New stable version: HardenedBSD-stable 10-STABLE v46.18

HardenedBSD-10-STABLE-v46.18 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Highlights:

  • HBSD MFC: elimiante infoleak from uipc_mqueue (r308642) 986b9324751267 [FreeBSD-SA-Candidate]
  • MSDOSFS updates
  • Hyper-V updates
  • HBSD: increase UCODE_SIZE_MAX from 32kB to 128kB (4MB) in sys/dev/cpuctl/cpuctl.c to fix microcode update on Intel 6th gen CPUs

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-10-STABLE-v46.18-amd64-bootonly.iso) = 9b6dbd1e941c180dfcf16f55b7efa878971139bd1f9a3c02bd37299d817711eec8adec078c90d078620b636435d9f654c42e2496bade02c7bb15f8efc4123ace
SHA512 (HardenedBSD-10-STABLE-v46.18-amd64-disc1.iso) = 0973251862ccc7b2908f37926e713a6f377347f7a4140384af2a2986cafa2cefec563e17a5b8677f23755e1292c28f9fe6c9d325123fac631762fe8ed5f2a2e1
SHA512 (HardenedBSD-10-STABLE-v46.18-amd64-memstick.img) = 0f14f0583ef847daa6372c53f4490e7b4607fcbfda6c58b27b9124592ef8980875e5d7d4209c4be93606de16bbcc4c0d0a0111834775b1da6d4b13574c11b448
SHA512 (HardenedBSD-10-STABLE-v46.18-amd64-mini-memstick.img) = 0ab823880253fb0b494b4f757bf8b66fa88d498259e213a95d7b2b305c0d01385a3af552e44944831a4077d807e8ecb61a8ffa13601269938df323a37c0b2760
SHA512 (HardenedBSD-10-STABLE-v46.18-amd64-uefi-bootonly.iso) = c7b513cde20c51fb84daac30e46e508498ea978e7b5f57911c2a894a037e5aa14d8a703da4a3b37e0ef146383e0ba177e65a13abcb86b002ee94f4265d99a0b4
SHA512 (HardenedBSD-10-STABLE-v46.18-amd64-uefi-disc1.iso) = 5fa03972fafa63fe5c65b4a661225e28df33c13b862c9c6a27da2c16cf71642d82c7c1d43e5e4c3dc1ddfa3f423d80ce3162629bab859ff5eb5d410bf6bfe306
SHA512 (HardenedBSD-10-STABLE-v46.18-amd64-uefi-memstick.img) = 3bb0b7b84598a818038361323216aab23b0651daed94129a287f7f1576680fb28e95af51ad1f34cf10b894013c206cd3897fcec6d60e981e13da669b8fd792b1
SHA512 (HardenedBSD-10-STABLE-v46.18-amd64-uefi-mini-memstick.img) = 1a7f6669d6518fbfe01a7edf728bfea7d050c365ef2969d63d54b8d33e41f9644932548e8e2b3095f8999ca07165b00d0953196dc731b8e5cfbbb392e6641947

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIcBAABCAAGBQJYK4FoAAoJEIGbEaJv/RiNNb0P/jRzFmwHVyGP8zHp3Q37EQR3
tgC99+AbeDsuDIgTER7zt8KeszEiMnQiSyg8+8Lb07WcHlzLjmzHyWWym97FkjVt
wTQWiO0RzeXJnP3FH7zsEyFiuphxv8F218YfUlI5aJ8kBrHschWizFq2HC+FonU5
GDLkB8t/yKZDQG9zz/Cf+lTQIfs3+KMezu0V4pcDAuuvs0WQpk7xyrDn4fYbX73P
PP5jW7T+ZrOF5gJlOyuBn9RddPk/qbyyJfTAmwv/Ru3CgoPVY2b4EGW1nIAWWs8O
SL/r3NbW3nNH7Umume0eJrSPWZbgTDm69zQGKddE9F82hsiyziwpcPYL7ZmWyY8i
tiidi1kM8WrqF1cvUTNZyfJDA1nFUuV6dSrjDl2/gBjiIN5FUc0P7W2uNGlgPEJW
T5A8r8U1BliTT8PfBDYw6VIzM8k3zm+Hj3LVq8gGbZRmqZsCClNS8ClJomJQbn8/
zjzq8zrC6/XLw4sspPMAsvEOYkXhaVzEXXGAFXMaBqm7kmNP8hcBEE3b9OR6EXze
VvoapFGPD4lnBPpntsJeiB172A+zZkVNeEmBv9klu6a+JyocSvNUcb1DLmILyj4W
R2B63k+okPoUdujXwBEJ7X4DzZwfgXZZeyBz70snNvUOSqjhMY63nLXBYXu/biPX
JXErKmjmmWW4LYFNaZFc
=lMRM
-----END PGP SIGNATURE-----


Changelog:

Oliver Pinter (3):

  • HBSD: increase UCODE_SIZE_MAX from 32kB to 128kB in sys/dev/cpuctl/cpuctl.c to fix microcode update on Intel 6th gen CPUs
  • HBSD MFC: elimiante infoleak from uipc_mqueue (r308642) 986b9324751267
  • HBSD MFC: Increase the max allowed size of the microcode update blob for x86.


Oliver Pinter + (25):

  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master
  • Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master


avg (6):

  • MFC r307182,307191,307192: rc.d/zfsbe: new script designed for BE support
  • MFC r307994: 3746 ZRLs are racy
  • MFC r307348: aibs / atk0110: add support for querying sensors via GGRP and GITM
  • MFC r307768: jedec_ts: a driver for thermal sensors on memory modules
  • MFC r307903,307904,308039,308050: vmm/svm: iopm_bitmap and msr_bitmap must be contiguous in physical memory
  • MFC r308225: dev/cpuctl: put debug output under CPUCTL_DEBUG rather than DEBUG


avos (2):

  • MFC r283636: - Don't request BUS_DMA_ALLOCNOW for dma tags, that requires enormous amount of memory. - Don't request segsize of BUS_SPACE_MAXSIZE_32BIT, when maxsize is MCLBYTES.
  • MFC r288990: Fix regression from r248371. We need to copy packet header to new mbuf. Unlike in the pre-r248371 code, assert that M_PKTHDR is set only on a first mbuf.


cy (1):

  • MFC r307800, r307801


gjb (2):

  • Document SA-16:33-35.
  • MFC r308270: MFV r308265: Update tzdata to 2016i.


hselasky (10):

  • MFC r308144 and r308165: Fixes for virtual T-axis buttons.
  • MFC r308031: Fix indentation and remove duplicate queue stopped stats increment.
  • MFC r307518: Fix device delete child function.
  • MFC r308437 and r308461: Range check the jitter values to avoid bogus sample rate adjustments. The expected deviation should not be more than 1Hz per second. The USB v2.0 specification also mandates this requirement. Refer to chapter 5.12.4.2 about feedback.
  • MFC r308409: When a firmware command times out do not free the command structure to avoid use after free.
  • MFC r308411: Ensure the firmware is notified of any host memory allocation failures. Else firmware commands may time out waiting for host memory.
  • MFC r308412: Correct checksum fields in the "mlx5_mini_cqe8" structure. The fields in question are currently not used.
  • MFC r308413: Query flow table capabilities according to the correct capability bit for infiniband.
  • MFC r308414: Add more firmware related structures and update existing ones in the MLX5 core module. Update the set and query diagnostics counter API.
  • MFC r308416: Add timer to watch the RQ when we are out of mbufs.


jch (1):

  • MFC r307966:


jhb (16):

  • MFC 277763,280146,287631: Various fixes to DDP.
  • MFC 290175,290633,299206,300895,301898: Various TOE fixes.
  • MFC 301932: Use sbused() instead of sbspace() to avoid signed issues.
  • MFC 295573: Remove duplicate definition (CPL_TRACE_PKT_T5).
  • MFC 287297,296236: Cleanups to cxgbetool.
  • MFC 295778,296249,296333,296383,296471,296478,296481,296485,296488-296491, 296493-296496,296544,296710-296711,297863,299685: Catch up to changes to the internal shared code.
  • MFC 296552,296596,296603,296624,296627: Fixes related to memory windows.
  • MFC 296018,296640,296641,296689,296735,296949: Fixes for sysctl handlers.
  • MFC 296950,296951: Configuration updates.
  • MFC 296975: cxgbe(4): Tidy up PAUSE frame accounting.
  • MFC 297194: cxgbe(4): Be consistent and call ETHER_BPF_MTAP before writing anything to the descriptor ring no matter what path the frame takes within the driver's tx.
  • MFC 297776,297777,297779: Add DDB commands to cxgbe(4).
  • MFC 297875: cxgbe(4): Always read the entire mailbox into the reply buffer.
  • MFC 297883: cxgbe(4): Always dispatch all work requests that have been written to the descriptor ring before leaving drain_wrq_wr_list.
  • MFC 301516,301520,301531,301535,301540,301542,301628: Traffic scheduling updates.
  • MFC 302313: cxgbe(4): Avoid a NULL dereference while dumping the L2 table. Entries used by switching filters that rewrite L2 information do not have any associated ifnet.


kib (13):

  • MFC r308094: Add unlock_vp() helper.
  • MFC r308109: Remove vnode_locked label and goto.
  • MFC r308113: Remove vm_pager_has_page() declaration.
  • MFC r308114: Change remained internal uses of boolean_t to bool in vm/vm_fault.c.
  • MFC r308211: Remove tautological casts.
  • MFC r308228: Remove remnants of the recursive sleep support.
  • MFC r308019: Remove useless NULL check.
  • MFC r308020: Fix comment formatting.
  • MFC r308021: Use symbolic name for the free cluster number.
  • MFC r308022: Use symbolic name for the value of fully free word in pm_inusemap.
  • MFC r308023: If the fatchain() call in chainalloc() returned an error, revert marking the cluster run as in-use.
  • MFC r308024: Ensure that cluster allocations never allocate clusters outside the volume limits.
  • MFC r308025: Enable vn_io_fault() deadlock avoidance for msdosfs.


markj (1):

  • MFC r304053, r304054: Initialize busy lock state and strengthen busy lock assertions.


mav (8):

  • MFC r307857: Fix panic after ZVOL renamed to name invalid for DEVFS.
  • MFC r307318: MFV r307314: 6988 spa_sync() spends half its time in dmu_objset_do_userquota_updates
  • MFC r308049: Improve few debugging log messages.
  • MFC r308051: Matching GUIDs, handle possible race on vdev detach.
  • MFC r308055: Add vdev_reopening support to vdev_geom.
  • MFC r308169: Pass to zvol_log_truncate() same sync values as to zvol_log_write().
  • MFC r308173: Fix ZIL records ordering when ZVOL opened both with and without FSYNC.
  • MFC r308133, r308134: Fix wrong copy/paste in error message.


rmacklem (3):

  • MFC: r307694 A problem w.r.t. interoperation between the FreeBSD NFSv4.1 server with delegations enabled and the Linux NFSv4.1 client was reported in reviews.freebsd.org/D7891. I believe that the FreeBSD server behaviour conforms to the RFC and that the Linux client has a bug. Therefore, I do not think the proposed patch is appropriate. When nfsrv_writedelegifpos is non-zero, the FreeBSD server will issue a write delegation for a read open if possible. The Linux client then erroneously assumes that the credentials used for the read open can write the file. This patch reverses the default value for nfsrv_writedelegifpos to 0 so that the default behaviour is Linux compatible and adds a sysctl that can be used to set nfsrv_writedelegifpos.
  • MFC: r307890 mountd(8) was erroneously setting the sysctl for the old NFS server when the new/default NFS server was running, for the "-n" option.
  • MFC: r307891 Fix the man page to reflect the change done by r307890 to mountd.c so that the "-n" option uses the sysctl for the correct NFS server. This is a content change.


sephe (24):

  • MFC r307624
  • MFC 307710-307712,307714
  • MFC 307838,307839
  • MFC 307840,307842
  • MFC 307843
  • MFC 307844
  • MFC 307845
  • MFC 307893
  • MFC 307952,307953,308278
  • MFC 307983
  • MFC 307985-307988
  • MFC 307989-307991,308010
  • MFC 308011,308012
  • MFC 308013-308017
  • hyperv/hn: Fix i386 build; if_baudrate is 32bits on i386 on stable/10
  • MFC 308018,308116
  • MFC 308117-308120
  • MFC 308162
  • MFC 308163
  • MFC 308164
  • MFC 308166,308167
  • MFC 308168
  • MFC 308194
  • MFC 308201


trasz (3):

  • MFC r292210:
  • MFC r287032:
  • MFC r297207: