New stable version: HardenedBSD-stable 11-STABLE v46.9

Submitted by op on

HardenedBSD-11-STABLE-v46.9 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

WARNING: this is a security update!

Highlights:

  • MFC r308197: MFV r308196 Fix OpenSSH remote Denial of Service vulnerability. CVE-2016-8858 (e82e3bc2af43d79504472922cf08e777238426d7) [FreeBSD-SA-16:33.openssh]
  • MFC r307861: Update libarchive to 3.2.2 (47fbb22e6a60da9ba4d20c53e5cff87976ef6f39) [FreeBSD SA Candidate]
  • A lof ot ZFS update again

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v46.9-amd64-bootonly.iso) = c3ffa1d0a6026d3bf99c812d0bd905b8d72108d6d09ae0f7a2c757c66175e682d4884befcf59ada4830e1e237c67c00dbb53fb543ede2a4f4672b4858eb3c257
SHA512 (HardenedBSD-11-STABLE-v46.9-amd64-disc1.iso) = aab88475b36f44091966bb00447aa5c332a7121075ad4b965da2c1f28ad120612c741abdb0d441287119d3a2e5e5adbc2cea29bf3fbb8c7533144b73454c52c3
SHA512 (HardenedBSD-11-STABLE-v46.9-amd64-memstick.img) = 0575cb3b45ecbf3fa4b70756f645f23924d0801a6fe788b3db9164301fecab6bc9bb0144071718fb9cd961cce24a19c67da730e7aff34f019e45760fe3f347ca
SHA512 (HardenedBSD-11-STABLE-v46.9-amd64-mini-memstick.img) = 24a8b8fef795a6e3417d7a6449af329dac3b4511cd006d9a01769e65baf23df6c0a63f6b2280ae18d038904edf3985ce361e184e5f57a7079736f1e829260816

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIcBAABCAAGBQJYGb7nAAoJEIGbEaJv/RiNbE8QAIvZiX4vGYku7Fpe6vpHYDJ/
gHugWqdH2ifmJ4th3s2zePMC9Z5/z+1ABtJkkrkaJIt6SGVyJ3rDk6ZMgP2iiEn4
fQEKbAsCUd6FO1aaOAYmoAJPkWCqUD7yFUWcHQ/1PkoMwbY2vLxLM2Bpgo88KNiq
BOPPxB3o11mEqd+oTB0ZNQeGivXuD9mpL493IjPsHh67GmmaXRn/pzsVUq8JVOus
nEySLvVkveHF9epIJzjagvMccFv4zf3bH0nZMhk9NLYsd8tCUmH9tin5hRlQI97n
FRFHER8SjSjOqGVuO0rOSCrHkbEnmr1IY68yhuUVYTjncjEmUiB80mVYZcvFhRJg
kp8U/JpotIk43aGN3Zx0Qj1ieHwaEGuaOfeP4AUlCxxwK/3fVU+36uxUQGUiFubC
IytILRvjitrdHq+54bbzA5eAJh3R4lBhrcf8zmqKCc++tfebnckWaHuqeZohW0Zg
f4sC68qMAdc+3M3a25ptcdgpNcaGrqQjNWjdZW+XOmBJAZFASZH1zO8FsqWK4F6s
9jSszUajoekULMkhXdPRwCUOQLeh8eUNLpTM16Jke9SKCcv5dbm4v89/vljJ8oaQ
/ZQVUFfK5aJxBiO5OOSagJmMgKtWjTeDjCB01kTYK+ywWXibVnN6s99+TXQEZNpP
Tkj7uyynYzFz+hMm5x/X
=7tIt
-----END PGP SIGNATURE-----


Changelog:

Oliver Pinter + (16):

  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master


ae (1):

  • MFC r307628: Fix `ipfw table lookup` handler to return entry value, but not its index.


alc (2):

  • MFC r306706 Change vm_pageout_scan() to return a value indicating whether the free page target was met.
  • MFC r306712 Make the page daemon's notion of what kind of pass is being performed by vm_pageout_scan() local to vm_pageout_worker(). There is no reason to store the pass in the NUMA domain structure.


avg (6):

  • MFC r306801: implement zfs_vptocnp() using z_parent property
  • MFC r305539: work around AMD erratum 793 for family 16h, models 00h-0Fh
  • MFC r307130: smbus: allow child devices to be added via hints
  • MFC r307131: install header files required development with libzfs_core
  • MFC r307141: remove a few stray spaces from sys/param.h
  • bump __FreeBSD_version for libzfs_core.h


bapt (1):

  • MFC r307785:


davidcs (1):

  • MFC r307578 1. Use taskqueue_create() instead of taskqueue_create_fast() for both fastpath and slowpath taskqueues. 2. Service all transmits in taskqueue threads. 3. additional stats counters for keeping track of - bd availability - tx buf ring not emptied in the fp task queue. These are drained via timeout taskqueue. - tx attempts during link down.


delphij (1):

  • MFC r308197: MFV r308196:


ed (1):

  • MFC r307227 and r307343:


gahr (1):

  • MFC r307638:


gjb (1):

  • Document EN-16:17-18, SA-16:26-32


gnn (1):

  • Corrected non-portable reuse of va_list in dt_printf()


hiren (1):

  • MFC r307545 Make sure tcp_mss() has the same check as tcp_mss_update() to have t_maxseg set to at least 64.


hselasky (1):

  • MFC r307651: Add support for adjusting the hardware buffering delay for USB audio.


jhb (1):

  • MFC 303002: Include process IDs in core dumps.


kib (4):

  • MFC r307869: Fix typo.
  • MFC r306807: When making a pause after detecting hard kill of the single-user shell, ensure that we do sleep for at least the specified time, in presence of signals.
  • MFC r306808: Add verbosity around failed reboot(2) call.
  • MFC r307821: Use proper type for local variable.


mav (10):

  • MFC r307132: Use copyout() instead of pointing sbuf to user-space buffer.
  • MFC r307731: Add names for some DASP devices.
  • MFC r304918: Decode some new ATA commands found in ACS-3.
  • MFC r307350: Add LUN options to limit UNMAP and WRITE SAME sizes.
  • MFC r307374: Add LU option to control reported provisioning type.
  • MFC r307507, r307509, r307515: Consider device as clean even if SYNCHRONIZE CACHE failed.
  • MFC r306424: MFV r306422: 7254 ztest failed assertion in ztest_dataset_dirobj_verify: dirobjs + 1 == usedobjs
  • MFC r306425: MFV r306423: 7402 Create tunable to ignore hole_birth feature
  • MFC r306456: Add #ifdef _KERNEL around send_holes_without_birth_time sysctl.
  • MFC r307523: Make pass driver better support CAM_CDB_POINTER flag.


mm (1):

  • MFC r307861: Update libarchive to 3.2.2


sbruno (1):

  • MFC r308038: