HBSD: Bump __HardenedBSD_version to 1500001

Following adding support for prohibiting new USB connections.

Signed-off-by:	Shawn Webb <shawn.webb@hardenedbsd.org>
issue:		#88
MFC-to:		NEVER

UPDATING-HardenedBSD

@@ -1,3 +1,20 @@
+[20240124] Provide mechanism to disable new USB connections
+__HardenedBSD_version = 1500001
+
+	HBSD: Provide support for prohibiting new USB device connections
+
+	This commit introduces the hardening.pax.prohibit_new_usb sysctl
+	tunable node. This node can be set to one of three values:
+
+	0: Disabled
+	1: Enabled
+	2: Enabled without possibility to disable
+
+	When set to 2, a reboot is required to end the prohibition on new USB
+	connections.
+
+	This is based on a patch by Loic F <loic.f@hardenedbsd.org>.
+
 [20230826] Catch up with FreeBSD version bump to 15
 __HardenedBSD_version = 1500000
 

sys/sys/pax.h

@@ -1,7 +1,7 @@
 /*-
  * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
  * Copyright (c) 2013-2017, by Oliver Pinter <oliver.pinter@hardenedbsd.org>
- * Copyright (c) 2014-2023 by Shawn Webb <shawn.webb@hardenedbsd.org>
+ * Copyright (c) 2014-2024 by Shawn Webb <shawn.webb@hardenedbsd.org>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -32,7 +32,7 @@
 #ifndef	_SYS_PAX_H
 #define	_SYS_PAX_H
 
-#define	__HardenedBSD_version	1500000UL
+#define	__HardenedBSD_version	1500001UL
 
 #if defined(_KERNEL) || defined(_WANT_PRISON)
 typedef	uint32_t	pax_state_t;