HardenedBSD-stable 10-STABLE and 11-STABLE amd64 installers

10-STABLE
git git clone --single-branch --branch hardened/10-stable/master https://github.com/hardenedbsd/hardenedbsd-stable/ hardenedbsd-10-stable
installers http://installer.hardenedbsd.org/releases/hardened_10_stable_master-LAST/
11-STABLE
git git clone --single-branch --branch hardened/11-stable/master https://github.com/hardenedbsd/hardenedbsd-stable/ hardenedbsd-11-stable
installers http://installer.hardenedbsd.org/releases/hardened_11_stable_master-LAST/

Introducing SafeStack

We are excited to announce SafeStack in HardenedBSD base, along with the availability of SafeStack in ports! SafeStack is part of the Code Pointer Integrity (CPI) project within clang. For those running HardenedBSD 12-CURRENT (the hardened/current/master branch) on amd64, you can enjoy the benefits of SafeStack. Simply sync your source tree and rebuild world (you'll likely want to rebuild kernel to match world, of course). SafeStack is enabled by default for amd64 only. It is not ready for other architectures (like aarch64). Additionally, SafeStack is only applicable to applications, not shared objects.

Since SafeStack is still in early stages of development, we will not be enabling SafeStack globally for ports like we do with PIE and RELRO+BIND_NOW. Instead, we will add a flag to commonly-used ports entries that will tell our ports hardening framework to use SafeStack for that port. Users always have the option to opt-in or out a port via the config.

As the lld project becomes more mature, we'll make sure to test other CPI features. We hope to incorporate more CPI features in the future.

UPDATE 28 November 2016 - More Info:
Not many people may know what SafeStack is. Below is more information.

SafeStack is an exploit mitigation technique that creates two stacks: one for data that needs to be kept safe, such as return addresses and function pointers; and an unsafe stack for everything else. SafeStack promises a low performance penalty (typically around 0.1%).

SafeStack requires both ASLR and W^X in order to be effective. With HardenedBSD satisfying both of those prerequisites, SafeStack was deemed to be an excellent candidate for default inclusion in HardenedBSD. Starting with HardenedBSD 12-CURRENT, it is enabled by default for amd64. Support for non-amd64 architectures is limited by upstream clang.

As of 28 November 2016, with clang 3.9.0, SafeStack only supports being applied to applications and not shared libraries. Multiple patches have been submitted to clang by third parties to add support for shared libraries. As such, SafeStack is still undergoing active development.

SafeStack has been made available to the HardenedBSD ports tree as well. Unlike PIE and RELRO+BIND_NOW, it is not enabled globally for the ports tree. Some ports, like ports-mgmt/pkg have SafeStack enabled by default. Only those ports that have been tested to work fine will have SafeStack enabled by default. Users are able to toggle SafeStack by using the config target. Additionally, the SafeStack option is only applicable to amd64 architectures. Attempting to enable SafeStack for a non-amd64 port build will result in a NO-OP. SafeStack will simply not be applied.

Here's some good weekend reading for you if you'd like more info about SafeStack and CFI/CPI in general:

  1. SafeStack - Clang documentation
  2. Fine-Grained Control-Flow Integrity through Binary Hardening (PDF)
  3. Control-Flow Bending: On the Effectiveness of Control-Flow Integrity (PDF
  4. Code-Pointer Integrity (PDF)

Stable release: HardenedBSD-stable 10-STABLE v46.19

HardenedBSD-10-STABLE-v46.19 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Warning: this is a security update!

Highlights:

  • Advanced ifunc resolver in rtld (ebcf883abaa4a5407d9321c90e77b62d5400239e)
  • Updated ntpd to 4.2.8p2 (ae8e146bd5a44ecee88074684cfb450384368980) [FreeBSD-SA-Candidate]
  • Possible UFS related kernel panic fix (f1841547a520610c8f48c2c0b473b55dc84e1714)

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-10-STABLE-v46.19-amd64-bootonly.iso) = 98bfe0c145d04e8476a6af8639c8a1324c96572d4fc3739708e45e2bbab210a79c0bb766171034bba946b53db32782edf5f81d78a7f1d71603d6270117590027
SHA512 (HardenedBSD-10-STABLE-v46.19-amd64-disc1.iso) = 6c1672403a04dc819b45be7846332767266c1e565db14fb5d82e26792ccec4024f0348c71242464e18c3b4011fd235dfdc686ba8e342f2edea9d1b097167ba97
SHA512 (HardenedBSD-10-STABLE-v46.19-amd64-memstick.img) = 7297be987017198e761f85f43677677826b8828fce6bc8b7c233f6ec40abf84f5d23fdfe63c0c2be42d7017a8c8417286b793fdd865df68dbe769f31433a354c
SHA512 (HardenedBSD-10-STABLE-v46.19-amd64-mini-memstick.img) = ee63073bef4d3e4e8f2b86c8649b403eafaf7341432966fa97c76ad01544bff5e4819be84befa51ce7dd3f3c8da9c8192b6a7883cf3113f2306ddba7e4182811
SHA512 (HardenedBSD-10-STABLE-v46.19-amd64-uefi-bootonly.iso) = e776686a78c765125bb3cd2adb7cefbec1e529ba4ceca31a19809ccb7d1ca9c6076fe8f404f1eed7a7d616abd1219ea7d22356f8eb30432074ca414e5d5f05d9
SHA512 (HardenedBSD-10-STABLE-v46.19-amd64-uefi-disc1.iso) = 5cba03d06f4c7d67cac958843c9a7026dfdf4b498ad658c1bf112a9dca04b45fa16d89c1be0c8fd316ac2b37a05e58498b9459cde81144a2942497edccf43852
SHA512 (HardenedBSD-10-STABLE-v46.19-amd64-uefi-memstick.img) = 117e6ebee28e9660dc5461f5b5dd7ef940ac09539dd2e2f7f8da11f821c7f4db3a9f3fa356a655ca7fff192dad4d6e39137e26cb79f6737ff31afd6106cf65f1
SHA512 (HardenedBSD-10-STABLE-v46.19-amd64-uefi-mini-memstick.img) = 258221b9771875eb49e7ac997d1d3924023976fae5f9247659d474eba69acca5cae29bc2b2ef6894494760d322287976b79e09746e718869f2cfb74ec174b3ce

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlg2IwMACgkQgZsRom/9
GI3yoA/+NIY/HrcYpsGI23u0F4OnWV9AHRIEsaRdkq6vFAfXlaX0Idlh710ZQEgw
TbTCEGWFTGNBnr004JmPp9DNvUfSdjgK3I1LGV9TZvEqzv5kybY6cmZLYjzyw7nx
sreCTKlviJePbRViAjWPbPNH8a9G8nQModDeD+AoOzYx1j/S16uilsMETQDTV+lL
ROW3C+ia2XyK/wTW3AVoC1AjoeRvDV73bOP8Qfs8RLqyqmAZu2ii15BRNkMMuACz
XwxSQ6Dg22f8U9vTSinnr9RmPfT9LyFChwiE7CokKqJG5ROL/esbWaRBSch9UmQS
nulrrbBAy2LhoUzSlG/100SsWBsn8B3ZMhpBpJgINGhU5gBLCSW4PWLvE5yo38eE
6qKWpjOq3YXUvON0wvO4sjTw/QOoIhMB2sTp8H35tv/sDBZpd0sSr4yMTCKWD9MK
Vm8WlxH8fXlDkCPG7ugdqYL45A8zkiaXYO6jHuGiNlvYznaxytY1O6zjXSB5c5FA
IJ/t1br0q3f844mELDHuMkQOg3UqWi+Vr/x0oni9bKCdcp89U4xaDCyB6Jb3jo/X
6bYnXG1FTuzijxE9nfs/kFw1tZhoSJmB6t87gkiIgvFR/u7U4m5PfhoV59sOkrj8
OSZ3kzInbxEqNfglcWfi9UVaJJwQOkkDWfE5Z4GBHFOX3yrOSqo=
=5c4N
-----END PGP SIGNATURE-----

New stable release: HardenedBSD-stable 11-STABLE v46.10

HardenedBSD-11-STABLE-v46.10 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Warning: this is a security update

Highlights:

  • Update ntpd to 4.2.8p9 (db75d5027e10e6a41b54cb66e21f2fe7480a1618) [FreeBSD-SA-Candidate]
  • Initialize reserved bytes in struct mq_attr (a0c278e1ff9e12b0d2716d96eab8499cd124918b) [FreeBSD-SA-Candidate]
  • Increase the max allowed size of the microcode update blob for x86. (01d99faedd3455353cd536056c4aeb3f97086cc0)
  • HyperV updates
  • ZFS updates
  • VM updates
  • tzdata update

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v46.10-amd64-bootonly.iso) = b044feffd705ac9aa12f5c9fb9a6c3696353dddfe5bf398968b2cadb02e086b964c2010736232d10c08087ee9ff0f86658415a3d401d1d3f8ea5424f06b33060
SHA512 (HardenedBSD-11-STABLE-v46.10-amd64-disc1.iso) = 35d96229be27bcd1c538875becbf9078b5d727657ebac0584799e1a45c791ab9f013837ab4177415477bd4cca599fa657176267407b464b46dd693a075a647a2
SHA512 (HardenedBSD-11-STABLE-v46.10-amd64-memstick.img) = 61f92489daab8c6eb5cbb6d9ee31a040f1603b55a26d3049cda9507e9c374dcfb7fb83e876cdf9f07fb93966a5565dd50b14d95357d9687541d3782c4562b88e
SHA512 (HardenedBSD-11-STABLE-v46.10-amd64-mini-memstick.img) = 0364d36957814afa094d19603c30839c7caed783254e8f1b5de4b893493641386370f678a0c9ce8321be0b5be260c5bc231db55c73f401c2469e29a83366892f

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlg2BSYACgkQgZsRom/9
GI0wnxAAwmJq7LA9WSfSUQixeHqGCXcu6XyoxZJbvluKdbZsacFZYjd4G/wYGYQx
YKZ3ShHTzJIJAbpPg0a2OfNDMtFa20YX/mhcU3/qW9gZMzKMVdO4lAMYFokAQQDL
GCvtzh4QY+XRDhbI3RXr16bYsOSFSjDci7mX1RBui+U3ER7pzcymPuOO8703Rewh
+pffiHSlFragITJo8PDZMLwFwWeq4G92g1YODmrADYzxPDuBF9+ax8Ysgq4nzqPr
mdg/JyLRpz/WE1XSsGuZB6r5yi5CV/XLJb9mBnLXRQyRvHe+zMqO3uvLr1mdcIZV
/TTleLL32FVQXf2+UXfs6w8qy4kqUZT6kLUecV1dixc6HXk4YGkrKLrahKKQWe/Q
lxUo6JhMxQbQCZJY18gDEMiH4kpSmb161BXAjmWHon2vhqCkLnOYxo1tbrEDof6i
Ndz8F9C5MsuZg9a5cnwxKW7xWE0dV7rjMxLQ1dooil1MVRY0Ap7jO3HsyuHiZskU
m+YObvCMHTFbuX/Qrag/f1t6Q1sWvaUSL0o7l2hRS2XSPnaKE1IomPK1i0oJtIKE
DE3Hg6ydL5zQOzkOoC3Gs092Y/RATfw/7SRdwtFrPt+zmFnzK581VFLfqMyvY3lT
Pg3niuMPETIbpWiVcGJGYuFSew/52FCFbHisrMX/367XPThQqww=
=AM8E
-----END PGP SIGNATURE-----

New stable version: HardenedBSD-stable 10-STABLE v46.18

HardenedBSD-10-STABLE-v46.18 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Highlights:

  • HBSD MFC: elimiante infoleak from uipc_mqueue (r308642) 986b9324751267 [FreeBSD-SA-Candidate]
  • MSDOSFS updates
  • Hyper-V updates
  • HBSD: increase UCODE_SIZE_MAX from 32kB to 128kB (4MB) in sys/dev/cpuctl/cpuctl.c to fix microcode update on Intel 6th gen CPUs

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-10-STABLE-v46.18-amd64-bootonly.iso) = 9b6dbd1e941c180dfcf16f55b7efa878971139bd1f9a3c02bd37299d817711eec8adec078c90d078620b636435d9f654c42e2496bade02c7bb15f8efc4123ace
SHA512 (HardenedBSD-10-STABLE-v46.18-amd64-disc1.iso) = 0973251862ccc7b2908f37926e713a6f377347f7a4140384af2a2986cafa2cefec563e17a5b8677f23755e1292c28f9fe6c9d325123fac631762fe8ed5f2a2e1
SHA512 (HardenedBSD-10-STABLE-v46.18-amd64-memstick.img) = 0f14f0583ef847daa6372c53f4490e7b4607fcbfda6c58b27b9124592ef8980875e5d7d4209c4be93606de16bbcc4c0d0a0111834775b1da6d4b13574c11b448
SHA512 (HardenedBSD-10-STABLE-v46.18-amd64-mini-memstick.img) = 0ab823880253fb0b494b4f757bf8b66fa88d498259e213a95d7b2b305c0d01385a3af552e44944831a4077d807e8ecb61a8ffa13601269938df323a37c0b2760
SHA512 (HardenedBSD-10-STABLE-v46.18-amd64-uefi-bootonly.iso) = c7b513cde20c51fb84daac30e46e508498ea978e7b5f57911c2a894a037e5aa14d8a703da4a3b37e0ef146383e0ba177e65a13abcb86b002ee94f4265d99a0b4
SHA512 (HardenedBSD-10-STABLE-v46.18-amd64-uefi-disc1.iso) = 5fa03972fafa63fe5c65b4a661225e28df33c13b862c9c6a27da2c16cf71642d82c7c1d43e5e4c3dc1ddfa3f423d80ce3162629bab859ff5eb5d410bf6bfe306
SHA512 (HardenedBSD-10-STABLE-v46.18-amd64-uefi-memstick.img) = 3bb0b7b84598a818038361323216aab23b0651daed94129a287f7f1576680fb28e95af51ad1f34cf10b894013c206cd3897fcec6d60e981e13da669b8fd792b1
SHA512 (HardenedBSD-10-STABLE-v46.18-amd64-uefi-mini-memstick.img) = 1a7f6669d6518fbfe01a7edf728bfea7d050c365ef2969d63d54b8d33e41f9644932548e8e2b3095f8999ca07165b00d0953196dc731b8e5cfbbb392e6641947

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIcBAABCAAGBQJYK4FoAAoJEIGbEaJv/RiNNb0P/jRzFmwHVyGP8zHp3Q37EQR3
tgC99+AbeDsuDIgTER7zt8KeszEiMnQiSyg8+8Lb07WcHlzLjmzHyWWym97FkjVt
wTQWiO0RzeXJnP3FH7zsEyFiuphxv8F218YfUlI5aJ8kBrHschWizFq2HC+FonU5
GDLkB8t/yKZDQG9zz/Cf+lTQIfs3+KMezu0V4pcDAuuvs0WQpk7xyrDn4fYbX73P
PP5jW7T+ZrOF5gJlOyuBn9RddPk/qbyyJfTAmwv/Ru3CgoPVY2b4EGW1nIAWWs8O
SL/r3NbW3nNH7Umume0eJrSPWZbgTDm69zQGKddE9F82hsiyziwpcPYL7ZmWyY8i
tiidi1kM8WrqF1cvUTNZyfJDA1nFUuV6dSrjDl2/gBjiIN5FUc0P7W2uNGlgPEJW
T5A8r8U1BliTT8PfBDYw6VIzM8k3zm+Hj3LVq8gGbZRmqZsCClNS8ClJomJQbn8/
zjzq8zrC6/XLw4sspPMAsvEOYkXhaVzEXXGAFXMaBqm7kmNP8hcBEE3b9OR6EXze
VvoapFGPD4lnBPpntsJeiB172A+zZkVNeEmBv9klu6a+JyocSvNUcb1DLmILyj4W
R2B63k+okPoUdujXwBEJ7X4DzZwfgXZZeyBz70snNvUOSqjhMY63nLXBYXu/biPX
JXErKmjmmWW4LYFNaZFc
=lMRM
-----END PGP SIGNATURE-----

New stable version: HardenedBSD-stable 10-STABLE v46.17

HardenedBSD-10-STABLE-v46.17 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

WARNING: this is a security update

Highlights:

  • OpenSSL: Don't allow too many consecutive warning alerts. CVE-2016-8610 (3944e88fda9dc9f4f391a06b18cd7583f783e8ec) [FreeBSD-SA-16:35.openssl]
  • MFC r308197: MFV r308196: Fix OpenSSH remote Denial of Service vulnerability. CVE-2016-8858 (bb8c1d3b5e1d1ff2b26db3fcd0ca74e6418a4908) [FreeBSD-SA-16:33.openssh]
  • MFC r307132: Use copyout() instead of pointing sbuf to user-space buffer. (1e74d3419b0da1ebb8106c23763e29c3ddacfc5a)

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-10-STABLE-v46.17-amd64-bootonly.iso) = aad9e8d4c879e77aebe8f6da63654f5f3a5b8fc1dd67cf20e158d537255ca2d0ca1ec9752814a0b7466231e4e49a61be31cc8b9d00e8ceae4f5bf5991a246626
SHA512 (HardenedBSD-10-STABLE-v46.17-amd64-disc1.iso) = 4cfb825fad4c9bf2872d3da3aa8e9ec0e58ac9eb75441c9af87f062cf9a6a5353340984d59efeaf906bb184e15b574d82e908d868c45fc7fe6885a326c59972e
SHA512 (HardenedBSD-10-STABLE-v46.17-amd64-memstick.img) = e1287439ab32fe7cc8738ff35b2c6fa7faf8960b85104512a28bb5bb3c39ec07c30669e19cb8bf6223e85cce0286a33927f52c38522efde5c92c7a4c103bbc65
SHA512 (HardenedBSD-10-STABLE-v46.17-amd64-mini-memstick.img) = f14b0dbe4c2af31a02a8d919fd8ffaf0835a3ac4ff59330a51bb38ba993ea963493e48fabe9c89c564be46eacb0506d060e45356e319315c0d6f94dea28eab12
SHA512 (HardenedBSD-10-STABLE-v46.17-amd64-uefi-bootonly.iso) = 05170a1ea94e3b828ba501a76bf544d7c3082539b7ed0c555381c0c53faa878e103d2faf155fcda8d705ebefb8e0b4e08288a56e9412f1c8d15b7bd771c9a5cc
SHA512 (HardenedBSD-10-STABLE-v46.17-amd64-uefi-disc1.iso) = 36e8325dc103e12472b0a68ccae88ff632400fb9fc70f77857ee757c33342ab0f22f877801384ecc39cd77dbccf1e2cc78cf0564b0d86a3f3d225cc6fcded5c3
SHA512 (HardenedBSD-10-STABLE-v46.17-amd64-uefi-memstick.img) = 58d1abe6a6e55d88e77840a4ea804c0b789b79981f11a1c0ee4d4c0ec8ddecd3dbf6754d97f254d06bfeabdd0ffa725c6d76150ecd64604c85b23760ddbd92ef
SHA512 (HardenedBSD-10-STABLE-v46.17-amd64-uefi-mini-memstick.img) = 7cae17f04dec06c67f4307dc12114897fd87560a5dcf800b79497316ca328abbcaba2406daf9d4bb1e728f5b50741ee9217215b2bd425aa9bd32309328d8173e

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIcBAABCAAGBQJYGdoMAAoJEIGbEaJv/RiNyWIQAMVKOe8zAIrAQLiIvx2GqGMp
JluKdh5+dgRcDlDXBrnbpWthsCNx22zfIYfPKezH7qVdd+yIMAI5pr3K19IADWDb
JkJjAishvAnxmUsF0MjLuk7zWkuKmxpN7ZBRTZUrSkN6qzQqvelK68NPi+fXCJJr
62kMOmoQfmswNu9SzCAPCSN9eSsg2f4F36oYLCiHsVAybWhyDWiikJLii74cCOVx
YgSSnLU07mDhq3DKHV5l41lKHtGEL99UwoaVT0fdQrPqf/saSb0Pw7Z019cOeg7e
vq4o+uAKgbPe6w+QUAYnc6hNU5w/md1ljP5cXHGg1GkXw5sHVXnvbS871/4tyghx
v05MOeM1srHyLkv0EznA/raWfs2okZ7P59pCrNvd9FYeJquk4dk7ItSF20fStoEm
RN1g6cCrLwtfzKNWKaP66vnLjtdZt4kKTkSvXomIzJlI4mHAWIAxH430/zqOEy4O
QUWrN3I7FHA3O0HCVdEm6fcyMmlL6YN5Cb9waMyDMM/jZX/ZePnpgZd7S2o1nRpa
HxkpIllpsclYr0cEzGwucdSWOUUf2xYvnjF5P5koaUI/B98ZfDS8j1oBqvizJtGf
ArWZsGlrPmSZkJF5LiB0nJ7d2JBESB5CrAKpcEN1hfskLnyQWEfyFlpDLNJydW4u
XGtCwRGzoGcaFGir3D1g
=z6fM
-----END PGP SIGNATURE-----

New stable version: HardenedBSD-stable 11-STABLE v46.9

HardenedBSD-11-STABLE-v46.9 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

WARNING: this is a security update!

Highlights:

  • MFC r308197: MFV r308196 Fix OpenSSH remote Denial of Service vulnerability. CVE-2016-8858 (e82e3bc2af43d79504472922cf08e777238426d7) [FreeBSD-SA-16:33.openssh]
  • MFC r307861: Update libarchive to 3.2.2 (47fbb22e6a60da9ba4d20c53e5cff87976ef6f39) [FreeBSD SA Candidate]
  • A lof ot ZFS update again

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v46.9-amd64-bootonly.iso) = c3ffa1d0a6026d3bf99c812d0bd905b8d72108d6d09ae0f7a2c757c66175e682d4884befcf59ada4830e1e237c67c00dbb53fb543ede2a4f4672b4858eb3c257
SHA512 (HardenedBSD-11-STABLE-v46.9-amd64-disc1.iso) = aab88475b36f44091966bb00447aa5c332a7121075ad4b965da2c1f28ad120612c741abdb0d441287119d3a2e5e5adbc2cea29bf3fbb8c7533144b73454c52c3
SHA512 (HardenedBSD-11-STABLE-v46.9-amd64-memstick.img) = 0575cb3b45ecbf3fa4b70756f645f23924d0801a6fe788b3db9164301fecab6bc9bb0144071718fb9cd961cce24a19c67da730e7aff34f019e45760fe3f347ca
SHA512 (HardenedBSD-11-STABLE-v46.9-amd64-mini-memstick.img) = 24a8b8fef795a6e3417d7a6449af329dac3b4511cd006d9a01769e65baf23df6c0a63f6b2280ae18d038904edf3985ce361e184e5f57a7079736f1e829260816

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIcBAABCAAGBQJYGb7nAAoJEIGbEaJv/RiNbE8QAIvZiX4vGYku7Fpe6vpHYDJ/
gHugWqdH2ifmJ4th3s2zePMC9Z5/z+1ABtJkkrkaJIt6SGVyJ3rDk6ZMgP2iiEn4
fQEKbAsCUd6FO1aaOAYmoAJPkWCqUD7yFUWcHQ/1PkoMwbY2vLxLM2Bpgo88KNiq
BOPPxB3o11mEqd+oTB0ZNQeGivXuD9mpL493IjPsHh67GmmaXRn/pzsVUq8JVOus
nEySLvVkveHF9epIJzjagvMccFv4zf3bH0nZMhk9NLYsd8tCUmH9tin5hRlQI97n
FRFHER8SjSjOqGVuO0rOSCrHkbEnmr1IY68yhuUVYTjncjEmUiB80mVYZcvFhRJg
kp8U/JpotIk43aGN3Zx0Qj1ieHwaEGuaOfeP4AUlCxxwK/3fVU+36uxUQGUiFubC
IytILRvjitrdHq+54bbzA5eAJh3R4lBhrcf8zmqKCc++tfebnckWaHuqeZohW0Zg
f4sC68qMAdc+3M3a25ptcdgpNcaGrqQjNWjdZW+XOmBJAZFASZH1zO8FsqWK4F6s
9jSszUajoekULMkhXdPRwCUOQLeh8eUNLpTM16Jke9SKCcv5dbm4v89/vljJ8oaQ
/ZQVUFfK5aJxBiO5OOSagJmMgKtWjTeDjCB01kTYK+ywWXibVnN6s99+TXQEZNpP
Tkj7uyynYzFz+hMm5x/X
=7tIt
-----END PGP SIGNATURE-----

New stable version: HardenedBSD-stable 10-STABLE v46.16

HardenedBSD-10-STABLE-v46.16 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Warning: this is a security update!

Highlights:

  • The argument validation in r296956 was not enough to close all possible overflows in sysarch(2). (c4ea095d31613b4c6ba16691ee347e97ed30899f) [FreeBSD SA-16:15]
  • HBSD MFC: MFV r307859: Update libarchive to 3.2.2 (e80aebeed4230b7c49bbfcaa58a20d666dc3983f) [FreeBSD SA Candidate]
  • Lot of hyper-v update
  • Lot of ZFS update

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-10-STABLE-v46.16-amd64-bootonly.iso) = 5d77d660366900d971d7de05fdb9118370b387f03035ee906fc761cc28bb44f2a962e40df68e0bc614f1bb4e395728c4dcfac414afc513b2be1570b164f82523
SHA512 (HardenedBSD-10-STABLE-v46.16-amd64-disc1.iso) = 6103602bfc3769ae9f0e334b1b8f8ea793bbd71c698fc8fd85ed5b90c2ddbf24e21e553884810fa78d77ea67653ce014621d9bdc0d3e5e54cecb02cffea6e964
SHA512 (HardenedBSD-10-STABLE-v46.16-amd64-memstick.img) = 82711413b5f1452e1ab05dcd3b1f499091a44dea5e49d4f4ec0d3e7eed783dd20af34404c1ca22786962da6e6d089544dd8c7b9a86c55d9d0bf300038a518f94
SHA512 (HardenedBSD-10-STABLE-v46.16-amd64-mini-memstick.img) = f54fab1ad12985c141a05c68c417ec16f24397738a4132745001c40c6ff0d468baa3ee870d523b7f9d6c5ecb8de3c3d9dfcc39b952037374a7b82409ca154425
SHA512 (HardenedBSD-10-STABLE-v46.16-amd64-uefi-bootonly.iso) = d1f1e5fa15a22fa30388e1fd048f0632d223bb06d0b8fb74c7cae6fe8ea5e6a3de2ac813e53d12cd4c2947190135eee5322b34c04981b18a81c26d9180e3af1d
SHA512 (HardenedBSD-10-STABLE-v46.16-amd64-uefi-disc1.iso) = 435954520a1f166b35570c11c4f4557554973e8f3c13d753c296dfc675f469513291d989b1befb7ad7449b12e2901e97d650bf5dd93344044d1ef0846aec369b
SHA512 (HardenedBSD-10-STABLE-v46.16-amd64-uefi-memstick.img) = 8714b6027aec32e82490aa6db21cd7c1a2f8fc3e44321d0a7429063649941524d42b8e6d1b4490f3a3d45a6c23e3f4ca62da03ac9d72d78aaa1d19c1f9162cf1
SHA512 (HardenedBSD-10-STABLE-v46.16-amd64-uefi-mini-memstick.img) = f64e4f3914c48f8e100901f0597b6623c3e1987ead9de6bb1f1e210d61e87078b2262c729ff457018e050f1a661d4fa8371ef62d5f06a1458988c7eccb2956aa

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAABCAAGBQJYD+CEAAoJEIGbEaJv/RiNOakQAN5/90Bl/vqR2qAYb+Sm1D6+
DGeL17XVBw5uALIwvPNk6VkqoFCHgi4RqG6FnYL6b0SCPRy6YDCOESGGfmvse/hT
rHNkDOm49kVg+AhNYVWla7gRjM8BbCznEh6wBAcxKSfKUXIy1fDua/WMPEsdu8S1
PPEe7/dQlaOnopcZoXvFfxxrHK4POu7Lkv79f9dSNh22xhZaAabOV4TnVhdGDAi+
bxjVs7OtZXaVCi7bHINoOiQojIgvw68iz76ye7v8/6Vef1TQD89N8mjycexGJXOs
A4i9wMBSIDzDR6vG8WGGOXNX44gTF2miSDwS5EL7sz9a9Cpb3PON1ffVTvsTlSih
n9VFVkdqhUR9gUMhI5nExJnI3PMYwJ6/j+o/z2zSFX8OjdjGypJu8ezvskZNmUPT
mFQAHzkH/b1jlQm3uoQRckj2u1akxdT2NUi7KNeQgZZGxhtkz61ONDoToL7TmCx2
VtLru9GeJAOASL27f4K7xkBlE0it/cVSz/JtYsT66JtvoV28Rxze29gGL7ZMPj3S
QGPYFCOWYAMxBcxRPYgJJG92aP09HYUbHpMyuyC+G+Qso1B3kgI3+vQoWKdKdML/
DFgQzMI0VSMX+uBYw7+jyRA1lWFTBQWQSZOQb5l6Slk6tWeeclGmcoKjl94hpbNx
4H5Ulmo66e2MGE0yQAE7
=y+h9
-----END PGP SIGNATURE-----

New stable version: HardenedBSD-stable 11-STABLE v46.8

HardenedBSD-11-STABLE-v46.8 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Warning: this is a security update

Highlights:

  • Fix unchecked array reference in the VGA device emulation code. (2fe29685ea7484a1cb140d86ab5aa663d3503760) [FreeBSD SA-16:32]
  • The argument validation in r296956 was not enough to close all possible overflows in sysarch(2). (8f57d18797f1c5631faeaac06ce783b7db66fc78) [FreeBSD SA-16:15]

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v46.8-amd64-bootonly.iso) = 5db0166908988def80629bef4355bc50bc62d5664dd1c0f5f1c4b294bf5351f107fb63f307f08145129caa3ecfdc4525d338dec86839e6733f5deab7af732646
SHA512 (HardenedBSD-11-STABLE-v46.8-amd64-disc1.iso) = ece2bad0497d5a124d914c7c20a7fce536f5470a18a2db52ac282da38cfae45661b9d66d42ad0eb505ca4efc897a634de3130ba83a648b904a5f0347954b0f34
SHA512 (HardenedBSD-11-STABLE-v46.8-amd64-memstick.img) = 466065f868e4980e4f434d0f885d94bd6c7b40d505d34516ab10789512f490b6881973d02f1006123fd381d9ebbfb0c2534565e1424fd58d5d482d59250b3378
SHA512 (HardenedBSD-11-STABLE-v46.8-amd64-mini-memstick.img) = 72bda56b92ff3723c57c9221ec49382d618658087188d93b3dd5603d2fe9b8af1cb0a844d0702f19efdc21ed760f5902cd44552daaf20a9d1bc9723027c3d6a3

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAABCAAGBQJYD8fqAAoJEIGbEaJv/RiNyc0P/jHQ+n4sdveq7fgrj1y0sbde
iYrCYD0ueIsb/fhk3/IkQxZ1Hbm42mVQfJ11D6tDfhmUZa1kxKK/3NqSwfitoXQd
D7RWe4dbBDu/AXX8ipUDFelDF/TmkonzC2pU2crwKp+kBzNSMRDSW19qv2LmHc5s
wqsaLlcjO4BFjrLjghuz8gs4Yzvjubd8nkh3e8ZHQEsD1M9ecXAWh0PZeI1tKpR+
ugpctpU8wcWZZDGoGY1bqmUE0nBb+u5yqdNkbnpZZIgHtNsd4Osb9dsXCEkBEzT7
DScXTHbAxhSmRDPIe4HpytW1tc/9A2teOz+FFBlHD4MqYX3QHRyD6MlGnOYD0zun
YEK4O9HSt9DD5Xcf7r6HRDvMEZXMwBC1ExA6Okn3z56r8noEj6beOq4NQbi1o13r
WDStXmzDCbmqzHESS/n0IQkB2bZS/aOqb966hA4lhC2xUzkZ32VVcR3H49kUoAye
TUMWi88GNO0ZKCryl7u9pVSJqP60ms/uBhkpqzhzCXSetfplkUoS5poaKQWCHVsn
c4Qo7O3/PacRDdvu7G29E6M6fkNLwB/YqWz53V7ZpXe64XA+SlvpkuSYJT9vwp2Z
90/yAzxXduOjrzjvfHfSb1hFzveK1W+BCZfFFguOMkYDXlpdlkf927/gbNhEgh/N
YZ+aPrauDTvoK3KHh8uI
=ZcwO
-----END PGP SIGNATURE-----

New stable version: HardenedBSD-stable 11-STABLE v46.7

HardenedBSD-11-STABLE-v46.7 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

WARNING: this is a security update!

Highlights:

  • added evdev support by upstream (disabled yet in HARDENEDBSD kernel configs)
  • unbound 1.5.10
  • Use M_WAITOK in PIO_KEYMAP ioctl (afa321ab9cf9b79fcd4313542f7ab28c85bbcc7a) [FreeBSD SA Candidate]
  • EFI related changes by upstream
  • hyperv updates by upstream
  • ZFS updates by upstream
  • CloufABI updates by upstream

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v46.7-amd64-bootonly.iso) = a0f656e33b0c48223d2f9c769a9d872c846e6d541571b2d74f3092b3ded69a7e15309e8a748dd778139c7d86c7c27b1e965a9d3bc7d8c3ae24d5c0a34a069e03
SHA512 (HardenedBSD-11-STABLE-v46.7-amd64-disc1.iso) = 136e50041c9762ee210f807c078d485225e862020954259ae4164b7a34991a1e79839625a52b06bfc9bfb956b7ddd03d536e92b52a5c3e5a1929c1381969070c
SHA512 (HardenedBSD-11-STABLE-v46.7-amd64-memstick.img) = 21e2028f3d202b9ebbd1c8676b59e3ed165493424980dee9f13d1794acd37cb71c7f04c5d14b0ee95c2e543bac3395a996f8a50568c2d7b216c37ed511febc91
SHA512 (HardenedBSD-11-STABLE-v46.7-amd64-mini-memstick.img) = 24c2bda9d60a2abe127091684e8db98ea5de5b60ef079298cb4c2a8adfe7e23c7017ed14a77a1cff32210af3a18e7dfd7619286b1ca988314e2cdb50e42ed3d9

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAABCAAGBQJYC7LnAAoJEIGbEaJv/RiNuYwQAN/UJanTGDTY4Z2ts0IidfCk
u4fH7Ml7J7bEYEWWYLspFOb3wY+8Bi5FbVs5rts8h5Kt2DullgCXuAf5qmOsyXcd
xMclSdsmbw92FNvoCnPpJ2qmrAvuary2BkkeFVithmRAkqa8BBDM3iLu0HZBgMgU
l8jOrVNM+o3C5qUaYsysQnIswzZbUVP2NHXVzwGeuTtlIKYYnIIwI12RErmlGZBo
1blzuTaWzfmT8vGMPl8P+IwEOf553Y9QvLa28fuY3BmqHEO5euD1Sa10+OK9CEoZ
dD0APbHwNo0Ibj2BOkScuBGBS3+0VPZ5J0AfDudODqPIozbcDRw0Av7A7i1RspNi
BNvIrn2Pr5SNao2NtGBmXSfQN7FBUiBa6vUUIyGDTtOcIlcViZEy50Tf8FNFZjjP
eVfuvwZTE05nENL6k5JAPZLfV4OrWXpfxcu8hT8x9fZ0nb27DldBaID3vYUfGdI+
maTnV+y7EIe3YNo/V9h9fAqtwZebBUKB7m67/k7xvd5/cJPCVeeIIeIPuVfpZji+
RFC1JBHCQDb5HA8inadg5lAq+fzmv2wDoHozS0JZBBR9/fe/HwizOEiRf/7DhE7P
K+e6NuzVRxz3LEx5xwKocPXFJ8EjWO61Qu5bPE5QgSTPwMJK+zmioELxNuPcNoTw
B6cioOaYnPtqHHRcLgl7
=U9ny
-----END PGP SIGNATURE-----

Pages

Subscribe to HardenedBSD RSS