HardenedBSD-stable 10-STABLE and 11-STABLE amd64 installers

10-STABLE
git git clone --single-branch --branch hardened/10-stable/master https://github.com/hardenedbsd/hardenedbsd-stable/ hardenedbsd-10-stable
installers http://installer.hardenedbsd.org/hardened_10_stable_master-LAST/
11-STABLE
git git clone --single-branch --branch hardened/11-stable/master https://github.com/hardenedbsd/hardenedbsd-stable/ hardenedbsd-11-stable
installers http://installer.hardenedbsd.org/hardened_11_stable_master-LAST/
PORTS
git git clone --single-branch --branch master https://github.com/hardenedbsd/hardenedbsd-ports/ /usr/ports/
tar.gz fetch -o hardenedbsd-ports.tar.gz 'https://github.com/HardenedBSD/hardenedbsd-ports/archive/master.tar.gz'
zip fetch --no-verify-peer -o hardenedbsd-ports.zip 'https://github.com/HardenedBSD/hardenedbsd-ports/archive/master.zip'

Stable release: HardenedBSD-stable 11-STABLE v1100054.3

HardenedBSD-11-STABLE-v1100054.3 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Note: this was released on 2018-01-13

Highlights:

  • Make it possible to re-evaluate cpu_features. (a586b974f77aedb619baf0454435fa4016339161)
  • Fix a null-pointer dereference and a tautological check in cam_get_device (b55f0a5b31496ea10bd6e1163d13a1d8c26ca291)
  • Do not build lint(1) by default on stable-11, add WITH_LINT to enable building it. (5fb1dbc1862d5ddd058d22fe18063e6c71aeb7bc)
  • Improve the performance of the hpet timer in bhyve guests by making the timer frequency a power of two. (d21bd84ba2d9e4eff99f7a4764ea400d2766f957)
  • fix memory disclosure in hpt* ioctls (8f534ab83139899084a80948e8e2926f2c988fec)
  • ACPICA 20171214. (7e248a6a42be630466c332f690b7379e34abfbf1)
  • crypto/libressl: Update to 2.6.4 (0dfcdb670cdbb43b3a1463c758456ab0f01689ca)
  • Update tcpdump to 4.9.2 (ed596e7fc294f704796e96377235d77adb7bee0e) [CVE-2017-lot-of-numbers-here]
  • hbsd-update updates
  • llvm/clang/lldb/libc++ 5.0.1
  • GELI updates
  • VM updates
  • VFS updates
  • lock primitive updates

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v1100054.3-amd64-bootonly.iso) = f14531adfa78667d69c6b3839f304e715bb5aa121d6fa307937e33e30c5f83ff57179a70a4e4fbaddf866f1d27123f6e3acd26b333f0977f62759f829d06b7e8
SHA512 (HardenedBSD-11-STABLE-v1100054.3-amd64-disc1.iso) = 47499cc46e8c437740f99600b96a11cfaaffcb4425f26e9331dfd643cf0cb629c424095cd4993008a97adf65216f8f25522c620adb791470d664b6ae75c185d4
SHA512 (HardenedBSD-11-STABLE-v1100054.3-amd64-memstick.img) = bf8d56c025c5c84714da7b6321086b2acbcb46ad46c548297ed9262bc8b3c75e62f913f7fb942796976a51ccaaf9caa04087522a782a34549a1f8501ac4f06c5
SHA512 (HardenedBSD-11-STABLE-v1100054.3-amd64-mini-memstick.img) = f69002a55be3aa46d25edb75b973a3e12a6a602ce907f4a0e5cb6de756bb417ec37626565d2836a95e88a2051c70595a09863939b3965ebb8d12044b8fc8a191

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlpayEAACgkQgZsRom/9
GI33/hAAyy3BvAutJ8uohh/sW3flyv1tng0L3rqG2fB/fenpjzMWgy0s9Il5NfRu
9X85FtIT51+h0fz1XopvaR8Cc9N6YrsA8P9Vi8xYAilZxPoTnaC4bzGG2QXwed6Q
7FgMTTHfHo9sQ0jUNBgu05P+fLuj/a/TFdZdCVejRjH784nTakUGIv13FGrQWAjB
67C47L4KHWXv7e5EeiCOoQNRxDG6sZ3m3RzI8vY+k3x4NkVrRMeHkjAGsDAnuY4A
wUz83pKKnj8cFN/uSqqcP/4h4YERfZlEGVfUzOedpfLvC6NIKxVgUdDpai8uz/O/
00fBc4JOlA2F8t/ubNXhPAySj+8Rkn/Wfjt9zaeJrrIiI1fH+88cbXSt8Vo6p/CV
HhkKawZgI/bTtNr4Ci73+lsShPo6UiOCWSQibyglzZnPP83cMMQfBrhUVHIPJW1r
bYiEkkSfIK4EGbzpd8asWUYmGzi4HUopEquu7I+e7OQ56DyK/PZ0u3NfP0Ub10Ab
6FprLcXED7sI62F4ZgVtqziqzVqkEcZCsUbi87V4kVVHueWhYOsi/gj8Wp8UOFG7
sduAEQ8wM6yaWZbyVllRi96II5ulsu/66Sh5HfvBmZF5ih6uvyJ9IwU+OS9uZq2I
aGxNOtnA+WLzsL7Hql9kGGXFuDoDanEOFWyedTN+24Tbwm2lBVA=
=mvEc
-----END PGP SIGNATURE-----

Announcing the 2018 donation run!

We've just published our goals for 2018. We've got a number of new goals planned, some that require new infrastructure. In 2018, we plan to migrate at least 90% of our infrastructure to a single data center in addition to expanding out existing infrastructure.

In addition to the enhancements to the HardenedBSD project itself, here's what we'd like to do with regards to hardware:

  • New nightly build server. Our current nightly build server is aging. It's constantly building HardenedBSD 24/7. We need to replace or augment this server with a newer, more powerful one. $5,000 USD
  • A ThunderX2 server. We have a SoftIron OverDrive 1000, with which we use to build arm64 packages. Building packages on it takes a minimum of two weeks. We need to cut that time to less than one week. $9,000 USD
  • Colocation of servers. We've received a few quotes from a few different providers, and each provider has quotes us around $5,000/year to host our services. In order to colocate our servers, we need to pay a year's worth of hosting in advance. $5,000 USD

HardenedBSD has grown significantly over the past couple years. We are now at the point where filing for 501(c)3 not-for-profit status is advantageous. Once we are granted 501(c)3 status, future donations will become tax deductible. Our accountant has estimated around $2,000 USD in fees. With the hardware, this brings us to a total of $21,000 USD. We plan to split up the donation run into two six-month sprints of $10,500 USD each sprint.

We're always grateful and appreciative of everyone contributes to HardenedBSD.

Stable release: HardenedBSD-stable 10-STABLE v1000050.1

HardenedBSD-10-STABLE-v1000050.1 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Highlights:

  • HBSD MFC r321963: Rework and simplify the ksyms(4) implementation. (8dd00d8dbc725739245fa99d354bafdff8f8c228)
  • MFC r326872: fix expiration arithmetic in pw after r326738 and MFC. (1e062f6d317b90805e77a7ec1dd96da3b5ed38aa)
  • Fix error state handling in openssl (22fbcdca2ade973c8a6614b1fbf8738254a08f7b) [CVE-2017-3737 FreeBSD-SA-17:12.openssl]
  • MFC r326135: bfd: fix segfault in the ihex parser on malformed ihex file (c5f9120f60a45a1557a7722ef4d8d9fffc9e1c60) [CVE-2014-8503]
  • MFC r326136: bfd: avoid crash on corrupt binaries (e10e409a72215a686ec2b96bcadc3e6487692fe7) [CVE-2014-8501 CVE-2014-8502]
  • Avoid out-of-bounds read in openssl (276fd8048df373d9ac6309a912482c25b5d85695) [CVE-2017-3735 FreeBSD-SA-17:11.openssl]
  • MFC 325039: Rework pass through changes in r305485 to be safer. (00e656a0895cc338b10687bd40ebeaea50587d31)
  • Properly bzero kldstat structure to prevent kernel information leak. (904c1c37dd42b1a1a6cd2fd91a8409ac66bedac5) [FreeBSD-SA-17:10.kldstat CVE-2017-1088]
  • MFH (r325010): don't bother verifying a password that we know is too long. (5ebf270c7d98c29c8cec401366a73a7a9c816410) [CVE-2016-6210]
  • Separate POSIX sem/shmand mqueue objects in jails. (568bd26f8e5f02d7efcfe6fd12855606f8ee4e83)
  • Zero whole struct ptrace_lwpinfo to not leak kernel stack data. (a19cbcf5230a491e382ab392a80fb13721e31918) [CVE-2017-1086]
  • Fix out-of-bounds read in libc/regex. (70a215a5740c4dd64ac4a9e3efc4bf545de55416)
  • Add extended attributes support to fuse kernel module. (cca38407ae55b60986bd6677b6a7464c8dc54538)
  • hbsd-update updates
  • clang updates
  • zfs updates
  • geom updates
  • nfs updates

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-10-STABLE-v1000050.1-amd64-bootonly.iso) = 572c2482aadcc4a84750cfa5b4e158fb5a22f8c8cda4863978e383b48264fa8de9ad30d973267cca3fca95cd26b2ab117851e0ad620ae475ba9c429a4460a6a2
SHA512 (HardenedBSD-10-STABLE-v1000050.1-amd64-disc1.iso) = b731119acd686b23aed7abd2e15fe6fcd0771977a3d5061b68e6de6ebd3829d049da14e5efa204b768306e86d3443c10e67be282c72ac52143b3cd78476255fc
SHA512 (HardenedBSD-10-STABLE-v1000050.1-amd64-memstick.img) = 0ab7aa228f1cb00f362025db96222b8e7cd7ca7477812e1856803c63392612bbf0f384477ce9217b09ef19b4c336f7082f35fd9c3e8f95fbed77f946fb9d46b0
SHA512 (HardenedBSD-10-STABLE-v1000050.1-amd64-mini-memstick.img) = 46739eb96dbd9e11687cb0ce7c3a88182ce3e9e7c87e80862bac243b2d96cd1d108af6aca1d6e61f1becb6027a2c3cc5d895a8ed3b1961b40e6a0a83fb1742af
SHA512 (HardenedBSD-10-STABLE-v1000050.1-amd64-uefi-bootonly.iso) = 390a21ea4cb2ba6c208cd653a1fa5b33896b8bb68c6cb4932c7a690037f4390507f6406b6274075e7817f69f5123642416123a348a10bf5db42d600b56839529
SHA512 (HardenedBSD-10-STABLE-v1000050.1-amd64-uefi-disc1.iso) = 09a8653cb4818e43424b077e4c4872f0272a156f14f7e8af4328bece967928ace0fce803850056d7d5a667a22a15a8b621a92e45c4d944a7092c5f9a052cd9ee
SHA512 (HardenedBSD-10-STABLE-v1000050.1-amd64-uefi-memstick.img) = 3ce7aad46ba1506bc07df910ea59bf54290baf57ee32fe5efcf7506e4db38fdede243c26bc1d5f240e25d45c12b7e275d45a37135193f4cfea37f8b3cdc8b39d
SHA512 (HardenedBSD-10-STABLE-v1000050.1-amd64-uefi-mini-memstick.img) = 5c219a50583169d3b8ef192088db61691a97c2cacfdb3ba5f31a698ae867f7d4c1803fb7e97880847a753cf659fca53e0daaf9c4c6a0dde7c9c7a4d5fb93cc18

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlpK6VIACgkQgZsRom/9
GI3ZYxAAyzDFF0kl29rRAh85tSfL7IER8Vvtb5ZW2ub7QOiqr3S8KL2QfGBpLi5m
nxLn4M+7R1PhH2D6MRU9b9axe/Q3l+5BZ6ZEKSx3PH/tUJ5636bDvqRMFewW1fsU
Z5JNx9xZ3Vj9+6xIPvFWXIqws4TgMZi1Is03akcN60uoiJ+w6Vt2q0y7WIDq24xn
y1m/hbuuX85x8AjhXPCfJWoFdxf60So6nm4Ft4ExVllyseP4UXaEDhjublB7vxth
joxg46FpGTNGzM0y25ImJLP6c4YB7G+sr3XdR3vU3Vp1zsCjTjNhg88YClrRkr1e
BZ2MTCY0PxSaSSqLoGn815MQBJVCrMvSuzEKcDSfH2ji9qF17qI9mnBnyqInNjRf
1hRFc08QYBAkXz8aY/FXseFReBlN7//jw6tXRxzvepJZu0V9LXPZIlupk1ADAOHk
s6LSlurSe6OgHptDZ8LV7NI6kBoVfQCpCNYknp/BQH6UUhIUSN4O3dV1YZyh5wWj
tDp1QLmQwoYsvUvosEJXDzYbGwb46TKMC0E/RwWVJcX+w5OsbcbLK7ZrvUaU/1x5
XElvMX+bm9Em6Qhy4ojNkNd6ZlFOfI+I1YFFYGfX+f16enLFIKNuUoOFNxYal8yd
koSL+d4Ihwx/88KaI8VAIsxwU7UY02vP/EYBoFehJis72YdiiS0=
=33Sp
-----END PGP SIGNATURE-----

Stable release: HardenedBSD-stable 11-STABLE v1100054.2

HardenedBSD-11-STABLE-v1100054.2 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Highlights:

  • HBSD: Disable lint(1) by default (74db9a87ccbee248675ea534b4867ef7b45ae116)
  • Update to OpenSSL 1.0.2n (a0b182dd517b681163e5a3b649fa9931c36ca3c4) [FreeBSD-SA-17:12.openssl CVE-2017-3737 CVE-2017-3738]
  • MFC r326074: filter all passwords (not only changed) from periodic passwd backup (c789660d53a74dca1d0c0d2b0cc376418fe5f2d2)
  • MFC r326135: bfd: fix segfault in the ihex parser on malformed ihex file (9d9b278a90fa6d1c7818ba58274a8e0b40569651) [CVE-2014-8503]
  • MFC r326136: bfd: avoid crash on corrupt binaries (e1ecb10d06b8c1a102ddba5501438ea64789a563) [CVE-2014-8501 CVE-2014-8502]
  • evdev updates
  • zfs updates

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v1100054.2-amd64-bootonly.iso) = adf64ccb3a60cedd9195d88c6bd7fb0a85fd428a5ee3dd4cb6bae935235b2a3100c99c9722efa43b760a35dc82ea25b637198cc3a17b8894ab56331dfcc62a04
SHA512 (HardenedBSD-11-STABLE-v1100054.2-amd64-disc1.iso) = 9ac8ff7bc605f5264d45e73d625c86b783b62011c7048cef7cf6ddaf51cbd3f94d4a661409967b6599eee7493b2138bb4b52a7ee66df956615b782723c8e8666
SHA512 (HardenedBSD-11-STABLE-v1100054.2-amd64-memstick.img) = 94d27f3d30159b0df25af543fb84327873ea5ef76df7e0f22a66160bce36688b00761e82c972356107aed30ed70b2f61a3ba892024b1777e335ddf88013a782b
SHA512 (HardenedBSD-11-STABLE-v1100054.2-amd64-mini-memstick.img) = 116a72cd219df1ed23d0fccff8be745f600982bae00681fbb35d3ef4994bd9bf091ae4c35114533127edcefdc05c9ff0c25061f7f51daa61b8edb6b03ec060db

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlot8jUACgkQgZsRom/9
GI3a4xAAvx17oUQHPzRZza/qVLuF0VTVy9TDzFTZ32UfpDoiII0MYIfPuvIMXvTR
k/RZa9PxB07oI8jldIW/uXW8UAkQlSmxVegXjemh63aKydMAudXrYM3imN1zV1zp
/f/m1MFiwA98TzwMUZx+nWVZBnuQeDtEKREOBZHV9jcwno3vhA5gn6Vp6RfzE2W7
/oISL3eu9/sShf2of9dRMKmZjKuY+K757ygcf8xk53C6UMdRV+zEopVBQqzPwonZ
n1QBn1mJv4HsvMXuzgRE630MLjfvgqiXflnaGYiNnk9yvOgBKr88fL3gJ1TmTthb
hW2hZFUBRDWfAPCyk5K3tm93LJBXrcl7wJ/xtWQMkKtdsRBKPWkac2UpkUjvtvdc
1Ul5hber1OrEV2JxZhYyTUlzSwjOKIRVZi/MlUdpdq17F2BQpUygbx510Qp05G3D
bDCscWh+qrat+YPbZORi2FQxxbIyUfXUJTKBQahkCtwqnyTIEYlxSwwICwZMFEAP
MdASUvhE5fvZ+RCYTCoC2QMnYtZmC7Z+QEAof5aqhenjawgdL9p4bYvJ+4q1pX1l
M6NqDcbTzyQD7nid84Uvy78eX7NcrmZI/Sk1docw5mlJ/8LBJtZLyJgH8wxPSVQ0
piB1d+GaKBIplXzPaAz91TJ3tBVrS9mPdu3i0poEvZK1PxgQKKk=
=4o8A
-----END PGP SIGNATURE-----

Stable release: HardenedBSD-stable 11-STABLE v1100054.1

HardenedBSD-11-STABLE-v1100054.1 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Highlights:

  • fixed syslogd - restore host name handling in UDP case (1bbaa032d75dc1aab167b8a6cc5c9116c5e393bc)
  • fixed ARM64 control flow problem (1ea13dc104ea903a34741e363d910a1fb16f31f7) [FreeBSD-SA-Candidate]
  • fixed MAP_GUARRD issues (96cbc3d921794d684acf6e4fe465374bee33ed6c)
  • upgrade to Unicode 10.0.0 (909e9adcdcdc361054c0947ee969961afe431676)
  • ZFS fixes
  • (side note: the recent OpenSSL security issues (FreeBSD-SA-17:11.openssl) are already fixed in previous releases)

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v1100054.1-amd64-bootonly.iso) = 83725667faf1aadb34f154934f8da4790b3fe8993e98dc852d149fee4529625bf5dec04ee04a59dd577cdaaa1b6b6a2378abad39933c9d9c87dd8354757210a2
SHA512 (HardenedBSD-11-STABLE-v1100054.1-amd64-disc1.iso) = 9b0e2243f7b46a395e6c62c7daf279683ad961985e9129ccc30654672d368ea54b8bc718f6a94d74b47dd6aca049146d5dda36a0a1530d7a62d11812cf75f8de
SHA512 (HardenedBSD-11-STABLE-v1100054.1-amd64-memstick.img) = cfe23f59d9969f3bbe958916a02ae830b7b65b506c4000edcf17ab513df0214c71c95700f1e27afa1f5290323bd5b9844bab1b817107ab6828b36b7a4d49cd8d
SHA512 (HardenedBSD-11-STABLE-v1100054.1-amd64-mini-memstick.img) = ddf2e9e6a9fe32d7b104184e14c0abb6261770e00ae1cad37f58a3c8a18dc5cd021fa9e160740387812171dd9ede6fdc6322035ddc70885e7eac15086bfade12

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlofe1QACgkQgZsRom/9
GI0lZhAA5evBJtIaEdpeYbtmlEUHJiXz+D94slp1CLKg2nzcZFU73e8FrkB8zbgA
qzfqq7v2SGzYHRSdI/f7iVDsXnsid9/t2PP9mn8OU0Sc1ZcgWwKNnaCcSf5lzNUz
yGNpuxFMy4OqYfO+CnIzihDYptEt/aFvgkrGYxPURjcM/veVcema9UFuT0lNjlhw
y3lvNouFrhF8k9vWLrZyW3J5Pe4MBTKFGm9thqm/p5fnHI0iCOsQIpLcWlxhMJHh
6GBUW+vszxLQGOxExrYxrIoY5FJyJN7zFwyh7jIhN/+OI9JOgMLPHFniOTpsJ/gm
N0QOTSzNBQ7AGNJBku4M6cEArfDujqwH61wbDOkVUqkG1gRu5AygSDy1nBwmUqSz
m5Of1iSMOl8qcKqjMkPlI+6CTFlcimb14jX6HMl4/WMvoe7dMLXEnfe6hl9/Tcqn
0ctJrNBck2k7vnYTc+4vwpdfnlmrvZqfFah2sOPPmFst9iJ4ahcAoxoRrS/beVn1
0f11GBDEf4BkkqIercR/XKUQmH+50apdypzjTcvLUspNIqlKekivUgDAo6r5hGOp
g1FnhkILpW1Wm6y0kLwt16y4ICculisa95mmbuKZ+gINDZo3hdtTyW+Kz3s+O71j
XrLAoqShGH+Ml/hZDJD7CbmrYbCmJjkTK3J3qSuq4dZJaYvQRyw=
=g8Bo
-----END PGP SIGNATURE-----

Stable release: HardenedBSD-stable 11-STABLE v1100054

HardenedBSD-11-STABLE-v1100054 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Warning: this is a security update!
Warning2: reinstallation of pkgs/ports are required due LibreSSL upgrade!

Highlights:

  • Changed AT_PAXFLAG auxvector position (4c04e4a613679510cd16bb13d7974c18e3f54460)
  • Properly bzero kldstat structure to prevent kernel information leak. (3ff3ec467d4eb11cdbf706cf386935d5e58c2e91) [FreeBSD-SA-17:10.kldstat, CVE-2017-1088]
  • CloudABI 0.17 (cf6ac9b4efa43a9c64c5ab311666080a0e8632b1)
  • MFH (r325010): don't bother verifying a password that we know is too long. (b242fe393914310e50673eb62d480ce03706d745) [CVE-2016-6210]

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v1100054-amd64-bootonly.iso) = 20f6333bcbeceb57788ca945ce9816359d9844c2476956a2d4ffd8cdb7b725b4ce12aca4a9adac67c43fdd0a5fd5b9c87888298a6044a31e3f0a4dcb564fefd3
SHA512 (HardenedBSD-11-STABLE-v1100054-amd64-disc1.iso) = 09af01b113072333cf72f2c933f2335d5e4c9e46d51c82d2a74ebd3f3217c9ba454dc77f30de75c2f805adb56608d147dd6dc520f8cfaa90fa049888f193497d
SHA512 (HardenedBSD-11-STABLE-v1100054-amd64-memstick.img) = 8951648e199157e840f1dc2637ba6516631bda75c28768086ccc5daba7822e874790cf5b1c2a86d428c70858cb1de5a0318c64ee27e8ce51596387d0b74c082b
SHA512 (HardenedBSD-11-STABLE-v1100054-amd64-mini-memstick.img) = 5d6cfc1f89374409efa226da5e6ef793e5e9472a217241e1a21e3c93ebadc9fd967a586dfbe66d454655618cef63721e42402c0a5e3282e1a5db465c208daa26

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAloNK9kACgkQgZsRom/9
GI2qDQ//WQxgSb96jBJ7uXlO9uH9xboZVPzgSP2OfXPFqRvy82Sqr/OFtmVURh1v
8N4zYkVEE4nCKkwiuSFRmRkfygKg1qhQ8hNbpXA3icgITO9ZS6kBIh6ZBkSht8f5
aFgkAEU6CToSodz733oSnaAmGoap6drG2jJ8VlK+IjdXQkrK1mh4g2ETZg03I3ED
vzqAQ5+AT1V4+MzES+K3AV0jnR7nCntLAaEDRgEIcEKA9l4GPfhUNyPnusd3RJNb
vAOJWt7XBJAvWilABDXVPXxObKqhowTKb/+JcEwP0Is8uIzfzplr/E9zmUCCmy5O
u+FQ5H14M+sIfo7KwlXsWStWUhCmOoXR8mLtEAzAV2bZf+/dccrFOE0M3lYu8ZA+
kq09zEN22N3fPU55PIRFyzLlFsRHx2/vFZMf8RvsVbtroHWBqsMudPkd8y8F26aM
HQBHFhmaRmlWmNTJ+Fsh51mwv08CmcY7W0tQztXZWgkKA+uwQV//olOglp9ZVhEJ
LNwRVcAGEwhXJsKeNBzHgiteEYu5kTV7HxiQwMnoIDnN2WT8zkJhetYNQnwMPJIj
LP2/azjbX6nTCZJyLRsLBRu8KGf1g9jW03gWmu8/qUZldS4bgxx4HDnmXazhShgX
zXWQLS9e+K1z2Dg9+7wLHmxK5k9pf9T+SadDPZ14n+DrEjr9qbw=
=Rk9Y
-----END PGP SIGNATURE-----

Stable release: HardenedBSD-stable 11-STABLE v1100053

HardenedBSD-11-STABLE-v1100053 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Highlights:

  • LibreSSL 2.6.3 (c49b64fc67249a34f0899fdaf83ff409877c0832)
  • Fix infoleak in ptrace_lwpinfo (a9480512504618c725807232b538d3d03adb13c0) [FreeBSD-SA-Candidate, CVE-2017-1086]
  • ZFS channel programs (b6de21de0e6db7018f1a79f4e09e03275f27996f)
  • OpenSSL 1.0.2m (a88f0513c4cf81f98bab740e4f112f1a6d7f4d42) [FreeBSD-SA-Candidate, CVE-2017-3736, CVE-2017-3735]
  • Add extended attributes support to fuse kernel module (4d1ec3df908e0b5948287618d437add1454b15f0)
  • tzdata 2017c (bb786ee507dfb1537c2a2d4bbbc9cb06cfa2cd9f)
  • Linux emulation changes to support newer Linux libdrm (8b3e384829098404bdf42f48c6e808aed906aeb0)
  • Fixes and improvements for x86 LDT handling (5f0b9b87892629c113c13c5a0c5933c1de48bdb9) [FreeBSD-SA-Candidate]

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v1100053-amd64-bootonly.iso) = bd091a8d0787229e47ea8207728db7ed5244787d17665d11a2e69779073d2a12a3bf4a1938f4c1ee001d84c3a0bf5d14ff0750fed149ffac7d3a6e266afb9bf8
SHA512 (HardenedBSD-11-STABLE-v1100053-amd64-disc1.iso) = ee546baf2e6cc55a8237cf0b96f3b10b8a8a7015bde3662b3bb28a4536c0b7d2179015477c3d3d44cbe252d6e53e348c2bd2a1c0b5e17e84405ef7a6277607ec
SHA512 (HardenedBSD-11-STABLE-v1100053-amd64-memstick.img) = e2213d1f0d4c25f2518148fc9d3a42994fda5b4e3e84ef41ea963e24b1b985cf1defc8dd65cc0bb5349b437527fffde98eee5c50002cc4908c4c0dd642e17bbe
SHA512 (HardenedBSD-11-STABLE-v1100053-amd64-mini-memstick.img) = 524764b81c8a2c8d72719589eb110e7bf44160a250b11d660039930c5678c64b22b8187a4f1e987a2235216f8e0f0a6d4b31f65552f31d633d48ae0a8e004087

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAloJB+oACgkQgZsRom/9
GI1fKxAAonAfV/7yJjWPLvYO3iN3+Cef/Syy7lmHSKydpaABDcC6V0s726Wzfw1r
GGpAcTI3s6Qvz+cJ5gaJfw45912vlsWTD/96Av0PEZWzdCyp4wITG8MrzD0nRUh7
r3y4XFw00McX+zPnDUfBOgo6WkAZneshXbrmxr03Nr8NGM3rpXOnk992lXjnetAU
pzJMr7ZcIr2nN1f+CdFL6uaesZQQpIzUm1LxRM6ef/4I4xaJp7gWALIbmoh6nf2C
ihwgL5T5vGNutROeQKWddr7I4zFt0Rnp6XmulkA8oafVNG4BYSwG7fT6m1WBOEZG
td9heuneIH9ooiFOXSDdrTmQlWYe1PgxD/NsMe1V0bZnuqBaYBbWmvvlcKEOSplf
MaSWPYKefpXCQENzgeuDy9GQ+PgzQbFhmv/7YhKuNWCRoIWGMQAeR0a2jbtyEUUH
9FSYuh6LRNnXPdITsBi2PGBQcViVxRgaaF48XpG54qmgQ5ILS+vTuM90oduqjgVY
XOw22mKVD1mJBlu4+F5PTjYp3rCCyYvFu3oDTe5hVnUDHIDEVyBpD+xdPYARMb4W
HplqkiDUktJoA6vuzoalik7J8eGY9DYucNlKIckv0DHUXQSyfe1+C6b+SFSRXpbo
byaHi0cFAOELr4fjtBu/VIWkkTB1dIsFZfoqk8iWUckfQEcP1Rc=
=Jh14
-----END PGP SIGNATURE-----

Stable release: HardenedBSD-stable 10-STABLE v1000050

HardenedBSD-10-STABLE-v1000050 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Warning: this is a security and feature update! Recompilation or updating of secadm is required.

Highlights:

  • Update wpa_supplicant/hostapd for 2017-01 vulnerability release. (7aec04ba0072726d6bfd78bd999ad560d9780f9e) [FreeBSD-SA-17:07]
  • Libarchive update (a8e62bf6379d818c85773fb747b79c05929632b5) [FreeBSD-SA-Candidate]
  • hyperv updates
  • ZFS updates
  • hbsd-update improvements
  • HBSD MFC: Correct sense of crypt(3) NULL checks in init(8) and lock(1)
  • HBSD MFC: netsmb: Fix buggy/racy smb_strdupin()
  • HBSD: add kernel side of hbsdcontrol (ddf19424710e7ff34a9e82794c65b35543248941) [see UPDATING-HardenedBSD in src repo]
  • HBSD: fix a possible "time of check to time of use" attack (bfdb3e6118e66e95bb1e823201898dedc3b38701)

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-10-STABLE-v1000050-amd64-bootonly.iso) = 966d3a6957976544c04e9e2200bc5717bc9771d1e4f76dd9005c8ac8936c07bf4245afc0118947d47010d16c7f7c244c8bec23e181839056c1549f1c7f2656ec
SHA512 (HardenedBSD-10-STABLE-v1000050-amd64-disc1.iso) = c25eda9ec2eb046f41003d8146aefc734efb2987286c7ee53cc81c8e9de03e63809f8b626c7ea8cb451ad1fac7ed2d006a2266b99e10c59cfc7f55678eb45871
SHA512 (HardenedBSD-10-STABLE-v1000050-amd64-memstick.img) = e9414353ad4d08f68aa8c7f85711772ccfc79b00c4dffad2d6c291d3f94ff3748058bd40c9d6a1d1b97fb16369fc855b776486bfee51eaff77e96005813a9b0d
SHA512 (HardenedBSD-10-STABLE-v1000050-amd64-mini-memstick.img) = c05aba86caa6e2f071aacc9fe602f5a5e20d6cf0ba4542ace41e3b9c79d69c1afc87b65d3cc09f1787042eb4cf8023e1295dc8bae475e6074331d7299e2acce6
SHA512 (HardenedBSD-10-STABLE-v1000050-amd64-uefi-bootonly.iso) = 5a305a274714fd140c4501769b48c46518b59b745bf24814e91028a192f23a086a9777776a82f10e8ab94a450720009fc46b7f89be62fce46ddec729d1c4722e
SHA512 (HardenedBSD-10-STABLE-v1000050-amd64-uefi-disc1.iso) = 2c4a384385e74a578cb3c4b78caebb32979628c6c40ae23b43ce4931efd764f72c46184d7815837a1516e71d45614250caea6d3d58c3fd782c31926fc004bab2
SHA512 (HardenedBSD-10-STABLE-v1000050-amd64-uefi-memstick.img) = de41b6916229ff61eb367b0dd771ca0a27451633706edcdedeab56b17483f146b36c60436e4775436e2ef054a73db0e9bd8f2a5810f9510277c9dfc60e9f7f68
SHA512 (HardenedBSD-10-STABLE-v1000050-amd64-uefi-mini-memstick.img) = f992a82ff485e4e0604f0240ed6a9e9f57d27399eacebc665cc4348dc6a8b7fb21e5bfbe5b66bf59267ab967e72cbb4793452fca9d944cc853a649b1d3e05c55

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlntQTQACgkQgZsRom/9
GI1ULBAA3FnfoSHEEkpBtoMZhT/zaoYAkHZK701M/LcCMK5Gr/UnejfvCLAn8Pgd
s9tf2fjr0W9XwYlqrh9lq3pW0QERc9myMScixlLSgXlDLXKgRVTDsMSbHxwE/FWM
vVEzyS1RzKhs2SfnhytPyRpBXsKC8W8UnlvcaK2N7OE0CosauAimQgnuoP9pw52G
oaS7s1phwaeHANz4TNilnlNL9/I8S/ljxZHCg8mS9qAbGlKi8Limxj3W1OAE5q2v
cPi67fOE7hhABkj0eVZu9erLKwgD6o7IDfVRTFyduCBOdpmk9MFOfcbxWjrvxI4P
FJYGF2Hbbbr6SkFqqvh/nf2MjUBJbc61IHSwLyoYWebu6Jxui02Cq428brei24pH
1ycbCic7jsTApaBfXodr2vCbrCzkCAgzpWQTAO3I0IXXoTjfDGGGfR4MvRQ8eVP7
VEENGFGcNhYIZOftK/8vJgIafCgwRJNv6KKAwzCJVTGi2PIrMyb2Pm7nGeQeokKN
YvwLCfM8ZzjCEwUv/tyZqb+wxo86hwOGw3n5HIBYFycrapLlpDxuKnexCBQbcZj+
DStCVYZKqj8qGjFoQcV+rF5woBW9uO+loulVCIKEOC1eCrstWDi3xQ7NC9xhpXMr
SjbPQrspbu5Oam39mLVxBNb2j5X40uU4BMyNCsDpvA0/sU6iiwU=
=ZVYc
-----END PGP SIGNATURE-----

Stable release: HardenedBSD-stable 11-STABLE v1100052

HardenedBSD-11-STABLE-v1100052 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Warning, this is a security update!

Highlights:

  • MFC r324696: Update wpa_supplicant/hostapd for 2017-01 vulnerability release. (2d112e2354053559738d08a42672a59fee3c57c5) [FreeBSD-SA-17:07, fix for the KRACK WPA issue]
  • Changed AUX vector layout
  • HBSD MFC r324394: random(4): Gather entropy from Pure sources
  • HBSD MFC r324372: random(4): Discard low entropy inputs
  • HBSD MFC r316767: Map DMAP as nx.

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v1100052-amd64-bootonly.iso) = 2c608383dad93cafbf823c44aad048e464274bd47d093695851926b10ee7f33a8ebe1ff7246943879aabe1b1c782e73fed03f17f2418b6671c0c16c1672e6684
SHA512 (HardenedBSD-11-STABLE-v1100052-amd64-disc1.iso) = 3970ebbf4aec1422ed45b788d5129980e4740bfcb555d0f8dc91542244694408050c48bbc99b6e9d14534a1802a0a73dee7bef4280cc791d06246937209b3464
SHA512 (HardenedBSD-11-STABLE-v1100052-amd64-memstick.img) = df6dc54c41f228e84f3e706e8e6e01a56c763e60bdd0422f57e5949d9bf566d79bc7b0c7cfe129e0c551978a9238590d66ad5e70b64d0c37051a6e76c974f97d
SHA512 (HardenedBSD-11-STABLE-v1100052-amd64-mini-memstick.img) = 8689c252e1211a6e8363a3c083eb0aca073bb08a378120324028a466180cbc062d48c14b2ab054a443d4b9a8d4e21ff27b21f18def975c55dc2029fcdf4c10a5

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlnmsRkACgkQgZsRom/9
GI2EThAA1kqMTRY6u8Eg7DUDrKGMmoskob4r3gFT6tpYUjkueXpUwZYHyNI9mAbS
1MmfvdtASCldjzMirgcaz+squK5JqktLrNbUdhJV7Omb+g/70uoCK4Ges0XBc7nh
vUsBu6PXZPN01gi5L2xQCcue3L5ImYj9nKR5Froy17GUaCAmhRhTdKj6+XxT/OVv
BfIRrGWiAj1Txt78t9IKCAL10ZsZydrFxPT+WC9oZBFB8dNdT3H3orRS5Qp0RVA/
+rTxE22H35VsVsdBhiDK7CFAlGfEJrBN9dK79meFdfxKpkp4701W6QWkBGCwUntz
NMmIhIjsqbZToBG5AycgXW8cTvTKG2bTvfa/lPDdfw82tqBpdQJQp4NExFyva9E1
yG7NL13Fl7pxR69YBWJqV+Y239ZmpF5+BRJnPj+0v0EnQOUuTN8R9jNdqHvq0DIm
9vb3ELiphdZGpcNlmd+zPJq1QQD5Z5RV11SkO8Kwnndyfhw4JBR6qr59ALXev3sI
7YW9mkQL9RSSMOmbzYwmtJ7YSgOceP0qM3i4D7sW5Akh9laJZxz0DnjPkgDs/y9i
eAiUsWp/MkbTAquGqnKU23tKnDU2QDDho1M1ZvxrlJ+yQX9dB6eG0SRsh+ob3vWq
aK8Y2536m6U6KXnijY16++DsraI1AAiVT3JXHL/+EvOh+jcECJQ=
=4WTi
-----END PGP SIGNATURE-----

Pages

Subscribe to HardenedBSD RSS