Releases: HardenedBSD/hardenedBSD-stable
HardenedBSD-11-STABLE-v1100056.2
Highlights:
- HBSD MFC r333405: Remove PG_U from the rest of the kernel pmap ptes. (6840ef5)
- crypto/libressl: Security update to 2.6.5 (ace3164)
- MFC r336761 & r336781: Allow a EVFILT_TIMER kevent to be updated. (a1143bb)
- MFC r337384: Address concerns about CPU usage while doing TCP reassembly. (db2e2ee) [FreeBSD-SA-18:08.tcp CVE-2018-6922]
- MFC r336919, r336924: efirt: Add tunable to allow disabling EFI Runtime Services
- Libarchive update (3ff0943) [CVE-2017-14503]
- HBSD MFC r313168: Fix VIMAGE-related bugs in TFO. (7a58c5a)
- HBSD MFC r333885: ctf dwarf: don't report "no dwarf entry" as if it were an error (c4bda35)
- MFC r336763: Add workarounds for several Ryzen erratas, on amd64. (b261576)
- MFC: r336357 Modify the reasons for not issuing a delegation in the NFSv4.1 server. (88b6d0a)
- MFC r336683: Extend ranges of the critical sections to ensure that context switch code never sees FPU pcb flags not consistent with the hardware state. (e0245ae)
- MFC r336188: Improve bhyve exit(3) error code. (ff4bc3f)
- HBSD: Really bring hbsd-update current (630cab9)
- mlx5 updates
- ofed updates
- arm64 updates
- msun updates
Changelog
Bernard Spil (1):
crypto/libressl: Security update to 2.6.5
Oliver Pinter (6):
HBSD MFC r333885: ctf dwarf: don't report "no dwarf entry" as if it were an error
HBSD MFC r330000: Fix harmless locking bug in tfp_fastopen_check_cookie().
HBSD MFC r313168: Fix VIMAGE-related bugs in TFO.
Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
HBSD: resolve merge conflict in sys/amd64/amd64/pmap.c after 29d795aae8d763aa6c7d9825fcf50085b9e13c9b
HBSD MFC r333405: Remove PG_U from the rest of the kernel pmap ptes.
Oliver Pinter + (26):
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Shawn Webb (3):
HBSD: Really bring hbsd-update current
Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
HBSD: Resolve merge conflict
araujo (1):
MFC r336188:
asomers (4):
MFC r332631:
MFC r335899:
MFC r336205:
MFC r336319:
avg (4):
MFC r334479: call AcpiLeaveSleepStatePrep after re-enabling interrupts
MFC r334786: x86: reorganize code that deals with unexpected NMI-s
MFC r335934: remove unneeded inclusion of sys/interrupt.h from several files
MFC r336641: fix incorrect operator in the AUDITPIPE_SET_QLIMIT bounds check
dab (2):
MFC r336457:
MFC r336761 & r336781:
delphij (2):
MFC r336156:
MFC r336236: Detect and handle invalid number of FATs.
dexuan (1):
MFC: 336426
dim (1):
MFC r327400 (by eadler):
eadler (2):
MFC r335629:
MFC r335631:
emaste (2):
MFC r336664: lld: fix addends with partial linking
MFC r335459: acpidump.8: include NFIT in the man page list of tables
gjb (4):
Following r336726, explicitly invoke the 'obj' target when setting BOOTFILES. On stable/11, without this change, the .OBJDIR expands to /usr/src/stand instead /usr/obj/<foo>.
As part of r336741, BOOTFILES needs special handling when cross building on stable/11, where the path should be:
MFC r336721, r336750 [1]:
Document SA-18:08.
hselasky (52):
MFC r335669: Improve the userspace USB string reading function in LibUSB. Some USB devices does not allow a partial descriptor readout.
MFC r335700: Improve the kernel's USB descriptor reading function. Some USB devices does not allow a partial descriptor readout.
MFC r336632: Update modify counter when setting a mixer control.
MFC r335094 and r335123: Revert r335094 and properly fix OFED build after r335053.
MFC r336363: Process address resolve requests at least one time per second in ibcore.
MFC r336364: Only update source address when resolving is successful in ibcore.
MFC r336365: Add lock to multicast handlers in ibcore.
MFC r336366: If the MGID/MLID pair is not on the list return an error in ibcore.
MFC r336367: Add native FreeBSD support for multicast in ibcore.
MFC r336368: Fix for RDMA loopback over VLAN in ibcore.
MFC r336369: For multicast functions in ibcore, verify that LIDs are multicast LIDs.
MFC r336370: Set RoCEv2 MGID according to spec in ibcore.
MFC r336371: Set default GID type as RoCE when resolving RoCE route in ibcore.
MFC r336372: Add support for prio-tagged traffic for RDMA in ibcore.
MFC r336373: Ensure that CM_ID exists prior to access it in ibcore.
MFC r336374: Avoid that ib_drain_qp() triggers an out-of-bounds stack access in ibcore.
MFC r336375: Fix access to non-initialized CM_ID object in ibcore.
MFC r336376: Fix NULL pointer dereference during device removal in ibcore.
MFC r336377: Fix kernel panic while using XRC_TGT QP type in ibcore.
MFC r336379: Check for a cm_id->device in all user calls that need it in ibcore.
MFC r336380: Check AF family prior resolving address and introduce safer rdma_addr_size() variants in ibcore.
MFC r336381: Fix kernel crash during fail to initialize device in ibcore.
MFC r336382: Depend on IPv6 stack to resolve link local address for RoCEv2 in ibcore.
MFC r336383: Check port number supplied by user verbs cmds in ibcore.
MFC r336384: Fix for loopback detection in address resolve logic in ibcore.
MFC r336385: Set IPv4 TOS and IPv6 traffic class field for RoCEv2 traffic in ibcore.
MFC r336386: Honor port_num while resolving GID for IB link layer in ibcore.
MFC r336387: Honor return status of ib_init_ah_from_mcmember() in ibcore.
MFC r336388: Add support for RoCEv2 multicast in ibcore.
MFC r336389: Add support for IPv6 multicast in ibcore.
MFC r336391: Use __FBSDID() for RCS tags in ibcore.
MFC r336964: Only NULL check the VNET pointer when VIMAGE is enabled in ibcore. Else a NULL VNET pointer should be ignored. This fixes address resolving when VIMAGE is disabled.
MFC r336392: Implement support for Differentiated Service Code Point, DSCP, in mlx5en(4).
MFC r336393: Use static device naming instead of dynamic one in mlx5ib.
MFC r336394: Don't pass unsupported events to ibcore from mlx5ib.
MFC r336395: Update version information for the mlx5ib module.
MFC r336396: Remove redundant newline character in mlx5core.
MFC r336397: Refactor access to CR-space into using VSC APIs in mlx5core.
MFC r336398: Make sure the state variable is set atomically instead of using a mutex in mlx5core.
MFC r336399: Remove redundant call to mlx5_vsc_find_cap() in mlx5core.
MFC r336401: Correctly write atomic variable in mlx5en(4).
MFC r336402: Do not hint about 'trust both' mode when the mlx5en(4) hardware does not support it.
MFC r336403: Add context numbers for HW elements in mlx5en(4).
MFC r336404: Enable both receive and transmit pauseframes by default in mlx5en(4).
MFC r336407: Handle jumbo frames without requiring big clusters in mlx5en(4).
MFC r336410: Add module parameter to limit number of MSIX EQ vectors in mlx5en(4).
MFC r336411: Use a mbuf header instead of a mbuf cluster for debugging interrupts in mlx5en(4).
MFC r336450: Do not inline transmit headers and use HW VLAN tagging if supported by mlx5en(4).
MFC r336451: Update version information for the mlx5 and mlx5en(4) modules.
MFC r...
HardenedBSD-11-STABLE-v1100056.1
Highlights:
- MFC r336273: pf: Fix panic on vnet jail shutdown with synproxy (0873e9e)
- MFC r336275: pf: Fix synproxy (b21dc77)
- HBSD: Bring usr.sbin/hbsd-update current (7131aff)
- MFC r335939, r336088: Add setproctitle_fast(3) for frequent callers. (b016197)
- MFC r336195: unbreak dhclient(8) option 26 processing (6cf691c)
- MFC r336060: Allow the use of slashes in process names of RFC 3164 formatted messages (1443b72)
- MFC r334296: Fix "Bad tailq" panic when auditing auditon(A_SETCLASS, ...) (2629e78)
- MFC: r333508 Add support for the TestStateID operation to the NFSv4.1 server. (63f6f19)
- MFC r335921: Allow jail names (not just IDs) to be specified for: cpuset(1), ipfw(8), sockstat(1), ugidfw(8) (fbeac7f)
- MFC r335595-r335596 r335595: Modernize usage of "restrict" keyword in ntp.conf (026ad5c)
- llvm/clang/lldb update to 6.0.1 (b11d8bd)
- libnv updates
- msun updates
- fsck_msdosfs updates
Changelog
Oliver Pinter + (38):
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Shawn Webb (1):
HBSD: Bring usr.sbin/hbsd-update current
ae (3):
MFC r335759: Remove extra "ipfw" from example.
MFC r335795,335796: Make debug output produced by `setkey -x` command a more human readable.
MFC r336219: Use correct size when we are allocating array for skipto index.
araujo (5):
MFC r334307, r335103-r335104
MFC r335025:
MFC r335030:
MFC r335027, r335050
MFC r335026:
asomers (6):
MFC r334296:
MFC r334390:
MFC r334394:
MFC r334403:
MFC r334547:
MFC r335287, r335290
brooks (1):
MFC r336238:
cy (1):
MFC r336151:
dab (1):
MFC r335765, r335776, r336186:
davidcs (1):
MFC r333004 Fix Issue with adding MultiCast Addresses. When multicast addresses are added/deleted, the delete the multicast addresses previously programmed in HW and reprogram the new set of multicast addresses.
delphij (6):
MFC r335469: Don't leak tmpstr.
MFC r335559:
MFC r335655:
MFC r335696,r335697:
MFC r318355,318366: add -T (timestamp) option for reproducible builds
MFC r335189:
dim (4):
MFC r335799:
MFC r332965 (by emaste):
MFC r333401 (by emaste):
MFC r336227:
dteske (1):
MFC SVN r335750: Fix typo in top-level Makefile
ed (3):
MFC r335861:
MFC r335862:
MFC r336060:
emaste (1):
MFC r306098 (br): Use kqueue(2) instead of select(2).
eugen (1):
MFC r336195: unbreak dhclient(8) option 26 processing
ian (6):
MFC r335486:
MFC r335489:
MFC r335575, r335786-r335787
MFC r335595-r335596
MFC r333255, r333260
MFC r335283:
jah (1):
MFC r328489, r329232, r331836
jamie (1):
MFC r335921:
kevans (5):
MFC r335479, r335509
MFC r335652-r335654
MFC r335757:
MFC r304908-r304909
MFC r304910, r304912, r304915, r304952, r325019, r328164, r331094, r332664, r335341-r335345, r335347, r335379-r335380, r335382
kib (9):
MFC r335975: Order the portion of the AMD-specific MSRs names definitions numerically.
MFC r335976: Add a name for the MSR controlling standard extended features report on AMD.
MFC r335980: Silence warnings about unused variables when RACCT is defined but RCTL is not.
MFC r336029: Style.
MFC r335935: Add a way for the process to request cleanup of the kernel cache of the process arguments.
MFC r335937: top: do not fall to the thread name if kernel cache of the process args is empty.
MFC r336030: Save a call to pmap_remove() if entry cannot have any pages mapped.
MFC r335969,r335996,r335999,r336008,r336010: Improvements to x86 pmap_extract_and_hold().
MFC r335939, r336088: Add setproctitle_fast(3) for frequent callers.
kp (5):
MFC r335816:
pflog/pfsync: Fix module build with VIMAGE=yes
MFC r335886:
MFC r336275:
MFC r336273:
markj (10):
MFC r335580: Re-count available PV entries after reclaiming a PV chunk.
MFC r335660: Add missing MLINK.
MFC r336089: Fix whitespace issues in bessel function routines.
MFC r336199: Remove a duplicate check.
MFC r336090: Reduce diff between msun/src/e_pow.c and msun/src/e_powf.c.
MFC r336257, r336258, r336263: Use the MSR name.
MFC r336226: Pass the right sizes to malloc() and realloc().
MFC r336225: Add PCI IDs for AMD X370 AHCI and XHCI.
MFC r335784, r335971: Invalidate the mapping before updating its physical address.
MFC r336417: Add a FALLTHROUGH comment to kvprintf().
mav (1):
MFC r335874: Cut currdev dev and path fields for ZFS on the last colon.
peterj (1):
Retrospectively document SVN branch points for stable-11 and its releases.
pfg (2):
MFC r336115; libiconv: correct undefined behavior.
MFC r336113: gzip: fix for undefined behavior.
rmacklem (4):
MFC: r333508 Add support for the TestStateID operation to the NFSv4.1 server.
MFC: r333579 The NFSv4.1 server should return NFSERR_BACKCHANBUSY instead of NFS_OK.
MFC: r333645 End grace for the NFSv4 server if all mounts do ReclaimComplete.
MFC: r333766 Add a missing nfsrv_freesession() call for an unlikely failure case.
Installer images: http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/ISO-IMAGES/HardenedBSD-11-STABLE-v1100056.1/
CHECKSUM.SHA512:
SHA512 (HardenedBSD-11-STABLE-v1100056.1-amd64-bootonly.iso) = 7c7350a80f50ba19d7e1c64557ac0cb22c90f22a3124dd27a789c4c293d9ae5d3f895d8ab885ae6ca7236fb3d63236df9d6aa8c96cc3cf9475db070c8e5d71ed
SHA512 (HardenedBSD-11-STABLE-v1100056.1-amd64-disc1.iso) = 21ad6239b58e1e61217a81785f66180e1559a1e17cf239f3a2097e70a7b8e5e713bd47a0cb6ba9a00609874bb35806d4b4214cf73c01281e44f46c647caab4b2
SHA512 (HardenedBSD-11-STABLE-v1100056.1-amd64-memstick.img) = 07ef9e0229a81bf97fdd871cf45b3bda787a4a6e0ed60740d404e4915c1fa4b99108a27e299bed27c861830c64a48eafc145528ad9c2047aec857264572a68c9
SHA512 (HardenedBSD-11-STABLE-v1100056.1-amd64-mini-memstick.img) = ae6ea867c87c2dde581139a652ec648b2f0ba7b87337183c42d556d4a6383f41f4ef3bcaa7dfd7d9841d7bd78dfe50bfe5885dbe4dbc075b1d4af47d12246c7f
CHECKSUM.SHA512.asc:
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAltT6hAACgkQgZsRom/9
GI3m1Q/+IMCKPwNLKLn8oT+xfacVg1fz9IqivnWhIKn0HLTq+xfbBFV6VQgtl7YH
pACIlTVUz7+cXoBlvgscDu7NrPdeseyKCSSBiD1t7Anu1Ro4jMNVGiS16MfpDr9w
W35RQ3hUM3BCUwPQ3dxvzBOU0c9hin6AqUrPWKnFdNbR2y60td7WnwYkxCdLuqYC
1jreV0H65gkXTSJnIxlLJ+Yzv4bJ/g9z4O...
HardenedBSD-11-STABLE-v1100056
Warning: this is an important update! We changed back to OpenSSL from LibreSSL. Fore more information, please consult hardenedbsd.org[1] site!
Highlights:
- MFC r335558: Add support for selectively enabling LLVM targets (62b732f)
- HBSD: Switch back to OpenSSL as the default crypto lib (1087d59)
- MFC r335569: pf: Support "return" statements in passing rules when they fail. (9e4899f)
- MFC r335641: Fix a stack overflow in mount_smbfs when hostname is too long. (0b39c76) [FreeBSD-SA-Candidate]
- MFC r333059 (by tychon): Expand the checks for UCR3 == PMAP_NO_CR3 to enable processes to be excluded from PTI. (bad2d0f)
- loader updates
- bhyve updates
- libpcap updates
Changelog
Oliver Pinter + (20):
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Shawn Webb (5):
HBSD: Switch back to OpenSSL as the default crypto lib
HBSD: Regen src.conf.5 after OpenSSL switch
HBSD: Bump __HardenedBSD_version after OpenSSL switch
Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
HBSD: Resolve merge conflict
araujo (1):
MFC r333622, r334019, r334084
avg (11):
MFC r333997: uchcom: report detected product based on USB product ID
MFC r333998: uchcom: add DPRINTF-s to aid debugging of the driver
MFC r333999: uchcom: add a hardware configuration tweak seen in Linux code
MFC r334000: uchcom: reject parity and double stop bits as unsupported
MFC r334001: uchcom: remove UCHCOM_REG_BREAK2 alias of UCHCOM_REG_LCR1
MFC r334002: uchcom: extend hardware support to version 0x30
MFC r333638: calibrate lapic timer in native_lapic_setup
MFC r333994: stop and restart kernel event timers in the suspend / resume cycle
MFC r334204,r334338: re-synchronize TSC-s on SMP systems after resume
MFC r333268: for bus suspend, detach and shutdown iterate children in reverse order
MFC r334340: add support for console resuming, implement it for uart, use on x86
bdrewery (2):
MFC r321427,r321445:
MFC r330090:
brooks (1):
MFC r335641:
cperciva (1):
MFC r335553: Make CLOCK_PROCESS_CPUTIME_ID more accurate by including the current timeslice, matching the behaviour of CLOCK_VIRTUAL and CLOCK_PROF.
cy (1):
MFC r335355:
dim (1):
MFC r335558:
dteske (1):
MFC r335607: check-password.4th(8): Fix manual [in]accuracy
eadler (2):
MFC r334208:
MFC r302776, r302799:
ed (1):
MFC r335565:
gjb (7):
Document an issue with emulators/virtualbox-ose reported in Bugzilla 228535.
Add a few missing drivers to the 11-STABLE hardware page.
Document that a few device drivers were omitted from the 11.2 hardware page.
Add an errata note that the URL in UPDATING for source-based upgrades is incorrect.
MFC r325107, r335665: r325107 (eadler, partial): Update the updating URL in UPDATING.
Add an entry about an incorrectly-listed driver name in the 11.2 announcement.
Add an errata entry regarding Bugzilla 228536.
hselasky (2):
MFC r334277, r334376, r334378 and r334418:
MFC r335461: Permit the kernel environment to set an array of numeric values for a single sysctl(9) node.
kevans (13):
MFC r333122: seq(1): Provide some long options
MFC r333156: uniq(1): Add some long options
MFC r333157: cmp(1): Provide some long options
MFC r330086, r333155: seq(1) improvements
MFC r333192: fcntl(2): Vaguely document that ENOTTY is possible + examples
MFC r333221: rsu(4) does not require legal.realtek.license_ack=1
MFC r335404: sort(1): Fix -m when only implicit stdin is used for input
MFC r335458: Add debug.verbose_sysinit tunable for VERBOSE_SYSINIT
MFC r332395 (ian): Use explicit_bzero() when cleaning values out of the kenv
MFC r335467: Don't remove loader.conf(5) when built WITHOUT_FORTH
MFC r334878: libsa(3): Correct statement about FS Write-support, name change
MFC r334882, r334884-r334885: loader(8) boot flag <-> environment fixes
MFC r335642, r335651: config(8) envvar support
kib (10):
MFC r333059 (by tychon): Expand the checks for UCR3 == PMAP_NO_CR3 to enable processes to be excluded from PTI.
MFC r335258: Remove unused file.
MFC r334928: libc qsort(3): stop aliasing.
MFC r335604: bhyve/vmrun.sh: make -L functional.
MFC r333087 (by cem): amd64/mp_machdep.c: Fix GCC build after r333059.
MFC r335503: Update proc->p_ptevents annotation to reflect the actual locking.
MFC r335504: fork: avoid endless wait with PTRACE_FORK and RFSTOPPED.
MFC r335505: linux_clone_thread: mark new thread as TDB_BORN.
MFC r335253: Rework ofed build.
MFC r335635: Do not leave stray qword on top of stack for interrupts and exceptions without error code. Doing so it mis-aligned the stack.
kp (1):
MFC r335569:
markj (1):
MFC r334881: Add DW_LANG_* definitions from DWARF 4 and 5.
np (1):
cxgbe(4): Determine early in the ioctl whether it is allowed to sleep or not, instead of always starting a non-sleepable operation and re-adjusting later. This ensures that an operation that is allowed to sleep (ifconfig up/down) never fails with EBUSY on the initial attempt to start a synchronized operation.
robak (1):
MFC r327317:
slavash (1):
MFC r335282: Fix false positive on failure
Installer images: http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/ISO-IMAGES/HardenedBSD-11-STABLE-v1100056/
CHECKSUM.SHA512:
SHA512 (HardenedBSD-11-STABLE-v1100056-amd64-bootonly.iso) = 1df1060cea47345ddaa4be6a93de16f5443a5e4b299e58aa89aaa5c9af16251d80cdd76f4b7a083686b78e3cafbf361c69b844fb6b75ca7919f969cbffe769ad
SHA512 (HardenedBSD-11-STABLE-v1100056-amd64-disc1.iso) = 78281285ea05b4adeb1933c50e780054419edd6aabccd350df6304a06b9fca02ea39863a2a1edaa9d615ff8c2cf78e63e2fc0f254adab4da8f3f7ed618ee52c2
SHA512 (HardenedBSD-11-STABLE-v1100056-amd64-memstick.img) = 0000bcab6e06421c7fdf0054cd13ecc339f8dc894082fe3a6f0d7b5039b7313fa14f14ee1db1d84ad5b7ad6679c1bd53438d52ebb819a67786d8e29c09d956e1
SHA512 (HardenedBSD-11-STABLE-v1100056-amd64-mini-memstick.img) = 08066dc2de7e19a7535188fe30d79bf7bd78c6fc877001a75d562b5e1ace2fb31a7e429cf6022d13e15e4d0a4cefa6b9ba8787725ad545e8aa32020193503338
CHECKSUM.SHA512.asc:
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAls8Mr0ACgkQgZsRom/9
GI0WzxAA0uatTUXE+5ukll9Ehvnkd077UoS0hUhVoYw/OuPt/zm4RQH3q/ADWlaM
Fbm2yPPU/JHBISg6cE9HSDCu//dMe+9MS8Jx1GuoTihRBwQ3/9skIYeUeNIiOixf
55y13PHBHlLoXKnEuGJEbBUAFr4a5cltl3Uqbtla2ltFXsBE0tEAuZw/f4DbsvIB
TekXruGiuOzypLT/B2SMVTA0a9JwQ8S3A7avvUU+jpuvJcibb7ZMEvMmzpnuuBdd
QGsvanXRXMrB7o17PQSjGwtShpPuFER3ZKQ06FwT5h4mvk+oN8TkmEZrZfzNngD4
qLhuXf+4xe+VJyDBV+daHumwrvnFph50MB+jqkTHUmXOOZQmDXIyW6GIx7MjW8en
jfPzrD21W/LGr5ntKAggETOPN/h3sUl5Ukd3ZZhwNrouaT8Locl4wF4UXVtKFjgK
Z73ty+S1q9xIJm53tfH0qQSdf9ZmcTJZPy4yv28btjnznkF52UbAL4poP1OTH64p
xIjR7erdN2y7KxIcU/8zaYpBIHNYlFppSX6CGK6gvLK1XiUky03lnquX26oM+9Jv
bsWswNJRUsZ4hQtYqXT0LihGh7M+niY9xxbDlaXjZ+L/ie40RF4SdPhcnp56WBc8
eChcSRM0dzNYQYWOkUUqX41hL5IiLySurD+GgTBIOB16kIGabfQ=
=HMQk
-----END PGP SIGNATURE-----
shortlog-HardenedBSD-11-STABLE-v1100056.txt
CHECKSUM.SHA512.txt
CHECKSUM.SHA512.asc.txt
[1] https://hardenedbsd.org/article/shawn-webb/2018-04-30/hardenedbsd-switching-back-openssl
HardenedBSD-11-STABLE-v1100055.5
Highlights:
- MFC r333321,r333707: x86 cpususpend_handler: call wbinvd after setting suspend state bits (84c8399)
- Set stable/11 from -PRERELEASE back to -STABLE. (745cc87)
- MFC r335171: Handle the race between fork/vm_object_split() and faults. (0556a47)
- MFC r332994 (by tychon): Handle potential alignment adjustment of the exception frame by hardware. (6c5aa90)
- MFC r334876: pf: Fix deadlock with route-to (a0ce578)
- MFC r335131 Remove printf() in #NM handler. (2df766d) [CVE-2018-3665]
- LinuxKPI updates
- sysrc updates
- nvme updates
Changelog
Oliver Pinter + (17):
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
ae (1):
MFC r335133: In m_megapullup() use m_getjcl() to allocate 9k or 16k mbuf when requested.
avg (10):
MFC r333209: hpet: use macros instead of magic values for the timer mode
MFC r332816: call racct_proc_ucred_changed() under the proc lock
MFC r333212: amdsbwd: add suspend and resume methods
MFC r333243: opensolaris system_taskq does not need to run at maximum priority
MFC r333269: amdsbwd: fix reboot status reporting
MFC r334785: expand descriptions of x86 panic_on_nmi and kdb_on_nmi sysctls
MFC r333630: Fix 'zpool create -t <tempname>'
MFC r332918, r333222: go deeper for ACPI suspend bounce test
MFC r333321,r333707: x86 cpususpend_handler: call wbinvd after setting suspend state bits
MFC r333667: followup to r332730/r332752: set kdb_why to "trap" for fatal traps
bdrewery (3):
MFC r330702:
MFC r334791,r334811:
MFC r325560:
cy (1):
MFC r333895, r334022
dim (7):
MFC r334946:
MFC r334948:
MFC r334945:
MFC r334947:
MFC r335034:
MFC r335296:
MFC r335297:
dteske (8):
MFC r335277:
dpv(3): MFC r330943, r335264
MFC r330878-r330879, r330939, r330948: Man-page updates
MFC r334303: sysrc(8): Test variable names for invalid characters
MFC r330886: Install files added in SVN's r295373, r295457, r295542
MFC r335280-r335281, r335302: sysrc.subr updates
MFC r335308: bsdconfig: Fix a bug when editing users
MFC r335306: bsdconfig: Make examples optional
eadler (1):
MFC r334472:
ed (1):
MFC r335314:
emaste (5):
MFC r334363: elfdump: chase ABI tag note name change from r232832
MFC r335221: Add deprecation notice in asf.8
MFC r335214: Correct kern.pre.mk comment: objcopy copies objects.
MFC r335209: elf.5: add readelf cross-reference
MFC r335213: ldd: reference readelf instead of objdump in warning message
gjb (6):
Document EN-18:07, SA-18:07.
Add xml:id attributes for future diff reduction.
Update version entities in release.ent.
Synchronize the stable/11 errata page with releng/11.2 in preparation for creating the 11.2-RELEASE errata.html page.
Prune SAs and ENs from 11.1-RELEASE in preparation for creating the 11.2-RELEASE errata page.
Set stable/11 from -PRERELEASE back to -STABLE.
hselasky (27):
MFC r334993: Implement the ip_eth_mc_map() function in the LinuxKPI.
MFC r334481: Add more GFP macro definitions in the LinuxKPI.
MFC r334482: Improve high resolution timer support in the LinuxKPI.
MFC r334483: Implement radix_tree_iter_delete() in the LinuxKPI.
MFC r334484: Implement the __sg_alloc_table_from_pages() function based on the existing sg_alloc_table_from_pages() function in the LinuxKPI.
MFC r334658: Implement timer_setup() and from_timer() function macros in the LinuxKPI.
MFC r334659: Implement mul_u32_u32() function in the LinuxKPI.
MFC r334660: Add "access" function pointer to the "vm_operations_struct" structure in the LinuxKPI. While at it document when to use the "virtual_address" or the "address" field in the "vm_fault" structure.
MFC r334661: Implement the task_pid_vnr() function macro in the LinuxKPI.
MFC r334663: Implement the INIT_DELAYED_WORK_ONSTACK() function macro in the LinuxKPI.
MFC r334664: Declare and set the global "system_highpri_wq" workqueue structure pointer in the LinuxKPI.
MFC r334710: Implement the rdmsrl_safe() function macro in the LinuxKPI.
MFC r334711: Implement the ktime_compare() and ktime_after() functions in the LinuxKPI.
MFC r334712 and r334718: Implement the atomic_dec_if_positive() function in the LinuxKPI.
MFC r334713: Implement the init_wait_entry() function macro in the LinuxKPI.
MFC r334714: Rename two structure field members while keeping backwards compatibility in the LinuxKPI. Add a comment saying in which Linux version this change was made.
MFC r334715: Implement the might_sleep_if() function macro in the LinuxKPI.
MFC r334717: Implement the __add_wait_queue_entry_tail() function in the LinuxKPI.
MFC r334720: Make some list functions RCU safe in the LinuxKPI. While at it rename hlist_add_after() into hlist_add_behind().
MFC r334774: Implement the dev_pm_set_driver_flags() function macro in the LinuxKPI.
MFC r334777: Wrap timespec64 into timespec in the LinuxKPI.
MFC r334778: Define ARCH_KMALLOC_MINALIGN in the LinuxKPI.
MFC r334953: Implement the user_access_begin(), user_access_end(), usafe_get_user() and unsafe_put_user() function macros in the LinuxKPI.
MFC r334958: Implement the kstrtobool() and kstrtobool_from_user() functions in the LinuxKPI.
MFC r334662: Define the __kernel_size_t type in the LinuxKPI.
MFC r334775: Move the EXPORT_SYMBOL_XXX() function macros into own header file.
Bump the __FreeBSD_version after recent LinuxKPI updates to force recompilation of external kernel modules.
kib (5):
MFC r335089: Enable eager FPU context switch on i386. CVE: CVE-2018-3665
MFC r332994 (by tychon): Handle potential alignment adjustment of the exception frame by hardware.
MFC r335135: linuxolator/amd64: Don't mangle %r10 on return from syscall for EJUSTRETURN.
MFC r335171: Handle the race between fork/vm_object_split() and faults.
MFC r335199: linprocfs: add TracerPid to /proc/pid/status.
kp (1):
MFC r334876:
markj (1):
MFC r334506: Avoid completing I/O when dumping core after a panic.
mav (12):
MFC r311350 (by rpokala): Fix whitespace in handling of XPT_PATH_INQ in adw(4).
MFC r311351 (by rpokala): In the same vein as r311350, fix whitespace in handling of XPT_PATH_INQ in several more drivers.
MFC r313954 (by imp): Remove obsolete comment after prior rev.
MFC r328089 (by imp): Move setting of CAM_SIM_QUEUED to before we actually submit it to the hardware. Setting it after is racy, and we can lose the race on a heavily loaded system.
MFC r330953 (by imp): Don't make the namespace devices eternal.
MFC r330954, r330955 (by imp): When tearing down a queue pair, also delete the queue entries.
MFC r331046 (by imp): Try polling the qpairs on timeout.
MFC r332897 (by imp), r333123: Migrate to make_dev_s interface to populate /dev/nvmeX entries
MFC r333127: Fix use-after-free in nvme_qpair_destroy().
MFC r333130: Improve nvme(4) attach/detach sequences.
MFC r333180: Fix LOR between controller and queue locks.
MFC r325794, r325838 (by imp): Provide link speed data in XPT_GET_TRAN_SETTINGS. Provide full version information for that and XPT_PATH_INQ. Provide macros to encode/decode major/minor versions. Read the link speed and lane count to compute the base_transfer_speed for XPT_PATH_INQ.
Installer images: http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/ISO-IMAGES/HardenedBSD-11-STABLE-v1100055.5/
CHECKSUM.SHA512:
SHA512 (HardenedBSD-11-STABLE-v1100055.5-amd64-bootonly.iso) = a4c4d44d2e6f8c9c17682035a0889b3185f8655cc37c23cdbe9b3fc74660585cd528c87ff71abf45d1f622b4eeceeeb99b5b8bbb95a72dd56062d21edf0ecebc
SHA512 (HardenedBSD-11-STABLE-v1100055.5-amd64-disc1.iso) = e802080c1931d009cffe11e5ed7a162a7ad1dc1e8f644d7fe395b8a90d95f18d157b7d3cc5e5e0a0d3a54460202974233bce4c1d93376330822a81b5446b212e
SHA512 (HardenedBSD-11-STABLE-v1100055.5-amd64-memstick.img) = b87544414fc178df8dff82a110fda18dfe810be0d0c395ffd19b669c0210a7c6f952d0da2b843c915dc43d6fb3e8859c79d658fd1b12ad45c288d87f4064a202
SHA512 (HardenedBSD-11-STABLE-v1100055.5-amd64-mini-memstick.img) = 772dc30b5c8156012f0309fc092b6557a27eca3ff1356f...
HardenedBSD-11-STABLE-v1100055.4
Highlights:
- MFC r335072: Enable eager FPU context switch by default on amd64. (dee6710) [FreeBSD-SA-Candidate CVE-2018-3665)
- MFC r334038: Enable IBRS when entering an interrupt handler from usermode. (2de20d5) [FreeBSD-SA-Candidate]
- MFC r334004: Add Intel Spec Store Bypass Disable control. (425d579) [FreeBSD-SA-Candidate CVE-2018-3639]
- MFC syslog from master (6670524)
- MFC r334091: md5: perform compare case-insenstive (bc94720)
- MFC: r333580 Fix a slow leak of session structures in the NFSv4.1 server. (4a4ab2a)
- MFC r333783: MFV r333779: xz 5.2.4. (e303059)
- MFC r334068 (phil): Import libxo-0.9.0 (3549c1a)
- MFC Lock primitive updates (8b9af5c)
- MFC r334050, r334051: Flush caches before initiating a microcode update on Intel CPUs. (cb1c065)
- MFC r333892: Fix PCID+PTI pmap operations on Xen/HVM. (a933e7a)
- MFC r333228 Implement support for ifuncs in the kernel linker on x86. (0166dfd)
- MFC r333404, r333405: Remove PG_U from the recursive pte for kernel pmap' PML4 page and from the rest of the kernel pmap ptes. (e274327)
- MFC r332504: Set PG_G global mapping bit on the trampoline ptes. (8bba637)
- MFC r332450: Optimize context switch for PTI on PCID pmap. (3d88b71)
- pf updates
- nat64 updates
- linuxkpi updates
- sctp updates
- nfs updates
- dwatch updates
Changelog
Oliver Pinter + (60):
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
ae (9):
MFC r333244: Immediately propagate EACCES error code to application from tcp_output.
MFC r333458: Fix the printing of rule comments.
MFC r333497: Apply the change from r272770 to if_ipsec(4) interface.
MFC r333986: Remove check for matching the rulenum, ruleid and rule pointer from dyn_lookup_ipv[46]_state_locked(). These checks are remnants of not ready to be committed code, and they are there by accident. Due to the race these checks can lead to creating of duplicate states when concurrent threads in the same time will try to add state for two packets of the same flow, but in reverse directions and matched by different parent rules.
MFC r333400: Add IFCAP_LINKSTATE support to if_loop(4).
MFC r333403: Bring in some last changes in NAT64 implementation:
MFC r334324: Remove empty encap_init() function.
MFC r334707: Use m_copyback() function to write delayed checksum when it isn't located in the first mbuf of the chain.
MFC r334875: Explicitly change the link state when we assingn an address.
brooks (1):
MFC r334176:
cy (1):
MFC r333392-r333393, r333427
davidcs (1):
MFC r333003 Upgraded FW Related Files to version 5.4.67
delphij (3):
MFC r332905:
MFC r333098:
MFC r333783: MFV r333779: xz 5.2.4.
dim (5):
MFC r333715:
MFC r334432:
MFC r334445:
Fix build of si with base gcc on i386
MFC r334886:
dteske (3):
MFC SVN r329188,329334,329353,329914,329995-329996: DTrace Enhancements
MFC SVN r334261-334262,334359: dwatch(1) touch-ups
MFC r334594: dwatch(1): Update manual to reference actual release
eadler (3):
MFC r332399:
indent(1) in stable/11 is known to be incomplete or incorrect in some ways. Since the code is not planned for MFC, just remove the failing tests.
MFC r334091:
ed (1):
MFC r309925, r309931, r309933, r310035, r310278, r310310, r310311, r310323, r310349, r310350, r310351, r310352, r310383, r310384, r310385, r310386, r310393, r310453, r310456, r310494, r310504, r310528, r310890, r310893, r310974, r311918, r312921, r313357, r314563, r314585, r314642, r315322, r315618, r315620, r315622, r315643, r316951, r316973, r326338, r326339, r326573, r331270, r332099, r332110, r332111, r332118, r332165, r332510 and r332511.
emaste (2):
MFC r332446: switch i386 memstick installer images to MBR
MFC r332966: Add deprecation notice for lmc(4)
gjb (39):
Rename stable/11 from PRERELEASE to BETA1 as part of the 11.2-RELEASE cycle.
Create a sun7i-a20-bananapi.dtb hard link to bananapi.dtb to fix a boot failure on the Banana Pi SoC.
MFC r333473: Add a special GCE_LICENSE variable to Makefile.gce, which when set, will include license metadata in the resultant GCE image.
Document r331465, BSD-licensed diff(1) imported from OpenBSD.
Document r328495, dtc(1) update from upstream.
Document r328139, du(1) '--si' option.
Document r324124, getconf(1) '-a' flag addition.
Document r322525, rgrep(1) hard link addition.
Document r322555, various bsdgrep(1) pattern matching fixes.
Bump copyright year.
Document r327837, lint(1) is no longer built and installed by default.
Document r322509, top(1) enhancement to filter on multiple user n...
HardenedBSD-11-STABLE-v1100055.3
Warning: this is a security update!
Highlights:
- MFC r333368: Prepare DB# handler for deferred trigger of watchpoints. (5801fdd) [CVE-2018-8897, FreeBSD-SA-18:06.debugreg]
- Turn off IBRS on suspend. (dbda57b)
- MFC r333247: Import tzdata 2018e (2beb6fb)
- MFC r333234: zfs_ioctl: avoid out-of-bound read (e7e4020) [FreeBSD-SA-Candidate]
- MFC r332559: mountd: fix a crash when getgrouplist reports too many groups (e6e3f0e) [FreeBSD-SA-Candidate]
- Carefully update stack guard bytes inside __guard_setup(). (1086bca)
- Correct undesirable interaction between caching of %cr4 in bhyve and invltlb_glob(). (1135b57)
- Handle Apollo Lake errata APL31. (6fd5da7)
- Add PROC_PDEATHSIG_SET to procctl interface. (a31a7b8)
- Fix use of pointer after being set NULL. In NFS. (4223ca8)
- Add hybrid ISO/memstick image support (47b4595)
- bnxt updates
- clang updates
- e1000 updates
- hyperv updates
- iflib updates
- ixl updates
- makefs updates
- mlx5 updates
- zfs updates
Changelog
Oliver Pinter + (38):
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
ae (3):
MFC r332812: Add dead_bpf_if structure, that should be used as fake bpf_if during ifnet detach.
MFC r332886: icmp6_reflect() sends ICMPv6 message with new IPv6 header. So, it is considered as originated by our host packet. And thus rcvif should be NULL, since it is used by ipfw(4) to determine that packet was originated from this host. Some of icmp6_reflect() consumers reuse mbuf and m_pkthdr without resetting rcvif pointer. To avoid this always reset m_pkthdr.rcvif pointer to NULL in icmp6_reflect(). Also remove such line and comment describing this from icmp6_error(), since it does not longer matters.
MFC r333016: Merge r1.22-1.23 from NetBSD: Don't assume M_PKTHDR is set only on the first mbuf of the chain. The check is replaced by (m1 != m), which is equivalent to the previous code: we want to modify m->m_pkthdr.len only when 'm' was not passed in m_adj().
avg (4):
MFC r332426: allow ZFS pool to have temporary name for duration of current import
MFC r332559: mountd: fix a crash when getgrouplist reports too many groups
MFC r332730: don't check for kdb reentry in trap_fatal(), it's impossible
MFC r332752: set kdb_why to "trap" when calling kdb_trap from trap_fatal
benno (15):
MFC r331949, r332437, r332438
Actually MFC r331949, r332437, r332438
MFC r332436, r332440
MFC r332082
MFC r332083:
MFC r332084
MFC r332085
MFC r314117
MFC r315304
MFC r316572
MFC r307927
MFC r316579
MFC r331463 (partial), r331467, r331468, r331843
MFC r332345, r332346, r332661, r333005
MFC r333007
brooks (1):
MFC r332997:
cperciva (1):
MFC r332663: Move panic-related settings from sysctl.conf to loader.conf so that they apply if an EC2 instance panics while booting.
delphij (1):
MFC r332877: Correct size for allocation and bzero of fdsr.
dexuan (1):
MFC: 332385
dim (2):
MFC r332414:
MFC r332833:
emaste (8):
MFC r332673: Remove mention of tools/recoverdisk, now in sbin
MFC r332649: lld: add a __FreeBSD_version-style identifier to version
pwd_mkdb: add legacy support deprecation notice
MFC r332090: stand: pass --no-rosegment for i386 bits when linking with lld
MFC r332902: pwd_mkdb: default to network (big) endian hash order
MFC r332849: lldb: propagate error to user if memory read fails
MFC r333234: zfs_ioctl: avoid out-of-bound read
MFC r333368: Prepare DB# handler for deferred trigger of watchpoints.
erj (3):
MFC r319797, r320972:
MFC r326571: ifconfig(8): Display extended compliance code string for SFP transceivers
MFC r333149: ixl(4): Update to 1.9.9-k
gjb (4):
MFC r332674: Increase the msdosfs partition size on arm SoC images where the current size may not be sufficiently large for development and/or testing.
MFC r333262, r333264:
Document EN-18:05, EN-18:06, SA-18:06.
Belatedly bump copyright year.
hselasky (4):
MFC r332869: Remove the "load drivers" logic from libibverbs.
MFC r333015: Add network device event for priority code point, PCP, changes.
MFC r333100: Improve fix in r304629 by allowing configuration of the behaviour through a SYSCTL instead of a compile time define.
MFC r333108: Define USEC_PER_MSEC and USEC_PER_SEC in the LinuxKPI.
ian (4):
Fix wl(4) after r332288, using the same fix applied in r332331. This driver no longer exists in head, so this is a direct commit to 11-stable.
MFC r331868, r332046, r332194-r332196, r332198, r332219, r332231, r332233, r332240, r332258-r332259, r332261, r332292
MFC r332518, r332527
MFC r308767 by br:
jhb (4):
MFC 332657: Properly do a deep copy of the ioctls capability array for fget_cap().
MFC 332733: Workaround fixed I/O port resources encoded as I/O port ranges in _CRS.
MFC 332735: Fix two off-by-one errors when allocating MSI and MSI-X interrupts.
MFC 332975: Document the TRAP_CAP code for SIGTRAP.
jilles (1):
MFC r333092: sh: Don't have [ match any [[:class:]]
jtl (8):
MFC r307083: Currently, when tcp_input() receives a packet on a session that matches a TCPCB, it checks (so->so_options & SO_ACCEPTCONN) to determine whether or not the socket is a listening socket. However, this causes the code to access a different cacheline. If we first check if the socket is in the LISTEN state, we can avoid accessing so->so_options when processing packets received for ESTABLISHED sessions.
MFC r313447: Ensure the idle thread's loop services interrupts in a timely way when using the ACPI C1/mwait sleep method.
MFC r314116: Fix a panic during boot caused by inadequate locking of some vt(4) driver data structures.
MFC r314286: Do some minimal work to better conform to the 802.3ad (LACP) standard. In particular, don't set the synchronized bit for the peer unless it truly appears to be synchronized to us. Also, don't set our own synchronized bit unless we have actually seen a remote system.
MFC r319214: Enforce the limit on ICMP messages before doing work to formulate the response.
MFC r319215: Fix two places in the ICMP6 code where we could dereference a NULL pointer in the icmp6_input() function.
MFC r319216: Fix an unnecessary/incorrect check in the PKTOPT_EXTHDRCPY macro.
MFC r331745 (by np): Fix RSS build (broken in r331309).
...
HardenedBSD-11-STABLE-v1100055.2
Highlights:
- Update stable/11 from 11.1-STABLE to 11.2-PRERELEASE (94c28bf)
- MFC r332452: Update vt(4) "Terminus BSD Console" font to v4.46 (9c72936)
- Fix double asking of GELI password during boot (328e5ff)
- Fix efibootmgr on 11-STABLE (d8ec2e2)
- HBSD MFC r330110: Add kernel retpoline option for amd64 (610cfa8)
- MFC efibootmgr: r326725-r326728, ... (b166cff)
- MFC r332045: Fix kernel memory disclosure in tcp_ctloutput (81f1d66) [FreeBSD-SA-Candidate]
- MFC r332042: Fix kernel memory disclosure in linux_ioctl_socket (66d2c2b) [FreeBSD-SA-Candidate]
- MFC r332034: linux_ioctl_hdio: fix kernel memory disclosure (fd3044f) [FreeBSD-SA-Candidate]
- MFC r330356 (eadler): sys/linux: Fix a few potential infoleaks in Linux IPC (5ec3811) [FreeBSD-SA-Candidate]
- EFIRT fixes (c0df00c)
- MFC r330354 (eadler): sys/fuse: fix off by one error (9272ccc) [FreeBSD-SA-Candidate]
- automount updates
- bhyve updates
- ipfw updates
- loader updates
- pf updates
- sctp updates
- vt updates
- zfs updates
Changelog
Oliver Pinter (11):
HBSD MFC r328972: add retpoline compiler and linker feature flags
HBSD MFC r330110: Add kernel retpoline option for amd64
Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
HBSD: load.conf follow up after loader MFCs
HBSD: resolve merge conflicts in stand/{fdt,ficl}/Makefile
HBSD: resolve merge conflict in share/mk/src.opts.mk
HBSD: resolve merge conflict in share/man/man5/src.conf.5
HBSD: prepare for upstream recursive setfacl support
HBSD MFC r332396: setfacl: add recursive functionality
HBSD MFC r332405: setfacl: minor man page edit to appease igor(1)
HBSD: update OP-HBSD kernel config
Oliver Pinter + (45):
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Shawn Webb (3):
Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
HBSD: Resolve merge conflict
HBSD: Re-introduce SIGINFO support in setfacl(1)
ae (11):
MFC r331668: Rework ipfw rules parsing and printing code.
MFC r328988,r328989: Rework ipfw dynamic states implementation to be lockless on fast path.
MFC r332448: Remove printing of "not" keyword from print_ip() function.
MFC r332449: Remove printing of "not" keyword from print_ip6() function.
MFC r332451: Fix indenting in ipv6.c file, use tabs instead of mixing tabs and spaces.
MFC r316825: Use address of specific union member instead of whole union address to fix PVS-Studio warnings.
MFC r332456: Migrate NAT64 to FIB KPI.
MFC r332457: Use cfg->nomatch_verdict as return value from NAT64LSN handler when given mbuf is considered as not matched.
MFC r332459: Fix integer types mismatch for flags field in nat64stl_cfg structure.
MFC r332475: Add check that mbuf had not multicast layer2 address. Such packets should be handled by ip6_mforward().
MFC r332467: To avoid possible deadlock do not acquire JQUEUE_LOCK before callout_drain.
asomers (9):
MFC r329606:
MFC r329754:
MFC r329845, r329872
MFC r329874:
MFC r330514:
MFC r330515:
MFC r330627:
MFC r330696, r330709, r330742, r331358
MFC r330710, r330718-r330720
avg (9):
MFC r330295: ZFS: fix adding vdevs to very large pools
MFC r330977: g_access: deal with races created by geoms that drop the topology lock
MFC r331761: align i386 cpu_reset() with amd64 version
MFC r331616: vfs_donmount: in certain cases try r/o mount if r/w mount fails
MFC r331666: ZFS vn_rele_async: catch up with the use of refcount(9) for the vnode use count
MFC r331874: x86 cpu_reset_proxy: no need to stop_cpus() the original processor
MFC r331875: x86 cpu_reset: if failed to switch to BSP proceed to cpu_reset_real
MFC r331878: unify amd64 and i386 cpu_reset() in x86/cpu_machdep.c
fix pc98 compilation issue in r332760
bapt (1):
MFC r331005-r331006
brooks (10):
MFC r331648:
MFC r331651-r331653
MFC r331654, r331869
MFC r331641, r331644, r332158
MFC r331797:
GC never enabled support for SIOCGADDRROM and SIOCGCHIPID.
MFC r332087:
MFC r332151:
Fix wl(4) after r332288.
MFC r332088:
cognet (1):
MFC r329388, r331441 and r331898, to bring the -CURRENT ck version. r329388: Define CK_MD_TSO for the relevant arches (i386, amd64 and sparc64). Defaulting to CK_MD_RMO has the unfortunate side effect of generating memory barriers that are useless on those arches, and the even more unfortunate side effect of generating lfence/sfence/mfence on i386, even if older CPUs don't support it. This should fix the panic reported when using IPFW on a Pentium 3. Note that mfence and sfence might still be used in a few case, but that shouldn't happen in FreeBSD right now, and should be fixed upstream first.
cy (1):
MFC r331936, r331942, r331943, r331945, r331947, r331948
davidcs (1):
MFC r331739 1. Add additional debug prints. 2. Break transmit when IFF_DRV_RUNNING is OFF. 3. set desc_count=0 for default case in switch in ql_rcv_isr()
delphij (1):
MFC r331180: Plug a possible memory leak.
emaste (25):
MFC r330354 (eadler): sys/fuse: fix off by one error
MFC r330356 (eadler): sys/linux: Fix a few potential infoleaks in Linux IPC
MFC r332034: linux_ioctl_hdio: fix kernel memory disclosure
MFC r332042: Fix kernel memory disclosure in linux_ioctl_socket
MFC r332045: Fix kernel memory disclosure in tcp_ctloutput
MFC r331757: Correct comment typo in Hyper-V
MFC r331442: Fixup return style(9) in amd64 linux*_sysvec.c
MFC r320243 (bdrewery): Fix spelling error.
MFC r328972: add retpoline compiler and linker feature flags
MFC r331935: vtfontcvt: allow .bdf characters less than full height
MFC ath(4) potential memory disclosure fixes
MFC r331082: ANSIfy sys/x...
HardenedBSD-11-STABLE-v1100055.1
Highlights:
- Implement mitigation for Spectre version 2 attacks on ARMv7.
- Limit glyph count in vtfont_load to avoid integer overflow. (5966c5f) [CVE-2018-6917 FreeBSD-SA-18:04.vt]
- Fix several leaks of kernel stack data through paddings. (6cbc066 5a4de6e) [FreeBSD-SA-Candidate]
- MFC r328331: Support configuring arbitrary limits(1) for any rc.conf daemon (0f80140)
- MFC r324673: mbuf(9): unbreak m_fragment() (db82dd0)
- LLVM 6.0 (6cd0d33) [SA-18:03.speculative_execution]
- Add an option called "random" that combined with "ether" can generate a random MAC address for an Ethernet interface. (8d44e96)
- HBSD MFC r330880: Don't overflow the kernel struct mdio in the MDIOCLIST ioctl. (880d7e9) [FreeBSD-SA-Candidate]
- MFC r315522: use INT3 instead of NOP for x86 binary padding (71918e8)
- MFC r324560: allow posix_fallocate in capability mode (232a059)
- MFC: r331627 Merge OpenSSL 1.0.2o. (54f770b) [CVE-2018-0739 FreeBSD-SA-Candidate]
- Reject CAMIOGET and CAMIOQUEUE ioctl's on pass(4) in 32-bit compat mode. (afaab4b)
- MFC r331333: Fix kernel memory disclosure in drm_infobufs (cb7bbdc) [FreeBSD-SA-Candidate]
- MFC r331339: Correct signedness bug in drm_modeset_ctl (54cecb6) [FreeBSD-SA-Candidate]
- MFC r325047: dma: fix use-after-free (f4c0052) [FreeBSD-SA-Candidate]
- MFC r330745: Make root mount timeout logic work for filesystems other than ufs
- Fix information leak in geli(8) integrity mode (c9ede81) [FreeBSD-SA-Candidate]
- MFC r330034 Fix a memory leak in syslogd
- MFC 328102: Save and restore guest debug registers. (5a911c6) [FreeBSD-SA-Candidate]
- EFI updates
- I2C updates
- LinuxKPI updates
- Raspberry PI updates
- ZFS updates
- indent updates
- less updates
- makefs updates
- mlx4 updates
- mlx5 updates
- pf updates
- syscons updates
Changelog
Oliver Pinter (10):
HBSD MFC r328011: Provide some mitigation against CVE-2017-5715 by clearing registers upon returning from the guest which aren't immediately clobbered by the host. This eradicates any remaining guest contents limiting their usefulness in an exploit gadget.
HBSD MFC r302595: Remove assumptions in MI code that the BSP is CPU 0.
HBSD MFC r329162: Provide further mitigation against CVE-2017-5715 by flushing the return stack buffer (RSB) upon returning from the guest.
HBSD MFC r331640: Fix several leaks of kernel stack data through paddings.
HBSD MFC r330821: Use the stack for temporary storage in OTIOCCONS.
HBSD MFC r330880: Don't overflow the kernel struct mdio in the MDIOCLIST ioctl.
HBSD MFC r331008: Restore the behavior of returning the total number of units by unconditionally incrementing i in the loop;
HBSD MFC r324393: reapply random(4): Add missing source descriptions
HBSD MFC r324394: reapply random(4): Gather entropy from Pure sources
Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
Oliver Pinter + (71):
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Shawn Webb (15):
Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
HBSD: Resolve merge conflict
Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
HBSD: Resolve merge conflict
Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
HBSD: Resolve merge conflict
Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
HBSD: Resolve merge conflict
Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
...
HardenedBSD-11-STABLE-v1100055
Warning: this is a security and feature update!
Highlights:
- HBSD MFC r330539: amd64 - Protect the kernel text, data, and BSS
- HBSD MFC r315914: Remove buggy adjustment of page tables in db_write_bytes().
- HBSD MFC r330538: amd64 - Nudge lld to break the kernel read-only and read-write sections into separate 2M pages.
- HBSD MFC r330511: amd64 - set NX bit on PML4E for recursive page table mappings
- HBSD MFC r329071: amd64 - align kernel map to 2MB
- MFC r330027: iconv uses strlen directly on user supplied memory (ad9743a 8e1404e)
- MFC r320367: Add "Terminus BSD Console" size 32 (0166c5a)
- MFC r330104: MFV r330102: ntp 4.2.8p11 (9c7570c) [FreeBSD-SA-18:02.ntp CVE-2018-7182, CVE-2018-7170, CVE-2018-7184, CVE-2018-7185, CVE-2018-7183]
- MFC r329561: Check packet length to do not make out of bounds access. [FreeBSD-SA-18:01.ipsec CVE-2018-6916]
- MFC r329254: Ensure memory consistency on COW. (Fixes stability issues on AMD Ryzen machines) (c3179a4)
- HBSD MFC r329281: x86 pmap: Make memory mapped via pmap_qenter() non-executable (abe421b)
- HBSD: enable PTI by default, when option PAX specified (c0bb295)
- MFC r328083,328096,328116,328119,328120,328128,328135,328153,328157,328166,328177,328199,328202,328205,328468,328470,328624,328625,328627,328628,329214,329297,329365: Meltdown mitigation by PTI, PCID optimization of PTI, and kernel use of IBRS for some mitigations of Spectre. (6dd025b) [FreeBSD-SA-Candidate CVE-2017-5715 CVE-2017-5754]
- MFC r327444, r327449, r327454: vt(4): add support for configurable console palette (416ac1f)
- HBSD: allow to set PaX features as jail parameters (45748d2)
- MFC r323683: MFV r323678: file 5.32 (2f9dccc)
- MFC r328032,r328060,r328243: service(8): Support services in jails (d3a9144)
- MFC (conceptually) r328107: Add /boot/overlays (FDT) (4bc066c)
- add smn(4) driver for AMD System Management Network (2314d2b)
- if_iwm driver backport from freebsd/current/master (adds support for Intel 8265 and lot of bugfixes) by eadler@
- linuxkpi fixes (allows to use latest drm-kmod-next on 11-STABLE) by hselasky@
- zfs updates
- loader backports from freebsd/current/master by kevans@
- opencrypto updates
- lock primitive optimizations
- bhyve vmrun.sh updates
- hbsd-update updates
- HardenedBSD in kernel cleanups and simplifications
- mkimg updates
- libarchive updates
- nvme subsystem backports
Changelog
Oliver Pinter (22):
Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
HBSD: resolve merge conflict in sys/boot/efi/libefi/Makefile
HBSD: do a proper warning when the tunable validation fails
HBSD: add SECURE type specifier to ASLR's compat sysctl to deny the write from 0 > securelevel
HBSD: add common framework to validate PaX {,simple} feature states
HBSD: start to use the newly introduced pax feature state helpers
HBSD: allow to set PaX features as jail parameters
HBSD: handle pax_init_prison errors
HBSD: properly fix error handling in kern_jail.c after pax_init_prison()
HBSD: bump __HardenedBSD_version to 1100055 after the jail params
HBSD: enable the AMD64 Page Tabe Isolation by default when option PAX is defined in kernel configuration
HBSD: enable PTI by default, when option PAX specified
HBSD MFC r329281: x86 pmap: Make memory mapped via pmap_qenter() non-executable
HBSD MFC r329282: pmap_qenter.9: Document API NX mapping
HBSD MFC r329330: pmap_qenter.9: Clarify that not all arch can map NX
HBSD MFC r330027: iconv uses strlen directly on user supplied memory
HBSD MFC r329071: amd64 - align kernel map to 2MB
HBSD MFC r330510: amd64 - garbage collect unneeded pmap_kmem_choose
HBSD MFC r330511: amd64 - set NX bit on PML4E for recursive page table mappings
HBSD MFC r330538: amd64 - Nudge lld to break the kernel read-only and read-write sections into separate 2M pages.
HBSD MFC r315914: Remove buggy adjustment of page tables in db_write_bytes().
HBSD MFC r330539: amd64 - Protect the kernel text, data, and BSS
Oliver Pinter + (126):
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'free...
HardenedBSD-11-STABLE-v1100054.3
Note: this was released on 2018-01-13.
Highlights:
- Make it possible to re-evaluate cpu_features. (a586b97)
- Fix a null-pointer dereference and a tautological check in cam_get_device (b55f0a5)
- Do not build lint(1) by default on stable-11, add WITH_LINT to enable building it. (5fb1dbc)
- Improve the performance of the hpet timer in bhyve guests by making the timer frequency a power of two. (d21bd84)
- fix memory disclosure in hpt* ioctls (8f534ab)
- ACPICA 20171214. (7e248a6)
- crypto/libressl: Update to 2.6.4 (0dfcdb6)
- Update tcpdump to 4.9.2 (ed596e7) [CVE-2017-lot-of-numbers-here]
- hbsd-update updates
- llvm/clang/lldb/libc++ 5.0.1
- GELI updates
- VM updates
- VFS updates
- lock primitive updates
Changelog
Bernard Spil (1):
crypto/libressl: Update to 2.6.4
Oliver Pinter (3):
HBSD: bump copyright year
erge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
HBSD: fix merge conflict in .gitignore file
Oliver Pinter + (59):
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Shawn Webb (9):
HBSD: Update the release artifact directory in hbsd-update-build
HBSD: Sort the list of programs hbsd-update uses
HBSD: Ensure a clean /usr/src
HBSD: Support revoking key material in hbsd-update
Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
HBSD: Resolve merge conflict
HBSD: Fix typo in hbsd-update
Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
HBSD: Resolve merge conflicts
ae (5):
MFC r326510: Fix format string warning with enabled DEBUGGING.
MFC r326847: Fix mbuf leak when TCPMD5_OUTPUT() method returns error.
MFC r326898: Fix possible memory leak.
MFC r326876: Follow the RFC6980 and silently ignore following IPv6 NDP messages that had the IPv6 fragmentation header: o Neighbor Solicitation o Neighbor Advertisement o Router Solicitation o Router Advertisement o Redirect
MFC r327140: Fix rule number truncation, use uint16_t type to specify rulenum. Also sort variable declartions by size.
alc (1):
MFC r326982 Document the semantics of atomic_thread_fence operations.
asomers (23):
MFC r325959:
MFC r326032:
MFC r326036:
MFC r326039:
MFC r326041:
MFC r304443, r326034, r326065
MFC r326040:
MFC r326100:
MFC r326101:
MFC r326289:
MFC r326290:
MFC r326401:
MFC r326455:
MFC r326624:
MFC r326640:
MFC r326646:
MFC r326698:
MFC r326799:
MFC r326834, r326853
MFC r309373 (by bdrewery)
MFC r313962, r313972-r313973, r315230
MFC r315292
MFC r327862
bapt (1):
MFC r326769:
bryanv (3):
MFC r326744:
MFC r326480:
MFC r326654:
bz (1):
MFC r327435:
cperciva (2):
Add vfs.nfs.suppress_32bits_warning sysctl which reduces the frequency of 'fileid > 32bits' warnings from at most once per minute to at most once per day.
MFC r326565: Make EC2 instances use Amazon's NTP service for time synchronization.
cy (5):
MFC r324248:
MFC r326558, r326566:
MFC r327336:
MFC r327540:
MFC 327737:
delphij (11):
MFC r326244:
MFC r325723:
MFC r326361: Remove unused include.
MFC r326391: Prevent OOB access on corrupted msdos directories.
MFC r326562: Use strlcpy().
MFC r326560: Create links for xzdiff.
MFC r326561: Use strlcpy().
MFC r326185: Set errno to EFTYPE instead of EINVAL to be more consistent with the rest of code.
MFC r326791: Close the correct file descriptor.
MFC r327236:
MFC r327235:
dim (9):
MFC r326669:
MFC r326670:
MFC r326748:
MFC r326776:
MFC r326880:
MFC r324536 (by emaste):
MFC r326496:
MFC r327167:
MFC r327164:
eadler (6):
MFC r327183:
MFC r302480:
MFC r327420:
MFC r327396:
MFC r327398:
MFC r327578:
ed (1):
MFC r326228 and r326229:
emaste (7):
MFC r326547: lld: make -v behave similarly to GNU ld.bfd
MFC r326597: vnic: apply hardware L3 checksum only for IPv4
MFC r326030: Install strings unconditionally
MFC r317409 by glebius:
MFC r326613: Update tcpdump to 4.9.2
MFC r327497, r327498: fix memory disclosure in hpt* ioctls
MFC r327489: elfcopy: copy raw (untranslated) contents to binary output
eugen (3):
MFC r326655,326668: correct error handling for graid SINGLE/CONCAT/RAID5 volumes.
MFC r326738: pw(8): correct expiration period handling and command line overrides to preconfigured values for -e, -p and -w flags.
MFC r326872: fix expiration arithmetic after r326738 and MFC.
fsu (3):
MFC r326282, r326317: Remap ENOATTR to ENODATA in the linuxulator. In the linux ENOADATA is frequently #defined as ENOATTR. The change is required for an x...