New stable version: HardenedBSD-stable HardenedBSD-10-STABLE-v41

Submitted by op on

HardenedBSD-10-STABLE-v41 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...
-------------------------------------

Oliver Pinter (19):
HBSD: remove unneeded sysctls from ASLR implementation
HBSD: move pax_disallow_map32bit_active() to it's place in pax.h
HBSD: remove stale function declaration
HBSD: convert the PAX_NOTEs kernel private
HBSD: rework the base hbsd structure
HBSD: remove unused PAX_FEATURE_UNKNOWN_STATUS state
HBSD: remove dead code from hbsd_pax_{common,hardening}.c
HBSD: added skeleton feature implementation
HBSD: remove ptrace_hardening
HBSD: add hbsd related sysctl macros: SYSCTL_HBSD_{2,4}STATE
HBSD: start using the newly intorduced SYSCTL_HBSD_{2,4}STATE in ASLR
HBSD: fix rtld build after the PAX_NOTES conversion (b8faf65680d366cfb9b865f534fe6abfb4c46faa)
HBSD: start using the newly intorduced SYSCTL_HBSD_{2,4}STATE in hbsd_pax_hardening.c
HBSD: start using the newly intorduced SYSCTL_HBSD_{2,4}STATE in hbsd_pax_log.c
HBSD: start using the newly intorduced SYSCTL_HBSD_{2,4}STATE in hbsd_pax_segvguard.c
HBSD: start using the newly intorduced SYSCTL_HBSD_{2,4}STATE in hbsd_pax_noexec.c
HBSD: start using the newly intorduced SYSCTL_HBSD_{2,4}STATE in hbsd_pax_SKEL.c
HBSD: bump __HardenedBSD_version to 41 after recent changes
HBSD: add HBSD_EXTRA environment variable to newvers.sh

Oliver Pinter + (22):
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master
Merge remote-tracking branch 'freebsd/stable/10' into hardened/10-stable/master

Shawn Webb (3):
HBSD: hbsd-update: support /boot being a symlink
HBSD: Use the right path for jls(8).
HBSD: Skip /root/.cshrc on update.

araujo (2):
MFH: 285685 Add support to the jail framework to be able to mount linsysfs(5) and linprocfs(5).
MFH 295796 (based on) Fix regression introduced on 272446r. lagg(4) supports the protocol none, where it disables any traffic without disabling the lagg(4) interface itself.

bapt (1):
MFC r295455

bdrewery (2):
MFC r295665:
MFC r294933,r294949,r294952,r294953,r294957,r294965,r294967,r294968,r295017, r295026,r295027,r295029,r295030,r295649:

cy (1):
MFC r295495 - Update leapsecond file in non-chroot environments.

davidcs (3):
MFC r294854 Upgrade FW to 5.4.56 Update driver version to 3.10.26
MFC r295823
MFC r295830 Remove dead code. Code Cleanup. Improve clarity in debug messages

delphij (1):
MFC r295914: MFV r295913:

des (4):
MFH (r295533): remove broken unbound-control-setup script
MFH (r295535): use insecure-lan-zones option instead of hardcoded list
MFH (r295536): fix double-free error when SSL connection fails
MFH (r294326): fall back to standard / configured CA store

dumbbell (1):
drm/i915: Restore pci_enable_busmaster() call in the init path

emaste (2):
MFC r295496: Document boot1.efi's handling of /boot.config
MFC r295497: Update uefi.8 for ZFS and multi device boot support

erj (1):
MFC r295323: Update em(4) to 7.6.1; update igb(4) to 2.5.3.

garga (1):
MFC r286641 (from oshogbo):

gnn (1):
Revert 295285 which was an MFC of the tryforward work (r290383,295282,295283)

jhb (2):
MFC 295418,295419: Fix hangs or panics when misbehaved kernel threads return from their main function.
MFC 295636,295637: Fix issues with tracing Linux/i386 binaries.

jimharris (2):
MFC r295532:
MFC r295022:

ken (1):
MFC, r295417:

kib (4):
MFC r294595: When devfs dirent is freed, a vnode might still keep a pointer to it, apparently. Interlock and clear the pointer to avoid free memory dereference.
MFC r294596: Limit the accesses to file' f_advice member to VREG vnodes only. Recheck that f_advice is not NULL after lock is taken.
MFC r294598: In tty_dealloc(), clear the queues.
MFC r295717: After nullfs rmdir operation, reclaim the directory vnode which was unlinked. Otherwise the vnode stays cached, causing leak. This is similar to r292961 for regular files.

marius (5):
MFC: r264565
MFC: r287299 [1]
In preparation for 10.3-RELEASE, temporarily revert the MFC of r291244 done as part of r292895 on stable/10 as that change causes hangs with ZFS and the cause on at least amd64 so far not understood. Discussed with: kib For further information see: https://lists.freebsd.org/pipermail/freebsd-stable/2016-February/084045....
MFC: r295906
Update stable/10 to BETA3 in preparation for 10.3-BETA3 builds.

markj (2):
MFC r295574: Clear the cookie pointer on error in tmpfs_readdir().
MFC r295737: Use the _SAFE loop variant.

pfg (1):
MFC r295616: ext2fs: Remove panics for rename() race conditions.

sephe (2):
MFC [Hyper-V]: r293719-r293722, r293869-r293871, r293873-r293875, r293877
MFC [Hyper-V]: r294553, r294700

smh (1):
MFC r272785:

tuexen (2):
MFC r295549: Loopback addresses are 127.0.0.0/8, not 127.0.0.1/32.
MFC r295273: In FreeBSD 10 and higher the driver announces SCTP checksum offloading support also for 82598, which doesn't support it. The legacy code has a check for it, which was missed when the code for dealing with CSUM_IP6_* was added. Add the same check for FreeBSD 10 and higher.