Releases: HardenedBSD/hardenedBSD-stable
Releases · HardenedBSD/hardenedBSD-stable
HardenedBSD-12-STABLE-v1200058.1
Highlights:
- MFC r342227: bootpd: validate hardware type (cc913fb) [FreeBSD-SA-18:15.bootpd]
- MFC r339909: Allow changing lagg(4) MTU. (8b8bd1f)
- MFC: r340090, r342056 Merge ACPICA 20181031 and 20181213. (2f4ca9c)
- MFC r342125: Fix bugs in plugable CC algorithm and siftr sysctls. (92b6550) [CVE-candidate]
- MFC r342127 Revert r331567 CC Cubic: fix underflow for cubic_cwnd() (38ba964)
Changelog
Oliver Pinter (2):
HBSD: Revert "HBSD: Fixup freebsd-version output"
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Oliver Pinter + (8):
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master
ae (1):
MFC r341798: Use correct size for IPv4 address in gethostbyaddr(). When u_long is 8 bytes, it returns EINVAL and 'ipfw -N show' doesn't work.
araujo (1):
MFC r340707:
avos (1):
MFC r342124: Add new USB id in rtwn_usb(4) (RTL8812AU)
brooks (1):
MFC r342125:
cy (1):
MFC r342150:
emaste (1):
MFC r342227: bootpd: validate hardware type
eugen (1):
MFC r342071: ng_bpf.4: fix EXAMPLES: do not activate promiscuous mode
hiren (1):
MFC r342127 Revert r331567 CC Cubic: fix underflow for cubic_cwnd()
hselasky (1):
MFC r341844: Don't register IOCTLs with capsicum when there is no valid file descriptor. This fixes tcpdump when using mlx5_X devices.
jkim (1):
MFC: r340090, r342056
kib (2):
MFC r341810: Free bootstacks after AP startup.
MFC r342144: Document new required MI behaviour of pmap_enter(9) for CoW.
markj (8):
MFC r341821: Fix the PAE kernel gcc build.
MFC r341807: Use inline tests for individual PTE bits in the RISC-V pmap.
MFC r341808: Remove an unused malloc(9) type.
MFC r341594, r341601: mlx4en(4) and ixl(4) have netdump support.
MFC r340402, r340914 (by alc), r341602 (by alc), r341766 (by alc): Allow allocations across meta boundaries.
MFC r341837, r342192: Use Capsicum helpers in ping(8).
MFC r341595: Clamp the INPCB port hash tables to IPPORT_MAX + 1 chains.
Revert r342219.
mav (1):
MFC r339909: Allow changing lagg(4) MTU.
shurd (1):
MFC r341824:
sobomax (2):
MFC r341253: panic() should not apply \n.
MFC r341257: improve speed of empty block detection.
Installer images: http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/ISO-IMAGES/HardenedBSD-12-STABLE-v1200058.1/
CHECKSUM.SHA512:
SHA512 (HardenedBSD-12-STABLE-v1200058.1-amd64-bootonly.iso) = 8f99acab3e53955cf6863b401fda4f45c2424150d6d8390ac891b7529050c4a46389b9ebe2eb440f0fd4f494d105d3e0998cdb509b571e949666291a868495e9
SHA512 (HardenedBSD-12-STABLE-v1200058.1-amd64-disc1.iso) = 0260437d461b57fcaabb3a695684ee6fbba219b3506695a52630a676baa35173e00e59e524b6156f825831b392a4e60bcd4526d8d1813dd91d9e74fa31d89437
SHA512 (HardenedBSD-12-STABLE-v1200058.1-amd64-memstick.img) = c0d3b3d8664d1104187f4f907da7b03aaff6b0cb484774565d0ff1c15515d539ac7c86574c139f715acefb88125de18123e7a4ef1ef951ef30fe1eff565517de
SHA512 (HardenedBSD-12-STABLE-v1200058.1-amd64-mini-memstick.img) = 48972f624b03fb13f92cfcd6f83d7d9e938cb284d9159a0f2e63afbd97c75057bc45a2da1d98884a16a6f71e86eba84b817b40796d7b753b1fb920328691fe41
CHECKSUM.SHA512.asc:
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlwa9LwACgkQgZsRom/9
GI2SuRAAjzS+OSy5WHPhcTJXHA/KIZzywI3++KY1bhvnR7hVDKHkaOeT/q1Q3z3f
i2w7jSnf76mrmWAQx3h/tshjQ+l51kUdj8Fn7FHsQ2ub7DwVkN05U1V5TJdw84ma
gbmDlnodV257rQUVoUb+OcDXClhrPzvJshKZQgOcq512P3mWvsRfCyTUcbiCyhDk
4IDG68/7Xud3/ZAvP0NQsZ//XbCyHIukl8LoY5ZeOcPW/vePK159PyeKbS5iYRmM
+q58JT71Nc2mz96wgb1QCj3f1w7F4Jpc7VdQ0qAb4Km48g4QrDtBPksx/4bIwU7E
tBbBsvESoRP2b7DTO8FVWvNzclFIg4iL92NcxMv53zPTzXOm3zQ6t3SZk6wM70Xz
NZ551Aqnkip3Y/VxxcUIUmgFIqmM/XaD5zPBgOeaKyNmj96VraPhbCArblHKHZlK
B/KVgFb+5QMHGD/Nk2T05Zn2VG7Qldp37AR4+GeYQGN5yeu9a9NgREPXuJmawB/N
58yQiUZKTVzSsyy9kEFAIgBRaEs8sM+GxmQyqZH4AgikBX22X8oYLsL4L+SE8bYM
7dQHSnjx727tguGvQfst/rIR4ARSmCeoziOHTmrCZbWSGQ4foRW96AshJ3fWAGAT
9OFr6vPLlMzpY4tuNC2+kpNd5jeG9rA3llAkoo3AT6ed0dfQppg=
=nv3j
-----END PGP SIGNATURE-----
shortlog-HardenedBSD-12-STABLE-v1200058.1.txt
CHECKSUM.SHA512.txt
CHECKSUM.SHA512.asc.txt
HardenedBSD-12-STABLE-v1200058
Introducing HardenedBSD 12-STABLE
The first public release of hardened/12-stable/master branch, which contains lots of security improvements over 11-STABLE.
Among those improvements are:
- Non-Cross-DSO Control-Flow Integrity (CFI) for applications on amd64 and arm64. At this time, CFI is not applied to the kernel. More info on CFI is below.
- Jailed bhyve.
- Per-jail toggles for unprivileged process debugging (the
security.bsd.unprivileged_process_debugsysctl node). - Spectre v2 mitigation with retpoline applied to the entirety of base and ports.
- Symmetric Multi-Threading (SMT) disabled by default (re-enable by setting
machdep.hyperthreading_allowedto1in loader.conf(5)). - Migration of more compiler toolchain components to llvm's implementations (llvm-ar, llvm-nm, and llvm-objdump).
- Compilation of applications with Link-Time Optimization (LTO).
Non-Cross-DSO CFI
Non-Cross-DSO CFI is an exploit mitigation technique that helps prevent attackers from modifying the behavior of a program and jumping to undefined or arbitrary memory locations. Microsoft has implemented a variant of CFI, which they term Control Flow Guard, or CFG. The PaX team has spent the last few years perfecting their Reuse Attack Protector, RAP. CFI, CFG, and RAP all attempt to accomplish the same goal, with RAP being the most complete and effective implementation. Clang's CFI is stronger than Microsoft's CFG and PaX Team's RAP is stronger than both CFI and CFG. RAP would be a great addition to HardenedBSD; however, it requires a GPLv3 toolchain and is patented.
Clang's CFI requires a linker that supports Link-Time Optimization (LTO). HardenedBSD 12-STABLE ships with lld as the default linker. All CFI schemes have been enabled for nearly all applications in base. Please note that any application that calls function pointers resolved via dlopen + dlsym will require the cfi-icall scheme to be disabled.
Installer images
CHECKSUM.SHA512
SHA512 (FreeBSD-12.0-STABLE-amd64-bootonly.iso) = ead39af6bc301c96c5a222884b79ec6f3b4d4ea3dedbec9f12526c2ac59360ed4fe681e49eb2982312c9d7d0d0b567751e338318a4f717cb7bed0aaa0ed3a211
SHA512 (FreeBSD-12.0-STABLE-amd64-disc1.iso) = 9b0d77db60c557e6011cc2388b70576834e4305bdb6e05d7f1e9fce95bc6cc119874120c88189753ca2ce117ab167b706a2aa35cf0563f6152407629996e10fc
SHA512 (FreeBSD-12.0-STABLE-amd64-memstick.img) = 97a70f614785df0de323c634b1e6f2b8a5f2d8b53e4584192f95f8f15fc346d31e52183fa19d1513e2e69dd2b002b42004f17e7fe85d8a00fab05a4d49bf999d
SHA512 (FreeBSD-12.0-STABLE-amd64-mini-memstick.img) = 11aff5393fbdbce0840332b70794265b141c083ecc7b2f49a3cbca0618aca55bebbeb7472a984d6d853b4b40751e239daca58b75e40a6334ae5ba128cda4552e
CHECKSUM.SHA512.asc
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlwXGq0ACgkQgZsRom/9
GI2M1w//btTs6Ek9HEcyRgv5kxpXwlf//E7YZNwpgF88CSdRhvfTDmyySjGmotaQ
ZSuL1x+nYVDqPc7vTeSU0wFdYjBWOLJpqecLmHSY+0fbZCRgRFd2pgQgxS6fhybb
M41V57GTQn5ogoeKQsCko2J7L8OzKhJh9c4FWD5L4H7YZTvv5aBWEIVqZvCEGEiY
XJZt2wpMICXwALyeVXSBN2S+DoMj2cD2W40pdbg3DdfVi6cAPZ/YQvPqG7h15+DP
ajFYsdU9UeNSHupp/qB3WkcQDgcnohx8ZbIjmTthHpocQXqKvwTvMHn3pByzoBoI
QYIYs6DEF1XynMDudzb2OtkvoskShpTE0h462VTn6Hm2BDcRlHZU+yNZSP4N8ut6
XNztkYe0b2JyKShUpG1pwkPIBgvM6eNDl5D+XKz2Cru2DEgpC40VVSGz5W7L9eYQ
O5xPKruIUWF6aS5g3/ooBpOAz25hqYHBsd0hPcqczgsfRhcjOSHUCSeiFJwAq7Av
gVN7rrzvHQPY/D1s7k20K+vjku5gOTyICuY5rdmZIOuMmAKbOijgY+Lp595XLneE
wEdvb1vXHbm6P1XhJNP+WPnENu18KHt4xWQ8lnCS0SUlL0qiN2gLvgRDhv22muzh
VSa82LishLniWf9TdMyN7Enxj2jofsMnDXn2vTmCwP9P+U09ipw=
=KDI2
-----END PGP SIGNATURE-----
HardenedBSD-11-STABLE-v1100056.10
Highlights:
- HBSD MFC r341470: ggated: do not expose stack data in sendfail() 370912d [FreeBSD-SA-candidate]
- MFC r341442, r341443: Plug memory disclosures via ptrace(2). (600baf4) [FreeBSD-SA-candidate]
- MFC r341484 Always treat firmware request and response sizes as unsigned. (5b0911e) [FreeBSD-SA-18:14.bhyve CVE-2018-17160]
- MFC r337812,r337814,r337820,r341068: Fix several memory leaks (r337812 & r337814). (4a6ee69) [FreeBSD-SA-candidate]
- MFC r340968: Plug routing sysctl leaks. (fe7eaf6)
- MFC r340995 Prevent kernel stack disclosure in signal delivery (ee1166b) [FreeBSD-SA-candidate]
- MFC r340994 Prevent kernel stack disclosure in getcontext/swapcontext (88ba4e0) [FreeBSD-EN-18:12.mem CVE-2018-17155]
- netmap updates
Changelog
Oliver Pinter (2):
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
HBSD MFC r341470: ggated: do not expose stack data in sendfail()
Oliver Pinter + (16):
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
ae (1):
MFC r341073: Do not limit the mbuf queue length for keepalive packets.
arybchik (1):
MFC r340765
cy (4):
This is a direct commit to the stable/11 branch. This would have been MFC r340754 except that etc/rc.d has been moved in HEAD which would have resulted in a tree conflict if merged.
MFC r340909:
MFC r340868:
MFC r340867:
dab (1):
MFC r337812,r337814,r337820,r341068:
emaste (2):
MFC r340095: Remove apparently unused 0-byte files that cause grief on Windows
MFC r327860: ANSIfy function definitions in sys/vm/
eugen (3):
MFC r340978-340979: ipfw.8: new section to EXAMPLES: SELECTIVE MIRRORING
MFC r340110: ipfw(8): clarify layer2 processing abilities
MFC r340135: Make ng_pptpgre(8) netgraph node be able to restore order for packets reordered in transit instead of dropping them altogether. It uses sequence numbers of PPtPGRE packets.
gjb (2):
MFC r340983: Fix NTP query on GCE due to unresolved hostname.
Document SA-18:13, EN-18:13, EN-18:14, EN-18:15.
gordon (1):
MFC r341484
kib (2):
MFC r340922: Avoid unneeded check in vmspace_alloc().
MFC r341094: Improve sigonstack().
markj (5):
MFC r340730, r340731: Add taskqueue_quiesce(9) and use it to implement taskq_wait().
MFC r340968: Plug routing sysctl leaks.
MFC r340483 (by jtl): Add some additional length checks to the IPv4 fragmentation code.
MFC r341247: Update the free page count when blacklisting pages.
MFC r341442, r341443: Plug memory disclosures via ptrace(2).
mmel (1):
MFC r338317:
oshogbo (1):
MFC r339502 Add link to the setproctitle_fast function.
sef (1):
MFC r340442
vangyzen (3):
MFC r340409
MFC r340994
MFC r340995
vmaffione (11):
MFC r339548
MFC r339659
MFC r339685
MFC r340279
MFC r340325
MFC r339639
MFC r340436
MFC r340475
MFC r341144
MFC r341145
MFC r341430
yuripv (1):
MFC r340976: vi: fix UTF-8 detection.
Installer images: http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/ISO-IMAGES/HardenedBSD-11-STABLE-v1100056.10/
CHECKSUM.SHA512:
SHA512 (HardenedBSD-11-STABLE-v1100056.10-amd64-bootonly.iso) = 6ca4a5de222683ff4716090d55ffd1b19f50e98b7bef0012e94acf6ef73d61e2aaabe87026e2e58f1df4f797e5dd31130a4bac4d5cee82299bb75d215c5d1462
SHA512 (HardenedBSD-11-STABLE-v1100056.10-amd64-disc1.iso) = 40e2a44bd010fb2b1e14b4b8b90ee86ac86cf0bb9f629c9a121cb24ed2e25fc6b5a3e821b770c483e922fd2a5de535b4ecfde9b759888775f51478e2fb183713
SHA512 (HardenedBSD-11-STABLE-v1100056.10-amd64-memstick.img) = 2e57b96f5d9f75b277792052690947a849ca85a0e0860474b37cce06a623a5f566f60738b762ee6966081847be129a821ca199f17b3f286dafdbdbe6e1c70e0e
SHA512 (HardenedBSD-11-STABLE-v1100056.10-amd64-mini-memstick.img) = a216932ecf6c218b7f8984ca55524c18ab85e5bcce163d11effdf889883e28ba6feb4546ff3e28c9e2a29440f147363ae4444e75f56bd18b6a02176db5f8810c
CHECKSUM.SHA512.asc:
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlwHBLoACgkQgZsRom/9
GI3zlg//dLtnJmc52UuttbSD1NV2h2hv4mNW/UteFjxGtJgdOCkjRGpx3sI4Vm1j
ks5NPMzi4Wy8r9l/bWv+k/bCvkxvjvt8gQKIBbDt8IauB1Bk+uxeWr3IcLn9eiPV
eC0diLLpUzTkbhN9NbnXbbugrrq4AeWFbOl06HIAw9HJolIYtLInOlH9XZToUItR
kbVD+AXjVmfntDWXPtkgCZdEEPe6zYAUgA39iyrcb5X3y+AVc9hDIoOGfPVoMIRR
rhEu1jwJPuT8C6r2hcareVpmfOESJTljh+yNw9iq/brkNXPW2UcPFwwkt7ajubaP
KW22bl9jGTTqA3JhpPHRwqFjyZzItD9TR4qPr/Fu2WTzYACyjNvWyCK/KJOvS6MX
ewepZ06yUhsLEjEiGpllJ4XipUn8c2hbTXLoKE/JOBvwhxIognoQ8yiEE645Vrb8
VCPLab5CK4y+CSZLEA2DWpiuWO7D/Z8pRIbV0tWKh1HrN5QPOjXeDDi+59t/016v
vb/i8YR0GhHgg3mPYCCUUgMey1e7vIjnmcj0OkZRyyx7bi2fP+37C/XBV9L7bFC7
kLO1pAX7hwWOp/H0dbrJCuLyWFLHjkgNODrxmmYk1OeWQoUT9KX1SFfYCKsNlpAn
Pq+17qjcl/Amswrpmw7a/WfXXLiNA46OyOU/aG9r1Z+8/Emd4YA=
=fwqX
-----END PGP SIGNATURE-----
shortlog-HardenedBSD-11-STABLE-v1100056.10.txt
CHECKSUM.SHA512.txt
CHECKSUM.SHA512.asc.txt
HardenedBSD-11-STABLE-v1100056.9
Highlights:
- MFC r340899: Plug some kernel memory disclosures via kevent(2). (57fd499) [FreeBSD-EN-18:12.mem CVE-2018-17155]
- MFC r340856: Ensure that directory entry padding bytes are zeroed. (3dc6e9a) [FreeBSD-EN-18:12.mem CVE-2018-17155]
- MFC r339818: rcorder(8): Add support for /etc/rc.resume (9837413)
- MFC r339808: Prevent ip_input() from panicing due to unprotected access to INADDR_HASH. [CVE candidate]
- MFC r340783: Plug some networking sysctl leaks. (e112826) [FreeBSD-EN-18:12.mem CVE-2018-17155]
- MFC r340772: Clear unused bytes in ia32_osendsig(). (7820796) [FreeBSD-EN-18:12.mem CVE-2018-17155]
- MFC r340771: proto: change device permissions to 0600 (91dc347) [CVE candidate]
- MFC r340663 (rmacklem): Improve sanity checking for the dircount hint argument to NFSv3's ReaddirPlus and NFSv4's Readdir operations. (3bb4648) [FreeBSD-SA-18:13.nfs CVE-2018-17157 CVE-2018-17158 CVE-2018-17159]
- MFC r340699: Clear pad bytes in the struct exported by kern.ntp_pll.gettime. 6c88f7d [FreeBSD-EN-18:12.mem CVE-2018-17155]
- MFC r340674: Fix another user address dereference in linux_sendmsg syscall (1162e51)
- MFC r340631: Do proper copyin of control message data in the Linux sendmsg syscall. (a771001)
- Merge OpenSSL 1.0.2q (9424b8c) [CVE-2018-5407 CVE-2018-0734]
- MFC r340205: Avoid specifying VM_PROT_EXECUTE in mappings from pipe_map and exec_map. (a1e236f)
- MFC r339465: rc.initdiskless: add support for auxiliary NVRAM. (889791a)
- MFC 339312,339364: Restore more descriptors during VM exits. (5093c36) [CVE candidate]
- MFC 338511: bhyve: Use MAP_GUARD when mapping guest memory ranges. (6dc9464)
- MFC r340260 (emaste): Avoid buffer underwrite in icmp_error (6033b7a) [CVE-2018-17156]
- HBSD MFC r340205: Avoid specifying VM_PROT_EXECUTE in mappings from pipe_map and exec_map. (a408354)
Changelog
Oliver Pinter (1):
HBSD MFC r340205: Avoid specifying VM_PROT_EXECUTE in mappings from pipe_map and exec_map.
Oliver Pinter + (38):
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
ae (9):
MFC r340100: Do not use bzero() for the O_ICMP6TYPE opcode.
MFC r339535: Do not allow use `create` keyword as hostname when ifconfig(8) is invoked for already existing interface.
MFC r339545: Do not decrement RST life time if keep_alive is not turned on.
MFC r339539: Add IPFW_RULE_JUSTOPTS flag, that is used by ipfw(8) to mark rule, that was added using "new rule format". And then, when the kernel returns rule with this flag, ipfw(8) can correctly show it.
MFC r339533: Add sadb_x_sa2 extension to SADB_ACQUIRE requests.
MFC r339542: Retire IPFIREWALL_NAT64_DIRECT_OUTPUT kernel option. And add ability to switch the output method in run-time. Also document some sysctl variables that can by changed for NAT64 module.
MFC r339544: Call inet_ntop() only when its result is needed.
Revert r340541. It requires VNET_DEFINE_STATIC() macro that is not yet merged into stable/11.
MFC r340689: Make multiline APPLY_MASK() macro to be function-like.
avg (2):
MFC r339591: ichwd: add support for TCO watchdog timer in Lewisburg PCH (C620)
MFC r339595: nfsrvd_readdirplus: for some errors, do not fail the entire request
bz (1):
MFC r340251:
emaste (19):
MFC r312758: Add sys/capability.h deprecation warning
MFC r306023: auditdistd: update for sys/capability.h rename
MFC r306024: mrsas: update for sys/capability.h rename
MFC r340137: rtld: move relro enforcement after ifunc processing
MFC r340171: capability.h: add comment about planned removal timeline
MFC r340076: Define NT_FREEBSD_FEATURE_CTL ELF note type
MFC r340075: readelf: decode R_MIPS_HIGHER and R_MIPS_HIGHEST relocation types
MFC r331078 (cem): nm: Initialize allocated memory before use
MFC r327219: readelf: report byte size for DT_PREINIT_ARRAYSZ
MFC r323632 (jhb): readelf: Add missing newline
Fix objcopy for little-endian MIPS64 objects.
MFC r338485 (jhb): libelf: Add gelf_mips64el.c to file list
MFC r340329: build(7): clarify buildenv target can be used for non-cross builds
MFC r340288: nvi: remove superfluous space before ^\
MFC r340299: Octeon SDK: avoid use of uninitialized variable
MFC r340661 (rmacklem):
MFC r340662 (rmacklem):
MFC r340663 (rmacklem):
MFC r340771: proto: change device permissions to 0600
eugen (13):
MFC r340249: ipfw.8: fix small syntax error in an example
MFC r339465: rc.initdiskless: add support for auxiliary NVRAM.
MFC r339472: rc.initdiskless: fix commentary grammar after r339465
MFC r339558: New sysctl: net.inet.icmp.error_keeptags
Unbreak build after r340670. This is direct commit to stable/11.
MFC r339807: Prevent multicast code from panicing due to unprotected access to INADDR_HASH.
MFC r339811: route(8): correctly return exit status when "-q" flag is used.
MFC r339806: Prevent stf(4) from panicing due to unprotected access to INADDR_HASH.
MFC r339816: mount_msdosfs
MFC r339810: ipfw: implement ngtee/netgraph actions for layer-2 frames.
MFC r339808: Prevent ip_input() from panicing due to unprotected access to INADDR_HASH.
MFC r339817: makewhatis: do not try to operate on read-only mounted directories just to fail later.
MFC r339818: rcorder(8):
gjb (1):
MFC r340260 (emaste): Avoid buffer underwrite in icmp_error
hselasky (8):
MFC r340089: Use correct type for IOCTL request argument. This fixes signed IOCTL value warnings in uhsoctl().
MFC r340212: Sometimes the complete split packet may be queued too early and the transaction translator will return a NAK. Ignore this message and retry the complete split instead.
MFC r340248: Don't read the USB audio sync endpoint when we don't use it to save isochronous bandwidth.
MFC r340254: Put a size limit on the opensm.log and use bzip2(1).
MFC r340479: Implement ktime_get_ts64() function macro in the LinuxKPI.
MFC r340480: Define asm macro in the LinuxKPI.
MFC r340621: Be more verbose when a sysctl fails to unregister. Print name of sysctl in question.
MFC r340622: Minor code factoring. No functional change.
jhb (3):
MFC 340164,340168,340170: Add custom cpu_lock_delay() for x86.
MFC 338511: bhyve: Use MAP_GUARD when mapping guest ...
HardenedBSD-11-STABLE-v1100056.8
Highlights:
- HBSD MFC r340077: m_pulldown() may reallocate n. Update the oip pointer after the m_pulldown() call. (fec14b2) [FreeBSD-SA-Candidate, CVE-2018-4407]
- MFC 338360,338415,338624,338630,338631,338725: Dynamic x86 IRQ layout. (160aee5)
- MFC r339681: Allow the bhyve VNC server to listen on IPv6 for incoming connections. (5e060e6)
- MFC 338408: Don't directly dereference a user pointer in the VPD ioctl. (b035f90)
- hwpmc: Enable hwpmc support for AMD Family 17H devices (1235e4a)
- MFC r339582: Drop sequencer mutex around uiomove() and make sure we don't move more bytes than is available, else a panic might happen. (4b87554) [FreeBSD-EN-Candidate, DoS]
- MFC r339581: Fix off-by-one which can lead to panics. [FreeBSD-SA-Candidate]
- elfcopy: avoid stripping relocations from static binaries (8e4b644)
- MFC r339509: Fix loader.conf(5) "password" feature (9a6d835)
- MFC r339547: vlan: Fix panic with lagg and vlan (1fda506)
- MFC r339331: bhyve: emulate CLFLUSH and CLFLUSHOPT. (9e85f7a)
- LLD updates
- ZFS updates
- LinuxKPI updates
- VNET fixes
- libsysdecode fixes
Changelog
Oliver Pinter (2):
HBSD MFC r340077: m_pulldown() may reallocate n. Update the oip pointer after the m_pulldown() call.
HBSD: explicitly initialize unprivileged_read_msgbuf to a known value
Oliver Pinter + (22):
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Shawn Webb (6):
HBSD: Delete the mtree temporary directory before creating it
HBSD: Support bectl for HardenedBSD 12 users
Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
HBSD: Resolve merge conflict
Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
HBSD: Resolve merge conflict
ae (2):
MFC r339357: Add extra parentheses to fix "versrcreach" opcode, (oif != NULL) should not be used as condition for ternary operator.
MFC r339740: Use correct format specificator to print setdscp action.
avg (4):
MFC r334189: Import CK as of commit 0f017230ccc86929f56bf44ef2dca93d7df8076b
MFC r336634: MFV CK@r336629: Import CK as of commit 1c1f9901c2dea7a883342cd03d3906a1bc482583
MFC r303648: Fix ddb "show proc" to show full arguments
MFC r337528: add an option for ddb ps command to print process arguments
bz (7):
MFC r339586:
MFC r339930:
MFC r339407:
MFC r339431:
MFC r339931,r339933
MFC r330795:
MFC r337904:
cy (1):
Follow up on r331936. gets_s(3) will also fail in the same way that gets(3) does. This was missed in r331936.
davidcs (2):
MFC r338734
MFC r339366 Add support for Error Recovery
des (1):
MFH (r305124): fix case where fd_lastfile is -1.
dim (1):
MFC r339013:
dteske (1):
MFC r339509: Fix loader.conf(5) "password" feature
emaste (1):
elfcopy: avoid stripping relocations from static binaries
eugen (1):
MFC r339462: make upgrade from previous FreeBSD versions less painful and make previously working configuration like this work again:
gjb (2):
Document the krpc module requirement in 11.x that was not present in 10.x if the system has a custom kernel configuration that excludes NFS and, for example, uses MODULES_OVERRIDE="zfs opensolaris".
MFC r339684: Reduce the GCE image size to 27G to be lower than the free quota limit.
glebius (1):
MFhead r339643:
hselasky (8):
MFC r339388: Fix for reception of large full speed isochronous frames via the transaction translator, when using the DWC OTG USB controller driver. Make sure to re-try getting the complete split packets until a DATA0 packet is received. Larger isochronous frames may be split into multiple MDATA packets terminated by a single DATA0 packet.
MFC r339581: Fix off-by-one which can lead to panics.
MFC r339582: Drop sequencer mutex around uiomove() and make sure we don't move more bytes than is available, else a panic might happen.
MFC r339587: Added support for formula-based arbitrary baud rates, in contrast to the current fixed values, which enables use of rates above 1 Mbps. Improved the detection of HXD chips, and the status flag handling as well.
MFC r339600: Make sure returned value is checked and assert a valid refcount. While at it fix a print: Unsigned types cannot be negative.
MFC r339868: Implement dma_pool_zalloc() in the LinuxKPI.
MFC r339923: Implement __KERNEL_DIV_ROUND_UP() function macro in the LinuxKPI.
MFC r339924: Implement the dump_stack() function in the LinuxKPI.
jamie (1):
MFC r339409, r339420:
jhb (6):
MFC 338094: Fully retire the unimplemented -t option from vmstat(8).
MFC 338101: Merge amd64 and i386 <machine/intr_machdep.h> headers.
MFC 338148: Remove 'imen' global variable from atpic(4).
MFC 338408: Don't directly dereference a user pointer in the VPD ioctl.
MFC 338360,338415,338624,338630,338631,338725: Dynamic x86 IRQ layout.
MFC 338813: Clear all of the VFP state in fill_fpregs().
kib (2):
MFC r339384: Add clwb().
MFC r339331: bhyve: emulate CLFLUSH and CLFLUSHOPT.
kp (3):
MFC r334375, r334379:
MFC r338698:
MFC r339547:
markj (2):
MFC r339365: Typo.
MFC r313557 (by bz): Allow Dtrace to be compiled into the kernel again after r313177.
mav (3):
MFC r339335: Avoid zero-sized kmem_alloc() in vdev_compact_children().
MFC r339329: Add ZIO_TYPE_FREE support for indirect vdevs.
MFC r339372: Skip VDEV_IO_DONE stage only for ZIO_TYPE_FREE.
mmacy (3):
hwpmc: Enable hwpmc support for AMD Family 17H devices
fix i386 breakage caused by r339767
fix up more issues introduced by failing to have run TB before r339767
philip (2):
MFC r339503: Import tzdata 2018f
MFC r339848: Import tzdata 2018g
slavash (1):
MFC r339584 : mlx5: Notify user that the ConnectX-6 shutdown its port due to power limitation
tijl (1):
MFC r339618:
whu (1):
MFC: 339585
Installer images: http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/ISO-IMAGES/HardenedBSD-11-STABLE-v1100056.8/
CHECKSUM.SHA512:
SHA512 (HardenedBSD-11-STABLE-v1100056.8-amd64-bootonly.iso) = e9b4dc37c3914f14573222c3bec8303ba2516783a7daadbba42d9c42cfd1b68c6ed55a9f50c8ff394038ed5885880adaa230e3f89ea335be2e728d09331eac70
SHA512 (HardenedBSD-11-STABLE-v1100056.8-amd64-disc1.iso) = 3a9d91a4b9ffb0c69cde6639bd39896c31e3d140f024b0f66fe113799daa8cf19622b7b06564dbe455481327cb4bf44e8763903f57e01ea2bd460a040b4e3b24
SHA512 (HardenedBSD-11-STABLE-v1100056.8-amd64-memstick.img) = aa7101825ff05262dc1eac97ac8fd34614f82263dc2825a2087c1faf1094cc708f7703e39503ba4469d78db385bb642a6899ee30d6c832c80dc8b267ace88a9a
SHA512 (HardenedBSD-11-STABLE-v1100056.8-amd64-mini-memstick.img) = 633bb097e6bacfe0c1fb6d6de8e8175fb3be91af1632e240aa6a96c237bd7aabae9157cf0d3ec41d1aebbdb40da53a0c2b5fa497e0f564f2670ee6b60a227a42
CHECKSUM.SHA512.asc:
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlvfps8ACgkQgZsRom/9
GI2AJQ//Z30QApEHelaPy7fcej9N5cJv1rFKxzfqVmt8pvEAA+tGRFoUNMz+7xG6
92u5sGHkfyGV761XqVK7gJXk6eMj2Sl5ITy4c1L3zjGRXutfB/F77eKzsQtA+1cA
Moxz9pwJrFvyL3HouT5CaOysXwlYmJVIqF/P8sHulHImshWnlBg8khHvPesCD7wi
0tb9xdyE3+xAmkqwJMgW1U92TaPOzfwTK5BLbXelw5eWT/qiB2OR9HcFmdfAh/MG
LlvFAeBZh6k298KYjYE0aR7qo35Cu3kD0PfUDmVaZNZpORbFBz1ZcLSMt8sZBHOx
HVPSWTnRbJpuh0SJphvSvnbY++nsT0PbhxVnPiSG/naXKTTYOw1hyPYrJaBXL8n2
gClDR7DRxhUi0F4MqMzqLg05kwwaSu3lwuBwjdS9YjcHV+IyVgA9YK11BbdOecpE
vEpPTjtQpjYFydwQFqUy8FbYhEnBpiJCBB9StM04w4gOOWS/RzMO+GQ+ysjoatlg
C0CxgQ/yuwmlvw8VpKKWYwS5UxTN+XbBX8GCz/8IpBgSajfbrKIGf8wMdptYKdjY
bSy9HgR4XQNBiXeHzXTCra8Z5kive7VlhQsLqfjah8pLcKsHTGzpS7LSlobxTqyh
n+At7jjhYiwgXKKrkcxY4IxqwvY5rtLpb9fcByoGlSpWDgHhoV8=
=lzsa
...
HardenedBSD-11-STABLE-v1100056.7
Highlights:
- MFC r333569: cpucontrol: improve Intel microcode revision check (cf3b425)
- MFC r339019: clang: allow ifunc resolvers to accept arguments (d10325d)
- MFC 338976: Don't clear DR6 for debug exceptions from userland. (4de0836)
- MFC r339025: Update x86/ifunc.h. (59e3462)
- MFC r338947: Add "src-ip" or "dst-ip" keyword to the output, when we are printing the rest of rule options. (cfea277)
- MFC r338216: tftpd: Fix data corruption bug with netascii (6068c27)
- MFC r336310: Let geli deal with lost devices without crashing. (35d45fa)
- ZFS updates
- cxgbe updates
Changelog
Oliver Pinter + (35):
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Shawn Webb (2):
Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
HBSD: Resolve merge conflict
ae (4):
MFC r338857: Fix possible NULL pointer dereference in ffec_alloc_mbufcl().
MFC r338890: Update ifr_name before invoking IPSECSREQID ioctl, this fixes the case, when `ifconfig ipsec create reqid N` command invoked without interface unit number. The "name" global variable is updated after interface cloning in the ifclonecreate() and contains actual interface name.
MFC r313168 (by pkelsey): Fix VIMAGE-related bugs in TFO. The autokey callout vnet context was not being initialized, and the per-vnet fastopen context was only being initialized for the default vnet.
MFC r338947: Add "src-ip" or "dst-ip" keyword to the output, when we are printing the rest of rule options.
asomers (19):
MFC r336582:
MFC r336587:
MFC r336594:
MFC r336605:
MFC r336871, r336874
MFC r337482:
MFC r337779:
MFC r337911:
MFC r337973:
MFC r338216:
MFC r337222:
MFC r334360, r334362, r334388, r334395
MFC many audit(4) tests.
MFC r335261, r335275, r335284-r335285, r335294, r335318, r335320, r335703
MFC r335319, r335354, r335374
MFC r335792, r336564, r336579
MFC r336613:
MFC r336728:
MFC r336875:
avatar (1):
MFC r338200: Adding device ID for Terratec SiXPack 5.1+.
brooks (1):
MFC r338925:
des (2):
MFH (r314778): use reallocarray(3) for extra bounds checks MFH (r333306): fix typo in man page MFH (r333571, r333572): preserve if-modified-since across redirects MFH (r334317): simplify the DEBUG macro MFH (r334319): style bug roundup MFH (r334326): fix netrc file location logic, improve netrcfd handling MFH (r338572): fix end-of-transfer statistics, improve no-tty display
MFH (r333574): fully support acting as a recursing resolver.
emaste (10):
MFC r338682: lld: add -z interpose support
MFC r306729: makeman: avoid bogus output with duplicated options
MFC r334072, r334247 (eadler): Add the text '@generated' to src.conf.5
regerate src.conf.5 to remove duplicate entries
MFC r339019: clang: allow ifunc resolvers to accept arguments
MFC r338810: openssh: rename local macro to avoid OpenSSL 1.1.1 conflict
MFC r333233: gpart: add fat32lba MBR partition type
MFC r333569: cpucontrol: improve Intel microcode revision check
MFC r339181: crt: switch to standard note type definitions from elf_common.h
MFC r336027 (andrew): Teach binutils that arm64 is a 64bit architecture.
gjb (1):
Document EN-18:09 through EN-18:12.
gonzo (4):
MFC r336050-r336051, r336142, r336326, r337719
MFC r338111, r338215
MFC r338654, r338701
MFC r338655:
hselasky (2):
MFC r338993: When multiple threads are involved receiving completion events in LibUSB make sure there is always a master polling thread, by setting the "ctx_handler" field in the context. Else the reception of completion events can stop. This happens if event threads are created and destroyed during runtime.
MFC r339235: Add missing steering rules for virtual function, VF, in mlx4en(4) driver.
imp (2):
Direct commit to stable, file not present in current
Direct commit since these files have gone away in head
jamie (1):
MFC r339211:
jhb (8):
MFC 337673: Add an overview section to bus_dma.9.
MFC 338022: Fix casts between 64-bit physical addresses and pointers in EFI.
MFC 337400: Remove spurious ABI tags from kdump output.
MFC 338021: Use 'bool' instead of 'int' for various boolean flags.
MFC 338976: Don't clear DR6 for debug exceptions from userland.
Disable the KASSERT for curcpu == 0 in netisr for EARLY_AP_STARTUP.
MFC 338055: Remove some vestiges of IPI_LAZYPMAP on i386.
MFC 326138,326436,326852: Style fixes to kdump.
jilles (1):
MFC r338473: sh: Fix formal overflow in pointer arithmetic
ken (1):
MFC r339076
kevans (6):
MFC r337964, r338232: dtc(1) updates
MFC r338039: diff(1): Implement -B/--ignore-blank-lines
MFC r338219, r338250: FDT in Loader fixes
MFC r338223, r338263: Missing bits from OptionalObsoleteFiles
MFC r338646: dd(1): Correct padding in status=progress
MFC r338040: diff(1): Refactor -B a little bit
kib (14):
MFC r338892: Correct panic messages.
MFC r338932: Fix some uses of dmaplimit.
MFC r338955: When doing lm_add(), check for duplicates.
MFC r324950 (by trasz): Reword the conditional.
MFC r324951 (by trasz): Make find_library() conform to style(9).
MFC r324952 (by trasz): Replace lseek(2)/read(2) pair with pread(2).
MFC r324953 (by traz): Remove unneeded calls to access(2) from rtld(1); just call open(2) instead.
MFC r338956: Provide refobj context when doing libmap substitution inside search_library_path().
MFC r338964: Remove -m (update) from ldconfig -32 & -soft invocation on startup.
MFC r338997: In vm_fault_copy_entry(), collect the code to initialize a newly allocated dst_object in a single place.
MFC r338998: In vm_fault_copy_entry(), we should not assert that entry is charged if the dst_object is not of swap type.
MFC r338999: Correct vm_fault_copy_entry() handling of backing file truncation after the file mapping was wired.
MFC r339025: Update x86/ifunc.h.
MFC r339241: Disallow zero day of month from strptime("%d").
markj (2):
MFC r328810 (by emaste): ld.lld.1: miscellaneous style improvements
MFC r338251: Add an lld option to emit PC-relative relocations for ifunc calls.
mav (53):
MFC r338913: Fix use-after-free in RAID0 error reporting of GEOM_RAID.
MFC r336943: MFV r336942: 9189 Add debug to vdev_label_read_config when txg check fails
MFC r336945: MFV r336944: 9286 want refreservation=auto
MFC r336947: MFV r336946: 9238 ZFS Spacemap Encoding V2
MFC r336949: MFV r336948: 9112 Improve allocation performance on high-end systems
MFC r336951: MFV r336950: 9290 device removal reduces redundancy of mirrors
MFC r336954: MFV r336952: 9192 explicitly p...
HardenedBSD-11-STABLE-v1100056.6
Warning: since this version, the SMT (Hyper Threads, virtual CPUs) is disabled by default, if you want to enable the SMT back, please consult with the specific commit or ask around on IRC (#hardenedbsd on FreeNode)
Highlights:
- Check to ensure the buffer returned is not NULL. (9359dba) [FreeBSD-EN-18:10.syscall CVE-2018-17154]
- Restore the inp_vflag and inp_inc.inc_flags fields when the underlying operation fails and the inp could be in an inconsistent state. (854244a) [FreeBSD-EN-18:11.listen CVE-2018-6925]
- MFC r338982. Clear stack allocated data structure to prevent kernel memory leak. (7d66fd1) [FreeBSD-EN-18:12.mem CVE-2018-17155]
- MFC r338724: Fix an nvpair leak in vdev_geom_read_config(). (81ef86d)
- HBSD: Disable SMT by default (70e728d)
- MFC r338600: Update libarchive to 3.3.3 (85012f8)
- MFC 332454,334009,334122: Various fixes for x86 debug exceptions. (4484bf7)
Changelog
Oliver Pinter (1):
Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
Oliver Pinter + (26):
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Shawn Webb (1):
HBSD: Disable SMT by default
delphij (1):
Partial MFC of r338542:
dim (3):
MFC r338689:
MFC r338697:
MFC r309748 (by glebius):
emaste (3):
MFC r335900 (oshogbo): capsicum: add getdirentries to the freebsd32 compact
revert r338726 (getdirentries capsicum addition)
MFC r338573: Add vt(4) INDEX.fonts
erj (3):
MFC r334231, r334779, r335322, and r338208 to stable/11 from head
Revert MFC of r334231 in r338871.
Bump __FreeBSD_version after r338871 introduced new media types and a TCP checksum fix for ixl(4)
gjb (2):
Document SA-18:12 and EN-18:08.
MFC r338754: Update the pkg-stage.sh script used to populate packages on the dvd1.iso installation medium from including KDE4 to KDE5, as the KDE4-based ports have been marked as deprecated in the Ports Collection.
gordon (3):
MFC r338982.
There are various cases where we modify the inp_vflag and inp_inc.inc_flags fields during a syscall, but don't restore those fields if the operation fails. This can leave the inp structure in an inconsistent state and cause various problems.
Check to ensure the buffer returned is not NULL.
hselasky (3):
MFC r338613: Fix for backends which doesn't support capsicum.
MFC r338616: Fix issues about cancelling USB transfers in LibUSB when the USB device has been detached. When a USB device has been detached the kernel file handle stops responding to commands. USB applications which continue to run after the USB device has been detached, depend on LibUSB generated events to tear down its pending USB transfers. Add code to handle the needed cleanup when processing the USB transfer(s) fails and prevent new USB transfer(s) from being submitted.
MFC r338679: Improve LibUSB debugging by simultaneously allowing both function and transfer prints. Make sure the debug level comes from the correct USB context.
jhb (3):
MFC 332454,334009,334122: Various fixes for x86 debug exceptions.
MFC 335913: Use 'e' instead of 'i' constraints with 64-bit atomic operations on amd64.
MFC 337270: Install the 32-bit compat sanitizer libraries.
jpaetzel (3):
MFC r303811:
MFC r306219:
MFC r333146:
kib (7):
MFC r338522, r338523, r338533: Teach sysctl(8) about the Persistent memory type. Improve nearby code.
MFC r338534: intelspi: don't leak spibus children on detach.
MFC r338801: amd64 pmap: remove tautological assert.
MFC r338699: Remove unneeded new line from the panic string.
MFC r338711: Make the PTI violation check to follow style of the SMAP check.
MFC r338733: Do not upgrade the vnode lock to call getinoquota().
MFC r338798: Fix state of dquot-less vnodes after failed quotaoff.
marius (2):
MFC: r338512
MFC: r333647, r338275, r338280, r338513
markj (7):
MFC r338528: Specify the correct resource type in teardown paths.
MFC r338537, r338539: Bump MAX_HWCNT and MAX_EXCNT.
MFC r338538: Exclude the EFI framebuffer from phys_avail[] on arm64.
Revert r338695: it depends on r334032, which was not MFCed.
MFC r338211: Prepare the kernel linker to handle PC-relative ifunc relocations.
Include stdbool.h so that we can use bool in linker.h.
MFC r338724: Fix an nvpair leak in vdev_geom_read_config().
mav (3):
MFC r333081 (by eadler): zpool(8): correct list of default properties in 'list'.
MFC r333307 (by sbruno): Cleanup sundry clang warnings for code that is not upstream in illumos. https://github.com/illumos/illumos-gate/edit/master/usr/src/lib/libzfs/common/libzfs_sendrecv.c
MFC r334810 (by benno), r338205, r338206: r334810: Break recursion involving getnewvnode and zfs_rmnode.
mm (1):
MFC r338600: Update libarchive to 3.3.3
mw (1):
MFC r333454: Skip setting the MTU for ENA if it is not changing
pfg (1):
MFC r337992, r338125: POSIX compliance improvements in the pthread(3) functions.
Installer images: http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/ISO-IMAGES/HardenedBSD-11-STABLE-v1100056.6/
CHECKSUM.SHA512:
SHA512 (HardenedBSD-11-STABLE-v1100056.6-amd64-bootonly.iso) = 582ac18f93337df8219bbc2aa707ec85a71c1ef1910b491230fa338d258fc5efd9326775e60a5961a6118196ae04ba7b0c18fb023b30341273c07e37766f4a16
SHA512 (HardenedBSD-11-STABLE-v1100056.6-amd64-disc1.iso) = ba064494fc320654922e17e1ba1e86e231ebe42196b0c2d35e9e3eff63f5b8ae4303a3255b3f8b560a6bbb6f5efad304baffabcd629b8c5e4f92ed1e56f87640
SHA512 (HardenedBSD-11-STABLE-v1100056.6-amd64-memstick.img) = ef229d8d5dff57375859b671e81ef67a0ee4676c9664f0acea4129c1ba0aec3806361479d3363b2f889e1dfcd83343fc2f8aec0b38f27146badf38179d3cfc51
SHA512 (HardenedBSD-11-STABLE-v1100056.6-amd64-mini-memstick.img) = d95c8ed96dbcf3b394a68d9771f12bec1a8ca94cf2a8250d70eccdb23f95c27bdf4239ec81f499b2fd84c38822aa82360f96ad408f743ff369488fec7ef1f14c
CHECKSUM.SHA512.asc:
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlutXwcACgkQgZsRom/9
GI2tpw//SSzwtC2vbWtbbOTv88TocVuempe9XkX14hKbJSOeUWE9qvXXbpulWvHU
OFqm5B6Y70egSubStfbM3ZKnhUDZYnrNU7SbPZYS7/kUQ9apB6g1njSS4u4Bd4av
a2T+1osOVP46ZNaRHCaFNr3Q+yZhdUg1LgbrC5NhMX7SzX7egts4owD6dsK5vIVH
ig6R5oDWe9fnY8UgMDUuNeEh51hdstW5tPDY70oMDdA0HIj3MWgbGYPTJtS4csH+
t0l5daxdqSuoVapES5mriOl4fYdeGEK37E1Er+Gntzl6a4/6WmTXETnQnsyuQ8cv
9kdg/ewjsvyHDJGdPXkfz+9Lpdoi9qIy19dc8o4oEA4PhDQ261j4uPsoY1nrYKrd
/O6+GqRuvjI9EPx3+RbTT8wSlKRn3UFif63Tidf2bEy/cFhoDVwlv46jnFpyDiwf
PoWR97tcc0lgSCzk2bNPpmWh+1KtL2NvbnkaKoZFn0QHgWnEmUl3c38YqQANHzcc
Gc+Rw1vuJ/3csLxdLhfAq+qkBuqB6QYhKUT0hkpkulBbSh9Z7DcR7IxIQc23Dd0Z
JKlMSnMvd4oZWo+yMqw7G+lXB+8uD6/ct+XgpN0BhYEgK/8v4nJa3K8KPv2RDEbe
uFxc3rFc8b/qfrOjJtK2Ajy1/cOfbKNOWTAYpmzuwn8R1i1csDI=
=0oYP
-----END PGP SIGNATURE-----
CHECKSUM.SHA512.txt
CHECKSUM.SHA512.asc.txt
shortlog-HardenedBSD-11-STABLE-v1100056.6.txt
HardenedBSD-11-STABLE-v1100056.5
Highlights:
- MFC 338603: Correct ELF header parsing code to prevent invalid ELF sections from (4bfdb79) [FreeBSD-SA-18:12.elf CVE-2018-6924]
- MFC r338126: MFV r338092: ntp 4.2.8p12. (900dde8) [CVE-2018-12327]
- MFC r338068, r338113: Update L1TF workaround to sustain L1D pollution from NMI. (d9d4e90)
- MFC r333063: Update ELF Tool Chain to r3614 (e90f3bf)
- MFC r337505, r337865, r337869: dd status=progress (8c00a8c)
Changelog
Oliver Pinter (2):
HBSD: update motd file
HBSD: add .tags to .gitignore
Oliver Pinter + (27):
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Piotr Kubaj (2):
HBSD: Fix wpa build with LibreSSL 2.6
HBSD: Correct OPENSSL_VER in LibreSSL
ae (1):
MFC r337736: Restore ability to send ICMP and ICMPv6 redirects.
cy (1):
Avoid printing extraneous function names when searching man page database (apropos, man -k). This commit Replaces .SS with .SH, similar to the man page provided by original heimdal (as in port).
delphij (3):
MFC r336754: Improve --strip-trailing-cr handling.
MFC r337522:
MFC r338126: MFV r338092: ntp 4.2.8p12.
ed (1):
MFC r336086:
emaste (4):
MFC r337045: libelf: reload section headers after update with ELF_C_WRITE
MFC r333062: elf_common.h: add DT_SUNW_ASLR tag
MFC r336745: elf_common: update ARM ABI flag names
MFC r333063: Update ELF Tool Chain to r3614
eugen (3):
MFC r316615 by sevan: Remove the last vestiges of FDC_DEBUG & FD_DEBUG
MFC r316623: fix build after incomplete MFC r338544 by me.
MFC r338468: Fix "ipfw fwd" to work for incoming IPv4 packets when ip_tryforward() chooses fast forwarding path, as it already works for IPv6 and for both of them on old slow path.
gjb (1):
Fix the port name in the 2018-06-26 errata entry for 11.2-RELEASE.
gordon (1):
MFC 338603: Correct ELF header parsing code to prevent invalid ELF sections from disclosing memory.
hselasky (9):
MFC r338489: Maximum number of mbuf frags is off-by-one for worst case scenario in mlx5en(4).
MFC r338490: Don't stall transmit queue on drops in mlx5en(4).
MFC r338492: Add support for receive side scaling stride, RSSS, in mlx5en(4).
MFC r338493: Make the MSIX module parameter limit per device, in mlx5en(4).
MFC r338495: Add proper support for VIMAGE to krping.
MFC r338526: Implement get network interface by params function in ipoib.
MFC r338541: Introduce and use sgid_index in CM requests in ibcore.
Fix compile warning about missing prototype when WANT_FUNCTIONS is defined.
MFC r338491: ibcore: Fix endless loop in searching for matching VLAN device
jhb (3):
MFC 332906,332907,332976,333679,336053: Expand testing of breakpoints.
MFC 332909: Report proper signal codes for SIGTRAP traps on MIPS.
MFC 332908: Add two tests for TRAP_* signal codes for SIGTRAP.
kevans (1):
MFC r337505, r337865, r337869: dd status=progress
kib (15):
MFC r337714: Prevent some parallel swap-ins, rate-limit swapper swap-ins.
MFC r337983, r338044: Add pthread_get_name_np(3).
MFC r338312: Unify amd64 and i386 vmspace0 pmap activation.
MFC r338313: Remove dead code in i386 cpu_throw().
MFC r338024: Rudimentary AER reading code for ddb(4).
MFC r338068, r338113: Update L1TF workaround to sustain L1D pollution from NMI.
MFC r338357: Fix compat32 ftruncate cap mode.
Regen.
MFC r324856: Don't call realpath(3) from libmap rtld code.
MFC r338428: Style cleanup.
MFC r338370: Remove {max/min}_offset() macros, use vm_map_{max/min}() inlines.
MFC r338459: amd64: For non-PTI mode, do not initialize PCPU kcr3 to KPML4phys.
MFC r338433: Normalize use of semicolon with EFI_TIME_LOCK macros.
MFC r338435: Improve error messages from clock_if.m method failures.
MFC r334856, r338434: Don't bother looking for non-executable pages when a process is excluded from PTI.
kp (2):
MFC r338183, r338183:
MFC r338406:
lidl (1):
MFC r338201: increase heap size during "loader" on sparc64
marius (2):
MFC: r338304
MFC: r338261
markj (12):
MFC r338142: Set arc_kmem_cache_reap_retry_ms to 0 and make it configurable.
MFC r333280: Style.
MFC r332968: Add a UMA zone flag to disable the use of buckets.
MFC r337926: Add partial documentation for dtrace(1)'s -x configuration options.
MFC r338365: Add a sysctl for the ZFS abd_scatter_enabled setting.
MFC r338350: Add missing endpwent() and endgrent() calls to nfsuserd(8).
MFC r338416: Re-compute the ARC size before computing the MFU target.
MFC r338375: sed: Fix -i option behavior with 'q' command.
MFC r337974: Add INVARIANTS-only fences around lockless vnode refcount updates.
Revert an unintentional change from r338462.
MFC r337423: Improve handling of control message truncation.
MFC r337329: Fix the regression test for PR 181741.
mav (2):
MFC r338105: Remove extra M_ZERO from NG_MKRESPONSE() argument.
MFV r338288: Unblock speculative prefetcher also on pool creation.
oshogbo (2):
MFC r337965: capsicum: allow the setproctitle(3) function in capability mode
MFC r314000:
philip (2):
MFC r319508: Fix a memory leak with last free memory allocated to 'buf'
MFC r338353: Add libxo(3) support to lastlogin(8).
sobomax (1):
MFC r312296 and r323254, which is new a socket option SO_TS_CLOCK to pick from several different clock sources to return timestamps when SO_TIMESTAMP is enabled and two new nanosecond-precision timestamp types. This also fixes recvmsg32() system call to properly down-convert layout of the 64-bit structures to match what 32-bit app(s) expect.
Installer images: http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/ISO-IMAGES/HardenedBSD-11-STABLE-v1100056.5/
CHECKSUM.SHA512:
SHA512 (HardenedBSD-11-STABLE-v1100056.5-amd64-bootonly.iso) = 5b0deba102a2c9da3fe3fcc015c3217b95ad63a01d83a0c33a6934f805486f8f0482ef6e60d3f209c4a996bd309cccb404b84cc5ded2724589f95f12106a660c
SHA512 (HardenedBSD-11-STABLE-v1100056.5-amd64-disc1.iso) = 5b37ba3d75559d8cf9745f9b9c1898f402636949159ef9dc0a40dec31a0d839bd68cd3ca73aa69eef7c2adbf7fe18a6ac6363000cf7930c34cc0b2964be0e29c
SHA512 (HardenedBSD-11-STABLE-v1100056.5-amd64-memstick.img) = c8b90115ae6585da0288d6017b896d23bfbd68ea821d04585422cfce36edef61507f076264c03f7298fbc8104f79ebb42d68c3ac4d9542e8795d26ce0ddc8946
SHA512 (HardenedBSD-11-STABLE-v1100056.5-amd64-mini-memstick.img) = d76c735ff59bd2ebccdd13e353c2ccd2694aa056d1d656df16ae65dadd589ce26062184a18e2bfaba4acde7290c2aecd7ecbe6031dcd4f7c4b443ce0e1afbeec
CHECKSUM.SHA512.asc:
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAluZ1ZUACgkQgZsRom/9
GI37txAAkyqAsGx0mCUsKu8JWnnhw3DG1n0KMRJ+aSvWYIGL+b0fN4kTivhBKSVs
Ln/FKfvymQ5jVLDSOXRbwI9hd/Kadm967Vp0/lI2wBZfsrJ6oPUMs0cfCzJ8ZE9/
i76lCY8icS1Wl/eTKA5dPwSZSuJcYVbxXhg4zK2pMssOfFTGhycHGd86Znvfe/LM
qlybRqG4uC70rWQc3IgqrgMa1/cvCMSmKb792l2Bfs2FmLoXatxYtkjsWtnMWDQL
TGTcv0fOL5NRSXRlJj4QP+4NNpKq3ThN3kW2svJZzqMZRG+QZsIm7kfIbmleXHWQ
54r26dj1C74oR1r8CAC2OyiDJaGx19a7FXM/gdg/9AuTyMO4kEX7DyJhRAxZBchi
hr/uF+uiKS1BTXQOd2/Xjb8bkPl1TRnCa7N+BZoEToHWIUHCeiHRMD5K85Kyvue8
OA3ruhtW9dDYcq8WVoWSaAJdZpWQZGM3iPfwNI2P5YgdRGBDg51dYgMq2ofDueCc
0XJkeU+ysp+tlYPmYhLIqhZR1vA4iLzlXPa+0srITQJWbkS0WC+0cZqPgtyyIGBp
lQc8VWu+ncCKluZzndgff6SBE8404YRjgt8VQvJZqE2P1gZMwN4oGLmLnnyQVdYu
Qj98k0AkvLD2t7//cAFP62HTazpMfodhOt9ny2F0Zw9UEnSbTKk=
=sBkB
-----END PGP SIGNATURE-----
[shortlog-HardenedBSD-...
HardenedBSD-11-STABLE-v1100056.4
Highlights:
- MFC r337773, r337838, r338112, r338202: Fixes for early EFIRT usage on amd64. (ebd8a26)
- MFC r337615: Fix a really subtle miscompile due to a somewhat glaring bug in EFLAGS copy lowering. (24eeeec)
- MFC: r336839 Modify the NFSv4.1 server so that it allows ReclaimComplete as done by ESXi 6.7. (121df03)
- MFC r337969: pf: Limit the maximum number of fragments per packet (340f9f0) [CVE-2018-5391]
- HBSD: hook in hbsdcontrol into build (09a80cf)
- HBSD: import upstream version e41faa644bf9c4b8ca79d85fe4119bd712317616 of hbsdcontrol (1326740)
- MFH r337745: Sync libarchive with vendor.. (02f8199) [CVE-2017-14501]
- MFC: r337791 Merge OpenSSL 1.0.2p. (04b30e3) [CVE-2018-0732 CVE-2018-0737]
- MFC r337819 (cy@): MFV r337818: WPA: Ignore unauthenticated encrypted EAPOL-Key data (89cd8f5) [CVE-2018-14526 FreeBSD-SA-18:11.hostapd]
- MFC r336203, r336499, r336501-r336502, r336506, r336510, r336512-r336513, r336515, r336528-r336531 Update wpa 2.5 --> 2.6. (2c0c29a)
Changelog
Oliver Pinter (7):
Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
HBSD: import upstream version e41faa644bf9c4b8ca79d85fe4119bd712317616 of hbsdcontrol
HBSD: hook in libhbsdcontrol
HBSD: hook in hbsdcontrol into build
HBSD: remove ZFS leftovers when WITHOUT_ZFS is set
HBSD: remove hyper-v leftovers when WITHOUT_HYPERV is set
HBSD: and one more round of ZFS leftovers
Oliver Pinter + (27):
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Piotr Kubaj (2):
HBSD: fix wpa_supplicant builds with LibreSSL
HBSD: And missing bracket to wpa_supplicant's tls_openssl.c
Shawn Webb (3):
HBSD: Partially resolve merge conflict
Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
HBSD: Resolve merge conflict
ae (2):
MFC r337469: Use host byte order when comparing mss values.
MFC r337536: If -q flag is specified, do not complain when we are trying to delete nonexistent NAT instance or nonexistent rule.
avatar (1):
MFC r338038: Extending the delay cycles to give the codec more time to pump ADC data across the AC-link.
brooks (1):
MFC r337727:
cperciva (1):
MFC r336420,336433,336593,336621,336622,336624,337394,337401,338141
cy (6):
MFC r336203, r336499, r336501-r336502, r336506, r336510, r336512-r336513, r336515, r336528-r336531
MFC r337558, r337560
MFC r337410:
MFC r338045:
MFC r338046:
MFC r338047:
delphij (1):
MFC r337819 (cy@): MFV r337818: WPA: Ignore unauthenticated encrypted EAPOL-Key data
dim (2):
MFC r337322:
MFC r337615:
eadler (1):
MFC r333919, r333922, r333944, r337442:
emaste (1):
MFC r337569: readelf: display NT_GNU_PROPERTY_TYPE_0 note name
eugen (2):
MFC r336461: bge(4): disable MSI for BGE_ASICREV_BCM5784/BGE_CHIPREV_5784_AX found in some MacBook Pro.
MFC 338013: bsnmpd(8): fix and optimize interface description processing
gjb (3):
MFC r337717, r337718:
Document SA-18:09 through SA-18:11.
Fix the BEAGLEBONE image build on stable/11.
hselasky (6):
MFC r337529: Implement missing atomic_fcmpset_XXX() support for i386.
MFC r337232: Implement ktime_add_ms() and ktime_before() in the LinuxKPI.
MFC r337373: Define __poll_t type in the LinuxKPI.
MFC r337374: Implement atomic_long_cmpxchg() function in the LinuxKPI.
MFC r337376: Implement current_work() function in the LinuxKPI.
MFC r337527: Use atomic_fcmpset_XXX() instead of atomic_cmpset_XXX() when possible in the LinuxKPI.
jamie (3):
MFC r331332:
Load filesystem modules associated with allow.mount permissions.
MFC r337867:
jkim (1):
MFC: r337791
kevans (18):
ubldr: Bump heap size, 1MB -> 2MB
MFC r337520: Fix WITHOUT_LOADER_GELI (gptboot) and isoboot in general
MFC r337504: apply(1): Fix magic number substitution with a magic space
MFC r337506: ls(1): Enable colors with COLORTERM is set in the environment
Revert r337826: MFC of ls(1) COLORTERM honoring
MFC r337559: Makefile.inc1: Add libl to -legacy as well
MFC r335785, r335812
MFC r336184: net80211: Fix ifdetach w/o ifattach, small whitespace cleanup
MFC r337570-r337573
MFC r337665: krb5-config build: Remove gratuitous escaping
MFC r337523: libsa: exit on EOF in ngets
MFC r337524: libi386: Fix typo in pxe.h
MFC r337666: getopt_long(3): Document behavior, optstring leading characters
MFC r337696: Use INCS for non-sys/ libnvpair and libzfs_core includes
MFC boot tagging support: r337518, r337544-r337546, r337548, r337579-r337580, r337952
MFC r338120: config(8): Allow escape-quoted empty strings
MFC r338020: res_find: Fix fallback logic
MFC r337906: Document KERNCONFDIR
kib (9):
MFC r337770: Fix typo.
MFC r337330: Swap in WKILLED processes.
MFC r336570: Enable OFED build (without extras) by default. For stable/11, this is only done on amd64.
MFC r338048: Use tab for indent.
MFC r338049: Clarify that memset_s(3) requires __STDC_WANT_LIB_EXT1__ for visibility. Fix typos and other nits.
MFC r338051: Provide set_constraint_handler_s(3) man page.
MFC r338016: Print L1D FLUSH feature.
MFC r337981: Reorder alphabetically.
MFC r337773, r337838, r338112, r338202: Fixes for early EFIRT usage on amd64.
kp (2):
MFC r337643:
MFC r337969:
loos (6):
MFC r312953:
MFC r313911:
MFC r317800:
MFC r321649:
MFC r312770 and r337854:
MFC r321316, r337860:
markj (3):
MFC r337328: Don't check rcv sockbuf limits when sending on a unix stream socket.
MFC r337230: Verify that each frame pointer lies within the thread's kstack.
MFC r337500: Use the right variable when updating interface routes.
mm (1):
MFH r337745: Sync libarchive with vendor..
pfg (4):
MFC r337458, r337618: Fix printf(1) ignores width and precision in %b format.
MFC r337422: libc: fix cases of undefined behavior.
MFC r337456: msdosfs: fixes for Undefined Behavior.
MFC r337728: (committed by jilles) printf: Add test for width and precision in %b format
rmacklem (2):
MFC: r336839 Modify the NFSv4.1 server so that it allows ReclaimComplete as done by ESXi 6.7.
MFC: r337438 Allow newnfs_request() to retry all callback RPCs with an NFSERR_DELAY reply.
Installer images: http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/ISO-IMAGES/HardenedBSD-11-STABLE-v1100056.4/
CHECKSUM.SHA512:
SHA512 (HardenedBSD-11-STABLE-v1100056.4-amd64-bootonly.iso) = c39f7dc83fa405852bdf0d67ddd9767248d51089d267a7c63033d7bb10a525341f1406ac1856d32d9004fa271ae70c94bf2726fd40de57f55a2bc14d757668cc
SHA512 (HardenedBSD-11-STABLE-v1100056.4-amd64-disc1.iso) = 0ad47e752f7e309d6651b249429022f5e9970c169162af4f20fe1aff99f07be533f5a18e453ea2dbfb513e256fb37cf009ba0d09fb7e7f58ed6a36a245400c90
SHA512 (HardenedBSD-11-STABLE-v1100056.4-amd64-memstick.img) = 3f1723169babd884f960328165e32aff9e8fe5eabafcbb8c67e6cf317fae19ce3740e54dd80ccbef9ba0ba14087aabc85745b5e707a9dce30a6278357723916d
SHA512 (HardenedBSD-11-STABLE-v1100056.4-amd64-mini-memstick.img) = 763803d0d996b381a15eb54491684269ee09407366b75fa68d82cb8e1e3f10dd5b9b2ea6908be237c7cbd364f980eab8b40c5694fe46ebb87c7190b5a6...
HardenedBSD-11-STABLE-v1100056.3
Highlights:
- HBSD: do not allow to override init_exec by default from loader when the kernel compiled with PAX_HARDENING (19f62c6)
- HBSD MFC r337774: Reserve page at the physical address zero on amd64. (2be5949) [CVE-2018-3620]
- Limit IP reassembly queues (b237529 473b73f 3b9d004 9154624 dfb2edc d85d754 54c1ac1 b3822a674366465673f831e3ff2b544e7292f9242762fee5dd30eb9f1896295c63521e86a9b98d06 95d18bdb4de4bc81529cae34a3e1976145d6fcb1f0d4e7bdc43c2e330df8bf6cb1fca39295403ffd) [FreeBSD-SA-18:10.ip CVE-2018-6923]
- HBSD MFC r337745: MFV r337744: Sync libarchive with vendor. [CVE-2017-14501]
- MFC r337785: Provide part of the mitigation for L1TF-VMM. (249be55) [CVE-2018-3646]
- MFC r336855 Fix the long term ULE load balancer so that it actually works. (e2d9372)
Changelog
Oliver Pinter (6):
HBSD MFC r337773: amd64: ensure that curproc->p_vmspace pmap always matches PCPU curpmap.
HBSD MFC r337745: MFV r337744: Sync libarchive with vendor..
HBSD MFC r337774: Reserve page at the physical address zero on amd64.
Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
HBSD: do not allow to override init_exec by default from loader when the kernel compiled with PAX_HARDENING
HBSD: back out d138fc7b3d368a10326b6eaf70951c553adc7a4f commit due boot problems
Oliver Pinter + (15):
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
ae (3):
MFC r336405: Move invoking of callout_stop(&lle->lle_timer) into llentry_free().
MFC r336132: Add "record-state", "set-limit" and "defer-action" rule options to ipfw.
MFC r331098 (by melifaro): Fix outgoing TCP/UDP packet drop on arp/ndp entry expiration.
bdrewery (23):
MFC r335183:
MFC r335244:
MFC r335704:
MFC r335708:
MFC r335709:
MFC r310789,r314901:
MFC r335733:
MFC r335923:
MFC r335912:
MFC r335922:
MFC r326552:
MFC r324103:
MFC r323620:
MFC r322565,r323323:
MFC r321492:
MFC r321491:
MFC r321333:
MFC r320286:
MFC r320191:
MFC r320274:
Revert r325808 (MFC r322401) to re-MFC with larger set
MFC r320280,r320281,r320282,r320283,r320284,r320285,r320692,r322362,r322401,r322402,r336181:
MFC r326569:
brooks (1):
MFC r337508:
davidcs (3):
MFC r336438
MFC r336680 Update man page with support for 41000 Series adapters
MFC r336695 Remove support for QLNX_RCV_IN_TASKQ - i.e., Rx only in TaskQ. Added support for LLDP passthru Upgrade ECORE to version 8.33.5.0 Upgrade STORMFW to version 8.33.7.0 Added support for SRIOV
delphij (2):
MFC r336121+r336127(cem): Don't delete outfile unconditionally.
Remove mention of FreeBSD 9.x which is EoL'ed now.
dteske (1):
MFC SVN r336350: Send sysrc(8) error message to stderr (not stdout)
gjb (1):
MFC r337555, r337556: r337555: Update and replace old rc daemons for GCE images.
jtl (11):
MFC r337775: Improve hashing of IPv4 fragments.
MFC r337776: Improve IPv6 reassembly performance by hashing fragments into buckets.
MFC r337778: Add a global limit on the number of IPv4 fragments.
MFC r337780: Implement a limit on on the number of IPv4 reassembly queues per bucket.
MFC r337781: Make the IPv6 fragment limits be global, rather than per-VNET, limits.
MFC r337782: Add a limit of the number of fragments per IPv6 packet.
MFC r337783: Implement a limit on on the number of IPv6 reassembly queues per bucket.
MFC r337784: Drop 0-byte IPv6 fragments.
MFC r337786: Lower the default limits on the IPv4 reassembly queue.
MFC r337787: Lower the default limits on the IPv6 reassembly queue.
MFC r337788: Update the inet(4) and inet6(4) man pages to reflect the changes made to the reassembly code in r337778, r337780, r337781, r337782, and r337783.
kevans (3):
MFC r337549: libnv: Remove -I${SRCTOP}/sys
MFC r337331: efirt: Don't enter EFI context early, convert addrs to KVA
MFC r322325: cat: fix build with -DNO_UDOM_SUPPORT
kib (9):
MFC r337055: Avoid assertion in /dev/ufssuspend when the suspend ioctl is (incorrectly) called while another suspension is already active.
MFC r337236: Some updates to vm_map(9).
MFC r337316: Add END()s for amd64 linux futex support routines.
MFC r336568: Move OFED libraries libmlx5.so.1 and libibverbs.so.1 to /lib.
MFC r336569: Move mostly useless examples binaries from OFED, as well as the Subnet Manager, under the new option WITH_OFED_EXTRA, disabled by default.
MFC r337430, r337436: Add missed handling of local relocs against ifunc target in the obj modules.
MFC r337774: Reserve page at the physical address zero on amd64.
MFC r337777: Add definitions related to the L1D flush operation capability and MSR.
MFC r337785: Provide part of the mitigation for L1TF-VMM.
markj (7):
MFC r337059: Fix some nits in the unix_passfd tests.
MFC r337031: Require that MAC label buffers be able to store a non-empty string.
MFC r336714: Simplify the arm64 implementation of pmap_mincore().
MFC r337265: Add the required page accounting to kmem_bootstrap_free().
MFC r337133: Add a rudimentary test for procstat kstack.
MFC r337425: Recognize ICS1893C PHYs.
MFC r337426: ifconfig: Fix use of _Noreturn
mmel (1):
MFC r335249:
oshogbo (1):
MFC r337189: bhyve: set title before entering capability mode
truckman (1):
MFC r336855
Installer images: http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/ISO-IMAGES/HardenedBSD-11-STABLE-v1100056.3/
CHECKSUM.SHA512:
SHA512 (HardenedBSD-11-STABLE-v1100056.3-amd64-bootonly.iso) = ebb9bcfff4ae383a5786f1c604d1a8798168b452f3c60c93138987e42248c85c54986d86707e03f18cf5166dae95b18b87ed075bce1829c314007a6988c7248d
SHA512 (HardenedBSD-11-STABLE-v1100056.3-amd64-disc1.iso) = d59e6c829713f8a93bcafd712205598f690d4c4933bc5798f7c727382e84b18450cf2e166b3ff5fabdb410a73873fa238d7a90913de80f25af1ec1cfaa62bffd
SHA512 (HardenedBSD-11-STABLE-v1100056.3-amd64-memstick.img) = 63da6f43b0d280e4af5acd57541bd0b8876910e2ec433e076ece608737c9770672629a009dc6522b366432d69c095860fceab0fac2ed2d1c9f9e9da6f8d6bd4b
SHA512 (HardenedBSD-11-STABLE-v1100056.3-amd64-mini-memstick.img) = 1b720e5735c549b24154d7d12ed945fa3a0fbca55304c344845ae731fcdb0a990f07c299d5e9fb7cf858af4d88392fcfb7b930a070ffd4b2bffadf56a7b260eb
CHECKSUM.SHA512.asc:
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAltzXYAACgkQgZsRom/9
GI2iexAAk2JlTkOgAjrncC3ooGC3qaCWbPLvt9z+6ZybRTMTvUXmEjVekXVv4wYf
nHKpeN9AMM1ak1fJUJcRvlFMKYoU976ceLgzdxY4OHtFyfaA4EdixpLNRcipbJWZ
8MPpCs8XFjt2jd1hvNKuny2zeBpTvwuS7UC7gQMmZnQXxW05xXl2dJIvv2Z+3/V6
xdziT6czswUmtQGxLnyzfZBbKprFJ4x+ykKxTp4tfHkklKY2hbvgJunjXblRpFnT
UZHQXlt2TF2lL6TBQ+eBRVoARqCybAk6zKn5w9/q8i2/2/g+IXVZfANSP/zq4Uur
VB+xgRPVzfZzFUUjwxTUz5CdEJUl6UnhNkwuTu1jzy5ziWtWGpu16KN0dR86lW9i
MOGXBKk6zZoSnDLR+SZ50FJRpNsjNwJuJC7goEB3WDsGrzM5IBEBdQeimL3hXT5J
H+WCzAE4riyATL1ZmdX5w8ck2rv0KuLGxqzMPySWuwIpK/tDjXiE/8eOGK2Mc+7S
q2tR/2gRDM0+YITQWkW4SvPHBMS+vdQmj31u6Zq1aCVJB/LhuCc06JYSKXDvWcfZ
0TZeGIklkekLlmsN0Y7F7dSzvxY0evh6KQejL0iUgH8HV2CpxExHQcXAd0RrlvYp
60vgNqjGDiKQN5OyFtVWAQgvX0dfgphwx61hnB3SecxSuR06biM=
=4kIf
-----END PGP SIGNATURE-----
shortlog-HardenedBSD-11-STABLE-v1100056.3.txt
CHECKSUM.SHA512.txt
CHECKSUM.SHA512.asc.txt