Stable release: HardenedBSD-stable 11-STABLE v1100056.10

HardenedBSD-11-STABLE-v1100056.10 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Highlights:

  • HBSD MFC r341470: ggated: do not expose stack data in sendfail() 370912d064f22772cd539ea28587ca7a1bca6c9c [FreeBSD-SA-candidate]
  • MFC r341442, r341443: Plug memory disclosures via ptrace(2). (600baf4f2d9e7039632b5bf5503097edb31c3da3) [FreeBSD-SA-candidate]
  • MFC r341484 Always treat firmware request and response sizes as unsigned. (5b0911ed9405a15d0fddd237377ecaf0684142a0) [FreeBSD-SA-18:14.bhyve CVE-2018-17160]
  • MFC r337812,r337814,r337820,r341068: Fix several memory leaks (r337812 & r337814). (4a6ee6982ea1014b8d06511c23c76b849fa694f1) [FreeBSD-SA-candidate]
  • MFC r340968: Plug routing sysctl leaks. (fe7eaf6c881cc3948b430c5241b34e2c1189dc03)
  • MFC r340995 Prevent kernel stack disclosure in signal delivery (ee1166b9e2f474622f098aad4dd78869880379c8) [FreeBSD-SA-candidate]
  • MFC r340994 Prevent kernel stack disclosure in getcontext/swapcontext (88ba4e0711d85c593ac41f9c9a054cf4e66d050a) [FreeBSD-EN-18:12.mem CVE-2018-17155]
  • netmap updates

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v1100056.10-amd64-bootonly.iso) = 6ca4a5de222683ff4716090d55ffd1b19f50e98b7bef0012e94acf6ef73d61e2aaabe87026e2e58f1df4f797e5dd31130a4bac4d5cee82299bb75d215c5d1462
SHA512 (HardenedBSD-11-STABLE-v1100056.10-amd64-disc1.iso) = 40e2a44bd010fb2b1e14b4b8b90ee86ac86cf0bb9f629c9a121cb24ed2e25fc6b5a3e821b770c483e922fd2a5de535b4ecfde9b759888775f51478e2fb183713
SHA512 (HardenedBSD-11-STABLE-v1100056.10-amd64-memstick.img) = 2e57b96f5d9f75b277792052690947a849ca85a0e0860474b37cce06a623a5f566f60738b762ee6966081847be129a821ca199f17b3f286dafdbdbe6e1c70e0e
SHA512 (HardenedBSD-11-STABLE-v1100056.10-amd64-mini-memstick.img) = a216932ecf6c218b7f8984ca55524c18ab85e5bcce163d11effdf889883e28ba6feb4546ff3e28c9e2a29440f147363ae4444e75f56bd18b6a02176db5f8810c

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlwHBLoACgkQgZsRom/9
GI3zlg//dLtnJmc52UuttbSD1NV2h2hv4mNW/UteFjxGtJgdOCkjRGpx3sI4Vm1j
ks5NPMzi4Wy8r9l/bWv+k/bCvkxvjvt8gQKIBbDt8IauB1Bk+uxeWr3IcLn9eiPV
eC0diLLpUzTkbhN9NbnXbbugrrq4AeWFbOl06HIAw9HJolIYtLInOlH9XZToUItR
kbVD+AXjVmfntDWXPtkgCZdEEPe6zYAUgA39iyrcb5X3y+AVc9hDIoOGfPVoMIRR
rhEu1jwJPuT8C6r2hcareVpmfOESJTljh+yNw9iq/brkNXPW2UcPFwwkt7ajubaP
KW22bl9jGTTqA3JhpPHRwqFjyZzItD9TR4qPr/Fu2WTzYACyjNvWyCK/KJOvS6MX
ewepZ06yUhsLEjEiGpllJ4XipUn8c2hbTXLoKE/JOBvwhxIognoQ8yiEE645Vrb8
VCPLab5CK4y+CSZLEA2DWpiuWO7D/Z8pRIbV0tWKh1HrN5QPOjXeDDi+59t/016v
vb/i8YR0GhHgg3mPYCCUUgMey1e7vIjnmcj0OkZRyyx7bi2fP+37C/XBV9L7bFC7
kLO1pAX7hwWOp/H0dbrJCuLyWFLHjkgNODrxmmYk1OeWQoUT9KX1SFfYCKsNlpAn
Pq+17qjcl/Amswrpmw7a/WfXXLiNA46OyOU/aG9r1Z+8/Emd4YA=
=fwqX
-----END PGP SIGNATURE-----


Changelog:

Oliver Pinter (2):

  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • HBSD MFC r341470: ggated: do not expose stack data in sendfail()


Oliver Pinter + (16):

  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master


ae (1):

  • MFC r341073: Do not limit the mbuf queue length for keepalive packets.


arybchik (1):

  • MFC r340765


cy (4):

  • This is a direct commit to the stable/11 branch. This would have been MFC r340754 except that etc/rc.d has been moved in HEAD which would have resulted in a tree conflict if merged.
  • MFC r340909:
  • MFC r340868:
  • MFC r340867:


dab (1):

  • MFC r337812,r337814,r337820,r341068:


emaste (2):

  • MFC r340095: Remove apparently unused 0-byte files that cause grief on Windows
  • MFC r327860: ANSIfy function definitions in sys/vm/


eugen (3):

  • MFC r340978-340979: ipfw.8: new section to EXAMPLES: SELECTIVE MIRRORING
  • MFC r340110: ipfw(8): clarify layer2 processing abilities
  • MFC r340135: Make ng_pptpgre(8) netgraph node be able to restore order for packets reordered in transit instead of dropping them altogether. It uses sequence numbers of PPtPGRE packets.


gjb (2):

  • MFC r340983: Fix NTP query on GCE due to unresolved hostname.
  • Document SA-18:13, EN-18:13, EN-18:14, EN-18:15.


gordon (1):

  • MFC r341484


kib (2):

  • MFC r340922: Avoid unneeded check in vmspace_alloc().
  • MFC r341094: Improve sigonstack().


markj (5):

  • MFC r340730, r340731: Add taskqueue_quiesce(9) and use it to implement taskq_wait().
  • MFC r340968: Plug routing sysctl leaks.
  • MFC r340483 (by jtl): Add some additional length checks to the IPv4 fragmentation code.
  • MFC r341247: Update the free page count when blacklisting pages.
  • MFC r341442, r341443: Plug memory disclosures via ptrace(2).


mmel (1):

  • MFC r338317:


oshogbo (1):

  • MFC r339502 Add link to the setproctitle_fast function.


sef (1):

  • MFC r340442


vangyzen (3):

  • MFC r340409
  • MFC r340994
  • MFC r340995


vmaffione (11):

  • MFC r339548
  • MFC r339659
  • MFC r339685
  • MFC r340279
  • MFC r340325
  • MFC r339639
  • MFC r340436
  • MFC r340475
  • MFC r341144
  • MFC r341145
  • MFC r341430


yuripv (1):

  • MFC r340976: vi: fix UTF-8 detection.

Uploads: