New stable version: HardenedBSD-stable 10-STABLE v46.17

Submitted by op on

HardenedBSD-10-STABLE-v46.17 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

WARNING: this is a security update

Highlights:

  • OpenSSL: Don't allow too many consecutive warning alerts. CVE-2016-8610 (3944e88fda9dc9f4f391a06b18cd7583f783e8ec) [FreeBSD-SA-16:35.openssl]
  • MFC r308197: MFV r308196: Fix OpenSSH remote Denial of Service vulnerability. CVE-2016-8858 (bb8c1d3b5e1d1ff2b26db3fcd0ca74e6418a4908) [FreeBSD-SA-16:33.openssh]
  • MFC r307132: Use copyout() instead of pointing sbuf to user-space buffer. (1e74d3419b0da1ebb8106c23763e29c3ddacfc5a)

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-10-STABLE-v46.17-amd64-bootonly.iso) = aad9e8d4c879e77aebe8f6da63654f5f3a5b8fc1dd67cf20e158d537255ca2d0ca1ec9752814a0b7466231e4e49a61be31cc8b9d00e8ceae4f5bf5991a246626
SHA512 (HardenedBSD-10-STABLE-v46.17-amd64-disc1.iso) = 4cfb825fad4c9bf2872d3da3aa8e9ec0e58ac9eb75441c9af87f062cf9a6a5353340984d59efeaf906bb184e15b574d82e908d868c45fc7fe6885a326c59972e
SHA512 (HardenedBSD-10-STABLE-v46.17-amd64-memstick.img) = e1287439ab32fe7cc8738ff35b2c6fa7faf8960b85104512a28bb5bb3c39ec07c30669e19cb8bf6223e85cce0286a33927f52c38522efde5c92c7a4c103bbc65
SHA512 (HardenedBSD-10-STABLE-v46.17-amd64-mini-memstick.img) = f14b0dbe4c2af31a02a8d919fd8ffaf0835a3ac4ff59330a51bb38ba993ea963493e48fabe9c89c564be46eacb0506d060e45356e319315c0d6f94dea28eab12
SHA512 (HardenedBSD-10-STABLE-v46.17-amd64-uefi-bootonly.iso) = 05170a1ea94e3b828ba501a76bf544d7c3082539b7ed0c555381c0c53faa878e103d2faf155fcda8d705ebefb8e0b4e08288a56e9412f1c8d15b7bd771c9a5cc
SHA512 (HardenedBSD-10-STABLE-v46.17-amd64-uefi-disc1.iso) = 36e8325dc103e12472b0a68ccae88ff632400fb9fc70f77857ee757c33342ab0f22f877801384ecc39cd77dbccf1e2cc78cf0564b0d86a3f3d225cc6fcded5c3
SHA512 (HardenedBSD-10-STABLE-v46.17-amd64-uefi-memstick.img) = 58d1abe6a6e55d88e77840a4ea804c0b789b79981f11a1c0ee4d4c0ec8ddecd3dbf6754d97f254d06bfeabdd0ffa725c6d76150ecd64604c85b23760ddbd92ef
SHA512 (HardenedBSD-10-STABLE-v46.17-amd64-uefi-mini-memstick.img) = 7cae17f04dec06c67f4307dc12114897fd87560a5dcf800b79497316ca328abbcaba2406daf9d4bb1e728f5b50741ee9217215b2bd425aa9bd32309328d8173e

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIcBAABCAAGBQJYGdoMAAoJEIGbEaJv/RiNyWIQAMVKOe8zAIrAQLiIvx2GqGMp
JluKdh5+dgRcDlDXBrnbpWthsCNx22zfIYfPKezH7qVdd+yIMAI5pr3K19IADWDb
JkJjAishvAnxmUsF0MjLuk7zWkuKmxpN7ZBRTZUrSkN6qzQqvelK68NPi+fXCJJr
62kMOmoQfmswNu9SzCAPCSN9eSsg2f4F36oYLCiHsVAybWhyDWiikJLii74cCOVx
YgSSnLU07mDhq3DKHV5l41lKHtGEL99UwoaVT0fdQrPqf/saSb0Pw7Z019cOeg7e
vq4o+uAKgbPe6w+QUAYnc6hNU5w/md1ljP5cXHGg1GkXw5sHVXnvbS871/4tyghx
v05MOeM1srHyLkv0EznA/raWfs2okZ7P59pCrNvd9FYeJquk4dk7ItSF20fStoEm
RN1g6cCrLwtfzKNWKaP66vnLjtdZt4kKTkSvXomIzJlI4mHAWIAxH430/zqOEy4O
QUWrN3I7FHA3O0HCVdEm6fcyMmlL6YN5Cb9waMyDMM/jZX/ZePnpgZd7S2o1nRpa
HxkpIllpsclYr0cEzGwucdSWOUUf2xYvnjF5P5koaUI/B98ZfDS8j1oBqvizJtGf
ArWZsGlrPmSZkJF5LiB0nJ7d2JBESB5CrAKpcEN1hfskLnyQWEfyFlpDLNJydW4u
XGtCwRGzoGcaFGir3D1g
=z6fM
-----END PGP SIGNATURE-----


Changelog:

Oliver Pinter + (15):

  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master


avg (6):

  • MFC r306801: implement zfs_vptocnp() using z_parent property
  • MFC r305539: work around AMD erratum 793 for family 16h, models 00h-0Fh
  • MFC r307130: smbus: allow child devices to be added via hints
  • MFC r307131: install header files required development with libzfs_core
  • MFC r307141: remove a few stray spaces from sys/param.h
  • bump __FreeBSD_version for libzfs_core.h


bapt (1):

  • MFC r307785:


davidcs (1):

  • MFC r307578 1. Use taskqueue_create() instead of taskqueue_create_fast() for both fastpath and slowpath taskqueues. 2. Service all transmits in taskqueue threads. 3. additional stats counters for keeping track of - bd availability - tx buf ring not emptied in the fp task queue. These are drained via timeout taskqueue. - tx attempts during link down.


delphij (2):

  • MFC r308197: MFV r308196:
  • Backport OpenSSL commit af58be768ebb690f78530f796e92b8ae5c9a4401:


dim (1):

  • Pull in r228705 from upstream libc++ trunk (by Eric Fiselier):


ed (1):

  • Add posix_tnode to .


gjb (1):

  • Document EN-16:17-18, SA-16:26-32


hselasky (1):

  • MFC r307651: Add support for adjusting the hardware buffering delay for USB audio.


jhb (5):

  • MFC 303002: Include process IDs in core dumps.
  • MFC 272079,272080: cxgbe/tom: Update for syncache_add locking changes.
  • MFC 282039: Don't use ifm_data. It was used only for self checking debug.
  • MFC 289401: cxgbe(4): support for the kernel RSS option.
  • MFC 291665,291685,291856,297467,302110,302263: Add support for VIs.


kib (3):

  • MFC r306807: When making a pause after detecting hard kill of the single-user shell, ensure that we do sleep for at least the specified time, in presence of signals.
  • MFC r306808: Add verbosity around failed reboot(2) call.
  • MFC r307821: Use proper type for local variable.


mav (15):

  • MFC r307132: Use copyout() instead of pointing sbuf to user-space buffer.
  • MFC r294329 (by asomers): Disallow zvol-backed ZFS pools
  • MFC r298786 (by asomers): Refactor vdev_geom_attach and friends to reduce code duplication
  • MFC r298814 (by asomers): Fix a use-after-free when "zpool import" fails
  • MFC r300059 (by asomers): Speed up vdev_geom_open_by_guids
  • MFC r300881, r302058 (by asomers): Avoid issuing spa config updates for physical path when not necessary
  • MFC r307731: Add names for some DASP devices.
  • MFC r304918: Decode some new ATA commands found in ACS-3.
  • MFC r307350: Add LUN options to limit UNMAP and WRITE SAME sizes.
  • MFC r307374: Add LU option to control reported provisioning type.
  • MFC r307507, r307509, r307515: Consider device as clean even if SYNCHRONIZE CACHE failed.
  • MFC r306424: MFV r306422: 7254 ztest failed assertion in ztest_dataset_dirobj_verify: dirobjs + 1 == usedo bjs
  • MFC r306425: MFV r306423: 7402 Create tunable to ignore hole_birth feature
  • MFC r306456: Add #ifdef _KERNEL around send_holes_without_birth_time sysctl.
  • MFC r307523: Make pass driver better support CAM_CDB_POINTER flag.


mm (1):

  • MFC r307861: Update libarchive to 3.2.2


sbruno (1):

  • MFC r308038: