HardenedBSD-10-STABLE-v34.7

• add missing header file, which fixes some MAP_32BIT related issue

HardenedBSD-10-STABLE-v34.6

HBSD: move pax_segvguard_check to better place
HBSD: stability fix: pid_max -> maxproc
HBSD: use get_prison_td(...) instead of get_prison(...) in NOEXEC's sysctls
HBSD: change the default FS type from UFS1 to UFS2 on memstick installer on amd64
HBSD: fix prefixes in log messages
HBSD: fill in the COPYRIGHT_Vendor entry in sys/sys/copyright.h
HBSD: change early sysinit string
HBSD: add PAX_NOTE_FINALIZED flag to the allowed flags set
HBSD: remove unneeded headers from hbsd_pax_segvguard.c
HBSD: remove unneeded header from hbsd_pax_noexec.c
HBSD: remove unneeded headers from hbsd_pax_hardening.c
HBSD: remove unneeded headers from hbsd_pax_aslr.c
HBSD: remove unneeded headers from hbsd_pax_common.c

HardenedBSD-10-STABLE-v34.5

[freebsd] OpenSSL 1.0.1q - fixes CVE-2015-3194 and CVE-2015-3195

HardenedBSD-10-STABLE-v34.3

• fix build on 11-CURRENT
• remove unused pkg-ng repo pubkey (no revocation needs)

HardenedBSD-11-CURRENT-v34

• [freebsd] MFV ntp-4.2.8p4 (r289715)
• [hardenedbsd] install initial /boot/entropy file at the end of the install
• [freebsd] Merge OpenSSL 1.0.2d.
• [freebsd] clang 3.7
• [hardenedbsd] synced kernel configs to GENERIC
• [hardenedbsd] Do not build lib32 and 32bit related stuffs on 64bit platforms by default.
• [hardenedbsd] disabled obsoleted syscons in HARDENEDBSD kernel config
• [hardenedbsd] remove all moduli that are less than 2047... It is likely that nation-states can crack these wide pen...
• [hardenedbsd] properly update /etc/motd in HardenedBSD case both after fresh install, and both from FreeBSD to HardenedBSD update
• [freebsd] introduce linuxkpi
• [freebsd] Update jemalloc to version 4.0.4.
• [freebsd] Update hostapd/wpa_supplicant to version 2.5
• [freebsd] Switch the default OpenMP runtime for clang to libomp
• [freebsd] resolver: automatically reload /etc/resolv.conf
• [freebsd] Update from svn-1.8.14 to 1.9.2.
• [freebsd] Remove compatibility shims for legacy ATA device names. FYI!!!
• [freebsd] Update Dragonfly Mail Agent to v0.10
• [freebsd] Change the default setting of kern.ipc.shm_allow_removed from 0 to 1. // this fixes chrome crashes
• [freebsd] Upgrade to Unbound 1.5.5
• [freebsd] bhyve windows support
• [freebsd] and alot of ZFS updates

https://www.freebsd.org/security/advisories/FreeBSD-EN-15:18.pkg.asc
https://www.freebsd.org/security/advisories/FreeBSD-EN-15:17.libc.asc
https://www.freebsd.org/security/advisories/FreeBSD-EN-15:16.pw.asc
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:25.ntp.asc

HardenedBSD-10-STABLE-v34.2

• [freebsd EN/SA candidate] Fix overflow bugs in and remove obsolete limit from kernel RPC implementation.
• [freebsd] updated file command to version 5.25
• [freebsd] truss updates
• [freebsd] disable SSE in libthr

UPDATE:

• [freebsd] https://www.freebsd.org/security/advisories/FreeBSD-EN-15:20.vm.asc
• [freebsd] https://www.freebsd.org/security/advisories/FreeBSD-EN-15:19.kqueue.asc
• [freebsd] https://www.freebsd.org/security/advisories/FreeBSD-SA-15:24.rpcbind.asc
• [freebsd] https://www.freebsd.org/security/advisories/FreeBSD-SA-15:25.ntp.asc

HardenedBSD-10-STABLE-v34

• disabled lib32 build and install
• updated ntpd to ntp-4.2.8p4 which fixes a lot of CVEs
• remove all moduli that are less than 2047... It is likely that nation-states can crack these wide open...
• coverity warning fixes

HardenedBSD-10-STABLE-v32.5

HBSD / (@jmgurney) : remove all moduli that are less than 2047... It is likely that nation-states can crack these wide open...

HardenedBSD-10-STABLE-v32.4

• [FreeBSD] several CAM, CTL, HA, iSCSI and ZFS related commit
• [FreeBSD] vm / uma fixes

HardenedBSD-10-STABLE-v32.3

• Fix a regression with SA-15:24 patch that prevented NIS from working.