New stable versions: HardenedBSD-stable 10-STABLE v40.3 and v40.4 and 11-CURRENT v40.2

Submitted by op on

HardenedBSD-10-STABLE-v40.4 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...
---------------------------------------
[hardenedbsd] HBSD: fix MAP32_BIT mode mmap when allowed

HardenedBSD-10-STABLE-v40.3 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...
---------------------------------------
[hardenedbsd] HBSD: add WITHOUT_HBSD_UPDATE src.conf knob to disable hbsd-build's installation
[hardenedbsd] HBSD: fix build on i386
[hardenedbsd] Revert "HBSD: Default jemalloc's lg_chunk to 16 from 21."
[freebsd] FreeBSD 10.3-BETA2
[freebsd] EFI fixes
[freebsd] Adjust initialization of random(9) so it is usable earlier.
[hardenedbsd] lot of new hardenedbsd related man page
[freebsd] OpenSSH 7.1p2
[hardenedbsd] HBSD: Update updater root certificate

HardenedBSD-11-CURRENT-v40.2 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...
------------------------------------------
[hardenedbsd] HBSD: add WITHOUT_HBSD_UPDATE src.conf knob to disable hbsd-build's installation
[hardenedbsd] HBSD: fix build on i386
[hardenedbsd] Revert "HBSD: Default jemalloc's lg_chunk to 16 from 21."
[freebsd] EFI fixes
[freebsd] Adjust initialization of random(9) so it is usable earlier.
[hardenedbsd] lot of new hardenedbsd related man page
[freebsd] OpenSSH 7.1p2
[hardenedbsd] HBSD: Update updater root certificate
[freebsd] Update em(4) to 7.6.1; update igb(4) to 2.5.3. (skylake support)
[freebsd] hyperv support cleanup / rewrite
[freebsd] ZFS + UEFI support

New stable versions: HardenedBSD-stable 10-STABLE and 11-CURRENT v40.1

Submitted by op on

HardenedBSD-10-STABLE-v40.1 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...
---------------------------------------
[hardenedbsd] HBSD: Don't check for ZFS KLD when non-root.
[hardenedbsd] HBSD: Harden KLD-related syscalls
[hardenedbsd] HBSD: Add /proc to the hbsd-update's skipped files list.
[hardenedbsd/freebsd] HBSD: ktrace: tidy up ktrstruct
[freebsd] Merge OpenSSL 1.0.1r.
[freebsd] Add EFI ZFS boot support

New stable versions: HardenedBSD-stable 10-STABLE and 11-CURRENT v40

Submitted by op on

HardenedBSD-10-STABLE-v40 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...
-------------------------------------
[freebsd] Implement AT_SECURE properly. FreeBSD-SA-16:10.linux (HardenedBSD not affected by default install)
[freebsd] ntpd update FreeBSD-SA-16:09.ntp (already fixed in 10-STABLE v39.2)
[hardenedbsd] HBSD: Default jemalloc's lg_chunk to 16 from 21.
[freebsd] continued UEFI loader rewrite

New Member - CTurt

Submitted by Shawn Webb on

We've added a new member to the HardenedBSD team! CTurt will be working with us to research, exploit, and produce patches for kernel-level vulnerabilities. We'll be working on getting these kernel security enhancements upstreamed to FreeBSD after the fixes have been deemed stable in HardenedBSD first.

New development versions.

Submitted by op on

What's new:
* changed internal data types
* added new KPI to query the current HardenedBSD hardening version (in this case it returns 40)
* the default stack protection from RWX has changed to RW on amd64 architecture, this change is a noop when you have enabled NOEXEC in your kernel config (this is the default)
* fixed etcupdate integration to hbsd-update

Pages

Subscribe to HardenedBSD RSS