Releases: HardenedBSD/hardenedBSD-stable
Releases · HardenedBSD/hardenedBSD-stable
HardenedBSD-11-CURRENT-v14
- ASLR bugfix
- pax framework: eliminated race-conditions
HardenedBSD-11-CURRENT-v13
- improved ASLR
- fixed stack randomization
- small internal changes
HardenedBSD-11-CURRENT-v11
changes since HardenedBSD-11-CURRENT-v10:
- updated OpenSSL by FreeBSD
- updated compiler-rt, which brings sanitizers by FreeBSD
- fixed use after free in lf_advlockasync(...)@kern/kern_lockf.c
- kbdmux default keymap support
- fix FreeBSD jail DoS - pr/196474
- added new devices to HARDENEDBSD kernel config
- extend init hardening
- initialize randompid with a random number in a range of [100,PID_MAX-100]
- added recursive support to setfacl(1)
HardenedBSD-11-CURRENT-v10.2
- fixed use after free in lf_advlockasync(...)@kern/kern_lockf.c
HardenedBSD-11-CURRENT-v10.1
- kbdmux default keymap support
- fix FreeBSD jail DoS - pr/196474
- added new devices to HARDENEDBSD kernel config
- extend init hardening
- initialize randompid with a random number in a range of [100,PID_MAX-100]
- added recursive support to setfacl(1)
HardenedBSD-11-CURRENT-v10
- rework and extend init/boot hardening / hijacking
- added credits file
- initialize randompid with a random number in a range of [100,PID_MAX-100]
- added information about HardenedBSD into loader.conf
- prevent init hijacking if PAX_HARDENING enabled
- remove more aout leftover
- constify sv_pax_aslr_init
HardenedBSD-11-CURRENT-v9
- added secfw hooks
HardenedBSD-11-CURRENT-v8.2
- new version after upstream's unbound fix: https://www.freebsd.org/security/advisories/FreeBSD-SA-14:30.unbound.asc
HardenedBSD-11-CURRENT-v8.1
- new version after kib's upstream fix:
https://github.com/freebsd/freebsd/commit/42d5fa98d30175edd5c387fa437ec4d956cb2300
related linux CVE:
http://www.openwall.com/lists/oss-security/2014/12/15/6
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9090
HardenedBSD-11-CURRENT-v8
- randomized shared object loading order
- pulled in FreeBSD's SA fixes
- fixed jail initialization bug in linuxulator and compat_freebsd32 case