New stable version: HardenedBSD-stable 11-STABLE v46.2

Submitted by op on

HardenedBSD-11-STABLE-v46.2 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Installers: http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...
Git repo: https://github.com/HardenedBSD/hardenedBSD-stable.git

Highlights:
libarchive update (CVE fixes, FreeBSD SA candidate)
sqlite update (CVE fixes, FreeBSD SA candidate)

---

Oliver Pinter + (27):
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master

Shawn Webb (3):
HBSD: Temporarily disable PIE with the stdlib ATF tests.
Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
HBSD: Resolve merge conflict.

ache (5):
MFC r304703, r304755
Bump __FreeBSD_version after LC_*_MASK fix
MFC r304810
MFC r304607,r304641,r304819,r304811
MFC r304911

ae (1):
MFC r304313: Teach netisr_get_cpuid() to limit a given value to supported by netisr. Use netisr_get_cpuid() in netisr_select_cpuid() to limit cpuid value returned by protocol to be sure that it is not greather than nws_count.

alc (2):
MFC r303747,303982 Correct errors and clean up the comments on the active queue scan.
MFC r304050 Eliminate two calls to vm_page_xunbusy() that are both unnecessary and incorrect from the error cases in exec_map_first_page(). They are unnecessary because we automatically unbusy the page in vm_page_free() when we remove it from the object. The calls are incorrect because they happen after the page is freed, so we might actually unbusy the page after it has been reallocated to a different object. (This error was introduced in r292373.)

andrew (2):
MFC 302789: Add memmmap on arm64 so we can mmap /dev/mem and /dev/kmem.
MFC 302847, 302848, 302852, 302853: Remove the remaining non-INTRNG support from the arm64 code.

avg (1):
MFC r304521: JMicron JMB361 has only a single SATA port

badger (2):
MFC r304184:
MFC r304652:

bapt (1):
Import Dragonfly Mail Agent snapshort from 20160806 aka v0.11+

bdrewery (4):
MFC r304608:
MFC r304643:
MFC r304322:
MFC r304697:

cy (3):
MFC r304721:
MFC r304779, r304780, r304781, r304782, r304802
MFC r304747:

dim (3):
MFC r304530:
MFC r304953:
MFC r304969:

gjb (1):
MFC r304966 (peter): The read-ahead code from r298230 made it likely the boot code would read beyond the end of disk. r298900 added code to prevent this. Some BIOSes cause significant delays if asked to read past end-of-disk.

hiren (1):
MFC r303626 (by gallatin) Rework IPV6 TCP path MTU discovery to match IPv4.

hselasky (4):
MFC r304342: Add support for setting blocking and non-blocking mode on /dev/rdma_cm by returning success on FIONBIO and FIOASYNC IOCTLs. The actual flags handling is done by the kern_ioctl() function.
MFC r304597: Fix for invalid use of bits in input context. Basically split configuring of EP0 and non-EP0 into xhci_cmd_evaluate_ctx() and xhci_cmd_configure_ep() respectivly. This resolves some errors when using XHCI under QEMU and gets is more in line with the XHCI specification.
MFC r304601: Increase the maximum RX/TX queue size. This allows for a RX/TX queue size of 16384 mbufs. Previously the limit was 8192.
MFC r304629: Don't separate the status stage of the XHCI USB control transfers into its own job because this breaks the simplified QEMU XHCI TRB parser, which expects the complete USB control transfer as a series of back to back TRBs. The old behaviour is kept under #ifdef in case this change breaks enumeration of any USB devices.

jhb (1):
MFC 304476: Fix various nits in the aio operation manpages.

jkim (3):
MFC: r304320
MFC: r304636
MFC: r304638, r304640

karels (1):
MFC r304545: Disable L2 caching for UDP over IPv6

kib (29):
MFC r304174: VOP_FSYNC() does not take cred as an argument. Correct comment.
MFC r304227: In ffs_balloc_ufs{1,2} routines, assert that unwind records do not overflow local arrays.
MFC r304228: When block allocation fails in UFS_BALLOC(), and the volume does not have SU enabled, there is no point in calling softdep_request_cleanup().
MFC r304229: When looking up dandling buffers for unwing after failing block allocation in UFS_BALLOC(), there is no need to map them.
MFC r304231: On unwind after failed block allocation in ffs_balloc_ufs{1,2}, assert that recorded allocated blocks numbers match the physical block numbers of dandling buffers which are released. When finally freeing the blocks during unwind, assert that dandling buffers where not re-allocated.
MFC r304232: In UFS_BALLOC(), invalidate pages of indirect buffers on failed block allocation unwinding.
MFC r304286: Remove duplicated code.
MFC r303383: Reduce number of timehands to just two.
MFC r303384: Style.
MFC r303385: Reduce the resettodr_lock scope to only CLOCK_SETTIME() call.
MFC r303386: Change ntpadj_lock to spinlock always. Add missed lock to ntp_update_second().
MFC r303382: Provide the getboottime(9) and getboottimebin(9) KPI.
MFC r303388: Remove Giant from settime().
MFC r303425: Add callout_when(9).
MFC r303426: Rewrite subr_sleepqueue.c use of callouts to not depend on the specifics of callout KPI.
MFC r303548: Cache getbintime(9) answer in timehands.
MFC r304176: Add a trivial implementation of fdatasync(2).
Regen
MFC r304209: The fdatasync(2) call must be cancellation point.
MFC r304178: Implement VOP_FDATASYNC() for msdosfs.
MFC r303924 (by trasz): Eliminate vprint().
MFC r304180: Implement VOP_FDATASYNC() for UFS.
MFC r304287: Add fdatasync(2) man page, combined with fsync(2).
MFC r304182 (by ed): Let CloudABI use fdatasync() as well.
MFC r304916: Consistently delimit each vnode description block with two blank lines.
MFC r304315 (by jilles): rights(4): CAP_FSYNC also permits fdatasync(2).
MFC r304808: Prevent leak of URWLOCK_READ_WAITERS flag for urwlocks.
MFC r304812: In both do_rw_wrlock() and do_rw_rdlock(), do not obliterate possible error from sleep.
MFC r305024: Typesetting fixes.

manu (1):
MFC r304077:

markj (4):
MFC r304440, r304487: Fix some handling of P2_PTRACE_FSTP.
MFC r304055: Fix handling of forward enum declarations in the CTF tools.
MFC r304053, r304054: Initialize busy lock state and strengthen busy lock assertions.
MFC r303855: Handle races with listening socket close when connecting a unix socket.

mav (1):
MFC r304751: Fix minor copy/paste bug.

mm (1):
MFC r304075,r304989: Sync libarchive with vendor including security fixes

ngie (9):
MFC r304034:
MFC r304040:
MFC r304238:
MFC r303900:
MFC r303830,r304693,r304694,r304698:
MFC r304033:
MFC r303804:
MFC r303573:
MFC r304809:

sephe (3):
MFC 304251
MFC 303766 tcp/lro: If timestamps mismatch or it's a FIN, force flush.
MFC 304202 tcp/lro: Make # of LRO entries tunable

shurd (1):
MFC r304021: Update iflib to support more NIC designs

skreuzer (5):
Document 292120, Update to ELF Tool Chain r3272
MFC r303877:
Document r299142, Native PCIe Hotplug support Document r298166, libucl has been updated to version 0.8.0 Document r302288, Enable indirect segment I/O by default when running on EC2 Document r302265, Allow ZFS ARC min / max to be tuned at runtime
Document r299142, The leap-seconds file has been updated to leap-seconds.3676752000 Document r302177, WITH_SYSTEM_COMPILER: Enable by default Document r304246, PCIe HotPlug: Detect bridges that are not really HotPlug capable Document r301565, Switch arm64 to use intrng by default Document r299781, Support for the Allwinner Reduced Serial Bus (RSB) Document r296064, Support for Allwinner A20 HDMI Document r299393, Default installation directory for modules is /boot/modules Document r303716, Drop SSH1 support Document r303719, Disable DSA by default Document r297633, RCTL resources for limited filesystem IO Document r300723, Mellanox implementation of iSER Document r299848, Allow reroot to NFS Document r301033, Discovery without attaching support in iscsictl Document r299371, camcontrol reprobe Document r295212, Add an additional, libucl-based configuration file parser to ctld Document r287842, Change default regulatory domain from DEBUG to FCC in ifconfig Document r301875, The SIOCSIFALIFETIME_IN6 ioctl has been removed
Remove stale items

tuexen (2):
MFC r304543: Unbreak sctp_connectx().
MFC r304736: When aborting an association, send the ABORT before notifying the upper layer. For the kernel this doesn't matter, for the userland stack, it does. While there, silence a clang warning when compiling it in userland.