Stable release: HardenedBSD-stable 11-STABLE v1100056.7

HardenedBSD-11-STABLE-v1100056.7 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Highlights:

MFC r333569: cpucontrol: improve Intel microcode revision check (cf3b425994272a0d0b1602846bbe51028fd67442)
MFC r339019: clang: allow ifunc resolvers to accept arguments (d10325d074c2f9aeff283511c3acb06b3c1fcb5a)
MFC 338976: Don't clear DR6 for debug exceptions from userland. (4de0836180159ccb2485c64e4639544254abd941)
MFC r339025: Update x86/ifunc.h. (59e3462397fe61451f33846b1d0c56142b6a816d)
MFC r338947: Add "src-ip" or "dst-ip" keyword to the output, when we are printing the rest of rule options. (cfea277e33577e9ec8653cfa010f60a39dde358a)
MFC r338216: tftpd: Fix data corruption bug with netascii (6068c2761de987bc97d4c472acdc1076d91fc7e8)
MFC r336310: Let geli deal with lost devices without crashing. (35d45fa28dc67d17e535455e202de0584763f70e)
ZFS updates
cxgbe updates

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:
SHA512 (HardenedBSD-11-STABLE-v1100056.7-amd64-bootonly.iso) = 76e6957dd5124525e62f59baac626eeb4c60b622d64b458aa838e4a374f6bc521647376bf41882a19b0ed5767c445dd4420883ab7b1e095a02e15b5874f18347 SHA512 (HardenedBSD-11-STABLE-v1100056.7-amd64-disc1.iso) = 1e2668998564e26911499875d2d163d9bb120746969dc96d6771f5c7c5213ba9dab434a16ba7c49d891fe8f496df6f08026701231abafa7cb1238a5b4f5fcbff SHA512 (HardenedBSD-11-STABLE-v1100056.7-amd64-memstick.img) = 6e635997ab76acf56b8b0fc44591049b061a4a7e47ef19e1b6603be245430a0d45566d35e19ae04cb693714c9e871bf8d5dcdc71af0a4625fa537486dc439c91 SHA512 (HardenedBSD-11-STABLE-v1100056.7-amd64-mini-memstick.img) = ef95a77087998ea680d3c463c619ee749aa2b5794abed284cd5976b137c651aa3648c512c1af281f073f763df4d2e9a91f3cb79a5205234d321f950e0537b9f9

CHECKSUM.SHA512.asc:
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlvH8GcACgkQgZsRom/9
GI1stw/+IM/kl6O9HIeCRZidthUtVA/Rk0ZGrvTilOpRwS+ahZks+D7d0ap8IC4d
WiQtuAOcG+RO0USYmv1Gmn0wh1bm0HhEFh6p/S4hnAgNTnRN1u4u/fBhqy7+jahc
IzBfvyRJ2+ym08trSBJthUtOmEcRvPwFOU7Vqj7cb9OpeAlQF7o5x6p3F5/W4VUf
G029GDJ8wyUQYSgQ+T6GgA96YUeEGNHcDZgUnEhyisyHCh60apYsrgRFKvmTqVff
91W6gRY/FhKgCmOJA1vIeXv5eiWGAlAAYTCWfbcsJ6SQAUzghxZTxUkhJEdy1XSg
XohwIoPU7TUKA7KDi9yP0SDdfCrDOeYlFwsYoOrDjxHLLDFGKNDT0BM3J9M8rh+N
gerwQQxZQ5ZYV8lohg5YSGfcvwgUoq3Th7EyqmtQbODAprvAlQYp8Ly1JuLkblHy
qR2DyoqVZfyEEmpTrt6AB+n5ck8QxZz9iYGSdwcdOKocqIcdZ96Znfo1oJDUMLe0
aYSimT/MTaeTCnjuo7jSz0Bvewi0zWfi5yqeOeE2X0tYlIvuuRh4/g6aovvaZuAJ
ZWOH4klex79aNvVRwqKToeq3OPjOT9D4KVTUnUu0oTRdxy7KAl0+YreGMdZQi7XA
wAheaZb3zZ8u/56EEMwWJwpn0ZvXSQ+BsOX0/USBQi/6+/Ir2Hk=
=S0Uc
-----END PGP SIGNATURE-----

Changelog: Oliver Pinter + (35):

Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master

Shawn Webb (2):

Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
HBSD: Resolve merge conflict

ae (4):

MFC r338857: Fix possible NULL pointer dereference in ffec_alloc_mbufcl().
MFC r338890: Update ifr_name before invoking IPSECSREQID ioctl, this fixes the case, when `ifconfig ipsec create reqid N` command invoked without interface unit number. The "name" global variable is updated after interface cloning in the ifclonecreate() and contains actual interface name.
MFC r313168 (by pkelsey): Fix VIMAGE-related bugs in TFO. The autokey callout vnet context was not being initialized, and the per-vnet fastopen context was only being initialized for the default vnet.
MFC r338947: Add "src-ip" or "dst-ip" keyword to the output, when we are printing the rest of rule options.

asomers (19):

MFC r336582:
MFC r336587:
MFC r336594:
MFC r336605:
MFC r336871, r336874
MFC r337482:
MFC r337779:
MFC r337911:
MFC r337973:
MFC r338216:
MFC r337222:
MFC r334360, r334362, r334388, r334395
MFC many audit(4) tests.
MFC r335261, r335275, r335284-r335285, r335294, r335318, r335320, r335703
MFC r335319, r335354, r335374
MFC r335792, r336564, r336579
MFC r336613:
MFC r336728:
MFC r336875:

avatar (1):

MFC r338200: Adding device ID for Terratec SiXPack 5.1+.

brooks (1):

MFC r338925:

des (2):

MFH (r314778): use reallocarray(3) for extra bounds checks MFH (r333306): fix typo in man page MFH (r333571, r333572): preserve if-modified-since across redirects MFH (r334317): simplify the DEBUG macro MFH (r334319): style bug roundup MFH (r334326): fix netrc file location logic, improve netrcfd handling MFH (r338572): fix end-of-transfer statistics, improve no-tty display
MFH (r333574): fully support acting as a recursing resolver.

emaste (10):

MFC r338682: lld: add -z interpose support
MFC r306729: makeman: avoid bogus output with duplicated options
MFC r334072, r334247 (eadler): Add the text '@generated' to src.conf.5
regerate src.conf.5 to remove duplicate entries
MFC r339019: clang: allow ifunc resolvers to accept arguments
MFC r338810: openssh: rename local macro to avoid OpenSSL 1.1.1 conflict
MFC r333233: gpart: add fat32lba MBR partition type
MFC r333569: cpucontrol: improve Intel microcode revision check
MFC r339181: crt: switch to standard note type definitions from elf_common.h
MFC r336027 (andrew): Teach binutils that arm64 is a 64bit architecture.

gjb (1):

Document EN-18:09 through EN-18:12.

gonzo (4):

MFC r336050-r336051, r336142, r336326, r337719
MFC r338111, r338215
MFC r338654, r338701
MFC r338655:

hselasky (2):

MFC r338993: When multiple threads are involved receiving completion events in LibUSB make sure there is always a master polling thread, by setting the "ctx_handler" field in the context. Else the reception of completion events can stop. This happens if event threads are created and destroyed during runtime.
MFC r339235: Add missing steering rules for virtual function, VF, in mlx4en(4) driver.

imp (2):

Direct commit to stable, file not present in current
Direct commit since these files have gone away in head

jamie (1):

MFC r339211:

jhb (8):

MFC 337673: Add an overview section to bus_dma.9.
MFC 338022: Fix casts between 64-bit physical addresses and pointers in EFI.
MFC 337400: Remove spurious ABI tags from kdump output.
MFC 338021: Use 'bool' instead of 'int' for various boolean flags.
MFC 338976: Don't clear DR6 for debug exceptions from userland.
Disable the KASSERT for curcpu == 0 in netisr for EARLY_AP_STARTUP.
MFC 338055: Remove some vestiges of IPI_LAZYPMAP on i386.
MFC 326138,326436,326852: Style fixes to kdump.

jilles (1):

MFC r338473: sh: Fix formal overflow in pointer arithmetic

ken (1):

MFC r339076

kevans (6):

MFC r337964, r338232: dtc(1) updates
MFC r338039: diff(1): Implement -B/--ignore-blank-lines
MFC r338219, r338250: FDT in Loader fixes
MFC r338223, r338263: Missing bits from OptionalObsoleteFiles
MFC r338646: dd(1): Correct padding in status=progress
MFC r338040: diff(1): Refactor -B a little bit

kib (14):

MFC r338892: Correct panic messages.
MFC r338932: Fix some uses of dmaplimit.
MFC r338955: When doing lm_add(), check for duplicates.
MFC r324950 (by trasz): Reword the conditional.
MFC r324951 (by trasz): Make find_library() conform to style(9).
MFC r324952 (by trasz): Replace lseek(2)/read(2) pair with pread(2).
MFC r324953 (by traz): Remove unneeded calls to access(2) from rtld(1); just call open(2) instead.
MFC r338956: Provide refobj context when doing libmap substitution inside search_library_path().
MFC r338964: Remove -m (update) from ldconfig -32 & -soft invocation on startup.
MFC r338997: In vm_fault_copy_entry(), collect the code to initialize a newly allocated dst_object in a single place.
MFC r338998: In vm_fault_copy_entry(), we should not assert that entry is charged if the dst_object is not of swap type.
MFC r338999: Correct vm_fault_copy_entry() handling of backing file truncation after the file mapping was wired.
MFC r339025: Update x86/ifunc.h.
MFC r339241: Disallow zero day of month from strptime("%d").

markj (2):

MFC r328810 (by emaste): ld.lld.1: miscellaneous style improvements
MFC r338251: Add an lld option to emit PC-relative relocations for ifunc calls.

mav (53):

MFC r338913: Fix use-after-free in RAID0 error reporting of GEOM_RAID.
MFC r336943: MFV r336942: 9189 Add debug to vdev_label_read_config when txg check fails
MFC r336945: MFV r336944: 9286 want refreservation=auto
MFC r336947: MFV r336946: 9238 ZFS Spacemap Encoding V2
MFC r336949: MFV r336948: 9112 Improve allocation performance on high-end systems
MFC r336951: MFV r336950: 9290 device removal reduces redundancy of mirrors
MFC r336954: MFV r336952: 9192 explicitly pass good_writes to vdev_uberblock/label_sync
MFC r336956: MFV r336955: 9236 nuke spa_dbgmsg
MFC r336959: MFV r336958: 9337 zfs get all is slow due to uncached metadata
MFC r336961: MFV r336960: 9256 zfs send space estimation off by > 10% on some datasets
MFC r337007: MFV r336991, r337001: 9102 zfs should be able to initialize storage devices
MFC r337017: MFV r337014: 9421 zdb should detect and print out the number of "leaked" objects 9422 zfs diff and zdb should explicitly mark objects that are on the deleted queue
MFC r337021: MFV r337020:9443 panic when scrub a v10 pool
MFC r337025: MFV r337022: 9403 assertion failed in arc_buf_destroy() when concurrently reading block with checksum error
MFC r337028: MFV r337027: 9328 zap code can take advantage of c99 9329 panic in zap_leaf_lookup() due to concurrent zapification
MFC r337030: MFV r337029: 9426 metaslab size can exceed offset addressable by spacemap
MFC r337063: MFV r316926: 7955 libshare needs to initialize only those datasets being modified by the consumer
MFC r337160: Do not blindly include illumos kernel headers instead of user-space. It is not needed now, and I doubt it much helped at all, creating more confusions then good.
MFC r337163: MFV r337161: 9512 zfs remap poolname@snapname coredumps
MFC r337169: MFV r337167: 9442 decrease indirect block size of spacemaps
MFC r337172, MFV r337171: 9464 txg_kick() fails to see that we are quiescing, forcing transactions to their next stages without leaving them accumulate changes
MFC r337177: MFV r337175: 9487 Free objects when receiving full stream as clone
MFC r337179: 9523 Large alloc in zdb can cause trouble
MFC r337181: 9539 Make zvol operations use _by_dnode routines
MFC r337183: MFV r337182: 9330 stack overflow when creating a deeply nested dataset
MFC r337185: MFV r337184: 9457 libzfs_import.c:add_config() has a memory leak
MFC r337191: MFV r337190: 9486 reduce memory used by device removal on fragmented pools
MFC r337194: MFV r337193: 9424 ztest failure: "unprotected error in call to Lua API (Invalid value type 'f unction' for key 'error')"
MFC r337196: MFV r337195: 9454 ::zfs_blkstats should count embedded blocks
MFC r337198: MFV r337197: 9456 ztest failure in zil_commit_waiter_timeout
MFC r337201: Fix build after r337196 mismerge.
MFC r337202: MFV r337200: 9438 Holes can lose birth time info if a block has a mix of birth times
MFC r337205: MFV r337204: 9439 ZFS double-free due to failure to dirty indirect block
MFC r337207: MFV r337206: 9338 moved dnode has incorrect dn_next_type
MFC r337209: MFV r337208: 9591 ms_shift can be incorrectly changed in MOS config for indirect vdevs that have been historically expanded
MFC r337211: MFV r337210: 9577 remove zfs_dbuf_evict_key tsd
MFC r337213: MFV r337212: 9465 ARC check for 'anon_size > arc_c/2' can stall the system
MFC r337215: MFV 337214: 9621 Make createtxg and guid properties public
MFC r337217: MFV r337216: 7263 deeply nested nvlist can overflow stack
MFC r337219: MFV r337218: 7261 nvlist code should enforce name length limit
MFC r337221: MFV r337220: 8375 Kernel memory leak in nvpair code
MFC r337227: MFV r337223: 9580 Add a hash-table on top of nvlist to speed-up operations
MFC r337229: Reduce taskq and context-switch cost of zio pipe
MFC r337870: Fix mismerge in r337196.
MFC r337883: Add couple tunables/sysctl, missed in r336949.
MFC r337923: Make vfs.zfs.zio.dva_throttle_enabled sysctl writable.
MFC r337970: 9738 Fix third block copy allocations, broken at 9112.
MFC r337972: 9751 Allocation throttling misplacing ditto blocks
MFC r338869: MFV r338866: 9700 ZFS resilvered mirror does not balance reads
MFC r337567 (by mmacy): Performance optimization of AVL tree comparator functions
MFC r339237: Fix r336951 mismerge -- use of uninitialized variable.
MFC r339197: Add sysctls for dbuf metadata cache variables added in r336959.
MFC r339288: Remove extra thread_exit() call left after r329802.

mm (1):

MFC r338827: Sync libarchive with vendor.

np (13):

MFC r327254, r327904, and r328994.
MFC r330887: cxgbetool(8): Add the ability to decode hardware TCBs.
MFC r332515: Fix typo in cxgbetool.8.
MFC r320419, r337679, r338366, and r338652.
MFC r325840, r327811, and r329701.
MFC r333139:
MFC r336042:
MFC r338924:
MFC r338254:
MFC r320426:
MFC r334987:
MFC r335352:
MFC r336159:

oshogbo (2):

MFC r336310: Let geli deal with lost devices without crashing.
MFC r315411 (mmel): Unbreak traceroute on system built without CAPSICUM

sef (2):

MFC r336017,r338799
MFC r334844, r336180, r336458

slavash (1):

MFC r338942: Add PCIV_INVALID definition

smh (1):

MFC r336165:

sobomax (1):

MFC r309554 and r309631 which breaks down overly long monolithic souce file and reduces duplication by auto-generating functions that only differ in the value of the SCM_XXX constant used.