.

Assets 2