New stable version: HardenedBSD-stable 11-STABLE v46.6

Submitted by op on

HardenedBSD-11-STABLE-v46.6 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Highlights:

  • geliboot fixes on Amazon (d5fb643e49c8ff43324d3b81d16557a0b8bc984f)
  • sendfile regression fixes on x86-64 machines without INVPCID (798338843f10f02a3bd77ebb094baec9ffe1a315)

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v46.6-amd64-bootonly.iso) = 5cd442871422fd258e3deb885f282bca1a194fa26605c4d909bafc625433cb06f67ddd4522c5c4f9b4691e9f1fe8e2af18e958b091d39c284111ea5794272dfa
SHA512 (HardenedBSD-11-STABLE-v46.6-amd64-disc1.iso) = c29e0c5bd4e898c57f2b2af3803416b3c3f3f3fbf2998b1c1a8200884161bd3bd72d82b010b5ba6e8cc23bb7bafb00f5ba0966539f6ed2474117edb91cc078aa
SHA512 (HardenedBSD-11-STABLE-v46.6-amd64-memstick.img) = f796e6c404911908c49da82c0c3485ee9f494e06f02e72f4787aa8452028ab17ab27aa70e2fc81a9b8b8fa8781e78e47246bc4926894a639539cf72a77e69a63
SHA512 (HardenedBSD-11-STABLE-v46.6-amd64-mini-memstick.img) = 809ba82fafbeb5166d26c63b4c03030b6d836e32744578f2b359c5fcbca84d0a509c1a474b1320d36dfe02f6bf047da3e9944da31b87839edae47d3717c48f13

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAABCAAGBQJX+wVNAAoJEIGbEaJv/RiNHTUP/07OGoANfTQu5WXK7tY5Iy67
aBpvAiNjwYpU9n/1AotkRLZSto9f5NPLazez2M7JQkFthuqMhaYKQ+7n+0hT8EHf
Ue4gkg7pJtlmu9QejgQfR1RQqr630JU342sajRFpQSfxOIt1ayStcrXKz43LulWw
J0/Ddp58hkg8a3mHpYB1OxzW22jESffSTPW9cJax7i24si65XMdJCi582SPKGQ+d
xU2adkmnkQjwxFWfw3mmr8XEn0TKDV4cteDifAkCbO+fkqVQyzaw2FPiluuPJZ/Z
MBtVlD5ILFwcOO5xpKC16L5VHWvGMJ3pSHZtJPn4nLGfj7+rGwTwCHbRkdy3igwU
elaKfxQFfYNKCMOyZ7xre066jVyKmuCSAb24d3064bzQjlGwmtzgJaR++klgKCWw
vXRE5QtxcmTQbt36Ps2akAVpTax2hnX9abjhtbTvzzOACqXbLXJ2nk4Sytw5bv8H
UARjZQD3AAL/xtWioO3vuatZWD0Ny2YHTQ/YUu52XBc/H4V5JFBpqPQsebGM0Cc9
to2gS75YklqkVZxHF5z4PHXpJTNmzr6U5ZTnQQACy4xMxAM01ELNilaolZuOdjJv
cAujhy8TBgrL3Z6ZmxH5dW7XYAtL0LRQPRToLhGVfFrSdeW3c/ejASpwDrn03P5Q
5qRapR5M/XSOw5Y1G3FW
=JdaA
-----END PGP SIGNATURE-----


Changelog:

Oliver Pinter (2):

  • Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
  • HBSD: fix merge conflict in sys/kern/imgact_elf.c after a248ce4f4c17d6bdc44470495e160cfb761b7c9f


Oliver Pinter + (28):

  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master


Shawn Webb (2):

  • Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
  • HBSD: Resolve merge conflict


ache (1):

  • MFC r306075,r306109


ae (3):

  • MFC r305940: Move opcode rewriter init and destroy handlers into non-VNET code.
  • MFC r303019: Use g_resize_provider() to change the size of GEOM_DISK provider, when it is being opened. This should fix the possible loss of a resize event when disk capacity changed.
  • MFC r306459: Fix bug introduced in r274300.


alc (1):

  • MFC r305213,305319,305398 As an optimization to the machine-independent layer, change the machine- dependent pmap_ts_referenced() so that it updates the page's dirty field if a modified bit is found while counting reference bits. This opportunistic update can be performed at low cost and can eliminate the need for some future calls to pmap_is_modified() by the machine- independent layer.


allanjude (1):

  • MFC: r306677


asomers (1):

  • MFC r306048


avg (3):

  • MFC r306218,306290: amdsbwd, intpm: unify bits specific to AMD chipsets
  • MFC r306291: the rest of changes intended to be committed in r306290
  • MFC r306292: fix vnode lock assertion for extended attributes directory


avos (2):

  • MFC r306320:
  • MFC r306498:


bapt (1):

  • MFC r306541


davidcs (1):

  • MFC r306522 Upgrade Firmware/Bootloader/ResetSeq/Minidump to revision 5.4.62


emaste (1):

  • MFC r306417: portsnap: only move expected snapshot contents from snap/ to files/


glebius (1):

  • Merge r306212: Fix regression from r297400, which truncates headers in case of low socket buffer and put a small optimization for low socket buffer case:


hiren (1):

  • MFC r304855


hselasky (1):

  • MFC r306228: Prevent cuse4bsd.ko and cuse.ko from loading at the same time by declaring support for the cuse4bsd interface in cuse.ko.


jhb (22):

  • MFC 303721: Permit the name of the /dev/iov entry to be set by the driver.
  • MFC 303204: Install a handler for firmware work request error messages.
  • MFC 303886: Add additional constants.
  • MFC 303887: Add a dmardump utility to dump the VT-d context tables.
  • MFC 303881: Reliably return PCI_GETCONF_LAST_DEVICE from PCIOCGETCONF.
  • MFC 305248: Remove warning about pci_addr_t being different sizes.
  • MFC 304858,305485,305497: Fix various issues with PCI pass through and VT-d.
  • MFC 305502: Reset PCI pass through devices via PCI-e FLR during VM start/end.
  • MFC 305034: Implement 'devctl clear driver' to undo a previous 'set driver'.
  • MFC 305751: Make device_quiet() an attachment property.
  • MFC 303205,303722,305032,305752: Create VF devices on Chelsio T4/T5 NICs.
  • MFC 303405: Add support for zero-copy aio_write() on TOE sockets.
  • MFC 306126: Fix invalid vendor ID constant (typo).
  • MFC 303522,303647,303860,303880,304168,304169,304170,304479,304485,305549: Chelsio T4/T5 VF driver.
  • MFC 305548: Don't break out of the m_advance() loop if len drops to zero.
  • MFC 304482: Adjust t4_port_init() to work with VF devices.
  • MFC 303454: Mark spg_len and fl_pktshift static.
  • MFC 303859,305851: Fix a typo and some whitespace nits.
  • MFC 303226: Fix kernel builds with "device cxgbe".
  • MFC 305922: Fix LINT building.
  • MFC 303754: Add __printflike() to bus_describe_intr() to enable -Wformat checks.
  • MFC 302859: Include command line arguments in core dump process info.


jmcneill (1):

  • MFC r306658: Clear GT_CTRL_ENABLE to stop the timer.


kib (22):

  • MFC r306020: Move pmap_p*e_index() inline functions from pmap.c to pmap.h.
  • MFC r306081: Add PROC_TRAPCAP procctl(2) controls and global sysctl kern.trap_enocap.
  • MFC r306257: Document r306081, i.e. procctl(PROC_TRAPCAP) and sysctl kern.trap_enocap.
  • MFC r306260: Add the foundation copyrights to procctl kernel sources.
  • MFC r306087: Export the pmap_cache_bits() and pmap_pinit_pml4() functions from the amd64 pmap.
  • MFC r306088: Add amd64 functions to load/store GDT register, store IDT and TR registers.
  • MFC r306089: Make resettodr_lock accessible outside subr_rtc.c. Protect CLOCK_GETTIME() with the lock.
  • MFC r306091: Add a way for the architecture to specify the calling ABI for methods in the EFI Runtime Services Table. On amd64, the calling conventions are MS.
  • MFC r306092: Rename efi_systbl to efi_systbl_phys.
  • MFC r306261: Add proccontrol(1).
  • MFC r305902: Reduce size of ufs inode.
  • MFC r305954: Add compat32 support for capsicum.
  • Regen.
  • MFC r306505: Add an article.
  • MFC r306334: Document thr_suspend(2) and thr_wake(2).
  • MFC r305977: Be more strict when selecting between snapshot/regular mount.
  • MFC r305978: Detect x2APIC mode on boot and obey it.
  • MFC r306350: For machines which support PCID but not have INVPCID instruction, i.e. SandyBridge and IvyBridge, correct a race between pmap_activate() and invltlb_pcid_handler().
  • MFC r306097: Add kernel interfaces to call EFI Runtime Services.
  • MFC r306090: Simple post-mortem reporter for amd64 loader.efi.
  • MFC r306674: Style.
  • MFC r306588: Export the mq_getfd_np() and timer_oshandle_np() symbols from librt.so.


kp (1):

  • MFC r306289:


lidl (2):

  • MFC r306507: Update blacklistd.8 with changes from NetBSD
  • MFC r306508: Fix blacklistd's state restoral at startup


loos (2):

  • MFC r306050:
  • MFC r306205:


markj (9):

  • MFC r306008: libdwarf: Add definitions for Apple's DWARF extension attributes.
  • MFC r305509: Don't treat an error from g_mirror_clear_metadata() as fatal.
  • MFC r306304: Move implementations of uread() and uwrite() to the illumos compat layer.
  • MFC r306285: Rename ndpr_refcnt to ndpr_addrcnt.
  • MFC r306220: Re-check the systrace probe ID before calling dtrace_probe().
  • MFC r305056, r305367: Restore swap pager readahead.
  • MFC r304431: Add a SIGINFO handler for dtrace(1).
  • MFC r306046: Reduce code duplication around NDP message handlers in icmp6_input().
  • MFC r306061: Protect ccbq access with devq->send_mtx in the XPT_ABORT handler.


mav (2):

  • MFC r306279: Use g_wither_provider() where applicable.
  • MFC r306528: Fix `sesutil fault` operation.


mjg (1):

  • MFC r305659:


pfg (3):

  • MFC r305812:
  • MFC r305813: localedef(1): make better use of calloc(3) arguments.
  • MFC r306560, r306561: patch(1): make some macros look boolean.


rmacklem (3):

  • MFC: r304026 Update the nfsstats structure to include the changes needed by the patch in D1626 plus changes so that it includes counts for NFSv4.1 (and the draft of NFSv4.2). Also, make all the counts uint64_t and add a vers field at the beginning, so that future revisions can easily be implemented. There is code in place to handle the old vesion of the nfsstats structure for backwards binary compatibility.
  • MFC: r304058, r304066, r304194 Update nfsstat.c to use the new kernel nfsstat structure and add the new "-d" flag from D1626. The man page will be updated in a subsequent commit.
  • MFC: r304059 Update the man page to descibe the "-d" option added by r304058.


sevan (1):

  • MFC r306599: dmesg(8) first appeared in 3BSD. http://minnie.tuhs.org/cgi-bin/utree.pl?file=3BSD/usr/man/man1/dmesg.1m


vangyzen (2):

  • lmc(4): fix the build without the bpf device
  • MFC r306568, r306569