HardenedBSD-12-STABLE-v1200058.3
opntr
released this
06 Feb 22:14
·
2021 commits
to hardened/12-stable/master
since this release
Highlights:
- MFC r343784: Avoid leaking fp references when truncating SCM_RIGHTS control messages. (0526a0c) [CVE-2019-5596 FreeBSD-SA-19:02.fd]
- MFC r343780: amd64: clear callee-preserved registers on syscall exit. (bd0cbe8 CVE-2019-5595 FreeBSD-SA-19:01.syscall]
- MFC r343587: Add a simple port filter to SIFTR. (ab2d372)
- MFC r343060: [drm] Fix off-by-one error when accessing driver-specific ioctl handlers array (c53a074)
- MFC r341472: Add ability to request listing and deleting only for dynamic states. (caad386)
- MFC r343499: rc(8): do not stop dhclient(8) when wpa_supplicant(8) / hostapd(8) is used (0441c4f)
- MFC r343418: pf: Fix use-after-free of counters (824b38d)
- MFC r343395: Fix refcounting leaks in IPv6 MLD code leading to loss of IPv6 connectivity. (69483a2)
- HBSD: Add EFIRT to the HARDENEDBSD amd64 kernel (23220bd)
- HBSD: Disable cfi-icall for mount_nfs and showmount (924afb0)
- MFC of 343449 and 343483 Update tunefs to allow '_' in label names. (3df8523)
- MFC r343363, r343364: Fix an LLE lookup race. (4b6ead6) [FreeBSD-EN-19:07.lle]
- MFC r343089: Limit the user-controllable amount of memory the kernel allocates via IPPROTO_SCTP level socket options. (1d3e563)
- MFC r342857: Avoid overfow in vtruncbuf() (5dafae6)
- HBSD: Disable cfi-icall for NFS RPC utilities (d09bc59)
- MFC r343082: Implement shmat(2) flag SHM_REMAP. (58501d9)
- MFC r343286: nfs: Zero the buffers exported by NFSSVC_DUMPCLIENTS and DUMPLOCKS. (0e46cd7)
- MFC r343265: hwpmc: Plug memory disclosures from PMC_OP_{GETPMCINFO,GETCPUINFO}. (d5dd66e)
- MFC linuxulator stack memory disclosure fixes (c69e471)
- MFC r343017: Handle overflow in calculating max kmem size. (ef32d9a)
- nvdimm updates
- pf updates
- ipfilter updates
- ipfw updates
- netmap updates
- net80211 updates
Changelog
Oliver Pinter (1):
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Oliver Pinter + (50):
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Shawn Webb (3):
HBSD: Disable cfi-icall for NFS RPC utilities
HBSD: Disable cfi-icall for mount_nfs and showmount
HBSD: Add EFIRT to the HARDENEDBSD amd64 kernel
ae (2):
MFC r341471: Reimplement how net.inet.ip.fw.dyn_keep_states works.
MFC r341472: Add ability to request listing and deleting only for dynamic states.
araujo (1):
MFC r343077:
avg (1):
MFC r342170: add support for marking interrupt handlers as suspended
avos (24):
MFC r343088: rtwn_usb(4): add new USB id for RTL8821AU
MFC r342991: net80211: provide rate validation for injected frames.
MFC r343092: rtwn(4): clear 'basic' rate bit before calculating RTS/CTS rate.
MFC r343190: net80211: drop m_pullup call from ieee80211_crypto_decap.
MFC r343244: devd.conf(5): add otus(4) into wifi-driver-regex
MFC r343249: Fix duplicate wpa_supplicant(8) / hostapd(8) startup with devd(8)
MFC r343213: net80211: resolve ioctl <-> detach race for ieee80211com structure
MFC r343341: ifconfig: drop unused macros from ifieee80211.c
MFC r343235: iwn(4): drop return code from iwn_*attach functions (they cannot fail)
MFC r343340: net80211: fix channel list construction for non-auto operating mode.
MFC r343342: net80211: turn channel mode check into assertion.
MFC r343234: run(4): add more length checks in Rx path.
MFC r343238: urtw(4): add length checks in Rx path.
MFC r343472: otus(4): fix a typo in man page (802.11 -> 802.11n)
MFC r343473: geom_uzip(4): move NULL pointer KASSERT check before it is dereferenced
MFC r343495: wlan.4: improve wording
MFC r343497: Unbreak devd.conf(5) regex after r343249
MFC r343496: pcf(4): fix parentheses in if condition
MFC r343499: rc(8): do not stop dhclient(8) when wpa_supplicant(8) / hostapd(8) is used
MFC r343518: rtwn_usb(4): add new USB id.
MFC r343502: Remove RADIUS-related files when WITHOUT_RADIUS_SUPPORT=true is set in src.conf(5)
MFC r343576: ndiscvt(8): abort if no IDs were found during conversion.
MFC r343524: rsu(4): do not ignore mgmtrate / mcastrate / ucastrate.
MFC r343541: Drop some unneeded includes from wireless USB drivers.
bapt (1):
MFC: 343546
bcr (2):
Add ZFS usage tips to freebsd-tips.
MFC r343532: A few corrections and clarifications to r343406.
brooks (7):
MFC r343162:
MFC r343305:
MFC r343366:
MFC r340242:
MFC r340129, r340195, r340198
Regen after r343596: enable ppoll in capability mode.
MFC r343587:
cy (5):
MFC r343073:
MFC r343103:
MFC r343486:
MFC r343600:
MFC r342815:
delphij (4):
MFC r342845,342846: Port NetBSD improvements:
MFC r342856: Added support for the SIOCGI2C ioctl.
MFC r343038: Use TD_IS_IDLETHREAD instead of unrolled version.
MFC r342813: Remove unneeded headers.
emaste (3):
MFC r343153: freebsd-update.8: mandoc -Tlint fixes
MFC linuxulator stack memory disclosure fixes
MFC r339960 (cem): freebsd-update: add a progress report
gallatin (2):
MFC r341095:
MFC r343430
gjb (1):
MFC r343259: Correct a typo: was -> way.
gonzo (18):
MFC r343450:
MFC r343443, r343446, r343448, r343452
MFC r343028, r343104
MFC r343009, r343109-r343110, r343128, r343232
MFC r343222-r343223, r343338
MFC r343008:
MFC r343029:
MFC r343060:
MFC r343069:
MFC r343106:
MFC r343127:
MFC r343129:
MFC r343156:
MFC r343224, r343533
MFC r343170:
MFC r343391:
MFC r343458:
MFC r343516:
hselasky (7):
MFC r343392: Fix duplicate acquiring of refcount when joining IPv6 multicast groups. This was observed by starting and stopping rpcbind(8) multiple times.
MFC r343393: Add debugging sysctl to disable incoming MLD v2 messages similar to the existing sysctl for MLD v1 messages.
MFC r343394: When detaching a network interface drain the workqueue freeing the inm's because the destructor will access the if_ioctl() callback in the ifnet pointer which is about to be freed. This prevents use-after-free.
MFC r343395: Fix refcounting leaks in IPv6 MLD code leading to loss of IPv6 connectivity.
Build fix for missing NET_EPOCH_XXX() dependencies after r343650. This patch is to be reverted when the relevant changes are MFC'ed. This is a direct commit.
MFC r343451: Add full support for PCI_ANY_ID when matching PCI IDs in the LinuxKPI.
MFC r343453: Add new USB quirk.
jah (1):
MFC r343005: Handle SIGIO for listening sockets
jhibbits (3):
MFC r342988:
MFC r341387:
MFC r342671:
jilles (1):
MFC r343105: libedit: Avoid out of bounds read in 'bind' command
kevans (2):
MFC r342903, r342911: libbe(3)/bectl(8) refactor and fix mount for deep BEs
MFC r342757: getopt_long(3): fix case of malformed long opt
kib (17):
MFC r343108: Trim whitespace at EoL, use tabs instead of spaces for indent.
MFC r343017: Handle overflow in calculating max kmem size.
MFC r343081: Trim spaces at the end of lines.
MFC r343082: Implement shmat(2) flag SHM_REMAP.
MFC r343085: Improve iflib busdma(9) KPI use.
MFC r343086: Remove unused prototype.
MFC r343087: Style(9) fixes for x86/busdma_bounce.c.
MFC r343302: Remove unused *_sysinit_flags() declarations.
MFC r339461: nvdimm(4): Fix GCC 6.4.0 build
MFC r343143: nvdimm: add a driver for the NVDIMM root device
MFC r343144: nvdimm: initialize SPA uuids statically.
MFC r343145: MI VM: Make it possible to set size of superpage at boot instead of compile time.
MFC r343146: x86 busdma: fix mis-use of bus_addr_t where vm_paddr_t is assumed.
MFC r343147: i386/PAE busdma: allow more bounce pages.
MFC r343484: Remove now redundand ifunc relocation code which should have been removed as part of r341441.
MFC r343607: Reserve a bit in the FreeBSD feature control note for marking the image as not compatible with ASLR.
MFC r343780: amd64: clear callee-preserved registers on syscall exit.
kp (7):
MFC r342989
MFC r342990
MFC r343130
MFC r343041
MFC r343295:
MFC r343297:
MFC r343418:
marius (2):
MFC: r342634
MFC: r343481
markj (12):
MFC r343117: Fix handling of rights on stdio streams.
MFC r343245: Revert r343117.
Properly commit the revert of r343205.
MFC r342864: Specify the correct option level when emulating SO_PEERCRED.
MFC r343265: hwpmc: Plug memory disclosures from PMC_OP_{GETPMCINFO,GETCPUINFO}.
MFC r343286: nfs: Zero the buffers exported by NFSSVC_DUMPCLIENTS and DUMPLOCKS.
MFC r343348: ocs_fc: Ensure that we zero-initialize memory before copying it out.
MFC r343363, r343364: Fix an LLE lookup race.
MFC r343274, r343275: Optimize RISC-V copyin(9)/copyout(9) routines.
MFC r343247: Fix cmp(1) tests for "special" mode.
MFC r343353: Correct uma_prealloc()'s use of domainset iterators after r339925.
MFC r343784: Avoid leaking fp references when truncating SCM_RIGHTS control messages.
mav (6):
MFC r342977 (by cem): amdtemp(4): Add support for Family 15h, Model >=60h
MFC r342399: Remove CAM SIM lock from NVMe SIM.
Increase MTX_POOL_SLEEP_SIZE from 128 to 1024.
MFC r342546: Add descriptions to NVMe interrupts.
MFC r342558: Switch from mutexes to atomics in GEOM_DEV I/O path.
MFC r342557, r342559: Reimplement nvd(4) detach handling.
mckusick (1):
MFC of 343449 and 343483
mw (1):
MFC r343074: Suppress excessive error prints in ENA TX hotpath
np (1):
MFC r342603: cxgbe(4): Attach to two T540 variants.
nyan (2):
MFC: r342964
MFC: r342965
pfg (3):
MFC r343023: msun: reduce diff between src/e_j0.c and src/e_j0f.c
MFC r343459: ext2fs: Add some extra consistency checks for the superblock.
MFC r342379, r342383: gai_strerror() - Update string error messages according to RFC 3493.
sef (1):
MFC r342928: Change ZFS quotas to return EINVAL when not present (matches man page).
shurd (1):
MFC r343047:
tsoome (3):
MFC r343123: loader should ignore active multi_vdev_crash_dump feature on zpool
MFC r343124:
MFC r343225: Unbreak mip64 build after r328437
tuexen (3):
MFC r342857:
MFC r342879:
MFC r343089:
vmaffione (2):
MFC r343413
MFC r343552
wulf (3):
MFC r340338: wmt(4): Add PNP record so it could be picked by devd/devmatch. Fix uhid(4) conflict with blacklisting of multitouch HID-usages in uhid(4) probe handler.
MFC r340912,r340913:
MFC r340926:
Installer images: http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/ISO-IMAGES/HardenedBSD-12-STABLE-v1200058.3/
CHECKSUM.SHA512:
SHA512 (HardenedBSD-12-STABLE-v1200058.3-amd64-bootonly.iso) = 75661d8fc8c6508c6e27ad36c1bc18f5a6a43b95e71623d3b227b29e439b4cf835ab3525343e045e91d9db061b7926722b9342c27d6613534eff632f7b5c4567
SHA512 (HardenedBSD-12-STABLE-v1200058.3-amd64-disc1.iso) = 4d368903e3edbe6ca5290b3ad3a4bf2c85455731839a55b38113283ee7e2ffbdf020c983f6d24fed7141af754e55592f5d55b2d334b108b3f3e5b5a0423c1d32
SHA512 (HardenedBSD-12-STABLE-v1200058.3-amd64-memstick.img) = 8debd3c0702cb3733d6bafbff05c6d54838fa4c5be68fb0cda778cc38a2c5fcc8e85009de30d7e96fe7161c6dfb2edfbf430b76f9380829435423c7cf9e1dc69
SHA512 (HardenedBSD-12-STABLE-v1200058.3-amd64-mini-memstick.img) = 6325fa8feeea551c065e6b6009809c6048a1ed4d2ef6fe657ad1e2ed59345bb72f4fdae0950b69491725b0d46680da81b24cb539a439dc8765c9889a15977fde
CHECKSUM.SHA512.asc:
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlxaN5gACgkQgZsRom/9
GI3aOhAAtAhGQ2nlQI+bll2DSBj2gV1Ph0z3M1zeL6Wyii1JtZLroLmUHoTnkN5P
smCLgPoNXDQlkRlBTjF/UtEuguxEQfa30U3q+lEs3SBprvCK214QXS7fTazs7Im6
vNdyoqGAgGmN6HViybRHL2ZilaxYoQBdl7zimFgphlQ/Qa8p8zkBMv+mZp7wwrDn
kK/1RYlioJsw2bNEYTVTRPy/pBTDolNlkc0z2NZ21V5QObJRxLphrqaY8Yl5B7zV
W+TRDWV+dFcCjiMUxHrzkTWNBcBAlsjZo9bWXPhgxvygqfHzD7J7wbliVkEKLz8N
8nYga5KtlMUBN5IRoRtwOpVLUerfKxmbDvqzyMYR1mLGD3giVXzvGQX5jdaHSkSs
+3lEBXghVrAj0nXHq3r0XZawLi6bOwe9XDfOcSue2CblGlhOpknIvh2bY6gCF1Pt
BcfduhG1QSmL3dcCgkQkmOnqVVVKkraBdUpAZET3OhAsnD+Q/u1aW00TygLlEUh7
Msj4AxCSCqgS0xE/zzLbXwXfGV9RPbJ2LFz4zNuz54mOnUmWD5qd9Yzl2ezyG5c0
w5FWdjlxWPJmJovQEfAOuUJ5UyhjPVMnaTd9W1occNWgHwFk931NRMG/HrG13yWj
oPj2e7HcDrS5guh+m56S6HuZG8lw3nGhT6KyhxfF+TByCYLNMkg=
=C22B
-----END PGP SIGNATURE-----
shortlog-HardenedBSD-12-STABLE-v1200058.3.txt
CHECKSUM.SHA512.txt
CHECKSUM.SHA512.asc.txt