HardenedBSD-10-STABLE-v46.21 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Warning: this is a security update!

Highlights:

• HBSD: fix for FreeBSD-SA-16:37.libc (CVE-2016-6559) improper boundary checking - b66bee517d74e7395ba293bc2f41cc8273f0acdf 54ef6264f7f041d711a6f2a6afeedd2f3646bdd9

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-10-STABLE-v46.21-amd64-bootonly.iso) = 75580ab43e32dd5fecf439d4880b5820d96eb96975c5977c0a9ea7cc6dcc39584b1489cb45747833db706ea806775342bcd99ad85359f666dd09323361a220ad
SHA512 (HardenedBSD-10-STABLE-v46.21-amd64-disc1.iso) = c656ac66693d68bfddd8909ea58dceff64f6b28607909615ce331359e70fcc4e3fe9427a27f410ff810d68849de907bb82d340afb5f784e43b7777b87fec036d
SHA512 (HardenedBSD-10-STABLE-v46.21-amd64-memstick.img) = fbb5f60f5a708cf8d44e3434eb4226329d7c6fbd49781755f8be355931323cf75c506a4ba8e3a82ec68643cc254b6cf434705a25b0ea52357f857c69b2ad87f8
SHA512 (HardenedBSD-10-STABLE-v46.21-amd64-mini-memstick.img) = 7b2cfe0075d1d58e21c64359b2d143389be8932c93c12242b17eb463bc0ebd9df0efd564402608ccccc9fc81912896dea859f978c88b998576954bd61604efb6
SHA512 (HardenedBSD-10-STABLE-v46.21-amd64-uefi-bootonly.iso) = dcfd6952056243a5989954bafad5396845520b011e6bd5da536b0ffbf3951c04caa5bc1bbee2e0b1cf8c4616819b859a0c51f2ae73a7538d06248b97d59511e7
SHA512 (HardenedBSD-10-STABLE-v46.21-amd64-uefi-disc1.iso) = 58a1ff92b43ed12933cbaf3436ec78cab6e1863f09eea9db15e16756975e31a1f9bccebd8d13a6af84d6931ec5f5ed9bf7c71b85c03d72a73ef7ab33dcd548ef
SHA512 (HardenedBSD-10-STABLE-v46.21-amd64-uefi-memstick.img) = 77224a1e23d460ec48e5df1c51c6876840817c79590818440e16a92eabb64119e87063763236a75f4a48781165af7e628ca403551fde03f070c16b674ce62db8
SHA512 (HardenedBSD-10-STABLE-v46.21-amd64-uefi-mini-memstick.img) = 52d2d2c46ab0797d87a3903deef608d5918a31ff2e1f9ff5c2e470cc9ea34c1388a3bcb942acb2a40b701789be511b38e6a709e187a1bb303a824c8c339b69bd


CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlhIXH0ACgkQgZsRom/9
GI0ACg/+KhecsVMDb/vDD6ttn7NZJmQXia2nsoi0aw0FbqEeksK2cAlbKTr13yBU
OCyFg8zbDM/y1WEcS0Rs2StvqhRWoOU0G8L1H5sWFbQCxdYUZ1ndsbTZaaTSBlky
SQnzAdChWXVQsFXFAjEFA6i8xaHTvHIwxt0Fhw4oEO1FsaBDIY73Db8E3u4C9Cnz
tJuMyZKff6HffhHeBbzNT6eBM84J0r1yodIj7w1/Ep1PJLpEMNrn9IK55AIfxf+X
q7gSV8TKAMt3w0nnthJHN25vHQa7KcgbJYbiqoFVc54Hrm0sBZROwc17nx1+qClh
Qp+MbgK4flWMviL686OAnh7H5lwLLTX9tsMpqb4qC0C0YlvbxaNsenkv5z7cU2vi
E8vPLyiTs+k7Bes1jPpcZmVTE2v8Biu+H7HtPxWbY46GeqGZQ6VWjhIyDrbYCO3n
koDqlcfT7TDkIIqIAVJnidh9MXc5xZdFc9hZI0og507Wog0/ruCigHEjBNAmm6N9
wB04WjM1PrAh7JSGUXpmaDuUliu+m8MF4Jzk0cbk9N8gU4lqMgm3IOb6QR9oHi4i
CK098e1P6rHpdOG1wDsxy0YCDSbS7dOx26onE+2PXbaKx6t72M6sXr4ASZjQ+/e4
StlOllTbOP1KDtr8gZxctTXyjzPcMaEkHEeilzJrvysGAJ1o/H0=
=SVW7
-----END PGP SIGNATURE-----

HardenedBSD-10-STABLE-v46.20 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

WARNING: this is a security update!

Highlights:

• FreeBSD-SA-16:38.bhyve - integer overflow in bhyve - 02a6052b3f42f24b9015e26ef196c33cdaf56719
• FreeBSD-SA-16:37.libc - buffer overflow in libc - 6eec5c0ac4990b2cf298afce48e0ea2529fa645c
• FreeBSD-SA-16:36.telnetd - insufficient error checking in telnetd - d50c6c5b00e248bc0ebd39164e5b7d56af49d701
• ACPICA update to fix issues with recent Skylake CPU based systems
• SVN update to 1.9.5
• bhyve: stability and performance improvement for dbgport

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-10-STABLE-v46.20-amd64-bootonly.iso) = bc9012bd9af9b9a9e1458a5b73f509250a82b90fa0d54126b3ea13630b0f6dea8a42457c049d396b073c52a5199d477ffe892e64bf3fd129c310392cfd440197
SHA512 (HardenedBSD-10-STABLE-v46.20-amd64-disc1.iso) = bf585c79fd8cc0bf481e84a369eb76fb30b1bf1dd5c328d43b51e8b88f2033485b94b2be8025758774b95e5fbf67fe620a62ba62fec93d70ed156b41721fc99e
SHA512 (HardenedBSD-10-STABLE-v46.20-amd64-memstick.img) = 298f39484d6403403a9213c399d309706ad4c3eaa7181136180af019bea66ff2862d52d9e15c095de58207eccea1791a6fafe13e3e7e4677070fc0cb8c6399c8
SHA512 (HardenedBSD-10-STABLE-v46.20-amd64-mini-memstick.img) = 1725c96a19c9cdb9429c951d1b21eca5c1804a9c5d8cbbdd376eb783759b046f8105e2d94d5091b4d00725584d89dade2df2e6128803ee55b98e24af99f93a58
SHA512 (HardenedBSD-10-STABLE-v46.20-amd64-uefi-bootonly.iso) = 1a55a48c7ea229c7b994262619db606b40424682a480978d6a95cb1ef29bfef2c8589b89ff27af31a1d4f63a63c4cc96b63dd084b8dcb6fe61cb461677243aa5
SHA512 (HardenedBSD-10-STABLE-v46.20-amd64-uefi-disc1.iso) = 00ea40e7afe74072feeb9cddd990eb482aed3259e20a754c0f38ddb1e7d7c63da9886be4740662d48f69334fe0b4dc3fac5195a62f9ca4e4b08c3ee81f6df834
SHA512 (HardenedBSD-10-STABLE-v46.20-amd64-uefi-memstick.img) = 46ccc6a8e8684d34867c811efbc3f87c4225fdc5b789235952630052b100a508b2012a6c3b30b703952835bc772d9b99a2687283c9330a6cb8f543eba31ba59b
SHA512 (HardenedBSD-10-STABLE-v46.20-amd64-uefi-mini-memstick.img) = 00815ec0284ccdfc56a5c877555306b444af525a64b78af7a72e1c5efb2ace936345ccba787df4737628cd728aa449e4d0a802e9040811a82a576eed08d13de1


CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlhHJzEACgkQgZsRom/9
GI1VbxAAveup7QZKBQSZn3fWgUcdW5C91iqD78UqdGuO07fh8GU7akbh69emf1h7
OLgXSgjxw2PGi2Lt+PxlhMgxTs9KHe20/dX14nOGQnJbRZphH2ZhsyIo1a2Ir94V
qx1d1ha1xSqYMm3xMaj27/Q6aks23lEF5DL+qwNJ6dnpgaU4/K297K+vt5ixtD6H
bxSy3kqSTg2MSx0EiITguoR0c40zocKiqs6QnqIPddgGo5nIeFgktviDH2StthjA
SkqqB7O/Hi8M1ePDOJlFWGuWjZXoc+s+6Y/JdV6FnJv905clrjiVG6wPoV7naPGJ
PVZBjjdjn9i/roF327C3kFagGc7tDLb18xHFJWr6jiOvg5vRNsAoepjwIPSRcUh9
iJPptUgcqBPrpvaBZyZaQsfh5sor7BCYmt7nfS3FU5aaGqTrKawtwqMeF3ID3Q5k
Q+aOxUz/cXQnLSURXG8RyrIfk0I1a4aQoE47lPnlWZ3HHBBYV7/h1sE8sTkuP6pO
OjpadzPF5M4+LMA5qzGKCC+Oo7sISJ55HQjdQa1x3WV1ok7Ph/BfMcj6/v08OTh+
Fauingu+ZoZbj/rQcPN6t/dS4n2JEeeD/KX2JWII4ogP2znIIrZmprOhrKAtG8OF
AHZxVq5/AjXgaBrLPBe5BhDEEA2jKn0e3ifLh+iI8Mfs+5uT8vY=
=7uYD
-----END PGP SIGNATURE-----

We sync with FreeBSD's GitHub repos every six hours via an automated process. Our automated sync process sends us an email with the status of the sync: if it succeeded or if it failed. If the process fails, it tells us why. Having this automated sync process allows us to follow FreeBSD closely and manage the occasional merge conflict with ease.

Late in the evening on Thursday, 01 December 2016, we noticed that the sync failed for the ports tree with hundreds of merge conflicts. Even files HardenedBSD hasn't changed were in conflict with upstream FreeBSD. Around the same time, other people outside of both FreeBSD and HardenedBSD noticed something was wrong. It turns out that FreeBSD's script to convert from subversion to git had issues. FreeBSD has given a brief post-mortem on what happened. The problem affects any project downstream of FreeBSD that uses FreeBSD's ports mirror on GitHub.

On Friday, 02 December 2016, we started looking into the issue. On Saturday, 03 December 2016, we stopped the automated sync process for our ports tree. We made the decision that because the FreeBSD's ports tree's history had been rewritten, causing commit hashes to be different and merge conflicts with hundreds of files we never changed, we would recreate our ports tree from scratch. We have imported the core of our changes to the ports tree as a single atomic commit. As such, we will lose the history behind all the changes we made to the ports tree. If you followed or watched our ports tree through GitHub's interface, you'll need to follow or watch it again. We're running an experimental package build right now to make sure our ports tree is still sane.

As part of FreeBSD's post-mortem, they noted that the same thing can and likely will happen with the source (src) tree. We are investigating what we can do on our end to mitigate any short- and long-term issues stemming from FreeBSD's subversion to git conversion process for both the ports and src trees. Obviously, losing the commit history for the src tree is much more serious. We are working hard to prevent that from happening.

HardenedBSD-10-STABLE-v46.19 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Warning: this is a security update!

Highlights:

• Advanced ifunc resolver in rtld (ebcf883abaa4a5407d9321c90e77b62d5400239e)
• Updated ntpd to 4.2.8p2 (ae8e146bd5a44ecee88074684cfb450384368980) [FreeBSD-SA-Candidate]
• Possible UFS related kernel panic fix (f1841547a520610c8f48c2c0b473b55dc84e1714)

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-10-STABLE-v46.19-amd64-bootonly.iso) = 98bfe0c145d04e8476a6af8639c8a1324c96572d4fc3739708e45e2bbab210a79c0bb766171034bba946b53db32782edf5f81d78a7f1d71603d6270117590027
SHA512 (HardenedBSD-10-STABLE-v46.19-amd64-disc1.iso) = 6c1672403a04dc819b45be7846332767266c1e565db14fb5d82e26792ccec4024f0348c71242464e18c3b4011fd235dfdc686ba8e342f2edea9d1b097167ba97
SHA512 (HardenedBSD-10-STABLE-v46.19-amd64-memstick.img) = 7297be987017198e761f85f43677677826b8828fce6bc8b7c233f6ec40abf84f5d23fdfe63c0c2be42d7017a8c8417286b793fdd865df68dbe769f31433a354c
SHA512 (HardenedBSD-10-STABLE-v46.19-amd64-mini-memstick.img) = ee63073bef4d3e4e8f2b86c8649b403eafaf7341432966fa97c76ad01544bff5e4819be84befa51ce7dd3f3c8da9c8192b6a7883cf3113f2306ddba7e4182811
SHA512 (HardenedBSD-10-STABLE-v46.19-amd64-uefi-bootonly.iso) = e776686a78c765125bb3cd2adb7cefbec1e529ba4ceca31a19809ccb7d1ca9c6076fe8f404f1eed7a7d616abd1219ea7d22356f8eb30432074ca414e5d5f05d9
SHA512 (HardenedBSD-10-STABLE-v46.19-amd64-uefi-disc1.iso) = 5cba03d06f4c7d67cac958843c9a7026dfdf4b498ad658c1bf112a9dca04b45fa16d89c1be0c8fd316ac2b37a05e58498b9459cde81144a2942497edccf43852
SHA512 (HardenedBSD-10-STABLE-v46.19-amd64-uefi-memstick.img) = 117e6ebee28e9660dc5461f5b5dd7ef940ac09539dd2e2f7f8da11f821c7f4db3a9f3fa356a655ca7fff192dad4d6e39137e26cb79f6737ff31afd6106cf65f1
SHA512 (HardenedBSD-10-STABLE-v46.19-amd64-uefi-mini-memstick.img) = 258221b9771875eb49e7ac997d1d3924023976fae5f9247659d474eba69acca5cae29bc2b2ef6894494760d322287976b79e09746e718869f2cfb74ec174b3ce


CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlg2IwMACgkQgZsRom/9
GI3yoA/+NIY/HrcYpsGI23u0F4OnWV9AHRIEsaRdkq6vFAfXlaX0Idlh710ZQEgw
TbTCEGWFTGNBnr004JmPp9DNvUfSdjgK3I1LGV9TZvEqzv5kybY6cmZLYjzyw7nx
sreCTKlviJePbRViAjWPbPNH8a9G8nQModDeD+AoOzYx1j/S16uilsMETQDTV+lL
ROW3C+ia2XyK/wTW3AVoC1AjoeRvDV73bOP8Qfs8RLqyqmAZu2ii15BRNkMMuACz
XwxSQ6Dg22f8U9vTSinnr9RmPfT9LyFChwiE7CokKqJG5ROL/esbWaRBSch9UmQS
nulrrbBAy2LhoUzSlG/100SsWBsn8B3ZMhpBpJgINGhU5gBLCSW4PWLvE5yo38eE
6qKWpjOq3YXUvON0wvO4sjTw/QOoIhMB2sTp8H35tv/sDBZpd0sSr4yMTCKWD9MK
Vm8WlxH8fXlDkCPG7ugdqYL45A8zkiaXYO6jHuGiNlvYznaxytY1O6zjXSB5c5FA
IJ/t1br0q3f844mELDHuMkQOg3UqWi+Vr/x0oni9bKCdcp89U4xaDCyB6Jb3jo/X
6bYnXG1FTuzijxE9nfs/kFw1tZhoSJmB6t87gkiIgvFR/u7U4m5PfhoV59sOkrj8
OSZ3kzInbxEqNfglcWfi9UVaJJwQOkkDWfE5Z4GBHFOX3yrOSqo=
=5c4N
-----END PGP SIGNATURE-----

HardenedBSD-10-STABLE-v46.18 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Highlights:

• HBSD MFC: elimiante infoleak from uipc_mqueue (r308642) 986b9324751267 [FreeBSD-SA-Candidate]
• MSDOSFS updates
• Hyper-V updates
• HBSD: increase UCODE_SIZE_MAX from 32kB to 128kB (4MB) in sys/dev/cpuctl/cpuctl.c to fix microcode update on Intel 6th gen CPUs

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-10-STABLE-v46.18-amd64-bootonly.iso) = 9b6dbd1e941c180dfcf16f55b7efa878971139bd1f9a3c02bd37299d817711eec8adec078c90d078620b636435d9f654c42e2496bade02c7bb15f8efc4123ace
SHA512 (HardenedBSD-10-STABLE-v46.18-amd64-disc1.iso) = 0973251862ccc7b2908f37926e713a6f377347f7a4140384af2a2986cafa2cefec563e17a5b8677f23755e1292c28f9fe6c9d325123fac631762fe8ed5f2a2e1
SHA512 (HardenedBSD-10-STABLE-v46.18-amd64-memstick.img) = 0f14f0583ef847daa6372c53f4490e7b4607fcbfda6c58b27b9124592ef8980875e5d7d4209c4be93606de16bbcc4c0d0a0111834775b1da6d4b13574c11b448
SHA512 (HardenedBSD-10-STABLE-v46.18-amd64-mini-memstick.img) = 0ab823880253fb0b494b4f757bf8b66fa88d498259e213a95d7b2b305c0d01385a3af552e44944831a4077d807e8ecb61a8ffa13601269938df323a37c0b2760
SHA512 (HardenedBSD-10-STABLE-v46.18-amd64-uefi-bootonly.iso) = c7b513cde20c51fb84daac30e46e508498ea978e7b5f57911c2a894a037e5aa14d8a703da4a3b37e0ef146383e0ba177e65a13abcb86b002ee94f4265d99a0b4
SHA512 (HardenedBSD-10-STABLE-v46.18-amd64-uefi-disc1.iso) = 5fa03972fafa63fe5c65b4a661225e28df33c13b862c9c6a27da2c16cf71642d82c7c1d43e5e4c3dc1ddfa3f423d80ce3162629bab859ff5eb5d410bf6bfe306
SHA512 (HardenedBSD-10-STABLE-v46.18-amd64-uefi-memstick.img) = 3bb0b7b84598a818038361323216aab23b0651daed94129a287f7f1576680fb28e95af51ad1f34cf10b894013c206cd3897fcec6d60e981e13da669b8fd792b1
SHA512 (HardenedBSD-10-STABLE-v46.18-amd64-uefi-mini-memstick.img) = 1a7f6669d6518fbfe01a7edf728bfea7d050c365ef2969d63d54b8d33e41f9644932548e8e2b3095f8999ca07165b00d0953196dc731b8e5cfbbb392e6641947


CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIcBAABCAAGBQJYK4FoAAoJEIGbEaJv/RiNNb0P/jRzFmwHVyGP8zHp3Q37EQR3
tgC99+AbeDsuDIgTER7zt8KeszEiMnQiSyg8+8Lb07WcHlzLjmzHyWWym97FkjVt
wTQWiO0RzeXJnP3FH7zsEyFiuphxv8F218YfUlI5aJ8kBrHschWizFq2HC+FonU5
GDLkB8t/yKZDQG9zz/Cf+lTQIfs3+KMezu0V4pcDAuuvs0WQpk7xyrDn4fYbX73P
PP5jW7T+ZrOF5gJlOyuBn9RddPk/qbyyJfTAmwv/Ru3CgoPVY2b4EGW1nIAWWs8O
SL/r3NbW3nNH7Umume0eJrSPWZbgTDm69zQGKddE9F82hsiyziwpcPYL7ZmWyY8i
tiidi1kM8WrqF1cvUTNZyfJDA1nFUuV6dSrjDl2/gBjiIN5FUc0P7W2uNGlgPEJW
T5A8r8U1BliTT8PfBDYw6VIzM8k3zm+Hj3LVq8gGbZRmqZsCClNS8ClJomJQbn8/
zjzq8zrC6/XLw4sspPMAsvEOYkXhaVzEXXGAFXMaBqm7kmNP8hcBEE3b9OR6EXze
VvoapFGPD4lnBPpntsJeiB172A+zZkVNeEmBv9klu6a+JyocSvNUcb1DLmILyj4W
R2B63k+okPoUdujXwBEJ7X4DzZwfgXZZeyBz70snNvUOSqjhMY63nLXBYXu/biPX
JXErKmjmmWW4LYFNaZFc
=lMRM
-----END PGP SIGNATURE-----