Stable release: HardenedBSD-stable 11-STABLE v1100051

HardenedBSD-11-STABLE-v1100051 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Warning: this is a security and feature update

Highlights:

  • HyperV fixes
  • ZFS updates
  • libarchive update (CVE-2017-14166, CVE-2017-14502) (aea515eb9597ea4c4963aa471d4325e351653a2f) [FreeBSD-SA-Candidate]
  • lot of hbsd-update improvements
  • Zero segment registers which contained invalid usermode selectors, when returning to kernel. (6a720c60ec8e6bc3caa3141033b0f54c14c0718d, 2c707ee9d55df4bd64c5928a092aea228426ac99) [FreeBSD-SA-Candidate]
  • make fsck_y_enable more agressive (8430527c119726c7b1fa826dcf935f4681a126a2)
  • HBSD MFC: Correct sense of crypt(3) NULL checks in init(8) and lock(1) (954bfe0ad4ee110a69ab41f78f0494a3e2d4d9d3) [FreeBSD-SA-Candidate]
  • HBSD MFC: netsmb: Fix buggy/racy smb_strdupin() (145ca72398904245c097b37f843a2d7885a16c50) [FreeBSD-SA-Candidate]
  • hbsdcontrol's kernel side implementation for more information please consult with https://github.com/HardenedBSD-stable/hardenedBSD/blob/hardened/11-stabl...
  • LLVM, clang, lldb, lld, compiler-rt and libc++ update to 5.0.0 (12cd91cf4c6b96a24427c0de5374916f2808d263)

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v1100051-amd64-bootonly.iso) = 2a7a0644c4f6539a0763fee344f3ac7a51df62a358a394fc884d51147ca2479cfb6aea600d900dbcf551e5e4331685d8380038849636005f51fd1ff4a391d710
SHA512 (HardenedBSD-11-STABLE-v1100051-amd64-disc1.iso) = 840b8f12b33e4e9328187719af152c14f383e0a5b2749953f84e634bead200ff8794559b63faa6a9ed9b0675ef44be9d6d055f457f514c0107e8b480f2a46159
SHA512 (HardenedBSD-11-STABLE-v1100051-amd64-memstick.img) = 11ce832ec9256846e3eff4d5d661a9ef38d05b7c4857d1975cfec438e38de5d3e804f8401a943753672e469c0bcde6184f3b99bb22e3174b8a1c5e59da5ae9cd
SHA512 (HardenedBSD-11-STABLE-v1100051-amd64-mini-memstick.img) = 5189aeccb1823edde5681c6e5d7276cf2c1777981bb818ed3a3c838a5fe6f5035248da5094161b76ac9f7b574d957d833a19a3641a08f03b6fd74c468ba5140a

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlnhbH0ACgkQgZsRom/9
GI1bfg/+JvEFmHPiEM6m8696no95d3LDv+hInSTMXzDmrKYh47eejtJI0vQcq06Y
GqFkVJr8sMfApKF5dMQJ6f4JsbTnFx4hQONwDIdM3lPhTnxUNfvtT5Vb2TrmOpU6
8hPQ2RRNYkTJVgbP84XhHlQwi3xNnpNKnjJasZiNUBcbooWpprjtkQPx7hGIVXEe
ubTX+na5Ry6i/NPcOYFr7YKPiqWNu/zSKFFeERjW4YnB6RyXsMUIr9nsEs7kjcRi
mIIVu/VMlXhkjGg1IwUPy9V8gA+YHutQ5/V80vVCUUUaFXoUS8t+isofywoCgD92
VX/icmEoK6T1PyVz47pzH+62fwVOn1Ypbz/1329LfNMY1CyNesLPore7bhNEpaBh
wovZH5Y9aJAlIrd53oiSHUGwlF0RROvpoWLC51loMp5IPdJR+6aoU6TinnAyMARd
0QRlLLtal7TO7cXfQE5OYDyVNHiVZgLIDQbNJG8G+pGmYyWQR8LZV/zsk56ti5tK
Lg8ABYEOvoTzG9WaJX27pFnMbzpiHyf5MzPHvA+KoEQibtFZWu8jyz4iHKLq7jB9
OfkSaWV9s87gSKzA0BP7m+Uh1bY1Ka9kTIPXd0n8ym75hGeovr0r52s48i4CpJPo
APTtWgrbgvD6P/uSnSV9hFAw4C9/LBJceEMPpjioctdKNA52wvY=
=pl3g
-----END PGP SIGNATURE-----


Changelog:

Oliver Pinter (12):

  • HBSD: fix a possible "time of check to time of use" attack
  • HBSD: allow to override hbsdcontrol settings with ACLs
  • HBSD: add kernel side of hbsdcontrol
  • HBSD: after the recent changes, bump by copyright years
  • HBSD: add hbsdcontrol.sh as demonstration tool to examples directory
  • HBSD: bump __HardenedBSD_version to 1100051 after hbsdcontrol merge
  • HBSD: extend the UPDATING-HardenedBSD about the new kernel knobs
  • HBSD: log PREFER_ACL (EXPLICIT_ACL) in pax_logs
  • HBSD: improve log message in execve
  • HBSD MFC: netsmb: Fix buggy/racy smb_strdupin()
  • HBSD MFC: Correct sense of crypt(3) NULL checks in init(8) and lock(1)
  • HBSD MFC r324225: ppp(8): Fix various bugs in NOPAM section of auth_CheckPasswd


Oliver Pinter + (33):

  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master


Shawn Webb (8):

  • HBSD: Teach hbsd-update to populate chroots.
  • HBSD: Use the local resolver by default
  • HBSD: Teach hbsd-update to not download updates
  • HBSD: Partially backport llvm toolchain commit
  • HBSD: Teach hbsd-update to not update base
  • HBSD: Do not default to using the local resolver
  • Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
  • HBSD: Resolve merge conflict


ae (3):

  • MFC r323836: Do not acquire IPFW_WLOCK when a named object is created and destroyed.
  • MFC r323839: Use in_localip() function instead of unlocked access to addresses hash to determine that an address is our local.
  • MFC r324098: Some mbuf related fixes in icmp_error()


alc (15):

  • MFC r323785 Sync with amd64/arm/arm64/i386/mips pmap change r288256:
  • MFC r323786 In r288122, we changed vm_page_unwire() so that it returns a Boolean indicating whether the page's wire count transitioned to zero. Use that return value in zbuf_page_free() rather than checking the wire count.
  • MFC r323868 Modernize calls to vm_page_unwire(). As of r288122, vm_page_unwire() accepts PQ_NONE as the specified queue and returns a Boolean indicating whether the page's wire count transitioned to zero. Use these features in dev/drm2.
  • MFC r322459,322897 The *_meta_* functions include a radix parameter, a blk parameter, and another parameter that identifies a starting point in the memory address block. Radix is a power of two, blk is a multiple of radix, and the starting point is in the range [blk, blk+radix), so that blk can always be computed from the other two. This change drops the blk parameter from the meta functions and computes it instead. (On amd64, for example, this change reduces subr_blist.o's text size by 7%.)
  • MFC r323391 To analyze the allocation of swap blocks by blist functions, add a method for analyzing the radix tree structures and reporting on the number, and sizes, of maximal intervals of free blocks. The report includes the number of maximal intervals, and also the number of them in each of several size ranges, from small (size 1, or 3 to 4) to large (28657 to 46367) with size boundaries defined by Fibonacci numbers. The report is written in the test tool with the 's' command, or in a running kernel by sysctl.
  • MFC r323981 Modernize the use of vm_page_unwire(). Since r288122, vm_page_unwire() has returned TRUE when the wire count transitions to zero, eliminating the need for callers to inspect the page's wire count.
  • MFC r323961 Since the page "frame" doesn't belong to a vm object, it can't be paged out. Since it can't be paged out, it is never actually enqueued in a paging queue. Nonetheless, passing PQ_INACTIVE to vm_page_unwire() creates the appearance that the page "frame" is being enqueued in the inactive queue. As of r288122, we can avoid this false impression by passing PQ_NONE.
  • MFC r323656 Modify blst_leaf_alloc to take only the cursor argument.
  • MFC r323973,324087 Optimize vm_page_try_to_free(). Specifically, the call to pmap_remove_all() can be avoided when the page's containing object has a reference count of zero. (If the object has a reference count of zero, then none of its pages can possibly be mapped.)
  • MFC r321015 Style-only change: Consistently use the variable name "pdpg" throughout this file. Previously, half of the pointers to a vm_page being used as a page directory page were named "pdpg" and the rest were named "mpde".
  • MFC r320980,321377 Generalize vm_page_ps_is_valid() to support testing other predicates on the (super)page, renaming the function to vm_page_ps_test().
  • MFC r319542,321003,321378 Eliminate duplication of the pmap and pv list unlock operations in pmap_enter() by implementing a single return path. Otherwise, the duplication will only increase with the upcoming support for psind == 1.
  • MFC r321386,321393 Utilize pmap_enter(..., psind=1) in vm_fault_soft_fast() on amd64. (The Differential Revision discusses the benefits of this change.)
  • MFC r305685 Various changes to pmap_ts_referenced()
  • MFC r324173 When an I/O error occurs on page out, there is no need to dirty the page, because it is already dirty. Instead, assert that the page is dirty.


asomers (4):

  • MFC r322868:
  • MFC r323193:
  • MFC r323194:
  • MFC r323813:


avg (16):

  • MFC r323479,r323491: zfs: tighten debug versions of ZTOV and VTOZ
  • MFC r323480: zfs_get_vfs: reference a requested filesystem instead of vfs_busy-ing it
  • MFC r323355: MFV r323107: 8414 Implemented zpool scrub pause/resume
  • MFC r323522: slightly simplify zfs_vptocnp
  • MFC r323797: add vfs_zfs.abd_chunk_size tunable
  • MFV r323796: fix memory leak in g_bio zone introduced in r320452
  • MFC r323918: MFV r323917: 8648 Fix range locking in ZIL commit codepath
  • MFC r323433,r323793,r323915: MFV r323110: 8558 lwp_create() returns EAGAIN on system with more than 80K ZFS filesystems, and followups
  • MFC r323481: zfsvfs_hold: assert that the busied filesystem can not be unmounted
  • MFC r323483: zfsctl_snapdir_lookup should be able to handle an uncovered vnode
  • MFC r323791: MFV r323790: 8567 Inconsistent return value in zpool_read_label
  • MFC r323578,r323769: dounmount: do not release the mount point's reference on the covered vnode
  • MFC r323524: MFV r316932: 6280 libzfs: unshare_one() could fail with EZFS_SHARENFSFAILED
  • MFC r323525: MFV r323523: 8331 zfs_unshare returns wrong error code for smb unshare failure
  • MFC r323528: MFV r323527: 5815 libzpool's panic function doesn't set global panicstr
  • MFC r323612: gmirror: treat ENXIO as disk disconnect, not media error


bapt (2):

  • MFC r324100:
  • MFC: r324362


cy (2):

  • MFC r323945 and 323962
  • MFC r324249, 324260, and 324277


dab (3):

  • MFC r313107 (by danfe): Try to fix the old "he capability is stupid" bug in gettytab(5)/getty(8)
  • MFC r317801 (by trasz):
  • MFC r323252:


davidcs (5):

  • MFC r323782 Add sysctl "enable_minidump" to turn on/off automatic minidump retrieval
  • MFC r323781 Update minidump template for version 5.4.66
  • MFC r323824 1. ql_hw.c: In ql_hw_send() return EINVAL when TSO framelength exceeds max supported length by HW.(davidcs) 2. ql_os.c: In qla_send() call bus_dmamap_unload before freeing mbuf or recreating dmmamap.(davidcs) In qla_fp_taskqueue() Add additional checks for IFF_DRV_RUNNING Fix qla_clear_tx_buf() call bus_dmamap_sync() before freeing mbuf.
  • MFC r324026 Fix delete all multicast addresses
  • MFC r324065 Tx Ring Shadow Consumer Index Register needs to be cleared prior to passing it's physical address to the FW during Tx Create Context.


dim (3):

  • Synchronize most of libm with head as of r323004. This excludes a few arch-specific updates for powerpcspe, mips and riscv, for which support has not been merged yet.
  • Merge clang, llvm, lld, lldb, compiler-rt and libc++ 5.0.0 release.
  • Belatedely fill in the dates for clang 5.0.0 update in UPDATING and ObsoleteFiles.inc.


ed (2):

  • MFC r322965:
  • MFC r321514, r322885, r323015, r323177


emaste (5):

  • MFC r323438: make-memstick.sh: use UFSv2
  • MFC r323394: newvers.sh: accept "git-svn-id:" at the start of a line only
  • MFC r323405: newvers.sh: speed up failing git-svn revision search
  • MFC r323675: libsysdecode: report invalid cap_rights_t
  • MFC r309151: Use explicit 0x200000 for the amd64 kernel physaddr


eugen (1):

  • MFC r323873, r324081: Unprotected modification of ng_iface(4) private data leads to kernel panic. Fix a race with per-node read-mostly lock and refcounting for a hook.


gordon (1):

  • MFC r323709: Revert tcpdump to using the source manpage instead of having a copy here.


hselasky (4):

  • MFC r324202: Make sure the doorbell lock is valid for the i386 version of the mlx5en(4) driver.
  • MFC r315405, r323351 and r323364: Add helper function similar to ip_dev_find() to the LinuxKPI to lookup a network device by its IPv6 address in the given VNET.
  • MFC r315404: Add basic support for VIMAGE to the LinuxKPI and ibcore.
  • MFC r324320: Add support for new cuse(3) error code, CUSE_ERR_NO_DEVICE. This error code is useful when emulating Linux input event devices from userspace.


jhb (2):

  • MFC 323631: Add an -a flag to getconf.
  • MFC 323994: Log signal number passed to PT_STEP requests in KTR_PTRACE traces.


jkim (1):

  • MFC: r323840


kib (7):

  • MFC r323768: For unlinked files, do not msync(2) or sync on the vnode deactivation.
  • MFC r324079: Do not return from interrupt using the POP_FRAME;iret instruction sequence, always jump to doreti.
  • MFC r324080: Zero segment registers which contained invalid usermode selectors, when returning to kernel.
  • MFC r324113: Allow to disable default microcode updates search path with the new '-n' option.
  • MFC r324114: Update cpucontrol(8).
  • MFC r324174: FIx include guard name.
  • MFC r324301: Update comment.


kp (1):

  • MFC r323864


manu (1):

  • MFC r324007, r324012, r324014


markj (6):

  • MFC r323564: Widen uk_pgoff, the slab header offset field.
  • MFC r323544: Fix a logic error in the item size calculation for internal UMA zones.
  • MFC r323880: Simplify i915_gem_wire_page() and avoid unneeded page-busying.
  • MFC r323290: Speed up vm_page_array initialization.
  • MFC r323613: Include _bitset.h to get BITSET_DEFINE, used to define struct slabbits.
  • MFC r324066: Use C99 initializers for DTrace provider methods.


mav (4):

  • MFC r324086: Alike to ZFS disable cache flush after first ENOTSUP error.
  • MFC r324123: Add sysctl/tunable for maximal request time.
  • MFC r324155: Add initial support for Address Lookup Table (A-LUT).
  • MFC r324172: Align test I/O buffer to page boundary.


mm (1):

  • MFH r324148: Sync libarchive with vendor.


n_hibma (1):

  • MFC 324088:


ngie (8):

  • MFC r322951:
  • MFC r322441:
  • MFC r321444,r321446:
  • MFC r324143:
  • MFC r306743,r317712:
  • MFC r305508: r305508 (by markj):
  • MFC r317713: r317713 (by markj):
  • MFC note: tests/sys/kern/coredump_phnum_test.sh changes omitted


rmacklem (3):

  • MFC: r323689 Fix bogus FREAD with NFSV4OPEN_ACCESSREAD. No functional change.
  • MFC: r323978 Change a panic to an error return.
  • MFC: r324074 Fix a memory leak that occurred in the pNFS client.


sephe (12):

  • MFC 323170
  • MFC 323175
  • MFC 323176
  • MFC 323727,324316
  • MFC 323728,323729
  • MFC 324048
  • MFC 324049,324077
  • MFC 324050
  • MFC 324487
  • MFC 324488
  • MFC 324489,324516
  • MFC 324517


trasz (13):

  • MFC r320360:
  • MFC r320363:
  • MFC r320741:
  • MFC r320733:
  • MFC r320740:
  • MFC r320734:
  • MFC r323183:
  • MFC r321422:
  • MFC r323225:
  • MFC r323228:
  • MFC r323263:
  • MFC r320803:
  • MFC r320892:

Uploads: