Stable release: HardenedBSD-stable 10-STABLE v1000048.2

HardenedBSD-10-STABLE-v1000048.2 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Warning: this is a security update!

Highlights:

  • hyperv/hn: Implemented transparent mode network VF (ca9be1048e1114e0e543779418164a706bcbc1ca)
  • pluged memory leak in arge_encap (d79c06e0f7634d387815823261c842b0cc7f3cc5)
  • based on freebsd/stable/10 from 10.4-BETA1 state
  • fixed sshd DoS (74fc8942a90af0a3150be3420f9ad6815b98e6c2) [FreeBSD-SA-17:06.openssh]
  • updated bmake to 20170720
  • fixed UFS snapshot handlings

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-10-STABLE-v1000048.2-amd64-bootonly.iso) = f050424321507f9ed24f9cf41c0ba841f4aa53356867ef21a9c4ccb2d72acfc41f914cd83ac6f49449277bd42e29cd6cef19c6f35b25c49fcf6d508ef6edaa2e
SHA512 (HardenedBSD-10-STABLE-v1000048.2-amd64-disc1.iso) = 81a44cbd6135a596971b0a2135c9ab9e1920231f14e152075ecce1f402042f2d5ceacde93dbfc1bf2c8d0129c3ce4597374f7a1b1a84372b57ba49fd75effa7c
SHA512 (HardenedBSD-10-STABLE-v1000048.2-amd64-memstick.img) = e7d69c3787aa83231f2462bea1321208a45bb498593040719069ced55c86c6b09faa8d6a31052f1f00977d74276573661f3aa34277cbd6d58cb2286dcc505e66
SHA512 (HardenedBSD-10-STABLE-v1000048.2-amd64-mini-memstick.img) = 0b133fb18cf85c71d692ab3b508aead98eb2e77a3ccb45ef9abe315de0fa818e767d9b6f09c99f43b0566cb9e77bdc78b4f30c69d406fb6e15159387c7da8243
SHA512 (HardenedBSD-10-STABLE-v1000048.2-amd64-uefi-bootonly.iso) = 8451d20d95a34675aaea71779a69458e1bf6dcab83f32eeb7073e81bfd6dbae7dce8edf5297944829a92045b7a880d0069070c19eab95cc6594746ce3d3d8b16
SHA512 (HardenedBSD-10-STABLE-v1000048.2-amd64-uefi-disc1.iso) = ac6d9a38dcce63da5a507ab9bf8a275949e0695d49b0ed7a00a3c5cca1ef01e2a61d2e0f1b06f5092a39121259fdcae121d14fa6ea972e585d04afc3e1f410b1
SHA512 (HardenedBSD-10-STABLE-v1000048.2-amd64-uefi-memstick.img) = 7d6c3e3ba92cdc7349cfd38c2eb2dacdb004ad304a66677e719d683d7e2bf6e5255b5288fca4640d049c7fa5228082b8c0474a2ea01cb28388b74c687fef1ca8
SHA512 (HardenedBSD-10-STABLE-v1000048.2-amd64-uefi-mini-memstick.img) = 03b21c0d1ad28f6fe59d5c9d4a54462107356b5113e327eeee70f3e0e1e1f72c524dd524227d8bc19d5c5ad1b174431261955be08d0e877bd86fbf802b8d1bfe

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlmbg4IACgkQgZsRom/9
GI0nOQ/8CpFZJyG5lXLyR856BWUrdUZJpFFT7sgzdcVVb7IADPvLxH+DL4oJamNm
ndfbMJad+geek5XvMtyySGeDTTal98n7ugzdbA8ff07MnTa5cAYqJmPuF3J4ysW7
0RPseTP8oPQB+Qpe9H6Lvp8otc7iPYd0cfPg7AVFf09VQBR73Hyy5iwKH2c5gSF0
2ZLL4YaKwog3ri8604DVQ1hmH8hRSWMIvC4czbTXftuaw+8j+H18nsR202kU7Nwr
EdVskD8I22lW4TKkqtEDUIeiAeRnKp5rzQ7VjzYsGvtL9br3C6I0mKUWc8SVf0Xf
gXTJA8u9mjM1ktUoSsoqww8aDi640AERiCEAA9TTwEz5yQ0OWEZwtCqg6yjDAHvZ
s9ieoutb7H5buzrqjFALZAQrazrTv+TrqEm1ivrUGLp5+Cos/qHd9U1/KyuR6VlO
Sz39Ur/wkv5FpaEr/SuspwLK6HyEyQ6VVXroTF8iDmPALmSlEApQVXRtJ9dLdr6W
juVV5nDXBjNO/uq1BOmq2bRhaVkX6j27ZoM1b154rDTOeBFVWOSOp3u9qQ6GRcpr
t4tfe/DlTbYf/O/5I1B8ArtRtScitgfLLZFAA5lkHQiuaBhYXNNmrck5cO+ftejs
yRO91wxLrRSN2UHKY0oMSgARhOeiHTwYshLtR8lE/YlrToFHN1k=
=gTss
-----END PGP SIGNATURE-----


Changelog:

Oliver Pinter + (24):

  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master


Shawn Webb (2):

  • Merge remote-tracking branch 'origin/freebsd/10-stable/master' into hardened/10-stable/master
  • HBSD: Resolve merge conflict


ae (1):

  • MFC r284152: Add makefile to build geom_map kld. Document some GEOM_* options in NOTES and geom(4).


avos (1):

  • MFC r322124: rfcomm_pppd.8: fix a typo (SPD -> SDP).


bapt (1):

  • MFC r321812:


cy (1):

  • MFC r322113:


delphij (2):

  • Apply upstream fix:
  • MFC r322527:


gjb (19):

  • Document r321304, libarchive 3.3.2.
  • Document r321263, newsyslog(8) RFC5424 logging format.
  • Document r321242, cron(8) 'cron.d' directories.
  • Document r321234, syslogd(8) 'syslogd.d' directories.
  • Move the r321263 entry to 'userland-programs' for consistency.
  • Document r321216, savecore(8) unit change.
  • Document r321202, default EFI partition size increase.
  • Document r321198, vt(4) maximum framebuffer increase.
  • Document r321031, NFS 'pNFS commit' support.
  • Document r321024, kern.features.linux{,64} addition.
  • Document r320646, rcmds deprecation.
  • Document r320824, gdb(1)/kgdb(1) deprecation.
  • Document r321067, arcmsr(4) driver version 1.40.00.00.
  • Remove r321216 entry, part of which was reverted.
  • Document r321964, bmake 20170720.
  • Revise entry for r320646, rwho/rwhod/ruptime are not part of rcmds. Fix line wrapping.
  • Document r322244, pci_vendors version 2017.07.27.
  • Create hard links to the installed dtb files for the BEAGLEBONE [1] and WANDBOARD [2] images to fix a boot issue.
  • MFC r321949, r321950, r322101:


hselasky (17):

  • MFC r312877 and r312878: Minor code refactor as a preparation step for suprise removal of CX-4 PCI device(s), changes: - alloc_entry() now clears bit for page slot entry aswell - update of cmd->ent_arr[] is now under cmd->alloc_lock - complete command if alloc_entry() fails
  • MFC r312875: Make fw_pages statistics counter 64-bit to avoid overflow.
  • MFC r312880: Wait for all VFs pages to be reclaimed before closing EQ pages.
  • MFC r312879: Rename struct fw_page into struct mlx5_fw_page as a preparation step for adding busdma support.
  • MFC r312881: Add support for device surprise removal and other PCI errors.
  • MFC r312882, r321983 and r321984: Use the busdma API to allocate all DMA-able memory.
  • MFC r321985: Ticks are 32-bit in FreeBSD.
  • MFC r321986: Change reject message type when destroying cm_id in ibore.
  • MFC r321780: Make sure on-stack buffer is properly aligned.
  • MFC r321772: Fix broken usage of the mlx4_read_clock() function: - return value has too small width - cycle_t is unsigned and cannot be less than zero
  • MFC r321782: Remove some dead statistics related code and a structure field from the mlx4en driver which is used by its Linux counterpart, but not under FreeBSD.
  • MFC r314878: Add support for constant pointer constructs to READ_ONCE() in the LinuxKPI. When the type of the argument is constant the temporary variable cannot be assigned after the barrier. Instead assign the temporary variable by initialization.
  • MFC r322304: Add support for RX and TX statistics when the mlx4en(4) PCI device is in VF or SRIOV mode typically in a virtual machine environment.
  • MFC r322306: Print maximum MTU when trying to set invalid MTU in the mlx4en(4) driver. Useful for debugging.
  • MFC r322248: Fix for mlx4en(4) to properly call m_defrag().
  • MFC r322251: Make sure the received IP header gets 32-bit aligned for short packets in the mlx5en(4) driver.
  • MFC r322250: Count drop events due to lack of PCI bandwidth as queue drops and not as input errors in the mlx5en(4) driver. This improves the sysadmin view of physical port errors.


jkim (2):

  • MFC: r322076
  • MFC: r322323


ken (2):

  • MFC r320991, r322016:
  • MFC r321502, r321714, r321733, r321737, r321799, r322364:


kib (9):

  • MFC r321347: Account for lock recursion when transfering snaplock to the vnode lock in ffs_snapremove().
  • MFC r321348: Unlock correct lock in ffs_snapblkfree().
  • MFC r321349: Improve publication of the newly allocated snapdata.
  • MFC r321919: Do not call trapsignal() after handling usermode fault or interrupt, when a signal is not intended to be sent.
  • MFC r322059: Fix off by one in calculation of the number of buckets for the pc addresses.
  • MFC r322256: Fix logic error in the the assert, causing the condition to be always true.
  • MFC r322493: Remove confusion in the line explaining syntax of the msr read. Specify words order in the display.
  • MFC r322550: Typo, the '-6' option selects inet6.
  • MFC r322667,r322706: Improve i386 #UD low-level kdtrace hook.


marius (12):

  • MFC: r290156, r318354
  • MFC: r306375
  • Regenerate src.conf.5 after r322094.
  • MFC: r274394, r274399, r307802
  • Fix a stable/10-specific mismerge in r322096; the MK_NCURSESW handling should be within the MK_DIALOG block as libncurses{,w} isn't required when building tzsetup(8) without dialog(3) support.
  • MFC: r319350, r320620, r321385, r321490, r321588, r321948
  • MFC: r321589
  • MFC: r322097, r322203
  • MFC: r322209
  • Update stable/10 to BETA1 in preparation for 10.4-BETA1 builds.
  • MFC: r266470, r273546, r276017, r277932, r279153, r279778, r279780, r278797, r278861, r280283, r280284, r280294, r280452, r280558, r280571, r281863, r282049, r282357, r282440, r282441, r282358, r282359, r283550, r283918, r290171, r290667, r290381, r290533, r290666, r292483, r295659, r297545, r298305, r298383, r298428, r306489, r306557, r307067, r307068, r307087, r307088, r307089, r307091, r307092, r307093, r307098, r307115, r307154, r307240, r307241, r315967, r316476
  • Switch the pkg(8) configuration for the default installation and the dvd1.iso to use the quarterly set, i. e. 2017Q3, during the 10.4-BETA phase.


mav (4):

  • MFC r321921: Add compat shim part missed at r305197.
  • MFC r321685: Fix IORDY bits definition.
  • MFC r321720, r321856: Attach ichwd(4) only to ISA bus of the LPC bridge.
  • MFC r321794: Improve FHA locality control for NFS read/write requests.


mckusick (3):

  • MFC r321816: Avoid reading a snapshot block when it is already in the cache.
  • MFC of 322178:
  • Correct compile error triggered in nanobsd i386 by 322513 (MFC of 322178)


mm (1):

  • MFH r321674: Sync libarchive with vendor.


ngie (3):

  • MFC r320702,r320703:
  • Regenerate src.conf(5) per r322100
  • MFC r321915:


pfg (1):

  • MFC r321838: sys/net8021: Add missing braces in setcurchan().


se (1):

  • MFC 321858: Add alternate Turkish keyboard layout F, submitted by Ufur Guler. MFC 321859: While here, adjust a few file and path names in comments.


sephe (4):

  • MFC 321762 hyperv: Add VF bringup scripts and devd rules.
  • MFC 321836,321837
  • MFC 321965 hyperv/kvp: Use proper size macro for adapter id.
  • MFC 322299,322483,322485-322487


tuexen (2):

  • MFC r317208:
  • MFC r317244: