13

Changes in version 13:

• add support for ARM hardware memory tagging (MTE) which has been shipped in production on GrapheneOS for the past year (see the README section on memory tagging for details)
• Android: implement fatal_error() via async_safe_fatal() for improved logging
• Android: restore the default SIGABRT handler in fatal_error() before aborting to avoid deadlocks with crashlytics
• Android: remove redundant warning switches for Android
• fix -Wimplicit-function-declaration warning with GCC 14
• update libdivide to 5.1

A full list of changes from the previous release (version 12) is available through the Git commit log between the releases.

---

See the README for this release for an overview of the project and many details about the design goals and implementation.

This is a standalone release for use outside of GrapheneOS. GrapheneOS ships these changes shortly after they're implemented as part of our OS releases rather than waiting for these releases.

These integer tags are the standalone releases, while date style tags such as 2024101200 and 2024101200-caimito are part of GrapheneOS releases and may contain GrapheneOS-specific changes such as workarounds for latent memory corruption bugs encountered in the wild while waiting for an upstream or downstream fix.

12

Changes in version 12:

• raise class region size to 32GB for arm64 Android (requires kernel providing 48-bit address space via 4 level page tables)
• add configuration for disabling self-init
• enable Intel CET support
• drop support for legacy compilers and libc versions
• merge fprintf/fputs calls in malloc_info
• preserve error for free calls (future POSIX requirement)
• support versioned Clang
• when arenas are enabled, properly handle threads making their first allocation by resizing a slab allocation from another thread to another slab allocation size class with realloc instead of triggering a crash by trying to lock a field in the internal allocator state that's not a lock
• minor implementation and code style improvements

A full list of changes from the previous release (version 11) is available through the Git commit log between the releases.

---

See the README for this release for an overview of the project and many details about the design goals and implementation.

These integer tags are the standalone releases, while date style tags such as 2023091800 and 2023091800-felix are part of GrapheneOS releases and may contain GrapheneOS-specific changes such as workarounds for latent memory corruption bugs encountered in the wild while waiting for an upstream or downstream fix.

11

Full list of changes from the previous release (version 10). Notable changes:

• improved test suite portability
• various minor optimizations
• code readability improvements

---

See the README for this release for an overview of the project and many details about the design goals and implementation.

These integer numbered tags are the standalone releases, while the SQ1A.211205.008.2021122018 style tags are part of GrapheneOS releases and may contain GrapheneOS-specific changes such as workarounds for latent memory corruption bugs encountered in the wild while waiting for an upstream or downstream fix.

10

Full list of changes from the previous release (version 9). Notable changes:

• improved memory corruption mitigation test suite
• remove canary value field from slab metadata when the slab canary feature is disabled
• add appropriate attributes to the public API defined in the hardened_malloc header
• add configuration variant system with two standard recommended configurations: default for an aggressive security-focused configuration and light for a more balanced configuration disabling a subset of the optional security features for better performance (comparable to glibc malloc without the thread cache) and much lower memory usage while still providing most of the security properties (details in README)
• switch from C11 to C17

---

See the README for this release for an overview of the project and many details about the design goals and implementation.

These integer numbered tags are the standalone releases, while the SQ1A.211205.008.2021122018 style tags are part of GrapheneOS releases and may contain GrapheneOS-specific changes such as workarounds for latent memory corruption bugs encountered in the wild while waiting for an upstream or downstream fix.

9

Full list of changes from the previous release (version 8).

---

See the README for this release for an overview of the project and many details about the design goals and implementation.

These integer numbered tags are the standalone releases, while the SQ1A.211205.008.2021122018 style tags are part of GrapheneOS releases and may contain GrapheneOS-specific changes such as workarounds for latent memory corruption bugs encountered in the wild while waiting for an upstream or downstream fix.

8

Full list of changes from the previous release (version 7).

---

See the README for this release for an overview of the project and many details about the design goals and implementation.

These integer numbered tags are the standalone releases, while the RQ1A.210105.003.2021.01.05.03 style tags are part of GrapheneOS releases and may contain GrapheneOS-specific changes such as workarounds for latent memory corruption bugs encountered in the wild while waiting for an upstream or downstream fix.

7

Full list of changes from the previous release (version 6).

---

See the README for this release for an overview of the project and many details about the design goals and implementation.

These integer numbered tags are the standalone releases, while the RQ1A.210105.003.2021.01.05.03 style tags are part of GrapheneOS releases and may contain GrapheneOS-specific changes such as workarounds for latent memory corruption bugs encountered in the wild while waiting for an upstream or downstream fix.

6

Full list of changes from the previous release (version 5).

---

See the README for this release for an overview of the project and many details about the design goals and implementation.

These integer numbered tags are the standalone releases, while the RQ1A.210105.003.2021.01.05.03 style tags are part of GrapheneOS releases and may contain GrapheneOS-specific changes such as workarounds for latent memory corruption bugs encountered in the wild while waiting for an upstream or downstream fix.

5

Full list of changes from the previous release (version 4).

---

See the README for this release for an overview of the project and many details about the design goals and implementation.

These integer numbered tags are the standalone releases, while the RQ1A.210105.003.2021.01.05.03 style tags are part of GrapheneOS releases and may contain GrapheneOS-specific changes such as workarounds for latent memory corruption bugs encountered in the wild while waiting for an upstream or downstream fix.

4

Full list of changes from the previous release (version 3).

---

See the README for this release for an overview of the project and many details about the design goals and implementation.

These integer numbered tags are the standalone releases, while the RP1A.201105.002.2020.11.07.00 style tags are part of GrapheneOS releases and may contain GrapheneOS-specific changes such as workarounds for latent memory corruption bugs encountered in the wild while waiting for an upstream or downstream fix.