Releases: HardenedBSD/hardenedBSD-stable
HardenedBSD-10-STABLE-v34.7
- add missing header file, which fixes some MAP_32BIT related issue
HardenedBSD-10-STABLE-v34.6
HBSD: move pax_segvguard_check to better place
HBSD: stability fix: pid_max -> maxproc
HBSD: use get_prison_td(...) instead of get_prison(...) in NOEXEC's sysctls
HBSD: change the default FS type from UFS1 to UFS2 on memstick installer on amd64
HBSD: fix prefixes in log messages
HBSD: fill in the COPYRIGHT_Vendor entry in sys/sys/copyright.h
HBSD: change early sysinit string
HBSD: add PAX_NOTE_FINALIZED flag to the allowed flags set
HBSD: remove unneeded headers from hbsd_pax_segvguard.c
HBSD: remove unneeded header from hbsd_pax_noexec.c
HBSD: remove unneeded headers from hbsd_pax_hardening.c
HBSD: remove unneeded headers from hbsd_pax_aslr.c
HBSD: remove unneeded headers from hbsd_pax_common.c
HardenedBSD-10-STABLE-v34.5
[freebsd] OpenSSL 1.0.1q - fixes CVE-2015-3194 and CVE-2015-3195
HardenedBSD-10-STABLE-v34.3
- fix build on 11-CURRENT
- remove unused pkg-ng repo pubkey (no revocation needs)
HardenedBSD-11-CURRENT-v34
- [freebsd] MFV ntp-4.2.8p4 (r289715)
- [hardenedbsd] install initial /boot/entropy file at the end of the install
- [freebsd] Merge OpenSSL 1.0.2d.
- [freebsd] clang 3.7
- [hardenedbsd] synced kernel configs to GENERIC
- [hardenedbsd] Do not build lib32 and 32bit related stuffs on 64bit platforms by default.
- [hardenedbsd] disabled obsoleted syscons in HARDENEDBSD kernel config
- [hardenedbsd] remove all moduli that are less than 2047... It is likely that nation-states can crack these wide pen...
- [hardenedbsd] properly update /etc/motd in HardenedBSD case both after fresh install, and both from FreeBSD to HardenedBSD update
- [freebsd] introduce linuxkpi
- [freebsd] Update jemalloc to version 4.0.4.
- [freebsd] Update hostapd/wpa_supplicant to version 2.5
- [freebsd] Switch the default OpenMP runtime for clang to libomp
- [freebsd] resolver: automatically reload /etc/resolv.conf
- [freebsd] Update from svn-1.8.14 to 1.9.2.
- [freebsd] Remove compatibility shims for legacy ATA device names. FYI!!!
- [freebsd] Update Dragonfly Mail Agent to v0.10
- [freebsd] Change the default setting of kern.ipc.shm_allow_removed from 0 to 1. // this fixes chrome crashes
- [freebsd] Upgrade to Unbound 1.5.5
- [freebsd] bhyve windows support
- [freebsd] and alot of ZFS updates
https://www.freebsd.org/security/advisories/FreeBSD-EN-15:18.pkg.asc
https://www.freebsd.org/security/advisories/FreeBSD-EN-15:17.libc.asc
https://www.freebsd.org/security/advisories/FreeBSD-EN-15:16.pw.asc
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:25.ntp.asc
HardenedBSD-10-STABLE-v34.2
- [freebsd EN/SA candidate] Fix overflow bugs in and remove obsolete limit from kernel RPC implementation.
- [freebsd] updated file command to version 5.25
- [freebsd] truss updates
- [freebsd] disable SSE in libthr
UPDATE:
- [freebsd] https://www.freebsd.org/security/advisories/FreeBSD-EN-15:20.vm.asc
- [freebsd] https://www.freebsd.org/security/advisories/FreeBSD-EN-15:19.kqueue.asc
- [freebsd] https://www.freebsd.org/security/advisories/FreeBSD-SA-15:24.rpcbind.asc
- [freebsd] https://www.freebsd.org/security/advisories/FreeBSD-SA-15:25.ntp.asc
HardenedBSD-10-STABLE-v34
- disabled lib32 build and install
- updated ntpd to ntp-4.2.8p4 which fixes a lot of CVEs
- remove all moduli that are less than 2047... It is likely that nation-states can crack these wide open...
- coverity warning fixes
HardenedBSD-10-STABLE-v32.5
HBSD / (@jmgurney) : remove all moduli that are less than 2047... It is likely that nation-states can crack these wide open...
HardenedBSD-10-STABLE-v32.4
- [FreeBSD] several CAM, CTL, HA, iSCSI and ZFS related commit
- [FreeBSD] vm / uma fixes
HardenedBSD-10-STABLE-v32.3
- Fix a regression with SA-15:24 patch that prevented NIS from working.