Skip to content

Releases: HardenedBSD/hardenedBSD-stable

HardenedBSD-10-STABLE-v1000050.1

02 Jan 14:57
Compare
Choose a tag to compare

Highlights:

  • HBSD MFC r321963: Rework and simplify the ksyms(4) implementation. (8dd00d8)
  • MFC r326872: fix expiration arithmetic in pw after r326738 and MFC. (1e062f6)
  • Fix error state handling in openssl (22fbcdc) [CVE-2017-3737 FreeBSD-SA-17:12.openssl]
  • MFC r326135: bfd: fix segfault in the ihex parser on malformed ihex file (c5f9120) [CVE-2014-8503]
  • MFC r326136: bfd: avoid crash on corrupt binaries (e10e409) [CVE-2014-8501 CVE-2014-8502]
  • Avoid out-of-bounds read in openssl (276fd80) [CVE-2017-3735 FreeBSD-SA-17:11.openssl]
  • MFC 325039: Rework pass through changes in r305485 to be safer. (00e656a)
  • Properly bzero kldstat structure to prevent kernel information leak. (904c1c3) [FreeBSD-SA-17:10.kldstat CVE-2017-1088]
  • MFH (r325010): don't bother verifying a password that we know is too long. (5ebf270) [CVE-2016-6210]
  • Separate POSIX sem/shmand mqueue objects in jails. (568bd26)
  • Zero whole struct ptrace_lwpinfo to not leak kernel stack data. (a19cbcf) [CVE-2017-1086]
  • Fix out-of-bounds read in libc/regex. (70a215a)
  • Add extended attributes support to fuse kernel module. (cca3840)
  • hbsd-update updates
  • clang updates
  • zfs updates
  • geom updates
  • nfs updates

Changelog

Oliver Pinter (4):
      HBSD MFC r321842: Let lockstat use ksyms(4)'s mmap interface.
      HBSD MFC r321843: Remove local variables missed in r321842.
      HBSD MFC r321963: Rework and simplify the ksyms(4) implementation.
      HBSD: bump year in copyright.h

Oliver Pinter + (78):
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master

Shawn Webb (5):
      HBSD: Update the release artifact directory in hbsd-update-build
      HBSD: Sort the list of programs hbsd-update uses
      HBSD: Ensure a clean /usr/src
      HBSD: Support revoking key material in hbsd-update
      HBSD: Fix typo in hbsd-update

ae (2):
      MFC r324947:   Add IPv6 support for O_TCPDATALEN opcode.
      MFC r326898:   Fix possible memory leak.

asomers (10):
      MFC r322546:
      MFC r322868:
      MFC r323193:
      MFC r323194:
      MFC r323275, r324112
      MFC r323813:
      MFC r324220:
      MFC r324221:
      MFC r324805:
      MFC r325363:

avg (15):
      MFC r324345: MFV r316877: 7571 non-present readonly numeric ZFS props do not have default valu
      MFC r324346: MFV r316931: 6268 zfs diff confused by moving a file to another directory
      MFC r324347: MFV r316933: 5142 libzfs support raidz root pool (loader project)
      MFC r324348: MFV r316934: 7340 receive manual origin should override automatic origin
      MFC r324689: iscsi: do not hold the global lock while tearing down a session
      MFC r324694: never retry oustanding requests when terminating iscsi session
      MFC r324957: iscsi_shutdown_post: do nothing if panic-ing
      MFC r324757: remove spa_sync_on assert from spa_async_thread_vd
      MFC r325227,r325272: geom_slice: do not destroy softc until providers are gone
      MFC r325606: MFV r325605: 8713 Buffer overflow in dsl_dataset_name()
      MFC r325228: vdev_geom_close: close errored consumer even if vdev_reopening is set
      MFC r325035: MFV r325013,r325034: 640 number_to_scaled_string is duplicated in several commands
      MFC r325610: MFV r325609: 7531 Assign correct flags to prefetched buffers
      MFC r326067: make illumos uiocopy use vn_io_fault_uiomove
      MFC r326070: zfs_write: fix problem with writes appearing to succeed when over quota

bapt (6):
      MFC r32571...
Read more

HardenedBSD-11-STABLE-v1100054.2

14 Dec 21:27
bd40211
Compare
Choose a tag to compare

Highlights:

Changelog

Oliver Pinter + (22):
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master

Shawn Webb (2):
      HBSD: Disable lint(1) by default
      HBSD: Regen src.conf.5

ae (2):
      MFC r326086:   Add ipfw_add_protected_rule() function that creates rule with 65535   number in the reserved set 31. Use this function to create default rule.
      MFC r326422:   Do better cleaning in key_destroy() for VIMAGE case.

asomers (5):
      MFC r325812:
      MFC r325817, r325827
      MFC r325857:
      MFC r325946:
      MFC r325947:

avg (3):
      MFC r326067: make illumos uiocopy use vn_io_fault_uiomove
      MFC r326070: zfs_write: fix problem with writes appearing to succeed when over quota
      MFC r326150: zdb: use a heap allocation instead of a huge array on stack

bapt (5):
      MFC r325851:
      MFC r326518, r326522
      MFC r326526:
      MFC r326527:
      MFC r326633:

cy (1):
      MFC r326343:

delphij (1):
      MFC r326052: Support SIGINFO.

dim (1):
      MFC r312450 (by emaste):

ed (1):
      MFC r326420:

emaste (6):
      MFC r326082: freebsd-update: do not duplicate patchlist entries
      MFC r326136: bfd: avoid crash on corrupt binaries
      MFC r326135: bfd: fix segfault in the ihex parser on malformed ihex file
      MFC r324703: loader.mk: clean md.o even if MD_IMAGE_SIZE not defined
      MFC r326074: filter all passwords (not only changed) from periodic passwd backup
      MFC r326094: Fix indentation in bsdinstall-created wpa_supplicant.conf

gjb (2):
      Correct a mismerge of r325861, committed as r326017, to fix the RPI2 SoC image build.
      MFC r326315, r326330, r326331, r326412:

hselasky (6):
      MFC r326392: Properly define the VLAN_XXX() function macros to avoid miscompilation when used inside "if" statements comparing with another value.
      MFC r326161: Implement atomic_fetchadd_64() for i386. This function is needed by the atomic64 header file in the LinuxKPI for i386.
      MFC r326058: Make sure all initialized mutexes are destroyed in the iser module, else WITNESS will panic. Prefix all mutex names with "iser_" to prevent future WITNESS issues.
      MFC r325897: Improve the library dependencies helper script in src/tools.
      MFC r326362: Disallow TUN and TAP character device IOCTLs to modify the network device type to any value. This can cause page faults and panics due to accessing uninitialized fields in the "struct ifnet" which are specific to the network device type.
      Add support for IPv6 based addresses as part of the TCP unify portspace feature in ibcore. This resolves an interopability issue when using both iWarp(T6) and RDMA(CX-4 and CX-5) devices at the same time.

jkim (2):
      MFC:	r309361, r322710, r323286, r326378, r326383, r326407
      MFC:	r326662

kib (3):
      MFC r326122: Kill all descendants of the reaper, even if they are descendants of a subordinate reaper.  Also, mark reapers when listing pids.
      MFC r326424: Add comment for vm_map_find_min().
      MFC r326429: Destroy seltd st_mtx and st_wait in seltdfini().

kp (2):
      MFC r325850: pfctl: teach route-to to deal with interfaces with multiple addresses
      MFC r320696: Allow ipsec to run in vnet jails

marcel (1):
      MFC r324369 Fix alignment of 'last' in autofill.

markj (10):
      MFC r326234, r326235, r326284: vm_page_array initialization improvements.
      MFC r326132: Allow kern.geom.mirror.debug to be negative.
      MFC r326178: Don't redefine _KERNEL.
      MFC r326177: Fix the type signature for sx(9) DTrace subroutines.
      MFC r326175, r326176: Lockstat fixes for sx locks.
      MFC r302794, r306744, r307691, r307692, r316174, r316681, r316859,     r316866, r316867, r316869: Various gmirror fixes and cleanups.
      MFC r326286: Don't use pcpu_find() to determine if a CPU ID is valid.
      MFC r326371: Verify the object/vnode association after vget() in vm_pageout_clean().
      MFC r326134: Duplicate helpers after disabling inherited tracepoints during a fork.
      MFC r325044: Fix a lock leak in g_mirror_destroy().

mav (1):
      MFC r326288: Fix integer overflow in SLOG test.

wulf (3):
      MFC r325294:
      MFC r325269:
      MFC r325295:

Installer images: http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/ISO-IMAGES/HardenedBSD-11-STABLE-v1100054.2/

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v1100054.2-amd64-bootonly.iso) = adf64ccb3a60cedd9195d88c6bd7fb0a85fd428a5ee3dd4cb6bae935235b2a3100c99c9722efa43b760a35dc82ea25b637198cc3a17b8894ab56331dfcc62a04
SHA512 (HardenedBSD-11-STABLE-v1100054.2-amd64-disc1.iso) = 9ac8ff7bc605f5264d45e73d625c86b783b62011c7048cef7cf6ddaf51cbd3f94d4a661409967b6599eee7493b2138bb4b52a7ee66df956615b782723c8e8666
SHA512 (HardenedBSD-11-STABLE-v1100054.2-amd64-memstick.img) = 94d27f3d30159b0df25af543fb84327873ea5ef76df7e0f22a66160bce36688b00761e82c972356107aed30ed70b2f61a3ba892024b1777e335ddf88013a782b
SHA512 (HardenedBSD-11-STABLE-v1100054.2-amd64-mini-memstick.img) = 116a72cd219df1ed23d0fccff8be745f600982bae00681fbb35d3ef4994bd9bf091ae4c35114533127edcefdc05c9ff0c25061f7f51daa61b8edb6b03ec060db

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlot8jUACgkQgZsRom/9
GI3a4xAAvx17oUQHPzRZza/qVLuF0VTVy9TDzFTZ32UfpDoiII0MYIfPuvIMXvTR
k/RZa9PxB07oI8jldIW/uXW8UAkQlSmxVegXjemh63aKydMAudXrYM3imN1zV1zp
/f/m1MFiwA98TzwMUZx+nWVZBnuQeDtEKREOBZHV9jcwno3vhA5gn6Vp6RfzE2W7
/oISL3eu9/sShf2of9dRMKmZjKuY+K757ygcf8xk53C6UMdRV+zEopVBQqzPwonZ
n1QBn1mJv4HsvMXuzgRE630MLjfvgqiXflnaGYiNnk9yvOgBKr88fL3gJ1TmTthb
hW2hZFUBRDWfAPCyk5K3tm93LJBXrcl7wJ/xtWQMkKtdsRBKPWkac2UpkUjvtvdc
1Ul5hber1OrEV2JxZhYyTUlzSwjOKIRVZi/MlUdpdq17F2BQpUygbx510Qp05G3D
bDCscWh+qrat+YPbZORi2FQxxbIyUfXUJTKBQahkCtwqnyTIEYlxSwwICwZMFEAP
MdASUvhE5fvZ+RCYTCoC2QMnYtZmC7Z+QEAof5aqhenjawgdL9p4bYvJ+4q1pX1l
M6NqDcbTzyQD7nid84Uvy78eX7NcrmZI/Sk1docw5mlJ/8LBJtZLyJgH8wxPSVQ0
piB1d+GaKBIplXzPaAz91TJ3tBVrS9mPdu3i0poEvZK1PxgQKKk=
=4o8A
-----END PGP SIGNATURE-----

shortlog-HardenedBSD-11-STABLE-v1100054.2.txt
CHECKSUM.SHA512.txt
CHECKSUM.SHA512.asc.txt

HardenedBSD-11-STABLE-v1100054.1

30 Nov 23:36
Compare
Choose a tag to compare

Highlights:

  • fixed syslogd - restore host name handling in UDP case (1bbaa03)
  • fixed ARM64 control flow problem (1ea13dc) [FreeBSD-SA-Candidate]
  • fixed MAP_GUARRD issues (96cbc3d)
  • upgrade to Unicode 10.0.0 (909e9ad)
  • ZFS fixes
  • (side note: the recent OpenSSL security issues (FreeBSD-SA-17:11.openssl) are already fixed in previous releases)

Changelog

Oliver Pinter + (26):
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master

ae (1):
      MFC r325960:   Unconditionally enable support for O_IPSEC opcode.

andrew (1):
      MFC r326137:

asomers (8):
      MFC r322854, r323995, r324568, r324991
      MFC r323275, r324112
      MFC r324805:
      MFC r324457:
      MFC r324940:
      MFC r325011, r325016
      MFC r322258, r324941, r324956, r325018
      MFC r325363:

avg (6):
      MFC r325227,r325272: geom_slice: do not destroy softc until providers are gone
      MFC r325606: MFV r325605: 8713 Buffer overflow in dsl_dataset_name()
      MFC r325608: MFV r325607: 8607 zfs: variable set but not used
      MFC r325228: vdev_geom_close: close errored consumer even if vdev_reopening is set
      MFC r325035: MFV r325013,r325034: 640 number_to_scaled_string is duplicated in several commands
      MFC r325610: MFV r325609: 7531 Assign correct flags to prefetched buffers

bapt (3):
      MFC r325361:
      MFC: 325359
      MFC r325888:

bcr (1):
      MFC r325441:

brooks (1):
      MFC r326307:

delphij (3):
      MFC r325383:
      MFC r325532: Update arcmsr(4) to 1.40.00.01:
      MFC r325755: Be more careful when doing calculation with request from userland.

emaste (6):
      MFC r325683: vnic: apply BPF tap before passing packet to hardware
      MFC r325444: ANSIfy sys/kern/md4c.c
      MFC r325811: vnic: report that the driver supports multicast
      MFC r325813 (bz): Unbreak IPv6.
      MFC r325042: libdtrace: replace "DOODAD" with more descriptive string
      MFC r326046: dt_modtext: return error on archs lacking an implementation

eugen (1):
      MFC r325436: RTF_PINNED for an interface

gjb (6):
      MFC r320252, r320686, r325769:  r320252:   In release/release.sh:   - Rename chroot_arm_armv6_build_release() to chroot_arm_build_release()     and make it hardware agnostic (such as armv6 -vs- armv7 -vs- arm64).   - Evaluate EMBEDDED_TARGET differently so release/tools/arm.subr can     be used for arm/armv6 and arm64/aarch64.   - Update comments and copyright.
      MFC r325863:  Only copy /etc/resolv.conf to ${CHROOTDIR} if /etc/resolv.conf does  not already exist within ${CHROOTDIR}.  This allows re-using a build  chroot with CHROOTBUILD_SKIP set to a non-empty value and CHROOTDIR  set to '/' in release.conf.
      MFC r325950, r325953:  r325950:   Sort variables for consistency.
      MFC r325373, r325861:  r325373 (manu):   release/arm: Do not install ubldr
      MFC r326068:  Remove /etc/resolv.conf from virtual machine images, which is  copied from the build host.  It is renamed to /etc/resolv.conf.bak  on boot, so never used anyway.
      Document SA-17:06 through SA-17:11 and EN-17:07 through EN:17-10.

glebius (2):
      MFC r325558:
      Revert r326103, as it appeared to be incorrect.

hselasky (4):
      MFC r325533: Make the dma_alloc_coherent() function in the LinuxKPI NULL safe with regard to the "dev" argument.
      MFC r325614: Multiple fixes for using IPv6 link-local addresses with RDMA in ibcore.
      MFC r325615: Make sure the IPv6 scope ID gets zeroed when exchanging CMA messages in ibcore. Else the IPv6 address matching might fail. This change adds support for both embedded and non-embedded IPv6 scope IDs when passing a IPv6 link-local socket address to RDMA. Prior to this change only global IPv6 addresses would work with RDMA.
      MFC r325616: Make sure sin_zero is zero in ibcore. Else socket address maching using bcmp() might fail.

jhb (4):
      MFC 324993: Add a test for sending a signal while stepping a thread via PT_STEP.
      MFC 325039: Rework pass through changes in r305485 to be safer.
      MFC 319517: Add a cross-reference to sysdecode_socket_protocol(3).
      MFC 319493,319509,319520,319595,319677,319679-319681,319688,319689, 319761-319768,320010,322899,322959,323020,323021,323151:

kib (3):
      MFC r325758: Style bug.
      MFC r325759: Do not leak PMC_PO_OWNS_LOGFILE on error.
      MFC r326098: Return different error code for the guard page layout violation.

manu (1):
      MFC r325517, r325554

markj (10):
      MFC r324864, r324865: Cleanups for ctf.5.
      MFC r325887: Avoid holding the process in uread() and uwrite().
      MFC r325561: Allow various page daemon parameters to be set from loader.conf.
      MFC r325528: Correct the type of foff.
      MFC r319824 (by sevan), r320624, r326173: Fixups for the lockstat provider man page.
      MFC r326055: Allow for fictitious physical pages in vm_page_scan_contig().
      MFC r326060: Clean up the SYSINIT_FLAGS definitions for rwlock(9) and rmlock(9).
      MFC r326061, r326063: DTrace test fixups.
      MFC r326093: Use the right variable for the IP header parameter to tcp:::send.
      MFC r326096: Annotate pragma/err.invalidlibdep.ksh as EXFAIL.

mav (2):
      MFC r325552: s/NgSendMsgReply/NgSendReplyMsg/ in man to match the code.
      MFC r325571: Add some PCI IDs found on AMD Epyc system.

pfg (1):
      MFC r326028: iconv: Fix a pointer mismatch.

vangyzen (2):
      MFC r325764
      MFC r325766

Installer images: http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/ISO-IMAGES/HardenedBSD-11-STABLE-v1100054.1/

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v1100054.1-amd64-bootonly.iso) = 83725667faf1aadb34f154934f8da4790b3fe8993e98dc852d149fee4529625bf5dec04ee04a59dd577cdaaa1b6b6a2378abad39933c9d9c87dd8354757210a2
SHA512 (HardenedBSD-11-STABLE-v1100054.1-amd64-disc1.iso) = 9b0e2243f7b46a395e6c62c7daf279683ad961985e9129ccc30654672d368ea54b8bc718f6a94d74b47dd6aca049146d5dda36a0a1530d7a62d11812cf75f8de
SHA512 (HardenedBSD-11-STABLE-v1100054.1-amd64-memstick.img) = cfe23f59d9969f3bbe958916a02ae830b7b65b506c4000edcf17ab513df0214c71c95700f1e27afa1f5290323bd5b9844bab1b817107ab6828b36b7a4d49cd8d
SHA512 (HardenedBSD-11-STABLE-v1100054.1-amd64-mini-memstick.img) = ddf2e9e6a9fe32d7b104184e14c0abb6261770e00ae1cad37f58a3c8a18dc5cd021fa9e160740387812171dd9ede6fdc6322035ddc70885e7eac15086bfade12

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlofe1QACgkQgZsRom/9
GI0lZhAA5evBJtIaEdpeYbtmlEUHJiXz+D94slp1CLKg2nzcZFU73e8FrkB8zbgA
qzfqq7v2SGzYHRSdI/f7iVDsXnsid9/t2PP9mn8OU0Sc1ZcgWwKNnaCcSf5lzNUz
yGNpuxFMy4OqYfO+CnIzihDYptEt/aFvgkrGYxPURjcM/veVcema9UFuT0lNjlhw
y3lvNouFrhF8k9vWLrZyW3J5Pe4MBTKFGm9thqm/p5fnHI0iCOsQIpLcWlxhMJHh
6GBUW+vszxLQGOxExrYxrIoY5FJyJN7zFwyh7jIhN/+OI9JOgMLPHFniOTpsJ/gm
N0QOTSzNBQ7AGNJBku4M6cEArfDujqwH61wbDOkVUqkG1gRu5AygSDy1nBwmUqSz
m5Of1iSMOl8qcKqjMkPlI+6CTFlcimb14jX6HMl4/WMvoe7dMLXEnfe6hl9/Tcqn
0ctJrNBck2k7vnYTc+4vwpdfnlmrvZqfFah2sOPPmFst9iJ4ahcAoxoRrS/beVn1
0f11GBDEf4BkkqIercR/XKUQmH+50apdypzjTcvLUspNIqlKekivUgDAo6r5hGOp
g1FnhkILpW1Wm6y0kLwt16y4ICculisa95mmbuKZ+gINDZo3hdtTyW+Kz3s+O71j
XrLAoqShGH+Ml/hZDJD7CbmrYbCmJjkTK3J3qSuq4dZJaYvQRyw=
=g8Bo
-----END PGP SIGNATURE-----

shortlog-HardenedBSD-11-STABLE-v1100054.1.txt
CHECKSUM.SHA512.txt
CHECKSUM.SHA512.asc.txt

HardenedBSD-11-STABLE-v1100054

16 Nov 19:56
Compare
Choose a tag to compare

Warning: this is a security update!

Highlights:

  • Changed AT_PAXFLAG auxvector position (4c04e4a)
  • Properly bzero kldstat structure to prevent kernel information leak. (3ff3ec4) [FreeBSD-SA-17:10.kldstat, CVE-2017-1088]
  • CloudABI 0.17 (cf6ac9b)
  • MFH (r325010): don't bother verifying a password that we know is too long. (b242fe3) [CVE-2016-6210]

Changelog

Oliver Pinter (3):
      Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
      HBSD: fix merge conlicts in auxvectors after fea694b75ea6704d14c7867ee98e4acb949ca6fc
      HBSD: bump __HardenedBSD_version to 1100054 after f9ed451a34137522fdc937272d6c8dce024a826c

Oliver Pinter + (2):
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master

bapt (3):
      MFC r325716:
      MFC r325717:
      MFC r325737:

des (1):
      MFH (r325010): don't bother verifying a password that we know is too long.

ed (1):
      MFC r324727 and r325555:

eugen (1):
      MFC r325559: ifconfig_<interface>_descr

gjb (1):
      MFC r322401:  Avoid creating kernel-dbg.txz distribution sets and kernel-debug  packages when MK_DEBUG_FILES is 'no'.

gordon (1):
      MFC r325865

jhb (4):
      MFC 323580,323933,323934,324814,324817: Enable AT_HWCAP on arm.
      MFC 323581,323582,323583: Add ptrace operations for VFP registers.
      MFC 323584: Add a NT_ARM_VFP ELF core note to hold VFP registers for each thread.
      MFC 323588: Recognize NT_PTLWPINFO and NT_ARM_VFP in FreeBSD ELF cores.

kib (2):
      MFC r325671: Check that the pmc index is less than the number of hardware PMCs, instead of asserting the condition.
      MFC r325553: Remove useless DEBUG printfs in i386 sendsig() implementations.

trasz (10):
      MFC r324261:
      MFC r320672:
      MFC r320672:
      MFC r324199:
      MFC r324276:
      MFC r324367:
      MFC r324427:
      MFC r324857:
      MFC r213931:
      MFC r325009:

Installer images: http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/ISO-IMAGES/HardenedBSD-11-STABLE-v1100054/

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v1100054-amd64-bootonly.iso) = 20f6333bcbeceb57788ca945ce9816359d9844c2476956a2d4ffd8cdb7b725b4ce12aca4a9adac67c43fdd0a5fd5b9c87888298a6044a31e3f0a4dcb564fefd3
SHA512 (HardenedBSD-11-STABLE-v1100054-amd64-disc1.iso) = 09af01b113072333cf72f2c933f2335d5e4c9e46d51c82d2a74ebd3f3217c9ba454dc77f30de75c2f805adb56608d147dd6dc520f8cfaa90fa049888f193497d
SHA512 (HardenedBSD-11-STABLE-v1100054-amd64-memstick.img) = 8951648e199157e840f1dc2637ba6516631bda75c28768086ccc5daba7822e874790cf5b1c2a86d428c70858cb1de5a0318c64ee27e8ce51596387d0b74c082b
SHA512 (HardenedBSD-11-STABLE-v1100054-amd64-mini-memstick.img) = 5d6cfc1f89374409efa226da5e6ef793e5e9472a217241e1a21e3c93ebadc9fd967a586dfbe66d454655618cef63721e42402c0a5e3282e1a5db465c208daa26

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAloNK9kACgkQgZsRom/9
GI2qDQ//WQxgSb96jBJ7uXlO9uH9xboZVPzgSP2OfXPFqRvy82Sqr/OFtmVURh1v
8N4zYkVEE4nCKkwiuSFRmRkfygKg1qhQ8hNbpXA3icgITO9ZS6kBIh6ZBkSht8f5
aFgkAEU6CToSodz733oSnaAmGoap6drG2jJ8VlK+IjdXQkrK1mh4g2ETZg03I3ED
vzqAQ5+AT1V4+MzES+K3AV0jnR7nCntLAaEDRgEIcEKA9l4GPfhUNyPnusd3RJNb
vAOJWt7XBJAvWilABDXVPXxObKqhowTKb/+JcEwP0Is8uIzfzplr/E9zmUCCmy5O
u+FQ5H14M+sIfo7KwlXsWStWUhCmOoXR8mLtEAzAV2bZf+/dccrFOE0M3lYu8ZA+
kq09zEN22N3fPU55PIRFyzLlFsRHx2/vFZMf8RvsVbtroHWBqsMudPkd8y8F26aM
HQBHFhmaRmlWmNTJ+Fsh51mwv08CmcY7W0tQztXZWgkKA+uwQV//olOglp9ZVhEJ
LNwRVcAGEwhXJsKeNBzHgiteEYu5kTV7HxiQwMnoIDnN2WT8zkJhetYNQnwMPJIj
LP2/azjbX6nTCZJyLRsLBRu8KGf1g9jW03gWmu8/qUZldS4bgxx4HDnmXazhShgX
zXWQLS9e+K1z2Dg9+7wLHmxK5k9pf9T+SadDPZ14n+DrEjr9qbw=
=Rk9Y
-----END PGP SIGNATURE-----

CHECKSUM.SHA512.txt
CHECKSUM.SHA512.asc.txt
shortlog-HardenedBSD-11-STABLE-v1100054.txt

HardenedBSD-11-STABLE-v1100053

16 Nov 19:47
Compare
Choose a tag to compare

Highlights:

Changelog

Bernard Spil (4):
      HBSD: crypto/libressl: Update to 2.6.3
      Merge branch 'hardened/11-stable/master' of https://github.com/HardenedBSD/hardenedBSD into hbsd/hardened/11-stable/master
      HBSD: Update OptionalObsoleteFiles.inc for LibreSSL 2.6
      HBSD: LibreSSL: Fix install of man(5) man-pages

Oliver Pinter (4):
      HBSD: fix build error with WITHOUT_LIBRESS=
      HBSD: fix build error with WITHOUT_LIBRESS= - part 2
      HBSD: clean up LibreSSL related ObsoleteFiles breakage, which will render the system into unbootable state
      HBSD: bump __HardenedBSD_version to 1100053 after LibreSSL 2.6.3 update

Oliver Pinter + (47):
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master

Shawn Webb (2):
      Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
      HBSD: Resolve merge conflict

ae (4):
      MFC r324593:   Fix regression in handling O_FORWARD_IP opcode after r279948.
      MFC r324592:   Return 'errno' value from the table_do_modify_record(), it is expected   by table_modify_record().
      MFC r324947:   Add IPv6 support for O_TCPDATALEN opcode.
      MFC r325355:   Use correct pointer in key_updateaddresses() when updating NAT-T config.

asomers (6):
      MFC r324241:
      MFC r324220:
      MFC r324221:
      MFC r324222:
      MFC r324223:
      MFC r324281:

avg (25):
      MFC r324309: remove heuristic error detection from ddi_strto*()
      MFC r324312: fix the misleading log facility used in devd/zfs.conf
      MFC r324311: sysctl-s in a module should be accessible only when the module is initialized
      Really MFC r309357,r309409: Speling fixes and fix line endings for err_msg output
      MFC r324590: i2c(8): clean up and clarify read operation
      MFC r324011, r324016: MFV r323535: 8585 improve batching done in zil_commit()
      MFC r324343: MFV r316862: 6410 teach zdb to perform object lookups by path
      MFC r324344: MFV r316864: 6392 zdb: introduce -V for verbatim import
      MFC r324345: MFV r316877: 7571 non-present readonly numeric ZFS props do not have default value
      MFC r324346: MFV r316931: 6268 zfs diff confused by moving a file to another directory
      MFC r324347: MFV r316933: 5142 libzfs support raidz root pool (loader project)
      MFC r324348: MFV r316934: 7340 receive manual origin should override automatic origin
      MFC r324349: MFV r322235: 8067 zdb should be able to dump literal embedded block pointer
      MFC r324350: zdb.8: replace with the slighly modified upstream version
      MFC r324425: illumos mutex_init: use SX_NEW instead of bzero
      MFC r324689: iscsi: do not hold the global lock while tearing down a session
      MFC r324694: never retry oustanding requests when terminating iscsi session
      MFC r324957: iscsi_shutdown_post: do nothing if panic-ing
      MFC r324163: MFV r323530,r323533,r323534: 7431 ZFS Channel Programs, and followups
      MFC r324168: MFV r323531: 8521 nvlist memory leak in get_clones_stat() and spa_load_best()
      MFC r324170: MFV r323794: 8605 zfs channel programs: zfs.exists undocumented and non-working
      MFC r324196: MFV r323912: 8592 ZFS channel programs - rollback
      MFC r324197: MFV r323913: 8600 ZFS channel programs - snapshot
      MFC r324757: remove spa_sync_on assert from spa_async_thread_vd
      MFC r324195: MFV r323795: 8604 Avoid unnecessary work search in VFS when unmounting snapshots

avos (1):
      MFC r324672: ifnet(9): split ifc_alloc_unit() (should simplify code flow)

bapt (1):
      MFC r324623:

bdrewery (6):
      MFC r316286:
      struct ksiginfo has MD size, so use it as the padding type to avoid the wrong size.
      Fix struct thread padding field names.
      MFC r318246,r324566,r324668,r324701:
      MFC r320481:
      MFC r318432:

cy (3):
      Sync (make same) the offsetof macro definition in include/ with the definition of the same in sys/sys/. The problem was discovered while working on implementing a new C11 gets_s() for libc. (The new gets_s() requires rsize_t found in include/stddef.h.) The solution to sync the two definitions was suggested by ed@ while discussing D12667.
      MFC r324681, r324738
      MFC r325030:

davidcs (2):
      MFC r324535 Add sanity checks in ql_hw_send() qla_send() to ensure that empty slots in Tx Ring map to empty slot in Tx_buf array before Transmits. If the checks fail further Transmission on that Tx Ring is prevented.
      MFC r324538 Added support driver state capture/retrieval

dim (1):
      MFC r324826:

emaste (4):
      MFC r324594: truss: mention 'H' in usage
      MFC r324595: ANSIfy vm_kern.c
      MFC r324683: write.2: correct maximum nbytes size for EINVAL error
      MFC r325420: lld: accept EINVAL to indicate posix_fallocate is unsupported

eugen (3):
      MFC r324364: ftpd(8): fix user context handling
      MFC r324212:
      MFC r325157,325158:

fsu (2):
      MFC r324620: Add extended attributes support to fuse kernel module.
      MFC r324962: Set doreallocblks sysctl value to zero by default because of possibility of filesystem corruption.

gjb (2):
      Document issuing 'vagrant up' a second time will boot properly if the virtual machine does not yet have a MAC address.
      MFC r325156:  Set a default hostname for virtual machine images.

hselasky (8):
      MFC r323916: Extend sysctl description for hw.usb.disable_enumeration .
      MFC r324445: When showing the sleepqueues from the in-kernel debugger, properly dump all the sleepque...
Read more

HardenedBSD-10-STABLE-v1000050

24 Oct 19:04
Compare
Choose a tag to compare

Warning: this is a security and feature update! Recompilation or updating of secadm is required.

Highlights:

  • Update wpa_supplicant/hostapd for 2017-01 vulnerability release. (7aec04b) [FreeBSD-SA-17:07]
  • Libarchive update (a8e62bf) [FreeBSD-SA-Candidate]
  • hyperv updates
  • ZFS updates
  • hbsd-update improvements
  • HBSD MFC: Correct sense of crypt(3) NULL checks in init(8) and lock(1)
  • HBSD MFC: netsmb: Fix buggy/racy smb_strdupin()
  • HBSD: add kernel side of hbsdcontrol (ddf1942) [see UPDATING-HardenedBSD in src repo]
  • HBSD: fix a possible "time of check to time of use" attack (bfdb3e6)

Changelog

Oliver Pinter (16):
      Merge remote-tracking branch 'origin/freebsd/10-stable/master' into hardened/10-stable/master
      HBSD: resolve merge conflict in rtld.c after af2751ed9fdfb8d9efe2f9b32ccb402ab5f94756
      HBSD: resolve merge conflict in release/Makefile after a3c81b6ad82652cfa97c5a0a84cd99c1ed1a0cae
      HBSD: resolve merge conflict in release/Makefile after a3c81b6ad82652cfa97c5a0a84cd99c1ed1a0cae - part II.
      HBSD: fix a possible "time of check to time of use" attack
      HBSD: allow to override hbsdcontrol settings with ACLs
      HBSD: add kernel side of hbsdcontrol
      HBSD: log PREFER_ACL (EXPLICIT_ACL) in pax_logs
      HBSD: after the recent changes, bump by copyright years
      HBSD: add hbsdcontrol.sh as demonstration tool to examples directory
      HBSD: bump __HardenedBSD_version to 1000050 after hbsdcontrol merge
      HBSD: extend the UPDATING-HardenedBSD about the new kernel knobs
      HBSD: improve log message in execve
      HBSD MFC: netsmb: Fix buggy/racy smb_strdupin()
      HBSD MFC: Correct sense of crypt(3) NULL checks in init(8) and lock(1)
      HBSD MFC r324225: ppp(8): Fix various bugs in NOPAM section of auth_CheckPassw2

Oliver Pinter + (50):
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master

Shawn Webb (5):
      HBSD: Teach hbsd-update to populate chroots.
      HBSD: Use the local resolver by default
      HBSD: Teach hbsd-update to not download updates
      HBSD: Teach hbsd-update to not update base
      HBSD: Do not default to using the local resolver

avg (27):
      MFC r319212: fix indentation
      MFC r319746,r319747,r319769: 8269 dtrace stddev aggregation is normalized incorrectly
      MFV r318962: Allow PROBE_SPINUP to fail in CAM ATA transport
      MFV r320195: bhyveload: correctly query size of disks
      MFC r320266: jedec_ts: add support for devices manufactured by IDT
      MFC r320151: remove bogus declaration of malloc from tcp_wrappers
      MFC r320352: zfs: port vdev_file part of illumos change 3306
      MFC r321471: spa_import_rootpool should be able to handle an imported root pool
      MFC r322228: MFV r322227: 8377 Panic in bookmark deletion
      MFC r322241: MFV r322240: 8491 uberblock on-disk padding to reserve space for smoothly merging zpool checkpoint & MMP in ZFS
      MFC r323482: zfs_ctldir: remove obsolete / bogus ARGSUSED lint directives
      MFC r323540: jedec_ts: add many more devices from various vendors
      MFC r323479,r323491: zfs: tighten debug versions of ZTOV and VTOZ
      MFC r323480: zfs_get_vfs: reference a requested filesystem instead of vfs_busy-ing it
      MFC r323522: slightly simplify zfs_vptocnp
      MFC r323918: MFV r323917: 8648 Fix range locking in ZIL commit codepath
      MFC r323481: zfsvfs_hold: assert that the busied filesystem can not be unmounted
      MFC r323483: zfsctl_snapdir_lookup should be able to handle an uncovered vnode
      MFC r323791: MFV r323790: 8567 Inconsistent return value in zpool_read_label
      MFC r323578,r323769: dounmount: do not release the mount point's reference on the covered vnode
      MFC r323524: MFV r316932: 6280 libzfs: unshare_one() could fail with EZFS_SHARENFSFAILED
      MFC r323525: MFV r323523: 8331 zfs_unshare returns wrong error code for smb unshare failure
      MFC r323528: MFV r323527: 5815 libzpool's panic function doesn't set global panicstr
      MFC r323612: gmirror: treat ENXIO as disk disconnect, not media error
      MFC r324309: remove heuristic error detection from ddi_strto*()
      MFC r324312: fix the misleading log facility used in devd/zfs.conf
      MFC r324311: sysctl-s in a module should be accessible only when the module is initialized

avos (1):
      MFC r324672: ifnet(9): split ifc_alloc_unit() (should simplify code flow)

bapt (1):
      MFC r323160:

brooks (3):
      MFC r324243:
      MFC r320999:
      MFC r321256:

cy (5):
      MFC r322112:
      MFC r323478:
      MFC r323715:
      MFC r323945 and 323962
      MFC r324249, 324260, and 324277

davidcs (7):
      MFC r323781 Update minidump template for version 5.4.66
      MFC r323782 Add sysctl "enable_minidump" to turn on/off automatic minidump retrieval
      MFC r323824     1. ql_hw.c:     	In ql_hw_send() return EINVAL when TSO framelength exceeds max     	supported length by HW.(davidcs)     2. ql_os.c:     	In qla_send() call bus_dmamap_unload before freeing mbuf or     	recreating dmmamap.(davidcs)     	In qla_fp_taskqueue() Add additional checks for IFF_DRV_RUNNING     	Fix qla_clear_tx_buf() call bus_dmamap_sync() before freeing     	mbuf.
      MFC r324026 Fix delete all multicast addresses
      MFC r324065 Tx Ring Shadow Consumer Index Register needs to be cleared prior to passing it's physical address to the FW during Tx Create Context.
      MFC r324535 Add sanity checks in ql_hw_send() qla_send() to ensure that empty slots in Tx Ring map to empty slot in Tx_buf array before Transmits. If the checks fail further Transmission on that Tx Ring is prevented.
      MFC r324538 Added support driver state capture/retrieval

dteske (1):
      MFC SVN r295342-295344

emaste (2):
      MFC r324594: truss: mention 'H' in usage
      MFC r324595: ANSIfy vm_kern.c

eugen (1):
      MFC r323873, r324081: Unprotected modifica...
Read more

HardenedBSD-11-STABLE-v1100052

18 Oct 18:23
Compare
Choose a tag to compare

Warning: this is a security update!

Highlights:

  • MFC r324696: Update wpa_supplicant/hostapd for 2017-01 vulnerability release. (2d112e2) [FreeBSD-SA-17:07, fix for KRACK WPA issue]
  • Changed AUX vector layout
  • HBSD MFC r324394: random(4): Gather entropy from Pure sources
  • HBSD MFC r324372: random(4): Discard low entropy inputs
  • HBSD MFC r316767: Map DMAP as nx.

Changelog

Oliver Pinter (7):
      HBSD MFC r316767: Map DMAP as nx.
      HBSD MFC r324372: random(4): Discard low entropy inputs
      HBSD MFC r324393: random(4): Add missing source descriptions
      HBSD MFC r324394: random(4): Gather entropy from Pure sources
      HBSD: reorder sysentvec  to avoid future merge conflicts
      HBSD: remove RANDOM_PURE_BROADCOM from entropy_sources
      HBSD: bump __HardenedBSD_version to 1100052 after aux vector changes

Oliver Pinter + (8):
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master

Shawn Webb (3):
      Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
      HBSD: Resolve merge conflict
      HBSD: Fix kernel build

brooks (3):
      MFC r324243:
      MFC r320999:
      MFC r321256:

emaste (1):
      MFC r324509: sysctl.9: document CTLFLAG_CAPRD and CTLFLAG_CAPWR

fsu (1):
      MFC r324064: Add check to avoid raw inode iblocks fields overflow in case of huge_file feature. Use the Linux logic for now.

gordon (1):
      MFC r324696: Update wpa_supplicant/hostapd for 2017-01 vulnerability release.

jhb (4):
      MFC 324072: Add UMA_ALIGNOF().
      MFC 324073: Use UMA_ALIGNOF() for name cache UMA zones.
      MFC 324039: Don't defer wakeup()s for completed journal workitems.
      MFC 323579,323585: Add AT_HWCAP and AT_EHDRFLAGS on all platforms.

kib (1):
      MFC r324156: Improve smb(4) devfs interactions.

markj (2):
      MFC r324373: Avoid adding an extra "0x" prefix before pointer formats.
      MFC r324146: Have uiomove_object_page() keep accessed pages in the active queue.

mckusick (1):
      MFC of 324456.

ngie (2):
      MFC r324478:
      MFC r324497:

tuexen (1):
      MFC r322648:

Installer images: http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/ISO-IMAGES/HardenedBSD-11-STABLE-v1100052/

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v1100052-amd64-bootonly.iso) = 2c608383dad93cafbf823c44aad048e464274bd47d093695851926b10ee7f33a8ebe1ff7246943879aabe1b1c782e73fed03f17f2418b6671c0c16c1672e6684
SHA512 (HardenedBSD-11-STABLE-v1100052-amd64-disc1.iso) = 3970ebbf4aec1422ed45b788d5129980e4740bfcb555d0f8dc91542244694408050c48bbc99b6e9d14534a1802a0a73dee7bef4280cc791d06246937209b3464
SHA512 (HardenedBSD-11-STABLE-v1100052-amd64-memstick.img) = df6dc54c41f228e84f3e706e8e6e01a56c763e60bdd0422f57e5949d9bf566d79bc7b0c7cfe129e0c551978a9238590d66ad5e70b64d0c37051a6e76c974f97d
SHA512 (HardenedBSD-11-STABLE-v1100052-amd64-mini-memstick.img) = 8689c252e1211a6e8363a3c083eb0aca073bb08a378120324028a466180cbc062d48c14b2ab054a443d4b9a8d4e21ff27b21f18def975c55dc2029fcdf4c10a5

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlnmsRkACgkQgZsRom/9
GI2EThAA1kqMTRY6u8Eg7DUDrKGMmoskob4r3gFT6tpYUjkueXpUwZYHyNI9mAbS
1MmfvdtASCldjzMirgcaz+squK5JqktLrNbUdhJV7Omb+g/70uoCK4Ges0XBc7nh
vUsBu6PXZPN01gi5L2xQCcue3L5ImYj9nKR5Froy17GUaCAmhRhTdKj6+XxT/OVv
BfIRrGWiAj1Txt78t9IKCAL10ZsZydrFxPT+WC9oZBFB8dNdT3H3orRS5Qp0RVA/
+rTxE22H35VsVsdBhiDK7CFAlGfEJrBN9dK79meFdfxKpkp4701W6QWkBGCwUntz
NMmIhIjsqbZToBG5AycgXW8cTvTKG2bTvfa/lPDdfw82tqBpdQJQp4NExFyva9E1
yG7NL13Fl7pxR69YBWJqV+Y239ZmpF5+BRJnPj+0v0EnQOUuTN8R9jNdqHvq0DIm
9vb3ELiphdZGpcNlmd+zPJq1QQD5Z5RV11SkO8Kwnndyfhw4JBR6qr59ALXev3sI
7YW9mkQL9RSSMOmbzYwmtJ7YSgOceP0qM3i4D7sW5Akh9laJZxz0DnjPkgDs/y9i
eAiUsWp/MkbTAquGqnKU23tKnDU2QDDho1M1ZvxrlJ+yQX9dB6eG0SRsh+ob3vWq
aK8Y2536m6U6KXnijY16++DsraI1AAiVT3JXHL/+EvOh+jcECJQ=
=4WTi
-----END PGP SIGNATURE-----

shortlog-HardenedBSD-11-STABLE-v1100052.txt
CHECKSUM.SHA512.txt
CHECKSUM.SHA512.asc.txt

HardenedBSD-11-STABLE-v1100051

16 Oct 20:48
Compare
Choose a tag to compare

Warning: this is a security and feature update!

Highlights:

Changelog

Oliver Pinter (12):
      HBSD: fix a possible "time of check to time of use" attack
      HBSD: allow to override hbsdcontrol settings with ACLs
      HBSD: add kernel side of hbsdcontrol
      HBSD: after the recent changes, bump by copyright years
      HBSD: add hbsdcontrol.sh as demonstration tool to examples directory
      HBSD: bump __HardenedBSD_version to 1100051 after hbsdcontrol merge
      HBSD: extend the UPDATING-HardenedBSD about the new kernel knobs
      HBSD: log PREFER_ACL (EXPLICIT_ACL) in pax_logs
      HBSD: improve log message in execve
      HBSD MFC: netsmb: Fix buggy/racy smb_strdupin()
      HBSD MFC: Correct sense of crypt(3) NULL checks in init(8) and lock(1)
      HBSD MFC r324225: ppp(8): Fix various bugs in NOPAM section of auth_CheckPasswd

Oliver Pinter + (33):
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master

Shawn Webb (8):
      HBSD: Teach hbsd-update to populate chroots.
      HBSD: Use the local resolver by default
      HBSD: Teach hbsd-update to not download updates
      HBSD: Partially backport llvm toolchain commit
      HBSD: Teach hbsd-update to not update base
      HBSD: Do not default to using the local resolver
      Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
      HBSD: Resolve merge conflict

ae (3):
      MFC r323836:   Do not acquire IPFW_WLOCK when a named object is created and destroyed.
      MFC r323839:   Use in_localip() function instead of unlocked access to addresses hash   to determine that an address is our local.
      MFC r324098:   Some mbuf related fixes in icmp_error()

alc (15):
      MFC r323785   Sync with amd64/arm/arm64/i386/mips pmap change r288256:
      MFC r323786   In r288122, we changed vm_page_unwire() so that it returns a Boolean   indicating whether the page's wire count transitioned to zero.  Use that   return value in zbuf_page_free() rather than checking the wire count.
      MFC r323868   Modernize calls to vm_page_unwire().  As of r288122, vm_page_unwire()   accepts PQ_NONE as the specified queue and returns a Boolean indicating   whether the page's wire count transitioned to zero.  Use these features   in dev/drm2.
      MFC r322459,322897   The *_meta_* functions include a radix parameter, a blk parameter, and   another parameter that identifies a starting point in the memory address   block.  Radix is a power of two, blk is a multiple of radix, and the   starting point is in the range [blk, blk+radix), so that blk can always be   computed from the other two.  This change drops the blk parameter from the   meta functions and computes it instead.  (On amd64, for example, this   change reduces subr_blist.o's text size by 7%.)
      MFC r323391   To analyze the allocation of swap blocks by blist functions, add a method   for analyzing the radix tree structures and reporting on the number, and   sizes, of maximal intervals of free blocks.  The report includes the number   of maximal intervals, and also the number of them in each of several size   ranges, from small (size 1, or 3 to 4) to large (28657 to 46367) with size   boundaries defined by Fibonacci numbers.  The report is written in the test   tool with the 's' command, or in a running kernel by sysctl.
      MFC r323981   Modernize the use of vm_page_unwire().  Since r288122, vm_page_unwire()   has returned TRUE when the wire count transitions to zero, eliminating   the need for callers to inspect the page's wire count.
      MFC r323961   Since the page "frame" doesn't belong to a vm object, it can't be paged   out.  Since it can't be paged out, it is never actually enqueued in a   paging queue.  Nonetheless, passing PQ_INACTIVE to vm_page_unwire()   creates the appearance that the page "frame" is being enqueued in the   inactive queue.  As of r288122, we can avoid this false impression by   passing PQ_NONE.
      MFC r323656   Modify blst_leaf_alloc to take only the cursor argument.
      MFC r323973,324087   Optimize vm_page_try_to_free().  Specifically, the call to pmap_remove_all()   can be avoided when the page's containing object has a reference count of   zero.  (If the object has a reference count of zero, then none of its pages   can possibly be mapped.)
      MFC r321015   Style-only change: Consistently use the variable name "pdpg" throughout   this file.  Previously, half of the pointers to a vm_page being used as   a page directory page were named "pdpg" and the rest were named "mpde".
      MFC r320980,321377   Generalize vm_page_ps_is_valid() to support testing other predicates on   the (super)page, renaming the function to vm_page_ps_test().
      MFC r319542,321003,321378   Eliminate duplication of the pmap and pv list unlock operations in   pmap_enter() by implementing a single return path.  Otherwise, the   duplication will only increase with the upcoming support for psind == 1.
      MFC r321386,321393   Utilize pmap_enter(..., psind=1) in vm_fault_soft_fast() on amd64.  (The   Differential Revision discusses the benefits of this change.)
      MFC r305685   Various changes to pmap_ts_referenced()
      MFC r324173   When an I/O error occurs on page out, there is no need to dirty the page,   because it is already dirty.  Instead, assert that the page is dirty.

asomers (4):
      MFC r322868:
      MFC r323193:
      MFC r323194:
      MFC r323813:

avg (16):
      MFC r323479,r323491: zfs: tighten debug versions of ZTOV and VTOZ
      MFC r323480: zfs_get_vfs: reference a requested filesystem instead of vfs_busy-ing it
      MFC r323355: MFV r323107: 8414 Implemented zpool scrub pause/resume
      MFC r323522: slightly simplify zfs_vptocnp
      MFC r323797: add vfs_zfs.abd_chunk_size tunable
      MFV r323796: fix memory leak in g_bio zone introduced in r320452
      MFC r323918: MFV r323917: 8648 Fix range locking in ZIL commit codepath
      MFC r323433,r323793,r323915: MFV r323110: 8558 lwp_create() returns EAGAIN on system with more than 80K ZFS filesystems, and followups
      MFC r323481: zfsvfs_hold: assert that the busied filesystem can not be unmounted
      MFC r323483: zfsctl_snapdir_lookup should be able to handle an uncovered vnode
      MFC r323791: MFV r323790: 8567 Inconsistent return value in zpool_read_label
      MFC r323578,r323...
Read more

HardenedBSD-11-STABLE-v1100050

24 Sep 17:21
Compare
Choose a tag to compare

Highlights:

  • HBSD: pull in upstream fix for pwait hang when watching its own pid (0940151)
  • Removed HARDEN_RANDOMPID kernel knob
  • HBSD: rework MAP_GUARD footshooting prevention (c694b80)
  • HBSD: Enable EARLY_AP_STARTUP kernel config option - fixes Xen boot issues (b179d01)
  • MFV r320195: bhyveload: correctly query size of disks (2239cf6)
  • HBSD: merged back LibreSSL 2.5.5 and enabled by default in 11-STABLE (3756540) (with lot of commits from Bernard)
  • Add sysctls for ZFS ARC shrinking and growing values (d991ae8)

Changelog

Bernard Spil (59):
      HBSD: Add WITH_LIBRESSL option
      Revert "HBSD: Add WITH_LIBRESSL option"
      HBSD: Import LibreSSL 2.3.2 portable source
      HBSD: Enable building LibreSSL libcrypto
      HBSD: secure/lib/libcrypto: Allow configurable LibreSSL build
      HBSD: secure/lib/libssl: Allow configurable LibreSSL build
      HBSD: secure/usr.bin/openssl: Allow configurable LibreSSL build
      HBSD: contrib/telnet replace deprecated des_* methods with DES_* equivalents
      HBSD: crypto/heimdal Use RAND_egd only if libcrypto supports it
      HBSD: usr.sbin/ppp replace deprecated des_* methods with DES_* equivalents
      HBSD: contrib/wpa Fix OPENSSL_VERSION_NUMBER checks with LibreSSL
      HBSD: Make LibreSSL assembly work on amd64
      HBSD: Build LibreSSL's libtls next to libcrypto/libssl
      HBSD: Finish adding LibreSSL as base libcrypto/libssl provider
      HBSD: Add LibreSSL netcat to the secure/usr.bin Makefile
      HBSD: Update LibreSSL to 2.3.3
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/libressl
      Merge branch 'hardened/current/master' into hardened/current/libressl
      HBSD: secure/lib/libcrypto: SHLIBVER of LibreSSL libcrypto is 37 not 38
      Merge remote-tracking branch 'hbsd/hardened/current/master' into hardened/current/libressl
      HBSD: Import LibreSSL 2.3.4 into base
      HBSD: Rework WITH_LibreSSL detection in Makefiles
      Merge branch 'hardened/current/libressl' of https://github.com/HardenedBSD/hardenedBSD-playground into hardened/current/libressl
      Merge remote-tracking branch 'hbsd/hardened/current/master' into hardened/current/libressl
      HBSD: include src.opts.mk not bsd.opts.mk
      HBSD: Update OpenSSL version and date for LibreSSL
      HBSD: Remove disabled code from LibreSSL libcrypto
      HBSD: Fix man-page Makefile detection for LibreBSD
      Merge remote-tracking branch 'remotes/playground/hardened/current/libressl' into hardened/current/master-libressl
      HBSD: Switch current/master-libressl to WITH_LIBRESSL
      crypto/libressl: Update to 2.3.6
      HBSD: Merge remote-tracking branch 'hbsd/hardened/11-stable/master' into hbsd/hardened/11-stable/master-libressl
      HBSD: Add OpenSSL libs to ObsoleteFiles
      Merge branch 'hardened/11-stable/master-libressl' of https://github.com/HardenedBSD/hardenedBSD into hbsd/hardened/11-stable/master-libressl
      Merge remote-tracking branch 'hbsd/hardened/11-stable/master' into hbsd/hardened/11-stable/master-libressl
      Merge remote-tracking branch 'hbsd/hardened/11-stable/master' into hbsd/hardened/11-stable/master-libressl
      HBSD: Update LibreSSL to 2.3.7
      HBSD: Update LibreSSL to 2.4.2
      HBSD: Mark OpenSSL libs and man-pages Obsolete for LibreSSL
      HBSD: Add LibreSSL libs and man-pages for WITHOUT_LIBRESSL
      HBSD: Replace FreeBSD nc with TLS-enabled nc from LibreSSL
      HBSD: Add MK_NETCAT check for building LibreSSL netcat
      HBSD: Install nc.1 in the correct directory
      HBSD: secure/usr.bin/nc fix mis-paste
      HBSD: Add WITH_LIBRESSL and WITHOUT_LIBRESSL options descriptions
      HBSD: Fix installation of libcrypto in /lib
      HBSD: crypto/libressl: Update to 2.4.3
      HBSD: Update version number and date for LibreSSL
      crypto/libressl: Update to 2.4.4
      crypto/libressl: Update version/date in for LibreSSL
      Merge branch 'hardened/11-stable/master-libressl' of https://github.com/HardenedBSD/hardenedBSD into hbsd/hardened/11-stable/master-libressl
      HBSD: LibreSSL fix ECDSA P-256 timing attack vuln
      HBSD: Import LibreSSL 2.4.5 from upstream
      HBSD: Update LibreSSL version and date
      HBSD: contrib/unbound: Fix LibreSSL detection
      HBSD: contrib/libarchive fix LibreSSL detection
      HBSD: Pull in LibreSSL 2.5
      hBSD: Complete merge of LibreSSL 2.5 changes
      HBSD: Update build framework for LibreSSL 2.5

CTurt (2):
      HBSD: Fix ctl memory leak
      HBSD: Remove info leak

Oliver Pinter (7):
      HBSD: fix mismerge after recent libressl merge
      HBSD: bump __HardenedBSD_version after LibreSSL merge
      HBSD: garbage collect STACK_GUARD_SIZE kernel knob
      HBSD: rework MAP_GUARD footshooting prevention
      HBSD: enable pid randomization in PAX_HARDENING case
      HBSD: pull in upstream fix for pwait hang when watching its own pid
      HBSD: fix compile error in vm_map.c

Oliver Pinter + (1179):
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/master-libressl
      M...
Read more

HardenedBSD-10-STABLE-v1000049

16 Sep 23:15
Compare
Choose a tag to compare

Warning: this is a security update!

Highlights:

  • HBSD: Update DNSSEC root key 257 (d51b783)
  • MFC r322677: pw usermod: handle empty secondary group lists (-G '') (9cbb330) [FreeBSD-SA-Candidate]
  • MFC r322678: pw useradd: Validate the user name before creating the entry (73846ec) [FreeBSD-SA-Candidate]
  • MFC: r321293 date: avoid crash on invalid time (d014d34) [FreeBSD-SA-Candidate]
  • MFC r323278: Fix an incorrectly used conditional causing buffer overflow. (cec050b) [CVE-2017-1000249]
  • HBSD: constify pax_elf()'s mode parameter (a660c95)
  • HBSD: rename PAX_NOTE_FINALIZED paxflag to PAX_NOTE_PREFER_ACL (d4a5dab)
  • HBSD: API change, swap the first and second argument of pax_elf (2135308)
  • HBSD: update mirror list in bsdinstall
  • HBSD: print out the __{Hardened,Free}BSD_version and version at panic time (0a7d696)
  • HBSD: improve logging - hide early hardenedbsd related boot messages under bootverbose
  • Upgrade OpenSSH to 7.3p1. (b3ef7b3) [FreeBSD-SA-Candidate]
  • HBSD MFC: r319365, r321670 Merge ACPICA 20170728.
  • HBSD: disable coredump helper for devctl (389bdb5)
  • HBSD MFC: Stop masking FSGSBASE and SMEP features under monitors.

Changelog

Oliver Pinter (16):
      HBSD MFC: Stop masking FSGSBASE and SMEP features under monitors.
      HBSD: comment this part of etc/devd.conf once more, just to be sure
      HBSD: disable coredump helper for devctl
      HBSD MFC:	r319365, r321670
      HBSD: fix typo in kern_sig.c - CTLFLAG_RO -> CTLFLAG_RD
      HBSD: improve logging
      HBSD: print out the __{Hardened,Free}BSD_version and version at panic time
      HBSD: update mirror list in bsdinstall
      Merge remote-tracking branch 'origin/freebsd/10-stable/master' into hardened/10-stable/master
      HBSD: resolve merge conflict in openssh's moduli after the update
      HBSD: style a little bit the debug info at panic time
      HBSD: API change, swap the first and second argument of pax_elf
      HBSD: Bump __HardenedBSD_version after API change
      HBSD: rename PAX_NOTE_FINALIZED paxflag to PAX_NOTE_PREFER_ACL
      HBSD: constify pax_elf()'s mode parameter
      HBSD MFC r322802: Fix off-by-one error when parsing SRAT table.

Oliver Pinter + (21):
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
      Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master

Shawn Webb (1):
      HBSD: Update DNSSEC root key 257

cy (2):
      MFC r321806:
      MFC r322073:

davidcs (4):
      MFC r322331   Provide compile option to choose receive processing in either Ithread or   Taskqueue Thread.
      MFC r322408 Performance enhancements to reduce CPU utililization for large number of TCP connections (order of tens of thousands), with predominantly Transmits.
      MFC 322771
      MFC r322852 Fix qlnx_tso_check() so that every window of (ETH_TX_LSO_WINDOW_BDS_NUM - nbds_in_hdr) has atleast ETH_TX_LSO_WINDOW_MIN_LEN bytes

des (3):
      Upgrade OpenSSH to 7.3p1.
      Revert OpenSSH 7.3p1; something went wrong between testing and committing.
      Upgrade OpenSSH to 7.3p1.

dim (1):
      MFC r323001:

emaste (6):
      MFC r323002: zfs: do not advertise unsupported hash algorithms
      MFC r322678: pw useradd: Validate the user name before creating the entry
      MFC r322677: pw usermod: handle empty secondary group lists (-G '')
      MFC r322374: bsdinstall: record DHCP config after obtaining lease
      MFC r320069: Add ZFS to Linux statfs ftype
      MFC r323448: bsdinstall: Ignore error return from newaliases(1)

gjb (7):
      MFC r322544:  Always expand the full path to the configuration file specified  with the '-c' flag.  This fixes an issue where the configuration  file would not properly be located intermittently.
      MFC r322770, r322796:
      Document r320312 and r321074, cancel-safe support in stdio(3) and syslog(3).
      Document r320772, syslogd(8) logging retry after restarting unexpectedly.
      Fix an indentation mistake that snuck in with r323590.
      Document r316348, pw(8) respecting pw.conf(5). Document r322793, GEOM_JOURNAL flush_queue handling fixed.
      Document r301772, Dummynet AQM imported to the base system.

gordon (1):
      MFC r323278: Fix an incorrectly used conditional causing buffer overflow.

hselasky (1):
      MFC r322810 and r322830: Add new mlx5ib(4) driver to the kernel source tree which supports Remote DMA over Converged Ethernet, RoCE, for the ConnectX-4 series of PCI express network cards.

ken (1):
      MFC r322410:   ------------------------------------------------------------------------   r322410 | ken | 2017-08-11 12:43:52 -0600 (Fri, 11 Aug 2017) | 16 lines

marius (10):
      MFC: r322726
      Update stable/10 to BETA2 in preparation for 10.4-BETA2 builds.
      MFC: r308643, r312427, r312641, r322986
      Update stable/10 to BETA3 in preparation for 10.4-BETA3 builds.
      Fix a typo in the hard link creation for a WANDBOARD DTB file. Just like r322666 which introduced this bug, this is a direct commit to stable/10.
      MFC: r321293
      - Ever since the workaround for the silicon bug of TSO4 causing MAC hangs   was committed in r295133 (MFCed to stable/10 in r295287), CSUM_TSO gets   always disabled by em(4) on the first invocation of em_init_locked() as   at that point no link is established, yet. In turn, this causes CSUM_TSO   also to be off when em(4) is used as a parent device for vlan(4), i. e.   besides IFCAP_TSO4, IFCAP_VLAN_HWTSO effectively doesn't work either.
      Update stable/10 to BETA4 in preparation for 10.4-BETA4 builds.
      MFC: r323382, MFV: r323381
      - Reset stable/10 back to -PRERELEASE status now that releng/10.4   has been branched. - Update __FreeBSD_version to reflect the new -STABLE branch. - Switch the pkg(8) configuration for the default installation and the   DVD image creation back to the latest set, i. e. revert r322737.

mckusick (3):
      MFC of 269692, 322179, 322463, and 322464:
      MFC of 276737, 322200, 322201, 322271, and 322297
      Note change brought on by 322860 MFC.

oleg (1):
      MFC r322628: Fix BSD label partition end sector calculation.

will (1):
      MFC r278479,278494,278525,278545,278592,279237,280410:

Installer images: http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/ISO-IMAGES/HardenedBSD-10-STABLE-v1000049/

CHECKSUM.SHA512:

SHA512 (HardenedBSD-10-STABLE-v1000049-amd64-bootonly.iso) = 5c3c682db8a57124c2852ecbc3ccbeded6fac7534b04aac1b434035ffa64a6048b520f4d3ae4a76d06f1d2f994b74d40392a1b70e89d6abdcd9c1299a179dffe
SHA512 (HardenedBSD-10-STABLE-v1000049-amd64-disc1.iso) = 1434b67f2192f96ce01e5a3ff1880b0166fa9d75963d114d68eea03cd6e6985497419e7c4afd604d461c072b3bc119d0693b7b39b658e376a830c395ee00a35b
SHA512 (HardenedBSD-10-STABLE-v1000049-amd64-memstick.img) = 3c727b04ea288bf985c85aef8f81de9d22bce99884f79f61496142a8de70d73ada0aaa9d0a5e987149caee5c7ec9c7b3b5368af5155cd96068528bd124a6bd4b
SHA512 (HardenedBSD-10-STABLE-v1000049-amd64-mini-memstick.img) = b69249bacb713b976f3799f95b7737ddc48b62e96e92e1fc166fbb23f536a7401935060d506fd39c87c1a675e03d061472b6956be1a45c161602109fdd4be6ca
SHA512 (HardenedBSD-10-STABLE-v1000049-amd64-uefi-bootonly.iso) = 400d1967dbcfc01071bd9cd744bc6a49ef1b5f7553491311bcb39f7685605f37495ff6f9f31565203d7103cbfeea79e4f5ccd2d9e9e801a62e7b752d72ce2acf
SHA512 (HardenedBSD-10-STABLE-v1000049-amd64-uefi-disc1.iso) = b2cd9572970eda037ee149c09d172f6431bd236aec992cae895e8898e3ca007003265f2b98b93322a19331b0a4f1b5a481adfa6250e5f1165daf3e24098d53e6
SHA512 (HardenedBSD-10-STABLE-v1000049-amd64-uefi-memstick.img) = e053d87807fcfe574f6f41fbb22f01f2395a7273e5f0397136569753532d366b06bc30b3a020bec54ac59a62d1ec708ee10c10a1fb13de352b72cb10e2a2ff8b
SHA512 (HardenedBSD-10-STABLE-v1000049-amd64-uefi-mini-memstick.img) = 0409c88284cc9d14f2c64978e713845c5a581ea5bbe77b424383becf39a9a05c0c3c92d29bd2bc7235035bbd35a16db9a677d8a9a01251eab097002f01c81b6f

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54...
Read more