HardenedBSD-11-STABLE-v1100054.2 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Highlights:

• HBSD: Disable lint(1) by default (74db9a87ccbee248675ea534b4867ef7b45ae116)
• Update to OpenSSL 1.0.2n (a0b182dd517b681163e5a3b649fa9931c36ca3c4) [FreeBSD-SA-17:12.openssl CVE-2017-3737 CVE-2017-3738]
• MFC r326074: filter all passwords (not only changed) from periodic passwd backup (c789660d53a74dca1d0c0d2b0cc376418fe5f2d2)
• MFC r326135: bfd: fix segfault in the ihex parser on malformed ihex file (9d9b278a90fa6d1c7818ba58274a8e0b40569651) [CVE-2014-8503]
• MFC r326136: bfd: avoid crash on corrupt binaries (e1ecb10d06b8c1a102ddba5501438ea64789a563) [CVE-2014-8501 CVE-2014-8502]
• evdev updates
• zfs updates

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v1100054.2-amd64-bootonly.iso) = adf64ccb3a60cedd9195d88c6bd7fb0a85fd428a5ee3dd4cb6bae935235b2a3100c99c9722efa43b760a35dc82ea25b637198cc3a17b8894ab56331dfcc62a04
SHA512 (HardenedBSD-11-STABLE-v1100054.2-amd64-disc1.iso) = 9ac8ff7bc605f5264d45e73d625c86b783b62011c7048cef7cf6ddaf51cbd3f94d4a661409967b6599eee7493b2138bb4b52a7ee66df956615b782723c8e8666
SHA512 (HardenedBSD-11-STABLE-v1100054.2-amd64-memstick.img) = 94d27f3d30159b0df25af543fb84327873ea5ef76df7e0f22a66160bce36688b00761e82c972356107aed30ed70b2f61a3ba892024b1777e335ddf88013a782b
SHA512 (HardenedBSD-11-STABLE-v1100054.2-amd64-mini-memstick.img) = 116a72cd219df1ed23d0fccff8be745f600982bae00681fbb35d3ef4994bd9bf091ae4c35114533127edcefdc05c9ff0c25061f7f51daa61b8edb6b03ec060db


CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlot8jUACgkQgZsRom/9
GI3a4xAAvx17oUQHPzRZza/qVLuF0VTVy9TDzFTZ32UfpDoiII0MYIfPuvIMXvTR
k/RZa9PxB07oI8jldIW/uXW8UAkQlSmxVegXjemh63aKydMAudXrYM3imN1zV1zp
/f/m1MFiwA98TzwMUZx+nWVZBnuQeDtEKREOBZHV9jcwno3vhA5gn6Vp6RfzE2W7
/oISL3eu9/sShf2of9dRMKmZjKuY+K757ygcf8xk53C6UMdRV+zEopVBQqzPwonZ
n1QBn1mJv4HsvMXuzgRE630MLjfvgqiXflnaGYiNnk9yvOgBKr88fL3gJ1TmTthb
hW2hZFUBRDWfAPCyk5K3tm93LJBXrcl7wJ/xtWQMkKtdsRBKPWkac2UpkUjvtvdc
1Ul5hber1OrEV2JxZhYyTUlzSwjOKIRVZi/MlUdpdq17F2BQpUygbx510Qp05G3D
bDCscWh+qrat+YPbZORi2FQxxbIyUfXUJTKBQahkCtwqnyTIEYlxSwwICwZMFEAP
MdASUvhE5fvZ+RCYTCoC2QMnYtZmC7Z+QEAof5aqhenjawgdL9p4bYvJ+4q1pX1l
M6NqDcbTzyQD7nid84Uvy78eX7NcrmZI/Sk1docw5mlJ/8LBJtZLyJgH8wxPSVQ0
piB1d+GaKBIplXzPaAz91TJ3tBVrS9mPdu3i0poEvZK1PxgQKKk=
=4o8A
-----END PGP SIGNATURE-----

HardenedBSD-11-STABLE-v1100054 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Warning: this is a security update!
Warning2: reinstallation of pkgs/ports are required due LibreSSL upgrade!

Highlights:

• Changed AT_PAXFLAG auxvector position (4c04e4a613679510cd16bb13d7974c18e3f54460)
• Properly bzero kldstat structure to prevent kernel information leak. (3ff3ec467d4eb11cdbf706cf386935d5e58c2e91) [FreeBSD-SA-17:10.kldstat, CVE-2017-1088]
• CloudABI 0.17 (cf6ac9b4efa43a9c64c5ab311666080a0e8632b1)
• MFH (r325010): don't bother verifying a password that we know is too long. (b242fe393914310e50673eb62d480ce03706d745) [CVE-2016-6210]

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v1100054-amd64-bootonly.iso) = 20f6333bcbeceb57788ca945ce9816359d9844c2476956a2d4ffd8cdb7b725b4ce12aca4a9adac67c43fdd0a5fd5b9c87888298a6044a31e3f0a4dcb564fefd3
SHA512 (HardenedBSD-11-STABLE-v1100054-amd64-disc1.iso) = 09af01b113072333cf72f2c933f2335d5e4c9e46d51c82d2a74ebd3f3217c9ba454dc77f30de75c2f805adb56608d147dd6dc520f8cfaa90fa049888f193497d
SHA512 (HardenedBSD-11-STABLE-v1100054-amd64-memstick.img) = 8951648e199157e840f1dc2637ba6516631bda75c28768086ccc5daba7822e874790cf5b1c2a86d428c70858cb1de5a0318c64ee27e8ce51596387d0b74c082b
SHA512 (HardenedBSD-11-STABLE-v1100054-amd64-mini-memstick.img) = 5d6cfc1f89374409efa226da5e6ef793e5e9472a217241e1a21e3c93ebadc9fd967a586dfbe66d454655618cef63721e42402c0a5e3282e1a5db465c208daa26


CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAloNK9kACgkQgZsRom/9
GI2qDQ//WQxgSb96jBJ7uXlO9uH9xboZVPzgSP2OfXPFqRvy82Sqr/OFtmVURh1v
8N4zYkVEE4nCKkwiuSFRmRkfygKg1qhQ8hNbpXA3icgITO9ZS6kBIh6ZBkSht8f5
aFgkAEU6CToSodz733oSnaAmGoap6drG2jJ8VlK+IjdXQkrK1mh4g2ETZg03I3ED
vzqAQ5+AT1V4+MzES+K3AV0jnR7nCntLAaEDRgEIcEKA9l4GPfhUNyPnusd3RJNb
vAOJWt7XBJAvWilABDXVPXxObKqhowTKb/+JcEwP0Is8uIzfzplr/E9zmUCCmy5O
u+FQ5H14M+sIfo7KwlXsWStWUhCmOoXR8mLtEAzAV2bZf+/dccrFOE0M3lYu8ZA+
kq09zEN22N3fPU55PIRFyzLlFsRHx2/vFZMf8RvsVbtroHWBqsMudPkd8y8F26aM
HQBHFhmaRmlWmNTJ+Fsh51mwv08CmcY7W0tQztXZWgkKA+uwQV//olOglp9ZVhEJ
LNwRVcAGEwhXJsKeNBzHgiteEYu5kTV7HxiQwMnoIDnN2WT8zkJhetYNQnwMPJIj
LP2/azjbX6nTCZJyLRsLBRu8KGf1g9jW03gWmu8/qUZldS4bgxx4HDnmXazhShgX
zXWQLS9e+K1z2Dg9+7wLHmxK5k9pf9T+SadDPZ14n+DrEjr9qbw=
=Rk9Y
-----END PGP SIGNATURE-----

HardenedBSD-10-STABLE-v1000050 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Warning: this is a security and feature update! Recompilation or updating of secadm is required.

Highlights:

• Update wpa_supplicant/hostapd for 2017-01 vulnerability release. (7aec04ba0072726d6bfd78bd999ad560d9780f9e) [FreeBSD-SA-17:07]
• Libarchive update (a8e62bf6379d818c85773fb747b79c05929632b5) [FreeBSD-SA-Candidate]
• hyperv updates
• ZFS updates
• hbsd-update improvements
• HBSD MFC: Correct sense of crypt(3) NULL checks in init(8) and lock(1)
• HBSD MFC: netsmb: Fix buggy/racy smb_strdupin()
• HBSD: add kernel side of hbsdcontrol (ddf19424710e7ff34a9e82794c65b35543248941) [see UPDATING-HardenedBSD in src repo]
• HBSD: fix a possible "time of check to time of use" attack (bfdb3e6118e66e95bb1e823201898dedc3b38701)

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-10-STABLE-v1000050-amd64-bootonly.iso) = 966d3a6957976544c04e9e2200bc5717bc9771d1e4f76dd9005c8ac8936c07bf4245afc0118947d47010d16c7f7c244c8bec23e181839056c1549f1c7f2656ec
SHA512 (HardenedBSD-10-STABLE-v1000050-amd64-disc1.iso) = c25eda9ec2eb046f41003d8146aefc734efb2987286c7ee53cc81c8e9de03e63809f8b626c7ea8cb451ad1fac7ed2d006a2266b99e10c59cfc7f55678eb45871
SHA512 (HardenedBSD-10-STABLE-v1000050-amd64-memstick.img) = e9414353ad4d08f68aa8c7f85711772ccfc79b00c4dffad2d6c291d3f94ff3748058bd40c9d6a1d1b97fb16369fc855b776486bfee51eaff77e96005813a9b0d
SHA512 (HardenedBSD-10-STABLE-v1000050-amd64-mini-memstick.img) = c05aba86caa6e2f071aacc9fe602f5a5e20d6cf0ba4542ace41e3b9c79d69c1afc87b65d3cc09f1787042eb4cf8023e1295dc8bae475e6074331d7299e2acce6
SHA512 (HardenedBSD-10-STABLE-v1000050-amd64-uefi-bootonly.iso) = 5a305a274714fd140c4501769b48c46518b59b745bf24814e91028a192f23a086a9777776a82f10e8ab94a450720009fc46b7f89be62fce46ddec729d1c4722e
SHA512 (HardenedBSD-10-STABLE-v1000050-amd64-uefi-disc1.iso) = 2c4a384385e74a578cb3c4b78caebb32979628c6c40ae23b43ce4931efd764f72c46184d7815837a1516e71d45614250caea6d3d58c3fd782c31926fc004bab2
SHA512 (HardenedBSD-10-STABLE-v1000050-amd64-uefi-memstick.img) = de41b6916229ff61eb367b0dd771ca0a27451633706edcdedeab56b17483f146b36c60436e4775436e2ef054a73db0e9bd8f2a5810f9510277c9dfc60e9f7f68
SHA512 (HardenedBSD-10-STABLE-v1000050-amd64-uefi-mini-memstick.img) = f992a82ff485e4e0604f0240ed6a9e9f57d27399eacebc665cc4348dc6a8b7fb21e5bfbe5b66bf59267ab967e72cbb4793452fca9d944cc853a649b1d3e05c55


CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlntQTQACgkQgZsRom/9
GI1ULBAA3FnfoSHEEkpBtoMZhT/zaoYAkHZK701M/LcCMK5Gr/UnejfvCLAn8Pgd
s9tf2fjr0W9XwYlqrh9lq3pW0QERc9myMScixlLSgXlDLXKgRVTDsMSbHxwE/FWM
vVEzyS1RzKhs2SfnhytPyRpBXsKC8W8UnlvcaK2N7OE0CosauAimQgnuoP9pw52G
oaS7s1phwaeHANz4TNilnlNL9/I8S/ljxZHCg8mS9qAbGlKi8Limxj3W1OAE5q2v
cPi67fOE7hhABkj0eVZu9erLKwgD6o7IDfVRTFyduCBOdpmk9MFOfcbxWjrvxI4P
FJYGF2Hbbbr6SkFqqvh/nf2MjUBJbc61IHSwLyoYWebu6Jxui02Cq428brei24pH
1ycbCic7jsTApaBfXodr2vCbrCzkCAgzpWQTAO3I0IXXoTjfDGGGfR4MvRQ8eVP7
VEENGFGcNhYIZOftK/8vJgIafCgwRJNv6KKAwzCJVTGi2PIrMyb2Pm7nGeQeokKN
YvwLCfM8ZzjCEwUv/tyZqb+wxo86hwOGw3n5HIBYFycrapLlpDxuKnexCBQbcZj+
DStCVYZKqj8qGjFoQcV+rF5woBW9uO+loulVCIKEOC1eCrstWDi3xQ7NC9xhpXMr
SjbPQrspbu5Oam39mLVxBNb2j5X40uU4BMyNCsDpvA0/sU6iiwU=
=ZVYc
-----END PGP SIGNATURE-----

HardenedBSD-11-STABLE-v1100051 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Warning: this is a security and feature update

Highlights:

• HyperV fixes
• ZFS updates
• libarchive update (CVE-2017-14166, CVE-2017-14502) (aea515eb9597ea4c4963aa471d4325e351653a2f) [FreeBSD-SA-Candidate]
• lot of hbsd-update improvements
• Zero segment registers which contained invalid usermode selectors, when returning to kernel. (6a720c60ec8e6bc3caa3141033b0f54c14c0718d, 2c707ee9d55df4bd64c5928a092aea228426ac99) [FreeBSD-SA-Candidate]
• make fsck_y_enable more agressive (8430527c119726c7b1fa826dcf935f4681a126a2)
• HBSD MFC: Correct sense of crypt(3) NULL checks in init(8) and lock(1) (954bfe0ad4ee110a69ab41f78f0494a3e2d4d9d3) [FreeBSD-SA-Candidate]
• HBSD MFC: netsmb: Fix buggy/racy smb_strdupin() (145ca72398904245c097b37f843a2d7885a16c50) [FreeBSD-SA-Candidate]
• hbsdcontrol's kernel side implementation for more information please consult with https://github.com/HardenedBSD-stable/hardenedBSD/blob/hardened/11-stabl...
• LLVM, clang, lldb, lld, compiler-rt and libc++ update to 5.0.0 (12cd91cf4c6b96a24427c0de5374916f2808d263)

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v1100051-amd64-bootonly.iso) = 2a7a0644c4f6539a0763fee344f3ac7a51df62a358a394fc884d51147ca2479cfb6aea600d900dbcf551e5e4331685d8380038849636005f51fd1ff4a391d710
SHA512 (HardenedBSD-11-STABLE-v1100051-amd64-disc1.iso) = 840b8f12b33e4e9328187719af152c14f383e0a5b2749953f84e634bead200ff8794559b63faa6a9ed9b0675ef44be9d6d055f457f514c0107e8b480f2a46159
SHA512 (HardenedBSD-11-STABLE-v1100051-amd64-memstick.img) = 11ce832ec9256846e3eff4d5d661a9ef38d05b7c4857d1975cfec438e38de5d3e804f8401a943753672e469c0bcde6184f3b99bb22e3174b8a1c5e59da5ae9cd
SHA512 (HardenedBSD-11-STABLE-v1100051-amd64-mini-memstick.img) = 5189aeccb1823edde5681c6e5d7276cf2c1777981bb818ed3a3c838a5fe6f5035248da5094161b76ac9f7b574d957d833a19a3641a08f03b6fd74c468ba5140a


CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlnhbH0ACgkQgZsRom/9
GI1bfg/+JvEFmHPiEM6m8696no95d3LDv+hInSTMXzDmrKYh47eejtJI0vQcq06Y
GqFkVJr8sMfApKF5dMQJ6f4JsbTnFx4hQONwDIdM3lPhTnxUNfvtT5Vb2TrmOpU6
8hPQ2RRNYkTJVgbP84XhHlQwi3xNnpNKnjJasZiNUBcbooWpprjtkQPx7hGIVXEe
ubTX+na5Ry6i/NPcOYFr7YKPiqWNu/zSKFFeERjW4YnB6RyXsMUIr9nsEs7kjcRi
mIIVu/VMlXhkjGg1IwUPy9V8gA+YHutQ5/V80vVCUUUaFXoUS8t+isofywoCgD92
VX/icmEoK6T1PyVz47pzH+62fwVOn1Ypbz/1329LfNMY1CyNesLPore7bhNEpaBh
wovZH5Y9aJAlIrd53oiSHUGwlF0RROvpoWLC51loMp5IPdJR+6aoU6TinnAyMARd
0QRlLLtal7TO7cXfQE5OYDyVNHiVZgLIDQbNJG8G+pGmYyWQR8LZV/zsk56ti5tK
Lg8ABYEOvoTzG9WaJX27pFnMbzpiHyf5MzPHvA+KoEQibtFZWu8jyz4iHKLq7jB9
OfkSaWV9s87gSKzA0BP7m+Uh1bY1Ka9kTIPXd0n8ym75hGeovr0r52s48i4CpJPo
APTtWgrbgvD6P/uSnSV9hFAw4C9/LBJceEMPpjioctdKNA52wvY=
=pl3g
-----END PGP SIGNATURE-----

HardenedBSD-11-STABLE-v1100050 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Highlights:

• HBSD: pull in upstream fix for pwait hang when watching its own pid (09401513dde5740de4b088e39333d8011f210786)
• Removed HARDEN_RANDOMPID kernel knob
• HBSD: rework MAP_GUARD footshooting prevention (c694b8039615f1e4e59ef299ea36d6aa93a13269)
• HBSD: Enable EARLY_AP_STARTUP kernel config option - fixes Xen boot issues (b179d012d10d53a6331ff74e8485bc280c254f40)
• MFV r320195: bhyveload: correctly query size of disks (2239cf6be006a2c35505c12569689f845fa3da2b)
• HBSD: merged back LibreSSL 2.5.5 and enabled by default in 11-STABLE (37565403fa31bc816a59893dc50598e242801371) (with lot of commits from Bernard)
• Add sysctls for ZFS ARC shrinking and growing values (d991ae815445d3666cddf457fe576ecdbb07a013)

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v1100050-amd64-bootonly.iso) = 8d11dcb3b300bfb7c05a52893564a8eca7727624833634c8c0f0b3a9fc8fa3fe80de277fbc563f77252e3266591e77b26300be214919fef6902d9576a58bc846
SHA512 (HardenedBSD-11-STABLE-v1100050-amd64-disc1.iso) = fb64fd300ea10972db2081d800ec08532fef8a899d6b463b0d321d98cbe2e995150fb27a707ece45e0219c6cc44b99120555d6339a23035b087b00a07d698889
SHA512 (HardenedBSD-11-STABLE-v1100050-amd64-memstick.img) = ec8efddf21fbb1064b796d1f7db3845fa0e54437c364837eefb7f11974929c41598b13fa6b8bd16abee6997939ea629c8a4abc794f353dfeca04c183ffdde032
SHA512 (HardenedBSD-11-STABLE-v1100050-amd64-mini-memstick.img) = 2a0cc547d94438d52a51e587cdd49f7b37af7e1398299e96973b892b7778b44a63ce9a34df6b5827e6ab33e889825f6a292e6ca5981bd5116e79ed64f2414ebd


CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlnIXq4ACgkQgZsRom/9
GI0euRAAnE9UJ3DR3HGD5yXNhCuY6oyWk1hjZYbv0kxrNgr/CWI6Qq9tzHY6cmvL
lERxtAv6iusuwhOGEX5Mg1HmtcapI229wQV4mHbtat5EuWtB+u8R09f0DQbwLwWt
ArOYFVeg7RQT/n04sIzZuh+Knx+q5cfkgOi3FR/4RUDDTJOXACC0qkwXyt/FuVto
os8JNESHZ1fJR5T7qWpFlyJFpRJyZNS/I4huZufqSXQdtPWHswDyNpa8tTTwDV53
sQ/RjV9BcwqOrg0PVYgnqdAGOXAl9y2feEWHOrmwCLqyt2tY1MWyD+FGvzqWKJQk
4wXQDfkcp3DLQrjOzjwUv0luPghq1v8tsKr0PW5mZYzOW1k24vz6JAXsQ7DjoQIg
nYjvNPxZ8lBn/vkmJs2/ZODPVft2jAwZLEFR7Bhp7gyE/b8Dpsanpcl876nc0Hhf
ajWOyg3Zl7DaACnDAPasbOZ1p3xe6AzcC5X7BYigZ+utkusntbJ2mRdlFV5TbPZo
im4at4Ylo+nY8w4alpwAFc4Fwh5dDkcd1TV3Oi6VxRaDEOoHZ32o87yLgUxo1XTi
R2ysFt8zHLrhDM28KtZcrTTC8hPUVehxKUt1g1KZcfSWnIH90NfC0p1LwqOTTLiN
1HadK6g+Za3tInTeRL5DGB5UcpbuY26jPhm4i16fEHhwuNbt4hA=
=Z4iz
-----END PGP SIGNATURE-----