Stable release: HardenedBSD-stable 11-STABLE v1100056

HardenedBSD-11-STABLE-v1100056 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Highlights:

  • MFC r335558: Add support for selectively enabling LLVM targets (62b732f45dfe86a663fb78aec3e30ba28d0485c8)
  • HBSD: Switch back to OpenSSL as the default crypto lib (1087d59e45072059e2d20ac2dea1801d995c9a2d)
  • MFC r335569: pf: Support "return" statements in passing rules when they fail. (9e4899f2d2193db78e985cc427fcfb870a20e40a)
  • MFC r335641: Fix a stack overflow in mount_smbfs when hostname is too long. (0b39c762ec1d16fa2bca8a386d2e1af10e106a5e) [FreeBSD-SA-Candidate]
  • MFC r333059 (by tychon): Expand the checks for UCR3 == PMAP_NO_CR3 to enable processes to be excluded from PTI. (bad2d0f8e14dbc917f3ccbeb0adee1e045a63ae5)
  • loader updates
  • bhyve updates
  • libpcap updates

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v1100056-amd64-bootonly.iso) = 1df1060cea47345ddaa4be6a93de16f5443a5e4b299e58aa89aaa5c9af16251d80cdd76f4b7a083686b78e3cafbf361c69b844fb6b75ca7919f969cbffe769ad
SHA512 (HardenedBSD-11-STABLE-v1100056-amd64-disc1.iso) = 78281285ea05b4adeb1933c50e780054419edd6aabccd350df6304a06b9fca02ea39863a2a1edaa9d615ff8c2cf78e63e2fc0f254adab4da8f3f7ed618ee52c2
SHA512 (HardenedBSD-11-STABLE-v1100056-amd64-memstick.img) = 0000bcab6e06421c7fdf0054cd13ecc339f8dc894082fe3a6f0d7b5039b7313fa14f14ee1db1d84ad5b7ad6679c1bd53438d52ebb819a67786d8e29c09d956e1
SHA512 (HardenedBSD-11-STABLE-v1100056-amd64-mini-memstick.img) = 08066dc2de7e19a7535188fe30d79bf7bd78c6fc877001a75d562b5e1ace2fb31a7e429cf6022d13e15e4d0a4cefa6b9ba8787725ad545e8aa32020193503338

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAls8Mr0ACgkQgZsRom/9
GI0WzxAA0uatTUXE+5ukll9Ehvnkd077UoS0hUhVoYw/OuPt/zm4RQH3q/ADWlaM
Fbm2yPPU/JHBISg6cE9HSDCu//dMe+9MS8Jx1GuoTihRBwQ3/9skIYeUeNIiOixf
55y13PHBHlLoXKnEuGJEbBUAFr4a5cltl3Uqbtla2ltFXsBE0tEAuZw/f4DbsvIB
TekXruGiuOzypLT/B2SMVTA0a9JwQ8S3A7avvUU+jpuvJcibb7ZMEvMmzpnuuBdd
QGsvanXRXMrB7o17PQSjGwtShpPuFER3ZKQ06FwT5h4mvk+oN8TkmEZrZfzNngD4
qLhuXf+4xe+VJyDBV+daHumwrvnFph50MB+jqkTHUmXOOZQmDXIyW6GIx7MjW8en
jfPzrD21W/LGr5ntKAggETOPN/h3sUl5Ukd3ZZhwNrouaT8Locl4wF4UXVtKFjgK
Z73ty+S1q9xIJm53tfH0qQSdf9ZmcTJZPy4yv28btjnznkF52UbAL4poP1OTH64p
xIjR7erdN2y7KxIcU/8zaYpBIHNYlFppSX6CGK6gvLK1XiUky03lnquX26oM+9Jv
bsWswNJRUsZ4hQtYqXT0LihGh7M+niY9xxbDlaXjZ+L/ie40RF4SdPhcnp56WBc8
eChcSRM0dzNYQYWOkUUqX41hL5IiLySurD+GgTBIOB16kIGabfQ=
=HMQk
-----END PGP SIGNATURE-----


Changelog:

Oliver Pinter + (20):

  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master


Shawn Webb (5):

  • HBSD: Switch back to OpenSSL as the default crypto lib
  • HBSD: Regen src.conf.5 after OpenSSL switch
  • HBSD: Bump __HardenedBSD_version after OpenSSL switch
  • Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
  • HBSD: Resolve merge conflict


araujo (1):

  • MFC r333622, r334019, r334084


avg (11):

  • MFC r333997: uchcom: report detected product based on USB product ID
  • MFC r333998: uchcom: add DPRINTF-s to aid debugging of the driver
  • MFC r333999: uchcom: add a hardware configuration tweak seen in Linux code
  • MFC r334000: uchcom: reject parity and double stop bits as unsupported
  • MFC r334001: uchcom: remove UCHCOM_REG_BREAK2 alias of UCHCOM_REG_LCR1
  • MFC r334002: uchcom: extend hardware support to version 0x30
  • MFC r333638: calibrate lapic timer in native_lapic_setup
  • MFC r333994: stop and restart kernel event timers in the suspend / resume cycle
  • MFC r334204,r334338: re-synchronize TSC-s on SMP systems after resume
  • MFC r333268: for bus suspend, detach and shutdown iterate children in reverse order
  • MFC r334340: add support for console resuming, implement it for uart, use on x86


bdrewery (2):

  • MFC r321427,r321445:
  • MFC r330090:


brooks (1):

  • MFC r335641:


cperciva (1):

  • MFC r335553: Make CLOCK_PROCESS_CPUTIME_ID more accurate by including the current timeslice, matching the behaviour of CLOCK_VIRTUAL and CLOCK_PROF.


cy (1):

  • MFC r335355:


dim (1):

  • MFC r335558:


dteske (1):

  • MFC r335607: check-password.4th(8): Fix manual [in]accuracy


eadler (2):

  • MFC r334208:
  • MFC r302776, r302799:


ed (1):

  • MFC r335565:


gjb (7):

  • Document an issue with emulators/virtualbox-ose reported in Bugzilla 228535.
  • Add a few missing drivers to the 11-STABLE hardware page.
  • Document that a few device drivers were omitted from the 11.2 hardware page.
  • Add an errata note that the URL in UPDATING for source-based upgrades is incorrect.
  • MFC r325107, r335665: r325107 (eadler, partial): Update the updating URL in UPDATING.
  • Add an entry about an incorrectly-listed driver name in the 11.2 announcement.
  • Add an errata entry regarding Bugzilla 228536.


hselasky (2):

  • MFC r334277, r334376, r334378 and r334418:
  • MFC r335461: Permit the kernel environment to set an array of numeric values for a single sysctl(9) node.


kevans (13):

  • MFC r333122: seq(1): Provide some long options
  • MFC r333156: uniq(1): Add some long options
  • MFC r333157: cmp(1): Provide some long options
  • MFC r330086, r333155: seq(1) improvements
  • MFC r333192: fcntl(2): Vaguely document that ENOTTY is possible + examples
  • MFC r333221: rsu(4) does not require legal.realtek.license_ack=1
  • MFC r335404: sort(1): Fix -m when only implicit stdin is used for input
  • MFC r335458: Add debug.verbose_sysinit tunable for VERBOSE_SYSINIT
  • MFC r332395 (ian): Use explicit_bzero() when cleaning values out of the kenv
  • MFC r335467: Don't remove loader.conf(5) when built WITHOUT_FORTH
  • MFC r334878: libsa(3): Correct statement about FS Write-support, name change
  • MFC r334882, r334884-r334885: loader(8) boot flag <-> environment fixes
  • MFC r335642, r335651: config(8) envvar support


kib (10):

  • MFC r333059 (by tychon): Expand the checks for UCR3 == PMAP_NO_CR3 to enable processes to be excluded from PTI.
  • MFC r335258: Remove unused file.
  • MFC r334928: libc qsort(3): stop aliasing.
  • MFC r335604: bhyve/vmrun.sh: make -L functional.
  • MFC r333087 (by cem): amd64/mp_machdep.c: Fix GCC build after r333059.
  • MFC r335503: Update proc->p_ptevents annotation to reflect the actual locking.
  • MFC r335504: fork: avoid endless wait with PTRACE_FORK and RFSTOPPED.
  • MFC r335505: linux_clone_thread: mark new thread as TDB_BORN.
  • MFC r335253: Rework ofed build.
  • MFC r335635: Do not leave stray qword on top of stack for interrupts and exceptions without error code. Doing so it mis-aligned the stack.


kp (1):

  • MFC r335569:


markj (1):

  • MFC r334881: Add DW_LANG_* definitions from DWARF 4 and 5.


np (1):

  • cxgbe(4): Determine early in the ioctl whether it is allowed to sleep or not, instead of always starting a non-sleepable operation and re-adjusting later. This ensures that an operation that is allowed to sleep (ifconfig up/down) never fails with EBUSY on the initial attempt to start a synchronized operation.


robak (1):

  • MFC r327317:


slavash (1):

  • MFC r335282: Fix false positive on failure

Uploads: