Releases: HardenedBSD/hardenedBSD-stable
HardenedBSD-10-STABLE-v41.1
Mark Felder (1):
HBSD: fix the comments in HardenedBSD.conf
Oliver Pinter (2):
HBSD: implement mirror selection logic for hardenedbsd
HBSD: fix the distsets path in mirrorselect
Oliver Pinter + (4):
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
ae (1):
MFC r295969: Fix bug in filling and handling ipfw's O_DSCP opcode. Due to integer overflow CS4 token was handled as BE.
bdrewery (1):
MFC r295995:
delphij (1):
Merge OpenSSL 1.0.1s. This is a security update.
jimharris (1):
MFC r295944:
sephe (1):
MFC [Hyper-V]: r296028
HardenedBSD-10-STABLE-v41
Oliver Pinter (19):
HBSD: remove unneeded sysctls from ASLR implementation
HBSD: move pax_disallow_map32bit_active() to it's place in pax.h
HBSD: remove stale function declaration
HBSD: convert the PAX_NOTEs kernel private
HBSD: rework the base hbsd structure
HBSD: remove unused PAX_FEATURE_UNKNOWN_STATUS state
HBSD: remove dead code from hbsd_pax_{common,hardening}.c
HBSD: added skeleton feature implementation
HBSD: remove ptrace_hardening
HBSD: add hbsd related sysctl macros: SYSCTL_HBSD_{2,4}STATE
HBSD: start using the newly intorduced SYSCTL_HBSD_{2,4}STATE in ASLR
HBSD: fix rtld build after the PAX_NOTES conversion (b8faf65680d366cfb9b865f534fe6abfb4c46faa)
HBSD: start using the newly intorduced SYSCTL_HBSD_{2,4}STATE in hbsd_pax_hardening.c
HBSD: start using the newly intorduced SYSCTL_HBSD_{2,4}STATE in hbsd_pax_log.c
HBSD: start using the newly intorduced SYSCTL_HBSD_{2,4}STATE in hbsd_pax_segvguard.c
HBSD: start using the newly intorduced SYSCTL_HBSD_{2,4}STATE in hbsd_pax_noexec.c
HBSD: start using the newly intorduced SYSCTL_HBSD_{2,4}STATE in hbsd_pax_SKEL.c
HBSD: bump __HardenedBSD_version to 41 after recent changes
HBSD: add HBSD_EXTRA environment variable to newvers.sh
Oliver Pinter + (22):
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Shawn Webb (3):
HBSD: hbsd-update: support /boot being a symlink
HBSD: Use the right path for jls(8).
HBSD: Skip /root/.cshrc on update.
araujo (2):
MFH: 285685 Add support to the jail framework to be able to mount linsysfs(5) and linprocfs(5).
MFH 295796 (based on) Fix regression introduced on 272446r. lagg(4) supports the protocol none, where it disables any traffic without disabling the lagg(4) interface itself.
bapt (1):
MFC r295455
bdrewery (2):
MFC r295665:
MFC r294933,r294949,r294952,r294953,r294957,r294965,r294967,r294968,r295017, r295026,r295027,r295029,r295030,r295649:
cy (1):
MFC r295495 - Update leapsecond file in non-chroot environments.
davidcs (3):
MFC r294854 Upgrade FW to 5.4.56 Update driver version to 3.10.26
MFC r295823
MFC r295830 Remove dead code. Code Cleanup. Improve clarity in debug messages
delphij (1):
MFC r295914: MFV r295913:
des (4):
MFH (r295533): remove broken unbound-control-setup script
MFH (r295535): use insecure-lan-zones option instead of hardcoded list
MFH (r295536): fix double-free error when SSL connection fails
MFH (r294326): fall back to standard / configured CA store
dumbbell (1):
drm/i915: Restore pci_enable_busmaster() call in the init path
emaste (2):
MFC r295496: Document boot1.efi's handling of /boot.config
MFC r295497: Update uefi.8 for ZFS and multi device boot support
erj (1):
MFC r295323: Update em(4) to 7.6.1; update igb(4) to 2.5.3.
garga (1):
MFC r286641 (from oshogbo):
gnn (1):
Revert 295285 which was an MFC of the tryforward work (r290383,295282,295283)
jhb (2):
MFC 295418,295419: Fix hangs or panics when misbehaved kernel threads return from their main function.
MFC 295636,295637: Fix issues with tracing Linux/i386 binaries.
jimharris (2):
MFC r295532:
MFC r295022:
ken (1):
MFC, r295417:
kib (4):
MFC r294595: When devfs dirent is freed, a vnode might still keep a pointer to it, apparently. Interlock and clear the pointer to avoid free memory dereference.
MFC r294596: Limit the accesses to file' f_advice member to VREG vnodes only. Recheck that f_advice is not NULL after lock is taken.
MFC r294598: In tty_dealloc(), clear the queues.
MFC r295717: After nullfs rmdir operation, reclaim the directory vnode which was unlinked. Otherwise the vnode stays cached, causing leak. This is similar to r292961 for regular files.
marius (5):
MFC: r264565
MFC: r287299 [1]
In preparation for 10.3-RELEASE, temporarily revert the MFC of r291244 done as part of r292895 on stable/10 as that change causes hangs with ZFS and the cause on at least amd64 so far not understood. Discussed with: kib For further information see: https://lists.freebsd.org/pipermail/freebsd-stable/2016-February/084045.html
MFC: r295906
Update stable/10 to BETA3 in preparation for 10.3-BETA3 builds.
markj (2):
MFC r295574: Clear the cookie pointer on error in tmpfs_readdir().
MFC r295737: Use the _SAFE loop variant.
pfg (1):
MFC r295616: ext2fs: Remove panics for rename() race conditions.
sephe (2):
MFC [Hyper-V]: r293719-r293722, r293869-r293871, r293873-r293875, r293877
MFC [Hyper-V]: r294553, r294700
smh (1):
MFC r272785:
tuexen (2):
MFC r295549: Loopback addresses are 127.0.0.0/8, not 127.0.0.1/32.
MFC r295273: In FreeBSD 10 and higher the driver announces SCTP checksum offloading support also for 82598, which doesn't support it. The legacy code has a check for it, which was missed when the code for dealing with CSUM_IP6_* was added. Add the same check for FreeBSD 10 and higher.
HardenedBSD-11-CURRENT-v40.2
[hardenedbsd] HBSD: add WITHOUT_HBSD_UPDATE src.conf knob to disable hbsd-build's installation
[hardenedbsd] HBSD: fix build on i386
[hardenedbsd] Revert "HBSD: Default jemalloc's lg_chunk to 16 from 21."
[freebsd] EFI fixes
[freebsd] Adjust initialization of random(9) so it is usable earlier.
[hardenedbsd] lot of new hardenedbsd related man page
[freebsd] OpenSSH 7.1p2
[hardenedbsd] HBSD: Update updater root certificate
[freebsd] Update em(4) to 7.6.1; update igb(4) to 2.5.3. (skylake support)
[freebsd] hyperv support cleanup / rewrite
[freebsd] ZFS + UEFI support
HardenedBSD-10-STABLE-v40.4
[hardenedbsd] HBSD: fix MAP32_BIT mode mmap when allowed
HardenedBSD-10-STABLE-v40.3
[hardenedbsd] HBSD: add WITHOUT_HBSD_UPDATE src.conf knob to disable hbsd-build's installation
[hardenedbsd] HBSD: fix build on i386
[hardenedbsd] Revert "HBSD: Default jemalloc's lg_chunk to 16 from 21."
[freebsd] FreeBSD 10.3-BETA2
[freebsd] EFI fixes
[freebsd] Adjust initialization of random(9) so it is usable earlier.
[hardenedbsd] lot of new hardenedbsd related man page
[freebsd] OpenSSH 7.1p2
[hardenedbsd] HBSD: Update updater root certificate
HardenedBSD-10-STABLE-v40.2
[freeebsd] 10.3-BETA1
[freebsd] The zfsboot (zfs auto mode) part of bsdinstall now supports UEFI
[freebsd] bhyve windows support
HardenedBSD-11-CURRENT-v40.1
HardenedBSD-10-STABLE-v40.1
[hardenedbsd] HBSD: Don't check for ZFS KLD when non-root.
[hardenedbsd] HBSD: Harden KLD-related syscalls
[hardenedbsd] HBSD: Add /proc to the hbsd-update's skipped files list.
[hardenedbsd/freebsd] HBSD: ktrace: tidy up ktrstruct
[freebsd] Merge OpenSSL 1.0.1r.
[freebsd] Add EFI ZFS boot support
[freebsd] e1000 driver update
HardenedBSD-11-CURRENT-v40
[freebsd] linuxulator Implement AT_SECURE properly. FreeBSD-SA-16:10.linux (in the default HARDENEDBSD kernel config this is disabled)
[hardenedbsd] HBSD: Harden KLD-related syscalls
[hardenedbsd] HBSD: Default jemalloc's lg_chunk to 16 from 21.
[hardenedbsd] HBSD: fix integer overflow in iconv kernel module
[hardenedbsd] HBSD: bump __HardenedBSD_version to 40 after HBSD API changes
[hardenedbsd] HBSD: add public API to query the running kernel's __HardenedBSD_version
[hardenedbsd] HBSD: major flags related type cleanup
[freebsd] MFV r294491: ntp 4.2.8p6. FreeBSD-SA-16:09.ntp
[freebsd] Upgrade to OpenSSH 7.1p2.
[freebsd] loader - Fix EFI UFS caching
[hardenedbsd] HBSD: change the default stack protection in amd64 case
[hardenedbsd] HBSD: Fix etcupdate integration
[freebsd] Connect the ZFS boot environment menu to the UEFI loader
[freebsd] Add EFI ZFS boot support
HardenedBSD-10-STABLE-v40
[freebsd] Implement AT_SECURE properly. FreeBSD-SA-16:10.linux (HardenedBSD not affected by default install)
[freebsd] ntpd update FreeBSD-SA-16:09.ntp (already fixed in 10-STABLE v39.2)
[hardenedbsd] HBSD: Default jemalloc's lg_chunk to 16 from 21.
[freebsd] continued UEFI loader rewrite
[freebsd] Remove the HPN and None cipher patches. (ssh)
[hardenedbsd] HBSD: bump __HardenedBSD_version to 40 after HBSD API changes
[hardenedbsd] HBSD: add public API to query the running kernel's __HardenedBSD_version
[hardenedbsd] HBSD: major flags related type cleanup
[hardenedbsd] HBSD: fix integer overflow in iconv kernel module