Releases: HardenedBSD/hardenedBSD-stable
Releases · HardenedBSD/hardenedBSD-stable
HardenedBSD-11-STABLE-v1100049
Warning: this is a security update!
Highlights:
- fsgs base changes in kernel and in libc (43f99b9, b1a7a74)
- reworked vlan locking (a62278e)
- HBSD: Update DNSSEC root key 257 (548eb60)
- HBSD MFC: Fix information leak in geli(8) integrity mode (9344d69) [FreeBSD-SA-Candidate]
- MFC r323278: Fix an incorrectly used conditional causing buffer overflow in readelf [CVE-2017-1000249]
- Fix possible double releasing for SA reference in IPSec. (3bf892e) [FreeBSD-SA-Candidate]
- HBSD: constify pax_elf()'s mode parameter
- HBSD: rename PAX_NOTE_FINALIZED paxflag to PAX_NOTE_PREFER_ACL
- HBSD: Bump __HardenedBSD_version after API change
- HBSD: API change, swap the first and second argument of pax_elf
- HBSD: update mirror list in bsdinstall
- HBSD: print out the __{Hardened,Free}BSD_version and version at panic time
- HBSD: improve logging - hide early hbsd related boot messages under bootverbose
- MFH (r322052): Upgrade OpenSSH to 7.5p1 (7e3dcea)
- MFC r322590: bpf: Fix incorrect cleanup
- MFC r322750: Fix the regression in ipsec introduced in r275710. (4e0ff7d)
- MFC r322677: pw usermod: Properly deal with empty secondary group lists (-G '') (75c3677) [FreeBSD-EN-Candidate]
- Merge ACPICA 20170728. (1c5a17e)
- Plug uninitialized stack variable leak in sendfile(2). (d51b637)
Changelog
Oliver Pinter (12):
HBSD: improve logging
HBSD: print out the __{Hardened,Free}BSD_version and version at panic time
HBSD: update mirror list in bsdinstall
Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
HBSD: resolve merge conflict after openssh update
HBSD: style a little bit the debug info at panic time
HBSD: API change, swap the first and second argument of pax_elf
HBSD: Bump __HardenedBSD_version after API change
HBSD: rename PAX_NOTE_FINALIZED paxflag to PAX_NOTE_PREFER_ACL
HBSD: constify pax_elf()'s mode parameter
Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
HBSD: fixed merge conflict in bsdinstall
Oliver Pinter + (51):
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Shawn Webb (3):
HBSD: Update DNSSEC root key 257
Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
HBSD: Resolve merge conflict
ae (4):
MFC r321779: Add inpcb pointer to struct ipsec_ctx_data and pass it to the pfil hook from enc_hhook().
MFC r322310: Add to if_enc(4) ability to capture packets via BPF after pfil processing.
MFC r322750: Fix the regression introduced in r275710.
MFC r323086: Fix possible double releasing for SA reference.
araujo (1):
MFC r321846:
asomers (9):
MFC r320269:
MFC r320737, r320914
MFC r320807:
MFC r320974-r320975, r321001, r321206
MFC r321082:
MFC r321332:
MFC r320255
MFC r322255:
MFC r322546:
benno (1):
MFC r322804: Correct typo in usage string.
cem (4):
HBSD MFC: Audit userspace geom code for leaking memory to disk
HBSD MFC: geom_virstor: Remove wholly unnecessary g_metadata_store copy
HBSD MFC: libgeom: Remove redundant and duplicated code
HBSD MFC: Fix information leak in geli(8) integrity mode
cy (3):
MFC r322749:
MFC r321806:
MFC r322073:
davidcs (4):
MFC r322331 Provide compile option to choose receive processing in either Ithread or Taskqueue Thread.
MFC r322408 Performance enhancements to reduce CPU utililization for large number of TCP connections (order of tens of thousands), with predominantly Transmits.
MFC 322771
MFC r322852 Fix qlnx_tso_check() so that every window of (ETH_TX_LSO_WINDOW_BDS_NUM - nbds_in_hdr) has atleast ETH_TX_LSO_WINDOW_MIN_LEN bytes
des (4):
MFH (r314527,r314576,r314601,r317998): Upgrade OpenSSH to 7.3p1.
MFH (r314306,r314720): Upgrade OpenSSH to 7.4p1.
MFH (r322052): Upgrade OpenSSH to 7.5p1.
MFH (r314888): silence aliasing warning in nvme.h
dim (2):
MFC r323001:
MFC r323014:
ed (1):
MFC r322888:
emaste (19):
MFC r322627: arm64: return error instead of panic in unimplemented ptrace ops
sys/modules: don't build bxe,qlxgbe if the user objects to sourceless ucode
MFC r322680: sa.4: fix spelling of 'suppresses'
MFC r322683: ena.4: fix spelling of 'occurred'
MFC r322677: pw usermod: Properly deal with empty secondary group lists (-G '')
MFC r322581: remove debug files in delete-old* when WITHOUT_DEBUG_FILES
MFC r321293: date: avoid crash on invalid time
MFC r308789 (glebius):
MFC r322798: newvers.sh: accommodate `git worktree`
MFC r323039: octeon_ebt3000_cf: eliminate string literal warning
MFC r323040: xls_ehci: eliminate string literal warning
MFC r323010: hv_vss.4: Fix spelling of 'responsibility'
MFC r323011: usb: Add external "Intenso Memory" disk quirk
MFC r323022: arge: correct bzero sizeof (pointed-to object, not pointer)
MFC r322374: bsdinstall: record DHCP config after obtaining lease
make-memstick.sh: use 'set -e' to abort if any step fails
MFC r323448: bsdinstall: Ignore error return from newaliases(1)
MFC r316802 (cem): bsdinstall(8): Sprinkle a snprintf to fixed size buffer
MFC r321226: bsdinstall: improve checksum mismatch error for snapshots
gjb (3):
MFC r322544: Always expand the full path to the configuration file specified with the '-c' flag.
...
HardenedBSD-10-STABLE-v1000048.2
Warning: this is a security update!
Highlights:
- hyperv/hn: Implemented transparent mode network VF (ca9be10)
- pluged memory leak in arge_encap (d79c06e)
- based on freebsd/stable/10 from 10.4-BETA1 state
- fixed sshd DoS (74fc894) [FreeBSD-SA-17:06.openssh]
- updated bmake to 20170720
- fixed UFS snapshot handlings
Changelog
Oliver Pinter + (24):
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Shawn Webb (2):
Merge remote-tracking branch 'origin/freebsd/10-stable/master' into hardened/10-stable/master
HBSD: Resolve merge conflict
ae (1):
MFC r284152: Add makefile to build geom_map kld. Document some GEOM_* options in NOTES and geom(4).
avos (1):
MFC r322124: rfcomm_pppd.8: fix a typo (SPD -> SDP).
bapt (1):
MFC r321812:
cy (1):
MFC r322113:
delphij (2):
Apply upstream fix:
MFC r322527:
gjb (19):
Document r321304, libarchive 3.3.2.
Document r321263, newsyslog(8) RFC5424 logging format.
Document r321242, cron(8) 'cron.d' directories.
Document r321234, syslogd(8) 'syslogd.d' directories.
Move the r321263 entry to 'userland-programs' for consistency.
Document r321216, savecore(8) unit change.
Document r321202, default EFI partition size increase.
Document r321198, vt(4) maximum framebuffer increase.
Document r321031, NFS 'pNFS commit' support.
Document r321024, kern.features.linux{,64} addition.
Document r320646, rcmds deprecation.
Document r320824, gdb(1)/kgdb(1) deprecation.
Document r321067, arcmsr(4) driver version 1.40.00.00.
Remove r321216 entry, part of which was reverted.
Document r321964, bmake 20170720.
Revise entry for r320646, rwho/rwhod/ruptime are not part of rcmds. Fix line wrapping.
Document r322244, pci_vendors version 2017.07.27.
Create hard links to the installed dtb files for the BEAGLEBONE [1] and WANDBOARD [2] images to fix a boot issue.
MFC r321949, r321950, r322101:
hselasky (17):
MFC r312877 and r312878: Minor code refactor as a preparation step for suprise removal of CX-4 PCI device(s), changes: - alloc_entry() now clears bit for page slot entry aswell - update of cmd->ent_arr[] is now under cmd->alloc_lock - complete command if alloc_entry() fails
MFC r312875: Make fw_pages statistics counter 64-bit to avoid overflow.
MFC r312880: Wait for all VFs pages to be reclaimed before closing EQ pages.
MFC r312879: Rename struct fw_page into struct mlx5_fw_page as a preparation step for adding busdma support.
MFC r312881: Add support for device surprise removal and other PCI errors.
MFC r312882, r321983 and r321984: Use the busdma API to allocate all DMA-able memory.
MFC r321985: Ticks are 32-bit in FreeBSD.
MFC r321986: Change reject message type when destroying cm_id in ibore.
MFC r321780: Make sure on-stack buffer is properly aligned.
MFC r321772: Fix broken usage of the mlx4_read_clock() function: - return value has too small width - cycle_t is unsigned and cannot be less than zero
MFC r321782: Remove some dead statistics related code and a structure field from the mlx4en driver which is used by its Linux counterpart, but not under FreeBSD.
MFC r314878: Add support for constant pointer constructs to READ_ONCE() in the LinuxKPI. When the type of the argument is constant the temporary variable cannot be assigned after the barrier. Instead assign the temporary variable by initialization.
MFC r322304: Add support for RX and TX statistics when the mlx4en(4) PCI device is in VF or SRIOV mode typically in a virtual machine environment.
MFC r322306: Print maximum MTU when trying to set invalid MTU in the mlx4en(4) driver. Useful for debugging.
MFC r322248: Fix for mlx4en(4) to properly call m_defrag().
MFC r322251: Make sure the received IP header gets 32-bit aligned for short packets in the mlx5en(4) driver.
MFC r322250: Count drop events due to lack of PCI bandwidth as queue drops and not as input errors in the mlx5en(4) driver. This improves the sysadmin view of physical port errors.
jkim (2):
MFC: r322076
MFC: r322323
ken (2):
MFC r320991, r322016:
MFC r321502, r321714, r321733, r321737, r321799, r322364:
kib (9):
MFC r321347: Account for lock recursion when transfering snaplock to the vnode lock in ffs_snapremove().
MFC r321348: Unlock correct lock in ffs_snapblkfree().
MFC r321349: Improve publication of the newly allocated snapdata.
MFC r321919: Do not call trapsignal() after handling usermode fault or interrupt, when a signal is not intended to be sent.
MFC r322059: Fix off by one in calculation of the number of buckets for the pc addresses.
MFC r322256: Fix logic error in the the assert, causing the condition to be always true.
MFC r322493: Remove confusion in the line explaining syntax of the msr read. Specify words order in the display.
MFC r322550: Typo, the '-6' option selects inet6.
MFC r322667,r322706: Improve i386 #UD low-level kdtrace hook.
marius (12):
MFC: r290156, r318354
MFC: r306375
Regenerate src.conf.5 after r322094.
MFC: r274394, r274399, r307802
Fix a stable/10-specific mismerge in r322096; the MK_NCURSESW handling should be within the MK_DIALOG block as libncurses{,w} isn't required when building tzsetup(8) without dialog(3) support.
MFC: r319350, r320620, r321385, r321490, r321588, r321948
MFC: r321589
MFC: r322097, r322203
MFC: r322209
Update stable/10 to BETA1 in preparation for 10.4-BETA1 builds.
MFC: r266470, r273546, r276017, r277932, r279153, r279778, r279780, r278797, r278861, r280283, r280284, r280294, r280452, r280558, r280571, r281863, r282049, r282357, r282440, r282441, r282358, r282359, r283550, r283918, r290171, r290667, r290381, r290533, r290666, r292483, r295659, r297545, r298305, r298383, r298428, r306489, r306557, r307067, r307068, r307087, r307088, r307089, r307091, r307092, r307093, r307098, r307115, r307154, r307240, r307241, r315967, r316476
Switch the pkg(8) configuration for the default installation and the dvd1.iso to use the quarterly set, i. e. 2017Q3, during the 10.4-BETA phase.
mav (4):
MFC r321921: Add compat shim part missed at r305197.
MFC r321685: Fix IORDY bits definition.
MFC r321720, r321856: Attach ichwd(4) only to ISA bus of the LPC bridge.
MFC r321794: Improve FHA locality control for NFS read/write requests.
mckusick (3):
MFC r321816: Avoid reading a snapshot block when it is already in the cache.
MFC of 322178:
Correct compile error triggered in nanobsd i386 by 322513 (MFC of 322178)
mm (1):
MFH r321674: Sync libarchive with vendor.
ngie (3):
MFC r320702,r320703:
Regenerate src.conf(5) per r322100
MFC r321915:
pfg (1):
MFC r321838: sys/net8021: Add missing braces in setcurchan().
se (1):
MFC 321858: Add alternate Turkish keyboard layout F, submitted by Ufur Guler. MFC 321859: While here, adjust a few file and path names in comments.
sephe (4):
MFC 321762 hyperv: Add VF bringup scripts and devd rules.
MFC 321836,321837
MFC 321965 hyperv/kvp: Use proper size macro for adapter id.
MFC 322299,322483,322485-322487
tuexen (2):
MFC r317208:
MFC r317244:
Installer images: http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/ISO-IMAGES/HardenedBSD-10-STABLE-v1000048.2/
CHECKSUM.SHA512:
SHA512 (HardenedBSD-10-STABLE-v1000048.2-amd64-bootonly.iso) = f050424321507f9ed24f9cf41c0ba841f4aa53356867ef21a9c4ccb2d72acfc41f914cd83ac6f49449277bd42e29cd6cef19c6f35b25c49fcf6d508ef6edaa2e
SHA512 (HardenedBSD-10-STABLE-v1000048.2-amd64-disc1.iso) = 81a44cbd6135a596971b0a2135c9ab9e1920231f14e152...
HardenedBSD-11-STABLE-v1100048.2
Warning: this is a security update!
Highlights:
- updated bsdgrep to 2.6.0 (2cf785f)
- fixed possible pf DoS (f9ac1ee)
- fixed boundary checks in ipsec (d3f829d)
- workaround for AMD Ryzen chips (4571a19)
- enhanced top(1) to filter on multiple usernames (964bec7)
- updated private sqlite3-3.14.1 to sqlite3-3.20.0 (01424a1)
- updated subversion 1.9.5 -> 1.9.7 (73778e3)
- fixed DoS in sshd (4268d8e) [FreeBSD-SA-17:06.openssh]
- updated libxo to 0.8.4 (24dec0b)
Changelog
Oliver Pinter + (48):
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Shawn Webb (2):
Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
HBSD: Resolve merge conflict
ae (1):
MFC r322328: Make user supplied data checks a bit stricter.
avos (1):
MFC r322124: rfcomm_pppd.8: fix a typo (SPD -> SDP).
bapt (2):
MFC r321812:
MFC r313958, r319717, r321810
cy (2):
MFC r321605:
MFC r322113:
dchagin (2):
MFC r321460:
MFC r321839:
delphij (4):
MFC r321713:
MFC r320761:
Apply upstream fix:
MFC r322527:
dim (1):
MFC r321684:
ed (1):
MFC r321924:
emaste (6):
MFC r321734: bsdinstall: default to UEFI-only boot on arm64
MFC r215837: uart: add AX99100 chipset support
MFC r321298: acpidump: add ACPI NFIT (NVDIMM Firmware Interface Table)
MFC r304000 (maxim): acpidump: move variable initialization out of assert(3)
MFC r320736: acpidump: warn and exit loop on invalid subtable length
MFC r322356: Mark PROFILE option as broken when targetting mips64
gahr (1):
MFC r322139
gavin (1):
Merge r316113,316184,316413 from head: - Remove #define PCIS_SERIALBUS_SMBUS_PROGIF, unused since r200091 - Switch device_probe() from large case statement to a lookup table - Add several missing SMBus controllers
gjb (1):
Add an errata entry for ruptime(1), rwho(1), and rwhod(8), not included in the rcmds deprecation.
hselasky (29):
MFC r321722: Properly range check length of parsed information elements in RSU driver.
MFC r320773: Implement fix for BULK IN-token retry mechanism. When the hardware is programmed for infinite IN token retry after NAK, the SAF1761 hardware, however, does not retry the IN-token. This problem is described in the SAF1761 errata, section 18.1.1.
MFC r312526: Update firmware interface structures and definitions adding support for new features and commands.
MFC r312527: Add runtime support for modifying the SQ and RQ completion event moderation mode. The presence of this feature is indicated through the firmware capabilities.
MFC r312528: Make draining a sendqueue more robust.
MFC r312536: Allow transmit packet bufring in software to be disabled.
MFC r312537: Remove superfluous return statement.
MFC r312865: Enforce reading the consumer and producer counters once to ensure consistent return values from the mlx5e_sq_has_room_for() function. The two counters are incremented by different threads under different locks.
MFC r312872: Add support for reading advanced diagnostic counters.
MFC r312876: Use ffs() to scan for first bit instead of using a for() loop. Minor code refactor while at it.
MFC r312983: Make "desc" pointer non-constant inside the mlx5_core_diagnostics_entry structure. This fixes compilation with amd64-xtoolchain-gcc.
MFC r312877 and r312878: Minor code refactor as a preparation step for suprise removal of CX-4 PCI device(s), changes: - alloc_entry() now clears bit for page slot entry aswell - update of cmd->ent_arr[] is now under cmd->alloc_lock - complete command if alloc_entry() fails
MFC r312875: Make fw_pages statistics counter 64-bit to avoid overflow.
MFC r312880: Wait for all VFs pages to be reclaimed before closing EQ pages.
MFC r312879: Rename struct fw_page into struct mlx5_fw_page as a preparation step for adding busdma support.
MFC r312881: Add support for device surprise removal and other PCI errors.
MFC r312882, r321983 and r321984: Use the busdma API to allocate all DMA-able memory.
MFC r321985: Ticks are 32-bit in FreeBSD.
MFC r321986: Change reject message type when destroying cm_id in ibore.
MFC r321780: Make sure on-stack buffer is properly aligned.
MFC r321772: Fix broken usage of the mlx4_read_clock() function: - return value has too small width - cycle_t is unsigned and cannot be less than zero
MFC r321782: Remove some dead statistics related code and a structure field from the mlx4en driver which is used by its Linux counterpart, but not under FreeBSD.
MFC r322305: Increment queue drops in the network statistics when transmitted packets are dropped by the mlx4en(4) driver.
MFC r314878: Add support for constant pointer constructs to READ_ONCE() in the LinuxKPI. When the type of the argument is constant the temporary variable cannot be assigned after the barrier. Instead assign the temporary variable by initialization.
MFC r322304: Add support for RX and TX statistics when the mlx4en(4) PCI device is in VF or SRIOV mode typically in a virtual machine environment.
MFC r322306: Print maximum MTU when trying to set invalid MTU in the mlx4en(4) driver. Useful for debugging.
MFC r322248: Fix for mlx4en(4) to properly call m_defrag().
MFC r322251: Make sure the received IP header gets 32-bit aligned for short packets in the mlx5en(4) driver.
MFC r322250: Count drop events due to lack of PCI bandwidth as queue drops and not as input errors in the mlx5en(4) driver. This improves the sysadmin view of physical port errors.
jkim (1):
MFC: r322076
ken (3):
MFC r321622, r321623:
MFC r320991, r322016:
MFC r321502, r321714, r321733, r321737, r321799, r322364:
kevans (27):
MFC r313948: b...
HardenedBSD-10-STABLE-v1000048.1
Warning: this is a security update!
Highlights:
- Changed version from 10.3 to 10.4 - as preparation to 10.4-RELEASE per upstream (054e15f)
- bmake update to 20170720
- HBSD MFC: Restrict permissions on /dev/ksyms to 0400 (5cdd854) [FreeBSD-SA-Candidate]
- Merge MAP_GUARD. (3753ee3) [FreeBSD-SA-Candidate, CVE-2017-1084)
- NFS fixes
- libarchive update to 3.3.2
- Add newsyslog capability to write RFC5424 compliant rotation message. (26c6cd3)
- MFC r302145: bsdinstall: increase EFI partition size to 200MB (48ce3b4)
Changelog
Oliver Pinter (4):
HBSD MFC: Restrict permissions on /dev/ksyms to 0400.
HBSD MFC: Fix style bugs in ksyms.c.
Merge remote-tracking branch 'origin/freebsd/10-stable/master' into hardened/10-stable/master
HBSD: fix merge conflict after MAP_GUARD backport (3753ee3ec3e123ae4b62be3b19aaf09bf2e2ef59)
Oliver Pinter + (46):
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Shawn Webb (1):
Merge remote-tracking branch 'origin/freebsd/10-stable/master' into hardened/10-stable/master
ae (1):
MFC r321203: Add HPE FlexFabric 10Gb 4-port 536FLR-T device id to the bxe(4) driver.
alc (6):
MFC r320498 Clear the MAP_WIREFUTURE flag on the vm map in exec_new_vmspace() when it recycles the current vm space. Otherwise, an mlockall(MCL_FUTURE) could still be in effect on the process after an execve(2), which violates the specification for mlockall(2).
MFC r315621 Use IDX_TO_OFF(), not ptoa(), when converting the difference between two vm_pindex_t's into a vm_ooffset_t.
MFC r320546 When "force" is specified to pmap_invalidate_cache_range(), the given start address is not required to be page aligned. However, the loop within pmap_invalidate_cache_range() that performs the actual cache line invalidations requires that the starting address be truncated to a multiple of the cache line size. This change corrects an error in that truncation.
MFC r319756 Style and comment fixes
MFC r319905
MFC r320077 Change blist_alloc()'s allocation policy from first-fit to next-fit so that disk writes are more likely to be sequential. This change is beneficial on both the solid state and mechanical disks that I've tested. (A similar change in allocation policy was made by DragonFly BSD in 2013 to speed up Poudriere with "stressful memory parameters".)
asomers (7):
MFC r319854:
MFC r320163:
MFC r320165-r320166
Clarify usage of aio(4) with kqueue(2)
MFC r320269:
MFC r320737, r320914
MFC r320807:
avos (1):
MFC r321401: net80211: do not allow to unload rate control module if it is still in use.
bapt (1):
MFC r320988:
bdrewery (1):
MFC r320273:
cy (1):
MFC r321605:
davidcs (3):
MFC 320694 Allow MTU changes without ifconfig down/up
MFC 320705 Release mtx hw_lock before calling pause() in qla_stop() and qla_error_recovery()
MFC 321233 Raise the watchdog timer interval to 2 ticks, there by guaranteeing that it fires between 1ms and 2ms. ` Treat two consecutive occurrences of Heartbeat failures as a legitimate Heartbeat failure
dchagin (15):
MFC r281829 (by trasz@):
MFC r281882(by trasz@):
MFC r292744:
MFC r293907 (glebius@) partially:
MFC r293908:
Temporarily r284696:
MFC r272823:
Regen after r321017. Move the SCTP syscalls to netinet with the rest of the SCTP code.
MFC r284613 (by tuexen@):
MFC r281436 (by mjg@):
MFC r281437 (by mjg@):
MFC r296503:
MFC r297597 (by bapt@):
MFC r298071 (by pfg@):
MFC r305994 (by emaste@):
delphij (5):
MFC r320986:
MFC r320433:
MFC r320468:
MFC r321713:
MFC r320761:
dim (2):
Pull in r229281 from upstream libc++ (by Larisse Voufo):
MFC r321305:
emaste (6):
MFC r319890: Correct bitwise test in mac_bsdextended ugidfw_rule_valid()
MFC r303043: Increase vt(4) framebuffer maximum size
MFC r313547, r313777: fix mouse selection when vt(4) scrolls
MFC r302145: bsdinstall: increase EFI partition size to 200MB
MFC r321218: zfs: Fix a typo in the delay_min_dirty_percent sysctl description
MFC r321436: ar: handle partial writes from archive_write_data
gavin (1):
Merge r316113,316184,316413 from head: - Remove #define PCIS_SERIALBUS_SMBUS_PROGIF, unused since r200091 - Switch device_probe() from large case statement to a lookup table - Add several missing SMBus controllers
gjb (2):
Document SA-17:05.heimdal, EN-17:06.hyperv
MFC r320969: Fix a missing comment marker.
hselasky (11):
MFC r320876: Make sure the mlx4en RX DMA ring gets stamped with software ownership in order to prevent the flow of QP to error in the firmware once UPDATE_QP is called.
MFC r321722: Properly range check length of parsed information elements in RSU driver.
MFC r312526: Update firmware interface structures and definitions adding support for new features and commands.
MFC r312527: Add runtime support for modifying the SQ and RQ completion event moderation mode. The presence of this feature is indicated through the firmware capabilities.
MFC r312528: Make draining a sendqueue more robust.
MFC r312536: Allow transmit packet bufring in software to be disabled.
MFC r312537: Remove superfluous return statement.
MFC r312865: Enforce reading the consumer and producer counters once to ensure consistent return values from the mlx5e_sq_has_room_for() function. The two counters are incremented by different threads under different locks.
MFC r312872: Add support for reading advanced diagnostic counters.
MFC r312876: Use ffs() to scan for first bit instead of using a for() loop. Minor code refactor while at it.
MFC r312983: Make "desc" pointer non-constant inside the mlx5_core_diagnostics_entry structure. This fixes compilation with amd64-xtoolchain-gcc.
jhb (1):
Add deprecation notices for various device drivers removed in 12.0.
ken (2):
MFC r321207: ------------------------------------------------------...
HardenedBSD-11-STABLE-v1100048.1
Highlights:
- Restrict permissions on /dev/ksyms to 0400. (0781c59) [FreeBSD-SA-Candidate]
- ZFS updates
- Add virtio-console support to bhyve (eaaa8cd)
- Update to libarchice 3.3.2
Changelog
Oliver Pinter + (47):
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Shawn Webb (2):
Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
HBSD: Resolve merge conflict
ae (1):
MFC r321203: Add HPE FlexFabric 10Gb 4-port 536FLR-T device id to the bxe(4) driver.
alc (8):
MFC r315597 Style fixes. In particular, the variable "bogus" is used like a Boolean. Define it as such.
MFC r320498 Clear the MAP_WIREFUTURE flag on the vm map in exec_new_vmspace() when it recycles the current vm space. Otherwise, an mlockall(MCL_FUTURE) could still be in effect on the process after an execve(2), which violates the specification for mlockall(2).
MFC r315621 Use IDX_TO_OFF(), not ptoa(), when converting the difference between two vm_pindex_t's into a vm_ooffset_t.
MFC r320546 When "force" is specified to pmap_invalidate_cache_range(), the given start address is not required to be page aligned. However, the loop within pmap_invalidate_cache_range() that performs the actual cache line invalidations requires that the starting address be truncated to a multiple of the cache line size. This change corrects an error in that truncation.
MFC r319756 Style and comment fixes
MFC r320319 Increase the pageout cluster size to 32 pages.
MFC r319905
MFC r320077 Change blist_alloc()'s allocation policy from first-fit to next-fit so that disk writes are more likely to be sequential. This change is beneficial on both the solid state and mechanical disks that I've tested. (A similar change in allocation policy was made by DragonFly BSD in 2013 to speed up Poudriere with "stressful memory parameters".)
avos (1):
MFC r321401: net80211: do not allow to unload rate control module if it is still in use.
bapt (2):
MFC r320988:
MFC r320267, r320270-r320271, r320478
bcr (1):
MFC r321023:
bdrewery (4):
MFC r320806:
MFC r320883:
MFC r320292:
MFC r320273:
davidcs (3):
MFC 320694 Allow MTU changes without ifconfig down/up
MFC 320705 Release mtx hw_lock before calling pause() in qla_stop() and qla_error_recovery()
MFC 321233 Raise the watchdog timer interval to 2 ticks, there by guaranteeing that it fires between 1ms and 2ms. ` Treat two consecutive occurrences of Heartbeat failures as a legitimate Heartbeat failure
dchagin (4):
MFC r320814:
MFC r321366:
MFC r320836:
MFC r320837:
delphij (3):
MFC r320986:
MFC r320433:
MFC r320468:
dim (3):
MFC r321305:
MFC r321306:
MFC r321342:
ed (1):
MFC r320240:
emaste (18):
MFC r320056: arm: set appropriate section flags for .init_pagetable
MFC r320065: arm: add .arch_extension sec for smc instruction
MFC r319219: add a sanity check before installworld on the running system
MFC r319516: tsan: set noexec stack on aarch64
MFC r319890: Correct bitwise test in mac_bsdextended ugidfw_rule_valid()
MFC r320235: retire arm64 kernel module linker workaround
MFC r313547, r313777: fix mouse selection when vt(4) scrolls
readelf: fix printing of DT_FILTER and some other DT_* values
MFC r321218: zfs: Fix a typo in the delay_min_dirty_percent sysctl description
MFC r319718: arm64: add ".arch armv8-a+crc" to allow use of crc instructions
MFC r312857: Use cross-NM (XNM) in compat32 build
MFC r316055: makefs: sort roundup with the other off_t members in fsinfo_t
MFC r319513: linux vdso: pass -fPIC to the assembler, not linker
MFC r321302: add arm64 objcopy output target for embedfs
MFC r321294: acpidump: use C99 designated initializers
MFC r321299: acpidump: add GIC ITS srat type
revert r321601, it depends on an ACPICA update not yet merged
MFC r321436: ar: handle partial writes from archive_write_data
gjb (10):
MFC r320969: Fix a missing comment marker.
- Set stable/11 from -PRERELEASE back to -STABLE. - Update version entities in release.ent.
- Fix the 'release.prev' entity for the 11.1-RELEASE errata. - Prune stale entries from 11.0-RELEASE. - Bump copyright year.
Prune one more missed entry from 11.0-RELEASE.
Fix a typo.
Trim stale entries from 11.0.
Mention arm64 lacking EFI RTC support, and a workaround.
Document a late-discovered issue where 'root on ZFS' installations on arm64 fail to find the root pool.
Add a note regarding VirtualBox vboxguest panics during 11.1-RC2.
Add an errata entry to reflect an incorrect attribution for r315330.
jhb (1):
MFC 321075: Set the current vnet pointer in the socket buffer AIO handler.
ken (1):
MFC r321207: ------------------------------------------------------------------------ r321207 | ken | 2017-07-19 09:39:01 -0600 (Wed, 19 Jul 2017) | 14 lines
kib (14):
MFC r320989: Language improvements.
MFC r320868: Fix warnings, adjust style.
MFC r320936,r320937,r320938: Fix size argument to vm_pager_allocate().
MFC r320982: Correct sysent flags for dynamically loaded syscalls.
MFC r321173: Convert assertion that only vmspace owner grows the stack, into a check blocking grow from other processes accesses.
MFC r319871: Make struct syscall_args visible to userspace compilation environment from machine/proc.h, consistently on all architectures.
MFC r319873: Move struct syscall_args syscall arguments parameters container into struct thread.
MFC r319874: Print unimplemented syscall number to the ctty on SIGSYS, if enabled by the knob kern.lognosys.
MFC r319875: Add ptrace(PT_GET_SC_ARGS) command to return debuggee' current syscall arguments.
MFC r319876: Update scescx test to print syscall number and arguments.
MFC r321247: Add pctrie_init() and vm_radix_init() to initialize generic pctrie and vm_radix trie.
MFC r321...
HardenedBSD-11-STABLE-v1100048
Warning: This is a security update!
Highlights:
- HBSD: enforce FreeBSD and HardenedBSD KPI version for external modules (19eb04f)
- MFC r320906: MFV r320905: Import Heimdal upstream fix for CVE-2017-11103. (b47deba) [FreeBSD-SA-17:05.heimdal]
- Improved hbsd-update and hbsd-update-build
- Improved NFSv4
- Added Elastic Network Adapter (ENA) HAL
- Added MAP_GUARD as solution against StackClash (c3699e9) [CVE-2017-1084]
- *** [CVE-2017-1083]
- Add VNC Authentication support for bhyve based on RFC6143 section 7.2.2. (3ea3add)
- HBSD: fix broken pax_mprotect transitions (1904c84)
- opBSD: plug the last memory protection test in paxtest (8341b1d)
- HBSD MFC: Fix long standing issue in bsdconfig's keymap selection (b2d080f)
Changelog
M.Shirk (1):
Updating hbsd-update-build to work with custom kernel configs.
Oliver Pinter (12):
HBSD: add our second mirror: allbsd.org @Japan
HBSD: use http instead of https in mirrorselect, since by default no certs are installed on installer
HBSD: add our third mirror: de-01.installer.hardenedbsd.org @Germany
HBSD MFC: Fix long standing issue in bsdconfig's keymap selection
opBSD: plug the last memory protection test in paxtest
HBSD: Bump __HardenedBSD_version to 47
HBSD: Bump __HardenedBSD_version to 1100047
Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
HBSD: fix merge conflict in sys/kern/imgact_elf.c after recent upstream changes
HBSD: fix broken pax_mprotect transitions
HBSD: enforce FreeBSD and HardenedBSD KPI version for external modules
HBSD: bump __HardenedBSD_version to 1100048 after KPI enforcement
Oliver Pinter + (72):
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Shawn Webb (25):
HBSD: Fix building with COMPAT_FREEBSD32
HBSD: Harden the stack guard
HBSD: style(9) fixes
HBSD: Harden per-thread stack guard
HBSD: Do not allow non-stack mappings between bottom-most limit of stack and the top of the stack
HBSD: Return with proc unlocked
HBSD: Randomize top of per-thread stacks
Revert "HBSD: Randomize top of per-thread stacks"
HBSD: Backout libthr stack guard hardening entirely
Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
HBSD: Resolve merge conflict
HBSD: Prevent foot shooting
HBSD: style(9)
Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
HBSD: Resolve merge conflict
Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
HBSD: Resolve merge conflict
HBSD: Bump copyright
HBSD: Remove debugging code
HBSD: Fix cross-build
HBSD: Add option in hbsd-update to not apply kernel distset
HBSD: Update passwd files with hbsd-update
HBSD: Remove dead code
HBSD: Fix hbsd-update-build
HBSD: Provide better version detection
ae (2):
MFC r319895: Resurrect RTF_RNH_LOCKED flag and restore ability to call rtalloc1_fib() with acquired RIB lock.
MFC r320479: Fix IPv6 extension header parsing. The length field doesn't include the first 8 octets.
alc (8):
MFC r318995 In r118390, the swap pager's approach to striping swap allocation over multiple devices was changed. However, swapoff_one() was not fully and correctly converted. In particular, with r118390's introduction of a per- device blist, the maximum swap block size, "dmmax", became irrelevant to swapoff_one()'s operation. Moreover, swapoff_one() was performing out-of- range operations on the per-device blist that were silently ignored by blist_fill().
MFC r319540 The data type returned by vmoff() is too narrow in its range. This could break the transmission of files longer than 4 GB on 32-bit architectures.
MFC r314310 Refine the fix from r312954. Specifically, add a new PDE-only flag, PG_PROMOTED, that indicates whether lingering 4KB page mappings might need to be flushed on a PDE ch...
HardenedBSD-10-STABLE-v1000048
Warning: this is a security update!
Highlights:
- MFC r320906: MFV r320905: Import upstream heimdal fix for CVE-2017-11103. (3955ce4) FreeBSD-SA-17:05.heimdal
- hbsd-update{,-build} updates
- enforce FreeBSD and HardenedBSD KPI version for external modules
- HBSD: fix broken pax_mprotect transitions (9161ed8)
Changelog
M.Shirk (1):
Updating hbsd-update-build to work with custom kernel configs.
Oliver Pinter (5):
HBSD: fix broken pax_mprotect transitions
Merge remote-tracking branch 'origin/freebsd/10-stable/master' into hardened/10-stable/master
HBSD: resolve merge conflict in kern_exec.c after 3fdefba1f9cc0ba6cc359c2b104ca68158297dfe
HBSD: enforce FreeBSD and HardenedBSD KPI version for external modules
HBSD: bump __HardenedBSD_version to 1000048 after KPI enforcement
Oliver Pinter + (34):
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Shawn Webb (16):
HBSD: Provide an option to not require binutils from pkg in hbsd-update-build
HBSD: Report hash on version check
HBSD: Bump copyright
HBSD: Enforce the existence of the DNS record
HBSD: Don't set TARGET/TARGET_ARCH when building obsolete files
HBSD: Add option to keep temporary files
HBSD: Bump dates
HBSD: Add installation hook scripting
HBSD: Bump copyright
HBSD: Remove debugging code
HBSD: Fix cross-build
HBSD: Add option in hbsd-update to not apply kernel distset
HBSD: Update passwd files with hbsd-update
HBSD: Remove dead code
HBSD: Fix hbsd-update-build
HBSD: Provide better version detection
alc (7):
MFC r314310 Refine the fix from r312954. Specifically, add a new PDE-only flag, PG_PROMOTED, that indicates whether lingering 4KB page mappings might need to be flushed on a PDE change that restricts or destroys a 2MB page mapping. This flag allows the pmap to avoid range invalidations that are both unnecessary and costly.
MFC r281720 Eliminate an unused variable.
MFC r281771 Eliminate an unused variable.
MFC r319605 The variable "breakout" is used like a Boolean, so actually define it as one.
MFC r320181 Eliminate an unused macro.
MFC r320049 Pages that are passed to swap_pager_putpages() should already be fully dirty. Assert that they are fully dirty rather than redundantly calling vm_page_dirty() on them.
MFC r319699 When allocating swap blocks, if the available number of free blocks in a subtree is already zero, then setting the "largest contiguous free block" hint for that subtree to anything other than zero makes no sense. (To be clear, assigning a value to the hint that is too large is not a correctness problem, only a pessimization.)
allanjude (1):
MFC r320644: Add deprecation notices for all rcmd tools
asomers (3):
MFC r318790, r319336
MFC r319337:
MFC r319900:
avg (2):
MFC r320259: jedec_ts: read device id from the correct register
MFC r308782: After some ZIL changes 6 years ago zil_slog_limit got partially broken due to zl_itx_list_sz not updated when async itx'es upgraded to sync. Actually because of other changes about that time zl_itx_list_sz is not really required to implement the functionality, so this patch removes some unneeded broken code and variables.
bdrewery (1):
MFC r289861:
cy (1):
MFC r320242, r320256:
davidcs (1):
MFC r320175 Add pkts_cnt_oversized to stats.
delphij (4):
MFC r320216: Fix use-after-free introduced in r300388.
MFC r320494: Fix double free by reverting r300385 and r300624 which was false positive reported by cppcheck.
MFC r320093: Check return value of seteuid() and bail out if we fail.
MFC r320906: MFV r320905: Import upstream fix for CVE-2017-11103.
emaste (1):
MFC r317159: libstdc++: fix symbol version script for LLD
eugen (1):
MFC r310888:
gjb (4):
MFC r320488: Correct the branch naming convention in param.h. While here, consistently use upper-case 'X' to represent the version number.
MFC r320599: Fix Vagrant image upload after recent API changes.
MFC r320748: Allow passing NOPKG= to make(1) to enable the pkg-stage target from getting executed when NOPKG is defined but empty.
MFC r300761, r300762: r300761: Disconnect the AZURE target from the CLOUDWARE list.
jhb (1):
MFC 320675: Add deprecation notices for gdb and kgdb.
jilles (4):
MFC r315005: sh: Fix executing wrong command with ${x#$(y)}$(z).
MFC r318591: compress: Add basic tests.
MFC r317912: sh: Fix INTOFF leak after a builtin with different locale settings.
MFC r318592: compress: Allow uncompress -c with multiple pathnames, as required by POSIX.
ken (2):
MFC r320123:
MFC r320421:
kib (8):
MFC r320201: Assert that the protection of a new map entry is a subset of the max protection.
MFC r320202: Call pmap_copy() only for map entries which have the backing object instantiated.
MFC r320308: Translate between abridged and full x87 tags for compat32 ptrace(PT_GETFPREGS).
MFC r320316: Do not try to unmark MAP_ENTRY_IN_TRANSITION marked by other thread.
MFC r320332: Style.
MFC r320570: Correct signatures of several pthreads stubs.
MFC r320619: Resolve confusion between different error code spaces.
MFC r320658: When reporting undefined symbol, note the version, if specified.
marius (1):
MFC: r320577, r320620
markj (1):
MFC r320372: Fix a memory leak in ses_get_elm_devnames().
mckusick (1):
MFC of 320176:
mjg (2):
MFC r293295:
Remove waiters check from the inline rw wunlock routine.
ngie (7):
Fix up r319257
MFC r319634:
MFC r319637:
MFC r319626:
MFC r317179:
Regenerate src.conf(5)
MFC r317161:
pfg (2):
MFC r320079: ext2fs: Enable RO huge_file feature support.
MFC r320408: ext2fs: Support e2di_uid_high and e2di_gid_high.
rmacklem (3):
MFC: r319882 Define NFS_MAXXDR as the upper bound on XDR overhead in an NFS RPC.
MFC: r320062, r320070, r320126 This is a partial merge of only the NFS changes and not the maxbcachebuf tunable.
MFC: r320208 Ensure that the credentials field of the NFSv4 client open structure is initialized.
sephe (2):
MFC 320184
MFC 320490
Installer images: http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/ISO-IMAGES/HardenedBSD-10-STABLE-v1000048/
CHECKSUM.SHA512:
SHA512 (HardenedBSD-10-STABLE-v1000048-amd64-bootonly.iso) = c22e3d4ca378240c253349059dc5c8a0e3d3c47dd7a952a25378a45ff1469db5c4ab898b5d243ba093416cbbc88085e59d139d01364e2e4b9637cd4dcf07483c
SHA512 (HardenedBSD-10-STABLE-v1000048-amd64-disc1.iso) = 65dd0cfcb8a8a55a121737fc00ff4eb24c30f33be8e6a7a49720419d28a41d468e7d1a659bd53ab7d6c3f3f182348dc492aba247c7a4bc4eb265f9b70a838b57
SHA512 (HardenedBSD-10-STABLE-v1000048-amd64-memstick.img) = 82761a7742c00ea9ae3d3caea2a7c4eb54a1b19d977050fbb96fa6e9b14aad0839124a1eb30e7bdae01fd32aeeb1c76a2c30c98e04ee17dce2397e38ac...
HardenedBSD-10-STABLE-v1000047
Warning: this is a security update!
Highlights:
- HBSD: partially backport 13971cb as fix for CVE-2017-1084 (d0b03c5)
- Changed __HardenedBSD_version scheme
- opBSD: plug the last memory protection test in paxtest (cf883c4)
- HBSD MFC: Fix long standing issue in bsdconfig's keymap selection (12c307c)
- HBSD: add our third mirror: de-01.installer.hardenedbsd.org @germany
- HBSD: add our second mirror: allbsd.org @japan
- Implement INHERIT_ZERO for minherit(2)
- Fix several buffer overflows in realpath(3), and other minor issues [FreeBSD-SA-Candidate]
- Libarchive update (bd8807f)
- hyperv/kvp: Fix pool direcrory and file permission
Changelog
Oliver Pinter (8):
Merge remote-tracking branch 'origin/freebsd/10-stable/master' into hardened/10-stable/master
HBSD: add our second mirror: allbsd.org @Japan
HBSD: use http instead of https in mirrorselect, since by default no certs are installed on installer
HBSD: add our third mirror: de-01.installer.hardenedbsd.org @Germany
HBSD MFC: Fix long standing issue in bsdconfig's keymap selection
opBSD: plug the last memory protection test in paxtest
HBSD: Bump __HardenedBSD_version to 47
HBSD: Bump __HardenedBSD_version to 1000047
Oliver Pinter + (65):
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
Shawn Webb (4):
Merge remote-tracking branch 'origin/freebsd/10-stable/master' into hardened/10-stable/master
HBSD: Resolve merge conflict
Merge remote-tracking branch 'origin/freebsd/10-stable/master' into hardened/10-stable/master
HBSD: Resolve merge conflict
alc (1):
MFC r318995 In r118390, the swap pager's approach to striping swap allocation over multiple devices was changed. However, swapoff_one() was not fully and correctly converted. In particular, with r118390's introduction of a per- device blist, the maximum swap block size, "dmmax", became irrelevant to swapoff_one()'s operation. Moreover, swapoff_one() was performing out-of- range operations on the per-device blist that were silently ignored by blist_fill().
asomers (19):
MFC r301207:
MFC r313069:
MFC r314148, r314150
MFC r314341:
MFC r315032-r315036, r315039, r315041
MFC r316500 (except the part to usr.bin/fortune)
MFC r316501, r316523
MFC r316535:
MFC r316548:
MFC r316610:
MFC r316611:
MFC r316760:
MFC r316856:
MFC r317715:
MFC r317755, r317758
MFC r317759:
MFC r318141, r318143-r318144
MFC r318189:
MFC r318593:
avg (5):
MFC r316853: dtrace: fix normalization of stddev aggregation
MFC r316854: rename vfs.zfs.debug_flags to vfs.zfs.debugflags
MFC r319096: zfs_lookup: fix bogus arguments to lookup of "snapshot" directory
MFC r318830: MFV r316921: 8027 tighten up dsl_pool_dirty_delta
MFC r318832: MFV r316923: 8026 retire zfs_throttle_delay and zfs_throttle_resolution
badger (2):
Move td_sigqueue to the end of struct thread
move p_sigqueue to the end of struct proc
bapt (1):
MFC r318900:
bdrewery (3):
MFC r306771:
MFC r303450:
MFC r317658:
brooks (5):
MFC r317566:
MFC r317388:
MFC r317707:
MFC r317845-r317846
MFC r317660, r317710
cy (10):
Ifdef out a redundant if statement when INET6 is disabled.
Revert r318203: Neglected to put "MFC 318203:" in the log.
MFC 317830:
MFC r318281:
MFC r318283:
MFC r318745:
MFC r318578:
MFC r318588:
MFC r318606:
MFC r318998:
davidcs (6):
MFC r317180 Cleanup QLA_LOCK/QLA_UNLOCK macros remove unused QLA_TX_LOCK/QLA_TX_UNLOCK macros format qla_error_recovery()
MFC r318126 llh_func_filter needs to be configured for 100G
MFC r317996 Fix bug where MTX_DEF lock was held while taskqueue_drain() was invoked. Check IFF_DRV_RUNNING flag is set prior to calling ql_hw_set_multi()
MFC r318382 1. Move Rx Processing to fp_taskqueue(). With this CPU utilization for processing interrupts drops to around 1% for 100G and under 1% for other speeds. 2. Use sysctls for TRACE_LRO_CNT and TRACE_TSO_PKT_LEN 3. remove unused mtx tx_lock 4. bind taskqueue kernel thread to the appropriate cpu core 5. when tx_ring is full, stop further transmits till at least 1/16th of the Tx Ring is empty. In our case 1K entries. Also if there are rx_pkts to process, put the taskqueue thread to sleep for 100ms, before enabling interrupts. 6. Use rx_pkt_threshold of 128.
MFC r318383 QL_DPRINT macro modfied to handle multiple args; print line#.
MFC r318676 Check for IPV6 TCP/UDP CSUM offload in pkt header du...
HardenedBSD-11-STABLE-v46.18
Warning: this is a security update!
Highlights:
- Based on FreeBSD 11.1-BETA1
- Security fixes in nandsim (b585a6c) [FreeBSD-SA-Candidate]
- Update to libpcap 1.8.1
- Implement INHERIT_ZERO for minherit
- Support Execute-Never bit in the arm64 pmap (edb010e)
- Enable Privileged Access Never on arm64 (44c9bb4)
- Enable EARLY_AP_STARTUP on amd64 and i386 kernels by default.
Changelog
Oliver Pinter + (38):
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Shawn Webb (7):
Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
HBSD: Resolve merge conflict
Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
HBSD: Resolve merge conflict
Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
HBSD: Resolve merge conflict
ae (4):
MFC r318400: Allow zero port specification in table entries with type flow.
MFC r318399: Set M_BCAST and M_MCAST flags on mbuf sent via divert socket.
MFC r318734: Fix possible double releasing for SA reference.
MFC r319118: Disable IPsec debugging code by default when IPSEC_DEBUG kernel option is not specified.
allanjude (1):
MFC r318765: Allow cpuset_{get,set}affinity in capabilities mode
andrew (10):
MFC r312703:
MFC r316755:
MFC r316732, r316756: Enable Privileged Access Never on arm64.
MFC r316734, r316761: Support Execute-Never bit in the arm64 pmap.
MFC r313396:
MFC r317192:
MFC r317197:
MFC r317361:
MFC r317824:
MFC r307334, r318252: Support write-through caches on arm64
asomers (6):
MFC r317715:
MFC r317755, r317758
MFC r317759:
MFC r318141, r318143-r318144
MFC r318593:
MFC r312919 (by rwatson)
avg (7):
MFC r316643: use msr 0xc001100c to discover multi-node AMD processors
MFC r316853: dtrace: fix normalization of stddev aggregation
MFC r316854: rename vfs.zfs.debug_flags to vfs.zfs.debugflags
MFC r308826: zfs: fix up after the removal of PG_CACHED pages in r308691
MFC r319096: zfs_lookup: fix bogus arguments to lookup of "snapshot" directory
MFC r318830: MFV r316921: 8027 tighten up dsl_pool_dirty_delta
MFC r318832: MFV r316923: 8026 retire zfs_throttle_delay and zfs_throttle_resolution
badger (1):
move p_sigqueue to the end of struct proc
bapt (1):
MFC r318900:
bdrewery (1):
MFC r318194,r319481:
brd (1):
MFC r316030, r317378: Add some useful examples to the sed man page.
cy (6):
MFC r315368:
MFC r318745:
MFC r318578:
MFC r318588:
MFC r318606:
MFC r318998:
davidcs (3):
MFC r318382 1. Move Rx Processing to fp_taskqueue(). With this CPU utilization for processing interrupts drops to around 1% for 100G and under 1% for other speeds. 2. Use sysctls for TRACE_LRO_CNT and TRACE_TSO_PKT_LEN 3. remove unused mtx tx_lock 4. bind taskqueue kernel thread to the appropriate cpu core 5. when tx_ring is full, stop further transmits till at least 1/16th of the Tx Ring is empty. In our case 1K entries. Also if there are rx_pkts to process, put the taskqueue thread to sleep for 100ms, before enabling interrupts. 6. Use rx_pkt_threshold of 128.
MFC r318383 QL_DPRINT macro modfied to handle multiple args; print line#.
MFC r318676 Check for IPV6 TCP/UDP CSUM offload in pkt header during transmits.
dchagin (3):
MFC r317601:
MFC r319052:
MFC r319571:
delphij (12):
MFC r318975:
MFC r315615:
MFC r315272, r315370
MFC r313695, r313760, r314769, r314863, r314865, r316125
MFC r313327:
MFC r316635:
MFC r311989 (cem):
MFC r318514-r318515, r318517, r318917
MFC r316649 (kan):
MFC r304106:
MFC r306691,310036:
MFC r319369:
dim (3):
MFC r318655:
MFC r318906:
MFC r319473:
emaste (6):
MFC r318603: nm: document 'r' symbol type
MFC r312599 (cem): Add remaining ELF compression definitions and structs
MFC r318316: uniq: allow -c to be used with -d or -u
MFC arch.7 man page describing some arch-specific details
MFC r318305: makeman: reword description, based on feedback from wblock
MFC r318974: uart: add AMT SOL PCI ID
gjb (40):
MFC r313955 (emaste): bsdgrep: document ignored option -u
MFC r307469 (imp): Allow root_rw_mount to be both lower and upper case. Before, if it was upper case, you'd wind up with a read-only filesystem when you should sometimes.
MFC r305613 (gabor): Fix typo.
Document the requirement for two SA entries, following the IPSEC overhaul.
Move the SA entry to the tcpmd5 module addition.
Document r318763, EARLY_AP_STARTUP enabled by default.
MFC r308737, r308779: r308737: Pass SWAPSIZE in env(1) when invoking mk-vmimage.sh, otherwise mkimg(1) does not create the second partition after r307008.
MFC r318599, r318643: r318599 (bjk): Updates for efivar.8
MFC r318646: Allow PORTSDIR to be overridden in the pkg-stage target.
Document r318785, vfs.zfs.debug_flags -> vfs.zfs.debugflags rename.
Document r318660, various NFS client fixes.
Document r318660, Amazon EFS support in the NFS client.
Document r312790, EC2 IPv6 by default.
Further expand the r318785 entry, noting vfs.zfs.debugflags can be set in loader.conf(5), whereas vfs.zfs.debug_flags could not.
MFC r318748: Honor WITHOUT_TFTP for check-old* and delete-old* targets.
MFC r314935 (thompsa): Change ec2.conf to use the pkg tool from a chroot rather than trying to bootstrap it and fail from the livecd readonly filesystem.
MFC r318794, r318795: Update the "first appeared in" version in several manual pages.
MFC r318872: Enable DHCP and IPv6 autoconfig on non-cloud VM images.
Document r319269, cxgbe(4) firmware update.
Document r319244, rpcbind(8) warmstart support knob.
Document r319349, byacc(1) version 20170201.
Document r305514, getdtablesize(2) in capability mode. Document r305516, kern.proc.nfds in capability mode. Document r306213, bspatch(1) capsicum support.
Document r305837, readelf(1) ARM program and section header reporting. Document r305844, ELF Tool Chain updated to r3490. Document r309125, strings(1) exit status fix.
Document r305845, UEFI boot loader build reproducibility. Document r307631, groff(1) reproducibility fixes. Document r309183, makewhatis(1) reproducibility fixes. Document r312249, newvers.sh reproducibility fixes. Document r312730, WITH_REPRODUCIBLE...
HardenedBSD-11-STABLE-v46.17
Highlights:
*Increased maximum text segment size from 64MB to 256MB
*Added efivar and related EFI libs
*Libarchive update
*Add sets support for ipfw table info/list/flush commands.
*NFS v4.1 updates
*pf: Fix possible incorrect IPv6 fragmentation
*pf: Fix leak of pf_state_keys
*Fix a use after free panic in ipfilter's fragment processing.
*HyperV updates
*Update tcsh to 6.20.00
*HBSD: Enable SafeStack by default
*Add ipfw_nptv6 module that implements Network Prefix Translation for IPv6
*HBSD: Add installation hook scripting to hbsd-update
*Update clang, llvm, lld, lldb, compiler-rt and libc++ to 4.0.0 release
*Merge ACPICA 20170303
Changelog
Oliver Pinter (2):
HBSD: disable too strict checks[1] in kern_thread.c
HBSD: revert accidentally committed change in dtc/fdt.cc
Oliver Pinter + (132):
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge br...